Purpose and process of the ICAAP
2. The ICAAP is an internal process of an Authorised Person which enables it to determine and maintain the amount and quality of capital that is adequate in relation to the Authorised Person's risk profile as assessed in the IRAP. Authorised Persons are encouraged to maintain capital over and above the regulatory minimum capital. The ICAAP, in conjunction with the IRAP, should be embedded in the Authorised Person's business and organisational processes and be informed by the business plan of the Authorised Person, as required by GEN 3.3.16.
3. When assessing its capital needs, an Authorised Person should take into account the impact of economic cycles, and sensitivity to other external risks and factors. For larger or more complex institutions, this may mean developing an appropriate stress testing and scenario testing framework.
4. The Regulator does not prescribe any specific approach for the ICAAP and, consequently, an Authorised Person can choose to implement an ICAAP which is proportionate to the nature, size and complexity of the business activities.
5. In completing an ICAAP, an Authorised Person should:
a. estimate the amount of capital required to absorb potential losses, if any, for the significant risks identified in the IRAP (particularly risks which lead to financial losses);
b. perform reasonable and proportionate sensitivity tests to analyse the impact of variation in the risk parameters of significant risks identified in the IRAP on the profitability and the capital position of the Authorised Person;
c. estimate, using the range and distribution of possible losses estimated from historical data, the level of capital required reasonably to cover likely losses;
d. estimate the Capital Resources required to address potential variation in the Authorised Person's Capital Requirement arising from planned growth in business levels or any significant deviation in growth from plans; and
e. document the ranges of capital required for each of the factors identified above and enable the Governing Body and the senior management to form an overall view on the amount and quality of capital which that Authorised Person should hold.
6. The Regulator does not require an Authorised Person to implement ICAAP through sophisticated models and the Regulator has no prescribed approach for developing an internal capital model for the firm's ICAAP assessment. However, an Authorised Person should be able to demonstrate:
a. the confidence levels set and whether these are linked to its corporate strategy;
b. the time horizons set for the different types of business that it undertakes;
c. the extent of historic data used and back-testing carried out;
d. that it has in place a process to verify the correctness of the model's outputs; and
e. that it has the skills and resources to operate, maintain and develop the model.
7. If an Authorised Person's internal model makes explicit or implicit assumptions in relation to correlations within or between risk types, or in relation to diversification benefits between business lines, the firm should be able to explain to the Regulator, with the support of empirical evidence, the basis of those assumptions. An Authorised Person's model should also reflect the past experience of both the firm and the sectors in which it operates.
8. The assumptions required to aggregate risks that are modelled and the confidence levels adopted should be considered by the Authorised Person's senior management. An Authorised Person should also consider whether any relevant risks, including systems and control risks, are not captured by the model.
9. An Authorised Person using an internal capital model should validate the assumptions of the model through a comprehensive stress testing programme. In particular this validation should:
a. test correlation assumptions (where risks are aggregated in this way) using combined stresses and scenario analyses;
b. use stress tests to identify the extent to which the firm's risk models omit non-linear effects, for instance the behaviour of Derivatives in Market Risk models; and
c. consider not just the effect of parallel shifts in interest rate curves, but also the effect of the curves becoming steeper or flatter.
10. Any internal assessment of capital adequacy should address diversification benefits and transferability of Capital Resources between members of the Financial Group. It should also describe the distribution of the capital required by the Financial Group across all entities, including the Authorised Person.