GUIDELINES ON BANKS’ INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
(Appendix to Sec. 130)
A. Introduction
1. This document sets out the broad guidelines that UBs and KBs (hereinafter referred to as ‘banks’) should follow in the design and use of their Internal Capital Adequacy Assessment Process (ICAAP). A bank’s ICAAP supplements the Bangko Sentral’s Risk-Based Capital Adequacy Framework (the Framework) as contained in existing regulations and, thus, must be applied on a group-wide basis, i.e., it should cover all of a bank’s subsidiaries and affiliates.
2. Although the Framework prescribes the guidelines for determining banks’ minimum regulatory capital requirements in relation to their exposure to credit risk, market risk and operational risk, a bank’s Board of Directors and senior management are still ultimately responsible in ensuring that the bank maintains an appropriate level and quality of capital commensurate not just with the risks covered by the Framework, but also with all other material risks to which it is exposed. Hence, a bank must have in place an ICAAP that takes into account all of these risks.
B. Guiding principles
1. Banks must have a process for assessing their capital adequacy relative to their risk profile (an ICAAP).
2. The ICAAP is the responsibility of banks. Banks are responsible for setting internal capital targets that are consistent with their risk profile, operating environment, and strategic/business plans. The ICAAP should be tailored to a bank’s circumstances and needs, and it should use the inputs and definitions that a bank normally uses for internal purposes.
3. Banks’ ICAAP (i.e., the methodologies, assumptions and procedures) and other policies supporting it (e.g., capital policy, risk management policy, etc.) should be formally documented, and they should be reviewed and approved by the board. The results of the ICAAP should also be regularly reported to the board.
In addition, the board and senior management are responsible for integrating capital planning and capital management into banks’ overall management culture and approach. They should ensure that formal capital planning and management policies and procedures are communicated and implemented group-wide and supported by sufficient authority and resources.
Banks’ ICAAP document should be submitted to the appropriate supervising department of the Bangko Sentral every 31 March of each year. A suggested format of the ICAAP submission to the Bangko Sentral is provided in Annex A of Appendix 94.
4. The ICAAP should form an integral part of banks’ risk management processes so as to enable the board and senior management to assess, on an on-going basis, the risks that are inherent in their activities and material to their bank. This could range from using the ICAAP in more general business decisions (e.g., expansion plans) and budgets, to the more specific decisions such as allocating capital to business units, or to having it play a role in the individual credit decision process.
5. The ICAAP should be reviewed by the board and senior management at least annually, or as often as is deemed necessary to ensure that risks are covered adequately and that capital coverage reflects the actual risk profile of their bank. Moreover, any changes in a bank’s strategic focus, business plan, operating environment or other factors that materially affect assumptions or methodologies used in the ICAAP should initiate appropriate adjustments to the ICAAP. New risks that occur in the business of a bank should be identified and incorporated into the ICAAP. The ICAAP and its review process should be subject to independent internal or external review. Results thereof should be communicated to the board and senior management.
6. Banks should set capital targets which are consistent with their risk profile, operating environment, and business plans. Banks, however, may take other considerations into account in deciding how much capital to hold, such as external rating goals, market reputation and strategic goals. If these other considerations are included in the process, banks must be able to show to the Bangko Sentral how they influenced their decisions concerning the amount of capital to hold.
7. The ICAAP should capture the risks covered under the Framework – credit risk, market risk, and operational risk. If applicable, banks should disclose major differences between the treatments of these risks in the calculation of minimum regulatory capital requirement under the Framework and under the ICAAP. In addition, the ICAAP should also consider other material risks that banks are exposed to, albeit that there is no standard definition of materiality. Banks are free to use their own definition, albeit that they should be able to explain this in detail to the Bangko Sentral, including the methods used, and the coverage of all material risks. These other material risks may include any of the following:
a. Risks not fully captured under the Framework, for example, credit concentration risk, risk posed by non- performing assets, risk posed by contingent exposures, etc.;
b. Risks not covered under the Framework. As a starting point, banks may choose to use the other risks identified under Circular No. 510 dated 03 February 2006. Some of these risks are less likely to lend themselves to quantitative approaches, in which cases banks are expected to employ more qualitative methods of assessment and mitigation. Banks should clearly establish for which risks a quantitative measure is warranted, and for which risks a qualitative measure is the correct risk assessment and mitigation tool; and
c. Risk factors external to banks. These include risks which may arise from the regulatory, economic or business environment.
8. Banks should have a documented process for assessing risks. This process may operate either at the level of the individual banks within the banking group, or at the banking group level. Banks are likely to find that some risks are easier to measure than others, depending on the availability of information. This implies that their ICAAP could be a mixture of detailed calculations and estimates. It is also important that banks not rely on quantitative methods alone to assess their capital adequacy, but include an element of qualitative assessment and management judgment of inputs and outputs. Non-quantifiable risks should be included if they are material, even if they can only be estimated. This requirement might be eased if banks can demonstrate that they have an appropriate policy for mitigating/managing these risks.
9. The ICAAP should take into account banks’ strategic plans and how they relate to macro-economic factors. Banks should develop an internal strategy for maintaining capital levels which can incorporate factors such as loan growth expectations, future sources and uses of funds and dividend policy, and any procyclical variation of minimum regulatory capital requirements.
Banks should also have an explicit, board-approved capital plan which states their objectives and the time horizon for achieving those objectives, and in broad terms the capital planning process and the responsibilities for that process. The plan should also lay out how banks will comply with capital requirements in the future, any relevant limits related to capital, and a general contingency plan for dealing with divergences and unexpected events (for example, raising additional capital, restricting business, or using risk mitigation techniques).
In addition, banks should conduct appropriate scenario/stress tests which take into account, for example, the risks specific to the particular stage of the business cycle. Banks should analyze the impact that new legislation/regulation, actions of competitors or other factors may have on their performance, in order to determine what changes in the environment they could sustain.
10. The results and findings of the ICAAP should feed into banks’ evaluation of their strategy and risk appetite. For less sophisticated banks in particular, for which genuine strategic capital planning is likely to be more difficult, the results of the process should mainly influence the bank’s management of its risk profile (for example, via changes to its lending behavior or through the use of risk mitigants). The ICAAP should produce a reasonable overall capital number and assessment. Banks should be able to explain to the Bangko Sentral’s satisfaction the similarities and differences between its ICAAP and its minimum regulatory capital requirements under the Framework.
C. ICAAP Methodologies
1. While banks may use simple or model-based ICAAP methodologies depending on what they think is appropriate for them (please see Annex B of Appendix 94 for description of the different broad classification of methodologies), at the minimum, the Bangko Sentral expects banks to adopt an ICAAP based on the minimum regulatory capital requirement under the Framework and, where applicable, assess extra capital proportionate to the other risks that are not covered under said Framework. This requires an assessment first of whether the risks covered under the Framework – credit risk, market risk and operational risk – are fully captured, and second, how much capital to allocate against other risks and external factors.
2. Regardless of which methodology a bank decides to adopt, it should compare its actual and future projected capital with the actual and future internal capital need arising from the assessment. The actual calculation and allocation of capital always needs to be supplemented by sufficiently robust qualitative procedures, measures and provisions to identify, manage, control and monitor all risks.
3. The ICAAP will always consist of two parts. One part covers all steps necessary for assessing the risks. The other part covers all steps necessary to assess the actual capital (risk-taking capacity). As these two parts will always meet at the end of the ICAAP and have to be in balance, there is no procedure which says which part has to be assessed first.
4. After choosing its ICAAP methodology, a bank could take its thinking through the following steps in developing the ICAAP:
a. Risk identification
A bank could prepare a list of all material risks to which it is exposed; for that purpose it may find it useful to identify and consider its largest past losses and whether those losses are likely to recur. The identification of all material risk to which a bank is exposed should be conducted in a forward looking manner.
b. Capital assessment
For all the risks identified through the process above, a bank could then consider how it would act, and the amount of capital that would be absorbed, in the event that one or more of the risks identified was to materialize.
c. Forward capital planning
A bank could then consider how its capital need as calculated above might change in line with its business plans over its strategic time horizon, and how it might respond to these changes. In doing so, a bank may want to perform a sensitivity analysis to understand how sensitive its capital is to changes in internal and external factors such as business risks, and changes in economic/ business cycles.
d. ICAAP outcome
Finally, a bank should document the ranges of capital required as identified above and form an overall view on the amount of internal capital which it should hold.
(Circular No. 869 dated 30 January 2015)
____________________________________________________________________________
Annex A
INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS
(Suggested Format)
The Bangko Sentral expects that there would be a fair degree of variation in the length and format of submissions since banks’ business and risk profiles differ. As such the ICAAP document should be proportional to the size, nature and complexity of a bank’s business.
This format has been provided as a starting point. Banks are not required to adopt this format. However, adopting this format may be convenient for banks as it covers the minimum issues which typically would be the subject of review by the Bangko Sentral and may therefore make the review process more efficient for both the bank and the Bangko Sentral . Equally, use of this template is not a substitute for being aware of the relevant rules.
What is an ICAAP document?
An ICAAP document is a bank’s explanation to the Bangko Sentral of its internal capital adequacy assessment process. While this may be based on existing internal documentation from numerous sources, the Bangko Sentral will clearly find it helpful to have a summary prepared to communicate the key results and issues to it at a senior level. Since the Bangko Sentral will be basing many of its views on the information contained in the ICAAP document, the bank’s board of directors and senior management should have formally approved its contents. As such, the Bangko Sentral would expect the ICAAP document to be in a format that can be easily understood at a high level and to contain all the relevant information that is necessary for the bank and Bangko Sentral to make an informed judgment and decision as to the appropriate capital level and risk management approach.
Where appropriate, technical information on risk measurement and capital methodologies, and all other works carried out to validate the approach (e.g., board papers and minutes, internal or external reviews) could be contained in appendices.
1. EXECUTIVE SUMMARY
The purpose of the Executive Summary is to present an overview of the ICAAP methodology and results. This overview would typically include:
i. The purpose of the report and which group entities are covered by the ICAAP;
ii. The main findings of the ICAAP analysis:
• How much and what composition of internal capital the bank considers it should hold as compared with the capital adequacy requirement under the existing Bangko Sentral Risk-Based Capital Adequacy Framework (the Framework), and
• The adequacy of the bank’s risk management processes given the risks assumed;
iii. A summary of the financial position of the business, including the strategic position of the bank, its balance sheet strength, and future profitability;
iv. Brief descriptions of the capital and dividend plan; how the bank intends to manage capital going forward and for what purposes;
v. Commentary on the most material risks, why the level of risk is acceptable or, if it is not, what mitigating actions are planned;
vi. Commentary on major issues where further analysis and decisions are required; and
vii. Who has carried out the assessment, how it has been challenged, and who has approved it.
2. BACKGROUND
This section would cover the relevant organizational structure and business lines, and historical financial data for the bank (e.g., group structure (legal and operational), operating profit, profit before tax, profit after tax, dividends, equity, capital resources held and as compared with regulatory requirements, total loans, total deposits, total assets, etc., and any conclusions that can be drawn from trends in the data which may have implications for the bank’s future).
3. CAPITAL ADEQUACY
This section could start with a description of the risk appetite used in the ICAAP. It is vital for the Bangko Sentral to understand whether the bank is presenting its view regarding: (1) the amount of capital required to meet minimum regulatory needs, or (2) the amount of capital that a bank believes it needs to meet its business objectives (e.g., whether the capital required is based on a particular desired credit rating, or includes buffers for strategic purposes, or minimizes the chances of breaching regulatory requirements). A description of the methodology used to assess the bank’s capital adequacy should also be included.
The section would then include a detailed review of the capital adequacy of the bank.
The information provided would include:
Timing
i. The effective date of the ICAAP calculations together with consideration of any events between this date and the date of submission which would materially impact the ICAAP calculation together with their effects; and
ii. Details of, and rationale for, the time period over which capital has been assessed.
Risks analyzed
i. An identification of the major risks faced in each of the following categories:
• credit risk;
• market risk;
• interest rate risk in the banking book;
• liquidity risk;
• operational risk;
• compliance risk;
• strategic/business risk; and
• reputation risk;
ii. And for each, an explanation of how the risk has been assessed and, where appropriate, the quantitative results of that assessment;
iii. Where relevant, a comparison of that assessment with the results of the assessment under the Framework (specifically for credit risk, market risk, and operational risk);
iv. A clear articulation of the bank’s risk appetite by risk category if this varies from the assessment; and
v. Where relevant, an explanation of any other methods apart from capital used to mitigate the risks.
The discussion here would make clear which additional risks the bank considers material to its operation and, thus, would warrant additional capital on top of that required for credit risk, market risk, and operational risk under the Framework.
Methodology and assumptions
A description of how assessments for each of the major risks have been approached and the main assumptions made.
At a minimum, the Bangko Sentral expects banks to base their ICAAP on the results of the capital adequacy requirement under the Framework and additional risks, where applicable, should be assessed separately.
Capital transferability
Details of any restrictions that may curtail the management’s ability to transfer capital into or out of the business(es) covered, for example, contractual, commercial, regulatory or statutory restrictions that apply.
4. CURRENT AND PROJECTED FINANCIAL AND CAPITAL POSITIONS
This section would explain the current and expected changes to the business profile of the bank, the environment in which it expects to operate, its projected business plans (by appropriate lines of business), and projected financial position for, say three to five years.
The starting balance sheet and date as of which the assessment is carried out would be set out.
The projected financial position might consider both the projected capital available and projected capital resource requirements to support strategic/business initiatives. These might then provide a baseline against which adverse scenarios (please see Capital Planning below) might be compared.
Given these business plans, this section would also discuss the bank’s assessment on whether additional capital is necessary on top of that assessed to cover their existing risk exposures, as well as future planned sources of capital.
5. CAPITAL PLANNING
This section would explain how a bank would be affected by an economic recession or downswings in the business or market relevant to its activities. The Bangko Sentral is interested in how a bank would manage its business and capital so as to survive a recession/ market disruption while meeting minimum regulatory standards. The analysis would include financial projections forward for, say, three to five years based on business plans and solvency calculations. Likewise, a bank should disclose here the key assumptions and other factors that would have significant impact on its financial condition, in conducting scenario analyses/ stress testing.
Typical scenarios would include how an economic downturn/market disruption would affect:
i. the bank’s capital resources and future earnings; and
ii. the bank’s capital adequacy requirement under the Framework taking into account future changes in its projected balance sheet.
It would also be helpful if these projections showed separately the effects of management potential actions to change the bank’s business strategy and the implementation of contingency plans.
In addition, banks are encouraged to include an assessment of any other capital planning actions that would be necessary to enable it to continue to meet its regulatory capital requirements throughout a recession/market disruption such as new capital injections from related companies or new share issues.
Given the projected capital needs arising from an economic recession or business/market downswings, this section would also discuss the bank’s assessment on whether additional capital is necessary on top of that assessed to cover their existing risk exposures and business plans.
6. CHALLENGE AND ADOPTION OF THE ICAAP
This section would describe the extent of challenge and testing of the ICAAP. Banks should describe the review and sign- off procedures used by senior management and the board. It might also be helpful if a copy of any relevant report to senior management or the board and their response were attached.
Details of the reliance placed on any external suppliers would also be detailed here, e.g. for generating economic scenarios.
In addition, a copy of any report obtained from an external reviewer or internal audit would also be included.
7. USE OF THE ICAAP WITHIN THE BANK
This section would describe the extent to which capital management is embedded within the bank including the extent and use of scenario analysis and/or stress testing within the bank’s capital management policy, e.g., in business decisions (e.g., expansion plans) and budgets, or in allocating capital to business units, or in individual credit decision process.
Banks should include a statement of the actual operating philosophy on capital management and how this links to the ICAAP. For instance differences in risk appetite used in the ICAAP as compared to that used for business decisions might be discussed.
Lastly, it would be helpful if details on any anticipated future refinements within the bank’s ICAAP (highlighting those aspects which are work-in-progress), as well as any other information that would help the Bangko Sentral review the bank’s ICAAP could be provided.
____________________________________________________________________________
Annex B
ALTERNATIVE INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS METHODOLOGIES
This appendix outlines ICAAP methodologies which banks may adopt in lieu of that based on the minimum regulatory capital requirement under the Bangko Sentral Risk-Based Capital Adequacy Framework (the Framework). However, the choice of methodology should clearly be commensurate with banks’ ability to collect the necessary information and to calculate the necessary inputs in a reliable manner.
Structured approach – In this case, banks will need to set the internal capital requirement at a starting point of zero capital and then build on capital due to all risks (both those captured under the Framework and those that are not) and external factors. This methodology could be seen as a simple model for calculating economic capital and is not based on the minimum regulatory capital requirement. A sensitivity analysis could form the starting point. The sensitivity analysis should be based on an exceptional but plausible scenario. Risks which are not included in the sensitivity analysis should also be considered in terms of the structured approach.
Allocation-of-risk-taking approach – In this approach, banks might start with its actual capital and break it down to all its material risks. This step in the process requires quantification or at least an estimation method for various risks. The amount of capital provided for each risk category is determined by the current and envisaged amount of risk in each category, a risk buffer and their risk appetite. Banks will decide which type of risk quantification/ estimation method is suitable and sufficient for its particular use. If the allocated capital seems insufficient, either the risk has to be reduced or capital has to be raised. The allocated amounts of the capital will therefore work as a limit system, which assists and facilitates banks in balancing their risk-taking capacity and their risks.
Formal economic capital models – These are expected to be used eventually by banks that use advanced approaches in determining the minimum regulatory capital requirement, or those that have substantial derivatives and structured products transactions (i.e., those that have expanded dealer and/or user capabilities).