REGULATION no.

5 from December 20, 2013 regarding the prudential

requirements for credit institutions
Summary at January 3, 2014. The present act was created using the SintAct-Acte Sintetice technology.
SintAct and Acte Sintetice are Wolters Kluwer trademarks.
Taking into consideration the provisions of art. 24, art. 51, para. (1), letter (d), art. 77, art. 101, art. 101,
art. 104, art. 106-110, art. 148, art. 149, art. 150 para. (1), art .1521, art. 163, art. 163 1, art. 164 para.
(2), art. 166, art. 1663, art. 1691, art. 289, art. 320, art. 382, art. 384 para. (1) and of art. 385 para. (1)
from the Government Emergency Ordinance no. 99/2006 regarding the credit institutions and capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented, as well as those of
art. 416 para. (1) letter (a) from the Regulation (EU) no. 575/2013 of the European Parliament and the
Council from June 26, 2013 regarding the prudential requirements for credit institutions and
investment firms and those of modification of the Regulation (EU) no. 648/2012,,
Based on the provisions of art. 420 para. (3) from the Government Emergency Ordinance no. 99/2006,
approved with subsequent amendments and additions by Law no. 227/2007, as further amended and
supplemented, of art. 25 para. (2) letter a) and those of art. 48 para. (1) from Law no.
312/2004regarding the Statute of the National Bank of Romania.
The National Bank of Romania issues the following regulation:
TITLE I: General provisions
CHAPTER I: Scope of application
Art. 1
This regulatory document regulates:
a) The governance framework of credit instructions, the internal capital adequacy assessment process
and outsourcing conditions of credit institution activities;
b) Certain issues concerning credit institutions own funds;
c) Requirements for capital buffers;
d) supervision on consolidated basis of credit institutions;
e) conditions for approval of internal rating models in determination of capital requirements for credit
risk;
f) conditions for preliminary notification of approval of Standard approach for operating risk, those for
the approval of the use of alternative standard approach for operating risk and the conditions for the
approval of advanced assessment in determination of capital requirements for operating risk;
g) conditions for approval of internal models in determination of capital requirements for market risk;
h) certain issues concerning implementation of Regulation (EU) No. 575/20133 of European
Parliament and Council of June 26, 2013 on prudential requirements for credit institutions and
investment firms and amending Regulation (EU) No 648/2012.
Art. 2
(1) This regulation applies to credit institutions, Romanian legal entities, individually and/or, as the case
may be, consolidated and sub-consolidated, as well as at cooperative network level.
(2) Without any prejudice to provisions in art. 77 para. (2) in Government Emergency Ordinance no.
99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007, as further
amended and supplemented, this regulation applies correspondingly to branches of credit institutions
located in third party countries.
(3) Provisions regarding liquidity risk management in Chapter II and Chapter IV of Title II also apply
correspondingly to branches of Member States credit institutions.

(1)
1.

2.

3.

4.

5.
6.
7.
8.
9.

10.

11.

12.
13.

14.

CHAPTER II: Definitions

Art. 3
In the meaning hereof, terms and expressions below shall have the following meaning:
management body a credit institutions body or bodies, appointed in accordance with incorporation
documents, as per the provisions in Companies Law No. 31/1990, republished, as further amended
and supplemented, and in Government Emergency Ordinance No. 99/2006 on credit institutions and
capital adequacy, approved by Law No. 227/2007, as further subsequently amended and
supplemented, which are empowered to set the credit institution's strategy, objectives and overall
direction, which oversee and monitor management decision-making, and include the persons who
effectively direct the business of the institution;
management body in its supervisory function - means the management body acting in its role of
overseeing and monitoring management decision-making and which is represented by the board of
directors, within the unitary management system and by the supervisory board in the dual
management system;
senior management - means those private individuals who exercise executive functions within an
institution and who are empowered with the day-to-day management of the credit institution and
answer for the accomplishment mode of this to the management body. The senior management is
represented by directors in the unitary management system and by directorate in the dual
management system;
Internal control framework means a framework that provides effective and efficient development of
some operations, adequate control of risks, prudent conduct of business, reliability of financial and
non-financial information reported, both internally and externally, and compliance with laws,
regulations, supervisory requirements and the credit institutions internal rules and decisions;
Governance framework means a limited but crucial component of corporate governance, focusing
on the internal structure and organisation of a credit institution;
Risk profile means the aggregate of a credit institutions actual and potential risk exposures;
Risk appetite means the absolute risks an institution is a priori open to take;
Risk tolerance means the real limits within the risk appetite assumed by a credit institution;
Compliance risk means the current or prospective risk to earnings and capital, leading to fines,
damages and/or termination of contracts or those that may affect credit institutions reputation,
arising from violations or non-compliance with laws, rules, regulations, agreements, recommended
practices or ethical standards;
conflict of interests means the particular situation or circumstance when the personal interest,
direct or indirect, of the staff and members of the management team of the credit institution
contravenes the interests of the credit institution, to the extent that it affects or might affect their
independence and impartiality in making decisions or timely and objective performance of their duties,
as part of their job description;
persons in key positions means staff members whose whose positions confer them a significant
influence over the credit institutions orientation but who are not members of the management body.
Persons in key positions can be the managers of some important business lines, of branches within
European Economic Space, of subsidiaries in third party states, of support and control functions;
persons in middle management positions means persons assigned to provide the management of
credit institutions business units;
internal capital adequacy assignment process means a component of credit institutions governance
framework, that ensures that that the management body adequately identifies, measures, aggregates
and monitors the credit institutions risk, holds an adequate internal capital in relation to the
institutions risk profile and use sound risk management systems and develops them further;
stress testing means a risk management technique used to evaluate the potential effects on a credit
institutions financial condition of a specific event and/or movement in a set of financial variables.
Basically, stress testing could fall within the category of sensitivity analysis which assesses the impact

15.
16.

17.
18.
19.

20.

21.

22.
23.

24.

25.

26.

27.

28.
a.

b.
c.
d.
29.
30.

on a credit institutions financial condition of a move in one particular risk driver, the source of the
shock being unidentified, and scenario test which assesses the impact on a credit institutions financial
condition of simultaneous moves in a number of risk drivers, the stress event being well-defined;
unhedged borrowers means borrowers without a natural or a financial hedge;
natural hedging operation means an operation where borrowers receive denominated incomes or
indexed in foreign currencies in which the credit is granted, including reception of cash originating
from transfers or exports;
financial hedging operation - means an operation that presumes a contract with a credit institution or
a financial institution with the purpose of hedging the foreign exchange risk;
interest rate risk means the current or prospective risk to earnings and capital arising from adverse
movements in interest rates;
IT risk means a subcategory of operational risk, that concerns the current or prospective risk of
adverse impact on earnings and capital, arising from inadequate IT strategy and policies, information
technology or processing, in terms of manageability, integrity, controllability and continuity thereof, or
from inadequate use of the institutions information technology;
reputational risk means the current or prospective risk to earnings and capital arising from adverse
perception of the image of the credit institution on the part of customers, counterparties,
shareholders, investors or supervisory authorities;
strategic risk means the current or prospective risk of adverse impact on earnings and capital, arising
from changes in the business environment and from adverse business decisions, improper
implementation of decisions or lack of responsiveness to changes in the business environment;
economic value means the updated value of expected net cash flows of the credit institution;
operational unit means a unit separate from a technical, geographical or organizational point of view
from the other parts of the credit institution or the group like entities separate depending on legal
or organizational standpoints, the line of business or homogenous exposure groups within a credit
institution or a group;
documentation means the description and, as the case may be, underlying fundaments of a process,
system, methodology or decision, found at the credit institution level as a written presentation with
an adequate degree of complexity and thoroughness;
core deposits means financing resources remaining at the disposal of the credit institution for a long
period of time, determined by such credit institution according to internal policies referred to in art.
136;
outsourcing means the use by the credit institution of an external service provider, on contractual
and ongoing basis, for performance of activities that would normally be undertaken by that credit
institution;
external services provider means the supplier of goods and services, which may or may not be an
authorised entity, depending on the outsourced activity, respectively an affiliated entity within a
group or an entity that is external to the group;
material activities means:
activities of such importance that any difficulty or failure in their performance could have a material
negative effect on the credit institution ability to meet its regulatory responsibilities and/or to
continue its business;
any other activities requiring a license from the competent authority;
any activities having a significant impact on the risk management and
the management of risks related to activities in item (i);
chain outsourcing means outsourcing where the external service provider subcontracts elements of
the services delivered to the credit institution to other external providers;
categories of staff whose professional activities have a material impact upon the credit institutions
risk profile (identified personnel) means categories of staff whose professional activities have a
material impact on the credit institutions risk profile, including members of the senior management,
risk takers regarding the credit institution for example persons having granted higher individual

31.
32.

33.

34.

35.

36.

37.
38.

39.

40.
41.
42.
43.
44.
45.
46.

clearances concerning the conduct of transactions in which the credit institution is involved, such as:
dealers, persons approving credits of a material amount -, staff engaged in the internal control
functions and any employee whose total remuneration, including discretionary pension benefit
provisions, classifies him / her into the same remuneration bracket as members of senior
management and risk takers regarding the credit institution;
material risks means risks with significant impact on the financial and/or reputational position of
credit institutions;
malus agreement means a performance adjustment practice that allows firms to adjust the as-yet
invested portion of an individuals bonus to take account of developments after communication of the
bonus.
clawback agreement means a performance adjustment practice that enables firms to demand
payback of all or part of an individuals bonus that has already vested with the individual, to take
account of developments after vesting.
market risk means the risk to incur losses corresponding to on-balance and off-balance positions due
to adverse market movements in prices and interest rates concerning the trading book business, as
well as from movements in foreign exchange rate and commodities prices for the whole business of
the credit institution (e.g. share prices, interest rate, foreign exchange rate).
model risk means the potential loss a credit institution may incur, as a consequence of decisions that
could be principally based on the output of internal models, due to errors in the development,
implementation or use of such models;
internal approaches means the internal ratings based approach referred to in Art. 143 (1), the
internal models approach referred to in Art. 221, the own estimates approach referred to in Art. 225,
the advanced measurement approaches referred to in Art. 312 (2), the internal models method
referred to in Art. s 283 and 363, and the internal assessment approach referred to in Art. 259 (3) of
Regulation (EU) No 575/2013;
credit risk means the current or prospective risk to earnings and capital arising from an borrowers
failure to meet the terms of any contract with the credit institution or its failure to perform as agreed;
country risk means the risk of exposure to loss caused by events in a foreign country. The concept is
broader than sovereign risk as all forms of lending or investment activity whether to/with private
individuals, corporations, credit institutions or central administrations are covered;
transfer risk means the risk that a borrower will not be able to convert local currency into foreign
exchange and so will be unable to make debt service payments in foreign currency. The risk normally
arises from exchange restrictions imposed by the government in the borrowers country.;
liquidity risk means the current or prospective risk to earnings and capital arising from a credit
institutions inability to meet its liabilities when they become due;
capital conservation buffer - means the own funds that an institution is required to maintain in
accordance with cu art. 256 herein;
institution-specific countercyclical capital buffer - means the own funds that an institution is required
to maintain in accordance with art. 257 herein;
capital buffer of global systemically important institutions (G-SII buffer) - means the own funds that
are required to be maintained in accordance with art. 271 herein;
capital buffer of other systemically important institutions (O-SII buffer) -means the own funds that
may be required to be maintained in accordance with art. 269 para.(1) herein;
systemic risk buffer - means the own funds that an institution is or may be required to maintain in
accordance with art. 281-289 herein;
combined buffer requirement - means the total Common Equity Tier 1 capital required to meet the
requirement for the capital conservation buffer extended by the following, as applicable:
a. a credit institution-specific countercyclical capital buffer;
b. G-SII buffer;
c. O-SII buffer;
d. A systemic risk buffer;

47. countercyclical buffer rate means the rate that institutions must apply in order to calculate their
institution-specific countercyclical capital buffer, and that is set in accordance with art. 258 and art.
259 herein or, as the case may be, by a relevant third party country authority, as the case may be;
48. domestically authorised institution - means an institution that has been authorised in Romania for
which the National Bank of Romania is responsible for setting the countercyclical buffer rate, as per
recommendations of the interinstitutional coordination structure in the domain of the macroprudential supervision of the national financial system, named hereinafter coordination structure.
49. buffer guide - means a benchmark buffer rate calculated in accordance with art. 258 para. (2) and (3)
herein.
50. judicial risk loss risk following fines, penalties and sanctions for which the credit institution is liable in
case of not applying or deficiently applying the legal or contractual dispositions, as well as the fact that
the contractual rights and liabilities of the credit institutions and/or of its counterparty are not
established adequately.
51. effectiveness the degree of accomplishing the targets established for each of the activities and the
ratio between the projected effect and the actual result of the respective activity;
52. efficiency maximizing the results of a activity in relation with the used resources
(2) the terms and the expressions used in the content of the present regulation have the signification
provided in the Government Emergency Ordinance no. 99/2006 regarding the credit institutions
and capital adequacy, approved by Law no. 227/2007, with subsequent amendments and
additions,
(3) For the purposes of the present regulation, the terms and expressions: institution, entity from
the financial sector, consolidated situation, consolidated basis, sub-consolidated basis, own funds,
regularized market, discretionary benefits of pension type, trading portfolio, initiator, sponsor,
special entity constituted for securitization, eligible capital, leverage, risk associated to excessive
use of leverage, external institution of risk assessment provided in art. 4 para. (1) from
Regulation (EU) no. 575/2013
TITLE II: The governance framework of credit institutions, the internal capital adequacy assessment
process and conditions for outsourcing of credit institutions businesses
CHAPTER I: The governance framework of credit institutions
Art. 4:
(1) credit Institutions shall have robust governance arrangements, which include at least the
following:
a. Organisational structure and organisation;
b. the management body of the credit institution, respectively: attributions and responsibilities,
composition and operation, general governance framework;
c. risks management;
d. internal control;
e. IT systems and business continuity;
f. Transparency requirements.
(4) The central house of credit cooperatives is responsible for the presence of a general governance
framework in the meaning of para. (1) and at the level of cooperative network.
Art. 5
(1) Credit institutions must have internal regulations in place concerning the governance framework.
(2) Credit institutions shall adapt the governance framework based on the nature, extent and
complexity of risks incurred by the business model and activities developed by them.
(3) Provisions in para.(2) shall be applied by the central house of credit cooperatives also at
cooperative network level.
SECTION 1: Organisational structure of a credit institution

SUBSECTION 11: Organisational framework

Art.6
(1) The management body of a credit institution must provide an adequate and transparent
organisational structure for the respective credit institution
(2) In the meaning of para. (1), the organisational structure of a credit institution shall be
transparent and organised in a way that promotes effectiveness and demonstrates the
prudent management of the institution, both on a solo basis and at the level of group it
belongs to.
(3) The reporting lines and the allocation of responsibilities and competences within a
credit institution shall be clear, precise, well defined, coherent and efficiently
implemented.
(4) The management body must assess the way in which various elements of the
organisational structure are mutually complementary and interacting. The
(organisational) structure must not affect management bodys capacity to oversee and
administrate in an efficient manner risks run by the credit institution or its respective
group.
(5) The management body must assess how the changes incurred in groups structure
(which can result, without limitation, due to establishment of new subsidiaries, mergers
and acquisition, sale or winding up of parts of the group or due to evolutions outside the
group) affects its soundness. The management body must undertake promptly any
action required.
SUBSECTION 12: Checks and balances in a group structure
Art. 7
(1) Within a group structure, the management body of a parent credit institution,
Romanian legal entity, has to make sure that, within the group, there is an adequate
corporate governance and that this is appropriate to the structure, business and risks of the
group and its entities.
(2) The management body of a subsidiary credit institution, Romanian legal entity, should
adhere to the governance values and principles espoused by its parent credit institution
and should acknowledge the business objectives, risk profile and policies established by the
management body of the parent credit institution, excepting the case when there are
legislative or supervisory requirements or proportionality reasons that determine other
conduct. In this respect, the management body of a subsidiary credit institution should set
its own governance responsibilities, and should evaluate any group-level decisions or
practices to ensure that they do not put the subsidiary in breach of regulatory provisions or
prudential rules applicable on a solo basis in Romania. The management body of a
subsidiary should also ensure that such decisions or practices are not detrimental to:
a)

the sound and prudent management of the subsidiary;

b)

the financial health of the subsidiary; or

c)

the legal interests of the subsidiarys interested parties.

(3) To the end of fulfilling its responsibilities in line with the governance framework, the
management body of a parent credit institution, Romanian legal entity, should:
a) establish a governance structure which contributes to the effective oversight of its
subsidiaries and which takes into account the nature, scale and complexity of the
different risks to which the group and its subsidiaries are exposed;
b) approve a governance policy at the group level and for its subsidiaries, which includes
the commitment to meet all applicable governance requirements;

c) ensure that enough resources are available for each subsidiary to meet both group
standards and local governance standards;
d) have appropriate available means to monitor that each subsidiary complies with all
applicable governance requirements;
e) provide that group-wide reporting lines are clear and transparent, especially where
activity lines are not consistent with groups legal structure.
(4) A subsidiary credit institution, Romanian legal entity, must also have available a sufficient
number of independent members in its management body. The independent members of its
management body are members that do not detain an executive position, that are
independent from the subsidiary and its group and from its controlling shareholders.
SUBSECTION 13: Know your structure
Art. 8
(1) The management body must be aware of, and fully understand, the operational structure
of a credit institution and it must provide that it is consistent with the approved business
strategy and risk profile.
(2) The management body must orient and have a good understanding of the structure of
credit institution, its evolution and limitations, and it must provide that such structure is
adequate and that it does not involve an excessive or inadequate level of complexity. The
management body is also responsible for approval of sound strategies and policies for
establishment of new structures. In addition, the management body must be aware on the
risks incurred by the complexity of structure itself of the legal entity and it must provide that
the credit institution is capable to produce, in due time, information concerning the type,
statute, shareholdership structure and activities of each legal entity.
(3) The management body of a parent credit institution, Romanian legal person, must:
a) understand not only the group organisation, but also the purpose of various entities
and connections and relations between them
b) provide that various groups entities (including the credit institution itself) receive
enough information to acquire a clear overview on groups overall objectives and risks;
c) provide that it is permanently updated information concerning the risks incurred by
groups structure.
SUBSECTION 14: Non-standard or non-transparent activities
Art. 9
(1) In case when a credit institution operates through special-purpose structures or through
interconnected structures or structures located in jurisdictions that prevent transparency
or that are not consistent with international banking standards, the management body
must understand the scope, structure and special risks associated thereto.
(2) The management body must allow these activities only when it is certain that risks shall
be managed properly.
(3) The management body must establish, maintain and review, on an on-going mode,
adequate strategies, policies and procedures for approval and maintenance of such
structures and activities, to provide that they remain consistent with their declared scope.
(4) The management body must provide that proper measures will be taken to prevent or
mitigate risks related to such activities.
(5) In the meaning of para. (4), the measures include:
a) the credit institution has adequate policies as well as procedures, and formal processes
(e.g. applicable limitations, information requirements) for consideration, approval and
management of risks related to such activities, taking into account their effects on

groups operational structure;

b) data related to these activities and corresponding risks is available in central offices and
to credit institutions auditors, and it is reported to the management body and to the
National Bank of Romania; Monitoring Division
c) the credit institution provides periodic assessment on the permanent necessity to
perform activities that prevent transparency.
(6) In the meaning of para. 5, the credit institution must take the same measures when
performing activities that are not transparent or that are not performed regularly for its
clients.
(7) All structures and activities described in this Art. must be subjected to periodical analysis
from internal and external audit.
SUBSECTION 2: The management body of the credit institution
SUBSECTION 21: Duties and responsibilities of the management body
Art. 10
(1) Responsibilities of the management body shall be clearly defined in a written document,
and approved, respecting the relevant legislation.
(2) Responsibilities established in document must be consistent with provisions of
Companies Law no. 31/1990, republished, as further amended and supplemented, and of
Government Emergency Ordinance No. 99/2006 on credit institutions and capital
adequacy, approved as further amended and supplemented by Law No. 227/2007,
subsequently amended and supplemented.
Art. 11
(1) The management body must define, oversee and take responsibility for implementation
of a governance framework that provides efficient and prudent management of the
credit institution, including segregation of responsibilities within the organisation and
prevention of conflicts of interests
(2) In the meaning of para. (1), the implemented governance framework must provide
consistency with the following principles:
a. the management body must have full responsibility with regard to the credit
institution and it must approve and oversee implementation of strategic objectives, of
strategy concerning risks management and of credit institutions governance
framework
b. the management body must provide integrity of accounting and financial reporting
systems, including financial and operational controls and compliance with relevant
legislation and standards
c. the management body must oversee the publication and notification processes
d. the management body must be responsible for provision of effective oversight of
senior management
Art. 12
(1) Apart from responsibilities set forth in art. 11 para. (2), the management body is also
responsible for the establishment and review of:
a. amounts, types and distribution of both internal capital and of own funds, adequate
for coverage of credit institutions risk;
b. a sound and transparent organisational structure, with efficient communication and
reporting channels;

c. a policy for appointment and progression of persons in key positions within the credit
institution;
d. a remuneration scheme that is consistent with the strategies of the credit institution
regarding the risk management
e. principles of governance framework and of corporate values of the credit institution,
including of those established through a code of conduct or an equivalent document;
and
f.

a proper and efficient framework of internal control that includes risk management,
compliance and internal audit functions, as well as a proper and efficient framework
for financial reporting and accounting.

(2) The management body of a credit institution shall review and approve regularly the
strategies and policies for approval, managing, monitoring and mitigation of the risks that
may be incurred by that credit institution, considering particularly the macroeconomic
environment in which the credit institution operates and the position in the business
cycle
(3) When reviewing policies and strategies, the management body is responsible for the
proper communication with The National Bank of Romania Monitoring Division and
other interested parts
(4) In the meaning of para. (1) letter c), credit institutions must assess adequacy of personnel
holding key positions before the appointment thereof or to reassess their adequacy, if
the case, and to record the assessment/reassessment and the results achieved.
(5) If, following credit institutions assessment,, conclusion is drawn that key personnel is not
adequate, the credit institution must take proper measures.
Art. 13
(1) The management body of a credit institution shall monitor and periodically assess the
effectiveness of the governance arrangements of the credit institution and it shall take
proper measures to remedy any deficiency
(2) A review shall be performed at least once a year on the governance arrangements of the
credit institution and on implementation thereof. This review must take into
consideration any changes in internal and external factors affecting the credit institution.
Art. 14
(1) The management body, in its monitoring function, and the senior management must
interact efficiently.
(2) The management body, in its supervisory function, must:
a. be prepared and capable to contest and to dispose of the capacity to asses in a
critical yet constructive manner proposals, explanations and information provided by
the members of senior management;
b. monitor whether the strategy, risk tolerance / appetite and policies of the credit
institutions are implemented consistently and whether performance standards are
maintained as per long-term financial interests and solvability of the credit institution;
and
c. monitor performances of members of senior management in cross-reference with
respective standards.
(3) The senior management must provide to the management body, in its supervisory

function, periodically and without delay, depending on the case, information on elements
that are relevant in the assessment of a situation with impact on the credit institutions
management and on maintenance of its financial safety.
SUBSECTION 22: Membership and operation of the management body
Art. 15
(1) The management body must have an adequate number of members and a proper
structure.
(2) When determining the membership, credit institutions must assess adequacy of
members of management body based on the criteria provided by the Government
Emergency Ordinance no. 99/2006, regarding the credit institutions and the capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented. The
assessment will be made, ordinarily, before the occupancy of the respective function.
(3) Credit institutions must reassess the adequacy of members of the management body
when events occur that require such reassessment, to monitor on-going adequacy of
that person
(4) The management body must dispose of policies for selection, monitoring and planning
of progression of its members
(5) A credit institution must establish the size and membership of its management body
depending on the size and complexity of the credit institution and on the nature and
scope of its activities.
(6) If, following credit institutions assessment, conclusion is drawn that a person is not fit
to be appointed as member of the management body, the respective person must not
be appointed.
(7) If, following credit institutions assessment, conclusion is drawn that a member of the
management body is no longer adequate, the credit institution must take proper
measures to remedy this situation and to notify the National Bank of Romania in this
direction.
(8) Measures set forth in para. (6) and (7) may include, without limitation: adjustment
of responsibilities among members of the management body; replacement of
certain persons, training of members or of the entire management body to provide
that management bodys aggregate qualification and experience are sufficient.
Art. 16
(1) Management body members must take active part in the activity of a credit
institutions and they must be capable to take decisions and to deliver their own
professional judgements in a solid, objective and independent manner.
(2) Selection of members of the management body must provide the availability of
sufficient expertise and independence. The credit institution must provide that
members of the management body have the capacity to allocate time and sufficient
effort to execute their responsibilities in an efficient manner.
(3) Credit institutions must have written documents setting forth commitments
concerning the minimum expected time for effective participation in exercising in an
adequate mode the prerogatives for each management body member. Participation
of management bodys members in its supervisory position to the exercise of
supervisory attributions must be made public.
(4) Management bodys members must be capable to act in an objective, critical and
independent manner.

Art. 17
The management body must have a written policy concerning the management of conflicts
of interest for its members.
Art. 18
(1) Credit institutions must allocate human and financial resources adequate for the
integration and training of management bodys members
(2) In the meaning of para. (1), training programs adapted based on the need of each
member of the management body must take into account any inconsistency
between the needs of the credit institution and the actual knowledge of
management bodys members
Art. 19
Credit institutions and respectively their nomination committees, if the case, must consider
a wide range of competences and capacities when recruiting management bodys members
and, to this end, they must establish a policy for the promotion of diversity within the
management body
Art. 20
(1) The management body must define adequate practices and procedures, corresponding
to the governance framework for its own organisation and operation and it must dispose of
means assuring that such practices are monitored and reviewed periodically for
improvement purposes.
(2) In the meaning of para. (1), sound practices and procedures for the management body
corresponding to the governance framework include periodicity of meetings, work
procedures and minutes thereof, the role of management bodys chairman and the use of
committees.
Art. 21
(1) The management body in its supervisory function must take into consideration, based on
the size and complexity of credit institution, establishment of specialized committees
including management bodys members (other persons may also be invited to attend, based
on their specific expertise or due to the fact that their recommendations are relevant for a
certain issue).
(2) In the meaning of para. (1), delegation of responsibilities to such committees should not
exonerate in any way the management body in its supervisory function from collective
exercise of its attributions and responsibilities.
Art. 22
(1) Credit institutions must establish an audit committee.
(2) An audit committee must, among other things:
a) monitor efficacy of internal control, internal audit and risk management
b) supervise external auditors of the credit institution;
c) recommend to the management body and other shareholders the appointment,
remuneration and revocation of external auditors;
d) assess and approve the scope and periodicity of internal audit;
e) assess internal audit reports;

f) verify timely adoption, by the senior management, of corrective measures required to

remedy control deficiencies, noncompliance with legal and regulatory framework and
with policies, as well as with other deficiencies identified buy auditors.
(3) The audit committee must also supervise implementation of accounting policies by the
credit institution.
(4) The chairman of the audit committee must be independent in case when the chairman is
a former member the credit institutions senior management, he/she may take the chair
only after expiration of a corresponding period of at least one year.
(5) Overall, members of the audit committee must have recent practical and relevant
experience in financial markets or must have acquired, following previous activities,
sufficient professional experience directly related to activities on the financial markets. The
chairman of the audit committee must have specialised knowledge and experience in
implementation of accounting principles and internal control processes.
Art. 23
(1) Credit institutions that are material in size, internal organisation and nature, extent and
complexity of activities must set up a risk management committee comprised of
management bodys members that do not hold any executive position in respective credit
institution. Members of the risk management committee must have adequate knowledge,
competences and expertise to fully understand and monitor the strategy concerning risk
management and risk appetite of the credit institution
(2) The risk management committee must provide advice to the management body
concerning the risk appetite and the credit institutions overall strategy on current and
future risk management and it must assist the management body in overseeing of
implementation of respective strategy by the senior management. The overall responsibility
concerning risk administration shall still fall under the management body.
(3) The risk management committee shall review whether prices of liabilities and assets
offered to clients take fully into account the institution's business model and risk strategy.
Where prices do not properly reflect risks in accordance with the business model and risk
strategy, the risk committee shall present a remedy plan to the management body.
(4) The National Bank of Romania may allow an institution which is not considered material
in the meaning of para. (1), to join the risk committee with the audit committee. Members
of the joint committee shall have the knowledge, skills and expertise required for the risk
management committee and for the audit committee.
(5) In order to assist in the establishment of sound remuneration policies and practices, the
risk management committee shall, without prejudice to the tasks of the remuneration
committee, examine whether incentives provided by the remuneration system take into
consideration risk, capital, liquidity and the likelihood and timing of profits.
Art. 24
(1) Credit institutions that are material in size, internal organisation and nature, extent of
complexity of their activities must establish a nomination composed of members of the
management body who do not perform any executive function in the institution concerned
(2) The nomination committee shall:
a) identify and recommend, for the approval of the management body or for approval of the
general meeting, candidates to fill management body vacancies, evaluate the balance of
knowledge, skills, diversity and experience of the management body and prepare a
description of the roles and capabilities for a particular appointment, and assess the time

commitment expected;
b) periodically, and at least annually, assess the structure, size, composition and
performance of the management body and make recommendations to the management
body with regard to any changes;
c) periodically, and at least annually, assess the knowledge, skills and experience of
individual members of the management body and of the management body collectively, and
report to the management body accordingly;
d) periodically review the policy of the management body for selection and appointment of
senior management and make recommendations to the management body
(3) In the meaning of para. (2) letter a), the nomination committee shall decide on a target
for the representation of the gender, masculine or feminine, underrepresented in the
structure of the management body and prepare a policy on how to increase the number of
these persons in the structure of the management body in order to meet that target. The
target, policy and its implementation shall be made public in accordance with Art. 435 (2)
letter (c) of Regulation (EU) No. 575/2013.
(4) The nomination committee must provide active contribution to the fulfilment of credit
institutions responsibilities by adoption of corresponding internal policies concerning
assessment of adequacy of management bodys members and of individuals holding key
positions in the meaning of art. 12 para. (1) letter c) and art. 17 para. (4). Assessment of
adequacy of management bodys members and of personnel in key positions, achieved both
initially and ulterior, on an on-going basis, must be primarily under credit institutions
responsibility.
(5) In performing its duties, the nomination committee shall, to the extent possible and on
an ongoing basis, take account of the need to ensure that the management body's decision
making is not dominated by any one individual or small group of individuals in a manner that
is detrimental to the interests of the institution as a whole.
(6) The nomination committee shall be able to use any forms of resources that it considers
to be appropriate, including external advice, and shall receive appropriate funding to that
effect
SUBSECTION 23: General governance framework
Art. 25
(1) The management body shall develop and promote high ethical and professional
standards
(2) In the meaning of para. (1), implementing appropriate standards (e.g. a code of conduct)
for professional and responsible behaviour throughout an institution should help reduce the
risks to which it is exposed.
Art. 26
(1) The management body shall establish, implement and maintain effective policies to
identify actual and potential conflicts of interest. Conflicts of interest that have been
informed to and confirmed by the management body shall be appropriately managed.
(2) In the meaning of para. (1), A written policy should identify the relationships, services,
activities or transactions of an institution in which conflicts of interest may arise and shall
state how these conflicts should be managed.
(3) A parent company, Romanian legal entity, should consider and balance the interests of

all its subsidiaries, and consider how these interests contribute to the common purpose and
interests of the group as a whole over the long term.
(4) The conflict of interest policy should set out measures to be adopted to prevent or
manage conflicts of interest. Such procedures and measures might include:
a) adequate segregation of duties, e.g. entrusting activities that may generate conflicting
situations within the chain of transactions or of services to different persons or entrusting
supervisory and reporting responsibilities for conflicting activities to different persons;
b) establishing information barriers, and
c) preventing people who are also active outside the institution from having inappropriate
influence within the institution regarding those activities.
Art. 27
(1) The management body shall put in place appropriate internal alert procedures for
communicating internal concerns from the staff convening governance framework.
(2) An institution should adopt appropriate internal alert procedures that staff can use to
draw attention to legitimate concerns and of substance regarding matters connected with
internal governance. These procedures should respect the confidentiality of the staff that
raises such concerns. To avoid conflicts of interest there should be an opportunity to raise
concerns outside regular reporting lines (e.g. through the Compliance function or the
Internal Audit function or an internal whistleblower procedure). The alert procedures should
be made available to all staff within an institution. Information provided by the staff via the
alert procedure should, if relevant, be made available to the management body.
(3) In addition to the internal alert procedures, the staff of a credit institution shall inform
the National Bank of Romania Monitoring Division about the legitimate concerns and of
substance provided in para. (2).

SECTION 3: Risk management

Art. 28 Risk management within a credit institution involves:
a) A risk-related culture in place;
b) A risk management framework in place;
c) A policy in place for approval of new products.
SUBSECTION 31: Risk culture
Art. 29
(1) Credit institutions shall develop an integrated and institution-wide risk culture, based on
a full understanding of the risks it faces and how they are managed, taking into account
credit institutions risk tolerance/appetite.
(2) Every member of the credit institution should be fully aware of his or her responsibilities
relating to risk management. The responsibility related to risk management must not be
limited to the level of the specialists in the risk domain or that of the control functions.
Business units, under the oversight of the management body, should be primarily
responsible for managing risks on a day-to-day basis, taking into account the credit
institutions risk tolerance/appetite and in line with its policies, procedures and controls.
(3) The the management body must dedicate sufficient time to consideration of risk issues.
(4) In the meaning of para. (3), the management body shall be actively involved in and

ensure that adequate resources are allocated to the management of all material risks
addressed herein and in Regulation (EU) no. 575/2013, as well as in the valuation of assets,
the use of external credit ratings and internal models relating to those risks.
(5) A credit institution should have a holistic risk management framework extending across
all its business, support and control functions, recognizing fully the economic substance of
its risk exposures and encompassing all relevant risks. The scope of risk management should
cover the credit, market, liquidity and operational risks, but should also include
concentration, reputational, compliance and strategic risks.
SUBSECTION 32: Risk management framework
Art. 30
(1) A credit institution's risk management framework shall include policies, procedures,
limits and controls providing adequate, timely and continuous identification, measurement
or assessment, monitoring, mitigation and reporting of the risks posed by its activities at the
business line and institution-wide levels.
(2) A credit institution's risk management framework should provide specific directions on
the implementation of its strategies.
(3) When identifying and measuring risks, a credit institution should develop forwardlooking and backward-looking tools. These tools should allow for the aggregation of risk
exposures across business lines and should support the identification of risk concentrations.
(4) The ultimate responsibility for risk assessment lies solely with the credit institution which,
accordingly, should evaluate its risks critically and should not rely exclusively on external
assessments.
(5) The credit institutions should establish regular and transparent reporting mechanisms so
that the management body and all relevant units in that credit institution are provided with
reports in a timely, accurate, concise, understandable and meaningful manner and can
exchange relevant information about the identification, measurement or assessment and
monitoring of risks. The reporting framework should be well defined, documented and
approved by the management body.
(6) In the meaning of para. (5), the credit institution shall establish reporting lines to the
management body that cover all material risks and risk management policies and changes
thereof.
(7) The management body in its supervisory function and, where a risk committee has been
established, the risk committee must have adequate access to information on the risk
situation of the credit institution and, if necessary and appropriate, to the risk management
function and to external expert advice.
(8) The management body in its supervisory function and, where one has been established,
the risk committee shall determine the nature, the amount, the format, and the frequency
of the information on risk which it is to receive.
Art. 31
The management framework for material risks must be clearly and transparently translated
into internal regulations, procedures, including manuals and codes of conduct, with
segregation between the general standards applicable to entire personnel and specific
regulations applicable only to certain personnel categories.
SUBSECTION 3 3: New products
Art. 32
(1) A credit institution shall have in place a well-documented new product approval policy,

approved by the management body, which addresses the development of new markets,
products and services and material changes to existing ones.
(2) The risk management function should be involved in approving new products or material
changes to existing products. The risk management function should also have a clear
overview of the roll-out of new products (or material changes to existing products) across
different business lines and portfolios and the competence to require that changes to
existing products go through the formal new product approval policy.
SECTION 4: Internal control
Art. 33
The internal control of a credit institution involves:
a) A sound internal control framework in place;
b) Independent control functions in place.
SUBSECTION 4 1: Internal control framework
Art. 34
(1) A credit institution shall develop and maintain a sound and comprehensive internal
control framework, including specific independent control functions with appropriate
authority to fulfil their mission.
(2) The internal control framework should cover the whole organisation, including the
activities of all business, support and control functions.
(3) The internal control framework should be appropriate for a credit institutions business,
with sound administrative and accounting procedures.
(4) In order to implement a strong internal control framework in all areas of the credit
institution, the business and support functions should be responsible in the first place for
establishing and maintaining adequate internal control policies and procedures.
Art. 35
(1) An appropriate internal control framework also requires verification by independent
control functions that these policies and procedures are complied with. The control
functions should include a risk management function, a compliance function and an internal
audit function.
(2) The control functions should be established at an adequate hierarchical level and there
must exist reporting lines directly to the management body. They should be independent of
the operational and support functions they monitor and control, as well as organisationally
independent in relation with the other. The group control functions should oversee is
subsidiaries control functions.
(3) In order for the control function to be regarded as independent the following conditions
should be met:
a) its staff does not perform any tasks that fall within the scope of the activities the
control function is intended to monitor and control;
b) the control function is organisationally separate from the activities it is assigned to
monitor and control;
c) the head of the control function is subordinate to a person who has no responsibility
for managing the activities the control function monitors and controls. The head of the
control function generally should report directly to the management body and any
relevant committees and should regularly attend their meetings; and

d) the remuneration of the control functions staff should not be related to the
performance of the activities the control function monitors and controls, but to successful
fulfilment of objectives assigned, and therefore it should not compromise their objectivity.
(4) Control functions should have an adequate number of qualified staff (both at parent
credit institution and subsidiary level in groups). The staff, which must be entrusted with
proper authorities, should be qualified on an on-going basis, and should receive proper
training. They should also have appropriate data systems and support at their disposal, with
access to the internal and external information necessary to meet their responsibilities.
(5) Control functions should regularly submit to the management body formal reports on
major deficiencies identified. These reports should include follow-up measures on earlier
findings and, for each new identified major deficiency, the relevant risks involved, an impact
assessment and recommendations. The management body should act on the findings of the
control functions in a timely and effective manner and require adequate remedial action.
Art. 36
(1) Without any prejudice to provisions in art.60, control functions cannot be outsourced.
(2) In the meaning of this Regulation, centralisation of control functions in the parent credit
institution is not considered outsourcing from the standpoint of subsidiary credit institutions,
Romanian legal entity.
(3) In case of centralisation of control functions, credit institutions shall provide compliance
with provisions in art. 7.
(4) Subsidiary credit institutions, Romanian legal entity, part of a group where the parent
credit institution centralises control functions, must observe provisions herein concerning
organisation of control functions.
(5) The central house of credit cooperatives shall provide coordination of risk management,
compliance and internal audit functions also for affiliated credit cooperatives.
SUBSECTION 4 2: Risk management function
Art. 37
(1) Depending on the size, internal organisation and on the nature, extent and complexity of
activities, the credit institutions must have a risk management function independent from
the operational functions, provided with sufficient authority, stature, resources and access
to the management body.
(2) The risk management function should be central organisational feature of the credit
institution, structured so it can implement risk policies and control the risk management
framework.
(3) Large, complex and sophisticated credit institutions may consider establishing dedicated
risk management functions for each material business line. However, the credit institution
should include central risk management function (including, as the case may be, a groupwide risk management function in the parent company of a group) to deliver a holistic view
on all risks.
(4) The central house of credit cooperatives shall provide that strategic policies and
objectives of each affiliated credit cooperative are consistent with those of the central house
and with the overall risk appetite and objectives set forth by the central house., for that
purpose, the central house of credit cooperatives shall define policies and principles for the
assessment and measurement of risks and it shall determine risk control procedure at the
level of credit cooperative network and for each affiliated credit cooperative.
Art. 38

The risk management function must provide that all material risks are identified, measured
and properly reported.
Art. 39
The risk management function shall play a key role within the credit institution, ensuring
that it has effective risk management processes in place, being involved in
a) elaboration and review of strategies, and decision-making process;
b) assessment of transactions with related parties;
c) identification of risks incurred by complexity of legal structure of a credit institution;
d) assessment of material changes;
e) internal measurement and assessment of risks;
f) risk monitoring;
g) unapproved exposures.
Art. 40
(1) In the meaning of art. 39 letter a), the risk management function must be actively
involved in elaboration of credit institution's risk strategy and in all material risk
management decisions regarding the material risk management and that it can deliver a
holistic view of the whole range of the credit institutions risks.
(2) In the meaning of para. (1), the risk administration function must provide to the
management body all the relevant information about risk (for example, by using a
technical analysis about the risk exposure) in order to permit the establishment of the
risk tolerance/appetite level of the credit institution.
(3) The risk administration function must also evaluate the risk administration strategy,
including the targets proposed by the operational units, and accord advice to the
management body before taking any decision. The targets, including the credit rating and
capital rate of return, must be plausible and consequent.
(4) The risk administration function must distribute the implementation responsibility of the
strategy and of the policy regarding a credit institutions risk administration with all the
operational units within this. While the operational units must implement the relevant
risk limits, the risk administration function must be responsible with assuring that the
limits are in conformity with the general risk appetite/tolerance of the credit institution
and with the monitoring on an on-going basis in order that the credit institution to not
assume excessive risks.
(5) Regarding the implication of the risk administration function in the decisive process, this
should assure that the aspects regarding are taken into consideration in an adequate
mode. With all this, the operational units and the support functions and, lastly, the
management body should remain responsible for their decisions.
Art. 41
In the meaning of art. 39 letter b), the risk administration function must make sure that the
transactions with the affiliate parties are analyzed, and that the actual or potential risks that
these presume for the credit institution are identified and evaluated in an adequate mode.
Art. 42

In the meaning of art. 39 letter b), the risk administration function must have as an objective
the identification of the significant risks that result from the existence of a complex judicial
structure.
Art. 43
(1)
In the meaning of art. 39 letter d), the risk administration function must evaluate the
mode in which any identified significant risk could affect the capacity of the credit institution
or of the group to manage their risk profile and to mobilize the financing and the capital in
normal conditions and unfavourable conditions.
Art. 44
In the meaning of art. 39 letter e), the risk administration function must make sure that the
measurement and internal evaluation of a credit institutions risk cover an adequate area of
scenarios and it is based on assumptions sufficiently conservative regarding dependence and
correlation. These shall include a qualitative perspective at the whole level of the credit
institution (including the experts reasoning) of the relation between the risks and profitability
of the credit institution and the external operation environment of this.
Art. 45
(1) In the meaning of art. 39 letter f), the risk management function must provide that all
identified risks can be monitored efficiently by the business units. The risk management function
must monitor, periodically, the actual risk profile of the credit institution and to assess it by
cross-reference to credit institutions strategic objectives and to the risk tolerance / appetite to
allow managements decision-making process and taking it under discussion by the managerial
body in its supervisory position.
(2) The risk management function must assess trends and identify new or emerging risks arising
from changing circumstances and conditions. It must also review, periodically, the current riskrelated results compared to previous assessments (e.g., back-testing) in order to evaluate and
improve accuracy and efficacy of the risk management process.
(3) The group-level risk management function must monitor risks approved by the branch
offices. Inconsistencies with the centrally approved strategy must be reported to the relevant
managerial body.

Art. 46
(1) In the meaning of art. 39 letter g), the risk management function must assess, independently,
any breach of, or incompliance with (including the cause thereof and a legal and economical
evaluation of the actual costs required for closing, reducing or covering the exposure
compared to potential costs incurred by its maintenance) strategies, risk tolerance / appetite
or risk thresholds. The risk management function must inform, if the case, the business units
involved and it must recommend possible remediation measures.
(2) The risk management function must have an important role when providing that a decision
based on its recommendations is taken at an adequate level, is complied with by the relevant
business units and reported in a proper manner to the managerial body, to the risk
management committee and to business units or to support functions.
(3) A credit institution must take proper measures against internal or external fraudulent
conduct and against improper behavior (e.g., breaching of internal procedures, incompliance
with limits).

Art. 47
When necessary, the risk management function must be able to report directly to the
management body in its supervisory function, independently from senior management, and to
raise concerns and warn that body, where appropriate, where specific risk developments
affect or may affect the credit institution, without prejudice to the responsibilities of the
management body in its supervisory and/or superior managerial functions pursuant to

provisions of Government Emergency Ordinance no. 99/2006 on credit institutions and capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented, of this
Regulation and of Regulation (EU) no. 575/2013.
Art. 48
(1) The coordinator of the risk management function shall be an independent member of
senior management with distinct responsibility for the risk management function. Where the
nature, scale and complexity of the activities of the credit institution do not justify a specially
appointed person from the superior management members, another person from the persons
holding a key-position of the credit institution (senior person)may fulfil that function, provided
there is no conflict of interest .
(2) The coordinator of the risk management function shall not be revoked without prior
approval of the management body in its supervisory function and shall be able to have direct
access to the management body in its supervisory function where necessary.
SUBSECTION 43: Compliance function
Art. 49
The credit institution must have an adequately staffed, permanent and efficient compliance
function for managing their compliance risks.
Art. 50
(1) The credit institutions shall approve and implement a compliance policy which should be
notified to all staff.
(2) The compliance function of a credit institution should provide that the compliance policy is
observed, and report to the management body on the management of compliance risk.
(3) In the meaning of para. (2), the findings of the compliance function should be taken into
account by the management body within the decision-making process.
Art. 51
The compliance function should advise the management body on provisions in laws, rules,
regulations and standards the credit institution needs to meet, and assess the possible
impact of any changes in the legal or regulatory environment on credit institutions activities.
Art. 52
The compliance function should also verify that new products and new procedures are
compliant with the current legal environment in force and any amendments included in the
adopted normative documents whose provisions will be applicable after.
Art. 53
A coordinator of the compliance function is appointed at credit institution level and at group
level (the compliance officer or the compliance function coordinator)
SUBSECTION 4 4: Internal audit function
Art. 54
(3) Credit institutions must have an internal audit function, which shall assess whether the
quality of a credit institutions internal control framework is both effective and efficient.
(4) The internal audit function must assess the compliance of all activities and operational
units of the credit institution (including the risk management and the compliance
functions) with the credit institutions policies and procedures in this regard, the internal
audit function must not be combined with any other function.
(5) The internal audit function must also assess whether the existing policies and
procedures remain appropriate and are in compliance with the legal and statutory

requirements.
Art. 55
With no prejudice to provisions in art. 60, the internal audit function shall be organized as
per regulations issued by the Romanian Chamber of Financial Auditors.
Art. 56
The internal audit function should have unlimited access to relevant documents and
information in all business and control units.
Art. 57
(1) The internal audit function should verify primarily integrity of processes providing
credibility to methods and techniques, premises and information sources of credit institution,
used in its internal models (e.g. the use of risk models and accounting expertise).
(2) The internal audit function should also assess the quality and method of use of
qualitative tools for identification and assessment of risks.
(3) The internal audit function should not be directly involved in the design or selection of
models or other risk management tools.
Art. 58
(1) The internal audit function should report directly to the management body and to the
audit committee its findings and proposals concerning the material improvement of internal
controls.
(2) All recommendations provided by the internal audit function should be subject to a
formal follow-up procedure by the respective levels of management to ensure and report
their resolution.
Art. 59
(1) The management body must encourage personnel within internal audit function to
adhere to national and international professional standards.
(2) Activities of the internal audit function must be developed in compliance with an audit
plan and detailed audit schedules based on a risk approach.
(3) The audit plan should be approved by the audit committee
Art. 60
(1) The management body of credit institutions may, in case where for performance of
internal audit commitments special expertise is required, based on proper fundaments,
decide to outsource the internal audit activity only with regard to credit institutions
activities, other than those set forth in art. 18 para. (1) letter a) n) in Government
Emergency Ordinance no. 99/2006 concerning credit institutions and capital adequacy,
approved by Law no. 227/2007, as further amended and supplemented, to the end of
performing this activity in co-participation or sub-contracting. When taking this decision,
provisions in section V related to outsourcing shall apply correspondingly.
(2) In the meaning of para. (1), performance of internal audit activities in co-participation
shall be achieved using, for execution of internal audit commitments, both own personnel
activating within the internal audit function, and also external resources.
(3) In the meaning of para. (1), performance of internal audit activities through subcontracts
considers situations when an internal audit commitment or only part thereof is performed
by an external partner, usually for a limited time period.
SECTION 5: Information system and on-going activities
SUBSECTION 51: Information system and communication

Art. 61
A credit institution shall have effective and reliable information and communication systems
covering all its material activities.
Art. 62
(1) Information systems, including those that store and use data in electronic form, should
be secure, independently monitored and supported by adequate contingency arrangements
for unforeseen situations.
(2) When implementing informational systems, a credit institution should comply with
generally accepted IT Standards.
SUBSECTION 52: Business continuity management
Art. 63
A credit institution shall establish a sound business continuity management to ensure its
ability to operate on an on-going basis and limit losses in the event of severe business
disruption
Art. 64
(1) In order to establish a sound business continuity management, a credit institution should
carefully analyse its exposure to severe business disruptions and assess (quantitatively and
qualitatively) their potential impact, using internal and/or external data and scenario-based
analysis.
(2) Based on the assessment in para. (1), a credit institution should have in place:
a) Contingency and business continuity plans to provide that the credit institution reacts
appropriately to emergencies and is able to maintain its most important business
activities if there is disruption to its ordinary business procedures;
b) Recovery plans for critical resources to enable it to resume ordinary business
procedures in an appropriate timeframe. Any residual risk from potential business
disruptions should be consistent with the credit institutions risk tolerance/appetite.
SECTION 6: Transparency
Art. 65
(1) To the end of providing transparency internally, strategies and policies shall be
communicated to all appointed staff throughout the credit institution.
(2) Credit institutions staff should understand and adhere to policies and procedures
pertaining to their duties and responsibilities.
(3) In the meaning of para. (1) and (2), the management body should inform and update the
appointed staff about the credit institutions strategies and policies in a clear and consistent
manner, at least to the level needed to carry out their particular duties.
Art. 66
(1) The internal governance framework of a credit institution shall be transparent.
(2) A credit institution shall present its current position and future prospects in a clear,
balanced, accurate and timely manner.
(3) The objective of transparency in the area of internal governance is to provide all relevant
interested parts of a credit institution (including shareholders, employees, customers and
the general public) with key information necessary to enable them to judge the effectiveness
of the management body in governing the credit institution.
Art. 67

A credit institution should publicly disclose at least the following:

a) its governance structures and policies, including its objectives, organisational structure,
internal governance arrangements, structure and organisation of the management body,
including attendances to the meetings thereof, and the incentive and remuneration
scheme of the institution;
b) the nature, extent, purpose and economic substance of transactions with affiliates and
related parties, if they have a material impact on the institution
c) how its business and risk management strategy is set (including the involvement of the
management body) and foreseeable risk factors;
d) its established committees and their mandates and membership;
e) its internal control framework and how its control functions are organised, the major
tasks they perform, how their performance is monitored by the management body and
any planned material changes to these functions and
f) material information about its financial and operating results.
CHAPTER II: The internal capital adequacy assessment process
SECTION 1: Provisions on the internal capital adequacy assessment process
Art. 68
(1) The internal capital adequacy assessment process of a credit institution should form an
integral part of that credit institutions management process and decision-making culture.
(2) In the meaning of para. (1), the internal capital adequacy assessment process of a credit
institution should provide the management body with the opportunity to perform ongoing assessment of the credit institutions risk profile and the level of adequacy of
internal capital in relation therewith.
(3) The internal capital adequacy assessment process of a credit institution must be formally
documented in internal norms.
(4) During the internal capital adequacy assessment process, credit institutions should
perform the following:
a) identification, measurement, mitigation and reporting of risks that the credit institution
is or may be exposed to, for an on-going measurement and assessment of internal capital
requirements;
b) planning and maintenance of internal capital resources required for adequacy of
capital to the credit institutions risk profile.
Art. 69
Credit institutions should inform the National Bank of Romania Supervisory Direction with
regard to:
a) The method of structuration of internal capital adequacy assessment process;
b) Premises that are used to determine risks, per sectors and types of risks;
c) Sensitivity to risks and confidence levels assigned to risk quantification;
d) Method of aggregation of risks to determine the internal capital requirements.
e) b) Premises that are used to determine internal capital availabilities, including the time
period considered in internal capital planning.
Art. 70
(1) To the end of internal capital adequacy assessment process, the credit institution should

identify and asses all material risks that the credit institution is or may be exposed to,
including:
a) Risks for which, as per Regulation (EU) no. 575/2013, capital requirements are
regulated, including the major differences between the regulated treatment of risks for
calculation of minimum capital requirements and the treatment set forth in the internal
capital adequacy assessment process;
b) a) Risks that are not fully covered by regulated capital requirements:
(i) risks arising from application of less sophisticated approaches underestimation of
credit risk while using the standard approach, underestimation of operational risk while
using the basic approach or the standard approach;
(ii) underestimation for non-reimbursement losses in stress situations;
(iii) residual risks corresponding to credit risk mitigation techniques; and
(iv) securitization risks;
(v) risks incurred by credits in foreign currencies awarded to borrowers that are
exposed to currency risks.
c) Risks like: interest rate risk for activities outside the trading portfolio, concentration risk,
liquidity risk, risk associated with the excessive use of leverage effect, reputational risk
and strategic risks. For risks included in this category, credit institutions may use
qualitative methods for assessment and mitigation;
d) Risks external to the credit institution, respectively risks corresponding to regulatory,
economic or credit institutions business environment, that are not incidental to situations
described in letter a) c).
(2) In accordance with the proportionality principle defined in art. 148 para. (2) in
Government Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy,
approved by Law no. 227/2007, as further amended and supplemented, credit institutions
should establish the manner and the extent to which material risks are treated in the
internal capital adequacy assessment process. Accordingly, credit institutions should
establish the risks for which they will determine an internal capital for their coverage as well
as those risks for which other methods will be used for their management and mitigation.
Art. 71
Credit institutions shall have an internal capital adequacy assessment process at solo level
and, where relevant, at consolidated level, accordingly to the provisions of the title V
Consolidated Supervision herein.
Art. 72
The provisions of Art. 149 of the Government Emergency Ordinance No. 99/2006, approved
as further amended and supplemented by Law No. 227/2007, subsequently amended and
supplemented, shall be applied by the central body of the credit cooperatives both at solo
and at cooperative network level.
Art. 73
(1) Credit institutions are responsible for their internal capital adequacy assessment process,
as well as for setting internal capital targets that are consistent with their risk profile and
their operating environment.
(2) The internal capital adequacy assessment process shall be tailored to the credit
institutions needs and it shall use the inputs and definitions that the credit institutions

normally use for internal purposes.

(3) In the meaning of para. (2), a credit institution may use its own definitions for risks and
for the materiality level of a risk, albeit that it shall be able to explain these to the
Supervisory Direction of the National Bank of Romania, including the methods used, the
coverage of all material risks and how the approach used by the credit institution relates
to the obligations imposed by Regulation (EU) no. 575/2013concerning calculation of
capital requirements.
(4) In the meaning of para. (2), credit institution may use its own definitions for the internal
capital and its components subject to the provision of clarifications to the National Bank
of Romania Supervisory Direction, specifying the methodology used to determine the
internal capital available to the credit institution.
Art. 74
Credit institutions shall clearly establish within the internal capital adequacy assessment
process the risk types for which a quantitative measure concerning their assessment,
management and mitigation is used, and those risks for which a qualitative approach of
these issues is used.
Art. 75
(1) The internal capital adequacy assessment process shall take into account the credit
institutions strategic plans and how they relate to macro-economic factors.
(2) In the meaning of para. (1), credit institutions shall develop a strategy for maintaining
capital levels, which shall incorporate factors such as: loan growth expectations, future
sources and uses of funds, dividend policy and any pro-cyclical variation, within an
business cycle, of the minimum own funds requirements regulated according to the
Regulation (EU) no. 575/2013.
(3) Credit institutions shall have an explicit capital plan, approved by the management body,
which includes at least the following:
a) the credit institution's objectives and the time horizon for achieving those objectives;
b) a general description of the capital planning process and the responsibilities for that
process;
c) how the credit institution shall comply with capital requirements in the future;
d) any relevant limits related to capital;
e) general contingency plan for dealing with divergences and unexpected events, such as
possible capital increase, restricting business or the use of risk mitigation techniques.
(4) In the capital plan, credit institutions establish as objective an internal level of the capital
requirement, considering the risk profile, economic environment in which they operate, the
quality of processes of internal control and risk management, strategic plans, quality of the
available internal capital, etc.
(5) Credit institutions shall conduct appropriate stress tests which take into account
elements such as the risks specific to the jurisdiction where they operate and the stage of
the business cycle.
(6) Credit institutions shall use the results of stress testing both in the planning of the
available internal capital, and in the determination of the internal capital requirements
adequate to the risk profile.
(7) Credit institutions shall analyse the impact that new regulatory framework, actions of

competitors or other factors may have on their performance, in order to determine what
changes in the operating environment they could support.
Art. 76
(1) Credit institutions may design their internal capital adequacy assessment process in ways
to use approaches such as:
a) use of the results produced by the regulatory methodologies for the calculation of risks
capital requirements provided by Regulation (EU) no. 575/2013 and taking into account
some risks such as concentration risk, residual risk of credit risk mitigation and
securitisation or interest rate risk arising from non-trading activities. In the case of this
approach, credit institutions shall demonstrate that they analysed all risks outside the
scope of the abovementioned regulation and found them to be absent, non-material or
they calculated a capital requirement that is additional to the one set out by
aforementioned regulation;
b) use of different methodologies for the different risk types and then calculation of a
sum of the resulting capital requirements. To this end, for a certain type of risk, credit
institutions may use other methodologies than those used for determination of minimum
regulated capital requirements;
c) use of complex methodologies.
(2) Credit institutions shall fundament the extent to which they take into account
diversification and correlation effects within the methodology.
(3) If for some risk categories information is not available in sufficient amounts, credit
institutions may also use estimates within the methodology.
(4) Credit institutions shall include in their internal capital adequacy assessment process
estimates of non-quantifiable risks, if they are material. This requirement might be eased if
the credit institutions can demonstrate to the Supervisory Direction of the National Bank of
Romania that they have an appropriate policy in place for mitigating/managing these risks.
Art. 77
(1) The internal capital adequacy assessment process shall be based on adequate
measurement and assessment processes.
(2) For the purpose of para. (1), credit intuitions must have appropriate policies in place for
assessment of material risks, other than those set forth in art. 71.
Art. 78
(1) The credit institutions internal capital adequacy assessment process shall be reviewed as
often as deemed necessary, but at least annually, in order to ensure that risks are covered
adequately and that capital coverage reflects the actual risk profile of the credit institution.
(2) For the purpose of para. (1), credit institutions shall review their internal capital
adequacy assessment process at least in the following situations: changes in the credit
institution's strategic focus, in the business plan, in the operating environment or any other
factors that materially affect assumptions or methodologies used in the respective process.
(3) Any new risks that occur in the credit institutions business shall be identified and
incorporated into its internal capital adequacy assessment process.
Art. 79
(1) Credit institutions shall design in detail the internal capital adequacy assessment process.

(2) The responsibility for initiating and designing the internal capital adequacy assessment
process rests with the credit institutions management body.
(3) In the meaning of para. (2), the credit institutions management body shall approve the
conceptual design - at a minimum, the scope, general methodology and objectives - of the
internal capital adequacy assessment process and the credit institutions senior
management is responsible for the details of the design the technical concepts.
(4) The credit institutions management body is responsible for integration of the capital
planning and capital management into the credit institutions overall risk management
culture and approach.
(5) In the meaning of para. (4), the management body shall ensure that capital planning
process, as well as process management policies and procedures are notified and
implemented institution-wide and supported by sufficient authority and resources.
(6) The credit institutions internal capital adequacy assessment process the policies,
methodologies, assumptions and procedures shall be formally documented, shall be
reviewed and approved by the credit institutions management body.
(7) The results of the credit institutions internal capital adequacy assessment process shall
be reported to its management body.
Art. 80
(1) A credit institutions internal capital adequacy assessment process shall produce a
determination and preservation of its available internal capital at an adequate level in terms
of the internal requirements related to the credit institutions risk profile.
(2) In the meaning of para. (1), credit institutions shall report to the National Bank of
Romania the level of surplus/deficit of capital resulted from the internal capital adequacy
assessment process. The reporting manner, as well as the frequency of transmission, are
established by the technical Standard for implementation issued for the enforcement of
Regulation (EU) no. 575/2013.
(3) In the meaning of para. (1), credit institutions shall be able to explain to the Supervisory
Direction of the National Bank of Romania the similarities and differences between the
result of its internal capital adequacy assessment process and the capital requirements
regulated by the National Bank of Romania.
Art. 81
The results and findings of the internal capital adequacy assessment process shall be fed into
the design and evaluation of the strategy and risk appetite.
Art. 82
(1) Notwithstanding the provisions of art. 69, any outsourcing of portions of the internal
capital adequacy assessment process must meet the provisions of Chapter V.
(2) Credit institutions retain full responsibility for their internal capital adequacy assessment
process regardless of the degree of outsourcing and they shall ensure that this fully reflects
their specific situation and individual risk profile.
SECTION 2: Material risks management
SECTION 21: Credit risk
SUBSECTION 21^1: General provisions on credit risk and country risk
PART 1: 2.1.1.1 General provisions on credit risk
Art. 83

Credit institutions shall have a proper credit risk management framework ion place, that
takes into account the risk profile and the risk appetite of the credit institution, as well as
market and macro-economic conditions. It shall include policies and processes to identify,
measure, assess, monitor, report and control or mitigate credit risk1 , including counterparty
credit risk2 in due time.
1)

The credit risk may arise from: on-balance and off-balance exposures, including advanced
credits and amounts, investments, inter-bank credits, transactions with derivatives,
financing transactions with securities, and trading activities.
2)
The counterparty credit risk includes exposures to the credit risk arising from derivatives
and other over-the-counter financial instruments.
Art. 84
(1) A credit institutions management body approves, and periodically reviews (at least once
a year), the credit risk management strategy and material policies and processes for
assuming3, identifying, measuring, reporting, controlling or mitigating the credit risk including counterparty credit risk. Those strategy, policies and procedures shall cover the
credit institutions activities for which credit exposure leads to a material risk.
(2) The senior management shall implement the credit risk strategy and develop the policies
and processes provided by para. (1).
3)
Assuming includes assumptions of all risk types that give rise to credit risk, including
credit risk or counterparty credit risk associated to various financial instruments.
Art. 85
The credit institutions must comply with requirements set forth in art. 11 in Regulation (UE)
no. 648/2012 of the European Parliament and Council concerning over-the-counter
derivatives, central counterparties and central trading books, as well as with requirements
established by the regulatory technical standards adopted by the European Commission
based on competences invested therein, when concluding OTC derivative contracts that are
not compensated by central counterparties.

Art. 86
With regard to the credit risk and counterparty risk, credit institutions must:
a) to provide that credit portfolio diversity is adequate considering the target markets and
overall credit strategies;
b) to have efficient systems for the on-going management and monitoring of various
portfolios bearing credit risk and of various exposures of institutions, including for the
identification and management of bad credits and for execution of value adjustments and
constitution of proper provisions;
c) to have internal methodologies that allow assessment of credit risks incurred by
exposures to individual borrowers, securities or securitization positions, as well as
portfolio-level credit risk.
Art. 87
Credit institutions must have in place policies and processes that provide a corresponding
and properly controlled environment for the credit risk, that include:
a) a well-documented and efficiently implemented strategy, as well as sound policies for
assuming the credit risk, without giving excessive certainty to external credit assessment;
where own funds requirements are based on a rating by an External Credit Assessment
Institution (ECAI) or based on the fact that an exposure is unrated, this shall not exempt
credit institutions from the obligation to additionally consider other relevant information
for assessing their allocation of internal capital;

b) efficient credit management policies and processes, that include on-going assessment
of clients capacity and availability to repay debts in due time (including review of support
assets performance in case of securitization exposures), monitoring of documentation, of
contractual clauses, of securities and of other credit risk mitigation form;
c) efficient informational systems to identify, aggregate and accurately and timely report
credit risk exposures to the management body, on on-going basis;
d) prudent and proper credit limits, consistent with the risk appetite, risk profile and
soundness of credit institutions capital, that are regularly notified to relevant personnel,
and fully understood thereby.
e) processes for monitoring and reporting of exceptions that enable prompt actions at
proper levels of credit institutions management body, where needed, and
f) efficient controls, including with regard to quality, confidence and relevance of data and
concerning validation procedures for the use of models that identify and measure the
credit risk and established limits.
Art. 88
Credit institutions shall ensure that the credit decisions are made independently, on an
arms length basis and free of conflicts of interest.
Art. 89
Credit institutions shall have well defined and sound criteria, policies and processes for
approving new exposures including prudent standards for assuming of exposures, and
modification, replacement and roll-over operations related to current exposures and
identifying the approval authority appropriate for the size and complexity of the exposures.
Art. 90
The credit policy of a credit institution shall provide that major credit risk exposures
exceeding a certain absolute amount or percentage of the credit institutions own funds, as
well as credit risk exposures with high credit risks or otherwise not in line with the credit
institutions mainstream activities, shall be approved by the credit institutions senior
management.
Art. 91
Credit institutions shall have in place procedures to assess collateral and to verify that those
collaterals are enforceable and realisable on an on-going basis.
Art. 92
(1) For the assessment of tangible collaterals in order to recognize their quality of credit risk
mitigants according to the National Bank of Romanias regulations, credit institutions take
into account the International Valuation Standards.
(2) For the assessment of tangible collaterals in order to recognize their quality of credit risk
mitigants according to the National Bank of Romanias regulations, credit institutions shall
have in view the International Valuation Standards, respective Guidelines on valuation for
guaranteeing loans issued by National Association of Valuators from Romania (ANEVAR).
(3) For the purpose indicated in para. (1) and (2), credit institutions shall perform the
valuation of tangible collaterals with persons having the qualification, competences and
experience necessary to perform a valuation and who are independent of the decisionmaking process related to the loan.

Art. 93
Credit institutions shall have policies and processes to monitor the total indebtedness of
entities to which they award credits, as well as any risk factor that may cause a nonreimbursement condition, including the uncovered currency risk.
Art. 94
In order for credit institutions own funds to maintain their capacity to ensure business
continuity and absorption of losses on an on-going basis, credit institutions shall incorporate
in an appropriate manner their foreign currency lending risks in their internal risk
management system for credit risk.
Art. 95
For the purpose of art. 94, credit institutions shall have in place policies and procedures
corresponding to the size and complexity of their activities in order to ensure an accurate
identification and assessment of the foreign currency lending risks for borrowers exposed to
currency risks and to reflect them both in their internal risk pricing processes and in internal
capital adequacy assessment process.
Art. 96
(1) Credit institutions shall document a method to determine the internal reference prices
for the foreign currency lending for unhedged borrowers taking into consideration all their
risks assumed.
(2) The method provided in para. (1) shall ensure the reflection in the internal reference
prices of the costs required for covering all their foreign currency lending risks in order to
ensure on-going business of the credit institution.
(3) In the meaning of para. (2) at least the following costs are considered:
a) the costs for the coverage of the expected losses that occur regularly in the normal
course of the activity;
b) the costs for the risks with low occurrence frequency but with high importance given
the level of losses that they can cause;
c) operating costs;
d) the costs relative to the financing sources of the credits denominated in foreign
currency.
Art. 97
For the purpose of art. 95, within the internal capital adequacy assessment process, the
credit institutions must determine, plan, maintain and allocate internal capital in order to
cover the risks incurred by the foreign currency lending awarded to unhedged borrowers.
(CERS fx lending recommendation)
PART 2: 2.1.1.2 General provisions on country risk
Art. 98
(1) Credit institutions shall have in place policies and processes that give due regard to the
identification, measurement, monitoring and control of country risk and transfer risk.
Processes must be consistent with credit institutions risk profile, systemic significance and
risk appetite, they should take into account the market conditions and the macroeconomic
conditions and they must provide a full overview on the credit institutions perception on
global level of exposure to country risk and to transfer risk.

(2) In the meaning of para. (1), exposures (including intra-group exposures where the case)
are identified, monitored and managed on an individual country basis - in addition to the
end-borrower/end-counterparty basis.
(3) Credit institutions shall monitor and evaluate developments in country risk and in
transfer risk and apply appropriate countermeasures.
Art. 99
The credit institutions management body shall approve strategies, policies and processes
concerning management of country risk and transfer risk and that perform such
management so that it provides that aforesaid policies and processes are implemented
efficiently and fully integrated in the overall risk management process of that credit
institution.
Art. 100
Credit institutions shall set limits concerning individual country exposures.
Art. 101
Credit institutions shall have information systems, risk management systems and internal
control systems that accurately and timely aggregate, monitor and report country exposures
and that ensure adherence to established country exposure limits.
SUBSECTION 21^2: Exposures to credit institutions related parties
Art. 102
(1) For the purposes of this subsection, the terms subsidiary, participation, qualified
participation shall have the meaning assigned in art. 4 para. (1) pt. 16, pt. 35, pt. 36 in
Regulation (EU) no. 575/2013.
(2) For the purposes of this subsection, the term control has the meaning assigned in art. 4,
para. (1) pt. 37 from the Regulation (EU) no. 575/2013and it follows the same condition like
the one associated to the control relation within art. 4 para, (1), pt. 39 from the same
Regulation.
(3) In the meaning of this subsection, the expression credit institutions related parties shall
include at least:
a) any entity controlled by the credit institution;
b) any entity that the credit institution holds participation in;
c) entities controlling the credit institution;
d) any entity where entities described in letter c) have control or hold participations;
e) shareholders having qualifying holdings in the credit institutions capital;
f) any entity where shareholders described in letter e) have either control or
participations;
g) members of the credit institutions management body, as well as individuals holding
key positions in that credit institution, together with:
(i) entities which those have/possess direct or indirect interests in; and
(ii) close family members, who may be expected to influence or be influenced by them
in their dealings with the credit institution - they may include: the individuals domestic
partner and children; children of the individuals domestic partner; dependents of the
individual or of the individuals domestic partner.
(4)Transactions with related parties include exposures incurred by on-balance and off-

balance credits, as well as relations like service contracts, sales and purchases of assets,
construction contracts, leasing agreements, transactions with derivatives, loans, and writeoffs. The term transaction must be construed in a broad meaning, to include not only
transactions that are concluded with related parties, but also the situations where a person
(to which the credit institution is exposed) that is not currently a related party becomes
subsequently a related party.
Art. 103
(1) Credit institutions shall have adequate policies and procedures to identify individual
exposures to / and transactions with related parties, to determine the total amount of such
exposures, as well as to monitor and report them through an independent credit review or
audit process.
(2) In the meaning of para. (1), exceptions to policies, procedures and limits shall be
reported to the senior management and, if necessary, to the management body in its
supervisory function, for timely action.
(3) In the meaning of para. (1), transactions with credit institutions related party shall be
monitored on an ongoing basis by the senior management, as well as by the management
body in its supervisory function.
Art. 104
(1) A credit institution shall not incur, after taking into account the effect of the credit risk
mitigation in accordance with art. 399 403 in Regulation (EU) no. 575/2013, an exposure to
the group of related parties of more than 25% of its eligible capital.
(2) Where the group of related parties includes one or more institutions, the value of
exposure to this group shall not exceed 25% of the credit institution's own funds or the
equivalent of EUR 150 million, whichever the higher, provided that, when the absolute limit
is applicable, the sum of the values of exposure to all related persons that are not
institutions does not exceed, after taking into account the effect of the credit risk mitigation
in accordance with art. 399 403 in Regulation (EU) no. 575/2013, 25% of credit institutions
eligible capital.
(3) Where the equivalent of EUR 150 million is higher than 25% of the credit institutions
own funds, the value of the exposure shall not exceed, after taking into account the effect of
credit risk mitigation in accordance with art. 399 403 in Regulation (EU) no 575/2013, a
reasonable limit in terms of the credit institutions own funds. That limit shall be determined
by credit institutions, consistently with its own policies and procedures, shall not be higher
than 100% of the credit institutions own funds and shall be at least as strict as the limit
provided in art. 395 para. (1) para. 2 in Regulation (EU) no. 575/2013.
(4) For the purposes of para. (1) (3), the exposure value shall be determined according to
the part IV Large Exposures in Regulation (EU) no. 575/2013.
Art. 105
(1) Any transaction that incurs the registration or the modification of an exposure to a
related party, exceeding a threshold amount set forth in the credit institutions internal rules,
as well as any transaction of this type which otherwise incurs special risks, shall subject to
the prior approval of the credit institutions management body.
(2) In the meaning of para. (1), the members of the credit institutions management body
having conflicts of interest are excluded from the related party transaction approval and
management process.
Art. 106
Credit institutions shall have adequate policies and processes in place to prevent

implications, in transactions approval and management process, of persons benefiting from

that transaction or persons related to such a person, referred to in art. 102 para. (2) letter g).
Art. 107
Credit institutions shall submit quarterly reports to the Supervisory Direction of the National
Bank of Romania on exposures to related parties.
SUBSECTION 21^3: Non-arms length transactions
Art. 108
(1) For the purposes of this subsection, terms and expressions below shall have the following
meaning:
a) group several entities (members), gathered on the basis of a certain criterion. The
credit institutions group shall mean the group of related clients which the credit
institution itself is part of. For the purposes of this definition, the particular case of a
single entity/member group shall also be taken into account;
b) entity or member of a group any entity or member, private individual or legal entity,
which is part of a group; in case of a credit institutions group, this shall also mean the
credit institution itself;
c) joint control sharing of control over an economic activity;
d) material influence the authority to participate in the decision making process
regarding financial policy and operating of an economic activity, but which does not
represent control or joint control over those policies;
e) group of private individuals with material influence over one or more entities within
the credit institutions group any group formed by private individuals, members of a
group of related clients, which has / exercises a material influence over the credit
institutions group. For the purposes of applying this definition, only those groups of
private individuals with material influence that include at least one member who is an
employee of an entity/entities within the credit institutions group shall be taken into
account. For the purposes of this definition, the particular case of a single member group
shall also be taken into account;
f) non-arms length transactions any transaction concluded by the parties from other
positions than those representing adverse economic interests.
(2) Some of the most often met cases of groups of private individuals with material influence
are:
a) the group of family members where one member has executive power; moreover,
cases may occur where a control-like relationship is present / exercised between a family
member and another person; in these cases the family members together with the
respective person represent a group of private individuals with material influence;
b) the group of family members where one member is administrator or a material
shareholder in one of the credit institutions group entities and another member is an
employee of the same/another entity within the respective group.
(3) In order to assess the character of a non arms length transaction the following issues,
without limitation, may be taken into account:
a) the credit institutions availability to conclude an identical or similar transaction with
any another person, proved by the wide access to this type of transaction;

b) the terms under which similar transactions are concluded and which prevail at the
moment of concluding that transaction;
c) an asset settlement or a liability offset at a value different from its fair value.
(4) Among the terms taken into consideration in para. (3) letter b) the following can be
mentioned:
a) in the case of lending transactions: credit assessment, credit term, interest rate,
repayment schedule, securities requested etc.;
b) in the case of deposit transactions the interest awarded.
Art. 109
(1) The credit institution shall not run other non arms length transactions except from
those specified in the incentives measures and remuneration packages for employees of the
credit institutions group members, considering that those packages stipulate non arms
length transactions which, if they are run with a member of the group of private individuals
with material influence, in the position of employee:
a) are widely available for the employees of entity/entities within the credit institutions
group, where that group of private individuals with material influence has or exercises
such influence; and
b) they do not favor any member of the group of private individuals with material
influence compared to employees of the entities within which the abovementioned group
has or exercises such influence.
(2) The non arms length transactions allowed as per para. (1) may be performed
exclusively with employees. Credit institutions must have in place procedures to outline
compliance with this requirement in case other persons are involved in corresponding
contracts.
(3) The non arms length transactions specified in the incentives measures and
remuneration packages for the employees of entities members of the credit institutions
group can be run only after their analysis and prior approval of the National Bank of
Romania.
(4) The National Bank of Romania may establish, using a different method than the credit
institution, whether an operation has characteristics which lead to its classification in non
arms length transactions category.
(5) Compliance with the requirements mentioned in para. (1) (3) va shall be monitored by
the National Bank of Romania on a solo and consolidated basis.
SECTION 22: Residual risk
Art. 110
(1) Credit institutions shall have in place written policies and procedures to approach and
manage the risk of known credit risk mitigation techniques proving less effective compared
to projections.
(2) Credit institutions must regularly, but at least annually, review the appropriateness,
effectiveness and operation of these policies and procedures.
SECTION 23: Concentration risk
Art. 111

Credit institutions shall ensure that the concentration risk arising from exposures to each
counterparty, including central counterparties, groups of connected counterparties, and
counterparties in the same economic sector, geographic region or from the same activity or
commodity, the application of credit risk mitigation techniques, and including in particular
risks associated with large indirect credit exposures such as a single collateral issuer, is
addressed and controlled including by means of written policies and procedures.
SECTION 24: Securitization risk
Art. 112
(1) Credit institutions shall provide that the risks arising from securitization transactions in
relation to which the credit institutions are investors, originators or sponsors, including
reputational risks, such as arise in relation to complex structures or products, are evaluated
and addressed through appropriate policies and procedures, to ensure that the economic
substance of the transaction is fully reflected in the risk assessment and management
decisions.
(2) Credit institutions that initiate renewable securitization transactions with early
amortization provisions shall provide that liquidity plans to address the implications of both
scheduled and early amortization are in place.
Art. 113
(1) Where the risk transfer of an originating credit institution is considered to be insufficient
or non-existent in relation to the securitized exposures - such as retaining or redeeming
material amounts of risk or cherry picking the exposures to be transferred via a
securitization -, the National Bank of Romania can require to that credit institution the
application of a higher capital requirement than the one prescribed under the Regulation
(EU) no. 575/2013, or, alternatively, may deny a credit institution from obtaining any
regulatory capital relief following treatment of securitization.
(2) Where the credit institution originating a securitization transaction retains the lowestlevel positions of the credit quality assessment scale and most of the credit risk embedded in
the exposures underlying the securitized transaction, the National Bank of Romania may
increase the capital requirement for particular exposures or even increase the overall capital
requirement level for that credit institution.
Art. 114
(1) When the National Bank of Romania Supervisory Direction ascertains that an
originating credit institution provided implicit non-contractual support to a securitization
transaction, it will be required to hold capital against all underlying exposures associated
with a structure of a securitization transaction as if they had not been securitized.
(2) In the meaning of para. (1), the credit institution shall disclose publicly that it has
provided implicit -non-contractual- support as well as the resulting adjustment in the capital
requirement.
(3) When the National Bank of Romania Supervisory Direction ascertains that a credit
institution provided implicit -non-contractual- support on more than one occasion, the
National Bank of Romania may take actions such as:
a) the credit institution may be prohibited to gain favorable treatment in determination of
capital requirements on securitized assets for a period of time to be established by the
National Bank of Romania;
b) the credit institution may be required to hold capital against all securitized assets as
though the credit institution took a commitment thereto, by applying a conversion factor

to the risk weight of the underlying assets;

c) for the purposes of capital requirement calculations, the credit institution may be
required to treat all securitized assets as if they remained on the balance sheet;
d) the credit institution may be required to hold regulatory capital in excess of the
minimum risk-based capital requirement.
Art. 115
(1) Prior to exercising a clean-up call option, a credit institution shall obtain the prior
approval of the National Bank of Romania.
(2) In the meaning of para. (1), approval application shall be accompanied by the rationale
for the credit institutions decision to exercise the call and the impact of the exercise of the
call on the credit institutions regulatory capital requirement.
(3) case of clean up call provisions triggered at a certain date, credit institutions shall set that
date no earlier than the expiration of period represented by duration or by the weighted
average life of the underlying securitization exposures.
SECTION 25: Market risk
Art. 116
Credit institutions shall ensure that policies and processes for the identification,
measurement and management of all material sources and effects of market risks are
implemented.
Art. 117 Credit institutions must have in place proper market risk management processes
that provide a complete overview at credit institution level concerning exposure to.
Art. 118
Market risk management processes must:
a) Be consistent with the risk appetite, risk profile, systemic materiality and level of
capitalization of the credit institution;
b) Take into account market and macroeconomic conditions, as well as the risk of material
depreciation of market liquidity;
c) Clearly describe roles and responsibilities involved in identification, measurement,
monitoring and control of market risk.
Art. 119
(1) The credit institutions must have in place strategies, policies and processes
corresponding to market risk management;
(2) Strategies, policies and processes set forth in para. (1) must be approved by the
management bodies of credit institutions, in their supervisory function. Such management
bodies must oversee how monitoring is performed, so that it provides that respective
policies and processes are applied efficiently and fully integrated in the overall risk
management process within credit institutions.
Art. 120
Credit institution must have in place proper policies and processes that provide an adequate
environment for market risk management and that include:
a) effective information systems for accurate and timely identification, aggregation,

monitoring and reporting of market risk exposure to the management body in its
supervisory function and to senior management;
b) appropriate market risk limits consistent with the credit institutions risk appetite, risk
profile and capital strength, and with managements ability to manage market risk and
which are understood by, and regularly communicated to, relevant staff;
c) exception tracking and reporting processes which provide prompt action at the
appropriate level of the senior management or management body in its supervisory
function, as the case may be;
d) effective control mechanisms around the use of models to identify and measure
market risk, and set limits; and
e) sound policies and processes for allocation of exposures to the trading book.
Art. 121
(1) Credit institution must have in place control systems and mechanisms that provide that
marked-to-market positions are reassessed frequently.
(2) All transactions must be captured on a timely basis and the valuation process must be
based consistent and prudent practices, as well as on reliable market data verified by a
function independent of the relevant risk-taking business units or, in the absence of market
prices, internal or industry-accepted models.
(3) To the extent that the credit institution relies on modelling for the purposes of valuation,
the respective credit institution is required to ensure that the model is validated by a
function independent of the relevant risk-taking businesses units.
Art. 122
The credit institutions must establish and maintain policies and processes for considering
valuation adjustments for positions that otherwise cannot be prudently valued, including
concentrated, less liquid, and stale positions.
Art. 123
The credit institutions must hold appropriate levels of capital and/or reserves to cover
unexpected losses and to make adequate value adjustments corresponding to uncertainties
incurred during determination of fair value of assets and liabilities.
Art. 124
For risk management purposes, the credit institutions must include market risk exposure
into their stress testing programs.
Art. 125
(1) The internal capital shall be adequate for material market risks that are not subject to an
own funds requirement.
(2) Credit institutions, which have, in calculating own funds requirements for position risk in
accordance with Part Three, Title IV, Chapter 2, of Regulation (EU) No 575/2013, netted off
their positions in one or more of the equities constituting a stock-index against one or more
positions in the stock-index future or other stock-index product shall have adequate internal
capital to cover the basis risk loss caused by the value of the Mures agreement or other
product's value not moving fully in line with that of its constituent equities.
(3) Credit institutions shall also have such adequate internal capital where they hold
opposite positions in stock-index futures which are not identical in respect of either their

maturity or their composition or both.

(4) Where using the treatment in Art. 345 of Regulation (EU) No 575/2013, credit
institutions shall ensure that they hold sufficient internal capital against the risk of loss
which exists between the time of the initial commitment and the following working day.
Art. 126
Where the short position falls due before the long position, credit institutions shall ensure
that institutions also take measures against the risk of a shortage of liquidity.
SECTION 26: Interest rate risk arising from non-trading activities
Art. 127
Credit institutions must implement systems to identify, evaluate and manage the risk arising
from potential changes in interest rates that affect a credit institutions non-trading activities.
Art. 128
(1) The credit institutions management body shall approve and periodically review the
interest rate risk strategy and the policies and processes for the identification, measuring,
monitoring and control of interest rate risk.
(2) The credit institutions management body shall provide that the interest rate risk strategy,
policies and processes are developed and implemented.
Art. 129
Credit institutions shall assign responsibilities for interest rate risk management to
individuals independent of, and with reporting lines separate from, those responsible for
trading and/or other risk-taking activities.
Art. 130
(1) to the end of compliance with requirements set forth in art. 127 herein, credit
institutions shall have in place comprehensive and appropriate interest rate risk
measurement systems and any used models and assumptions shall be validated on a regular
basis, but at least annually.
(2) The limits set out by the credit institutions shall reflect their risk strategy, shall be
understood by and regularly communicated to relevant staff.
(3) Every exception to established policies, processes and limits shall receive the prompt
attention from the senior management and, where necessary, from the management body
in its supervisory function.
Art. 131
(1) Credit institutions shall be able to demonstrate that their internal capital, calculated by
the internal capital measurement systems of the credit institution, also covers the interest
rate risk arising from non-trading activities.
(2) For the purposes of para. (1), credit institutions shall be able to calculate the potential
changes in their economic value resulting from changes in the levels of interest rates, as well
as the overall interest rate risk arising from non-trading activities at solo and consolidated
level.
(3) Credit institutions shall develop and use their own methodologies to calculate potential
changes in their economic value resulting from changes in the levels of interest rates, in
accordance with their risk profile and corresponding risk management policies. When the

credit institutions internal methodology is considered inadequate by the Supervisory

Direction of the National Bank of Romania or such methodology is not available, the credit
institution shall apply the standardized methodology described in the annex to this
Regulation, which is an integrant part hereof.
Art. 132
(1) Credit institutions must have the capacity needed to compute and report to the
Supervisory Direction of the National Bank of Romania the change in their economic value as
a result of applying a sudden and unexpected change/ changes in interest rates standard
shock/ shocks prescribed by the National Bank of Romania. The computing and the
reporting of the change in the economic value shall be carried out quarterly on a solo basis
and semi-annually on a consolidated basis and the National Bank of Romania shall issue
reporting regulations to this end.
(2) In the meaning of para. (1), the standard shocks size is 200 basis points, in both
directions, regardless of the currency.
(3) For the purpose of art. 166 para. (4), if as a result of applying the standard shock/shocks
set by the National Bank of Romania a credit institutions economic value would decline by
more than 20% of its own funds, the credit institution shall discuss with the Supervisory
Direction of the National Bank of Romania the necessary measures to be taken to mitigate
such potential decline, measures which may include, among others:
a) improvement of risk management arrangements;
b) variations to internal limits;
c) reduction of the risk profile;
d) increase in the amount of required regulatory capital.
Art. 133
(1) The National Bank of Romania shall periodically review the size of the shock/shocks
provided by Art. 132 in the light of changing circumstances, in particular the general level of
interest rates - for instance periods of very low interest rates- and their volatility.
(2) Credit institutions internal systems shall be flexible enough to compute their sensitivity
to any standardized interest rate shock that is prescribed by the National Bank of Romania.
Art. 134
(1) Credit institutions shall be able to measure their exposure, if material, and sensitivity to
changes in the shape of the yield curve, changes between different market rates -basis riskand changes to assumptions, for example those about customer behaviour.
(2) Credit institutions shall consider whether a purely static analysis of the impact on their
current portfolio of a given shock or shocks shall be supplemented by a more dynamic
simulation approach. Larger and/or more complex credit institutions shall take into account
scenarios where different interest rate paths are computed and where some of the
assumptions for example those about behaviour, contribution to risk and balance sheet
size and composition are themselves functions of interest rate level(s).
Art. 135
(1) Credit institutions shall perform periodically, at least annually, appropriate stress tests to
measure their vulnerability to loss under adverse interest rate movements.
(2) In the meaning of para. (1), stress tests shall be based on reasonable worst case scenarios
and shall capture all material sources of risk, including a breakdown of critical assumptions.
The credit institutions senior management shall consider these results when establishing
and reviewing policies, processes and limits for interest rate risk.

Art. 136
Credit institutions shall have well grounded, sound and documented policies to address all
issues that are important to their individual circumstances, issues that, without prejudice to
the principle of proportionality, may refer to:
a) the internal definition and setting of boundary between non-trading activities and
"trading activities;
b) the definition of economic value and its consistency with the method used to value
assets and liabilities, for example based on the discounted value of future cash flows, or
on the discounted value of future earnings;
c) the size and the form of the different shocks to be used for internal calculations;
d) the use of a dynamic and/or static approach in the application of interest rate shocks;
e) the treatment of on-going transactions affected by the interest rate risk, commonly
called pipeline transactions - including any related hedging;
f) the aggregation of multicurrency interest rate exposures;
g) treatment of the basis risk that arises from different interest rates indexes;
h) the inclusion (or non-inclusion) of non-interest bearing assets and liabilities which are
not booked in the trading book - including capital and reserves;
i) the treatment of current and savings accounts - the maturity attached to exposures
without a contractual maturity;
j) the appropriate consideration of options embedded in assets or liabilities;
k) the extent to which sensitivities to small shocks can be scaled up linearly without
material loss of accuracy covering both the overall convexity and the nonlinearity of
outcomes associated with explicit option products;
l) the degree of granularity employed - e.g. offsets within a time bucket;
m) whether all future cash flows or only principal balances are included.
SECIUNEA 27: Liquidity risk
Art. 137
(1) Credit institutions shall ensure that an adequate level of liquidity reserves is maintained.
(2) In the meaning of para. (1), credit institutions shall have in place sound strategies,
policies, processes and systems to identify, measure, manage and monitor liquidity risk,
developed over an appropriate set of time horizons, including intraday.
(3) The strategies, policies, processes and systems referred to in para. (2) shall be structured
on business lines, currencies and legal entities and include adequate mechanisms to
allocate costs, benefits and liquidity risks.
(4) The strategies, policies, processes and systems referred to in para. (2) shall be suited to
the credit institutions complexity, risk profile, credit institutions object of activities and
level of risk tolerance established by the management body and they must reflect each
credit institutions significance in its corresponding country of activity. Credit institutions
must notify their risk tolerance levels to all relevant activity lines.
(5) The liquidity risk management policies and processes shall consider also how other risks
-such as credit risk, market risk and operational risk- may impact the credit institutions

overall liquidity strategy.

(6) Credit institutions, taking into account the nature, scale and complexity of their activities,
must have liquidity risk profiles that are consistent with and, not in excess of, those
required for a well-functioning and robust system.
(7) For the purpose of para. (6), credit institutions shall take into account the nature, size
and complexity of their activities.
(8) The strategies, policies, processes and systems referred to in para. (2) shall be approved
and reviewed by the management body at least annually. A credit institutions
management body in its supervisory function shall ensure that the senior manage
liquidity risk effectively.
(9) The senior management is responsible for development of strategies, policies, processes
and systems to manage liquidity risk in accordance with the established risk tolerance,
as well as to ensure that the credit institution maintains sufficient liquidity.
(10)(10)The senior management shall continuously review information on the credit
institutions liquidity developments and report to the management body in its
supervisory function on a regular basis.
(11)The management body in its supervisory function shall ensure that the senior
management defines adequate processes and organisational structures to implement
the strategies, policies, processes and systems referred to in para. (2).
(12)A credit institutions organisational structure shall provide for the segregation of duties
between operational and monitoring functions in order to prevent conflict of interests.
Credit institutions shall pay special attention to the powers and responsibilities of the
unit in charge of providing funds. Credit institutions shall consider all time horizons, from
intraday to long-term, when tasks are allocated.
Art. 138
(1) Credit institutions must develop methodologies for the identification, measurement,
management and monitoring of funding positions.
(2) Methodologies set forth in para. (1) shall include the current and projected material
cash-flows in and arising from assets, liabilities, off-balance-sheet items, including
contingent liabilities and the possible impact of reputational risk.
(3) A credit institution must identify measure, manage and monitor funding positions for
currencies where the credit institution is active.
(4) In the meaning of para. (3), a credit institution must:
a) to assess its aggregate foreign currency liquidity needs and determine acceptable
currency mismatches;
b) to undertake a separate analysis of its strategy for each currency in which it has
material activity, considering potential constraints in times of stress. The credit institution
must use stress tests to determine mismatches in respective currency and it must
establish and review limits for mismatches of cash flow currencies, both in aggregate and
for each material currency;
c) to assess the likelihood of loss of access to the foreign exchange markets as well as the
likely convertibility of the currencies in which the credit institution carries out its activities.
(Basel Principle 5 pt. 43 i pt. 45, CP 24 ess. 8, Reg 18 art.156.7 i 160.5)
Art. 139

(1) Credit institutions must distinguish between pledged and unencumbered assets that are
available at all times, in particular during emergency situations.
(2) Credit institutions must take into account the legal entity in which assets reside, the
country where assets are legally recorded either in a register or in an account and their
eligibility and shall monitor how assets can be mobilised in a timely manner.
(3) The credit institutions must also have regard to existing legal, regulatory and operational
limitations to potential transfers of liquidity and unencumbered assets amongst entities,
both within and outside the European Economic Area.
Art. 140
(1) The credit institutions must consider different liquidity risk mitigation tools, including a
system of limits and liquidity buffers in order to be able to withstand a range of different
stress events and an adequately diversified funding structure and access to funding
sources. Those arrangements shall be reviewed regularly.
(2) To mitigate the contamination risk in stress conditions, a credit institution must set forth
internal limitations concerning the liquidity risk incurred to entities within the group,
inclusively from perspective of currencies it activates with.
(3) The credit institutions must maintain active presence on markets that are relevant for
their financing strategies and they must maintain close relations with funding suppliers
to support efficient diversification of funding sources.
(4) Credit institutions shall regularly gauge the capacity to raise funds quickly from each
source.
(5) The senior management shall ensure that market access, from both the credit
institutions ability to raise new funds and to liquidate assets, is being actively managed,
monitored and tested by the appropriate staff.
(6) For diversification of the funding sources purposes, credit institutions shall establish
limits by counterparties, secured versus unsecured market funding, instrument types,
securitization vehicles, currencies and geographic market.
Art. 141
Credit institutions shall design a set of early warning indicators to aid the process to identify
the emergence of increased risk or vulnerabilities in the liquidity position or potential
funding needs.
Art. 142
(1) A credit institution shall have a reliable management information system designed to
provide the management body in its supervisory function, the senior management and
other appropriate personnel with timely and forward-looking information on the
liquidity position.
(2) To effectively manage and monitor its net funding requirements, a credit institution shall
have the ability to calculate liquidity positions on an intraday basis, on a day-to-day basis
for the shorter time horizons, and over a series of more distant time periods thereafter.
(3) The management information system referred to in para. (1) shall have the ability to
calculate liquidity positions in all of the currencies in which the credit institution
conducts business, both on a subsidiary/branch basis in all jurisdictions in which the
credit institution is active and on an aggregate group basis.
(4) The management information system referred to in para. (1) shall capture all sources of

liquidity risk, including contingent risks and the related triggers and those arising from
new activities, and have the ability to deliver more granular and time sensitive
information during stress events.
Art. 143
(1) Credit institutions shall actively manage intraday liquidity positions and risks to meet
payment and settlement obligations on a timely basis under both normal and stressed
conditions.
(2) A credit institution shall adopt intraday liquidity management objectives that allow it to
identify and prioritise time-specific and other critical obligations in order to meet them
when expected, and settle other less critical obligations as soon as possible.
Art. 144
(1) Credit institutions must consider alternate scenarios concerning liquidity positions and
risk mitigating factors, and they must also review assumptions that ground decisions
concerning the funding position, at least once every year.
(2) Alternate scenarios set forth in para. (1) shall address, in particular, off-balance sheet
items and other contingent liabilities, including those of securitisation special purpose
entities or other special purpose entities, as referred to in Regulation (EU) No. 575/2013,
in relation to which the institution acts as sponsor or provides material liquidity support.
(3) Credit institutions must consider the potential impact of institution-specific, marketwide and combined alternative scenarios.
(4) In the meaning of para. (3), credit institutions must consider different time periods and
varying degrees of stress conditions.
Art. 145
(1) Credit institutions must adjust their strategies, internal policies and limits on liquidity
risk and develop effective contingency plans, taking into account the outcome of the
alternative scenarios referred to in art. 144.
(2) Credit institutions must have in place contingency funding plans, for currencies credit
institutions are active in.
(3) Plans set forth in para. (2) must consider at least the contingency funding sources
available in the event of a reduction in supply from different counterparty classes.
(4) Credit institutions must assess the feasibility of these management actions in the
contingency funding plans for cases when several credit institutions would try to apply
them simultaneously.
Art. 146
(1) The credit institutions must have in place liquidity recovery plans setting out adequate
strategies and proper implementation measures in order to address possible liquidity
shortfalls, including in relation to branches established in another Member State.
(2) Plans set forth in para. (1) must be tested by the credit institutions at least annually,
updated on the basis of the outcome of the alternative scenarios set out in art. 144,
reported to and approved by senior management, so that internal policies and processes
can be adjusted accordingly.
(3) Credit institutions shall take the necessary operational steps in advance to ensure that
liquidity recovery plans can be implemented immediately.

(4) Operational measures set forth in para. (3) shall include holding collateral immediately
available for central bank funding.
(5) In the meaning of para. (4), holding collaterals includes where necessary holding
collateral in the currency of another Member State, or the currency of a third country to
which the credit institution has exposures, and where operationally necessary within the
territory of a host Member State or of a third country to whose currency it is exposed.
Art. 147
Credit institutions shall demonstrate to the National Bank of Romania Supervisory
Direction that all measures were taken to ensure the necessary conditions to apply
contingency plans quickly when appropriate, including by entering into funding agreements.
Art. 148
Under the overall liquidity risk management framework, credit institutions shall also
consider the liquidity risk arising from the impossibility of applying some funding
agreements as a result of lack of contractual clauses and possible implicit support.
SECTION 28: Operational risk
Art. 149
(1) The credit institutions must implement policies and processes to evaluate and manage
the exposure to operational risk, including model risk, and to cover low-frequency and
potentially high-severity events.
(2) The credit institutions shall articulate what constitutes operational risk for the purposes
of those policies and procedures set forth in para. (1).
(3) Credit institutions must have in place contingency and business continuity plans to
ensure their ability to operate on an ongoing basis and to limit losses in the event of
severe business disruption.
Art. 150
A credit institution must establish an adequate operational risk management framework
that takes into account their risk appetite, risk profile and market and macroeconomic
conditions, as per management policies applicable to this risk, including the extent and
method in which the operational risk is transferred outside the credit institution.
Art. 151
Credit institutions must have appropriate operational risk management strategies, policies
and processes to identify, assess, evaluate, monitor, report and control or mitigate
operational risk.
Art. 152 Strategies, policies and processes for operational risk mitigation must include all
major aspects of operational risk prevalent in the businesses of the credit institution,
including periods when operational risk could increase.
Art. 153
The operational risk administration strategies, policies and processes of a credit institution
shall be approved and reviewed periodically by the management body.
Art. 154
Senior management must provide efficient implementation of approved strategy and, under
management bodys control in its supervisory function, of policies and processes referred to
in art. 151.
Art. 155
(1) A credit institution shall have in place appropriate information technology policies and

processes that identify, assess, monitor and manage IT-related risks.

(2)
A credit institution shall have an appropriate and sound information technology
infrastructure to meet its current and projected business requirements (under normal
circumstances and in periods of stress), which ensures data and system integrity, security
and availability and supports integrated and comprehensive risk management.
Art. 156
Credit institutions shall have in place appropriate and effective information systems to:
monitor operational risk, compile and analyze operational risk data, as well as to facilitate
appropriate reporting mechanisms to the management body, to senior management and
business line levels, in order to support proactive management of operational risk.
Art. 157
Credit institutions shall regularly, at least annually and whenever objective conditions
require so, inform the Supervisory Direction of the National Bank of Romania with regard to
developments with material impact on the operational risk to which they are exposed.
SECTION 29: Risk associated to the usage of excessive leverage effect
Art. 158
(1) Credit institutions must have policies and processes in place for the identification,
management and monitoring of the risk of excessive leverage. Indicators for the risk of
excessive leverage shall include the leverage ratio determined in accordance with Art.
429 of Regulation (EU) No 575/2013 and mismatches between assets and obligations.
(2) Credit institutions must address the risk of excessive leverage in a precautionary manner
by taking due account of potential increases in the risk of excessive leverage caused by
reductions of the credit institution's own funds through expected or incurred losses,
depending on the applicable accounting regulation. To that end, institutions shall be
able to withstand a range of different stress events with respect to the risk of excessive
leverage.
SECTION 210: Other provisions
Art. 159
In assessing legal and reputational risk, credit institutions shall take into account the
regulatory framework, including social issues, as well as any other elements that may affect
their activity.
Art. 160
(1) Credit institutions shall report to the Supervisory Direction of the National Bank of
Romania suspicious activities and incidents of fraud, when they are material to the
safety, soundness and reputation of the credit institutions.
(2) In the meaning of para. (1), credit institutions shall set in internal regulations the
materiality threshold level above which suspicious activities and incidents of fraud may
affect their safety, soundness and reputation.
(3) The format and content of the reporting forms, as well as the frequency and method of
submission of reports mentioned in para. (1) are established in an order issued by the
National Bank of Romania.
Art. 161
For e-banking type activities, credit institutions must give special attention to the following
issues:
a) take proper measures to authenticate identity and clearance of clients performing
activities in electronic environment;

b) use transaction authentication methods that support non-repudiation thereof and that
establish responsibilities for e-banking type transactions;
c) provide that adequate measures are in place to support proper segregation of
responsibilities within systems, databases and e-banking applications;
d) provide that controls are in place for authorization and access clearance that are
adequate for systems, databases and e-banking applications;
e) provide that adequate measures are in place to protect integrity of data subject to ebanking transactions, recordings and information;
f) provide that clear traces are available for audit, for all e-banking type transactions;
g) take proper measures to maintain confidentiality of key e-banking data. To this end,
measures taken must be consistent with the sensitivity level of information that is
transmitted and / or stored in databases.
Art. 162
(1) For activities subjecting derivatives, the credit institutions should establish policies
and procedures for assessment of positions and they should review compliance
therewith, as well as with independence and quality of the sources of revaluation
prices, especially for instruments originated and traded in illiquid markets.
(2) Provisions in para. (1) shall apply correspondingly also in case of positions held by
credit institutions in securities not listed on the regulated markets.
Art. 163
(1)
Prior involvement in activities subjecting derivatives, the senior management must
provide that all necessary approvals are acquired and that proper operational procedures
and risk management systems are in place.
(2)
Decision concerning involvement of credit institutions in activities subjecting
derivatives falls under the liability of the management body and it shall be grounded on the
following issues, as a minimum:
a) the description of relevant derivative instruments, as well as proposed strategies and
markets;
b) the necessary resources to set up robust and effective risk-management systems, as
well as to recruit and maintain personnel with experience in trading derivatives;
c) the review of the proposed activities contingent on the general financial condition of
the credit institution and on its own funds;
d) the review of the risks faced by the credit institutions as a result of performing the
respective activities;
e) the procedures that credit institutions shall use to quantify, monitor and control risks;
f) relevant accounting treatment;
g) relevant tax treatment;
h) review of any legal restrictions regarding the performance of the respective activities.
SECTION 3: Internal approaches to calculate own funds requirements
Art. 164
(1) In enforcement of art. 1664 in Government Emergency Ordinance no. 99/2006 on credit
institutions and capital adequacy, approved by Law no. 227/2007, as further amended
and supplemented, without prejudicing compliance to criteria set forth in Part III Title I

Chapter 3 Section 1 in Regulation (EU) no. 575/2013, credit institutions that are material
in terms of their size, internal organization and the nature, scale and complexity of their
activities to develop internal credit risk assessment capacity and to increase use of the
internal ratings based approach for calculating own funds requirements for credit risk
where their exposures are material in absolute terms and where they have at the same
time a large number of material counterparties.
(2) The National Bank of Romania shall, taking into account the nature, scale and complexity
of institutions' activities, monitor that they do not solely or mechanistically rely on
external credit ratings for assessing the creditworthiness of an entity or a financial
instrument.
(3) In enforcement of art. 1664 in Government Emergency Ordinance no. 99/2006 on credit
institutions and capital adequacy, approved by Law no. 227/2007, as further amended
and supplemented, without prejudicing compliance to criteria set forth in Part III Title IV
Chapter 5 sections 1-5 in Regulation (EU) no. 575/2013, credit institutions that are
material in their size, internal organization and the nature, scale and complexity of their
activities, must give great attention to development of internal specific risk assessment
capacity and to increase use of internal models for calculating own funds requirements
for specific risk of debt instruments in the trading book, together with internal models to
calculate own funds requirements for default and migration risk where their exposures to
specific risk are material in absolute terms and where they have a large number of
material positions in debt instruments of different issuers.
Art. 165
(1) Credit institutions that have acquired National Bank of Romanias approval for the use of
internal approaches in calculation of risk weighted exposure amounts or own fund
requirements except for operational risk, must submit to the National Bank of Romania
and to the European Banking Authority results of the calculations of their internal
approaches for their exposures or positions that are included in the benchmark
portfolios, together with an explanation of the methodologies used to produce them.
(2) Credit institutions must submit the data set forth in para. (1) with a proper periodicity,
at least once per year.
(3) The National Bank of Romania shall develop specific portfolios in consultation with
European Banking Authority and shall ensure that institutions report the results of the
calculations separately from the results of the calculations for European Banking
Authoritys portfolios.
(4) Credit institutions shall submit the results of the calculations referred to in para. (1) in
accordance with the specific template developed by European Banking Authority.
(5) Credit institutions shall report the results of the calculations referred to in para. (1),
objecting specific portfolio developed by the National Bank of Romania, separately from
the results of the calculations for European Banking Authoritys portfolios.
SECTION 4: Supervision and assessment process
SECTION 41: Technical criteria for the supervisory review and evaluation
Art. 166
(1) In addition to credit, market and operational risks, the review and evaluation performed
by the National Bank of Romania for the purpose of art. 166 in Government Emergency
Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no.
227/2007, as further amended and supplemented, shall include at least:

a) the results of the stress test carried out in accordance with Art. 177 of Regulation (EU)
No 575/2013 by credit institutions applying an internal ratings based approach;
b) the exposure to and management of concentration risk by credit institutions, including
their compliance with the requirements set out in Part Four of Regulation (EU) No
575/2013 and art. 111 herein;
c) the soundness, suitability and manner of application of the policies and procedures
implemented by credit institutions for the management of the residual risk associated
with the use of recognized credit risk mitigation techniques;
d) the extent to which the own funds held by a credit institution in respect of assets
which it has securitized are adequate having regard to the economic substance of the
transaction, including the degree of risk transfer achieved;
e) the exposure to, measurement and management of liquidity risk by credit institutions,
including the development of alternative scenario analyses, the management of risk
mitigants (in particular the level, composition and quality of liquidity buffers) and
effective contingency plans;
f) the impact of diversification effects and how such effects are factored into the risk
measurement system;
g) the results of stress tests carried out by institutions using an internal model to
calculate market risk own funds requirements under Part Three, Title IV, Chapter 5 of
Regulation (EU) No 575/2013;
h) the geographical location of institutions' exposures;
i) the business model of the credit institution;
j) the assessment of systemic risk, in accordance with the criteria set out in art. 166 in
Government Emergency Ordinance no. 99/2006 on credit institutions and capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented.
(art.98, CRD IV, para.1)
(2) In the meaning of para. (1) letter e), the National Bank of Romania shall regularly carry
out a comprehensive assessment of the overall liquidity risk management by institutions and
promote the development of sound internal methodologies. While conducting those reviews,
the competent authorities shall have regard to the role played by institutions in the financial
markets. The competent authorities in one Member State shall duly consider the potential
impact of their decisions on the stability of the financial system in all other Member States
concerned.
(3) The National Bank of Romania shall monitor whether an institution has provided implicit
support to a securitization. If an institution is found to have provided implicit support on
more than one occasion, the National Bank of Romania shall take appropriate measures
reflective of the increased expectation that it will provide future support to its securitization
thus failing to achieve a material transfer of risk.
(4) For the purpose of decision-making process set forth in art. 166 para. (2) in Government
Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by
Law no. 227/2007, as further amended and supplemented, the National Bank of Romania
shall consider whether the valuation adjustments taken for positions or portfolios in the
trading book, as set out in Art. 105 of Regulation (EU) No 575/2013, enable the institution
to sell or hedge out its positions within a short period without incurring material losses
under normal market conditions.
(5) The review and evaluation performed by the National Bank of Romania shall include the

exposure of institutions to the interest rate risk arising from non-trading activities. Measures
shall be required at least in the case of institutions whose economic value declines by more
than 20 % of their own funds as a result of a sudden and unexpected change in interest rates
of 200 basis points or such change as defined in the European Banking Authoritys guidelines.
(6) The review and evaluation performed by the National Bank of Romania shall include the
exposure of credit institutions to the risk of excessive leverage as reflected by indicators of
excessive leverage, including the leverage ratio determined in accordance with Art. 429 of
Regulation (EU) No 575/2013. In determining the adequacy of the leverage ratio of credit
institutions and of the arrangements, strategies, processes and mechanisms implemented by
credit institutions to manage the risk of excessive leverage, the National Bank of Romania
shall take into account the business model of those credit institutions.
(7) The review and evaluation conducted by the National Bank of Romania shall include
governance arrangements of credit institutions, their corporate culture and values, and the
ability of members of the management body to perform their duties. In conducting that
review and evaluation, the National Bank of Romania shall, at least, have access to agendas
and supporting documents for meetings of the management body and its committees, and
the results of the internal or external evaluation of performance of the management body.
(8) The National Bank of Romania establishes the credit institution types provided in art.
1662 from the Government Emergency Ordinance no. 99/2006 regarding the credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and additions, by applying the criteria mentioned in para. (1) let j).
SECTION 42: Prudential supervision program
Art. 167
(1) The prudential supervision program, adopted by the National Bank of Romania for the
credit institutions it supervises, shall take into account the supervisory review and
assessment process set forth in art. 166 in Government Emergency Ordinance no. 99/2006
on credit institutions and capital adequacy, approved by Law no. 227/2007, as further
amended and supplemented. This program shall include the following elements:
a) an indication of how e National Bank of Romania intends to carry out their tasks and
allocate their resources;
b) an identification of which credit institutions are intended to be subject to enhanced
supervision and the measures taken for such supervision as set out in art. 1691 para. (2)
in Government Emergency Ordinance no. 99/2006 (on credit institutions and capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented;
c) a plan for inspections at the premises used by a credit institution, including its
branches and subsidiaries established in other Member States, in accordance with art.
174, art. 179 180, art. 194 195 and art. 211 din Government Emergency Ordinance no.
99/2006 (on credit institutions and capital adequacy, approved by Law no. 227/2007, as
further amended and supplemented.
(2) The prudential supervision program shall include the following credit institutions:
a) Credit institutions for which the results of the stress tests referred to in art. 166 para.
(1) letter a) and g) herein and in art. 166 para. 4 in Government Emergency Ordinance no.
99/2006 (on credit institutions and capital adequacy, approved by Law no. 227/2007, as
further amended and supplemented or the outcome of the supervisory review and
assessment process under art. 166 in Government Emergency Ordinance no. 99/2006 (on
credit institutions and capital adequacy, approved by Law no. 227/2007, as further
amended and supplemented indicate material risks to their ongoing financial soundness
or indicate breaches of provisions of Government Emergency Ordinance no. 99/2006 on

credit institutions and capital adequacy, approved by Law no. 227/2007, as further
amended and supplemented, of this Regulation and of Regulation (EU) no. 575/2013;
b) Credit institutions that pose systemic risk to the financial system;
c) any other credit institution for which the the National Bank of Romania deems it to be
necessary.
SECTION 43: Ongoing review of the permission to use internal approaches
Art. 168
(1) For the purposes of art. 1661 para. (1) in Government Emergency Ordinance no. 99/2006
(on credit institutions and capital adequacy, approved by Law no. 227/2007, as further
amended and supplemented, in the ongoing review of the permission to use internal
approaches, the National Bank of Romania shall have particular regard to changes in a credit
institution's business and to the implementation of those approaches to new products.
(2) The National Bank of Romania shall in particular review and assess the extent to which
the credit institution uses well developed and up-to-date techniques and practices for those
approaches.
(3) If for an internal model destined to market risk numerous overshootings referred to in
Art. 366 of Regulation (EU) No 575/2013 indicate that the model is not or is no longer
sufficiently accurate, the competent authorities shall revoke the permission for using the
internal model or shall impose appropriate measures to ensure that the model is improved
promptly.
CHAPTER III: Remuneration policies and practices
SECTION 1: Remuneration policies
Art. 169
(1) The management body in its supervisory function shall ensure that the remuneration
policies and practices of the credit institutions staff, including members of the management
body in its supervisory function and members of senior management, are consistent with
the credit institutions corporate culture, long-term objectives and strategy, as well as with
its control environment.
(2) Personnel corresponding to control functions and, as the case may be, personnel in
human resources departments and external experts should also be involved in the design of
the remuneration policy of a credit institution.
(3) The remuneration policy of a credit institution must be accessible to all employees, and
the personnel assessment process should be properly and formally documented, and
transparent to employees.
Art. 170
(1) Principles set forth in this article and in art. 171 173 shall be applied by credit
institutions at group level, at parent company subsidiary company levels, including those
established in offshore financial centres.
(2) Credit institutions shall ensure that, when establishing and applying the total
remuneration policies, inclusive of salaries and discretionary pension benefits, for categories
of staff including senior management, risk takers, staff engaged in control functions and any
employee receiving total remuneration that takes them into the same remuneration bracket
as senior management and risk takers, whose professional activities have a material impact
on their risk profile, credit institutions shall respect, in a manner and to an extent

appropriate to their size, internal organization, and as well

complexity of their developed activities, the following principles:

the nature, scope and

a) the remuneration policy is consistent with and promotes sound and effective risk
management and does not encourage risk-taking that exceeds the level of tolerated risk
of the credit institution;
b) the remuneration policy is in line with the business strategy, objectives, values and
long-term interests of the credit institution, and incorporates measures to prevent
conflicts of interest;
c) the credit institution' s management body in its supervisory function adopts and
periodically reviews the general principles of the remuneration policy and it is responsible
for overseeing its implementation;
d) the implementation of the remuneration policy is, at least annually, subject to central
and independent internal review for compliance with policies and procedures for
remuneration adopted by the management body in its supervisory function;
e) the remuneration of the senior officers in the risk management and compliance
functions is directly overseen by the remuneration committee or, if such a committee has
not been established, by the management body in its supervisory function;
f) the remuneration policy, taking into account national criteria on wage setting, makes a
clear distinction between criteria for setting:
(i) basic fixed remuneration, which should primarily reflect relevant professional
experience and organizational responsibility as set out in an employee's job description
as part of the terms of employment; and
(ii) variable remuneration which should reflect a sustainable and risk adjusted
performance as well as performance in excess of that required to fulfill the employee's
job description, as part of the terms of employment.
SECTION 2: Variable elements of remuneration
Art. 171
(1) For variable elements of remuneration, the following principles shall apply in addition to,
and under the same conditions as, those set out in art. 170:
a) where remuneration is performance related, the total amount of remuneration is
based on a combination of the assessment of the performance of the individual and of
the business unit concerned and of the overall results of the credit institution, and when
assessing individual performance, financial and non-financial criteria are taken into
account, like: knowledge / qualifications acquired, personal improvement, compliance
with credit institutions systems and controls, involvement in business strategies and in
material policies of the credit institution and contribution to teams performance;
b) the assessment of the performance is set in a multi-year framework in order to ensure
that the assessment process is based on long-term performance and that the actual
payment of performance-based components of remuneration is spread over a period
which takes account of the underlying business cycle of the credit institution and its
specific business risks;
c) the total variable remuneration does not limit the ability of the institution to
strengthen its capital base;
d) guaranteed variable remuneration is not consistent with sound risk management or
the pay-for-performance principle and shall not be a part of prospective remuneration
plans;

e) guaranteed variable remuneration is exceptional, occurs only where the credit

institution has a sound and strong capital base and when hiring new staff and it is limited
to the first year of employment thereof;
f) fixed and variable components of total remuneration are appropriately balanced and
the fixed component represents a sufficiently high proportion of the total remuneration
to allow the operation of a fully flexible policy on variable remuneration components,
including the possibility to pay no variable remuneration component;
g) credit institutions shall set the appropriate ratios between the fixed and the variable
components of the total remuneration, applying the principle whereby the variable
component shall not exceed 100 % of the fixed component of the total remuneration for
each employee;
h) payments relating to the early termination of a contract reflect performance achieved
over time and they are designed to prevent reward for failure or misconduct;
i) remuneration packages relating to compensation or buy out from contracts in previous
employment must be aligned with the long-term interests of the credit institution,
including retention mechanisms, deferral, performance and claw back arrangements;
j) the measurement of performance used to calculate variable remuneration components
or pools of variable remuneration components includes an adjustment for all types of
current and future risks and takes into account the cost of the capital and the liquidity
required;
k) the allocation of the variable remuneration components within the credit institution
shall also take into account all types of current and future risks;
l) a substantial portion, and in any event at least 50 %, of any variable remuneration shall
consist of a proper balance of the following:
(i) shares or titles or equivalent ownership interests, subject to the legal structure of
the credit institution concerned or, in the case of a non-listed credit institution, sharelinked instruments or equivalent non-cash instruments; and
(ii) where possible, other instruments within the meaning of Art. 52 or 63 of
Regulation (EU) No 575/2013 or other instruments which can be integrally converted to
Common Equity Tier 1 instruments or written down, that in each case adequately
reflect the credit quality of the credit institution as a going concern and that are
appropriate to be used for the purposes of variable remuneration,
m) a substantial portion, and in any event at least 40 %, of the variable remuneration
component is deferred over a period which is not less than three to five years and is
correctly aligned with the nature of the business, its risks and the activities of the
member of staff in question. Remuneration payable under deferral arrangements shall
vest no faster than on a pro-rata basis. In the case of a variable remuneration component
of a particularly high amount, at least 60 % of the amount shall be deferred. The length of
the deferral period shall be established in accordance with the business cycle, the nature
of the business, its risks and the activities of the member of staff in question;
n) the variable remuneration, including the deferred portion, is paid or vests to the staff
members only if it is sustainable according to the financial situation of the institution as a
whole, and justified on the basis of the performance of the credit institution, the business
unit and the individual concerned;
o) the pension policy is in line with the business strategy, objectives, values and longterm interests of the credit institution. If the employee ceases employment relations with

the credit institution before retirement at his/her discretion, discretionary pension

benefits shall be held by the credit institution for a period of five years in the form of
instruments referred to in letter l). Where an employee reaches retirement,
discretionary pension benefits shall be paid to the employee in the form of instruments
referred to in letter l), incurring that employees obligation to refrain from alienating such
benefits for five years;
p) staff members are required to undertake not to use personal hedging strategies or
remuneration- and liability-related insurance policies to undermine the risk alignment
effects embedded in their remuneration arrangements;
q) variable remuneration is not paid through vehicles or methods that facilitate the noncompliance with requirements set forth in Government Emergency Ordinance no.
99/2006 on credit institution and capital adequacy, as further amended and
supplemented, in guidelines issued for the implementation thereof and in Regulation (EU)
no. 575/2013.
(2) The instruments referred to in para. (1) letter l) shall be subject to an appropriate
retention policy designed to align incentives with the long-term interests of the credit
institution. The National Bank of Romania may place restrictions on the types and designs of
those instruments or it may prohibit certain instruments as appropriate. Provisions in para.
(1) letter l) shall be applied to both the portion of the variable remuneration component
deferred in accordance with point (m) and the portion of the variable remuneration
component not deferred.
(3) In the meaning of para. (1) letter n), without prejudice to the general principles of
national contract and labor law, the total variable remuneration shall generally be
considerably contracted where subdued or negative financial performance of that credit
institution occurs, taking into account both current remuneration and reductions in payouts
of amounts previously earned, including through malus or clawback arrangements.
(4) In the meaning of para. (3), up to 100 % of the total variable remuneration shall be
subject to malus or clawback arrangements. Credit institutions shall set specific criteria for
the application of malus and clawback arrangements. Such criteria shall in particular cover
situations where the staff member:
a) a participated in or was responsible for conduct which resulted in material losses to the
credit institution;
b) failed to respect appropriate standards of good reputation and proper expertise
SECTION 3: Credit institutions that benefit from government intervention
Art. 172
In the case of credit institutions that benefit from exceptional government intervention, the
following principles shall apply in addition to those set out in art. 170 para. (2):
a) variable remuneration is strictly limited as a percentage of net revenue where it is
inconsistent with the maintenance of a sound capital base and timely renunciation to
government support;
b) The National Bank of Romania requires credit institutions to restructure remuneration in
a manner aligned with sound risk management and long-term growth, including, where
appropriate, establishing limits to the remuneration of the members of the credit
institutions management body;
c) no variable remuneration is paid to members of respective credit institutions
management body the unless justified.

SECTION 4: Remuneration committee

Art. 173
(1) Credit institutions that are material in terms of their size, internal organization and the
nature, the scope and the complexity of their activities shall establish a remuneration
committee.
(2) The remuneration committee shall be constituted in such way as to enable it to exercise
competent and independent judgment on remuneration policies and practices and the
incentives created for the management of risk, capital and liquidity.
(3) The remuneration committee is responsible for the preparation of decisions regarding
remuneration, including those which have implications for the risk and risk management of
the credit institution concerned and which are to be taken by the management body. The
chairman and the members of the remuneration committee shall be members of the
management body who do not exercise any executive function in the credit institution
concerned. If employee representation on the management body is provided for by national
law, the remuneration committee shall include one or more employee representatives.
When preparing such decisions, the remuneration committee shall take into account the
long-term interests of shareholders, investors and other stakeholders in the credit
institution and the public interest.
CHAPTER IV: Stress testing
SECTION 1: General provisions on stress testing
Art. 174
Credit institutions shall use stress testing as a diagnostic tool to understand their risk profile
and as a forward looking tool within the internal capital adequacy assessment.
Art. 175
Credit institutions shall use stress testing taking into account the nature, scope and
complexity of their activities, as well as their risk profiles.
Art. 176
Credit institutions must properly and formally document, within internal norms, all material
information related to stress testing process.
SECTION 2: Provisions on governance framework concerning stress testing
Art. 177
(1) The management body has ultimate responsibility for the overall stress testing
framework of the credit institution.
(2) In the meaning of para. (1), this issue is essential to provide authority to the stress testing
program at all credit institutions levels and to provide that the management body has the
capacity to fully understand the impact of stress events on the credit institutions overall risk
profile.
(3) In the meaning of para. (1), credit institutions management body is crucial for the
efficient performance of stress tests, also contributing to maximization of effective use of
the program, especially with regard to stress testing and planning of capital at the overall
level of the institution, concerning results of test stressing and limitations of stress testing.
(4) In the meaning of para. (1), members of the management body (or of a relevant
designated committee) should actively engage in the discussion, and where necessary
challenge, the key modelling assumptions and scenario selection and they are expected to

question assumptions underlying the stress tests from a common/business sense

perspective (e.g. whether assumptions about correlations in a stressed environment are
reasonable).
Art. 178
(1) The stress testing program should be an integrant part of a credit institutions risk
management framework and be supported by an effective infrastructure.
(2) In the meaning of para. (1), the stress test program should:
a) analyze the aggregate of a credit institutions businesses and risk types as well as the
separate components of portfolios, risk types and business lines;
b) factor in the relationships between risk types;
c) support bottom-up and top-down stress testing, including reverse stress- testing;
d) have a flexible platform that enables modelling of a wide variety of stress tests across
business lines and risk types as and when the senior management require;
e) draw data from across the credit institution, as needed;
f) enable intervention to adjust assumptions in a straight forward manner.
(3) In the meaning of para. (1), stress testing as an integrant part of the internal capital
adequacy assessment process. The internal capital adequacy assessment process should be
forward-looking and take into account the impact of a severe scenario that could affect the
institution, and it should also demonstrate that stress testing reports provide the
management body in its supervisory function and the senior management with a thorough
and overall understanding of the material risks to which the institution may be exposed.
(4) In order for stress testing to be an integrant part of the risk management framework, in
the meaning of para. 1, stress tests should be undertaken with appropriate periodicity.
Periodicity of stress testing must be correlated to the risk areas with the need to perform a
stress test all throughout the credit institution. The stress testing program should also allow
for ad hoc stress tests.
(5) In the meaning of para. (1), the stress testing program should be supported by an
appropriate infrastructure and/or data framework allowing for both flexibility and
appropriate levels of quality and control. Infrastructure and/or data frameworks should be
proportionate to the size, complexity, risk and business profile of a credit institution, and
allow for the performance of stress tests covering all material risks a credit institution is
exposed to.
(6) In the meaning of para. (5), a credit institution should ensure that it devotes sufficient
resources to developing and maintaining such infrastructures and/or data frameworks
(including appropriate resources and IT systems, where applicable) that facilitate effective
data delivery and processing in a quantitative and qualitative manner.
Art. 179
(1) Stress testing programs should be actionable and inform decision making bodies at all
appropriate management levels of a credit institution.
(2) In the meaning of para. (1), the stress testing program, as part of a range of risk
management tools, must support different business decisions and processes including
strategic decisions. Such decisions should take into consideration the shortfalls of stress
testing and the limitations of the assumptions used.
(3) In the meaning of para. (1), the management body is responsible for evaluating relevant

output from the stress testing program and for taking appropriate management actions,
based on circumstances and other information available.
Art. 180
(1) A credit institution should have clear responsibilities, allocated resources and written
policies and procedures in place to facilitate the implementation of the stress testing
program.
(2) In the meaning of para. (1), the following aspects should be detailed in policies and
procedures governing the stress testing program:
a) the types of stress testing and the main purpose of each component of the program;
b) frequency of stress testing exercises, which is likely to vary depending on type and
purpose;
c) the methodological details of each component, including the definition of relevant
scenarios and the role of expert judgement; and
d) the range of business assumptions and remedial actions envisaged, based on the
purpose, type and result of the stress testing, including an assessment of the feasibility of
corrective actions in stress situations and a changing business environment.
(3) In the meaning of para. (1), a credit institution should ensure that it devotes sufficient
resources and develops explicit procedures to undertake rigorous, forward-looking stress
testing.
(4) In the meaning of para. (1), a credit institution should document the assumptions and
fundamental elements for each stress testing exercise, including the reasoning and
judgments underlying the chosen scenarios and the sensitivity of stress testing results to the
range and severity of the scenarios, and to the range of business assumptions and planned
remedial actions.
Art. 181
(1) The credit institutions should regularly, at least once per year, review their stress testing
program and assess its effectiveness and fitness for purpose / objective.
(2) In the meaning of para. (1), The
effectiveness and robustness of stress tests should
be assessed regularly, qualitatively as well as quantitatively, in light of changing external
conditions to ensure that stress tests are up-to-date.
(3) In the meaning of para. (1), the frequency of assessment of different parts of the stress
testing program should be set appropriately. An independent control function should play a
key role in the process.
SECTION 3: Stress testing methodologies
Art. 182
(1) Credit institutions must exercise an efficient stress testing program on all material risks.
(2) In the meaning of para. (1), credit institutions must determine all material risks that may
be subjected to a stress testing, considering a holistic assessment of nature and structure of
credit institutions portfolios and an evaluation of the environment where the credit
institution performs it activities.
(3) In the meaning of para. (1), credit institutions should embed in their stress testing
programs both sensitivity assessments, and scenario-based assessments.
Art. 183
(1) Considering the material risks identified by credit institutions, they must determine

material risk drivers that shall be used in stress testing.

(2) Credit institutions must identify vulnerability points for stress testing of material risk
drivers that may affect profitability, solvability or compliance to regulatory framework.
(3) Credit institutions must be able to justify the selection of risk drivers that shall be used in
stress testing.
Art. 184
(1) Depending on their situation, credit institutions must consider past scenarios or
hypothetical scenarios, both dynamic and forward-looking.
(2) In the meaning of para. (1), in order to provide the forward-looking component, credit
institutions must consider both the systemic changes and changes specific to the current and
near-future situation of the credit institution
Art. 185
(1) Credit institutions must elaborate consistent stress scenarios, incorporating all faces of
an economic environment in a sound manner.
(2) In the meaning of para. (1), when elaborating a scenario, the credit institutions must take
into account the dependence structure between the main underlying economic and financial
drivers such as interest rates, GDP, unemployment, equity, consumer and property prices,
etc.
(3) The chosen scenario should be applied to all relevant positions (on- and off-balance
sheet) of the credit institution.
Art. 186
Credit institutions should identify appropriate and meaningful mechanisms for properly and
consistently translating results generated from exercise of stress scenarios into relevant
internal risk parameters, like probability of default, loss given default, write-offs, fair value
haircut, that provide a firm-wide view of risks.
Art. 187
(1) Credit institutions must base their stress tests on exceptional, but plausible events.
(2) In the meaning of para. (1), when selecting stress tests to be used, credit institutions
must take into consideration the following:
a) Stress tests and scenarios used should be consistent with the risk appetite established
by the credit institution;
b) Credit institutions must exercise stress tests with varying severity levels and varying
likelihood of occurrence.
c) In case of historical scenarios, credit institutions must base their stress tests on
exceptional events that are plausible over a certain time period using, to the possible
extent, data recorded over an entire economic cycle;
d) Credit institutions must the severity with which future profitability or lack absence
thereof might affect their capital and they must be able to justify to the National Bank of
Romania Supervisory Direction how they plan to cope to a stress event that is similar to
the stress test.

Art. 188
(1) For the purpose of capital planning, credit institution must consider at least one severe
economic regression.
(2) Credit institutions should consider their capital requirements and resources available
over a plausible macroeconomic base case, as well as a more severe stress scenario.
(3) Credit institutions should be able to provide the forecasts that underpin their base case
capital planning process.
Art. 189
(1) Credit institutions must take into account complexity of models corresponding to
hypothetical scenarios and to those based on macro-economic variables.
(2) For the purpose of para. (1), credit institutions must give special attention to the model
risks by period and prudent review, based on expert judgement, of hypothesis and
mechanisms related thereto.
Art. 190
Credit institutions should determine the time horizon of stress testing in accordance with
the characteristics of the portfolio of the institution such as maturity and liquidity of the
stressed positions, where applicable.
Art. 191
The National Bank of Romania Supervisory Direction may request credit institutions to
perform ad-hoc stress testing at a given time.
Art. 192
(1) Credit institutions shall consider at least once a year whether stress tests programs are
still adequate and, in particular, ensure that assumptions regarding the risk profile and the
environment in which they are operating are still valid over time.
(2) In In the meaning of para. (1), credit institutions shall consider the relevance of the
following items:
a) the scope of exposures captured under the stress testing process;
b) the validity of the assumptions;
c) the adequacy of the management information system;
d) the integration into the credit institutions management process, including the clarity
of reporting lines;
e) the approval policy of the stress testing process, including in case of changes;
f) the reliability, accuracy and completeness of data incorporated into the stress testing
process; and
g) the quality of the documentation of the stress testing process.
SECTION 4: Portfolio, individual risk and credit institution-wide stress testing
Art. 193
(1) Credit institutions must perform stress testing objecting individual portfolios, as well as
specific risk types that exercise an impact thereupon.

(2) When performing stress testing, credit instructions must consider, in the same time,
changes incurred at the level of correlations between risks identified for a certain portfolio,
as well as interactions between the various risk categories.
(3) Credit institutions should provide that stress testing subjecting portfolios and business
lines allow identification of risk concentrations.
Art. 194
(1) In the meaning of art. 193, credit institutions must provide consistency between the
severity level of stress scenario and portfolios specifics.
(2) Credit institutions must provide consistency between the severity level of stress scenario
and portfolios specifics.
Art. 195
(1) For the purpose of acquiring a holistic and complete overview of their risks, credit
institutions must perform company-wide stress testing, covering the full range of risks.
Art. 196
(1) For the purpose of art. 195, credit institutions must consider over passing the limited
capacity of an assessment based on the simplistic aggregation of risks in individual
categories or in business units, to reflect risks manifested at global level. Similarly, credit
institutions must take into account the improper representation of correlations, offsets at
individual exposure level and at concentration level, of specific groups of risks incurred at
global level, as well as a possible double size of risks or underestimation of impact caused by
a stress scenario. (GL32, para.72)
(2) Depending on the organizational structure and business model of a particular credit
institution, a complete evaluation of all the risks affecting this credit institution would
require the performance of stress test exercises at both consolidated and the level of
material entities, which might be at the solo and/or a sub consolidated level if appropriate.
(GL32, para.74)
Art. 197
Credit institutions must embed stress scenarios in their risk management framework.
SECTION 5: Outputs of stress testing programs and management bodys intervention
actions
Art. 198
Credit institutions must correlate results of the stress testing program to the regulatory
capital requirement and capital resources, considering in the same time the impact on the
balance sheet and on the profit and loss account.
Art. 199
Credit institutions must consider the material dependence of losses resulted from shocks
applied within stress scenarios on the prior assuming of risks in certain moments,
respectively on the initiation of the stress testing, and on the progress of assets volume and
quality, and price of investment and funding activities included in respective stress scenarios.
Art. 200
When performing stress tests over a specific time period, credit institutions must give
consideration to appropriately execute conservative adjustments to profit and loss forecasts,
also taking into account the possible lack of correlation between losses resulted following

the stress test and the accounting losses.

Art. 201
Depending on the results of stress testing, the credit institutions management body must
elaborate a set of plausible measures to provide ongoing solvability of the credit institution,
including in the conditions simulated in those stress tests.
Art. 202
(1) Credit institutions must consider a broad range of mitigating techniques and contingency
plans against a range of plausible stressed conditions with a focus on at least one severe but
plausible negative scenario.
(2) For the purpose of para. (1), credit institutions must provide a wide set of measures,
applicable inclusively:
a) in emergency situations;
b) under condition of occurrence of specific events;
c) from the management bodys initiative.
Art. 203
To assess their possible responses to a stressed situation, credit institutions should consider
the actions that are most relevant and when they would have to take them.
Art. 204
Upon the request of the National Bank of Romania Supervisory Direction, credit
institutions shall report the assumptions underlying stress testing and results thereof.
SECTION 6: Stress tests under internal capital adequacy assessment process
Art. 205
(1) Credit institutions should evaluate the reliability of their capital planning based on stress
test results.
(2) In the meaning of para. (1), stress test results should be used to assess the viability of the
capital plan in adverse circumstances.
(3) In the meaning of para. (1), The stress tests should be forward-looking, cover the same
period as the credit institutions internal capital adequacy assessment process, at least a
period of 2 years, be updated at least as regularly as the internal capital adequacy
assessment process and reflect all entities on which internal capital adequacy assessment
processes for the group are required.
(4) The scenarios used for the capital planning stress test should take account of all relevant
material risks that the credit institution is exposed to.
Art. 206
(1) Stress tests under the internal capital adequacy assessment process should be consistent
with credit institutions risk appetite and strategy and contain credible mitigating actions
undertaken by the senior management.
(2) In the meaning of para. (1), assumptions used in the capital planning stress tests should
be accurate with respect to credit institutions possible behaviour in a time of stress and
they should be consistent with its stated risk appetite and business strategy.
(3) In the meaning of para. (1), credit institutions should document the results of their stress
tests both prior and after mitigating actions undertaken by the senior management.

SECTION 7: Stress testing on risk categories

SUBSECTION71: Macroeconomic stress test
Art. 207
(1) Credit institutions are responsible for taking the decision on which risk categories and to
what extent macro-economic stress testing is applied.
(2) When assessing capital adequacy taking into account the future business plans, a credit
institution shall consider the effects of macro-economic factors on its capital and, to the
extent possible, on earnings and whether they could affect its strategic plans.
(3) In the meaning of para. (2), macro-economic scenarios or stress tests shall be sufficiently
granular to simulate each material risk the credit institution has previously identified as part
of the internal capital adequacy assessment process.
Art. 208
(1) Credit institutions must take into consideration the complexity of models corresponding
to hypothetic scenarios and to scenarios based on macro-economic variables.
(2) In the meaning of para. (1), credit institutions must give special attention to the model
risk by periodic and prudent review, based on expert judgement, of hypothesis and
mechanisms related thereto.
Art. 209
(1) Credit institutions must explicitly incorporate into scenario-based stress testing the
system-wide interactions and the feedback effects.
(2) In the meaning of para. (1), credit institutions must identify and integrate in stress testing,
interdependences and economic regions and sectors level, as well as trends manifested
system-wide.
SUBSECTION72: Market risk stress testing
Art. 210
As part of the policies and processes referred to in art. 116, institutions shall consider
execution of stress tests for the positions in financial instruments in the trading book.
Art. 211
(1) For credit institutions using internal models for the calculation of regulatory capital
requirements for market risk, the rigorous stress testing program referred to in art. 368 para.
(1) letter g) in Regulation (EU) no. 575/2013, shall satisfy the following criteria:
a) the program shall encompass all material risk drivers which could entail extraordinarily
large losses, or which could severely hamper risk management. These factors include
events with low probability for all main risk types, especially the various components of
market risk.
b) The program shall capture the impact of stress situations on linear or nonlinear
products.
c) the program shall assess the consequences of major market disturbances and identify
plausible situations which could entail extraordinarily high losses. At portfolio level, the
credit institution shall explore the effects of changed correlations. Mitigating effects as
consequences of contingency plans may be taken into account if the plans are based on
plausible assumptions about market liquidity;
d) the program shall encompass situations identified by credit institutions as exceptional
but plausible based on their portfolios characteristics;

(2) the credit institutions shall list the measures taken to mitigate the risks and preserve
their own funds. In particular, limits on exchange rate, interest rate, equity price and
commodity price risks set by credit institutions shall be cross-referenced against the results
of the stress testing calculations.
SECTION 73: Stress testing for credit risk
SUBSECTION 73^1: Stress testing for credit risk and counterparty risk performed by credit
institution disregarding the approach used for determination of minimum capital
requirements for credit risk.
Art. 212
(1) Credit institutions must perform stress testing to assess possible credit losses and
changes at capital requirements due inclusively to changes incurred in credit quality and
amount of collaterals.
(2) When assessing credit loss, credit institutions must develop models and approaches that
are not based exclusively on relations and data acknowledged based on historical experience.
Art. 213
(1) Credit institutions must develop stress testing approaches for highly leveraged
counterparties, to assess vulnerability to specific categories of assets or to market
movements.
(2) In the meaning of para. (1), credit institutions must act in a similar manner to assess the
wrong-way risk related to risk mitigation techniques.
Art. 214
Credit institutions must reflect adequately the correlated tail risks, as well as the potential
cross-correlation of the creditworthiness of such counterparties with the risks of the assets
being hedged, respectively the wrong-way risk.
SUBSECTION 73^2: Stress testing for credit institutions using the internal ratings based
approach
Art. 215
For the purposes of art. 177 para. (1) in Regulation (EU) no. 575/2013, the credit institution
must have available capital resources covering the credit risks corresponding to the credit
portfolio, resulted from a certain stress scenario.
Art. 216
(1) For the purposes of art. 177 in Regulation (EU) no. 575/2013, stress test shall show the
potential impact on capital requirements for credit risk of the specific stage within the
economic cycle and shall be undertaken at least annually.
(2) In the meaning of para. (1), credit institutions shall decide over specific risk drivers and
how these risk drivers in turn affect a the total capital requirements for credit risk.
(3) Where a credit institution has numerous businesses, it could consider the effects of
diversification, particularly when those businesses are developed across different geographic
areas which may be subject to economic conditions that are not synchronized.
(4) In the meaning of para. (3), credit institutions shall apply reasonable conservatism in
specifying correlations and be able to justify their choices.
(5) The result of the stress tests may have no direct effect on the minimum capital
requirement and may not necessarily mean an additional requirement respectively, extra
capital or other measures- to the extent that:
a) credit institutions are dealing with products or counterparties that can be shown to be

counter cyclical -for example, products or counterparties from the industries that supply
basic consumer necessities generally meet the aforesaid criterion;
b) credit institutions can demonstrate credible management actions which can counter
potential capital deficits; or
c) the economy is already in recession.
Art. 217
In order to maintain the objectivity of stress testing of a credit institution using the internal
ratings based approach, the function responsible for stress testing could be the credit risk
administration function.
SECTION 74: Stress testing for securitization risk
Art. 218
(1) The stress testing program for securitization risk should cover complex and special
purpose products.
(2) Stress tests for securitized assets should consider the underlying assets, their exposure to
systemic market factors, relevant contractual arrangements and triggers embedded in the
securitization structure, as well as the impact of leverage, particularly as it relates to the
subordination level in the securitization structure.
Art. 219
(1) Credit institutions should enhance their stress testing methodologies to capture the
effect of reputational risk.
(2) . Credit institutions should integrate risks arising from off-balance sheet vehicles and
other related operations in their stress testing programs.
SECTION 75: Stress testing for liquidity risk
Art. 220
(1) Credit institutions shall identify cash inflows and outflows, both contractual and resulted
from counterpartys behavior, as well as the resulting wet cash flows, under alternative
scenarios taking into consideration market specific stress, credit institution specific stress in
general and a combination of the two.
(2) In the meaning of para. (1), credit institutions must identify and measure possible
liquidity inconsistencies, as well as methods for covering of such inconsistencies,
respectively secured / unsecured funding, and funding costs.
(3) Credit institutions must assess impact of alternative scenarios on liquidity reserves. (GL
32 Annex 5 pt. 15)
(4) In the meaning of para. (4), the liquidity reserve is the available liquidity, which covers
additional liquidity requirements that may occur in a short and defined time horizon, in
stress conditions.
(5) The scenario concerning the credit institutions specifics set forth in para. (1) would
assume that unsecured Wholesale funding is not renewable and certain cash outflows
corresponding to retail deposits are recorded, as well as a downgrading of credit institutions
debt instrument rating.
(6) The scenario concerning the overall market set forth in para. (1) would assume a
decrease of the liquidity amount of certain assets and downgrading of conditions of the
market where the credit institution may acquire funding, as well as market movements or
changes in macroeconomic environment where the credit institution performs its activity.
Art. 221
(1) The credit institutions must consider various time periods and various stress severity

levels.
(2) In the meaning of para. (1), credit institutions must consider a time period of at least one
month, that shall be divided as follows: a short time horizon (up to one or two weeks)
followed by a highly severe stress conditions and a longer time horizon (up to one or two
month) characterized by severe, but more persistent stress conditions.
Art. 222
When elaborating alternative liquidity scenarios, credit institutions must also take into
account stress tests for other risk types like: market risk, credit risk and reputational risk.
SECTION 76: Stress testing for interest rate risk from non-trading activities
Art. 223
Credit institutions must perform stress tests covering all sources of interest rate risks
corresponding to non-trading activities, respectively the re-pricing risk, yield curve risk, basis
risk and option risk.
Art. 224
For purposes of art. 223, credit institutions must perform stress tests consistent with
complexity of interest rate risks corresponding to non-trading activities and with the
complexity level of financial instruments used. In case less complex financial instruments are
used, credit institutions may determine effects of a shock based on sensitivity assessment,
by simple application thereof to portfolio level, without necessarily identifying its cause.
Contrarily, in case more complex financial instruments are used, where the shock generates
multiple indirect effects, credit institutions must consider more advanced approaches, with
specific identification of adverse situations.
SECTION 77: Stress testing for concentration risk
Art. 225
Credit institutions must perform stress testing both on a solo basis for individual legal
entities - in order to take account of potential risk concentrations specific to local markets as well as on the type of concentrations that can materialize at group level
Art. 226
In the context of stress testing, credit institutions must consider changes that may be
incurred in the business environment and that may cause materialisation of risk
concentrations
SECTION 78: Stress testing for operational risk
Art. 227
Credit institutions must properly perform stress testing for operational risks.
Art. 228
Credit institutions must consider the extent to which stress scenarios for operational risks
influence the assessment of capital planning process. For this purpose, in the internal capital
adequacy assessment process, credit institutions shall take into account global exposure to
operational risks.
Art. 229
Credit institutions must perform assessments at the level of historical and hypothetical, but
plausible, operational risk events that have a low probability of occurrence but that shall
determine a material adverse impact.
Art. 230
(1) When validating advanced assessment approaches, credit institutions that use advanced
models to calculate capital requirements for the operational risk must properly perform
stress testing on relevant variables of these models.

(2) In case credit institutions use the advanced assessment approach in combination with a
simpler approach, stress test results for the latter are aggregated with the additional capital
determined following stress tests corresponding to advanced approach.
CHAPTER V: Conditions for outsourcing the credit institutions activities
SECTION 1: General provisions
Art. 231
The outsourcing of a credit institutions activities shall not impair the performance of the
activity of the credit institution by preserving compliance with all the applicable legal and
regulatory provisions, the ability of the management body to fulfil its tasks, or the National
Bank of Romanias prudential supervision of the outsourcing credit institution.
Art. 232
A credit institution may, on an adequate grounds, outsource services or activities concerning
the withdrawal of deposits or lending, requiring a license from the National Bank of Romania
according to the law, only to external service providers that:
a) hold an authorization that is equivalent to the authorization held by the outsourcing
credit institution; or
b) are allowed to carry out those activities in accordance with the relevant applicable
legal framework.
Art. 233
(1) The ultimate responsibility for the proper management of the risks associated with
outsourcing and for the outsourced activities lies with the outsourcing credit institutions
management body.
(2) The credit institution is responsible for its authorized activities, including outsourced
activities.
(3) The credit institution shall retain adequate core competences at a senior operational
level in house, in order to maintain capability to resume direct control over the outsourced
activity, if necessary.
(4) Outsourcing arrangements shall never result in the delegation of responsibilities of the
credit institutions senior management.
Art. 234
The purchase of goods and services by a credit institution, without providing the supplier
with confidential information about customers or other information regarding the activities
performed by the credit institution, shall not be considered outsourcing.
SECTION 2: Outsourcing contract
Art. 235
(1) Every outsourcing arrangement shall be subject to a written contract, taking account at
least of the following:
a) clear identification of the outsourcing activity;
b) establishment of specific quantitative and qualitative performance targets concerning
the performance of the outsourced activity, to enable the credit institution to assess
whether the services are provided adequately;
c) precise specification of the rights and obligations of the outsourcing credit institution
and of the external service provider, pursuing also the compliance with laws and
prudential regulations for the duration of the outsourcing arrangement;

d) provision of a contract termination clause, if deemed necessary and proportionate to

the outsourced activity, which allows the transfer of the activity to another external
service provider agreed by the credit institution or its reincorporation within the credit
institution;
e) stipulation of provisions covering the protection of confidential information,
processing thereof and maintenance of banking secrecy by the external service provider
at least at the same level of confidentiality as maintained by the credit institution;
f) stipulation of provisions concerning the ongoing monitoring and assessment of the
external service provider's performance by the credit institution, so that it may take
promptly any necessary corrective measures;
g) stipulation, under the liability of external service provider, of the obligation to allow
the outsourcing credit institution's compliance and internal audit functions full access to
its data/information related to the outsourced services, respectively to allow the credit
institutions financial auditor unrestricted rights of inspection and auditing of that data;
h) stipulation, under the liability of external service provider, of the obligation to allow, in
relation to the outsourced services, the direct access of the National Bank of Romania to
its data as well as the right of the National Bank of Romania to conduct on-site
inspections;
i) stipulation, under the liability of external service provider, of the obligation to ask
credit institutions prior consent in order to sub-contract to other service providers the
components of the services provided to the credit institution;
j) provision of a clause allowing unilateral termination of the contract upon outsourcing
credit institutions initiative, inclusively upon the request of the National Bank of Romania.
(2) When drafting the contract, the outsourcing credit institution shall bear in mind that the
level of monitoring, assessment, inspection and auditing set forth in the contract shall be
proportionate to the risks involved and the size and complexity of the outsourced activity.
Art. 236
In the meaning of the provisions of art. 235 para. (1) letter b), when evaluating the adequacy
of the performance of services provided by the external service provider, the credit
institution will be able to use the information taken from the service delivery reports, those
provided by the internal and / or financial auditor of the credit institution or by the internal
and / or financial auditor of the external service provider.
SECTION 3: Notification of outsourcing
Art. 237
(1) Outsourcing of a credit institutions material activities shall be previously notified to the
National Bank of Romania Supervisory Direction.
(2) The notification shall be given with 2 months before the date on which the outsourcing
contract is scheduled to be concluded so that the National Bank of Romania can evaluate to
what extent the prudential requirements are fulfilled and, as the case may be, it can take the
necessary measures.
(3) The notification shall be accompanied by the following documents and information:
a) decision of the competent body concerning outsourcing of respective activities, also
showing the reasons for which these activities were classified as material;
b) a description of the outsourced activities
c) the grounding of the opportunity to outsource those activities, including from the

perspective of risks incurred by outsourcing;

d) an overview of the service provider, including at least information concerning: the
name and scope of activity, the operating market and the corresponding market position,
the applicable jurisdiction, its ownership structure and, as the case may be, the extent to
which the service provider is included in the credit institutions group and in the
consolidated supervision of that group;
e) the draft of the outsourcing contract.
Art. 238
When outsourcing a material activity, the National Bank of Romania may impose specific
conditions considering factors such as: the size of the credit institution, the nature of the
outsourced activity, the characteristics and market position of the service provider, the
duration of the contract and the potential conflicts of interest caused by outsourcing, or it
may reject, based on reasonable grounds, the outsourcing operation.
Art. 239
(1) After outsourcing a material activity, credit institutions shall notify to the National Bank
of Romania the Supervisory Direction the following:
a) the intention to replace the external service provider, motivating this intention, in
which case the provisions of 237 para. (3) letters d) and e) shall apply accordingly
b) the possible reintegration in the credit institution of the activities subject to
outsourcing
c) any material developments that may affect the service providers activity and/or its
ability to fulfil its obligations to customers, possible measures taken by the credit
institution in such cases, including the replacement of the service provider
(2) In the case specified in para. (1) letter a), the notification shall be made 1 month before
the date when the new outsourcing contract is scheduled for conclusion, so that the
National Bank of Romania can evaluate the new circumstances and, as the case may be, it
can take the necessary measures. In the cases specified in para. (1) letters b) and c), the
notification shall be made as soon as possible.
SECTION 4: The management of risks associated with outsourcing
Art. 240
(1) Credit institutions shall have a written policy on their approach to outsourcing, including
at least:
a) a description of the activities intended to be outsourced. The general policy shall cover
all aspects of outsourcing, including outsourcing of nonmaterial activities, disregarding
whether the outsourcing is made within the credit institutions group or not;
b) the grounding of the opportunity for outsourcing of activities, including from the
perspective of risks generated by outsourcing;
c) establishment of terms and conditions for performance of the outsourced activity,
including the requirements regarding the external service provider and the quality of
services provided thereby and the criteria of selection of the external service provider;
d) the analysis of the risks related to outsourcing and establishment of methods to be
used in the management of those risks. The policy shall recognize that no form of
outsourcing is risk free. The management of nonmaterial activities and intragroup
outsourcing shall be proportionate to the risks incurred by these arrangements;

e) explicit consideration, in the risk analysis prior to outsourcing, of the potential effects
of outsourcing on certain material functions in the credit institution;
f) appropriate monitoring and assessment by the credit institutions senior management
of the financial performance and essential changes in the external service providers
organization structure and ownership structure, so that any necessary measures are
promptly taken;
g) identification of internal structures or individuals that are responsible for monitoring
and managing each outsourcing arrangement;
h) contingency plans and clearly defined clearly identified strategies in case the external
service provider ceases provision of services.
(2) The outsourcing policy of a credit institution shall consider the main phases of
outsourcing arrangements:
a) the decision making phase, respectively the decision to outsource or change an existing
outsourcing arrangement;
b) the pre-contractual phase, respectively the verification and assessment of the external
service provider, especially considering its ability to provide services while maintaining the
quantitative and qualitative requirements established by the credit institution, the
drafting of the outsourcing contract and of specifications concerning the provided services;
c) the contractual phase, respectively the implementation, monitoring, and management
of an outsourcing arrangement, which may also include the follow-up of changes affecting
the external service provider such as: major changes in ownership structure, in strategies
and profitability of operations of the service provider;
d) the post-contractual phase, dealing with the expected or unexpected termination of a
contract and other service interruptions by the external service provider. Credit
institutions shall plan and implement arrangements to maintain the continuity of their
business in the event that provision of services by the external service provider fails or
deteriorates to an unacceptable degree, or the external service provider experiences
other changes. (
Art. 241
(1) Credit institutions shall effectively control the outsourced activities.
(2) Credit institutions shall manage the risks, especially the operational and the
concentration risk associated with all outsourced activities, respectively they shall identify,
measure, monitor and control these risks.
(3) Credit institutions shall notify semi annually the National Bank of Romania Supervisory
Direction on any material development related to the risks associated with the outsourced
activities.
Art. 242
Credit institutions shall submit to the National Bank of Romania Supervisory Direction the
documents formalizing their outsourcing policy and the procedures of the management of
the outsourcing risks as well as any material amendment to these policies and procedures.
SECTION 5: Chain outsourcing
Art. 243
(1) Credit institutions shall take account of the risks associated to chain outsourcing.

(2) Credit institutions may opt for chain outsourcing only if the subcontractor will also fully
comply with the obligations existing between the outsourcing credit institution and the
principal external service provider, including obligations incurred in relation with the
National Bank of Romania.
(3) Subcontracting is allowed only with the prior agreement of the credit institution and
under the same terms as the outsourcing to the principal service provider.
(4) Credit institutions shall take appropriate measures to address the risk of any faulty
compliance or noncompliance with provision of the subcontracted activities having a
material effect on the principal service provider's ability to meet its responsibilities under
the outsourcing agreement.
TITLE III: Own Funds
CHAPTER I: Own Funds at Individual Level
SECTION 1: Common Equity Tier 1 Capital and Additional Tier 1 Capital
Art. 244
(1) Eligibility criteria and calculation methodology with regards to Common Equity Tier 1
Capital and Additional Tier 1 Capital are set forth by provisions of Art.25 Art.61 of
Regulation (EU) no. 575/2013.
(2) Provisions of para.(1), as well as related reporting requirements, provided in Art.99
para.(1) of Regulation (EU) no. 575/2013 shall apply accordingly, as well, to branches in
Romania of credit institutions from third countries. (former rt.1 (5))
Art. 245
In order to meet the requirement laid down in Art.26 para.(1) of Regulation (EU) no.
575/2013, the following shall be considered:
a) in determining the Common Equity Tier 1 capital of central credit institution, the
elements referred to in Art.26 para.(1) letter e) of Regulation (EU) no. 575/2013 shall not
include the outstanding amounts existent represented by: the fund for increasing own
financing sources and other funds constituted for performing payments for requirements
of the central credit institution and of credit cooperatives, the social fund and funds of
social fund type represent, according to statutory provisions, the mutual guarantee
reserve, as well.
b) in determining the Common Equity Tier 1 capital of credit cooperatives, the items
provided in Art.26 para.(1) letter e) of Regulation (EU) no. 575/2013 shall not consider the
outstanding amounts existent representing the fund for increasing own financing sources,
the social fund or funds constituted for performing payments for the requirements of
credit cooperatives and cooperative members.
SECTION 2: Tier 2 Capital
Art. 246
Eligibility criteria and calculation methodology with regards to Tier 2 Capital are set forth by
provisions of Art.62 71 of Regulation (EU) no.575/2013.
Art. 247
In order to meet the requirement laid down in Art.63 of Regulation (EU) no.575/2013, in
determining the Tier 2 Capital of credit cooperative organizations and cooperative networks,
items such as Tier 2 instruments issued by a credit cooperative organization part of a
network, in relation with other members in the network, shall not be considered.

SECTION 3: Prior Approval on the Inclusion of Capital Instruments and/or Loans

Subordinated to Additional Tier 1 Capital and Tier 2 Capital
Art. 248
(1)
Items provided by Art.51 letter a) and Art.62 letter a) of Regulation (EU) no.
575/2013 may be included in Additional Tier 1/Tier 2 capital only if, according to the opinion
of the National Bank of Romania, requirements laid down in Art.52, Art.63, respectively, of
the same regulation, are met.
(2)
Capital instruments and subordinated borrowings issue/conferred prior entering
into force of the present regulation, are recognized in the category of elements of the own
funds provided in art. Letter a) and art. 62 letter a) from Regulation (EU) no. 575/2013, if in
the opinion of the National Bank of Romania they fulfil the eligibility requirements provided
in art. 52, respectively art. 63 from the respective regulation.
SECTION 4: Requirements on the Minimum Level of Initial Capital
Art. 249
(1) Initial capital of credit institutions is composed of one or more elements referred to in
Art.26 para. (1) letter a) letter e) of Regulation (EU) no. 575/2013.
(2) Banks, Romanian legal persons, shall hold upon authorisation, an initial capital of
minimum LEI 37 million.
(3) Mortgage banks shall hold upon authorisation, an initial capital of minimum LEI 25
million.
(4) Savings and loan banks for housing shall hold upon authorisation, an initial capital of
minimum LEI 25 million.
(5) Branches in Romania of third country credit institutions shall constantly maintain their
initial capital at least at the minimum level applicable set forth in this regulation, pursuant to
para.(2)-(4), as appropriate.
(6) The minimum level of the initial capital and the level of own capital of a central credit
institution, respectively, shall be established at the equivalent in LEI of EUR 5 million.
(7) The minimum level of own funds of a credit cooperative shall be established at LEI 300
thousand.
(8) The minimum level of aggregate capital, and the level of own funds of a cooperative
network, respectively, shall be established at the equivalent in LEI of EUR 10 million. The
aggregate capital of a network is represented by Tier 1 capital.
SECTION 5: Terms for Reducing Own Funds
Art. 250
Reducing, redeeming or repurchasing Common Equity Tier 1 instruments, Additional Tier 1
instruments or Tier 2 instruments shall be performed with observance of provisions in Art.
77 Art. 78 of Regulation (EU) no. 575/2013.
Art. 251
In order to apply provisions of Art.250, for credit cooperative organizations, the following
shall be considered:
a) obligations of central credit institution towards the affiliated credit cooperatives
representing the amounts to be regulated as a result of recalculating, at the end of the
fiscal year, of the value of their participations to the share capital of the central credit
institution;
b) amounts representing the equivalent of shares related to contributions of credit
cooperatives to the share capital of the central credit institution to which they are

affiliated, if these cooperatives are involved in a merger or division process of cooperative

networks, following which they shall leave the network, or, in case the central credit
institution shall decide their dissolution, followed by liquidation;
c) amounts representing the equivalent of shares to be reimbursed by credit cooperatives
in the network in cases of their termination as cooperative members.
Art. 252
If in a cooperative network the conditions laid down in Art. 10 of Regulation (EU) no.
575/2013 are complied with, in circumstances stipulated in Art. 77 letter a) of the same
regulation, registered by a credit cooperative, including those referred to at Art.251 letterc)
in this regulation, by derogation from the obligation of obtaining prior approval from the
competent authority stipulated in Art.77 of Regulation (EU) no. 575/2013, provisions of Art.
151f para.(1) of the National Bank of Romania Regulation no. 2/2013on the amendment and
supplementation of Regulation no. 6/2008 of the National Bank of Romania regarding the
commencement of activities and amendments in case of credit institutions, Romanian legal
entities, and Romanian branches of credit institutions from third countries, shall apply.
CHAPTER II: Own Funds at Consolidated Level
Art. 253
The obligation of determining own funds at consolidated level lies with credit institutions,
Romanian legal entities, which are subject to supervision by the National Bank of Romania
on consolidated basis, under title V Supervision on Consolidated Basis, of this regulation.
Art. 254
For determining own funds at consolidated level, provisions of Art.81 88 of Regulation (EU)
no. 575/2013 shall be considered.
TITLE IV: Capital Buffers
*)

Provisions of art. 255-280 are applied starting with January 1, 2016.

CHAPTER I: General Provisions

Art. 255
(1) This title sets forth the rules with regards to own funds that credit institutions shall hold
in order to build capital buffers.
(2) This title shall apply to credit institutions authorized at national level and branches in
Romania of credit institutions from third states.
CHAPTER II: Capital Conservation Buffer
Art. 256
(1) Credit institutions shall maintain, as appropriate, at individual level and at consolidated
level, pursuant to provisions in part I, title II of Regulation (EU) no. 575/2013, besides the
Common Equity Tier 1 capital laid down in Art. 92 of Regulation (EU) no. 575/2013, a capital
conservation buffer composed of Common Equity Tier 1 capital, equivalent with 2.5% of the
total risk exposure amount calculated pursuant to Art. 92 para. 3) of Regulation (EU) no.
575/2013.
(2) Credit institutions should not utilize Common Equity Tier 1 capital maintained for
observing the requirement laid down in para.(1) in order to comply with any of the
provisions laid down in Art. 226 para. (3), (4) and (5) of the Government Emergency
Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no.
227/2007, as further amended and supplemented.

(3) In case of noncompliance with the requirement laid down in para.(1), the credit
institution shall be subject to restrictions on distributions provided Art. 291 of this regulation.
CHAPTER III: Countercyclical Capital Buffer
SECTION 1: Requirement on Maintaining an Institution Specific Countercyclical Capital
Buffer
Art. 257
(1) Credit institutions shall maintain an institution specific countercyclical capital buffer,
equivalent to the result between the total value of the total risk exposure amount calculated
under Art.92 para.(3) of Regulation (EU) no. 575/2013 at individual level and at consolidated
level, pursuant to part I, title II of Regulation (EU) no. 575/2013 and the default weighted
average of countercyclical capital buffer rates determined according to Art. 263 and Art. 264
of this regulation.
(2) Credit institutions shall constitute the buffer stipulated under para.(1) of the Common
Equity Tier 1 capital. Moreover, credit institutions shall maintain such buffer in addition to
Common Equity Tier 1 capital laid down in Art.92 of Regulation (EU) no. 575/2013, to capital
conservation buffer laid down in Art.256 of this regulation, as well as to any other
requirement enforced by Art.226 para.(3), (4) and (5) of the Government Emergency
Ordinance no. 99/2006 on credit institutions and capital adequacy, approved by Law no.
227/2007, as further amended and supplemented.
(3) In case of noncompliance with the requirement laid down in para.(1), the credit
institution shall be subject to restrictions on distributions provided in Art.291 of this
regulation. (Art.130 P6)
SECTION 2: Determining and Calculating the Countercyclical Capital Buffer
Art. 258
(1) The National Bank of Romania is responsible for enforcing the constitution of the
countercyclical capital buffer by credit institutions at the level recommended by the
Coordination Structure.
(2) The adequate rate for the countercyclical capital buffer is established quarterly, taking
into consideration the following:
a.) The referential for the countercyclical capital buffer, calculated by the coordination
structure for its guidance in the process of determining the buffer rate;
b.) Any guidance in force of the European Systemic Risk Board, issued in compliance
with art. 135 para. (1) lit. a), c) and d) from Directive 2013/36/EU, as well as any
recommendation issued by the European Systemic Risk Board regarding the
determination of the capital buffer rate.
c.) Other alternatives considered relevant in order to treat the cyclical risk system
(3) For purposes of para.(2), the referential reflects, in a relevant manner, the crediting cycle
and risks due to excessive increase of credits in Romania, taking into account in an adequate
manner, the particularities of national economy. At the same time, the referential is based
on the deviation of credit share in the gross domestic product, from its long-term trend,
considering inter alia:
a) an indicator of the increase recorded by the crediting activity in Romania and,
especially, an indicator for reflecting changes in the share of credits granted in Romania in
the gross domestic product;
b) any guidelines in force of the European Systemic Risk Board, issued in compliance with
art. 135 para. (1) letter b) from Directive 2013/36/UE of the European Parliament and
Council regarding the access of the credit institutions and the investment firms activities

and their prudential monitoring, of modifying the Directive 2002/87/CE and of abrogation
of the Directives 2006/48/CE and 2006/49/CE.
(4) The countercyclical capital buffer rate expressed as a percentage of the total risk
exposure amount laid down in Art.92 para.(3) of Regulation (EU) no. 575/2013, determined
by credit institutions that have credit exposures in Romania, should be between 0% and
2.5%, calibrated in increments of 0.25 percentage points or multiples of 0.25 percentage
points.
(5) In justified cases, based on considerations laid down in para.(2) a countercyclical capital
buffer rate higher than 2.5% of the total risk exposure amount laid down in Art.92 para.(3) of
Regulation (EU) no. 575/2013 can be determined.
(6) If the coordination structure shall recommend enforcement for the first time of a rate of
the countercyclical capital buffer bigger than 0 or if the coordination structure shall
recommend the increase of the buffer rate already enforced at that time, the National Bank
of Romania, at the coordination structures recommendation, shall enforce the date as of
which the increased buffer rate shall be applied for calculating the credit institution specific
countercyclical capital buffer. Such date shall not exceed 12 months from the date when the
increased buffer rate was announced, pursuant to para. (9) and (10). If the date is prior to
the 12 months period, the shorter term for implementing the countercyclical capital buffer is
justified based on exceptional circumstances.
(7) The National Bank of Romania shall quarterly announce the established countercyclical
capital buffer rate, by publishing it on its website. The announcement shall include the
following information at a minimum:
a) the enforced countercyclical capital buffer rate;
b) the credit share in the gross domestic product and its deviation from the long-term
trend;
c) the referential for the countercyclical capital buffer, calculated pursuant to para.(3);
d) justification of the countercyclical capital buffer rate;
e) in case of increase of the buffer rate, the date as of which credit institutions shall apply
the increased buffer rate for calculating the credit institution specific countercyclical
capital buffer;
f) if the date referred to in letter e) falls before 12 months as of the date of the
announcement provided in this para., a reference to the exceptional circumstances that
justify the reducing of the term period as of which the rate is enforced;
g) if the rate level is reduced, the indicative period for which no increase is foreseen,
determined upon recommendation of the coordination structure, accompanied by an
adequate justification;
The determination of the estimated period does not represent a commitment for the
coordination structure, neither for the National Bank of Romania.
(8) The National Bank of Romania published the announcement provided in para. (7) after
the transmission of the recommendation made by the coordination structure, regarding the
level of the countercyclical capital buffer rate, accompanied by the information provided in
the para. (7) letter b) g).
(9) The National Bank of Romania shall quarterly submit a notification to the European
Systemic Risk Board with regards to the rate established for the countercyclical capital buffer.
In such notification, the National Bank of Romania Supervision shall include, as well, the
information provided in para.(7) letter a) - g). The European Systemic Risk Board shall

publishes on its website the level of such rate, as well as the information communicated.
SECTION 3: Recognition of a Countercyclical Capital Buffer Rate Exceeding 2.5%
Art. 259
(1) In cases where the competent authority from another member state or the competent
authority from a third state shall establish, similar to those laid down in Art.258 para.(4) and
para.(5) of this regulation, a countercyclical capital buffer rate exceeding 2.5% of the total
risk exposure amount laid down in Art.92 para.(3) of Regulation (EU) no.575/2013, the
National Bank of Romania admits, upon recommendation that the coordination structure
can issue, such rate, for purposes of calculating the credit institution specific countercyclical
capital buffer, by the credit institutions authorized at national level.
(2) In circumstances pursuant to para.(1), the National Bank of Romania shall announce the
recognition by publication on its own website. The announcement shall include, as well, the
following information at a minimum:
a) the enforced countercyclical capital buffer rate;
b) the member state or third state to which it is applicable;
c) if the rate is increased, the date as of which the credit institutions authorized at
national level shall apply such increase for purposes of calculating the credit institution
specific countercyclical capital buffer;
d) if the date referred to under letter c) falls before 12 months as of the date of the
announcement provided in this para., a reference to the exceptional circumstances that
justify the reducing of the term period as of which the rate is enforced.
(3) The National Bank of Romania publishes the announcement provided in para. (2) after
the transmission of the recommendation if the coordination structure, regarding the level
the countercyclical capital buffer rate accompanied by information provided in para. (2),
letter b) d).
SECTION 4: Decision on the Countercyclical Capital Buffer Rates Applicable to Exposures in
Third Countries
Art. 260
(1) Provisions of this Art. shall apply regardless of the existence or absence of a possible
recommendation regarding the countercyclical capital buffer rates for exposures in third
countries, issued by the European Systemic Risk Board for the coordination structure,
pursuant to Art.138 in Directive no. 2013/36/UE.
(2) If the competent authority in a third state did not establish and did not publish a
countercyclical capital buffer for that respective state, and one or more credit institutions,
Romanian legal entities, have exposures of credits located in that state, the National Bank of
Romania shall impose, upon recommendation that the coordination structure can issue, the
level of the countercyclical capital buffer rate that the credit institutions, Romanian legal
entities, shall apply in order to calculate the credit institution specific countercyclical capital
buffer.
(3) If the competent authority in a third state shall establish and publish the countercyclical
capital buffer rate for that respective state, the National Bank of Romania shall impose,
upon recommendation that the coordination structure can issue, the application of a
different rate for that respective state for calculating the credit institution specific

countercyclical capital buffer, by credit institutions, Romanian legal entities, if from

reasonable reasons it is considered that the rate established by the competent authority in
the third country is not sufficient to adequately protect these credit institutions against risks
determined by excessive increase of crediting in that respective state.
(4) Notwithstanding para.(3), it cannot be established a countercyclical capital buffer rate
lower than the level enforced by the competent authority in the third state unless such level
exceeds 2.5% of the total risk exposure amount laid down in Art.92 para.(3) of Regulation
(EU) no. 575/2013, determined by credit institutions that have exposures from credits
located in such third state.
(5) If a rate of the countercyclical capital buffer for a third state is established, in compliance
with para. (2)-(4), higher than the existent one, the National Bank of Romania, upon
recommendation of the coordination structure, establishes the date as of which credit
institutions authorized at national level shall apply such level for calculating the credit
institution specific countercyclical capital buffer. Such date shall not exceed 12 months as of
the date when the increased buffer rate was announced pursuant to para.(6). If the date is
prior to the 12 months period, the shorter term is justified under exceptional circumstances.
(6) The National Bank of Romania shall announce on its website the implementation of any
countercyclical capital buffer rate for a third state pursuant to para. (2)-(4) of this Art. .
Moreover, the National Bank of Romania shall include the following information in such
announcement:
a) the countercyclical capital buffer rate and the third state to which it shall apply;
b) a justification of such rate;
c) the date as of which credit institutions shall apply the increased rate for calculating the
credit institution specific countercyclical capital buffer if the value of such rate is
established for the first time higher than zero or is increased;
d) if the date referred to in letter c) is prior to the 12 months as of the date of the
announcement provided in this para., a reference to the exceptional circumstances that
justify reducing the term period as of which the rate is enforced.
(7) The National Bank of Romania is publishing the announcement provided in para. (6) after
submitting the recommendation, made by the coordination structure, regarding the level of
the countercyclical capital buffer rate and the third state to which it shall apply,
accompanied by the information referred to in para. (6) letter b) - d).
SECTION 5: Calculation of the Credit Institution Specific Countercyclical Capital Buffer
Art. 261
(1) The institution specific countercyclical capital buffer rate is equal to the default weighted
average of the countercyclical capital buffer rates applied in the jurisdictions where the
relevant credit exposures of the credit institution are located or which are applied for
purposes of this Art. , under Art.260 para.(2) or para.(3)-(4).
(2) In order to calculate the default weighted average referred to in para.(1), credit
institutions shall apply to each buffer rate applicable in a jurisdiction, the coefficient
obtained by reporting on its total own funds requirements for credit risk, determined
pursuant to part three, title II of Regulation (EU) no.575/2013, corresponding to relevant
exposures of credits located in such jurisdiction, to the total own funds requirements for
credit risk related to all its exposures from relevant credits.
Art. 262
(1) In circumstances where, pursuant to Art. 258 para.(4) and (5), the National Bank of

Romania enforces, upon the recommendation of the coordination structure, a

countercyclical capital buffer rate higher than 2.5% of the total risk exposure amount
provided in Art.92 para.(3) of Regulation (EU) no.575/2013, the following rates shall apply to
relevant exposures of credits located in Romania for purposes of calculation referred to in
Art. 261, including, where appropriate, for purposes of the consolidated capital item
corresponding to the credit institution concerned:
a) credit institutions authorized at national level shall apply the rate higher than 2.5% of
the total risk exposure amount for exposures located in Romania;
b) credit institutions authorized at national level shall apply, for exposures located in
other member states, a rate of 2.5% of the total risk exposure amount, provided that the
National Bank of Romania, upon the recommendation the coordination structure, did not
recognize the rate higher than 2.5% pursuant to Art.259 para.(1);
c) credit institutions authorized at national level shall apply, for exposures located in
another member state, the rate level enforced by the competent authority in such
member state, provided that the National Bank of Romania, upon the recommendation of
the coordination structure, recognized the rate concerned pursuant to Art.259.
(2) In cases where the countercyclical capital buffer rate established by the competent
authority in a third state for such state is higher than 2.5% of the total risk exposure amount
determined pursuant to Art.92 para.(3) of Regulation (EU) no.575/2013, the following rates
shall apply to relevant exposures of credits located in such third state for purposes of
calculation referred to in Art.261, including, where appropriate, for purposes of calculating
the consolidated capital item corresponding to the credit institution concerned:
a) credit institutions authorized at national level shall apply a countercyclical capital
buffer rate of 2.5% of the total risk exposure amount, provided that the National Bank of
Romania did not recognize, upon the recommendation of the coordination structure, the
rate level higher than 2.5% pursuant to Art.259 para.(1);
b) credit institutions authorized at national level shall apply the countercyclical capital
buffer rate established by the competent authority in the third state provided that the
National Bank of Romania recognized such rate pursuant to Art.259 (Art.140 P3 letter b)),
upon the recommendation of the coordination structure.
Art. 263
(1) For purposes of Art.261 para.(2), credit institutions shall include in the relevant credit
exposures all exposures that belong to exposure classes, besides the ones referred to in
Art.112 letter a) - f) of Regulation (EU) no. 575/2013, that are subject to:
a) own funds requirements for credit risk, referred to in part three, title II of the
regulation referred to;
b) if the exposure is in the transitioning portfolio, own funds requirements for specific risk,
laid down in chapter 2, part three, title IV of the regulation referred to, or for additional
risks of default and migration, laid down in chapter 5,p three, title IV of the regulation
referred to;
c) if the exposure is a securitization, own funds requirements laid down in chapter 5, part
three, title II of the regulation referred to.
(2) Credit institutions shall identify the geographic location of a relevant credit exposure,
pursuant to the technical regulatory standards adopted by the European Banking Authority
in this regard.
(3) For purposes of calculation referred to in Art.261 para.(1):

a) the countercyclical buffer rate shall apply as of the date referred to in the information
published pursuant to Art.258 para.(7) letter e) or with Art.259 para.(2) letter c) of this
regulation, if the decision has the effect of increasing the rate;
b) subject to letter c), the countercyclical buffer rate for a third state shall apply 12
months subsequent to the date as of which the competent authority in a third state
announced modification of the rate, regardless if such authority enforces upon credit
institutions established in the third state to apply the modification in a shorter period of
time, if the decision has the effect of increasing the rate. In this respect, change of rate
for a third state is considered as announced upon the date it is published by the
competent authority in the third state pursuant to the relevant regulatory framework at
national level.
c) if the National Bank of Romania, upon the recommendation of the coordination
structure, shall enforce the countercyclical capital buffer rate for a third state pursuant to
Art.260 para.(2) or Art.260 para.(3) and (4) or shall recognize such rate for a third state
pursuant to Art.259, such rate level shall apply as of the date stipulated in information
published pursuant to Art.260 para.(6) letter c) or Art.259 para.(2) letter c), if the decision
has the effect of increasing the rate;
d) countercyclical buffer rate shall apply immediately if the decision has the effect of
reducing it.
CHAPTER IV: G-SII and O-SII
Art. 264
(1) Upon the recommendation of the coordination structure, the National Bank of Romania
shall identify, on consolidated basis, the global institutions of systemic importance,
hereinafter named G-SII institutions, authorized at national level.
(2) For purposes of para.(1), a G-SII institution is a parent credit institution at EU level, a
parent financial holding company at EU level, a parent mixed financial holding company at
EU level or a credit institution. A parent credit institution, which is a subsidiary of a parent
credit institution at EU level, of a parent financial holding company at EU level or of a parent
mixed financial holding company at EU level shall not be considered a G-SII institution.
Art. 265
(1) For purposes of Art. 264 para. (1), in the process of identifying G-SII institutions, the
National Bank of Romania utilizes a methodology based on the following categories of
indicators:
a) group dimension;
b) interconnection of the group with the financial system;
c) possibility of substituting the financial services or infrastructure provided by the group;
group complexity;
d) group complexity
e) cross-border activity, including cross-border activity among member states and among
member states and a third state.
(2) Each category laid down in para.(1) consists of quantifiable indicators equaly weighted.
By applying such methodology, the National Bank of Romania obtains a global score for each
assessed entity regulation referred to in Art.264, this way identifying and allocating G-SII
institutions in a sub-category, under Art.270 271.
Art. 266
Each G-SII institution shall maintain, at consolidated level, a capital buffer corresponding to

the sub-category in which it is allocated. Such buffer shall be constituted of Common Equity
Tier 1 capital and shall be additional to all other requirements related to Common Equity
Tier 1 capital.
Art. 267
(1) Upon the recommendation of the coordination structure, the National Bank of Romania
shall identify, as appropriate, at individual level, sub consolidated or consolidated level,
other institutions of systemic importance, hereinafter named O-SII institutions, authorized at
national level.
(2) For purposes of para.(1), an O-SII institution is a parent credit institution at EU level, a
parent financial holding company at EU level, a parent mixed financial holding company at
EU level or a credit institution.
Art. 268
In order to evaluate O-SII institutions, the National Bank of Romania utilizes a methodology
based on minimum one of the following criteria:
a) dimension;
b) importance for the economy of the Union or of the relevant member state;
c) amplitude of cross-border activities;
d) interconnection of the credit institution with the financial system.
Art. 269
(1) Based on the criteria for identifying O-SII institutions, upon recommendation of the
coordination structure, the National Bank of Romania may enforce on each O-SII institution,
at consolidated, sub-consolidated or individual level, as appropriate, the maintenance of a
buffer of up to 2% of the total risk exposure amount, calculated pursuant to Art. 92 para. (3)
of Regulation (EU) no. 575/2013. Such buffer shall be constituted of Common Equity Tier 1
capital and shall be additional to all other requirements related to Common Equity Tier 1
capital.
(2) For purposes of para. (1), the National Bank of Romania takes the following into account:
a) O-SII buffer shall not determine disproportionate negative effects on the financial
system as a whole or to parts of it, in other member states or in the Union as a whole,
forming or creating an obstacle to the functioning of the internal market;
b) b) O-SII buffer shall be reviewed by the National Bank of Romania at least annually.
(3) For purposes of para.(1), before establishing or restoring an O-SII buffer, the National
Bank of Romania shall forward a notification to the European Commission, the European
Systemic Risk Board, the European Banking Authority and the member states concerned,
one month prior to publishing the decision referred to in para.(1). The notification shall
describe in detail:
a) reasons for which it is considered that the O-SII buffer may be efficient and adequate in
mitigating risk;
b) an assessment, based on information available to the National Bank of Romania, of the
possible positive or negative impact manifested by the O-SII buffer on the unique market;
c) O-SII buffer rate established by the National Bank of Romania, upon recommendation
of the coordination structure, and that the National Bank of Romania intends to
implement.
(4) Notwithstanding Art. 276 289 and para.(1) of this Art. , if an O-SII institution is a

subsidiary either of a G-SII institutions, either of an O-SII institution which is a parent credit
institution at the level of EU and is subject to a O-SII buffer at consolidated level, the buffer
that shall apply at individual or sub-consolidated level for the O-SII institution shall not
exceed the higher value of the following:
a) 1% of the total risk exposure amount calculated pursuant to Art. 92 para. (3) of
Regulation (EU) no. 575/2013; and
b) G-SII or O-SII buffer rate applicable to the group at consolidated level.
Art. 270
(1) In the evaluation process provided in Art.265, the National Bank of Romania shall allocate
G-SII institutions in at least 5 sub-categories. The lower limit and sub-category limits shall be
determined based on scores obtained through the identification methodology laid down in
Art.265 para.(2).
(2) For purposes of para.(1), limit scores marking adjacent sub-categories shall be clearly
defined and shall observe the principle of constant linear growth of the systemic importance
among sub-categories, which shall lead to an additional linear growth of the requirement of
Common Equity Tier 1 capital, except for the highest sub-category.
(3) For purposes of para.(1), the systemic importance represents the foreseen impact
exercised by the difficulties of a G-SII institution on the global financial market
Art. 271
For purposes of Art.270, G-SII institutions allocated to the lowest sub-category shall maintain
a buffer of 1% of the total risk exposure amount, calculated pursuant to Art. 92 para.(3) of
Regulation (EU) no. 575/2013, and subsequently G-SII institutions allocated to the other subcategories shall observe a requirement of the buffer which shall gradually increase in
increments of 0.5% of the total risk exposure amount, calculated pursuant to Art. 92 para. (3)
of Regulation (EU) no. 575/2013, up to the fourth sub-category. G-SII institutions allocated in
the higher sub-category with the highest ranking are subject to a buffer of 3.5% of the total
risk exposure amount, calculated pursuant to Art. 92 para. (3) of Regulation (EU) no.
575/2013.
Art. 272
Notwithstanding Art.264, Art. 270 and Art. 271, the National Bank of Romania may, in a solid
process of exercising supervising reasoning:
a) reallocate a G-SII institution from an inferior sub-category in a higher sub-category;
b) allocate an entity referred to in Art.264, benefiting of a global score which is lower than
the limit score of the sub-category of the lowest ranking, in that respective subcategory or in a superior sub-category, thus classifying it as a G-SII institution.
Art. 273
If the National Bank of Romania takes a decision pursuant to Art.272 letter b), it shall
appropriately inform the European Banking Authority, providing all the required arguments.
Art. 274
(1) The National Bank of Romania shall forward to the European Commission, the European
Systemic Risk Board and the European Banking Authority the name of credit institutions
identified as G-SII institutions, as well as the sub-category that each of these credit
institutions is allocated to.
(2) The National Bank of Romania shall make public the name of credit institutions identified

as G-SII institutions, as well as the sub-category that each of these credit institutions is
allocated to.
(3) The National Bank of Romania , upon recommendation of the coordination structure,
annually reviews G-SII and O-SII institutions identified, as well as the allocation of G-SII
institutions in such sub-categories, and communicates the result to the credit institutions
concerned, European Commission, the European Systemic Risk Board and the European
Banking Authority. The National Bank of Romania makes public the updated list of
institutions of systemic importance identified, as well as the sub-category that each of the
identified G-SII institutions is allocated to.
Art. 275
Institutions of systemic importance do not utilize the Common Equity Tier 1 capital
maintained in order to cover the G-SII buffer and the O-SII buffer laid down in Art. 266 and
Art. 269 para.(1), in order to fulfill any of the requirements enforced under Art.92 of
Regulation (EU) no. 575/2013, Art. 256 and Art. 257 of this regulation, as well as any other
requirements enforced under Art. 226 para. (1) (5) of Government Emergency Ordinance
no. 99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007,
with subsequent amendments.
Art. 276
If a group, at consolidated level, is subject to the following types of buffers, the highest value
buffer between shall apply:
a) G-SII buffer and O-SII buffer;
b) G-SII buffer, O-SII buffer and, pursuant to Art.276 289, the capital buffer for systemic
risk,
Art. 277
If a credit institution, at individual or sub-consolidated level, is subject to an O-SII buffer and
a capital buffer for systemic risk pursuant to Art.281 289, the highest value buffer between
the two, shall apply.
Art. 278
Notwithstanding Art. 276 and Art. 277, if the capital buffer for systemic risk shall apply to all
exposures located in Romania, but shall not apply to exposures outside it, such capital buffer
for systemic risk shall be cumulated with the O-SII buffer or with the G-SII buffer which shall
apply pursuant to Art.264 280.
Art. 279
If Art.276 and Art.277 shall apply and a credit institution is part of a group or subgroup to
which a G-SII institution or an O-SII institution belongs to, this shall not signify that such
credit institution, at individual level, shall be subject to a combined buffer requirement
which is less than the sum between the capital conservation buffer, countercyclical capital
buffer and the maximum between O-SII buffer and capital buffer for systemic risk, applicable
at individual level.
Art. 280
If Art. 278 shall apply and a credit institution is part of a group or subgroup to which the GSII institution or an O-SII institution belongs to, this shall not signify that such credit
institution, at individual level, shall be subject to a combined buffer requirement which is
less than the sum between the capital conservation buffer, countercyclical capital buffer and
the sum between the O-SII buffer and capital buffer for systemic risk applicable at individual

level.
CHAPTER V: Systemic Risk Buffer
SECTION 1: Establishing the Systemic Risk Buffer
Art. 281
(1) In order to prevent and mitigate non-cyclical systemic risk manifested in long-term or the
macro-prudential risk which is not subject to provisions of Regulation (EU) no. 575/2013, in
the sense of a deterioration of the financial system, which could have negative
consequences at the level of the financial system and at the level of real economy, upon the
recommendation of the coordination structure, the National Bank of Romania may enforce,
at the level of the entire financial sector or only for one or more of its sub-assemblies, a
capital buffer for systemic risk.
(2) Credit institutions shall apply the capital buffer for systemic risk to exposures located in
Romania, exposures located in third countries, as well as exposures located in other member
states, subject to Art. 285 and Art. 283 of this regulation.
(3) For purposes of para. (1), the National Bank of Romania may enforce the capital buffer
for systemic risk in 0.5% increments for gradual or accelerated adjustment. At the same time,
the National Bank of Romania may enforce different capital buffer rates for systemic risk for
different sub-assemblies of the financial sector.
(4) In enforcing the capital buffer for systemic risk, the National Bank of Romania takes into
consideration the following principles:
a) the capital buffer for systemic risk does not determine adverse effects on parts of or on
the entire financial system at the level of other member states or at the level of the
European Union, leading to the formation or creation of an obstacle in the functioning of
the internal market;
b) The National Bank of Romania reviews the capital buffer requirement for systemic risk
at least once every 2 years.
Art. 282
(1) Prior to determining or restoring the requirement for maintaining the capital buffer for
systemic risk of up to 3%, the National Bank of Romania shall submit a notification to the
European Commission, the European Banking Authority, the European Systemic Risk Board
and the competent authorities of the member states concerned, one month prior to the
publication of the decision referred to in Art. 287. If the capital buffer requirement for
systemic risk shall apply to exposures located in third states, the National Bank of Romania
shall forward, as well, a notification to the competent authorities of such third states.
(2) The notification laid down in para. (1) shall include the detailed description of the
following items:
a) the systemic or macro-prudential risk manifested at national level;
b) the reasons why the dimension of systemic and macro-prudential risk represent a
threat to the financial stability at national level;
c) the reasons why the capital buffer for systemic risk proposed are deemed efficient and
adequate for mitigating risk intensity;
d) an assessment, based on the available information, of the potential positive or negative
impact, manifested by the capital buffer for systemic risk;
e) the justification for which none of the measures laid down in Regulation (EU) no.
575/2013, except for Art. 458 and 459 of the regulation referred to, in Government

Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved
by Law no. 227/2007, as further amended and supplemented, as well as this regulation,
are not sufficient, individually or combined, in order to treat the identified macroprudential or systemic risk, taking into consideration the relative efficiency of these
measures;
f) the capital buffer rate for systemic risk established by the National Bank of Romania,
upon recommendation of the coordination structure, that the National Bank of Romania
intends to enforce.
Art. 283
(1) Following the notification referred to in Art.282 para.(1), the National Bank of Romania,
upon recommendation of the coordination structure, may enforce the capital buffer
requirement for systemic risk at the level of all exposures. If the National Bank of Romania
decides to enforce, upon recommendation of the coordination structure, a buffer level of
up to 3% for exposures located in other member states, than all exposures located at the
level of European Union shall be subject to the same rate of such buffer.
Art. 284
(1) Prior to determining or restoring a requirement for maintaining a capital buffer for
systemic risk higher than 3%, the National Bank of Romania shall submit a notification to the
European Commission, the European Banking Authority, the European Systemic Risk Board
and the competent authorities of such member state. If the capital buffer requirement for
systemic risk shall apply to exposures located in third states, the National Bank of Romania
shall forward, as well, a notification to the competent authorities of such third states.
(2) The notification laid down in para.(1) shall include a detailed description of the following
elements:
a) the systemic or macro-prudential risk manifested at national level;
b) the reasons why the dimension of systemic and macro-prudential risks represent a
threat to the financial stability at national level, justifying the level of capital buffer
requirement for systemic risk;
c) the reasons why the capital buffer for systemic risk is deemed efficient and adequate
for mitigating risk intensity;
d) an assessment, based on the available information, of the potential positive or negative
impact, manifested by the capital buffer for systemic risk market;
e) the justification for which none of the measures laid down in Regulation (EU)
no.575/2013, except for Art.458 and 459 of the regulation referred to, in Government
Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy, approved
by Law no. 227/2007, as amended and supplemented, as well as this regulation, are not
sufficient, individually or combined, in order to treat the identified macro-prudential or
systemic risk, taking into consideration the relative efficiency of these measures;
f) the capital buffer rate for systemic risk, established by the National Bank of Romania,
upon recommendation of the coordination structure, and that the National Bank of
Romania intends to enforce, upon the recommendation of the National Committee for
Macroprudential Supervision.
Art. 285
The National Bank of Romania shall adopt the measure proposed based on the delegated act
for authorization, adopted by the European Commission, under Art.133 para.15 in Directive

no. 2013/36/UE.
Art. 286
(1) For exposures located in Romania, as well as for those located in third states, dependant
on the level recommended by the coordination structure, the National Bank of Romania may
determine or restore:
a) a capital buffer rate for systemic risk of up to 5%, subject to provisions of Art.282.
*)

Provisions of art. 286, para. (1) letter a) and b) apply starting with January 1, 2015.

b) a buffer rate higher than 5%, subject to provisions of Art.284.

*)

Provisions of art. 286, para. (1) letter a) and b) apply starting with January 1, 2015.

c) a buffer rate between 3% and 5%, subject to a notification to the European Commission
with regards to this measure and and to the awaiting of its opinion prior to adopting the
measure. If the European Commission issues a negative opinion, the National Bank of
Romania shall comply with such opinion or shall explain the reasons for not complying
with it.
(2) If a sub-assembly of the financial sector in Romania is a branch whose parent company is
established in another member state, the National Bank of Romania shall submit a
notification to the competent authority in such member state, as well as to the European
Commission and the European Systemic Risk Board. Within one month, the European
Commission and the European Systemic Risk Board shall issue a recommendation with
regards to the measures adopted pursuant to the para. (1) letter c) and to this paragraph. If
the National Bank of Romania and the competent authority in such member state do not
agree, and the opinion is negative both from the European Commission, as well as from the
European Systemic Risk Board, the National Bank of Romania may bring the matter before
the European Banking Authority for a mandatory mediation pursuant to Art.19 of Regulation
(EC) no. 1.093/2010 on the establishment of the European Banking Authority. The decision
of the National Bank of Romania to enforce the capital buffer for systemic risk, at the level
recommended by the coordination structure, shall not produce effects for such exposures
until a decision is adopted by the European Banking Authority.
Art. 287
(1) Dependant on the level recommended by the coordination structure, the National Bank
of Romania shall announce the establishment of the capital buffer requirement for systemic
risk by publishing it on its website. The announcement shall include the following
information at a minimum:
a) the applicable level of such buffer;
b) the credit institutions that are subject to the requirement regarding buffer
establishment;
c) a justification of such buffer requirement;
d) the date as of which credit institutions shall apply the level determined or restored of
such buffer; and
e) the name of countries where exposures are located for which establishment of such
buffer is recognized.
(2) Notwithstanding para. (1), the National Bank of Romania shall not include in the
announcement the information requested in para. (1) letter c) if such justification might
affect financial stability.

Art. 288
(1) If the National Bank of Romania shall proceed pursuant to Art. 281 para. (1), credit
institutions shall maintain, at individual, consolidated and sub-consolidated level, besides
the own funds referred to in Art. 92 para. (3) of Regulation (EU) no. 575/2013, a capital
buffer for systemic risk, established of Common Equity Tier 1 capital of at least 1%, based on
exposures that are subject to such buffer, pursuant to Art. 281 para. (2) of this regulation.
(2) Credit institutions shall not utilize Common Equity Tier 1 capital maintained for
complying with the requirement laid down in para. (1), in order to meet any of the
requirements referred to in Art. 92 of Regulation (EU) no. 575/2013, in Art. 256 and Art. 257
of this regulation, as well as none of the requirements enforced under Art. 226 para. (1) (5)
of Government Emergency Ordinance no. 99/2006 on credit institutions and capital
adequacy, approved by Law no. 227/2007, as further amended and supplemented.
Art. 289
If credit institutions do not meet the capital buffer requirement for systemic risk, they shall
be subject to restrictions referred to in Art. 291 of this regulation. If such restrictions do not
lead to an acceptable improvement of Common Equity Tier 1 capital utilized for purposes of
establishing the systemic risk buffer, the National Bank of Romania may initiate additional
measures, pursuant to Art. 225 para. (1) and (2) of Government Emergency Ordinance no.
99/2006 on credit institutions and capital adequacy, approved by Law no. 227/2007, as
further amended and supplemented.
SECTION 2: Recognition of the Systemic Risk Buffer Rate
Art. 290
(1) The National Bank of Romania, upon recommendation of the coordination structure, may
recognize buffer levels for systemic risk established similarly to the ones referred to in Art.
281 289, by designated authorities/competent authorities in other member states, and
may enforce them on credit institutions, Romanian legal entities, for exposures they
incurred in such member states.
(2) If the National Bank of Romania shall proceed pursuant to para. (1), it shall forward a
notification to the European Commission, the European Banking Authority, the European
Systemic Risk Board and the competent authorities/designated authorities in such member
states.
(3) In the decision to recognize the capital buffer for systemic risk, the information
presented by the competent/designated authorities in such member states similarly to the
ones referred to in Art. 282, Art. 284 or Art. 286 para. (1) letter a) and b) and Art. 682 para.
(3) will be taken into account.
(4) The National Bank of Romania, upon recommendation of the coordination structure, may
request the European Systemic Risk Board to issue a recommendation, pursuant to Art. 16 of
Regulation (EU) no. 1.092/2010, for one or more member states that can recognize the
capital buffer for systemic risk established pursuant to Art. 281 289, for its application by
credit institutions authorized in such member states for exposures located in Romania.
CHAPTER VI: Capital Conservation Measures
*)

Provisions of art. 291-296 apply starting with January 1, 2015.

SECTION 1: Restrictions on Distributions

Art. 291
(1) Credit institutions that meet the combined buffer requirement shall not make the
payment of distributions related to Common Equity Tier 1 capital, if such distributions would
lead to reducing of Common Equity Tier 1 capital to a level which would compromise
meeting the requirement for maintaining the combined buffer.
(2) For purposes of para. (1) and art. 292 para. (1) and (2), in the category of distribution
payments related to Common Equity Tier 1 capital, the following are included:
a) payment of dividends in cash;
b) distribution of bonus shares, partially or fully paid for, or of other capital instruments
referred to in Art. 26 para. (1) letter a) in Regulation (EU) no. . 575/2013;
c) repurchase or purchase by the credit institution of its own shares or of other capital
instruments referred to in Art.26 para. (1) letter a) of Regulation (EU) no. . 575/2013;
d) repayment of amounts paid in respect of capital instruments referred to in Art. 26 para.
(1) letter a) of Regulation (EU) no. . 575/2013;
e) distribution of items referred to in Art. 26 para. (1) letter b) - e) of Regulation (EU) no. .
575/2013.
SECTION 2: Calculation of the Maximum Distributable Amount
Art. 292
(1) Credit institutions that do not meet the combined buffer requirement shall calculate the
maximum distributable amount pursuant to Art. 293 para. (1) and (2).
(2) Prior to calculating the maximum distributable amount, credit institutions in
circumstances referred to in para. (1) have interdiction of initiating any of the following
measures:
a) payment of a distribution related to Common Equity Tier 1 capital;
b) creating an obligation to make payment of a variable remuneration or discretionary
benefits such as pensions or to make payment of a variable remuneration, if the credit
institution undertook to make the payment at a time when it did not meet the combined
buffer requirement;
c) making payments related to Additional Tier 1 capital.
(3) A credit institution which fails to comply with the combined buffer requirement shall
have interdiction to make distribution payments, through any of the measures referred to in
para. (2), higher than the maximum distributable amount.
Art. 293
(1) For purposes of Art.292, credit institutions shall calculate the maximum distributable
amount as the result of multiplying the result obtained pursuant to para. (3) and the factor
calculated pursuant to para.(4).
(2) Credit institutions shall reduce the maximum distributable amount by any of the
measures referred to in Art.292 para. (2)
(3) For purposes of para. (1), the result shall be obtained by following the steps hereunder:
a) the sum of the following items:
(i) interim profits not included in Common Equity Tier 1 capital, pursuant to Art. 26
para. (2) of Regulation (EU) no. 575/2013, generated subsequent to the latest decision

on profit distribution or subsequent to initiating any of the measures referred to in Art.

292 para. (2)
(ii) profits recorded at the end of the fiscal year, not included in Common Equity Tier
1 capital pursuant to Art.26 para.(2) of Regulation (EU) no. 575/2013, generated
subsequent to the latest decision on profit distribution or subsequent to initiating any
of the measures referred to in Art.292 para.(2) letter a), b) or c);
b) subtracting from the amount obtained at letter a), of the amounts that should be paid
as tax, if such items would be retained.
(4) The factor referred to in para. (1) shall be determined as follows:
a) if Common Equity Tier 1 capital maintained by the credit institution and not utilized in
order to meet the requirement for own funds laid down in Art. 92 para. (1) letter c) of
Regulation (EU) no. 575/2013, expressed as a percentage of the total risk exposure
amount for purposes of Art. 92 para. (3) of the regulation referred to, is in the first
quartile, the lowest one, respectively, of the combined buffer, the factor is 0;
b) if Common Equity Tier 1 capital maintained by the credit institution and not utilized in
order to meet the requirement for own funds laid down in Art. 92 para. (1) letter c) of
Regulation (EU) no. 575/2013, expressed as a percentage of the total risk exposure
amount for purposes of Art. 92 para. (3) of the regulation referred to, is in the second
quartile of the combined buffer, the factor is 0.2;
c) if Common Equity Tier 1 capital maintained by credit institution and not utilized in
order to meet the requirement for own funds laid down in Art.92 para.(1) letter c) of
Regulation (EU) no.575/2013, expressed as a percentage of the total risk exposure
amount for purposes of Art.92 para.(3) of the regulation referred to, is in the third
quartile of the combined buffer, the factor is 0.4;
d) if Common Equity Tier 1 capital maintained by credit institution and not utilized in
order to meet the requirement for own funds laid down in Art. 92 para. (1) letter c) of
Regulation (EU) no. 575/2013, expressed as a percentage of the total risk exposure
amount for purposes of Art. 92 para. (3) of the regulation referred to, is in the fourth
quartile, the highest one, respectively, of the combined buffer, the factor is 0.6;
(5) For purposes of para.(4), the upper and lower limits of each quartile of the combined
buffer shall be calculated as follows:
Lower limit of quartile = (Combined buffer requirements/4) x (Qn-1)
Lower limit of quartile
Upper limit of quartile = (Combined buffer requirements/4) x Qn
Upper limit of quartile
Where:
Q n represents the sequence number of that quartile.
Art. 294
Only payments that lead to a reduction of the Common Equity Tier 1 capital or to a
reduction of profits shall be subject to restrictions referred to in Art. 291 295, to the extent
that the suspension of payment or non-payment does not represent an event of default or a
condition for starting procedures under the legal framework of insolvency applicable to the
credit institution.
Art. 295
(1) Credit institutions shall submit a notification to the National Bank of Romania if they do

not meet the combined buffer requirement and intend to distribute any of the distributable
profits or to initiate one of the measures referred to in Art. 292 para. (2) letter a), b) or c).
(2) For purposes of para. (1), in the notification process, the credit institutions shall include
the following information:
a) the value of their own funds:
b) the value of the interim profits and profits recorded at the end of the fiscal year;
c) the maximum distributable amount, calculated pursuant to Art.293 para. (1) and (2);
d) the value of distributable profits.
(3) For purposes of para.(2) letter a), the value of own funds held, shall be broken down as
follows:
a) Common Equity Tier 1 capital;
b) Additional Tier 1 capital;
c) Tier 2 capital.
(4) For purposes of para.(2) letter d), destinations to which distributable profits shall be
allocated to are:
a) payments for dividends,
b) repurchases of shares,
c) payments for instruments included in Additional Tier 1 capital;
d) payment of a variable remuneration or discretionary benefits such as pensions, including
newly undertaken payment obligations by the credit institution or payments made by it
under a payment obligation assumed at a time when the credit institution did not meet the
combined buffer requirement.
(5) Credit institutions shall ensure, through an appropriate formalization process, accurate
calculations of the value of distributable profits and of the maximum distributable amount.
(6) Upon the request of the National Bank of Romania, credit institutions must be able to
demonstrate the accuracy of calculations laid down in para.(5).
SECTION 3: Capital Conservation Plan
Art. 296
(1) The credit institution which fails to comply with the combined buffer requirement shall
prepare and submit for approval to the National Bank of Romania a capital conservation plan,
within 5 working days from the date on which it observes that it fails to comply with such
requirement, unless the National Bank of Romania authorized a longer period of up to 10
days.
(2) The National Bank of Romania grants the authorizations referred to in para. (1) only
based on the individual status of a credit institution and taking into account the scale and
complexity of the activity of such credit institution.
(3) In the conservation plan provided in para.(1), the credit institution shall include the
following elements:
a) estimates of revenues and expenditures, as well as a forecasted balance sheet;
b) measures for increasing capital adequacy rates;

c) a plan and a schedule for increasing own funds in order to fully meet the combined
buffer requirement;
d) any other information requested by the National Bank of Romania to perform the
assessment referred to in para.(4).
(4) The National Bank of Romania shall evaluate the capital conservation plan prepared by
the credit institution and shall approve it only to the extent it shall consider that
implementation of such plan may lead to maintaining or increasing the capital with a
sufficient level, that would allow the credit institution to meet the combined buffer
requirement in a period that the National Bank of Romania shall consider appropriate.
(5) If the National Bank of Romania shall not approve the capital conservation plan pursuant
to para.(4), it may apply either one or both of the measures hereunder:
a) shall enforce on the credit institution increase of own funds up to a certain level, with
the observance of a precise schedule;
b) shall exercise its competencies referred to in Art. 226 para. (1) and (2) of Government
Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy approved
by Law no. 227/2007, as further amended and supplemented, in order to enforce
restrictions stricter than the ones referred to in Art.291 295 of this regulation, regarding
profit distributions.
TITLE V: Supervision on a consolidated basis
CHAPTER I: General provisions
Art. 297
The following credit institutions, Romanian legal persons, are the object of the supervision
on a consolidated basis by the National Bank of Romania:
a) a parent credit institution in Romania or a parent credit institution on European Union
level, authorized by the National Bank of Romania;
b) a credit institution authorized by the National Bank of Romania, which has as parent
company a financial holding parent company in Romania or a mixed financial holding
parent company in Romania or a financial holding parent company in another member
state or a mixed financial holding parent company in another member state or a financial
holding parent company on European Union level or a mixed financial holding parent
company on European Union level, without any other institutions as branches of the
parent company in another member states in these four latter cases
c) a credit institution authorized by the National Bank of Romania, which has as parent
company, established in Romania, a financial holding parent company in Romania or a
mixed financial holding parent company in Romania or a financial holding parent company
on European Union level or a mixed financial holding parent company on European Union
level, and which is parent company to at least one institution authorized in another
member state;
d) a credit institution authorized by the National Bank of Romania which, along with the
credit institutions authorized in two or more member states, have as parent companies
the same financial holding companies or mixed financial holding companies with
registered offices in different member states, with one branch credit institution in each of
these states, and out of these branches, the credit institution, Romanian legal person, has
the highest total of balance-sheet assets;

e) a credit institution authorized by the National Bank of Romania, which has as parent
company a financial holding company or a mixed financial holding company which is the
parent company of at least one other institution authorized in any other member state,
not one of these institutions being authorized in the member state where the financial
holding company was established or the mixed financial holding company, and among
these branches, the credit institution authorized in Romania has the highest total of
balance-sheet assets; such credit institution is considered, for the purposes of supervision
on a consolidated basis, as a credit institution controlled by a financial holding parent
company on European Union level or a mixed financial holding parent company on
European Union level.
Art. 298
The object of supervision on a sub-consolidated basis by the National Bank of Romania, is
represented by credit institutions, Romanian branches, if any of such or any of their parent
companies, if they are financial holding companies or mixed financial holding companies,
shall have a branch, a financial institution or an asset management company in a third party
state, or they should own shares is such entities and the supervision on a consolidated basis
is exercised by the National Bank of Romania, according to the provisions of art.176 para.(1)
letter c), d) or e) in the Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements.
CHAPTER 1: Application levels for threshold requirements under the exercise of
supervision on a consolidated basis
SECTION 1: Threshold requirements applicable on a consolidated basis for parent credit
institutions in Romania, respectively credit institutions, Romanian legal persons, under the
control of a financial holding parent company in Romania or in another member state or a
mixed financial holding parent company in Romania or in another member state which are
subjected to supervision on a consolidated basis by the National Bank of Romania
Art. 299
Without prejudice to the obligation to comply with threshold requirements on individual
basis, according to provisions of art. 307 in the hereby regulation, the parent credit
institutions in Romania must fulfil, to the extent and as indicated in part I, title II, chapter II,
sections 2 and 3 in the Regulation (EU) no. 575/2013, on a consolidated basis, in addition to
the requirements provided by art.11 (1) of the same regulation, the obligations regarding
the internal process of capital adequacy to risks, provided by art.148 and 149 in the
Government Emergency Ordinance no. 99/2006 regarding credit institutions and capital
adequacy, approved by Law no. 227/2007, with subsequent amendments and supplements.
Art. 300
(1) Without prejudice to the obligation to comply with threshold requirements on individual
basis, according to provisions of art. 307 in the hereby regulation, the credit institutions,
Romanian legal persons, controlled by a financial holding parent company in Romania or a
mixed financial holding parent company in Romania, must fulfil, to the extent and as
indicated in part I, title II, chapter II, sections 2 and 3 in Regulation (EU) no. 575/2013, based
on the consolidated situation of the concerned financial holding companies or mixed
financial holding companies, in addition to the requirements provided by art.11 (2) of the
same regulation, the obligations regarding the internal process of capital adequacy to risks,
provided by art.148 and 149 in the Government Emergency Ordinance no. 99/2006
regarding credit institutions and capital adequacy, approved by Law no. 227/2007, with

subsequent amendments and supplements.

(2) If several credit institutions, Romanian legal persons and from other member states, are
controlled by a financial holding parent company in a member state or a mixed financial
holding parent company in a member state, the provisions of para.(1) shall only apply to the
credit institution supervised on a consolidated basis by the National Bank of Romania,
according to provisions of art. 297 in the hereby regulation.
Art. 301
(1) The parent credit institutions in Romania and the credit institutions, Romanian legal
persons, which are branches of the financial holding parent companies in Romania or in
another member state or of mixed financial holding parent companies in Romania or on the
level of another member state which are subjected to supervision on a consolidated basis
exercised by the National Bank of Romania, must fulfil, on a consolidated basis, in addition
to the requirements provided by art. 14, from the Regulation (EU) no. 575/2013, thee
obligations regarding the framework for administration, identification processes,
administration, monitoring and reporting of risks, internal control mechanisms, as well as
the remuneration policies and practices provided by the Government Emergency Ordinance
no. 99/2006 regarding credit institutions and capital adequacy, approved by Law no.
227/2007, with subsequent amendments and supplements, as well as by the regulation
herein, to ensure that the systems, processes and their mechanisms are coherent and
integrated on group level and that any data and information relevant to the object of
supervision can be supplied.
(2) The credit institutions provided by para. (1) must implement the systems, processes and
mechanisms provided in the concerned para. and within the branches that do not comply
with requirements of the Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, of Regulation (EU) no. 575/2013 and of the hereby
regulation. In this case also, the systems, processes and mechanisms must be coherent and
integrated on group level and the concerned branches must be able to supply any data and
information relevant to the object of supervision.
(3) The requirements provided by para. (2), regarding the branches that are not concerned
by the requirements of Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, of Regulation (EU) no. 575/2013 and of the hereby
regulation, shall not apply if the parent credit institution on European Union level or the
credit institution controlled by a financial holding parent company on European Union level
or by mixed financial holding parent company on European Union level shall demonstrate to
the National Bank of Romania that the application of such requirements is contrary to legal
provisions in the third party member state where the branch office is located .
Art. 302
If the parent credit institutions in Romania, respectively the credit institutions, Romanian
legal persons, which are branches of the financial holding parent companies in Romania or in
another member state which are subjected to supervision on a consolidated basis exercised
by the National Bank of Romania, are branches of the kind provided by art.13 in the
Regulation (EU) no. 575/2013, then they must make public, on consolidated level in Romania,
the information provided by art.13 of the previously mentioned Regulation.
SECTION 2: Threshold requirements applicable on a consolidated basis to credit
institutions, Romanian legal persons, parent companies on European Union level,

respectively controlled by a financial holding parent company on European Union level or

a mixed financial holding parent company on European Union level and subjected to
supervision on a consolidated basis exercised by the National Bank of Romania
Art. 303
Without prejudice to the obligation to comply with threshold requirements on individual
basis, according to provisions of art. 307 in the hereby regulation, the parent credit
institutions on European Union level, Romanian legal persons, must fulfil, to the extent and
as indicated in part I, title II, chapter II, sections 2 and 3 of the Regulation (EU) no. 575/2013,
on a consolidated basis, in addition to the requirements provided by art.11 (1) and (3) and
by art.13 of the same regulation, the obligations regarding the internal process of capital
adequacy to risks provided by art. 148 and 149 in the Government Emergency Ordinance no.
99/2006 regarding credit institutions and capital adequacy, approved by Law no. 227/2007,
with subsequent amendments and supplements.
(2) Without prejudice to the obligation to comply with threshold requirements on individual
basis, according to provisions of art. 307 in the hereby regulation, the credit institutions,
Romanian legal persons, controlled by a financial holding parent company on European
Union level or a mixed financial holding parent company on European Union level, must fulfil,
to the extent and as indicated in part I, title II, chapter II, sections 2 and 3 in the Regulation
(EU) no. 575/2013, based on the consolidated situation of the concerned financial holding
companies or mixed financial holding companies, in addition to the requirements provided
by art. 11 para. (2) and (3) and art. 13 of the same regulation, the obligations regarding the
internal process of capital adequacy to risks, provided by art. 148 and 149, in the
Government Emergency Ordinance no. 99/2006 regarding credit institutions and capital
adequacy, approved by Law no. 227/2007, with subsequent amendments and supplements.
Art. 304
(1) The parent credit institutions in Romania and the credit institutions, Romanian legal
persons, which are branches of financial holding parent companies in Romania or on the
level of another member state or of mixed financial holding parent companies in Romania or
on the level of another member state and which are subjected to supervision on a
consolidated basis exercised by National Bank of Romania, must fulfil, on a consolidated
basis, in addition to the requirements provided by art.14 in the Regulation (EU) no.
575/2013, the obligations regarding the framework, identification, administration,
monitoring and reporting processes, internal control mechanisms, as well as the policies and
remuneration practices provided in the Government Emergency Ordinance no. 99/2006,
regarding the credit institutions and capital adequacy, approved by Law no. 227/2007, with
subsequent amendments and supplements, in order to ensure that their systems, processes
and mechanisms are coherent and integrated at a group level and that any relevant
information and data can be provided for supervision objectives.
(2) Credit institutions set forth in para. (1) must implement the systems, processes and
mechanisms provided in previous paragraph and within branches that do not fall under the
incidence of Government Emergency Ordinance no. 99/2006 on credit institutions and
capital adequacy, approved with amendments and additions by Law no. 227/2007, with
further amendments and additions and of Regulation (EU) no. 575/2013and hereof. In this
case too, the systems, processes and mechanisms must be consistent and integrated at
group level, and respective branches must be capable to provide any data and information
relevant for supervisory objectives.

(3) Requirements set forth in para. (2) concerning branches that do not fall under the
incidence of Government Emergency Ordinance no. 99/2006 on credit institutions and
capital adequacy, approved with amendments and additions by Law no. 227/2007, with
further amendments and additions and of Regulation (EU) no. 575/2013 and hereof, shall
not apply to the parent credit institution at European Union level, or the credit institution
controlled by a parent holding company at European Union level or by a parent mixed
financial holding company at European Union level proves to the satisfaction of the National
Bank of Romania that application of these requirements is contradictory to legal provisions
of a third party state where such branch is incorporated.
SECTION 3: Threshold requirements applicable to groups in Romania which are not subgroups of European groups
Art. 305
In addition to the provisions of Ssection 1 of the hereby chapter, the parent credit
institutions in Romania, which are not branches of credit institutions or of any financial
holding companies, parent companies on European Union level, whose owning of shares in
institutions, financial institutions, asset management companies and auxiliary services
providers, are exclusively Romanian legal persons, must fulfil, to the extent and as indicated
in part I, title II, chapter II, sections 2 and 3 of the Regulation (EU) no. 575/2013,, on a
consolidated basis, publication requirements provided by the eighth part of the concerned
regulation. The same requirements apply to credit institutions, Romanian legal persons,
supervised on a consolidated basis by the National Bank of Romania and controlled by a
financial holding company in Romania or in another member state, which is not a branch of
a credit institution or of a financial holding parent company on European Union level, and
whose branches or owning of shares in institutions, financial institutions, asset management
companies and auxiliary services providers are exclusively Romanian legal persons.
SECTION 4: Threshold requirements applicable for supervision on a sub-consolidated basis
exercised by the National Bank of Romania
Art. 306
(1) The credit institutions, Romanian branches, which are subjected to supervision on a subconsolidated basis by the National Bank of Romania, according to provisions of art.298 in the
hereby regulation, must comply, on sub-consolidated level, in addition to the requirements
provided by art.22 in Regulation (EU) no. 575/2013,, with the obligations regarding the
internal process of capital adequacy to risks, provided in art.148 and 149, in Government
Emergency Ordinance no. 99/2006 regarding credit institutions and capital adequacy,
approved by Law no. 227/2007, with subsequent amendments and supplements.
(2)
The credit institutions, Romanian branches, subjected to supervision on a subconsolidated basis by the National Bank of Romania according to provisions of art.298 in the
hereby regulation, must fulfil, on a sub-consolidated basis, in addition to the requirements
provided by art.14 in Regulation (EU) no. 575/2013,, the obligations regarding the
framework for administration, identification processes, administration, monitoring and
reporting of risks, internal control mechanisms, as well as the remuneration policies and
practices provided by Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, as well as by the regulation herein, to ensure that the
systems, processes and their mechanisms are coherent and integrated on group level and
that any data and information relevant to the object of supervision can be supplied.
(3)

The credit institutions provided in para. (2) must implement the systems, processes

and mechanisms provided in the concerned para. and within the branches that do not
comply with requirements of the Government Emergency Ordinance no. 99/2006 regarding
credit institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, of Regulation (EU) no. 575/2013 and of the hereby
regulation. In this case also, the systems, processes and mechanisms must be coherent and
integrated on group level and the concerned branches must be able to supply any data and
information relevant to the object of supervision.
(4)
Requirements provided in para.(3), regarding the branches that are not concerned
by the requirements of Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, of Regulation (EU) no. 575/2013 and of the hereby
regulation, shall not apply if the parent credit institution on European Union level or the
credit institution controlled by a financial holding parent company on European Union level
or by mixed financial holding parent company on European Union level shall demontrate to
the National Bank of Romania that the application of such requirements is contrary to the
legal provisions in the third party member state where the branch office is located .
SECTION 5: Threshold requirements applicable on individual basis in the context of
exercising the supervision on a consolidated basis
Art. 307
Each credit institution, Romanian legal person, parent company in Romania or on European
Union level, respectively each credit institution, Romanian legal person, controlled by a
financial holding parent company in Romania or on European Union level or by a mixed
financial holding parent company in Romania or on European Union level, in cases when the
supervision on a consolidated basis is exercised by the National Bank of Romania, must fulfil,
on individual basis, in addition to the requirements provided by art. 6 in Regulation (EU) no.
575/2013, with the exceptions provided by the concerned Art. , the obligations regarding
the framework for administration, identification, administration, monitoring and reporting
of risks processes, internal control mechanisms, as well as the remuneration policies and
practices provided by Government Emergency Ordinance no. 99/2006 regarding credit
institutions and capital adequacy, approved by Law no. 227/2007, with subsequent
amendments and supplements, as well as by the regulation herein.
Art. 308
(1)
Each credit institution, Romanian legal person, other than that provided in art. 307,
must fulfil, on individual basis, in addition to the requirements provided by art.6 in
Regulation (EU) no. 575/2013, with the exceptions provided by the concerned Art. , the
obligations regarding the framework for administration, identification processes,
administration, monitoring and reporting of risks, internal control mechanisms, as well as
the remuneration policies and practices provided by Government Emergency Ordinance no.
99/2006 regarding credit institutions and capital adequacy, approved by Law no. 227/2007,
with subsequent amendments and supplements, as well as by the regulation herein
(2)
Each credit institution, which is neither Romanian branch, nor parent company, as
well as any credit institution which was not included in the scope of threshold consolidation
according to art.19 in Regulation (EU) no. 575/2013,, must fulfil, on individual basis, the
obligations specified by art.148 and art.149 in Government Emergency Ordinance no.
99/2006 regarding credit institutions and capital adequacy, approved by Law no. 227/2007,
with subsequent amendments and supplements, regarding the internal assessment process
of capital adequacy to risks.

Art. 309
If credit institutions, Romanian legal persons, branches of the kind provided by art. 13 in
Regulation (EU) no. 575/2013, but they are not subjected to supervision on a consolidated
basis exercised by National Bank of Romania, then they must make public, on individual level,
the information provided by art.13 in the previously mentioned Regulation.
SECTION 6: Threshold requirements applicable on individual level to credit institutions,
Romanian legal persons, which have an investment company as parent company
Art. 310
The credit institutions, Romanian legal persons, branches of an investment parent company
in Romania, on the level of another member state or on European Union level must comply,
on individual level, with threshold requirements provided by art. 308 and by art. 309 in the
hereby regulation, which apply accordingly.

CHAPTER III: Scope of threshold consolidation

Art. 311
In the consolidated situation of the parent company, elaborated for prudential purposes,
underlying the calculation of necessary elements with regard to the compliance with
threshold requirements on a consolidated or sub-consolidated basis, provided in chapter II,
according to consolidation methods provided by art.18 in Regulation (EU) no. 575/2013, the
branches and owning of shares in institutions, financial institutions or companies providing
auxiliary services, Romanian or foreign legal persons are included.
CHAPTER IV: Intra-group transactions with mixed activity holding companies
Art. 312
(1) The credit institutions, Romanian legal persons, branches of a mixed activity holding
company, must dispose of risk management processes and proper internal control
mechanisms, including rigorous accounting and reporting procedures, in order to identify,
measure, monitor and control properly their transactions with the mixed activity holding
company and its branches.
(2)
The credit institutions must report to the National Bank of Romania, quarterly,
within 10 days after the termination of the reported period, any significant transaction with
entities provided by para. (1), other than that which is reported as high exposure according
to art. 394 of Regulation (EU) no. 575/2013. By significant transaction is meant any
transaction exceeding 5% of the credit institutions own funds.
(3)
The procedures provided by para.(1) and the significant transactions shall be
subjected to supervision by the National Bank of Romania.
CHAPTER V: Specific publishing requirements
Art. 313 The National Bank of Romania may require a credit institutions, Romanian legal
person, parent company in Romania or on European Union level to publish each year, either
in full or by reference to equivalent information, a description of the legal, as well as
institution group institution governance and organization structure, including information on
entities that are tightly connected as well as regarding the formal frame of activity
administration.

TITLE VI: Approval for use of internal rating models for credit risk
Art. 314
For the purposes of the title herein, the expression model obtained from an external
supplier, means a model or parts of a model used by a credit institution and elaborated
by an independent third party, using certain input data to assign exposure on certain risk
rating categories or groups or to asses certain risk parameters;
CHAPTER I: Approval request
SECTION 1: General aspects
Art. 315
In view of obtaining the approval of the National Bank of Romania for using the approach
based on internal rating models for the purposes of calculating the risk weight value of
exposure, credit institution must supply an overview of the internal rating models which
credit institution/institutions use or intend to use, of the way these shall be implemented in
the policies and procedures of credit institution/institutions, as well as detailed information
regarding the model construction and calibration, database, the technological environment,
related policies and procedures, including the control environment of credit
institution/institutions.
Art. 316
(1) Within the meaning of art. 315, the credit institution must transmit to the National Bank
of Romania, besides the approval application, documents including at least the following
components:
a) documents regarding the rating systems used or planned including the models used;
b) documents on the control environment of rating systems, implementation procedures
and infrastructure associated to information technology (IT);
c) implementation plan including gradual implementation and details regarding partial
permanent used;
d) documents regarding self assessment, accompanied by an internal audit report
regarding compliance with the requirements of Section 6 in the hereby chapter.
(2) Documents indicated at para. (1) represents the supporting documentation and must
contain, except where otherwise provided, general information on the approach
implementation based on the internal rating models selected.
(3) Documents indicated at para. (1) must provide a summary of current or planned
practices of the credit institution/institutions with enough details to allow the National
Bank of Romania to perform an initial evaluation on its/their request and establish, on the
basis of identified risks, a plan for a more profound evaluation.
SECTION 2: Approval application
Art. 317
The approval application must specify that credit institution/institutions require,
respectively require together the approval to use, for the purposes of calculating the
weighted risk value of exposure, the approach based on the internal rating models selected,
considering the details supplied in the supporting documents.

SECTION 3: Documents concerning rating systems

Art. 318
The documents concerning rating systems must include at least the following:
a) a list of all the internal documents owned by credit institution/institution, at the basis
of its/their validation process and which it/ they regard as relevant for the request,
including a brief description of the content of the concerned documents;
b) a plan of models going to be used by credit institution/institutions for each portfolio
respectively, a situation where all the exposures, legal entities and geographical coverage
by each rating system were explained;
c) a general description of each model this may contain the description of types of data,
definitions, classifications and methodologies used, as well as some qualitative and
quantitative evaluations;
d) documentation containing the information provided by art. 175 para. (1) and art. 179
para. (1) of Regulation (EU) no. 575/2013, covering the following:
(i) conceptual and operational details of the rating systems;
(ii) important modifications to the rating risk process;
(iii) definitions of the underpayment and loss state;
(iv) documents associated to statistical models and other mechanical methods,
complying with requirements of art. 440
(v) use of models obtained from third party suppliers;
(vi) differences, if any, between the parameters used for calculating the regulated
capital needs and parameters used for internal purposes;
e) a short description of the approach on stress tests associated to credit risk fulfilment
of requirements of art. 177 in Regulation (EU) no. 575/2013, in particular, the design of
stress test provided by art. 177 para. (2) of the same regulation and potential impact on
the total capital requirements for the credit risk;
f) if necessary, documents containing information on the aspects specified in art. 429 para.
(1);
g) reporting forms specified in art. 344 para . (2).
Art. 319
The credit institution must transmit to the National Bank of Romania any additional
documentation on the rating systems requested by it, either at the same time with the
Approval application, either at a later date.
SECTION 4: Control environment
Art. 320
(1) The documents on the control environment, implementation procedures and IT
infrastructure should include at least the following:
a) an overview of the activity management framework of the credit
institution/institutions namely the role and responsibilities of the governing body, the
functions of the committees involved in the activity management, the role and
independence of the credit risk administration function and the role of the internal audit

function to the extent to which such information were not reported to the National
Bank of Romania the Supervision Department, according to provisions of title II chapter I
in the hereby regulation;
b) the planned use of different rating systems the actual way in which the credit
institution/institutions intend to use the different models in their current activity -,
namely the documents set out in art. 343;
c) the fulfilment of the experience test set out in art. 145 para. (1) in Regulation (EU) no.
575/2013 and, if appropriate, the experience test set out in art. 145 para. (2) in the said
Regulation;
d) documents regarding the data quality standards, specified in art. 453;
e) the ratings allocation process, including documents containing the information
provided in art. 172 para. (3) in Regulation (EU) no. 575/2013 and the frequency of the
actual correction of - overridden the results of the allocation process depending on
rating classes and risk groups;
f) the responsibilities of parties involved in the modelling;
g) an overview of the rating systems validation process, together with the
documentations provided in art. 185 in Regulation (EU) no. 575/2013;
h) general information on the credit institution/institutions IT structure, to the extent to
which it relates to the approach based on the internal rating models;
i) if appropriate, the internal audit reports.
(2) The credit institution should send to the National Bank of Romania any additional
documentation regarding the rating systems implementation, requested by it subsequent to
submitting the approval application.
SECTION 5: Implementation plan
Art. 321
(1) The credit institution should prepare a proper implementation plan covering the period
until obtaining the approval and the gradual implementation period namely the
implementation subsequent to obtaining the initial approval -, and submit it to the National
Bank of Romania as part of the support documentation.
(2) The implementation plan represents a commitment on behalf of the credit
institution/institutions to implement the approach based on the internal rating models, in
relation to the specified data, with regard to all the rating systems for which it applies for an
approval to use the approach based on the internal rating models.
(3) The implementation plan including the gradual implementation should be broke
down at least on the classes of regulated exposures, on operational units and, if appropriate,
on the parameters of the approach based on the internal rating models to be estimated. The
credit institution should have internal rules including detailed provisions on the timely
planning and the content of the combinations between the items mentioned above, in
particular for the following:
a) developing the rating methodology;
b) preparing the technical concept for the IT implementation of the rating methodology;
c) IT implementation;

d) training of personnel, including the management bodys personnel;

e) transition from the existing rating system existent to the new rating system based on
the current activity, should any transition be performed;
f) formal internal approval of the new rating system and the "rating system"
implementation for the credit institution/institutions.
(4) For the approval applications submitted together by several institutions, the credit
institution should ensure the proper application of the provisions of para.(3) by the other
institutions within the group of which it forms part and together with which it requests the
approval.
(5) The credit institution should provide a list of all portfolios to be permanently exempted
from the application of the approach based on the internal rating models. The exempted
portfolios should be quantified in a comprehensive way such as the number of the
important counterparties, the exposures aggregated value and the exposures risk-weighted
value, calculated according to the provisions of part 3, title II, chapter 2 in Regulation (EU) no.
575/2013.
SECTION 6: Self-assessment
Art. 322
(1) The credit institution should conduct a self-assessment on the level of compliance with
the minimum standards and requirements of part 3, title II, chapter 3 in Regulation (EU) no.
575/2013.
(2) The credit institution should establish an action plan to address the gaps and weaknesses
identified and a planning for achieving compliance.
(3) For the approval applications submitted together by several institutions, the credit
institution should ensure the proper application of the provisions of para. (1) and (2) by the
other institutions within the group of which it forms part and together with which it requests
the approval.
Art. 323
(1) The self-assessment should begin with an overall assessment, from a consolidated
perspective, of the way in which different models are combined and fit within the credit
institution/institutions or the group, overall assessment which must relate to the adequacy
of organizational structure in terms of activity management framework, the adequacy of
resources allocated to the rating system, the comparability within the group with regard to
data and methodology, coherence in the IT organization.
(2) The self-assessment should also cover all rating system aspects: methodology, data
quality, quantitative and qualitative validation procedures, the activity management
framework and the technological environment.
(3) The self-assessment can be carried out by the personnel with an independent function of
risk assessment, with the support, if needed, of internal auditors.
(4) The self-assessment documents should include a description of the self-assessment
process conducted, the identified gaps and weaknesses, including the assessment of the
credit institution/institutions relating to their importance, the action plan for addressing the
gaps and weaknesses identified and a planning for achieving compliance.

SECTION 7: Other matters relating to the approval application

Art. 324
(1) The approval application should be signed by an executive member of the governing
body of each legal entity of those seeking the approval, member who is empowered to
legally bind the respective entity.
(2) The signatory or, where appropriate, the signatories shall acknowledge within the
approval application that the supporting documents represent a true and fair summary of
the subjects covered. Summary means the fact that the documents provide only a short
presentation of the main aspects of the matter in question, by truth, the fact that the
information included in the summary are not false or misleading, and by just, the fact that
the information render a reasonable overall summary, without failing to mention significant
matters.
Art. 325
(1) The approval application should be drafted in Romanian.
(2) The supporting documents should be prepared in a language or languages established by
common agreement between the National Bank of Romania, the competent authorities in
the host countries and the credit institution/institutions. For documents written in a foreign
language their certified Romanian translation will also be submitted. For documents written
in an international language, the National Bank of Romania may wave, on a case-by-case
basis, the requirement on the certified translation.
Art. 326
(1) If the credit institution does not provide the National Bank of Romania with the
documents referred to in art. 316 either at the same time with the submission of the
approval application, or subsequent to such submission or if the approval application and/or
the supporting documents, sent to it by the credit institution, fail to comply with the
requirements set out in art. 315 321, art. 323 para.(4), art. 324 and art. 325, the credit
institution/institutions request is deemed incomplete by the National Bank of Romania.
(2) The National Bank of Romania and, where appropriate, the other competent authorities
involved shall carry out a preliminary assessment for the entire company namely approval
application and supporting documentation as soon as such a request is received by it. The
National Bank of Romania shall notify the credit institution about the completeness of the
application.
Art. 327
(1) For approval applications subject to the conditions provided in art. 20 para. (1) in
Regulation (EU) no. 575/2013, and while the National Bank of Romania is the authority
responsible for the supervision on a consolidated basis, the 6 months period set out in art.
20 para. (2) in the hereby Regulation shall begin as at the date the National Bank of Romania
receives an application namely the approval application and the supporting
documentation - complete in the terms of this regulation.
(2) In the case referred to in para. (1), the National Bank of Romania shall acknowledge the
commencement of the 6 months period.
CHAPTER II : Standards for the compliance with the minimum requirements provided in
part 3, title II, chapter 3 in Regulation (EU) no. 575/2013
SECTION 1: Permanent partial use and the gradual implementation

SECTION 11: Gradual implementation

Art. 328
When applying for the approval of the National Bank of Romania to use the approach based
on the internal rating models, the credit institutions should cover through the proposed
approach at least 50% of both the total amount of exposures and the total exposures riskweighted value.
The calculation is carried out according to provisions of part 3, title II, chapter 2 in
Regulation (EU) no. 575/2013, for the exposures covered by the standard approach, namely
according to provisions of chapter 3 of title II in the hereby Regulation, for the exposures
covered by the approach based on the internal rating models. To calculate the level of
coverage, the specialized financing treated according to the approach provided in art. 153
para. (5) in Regulation (EU) no. 575/2013, can be deemed by the credit institution as
exposures for which the proposed approach based on the internal rating models is applied.
Art. 329
If the credit institutions wish to use the gradual implementation of the approach based on
the internal rating models, they have to prepare a reliable and feasible implementation plan
with regard to the initial coverage of exposures coverage at the time when obtaining the
approval of the National Bank of Romania to use the respective approach and the gradual
implementation pace.
Art. 330
(1) The gradual implementation policy of the credit institution should specify at least the
time horizon over which the gradual implementation is carried out, as well as its sequencing.
(2) Establish a time period in which the gradual implementation is to be carried out should
take into account the actual capacity of the credit institution to switch to the use of an
approach based on the internal rating models, as well as the coverage due to such an
approach, as soon as possible, of the credit institution basic activities and the risk
determinants related to the main credit.
(3) The time horizon must be sufficiently low to prevent the implementation of the approach
based on the internal rating models for an unduly extended period of time, and sufficiently
long, to ensure the quality of data, methodology and results.
(4) The gradual implementation should be completed within 5 years as of the obtaining of
the approval to use the proposed approach based on the internal rating models, regardless
of the type of approach based on the internal rating models that the credit institution wishes
to implement.
Art. 331
(1) The sequencing of the exposure classes in the gradual implementation plan related to the
approach based on the internal rating models should be based on the portfolios importance
the most important portfolios, namely portfolios representing the basic activities of the
credit institution should be the first in the gradual implementation plan.
(2) The sequencing of the exposure classes in the gradual implementation plan related to the
approach based on the internal rating models is chosen by the credit institution.
(3) While each portfolio of a credit institution is subject, according to the documentation
accompanying the Approval application, to the gradual implementation process, there is no

need for the respective credit institution to formulate a new approval application, except for
the cases mentioned in art. 335.
Art. 332
Prior to passing to the gradual implementation of the approach based on the internal rating
models for the exposure classes, the credit institutions should carry out a self-assessment on
the compliance with the requirements provided in part 3, title II, chapter 3 in Regulation (EU)
no. 575/2013.
Art. 333
(1) During the gradual implementation period, the credit institutions can be required, on a
case-by-case basis:
a) to inform the National Bank of Romania with regard to the plans and progress
undertaken regarding the risks quantification and administration practices;
b) to inform in due time the National Bank of Romania when, according to the gradual
implementation plan, they are ready to use a rating system in order to calculate the
capital requirements regulated for a class of exposures or additional operational unit;
c) to inform in due time the National Bank of Romania with regard to their intention of
subjecting a class of exposures to the gradual implementation process. The credit
institutions can also be required, before starting to use the rating system for the
respective class, to receive the explicit permission from the National Bank of Romania; or
d) to meet a combination of the requirements expressed in letters a), b) and c).
(2) For the purposes of para.(1), the National Bank of Romania shall specify, in the document
communicating the decision on the Approval application, requirements, among those set
out in the paragraph mentioned, to be met by the credit institution.
Art. 334
Amendments of the approved gradual implementation plan can be allowed only if significant
changes in the business environment occur, such as strategy changes - either due to change
in the shareholding or management body or as a result of a new approach to the business mergers and acquisitions, and those changes are duly justified by the credit institution.
Art. 335
(1) Within the meaning of art. 334, in the event of a change in strategy, unless there are
good reasons for postponement, the time horizon relate to the gradual implementation
period should remain the same, but the sequencing of the gradual implementation can
be changed.
(2) Within the meaning of art. 334, if a credit institution that uses the approach based on
the internal rating models purchases a credit institution that does not use such an
approach, the credit institution using the approach based on the internal rating models
can be requested by the National Bank of Romania, on a case-by-case basis, to formulate
a new approval application, with a new partial use and gradual implementation policy,
or it can be requested to provide to the National Bank of Romania a plan to bring the
entire credit institutions to the compliance status according to the provisions of part 3,
title II, chapter 3 in Regulation (EU) no. 575/2013.
(3) Within the meaning of art. 334, if a credit institution that does not use the approach
based on the internal rating models purchases a credit institution that uses such an
approach, the National Bank of Romania shall request the purchasing credit institution,
if it wishes to use the approach based on the internal rating models, to formulate a new

approval application.
(4) Provisions of para. (2) and (3) shall be applied accordingly if a merger involving the credit
institution took place.
Art. 336
For the credit institutions that intend to gradually implement the approach on the internal
rating models advanced in two steps namely by first achieving the transition from the
standard approach to the basic internal rating models approach, and subsequently the one
from the basic internal rating models approach to the advanced internal rating models
approach -, the rules and criteria related to the gradual implementation plans shall be
applied for each step.
SUBSECTION 12: Permanent partial use
Art. 337
(1) For the purposes of art. 150 para. (1) in Regulation (EU) no. 575/2013, in view of
obtaining the approval to permanently exempt certain exposures from the application of
the approach based on the internal rating models, the credit institutions should justify
such exemptions.
(2) Within the meaning para. (1), the considerations for which a credit institution requests
the exemption should be disclosed in full and they should be credible. For the purposes
of art. 150 para. (1) letters a) and b) in Regulation (EU) no. 575/2013, the justification
should relate to the reasons for which the care credit institution believes that, for the
classes of exposures for which it requests the exemption, the implementation of a rating
system would represent an unduly effort for the credit institution, in relation to the way
in which such exposures fall within its own activity and strategy, as well as they would
fall within its core activity.
(3) When substantiating the exemption request, the credit institutions cannot justify the
unduly effort in implementing a rating system starting exclusively from the absence of
data relating to non-reimbursements, but that effort should also be demonstrated
through several items, such as comparisons with the credit institution activity and
strategy.
Art. 338
(1) The exemption of exposures in the operational units, provided in art. 150 para. (1) letter
c) in Regulation (EU) no. 575/2013, can be granted by the National Bank of Romania,
provided that the provisions in para. (2)-(6) are complied with, within the minor
importance operational unit for which the rating systems of the credit institution or of
the group are insignificant, the preparation of own rating systems is impossible or for
which the implementation of such system might represent an unduly effort.
(2) The aggregate value of permanently exempted exposures, according to art. 150 para.(1)
letter c) in Regulation (EU) no. 575/2013, as of the application of the approach based on
the internal rating models cannot exceed 10% from the total value of exposures on the
balance sheet and off the balance sheet -, and the aggregate value of such exposures,
quantified as exposures risk-weighted value, cannot exceed 10% of the total exposures
risk-weighted value - on the balance sheet and off the balance sheet. The calculations
are carried out according to provisions of part 3, title II, chapter 2 in Regulation (EU) no.
575/2013, for the exposures covered by the standard approach, namely according to
provisions of part 3, title II, chapter 3 in the hereby Regulation, for the exposures
covered by the approach based on the internal rating models.

(3) Within the meaning of para.(2), the significance thresholds specified within the
mentioned para. should be applied exclusively to the credit institution or the group the
applied for approval on the use of the approach based on the internal rating models.
(4) In order to calculate the significance thresholds specified at para. (2) shall not be taken
into consideration for the numerator nor for the denominator of the significance
thresholds the exposures for which the credit institution intends to resort to the
permanent partial use based on the respective exposures compliance with the criteria
provided in art. 150 para. (1) in Regulation (EU) no. 575/2013, other than those related
to importance, stipulated in art. 150 para.(1) letter c) in that Regulation.
(5) The credit institution or the group requiring that applied for the approval to use the
approach based on the internal rating models is liable for monitoring the compliance
with the significance thresholds specified at para. (2) and should have systems and
procedures for monitoring important aspects on a timely basis and in a proper manner.
If the significance thresholds are exceeded, the credit institution/group should inform
the National Bank of Romania and submit for approval a plan for appropriate and fast
enough remedial measures. If the significance thresholds are exceeded wilfully for
example, due to the strategic decision of expansion in a certain sector -, prior to the
actual expansion, the credit institution/group should have a gradual implementation
policy.
(6) The credit institution/ group should verify the compliance with the significance
thresholds specified at para.(2) at least once a year and in any situation where significant
changes occur in the structure of credit institution / group, such as mergers or
acquisitions.
SECTION 2: Test of use
Art. 339
In view of obtaining the approval to use the approach based on the internal rating models,
the credit institution should prove to the National Bank of Romania that the information
used or produced by its rating system for establishing the regulated capital requirements are
also used during its normal activity, particularly in risk management.
Art. 340
The rating systems, ratings and estimations related to non-reimbursements and loses,
designed and created for the sole purpose of receiving approval for using the approach
based on internal rating models, and used solely for producing the data necessary for such
approach are not allowed.
Art. 341
(1) The credit institutions should actually use the internal ratings and the risk parameters
resulted. If not entirely, at least a significant and effective part of the processes and
functions listed in art. 144 para. (1) letter b) in Regulation (EU) no. 575/2013, with
subsequent amendments and supplements, should be based solely on the ratings and risk
parameters estimations used when calculating the capital requirements, so that such ratings
and estimations should have a significant influence on the decision making process and
actions undertaken by the credit institutions.
(2) Within the meaning para.(1), the credit institutions should ensure that the use of data
mentioned is not marginal and it should assess the validity of differences between such data
and the data used for internal purposes, such as the differences between the nonreimbursement probability used for assessment purposes pricing and the one used for
rating purposes.

Art. 342
(1) For the purposes of art. 144 para.(1) letter b) in Regulation (EU) no. 575/2013, by having
a decisive role one should not understand the fact that the data/parameters used when
calculating the capital requirements should be identical with the data used to manage the
credit or that they should have a linear and homothetic, but one should understand the fact
that there is a strong relationship between these two categories of data.
(2) The credit institutions should prove that the ratings and estimations used when
calculating the capital requirements have a decisive role in the processes and functions
listed in art. 144 para. (1) letter b) in Regulation (EU) no. 575/2013 and they should indicate
where different final parameters are used internally, by complying with the provisions of art.
179 para. (1), second sentence in the respective Regulation.
Art. 343
In order to evaluate the impact on their operations, the credit institutions should provide
the National Bank of Romania with documentation which is to identify and describe the way
in which the internal ratings, relevant risk parameters and well as all related systems and
processed are used. This documentation should be updated regularly for example, by the
credit risk administration function- and it should be examined through an internal audit.
Art. 344
(1) In view of obtaining the initial approval of using the approach based on the internal
rating models, and subsequently, for obtaining the approval of using additional approach,
methods or rating systems, the credit institutions must report to National Bank of Romania
the total capital requirements calculated based on all approaches/methods/rating systems
that the respective credit institution intends to use when applying for the approval.
(2) Within the meaning para.(1), the credit institutions should fill in and submit with the
National Bank of Romania the reporting forms provided in art. 5, letter a) pt. 3, 5 and 8 of
the implementing technical Standard issued in the application of the Regulation (EU) no.
575/2013, as well as the forms C09.02 CR GB 2 and C09.03 CR GB 3 from the annex I of
the above mentioned implementing technical standard.
Art. 345
The use for internal purposes of the data based on which the capital requirements are
established, should be sufficiently comprehensive to ensure the decisive role of such data
within processes and functions listed in art. 144 para. (1) letter b) in Regulation (EU) no.
575/2013.
Art. 346
The data categories should be differentiated for example, the input data, such as data
published in financial statements should be differentiated from the estimated data arising
from the calculations performed by the credit institution. All the estimations of risk
parameters should be based on input data, and these data should be essentially the same,
whether they are used for credit management purposes or for establishing the regulated
capital requirement.
Art. 347
The conceptual structure and details of the rating systems and of those for establishing the
capital should not differ fundamentally, regardless of the purpose internal or regulated.
Art. 348
(1) Any differences between ratings and estimates of risk parameters used in calculating the

capital requirements and the final parameters used internally should be based on a welldocumented substantiation. The credit institution should have robust audit trails, compliant
with an internal policy aimed at assessing the significance of differences, as well as whether
these differences lead to a higher degree of caution or relaxation with regard to the capital
adequacy.
(2) If the evaluation margins - pricing margins are established based on the data that are
not used within the approach based on the internal rating models, the credit institution
should examine the both types of margins calculations and determine, in a prudent manner,
the regulated capital requirements.
(3) The activity management standards should the higher the more numerous are
differences in the systems used for regulated purposes and those used for internal purposes.
Art. 349
For the purposes of the test of use, the credit institutions using the models for establishing
the economic capital should provide explanations on the differences between the data and
parameters used within the respective model and those used for calculating the regulated
capital requirements.
Art. 350
In the fields related to the credit risk assessment process such as ratings -, the final
parameters used for internal purposes and the data used to calculate the regulated capital
requirements should be connected, but a certain flexibility is allowed with regard to the
assessment - pricing and internal allocation of capital. The final assessments relating to
non-reimbursements or loses, used internally, should not lead to an unlikely estimation used
for determining the capital requirements.
Art. 351
The input data identified as having a high importance with regard to the credit risk selection,
estimation and/or management for internal purposes, should not be missed when allocating
the ratings and estimating the risk parameters that are used in calculating the capital
requirements. The related source of information and analysis should not be missing from the
criteria used for the regulated purposes on establishing the rating and the estimation of nonreimbursement probability.
Art. 352
The rating models developed should be in compliance with the strategic and technologic
plans of the credit institution. The risk parameters modelling and estimation should be as
accurate as possible, reflecting the different categories of exposures within portfolios and
sub-portfolios. Where the credit institution should develop separate rating systems, the test
of use should be applied properly.
Art. 353
When using uniform scales - master scales - for internal risk management, thus ensuring
equivalent risk categories across portfolios, the credit institutions should pay an increased
importance to the accurate calibration of each individual rating system compared with their
uniform scale reporting - master scale.
Art. 354
(1) Credit institution strategic plans should include comprehensive training programs to
facilitate the staff, including the senior management, the understanding the respective
credit institutions rating models. The complexity of models, internal and external processes

used by the credit institution to take advantage of the respective models, as well as the way
in which the ratings obtained are to be used should be understood properly.
(2) In the context of actual use of models, the credit institutions should have a strategic plan
for coordinating the human and technological resources that should take into consideration
the models impact on the different functional areas of the credit institution.
Art. 355
Prior to the implementation of the approach based on the internal rating models for a
certain category of exposures, the credit institutions should ensure a harmonious
combination between the scope, the experience test provided in art. 145 para. (1) (2) in
Regulation (EU) no. 575/2013, and the internal use of data.
SECTION 3: Methodology and documents
SECTION 31: Allocation depending on the classes of exposures
SUBSECTION 31^1: Retail class of exposure
Part 1: Individuals and small and medium sized entities
Art. 356
(1) In order to comply with the requirements provided in art. 147 para. (5) in Regulation (EU)
no. 575/2013, the credit institutions should have internal criteria in order to
differentiate the individuals from small and medium sized entities.
(2) If an entity is registered separately, this should be deemed as a strong proof within the
meaning of its being treated as a small or medium sized entity.
(3) Within the meaning of para. (1), the internal criteria used by the credit institutions can
depend on the way the credit institution manages it credits portfolio for example, if
the credit institution manages its retail exposures on a transaction basis, the criteria
should be the purpose of the loan, and in this case, only the loans granted to individuals
for non-commercial purposes should be treated as exposures towards individuals; if the
credit institution manages its retail exposures on a debtor basis, it is necessary to adopt
a coherent rule for clients differentiation, such as: classifying the debtor as small or
middle sized entity, if the majority of its revenue comes from carrying out activities on
their own, treating any entity that is not registered as an individual.
Art. 357
If the EUR 1 million thresholds provided in art. 147 para. (5) letter a) in Regulation (EU) no.
575/2013 is exceeded, the exposure should be reclassified in the class of exposures towards
the company, and the risk-weighting formula related to the exposures towards the company
should be used for calculating the capital requirement. If the rating system applied to the
class of retail exposures meets the requirements related to the rating systems of the
companys class of exposures, there is no need for any amendment in the rating system.
Otherwise, the rating system of the class of exposures towards the company should be
applied.
Art. 358
The credit institutions should have the capacity to identify and strengthen the groups of
connected clients, as well as to aggregate the relevant exposures of each of such groups. The
identification and aggregation of the amounts due by a debtor client or by a group of
connected clients should be carried out by taking into consideration all the banking group
entities, except for those explicitly excluded according to provisions of art. 147 para. (5)

letter a) in Regulation (EU) no. 575/2013.

Art. 359
If the total amount due calculated under the conditions provided in art. 147 para. (5) letter a)
in Regulation (EU) no. 575/2013, is reduced for example, by reimbursement and falls
below the EUR 1 million threshold, the credit institution should not automatically qualify it
within the retail exposures class, but it has to verify to compliance with the requirements
provided in art. 147 para. (5) letter b)-d) in the hereby Regulation.
Art. 360
If a parent credit institution has branches that are direct creditors of a group of connected
clients, the banking group should have a process allowing the proper classification of such
connected clients in the class of retail exposures or in the class of exposures towards the
company, based on the aggregated exposure.
Art. 361
(1) For the purposes of art. 147 para. (5) letter c) in Regulation (EU) no. 575/2013, the credit
institutions should prove that the exposures in the class of retail exposures are treated
differently - namely with a lower degree of individuality - compared with exposures
belonging to the class of exposures towards the company.
(2) Within the meaning of para.(1), the crediting process can be divided into the following
components: marketing and sales activities, rating process, rating system, crediting
decision, credit risk mitigation decisions, monitoring, early warning systems and
treatment process for problematic /recovery situations. The requirement mentioned in
para. (1) may be deemed fulfilled as long as a credit institution can prove that any of
these components differ clearly. The differences between the rating systems and the
recovery processes used by the credit institution can provide strong evidence regarding
the compliance with the condition provided in art. 147 para. (5) letter c) in the
Regulation (EU)no. 575/2013.
(3) The union based credits should not be treated as retail exposures.
(4) The credit institutions should not resort to adapting their risk management processes to
lower standards in order to comply with the condition provided in art. 16 para.(1) letter
c) in the Regulation (EU) no. 575/2013. The credit institution should not change the
treatment applied to an exposure for which is undergoing a process of preparing the use
of the approach based on the internal rating models.
Art. 362
(1) If the rating system for retail exposures is the same as the one used for exposures
towards the company, the credit institution should enable the distinct validation of the
rating system for exposures treated as retail exposures. The parameters estimations and the
establishing of the capital requirement for retail exposures may also be obtained on the
basis of group exposures and not only based on the parameters for individual debtors in the
class of exposures towards the company.
(2) Assigning an individual rating to a retail client should not exclude by itself the
classification of the respective exposure in the class of retail exposures.
PART 2: Renewable eligible retail exposures
Art. 363
For the purposes of art. 154 para. (4) letter b) in Regulation (EU) no. 575/2013, the credits in

the category of renewable eligible retail exposures may be secured by a general pledge,
granted by agreement, aiming at the different exposures towards the same debtor, as long
as the individual exposure is treated as unsecured for the purposes of calculating the capital
requirement namely the amounts recovered by performing the collateral security cannot
be taken into account when estimating the loss in the event of non-reimbursement.
Art. 364
For the purposes of art. 154 para. (4) letter b) in Regulation (EU) no. 575/2013, an unused
credit line is deemed reversible immediately even if the consumer protection legislation or
the related legislation prohibits the credit institution to immediately reverse it or establishes
minimum revocation periods. The compliance with the regulations related to the consumer
protection should not prevent the credit institutions from classifying the exposures that
meet all the criteria as renewable eligible retail exposures.
Art. 365
The threshold mentioned in art. 154 para. (4) letter c) in Regulation (EU) no. 575/2013, may
be applied to the credit institution. The subcategories within the renewable eligible retail
exposures category such as credit cards, overdraft withdrawals and others should be
differentiated if the loses rates differ significantly.
Art. 366
(1) The demonstration of the loses rates low volatility mentioned in art. 154 para. (4) letter
d) in Regulation (EU) no. 575/2013, should be made during the approval process related to
the use of the approach based on the internal rating models and, subsequently, at any time
at the request of the National Bank of Romania.
(2) In order to evaluate loses rates volatility for renewable eligible retail exposures
portfolios or sub-portfolios relatively at the medium level of loses rates, the reference level
is generally the relative volatility of loses rates for other sub-portfolios in the "other retail
exposures" category, within which the credit institution holds exposures. In this case, the
credit institutions should provide data regarding the mean and standard deviation of loses
rates for all these sub-portfolios.
(3) If the credit institution does not have the "other retail exposures" category or if it not
suitable in terms of reference level, the similar renewable eligible retail exposures portfolios
of similar credit, the mortgage portfolios or the exposures towards the company portfolios
can be used as possible alternative reference portfolios.
(4) Within the meaning para.(1), in order to proper quantify the volatility, coefficient of
variation can be used the standard deviation in ratio to the mean -, and the rate of loss
means the actual loss during a fixed period of time, quantified as a percentage of the
exposure category value.
PART 3: Retail exposures secured by a real estate property
Art. 367
Any exposure retail exposure to which the credit institution assigns, in order to internally
quantify the risk, a guarantee represented by a real estate property, should be classified as
retail exposure secured by a real estate property. For retail exposures which no guarantee
represented by a real estate property was assigned to, for the loss estimation in the event of
non-reimbursement, the possible income from the value of the real estate properties should
not be taken into consideration.
SUBSECTION 31^2: Exposure class regarding companies

PART 1: 3.1.2.1. Small and medium sized entities within the exposure class regarding
companies
Art. 368
(1) Within the meaning of art. 153 para. (4) in Regulation (EU) no. 575/2013, the turnover
represents the value of total gross income collected by a company from selling the goods
and services, during the normal course of business. For an insurance company, this
expression means the value of gross premium income.
(2) For the purposes of art. 153 para. (4) in Regulation (EU) no. 575/2013, substitution of the
total annual turnover with the total assets can be achieved on a voluntary basis provided the
credit institution can argue that it is at least an equivalent prudent approach, is applied
consistently in time and formalized within the internal rules of the credit institution.
PART 2: 3.1.2.2: Specialized financing
Art. 369
(1) Within the meaning of art. 147 para. (8) in Regulation (EU) no. 575/2013, it is not
necessary for all the requirements for classifying within the subclass of exposures arising
from specialized financing, specified in the mentioned Art. , to be complied with equally. The
individual items of the definition of exposures arising from specialized financing can be
relaxed in a certain degree to include different categories of exposures, but all 3 items 3 of
the definition should be complied with at least in essence. The most important criteria for
classification as exposures arising from specialized financing is represented by the main
source of the loan reimbursement that needs to be created by the income generated from
financing activities.
(2) The credit institution should pay a particular attention to the definition of exposures
arising from specialized financing in the cases under the limit between the specialized
financing and the securitization framework. For items that could be classified both as
exposures arising from specialized financing, and as secured positions, the credit institution
should classify these positions consistently in time.
(3) The typical counterpart in the event of a contractual agreement for specialized financing
is an entity established specially to finance and/or operate the tangible assets, with separate
legal personality and whose payments are segregated from those of other entities or of the
group. The respective entity should have concluded an agreement producing legal effects
with regard to the assets and income they generate.
(4) For the purposes of defining the exposures arising from specialized financing the number
of asses provided in the contractual agreement is not important, but whether the assets
subject to the guaranty are the loan reimbursement source. Similarly, in the definitions
context, it should not be consider significant whether the entity provided para. (3) has
entered a type of long-term leasing agreement that cannot be terminated such
agreements representing a risks transfer -, but the fact that such a situation does not affect
the principle according to which the payments are from the same object that is financed and
serves as guarantee.
Art. 370
(1) Exposures arising from specialized financing are classified into the following categories:
a) projects financing;
b) objects financing;
c) goods financing;

d) financing of real estate properties producing income.

(2) Projects financing is a method of financing in which the creditor is primarily based on the
income generated by the project financed, both as source of reimbursement and as
guarantee related to the exposure.
(3) Objects financing is a method of financing the purchase of tangible assets in which the
exposures reimbursement depends mainly on the cash flows generated by specific assets
that have been financed and pledged in favour of the creditor or assigned to it.
(4) Goods financing refers to the short-term structured crediting, in order to finance
reserves, inventories, receivables related to the goods traded on the stock, in which the
exposures is reimbursed from the proceeds related to the sale of goods, and the debtor does
not have the independent capacity of reimbursing the exposure namely the debtor does
not carry out other activities and does not have other significant assets.
(5) The financing of real estate properties producing income is a method of financing the
real estate properties in which the prospects for reimbursing and recovering the exposure
depend mainly on the cash flows generated by the real estate property.
Art. 371
(1) To be able to use the non-reimbursement probabilities estimation for exposures arising
from specialized financing, the credit institution should prove that such estimations meet
the minimum requirements provided in part 3, title II, chapter 3, section a 6 a in
Regulation (EU) no. 575/2013, for each category of exposures arising from specialized
financing specified at art. 370 para. (1) in the hereby regulation.
(2) For exposures arising from specialized financing for which the credit institutions uses the
approach provided in art. 153 para.(5) in Regulation (EU) no. 575/2013, during the process
of classifying such exposures within the categories mentioned in that Art. for applying the
risk weights, the credit institutions should take into consideration the classification criteria
specified in appendix no. 2 that is an integral part in the hereby regulation.
(3) The credit institutions specialized in certain activities can refine the classification criteria
for the exposures arising from specialized financing in the categories mentioned in art. 153
para. (5) in Regulation (EU) no. 575/2013, criteria disclosed in the appendix no. 2 to the
hereby regulation, to the extent to which the refining process introduces additional criteria,
but does not replace the criteria specified.
(4) The risk weighting for exposures arising from specialized financing, provided in art. 153
para. (5) in Regulation (EU) no. 575/2013, can be applied only by the credit institutions that
use the approach based on the internal rating models.
(5) The credit institution should examine, at least on an annual basis, the different aspects of
the specialized financing, including ratings, exposures classification in the subclass of
exposures arising from specialized financing, proving the fact that such exposures may or
not be treated within the general framework of the approach based on the internal rating
models.
SUBSECTION 31^3: SECURITIZATION EXPOSURES CLASS
Art. 372
For the classification in the securitization exposures class, the credit institutions should take
into account the securitizations features listed in art. 4 para. (1) point 61 letter a) in
Regulation (EU) no. 575/2013 and they should take into account the fact that, in general, the
securitization classification should be based on the economic substance of the transaction
rather than on its legal form. If any uncertainties remain with regard to classifying a

transaction as securitization, the credit institutions should consult with the National Bank of
Romania.
Art. 373
(1)
For the purposes of art. 245 para. (1) (2) in Regulation (EU) no. 575/2013, the
requirement on the significance of the risk transfer should be viewed separately from the
requirement related to the actual risk transfer. The actual risk transfer relates primarily to
the validity and enforceability from legal point of view of the transaction related contractual
provisions, as well as the absence of contractual provisions that undermine the risk transfer
and makes the differentiation between traditional and synthetic securitization transactions.
The requirement related to the significant risk transfer shall be applied to both categories of
securitization transactions, by taking into account the aspects specific to each category. The
assessment of the risk transfer significance may also involve other criteria than those
mentioned in part 3, title II, chapter V in the hereby Regulation.
(2) For the regulated prudential purposes, the accounting recognition of the securitized
credit risk exposures is not a prerequisite or evidence regarding the effectiveness or
significance of the credit risk transfer.
(3) Even if a securitization structure is not recognized as the originator securitization - for
example, if the risk transfer is not significant -, for the investor, the transferred parts should
be treated as securitization.
SUBSECTION 31^4: Class of exposures in equity securities
PART 1: 3.1.4.1. Nature of exposures in equity securities
Art. 374
(1) Equity securities exposures are defined based on the economic substance of the
instrument and they include the ownership interests, both direct and indirect, carrying a
voting right or not, on the issuer assets and income.
(2) The indirect interests related to the equity securities include holdings of derivative
financial instruments that are supported by interests related to the equity securities and the
holdings in entities issuing ownership interests and carrying out mainly equity securities
investment activities.
(2) An indirect ownership such as branches of an entity is not necessarily taken into
consideration distinctly as long as the branch is taken into account when determining the
risk weighting value for equity securities direct exposures towards the respective entity.
However, this does not imply an exemption regarding the exposures treatment under the
form of equity securities owned in collective investment bodies (OPC), provided in art. 152 in
Regulation (EU) no. 575/2013, according to which the credit institution should take directly
into consideration the support exposures of OPC.
PART 2: 3.1.4.2. Allocation of exposures related to equity securities exposures classes
Art. 375
(1) An instrument should be assigned to the class of exposures of the equity securities if it
meets the following criteria:
a) is non-refundable within the meaning that the recovery of the invested funds can be
achieved only by selling the investment, selling the rights over the investment or issuers
liquidation;
b) does not include an obligation on behalf of the issuer; and
c) gives a residual right over the issuers assets or income.

(2) As a general rule, if a debt security is structured, subordinated and managed as equity
securities, it has to be included in the equity securities exposures class.
(3) The following instruments should also be classified in the equity securities exposures
class:
a) any instrument with the same structure as the one of the instruments listed in art. 26
in Regulation (EU) no. 575/2013;
b) any instrument involving an obligation on behalf of the issuer and meeting any of the
following criteria:
(i) the issuer may defer indefinitely meeting the obligation;
(ii) the obligation enforces or allows, at the issuers choice its own redemption by
issuing a fix number of equity securities of the issuer;
(iii) the obligation enforces or allows, at the issuers choice - its own redemption by
issuing a variable number of equity securities of the issuer, and change in the
obligations value all the other conditions remaining unchanged is attributable to
the change in the value of the fixed number of equity securities of the issuer,
comparable and in the same direction with it. For certain obligations imposing or
allowing their redemption by the issuance of a variable number of equity securities of
the issuer, the change in the monetary value of the obligation is equal to the change in
the fair value of a fixed number of equity securities, multiplied by a specified factor.
Such obligations meet this condition if both the factor and the specified number of
equity securities are fixed;
(iv) the holder has the option of requesting the redemption of the obligation by the
equity securities, unless, for a traded instrument, the credit institution proves to the
National Bank of Romania that such instrument is traded more as a debt security over
the issuer than as its equity securities, or, for instruments not traded, the credit
institution proves to the National Bank of Romania that such an instrument should be
treated as a debt security position. In both cases, with the approval of the National
Bank of Romania, the credit institution can break down the risks for the regulated
purposes.
Art. 376
(1) Debt securities, as well as other securities, partnerships, derivative financial instruments
or other structured products intended to give economic substance to the equity securities
holdings are deemed equity securities holdings.
(2) Equity securities registered as credit, but arising from a debt/capital swap carried out as
part of the debts organised recovery or restructure, are included in the definition of equity
securities holdings, but these instruments cannot attract a capital requirement lower than
the one that would be applied should those holdings remain in the receivables portfolio. This
category includes the liabilities of which profitability is connected with that of the equity
securities.
(3) Investments in the equity securities structured with the intention of giving economic
substance to the equity securities holdings or to the securitization exposures should not be
deemed equity securities holdings.
(4) Bonds with hybrid features cannot be deemed equity securities to the extent to which
they lead to receiving a fixed part of the profits, thus failing to comply with the criteria
mentioned in art. 375 para. (3) letter b).
(5) For convertible bonds and other such instruments, at least the equity securities

component should be included by assigning it to the equity securities exposures class.

PART 3: 3.1.4.3. Approaches on the calculation of the risk-weighted value of exposures for
equity securities
Art. 377
Instruments deemed equity securities exposures should be included in the class of equity
securities exposures, unless they are subject to consolidation or deduction from own funds.
Art. 378
Investments in entities controlled and with significant majority and minority ownership, that
are subjected to the limitations provided in art. 89 from the Regulation (EU) no. 575/2013
and do not exceed those limitations, should be risk-weighted in accordance with the
methodology related to the equity securities provided in part 3, title II, chapter 3 from the
same Regulation, and with not less than 100% after the application of the credit risk
mitigation techniques.
Art. 379
(1) For the purposes of art. 155 para. (1) in Regulation (EU) no. 575/2013, the credit
institution choosing different calculation models of the risk-weighted value of equity
securities exposures is deemed as being carried out in a consistent and coherent manner
through the use of various instruments and processes reflecting the internal risk
management processes.
(2) If the method based on internal models is used, that model should be integrated within
the credit institution risk management process, according to provisions art. 187 in
Regulation (EU) no. 575/2013 - for example, the results of the model should be used by the
credit institution with regard to the investment policy, setting limits and exposures
management.
(3) Within the meaning of art. 155 para. (2) in Regulation (EU) no. 575/2013, in order to
prove that the portfolios of private equity investment exposures are sufficiently diversified,
the credit institutions may refer to the number of investment funds, the number of
investments that make up the portfolio and the related funds or, to the extent to which they
are available, to specific diversification assessment ratios. The history of loses may also
indicate, that a portfolio is sufficiently diversified to apply the 190% risk weight to private
equity investment exposures.
PART 4: 3.1.4.4. Permanent exemptions from applying the approach based on the internal
rating models for equity securities exposures
Art. 380
The restrictions provided in art. 150 para. (1) letter h) in Regulation (EU) no. 575/2013, may
be aiming to the dimension or category of firms, the amounts that can be invested, the
geographical location or other factors that may limit the investment risk.
Art. 381
The threshold referred to in art. 150 para. (2) in Regulation (EU) no. 575/2013, should be
managed on a continuous basis and it should be verified by the credit institution at least
once a year.
SUBSECTION 31^5: Purchased receivables
PART 1: 3.1.5.1.: General matters
Art. 382

(1) The purchased receivables can be treated according to the following approach:
a) the exposure is treated as exposure towards the seller, and the receivables are treated
as security interests, of which eligibility should be checked according to provisions of part
3, title II, chapter 4, section a 3 a in Regulation (EU) no. 575/2013;
b) the exposure is treated as exposure towards the debtor, and the assessment of risks
related to each exposure, as if the respective exposure would have been initiated by the
credit institution, does not represent an un unduly effort for the respective credit
institution. The seller may or may not act as a guarantor;
c) the exposure is treated as exposure towards the debtor, and the assessment of risks
related to each exposure, as if that respective exposure would have been initiated by the
credit institution, represents an unduly effort for that credit institution. It can be,
especially if the credit institution must rely heavily on the information supplied by a third
party. It is possible for the credit institution not even always knowing each individual
debtor. The seller may or may not act as a guarantor.
(2) The purchased receivables do not constitute a class of exposures in itself, but it reflects a
type of financing common to several classes of assets, usually arising from selling the goods
and services associated to a commercial transaction. Through the special treatment
provided by part 3, title II, chapter 3 in Regulation (EU) no. 575/2013, for purchased
receivables in relation to the receivables in the same class of exposures, the purchased
receivables can be classified in the class of exposures towards companies or in the retail
exposures class.
(3) The rules relating to the purchased receivables relate mainly to the receivables that are
purchased as part of the factoring operations or the invoices discounting - invoice
discounting or that are or will be included in the asset - based transactions - asset-backed
transaction. These rules do not apply to transactions in which loans originated by a company
are purchased subsequently in order to add debtors to the buyers activity, other than that
related to the securitization operations.
PART 2: 3.1.5.2. Conditions for treating the purchased receivables in relation to the
companies, according to the minimum requirements for using the approach based on
internal rating models, related to the class of retail exposures
Art. 383
(1) For purchased receivables in relation to the companies, to be able to use the risk
quantification standards related to the retail exposures, provided within part 3, title II,
chapter 3, section a 6 a in Regulation (EU) no. 575/2013,, the credit institution should
prove it meets the eligibility criteria specified in that Regulation.
(2) Within the meaning of art. 154 para. (5) in Regulation (EU) no. 575/2013, between the
seller and the purchasing credit institution should not be carried out any bias operation, that
is, both parties should interact as independent agents on the financial market none of the
agents should be in such a position so as to influence the internal decision making process of
the other agent. The credit institutions wanting to treat the exposures as eligible purchased
receivables should ensure, at least, of the following:
a) there is no significant risk for contaminating the non-reimbursement cases between
the seller and the debtor; and
b) the receivables have been treated under arms length conditions that is, at market
price and under market conditions.
(3) For the purposes of art. 154 para. (5) letter d) in Regulation (EU) no. 575/2013, a way to

implement the diversification requirement may refer to the number of debtors, the credit
institution being able to establish a concentration limit, either as an absolute limit
maximum dimension of the counterparty exposure -, or as a relative limit exposure
towards a counterparty as percentage of the entire portfolio value.
Art. 384
(1) For the purposes of art. 153 para. (6) in Regulation (EU) no. 575/2013, unduly effort
means either that the number of related debtors is higher so as the credit institution may
not classify them by using tits normal rating system, or that the debtors are not normal,
direct debtors, of the credit institution and, consequently, the data systems of the credit
institution contain no specific information about them.
(2) When the credit institutions collect sufficient data to be able to assess the debtors on
individual basis, they should give up using, for purchased receivables, the top-down
approach that is, the use of the risk quantification standards related to the retail exposures
in exchange of the bottom-up approach that is, the use of the risk quantification
standards related to exposures towards companies.
PART 3: 3.1.5.3 Estimating the expected loss for purchased receivables towards companies
Art. 385
The credit institutions may estimate the expected loses for purchased receivables towards
companies on classes of the expected loss rating, by using the long-term means of the loss
rates. The credit institutions using such an approach should be holding a separate rating
scale of the expected loss, enabling them to allocate the debtors or the groups of debtors on
classes of the expected loss rating.
PART 4: 3.1.5.4 The risk of decreasing the receivables value
Art. 386
(1) The credit institutions using the approach based on the internal rating models should
cover the risk of decreasing the receivables value even if the credit institution treats that
exposure as if the debtor is its client.
(2) Within the meaning art. 4 para.(1) point 53 in Regulation (EU) no. 575/2013, the risk of
decreasing the receivables value refers to the possibility that the potential value of the
receivables purchased and financed by the credit institution to be reduced at the seller or
the debtor initiative and that the contractual values payable by the debtors of those
receivables to be reduced by granting loans to the debtors, either as liquidities, or otherwise
such as offsets or decreases arising from the return of the goods sold, from disputes on the
quality of products, from any payment or promotional discounts granted by the seller, as
well as offsets of the liabilities between the seller and the debtor.
(3) Where a credit institution is not sure if it should or not treat a certain event as a risk for
decreasing the receivables value, it should be treated as risk for decreasing the receivables
value. These cases include situations in which the credit institution cannot clearly allocate
certain events to the operational risk. For commercial bills based on assets - asset-backed
commercial paper -, the risk of decreasing the receivables value related to the support
exposures should be assessed proportionally - pro-rata.
Art. 387
Within the meaning of art. 157 in Regulation (EU) no. 575/2013, the significance of the risk
for decreasing the receivables value can be assessed within the group of exposure, by using
a specific examination of the expected loss. In this case, the credit institution should
prudently establish a significance threshold for the expected loss.

SECTION 32: Definitions of non-reimbursement and loss

SUBSECTION 32^1: Definition of non-reimbursement
Art. 388
(1) The specific requirements of part 3, title II, chapter 3 in Regulation (EU) no. 575/2013,
regarding the adoption by the credit institution of a definition for non-reimbursement
compliant with the non-reimbursement definition provided by the hereby Regulation shall
be applied only for quantifying the risk.
(2) The definition of non-reimbursement used to estimate the risk parameters should be the
same, regardless of the estimated parameter non-reimbursement probability, loss in the
event of non-reimbursement, conversion factor or expected loss.
(3) The non-reimbursement definition adopted by the credit institutions should be based on
the non-reimbursement definition provided by the Regulation (EU) no. 575/2013. Apart
from the objective criterion based on the number of days of delay in payment, the credit
institution should implement, at least, one non-reimbursement definition based on the
indications of non-payment provided in art. 178 para. (3) in that regulation. The credit
institution should interpret the indications and their relevance in accordance with its own
practices and markets characteristics.
(4) The credit institution should also take into consideration other indications of nonpayment that are appropriate to the debtors and their transactions or the specific of the
market on which it carries out its activity. Such indications should be used in additions to
those provided in art. 178 para. (3) in Regulation (EU) no. 575/2013 and they cannot
substitute the latter. The additional criteria may be needed to supplement the set of criteria
at a more specific and detailed level and they should be formalized properly within the
credit institutions internal rules to allow independent reviews, including from behalf of the
National Bank of Romania, relating to the number of non-reimbursements identified.
Art. 389
(1) For the purposes of art. 178 para. (1) letter b) in Regulation (EU) no. 575/2013, the
concept of significant obligation should be construed as a way to avoid the consideration of
debtors as entering the default period only for delayed payment due to technical reasons or
when the of the delayed payment is negligible.
(2) Within the meaning of art. 178 para. (1) and (2) in Regulation (EU) no. 575/2013, within
the validation process for the credit institutions internal rating models, the National Bank of
Romania establishes, on a case-by-case basis, - if necessary, based on a qualitative analysis
the size of the threshold provided in art. 178 para. (2) letter d) in Regulation (EU) no.
575/2013.
(3) The significance threshold determined by the National Bank of Romania for the purposes
of art. 178 para. (1) and (2) in Regulation (EU) no. 575/2013 provides to the credit
institutions a minimum criteria for obtaining a minimum definition of non-reimbursement. In
addition to this significance threshold, the credit institutions may take into consideration
other indications on the significance of the amounts paid in delay, that are adequate to the
debtors and their transactions or to the specific of the market on which it carries out its
activity. Such indications should be used in additions to those determined by the National
Bank of Romania and they cannot substitute the latter.
(4) In determining the internal significance thresholds, the credit institution should perform
an assessment on the rate of recovery i.e. the fraction of debtors undergoing delay
payments that are getting out of the non-reimbursement status without the credit

institutions intervention to avoid taking into account the debtors as entering the default
period only for late payment due to technical reasons and, consequently, artificially
generating lower market values in the event of non-reimbursement.
Art. 390
The ratings allocation process and the non-reimbursement definition adopted should be
consistent. The credit institution should assess carefully the contamination of nonreimbursements between the related parties. If a rating is allocated to the entire group
which the debtor entity is part of - for example, for allocating the rating based on the
consolidated balance sheet, the entity subject to the classification being the group -, the
non-reimbursement should be triggered for all group members, unless the credit institution
may prove that if each branch is entering the default period there are no significant
consequences on the stability of the group as a whole.
SUBSECTION 32^2:Definition of loss
PART 1: 3.2.2.1. Data used for establishing the economic loss
Art. 391
The data used to calculate the loss for actual non-reimbursement related to an exposure
should include all the relevant information. Such information may include, depending on the
type of exposure:
a) the amount exposed to the risk when entering the default period including the
principal plus interest and commissions unpaid and capitalized;
b) recoveries, including the income and recovery sources such as cash flows arising
from the sale of the security interest and the income from personal securities or the
income obtained after selling the loans entering the default period;
c) the costs for treating the problematic and collection related situations, including the
significant direct and indirect costs associated with the activity of treating the
problematic and collection related situations;
d) to the extent to which is necessary to calculate the update significant effects, the
calendar dates and the amounts of different cash flows that occurred, i.e. time sequence
- timing of the recovery process.
Art. 392
0The credit institutions should collect and keep data to assess the losses in the event of nonreimbursement, including data regarding the recovery costs and the costs for treating the
problematic and collection related situations. Such information should be collected within
each exposure entering the default period or within each group of exposure when
necessary in the class of retail exposures. The credit institutions should collect in due time
data regarding the costs of for treating the problematic and collection related situations at a
level as detailed as possible. If the credit institutions have only aggregated data, they should
develop a proper allocation methodology.
PART 2: 3.2.2.2. Use of external data related to the economic loss
Art. 393
(1) The use of external data, including centralized data, as well as of several sources of data
such as the combination of external and internal data in order to improve the robustness
of the loss estimation in the event of non-reimbursement should be taken into account

especially by a credit institution that holds fewer internal information to estimate the losses
in the event of non-reimbursement also, when there are issues related to
representativeness of the portfolio of exposures entering the default period.
(2) The credit institution should take into consideration, in particular, the proper external
reference items, to the extent to which they are available.
(3) The credit institution should assess carefully all the data and relevant external reference,
focusing on the analysis of data regarding the components of loss that are specific to a
certain country - for example, the inability to obtain control over the security interest
depends on the national legal framework or that are specific to a credit institution - for
example, the collection processes that lead to variations in the costs of treating the
problematic situations, other direct and indirect costs. The credit institution should also
identify those cases where some components of the economic loss might not be included in
the external data. The credit institutions should analyse the loss components within
external data, as well as the comparability of external data with regard to the crediting
practices and the internal processes and it should take into account the results of such
analysis during the estimation process.
PART 3: 3.2.2.3. Discount rate
Art. 394
The discount rates used by the credit institutions to incorporate the significant effects of
discount into the value of economic loss may vary depending on the market, the type of
transaction or the credit institutions practices related to treating problematic situations for
the transactions entering the default period.
Art. 395
(1) The quantifications of the recovery rates used when estimating the losses in the event of
non-reimbursement should reflect the cost of holding assets entering the default period
during the period of treating the problematic situations, including a proper risk premium.
(2) If the cash flows related to the recovery are uncertain and involve a risk that cannot be
diversified, the calculation of the net discounted value should reflect the value in time of
money, as well as a proper risk premium for the risk that cannot be diversified.
(3) In order to establish the appropriate risk premiums for losses estimation in the event of
non-reimbursement under economic downturn, the credit institution should focus on the
uncertainties connected to the cash flows related to the recovery, associated to the nonreimbursements triggered during the economic downturn.
(4) If there are no uncertainties about the cash flows related to the recovery such as the
case where recoveries are obtained based on a security interest as cash -, the calculation of
the net discounted value is necessary to reflect only the value in time of the money and is
suitable the use of a discount rate free of risk.
Art. 396
(1) The quantifications of the recovery rates may be carried out by methods such as:
a) updating the flow of recoveries and of costs related to treating problematic situations
through a risk-adjusted discount rate, which is the sum of the risk-free interest rate and
an appropriate margin for the risk corresponding to the cash flows related to the
recovery and the costs of treating problematic situations;
b) converting the flow of recoveries and of costs related to treating problematic
situations in cash flows such as certain equivalent representing the amount necessary
for a risk-averse investor to become indifferent between receiving with certainty the

amount at the payment date and receiving an asset that produces an uncertain payment,
of which distribution as at the payment date is identical with the one of the uncertain
cash flow and their discount through risk-free interest rate;
c) a combination of adjustment of the discount rate and adjustments, carried out
consistently with those adjustments, of the recovery flows and those of costs related to
treating problematic situations.
(2) The process used for determining the discount rate should be consistent for all exposures
of the same type. The credit institutions should carefully justify this aspect to ensure the lack
of any arbitrage caused by the manipulation of the discount ratios. The credit institutions
should prove to the National Bank of Romania, when using a risk-free discount rate, that any
remaining risk is covered in another section of the calculations.
PART 4: 3.2.2.4 Allocating the direct and indirect costs
Art. 397
(1) The costs related to treating problematic and collection related situations should include
the costs of carrying out the activities of the department that treats the problematic and
collection related situations, the outsourcing services costs such as the outsourced
collection services costs, direct attributable to recoveries, as well as legal costs and an
appropriate percentage of other continuous costs, as well as the overhead expenses of the
credit institution, unless the credit institution may prove that these costs are insignificant.
(2) The credit institution should prove that it records in its databases all the information
needed to calculate the direct and indirect significant costs. The costs allocation process
should be based on the same principles and techniques that the credit institutions use
within its own costs accounting systems, and the credit institution should prove that this
process is sufficiently relevant and rigorous.
(3) The credit institutions should define the concept of "significance" and formalize the cost
items in a manner consistent over time.

SECTION 33: Rating systems and risks quantification

SUBSECTION 33^1:Non-reimbursement probability
PARTEA 1: 3.3.1.1. Ratings allocation methodology
Art. 398
(1) The credit institutions should disclose the assumptions underlying the models and
methods used to allocate debtors rating classes or risk groups and to justify to the National
Bank of Romania such assumptions.
(2) To quantify the degree of compliance with the provisions of art. 174 in Regulation (EU)
no. 575/2013, the credit institutions can use statistical methods.
(3) Regardless of the methodology used to allocate the debtors rating classes or the risk
groups, the credit institutions should prove to the National Bank of Romania that the ratings
allocations and the rating systems for the debtors non-reimbursement risk comply with the
minimum requirements provided within part 3, title II, chapter 3, section 6 in the Regulation
(EU) no. 575/2013.
PART 2: 3.3.1.2. Methodology for estimating the non-reimbursement probability
Art. 399

(1) If the credit institutions use direct methods for estimating the non-reimbursement
probability and they register overlaps between allocating the debtors on rating classes or
risk groups and estimating the non-reimbursement probabilities for those rating classes or
risk groups, all the requirements provided by the regulatory framework regarding the ratings
allocation methodology shall also apply for the purposes of estimating the nonreimbursement probability.
(2) Regardless of the type of the estimation method used, the credit institutions should
prove to the National Bank of Romania that the estimation of the non-reimbursement
probability complies with the minimum requirements provided in part 3, title II, chapter 3 in
Regulation (EU) no. 575/2013.
SUBSECTION 33^2:Requirements regarding own estimates of loss in the event of nonreimbursement
PART 1: 3.3.2.1. General matters
Art. 400
Establishing the loss in the event of non-reimbursement should be based on the definitions
of non-reimbursement and those of the economic loss used by the credit institution,
definitions that need to be in accordance with the provisions of part 3, title II, chapter 3 in
Regulation (EU) no. 575/2013.
Art. 401
(1) The credit institutions should distinguish between the actual losses related to nonreimbursement and the estimated ones.
(2) The actual losses related to non-reimbursement refer to the total losses observed,
updated when entering the default period, for each exposure brought to nonreimbursement within the set of data and it represents ex-post values that can be applied
within a class of rating or a group of risk related to the transactions. The gross data used for
calculating the loss should come from the collection department such as recoveries,
performance of a security interest, as well as all cash flows -, within the accounting
department unpaid but capitalized interest, the amount exposed to the risk when entering
the default period or within other departments. The credit institutions should collect,
without applying filters at this stage, all the information needed to calculate the economic
loss.
(3) The credit institution should allocate the losses related to non-reimbursement estimated
for its current transactions entering or not the default period and it should use them
when calculating the capital requirements for its exposures.
(4) The estimated losses related to non-reimbursement are based on the actual losses
related to non-reimbursement for the applicable set of reference data. However, the
estimated losses related to non-reimbursement can be different from the average of actual
losses related to non-reimbursement within the set of reference data, the former being
needed to incorporate the expectations related to future recoveries rates. For such purposes,
the credit institutions should calculate a long-term anticipative recovery rate for the class of
rating or the group of risk related to the transaction by taking into account both the current
economic circumstances and the future ones.
(5) If a credit institution adjusts the value of the actual loss related to non-reimbursement
such as adjustments performed for taking into account the economic downturn conditions -,
it has to prove that that adjustment is suitable and properly taken into account within its expost testing procedures (back-testing).
Art. 402

When applying the provisions of art. 158 para. (5) and of art. 181 para. (1) letter h) in
Regulation (EU) no. 575/2013, the credit institutions should take into account the fact that
the difference between the best estimation of the expected loss for exposures entering the
default period, bearing in mind both the current economic conditions and the exposures
conditions, on one hand, and the estimated loss related to non-reimbursement, obtained
based on the set of reference data, on the other hand, comes from the likelihood of
additional losses occurring during the recovery period and represents the capital
requirement related to the unexpected loss for the exposure entering the default period.
Art. 403
(1) When applying the provisions of art. 181 para. (1) letter b) in Regulation (EU) no.
575/2013, the credit institutions should take into account the fact that the possibility of the
actual recovery rates to be lower than the average, during the periods when the nonreimbursement rates are high, can be a significant source of unexpected losses from credits
for certain exposures or portfolios, and such possibility should be taken into account when
calculating the capital necessary for covering the unexpected losses.
(2) For the purposes of para. (1), for treating the possible negative dependencies between
the non-reimbursement probability and the loss related to non-reimbursement, the loss
parameters related to non-reimbursement should incorporate the pre-emptive recovery
rates of the exposures entering the default period if there are expectations according to
which the credit losses are significantly higher than the average. In such circumstances,
there are expectations that the non-reimbursement rates are higher and the recovery rates
are negatively correlated with the non-reimbursement rates, the parameters of loss related
to non-reimbursement should incorporate forecasts of future recovery rates that are lower
than the ones expected under circumstances closer to the neutral conditions. If there are
expectations that the future recovery rates to be independent of the future nonreimbursement rates, there is no need for the pre-emptive projections of the recovery rates
incorporated in the loss parameters in the event of non-reimbursement to differ from those
expected circumstances closer to the neutral conditions.
PART 2: 3.3.2.2. Basic principles
Art. 404
(1) The estimations of loss related to non-reimbursement should reflect both the experience
and the practices of the credit institution, and the external environment in which it operates.
The credit institutions cannot rely on industry estimates without adjusting them, where
needed, to reflect their own position.
(2) Given that a given percentage variation of the estimations of loss related to nonreimbursement leads to an equal percentage change in the capital requirements, any
approximation and/or quicker way (shortcut) which the credit institution decides to adopt
should represent an important aspect of validation and assessment.
PART 3: 3.3.2.3. Data
Art. 405
(1) In order to estimate the parameters related to the approach based on the internal rating
models, the credit institution should prepare the set of reference data for each parameter,
which involves making decisions, such as those related to the sample size, the length of time
series, the confidence in external data, the treatment of positions entering the default
period that did not generate loss and the duration of recovery processes incomplete
treatment of problematic situations. Some information contained in the set of reference
data may need updating.

(2) The set of reference data for the loss related to non-reimbursement should include, as
opposed to the set of reference data related to the estimation of the non-reimbursement
probability, only exposures towards the debtors entering the default period, as well as
factors that can be used to group, in significant manners, the transactions entering the
default period. This set must also comply with, to the extent to which it is possible, the
following:
a) covering a period that is long enough to include at least on economic cycle;
b) containing all entries in the default period that have been recorded during the
considered time horizon;
c) containing data for the calculation of actual losses related to non-reimbursement;
d) containing all relevant information necessary to estimate the risk parameters;
e) containing data on loss relevant determinants.
(3) The credit institution should ensure that the set of reference data remains of reference
for its current portfolios.
Art. 406
The treatment applied to the positions entering the default period that do not generate loss
or they even have positive results within the recovery process should consider the following:
a) the credit institution must make a clear distinction between the actual loss related to
non-reimbursement and the estimated one, as parameter used for calculating the rickweighted values of exposures. The actual loss related to non-reimbursement can be zero,
i.e. if an exposure in drawn from entering the default period without a significant cost,
direct or indirect, associated with the collection related to that instrument, and without a
loss caused by the significant effects of the discount - for example, if the nonreimbursement has been caused only by the criterion of the 90th days of delay, and the
payment obligations have been subsequently fully complied with -, is possible for no loss
to be recorded;
b) in cases when the estimated loss related to non-reimbursement has a decreased or
zero value, the credit institutions must prove that their estimation processes are relevant
and accurate. In particular, they must be able to provide evidence on all the factors taken
into account within the quantification process that led to low estimates, such as discount
rate, security interest estimated value, cash flows structure etc.;
c) even if positive results have been found within the recovery processes and such results
can be explained, the loss related to non-reimbursement estimated and used to calculate
the capital requirements should not be lower than zero. It can be zero in exceptional
circumstances. The credit institutions should prove that they perform the monitoring and
recording of all positive results of the recovery processes to be satisfied with the fact that
no systematic errors occurred;
d) the credit institution should examine the treatment applied to zero-loss transactions
to ensure it does not produce distortions. A significant number of zero-loss transactions
can indicate the fact that the credit institution uses a too early definition of the nonreimbursement or that the set of reference data includes certain transactions that are
not really entering the default period technical non-reimbursements, such as low value
commissions remaining payable, related to the reimbursed loans.
PART 4: 3.3.2.4. Risk determinants
Art. 407
(1) Within the estimation of loss related to non-reimbursement, the credit institutions may
take into account risk determinants such as:

a) risk determinants related to the transaction, including the type of transaction, security
interest, personal securities provided by third parties, the subordination rank, the period
during which the debtor entered the default period, exposure maturity (seasoning), the
ration between value of the loan and that of the security interest and the recovery
procedures;
b) risk determinants related to the debtor, including the debtor size, the size of exposure,
the capital structure specific to the firm, the geographical region, industrial sector and
activity line;
c) risk determinants related to the credit institution, including internal organization and
activity management framework, relevant events such as mergers and specific entities
within the group, targeting the recoveries;
d) external risk determinant, including interest rates and legal framework and, as a
consequence, the duration of the recovery process; and
e) other risk factors.
(2) The credit institutions should identify and examine the additional risk determinants that
are relevant for their specific circumstances. The credit institutions should collect data
regarding what they consider to be the main determinants of a loss for a given group of
transactions and include such determinants in the estimation process of the loss related to
non-reimbursement. The judgements regarding the identification of main risk determinants
should be formalized accordingly by the credit institution and submitted to the National
Bank of Romania.
PART 5: 3.3.2.5. Estimation methodologies
Art. 408
(1) The credit institutions should choose a technique or combination of techniques for
estimating the loss related to non-reimbursement. The techniques that can be used,
provided the conditions of this section are complied with, include, but are not limited to, the
following:
a) estimation of the loss related to non-reimbursement that takes into account the
process of treating problematic situations;
b) estimation of the market loss related to non-reimbursement, namely the estimation of
the loss related to non-reimbursement based on market prices of the obligations related
to the non-reimbursement;
c) estimation of the implicit market loss related to non-reimbursement, namely the
estimation of the loss related to non-reimbursement in the credits market prices, bonds
or credit default instruments, for which non-reimbursement did not occur;
d) estimation of the implicit historical loss related to non-reimbursement.
(2) The credit institutions should prove that the models chosen for the estimation of loss
related to non-reimbursement are suitable in relation to the activities carried out by them
and with the portfolios they are applied to, and to justify the theoretical assumptions
accompanying the models.
Art. 409
If it is used the estimation techniques of a loss related to non-reimbursement that takes into
account the process of treating the problematic situations, the credit institution should
calculate the cash flows arising from the treating of problematic and/or collection related
situations, updated accordingly. In order to obtain anticipative estimations, the calculations

of the exposures owned currently by the credit institution should be carried out based on
the data regarding the actual recovery. The calculation process should not be based
exclusively on the market value of the security interest, but proper adjustments should be
applied.
Art. 410
Within the meaning of art. 181 para. (1) letter a) in Regulation (EU) no. 575/2013, for
calculating the weighted mean depending on the number of non-reimbursements of the
actual losses in the event of non-reimbursement, the non-reimbursements founded include
cases of incomplete treatment of problematic situations, even if they do not represent final
values for the purposes of calculating the loss related to non-reimbursement, since the
recovery process has not been completed.
Art. 411
The credit institutions should integrate the results of incomplete treatment processes
related to treating problematic situations as data/information within the estimations of
loss related to non-reimbursement, unless they can prove that those incomplete treatments
of problematic situations are not relevant. The relevance assessment should take into
account the market specific and they should indicate that the exclusion of incomplete
treatments of problematic situations does not lead to the underestimation of the loss
related to non-reimbursement and it does not have a significant impact on the estimations
of loss related to non-reimbursement.
Art. 412
Where the credit institutions include incomplete treatments of problematic situations when
calculating the weighted mean depending on the number of non-reimbursements of the
actual losses related to non-reimbursement, they have to formalize and prove the relevance
of such approaches, fact which includes, in particular, choosing the observation period and
the estimation methodologies of costs and additional recoveries, subsequent to such period
and, if necessary, within such period.
Art. 413
(1) The credit institutions may apply the estimation technique for the loss related to nonreimbursement that takes into account the treating of problematic situations, using either
direct estimations or a two-steps approach.
(2) If direct estimations are used, the credit institution obtains a quantitative estimation for
each individual exposure, based on its specific features.
(3) When using the two-steps approach, the credit institution estimates an average value of
the loss related to non-reimbursement for all exposures within the same rating classes or
risk groups of the transactions.
(4) Within the meaning of para.(2), if within the retail exposures class is used a risk groupwide approach, the credit institution should calculate the mean of the individual direct
estimations in view of obtaining loss related to non-reimbursement aggregated for all
exposures related to such group. If the credit institution obtains estimations for the retail
exposures class using rating classes - similar to the exposures towards companies,
institutions, central administration or central bank -, it is not necessary to aggregate the
estimations of the loss related to non-reimbursement for the retail exposures.
Art. 414
(1) Within the meaning art. of 413 para. (2), the direct estimation procedures - for example,
a statistic model that uses risk determinants as explicative variables allow the credit

institution to automatically calculate each separate item that make up the loss related to
non-reimbursement, based on the experience related to each of the corresponding items in
the set of reference data, that is relevant for that item such as recovery values of the real
estate properties or the discount rates.
(2) Within the meaning art. of 414 para.(3), within the two-steps approach, the credit
institution should apply a general adjustment for the loss related to non-reimbursement at
the level of the class of rating or group of risk, regarded as a whole, to reflect the extent to
which the average value of the losses related to non-reimbursement for the necessary set of
reference data is not representative for the long-term average, anticipative and weighted
depending on the number of non-reimbursements or for the estimation performed should
any economic downturn occur.
Art. 415
(1) If the care credit institution uses the estimation technique for the loss related to nonreimbursement that takes into account the treating of problematic situations, the set of
reference data used for performing the estimations includes the historical market prices
recorded with regard to the security interest or related to a part of all receivables towards
debtor. The current market prices of the security interests owned at the moment by the
credit institution may influence the loss in the event of their estimated non-reimbursement.
(2) As an alternative to the estimation technique of the loss related to non-reimbursement
that takes into account the treating of problematic situations, the set of reference data may
be obtained by the credit institution, provided that the provisions of this section are
complied with, by observing the market prices of bonds or marketable loans entering the
default period, I a short period of time as of the commencement of such state until exiting
the bankruptcy, as well as by observing the market prices of the credits, bonds or credit
default instruments, for which the non-reimbursement did not occur.
(3) If the credit institution uses the market information as an alternative to the estimation
technique of the loss related to non-reimbursement that takes into account the treating of
problematic situations such as in the event of few data -, the market data must fulfil the
general requirements related to the use of external data, provided in part 3, title II, chapter
3 in Regulation (EU) no. 575/2013.
(4) The credit institution may obtain the best estimation of an expected loss for the
exposures entering the default period directly from their market prices, if applicable.
Art. 416
(1) The credit institutions should use carefully the relevant external information used for
improving the estimations of the loss related to non-reimbursement, based on their own
experience relating to losses and recoveries.
(2) The estimation of the loss related to non-reimbursement from the credit margins (credit
spreads) related to exposures that did not undergone non-reimbursement i.e. the
estimation of the implicit market loss related to non-reimbursement may be used by the
credit institution only when, to obtain reliable estimations, other data are not available and
if the validation results show that these estimates are reliable.
(3) The estimation techniques for the market loss related to non-reimbursement and the
one for implicit market may be adequate only if the capital markets are characterised by
comprehensiveness i.e. there are many potential buyers and sellers willing to trade at
prices higher or lower that the current market price and liquidity.
Art. 417

(1) The estimation technique for the implicit historical loss related to non-reimbursement
i.e. obtaining estimates of losses related to non-reimbursement arising from actual losses
related to the exposures within the rating classes or risk groups and from the proper
estimations of the non-reimbursement probabilities may be used by the credit institution
only for the retail exposures class. The actual loss for these retail exposures is equal to the
total loss divided at the total number of exposures within the rating class or the risk group,
while the actual average loss related to non-reimbursement is equal to the same total loss
divided by the number of exposures entering the default period within the rating class or
risk group.
(2) Estimation of the implicit historical loss related to non-reimbursement may be used by
the credit institution only if it can estimate the expected loss for each rating class of the
transactions or group of exposures, provided that the minimum requirements are complied
with including all qualitative and quantitative requirements related to the validation for
estimating the non-reimbursement probability.
PART 6: 3.3.2.6. Loss related to non-reimbursement in the event of an economic downturn
Art. 418
(1) The credit institutions should establish a rigorous and well formalized process for
evaluating the effects - if they exist of the economic downturn conditions on the recovery
rates and for obtaining the estimation of the loss related to non-reimbursement in
accordance with the economic downturn conditions.
(2) The process provided in para. (1) involves 3 stages, that can be treated in an integrated
manner:
a) identifying the economic downturn conditions adequate for each regulated class of
exposures, within each jurisdiction;
b) identifying the negative dependencies - if they exist between the nonreimbursement rates and the recovery rates;
c) integrating the negative dependencies that have been identified among the nonreimbursement rates and the recovery rates, in order to generate, for the credit
institution exposures, the parameters of the loss related to the non-reimbursement that
is to be in compliance with the economic downturn conditions identified.
(3) Within the meaning of para. (2) letter a), the proper economic downturn conditions are
those where the relevant determinants of the non-reimbursement rates are consistent with
the conditions according to which there are expectations for the credit related losses in the
regulated class of exposures to be significantly higher than the average. The credit
institutions may identify such conditions at a more granular level, if such an approach
increases the sensitivity to risk. As a general rule, if the recovery rates are sensitive to the
local conditions, the credit institutions should, at least, take into account each separated
class of exposure and each jurisdiction, except for the case where they can justify the
combination of exposure classes and/or of jurisdictions based on the fact that the exposures
in the same classes of exposures, in different jurisdictions, have a high covariance of the
recovery rates.
(4) Within the meaning of para. (2) letter b), the negative dependencies between the nonreimbursement rates and the recovery rates may be identified either directly, by statistical
analysis, if necessary data are available, or indirectly, by the examination of the relations
between the non-reimbursement determinants and those of the recovery. The indirect
approach may include the analysis of the behaviour of the security interest values, where
the security interest has a significant influence on the recoveries.

(5) Within the meaning of para. (2) letter c), to obtain an estimation of the loss related to
non-reimbursement under circumstance of economic downturn, the credit institutions may,
for example, analyse the recovery rates during the economic downturn periods or they can
use forecasts based on the change in the proper risk determinants in a manner consistent
with the economic downturn conditions. If by performing an analysis in accordance with
para. (2) letter b) no significant negative dependency was identified between nonreimbursement rates and recovery rates, the estimations of the loss related to nonreimbursement may be based on the long-term averages, weighted depending on the
number of non-reimbursements, of the loss rates observed or they may be obtained from
predictions that do not involve stress tests for the appropriate risk determinants.
Art. 419
For the purposes of art. 181 para. (1) letter b) in Regulation (EU) no. 575/2013, the credit
institutions that can prove in other ways that the estimations of the loss related to nonreimbursement in the event of an economic downturn are not lower than the long-term
average estimations of the loss related to non-reimbursement should be able to submit to
the National Bank of Romania, at the latters request, an estimation of the rate of the longterm average loss related to non-reimbursement, weighted depending on the number of
non-reimbursements. The loss related to non-reimbursement in the event of an economic
downturn may, in certain cases, be equal to the long-term average loss related to the nonreimbursement, but it cannot be less prudent.
Art. 420
The stress tests (stress tests) provided in art. 177 para. (1) or para. (2) in Regulation (EU) no.
575/2013, are not required to produce a loss related to non-reimbursement lower or higher
than the one estimated according to art. 181 para. (1) letter b) in the hereby Regulation. To
the extent to which the identification of economic downturn period for the purposes of art.
181 para. (1) letter b) in the hereby Regulation coincides with the cu stress tests (stress tests)
carried out for the purposes of art. 177 para. (1) or para. (2) in that regulation, the calculated
loss related to non-reimbursement may be similar. Some stress tests (stress tests) carried
out for the purposes of art. 177 para. (1) or para.(2) in the hereby Regulation may be used as
an instrument for evaluating the strength of the estimation of the loss related to nonreimbursement, that is carried out according to art. 181 para.(1) letter b) in that regulation.
PART 7: 3.3.2.7 Loss in the event of non-reimbursement used to calculate the expected
loss
Art. 421
Within the meaning of art. 181 para. (1) letter h) in Regulation (EU) no. 575/2013, if the
economic downturn conditions are relevant for a certain type of exposures, than such
matter must be taken into account in quantifying the possibility of recording additional
unexpected losses during the recovery period.
SUBSECTION 33^3: Requirements regarding own estimations of the conversion factors
PART 1: 3.3.3.1. General matters
Art. 422
The conversion factor estimations must reflect both the experience and the practices of a
credit institution, and the external environment in which it operates. The credit institutions
should take into account an appropriate manner, within the estimation and validations
process related to the conversion factor, the way in which the relations between clients
develop and the negative circumstances, when the clients may decide upon using financing
commitments that have not been drawn.

Art. 423
The credit institution should pay an increased attention to the use of data collected from
external sources or along different periods of time.
Art. 424
Given that a given percentage variation of the exposure value leads to an equal percentage
change in the capital requirements, any approximation more rapid and/or change (shortcut)
that the credit institution decides to adopt for estimating the exposure value should
constitute an important aspect of the validation and assessment.
Art. 425
Within the meaning of Part 3, Title II, Chapter 3 in Regulation (EU) no. 575/2013, the
exposure value is made up of two positions: the amount drawn at the present time and an
estimation of the amounts to be drawn in the future from the loan committed and unused.
The possible amounts to be drawn in the future are described in terms of proportion from
the amount undrawn at the present moment.
Art. 426
The conversion factors should take up positive values of zero and the exposure value for
each transaction does not have to be lower than the exposure value defined in art. 166 para.
(1)-(7) in Regulation (EU) no. 575/2013.
PART 2: 3.3.3.2. The time horizon
Art. 427
(1) The conversion factor calculation needs the observation and comparison of at least two
moment sin time: the present moment and the moment of entering the default period. The
estimated conversion factors are obtained from actual conversion factors for the exposures
entering the default period in the set of reference data. The moment of entering the default
period and the drawn value at this moment for the exposures of the set of reference data
may be observed directly.
(2) The credit institutions should use approaches for calculating the actual conversion
factors that are appropriate to their specific activity.
Art. 428
(1) The credit institutions need to ensure that the moments of time chosen to calculate the
actual conversion factors related to the set of reference data are suitable for the one year
time horizon used to estimate the conversion factor. This may require the consideration of
different sets of time prior to the moment of entering the default period.
(2) If a credit institution uses the group approach (cohort approach) for calculating the
actual conversion factor, the observation period is divided into time frames, and the amount
drawn at the time of entering the default period is connected to the amount
drawn/undrawn at the beginning of the time frame. The period to be used within this
approach (cohort period) as time frame is of one year, unless the credit institution may
prove that a different period would be more prudent and appropriate.
(3) If using, for the actual conversion factors calculation, the approach based on the fixed
time horizon (fixed-horizon approach), the amount drawn at the moment of entering the
default period is connected to the amount drawn/undrawn at the fixed moment, previous to
entering the default period, by using the simplifying assumption that all exposures entering
the default period during the chosen time horizon will undergo non-reimbursement at the
same moment in time: the end of the fixed time horizon. The credit institutions should use a

fixed time horizon of one year, unless they prove that a different period would be more
prudent and appropriate.
(4) The credit institutions may use, to quantify the actual conversion factors, the variable
time horizon approach generalization of the approach with fixed time horizon -, that
involves using several temporal references within the chosen time horizon such as
comparing the amount drawn at the moment of entering the default period with the
amounts drawn one month, two months, three months, etc. prior to entering the default
period.
(5) To quantify the actual conversion factors, the credit institutions may use only as
transitional solution the momentum approach that aims at expressing the conversion factor
as percentage of the entire financing commitment total limit report -, and not as a
percentage from the amount undrawn. If using this approach, there is no need for the credit
institution to make a decision on the reference moment pervious to entering the default
period, the amount drawn at the moment of entering the default period being compared
only with the total limit at that time. To receive the approval of the National Bank of
Romania to use own estimations of the conversion factors obtained based on the
momentum approach, the credit institutions should recalculate the total limit report as a
conversion factor in order to comply with the provisions of part 3, title II, chapter 3 in
Regulation (EU) no. 575/2013, by using the relevant information in the allocation process
related to the rating classes of the conversion factor.
Art. 429
(1) Regardless of the approach chosen to quantify the actual conversion factors, the credit
institutions should:
a) analyse and submit to the National Bank of Romania the considerations for adopting
that approach, or to justify their choices and to assess the impact the use of a different
time horizon would have;
b) to identify the possible weaknesses of its chosen approach and to propose methods
for treating or offsetting them;
c) to assess the impact of the chosen approach on the rating classes and the final
estimations of the conversion factor, by investigating the dynamic effects, as well as the
interactions with the period remaining until entering the default period (time-to-default)
and the credits quality.
(2) The aspects listed in para. (1) should be taken into account when preparing and
validating the internal model, and the credit institutions documents should provide clear
information on them.
PART 3: 3.3.3.3. Regulated conversion factors and own estimations
Art. 430
The credit institutions that received the approval of the National Bank of Romania to use
their own estimations of the conversion factor should apply such estimations for all the
exposures specified at art. 166 para. (8) in Regulation (EU) no. 575/2013, subject to the
provisions related to the gradual implementation period.
Art. 431
(1) Notwithstanding the provisions of art. 166 para. (10) in Regulation (EU) no. 575/2013, for
the purposes of receiving the approval to use own estimations of the conversion factor, the
credit line expression provided in art. 166 para. (8) letter d) in the hereby Regulation may be
construed as broad enough to cover every type of exposure outside the balance sheet

mentioned in appendix I to the same regulation, which is not identified as a maximum risk
item that is not already explicitly mentioned in art. 166 para. (8) letter a) c) and letter e) of
the same regulation.
(2) In exceptional cases, the credit institutions may use, with the approval of the National
Bank of Romania, the conversion factors regulated for certain types of exposures, if they can
prove that is possible the preparation of a relevant approach to estimate the conversion
factors for those exposures. The maximum risk items remain uncovered by the provisions of
art. 166 para. (10) in Regulation (EU) no. 575/2013, and they receive an exposure value of
100% of their value.
PART 4: 3.3.3.4. Data
Art. 432
(1) The set of reference data for the conversion factor /exposure value should include only
exposures towards debtors entering the default period, the drawn amount and the undrawn
one at the moment of entering the default period, drawn amount and the undrawn one at
one moment - or moments of time previous to entering the default period, as well as
factors that can be used to group, in significant manners, the transactions entered in the
default period. This set must also comply with, to the extent to which it is possible, the
following matters:
a) covering a period that is long enough to include at least on economic cycle;
b) containing all entries in the default period that have been recorded during the
considered time horizon;
c) containing all relevant information necessary to estimate the risk parameters;
d) containing data for relevant determinants of the conversion factor.
(2) The credit institution should ensure that the set of reference data remains of reference
for its current portfolios, being updated when necessary.
PART 5: 3.3.3.5. Risk determinants
Art. 433
(1) The credit institutions should take into consideration and analyse all main risk
determinants of the conversion factor. The importance of the risk determinants should be
judged based on the specific features of credit institution portfolios and practices.
(2) When analysing the possible determinants of the conversion factors, the credit
institutions should examine - without the specified list to be exhaustive - the following areas:
a) the credit institutions strategies and policies regarding the monitoring of the clients
accounts;
b) credit institution ability and will to prevent new drawings in circumstances close to
entering the default period;
c) factors influencing the debtors request for financing/transactions;
d) factors influencing the credit institutions will to provide financing/transactions;
e) third parties behaviour such as other credit institutions, financial institutions,
commercial creditors and owners -, of which presence as sources alternative to the offer
may increase or reduce the financing/transactions request for an individual credit
institution; and
f) the nature of the transaction and the embedded attributes such as the protection of
the contractual arrangement.

SECTION 34: Internal documentation quality

Art. 434
The requirements of this subsection shall apply to all documentations regarding the
preparation and validation of the internal rating models, including the documentations
regarding the rating systems and the estimation of the non-reimbursement probability, loss
related to non-reimbursement and conversion factor.
Art. 435
The credit institution must formalize all the steps of preparing and validating the rating
systems in a way that allows a third party such as an internal audit, National Bank of
Romania to understand the judgement and procedures underlying the preparation and
validation. The credit institution must fulfil this requirement and that of the documents
related to the operations performed.
Art. 436
The documents related to preparing and validating the rating system should include at least
detailed descriptions of the preparation methodologies, of the calibration allocation and
classification processes, as well as of internal procedures, processes and tests used by the
credit institution for validating the rating system.
Art. 437
The credit institution should ensure on a continuous basis that the rating systems meet their
related requirements. Given that the rating systems and their options are subjected
constantly to improvement, the validation should be an iterative process. The credit
institutions should ensure that the documents are updated after processing significant
changes in the rating systems or processes. The documents regarding the preparation and
validation should include iterations and processes used for their validation.
Art. 438
The documents should also reflect the fact that different rating systems can be used for
different portfolios. The credit institutions should keep different sets of documentation in
relation to the preparation, validation and the operations related to each rating system or
each combination of rating systems that can be used, as well as in relation to the portfolios
for which they are applied.
Art. 439
The credit institutions should make available to the National Bank of Romania, at the latters
request, all the documents regarding their rating systems.
Art. 440
The documents related to the statistical methods and other mechanical methods should
cover at least the following matters:
a) documents regarding the models conceptual details:
i.

delimitation criteria for the rating segment;

ii. description of the rating method, of the type of model used and of the models
architecture;
iii. the model architecture and the basic assumptions, including the nonreimbursements definitions, considerations and the analysis that support the choice of
the rating criteria, the typical circumstances in which the model operates in an effective
manner and the general strengths and weaknesses of the model;

iv.

considerations for selecting a specific type of model;

v.

documents related to all functions of the model;

vi.

rating process description;

vii.

tasks and responsibilities regarding the rating model;

viii.

changing policy related to the model;

b) documents regarding the preparation and analysis:

i.

the relevance of criteria used within the model;

ii.

the set of data used when preparing the model;

iii.

quality assurance for the set of data;

iv.

model preparation procedure;

v. the selection of the input factors related to the model and to the evaluation of
models parameters;
vi. quality/validation assurance during the period of model preparation, including at
least performance tests "outside the time horizon" - out-of-time and/or "outside the
sample" - out-of-sample;
vii. for risk parameters estimation models, the risk parameters calibration on the class
of rating or the group of risk;
viii.
ix.

procedure for regular validation/review;

the use of professional judgement in order to complete the model.

Art. 441
The tests for quality/validation assurance should be carried out only if the data needed to be
allocated only for them do not abnormally reduce the set of data used to prepare the model.
If little data are available, it may be useful for, in certain circumstances, the credit institution
not to exclusively allocate a set of data outside the sample - out-of-sample -, but to wait for
the new rating allocations in the following year, and they have to be used as sample "outside
the time horizon" - out of time.
SECTION 35: Models obtained from external suppliers
Art. 442
The credit institution rating process, as a whole, should be an internal rating process, but is
not needed for all its part to be prepared internally, the credit institution being able to use
the models obtained from external suppliers, such as statistical models.
SUBSECTION 35^1: Transparency of models obtained from external suppliers
Art. 338
(1) On order to comply with the requirements of part 3, title II, chapter 3, section 6,
subsection 5 in Regulation (EU) no. 575/2013,for the models obtained from external
suppliers, the credit institution should prove a good understanding of such models, in all
aspects.
(2) The credit institution must have a documentation regarding the preparation of models
and the fundamentals of their validation process, prepared by the external suppliers so as to
allow third parties such as internal audit, National Bank of Romania a detailed
understanding of the methodology applied, as well as the assessment of the
appropriateness of the model operation at the credit institution level.

(3) The credit institution should prove that it has an internal plan of knowledge necessary for
understanding the methodology and for evaluating the appropriateness of the model
operation. It should particularly have knowledge of all the models limitations, as well as of
the circumstances under which the model does not work as expected.
(4) The credit institution should ensure that the users will be trained accordingly for using
that model and internal trainers will be available.
(5) The credit institution must submit plans to ensure validation and, if necessary, the future
model development.
(6) The credit institutions should ensure that the model performance can be assessed and, if
necessary, adjusted, even if the external supplier stops the support or in other similar cases.
SUBSECTION 35^2: Connection with the internal information used within the rating process
Art. 443
(1) The credit institution should what are the information - data processed within the
model obtained from an external supplier and how these information are connected with
those processes internally - for example, if the definitions given by the supplier to the input
factors, and the turnover and the liability, are in accordance with those used internally.
(2) The credit institution should ensure that the aggregation of the different parts of the
rating model does not lead to an unfair rating method, especially in cases when parts
prepared externally are used with parts prepared internally.
(3) The credit institution should verify if there is any double counting of the information in
the rating model internal and external parts.
(4) For the combinations of the parts prepared separately from the rating system, the credit
institution should conduct an additional exercise with regard to the risk quantification, i.e.
the risk parameters should be estimated based on an adequate set of data, as well as in the
event of a rating system prepared entirely on an internal basis.
SECTION 4: Data requirements
Art. 445
The credit institutions physical databases built to comply with the requirements on data
collection and storage for different purposes, provisioned by part 3, title II, chapter 3 of
Regulation (EU) No. 575/2013, may contain data relating to a mix of purposes. There may
also be different sources of data, namely:
a) for creating the model for assignments, there might be used internal, external and
pooled data to determine the weight of the input variables;
b) for calibrating the model for estimates, there might be used internal, external and
pooled data according to Art. 178 para. (4), Art. 180 para. (1) letter h), Art. 180 para. (2)
letter c) and e), Art. 181 para. (1) letter j) and Art. 181 para. (2) the second section of
Regulation (EU) No. 575/2013 -, respectively external and pooled data with restrictions
according to Art. s 179 para. (2), 180 para. (1) letter f), Art. 180 para. (2) letter c), Art. 185
letter c), Art. 188 letter d), Art. 190 para. (3) and Art. 191 of the mentioned regulation;
c) for outcome and performance data, there might be used internal data generated during
model development and use;
d) for calculating the current minimum capital requirements there might be used internal
data.
SECTION 41: Data accuracy, completeness and appropriateness

Art. 446
For the purposes of Art. 174 letter b) of Regulation (EU) No. 575/2013, the below terms
shall be interpreted to have the following meaning:
a) accuracy refers to the degree of confidence that can be placed in the data inputs. These
data shall be sufficiently accurate to avoid material distortion of the outcome;
b) completeness means that databases provide comprehensive information for the credit
institution i.e., data for all relevant business lines and all relevant variables. While
missing data for some fields or records may be inevitable, the credit institutions shall
attempt to minimize their occurrence and aim to reduce them over time;
c) appropriateness means that data do not contain biases which make them unfit-forpurpose.
SUBSECTION 41^1: IT systems for internal ratings based approach calculation
Art. 447
(1) The credit institution shall possess a sound IT infrastructure for ensuring the integrity of
the capital calculation. The databases that are used to replicate calculations need to be
adequately archived and backed up. The credit institutions shall document workflows,
procedures, and systems related to data collection and data storage.
(2) The credit institutions shall have IT systems that ensure continuous availability and
maintenance of all relevant databases as well as the reproduction of databases and of the
outputs of the rating systems for validation purposes. In order to guarantee the recovery of
the information, these IT systems shall be included in the credit institutions general
contingency plans. The credit institution shall establish adequate controls in order to
prevent access to information by unauthorised people.
(3) The credit institutions shall assign enough resources to allow for the possibility of
expanding databases without the risk of losing information and shall aim to reduce the risk
of human error by increasing the automation of all material procedures used in the
quantification of the capital requirement. Sufficient IT support of internal ratings based
approach data means that all data shall be stored in a suitable way and shall be ready to
access within an appropriate time frame.
SUBSECTION 41^2: Audit review
Art. 448
The review of data quality by internal audit shall include at least the following: an annual
review of controls, periodic sampling of data, and review of system reconciliations For
external data and pooled data, the review of data quality shall be done to the fullest extent
possible.
SECTION 42:Data quality standards and consistency with accounting data
Art. 449
(1) The credit institutions shall define their own standards for ensuring data quality, shall
strive to improve these standards over time and shall measure their performance against
these standards.
(2) The credit institutions shall ensure on an ongoing basis that their data is of high enough
quality to support their risk management processes and the calculation of their capital
requirements. This could include reviewing the structure of input data to identify outliers or
implausible values, changes from previous periods, and the amount of missing data. The
review shall also indicate whether the integrity of data is being maintained.
Art. 450

(1) The credit institutions shall identify and explain material divergences highlighted within
the regular reconciliation process against accounting data. The full reconciliation may not be
possible, as risk data may differ from accounting data for good reasons for example, the
conversion factor has no equivalent in accounting , but shall be performed when possible.
(2) The credit institutions shall perform consistency checks that include an audit trail of data
sources, total and record count checks when data move between systems, recording of data
that are excluded or introduced at different stages of data manipulation, etc. The credit
institution shall investigate significant discrepancies.
Art. 451
The data shall be subject to appropriate quality controls, according to their criticality. The
credit institution is responsible for minimum checks, including a periodic independent
review to confirm that data are accurate, complete, and appropriate. For example, the data
quality could be reviewed by replicating the preparation of data including collection and
transformation and the outputs of models, using the same databases and algorithms used
by the credit institution. The review could be done on a sample basis.
Art. 452
The credit institutions rating assignment systems shall include a well-justified policy on their
tolerance for gaps in the data for an obligor and on conservative approaches to treating
missing data, for example by substituting values. The credit institutions shall seek to
minimise the amount of missing data over time.
Art. 453
The credit institutions shall have an adequate set of documentation on data quality
standards, focusing on the following aspects:
a) the data policy and statement of responsibility: the credit institutions shall establish an
explicit data policy, which could be part of a general data policy. The credit institutions are
responsible for ensuring the quality of their data and shall be able to convince the
National Bank of Romania that they meet fit-for-purpose standards;
b) the data directory: the credit institutions shall have clear data directories dictionaries
that provide definitions of data items;
c) the database descriptions: the documentation for databases shall allow the assessment
of the soundness of the databases. This documentation may contain:
(i) a general description of the databases for example information on the relational
database model, including tables, keys, triggers, stored procedures; performance data
such as overall maximal size; security information such as owner, users with read-andwrite access, and maintenance responsibilities;
(ii) the source of the data:
(iii) the processes used to obtain and load the data;
(iv) the filters used to create and debug the database for example, maximum and
minimum values and treatment of missing values;
(v) controls on access, consistency, etc;
(vi) a specific description of the variables included.
Art. 454
The credit institutions shall prepare a global map of all the data and IT systems weaknesses

found during the internal review process for example, lack of automation , with an
assessment of their impact on the final calculation. The credit institutions shall also state
how they plan to correct the weaknesses.
SECTION 43: Representativeness of data used for model development and validation
SUBSECTION 43^1: Data requirements
Art. 455
(1) In fulfilling the requirements on data quality included in the part 3, title II, chapter 3 of
Regulation (EU) No. 575/2013, any uncertainties if they are admissible at all according to
the referred regulation shall be accompanied by some degree of greater conservatism in
the estimates or in the assignment processes, as required in Art. 171 para. (2) and 179 para.
(1) letter f) from the mentioned regulation. The credit institutions shall not treat the
application of conservatism as a substitute for fully meeting the requirements. Where
conservatism is applied, it shall be based on the credit institutions internal practices.
(2) The data requirements for the observation period set out in Art. 180 para. (1) letter h),
art. 180 para. (2) letter e), Art. 181 para. (2) the second section, the first two theses, Art. 182
para. (3), the second section, the first two theses of Regulation (EU) No. 575/2013, as well as
the possible relaxation mentioned in Art. 180 para. (1) letter h), Art. 180 para. (2) letter e),
Art. 181 para. (2), second section, last two theses, and Art. 182 para. (3) second section, last
two theses from the referred regulation shall be satisfied fully, compensating shorter
observation periods with applied conservatism not being allowed.
SUBSECTION 43^2: Data sets used for risk parameter estimation (comparability)
Art. 456
For the purposes of Art. 179 para. (1) letter d) from Regulation (EU) No. 575/2013, the
credit institutions shall demonstrate the comparability of data sets used for estimation this
applies equally to internal, external, and pooled data and to the combination of such data
sources to the credit institutions current portfolio. In this context, the interpretation of
comparability shall include at least the following points:
a) the demonstration of comparability shall be based on analyses of the relevant
characteristics, such as the population of exposures represented in the data used for
estimation, the lending standards used when the data was generated, and other relevant
characteristics, in comparison to the corresponding properties of the credit institutions
current portfolio. Other relevant characteristics could include, for example, the
distribution of the obligors across industries, the size distribution of the exposures, and
similarity in the geographic distribution of the exposures, to the extent that these apply to
the respective data sets;
b) in analysing the comparability of populations, the key characteristics the quantitative
and qualitative obligor and facility characteristics that could relate to default for
probability of default estimation or to loss for loss given default estimation or to
additional drawings for conversion factor estimation shall be taken into account. The
analysis shall be based on these characteristics or on a mapping from one set of
characteristics to the other for example, the analysis could consider the distribution of
the population according to the key characteristics, and the level and range of these key
characteristics. In all cases, and especially for external and cross-border samples, any
differences in the meaning of the key characteristics shall be documented and considered
in the model-building or risk quantification. The distribution of the population and the
level and range of these key characteristics shall approximate those of the corresponding
credit institutions current portfolio. The credit institution shall ensure that the
distributions are reasonably close, although it is unrealistic to expect a perfect match in

every case;
c) the material observed differences in the key characteristics used for estimation are
relevant information in the sense of Art. 179 para. (1) letter a) from Regulation (EU) No.
575/2013, and shall be taken into account in estimations by making appropriate
adjustments. If adjustments are difficult to quantify, the credit institutions shall consider
the use of other data sets;
d) the credit institutions may use statistical tools in order to quantify and ensure the
evidence.
SUBSECTION 43^3: Data used for developing models for exposure assignment or risk
parameter estimation (representativeness)
Art. 457
(1) For the purpose of Art. 174 letter c) from Regulation (EU) No. 575/2013, the
interpretation of representativeness includes the following points:
a) the representativeness shall be interpreted similarly, regardless of the source of the
data internal, external, pooled data sets, or a combination of these;
b) for the assignment of obligors, representativeness does not require that the proportion
of defaulted and non-defaulted exposures in the data set be equal to the proportion of
defaulted and non-defaulted exposures in the credit institutions respective portfolio;
c) for analysing the representativeness of the sample with respect to the population of
actual obligors or exposures of the credit institution, all the key characteristics the
quantitative and qualitative obligor and facility characteristics that could relate to
default for probability of default estimation or to loss for loss given default
estimation or to additional drawings for conversion factor estimation shall be taken
into account. The analysis shall be based on these characteristics or on a mapping from
one set of characteristics to the other for instance, the analysis could include
considering the distribution of the population according to the key characteristics and the
level and range of these key characteristics. The material observed differences in the key
characteristics shall be avoided, for example by using another sample;
d) where applicable, the statistical methodologies such as cluster analysis or related
techniques shall be used to demonstrate representativeness;
e) in building the model for assignments of obligors or exposures to grades or pools, the
credit institutions are allowed to use their own definitions of default and loss provided
they document them and apply them consistently, and as long as the requirement for
good predictive power, mentioned in Art. 174 letter a) of Regulation (EU) No. 575/2013,
is fulfilled.
(2) The provisions of para. (1), letters a), c) and d) are applicable as well for the purposes of
estimating risk parameters by statistical default prediction models, according to Art. 180
para. (1) letter g) from Regulation (EU) No. 575/2013.
SUBSECTION 43^4: Pooled data sets
Art. 458
For the purposes of Art. 179 para. (2) of Regulation (EU) No. 575/2013, the interpretation of
representativeness includes the following points:
a) the representativeness shall be demonstrated according to plausible criteria that have
been set in advance in a general policy. These criteria could include the comparability of
populations of exposures in the relevant parts of the pool;

b) in the case of pooled data, the default definition used by a credit institution for any
part of the pool shall be similar to the default definition used for that part by the other
credit institutions in the pool. The credit institution shall avoid any underestimation of risk
that might result from applying similar default definitions. For this purpose, the credit
institutions shall particularly avoid curtailing their use of unlikeliness to pay indicators in
order to achieve the similarity in default definitions;
c) where applicable, appropriate statistical methods shall be used to demonstrate the
representativeness of pooled data.
SUBSECTION 43^5: Use of data histories
Art. 459
For the purpose of Art. 179 para. (1) letter b) of Regulation (EU) No. 575/2013,
representativeness means that the estimates based a future time horizon of one year reflect
at least the relevant events experienced by the credit institution in the past over a long time
period.
SECTION 44: Data sources and definition of default
Art. 460
(1) In the case of pooled data sets collected from the same market, the credit institution can
check the similarity of the definition of default by examining the wording of the definition
and the internal use of the definition, or by looking at the practical usage of the definition
for that market.
(2) For cross-border data sets, the credit institution shall check the meaning of default the
same wording of the definition of default could have different meanings or be interpreted
differently across jurisdictions, such as the meaning of non-accrued status, or the definitions
of default could have different wording, but the meaning of default could be the same, such
as the identification of additional indicators of unlikeliness to pay that are typical for a given
country and shall demonstrate that the definitions of default used by the credit institutions
that participate in the pool are similar.
SECTION 5: Quantitative and qualitative validation and its assessment
SECTION 51: High level principles on validation
Art. 461
(1) Validation of a rating system encompasses a range of processes and activities that
contribute to an assessment of whether ratings adequately differentiate risk and whether
estimates of risk parameters appropriately characterise the relevant aspects of risk.
(2) Without prejudice to the requirements of the use test, which requires the credit
institutions to justify differences between measures used for regulatory risk parameters and
internal purposes, validation by the credit institutions shall take into account the specific
purpose or purposes for which a rating system is being used, including whether appropriate
amendments have been made for each purpose.
(3) The validation performed by the credit institutions shall comply with the general
principles set out in Art. s 462-476.
SUBSECTION 51^1: Assessing the predictive ability of a credit institutions risk estimates
and the use of ratings in credit processes
Art. 462
(1) The credit institutions risk estimates shall be ground in historical experience, but they
shall also be forward-looking.
(2) The rating systems shall effectively discriminate risk i.e. credits with lower ratings shall

have a higher risk of loss and calibrate risk effectively i.e. they shall accurately quantify
the risk of loss. The rating systems shall also be consistent.
(3) The validation performed by the credit institutions shall be fundamentally about
assessing the predictive ability of the credit institutions risk estimates and the use of ratings
in credit processes.
(4) For the purposes of para. (3), the validation shall focus on assessing the forward-looking
accuracy of the credit institutions risk estimates, the processes for assigning those estimates,
and the oversight and control procedures that are in place to ensure that the forwardlooking accuracy of these estimates is preserved going forward.
(5) In cases where the actual outcomes diverge materially from expected results, the
validation process shall prompt a reassessment of the internal ratings based approach
parameters.
Art. 463
(1) In order to ensure the predictive accuracy of the risk estimates as well as the effective
discrimination and calibration of risk, the credit institution shall first assess the general
appropriateness of each of its rating systems, assessment which shall cover at least:
a) the verification that each rating system is characterised by an appropriate balance of
objectivity, accuracy, stability and conservatism;
b) the assessment of the appropriateness of the philosophy of each rating system.
(2) For the purposes of para. (1), letter a), regarding the objectivity of the rating system, the
credit institutions shall adopt policies and standards that ensure that ratings and estimates
are applied consistently to borrowers and facilities with similar characteristics and posing
similar levels of risk. The credit institutions shall be able to verify how the use of judgement
is managed in order to achieve consistent outcomes. For the purposes of comparing
outcomes against expected performance, the credit institutions shall be able to identify how
their estimates have been adjusted from the most likely outcome.
(3) For the purpose of para. (1), letter a), regarding the accuracy of a rating system, the
credit institution shall adopt policies and standards relating to the expected performance of
the rating system outcomes versus predictions , to the integrity of inputs into the rating
system and their conversion into outputs.
(4) For the purpose of para. (1), letter a), regarding the stability of a rating system, the credit
institution shall adopt policies and standards that ensure that ratings and estimates are
broadly unchanged when the underlying risk has not changed. This shall not preclude
changes that are intrinsic to the rating philosophy of the system.
(5) For the purpose of para. (1), letter a), regarding the conservatism of a rating system, the
credit institution shall adopt policies and standards that identify the sources and range of
uncertainty in ratings and estimates, and the degree of conservatism. In particular, the
policies shall identify where and explain how the credit institution applies conservatism in
accordance with the relevant requirements of the chapter 3 of title II from Regulation (EU)
No. 575/2013.
(6) For the purpose of para. (1) letter b), the philosophy of a rating systems is characterized
by two components: the philosophy underlying the grade or pool assignment meaning
how credit institutions assign exposures, obligors or facilities to risk buckets according to
appropriate risk drivers and the method used to quantify the risk parameters associated
with each grade or pool.
(7) For the purpose of para. (6), each philosophy underlying the grade or pool assignment in

a rating system results in a specific dynamics of ratings and could be characterized by the
extent to which a change in economic conditions is expected to result in:
a) a net migration of a large number of exposures, borrowers, or facilities to other grades
or pools if the credit institution was to take no compensating policy actions; or
b) as opposed to the case described in letter a), migration of some exposures, borrowers,
or facilities to other grades or pools due only to their individual characteristics while
leaving the number of exposures, borrowers or facilities in each grades or pools
substantially unchanged; or
c) a hybrid between the two extremes mentioned in letters a) and b).

Art. 464
In order to assess the appropriateness of the philosophy of a rating system, the credit
institution shall:
a) understand the philosophy underlying the grade or pool assignment, and specifically
the risk drivers, and whether they create homogeneous buckets with respect to the
targeted estimator an example for the probability of default dimension is whether the
buckets are homogeneous with respect to the likelihood that each obligor in each risk
bucket will default over the next year given all currently available information, including
obligor and economic information; or, alternatively, with respect to the likelihood that
each obligor in each risk bucket will default over the next year given all available
information and hypothetical stress scenario economic conditions;
b) assess whether the method used to quantify the risk parameter is adequate for the
philosophy underlying the grade or pool assignment;
c) understand the characteristics, including the dynamics, of its ratings and of its risk
parameter estimates;
d) assess the adequacy of the resulting characteristics, including the dynamics of the
ratings and risk parameter estimates with regard to their different uses;
e) understand the impact of the characteristics, including the dynamics, of the ratings and
risk parameters estimates on the dynamics and volatility of capital requirements.
Art. 465
The credit institution shall at least adopt and document policies which explain the
philosophy of each rating system and how grades and risk parameters are expected to vary
with movements in the general economic cycle or more specific cycles relevant to each risk
parameter. These policies shall include descriptions of how, if at all, the rating assignments
and risk parameter estimates are impacted by the application of conservatism.
Art. 466
(1) When the credit institution uses different rating systems characterised by different
philosophies, it shall give special attention to the use of information either for rating
assignments or estimates from another rating system, internal or external, that has a
different rating philosophy an example is the use of rating information or default
experience obtained from rating agencies.
(2) When the credit institution uses different rating systems with different characteristics
such as different philosophies, levels of objectivity, accuracy, stability, or conservatism , it
shall ensure that they have an appropriate level of consistency and/or that the differences

between them are well understood. This understanding shall at least enable the credit
institution to define an appropriate way to combine/aggregate the information produced by
the different rating systems when this is necessary. The assumptions and potential
inaccuracies arising from such a combination/aggregation shall be fully understood by the
credit institution.
(3) The credit institution shall at least describe how the combination of information from
rating systems characterised by different philosophies impacts the dynamics and volatility of
capital requirements.
Art. 467
The estimates of future default frequencies and losses made by the credit institution shall
base on historical data, but these data are only a starting point and shall be adjusted with
care. The minimum data periods five or seven years determine how much minimum
historical experience is needed as an input to the forward-looking estimates, and are not
meant to imply that an average of actual experience is a sufficient measure for the forwardlooking estimates. Where a credit institution can demonstrate that the historical experience
is likely to be an accurate estimate of the forward-looking estimate, little or no adjustment
may be needed.
Art. 468
The forward-looking estimates can be lower than actual historical experience. This may be
because of small sample size, because the historical experience contains a disproportionate
number of extremely bad years, or because practices have changed. The credit institution
shall justify adequately the cases where it sought to ignore or significantly underweight
some of the available data.
Art. 469
For the purposes of probability of default estimation based on the long-run average of
default rates in each grade or pool, the historical experience shall include a representative
mix of good and bad years for the economy as a whole, as well as addressing more specific
cycles such as industry cycles that are material to the level and volatility of defaults in
exposures covered by the rating system. The credit institutions shall demonstrate that the
estimates they are using are representative of likely long-run rates. Where statistical
prediction models are used internal or external , this may require an adjustment to the
calibration of those models.
Art. 470
The provisions set out in Art. 469 apply adequately for the purposes of loss given default
and conversion factor estimation based on default-weighted averages.
Art. 471
The credit institutions shall have policies and standards covering the levels of accuracy and,
where relevant, discriminative power , the acceptable levels of divergence from the
expected performance, and the action to be taken when these acceptable levels are
breached. The credit institutions shall have clear policies for the circumstances in which
these standards may be changed.
SUBSECTION 51^2: Responsibility for validation
Art. 472
(1) The credit institution has primary responsibility for the validation of its rating systems.
(2) The credit institution shall validate its own rating systems to demonstrate how it arrived

at its risk estimates and confirm that its processes for assigning risk estimates are likely to
work as intended and continue to perform as expected.
SUBSECTION 51^3: Iterative process of validation
Art. 473
(1) The credit institutions shall periodically refine validation tools in response to changing
market and operating conditions. The credit institutions and the National Bank of Romania
shall engage in an iterative dialogue on the strengths and weaknesses of particular rating
systems.
(2) The credit institutions shall adjust and improve their validation techniques in response to
changing practices in the industry and as more data becomes available.
SUBSECTION 51^4: Validation methods
Art. 474
(1) For the purposes of rating systems validation, performed by the credit institution, they
shall take into consideration that there is no universal quantitative or qualitative tool that
can be used for all portfolios in all the credit institutions for example, back-testing may
prove difficult for portfolios where there is a low level of historical defaults. The validation
techniques may also differ across portfolios such as retail versus wholesale credit and
across markets.
(2) The credit institution shall understand the underlying philosophy of the rating system
and shall properly take it into account when determining which validation tools and
techniques shall be applied, both to the choice of validation methods for assessing the
accuracy and stability of the rating system, and to the choice of methods for assessing the
appropriateness of the stress tests applied to that system.
(3) The validation process shall contain a mix of developmental evidence of the rating
system assessing the logic of the approach, its conceptual soundness, statistical testing
performed prior to use , benchmarking and process verification comparisons to relevant
alternatives, verification that the process is being applied as intended , and outcomes
analysis back-testing. The balance in the required use of these tools varies between rating
systems, depending for example on the extent to which outcomes analysis is reliable.
SUBSECTION 51^5Quantitative and qualitative validation
Art. 475
(1) The validation of rating systems performed by the credit institution shall encompass both
quantitative and qualitative elements for example, the performance by the credit
institution of a validation exclusively as a purely technical/mathematical exercise, in which
outcomes are compared to estimates using statistical techniques which may play, in certain
circumstances, a critical role in such assessments, is likely to be insufficient.
(2) For the purpose of the para. (1), in assessing the overall performance of a rating system
the credit institution shall assess the components of the rating system data, models, etc. ,
as well as the structures and processes underlying the rating system. This assessment shall
include an assessment of controls inclusively as for independence degree ,
documentation, internal use, and other relevant qualitative factors.
(3) To the extent that outcomes analysis does provide strong support for the estimates, the
credit institution can rely in a lower degree on other elements, but even in these cases, the
credit institution shall examine the possibility of future changes in the economic
environment, borrower composition, the credit institutions practices, etc., which results in
those estimates no longer proving valid in the future. Where outcomes analysis is less
reliable, the credit institution shall place more emphasis on how the rating system is

implemented and used in practice, on the reasonableness of other validation procedures

that are used and on the manner they are monitored, and on the existence of an
appropriate control and technology environment.
(4) In order to supplement purely quantitative techniques, the credit institutions shall be
able to bring sufficient experience and judgement to the development, adjustment,
interpretation, and validation of rating systems and estimates.
(5) The qualitative phase of the credit institutions assessment shall focus on how the
various information is interpreted to produce final assignments of the grades or pools and
parameter estimates.
SUBSECTION 51^6: Independent review
Art. 476
(1) Validation processes and outcomes shall be subject to independent review.
(2) For the purpose of para. (1), the credit institutions validation processes and results shall
be reviewed for integrity by parties within its organisation that are independent of those
responsible for the design and implementation of the validation process. The activities of the
review process may be distributed across multiple units or housed within one unit of the
credit institution, depending on the governance arrangements of the credit institution.
(3) Regardless of the credit institution's control structure, the internal audit has an oversight
responsibility to ensure that validation processes are implemented as designed.
SECTION 52:Benchmarking and back-testing
Art. 477
The credit institutions validation process shall ensure the compliance on an ongoing basis
with the requirements on providing sound, robust, and accurate predictive and forwardlooking estimates of risk parameters and with the requirements on having a system of risk
segmentation which accurately differentiates risk, and a quantification process which
accurately estimates those parameters.
Art. 478
(1) The credit institutions shall use back-testing and benchmarking as quantitative validation
tools in their validation process.
(2) In cases where a lack of internal or external data prevents the proper use of the
techniques mentioned in para. (1), the credit institutions shall apply an appropriate margin
of conservatism in their estimations. If the lack of data is caused by the efforts of the credit
institution to use only data that was collected under economic downturn conditions, the
credit institution shall assess carefully the use of an additional layer of conservatism.
SUBSECTION 52^1:Back-testing
Art. 479
(1) The back-testing consists of checking performed by the credit institution of the
performance of the risk rating systems estimates by comparing realized risk parameters
ex-post with estimated risk parameters ex-ante in each grade or pool.
(2) The back-testing can be accomplished by the credit institution using statistical methods
to implement statistical tests for defining acceptable levels of the potential discrepancy
between ex-ante expectations and ex-post realisations.
Art. 480
The assessment of back-testing results performed by the credit institution shall focus at least

on the following issues:

a) the underlying rating philosophy used in developing rating systems such as if
probabilities of default are derived from point-in-time or through-the-cycle ratings. In
order to avoid erroneously assigning differences in rating philosophies to inaccuracies in
reported estimates, the credit institutions that use different rating systems shall take into
account any differences in their rating philosophies when back-testing estimates of risk
parameters;
b) the credit institutions shall have a policy that outlines, at least in general terms,
remedial actions, for example, whenever back testing results breach internal tolerance
thresholds for validation, if such thresholds are used;
c) when back-testing is hindered by lack of data or insufficient quantitative information
as in the case of estimates that relate to rarely observed economic downturn conditions ,
the credit institutions shall rely more heavily on additional qualitative elements such as
quality control tests, benchmarking with external information, etc.;
d) the identification of the specific reasons for discrepancies between predicted values
and observed outcomes for example, variations through time that might affect credit
institutions risk analysis and consequently their back-testing results;
e) the credit institutions shall adopt and document policies which explain the objectives
and logic underlying their benchmarking exercises.
SUBSECTION 52^2: Benchmarking
Art. 481
(1) The benchmarking permits the credit institution to assess the accuracy of the quantified
risk parameters by assessing the consistency of the estimated parameters with those
obtained by other estimation techniques such as other rating systems and potentially
with those obtained using other relevant data sources such as other credit institutions or
external credit assessment institutions , provided that those data are appropriate to the
credit institutions portfolio.
(2) When performing benchmarking own risk estimates against risk estimates deriving from
other sources, internal or external, the credit institutions are expected to investigate the
sources of substantial discrepancies between the values of risk parameters resulting from
their internal risk rating system and those obtained from the other sources.
(3) Regardless of the benchmarking method used, the credit institutions shall demonstrate
to the National Bank of Romania that their rating systems are performing in compliance with
the minimum requirements set out in part 3, title II, chapter 3, section 6 of Regulation (EU)
No. 575/2013.
Art. 482
The assessment of benchmarking results performed by the credit institution shall focus at
least on the following points:
a) the underlying rating philosophy used in developing rating systems such as if
probabilities of default are derived from point-in-time or through-the-cycle ratings. In
order to avoid erroneously assigning differences in rating philosophies to inaccuracies in
reported estimates, the credit institutions that use different rating systems shall take into
account any differences in their rating philosophies when back-testing estimates of risk
parameters;
b) the procedure for establishing tolerance thresholds for validation, and the list at least
in broad terms of the types of possible responses in cases where these thresholds are

breached;
c) the additional qualitative elements of their implementation of benchmarking;
d) the identification of unanticipated changes over time that might affect benchmarking
results;
e) the credit institutions shall adopt and document policies which explain the objectives
and logic underlying their benchmarking exercises.
SECTION 53: Low-default portfolios
Art. 483
The low-default portfolios respectively portfolios with few or no defaults observed can
arise under different circumstances, and can be categorised as follows:
a) long-term portfolios, which contain high-quality borrowers such as institutions or a
small number of borrowers such as central governments or central banks versus shortterm portfolios such as portfolios including new entrants into a market; or
b) systemic portfolios portfolios with data unavailable for all the credit institutions ,
versus credit institution specific portfolios portfolios with data unavailable for the credit
institution in question, one of the reasons being likely to consist of the insufficient effort
to enhance its database with suitable external data.
Art. 484
The principles set out in the following provisions of this subsection are aimed at systemic
low-default portfolios, and do not generally apply to the credit institution specific lowdefault portfolios.
Art. 485
The credit institutions may include exposures in low-default portfolios in the internal ratings
based approach even in case of the absence of sufficient data to validate probability of
default, loss given default and conversion factor estimates on a statistical basis if the credit
institution can demonstrate that the methods and techniques applied to estimate and
validate the enumerated risk parameters constitute a sound and effective risk-management
process and are employed in a consistent way. The credit institutions shall use an
appropriate conservatism in risk parameter estimation.
Art. 486
(1) The credit institutions processes for probability of default, loss given default and
conversion factor estimation in the case of low-default portfolios shall be supported by
appropriate methodologies. Wherever possible, the credit institutions shall take into
account additional information in the estimation process such as ratings, prices, etc.
(2) The validation process for low-default portfolios may display some similarities to the
validation process for non-low-default portfolios, and the credit institutions shall ensure
compliance with the minimum requirements laid down in part 3, title II, chapter 3 of
Regulation (EU) No. 575/2013, in particular regarding adequate margins of conservatism.
Art. 487
The credit institutions shall pay particular attention to implementation, use and to ensuring
that control and technology environment and internal validation procedures are appropriate.
Art. 488
(1) The credit institutions shall reinforce qualitative validation of low-default portfolios,

relative to non-low-default portfolios. In case of low-default portfolios, the design of rating

models, the quality of the data used in developing and deploying the models, and the
internal use of the rating system shall be key areas of the validation process.
(2) In case of low-default portfolios, the credit institution shall treat the compliance with the
use test with particular caution, given the inherent difficulty in proving the accuracy of the
estimates of probability of default, loss given default and conversion factor.
(3) For assigning ratings in low-default portfolios, the credit institutions shall apply
standardized procedures, as is the case with non-low-default portfolios. These procedures
can be based on expert judgement and/or on external data. In any case, the credit
institution shall monitor the quality, objectivity and credibility of the data sources, and to
strengthen the transparency and completeness of documentation.
SUBSECTION 53^1: Quantitative validation
Art. 489
(1) The credit institutions shall ensure the compliance with the requirement on performing a
quantitative validation for low-default portfolios, even in the case of limitations in the
dataset. Whenever few or no defaults are observed, a quantitative validation can be
approximated such as by assessing rating migrations, using credit spreads where
appropriate.
(2) The credit institutions shall use adequate and consistent methods to ensure a sound and
effective assessment and measurement of risk. The criteria to be reviewed in quantitative
validation shall include at least calibration whose validation is likely to be based more on
expert judgement, utilising the extensive internal and/or external experience with the
particular type of business , discriminative power and stability.
Art. 490
The credit institutions shall examine the discriminative power of the models by the use of
qualitative and quantitative analyses for example, depending on the amount of data,
different techniques can be employed, such as internal benchmarking, comparison with
other ratings and models, comparison with other external information.

SECTION 6: Governance arrangements

SECTION 61: The responsibilities of the credit institutions management body and internal
reporting
SUBSECTION 61^1: The responsibilities of the credit institutions management body
Art. 491
(1) The credit institutions management body is ultimately responsible for sound governance
of the internal ratings based approach framework.
(2) In order to improve the understanding of the rating system among the members of the
bodies having supervisory function and to improve efficiency, the bodies having supervisory
function may, where appropriate, establish a committee which shall assist them in
performing their tasks falling within the scope of the internal ratings based approach
framework such as a risk management committee.
(3) The bodies having management function can delegate certain tasks to medium level
managers within the credit institution, remaining responsible for developing and

implementing internal ratings based approach framework as well as for the general
awareness of this framework.
Art. 492 For the purposes of Art. 189 para. (1) of Regulation (EU) No. 575/2013, the
material aspects of the rating and estimation processes include among others:
a) the risk management strategies and policies regarding the internal rating system
including all material aspects of the rating assignment and risk parameter estimation
processes;
b) the organizational structure of the control functions;
c) specifying acceptable risk level using internal ratings based approach results to define
the credit risk profile of the credit institution in question .
Art. 493
The management body of a credit institution is responsible for making formal decisions on
the implementation of the internal ratings based approach, including the overall approval of
the project, the specification of goals, the appointment of the organizational structure
components responsible for implementation and the establishment of a schedule of the
necessary implementation steps.
Art. 494
The bodies having supervisory function of a credit institution shall exercise an effective
oversight and shall be involved, on an on-going basis, in the oversight of the control
procedures of internal audit.
Art. 495
(1) The bodies having management function of a credit institution shall ensure, on an
ongoing basis, that the control mechanisms and measurement systems adopted by the
credit risk control unit are adequate and that the overall internal ratings based approach
system remains effective over time.
(2) The bodies having management function of a credit institution shall have a good
understanding of credit policies, underwriting standards, lending practices, and collection
and recovery practices, and shall understand how these factors affect the estimation of
relevant risk parameters.
(3) The bodies having management function of a credit institution shall ensure that the
following tasks are being addressed:
a) ensuring the soundness of risk-taking processes, even in a rapidly changing
environment;
b) determining how internal ratings are used in the risk-taking processes;
c) identifying and assessing the main risk drivers, based on the information provided by
the credit risk control unit;
d) defining the tasks of the risk control unit and evaluating the adequacy of its
professional skills;
e) monitoring and managing all sources of potential conflicts of interest;
f) establishing effective communication channels in order to ensure that all staff are
aware of relevant policies and procedures;
g) defining the minimum content of reporting to the bodies having supervisory function or
to the committee assisting them in fulfilling the responsibilities that fall within the scope

of the internal ratings based approach framework such as the risk management
committee; and
h) examining reports from internal audit.
Art. 496
The bodies having management function of a credit institution shall also check, on a regular
basis, that the control procedures and measurement systems adopted by the credit risk
control unit and the internal audit are adequate and that the overall internal ratings based
approach system remains effective over time.
Art. 497
The credit risk control unit is responsible for the proper functioning of the rating systems
and submits rating systems for approval to the management body.
Art. 498
(1) The internal audit shall provide an assessment of the overall adequacy of the internal
control system and of the credit risk control function.
(2) The management body of a credit institution is responsible for the reviews performed by
the internal audit for the purposes of part 3, title II, chapter 3 of Regulation (EU) No.
575/2013, and of the present regulation and has full and independent control over these
reviews.
(3) The management body of the credit institution shall communicate directly with the
internal audit at all stages, and the internal audit in turn shall report directly to the
management body of the credit institution during the review.
(4) The credit institution using an external vendors methodology shall perform also an
assessment through internal audit or through other internal assessment unit to ensure a
thorough understanding of the vendors methodologies. Such a review can be
considered reliable only if it is performed by an internal unit that is sufficiently familiar
with all aspects of the reviewed systems and methodologies.
SUBSECTION 61^2: Internal reporting
Art. 499
(1) The internal ratings based analysis of the credit institution's credit risk profile shall be an
essential part of the internal reporting system. The recipients of the reporting shall
include not only the management body of the credit institution or, as appropriate, the
committee which assists the bodies having supervisory function in fulfilling their tasks
that fall within the scope of internal ratings based approach, but also all of the internal
functions responsible for originating and monitoring credit risks. The frequency and
content of reporting shall be formally approved by the management body of the credit
institution.
(2) The frequency and scope of reporting shall be set according to the nature of the
recipient and the level of risk. The level of risk could depend, for example, on the ratings
or the size of exposures.
Art. 500
Reporting to bodies having management function of a credit institution shall enable them to
monitor the evolution of credit risk in the overall portfolio. The scope of information such
as rating classes, risk pools, probability of default bands to be included in the internal
reporting may vary according to the nature, size, and degree of complexity of the business of

the credit institution.

Art. 501
(1) In order to fulfil the minimum requirements relating to reporting set out in Art. 189 para.
(3) of Regulation (EU) No. 575/2013, the following information may be provided:
a) a description of the rated portfolios amounts, number of obligors, probabilities of
default per grade or pool, percentage of coverage with internal ratings based approach
with respect to the total portfolio, breakdown by entities, sectors, sub-portfolios and
business units;
b) the distribution of the overall portfolio according to grades or pools, probability of
default bands, and loss given default grades, and a comparison with the previous year;
c) a comparison of realised default rates and loss given default and credit conversion
factors for credit institutions on advanced internal ratings based approaches against
expectations;
d) the results of stress tests;
e) an estimate of regulatory capital requirements and economic capital; and
f) the portfolios migration across grades or pools.
(2) In addition to the requirements relative to reporting mentioned in para. (1), the credit
risk control unit shall address specific reports to bodies having management function
relating to the rating system review process. It is the responsibility of the credit risk control
unit to provide coherent reporting that is clearly related to target variables.
SECTION 62:Independent credit risk control unit
SUBSECTION 62^1: Scope of activity
Art. 502
(1) The credit risk control unit shall mainly ensure on a regular basis that the rating system
and all of its components rating assignments, parameter estimation, data collection, and
oversight are functioning as intended. The credit risk control unit shall perform the
following tasks, among others:
a) the design/selection of the rating system perform or review;
b) the ongoing review of the rating criteria and model development;
c) the verification of the accuracy of all grades and pools;
d) the assessment of consistency across industries, portfolios, and geographical regions;
e) the assessment of model use;
f) the analysis of the reasons for overrides and exceptions;
g) the quantification process perform or review;
h) the back-testing;
i) the analysis of actual and predicted ratings transitions; and
j) the benchmarking against third party data sources.
(2) The results of the credit risk control units review shall be reported to bodies having
management function at least twice annually.
Art. 503

(1) For the purposes of Art. 190 of Regulation (EU) No. 575/2013, the expression credit risk
control unit shall be interpreted exclusively in the sense of the functional part of this term
as credit risk administration function , respectively not in the sense of organisational
structure component.
(2) Any potential for lack of objectivity triggered by the coexistence of review and
elaboration/selection functions within the same organizational unit shall be offset with
controls, administered by the internal audit. The coexistence of the two functions within the
same organizational unit shall be made transparent.
SUBSECTION 62^2: Location of credit risk administration function within the organizational
structure of the credit institution
Art. 504
The credit risk administration function shall depend directly on bodies having management
function, wherever the unit is located within the organizational structure of the credit
institution. The internal audit shall review whether the location of the credit risk control
function may reduce its independence.
Art. 505 The credit risk administration function shall always have high standing within the
organizational structure of the credit institution, and shall be staffed by individuals
possessing the requisite stature, skills, and experience.
SUBSECTION 62^3: Independence of the credit risk administration function from the
functions responsible for originating or renewing exposures
Art. 506
The internal audit shall determine the real degree of independence of the credit risk
administration function whatever option is adopted by the credit institution in order to
ensure the independence of the credit risk administration function such as making the
credit risk control unit depend directly on bodies having management function, maintaining
a separation between the control functions and the commercial area/relationship managers,
up to the level of the responsible member of bodies having management function.
Art. 507
(1) In order to prevent potential undesirable effects of a strict separation between the
commercial function and the credit risk control unit, but not referring hereby to the credit
risk administration function, for example, models developed by risk managers without the
contribution of relationship managers can be rejected by the latter, or staff from the
commercial lines can be tempted to force some of the models inputs , especially qualitative
inputs, in order to adjust the models outcome to their assessments affecting the use test ,
the staff from the credit risk control unit and commercial department shall cooperate
actively in the development of the model.
(2) In order to ensure the desired independence after model development, the exchange of
information can be made through committees.
SECTION 63: Role of internal audit
Art. 508
(1) In order to review whether the credit institutions control systems for internal ratings and
related parameters are robust, the internal audit function shall have an appropriate
understanding of all the processes of the rating systems, including those processes which
generate the estimates of risk parameters.
(2) As part of its review of control mechanisms, the internal audit shall evaluate the depth,

scope, and quality of the credit risk administration functions activity. The internal audit may
also conduct tests to ensure that the credit risk administration functions conclusions are
well-founded.
(3) The internal audit shall review the adequacy of the IT infrastructure and data
maintenance.
(4) In case of the credit institutions using statistical models, the internal audit shall conduct
tests for example, on specific business units in order to check data input processes.
Art. 509
The internal audit shall report at least annually to the management body on the credit
institutions compliance with the internal ratings based approach requirements.
Art. 510
(1) In order to strengthen its independence, the internal audit shall not be directly involved
in model design/selection.
(2) The internal audit shall be staffed by individuals possessing the requisite stature, skills,
and experience in order to perform the tasks set out in this regulation.
Art. 511
(1) Notwithstanding the need for independence, some cooperation between internal audit
and the credit risk administration function is allowed, for example in order to address
potential weaknesses or biases in the rating system.
(2) For the purposes of the para. (1), the information on overrides detected by the credit risk
administration function in a specific portfolio or business unit shall be passed on to internal
audit so that it can assess whether the overrides stem from model biases for example,
because the model is unfit to produce ratings for specific businesses or from a lack of
independence of relationship managers. Nevertheless, the credit risk administration
function has sole responsibility for the rating systems performance. The audit function shall
not be involved in day-to-day operations such as reviewing each individual rating assignment.
SECTION 64: Independence in rating assignment
Art. 512
(1) The credit institutions shall ensure the independence in the rating assignment process,
taking into account their organizational structure and the manner they conduct their lending
activities.
(2) In cases where the credit institutions recourse to one of the following approaches on
rating assignments, respectively:
a) the rating assignment made by relationship managers;
b) Rating assignment by models whose outcome cannot be modified by the users
c) the rating assignment by independent credit officers or by rating committees; or
d) the rating assignment based on mixed approach, the credit institutions shall comply
with the requirements relative to the used approach, set out in the following provisions of
this subsection.
SUBSECTION 64^1: Rating assignment made by relationship managers
Art. 513
(1) In case of rating assignment based on judgemental approaches, respectively giving
responsibilities to relationship managers for assigning and approving ratings, the credit

institutions shall offset the potential lack of independence in rating assignment such as
conflicts of interest resulting from tying the compensation of the staff in question to the
volume of business they generate or potential loss of objectivity in case the staff in question
become too close to the borrower with internal controls to prevent the bias from affecting
the rating process.
(2) The controls set out in para. (1) shall operate in practice and shall include, at a minimum,
a comprehensive, independent review of ratings by risk administration functions for
example, off-site monitoring by the credit controllers, analysis of rating performances by the
credit risk control unit and on-site review by internal audit.
(3) In order to ensure the rating assignment independence, the credit institutions may
recourse, as an additional measure, to linking the compensation of the relationship manager
to risk-adjusted performance measures such as risk-adjusted return on capital based on
the outputs of the internal ratings based approach system.
(4) For non-retail business, the credit institutions shall not delegate rating responsibility
assignment or review entirely to relationship managers, the relationship managers
carrying out only a preliminary credit assessment to be validated afterwards by other
independent officers.
SUBSECTION 64^2: Rating assignment by models whose outcome cannot be modified by the
users
Art. 514
(1) In case of rating assignment by models whose outcome cannot be modified by the users
respectively assessing the creditworthiness based on the model itself , the credit
institutions shall ensure the independent vetting of input data since biases in rating
assignments could stem only from errors or fraud in the input of relevant data.
(2) The credit risk administration function shall verify on an on-going basis that the model
remains predictive of risk, by means of specific validation sessions based, for example, on
back-testing or benchmarking of model outcomes.
SUBSECTION 64^3: Rating assignment by independent credit officers or by independent
rating committees
Art. 515
(1) In order to ensure a clear separation between the people who own the relationship and
propose new credit applications from the people who are ultimately responsible for the
rating assignment, the credit institutions may assign sole responsibility for assigning and
approving ratings to credit officers or rating committees that report to an independent
credit function. In case the credit institutions resort to this rating assignment approach, in
addition to assigning and approving ratings, the credit officers shall regularly monitor the
condition of obligors and refresh ratings as necessary.
(2) Taking into account the difficulty to evaluate in practice the true degree of independence
of the credit officer/rating committee especially for the largest counterparties for which
approval limits are set at the level of the management body the credit institution using this
approach shall carefully consider the organizational structure and the relationship between
relationship managers and credit officers, inclusively as for credit officers access to
borrower information which in case it is limited, this may affect the discriminative and
predictive power of ratings.
(3)The credit risk administration function shall have an essential contribution to overcome
the potential disadvantages of this approach, set out in para. (2), especially with regard to
the assessment of ratings performance and the on-going review of the rating system.

SUBSECTION 64^4: Rating assignment based on mixed approach

Art. 516
(1) In order to assign ratings, the credit institutions can use a mixed approach for example,
the rating assignment is initially determined by statistical or judgemental models; if the
relationship manager, who is responsible for data input, is satisfied with the models
outcome, then the final rating will be the models rating; if the relationship manager
disagrees with the models outcome, he can propose an override to a senior officer or,
according to the size of the exposure, to a rating committee which is ultimately responsible
for confirming the models rating or changing it.
(2) In case the credit institution uses a mixed approach, it must consider carefully the
features of the models combined with the organisational structure for example, if the
rating model is not suited to a particular class of obligors or facilities, there will probably be
a large number of overrides, and relationship managers may also be tempted to force some
input data in order to adjust the models results to own assessments.
(3) For the purposes of para. (2), the credit institutions shall ensure that all relevant
information is considered in the rating assignment process, and shall take the necessary
steps to identify potential rating errors. In addition, the internal controls are needed to
ensure the accuracy of data inputs. All overrides shall be duly motivated by the relationship
managers and all the relevant decisions both confirmations and rejections of proposed
overrides - shall be stored, in order to allow the credit risk administration function to
perform back-testing correctly.
TITLE VII: Preparatory notification of using a standard approach, approval of the standard
alternative use and the approval of the advanced approach use of evaluation (operational
risk)
CHAPTER I: Preparatory notification of using a standard approach, approval of the
standard alternative
SECTION 1: General Provisions
Art. 517
In applying the provisions of art. 312 from the EU Regulation no 575/2013, the present
chapter established the requests that must be fulfilled in order to previously notify the
National Bank of Romania for the usage of the standard approach for the operational risk
and the ones for that the National Bank of Romania provides the approval of the alternative
standard approach for the operational risk, as well as the documentation requested to the
credit institutions to this extent.
SECTION 2: Previous notification of the standard approach use
SECTION 21: Requests for the previous notification of the standard approach
Art. 518
A credit institution that intents to determine the capital requirement for the operational risk
according to the standard approach must previously notify the National Bank of Romania
regarding the intention of using this approach, by mentioning the moment it wishes its use
from.
Art. 519
(1)The request of previous notification must be accompanied by the following documents:

a)a document in which is described the self-evaluation process and where its conclusions
are presented, by which it is certified the fulfillment, by the credit institutions, of the specific
requests for a standard approach, respectively of the 3rd part provisions, title III, chapter 3
from the EU Regulation no 575/2013, as well as an internal audit report;
b)the documentation by which are established the procedures aimed to provide the
fulfillment of the provisions of art. 320 from the EU Regulation no 575/2013, as well as the
politics and the criteria of the credit institution for the enrolment of the activities from the 8
lines mentioned in table 2 from art. 317 on the same regulation;
c)form C 16.00 - OPR Operational risk mentioned in annex no I of the Technical Standard of
Implementation issued for the appliance of the EU Regulation no 575/2013, accompanied by
the presentation of the means by which there are determined the relevant indicators for the
business line;
d)a notification where it is specified, if applicable, the moment from which the credit
institution started to use the standard approach for internal purposes.
(2)The credit institutions must notify the National Bank of Romania who is the person in
charge with the maintenance of the relationship with the National Bank of Romania and
his/her substitute.
Art. 520
(1)The document by which the warrant is done, mentioned in article 519 paragraph (1) letter
a), must be signed by a person authorized to hire the credit institution.
(2)The document mentioned in paragraph (1) is necessary inclusively if the National Bank of
Romania makes its own evaluation on order to establish if the credit institution is
conformant to the requests imposed by the provisions of the 3rd part, title III, chapter 3 from
the EU Regulation no 575/2013 for the standard approach.
Art. 521
(1)Within the self-evaluation process, there must be taken into account the aspects that
reference is being made about within the subsection 2.2, aspect that are going to be
checked within the document mentioned in article 519 paragraph (1) letter a).
(2)To the extent it may be necessary, the self-evaluation can be achieved by aid of the
external auditors teams.
(3)While drafting the internal audit report mentioned in article 519 paragraph (1) letter a)
there shall be taken into consideration the appropriateness of the administration system for
the operational risk and of the self-evaluation process, being looked after the conformity
with the specific requests.
Art. 522
(1)In case a credit institution, Romanian legal person, is a mother-company and, at the
groups level, it is intended the use of the standard approach for the determination of the
capital request for the operational risk, the previous notification request at the groups level
must be submitted by the mother-credit institution to the Romanian National Bank
(2) In case a credit institution, Romanian legal person, is a subsidiary of a mother-credit
institution at the European Union level, and the groups level intends to use the standard
approach in order to determine the capital request for the operational risk, the credit
institution, Romanian legal person must notify the Romanian National Bank, even if the
mother-credit institution already submitted a written notification to this extent for the
whole group to the competent authority responsible with its surveillance.
(3)In the cases mentioned in paragraph (2), the National Bank of Romania may accept, from
case to case, that the self-evaluation is achieved at the groups level, and not at individual
level, if the principle of proportionality is observed, respectively if the dimension and

complexity of the activities developed by the Romanian legal persons subsidiary are
adequately taken into consideration within the group analysis.
(4)The credit institutions shall communicate the Romanian National Bank, together with the
information provided according to article 519, the structure of the group they belong to, the
competent responsible authorities for the members surveillance, as well as the approaches
they use.

Art. 523
(1)The notification request submitted to the credit institutions shall be accompanied by
exact and complete information.
(2)The credit institutions are responsible for the fulfillment of the requests mentioned in
paragraph (1).
(3)In case the supplied information together with the notification request become inexact or
incomplete, significantly in relation to the activity of the credit institution, this one must
notify the National Bank of Romania over this fact and to supply updated information.
Art. 524
(1) The credit institution must send to the National Bank of Romania any supplementary
documents in this respect.
(2)In case the credit institution appreciates that the supplementary documents they dispose
of present a high degree of relevance for the evaluation by the National Bank of Romania of
the notification request of using the standard approach for the determination of the capital
request for the operational risk, may transmit them together with the documents requested
in article 519.
SECTION 22: Aspects that must be taken into consideration by the credit institutions within
the self-evaluation period
Art. 525
The credit institution communicates the National Bank of Romania the operational risks
definition internally established, as well as the appreciation of its conformity with the
definition from article 4, point 52 from the EU Regulation no 575/2013.
Art. 526
(1)The self-evaluation shall take into consideration the politics and the criteria established
by the credit institution in order to frame the activities on the 8 lines mentioned in table 2
from article 317 from the EU Regulation no 575/2013, with accent on their conformity
degree with paragraph (1) and the principles rendered in paragraph (2) of article 318 from
the same regulation.
(2) The self-evaluation shall take into consideration the politics and the criteria established
by the credit institution in order to determine the relevant indicators for the 8 lines
mentioned in table 2 from article 317 from the EU Regulation no 575/2013, with accent on
their conformity with the principles mentioned in paragraph (2) of article 318 from the same
regulation, as well as the approach of the credit institution as regard to the submission of
the relevant indicator assignment on independent examination activities.
Art. 527
As regard to the specific qualitative requests for a standard approach, the self-evaluation
process shall take into consideration the appropriateness of the evaluation and
administration system of the operational risk of the credit institution that has precise and

well defined responsibilities, with accent on the conformity degree with the specific criteria
for the standard approach mentioned on article 320 from the EU Regulation no 575/2013.
SECTION 3: Approval for using the standard alternative approach
Art. 528
(1)A credit institution that intents to determine the capital request for the operational risk
according to the standard alternative approach, must request the National Bank of Romania
an approval for using the approach, by mentioning the moment its use is pursued for.
(2)In order to get the approval mentioned in paragraph (1), the credit institution must
supply, together with the approval request, all the documents mentioned in article 519,
paragraph (1).
(3)The provisions of article 519, paragraph (2) and the other articles 520-527 are applied
accordingly.
Art. 529
In order to get the approval for the application of the standard alternative approach, within
the process of self-evaluation there will be taken into consideration, supplementary to the
ones indicated in article 526-527, the dispositions of article 319 paragraph (2) from the EU
Regulations no 575/2013, including the explanation of the means the use of the standard
alternative approach leads to an equitable evaluation of the operational risk to which the
credit institution is exposed at.
Art. 530
The credit institutions that do not longer fulfill the specific supplementary requests for the
standard alternative approach, but they are conformant to the specific requests for the
standard approach, shall apply the standard approach in order to determine the capital
requests for the operational risk, following to notify the National Bank of Romania in written,
to this extent, yet without supplying, next to the notification, the documents and the
information requested in article 519.
Art. 531
The National Bank of Romania shall notify the credit institutions regarding the approval for
the use of the standard alternative approach. The approval notification may comprise
supplementary requests with which the credit institutions must conform until the date the
capital request is reported for the operational risk according to the standard alternative
approach.
Art. 532
The ascertainment of the National Bank of Romania made during the approval process, of
some significant discrepancies within the information supplied by the credit institutions,
respectively in the conclusion of the self-evaluation process, leads to the refusal of appraisal
for using the standard alternative approach for the determination of the capital research for
the operational risk.
CHAPTER II: Approval for using advanced measurement approach
SECTION 1: General provisions
Art. 533
This chapter sets standards and requirements that must be complied with in order to use
the advanced measurement approach for the calculation of the capital requirement for

operational risk in accordance with the provisions of part 3, title III, chapter 4 of the (EU)
Regulation no. 575/2013, as well as in order to obtain the requisite approval from the
National Bank of Romania.
Art. 534
With respect to the present chapter, the terms and expressions below have the following
meanings:
a) operational risk class category of operational risk that is homogeneous in terms of
the risks covered and the data available to analyze those risks;
b) operational risk estimate the distribution of losses identified in each operational
risk class;
c) operational risk measure a single statistic or parameter extracted from the
operational risk estimate;
d) calculation data set the part of the institutions internal operational risk data that
is to be used for the generation of regulatory operational risk estimates and measures;
e) rapidly recovered loss event operational risk event that leads to a loss that is
completely recovered in a short period;
f) near miss event operational risk event that does not lead to a loss or a gain;
g) operational risk gain event operational risk event that generated a gain;
h) multiple time losses group of subsequent losses occurring in different periods of
time, but relating to the same operational risk event;
i) multiple effect losses group of associated losses that affected different entities or
business lines, units, etc., but that are related to the same causing event;
j) correlation any form of dependency, linear or nonlinear, relating to all the data
(actual or constructed) or just to the tail or the rest of the distribution, across two or
more operational risk classes, caused by the presence of common factors of different
nature, internal or external to the credit institution, factors which can influence the
frequency or severity of losses observed in more than one operational risk class;
k) operational risk transfer techniques operational risk transfer instruments utilized
by the credit institution so as to manage and reduce the risk to which it is exposed;
these are operational risk insurance contracts and other transfer mechanisms of this risk.
SECTION II: Requesting approval for using advanced measurement approach
Art. 535
In the case of credit institutions planning to use the advanced measurement approach for
the calculation of the operational risk capital requirement at the individual level, the cover
letter itself shall mention that the credit institution is requesting the approval referred to in
art. 312 para. (2) of the (EU) Regulation no. 575/2013, having regard to the details in the
attached documentation that accompanies the application.
Art. 536
(1) The minimum documentation that shall be provided to the National Bank of Romania
with the cover letter requesting approval of the use of the advanced measurement approach
consists of the following:
a) documentation regarding the operational risk measurement systems;
b) documentation regarding the control environment of the operational risk
measurement system, the implementation procedures, and the IT infrastructure;
c) the implementation plan (including roll out) and, as the case may be, details
regarding permanent partial use;
d) the document in which the self-assessment process is described and in which the
conclusions of this process are presented, through which compliance with the minimum

standards and requirements imposed by the National Bank of Romania for the use of the
advanced measurement approach is certified, the document in which the conclusions
the internal validation programme carried out for the request of the approval for the use
of the advanced measurement approach are described and the audit report; the results
of the independent examination required under art. 553 para. (1) as well as the
description of the follow-up of the results of the internal validation programme shall be
included;
e) Form C16.00: OPR Operational risk and Form C17.00 OPR Details Operational risk:
gross loss amounts per business lines and event types within the last year, provided in
annex no. I to Technical Standard for Implementation, order issued in the application of
(EU) Regulation no. 575/2013.
(2) Except where indicated otherwise, the minimum documentation attached to the cover
letter requesting approval, referred to in para.(1), must contain general information about
the implementation of the advanced measurement approach.
Art. 537
(1) The cover letter requesting approval shall be signed by an executive member of the
management body of each of the legal entities requesting approval, member which
must be authorized to legally commit the respective entity.
(2) The signatory or, as appropriate, the signatories shall confirm within the cover letter
requesting approval that the attached documentation is a true and fair summary of the
subjects covered.
(3) For the purposes of para. (2), summary means that the documentation provides a
short description which only presents the main aspects - of the topic in question,
true means that the information contained in the summary is not false and/or
misleading, and fair means that the information presents a reasonable overall
summary, without leaving out significant issues; the minimum documentation attached
to the cover letter requesting approval referred to in art. 536 para. (1) must provide a
summary of the current or planned practices of the credit institution/institutions, in
sufficient depth to enable the National Bank of Romania to make an initial assessment of
the application for approval of the use of the advanced measurement approach and to
develop, based on risk, a plan for a more thorough assessment.
(4) Credit institutions shall inform the National Bank of Romania with regard to the person
responsible for maintaining contact with the latter, and to its deputy.
Art. 538
During the historical observation period of at least five years, respectively three years,
provided in art. 322 para. (3) letter a) of (EU) Regulation no. 575/2013, credit institutions
planning to use the advanced measurement approach for reporting the capital requirement
for operational risk must fill in and send to the National Bank of Romania, at the latters
request, Form C17.00: OPR Details - Operational risk: gross loss amounts per business lines
and event types within the last year, provided in Annex no. I to Technical Implementation
Standard, order issued in the application of (EU) Regulation no. 575/2013.
Art. 539
(1) For the purposes of art. 536 para. (1) letter a), the documentation regarding the
operational risks measurement systems shall include at least the following:
a) a map of the models to be used a statement where which operations and/or
operational risks are covered by which model is explained and where the use of
different models is justified;
b) a general description of all the models;

c) where the credit institution uses operational risk capital mitigation techniques, the
documentation regarding the coverage and measurement of expected losses, the
documentation regarding the policy of the credit institution on operational risk
insurance and other operational risk transfer mechanisms, as well as the documentation
regarding the examination and recognition of correlations.
(2) For the purposes of para. (1) letter b), the documentation regarding the general
description of the model/models shall include at least the following:
a) a list of the definitions set by the credit institution for operational risk, operational
risk losses, business lines, event types and other terms used and considered relevant by
the credit institution;
b) a general description of the model/models, respectively both a non-mathematical
description and a mathematical one, as well as the justification of the choice of it/ those;
for each model, at least the following shall be taken into consideration:
(i) description of the operational risk classes identified used in the calculation of
the capital requirement, including of the connection between these and the
regulatory business lines and event types from part 3, title III of (EU) Regulation
no 575/2013;
(ii) description of the way in which the operational risk measure is generated at a
soundness standard of 99.9% and, as the case may be, mention of the level of
confidence at which the initial measure is determined, as well as of the scaling
method used;
(iii) the results of the evaluation of the accuracy of the operational risk capital
requirement;
c) the operational risk data policy of the credit institution the related documentation
shall cover at least the following:
(i) the historical observation period used;
(ii) a description of workflows, procedures, and systems related to data collection
and data storage, including of those regarding the pulling together of relevant
data for the calculation of the capital requirement for operational risk, while
mentioning any manual interventions; it shall also include a description of the
characteristics of the losses recorded in the databases and the descriptions of
the databases used within the advanced measurement approach
documentation of significant databases must be sufficient to allow credit
institutions to provide to the National Bank of Romania the information
necessary to determine the soundness of the databases, as well as a general
description of the databases (approximate size, date of construction, owner etc.),
data sources, the processes used to obtain and load data, the filters used to
create and debug the database (i.e. minimum and maximum values), controls on
transparency, access, consistency, etc.;
(iii) minimum loss thresholds used for internal data collection and proof of
fulfilment of the provisions of art. 590 para. (3)
(iv) relevant information regarding the loss identification approach, the criteria for
mapping of data to business lines and event types, including the criteria referred
to in art. 322 para. (3) letter e) of (EU) Regulation no. 575/2013, and the policy
referred to in art. 591 para. (1), including the treatment of rapidly recovered
loss events;
(v) the approach of the credit institution on operational risk losses related to credit
risk and market risk;
(vi) if applicable, justification of the fact that the activities or exposures excluded,
taken both together and individually, do not have a material impact on overall
risk estimates;

(vii) description of the procedures to assess the relevancy of internal data on

operational risk losses over time;
(viii) external data description: description of the nature of external data and
mention of external data sources; description of the conditions and practices for
the use of external data, including description of any adjustments to make those
relevant to the credit institution; assessment of the relevancy of external data;
the approach of the credit institution with regard to regularly review the
conditions and practices for the use of external data and how these are
submitted to an independent review;
(ix) description of scenario analysis: procedures on the construction, assessment,
validation and reviews of scenarios; description of the way and degree in which
scenario analysis are used;
(x) description of business environment and internal control factors: description of
the way in which key business environment and internal control factors are
selected and taken into consideration in the operational risk measurement
system; justification of the sensitivity of operational risk estimates to changes in
the business environment and internal control factors considered, as well as of
their relative weighting; business environment and internal control factors
review and validation procedures of the credit institution; description of the
most important operational risk drivers and assessment of the ability of the
measurement system to adequately capture them;
(xi) description of the way in which the double taking into account of the positive
results of qualitative assessments or of the operational risk mitigation
techniques is avoided;
(xii) description of the way in which the four key elements used within the advanced
measurement approach, indicated in art. 322 para. (2) letter b) of (EU)
Regulation no. 575/2013, are weighted and/or combined, while indicating,
where applicable, the varying of this way from one operational risk class to
another, including description of the importance of qualitative elements in the
measurement system;
(xiii) a global map of all the data and IT system weaknesses found during the internal
validation and review process, including how the credit institution plans to
correct or reduce the weaknesses.
(3) For the purposes of para.(1) letter d), the documentation regarding the coverage and
measurement of expected losses, which shall be attached to the cover letter requesting
approval, shall contain at least the following:
a) the description of the way in which expected losses are measured, the justification
of its choice, as well as addressing its consistency with the way in which the capital
requirement is determined within the advanced measurement approach model,
and
b) the description of credit institutions internal practices that capture in an
appropriate manner the expected losses, of the way in which offsets for expected
losses meet the general principles provided by art. 580 para. (3) (6) and, as the
case may be, the proof required under art. 580 para. (9).
(4) For the purposes of para. (1) letter d), the documentation regarding the policy of the
credit institution on operational risk insurance and other operational risk transfer
mechanisms, which must be attached to the cover letter requesting approval, shall include
at least the following:
a) proof of the significant nature of mitigation of the exposure to losses from
operational risk as a result of the insurance against this risk and of other risk transfer

mechanisms and specification of the degree of mitigation of the capital requirement

as a result of recognising their impact;
b) description of the credit institutions policy regarding the use of the insurance or
other operational risk transfer mechanisms, including, as the case may be, the
description of the conditions taken into consideration for recognising their effect on
terms of mitigating the capital requirement, and
c) description of the methodology for recognising the effect of insurance and other
operational risk transfer mechanisms in the calculation of the capital requirement.
(5) For the purposes of para. (1) letter d), the documentation regarding the examination and
recognition of correlations, attached to the cover letter requesting approval, must include at
least the following:
a) justification for taking correlations into account in the calculation of the capital
requirement for operational risk;
b) description and justification of the choice of method/methods for determining
correlations, presentation of the associated assumptions and description of the
validation process and for ensuring their reliability, relevance and accuracy on an
ongoing basis, and
c) description of the way in which correlations are recognised within the model in the
calculation of the capital requirement for operational risk.
Art. 540
The National Bank of Romania may ask a credit institution to undertake additional analyses
to those indicated within art. 539 in order to facilitate the assessment of the operational risk
measurement system.
Art. 541
For the purposes of art. 536 para. (1) letter b), the documentation regarding the control
environment, implementation procedures, and the IT infrastructure shall include as a
minimum:
a) an overview of the internal governance of the credit institution, i.e.:
(i)
the role and responsibilities of the management body concerning the
management of the operational risk, and indicate, as the case may be, the
delegation of certain responsibilities;
(ii)
the role and responsibilities of the operational risk management function,
including a description of the way its independence is ensured;
(iii)
a description of the role of internal audit;
(iv)
if applicable, a description of the role of each committee involved in the
governance related to operational risk;
(v)
a description of the operational risk reporting structures, including how and
with what frequency the report on the scalar chain is made; and
(vi)
a brief overview of the operational risk decision-making process and how it
works at different levels within the organisation;
b) description of the way and the degree in which the credit institution integrates the
internal operational risk measurement systems into its day-to-day risk management
processes, by reference to art. 557 para.(2) - (5);
c) description of the responsibilities of the parties involved in modelling;
d) documentation regarding the validation, including description and justification of
the internal validation methodology adopted by the credit institution,
documentation regarding the operational risk measurement system internal
validation referred to in art. 617 para.(4), as well as a general description of the
internal validation process;

e) general information regarding the IT structure of the credit institution regarding the
advanced measurement approach.
Art. 542
For the purposes of art. 536 para. (1) letter c), credit institutions shall provide to the
National Bank of Romania an overview description of the scope of the advanced
measurement approach, i.e.:
a) a list of group members, including legal structure and the way the capital
requirement for operational risk is established for each of them, while
mentioning, if applicable, the exceptions from the application of the
advanced measurement approach, which will remain after the roll out and
the reasoning for the permanent partial use; the competent authority
responsible for the supervision of each subsidiary located in third states
shall be indicated;
b) a description of the organizational structure of the group business lines
and internal governance; and
c) general information regarding the planned significant structural or
organizational changes which may have an impact on the application for
approval of the advanced measurement approach.
Art. 543
(1) For the purposes of art. 536 para. (1) letter c), credit institutions intending to use the
advanced measurement approach shall prepare a clear, realistic and adequate
implementation plan that must cover both the time period until the approval is obtained
and the roll out period, namely the subsequent implementation and obtainment of approval,
and shall submit it to the National Bank of Romania with the application for approval.
(2) Through the implementation plan referred to in para. (1), a credit institution commits to
implement the advanced measurement approach on the specified dates for all the
operations for which it is seeking approval to use the advanced measurement approach.
(3) For the purposes of para. (1), credit institutions shall set internal rules with detailed
provisions regarding time and content for the following:
a) organization of the implementation (distribution of responsibilities etc.);
b) development of operational risk management processes, in particular for data
collection;
c) development of the measurement methodology;
d) implementation of the IT infrastructure which is used for operational risk
management and measurement purposes;
e) training of staff, including management staff;
f) the use test planned use of different operational risk measurement systems,
respectively the way these are planned to be actually used in the day-to-day activity.
Art. 544
(1) Credit institutions shall document, in the sense of description of justification, the way
the provisions of art. 314 para. (3) of (EU) Regulation no. 575/2013are met, and the fact
that all operations are covered by one of the operational risk approaches, and shall send
relevant documentation to the National Bank of Romania.
(2) The National Bank of Romania decides, on a case by case basis, on the fulfilment of the
provisions of art. 314 para. (3) of (EU) Regulation no. 575/2013.
Art. 545
(1) The roll-out policy shall address at least the issues under para. (2) and (3).
(2) The roll-out plan must have a definite time horizon which must on one side be short
enough for the credit institution to impose on itself the necessary discipline to apply it in
a reasonable time period and, on the other side, long enough for the credit institution to

ensure the quality of governance, data, methodology, and output; the time horizon must
be shorter than 7 years and only in exceptional circumstances, such as a highly complex
group, it can be 10 years.
(3) The credit institution shall set the sequence in which operations are included in the
advanced measurement approach; the roll-out plan must be established on the basis of
practicality and feasibility, an important factor being the level of risk of the operations
that are not yet included in the scope of the advanced measurement approach; the
sequence of inclusion of operations in the scope of the advanced measurement
approach is subject to the agreement of the National Bank of Romania.
(4) The implementation plan must include the justification of the set sequence of inclusion
of operations in the scope of the advanced measurement approach.
Art. 546
(1) During the roll-out, before the advanced measurement approach is implemented on
additional operations or operational risks, credit institutions shall complete a self
assessment against the minimum standards and requirements imposed by the National
Bank of Romania for the use of the advanced measurement approach.
(2) As the case may be, for the purposes of para. (1), the obligations of the credit institution
during the roll-out period shall be provided in the document in which the National Bank
of Romania communicates its decision of approval of the advanced measurement
approach to the credit institution.
Art. 547
Credit institutions shall have systems and procedures that monitor in a timely and
appropriate manner the consistency of the partial use combinations and the significance,
materiality, and timeframe issues of the roll-out plan.
Art. 548
(1) Credit institutions shall notify the National Bank of Romania in writing, in a timely fashion
of any relevant changes in the organisational or business environment, due to either normal
or exceptional circumstances such as a major acquisition or disposal or a major change in
shareholders, management, or organisation, that could have a significant impact on the
credit institutions initial partial use or roll-out plans.
(2) The credit institutions shall discuss with the National Bank of Romania any changes to the
roll-out plan that may be needed.
Art. 549
A credit institution that, after obtaining approval for the use of the advanced measurement
approach, plans to acquire an institution that doesnt use and/or hasnt obtained approval
for the use of the advanced measurement approach, must notify the National Bank of
Romania accordingly and, as the case may be, shall either submit a plan for bringing into
compliance with the minimum standards and requirements imposed by the National Bank of
Romania for the use of the advanced measurement approach or submit a new application
for approval under art. 312 para. (2) of (EU) Regulation no. 575/2013, with a new partial use
and roll-out policy.
Art. 550
(1) For the purposes of art. 536 para. (1) letter d), credit institutions shall carry out a selfassessment of its state of readiness based on the minimum standards and requirements
imposed by the National Bank of Romania for the use of the advanced measurement
approach for the operational risk.

(2) The self-assessment shall begin with a global assessment, from a consolidated
perspective, of how the various models fit together within the institution or the group,
global assessment which must cover the suitability of the organizational structure in
terms of internal governance, the adequacy of resources devoted to the operational risk
measurement system, comparability across the group with respect to data and
methodology, and consistency in IT organization.
(3) The self-assessment shall cover all the aspects of the operational risk measurement
system: methodology, quality of data, quantitative and qualitative validation procedures,
internal governance, and technological environment.
(4) As the case may be, the credit institution shall develop an action plan to fill identified
gaps and deficiencies, and a schedule for achieving compliance; the gaps and
deficiencies must not be significant.
Art. 551
Evidence of meeting art. 321 letter a) of (EU) Regulation no. 575/2013, by reference to art.
557 para. (2) (5) starting one year before the date on which the application for approval is
sent to the National Bank of Romania must be presented in the document in which the selfassessment process is described and the conclusions of this process are included.
Art. 552
The self-assessment could be conducted by staff from an independent risk assessment
function with the support, if necessary, of internal auditors.
Art. 553
(1) Before submitting an application for approval of the use of the advanced measurement
approach, i.e. in the model development phase, credit institutions shall conduct a complete
internal validation programme, and the internal validation processes and the results of the
validation must be subject to an independent review.
(2) Credit institutions shall periodically conduct a self-assessment of the stage of compliance
with the minimum standards and requirements imposed by the National Bank of Romania
for the use of the advanced measurement approach.
Art. 554
(1) The cover letter requesting approval shall be in Romanian.
(2) The documentation attached to the cover letter requesting approval shall be written in
one or more languages set/agreed between the National Bank of Romania, the host
competent authorities and the credit institution. For the documents written in a foreign
language the legal translation of these shall be provided as well. For the documents written
in an internationally used language, the National Bank of Romania may exempt, on a case by
case basis, from compliance with the requirement for a legal translation.
Art. 555
(1) Both in the context of the initial application and later in, the credit institution shall make
available to the National Bank of Romania more detailed information, including the
documents drawn up under art. 540, as well as all internal documentation, at the latters
request.
(2) If a credit institution judges that it holds internal documents additional to the ones
mentioned in this section, relevant for the obtainment of approval, must send the National
Bank of Romania the list of those documents, along with the cover letter requesting
approval.
Art. 556

(1) If a credit institution does not provide the National Bank of Romania with a part of the
documentation requested under art. 536 or the documentation and the cover letter sent to
it do not meet the requirements set in this section, the National Bank of Romania shall
consider the application incomplete.
(2) The National Bank of Romania and, as the case may be, the competent authorities
involved perform a preliminary assessment of the entire application cover letter and
attached documentation - immediately upon receipt. The National Bank of Romania shall
notify the credit institution with regard to the completeness character of the application.
(3)In the case of the approval requests formulated in the conditions mentioned in article 20,
paragraph (1) from the EU Regulation no 575/2013, and in the conditions in which the
National Bank of Romania is the authority responsible with the consolidated surveillance,
the 6 months period established on article 20, paragraph (2) from the mentioned regulation
stars to run since the receipt by the National Bank of Romania of a request respectively, an
approval and accompanying complete request according to the present regulation.
(4)In the situatin provided in para. (3), the National Bank of Romania shall confirm the start
of the term with the duration of 65 months.
SECTION 3: Standards for the use of the advanced measurement approach in application
and supplementation of the provisions of part 3, title III, chapter 4 of (EU) Regulation no.
575/2013
SECTION 31: Qualitative standards

Art. 557
(1) In order to comply with the use test provided in art. 321 letter a) of (EU) Regulation no.
575/2013, a credit institution shall take into consideration at least the general principles
provided in para. (2)-(5).
(2) The purpose and use of the advanced measurement approach must not be limited to the
calculation of the regulatory capital charge.
(3) The advanced measurement approach must evolve as the credit institution gains
experience with operational risk management techniques and solutions.
(4) The advanced measurement approach must support and enhance the management of
operational risk within the credit institution.
(5) The use of advanced measurement approach must provide benefits to the credit
institution in the management and control of operational risk.
(6) Credit institutions shall demonstrate to the National Bank of Romania the manner in and
the extent to which the use test is met at all organisational levels by providing
convincing evidence.
(7) Credit institutions shall comply with the provisions of art. 321 letter a) of (EU) Regulation
no. 575/2013, on an on-going basis, including for a period of at least one year before the
date on which the application for approval is sent to the National Bank of Romania.
Art. 558
(1) For sound internal governance, the decision making process in regards to operational
risk management must be clearly documented within the credit institution, in terms of
hierarchy and level of responsibility.
(2) The management body of the credit institution shall have a general understanding of the
operational risk measurement systems and detailed comprehension of its associated
management reports submitted to them and how operational risk affects the credit
institution.

(3) Without prejudice to the provisions of para. (4), in order to improve understanding of
the operational risk measurement system among the members of the bodies having
supervisory function, and to improve efficiency, the bodies having supervisory function
may, where appropriate, establish committees to assist them on certain aspects of the
advanced measurement approach framework; the bodies having supervisory function
may, at their turn, delegate certain tasks.
(4) The bodies having supervisory function bear ultimate responsibility for the advanced
measurement approach framework used by the credit institution and shall have a
general awareness of the framework; the bodies having management function are
responsible for developing and implementing the framework and, also, shall have a
general awareness of it.
Art. 559
The management body is responsible for approving all material aspects of the overall
operational risk framework, which encompass the following:
a) activities aimed at identifying, assessing and/or measuring, monitoring, controlling,
and mitigating operational risk;
b) proactive risk management strategies and policies;
c) the organisational structure of the control functions; and
d) specifying levels of acceptable risk.
Art. 560
(1) The management body is responsible for making formal decisions on the implementation
of the advanced measurement approach.
(2) For the purposes of para. (1), the overall approval of the project, the specification of
goals, and the appointment of the organisational structures responsible for, are included; a
time schedule of the necessary steps and an estimation of related costs and benefits shall be
provided with the project approval.
Art. 561
In order for the bodies having supervisory function to exercise effective oversight, the
bodies having management function shall notify the bodies having supervisory function or a
designated committee thereof, of material changes or exceptions from established policies
that will materially impact the credit institutions operational risk measurement systems and
management processes.
Art. 562
(1) Both the bodies having supervisory function and the bodies having management function
must be involved, on an ongoing basis, in the oversight of the control procedures and
measurement systems adopted by the operational risk management function, to ensure that
they are adequate and that the overall operational risk management and measurement
processes and systems remain effective over time.
(2) For the purpose mentioned in para. (1), the bodies having supervisory function must be
involved, on an ongoing basis, in the oversight of the control procedures of internal audit.
Art. 563
The bodies having management function must ensure that the following tasks are addressed:
a) ensuring the soundness of operational risk management processes;
b) informing the bodies having supervisory function or a designated committee
thereof of material changes or exceptions from established policies that will

c)
d)
e)
f)
g)
h)
i)

materially impact the operations and the operational risk profile of the credit
institution;
identifying and assessing the main risk drivers, based on information provided by the
operational risk management function;
defining the tasks of the risk management function and evaluating the adequacy of
the professional skills of it related staff;
monitoring and managing all sources of potential conflicts of interest;
establishing effective communication channels in order to ensure that all staff are
aware of relevant policies and procedures;
defining the content of reporting to the bodies having supervisory function or to
different delegated structures thereof ;
examining internal audit reports on operational risk management and measurement
processes and systems; and
adequately assessing operational risk inherent in new areas - products, activities,
processes, and systems - before they are introduced, and identifying risks tied to
new product development and other significant changes in order to ensure that the
risk profiles of product lines are updated regularly.

Art. 564
(1) Operational risk reporting should be an essential part of the internal reporting system
and should support the proactive management of operational risk.
(2) The bodies having management function must ensure the ongoing appropriateness of
the reporting framework.
Art. 565
The recipients of the operational risk related reporting shall be the bodies having
supervisory function, the bodies having management function, internal audit, the
committees assisting the bodies having supervisory function, and, where appropriate, the
internal functions responsible for identifying, assessing, monitoring and
mitigating/controlling operational risk, internal functions which could include, for example,
business functions, central functions - such as IT and accounting - and risk functions.
Art. 566
(1) The frequency and content of reporting shall be formally approved by the management
body.
(2) The frequency, content, and format of reporting shall depend on the recipient and on
how the information will be used; the information provided must be sufficiently clear and
accurate for the recipients to interpret them correctly, especially in regards to the general
results of the model.
(3) The scope of information included in internal reporting may vary according to the nature,
size, and degree of complexity of the business, as well as of the credit institution, while
complying to the general rule that the riskier the business, the more detailed the
information to be provided must be; the frequency and format of the internal reporting shall
be consistent with the level of risk.
Art. 567
(1) The credit institution is responsible for designing the reporting framework.
(2) Reporting may include:
a) estimates of regulatory and economic capital;
b) new or improved management policies, procedures, and practices;
c) risk reduction and risk transfer strategies;

d)
e)
f)
g)

the operational risk exposure;

internal and, where relevant, external loss experience;
identification and assessment of vulnerability areas; and
quality improvements in operational risk management and measurement processes
and systems.
Art. 568
(1) The operational risk management function shall design, develop, implement, and execute
the risk management and measurement processes and systems.
(2) The operational risk management function shall ensure, on a regular basis, that the
operational risk measurement processes and management systems, and all of their
components, function as intended.
(3) The operational risk management function shall have sufficient resources and skills in
operational risk management and measurement methods and shall know the processes of
the institution.
Art. 569
The operational risk management function shall ensure that the following tasks and areas,
among others, are performed or covered on an on-going basis:
a) the processes related to the definition, documentation, and collection of the four
elements of the advanced measurement approach;
b) the measurement methodology;
c) the monitoring and reporting systems;
d) verifying the fulfilment of the minimum standards and requirements imposed by the
National Bank of Romania for the use of the advanced measurement approach, and,
in particular, of the use test;
e) the operational risk quantification and allocation processes, including the calculation
of any haircuts (expected loss, dependence, insurance), where sufficient data are
available back-testing and benchmarking, and the methodology for the allocation
keys.
Art. 570
(1) Whenever possible, the people responsible for the internal validation of measurement
systems and management processes shall not be the same with the people responsible for
their design.
(2) The role of validation of the advanced measurement approach related measurement
systems and management processes may be undertaken by the same function as the one
involved in designing, developing, and implementing the operational risk framework only on
an exceptional and/or temporary basis.
(3) Any potential lack of objectivity shall be offset by an independent review according to art.
614 para. (1) letter e).
(4) Credit institutions shall move to an independent internal validation process as soon as
possible.
Art. 571
In the general case of credit institutions having a central operational risk unit and
operational risk staff in the local entities, the credit institutions shall ensure that the local
operational risk staff follows the guidelines set by the central operational risk unit; the
responsibilities and the reporting lines must be set clearly.
Art. 572

(1) Internal audit must develop a programme for reviewing the operational risk framework
that covers all significant activities including outsourced activities that expose the
institution to material operational risk.
(2) The review of the operational risk management framework by internal audit shall have
as a central role ensuring the effectiveness of the credit institutions operational risk
management processes and measurement systems and of the work performed by the
operational risk management function, and verification of compliance with the minimum
standards and requirements imposed by the National Bank of Romania for the use of the
advanced measurement approach.
(3) Internal audit shall provide an assessment of the overall adequacy of the operational risk
framework, as well as of the operational risk management function; internal audit must
perform specific examinations in order to assess the real degree of independence of the
operational risk management function.
(4) The programme referred to in para. (1) shall be regularly updated with regard to the
development of internal processes for identifying, assessing, monitoring and
controlling/mitigating operational risk, and to the implementation of new products,
processes, and systems which expose the credit institution to material operational risk.
Art. 573
(1) Some cooperation between internal audit and the operational risk management
function is permitted, especially in the case of some operational risk related activities
and processes where internal audit has experience and well developed skills, such as the
analysis of processes, loss data collections, risk and control assessments.
(2) The cooperation with the operational risk management function permitted under para.
(1) shall not jeopardise the independence of internal audit; whatever advice or
information provided by internal audit, designing, implementing, and updating the
operational risk framework remains the exclusive responsibility of the operational risk
management function, and the internal audit function shall not be involved in day to day
operational risk activities.
Art. 574
Internal audit activity shall also cover issues such as the adequacy of the IT infrastructure,
data collections, and data maintenance; specific tests shall be performed in order to check
the data input process.
Art. 575
The staff of the internal audit function shall possess the requisite skills and experience, and
must particularly be familiar with the credit institutions strategy and its processes for
identifying, assessing, monitoring and controlling/mitigating operational risk.
SECTION 32: Quantitative standards
Art. 576
(1) The advanced measurement approach model shall be applied in a consistent way to
comparable operational risk classes of the credit institution.
(2) The inputs and the way they are treated shall be transparent and verifiable.
(3) The model shall be robust in the sense of inclusion of all significant drivers of the credit
institutions operational risk profile and sensitivity to material changes in the credit
institutions operational risk profile.
Art. 577

(1) The model shall be documented in detail and the related documentation must be timely
and up-to-date; the internal documentation of the credit institution must specify in
detail how the four elements of the advanced measurement approach are combined
and/or weighted and must include a description of the modelling process that illustrates
the use of the four elements.
(2) The internal documentation regarding the quantitative aspects of the advanced
measurement approach of a credit institution shall cover the aspects provided in the
annex no. 3.
Art. 578
(1) Credit institutions shall adopt appropriate methods and procedures to guarantee the
consistency and quality of the input, execution, and output phases of the model.
(2) Credit institutions shall seek to identify operational risk classes within which loss
amounts are independent and identically distributed.
(3) As an alternative to para. (2), on the basis of justification, credit institutions may adjust
their data for known drivers in order to simplify the modelling process.
(4) The execution of models for generating regulatory operational risk figures must be
supported by a transparent and consistent process.
(5) In order to determine an overall operational risk capital figure that is credible and
justifiable, the model shall be built in a way that ensures the production of results that are as
stable as possible; credit institutions shall be able to evaluate the accuracy of the
operational risk capital figures.
Art. 579
(1) In order to generate a regulatory operational risk measure at a soundness standard
comparable to a 99.9 percent confidence level, where a direct calculation at the 99.9
percent confidence level affects the reliability and stability of the operational risk measure,
in order to obtain a more reliable and stable measure, a credit institution may calculate an
initial measure at a lower confidence level and then scale it up to the 99.9 percent
confidence level using adequate methods.
(2) If a scaling technique is used, credit institutions shall be able to demonstrate the
soundness, appropriateness, and reliability of the scaling technique and to analyse the
overall accuracy of the scaling mechanism.
(3) The credit institution shall demonstrate that the scaling method yields an output that is
plausible and reliable; the confidence level used must not necessarily be interpreted as a
boundary between the body and the tail of the distribution.
(4) The confidence level at which the initial operational risk measure can be computed must
be located in the right-end of the distribution of the losses and the level shall be appropriate.
Art. 580
(1) In order to demonstrate that expected losses are adequately captured in their internal
business practices for the purposes of art. 322 para. (2) lettera) of (EU) Regulation no.
575/2013, a credit institution shall comply with the general principles provided in para. (2)(6).
(2) The way in which the credit institution estimates expected losses shall be consistent with
the way the capital requirement, sum of expected loss and unexpected loss, is calculated
using the advanced measurement model for which approval has been obtained.
(3) Offsets for expected losses must be clear capital substitutes or elements that are
otherwise available to cover expected losses with a high degree of certainty over a one year
time horizon.

(4) If the offset is not capital held or provisions establishing for this purpose, it is available
only for those limited to those operations with highly predictable, routine and reasonably
stable losses.
(5) The maximum offset for must be lower than the expected loss calculated on the basis of
the entire loss distribution by using the advanced measurement approach model, for which
the approval have been obtained.
(6) Specific reserves for high severity losses are not allowable expected loss offsets.
(7) Credit institutions shall clearly document how its expected losses are measured and
captured in its internal practices, including how any expected loss offsets meet the
conditions provided in para. (3)-(6).
(8) Credit institutions shall justify the choice of the way expected losses are estimated,
given the nature of operational risk specific distributions.
(9) In the case mentioned in para. (4), credit institutions shall be able to demonstrate that
the estimation process is applied consistently over time.
Art. 581
Credit institutions examining and recognising correlations in the advanced measurement
approach models for the purposes of art. 322 para. (2) letter d) of (EU) Regulation no.
575/2013 shall meet the following requirements:
a) each operational risk estimate must be built on a set of loss events and loss amounts
(actual or constructed) that are, to the maximum extent possible, independent;
b) dependencies between low frequency, high severity, located in the tail, usually the
main drivers of operational risk, must be studied with great care;
c) given the different nature of tail and body events, the need to use different
quantitative and qualitative tools to determine and estimate the impact that the
underlying dependency structures have on the capital requirement must be taken
into account;
d) in the case of dependencies between events located in the tail of the distribution,
for which validation with quantitative techniques developed for correlations
between high frequency, low severity events is difficult or of low relevance, the
soundness of dependency assumptions that have a material impact on the overall
advanced measurement approach measure must be demonstrated by using, at a
minimum, qualitative validation techniques, and, where possible, quantitative
techniques and/or some form of stress test;
e) dependencies must to the maximum extent possible be identified and treated
directly in the input information; the procedures to minimise the impact of such
dependencies must be applied and documented as clearly as possible;
f) the correlation assumptions must be identified and justified and the evaluation of
the model's sensitivity to those assumptions must be included in the model
documentation.
Art. 582
Credit institutions which do not examine correlations in the advanced measurement
approach models shall calculate the overall capital requirement as the sum of the individual
operational risk measures arising from different operational risk estimates.
Art. 583
(1) Credit institutions shall establish the way in which the four key elements referred to in
art. 322 para. (2) letter b) of (EU) Regulation no. 575/2013 are weighted and combined.
(2) The processes for evaluating the availability of the four elements shall be consistent with
the credit institutions general risk management framework.

Art. 584
(1) Credit institutions shall ensure data quality.
(2) Credit institutions shall work on an ongoing basis to ensure that their data is of good
enough quality to support their risk management processes and to calculate their capital
requirements.
(3) Credit institutions shall define their own standards for ensuring data quality and must
seek to develop and improve these over time.
(4) Credit institutions shall be able to demonstrate that they achieve high standards in terms
of comprehensiveness, appropriateness and accuracy of the data above the thresholds set.
(5) Credit institutions shall establish an explicit operational risk data policy, which could be
part of a general data policy.
(6) Credit institutions shall document workflows, procedures, and systems related to data
collection and data storage.
Art. 585
(1) Credit institutions shall have policies concerning their tolerance for any gaps in their
internal data; credit institutions must also be able to fully justify their approaches to
adjusting values.
(2) Credit institutions that use qualitative data shall be able to provide evidence to the
National Bank of Romania that they are sufficiently skilled at handling qualitative data, that
they have done everything possible to remove biases, that the qualitative data are relevant
to precisely defined risk variables, and that the qualitative data are relevant to the intended
risk objectives.
Art. 586
(1) Credit institutions shall have IT systems that ensure the following:
a) appropriate availability and maintenance of all relevant databases;
b) appropriate modelling and computing capacity; and
c) appropriate controls on the data capture process.
(2) The credit institutions IT systems referred to in para. (1) shall be included in the general
contingency plans, in order to guarantee the recovery of the information; established
controls must prevent access by unauthorised persons and ensure the integrity of the data.
(3) Credit institutions shall prepare a global map of all the data and IT system weaknesses
found during the internal validation and review process; credit institutions shall state how
they plan to correct or reduce the weaknesses.
Art. 587
(1) An independent function shall perform minimum checks to ensure the
comprehensiveness of internal data and relevancy of external data.
(2) To ensure data quality, the independent review performed by credit institutions must
cover at least the following:
a) a regular review of controls;
b) a review of the systems through which credit institutions ensure data quality
standards.
(3) Credit institutions shall perform consistency checks that include an audit trail of data
sources; discrepancies must be investigated.
Art. 588
(1) Without prejudice to the provisions of art. 322 para. (3) letter a) of (EU) Regulation no.
575/2013 credit institutions should consider that a low frequency operational risk class may

need a historical observation period longer than five years in order to collect sufficient data
to generate reliable operational risk measures.
(2) Credit institutions could use methods to obtain a sufficient amount of data reflecting the
current operational risk profile such as:
a) reducing the impact of oldest, least relevant internal data by appropriate weighting
techniques, using quantitative indicators or qualitative factors that reflect changes in
the institutions internal/external environment;
b) supplementing the most recent years of internal data with the corresponding years
of external data from similar institutions/peer groups, after appropriate adjustments
to the external data;
c) constructing data on operational losses in past years by means of scenario
generated data or by scaling back more recent years of internal/external
observations through appropriate techniques or indicators.
(4) In the absence of sufficient data, institutions must make conservative risk estimates.
Art. 589
(1) For the purposes of art. 322 para. (3) letter b) of (EU) Regulation no. 575/2013, credit
institutions shall set a treatment for operational risk losses that are related to credit risk and
document it in order to avoid an undue reduction of the total capital requirement.
(2) For the purposes of art. 322 para. (3) letter b) of (EU) Regulation no. 575/2013, credit
institutions shall document the criteria for identifying operational risk losses that are related
to market risk; for events and/or losses from operational risk related to market risk which ar
part of the scope of operational risk, the whole amount of the loss incurred, including the
loss due to adverse market conditions, should be considered as operational risk loss.
Art. 590
(1) Credit institutions are responsible for defining the threshold for an operational risk class
according to the provisions of art. 322 para. (3) letter c) of (EU) Regulation no. 575/2013.
(2) In setting the threshold for an operational risk class, credit institutions must show
accuracy, as it can influence the results of the model considerably and may undertake
cost-benefit analysis of collecting the data below the threshold, not forgetting that this is
determined by the inherent risk and complexity of the class.
(3) Thresholds established for the operational risk classes must be reasonable, must not omit
important operational loss event data, and must not adversely impact and the credibility
and accuracy of the operational risk measures.
(4) Credit institutions shall be able to provide to the National Bank of Romania evidence of
meeting the provisions of para. (3).
(5) Credit institutions shall avoid potential biases in the estimation of model parameters,
explicitly taking into account the incompleteness of the calculation data set in the model
due to the presence of thresholds.
Art. 591
(1) A credit institution shall have a policy that identifies when a loss or an event recorded in
the internal loss events database is also to be included in the calculation data set, policy
that must provide a consistent treatment of loss data across the credit institution.
(2) Credit institutions shall be able to separate operational risk events related to existing
insurance policies and other risk transfer mechanisms in the calculation data set.
(3) For the purposes of para. (1), credit institutions shall decide on the inclusion of rapidly
recovered loss events in the calculation data set; credit institutions which decide not to
include rapidly recovered loss events in the calculation data set, if there is only a partial
recovery, shall include the amount net of recoveries in the calculation data set.

(4) Multiple time losses shall be aggregated into a single loss before inclusion in the
calculation data set.
(5) Multiple-effect losses shall also be aggregated into a single loss before inclusion in the
calculation data set; possible exceptions must be documented by credit institutions and
properly addressed to prevent undue reduction of the capital figures.
(6) The operational risk gain events cannot be included in the calculation data set for an
undue reduction of the capital requirement figures.
(7) Credit institutions shall develop procedures for identifying incidents or near miss events
in order to increase the awareness of the credit institution's operational risk profile and
improve its operational risk management processes.
(8) The data relating to rapidly recovered loss events and operational risk gain events may be
used in order to increase the awareness of the institution's operational risk profile and
improve its operational risk management processes.

Art. 592
Especially when credit institutions have limited internal loss data, as in the case of new
businesses, they may use as external data source for capital calculation purposes,
information obtained from consortia initiatives which collect data above low thresholds,
usually very close to the thresholds established internally by participating institutions, to
which participating institutions have provided data that are classified in a homogeneous
manner and that contain information which is comprehensive and reliable.
Art. 593
(1) Where external data from consortia, compliant with the requirements stipulated at art.
592, are insufficient for obtaining information on severe tail events, especially on their
causes, credit institutions may use public sources for getting useful additional information.
(2) A credit institution that uses only public data shall take particular care to ensure that
they are appropriate, unbiased, and relevant to the institutions businesses and operational
risk profile.
Art. 594
Differences in the size of institutions or other institution specific factors shall be taken into
account when incorporating external data in the measurement system, for example by
making assumptions as to which external loss events are considered relevant and on the
degree the data shall be scaled or otherwise adjusted.
Art. 595
(1) Credit institutions may use scenario analysis for purposes other than that provided by art.
322 para. (5) of (EU) Regulation no. 575/2013, such as providing information on the credit
institutions overall operational risk exposure.
(2) In order to generate credible and reliable data, credit institutions must ensure a high
level of repeatability of the process for generating scenario data, through consistent
preparation and consistent application of the quantitative and qualitative results.
(3) Credit institutions shall ensure that the process by which the scenarios are determined is
designed to reduce as much as possible subjectivity and biases, in this regard being
especially necessary the fulfilment of the following requirements:
a) the assumptions used in the scenarios shall be based as much as possible on
empirical evidence; relevant internal and external data available shall be used in
building the scenario;

b) in choosing the number of scenario to apply, institutions must be able to explain the
rationale behind the level at which scenarios are studied and/or the units in which
they are studied;
c) the assumptions for generating scenario analyses and the process by which the
scenario is built shall be well documented.
Art. 596
(1) Business environment and internal control factors shall, by their nature, be forwardlooking and closely aligned with the quality of the institutions control and operating
environment, shall reflect potential sources of operational risk, shall provide information
on how risk is mitigated or magnified by internal and/or external environment and shall
be appropriately captured in the operational risk measurement system.
(2) Credit institutions shall document where in their operational risk measurement system
they use business environment and internal control factors and their rationale for doing
so.
(3) A credit institutions risk measurement system shall incorporate at least those business
environment and internal control factors that have a significant influence on its
operational risk profile.
(4) Notwithstanding the provisions of para. (3) and, implicitly, art. 322 para. (6) letter a) of
(EU) Regulation no. 575/2013, if when implementing the risk measurement system for
the first time, it is not possible to justify the appropriateness of the sensitivity of risk
estimates because of a lack of empirical evidence on the relationship between the
business environment and internal control factors and the operational risk exposure,
credit institutions shall at least qualitatively justify the appropriateness of the methods
used to incorporate business environment and internal control factors in their risk
measurement system.
SECTION 33: Operational risk insurance and other transfer mechanisms for this risk
Art. 597
(1) Credit institutions may recognize the impact of other risk transfer mechanisms if they are
of a comparable quality as an insurance protection compliant with the provisions of art. 323
para. (2) para.(3) of (EU) Regulation no. 575/2013, namely if they meet requirements
similar to those applicable to insurance.
(2) Credit institutions shall keep their use of insurance and other risk transfer mechanisms
under review, namely the effectiveness of protection by them and recalculate the
operational risk capital charge if appropriate in the event that the nature of the insurance or
the coverage of other risk transfer mechanisms changes significantly.
(3) Credit institutions shall notify in writing the National Bank of Romania concerning the
material changes in the coverage through insurance or other risk transfer mechanisms, and,
where appropriate, their implications on the operational risk capital requirement.
(4) Outsourced activities shall not be considered part of other risk transfer mechanisms for
the purposes of art. 323 para. (1) of (EU) Regulation no. 575/2013.
Art. 598
(1) For the purposes of art. 597 para. (2), if there is a significant loss affecting protection
through insurance or if changes of insurance contracts or other contracts relating to
operational risk transfer mechanisms create great uncertainty about the effectiveness of
protection by these, as this uncertainty is defined in the policies of the credit institution
regarding insurance for operational risk or other risk transfer mechanisms , the credit
institutions must recalculate the capital requirement associated with the advanced

measurement approach with an additional margin of prudence, for example, by applying

adjustments to the modelling exercise.
(2) For the purposes of art. 97 para. (2), a credit institution must recalculate the capital
requirement corresponding to the advanced measurement approach if there is a major
change in its operational risk profile.
Art. 599
A credit institution shall identify and manage any additional risks such as credit risk and
market risk, which, depending on how they are structured and how they are classified in the
financial statements of the credit institution, the operational risk transfer mechanisms other
than insurance contracts may involve and must establish the characteristic implications of
these mechanisms in what concerns the regulatory capital requirement.
Art. 600
If a credit institution demonstrates that an entity that is a supplier, authorized in a third
party state, meets the prudential requirements equivalent to those applied in the European
Union, the effect of reducing the operational risk associated with the insurance contracts
provided by the respective entity may be recognized, as the case may be, with the approval
of the National Bank of Romania, if the requirements set out in art. 323 para. (2) (5) of (EU)
Regulation no. 575/2013 are met.
Art. 601
For the purposes of art. 323 para. (2) of (EU) Regulation no. 575/2013, the rating available
for protection supplier should be based on the ability to pay long-term compensation.

Art. 602
(1) For the purposes of art. 323 para. (3) letter d) of (EU) Regulation no. 575/2013, the
allotment of the insurance contracts depending on operational risk losses (or subcategories
of the operational risk) should be performed at a sufficiently granular level in order to reflect
the relationship between probability and actual and potential size of operational risk losses
and the level of protection through insurance.
(2) For the purposes specified in para. (1), a credit institution shall use all sources of
information available to it, including internal and external data regarding losses and scenario
analyzes.
(3) The calculations referred to in art. 323 para. (3) letter d) of (EU) Regulation no. 575/2013
should reflect the level of protection, including a probability determination to ensure actual
protection.
Art. 603
For the purposes of art. 323 para. (3) letter e) of (EU) Regulation no. 575/2013, a credit
institution must take reasonable steps to ensure that neither it nor any of its branch offices
will knowingly take risks covered by contracts that provide protection against certain
operational risk events that have been the object of the initial insurance agreement
concluded by it.
Art. 604
For the purposes of art. 323 para. (4) of (EU) Regulation no. 575/2013, credit institutions
using insurance instruments to transfer operational risk should consider the various factors
that create uncertainty regarding the effectiveness of risk transfer; these should reflect the

uncertainties in the calculation of capital requirements through appropriate adjustments,

determined in a prudent manner, in compliance with the stipulations of art. 605-608.
Art. 605
(1) The adjustments referred to in art. 323 para. (3) letter a) of (EU) Regulation no. 575/2013,
having to do with the reflection of the risk when approaching the moment of the
termination of the insurer's liability, must be implemented in each calculation of capital
requirements under the advanced measurement approach.
(2) If a credit institution has concluded a new insurance contract, under conditions
equivalent to the one which will be terminated by reaching the end of its duration or if the
current contract has an automatic renewal clause and was not expressly rescinded, it can ask
the National Bank of Romania for exemption from the obligation to fulfil the requirement
mentioned in para. (1) of that policy.
(3) The exemption referred to in para. (2) may be granted if credit institution demonstrates
to the National Bank of Romania that it manifests caution when assessing the ability to
renew policies in equivalent terms, conditions and protection, taking into account the fact
that certain risks covered by the policy may not be included when the policy is renewed.
Art.606
In the case of renewable policies, the adjustments referred to in art. 323 para. (4) letter c) of
(EU) Regulation no. 575/2013 should reflect the premises of renewal, including the insurer's
option to terminate the contractual relationship in the interval represented by the period of
validity of the policy or on the date of its renewal.
Art. 607
(1) For the purposes of art. 323 para. (4) letter c) of (EU) Regulation no. 575/2013, the
uncertainty related to the payment of compensation consists of the risk that the insurance
provider will not make the expected payments that the credit institution foresees in a timely
manner. If there is uncertainty about the payment of compensation, credit institutions must
consider and record in their loss-related databases, by type of loss, all data concerning the
compensation from insurance and must establish adjustments accordingly.
(2) For the purposes of par. (1), a credit institution must assess adjustment for failure to fulfil
obligations by the counterparty based on the rating of the insurance company liable under
the contract in question, even if its parent company has a better rating or the risk is
transferred to a third party; thus, credit institutions must assign a higher adjustment to
insurers with a lower compensation payment capacity than to insurers with a higher rating.
Art. 608
For the purposes of art. 323 para. (4) letter c) of (EU) Regulation no. 575/2013, an
inconsistency pertaining to protection occurs when the protection offered by the insurance
contract does not match the operational risk profile of the credit institution, so that the
protection does not provide the desired reduction effect of and certain events are as a result
not covered; by using all available data sources - data pertaining to loss and scenario
analyses - and some data analyses and simulation exercises, credit institutions must capture
correctly and adequately incorporate within the model related to the advanced
measurement approach especially the inconsistencies in protection for losses from medium
to high levels, due, for example, to the limits and large franchises or to the exhaustion of the
policy's limits.
Art. 609

For the purposes of art. 323 para. (1) of (EU) Regulation no. 575/2013, the reduction of the
capital requirement for operational risk as a result of protection obtained by purchase by a
credit institution of certain transfer mechanisms for the operational risk, other than
insurance, can be acknowledged only to the extent that these mechanisms are used to
manage operational risk without being owned or used by the credit institution for trading
purposes.
Art. 610
(1) To recognize other operational risk transfer mechanisms in the calculation of capital
requirements under the advanced measurement approach, credit institutions must have
experience with the use of these products.
(2) For the purposes of par. (1), credit institutions may collect data from internal and
external sources regarding the likelihood of ensuring actual protection and the opportunity
to make the payment for the instruments associated with other operational risk transfer
mechanisms, especially for the classes or the types of products having innovative features.
Art. 611
The protection provider must be financially sound, in terms of both solvency and liquidity.
Art. 612
(1) For the purposes of art. 597 par. (1), to fulfil the requirements of art. 323 para. (2) (3)
of (EU) Regulation no. 575/2013, one must take into account the relevant provisions of art.
600-608.
(2) The methodology for recognizing the effect of other operational risk transfer
mechanisms must take into account, by analogy, the elements referred to in art. 323 para. (4)
of (EU) Regulation no. 575/2013, with the application of the relevant provisions of art. 600608.
SECTION 34: Internal validation of Advanced Measurement Approach
Art. 613
(1) A credit institution shall have an internal validation process.
(2) The internal validation process shall include checking the reliability of calculating the
capital requirement for operational risk as well as checking that the measurement system is
used in the decision-making processes and in operational risk management.
Art. 614
(1) A credit institution shall comply with the following high-level principles of validation:
a) internal validation is the responsibility of the credit institution; the credit institution
must make a 'best effort' to internally validate its advanced measurement approach
framework;
b) the credit institution must establish a clear methodology for internal validation; this
methodology must be appropriate for the organisation and its advanced
measurement approach framework, and must be clearly documented;
c) internal validation techniques must be proportionate and take into account
changing market and operating conditions;
d) internal validation must encompass both quantitative and qualitative elements;
e) internal validation processes and its outcomes must be subject to independent
review to ensure that their implementation is effective; where internal validation is
performed by individuals or units involved in running of measurement systems and

operational risk management processes, the review shall specifically address the
objectivity of the process and its outcomes.
(3) Credit institutions must take into account that there is no single validation method.
Art. 615
The frequency of internal validation shall ultimately depend on what is being validated and
on its significance in the credit institution's risk measurement systems or risk management
processes.
Art. 616
Credit institutions shall periodically analyse their internal validation methodology to ensure
that it remains appropriate; in particular, certain parts of the risk measurement systems and
risk management processes shall be revalidated, at least if there is a significant change in the
institutions operational risk profile and/or in the model's methodology/assumptions or
management processes.
Art. 617
(1) Credit institutions internal validation process shall be proportionate and shall take into
account the specific purpose for which the operational risk measurement systems are
used.
(2) Credit institutions shall ensure that information that is fed into the risk measurement
systems is as accurate and complete as reasonably practicable.
(3) A credit institution shall take on a robust approach to validation and be able to explain
and justify its methodology.
(4) A credit institution's internal validation of its risk measurement systems shall encompass
both quantitative and qualitative elements and be clearly documented; this
documentation shall provide a detailed outline of the validation methodology, including
frequency, and outline any identified weaknesses.
Art. 618
Credit institutions shall comply with the following minimum validation requirements in the
relevant areas of the risk measurement systems:
a) credit institutions shall have clear standards for the input of data into their models, to
which they must adhere, in this regard being considered art. 584, art. 585 para.(1), art.
586 and art. 587;
b) all material data above the thresholds set shall be validated to ensure that they are
comprehensive, appropriate, and accurate; validation shall cover all data types: actual
data, constructed data, figures generated by scenario analysis, factors relating to
business environments, and internal control factors; particularly for constructed data,
the validation shall ensure that the assumptions are unbiased and the results are
realistic;
c) credit institutions shall ultimately be able to ensure the validity of the model input on an
ongoing basis;
d) model validation shall ensure that the relationship between the inputs and outputs of
the model is stable and that the techniques underlying the model are transparent and
intuitive; the model shall be logical: when control is improved, expected loss and/or
unexpected loss should decrease, and hence, all other things remaining equal, there
should be a corresponding reduction in regulatory capital requirement;
e) credit institutions shall be able to ensure the validity of the model methodology at the
development stage and following significant changes in methodology/assumptions, and
it shall be able to ensure the validity of the model output on an ongoing basis.

Art. 619
To ensure the adequacy of operational risk management framework in order to meet its
goals, and its operation as management would expect it to, credit institutions shall, as part
of the internal validation process, assess the appropriateness of their risk management
processes.
Art. 620
(1) The validation of the risk management processes shall be an ongoing exercise.
(2) Credit institutions shall be able to justify to National Bank of Romania how they meet the
requirement in para. (1).
(3) The validation techniques used by credit institutions shall include the examination of the
following aspects:
a) the completeness of the documentation related to operational risk management;
b) compliance with the management information reporting procedures;
c) meeting of the required data standards by the captured loss data;
d) performance of follow-up actions in an effective and timely manner;
e) follow-up of the procedures to review and update the operational risk management
framework;
f) consistency of key risk indicators/loss data/compliance reports and risk estimates
with the results of qualitative self-assessments.
Art. 621
The management body of each credit institution is responsible for conducting its own
assessment of the operational risk, the control environment and the business environment
of the credit institution and for ensuring that the credit institution is adequately capitalised
in respect to operational risk, including by taking into consideration the possible obstacles in
the transfer of capital between the parent-credit institution and the respective credit
institution.
SECTION 4: Capital allocation methodology
Art. 622
(1)For the cases indicated in art. 20 paragraph (1), the 3rd paragraph from the EU Regulation
no 575/2013, the credit institutions must observe the provisions of the paragraphs (2)-(6).
(2)The methodology about which reference is made within art. 20 paragraph (1), the 3rd
paragraph from the EU Regulation no 575/2013, it must achieve the assignation of the
capital held at consolidated level of the group for the descendent operational risk by the
legal entities involved in the process of calculation to a consolidated level associated with an
advance approach of evaluation.
(3)The credit institutions must dispose of solid and rational assignment methodologies that
it must consistently, justly and integrally implement.
(4)The credit institutions must adopt assignment mechanisms that correctly reflect the
operational risk level of the legal entities within the group, as well as their effective
contribution to the capital request determined to a consolidated level.
(5) The credit institutions must place efforts for the enhancement of the risk sensitivity in
terms of the allocation techniques of the capital associated with the operational risk,
inclusive after obtaining the approval for usage of the advanced evaluation approach.
(6) The credit institutions must be able to demonstrate the provisions of paragraph (3).
SECTION IV: Notification request

Art. 623
In case a credit institution that acquired approval for advanced assessment approach from
the National Bank of Romania fails to meet relevant requirements and standards, it must
notify such situation to the National Bank of Romania.
TITLE VIII: Approval to use internal models to determine capital requirements for market
risk
CHAPTER 1: Setting up value at risk under crisis conditions
Section 1: Number of crisis periods used to calibrate value at risk under crisis conditions
Art. 624
The credit institutions, Romanian legal persons have to submit to the approval of the
National Bank of Romania the approach mentioned in Art. 365 para. (2) of (EU) Regulation
no. 575/2013, as the National Bank of Romania is the responsible authority with the
consolidated supervision.
Art. 625
The credit institutions, Romanian legal persons, subsidiaries of a mother credit institution at
European Unions level, should act similarly to those mentioned in Art. 624 as the National
Bank of Romania is the responsible authority with the individual supervision, and the
internal model is recognized at the level of that subsidiary.
Art. 626
The credit institutions have to define at group level a single crisis period, in the conditions in
which the National Bank of Romania, in collaboration with other competent authorities,
approve the respective period according to the provisions of Art. 20 of (EU) Regulation no.
575/2013.
Art. 627
Without prejudice to Art. 626, the National Bank of Romania requests the credit institution,
Romanian legal person, subsidiary of a mother credit institution at European Unions level,
to determine a different crisis period at individual level if the group crisis period is not
relevant for the portfolio of that subsidiary.
Art. 628
If the credit institution mentioned in Art. 627 uses a model to determine the value at risk
approved at subsidiary level and the crisis period defined at group level, it should prove that
the respective period is also relevant for its portfolio.
SECTION 2: Setting up capital requirements for additional default and migration risks
SUBSECTION 21: Positions by equity securities and derivative financial instruments by
equity securities
Art. 629
With the approval of the National Bank of Romania, the credit institutions can include in the
calculation of capital requirement for additional default and migration risks, the listed
positions by equity securities and by derivative financial instruments by listed equity
securities meeting the following conditions:

a) the positions by equity securities and credit instruments are managed together with an
identified trading unit (for instance, an arbitrage can take place between convertible
bonds and equity securities);
b) existence of procedures to quantify and manage both the credit risk and the risk
related to equity securities within the relevant trading unit; and
c) including all positions by equity securities of the relevant trading unit in view of
avoiding regulatory arbitrage.
SUBSECTION 22: Qualitative criteria
Art. 630
(1)
The credit institutions have to formalize in detail all aspects of the approach used to
determine the capital requirement for additional default and migration risks.
(2)
In this sense, the credit institutions have to formalize any analysis performed to
justify assumptions, estimation techniques, substitutes or simplifications. Upon the request
of the National Bank of Romania, the credit institutions have to justify any decision
regarding such elements.
Art. 631
In case a credit institution obtained the approval of the National Bank of Romania to use its
own estimations for the default probability or for default and loss-given default probability
within the approach based on internal rating models, it can use the respective data as a
source to obtain estimations for default probabilities and loss-given default used to
determine the capital requirement for additional default and migration risks.
Art. 632
(1) In case a credit institution has not obtained the approval of the National Bank of Romania
to use its own estimations for the default probability or for default and loss-given default
probability within the approach based on internal rating for an issuer or a security in the
trading portfolio, the credit institution will calculate these parameters based on a
methodology consistent with the methodology related to the approach based on internal
rating models.
(2) For the purposes of para. (1), the credit institution should get a separate approval from
the National Bank of Romania to use the mentioned parameters within the determination of
the capital requirement for additional default and migration risks.
(3) The credit institution is bound to prove to the National Bank of Romania that the
respective approach can sufficiently distinguish between the positions with different
assessment characteristics. As an example, an instrument type credit default swap and its
support bond should make the object of a separate assessment.
Art. 633
The credit institution should estimate the impact of rating migration over the market price,
either by using the market data currently noticed, such as credit margins, or by using the
average of historical market data recorded for a maximum period of one year, or along any
other period, conditioned by the approval of the National Bank of Romania.
Art. 634
For the purposes of Art. 633, the credit institution is bound to prove to the National Bank of

Romania that the estimation is adequately distinguishing by various categories of debtors

and instruments. In addition, the credit institution should secure the calculation consistency
between instruments.
SUBSECTION 23: Approaches to determine capital requirement related to additional
default and migration risks based on various parameters
Art. 635
In view of identifying additional default and migration risks, the credit institution can use an
approach partially meeting the provisions of Art. 372 of (EU) Regulation no. 575/2013, in the
conditions in which:
a) the respective approach is consistent with the internal methodologies the credit
institution applied to identify, quantity and manage the risks;
b) the credit institution can prove that its approaches lead to a capital requirement at
least as big as it would have been based on an approach in full compliance with the
provisions regarding capital requirements for additional default and migration risks
provided by the (EU) Regulation no. 575/2013.
Art. 636
The credit institution is bound to supply all required information regarding the elements of
the approach used to determine the capital requirement related to additional default and
migration risks which are considered either by the credit institution itself, or by the National
Bank of Romania as partially compliant with the relevant provisions of the (EU) Regulation
no. 575/2013.
Art. 637
Based on the information supplied by the credit institution, the National Bank of Romania
decides the extent to which the approach used to determine the capital requirement related
to additional default and migration risks or the approach to be used can be regarded an
incompliant or as partially compliance with the relevant provisions of the (EU) Regulation no.
575/2013. In case the approach used to determine the capital requirement related to
additional default and migration risks is partially compliant with these provisions, the credit
institution should apply the standard approach for the specific risk to the positions making
the object of the approach regarded an incompliant with the respective provisions.
Art. 638
The National Bank of Romania decides to recognize the approach used to determine the
capital requirement related to additional default and migration risks as being partially
compliant.
Art. 639
In order to get the recognition of the National Bank of Romania mentioned in Art. 638, the
credit institution proves that the use of the respective approach leads to a capital
requirement at least equal to that which would be obtained by the use of a fully compliant
approach.
TITLE IX: Other provisions
CHAPTER I: Publishing requirements for the National Bank of Romania
Art. 640

(1) For the purposes of Part five of the (EU) Regulation no. 575/2013, the National Bank of
Romania publishes the following information:
a) general criteria and methodologies adopted to revise the compliance with the
provisions of Art. 405 409 of (EU) Regulation no. 575/2013;
b) without prejudice to the provisions of Title VII, chapter 1 section II of (EU) Regulation
no. 575/2013, a brief description of the result obtained from the supervision process and
a presentation of the measures imposed in case of incompliance with the provisions of Art.
405 409 of the respective regulation, identified on an annual basis.
Art. 641
In case the National Bank of Romania exerts the option provided by Art. 7 para. (3) of (EU)
Regulation no. 575/2013, it will publish the following information:
a) criteria applied to find out there is no significant practical or legal hold back, existing or
potential, for the prompt transfer of own funds or for the rapid repayment of debts;
b) number of parent credit institutions benefiting of the exertion of the option mentioned
in Art. 7, para (3) of (EU) Regulation no. 575/2013, as well as the number of such parent
credit institutions with subsidiaries in a third state
c) on an aggregated basis, at Romanias level:
(i) the amount owned in third state subsidiaries as consolidated own funds of the
parent credit institution at Romanias level, which benefit of the exertion of the option
mentioned in Art.7 para. (3) of (EU) Regulation no. 575/2013;
(ii) the own funds percentage owned in third state subsidiaries as consolidated own
funds of the parent credit institution at Romanias level, which benefit of the exertion
of the option mentioned in Art.7 para. (3) of the above mentioned regulation;
(iii) the own funds percentage owned in third state subsidiaries as total own funds
required based on Art. 92 of the above mentioned regulation, based on the
consolidated statements of the parent credit institution at Romanias level, which
benefit of the exertion of the option mentioned in Art.7 para. (3) of the respective
regulation.
Art. 642
In case the National Bank of Romania exerts the option provided for by Art. 9, para. (1) of
(EU) Regulation no. 575/2013, it will publish the information mentioned in Art. 641, which
will be adequately applied.

CHAPTER II: Qualified holdings in entities outside the financial sector

Art. 643 For the qualified holdings in entities outside the financial sector which exceeds the
limits provided for by Art. 89, para. (1) and (2) of (EU) Regulation no. 575/2013, the
treatment is applied as provided for by Art.89 para. (3) letter a) of the above mentioned
regulation.

CHAPTER III: Reporting for each country separately

Art. 644
(1) Starting January 1st, 2015, each credit institution has to publish annually the following

consolidated information for the financial year, spread down by each member state and by
each third state in which the respective credit institution is established:
a) name and nature of activities and their geographical position;
b) turnover;
c) number of employees in full time employees equivalent;
d) profit of loss before taxation;
e) tax on profit or loss;
f) received public subsidies.
(2) Without prejudice to the provisions of para. (1), the credit institutions have to publish
the information mentioned in para. (1) letters a), b) and c) for the first time on July 1, 2014.
(3) To the extent they are internationally identified as global institutions of systemic
importance, the credit institutions authorized in Romania send the information provided for
by para. (1) letters d), e) and f) to the European Commission based on confidentiality until
July 1st, 2014.
(4) The information provided for in para. (1) has to be audited according to the provisions of
Governments Emergency Ordinance No. 90/2008 regarding statutory audit of annual
financial statements and of the annual consolidated financial statements, with further
amendments and supplementations, and has to be published, if possible, as an annex to the
annual financial statements or to the consolidated financial statements of the respective
credit institution, as the case may be.
CHAPTER IV: Publishing the return on assets
Art. 645
The credit institutions have to publish in their annual reports, among the key indicators, the
return on their assets, calculated as a ratio between the net achieved profit and the total
assets value.
CHAPTER V: Provisions for the application of EU Regulation No. 575/2013
SECTION 1: Calculation of capital requirements for credit risk according to standard
approach
Art. 646
When applying Art. 124 (2) para. (2), the first, 2nd and 4th para. of (EU) Regulation no.
575/2013 to the exposures, or to the part of an exposure fully secured with mortgages over
commercial real estates located on Romanias territory, stipulated in Art. 126 para. (1) letter
(a) and (b) of the same regulation, the100% risk weighting will be used.
Art. 647
When applying Art. 496 para. (1) of (EU) Regulation no. 575/2013, until the date of
December 31, 2017, the limit of 10% for the superior units, issued by the joint funds of
securitization equivalent of these, provided at art. 129, para. (1) letter d) from the respective
regulation, is not applied in conditions of respecting the requirements of art. 496 para. (1)
letter a) and b) from the same regulation.

SECTION 2: Liquidity risk

Art. 648
When applying Art. 416 para. (1), letter a) of (EU) Regulation no. 575/2013, the deposits
with central banks do not include the minimum reserves imposed by the National Bank of
Romania.
TITLE X: Transitory and final provisions
CHAPTER I: Transitory provisions
SECTION 1: Own funds
SECTION 11: Minimal requirements of own funds
Art. 649
According to Art. 465 para.(1) and (2) of (EU) Regulation no. 575/2013, during 2014, the
following minimal requirements of own funds will be applied:
a) a 4,5% rate of tier 1 own funds;
b) a 6% rate of tier 1 own funds.
SECTION 12: Unrealized gains and losses resulted from valuation at fair value
Art. 650
Unrealized losses resulted from the valuation at fair value provided for by Art. 467 para. (1)
of (EU) Regulation no. 575/2013 are considered in Tier 1 base own funds, according to Art.
467 para. (2) and (3) of the same regulation, element by element, at a 100% percentage for
the whole period 01.01.2015 -31.12.2017, stipulated in the respective Art. .
Art. 651
The unrealized gains resulted from the valuation at fair value, provided for by Art. 468
para.(1) of (EU) Regulation no. 575/2013, are excluded from the calculation of Tier 1 base
own funds, according to Art.468 para (2) and (3) of the same regulation, element by element,
in the following percentages:
a) 60% in the period 01.01.2015 31.12.2015;
b) 40% in the period 01.01.2016 31.12.2016;
c) 20% in the period 01.01.2017 31.12.2017.
SECTION 13: Application of deductible elements provided for by (EU) Regulation no.
575/2013
Art. 652
(1) According to Art. 478 para. (1) and para. (3), letters a), b), c) and d) of (EU) Regulation no.
575/2013, for the calculations provided for by Art. 478 para.(1) of the respective regulation,
the following percentages are considered:
a) 20% in the period 01.01.2014 31.12.2014;
b) 40% in the period 01.01.2015 31.12.2015;
c) 60% in the period 01.01.2016 31.12.2016;
d) 80% in the period 01.01.2017 31.12.2017.
(2) With the purpose of effectuating the calculations provided in Art. 478, para. (1) from

Regulation (EU) no. 575/2013, for the deduction of the element stipulated in Art. 36, para.
(1), letter a) from the respective regulation, the percentage of 100% is taken into
consideration, starting with the date January 1, 2014.
Art. 653
According to Art. 478 para. (2) and para. (3) of (EU) Regulation no. 575/2013, for the
calculations provided for by Art. 478 para. (2) of the respective regulation, the following
applicable percentages are considered:
a) 0% in the period 01.01.2014 31.12.2014;
b) 10% in the period 01.01.2015 31.12.2015;
c) 20% in the period 01.01.2016 31.12.2016;
d) 30% in the period 01.01.2017 31.12.2017;
e) 40% in the period 01.01.2018 31.12.2018;
f) 50% in the period 01.01.2019 31.12.2019;
g) 60% in the period 01.01.2020 31.12.2020;
h) 70% in the period 01.01.2021 31.12.2021;
i) 80% in the period 01.01.2017 31.12.2022;
j) 90% in the period 01.01.2017 31.12.2023.
SECTION 14: Treatment of minority interests and instruments of Tier 1 additional and Tier
2 own funds issued by subsidiaries
SUBSECTION 14^1: Recognition in Tier 1 base own funds consolidated the instruments and
elements which are not qualified as minority interests
Art. 654
Elements provided for by Art. 479 para. (1) of (EU) Regulation no. 575/2013 are considered
in determining consolidated own funds, according to Art. 479 para.(3) and (4) of the same
regulation, in the following percentages:
a) 80% in the period 01.01.2014 31.12.2014;
b) 60% in the period 01.01.2015 31.12.2015;
c) 40% in the period 01.01.2016 31.12.2016;
d) 20% in the period 01.01.2017 31.12.2017.
SUBSECTION 14^2: Recognition in consolidated own funds of the minority interests and of
eligible additional Tier 1 and Tier 2 own funds
Art. 655
In applying Art. 480 para. (1) of (EU) Regulation no. 575/2013, based on Art. 480 para (2) and
(3) of the same regulation, the following factor is used:
a) 0,2 in the period 01.01.2014 31.12.2014;
b) 0,4 in the period 01.01.2015 31.12.2015;
c) 0.6 in the period 01.01.2016 31.12.2016;
d) 0.8 in the period 01.01.2017 31.12.2017.
SECTION 15: Consideration when determining own funds of the deductions/prudential
filters/positive elements which are not provided for by (EU) Regulation no. 575/2013
Art. 656
(1) In applying Art. 481 para. (1) of (EU) Regulation no. 575/2013, based on Art 481 para.(3)

and (5) of the same regulation, for the period 01.01.2014 31.12.2017, when setting up Tier
1 additional own funds, the following are deducted in the percentages mentioned in para.
(3):
a) total value of temporary holdings of shares/equity interests during a financial
reconstruction or rescue operations of the credit institution, or, if the case, of the credit
institution and/or of any other entity included in its prudential consolidation area,
established according to the Regulation of the National Bank of Romania no. 26 of
November 18, 2011 on temporary holdings of shares / shares during a financial
reconstruction or rescue operations of entities outside the financial sector. When setting
up this value, the net value adjustments are considered which have to be made for the
value losses related to the shares/equity interests from financial reconstruction or rescue
operations;
b) exposures related to operations in favour conditions, recorded based on the rights
offered by the packages of remuneration and incentive measures for the employees of
the member entities of the credit institution group, towards the persons who, at the
moment of setting up own funds level, are no longer employed;
c) exposures (other than those related to persons, who, at the moment of setting up own
funds level, benefit as employees, of rights offered by the packages of remuneration and
incentive measures for the employees of the member entities of the credit institution
group) with characteristics reflecting the performance of an operation in favor conditions;
d) half of the total amount provided for in Art. 19, letter g) of the National Bank of
Romania Regulation No. 16/2012 on the classification of loans and investments and
determining and applying prudential value adjustments, with subsequent amendments
and additions.
(2) In applying Art.481 para. (1) of (EU) Regulation no. 575/2013, based on Art. 481 para. (3)
and para. (5) of the same regulation, for the period 01.01.2014 31.12.2017, when setting
up Tier 2 own funds, in the percentages mentioned in para. (3) half of the total amount is
deducted as stipulated in Art. 19, letter g) of the National Bank of Romania Regulation No.
16/2012 on the classification of loans and investments and determining and applying
prudential value adjustments, with subsequent amendments and additions.
(3) In applying para.(1) and (2) the following percentages are used:
a) 80% in the period 01.01.2014 31.12.2014;
b) 60% in the period 01.01.2015 31.12.2015;
c) 40% in the period 01.01.2016 31.12.2016;
d) 20% in the period 01.01.2017 31.12.2017.
Art. 657
(1) In application of Art.481 para. (1) of (EU) Regulation no. 575/2013, on the grounds of Art.
481 para. (3) and para. (5) of the same regulation, for the period 01.01.2014 31.12.2017,
when setting up Tier 1 additional own funds, according to the percentage mentioned in para.
(3), 50% is considered of the amounts representing the balance in hand of the deferred taxes
related to the element mentioned in Art.19 letter g) of the National Bank of Romania
Regulation No 16/2012 on classification of loans and investments, and as well as the
determination and utilization of prudential value adjustments, with subsequent
amendments and additions.
(2) In application of Art. 481 para. (1) of (EU) Regulation no. 575/2013, on the grounds of Art.
481 para. (3) and para. (5) of the same regulation, for the period 01.01.2014 31.12.2017,
when setting up Tier 2 own funds, according to the percentage mentioned in para. (3), is

taken into consideration 50% of the amounts representing the balance in hand of the
deferred taxes related to the element mentioned in Art. 19 letter g) of the National Bank of
Romania Regulation No. 16/2012 on the classification of loans and investments and
determining and applying prudential value adjustment, with subsequent amendments and
additions;
(3) In applying para. (1) and (2), the following percentages are used:
a) 80% in the period 01.01.2014 31.12.2014;
b) 60% in the period 01.01.2015 31.12.2015;
c) 40% in the period 01.01.2016 31.12.2016;
d) 20% in the period 01.01.2017 31.12.2017.
Art. 658
During 2014, in applying Art. 481 para. (1) of (EU) Regulation no. 575/2013, based on Art.
481 para. (3) and para. (5) of the same regulation, the unrealized gains from the valuation at
fair value, removed from Tier 1 own funds, element by element, at a 100% percentage,
according to the provisions of Art. 468 para. (2) of the above mentioned regulation, are
included in Tier 2 own funds at a 45% percentage from their net value of the related fiscal
obligations, predictable on the reporting date.
Art. 659
In applying Art. 481 para. (1) of (EU) Regulation no. 575/2013, based on Art. 481 para.(3) and
para.(5) of the same regulation, for the period 01.01.2014 31.12.2017, when setting up
total own funds, additional own funds consequent to the use of alternative way of setting up
the own funds stipulated in Art. 5 of NBR-NSC Regulation No. 22/27/2006 on capital
adequacy of credit institutions and investment companies, are considered at a 0%
percentage.
SECTION
16: Consideration in determining own funds
elements/instruments according to (EU) Regulation no. 575/2013

of

non-eligible

Art. 660
(1) The elements provided for by Art. 484 of (EU) Regulation no. 575/2013, are considered
when setting up Tier 1 own funds base, additional, or Tier 2, as the case may be, based on
Art. 486 para. (5) and para. (6) of the same regulation, in the following percentages,
according to the provisions of Art. 486 para.(2) para.(4) of the above mentioned regulation:
a) 80% in the period 01.01.2014 31.12.2014;
b) 70% in the period 01.01.2015 31.12.2015;
c) 60% in the period 01.01.2016 31.12.2016;
d) 50% in the period 01.01.2017 31.12.2017;
e) 40% in the period 01.01.2018 31.12.2018;
f) 30% in the period 01.01.2019 31.12.2019;
g) 20% in the period 01.01.2020 31.12.2020;
h) 10% in the period 01.01.2021 31.12.2021.
(2)Within the meaning of para. (1), particularly the following elements are taken into
consideration:
a) non-cumulative preference shares for an indefinite period;
b) cumulative preference shares for an indefinite/definite period, as applicable;
c) subordinated loans;
d) public or private non-repayable subsidies;
e) mutual guarantee fund, established at the central level, for the calculation

performed at its level and at cooperative network's level.

SECTION 2: Big exposures
Art. 661
In applying Art. 493, para. (3) of (EU) Regulation no. 575/2013, for each of the following
exposures, exempted from the application of Art. 395(1) of the same regulation, is the
calculated part as difference between the respective exposure and the result of its
multiplication by the related weight:
a) 0%:
(i) elements of assets standing for receivables over central banks as mandatory minimal
reserves with those central banks and which are expressed in national currency;
(ii) elements of assets standing for receivables over central administrations as
regulated liquidity requirements owned in T-bills, expressed and financed in their
national currency, on condition, at the latitude of the National Bank of Romania, that
the credit assessment of the respective central administrations, supplied by an external
assessment institution of the credit, belong to the category investment grade;
b) 10%
(i) secured bonds, under the incidence of Art. 129, para. (1), (3) and (6) of (EU)
Regulation no. 575/2013, qualified for the 10% risk weight according to Art. 129, para.
(4) of the above mentioned regulation, respectively the secured bonds meeting the
conditions stipulated in Art. 129 para.(5) letter (a) of the same regulation;
c) 20 %
(i) secured bonds, under the incidence of Art. 129, para. (1), (3) and (6) of (EU)
Regulation no. 575/2013, qualified for the 20% risk weight according to Art. 129, para.
(4) of the above mentioned regulation, respectively the secured bonds meeting the
conditions stipulated in Art. 129 para.(5) letter (b) of the same regulation;
(ii) elements of assets standing for receivables over regional administrations or local
authorities of the member states, if a risk weight of 20% is applied to those receivables,
according to part 3, title II, chapter 2 of the (EU) Regulation no. 575/2013, as well as
other secured exposures towards such regional administrations or local authorities,
receivables to which a 20% risk weight is applied according to the same provisions.
(iii) elements of assets standing for receivables and other exposures to the credit
institutions registered by them, of which one is operating on a non-competition basis
and is granting and securing loans, based on legislative or its state programs, in view of
encouraging certain economic sectors, which imply a certain form of supervision and
certain restrictions from the public administration as regards the credits use, on
condition the respective exposures are the result of those loans which are transferred
to beneficiaries through the credit institutions or consequent to the guarantees related
to the respective loans;
(iv) elements of assets standing for receivables and other exposures to institutions, on
condition the respective exposures do not represent own funds of those institutions,
their maturity does not exceed the next working day, and they are not expressed in a
significant trading currency
(v) guarantees, other than the guarantees for credits based on a legislative and
regulatory framework and which are granted to the members through mutual
guarantee schemes with a statute of credit institutions.

d) 50%
(i) secured bonds, under the incidence of Art. 129 para. (1), (3) and (6) of (EU)
Regulation no. 575/2013, qualified for the 50% risk weight according to Art. 129, para.
(4) of the above mentioned regulation, respectively the secured bonds meeting the
conditions stipulated in Art. 129 para.(5) letter (c) of the same regulation;
(ii) assets representing receivables and other exposures towards recognized stock
exchanges;
(iii) 50 % of documentary letters of credit recorded off the balance sheet with a
moderate risk rate and of the unused credit facilities recorded off the balance sheet
with a moderate risk rate, mentioned in annex I of the (EU) Regulation no. 575/2013
SECTION 3: Leverage
Art. 662
When applying Art. 499 para. (3) of (EU) Regulation no. 575/2013, by derogation from Art.
429 para. (2) of the same regulation, during the period since January 1st,2014 until
December 31st, 2017, the credit institutions can calculate the leverage ratio at the end of the
quarter, in case they do not have data of a sufficiently high quality to calculate a leverage
ratio as an arithmetical average of the monthly leverage ratios registered during a quarter.
SECTION 4: Liquidity risk
Art. 663
Provisions of Art. 2 para. (3) are applied until the date the requirement to cover the liquidity
needs becomes enforceable according to a delegated document adopted by the Commission
according to Art.151 of the Directive no. 2013/36/UE.
SECTION 5: Capital write-offs
Art. 664
By derogation from the provisions of Art. 256, the capital conservation write-off can be
established as follows:
a) at an equal level to 0,625% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para.(3) of the (EU) Regulation no. 575/2013,,
during the period January 1st,2016- December 31st,2016;
b) at an equal level to 1,25% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para.(3) of the (EU) Regulation no. 575/2013,,
during the period January 1st,2017 - December 31st,2017;
c) at an equal level to 1,875% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para. (3) of the (EU) Regulation no. 575/2013,,
during the period January 1st, 2018 - December 31st, 2018.
Art. 665
By derogation from the provisions of Art. 257, the anti-cyclic capital write-off specific to the
credit institution can be established as follows:
a) at a level of at most 0,625% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para.(3) of the (EU) Regulation no. 575/2013,,
during the period January 1st,2016- December 31st,2016;
b) at a level of at most 1,25% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para.(3) of the (EU) Regulation no. 575/2013,,

during the period January 1st,2017 - December 31st,2017;

c) at a level of at most 1,875% of the total value of risk weighted exposures of the credit
institution, calculated according to Art. 92 para. (3) of the (EU) Regulation no. 575/2013,,
during the period January 1st, 2018 - December 31st, 2018.
Art. 666
(1) During the transition period between January 1st, 2016 and December 31st, 2018, the
application of the requirement for capital conservation plan and the restrictions on
distributions provided for by Art. 291 296 of the present regulation, to the credit
institutions which do not meet the combined write-off requirement will have in view the
requirements stipulated in Art. 664 and Art. 665.
(2) The National Bank of Romania can impose, on the recommendation of the National
Committee for Macro-prudential Supervision, a shorter transition period than that
stipulated in Art. 648 and Art.649 and consequently, can order the activation of capital
conservation write-off and of the anti-cyclic capital write-off starting December 31st,
2013.
(3) The National Bank of Romania makes public on its own website the decision made
according to para. (1).
(4) In case the National Bank of Romania is acting according to para. (2), it will adequately
inform the relevant parties, including the European Commission, the European
Committee for Systemic Risk, European Banking Authority and the relevant supervisors
college. )
(5) The National Bank of Romania can recognize a decision made by a competent authority/
appointed authority from another member state, in a similar way to that stipulated in
para. (2).
(6) In case the National Bank of Romania is acting according to para. (5), it will adequately
notify its decision to the European Commission, the European Committee for Systemic
Risk, European Banking Authority and the relevant supervisors college.
(7) In case the National Bank of Romania enforces a shorter transition period for the anticyclic capital write-off, the shorter period is applied only for the calculation of the anticyclic capital write-off specific to the credit institution by the authorized credit
institutions in Romania.

Art. 667
The provisions of Art. 264 280 are applied since January 1st, 2016, as follows:
a) 25 % of the G-SII write-off set up according to Art. 266, in 2016;
b) 50 % of the G-SII write-off set up according to Art. 266, in 2017;
c) 75 % of the G-SII write-off set up according to Art. 266, in 2018; and
d) 100 % of the G-SII write-off set up according to Art. 266, in 2019.
SECTION 6: Treatment of exposures from the owned capital titles within the approach
based on internal rating models
Art. 668
In application of art. 495 from the EU Regulation no 575/2013, by derogation from the
provisions of the third part, title II, chapter 3 from the same regulation, until December 31 st
2017, there are excepted from the application of the credit risk treatment, according to the
approach based on internal rating models, certain exposures from the owned capital titles,

on December 31st 2017, by the credit institutions, including the Romanian subsidiaries of the
credit institutions authorized in other member states.
SECTION 7: Approval to use rating internal methods for credit risk
Art. 669
(1)
In applying the provisions of Chapter I of Title VI, the credit institutions applying for
the approval of the National Bank of Romania to use the approach based on internal rating
models for the calculation of risk weighted value of exposures have to send, as a distinct
component of the support documentation stipulated in Art. 315, a documentation proving
the meeting of the relevant requirements of Art.500 of (EU) Regulation no.
575/2013.575/2013.
(2)
In case of the approval applications received by the National Bank of Romania and
still under analysis on the publishing date of the present regulation in Romanias Official
Gazette, Part I, the credit institutions have to fill in the application so as it meets the
requirements stipulated in Art.315 321, Art.323 para. (4) and Art.324 325.
(3)
In case of the credit institutions with approval applications under analysis on the
publishing date of the present regulation in Romanias Official Gazette, Part I,the term
provided at Art. 327 para (1) starts to deem at the date of the file of the complete
documentation (approval application and support documentation)as stipulated in the
present regulation.
SECTION 8: Approval to use advanced valuation approach for operational risk
Art. 670
(1) When applying the provisions of title VII, chapter II, section 2, the credit institutions
intending to use the advanced valuation approach to report the regulated capital
requirement for operational risk have to prove, through the documentation sent to the
National Bank of Romania that they meet the requirement to have own funds at least equal
to the respective level stipulated in Art. 500 of the (EU) Regulation no. 575/2013.
(2) In case of the approval requests received by the National Bank of Romania, under
ongoing analysis on the day of publishing the present regulation within the Official Gazette
of Romania, Part I, the credit institutions must fill in the submitted request so that it
complies with the relevant requests of articles 535-537 and of the articles 539-556.
(3) In case of the credit institutions for which there are approval requests pending at the
publishing date of the present regulation in the Official Gazette of Romania, Part I, the term
mentioned in art. 556 paragraph (3) from the present regulation, they are calculated since
the date of submitting the complete documentation approval request and support
documentation according to the present regulation.
CHAPTER II: Final provisions
Art. 671
(1) The credit institutions have to submit to the National Bank of Romania Supervision
Division, the internal regulations regarding activity management, internal valuation process
of capital adequacy at risks, the significant risks management framework, stress test, and the
documents formalizing their policy related to activities outsourcing and the management
procedures of outsourcing associated risks.
(2) In case internal regulations are changed, the credit institutions will send to the National
Bank of Romania Supervision Division, within 5 days since their approval by the competent
bodies of the credit institutions, the full text of the respective norms, updated with the

amendments occurred meanwhile.

Art. 672
The credit institutions have to annually report to send to the National Bank of Romania
Supervision Division the information stipulated in Art. 9, para. (5).
Art. 673
(1) The credit institutions have to annually draft a report on the conditions the internal
control is conducted, with the distinct treatment of aspects related to risks management
function, compliance function and internal audit function.
(2) The report stipulated in para. (1) have to include at least:
a) an inventory of the main deficiencies identified within each control function and the
measures taken to correct them;
b) a description of the significant changes occurred within the 3 functions of control
during the respective period;
c) a description of the application conditions of the control procedures related to the new
activities;
d) internal control performance at the secondary premises of the credit institutions
abroad.
(3) The report mentioned in para. (1) will include information on the audit commitments
conducted during the respective period, revealing the internal audit findings and
recommendations and the implementation way of the respective recommendations by the
management body of the credit institutions.
(4) The credit institutions report has also to include the conditions in which the internal
control is conducted in the entities within prudential consolidation area.
(5) The report made by the Central Houses of Credit Cooperatives will also refer to the
conditions in which the internal control is conducted at the level of credit cooperatives
network.
Art. 674
(1) The credit institutions have to annually draft a report on the internal assessment process
of capital adequacy at risks, which should include the elements stipulated in Art. 69,
including the identification of aspects to be improved and the measures planed in this sense
in the credit institution. The respective report will be drafted at individual level and if the
case, at consolidated level.
(2) The credit institutions have to annually draft a report on the measures taken for the
significant risks management they are exposed to at individual level and, if the case, at
consolidated level.
(3) The reports made by the Central Houses of Credit Cooperatives in the sense of para. (1)
and (2) should also include the measures taken at the credit cooperative network level.

Art. 675
(1) The credit institutions have to send, at least annually, to the National Bank of Romania
Supervision Division, information about the results of the stress tests conducted and to
report the consequent measures taken by the management body of the credit institutions.
(2) In case of the Central Houses of Credit Cooperatives, the provisions of para. (1) are also
adequately applied to the credit cooperative network.

Art. 676
The reports mentioned in Art. 672-675, drafted by the credit institutions and assumed by
their management bodies, have to be sent to the Bank of Romania Supervision Division
within 6 months since the end of the financial year.
Art. 677
The Central Houses of Credit Cooperatives are responsible to regulate the general
framework of the activity management of the affiliated credit cooperatives, their internal
assessment process of capital adequacy at risks, the stress testing, remuneration policies
and practices and outsourcing conditions of the activities of affiliated credit cooperatives.
Art. 678
The credit institutions will send to the National Bank of Romania Supervision Division the
documents stipulated in Art. 671 para. (1) until the date of June 30, 2014 or, as the case may
be, within 5 days since their approval by the competent bodies of the credit institutions.
Art. 679
The failure to comply with the provisions of the present regulation brings about the
enforcement of measures and/or of sanctions or of other penalizing measures stipulated in
Art. 226, 227 and 229 of the Governments Emergency Ordinance no. 99/2006regarding
credit institutions and capital adequacy, approved by the Law no. 227/2007, with further
amendments and supplementations.
Art. 680
On the date of coming into force of the present regulation, the following are abrogated:
a) Regulation No. 3/2008of the National Bank of Romania regarding the recognition of
credit assessment external institutions, published in Romanias Official Gazette, Part I, no.
120 of February 15, 2008, as well as any other contrary provisions,
b) Regulation No. 18/2009 of the National Bank of Romania regarding the management
framework of credit institutions activity, the internal assessment process of capital
adequacy at risks and the outsourcing conditions of their activities, published in
Romanias Official Gazette, Part I, no. 630 of September 23 rd, 2009, with further
amendments and supplementations, as well as any other contrary provisions; excepting
the provisions of Chapter II Governance framework of the credit institutions activities
c) Regulation No. 25/2009 of the National Bank of Romania regarding the use of the
advanced measurement approach and the approval of the use of this approach by the
credit institutions for operational risk, published in Romanias Official Gazette, Part I, no.
911 of December 24th, 2009, with further amendments and supplementations, as well as
any other contrary provisions;
d) Regulation No. 26/2011 of the National Bank of Romania on the implementation,
validation and assessment of Internal Ratings Based Approaches for the credit institutions,
published in Romanias Official Gazette, Part I, no. 912 of December 24th, 2009, as well as
any other contrary provisions;
e) Art.8 of the National Bank of Romanias Regulation No. 26/2011regarding temporary
holdings of shares/equity interests during a financial reconstruction and rescue operation
of an entity outside the financial sector.
f) The regulation of the National Bank of Romania no. 5/2008, concerning the approval of
the use of the alternative standard approach for the operational risc
(2)On June 30, 2014, the provisions of Chapter II Administration frame of the activities
within the credit institutions from the National Bank of Romanias Regulation no 18/2009
regarding the administration frame of the credit institutions activities are abrogated, as well

as the internal procedure of evaluation of the capital adequacy to risks and externalization
conditions of its activities, published in the Official Gazette of Romania, Part I, number 630
from September 23, 2009, with its subsequent modifications and completions.

Art. 681
Annexes no.1 - 3 are an integral part of the present regulation.
Art. 682
(1) Without prejudice to the provisions of art. (2)-(4)T, the provisions of the present
regulation come into force on January 1, 2014.
(2) The credit institutions will finalize the necessary steps in order to comply with the
provisions of title II, chapter I from the present regulation, until the date of June 30,
2014, excepting art. 11, art. 12 para. (2), art. 13 para. (1), art. 18 para. (1), art. 19, 23, 24,
art. 29 para. (3)-(4), art. 30 para. (6)-(8), art. 35 para. (2)-(4), art. 37 para. (1), art. 38, art.
40 para. (1), art. 47 and 48, that will be applied according to those stipulated in para. (1).
(3) The provisions of art. 286 para. (1), let a) and b) are applied starting with January 1,
2015
(4) the provisions of Art. 255 280 as well as of Art. 291 296 are applied starting January
1, 2016.
The president of the Board of Directors of the National Bank of Romania,
Mugur Constantin Isrescu
Annex no.1
Standardized methodology for the calculation of the potential change of a credit
institution economic value due to the changes of interest rates
1. In order to calculate the potential change of the economic value of a credit institution as
a result of the change of interest rates, the following principles have to be observed:
a) all assets and liabilities outside the trading portfolio and all off balance sheet elements
outside the trading portfolio which are sensitive to interest rate changes including all
derivative financial instrument son interest rate less assets, liabilities and off balance sheet
elements whose exclusion was decided by the credit institution within the internal policies
mentioned in Art. 136, are classifie4d on the maturity bands stipulated in the table. The
classification by maturity bands is done separately for each currency in which are expressed
more than 5% of the assets and liabilities outside the trading portfolio;
b) the balance sheet elements are treated at their accounting book value;
c) the instruments on fix interest rate are allocated according to the residual period until
maturity, and the instruments on variable interest rate, according to the residual period until
the next repricing date;
d) exposures generating practical processing problems due to their significant number and
of the relatively small individual value, such as mortgage loans or the installment loans, can
be allocated based on statistical estimation methods;
e) core deposits are classified by an assumed maturity of no longer than 5 years;
f) derivative financial instruments are converted in positions by the relevant support
instrument. The considered values are either the value of the principal related to the
support financial instrument, or the value of its notional;

g) the futures and forward contract, including the forward rate agreements - FRA, are
treated as a combination between a long and a short position. The maturity of a futures or
of a FRA is the period until delivery, or until the contract execution, plus, if the case, the life
span of the support financial instrument;
h) swaps are treated as two notional positions with relevant maturities. In this way, a swap
on interest rate, within which a credit institution receives a variable interest rate and pays a
fix interest rate, is treated as a long position on the variable interest rate with maturity
equivalent to the period until the next date of interest rate setting up and a short position
on the fix interest rate with a maturity equivalent to the residual life span of the swap. The
distinct segments of a cross currency swap are classified on the relevant maturity bands for
the respective currencies;
i) options are considered according to the delta equivalent of the support financial
instrument or related to its notional.
2. The calculation process has 5 steps:
a) in the first step, the long positions are offset by the short ones within each maturity band,
resulting in a single long or short position in each maturity bank;
b) in the second step, the long and short positions resulted are weighted by the factors
stipulated in the table, reflecting positions sensitivity in various maturity bands to the
assumed change of the interest rates;
c) in the third step, the resulting weighted positions are summed up, offsetting the long
positions by the short ones and a net short or long weighted position is obtained outside the
trading portfolio in the respective currency;
d) in the fourth step, the weighted position is calculated for the whole portfolio, excluding
the trading portfolio, by summing up the net, short or long weighted positions, calculated
for different currencies;
e) in the fifth step, the weighted position is compared for the whole portfolio, excluding the
trading portfolio, to the credit institutions own funds.

Table
Maturity
bank

Mid
maturit
y bank

Approximated
chanted period

Assumed return
change

Weighting factor

1
Up to 1 month
inclusively

2
0,5
months

3
0,04 years

4
200 base points

5=3*4
0,08%

Between 1
and 3 months
inclusively
Between 3 and
6 months
inclusively
Between 6 and
12 months
inclusively
Between 1 and
2 years
inclusively
Between 2 and
3 ani inclusiv

2
months

0,16 years

200 base points

0,32%

4,5
months

0,36 years

200 base points

0,72%

9
months

0,71 years

200 base points

1,43%

1,5
years

1,38 years

200 base points

2,77%

2,5
years

2,25 years

200 base points

4,49%

Between 3 and
4 years
inclusively
Between 4 and
5 years
inclusively
Between 5 and
7 years
inclusively
Between 7 and
10 years
inclusively
Between 10
and 15 years
inclusively
Between 15
and 20 ani
inclusiv
Peste 20 ani

3,5
years

3,07 years

200 base points

6,14%

4,5
years

3,85 years

200 base points

7,71%

6 years

5,08 years

200 base points

10,15%

8,5
years

6,63 years

200 base points

13,26%

12,5
years

8,92 years

200 base points

17,84%

17,5
years

11,21 years

200 base points

22,43%

22,5
years

13,01 years

200 base points

26,03%

Annex nr.2: Slotting criteria for specialized finance exposures

Table 1 Regulated rating grades for Project Finance Exposures
Category 1
(Strong)

Category 2
(Good)

Category 3
(Satisfactory)

Category 4
(Weak)

Market conditions

Few competing suppliers or

substantial and durable
advantage in location, cost or
technology, Demand is strong
and growing,

Few competing suppliers or

better than average location,
cost or technology, but this
situation may not last.
Demand is strong and stable.

Project has no advantage in

location, cost or
technology. Demand is
adequate and stable.

Project has worse than

average location, cost or
technology. Demand is weak
and declining.

Financial ratios (e.g. debt

service coverage ratio
(DSCR), loan life
coverage ratio (LLCR),
project life coverage
ratio (PLCR) and debt-toequity ratio)

Strong financial ratios

considering the level of
project risk; very robust
economic assumptions

Strong to acceptable
financial ratios considering
the level of project risk;
robust project economic
assumptions.

Standard financial ratios

considering the level of
project risk

Aggressive financial ratios

considering the level of
project risk

Stress analysis

Project can meet its financial

obligations under sustained,
severely stressed economic or
sectoral conditions.

Project can meet its financial

obligations under normal
stressed economic or
sectoral conditions. The
project is only likely to
default under severe
economic conditions.

Project is vulnerable to
stresses that are not
uncommon through an
economic cycle, and may
default in a normal
downturn.

The project is likely to default

unless conditions improve
soon.

Financial strength

Financial structure
Duration of the credit
compared to the
duration of the project

Useful life of the project

significantly exceeds tenor of
the loan.

Useful life of the project

exceeds tenor of the loan

Useful life of the project

exceeds tenor of the loan

Useful life of the project may

not exceed tenor of the loan

Amortization schedule.

Amortizing debt

Amortizing debt

Amortizing debt
repayments with limited
bullet payment

Bullet repayment or
amortizing debt repayments
with high bullet repayment.

Political risk, including

transfer risk, considering
project type and
mitigants

Very low exposure; strong

mitigation instruments, if
needed.

Low exposure; satisfactory

mitigation instruments, if
needed.

Moderate exposure; fair

mitigation instruments

High exposure; no or weak

mitigation instruments

Force majeure risk (war,

civil unrest, etc.)

Low exposure

Acceptable exposure

Standard protection

Significant risks, not fully

mitigated

Political and legal

environment

Government support and

projects importance for
the country over the long
term

Project of strategic
importance for the country
(preferably export-oriented).
Strong support from
Government

Project considered important Project may not be

for the country. Good level of strategic, but brings
support from Government
unquestionable benefits for
the country. Support from
Government may not be
explicit.

Project not key to the country.

No or weak support from
Government

Stability of legal and

regulatory environment
(risk of change in law)

Favorable and stable

regulatory environment over
the long term

Favorable and stable

regulatory environment over
the medium term

Regulatory changes can e

predicted with a fair level of
certainty

Current or future regulatory

issued may affect the project

Acquisition of all
necessary supports and
approvals for such relief
from local content laws

Strong

Satisfactory

Fair

Weak

Enforceability of
contracts, collateral and
security

Contracts, collateral and

security are enforceable

Contracts, collateral and

security are enforceable

Contracts, collateral and

security are considered
enforceable even if certain
non-key issues may exist

There are unresolved key

issues in respect if actual
enforcement of contracts,
collateral and security

Transaction
characteristics

Design and technology risk

Fully proven technology and

design

Fully proven technology and

design

Proven technology and

design start-up issues are
mitigated by a strong
completion package

Unproven technology and

design; technology issues exist
and/or complex design

Permitting and siting

All permits have been

obtained

Some permits are still

outstanding but their receipt
is considered very likely

Some permits are still

outstanding, but the
permitting process is well
defined and they are
considered routine

Key permits still need to be

obtained and are not
considered routine. Significant
conditions may be attached.

Type of construction
contract

Fixed-price date-certain
turnkey construction (EPC
engineering and procurement
contract)

Fixed-price date-certain
turnkey construction EPC

Fixed-price date-certain
turnkey construction
contract with one or several
contractors

No or partial fixed-price
turnkey contract and/or
interfacing issues with
multiple contractors

Construction risks

Completion guarantees

Substantial liquidated
damages supported by
financial substance and/or
strong completion guarantee
from sponsors with excellent
financial standing

Substantial liquidated
damages supported by
financial substance and/or
strong completion guarantee
from sponsors with excellent
financial standing

Adequate liquidated
damages supported by
financial substance and/or
completion guarantee from
sponsors with good
financial standing

Inadequate liquidated
damages or not supported by
financial substance or weak
completion guarantees

Track record and

financial strength of
contractor in
constructing similar
projects

Strong

Satisfactory

Fair

Weak

Scope and nature of

operations and
maintenance (O & M)
contracts

Strong long-term O&M

contract, preferably with
contractual performance
incentives, and/or O&M
reserve accounts

Long-term O&M contract

and/or O&M reserve
accounts

Limited O&M contract

and/or O&M reserve
accounts

No O&M contract: risk of high

operational cost overruns
beyond mitigants

Operators expertise,
track record, and
financial strength

Very strong, or committed

technical assistance of the
sponsors

Strong

Acceptable

Limited/weak, or local
operator dependent on local
authorities

Operating risk

Off-take risk

(a) If there is a take-orpay or fixed-price offtake contract:

Excellent creditworthiness of
off-taker; strong termination
clauses; tenor of contract
comfortably exceeds the
maturity of the debt

Good creditworthiness of offtaker; strong termination

clauses; tenor of contract
comfortably exceeds the
maturity of the debt

Acceptable financial
standing of off-taker;
normal termination clauses;
tenor of contract generally
matches the maturity of the
debt

Weak off-taker; weak

termination clauses; tenor of
contract does not exceed the
maturity of the debt

(b) If there is no take-orpay or fixed-price offtake contract:

Project produces essential

services or a commodity sold
widely on a world market;
output can readily be
absorbed at projected prices
even at lower than historic
market growth rates

Project produces essential

services or a commodity sold
widely on a regional market
that will absorb it at
projected prices at historical
growth rates

Commodity is sold on a
limited market that may
absorb it only at lower than
projected prices

Project output is demanded

by only one or a few buyers or
is not generally sold on an
organized market

Long-term supply contract

with supplier of excellent
financial standing

Long-term supply contract

with supplier of excellent
financial standing a
degree of price risk may
remain

Short-term supply contract or

long-term supply contract
with financially weak supplier
a degree of price risk
definitely remains

Supply risk
Price, volume and
Long-term supply contract
transportation risk of
with supplier of excellent
feed-stocks; suppliers
financial standing
track record and financial
strength

Reserve risks (e.g.

natural resource
development)

Independently audited,
proven and developed
reserves well in excess of
requirements over lifetime of
the project

Independently audited,
proven and developed
reserves well in excess of
requirements over lifetime of
the project

Proven reserves can supply

the project adequately
through the maturity of the
debt

Project relies to some extent

on potential and undeveloped
reserves

Sponsors track record,

financial strength, and
country/sector
experience

Strong sponsor with excellent

track record and high
financial standing

Good sponsor with

satisfactory track record and
good financial standing

Adequate sponsor with

adequate track record and
good financial standing

Weak sponsor with no or

questionable track record
and/or financial weaknesses

Sponsor support, as
evidenced by equity,
ownership clause and
incentive to inject
additional cash if
necessary

Strong. Project is highly

Good. Project is strategic for
strategic for the sponsor (core the sponsor (core business
business long-term
long-term strategy)
strategy)

Acceptable. Project is
considered important for
the sponsor (core business)

Limited. Project is not key to

sponsors long-term strategy
or core business

Fully comprehensive

Acceptable

Weak

Strength of sponsor

Security package

Assignment of contracts
and accounts

Comprehensive

Pledge of assets, taking

into account quality,
value and liquidity of
assets

First perfected security

interest in all project assets,
contracts, permits and
accounts necessary to run the
project

Perfected security interest in

all project assets, contracts,
permits and accounts
necessary to run the project

Acceptable security interest

in all project assets,
contracts, permits and
accounts necessary to run
the project

Little security or collateral for

lenders; weak negative pledge
clause

Lenders control over

cash flow (e.g. cash
sweeps, independent
escrow accounts)

Strong

Satisfactory

Fair

Weak

Strength of the covenant

package (mandatory
prepayments, payment
deferrals, payment
cascade, dividend
restrictions, etc.)

Covenant package is strong

for this type of project.
Project may issue no
additional debt

Covenant package is
satisfactory for this type of
project.
Project may issue extremely
limited additional debt

Covenant package is fair for

this type of project.
Project may issue limited
additional debt

Covenant package is
insufficient for this type of
project.
Project may issue unlimited
additional debt

Reserve funds (debt

service, O&M, renewal
and replacement,
unforeseen events, etc)

Longer than average coverage

period, all reserve funds fully
funded in cash or letters of
credit from highly rated bank

Average coverage period, all

reserve funds fully funded

Average coverage period,

all reserve funds fully
funded

Shorter than average

coverage period, reserve
funds funded from operating
cash flows

Table 2 Supervisory Rating Grades for Income-Producing Real Estate Exposures

Category 1
(Strong)

Category 2
(Good)

Category 3
(Satisfactory)

Category 4
(Weak)

Financial strength
Market conditions

The supply and demand for

the projects type and
location are currently in
equilibrium. The number of
competitive properties
coming to market is equal or
lower than forecasted
demand

The supply and demand for

the projects type and
location are currently in
equilibrium. The number of
competitive properties
coming to market is roughly
equal to forecasted demand

Market conditions are

roughly in equilibrium.
Competitive properties are
coming on the market and
others are in the planning
stages. The projects design
and capabilities may not be
state of art compared to
new projects

Market conditions are weak.

It is uncertain when
conditions will improve and
return to equilibrium. The
project is losing tenants at
lease/rental expiration. New
lease/rental terms are less
favorable compared to those
expiring.

Financial ratios and

advance rate

The propertys debt service

coverage ratio (DSCR) is
considered strong (DSCR is
not relevant for the
construction phase) and its
loan to value ratio (LTV) is
considered low given its
property type. Where a
secondary market exists, the
transaction is underwritten to
market standards

The DSCR (not relevant for

development real estate) and
LTV are satisfactory. Where a
secondary market exists, the
transaction is underwritten
to market standards

The propertys DSCR has

deteriorated and its value
has fallen, increasing its LTV

The propertys DSCR has

deteriorated significantly and
its LTV is well above
underwriting standards for
new loans

Stress analysis

The propertys resources,

contingencies and liability
structure allow it to meet its
financial obligations during a
period of severe financial
stress (e.g. interest rates,
economic growth)

Property can meet its

financial obligations under a
sustained period of financial
stress (e.g. interest rates,
economic growth). The
property is likely to default
only under severe economic
conditions

During an economic
downturn, the property
would suffer a decline in
revenue that would limit its
ability to fund capital
expenditures and
significantly increase the
risk of default

The propertys financial

condition is strained and it
likely to default unless
conditions improve in the
near term

(a) For complete and

stabilized property

The propertys leases/rentals

are long-term with
creditworthy tenants and
their maturity dates are
scattered. The property has a
track record of tenant
retention upon lease/rental
expiration. Its vacancy rate is
low. Expenses (maintenance,
insurance, security, and
property taxes) are
predictable

Most of the propertys

leases/rentals are long-term,
with tenants that range in
creditworthiness. The
property experiences are
normal level of tenant
turnover upon lease/rental
expiration. Its vacancy rate is
slow. Expenses are
predictable

Most of the propertys

leases/rentals are medium
rather than long-term, with
tenants that range in
creditworthiness. The
property experiences a
moderate level of tenant
turnover upon lease/rental
expiration. Its vacancy rate
is moderate. Expenses are
relatively predictable but
vary in relation to revenue

The propertys leases are of

various terms with tenants
that range in
creditworthiness. The
property experiences a vary
high level of tenant turnover
upon lease expiration. Its
vacancy rate is high.
Significant expenses are
incurred preparing space for
new tenants

(b) For complete but not

stabilized property

Leasing/rental activity meets

or exceeds projections. The
project should achieve
stabilization in the near
future

Leasing/rental activity meets

or exceeds projections. The
project
should achieve stabilization
in the near future

Most leasing/rental activity

is within projections;
however
Stabilization will not occur
for some time

Market rents do not meet

expectations. Despite
achieving target occupancy
Rate, cash flow coverage is
tight duet o disappointing
revenue

Cash flow predictability

(c) For construction phase

The property is entirely preleased/pre-rented through

the tenor of the loan or presold to an investment grade
tenant or buyer, or the bank
has a binding commitment or
take-out financing from an
investment grade lender

The property is entirely preleased/pre-rented or presold to a creditworthy tenant

or buyer, or the bank has a
binding commitment for
permanent financing from a
creditworthy lender

Leasing/rental activity is
within projections but the
building may not be preleased/pre-rented and
there may not exist a takeout financing. The bank
may be the permanent
lender

The property is deteriorating

duet o cost overruns, market
deterioration, tenant
cancellations or other factors.
There may be a dispute with
the party providing the
permanent financing

Location

Property is located in highly

desirable location that is
convenient to services that
tenants desire

Property is located in highly

desirable location that is
convenient to services that
tenants desire

The property location lacks

a competitive advantage

Design and condition

Property is favoured duet o

its design, configuration and
maintenance, and it highly
competitive with new
properties

Property is adequate in
terms of its configuration,
design and maintenance

Property is under
construction

Construction budget is
conservative and technical
hazards are limited.
Contractors are highly
qualified

Property is appropriate in
terms of its design,
configuration and
maintenance. The propertys
design and capabilities are
competitive with new
properties
Construction budget is
conservative and technical
hazards are limited.
Contractors are highly
qualified

The propertys location

configuration, design and
maintenance have
contributed to the propertys
difficulties
Weaknesses exist in the
propertys configuration,
design or maintenance

Asset characteristics

Strength of

Construction budget is
adequate and contractors
are ordinarily qualified

Project is over budget or

unrealistic given its technical
hazards. Contractors may be
under qualified

sponsor/developer
Financial capacity and
willingness to support the
property

The sponsor/developer made

a substantial cash
contribution to the
construction or purchase of
the property. The
sponsor/developer has
substantial resources and
limited direct and contingent
liabilities. The
sponsor/developers
properties are diversified
geographically and by
property type
Experienced management
and high sponsors quality.
Strong reputation and lengthy
and successful record with
similar projects.

The sponsor/developer made

a material cash contribution
to the construction or
purchase of the property.
The sponsor/developers
financial condition allows it
to support the property in
the event of a cash flow
shortfall. The
sponsor/developers
properties are located in
several geographic regions

The sponsor/developers
The sponsor/developer lacks
contribution may be
capacity or willingness to
immaterial or non-cash. The support the property
sponsor/developer is
average to below average in
financial resources

Appropriate management
and sponsors quality. The
sponsor or management has
a successful record with
similar properties

Moderate management and

sponsors quality.
Management or sponsor
track record does not raise
serious concerns

Strong relationships with

leading actors such as
leasing/rental agents

Proven relationships with

leading actors such as
leasing/rental agents

Security package
Nature of lien

Perfected first lien

Perfected first lien

Perfected first lien

Assignment of rents (for

The lender has obtained an

The lender has obtained an

The lender has obtained an

Reputation and track

record with similar
properties

Relationships with
relevant real estate actors

Ineffective management and

substandard sponsors quality.
Management and sponsor
difficulties have contributed
to difficulties in managing
properties in the past.
Adequate relationships with Poor relationships with
leasing/rental agents and
leasing/rental agents and/or
other parties providing
other parties providing
important real estate
important real estate services
services
Ability of lender to foreclose is
constrained
The lender has not obtained

projects leased/rented to
long-term tenants)

assignment. They maintain

current tenant information
that would facilitate providing
notice to remit rents directly
to the lender, such as a
current rent roll land copies
of the projects leases/rentals

Quality of the insurance

coverage

Appropriate

assignment. They maintain

current tenant information
that would facilitate
providing notice to remit
rents directly to the lender,
such as a current rent roll
land copies of the projects
leases/rentals
Appropriate

assignment. They maintain

current tenant information
that would facilitate
providing notice to remit
rents directly to the lender,
such as a current rent roll
land copies of the projects
leases/rentals
Appropriate

an assignment of the
leases/rentals or has not
maintained the information
necessary to readily provide
notice to the buildings
tenants

Substandard

Table 3 Supervisory Rating Grades for Object Finance Exposures

Category 1
(Strong)

Category 2
(Good)

Category 3
(Satisfactory)

Category 4
(Weak)

Demand is strong and

growing, strong entry
barriers, low sensitivity to
changes in technology and
economic outlook

Demand is strong and stable.

Some entry barriers, some
sensitivity to changes in
technology and economic
outlook

Demand is weak and

declining, vulnerable to
changes in technology and
economic outlook, highly
uncertain environment

Strong financial ratios

considering the type of asset.
Very robust economic
assumptions
Stable long-term revenues,
capable of withstanding
severely stressed conditions
through an economic cycle

Strong/acceptable financial
ratios considering the type of
asset. Robust project
economic assumptions
Satisfactory long-term
revenues. Loan can
withstand some financial
adversity. Default is only
likely under severe economic
conditions

Demand is adequate and

stable, limited entry
barriers, significant
sensitivity to changes in
technology and economic
outlook
Standard financial ratios for
the asset type

Revenues subject to strong

under certainties; even in
normal economic conditions
the asset may default, unless
conditions improve

Market is structured on a
worldwide basis; assets are
highly liquid

Market is worldwide or
regional; assets are relatively
liquid

Uncertain short-term
revenues. Cash flows are
vulnerable to stresses that
are not uncommon through
an economic cycle. The loan
may default in a normal
downturn
Market is regional with
limited prospects in the
short term, implying lower
liquidity

Financial strength
Market conditions

Financial ratios (debt

service coverage ratio and
loan-to-value ratio)
Stress analysis

Market liquidity

Political and legal

Aggressive financial ratios

considering the type of asset

Local market and/or poor

visibility. Low or no liquidity,
particularly on niche markets

environment
Political risk, including
transfer risk
Legal and regulatory risks

Very low; strong mitigation

instruments, if needed
Jurisdiction is favorable to
repossession and
enforcement of contracts

Low; satisfactory mitigation

instruments, if needed
Jurisdiction is favorable to
repossession and
enforcement of contracts

Moderate; fair mitigation

instruments
Jurisdiction is generally
favorable to repossession
and enforcement of
contracts, even if
repossession might be long
and/or difficult

High; no or weak mitigation

instruments
Poor or unstable legal and
regulatory environment.
Jurisdiction may make
repossession and
enforcement of contracts
lengthy or impossible

Full payout profile/minimum

balloon. No grace period

Balloon more significant, but

still lat satisfactory levels

Important balloon with

potentially grace periods

Repayment in fine or high

balloon

All permits have been

obtained; asset meets current
and foreseeable safety
regulations

All permits obtained or in the

process of being obtained;
asset meets current and
foreseeable safety
regulations

Most permits obtained or in

process of being obtained,
outstanding ones
considered routine, asset
meets current safety
regulations

Problems in obtaining all

required permits, part of the
planned configuration and/or
planned operations might
need to be revised

Transaction
characteristics
Financing term compared
to the economic life of
the asset

Operating risk
Permits/licensing

Scope and nature of

O&M contracts

Operators financial
strength, track record in
managing the asset type
and capability to re-market
asset when it comes offlease/off/rent

Strong long-term O&M

contract, preferably with
contractual performance
incentives, and/or O&M
reserve accounts (if needed)
Excellent track record and
strong re-marketing capability

Long-term O&M contract

and/or O&M reserve
accounts

Limited O&M contract

and/or O&M reserve
accounts

No O&M contract: risk of high

operational cost overruns
beyond mitigants

Satisfactory track record and

re-marketing capability

Weak or short track record

and uncertain re-marketing
capability

No or unknown track record

and inability to re-market the
asset

Strong advantage in design

and maintenance.
Configuration is standard
such that the object meets a
liquid market

Above average design and

maintenance. Standard
configuration, maybe with
very limited exceptions
such that the object meets a
liquid market
Resale value is moderately
above debt value

Average design and

maintenance. Configuration
is somewhat specific, and
thus might cause a
narrower market for the
object
Resale value is slightly
above debt value

Below average design and

maintenance. Asset is near
the end of its economic life.
Configuration is very spe4cific;
the market for the object is
very narrow
Resale value is below debt
value

Asset characteristics

Configuration, size,
design and maintenance
(i.e. age, size for a plane
compared to other assets
on the same market
Resale value

Current resale value is well

above debt value

Sensitivity of the asset

value and liquidity to
economic cycles

Asset value and liquidity are

relatively insensitive to
economic cycles

Asset value and liquidity are

sensitive to economic cycles

Asset value and liquidity are

quite sensitive to economic
cycles

Asset value and liquidity are

highly sensitive to economic
cycles

Excellent track record and

strong re-marketing capability

Satisfactory track record and

re-marketing capability

Weak or short track record

and uncertain re-marketing
capability

No or unknown track record

and inability to re-market the
asset

Sponsors with excellent track

record and high financial
standing

Sponsors with good track

record and good financial
standing

Sponsors with adequate

track record and good
financial standing

Sponsors with no or
questionable track record
and/or financial weaknesses

Legal documentation
provides the lender effective
control (e.g. a first perfected
security interest, or a
leasing/rental structure
including such security) on
the asset, or on the comp-any
owning it
The lender is able to monitor
the location and condition of
the asset, at any time and
place (regular reports,
possibility to lead inspections)

Legal documentation
provides the lender effective
control (e.g. a first perfected
security interest, or a
leasing/rental structure
including such security) on
the asset, or on the company owning it
The lender is able to monitor
the location and condition of
the asset, almost at any time
and place

Legal documentation
provides the lender
effective control (e.g. a first
perfected security interest,
or a leasing/rental structure
including such security) on
the asset, or on the company owning it
The lender is able to
monitor the location and
condition of the asset,
almost at any time and
place

The contract provides little

security to the lender and
leaves room to some risk of
losing control on the asset

Strength of sponsor
Operators financial
strength, track record in
managing the asset type
and capability to re-market
asset when it comes offlease/off-rent
Sponsors track record and
financial strength
Security package
Asset control

Rights and means at the

lenders disposal to
monitor the location and
condition of the asset

The lender is able to monitor

the location and condition of
the asset in a limited way

Insurance against
damages

Strong insurance coverage

including collateral damages
with top quality insurance
companies

Satisfactory insurance
coverage (not including
collateral damages) with
good quality insurance
companies

Fair insurance coverage

(not including collateral
damages) with acceptable
quality insurance
companies

Weak insurance coverage (not

including collateral damages)
or with weak quality insurance
companies

Table 4 Supervisory Rating Grades for Commodities Finance Exposures

Category 1
(Strong)

Category 2
(Good)

Category 3
(Satisfactory)

Category 4
(Weak)

Financial strength
Degree of overcollateralization of trade

Strong

Good

Satisfactory

Weak

Country risk

No country risk

Mitigation of country
risks

Very strong mitigation:

- strong offshore mechanisms
- strategic commodity 1st
class buyer

Limited exposure to country

risk (in particular, offshore
location of reserves in an
emerging country)
Strong mitigation:
- offshore mechanisms
- strategic commodity
- strong buyer

Exposure to country risk(in

particular, offshore location
of reserves in an emerging
country)
Acceptable mitigation:
- offshore mechanisms
- less strategic commodity
- acceptable buyer

Strong exposure to country

risk (in particular, inland
reserves in an emerging
country)
Only partial mitigation:
- no offshore mechanisms
- non-strategic commodity
- weak buyer

Commodity is quoted and

can be hedged through
futures or OTC instruments.
Commodity is not susceptible
to damage

Commodity is not quoted

but is liquid. There is
uncertainty about the
possibility of hedging.
Commodity is not
susceptible to damage.

Commodity is not quoted.

Liquidity is limited given the
size and depth of the market.
No appropriate hedging
instruments. Commodity is
susceptible to damage

Political and legal

environment

Asset characteristics
Liquidity and
susceptibility to damage

Commodity is quoted and can

be hedged through futures or
OTC instruments. Commodity
is not susceptible to damage

Strength of sponsor
Financial strength of
trader
Track record, including
ability to manage the
logistic process

Trading controls and

hedging policies
Quality of financial
disclosure
Security package
Asset control

Insurance against
damages

Very strong, relative to

trading philosophy and risks
Extensive experience with the
type of transaction in
question. Strong record of
operating success and cost
efficiency
Strong standards for
counterparty selection,
hedging and monitoring
Excellent

Strong

Adequate

Weak

Sufficient experience with

the type of transaction in
question. Above average
record of operating success
and cost efficiency
Adequate standards for
counterparty selection,
hedging and monitoring
Good

Limited experience with the

type of transaction in
question. Average record of
operating success and cost
efficiency
Past deals have experienced
no or minor problems

Limited or uncertain track

record in general. Volatile
costs and profits

Satisfactory

Financial disclosure contains

some uncertainties or is
insufficient

First perfected security

interest provides the lender
legal control of the assets at
any time if needed

First perfected security

interest provides the lender
legal control of the assets at
any time if needed

Contract leaves room for

some risk of losing control
over the assets. Recovery
could be jeopardized

Strong insurance coverage

including collateral damages
with top quality insurance
companies

Satisfactory insurance
coverage (not including
collateral damages) with
good quality insurance
companies

At a certain point in the

process, there is a rupture
in the control of the assets
by the lender. The rupture
is mitigated by knowledge
of the trade process or a
third party undertaking as
the case may be
Fair insurance coverage
(not including collateral
damages) with acceptable
quality insurance
companies

Trader has experienced

significant losses on past deals

Weak insurance coverage (not

including collateral damages)
or with weak quality
insurance companies

Annex no.3: Quantitative aspects of advanced valuation approach which should be

included in the internal documentation of a credit institution
1. Implicit model assumptions
2. Determining ways of operational risk grades
3. How real and construed data are obtained and the way in which they are used or
included in the model
4. Phases of model results introduction, execution and obtainment
5. Compliance with an accuracy standard comparable to a 99, 9% trust level
6. Calculation of expected and contingent losses; if expected losses were reflected in the
internal practices
7. Aggregation methodology used to calculate the global operational risk estimation (or
quantification) of the credit institution based on individual estimations (or
quantifications) of operational risk. In particular, the documentation should also detail
the way in which the correlations between individual estimations of operational risk
were calculated and the way in which they were validated
8. If and how insurance impact was recognized within the model
9. Process adopted to validate the model, especially: decisional criteria and/or statistic
tests to identify the cases in which internal data are regarded as sufficient/insufficient to
calculate operational risk quantifications.
10. Policy for the model updating.
Published in the Official Gazette under no. 84 from December 30, 2013
Summary at January 3, 2014. The present act was created using the SintAct-Acte
Sintetice technology. SintAct and Acte Sintetice are Wolters Kluwer trademarks.