Instructions to complete Internal Capital Adequacy Assessment Process Data Return

Information
Type of document
Instructions
Industry
Deposit-taking institutions
Return
Internal Capital Adequacy Assessment Process
Last updated
November 2023
Accompanying documents

Note

The first filings are expected by March 31, 2024, using 2023 fiscal year-end data for Small and Medium-Sized Deposit-Taking Institutions or 2024 first-quarter data for Domestic Systemically Important Banks.

Purpose

The Internal Capital Adequacy Assessment Process (ICAAP) data return standardizes the format for Deposit-Taking Institutions (DTIs) to submit their ICAAP information on a regular basis.

Reporting frequency

Domestic Systemically Important Banks (DSIBs) – The ICAAP data return must be completed on a quarterly fiscal basis (using quarter-end data) and filed within 30 days of the fiscal quarter end date through the Regulatory Reporting System (RRS).

Small and medium size banks (SMSBs) – The ICAAP data return must be completed on an annual basis (using year-end data) and filed within 90 days of the fiscal year end date through the Regulatory Reporting System (RRS). Note that OSFI may, at its discretion, direct SMSBs to submit the ICAAP data return on a more frequent basis.

General instructions

The ICAAP data return applies to all DTIs (note that this includes federally-regulated non-deposit-taking Trust and Loan Companies but excludes foreign bank branches). The ICAAP data return should be completed on a fully consolidated basis by the reporting institution.

Where values correspond to percentages, these should be reported as decimal numbers up to 2 decimal places (i.e., "10.00%”).

Comments boxes are limited to the number of characters as noted in the ICAAP data return. Any additional information should be sent to the OSFI Lead Supervisor team via email.

The ICAAP data return is divided into three worksheets: ‘1. ICAAP’, ‘2. ICAAP Comparison’, and ‘3. Climate Risk’. Details on each of the worksheets are as follows:

1. Internal Capital Adequacy Assessment Process

Pillar 1 and Pillar 2 Summary (on a CET1 and Total Capital basis)

  1. Rows #100 to #190 {Pillar 1 Risks} – For the purpose of the ICAAP data return, populate Pillar 1 figures within these rows based on Regulatory Pillar 1 capital requirements. DTIs need to ensure that the figures reported for Pillar 1 risks within Columns #20 and #30 (summed in Row #190) are equal to the figures calculated using the OSFI Target CET1 Capital Ratio and Target Total Capital Ratio percentages reported within the BCAR in DPA_1019 and DPA_1179, respectively, multiplied by the DTIs risk-weighted assets.

    Pillar 1 capital related to Credit Risk should exclude Pillar 1 Credit Valuation Adjustment (CVA) Risk, which is to be reported separately in Row #140.

    For Category III SMSBs:

    • Pillar 1 risks should be reported into Row #160 {Operational Risk} and #180 {Adjusted Total Assets} only.

    • Total Pillar 1 risk (summed in Row #190) should be equal to the figures calculated using the OSFI Target CET1 Simplified Risk-Based Capital Ratio (SRBCR) and Target Total SRBCR percentages reported within the BCAR in DPA_16014 and DPA_16016, respectively, multiplied by the Category III SMSB’s sum of Adjusted Total Assets and Operational Risk risk-weighted assets.

  2. Rows #200 to #220 {Adjustment for Pillar 1 Difference between Regulatory Capital and Economic Capital} – These rows are available for IRB banks only to allow institutions to include the adjustment for Pillar 1 differences between Regulatory Capital and Economic Capital. The result will enable the “ICAAP Requirement for Pillar 1 & 2” (Row #950) to match the total Economic Capital requirement used by IRB banks.

  3. Column #10 (Risk Categories) – The broader definitions of risk categories are provided below under Section ‘Risk definitions’.

  4. Columns #20 and #30 {ICAAP (Institution’s Assessment of Capital Required for the Risk)} – DTIs are expected to report their own assessment of Pillar 2 capital required to cover all material risks for ICAAP purposes. The Pillar 2 capital amounts reported should not include the Pillar 1 capital requirements noted above. Where applicable, allocations should be broken down by sub-risk categories.

    • At a minimum, except Category III SMSBs, OSFI expects DTIs to provide a Pillar 2 capital allocation to cover Credit Concentration Risk and IRRBB. Where the DTI does not have a material Credit Risk, it should ensure Pillar 2 capital allocations are made to cover Operational/Reputation Risk.

    • For any risk that are not applicable, the cells in the respective row should be left blank.

    • Where DTIs have identified risks that are applicable but were determined as immaterial and therefore not quantified, institutions should populate those sections with zeros and select an appropriate item in Column #40.

  5. Column #40 {Risk Quantification Methodology} – Use the drop-down selection to identify the following for each particular risk:

    M – Model quantified

    The capital allocation for the particular risk has been quantified via model methodology.

    NM – Non-model quantified

    The capital allocation for the particular risk has been quantified via non-model methodology.

    RM – Not quantified but risk managed (through stress testing, limits, or other controls) or mitigated

    No quantification has been made because the risk has been risk managed/mitigated through stress testing, limits or other controls.

    TBD – Identified as material risk but not yet quantified

    Where risk has been identified as material but has not yet been quantified for capital allocation, “TBD” should be selected from the drop-down menu.

    MUNQ – Materiality unknown and not yet quantified

    Where materiality of the risk is unknown and not yet quantified, “MUNQ” should be selected from drop-down menu.

    NMNQ – Not material and not quantified

    Where risks have been identified as applicable but determined as immaterial and therefore not quantified, DTIs should populate those rows with zeros and select “NMNQ” from the drop-down menu.

  6. Column #50 {Other Comments (If Necessary)} – Where appropriate, supplement with additional comments to provide further clarification on the risk and/or risk quantification methodology.

  7. Row #310 {Concentration Risk} – Complete this row only if the DTI is unable to breakdown concentration risk into Rows #320 to #360 (i.e., DTIs are to complete either Row #310 or Rows #320 to #360).

  8. Row #410 {IRRBB} – Complete this row only if the DTI is unable to breakdown IRRBB risk into Rows #420 to #460 (i.e., DTIs are to complete either Row #410 or Rows #420 to #460).

  9. Row #490 {Trading Market Risk (TMR)} – Complete this row only if the DTI is unable to breakdown market risk into Rows #500 to #560 (i.e., DTIs are to complete either Row #490 or Rows #500 to #560).

  10. Row #610 {Operational Risk} – Complete this row only if the DTI is unable to breakdown operational risk into Rows #620 to #650 (i.e., DTIs are to complete either Row #610 or Rows #620 to #650).

  11. Row #920 {Inter-risk Diversification Benefit} – If an inter-risk diversification benefit is considered, complete this row (i.e., inter-risk diversification benefit should not be included as part of any other risk categories) and clearly describe the rationale in Column #50. Note that OSFI’s supervisory review process will generally not take into account any inter-risks diversification benefit unless it is quantified by a rigorous model with adequate support.

  12. Row #930 {Additional Capital to Cover Stress Testing} – Where the DTI has determined that additional capital is required to cover specific stress impacts, this row should be completed.

  13. Rows #1000 to #1020 {Available Regulatory Capital} – DTIs need to ensure that the figures reported for available regulatory capital are equal to the figures reported within the BCAR in DPA_1017, DPA_1003, and DPA_1004. For Category III SMSBs, available regulatory capital should equal figures reported within the BCAR in DPA_16003, DPA_16004, and DPA_16005.

  14. Rows #1030 {Available Economic Capital} – IRB banks are expected to populate their available economic capital.

  15. Rows #1100 to #1160

    • Column #02 {Board Limit} – Indicate the Board approved capital limits as required by OSFI’s Corporate Governance Guideline. In the case of layers of limits which are all approved by the Board (Board, Management, Operating, etc.), indicate the limit that is closest to OSFI’s supervisory capital targets/regulatory minimums.

    • Column #03 {Management Limit} – Indicate the internal capital limit closest to the Board approved capital limit which does not require Board-level approval in the event of limit breach (but requires management-level approval).

      Note, TLAC ratios (Rows #1140 to #1160) are applicable to DSIBs only.

  16. Rows #1200 to #1230 {Impact from OSFI Prescribed Stress Tests} and Rows #1300 to #1310 {OSFI Prescribed Stress Tests - Probability of Default / Loss Given Default} – OSFI requests all Standardized DTIs to conduct single-factor standardized stress tests and report the capital ratio impact of such stress tests. Detailed assumptions on these stress tests will be provided by the Lead Supervisor. For Probability of Default / Loss Given Default information, use weighted-average where appropriate. Note that, unless otherwise instructed, these rows are applicable to Standardized DTIs only.

  17. Row #2000 {Additional Comments} – Additional information can be provided as necessary.

2. Internal Capital Adequacy Assessment Process comparison

This worksheet presents a period over period comparison for the DTI’s capital adequacy assessment.

  1. Column #30 {Reporting Date (Current Period)} – Total Capital data on this column will populate automatically from the ‘1. ICAAP’ worksheet. Populate Reporting Date for the current period.

  2. Column #60 {Reporting Date (Previous Period)} – Total Capital data populated in the previous ICAAP data return submission should be included in this column. Populate Reporting Date for the previous period.

  3. Column #70 {Difference (Current Period - Previous Period)} – Data in this column will populate automatically.

  4. Column #80 {Is Risk Quantification Metholodogy Changed for Current Reporting Period?} – Select “Yes” or “No” from the drop down menu to identify whether there has been a change to the Risk Quantification Methodology since the last reporting period.

  5. Column #90 {Comments on Material Differences} – Explanations should be provided for any material changes in the capital required, considering quantitative (with +/-5% difference) and qualitative factors.

3. Climate risk

Climate Risk is considered transversal in nature as they drive more traditional risks including Credit, Market, Operational, Reputational, Insurance and Legal Risk. The purpose of this worksheet is to provide a breakdown of Climate Risk already captured within the risk categories in the ICAAP data return (i.e., for Pillar 1 ‘1. ICAAP’ worksheet Rows #110 to #180; for Pillar 2 ‘1. ICAAP’ worksheet Rows #780 and #790). DTIs are to complete this worksheet on a best efforts basis.

  1. Column #110 {Total Climate Risk} – Complete this column on a best efforts basis, and where available, provide further breakdown in Columns #120 and #130.

Risk definitions

This section is intended to provide risk definitions that are commonly used in the banking industry. If DTIs define a particular risk differently, indicate it within the submission.

Credit risk

Risk category - Credit risk
Row # Risk categories Definitions

310

Concentration risk

Any single (direct and/or indirect) exposure or group of exposures with the potential to produce material losses.

Complete only if unable to breakdown in Rows #320 to #360.

320

Single name concentration

Significant credit exposures to an individual counterparty or group of related counterparties.

330

Sector concentration

Significant credit exposures to counterparties in the same economic sector.

340

Geographical concentration

Significant credit exposures to counterparties in the same geographic region.

350

Collateral concentration

Indirect credit exposures arising from a DTI’s credit risk mitigation activities, e.g., exposure to a single, or limited number of, collateral types or to credit protection provided by a single counterparty.

360

Other concentration

Any concentration-related risk that is not captured in Rows #320 to #350.

370

Other credit risk

Other credit risk that has not been included in sub-risk categories in Rows #310 to #360.
 

Market risk

Risk category - Market risk
Row # Risk categories Definitions

410

IRRBB

The impact of changes in interest rates on a DTI’s earnings, economic value, and cash flows arising from its interest-sensitive assets, liabilities, and off-balance items such as derivatives and loan commitments.

Complete only if unable to breakdown in Rows #420 to #460.

420

IRRBB – Basis risk

The impact of relative changes in interest rates for financial instruments that have similar tenors but are priced using different interest rate indices.

430

IRRBB – Automatic option risk

Risk arising from standalone instruments, such as exchange-traded and over-the-counter option contracts, or explicitly embedded within the contractual terms of an otherwise standard financial instrument (e.g., a capped rate loan) and where the holder will almost certainly exercise the option if it is in their financial interest to do so.

440

IRRBB – Behavioural option risk

Risk arising from flexibility embedded implicitly or within the terms of financial contracts, such that changes in interest rates may effect a change in the behaviour of the client (e.g., rights of a borrower to prepay a loan, with or without penalty, or the right of a depositor to withdraw their balance in search of higher yield).

450

IRRBB – Gap risk

Gap risk arises from the term structure of banking book instruments and describes the risk arising from the timing of instruments' rate changes. The extent of gap risk depends on whether changes to the term structure of interest rates occur consistently across the yield curve (parallel risk) or differentially by period (non-parallel risk).

460

Other IRRBB risk

Any IRRBB-related risk that is not captured in Rows #420 to #450.

470

Credit Spread Risk in the Banking Book (CSRBB)

CSRBB refers to any kind of asset/liability spread risk of credit-risky instruments that is not explained by IRRBB and by the expected credit/jump to default risk.

480

Structural foreign exchange risk

The risk to earnings or capital arising from fair value movement of foreign exchange rates (excluding exposure in Row #500).

490

Trading Market Risk (TMR)

The risk to earnings or capital arising from fair value movements in trading book instruments.

Complete only if unable to breakdown in Rows #500 to #560.

500

TMR – FX risk

The risk to earnings or capital arising from fair value movement of foreign exchange rates.

510

TMR – Interest rate risk

The risk to earnings or capital arising from fair value through profit and loss movement in interest rates.

520

TMR – Credit spread risk

The risk to earnings or capital arising from fair value through profit and loss movement in credit spreads.

530

TMR – Equity risk

The risk to earnings or capital arising from fair value through profit and loss movement in equity prices.

540

TMR – Commodity risk

The risk to earnings or capital arising from fair value movement in commodity prices.

550

TMR – Credit Valuation Adjustment (CVA) risk

The risk to earnings or capital arising from fair value through profit and loss movement in CVA.

560

TMR – Illiquid position risk

The risk from less liquid financial instruments in the trading book for which valuation adjustments have been taken.

570

Other market risk

Any other market risk that has not been included in sub-risk categories Rows #410 to #560. This would include risks related to one-way risk and concentrated positions.
 

Operational risk

Risk category - Operational risk
Row # Risk categories Definitions

610

Operational risk

The risk of loss resulting from inadequate or failed internal processes, peoples and systems or from external events.

Complete only if unable to breakdown in Rows #620 to #650.

620

Fraud risk

The risk to current or projected financial condition and resilience arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events.

630

Technology/cybersecurity risk

“Technology risk”, which includes “cybersecurity risk”, refers to the risk arising from the inadequacy, disruption, destruction, failure, damage from unauthorised access, modifications, or malicious use of information technology assets, people or processes that enable and support business needs, and can result in financial loss and/or reputational damage.

640

Third party risk

The risk arising from a third party failing to provide goods, business activities, functions and services, protect data or systems thereby creating an exposure to negative outcomes.

650

Other operational risk

Other operational risk (e.g., Non-model related data risk) that has not been included in sub-risk categories Rows #620 to #640.
 

Other risks

Risk category - Other risk
Row # Risk categories Definitions

710

Model risk

The risk of adverse financial (e.g., capital, losses, revenue) and reputational consequences arising from the design, development, implementation and/or use of a model. It can originate from, among other things, inappropriate specification; incorrect parameter estimates; flawed hypotheses and/or assumptions; mathematical computation errors; inaccurate, inappropriate, or incomplete data; inappropriate, improper or unintended usage; and inadequate monitoring and/or controls.

720

Reputation risk

When a FRFI acts as an advisor, arranges, or actively participates in financial transactions, it may assume insurance, market, credit, operational and/or other risks. Reputation risk often arises because of inadequate management of these other risks, whether they are associated with complex financial transactions or relatively routine operational activities. The way these activities are executed can create reputation risks that are difficult to predict and quantify.

730

Business risk

The risk of financial loss and/or impairment to viability due to an inability to adapt to changes in the competitive environment, in a timely and sustainable manner.

740

Funding risk

The potential for losses to be incurred from not having access to sources of liquidity, whether name-specific or market-wide in origin.

750

Strategic risk

The risk to earnings or capital arising from failure to achieve business objectives and strategic goals. This risk is a function of the compatibility of an organization’s strategic goals, the business strategies developed to achieve those goals, the resources deployed against these goals, and the quality of implementation. The resources needed to carry out business strategies are both tangible and intangible. They include people, communication channels, operating systems, delivery networks, and managerial capacities and capabilities.

760

Geopolitical risk

The risk associated with wars, terrorist acts, and tensions between states that affect the normal and peaceful course of international relations. Geopolitical risk captures both the risk that these events materialize, and the new risks associated with an escalation of existing event.

770

Insurance risk

The risk of loss arising from the obligation to pay out benefits and expenses on insurance policies and annuities in excess of expected amounts.

780

Climate risk – Transition

The financial risks related to the process of adjustment towards a low-greenhouse gas (GHG) economy. These risks can emerge from current or future government policies, legislation, and regulation to limit GHG emissions, as well as technological advancements, and changes in market and customer sentiment towards a low-GHG economy. Transition risk may include additional impacts from the interaction between transition risk and physical risk. E.g., the increased frequency and severity of physical risk may create additional pressure on policymakers to take mitigating actions, resulting in increased probability that transition risk could manifest alongside physical risk.

790

Climate risk – Physical

The financial risks from the increasing severity and frequency of extreme climate change-related weather events (i.e., acute physical risks); longer-term gradual shifts of the climate (i.e., chronic physical risks); and indirect effects of climate change such as public health implications (e.g., morbidity and mortality impacts). Physical risk may include additional impacts from the interaction between transition risk and physical risk. E.g., a delayed climate policy response associated with transition risk may aggravate physical risk.

800

Residual risk

Risk that remains after applying risk mitigation measures or controls to address specific risks.

810

Securitization risk

Where securitization activities (e.g., securitization of own-assets for risk transfer and/or funding; provision of backstop credit facilities to third-party conduits) are material, a DTI’s ICAAP needs to consider the risks arising from originating, structuring, distributing and/or investing in such assets, including risks that are fully captured in minimum regulatory capital requirements. These may include, for example, reputational risk and the provision of non- contractual or implicit support to securitization vehicles.

820

Fixed asset risk

The potential for losses that could arise from the ownership or use of physical assets. Assess and manage their exposure to property and equipment risks as part of their overall risk management.

830

Pension risk

The risk to a DTI’s earnings and financial health that arises from the underfunding of a pension plan from all causes (i.e. longevity, investment return, change in benefits, and etc.).

840

Sovereign risk

 Risk faced by the DTIs arising from the creditworthiness and stability of a sovereign government or its ability to meet its financial obligations.

850

Culture and behavioural risk

The impact of culture and behaviours on sound decision-making, prudent risk-taking and effective risk management.

‘Culture’ refers to the commonly held values, mindsets, beliefs, and assumptions that guide both what is important and how people should behave in an organization. ‘Behavioural patterns’ are also known as ‘behavioural norms’ and refers to behaviours that are common or typical across a group of people. ‘Behaviour risks’ refers to behavioural patterns that are misaligned to the expected behaviours and the desired culture of the FRFI and/or increase financial and non-financial risks.

860

Cross border lending risk

DTIs that engage in cross border lending are subject to increased risk including country risk, concentration risk, foreign currency risk (market risk) as well as regulatory, legal, compliance and operational risks, all of which should be reflected in the ICAAP. Laws and regulators’ actions in foreign jurisdictions could make it much more difficult to realize on assets and security in the event of a default. Where regulatory, legal and compliance risks associated with concentrations in cross border lending are not considered elsewhere in a DTI’s risk assessment process; additional capital may be required for this type of lending in a DTI's ICAAP.

870

Human capital risk

The risk arising from a difference between human capital needs and existing human capital. It includes various factors that impact the DTI’s ability to attract, develop, retain, and create a sustainable talent pool with the skills and competencies s to carry out its operations.

880

Legal risk

The risk arising from non-compliance with laws, regulations, and legal obligations. It includes financial harm resulting from legal and regulatory actions, penalties, fines, lawsuits, and adverse judgement against a DTI.

890

Other risks

Any other risk that has not been included in risk categories Rows #710 to #880.

900

Additional pillar 2 buffer

Discretionary buffer allocated to arrive at Total pillar 2 risk quantification.
Date modified: