Internal Capital Adequacy Assessment Process (ICAAP) Template for ICAAP and BCAR

Publication type
Trust and Loan Companies
Table of contents

For Deposit-Taking Institutions using the Basel Standardized Approach to Credit Risk (DTIs), the following suggested template may be used in their Internal Capital Adequacy Assessment Process (ICAAP) submission to OSFI. While the use of this template is not mandatory, the submitted document should cover all the elements contained in the template below. Please note that OSFI expects to receive a document that has been approved by the institution’s board.

Please note that institutions must also complete an additional appendix outlining the risk assessment and quantification methodology used. In addition, please ensure that the ICAAP submitted is able to support the ICAAP data return filed through RRS.

The amount of detail in the ICAAP document will vary based on the size and complexity of the institution. Supplementary information such as policies, risk management frameworks and processes can be referred to by way of appendices.

Internal Capital Adequacy Assessment Process submission template elements
  1. Executive summary
  2. Background on ICAAP
  3. Statement of risk appetite
  4. Material risks
  5. Capital planning
  6. Stress and scenario tests
  7. Integration of ICAAP into risk management
  8. Challenge & next steps
Required appendix
  1. Institution’s risk assessment and quantification methodology

Executive summary

This summary should provide an overview of the ICAAP methodology and results such as:

  • Confirmation that the institution (on a consolidated basis) has assessed its capital as adequate given the size and complexity of its business.
  • Commentary on the most material risks faced by the institution, why the level of risk is acceptable or, if it is not, what mitigating actions are planned.
  • Summary of the main findings of the ICAAP analysis including:
    • the level and composition of internal capital the institution believes should be held, with a comparison to the regulatory capital requirement under “Pillar 1” calculation;
    • the adequacy of the institutions risk management processes;
    • whether the institution has adequate capital resources over its planning horizon; and
    • a summary of the target capital metrics ratified by the board – at a minimum, these should include Common Equity Tier 1 (CET1) Ratio, Total Capital Ratio and Leverage Ratio.
  • Summary of the financial position of the institution, its business strategy, balance sheet structure and projected profitability.
  • Description of the review, challenge and approval process of the ICAAP.

Background of Internal Capital Adequacy Assessment Process

This section should provide a high-level overview of the institution’s ICAAP, pulling together the institution’s risk management framework, business planning and capital management. The overview should cover relevant policies and systems used by the institution to identify, manage and monitor its risks according to its risk appetite.

Statement of risk appetite

This section should provide a high-level overview of the institution’s risk appetite and set out the frequency of review of the risk tolerance by management and the board.

Material risks

This section should provide a concise description of the institution’s risk identification process and outline how the institution identifies material risk areas. Key risks which should be considered as part of an ICAAP include, but not limited to:

  • Credit risk
  • Market risk
  • Operational risk
  • Structural Interest rate risk in banking book (IRRBB)
  • Concentration risk
  • Funding risk
  • Business/Strategic risk
  • Reputation risk
  • Securitization risk
  • Residual risk
  • Any other risks identified

In a separate appendix (include as Appendix A to your ICAAP submission), please provide further detail on the institution’s risk assessment and quantification methodology, including:

  • how the institution defines each of the key risks listed above as well as any other risks identified as key based on the institution’s risk profile;
  • how the institution determines the materiality of each key risk; and
  • a description of how each material risk is then quantified for capital allocation purpose, including detailed methodology to specify data, assumptions and calculations.

Appendix A should be organized consistently with the ICAAP data return and expand on the quantification methodology used for each Pillar 2 risk identified. That explanation should cover the quantification approach taken (i.e. modelled, stress test, expert judgement etc) and details how the approach was used, the quantitative results and calibration rationale for the final Pillar 2 capital level used in the institution’s capital target.

At a minimum, OSFI expects DTIs to provide a Pillar II capital allocation to cover IRRBB and credit concentration risk. Where the DTI does not have a material credit risk, it should ensure capital allocation is made to cover operational/reputation risk.

Capital planning

This section should include:

  • the institution’s “baseline” capital forecasts (at least quarterly, based on annual business plan);
  • a 3-year summary forecast capital position; and
  • a description of the institution’s capital planning and management process, including an outline of how ICAAP is incorporated into this process.

Stress & scenario testing

This section should provide a concise description of how the institution’s stress testing program is used to support capital adequacy assessment and management.

DTIs should develop their own scenarios so that stress tests covering all its major risks and material portfolios are reported.

For deposit-taking institutions with lending exposures, an IRRBB and a real-estate market downturn stress test are, at a minimum, generally expected.

For non-deposit-taking institutions a focus on operational risk stress test, are, at a minimum, generally expected.

All institutions are encouraged to conduct a reverse engineered scenario that challenges its viability and would cause a breach in regulatory capital adequacy ratios (CET1, total capital ratio and leverage ratio). Such tests may be useful in uncovering hidden risks and interactions among risks.

As ICAAP is, first and foremost, a key internal process in the institution’s capital management and planning, stress tests used for ICAAP should be determined by the institution as deemed appropriate. However, OSFI may, at times, request institutions to conduct standardized stress tests and report the results of these stress tests, together with their impact on ICAAP.

Integration of Internal Capital Adequacy Assessment Process into risk management

This section should:

  • summarize how ICAAP has been used by the institution and how it is embedded in the decision making process;
  • describe how ICAAP results have been integrated into risk limits setting and monitoring; and
  • describe how the ICAAP results are reported to the board.

Challenge and next steps

This section should:

  • summarize the extent of challenge and testing of the ICAAP and the control processes applied to the ICAAP calculations;
  • outline the board and senior management sign-off procedures;
  • identify the nature of any third party review of the ICAAP; and
  • identify any plans to enhance the ICAAP going forward.