Internal capital adequacy assessment process template
Information
Table of contents
Small and mid-sized banks (SMSBs), including Category 3 institutions using the simplified risk-based approach, can use this template in their internal capital adequacy assessment process (ICAAP) document. While the use of this template is not mandatory, the ICAAP document should cover all the elements contained in this template. In addition, the ICAAP document should include an additional appendix outlining the risk assessment and quantification methodology used. We expect the board to approve an institution’s ICAAP document.
All SMSBs should complete the ICAAP data return on an annual basis (using actual fiscal year-end data), file it within 90 days of the fiscal year end date through the Regulatory Reporting System, and ensure that the ICAAP document supports the ICAAP data return. Where an SMSB prepares its ICAAP using other than year-end data, it should prepare a board-approved addendum to explain significant differences between what was approved in the ICAAP document and what is shown in the ICAAP data return using actual year-end numbers.
The amount of detail in the ICAAP document will vary based on the size and complexity of the institution. SMSBs can refer to supplementary information such as policies, risk management frameworks, and processes in appendices.
Executive summary
This summary should provide an overview of the ICAAP methodology and results such as:
- Confirmation that the institution (on a consolidated basis) has assessed its capital as adequate given the size and complexity of its business.
- Commentary on the most material risks faced by the institution, why the level of risk is acceptable or, if it is not, what mitigating actions are planned.
- A summary of the main findings of the ICAAP analysis including:
- the level and composition of internal capital the institution believes should be held, with a comparison to the regulatory capital requirement under “Pillar 1” calculation;
- the adequacy of the institution’s risk management processes
- the interconnectedness of financial, strategic, and capital planning for the assessment of capital adequacy and the integration with risk management and decision-making processes;
- whether the institution has adequate capital resources over its planning horizon;
- a summary of the target capital metrics ratified by the board –at a minimum, these should include the Common Equity Tier 1 (CET1) Ratio, Total Capital Ratio and Leverage Ratio; and
- a summary of the stress test results and how they inform and support capital management.
- A summary of the financial position of the institution, its business strategy, balance sheet structure, and projected profitability.
- A description of the review, challenge and approval process of the ICAAP.
Background of ICAAP
This section should provide a high-level overview of the institution’s ICAAP, pulling together the institution’s risk management framework, strategy, business planning, and capital management. The overview should cover relevant policies and systems used by the institution to identify, manage, and monitor risks according to its risk appetite.
Statement of risk appetite
This section should provide a high-level overview of the institution’s risk appetite and set out the frequency of reviews of the risk tolerance by management and the board.
Material risks
This section should provide a concise description of the institution’s risk identification process and outline how the institution identifies material risk areas. Key risks which should be considered as part of an ICAAP include, but are not limited to:
- Credit risk
- Market risk
- Operational risk
- Structural interest rate risk in the banking book (IRRBB)
- Concentration risk
- Funding risk
- Business/Strategic risk
- Reputation risk
- Securitization risk
- Residual risk
- Climate risk
- Any other risks identified
In a separate appendix (include as Appendix A to your ICAAP document), please provide further details on the institution’s risk assessment and quantification methodology, including:
- how the institution defines each of the key risks listed above as well as any other risks identified as key based on the institution’s risk profile;
- how the institution determines the materiality of each key risk; and
- a description of how each material risk is then quantified for capital allocation purposes, including detailed methodology to specify data, assumptions, and calculations.
This appendix should be organized consistently with the ICAAP data return and expand on the quantification methodology used for each Pillar 2 risk identified. That explanation should cover the quantification approach taken (that is, modelled, stress test, expert judgement, etc.) and provide details on how the approach was used, the quantitative results and calibration rationale for the final Pillar 2 capital level used in the institution’s capital target.
For SMSBs exposed to credit risk and/or IRRBB, we expect this to be a core part of their Pillar 2 capital allocation. Additionally, we expect most SMSBs to have capital allocation for operational risk(s), especially those whose core business risks are tied to operational processes rather than credit risk.
Capital planning
This section should include:
- the institution’s “baseline” capital forecasts (at least quarterly, based on the annual business plan);
- a 3-year summary forecast capital position and main assumptions related to the business plan; and
- a description of the institution’s capital planning and management process, including an outline of how the ICAAP is incorporated into this process.
Stress and scenario testing
This section should provide a concise description of how the institution’s stress testing program is used to support capital adequacy assessment and management.
As ICAAP is, first and foremost, a key internal process in the institution’s capital management and planning, stress tests used for the ICAAP should be determined by the institution as deemed appropriate. We expect the institution to develop its own fit-for-purpose forward-looking scenarios that appropriately align with its business model, risk profile, and operating environment. This may include a multifactor stress test covering all its major risks and material portfolios so as to assess its capital resiliency to weather a severe but plausible stress environment.
Where management actions are considered in the internal stress tests, the ICAAP document should clearly articulate the nature of such management actions, including a comprehensive assessment of their feasibility in a severe but plausible stress environment, as well as their respective timeframes to complete those actions. Capital ratio impact of the stress tests should be reported on a pre- and post-management actions basis.
All institutions are also encouraged to conduct a reverse engineered scenario that challenges its viability and would cause a breach in regulatory capital adequacy ratios (CET1 Ratio, Total Capital Ratio, and Leverage Ratio). Such tests may be useful in uncovering hidden risks and interactions among risks.
Please note that at times, we may request institutions to conduct prescribed stress tests and report the results of these stress tests, together with their impact on the ICAAP. These will be communicated separately through the lead supervisors.
Integration of ICAAP into risk management
This section should:
- summarize how the ICAAP has been used by the institution and how it is embedded in the decision making process;
- describe how ICAAP results have been integrated into risk limits setting and monitoring; and
- describe how the ICAAP results are reported to the board.
Challenge and next steps
This section should:
- summarize the extent of challenge and testing of the ICAAP and the control processes applied to the ICAAP calculations;
- outline the board and senior management sign-off procedures;
- identify the nature of any third party review of the ICAAP; and
- identify any plans to enhance the ICAAP going forward.