In this post we will continue will our overview of ICAAP. In particular we will look at how risk is assessed under ICAAP, how ICAAP addresses future events, how capital derived from the ICAAP should be able to be reconciled with MCR including how differences need to be attributed, and how ICAAP should be monitored and reviewed.
In the assessment of risk, ICAAP must employ a consistent, sound and comprehensive approach for deriving risk measures for all the risks that are material to the bank. By consistent we mean that the assessment must be in line with the bank’s level of risk tolerance and must be calibrated to not be less than the risk tolerance levels assumed for Pillar 1 assessment. However it may not be possible to arrive at a quantitative assessment for some risks which are more difficult to quantity. In such cases a qualitative assessment and management judgment must be employed in arriving at reasonable risk estimates. In addition it is important that for all capital and risk models employed, a degree of qualitative assessment and management judgment with regard to the inputs that go in and outputs that come out of the model must be undertaken. The bottom line is that ICAAP should include all material risks regardless of whether such risks are easily quantifiable or not.
An ICAAP framework should be forward looking. It must account for factors such as changes in the bank’s strategic plan and a range of different business conditions at varying points in the business cycle that could impact the bank’s capital adequacy. Stress tests should be performed to identify plausible severe loss events and adverse changes in market conditions. Stress scenarios should be based on historical movements during times of crises or based on expert judgment and must include supervisory, historical, bank-specific and hypothetical scenarios. The current and future capital requirements must be considered in relation to the bank’s near and longer term capital needs, capital expenditures required for the foreseeable future, target capital levels and external capital sources.
ICAAP should distinguish between the bank’s regulatory, i.e. minimum capital requirements, the actual capital that it holds and the amount of internal capital that it would need to hold for business purposes based on the capital adequacy assessment process. Banks not only have to compute the economic capital under ICAAP, they also need to reconcile this capital with regulatory capital. This involves comparing the internal model and assumptions with the regulatory model and assumptions and then attributing the differences in results to specific factors.
ICAAP should incorporate an adequate risk monitoring and report process. This process should be able to identify how changes in the bank’s profile would impact the bank’s capital requirements. The system employed should allow management and BOD to receive regular reports or updates of the bank’s risk profile and capital needs which would allow them to:
- Evaluate the level and trend of the material risks and the effect on capital
- Evaluate the sensitivity and reasonableness of the assumptions used in assessments
- Determine the sufficiency of capital against various risks
- Determine whether the bank is meeting its internal capital adequacy goals
- Determine whether future capital requirements based on forward looking factors are in line with the banks risk profile.
ICAAP should be reviewed on a regular, dynamic basis to ensure that it continues to assess all material risks and that the capital coverage is adequate and reflects the risk profile of the bank. The process would need to be reviewed if there are changes in the strategic focus, business plan, operating environment and other factors that could materially affect its assumptions and methodologies.
ICAAP and its review process should be subject to an independent internal review to ensure the integrity, reasonableness and accuracy of the process. It should also be subject to internal and external audits to ensure that:
- It remains appropriate with regard to the nature, size and complexity of the bank’s operations,
- The data inputs used are complete and accurate,
- The severe loss scenarios that are considered are reasonable and valid, and
- The methodology, assumptions and inputs of stress tests are adequately analyzed and appropriate
We have reviewed the remaining requirements under ICAAP. In the next post we will discuss some of the main sections of an ICAAP report document.