Introduction2. This Guidance covers the evaluation criteria and methodology (referred to as a SREP) that the Regulator may use when reviewing and evaluating the IRAP and ICAAP of an Authorised Person.
The SREP in detail3. A SREP of an IRAP and an ICAAP forms an integral part of the overall supervisory approach of the Regulator. A SREP is expected to enable assessment of the effectiveness, completeness and quality of an IRAP and ICAAP in relation to the overall risk profile of the Authorised Person. It leverages from information collected and assessments carried out as part of the wider supervisory regime, including desk-based reviews, on-site risk assessments, discussions with the firm's management, and reviews completed by internal and external Auditors.4. The SREP is structured to provide consistency of treatment across Authorised Persons, taking into consideration the differences in risk profiles, business strategies and management. An essential element of the SREP is the qualitative assessment of each type of risk and its management within the overall context of the firm's internal governance.5. The Regulator's assessment of the individual risk profile of an Authorised Person will provide the context for evaluation of the firm's IRAP and/or ICAAP. The evaluation in turn will be used by the Regulator to augment its understanding of the overall risk profile of a firm. Also, in relation to a firm in Category 1, 2, 3A or 5, the Regulator might involve such a firm in a formalised discussion of risks and capital adequacy, which might lead to a requirement for additional capital.6. The SREP may be used as a regulatory tool for Authorised Persons which are required to perform an IRAP and/or ICAAP. The SREP for each Authorised Person will be proportionate in terms of the size, scale and complexity of its business and its impact on financial sector stability. The Regulator will cooperate actively with other supervisory authorities whenever an Authorised Person is part of a Group and is prudentially regulated on a consolidated basis.7. The SREP evaluation cycle will be determined in the discretion of the Regulator and be based on the risk assessment, developments in the risk profile and changes in the Authorised Person's strategy or products. The SREP is as far as possible aligned with the risk assessment process to ensure that a recent risk assessment is available for the SREP evaluation process.8. It is envisaged that the Regulator will use a range of supervisory tools of qualitative or quantitative nature to perform the SREP. The SREP is not intended as, and should not constitute, a parallel or secondary IRAP or ICAAP. Its purpose is to evaluate the quality, completeness and consistency of the IRAP or ICAAP of the Authorised Person.
Review of the IRAP and ICAAP Assessment9. Upon receipt of an IRAP or ICAAP the Regulator would normally:a. subject the data provided to an initial analysis for completeness and accuracy followed by a more detailed comparison with the relevant data held on file at the Regulator about the Authorised Person;b. determine if there are material changes compared with previous submissions;c. determine if the submitted data contains indicators of a possible material change in the firm's risk profile;d. address and discuss any information gaps or anomalies with the firm; ande. form an assessment about content and quality of the submission which will be integrated into the overall supervisory approach.
Evaluation of the IRAP and ICAAP10. The SREP evaluation of the IRAP and, where applicable, the ICAAP covers all activities of an Authorised Person and takes all relevant data collected during the supervisory process into account. The SREP evaluation process will use desk based reviews, firm visits and meetings to arrive at a final view.11. As part of the SREP, the Regulator will consider:a. the completeness of the IRAP and, where applicable, the ICAAP by ensuring that it covers all business areas, internal governance and all risk categories of the Authorised Person;b. the soundness and quality of the IRAP and, where applicable, the ICAAP process in relation to the firm's size, business complexity and risk profile;c. soundness of qualitative calibration and quantitative methodology whenever employed by the firm;d. execution of the IRAP and, where applicable, the ICAAP in terms of consistency, quality and documentation;e. adequacy of internal controls and quality assurance processes on the IRAP and, where applicable, the ICAAP; andf. adequacy of management information and whether the management had responded adequately and in a timely manner to such information.12. Based on the SREP, the Regulator will form an assessment which will be communicated to the Authorised Person and flow into the overall supervisory approach. The action required resulting from the IRAP and ICAAP will be communicated to the firm as part of a risk mitigation programme.13. In relation to an Authorised Person in Category 1, 2, 3A or 5, where the Regulator does not agree with the results of the firm's ICAAP results, the Regulator will involve the firm in a dialogue to reconcile any difference in view to arrive at a consensus estimate of the capital level required to address all risks identified either by the firm or by the Regulator in its SREP. Such an estimate will be specified by the Regulator as the Individual Capital Requirement for the firm. Where consensus is not possible the Regulator may impose an Individual Capital Requirement on a firm.