Date Issued: 07.05.

2004

CIRCULAR NO. 439

The Monetary Board, in its Resolution No. 889 dated 23 June 2004, approved the following rules
and regulations that shall govern the development and implementation of banks’ internal credit risk
rating systems:

Section 1. Statement of Policy

It is the policy of the Bangko Sentral ng Pilipinas (BSP) to ensure that banks’ credit risk
management processes are sound and effective. Towards this end, the following rules and
regulations that shall govern the use of banks’ internal credit risk rating systems are hereby
prescribed:

Section 2. Scope

All universal and commercial banks must have in place a formal internal credit risk rating system for
the underwriting and ongoing administration, initially, of corporate credit exposures. The internal
credit risk rating system must be appropriate to a bank’s nature, complexity and scale of activities.

Initially and until such time that the Monetary Board prescribes otherwise, corporate credit exposure
shall be defined as exposures to companies with assets of more than P15 million.

Section 3. Minimum Operational Requirements

1) A bank’s internal credit risk rating system must be duly approved by the board of directors (or
equivalent management committee in the case of Philippine branches of foreign banks). The board
should exercise appropriate oversight over the system in a consistent manner.

2) A bank’s internal credit risk rating system must be operationally integrated into its internal
credit risk management process. Its output should accordingly be an integral part of the process of
evaluation and review of prospective and existing exposures, respectively. Credit underwriting
criteria should become progressively more conservative as credit rating declines. All credit
decisions must be supported by a written assessment. In the context of ongoing review,
provisioning standards must be rationally tied to the internal credit rating system.

3) Banks must have an independent credit risk control function that is responsible for the design,
implementation and performance of their credit risk rating systems. The credit risk control function
must be independent from the business functions responsible for originating exposures.

4) Internal ratings must be an essential part of annual or more frequent reporting of banks’
changing portfolio quality over time to the board of directors (or equivalent management committee
in the case of Philippine branches of foreign banks). Reporting must include portfolio breakdown by
credit grade, major portfolio segments breakdown by credit grade, and analysis of realized default
rates against expectations.

5) Internal and external audit must also review at least annually the bank’s internal rating system
and its operations, including the operations of the credit risk control function.
Section 4. Minimum Technical Standards

1) Banks must fully document their internal credit risk rating systems. The documentation must
address topics such as coverage, rating criteria, responsibilities of parties involved in the ratings
process, definition of what constitutes a rating exception, parties that have authority to approve
exceptions, frequency of rating reviews, and management oversight of the rating process. A bank
must document the rationale for its choice of rating criteria and must be able to provide analyses
demonstrating that the rating criteria and procedures are likely to result in ratings that meaningfully
differentiate risk.

2) The rating criteria should reflect an established blend of qualitative and quantitative factors.
Transparent ranges need to be set for the quantitative standards based on experience. The
quantitative criteria must include leverage and cash flow standards.

3) Banks must maintain rating histories on individual accounts, which shall include the ratings of
the account, the dates the ratings were assigned, the methodology and key data used to derive the
ratings and the analyst who gave the ratings. The identity of borrowers and facilities that default,
and the timing and circumstances of such defaults, must be retained. Banks must also retain data
on the realized default rates associated with rating grades and ratings migration in order to
eventually track the predictive power of the risk rating system.

4) A bank’s internal credit risk rating system must have a minimum of 6 rating grades for
unclassified accounts and 4 rating grades for classified accounts, which must be assigned in a
consistent manner over time. Moreover, the rating system must result in a meaningful distribution
of exposures across grades with no excessive concentrations on a single rating grade.

5) The ratings output of banks’ internal credit risk rating systems must contain both a borrower
and a facility dimension. The borrower dimension should focus on factors that affect the inherent
credit quality of each borrower. The facility dimension, on the other hand, should focus on
security/collateral arrangements and other similar risk influencing factors of each transaction.

6) In rating corporate borrowers with total assets of more than P15 million, only financial
statements audited by SEC-accredited external auditors shall be used starting with the 2005
financial statements.

Section 5. Timetable for Implementation

1) Banks must submit an implementation plan to the appropriate supervision and examination
department of the BSP no later than 31 July 2004. A monetary penalty of ten thousand pesos
(P10,000) per banking day shall be imposed for delay until such plan is submitted.

2) A fully documented internal credit risk rating system, duly approved by the board of directors,
must be submitted to the BSP not later than 31 December 2004. Upon submission of the system,
all prospective and existing corporate accounts must immediately be evaluated and monitored
according to such system. A monetary penalty of ten thousand pesos (P10,000) per banking day
shall be imposed for delay until this requirement is complied with.

This Circular shall take effect fifteen (15) days following its publication either in the Official Gazette
or in a newspaper of general circulation.
FOR THE MONETARY BOARD:

RAFAEL B. BUENAVENTURA
Governor