SAFETY AND SOUNDNESS—Interest-Rate Risk; Joint Agency Policy Statement

This joint agency policy statement provides guidance to banks on prudent interest-rate risk management principles. The three federal banking agencies—the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of the Comptroller of the Currency (“agencies”)—believe that effective interest-rate risk management is an essential component of safe and sound banking practices. The agencies are issuing this statement to provide guidance to banks on this subject and to assist bankers and examiners in evaluating the adequacy of a bank’s management of interest-rate risk. ¹

This statement applies to all federally insured commercial and FDIC-supervised savings banks (“banks”). Because market conditions, bank structures, and bank activities vary, each bank needs to develop its own interest rate risk management program tailored to its needs and circumstances. Nonetheless, there are certain elements that are fundamental to sound interest-rate risk management, including appropriate board and senior management oversight and a comprehensive risk-management process that effectively identifies, measures, monitors, and controls risk. This statement describes prudent principles and practices for each of these elements.

The adequacy and effectiveness of a bank’s interest-rate risk management process and the level of its interest-rate exposure are critical factors in the agencies’ evaluation of the bank’s capital adequacy. A bank with material weaknesses in its risk-management process or high levels of exposure relative to its capital will be directed by the agencies to take corrective action. Such actions will include recommendations or directives to raise additional capital, strengthen management expertise, improve management information and measurement systems, reduce levels of exposure, or some combination thereof, depending upon the facts and circumstances of the individual institution.

When evaluating the applicability of specific guidelines provided in this statement and the level of capital needed for interest-rate risk, bank management and examiners should consider factors such as the size of the bank, the nature and complexity of its activities, and the adequacy of its capital and earnings in relation to the bank’s overall risk profile.

Interest-rate risk is the exposure of a bank’s financial condition to adverse movements in interest rates. It results from differences in the maturity or timing of coupon adjustments of bank assets, liabilities, and off-balance-sheet instruments (repricing or maturity-mismatch risk); from changes in the slope of the yield curve (yield-curve risk); from imperfect correlations in the adjustment of rates earned and paid on different instruments with otherwise similar repricing characteristics (basis risk —e.g., three-month Treasury bill versus three-month LIBOR); and from interest rate-related options embedded in bank products (option risk).

Changes in interest rates affect a bank’s earnings by changing its net interest income and the level of other interest-sensitive income and operating expenses. Changes in interest rates also affect the underlying economic value² of the bank’s assets, liabilities and off-balance-sheet instruments because the present value of future cash flows and in some cases, the cash flows themselves, change when interest rates change. The combined effects of the changes in these present values reflect the change in the bank’s underlying economic value.

As financial intermediaries, banks accept and manage interest-rate risk as an inherent part of their business. Although banks have always had to manage interest-rate risk, changes in the competitive environment in which banks operate and in the products and services they offer have increased the importance of prudently managing this risk. This guidance is intended to highlight the key elements of prudent interest-rate risk management. The agencies expect that in implementing this guidance, bank boards of directors and senior managements will provide effective oversight and ensure that risks are adequately identified, measured, monitored, and controlled.

Effective board and senior management oversight of a bank’s interest-rate risk activities is the cornerstone of a sound risk-management process. The board and senior management are responsible for understanding the nature and level of interest-rate risk being taken by the bank and how that risk fits within the overall business strategies of the bank. They are also responsible for ensuring that the formality and sophistication of the risk-management process is appropriate for the overall level of risk. Effective risk-management requires an informed board, capable management, and appropriate staffing.

For its part, a bank’s board of directors has two broad responsibilities:

Senior management is responsible for ensuring that interest-rate risk is managed on both a long-range and day-to-day basis. In managing the bank’s activities, senior management should —

Effective control of interest-rate risk requires a comprehensive risk-management process that includes the following elements:

The formality and sophistication of these elements may vary significantly among institutions, depending upon the level of the bank’s risk and the complexity of its holdings and activities. Banks with noncomplex activities and relatively short-term balance-sheet structures presenting relatively low risk levels and whose senior managers are actively involved in the details of day-to-day operations may be able to rely on a relatively basic and less formal interest-rate risk management process, provided their procedures for managing and controlling risks are communicated clearly and are well understood by all relevant parties.

More complex organizations and those with higher interest-rate risk exposures or holdings of complex instruments with significant interest rate - related option characteristics may require more elaborate and formal interest-rate risk management processes. Risk-management processes for these banks should address the institution’s broader and typically more complex range of financial activities and provide senior managers with the information they need to monitor and direct day-to-day activities. Moreover, the more complex interest-rate risk management processes employed at these institutions require adequate internal controls that include internal and/or external audits or other appropriate oversight mechanisms to ensure the integrity of the information used by the board and senior management in overseeing compliance with policies and limits. Those individuals involved in the risk-management process (or risk-management units) in these banks must be sufficiently independent of the business lines to ensure adequate separation of duties and to avoid conflicts of interest.

The board and senior management should ensure that the structure of the bank’s business and the level of interest-rate risk it assumes are effectively managed and that appropriate policies and practices are established to control and limit risks. This includes delineating clear lines of responsibility and authority for the following areas:

In some institutions the board and senior management may rely on a committee of senior managers to manage this process. An institution should also have policies for identifying the types of instruments and activities that the bank may use to manage its interest-rate risk exposure. Such policies should clearly identify permissible instruments, either specifically or by their characteristics, and should also describe the purposes or objectives for which they may be used. As appropriate to the size and complexity of the bank, the policies should also help delineate procedures for acquiring specific instruments, managing portfolios, and controlling the bank’s aggregate interest-rate risk exposure.

Policies that establish appropriate risk limits that reflect the board’s risk tolerance are an important part of an institution’s risk-management process and control structure. At a minimum, these limits should be board-approved and ensure that the institution’s interest-rate exposure will not lead to an unsafe and unsound condition. Senior management should maintain a bank’s exposure within the board-approved limits. Limit controls should ensure that positions that exceed certain predetermined levels receive prompt management attention. An appropriate limit system should permit management to control interest-rate risk exposures, initiate discussion about opportunities and risk, and monitor actual risk taking against predetermined risk tolerances.

A bank’s limits should be consistent with the bank’s overall approach to measuring interest-rate risk and should be based on capital levels, earnings, performance, and the risk tolerance of the institution. The limits should be appropriate to the size, complexity, and capital adequacy of the institution and address the potential impact of changes in market interest rates on both reported earnings and the bank’s economic value of equity (EVE). From an earnings perspective, a bank should explore limits on net income as well as net interest income in order to fully assess the contribution of non-interest income to the interest-rate risk exposure of the bank. Such limits usually specify acceptable levels of earnings volatility under specified interest-rate scenarios. A bank’s EVE limits should reflect the size and complexity of its underlying positions. For banks with few holdings of complex instruments and low risk profiles, simple limits on permissible holdings or allowable repricing mismatches in intermediate- and long-term instruments may be adequate. At more complex institutions, more extensive limit structures may be necessary. Banks that have significant intermediate- and long-term mismatches or complex options positions should have limits in place that quantify and constrain the potential changes in economic value or capital of the bank that could arise from those positions.

Accurate and timely identification and measurement of interest rate risk are necessary for proper risk management and control. The type of measurement system that a bank requires to operate prudently depends upon the nature and mix of its business lines and the interest-rate risk characteristics of its activities. The bank’s measurement system(s) should enable management to recognize and identify risks arising from the bank’s existing activities and from new business initiatives. It should also facilitate accurate and timely measurement of its current and potential interest-rate risk exposure.

The agencies believe that a well-managed bank will consider both earnings and economic perspectives when assessing the full scope of its interest-rate risk exposure. The impact on earnings is important because reduced earnings or outright losses can adversely affect a bank’s liquidity and capital adequacy. Evaluating the possibility of an adverse change in a bank’s economic value of equity is also useful, since it can signal future earnings and capital problems. Changes in economic value can also affect the liquidity of bank assets, because the cost of selling depreciated assets to meet liquidity needs may be prohibitive.

Since the value of instruments with intermediate and long maturities or embedded options is especially sensitive to interest-rate changes, banks with significant holdings of these instruments should be able to assess the potential longer-term impact of changes in interest rates on the value of these positions and the future performance of the bank.

Measurement systems for evaluating the effect of rates on earnings may focus on either net interest income or net income. Institutions with significant non-interest income that is sensitive to changing rates should focus special attention on net income. Measurement systems used to assess the effect of changes in interest rates on reported earnings range from simple maturity-gap reports to more sophisticated income-simulation models. Measurement approaches for evaluating the potential effect on economic value of an institution may, depending on the size and complexity of the institution, range from basic position reports on holdings of intermediate, long-term and/or complex instruments to simple mismatch weighting techniques to formal static or dynamic cash-flow-valuation models.

Regardless of the type and level of complexity of the measurement system used, bank management should ensure the adequacy and completeness of the system. Because the quality and reliability of the measurement system is largely dependent upon the quality of the data and various assumptions used in the model, management should give particular attention to these items.

The measurement system should include all material interest-rate positions of the bank and consider all relevant repricing and maturity data. Such information will generally include (i) current balance and contractual rate of interest associated with the instruments and portfolios; (ii) principal payments,interest-reset dates, and maturities; and (iii) the rate index used for repricing and contractual interest-rate ceilings or floors for adjustable-rate items. The system should also have well-documented assumptions and techniques.

Bank management should ensure that risk is measured over a probable range of potential interest-rate changes, including meaningful stress situations. In developing appropriate rate scenarios, bank management should consider a variety of factors such as the shape and level of the current term structure of interest rates and historical rate movements. The scenarios used should incorporate a sufficiently wide change in market interest rates (e.g., +/− 200 basis points over a one year horizon) and include immediate or gradual changes in market interest rates as well as changes in the shape of the yield curve in order to capture the material effects of any explicit or embedded options.

Assumptions about customer behavior and new business activity should be reasonable and consistent with each rate scenario that is evaluated. In particular, as part of its measurement process, bank management should consider how the maturity, repricing, and cash flows of instruments with embedded options may change under various scenarios. Such instruments would include loans that can be prepaid without penalty prior to maturity or have limits on the coupon adjustments, and deposits with unspecified maturities or rights of early withdrawal.

Institutions should also establish an adequate system for monitoring and reporting risk exposures. A bank’s senior management and its board or a board committee should receive reports on the bank’s interest-rate risk profile at least quarterly. More frequent reporting may be appropriate depending on the bank’s level of risk and the potential that the level of risk could change significantly. These reports should allow senior management and the board or committee to—

The reports provided to the board and senior management should be clear, concise, and timely and provide the information needed for making decisions.

A bank’s internal-control structure is critical to the safe and sound functioning of the organization generally and to its interest-rate risk management process in particular. Establishing and maintaining an effective system of controls, including the enforcement of official lines of authority and the appropriate separation of duties, are two of management’s more important responsibilities. Individuals responsible for evaluating risk-monitoring and -control procedures should be independent of the function they are assigned to review.

Effective control of the interest-rate risk management process includes independent review and, where appropriate, internal and external audit. The bank should conduct periodic reviews of its risk-management process to ensure its integrity, accuracy, and reasonableness. Items that should be reviewed and validated include—

The scope and formality of the review and validation will depend on the size and complexity of the bank. At large banks, internal and external auditors may have their own models against which the bank’s model is tested. Banks with complex risk-measurement systems should have their models or calculations validated by an independent source— either an internal risk-control unit of the bank or outside auditors or consultants.

The findings of this review should be reported to the board on an annual basis. The report should provide a brief summary of the bank’s interest-rate risk measurement techniques and management practices. It also should identify major critical assumptions used in the risk-measurement process, discuss the process used to derive those assumptions, and provide an assessment of the impact of those assumptions on the bank’s measured exposure.