Banks must document in writing their rating systems' design and operational details. The documentation must evidence banks' compliance with the minimum standards, and must address topics such as portfolio differentiation, rating criteria, responsibilities of parties that rate borrowers and facilities, definition of what constitutes a rating exception, parties that have authority to approve exceptions, frequency of rating reviews, and management oversight of the rating process. A bank must document the rationale for its choice of internal rating criteria and must be able to provide analyses demonstrating that rating criteria and procedures are likely to result in ratings that meaningfully differentiate risk. Rating criteria and procedures must be periodically reviewed to determine whether they remain fully applicable to the current portfolio and to external conditions. In addition, a bank must document a history of major changes in the risk rating process, and such documentation must support identification of changes made to the risk rating process subsequent to the last CBB's review. The organisation of rating assignment, including the internal control structure, must also be documented.