GUIDELINES ON BANKS’ INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
(Appendix to Sec. 130)
1. This document sets out the broad guidelines that UBs and KBs (hereinafter referred to as ‘banks’) should follow in the design and use of their Internal Capital Adequacy Assessment Process (ICAAP). A bank’s ICAAP supplements the Bangko Sentral’s Risk-Based Capital Adequacy Framework (the Framework) as contained in existing regulations and, thus, must be applied on a group-wide basis, i.e., it should cover all of a bank’s subsidiaries and affiliates.
2. Although the Framework prescribes the guidelines for determining banks’ minimum regulatory capital requirements in relation to their exposure to credit risk, market risk and operational risk, a bank’s Board of Directors and senior management are still ultimately responsible in ensuring that the bank maintains an appropriate level and quality of capital commensurate not just with the risks covered by the Framework, but also with all other material risks to which it is exposed. Hence, a bank must have in place an ICAAP that takes into account all of these risks.
B. Guiding principles
1. Banks must have a process for assessing their capital adequacy relative to their risk profile (an ICAAP).
2. The ICAAP is the responsibility of banks. Banks are responsible for setting internal capital targets that are consistent with their risk profile, operating environment, and strategic/business plans. The ICAAP should be tailored to a bank’s circumstances and needs, and it should use the inputs and definitions that a bank normally uses for internal purposes.
3. Banks’ ICAAP (i.e., the methodologies, assumptions and procedures) and other policies supporting it (e.g., capital policy, risk management policy, etc.) should be formally documented, and they should be reviewed and approved by the board. The results of the ICAAP should also be regularly reported to the board.
4. The ICAAP should form an integral part of banks’ risk management processes so as to enable the board and senior management to assess, on an on-going basis, the risks that are inherent in their activities and material to their bank. This could range from using the ICAAP in more general business decisions (e.g., expansion plans) and budgets, to the more specific decisions such as allocating capital to business units, or to having it play a role in the individual credit decision process.
5. The ICAAP should be reviewed by the board and senior management at least annually, or as often as is deemed necessary to ensure that risks are covered adequately and that capital coverage reflects the actual risk profile of their bank. Moreover, any changes in a bank’s strategic focus, business plan, operating environment or other factors that materially affect assumptions or methodologies used in the ICAAP should initiate appropriate adjustments to the ICAAP. New risks that occur in the business of a bank should be identified and incorporated into the ICAAP. The ICAAP and its review process should be subject to independent internal or external review. Results thereof should be communicated to the board and senior management.
6. Banks should set capital targets which are consistent with their risk profile, operating environment, and business plans. Banks, however, may take other considerations into account in deciding how much capital to hold, such as external rating goals, market reputation and strategic goals. If these other considerations are included in the process, banks must be able to show to the Bangko Sentral how they influenced their decisions concerning the amount of capital to hold.
7. The ICAAP should capture the risks covered under the Framework – credit risk, market risk, and operational risk. If applicable, banks should disclose major differences between the treatments of these risks in the calculation of minimum regulatory capital requirement under the Framework and under the ICAAP. In addition, the ICAAP should also consider other material risks that banks are exposed to, albeit that there is no standard definition of materiality. Banks are free to use their own definition, albeit that they should be able to explain this in detail to the Bangko Sentral, including the methods used, and the coverage of all material risks. These other material risks may include any of the following:
a. Risks not fully captured under the Framework, for example, credit concentration risk, risk posed by non- performing assets, risk posed by contingent exposures, etc.;
b. Risks not covered under the Framework. As a starting point, banks may choose to use the other risks identified under Circular No. 510 dated 03 February 2006. Some of these risks are less likely to lend themselves to quantitative approaches, in which cases banks are expected to employ more qualitative methods of assessment and mitigation. Banks should clearly establish for which risks a quantitative measure is warranted, and for which risks a qualitative measure is the correct risk assessment and mitigation tool; and
c. Risk factors external to banks. These include risks which may arise from the regulatory, economic or business environment.
8. Banks should have a documented process for assessing risks. This process may operate either at the level of the individual banks within the banking group, or at the banking group level. Banks are likely to find that some risks are easier to measure than others, depending on the availability of information. This implies that their ICAAP could be a mixture of detailed calculations and estimates. It is also important that banks not rely on quantitative methods alone to assess their capital adequacy, but include an element of qualitative assessment and management judgment of inputs and outputs. Non-quantifiable risks should be included if they are material, even if they can only be estimated. This requirement might be eased if banks can demonstrate that they have an appropriate policy for mitigating/managing these risks.
9. The ICAAP should take into account banks’ strategic plans and how they relate to macro-economic factors. Banks should develop an internal strategy for maintaining capital levels which can incorporate factors such as loan growth expectations, future sources and uses of funds and dividend policy, and any procyclical variation of minimum regulatory capital requirements.
10. The results and findings of the ICAAP should feed into banks’ evaluation of their strategy and risk appetite. For less sophisticated banks in particular, for which genuine strategic capital planning is likely to be more difficult, the results of the process should mainly influence the bank’s management of its risk profile (for example, via changes to its lending behavior or through the use of risk mitigants). The ICAAP should produce a reasonable overall capital number and assessment. Banks should be able to explain to the Bangko Sentral’s satisfaction the similarities and differences between its ICAAP and its minimum regulatory capital requirements under the Framework.
C. ICAAP Methodologies
1. While banks may use simple or model-based ICAAP methodologies depending on what they think is appropriate for them (please see Annex B of Appendix 94 for description of the different broad classification of methodologies), at the minimum, the Bangko Sentral expects banks to adopt an ICAAP based on the minimum regulatory capital requirement under the Framework and, where applicable, assess extra capital proportionate to the other risks that are not covered under said Framework. This requires an assessment first of whether the risks covered under the Framework – credit risk, market risk and operational risk – are fully captured, and second, how much capital to allocate against other risks and external factors.
2. Regardless of which methodology a bank decides to adopt, it should compare its actual and future projected capital with the actual and future internal capital need arising from the assessment. The actual calculation and allocation of capital always needs to be supplemented by sufficiently robust qualitative procedures, measures and provisions to identify, manage, control and monitor all risks.
3. The ICAAP will always consist of two parts. One part covers all steps necessary for assessing the risks. The other part covers all steps necessary to assess the actual capital (risk-taking capacity). As these two parts will always meet at the end of the ICAAP and have to be in balance, there is no procedure which says which part has to be assessed first.
4. After choosing its ICAAP methodology, a bank could take its thinking through the following steps in developing the ICAAP:
a. Risk identification
b. Capital assessment
c. Forward capital planning
d. ICAAP outcome
(Circular No. 869 dated 30 January 2015)
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
What is an ICAAP document?
1. EXECUTIVE SUMMARY
i. The purpose of the report and which group entities are covered by the ICAAP;
ii. The main findings of the ICAAP analysis:
• How much and what composition of internal capital the bank considers it should hold as compared with the capital adequacy requirement under the existing Bangko Sentral Risk-Based Capital Adequacy Framework (the Framework), and
• The adequacy of the bank’s risk management processes given the risks assumed;
iii. A summary of the financial position of the business, including the strategic position of the bank, its balance sheet strength, and future profitability;
iv. Brief descriptions of the capital and dividend plan; how the bank intends to manage capital going forward and for what purposes;
v. Commentary on the most material risks, why the level of risk is acceptable or, if it is not, what mitigating actions are planned;
vi. Commentary on major issues where further analysis and decisions are required; and
vii. Who has carried out the assessment, how it has been challenged, and who has approved it.
3. CAPITAL ADEQUACY
The section would then include a detailed review of the capital adequacy of the bank.
The information provided would include:
i. The effective date of the ICAAP calculations together with consideration of any events between this date and the date of submission which would materially impact the ICAAP calculation together with their effects; and
ii. Details of, and rationale for, the time period over which capital has been assessed.
i. An identification of the major risks faced in each of the following categories:
• credit risk;
• market risk;
• interest rate risk in the banking book;
• liquidity risk;
• operational risk;
• compliance risk;
• strategic/business risk; and
• reputation risk;
ii. And for each, an explanation of how the risk has been assessed and, where appropriate, the quantitative results of that assessment;
iii. Where relevant, a comparison of that assessment with the results of the assessment under the Framework (specifically for credit risk, market risk, and operational risk);
iv. A clear articulation of the bank’s risk appetite by risk category if this varies from the assessment; and
v. Where relevant, an explanation of any other methods apart from capital used to mitigate the risks.
Methodology and assumptions
4. CURRENT AND PROJECTED FINANCIAL AND CAPITAL POSITIONS
5. CAPITAL PLANNING
i. the bank’s capital resources and future earnings; and
ii. the bank’s capital adequacy requirement under the Framework taking into account future changes in its projected balance sheet.
6. CHALLENGE AND ADOPTION OF THE ICAAP
7. USE OF THE ICAAP WITHIN THE BANK
ALTERNATIVE INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS METHODOLOGIES