ICAAP: Process Requirements: Purpose, Pre-requisites, Board of Director Responsibilities and Documentation
In the first of two posts covering the ICAAP requirements we will consider the purpose of ICAAP, the pre-requisites for such a process, the responsibilities of the Board of Directors and Senior Management in the ICAAP framework and the purpose of preparing an ICAAP report.
Internal Capital Adequacy Assessment Process (ICAAP) Requirement
Under Pillar 2, a bank must have an Internal Capital Adequacy Assessment Process (ICAAP) in place. ICAAP consists of internal procedures and systems that ensure that the bank will possess adequate capital resources in the long term to cover all of its material risks. It involves the determination of economic capital as opposed to regulatory capital and is a process that is run in parallel to the regulatory capital requirement determination process. Economic capital is the capital required to cover all risks that is estimated using internal risk models of the bank. ICAAP should be an integral part of the bank’s processes and must be embedded within the organization. Senior management and the Board of Directors (BOD) should be supportive and fully engaged in the process.
The main purpose of ICAAP is to ensure that the bank’s overall capital is adequate in relation to the level of risk it takes or is subject to. The risk profile must be understood. There should be systems in place to quantify and monitor these risks. The extent and depth of the process should be proportional to the nature, size and complexity of the bank’s business processes.
A pre-requisite for an effective ICAAP therefore is a sound risk management framework within the bank. What this entails is that the bank should be subject to strong and effective levels of BOD and senior management oversight; an effective risk monitoring and review process, where the policies and procedures that are used to identify, assess and report all material risks are credible, and a system or process of regular and independent review of ICAAP and its review process.
Within the ICAAP framework the BOD and senior management have the following responsibilities:
- They must set the level of risk appetite/ risk tolerance of the bank.
- They must ensure that the bank operates within the set level of risk tolerance
- They must task the bank’s management to establish a framework for ICAAP. This includes:
- Identifying risks through a thorough analysis of the bank’s activities, its business units, the market environment, historical scenarios, etc.
- Assessing the materiality of the risks identified based on pre-specified levels of materiality
- Quantifying material risks. The models used to quantify the risks should be appropriate based on the level of materiality of the risk being assessed,
- Assessing capital requirements in relation to risks,
- Assessing additional capital requirements for stressed scenarios and capital planning for this additional capital.
- Reconciling ICAAP’s economic capital with Pillar 1 capital
- Reporting and monitoring compliance of the actual processes with those outlined through internal policies and limits.
The purpose of documenting ICAAP is to:
- Inform the bank’s board of directors of the ongoing assessment of all of the firm’s risks. This includes:
- Risks that are not fully captured during the Pillar 1 process such as concentration risks, residual risks that arise from credit risk mitigation, etc.
- Risks that are not taken into account in the Pillar 1 process such as liquidity risk, interest rate risk, strategic risk, reputation risk, concentration risk, securitization risk, , pension obligation risk, insurance risk, etc.
- Risk factors that are external to the bank such as risk arising due to regulatory, economic, business, etc situations.
- Inform the BOD and senior management of the key results of the risk assessments, how the firm intends to mitigate those risks and how much current and future capital is necessary and any issues that could arise.
- Explain its internal capital adequacy assessment process to the supervisor.
The ICAAP report must be approved by the Board of Directors (BOD) or senior management. Therefore the report must be in a format that is easily understood at this level and must contain all necessary information so that the BOD and in turn the supervisor may be able to make an informed judgment and decision regarding the appropriate level of capital to be maintained and the risk management approach used by the bank.
In this post we have looked at some of the requirements of an ICAAP function including the duties of the BOD and the purpose of documenting the process. In the next post we will consider ICAAP’s approach to risk, the nature of its assessment process and the review process.