Date of issuance of Guideline: 12 July 2012 The Guideline below is being re issued as Circular C026 for correct filing purposes GUIDELINES GD-IF-02 Guidelines for the Internal Capital Adequacy Assessment Process 32 Stasikratous Str, 4th Floor, P.O. 24996, 1306 Nicosia, Cyprus, Tel: 22-506600, Fax: 22-754671, e-mail: [email protected] http://cysec.gov.cy Glossary of Terms Basel II Capital Adequacy Accord published by the BIS in 2006 in Basel Switzerland BoD Board of Directors CIF Cyprus Investment Firm CySEC or the Commission Cyprus Securities and Exchange Commission Directive Directive DI144-2007-05 of 2011 of the Cyprus Securities and Exchange Commission for the Capital Requirements of Investment Firms EU Member Member State of the European Union ICAAP Internal Capital Adequacy Assessment Process ICAAP Guidelines Guidelines GD-IF-02 of 2012 of the Commission for the Internal Capital Adequacy Assessment Process ICAAP Report (or the report) The result of the ICAAP presented in a report and submitted to CySEC upon request by the latter IF Investment Firm Republic The Republic of Cyprus SREP Supervisory Review and Evaluation Process SREP Guidelines Guidelines GD-IF-03 of 2012 of the Cyprus Securities and Exchange Commission for the Supervisory Review and Evaluation Process Third country Country that is not a member state of the European Union Contents 1 Introduction 1 1.1 Background 1 1.2 Summary 1 1.3 Definitions 3 1.4 Structure of the Guidelines 4 2 Pillar 2 and the ICAAP 6 2.1 The Commission’s general approach to Pillar 2 6 2.2 Principles for the implementation of the ICAAP 6 3 Principle of proportionality and levels of application of the ICAAP 9 3.1 Application of the Proportionality Principle 9 3.2 Methods of application of the ICAAP 10 3.3 Levels of Applications within Groups 11 3.4 Exceptions on the ICAAP Implementation 12 3.5 Responsibility of the CIF for the ICAAP 12 3.6 Involvement of external consultants in the ICAAP 14 4 Implementation of the ICAAP and the ICAAP Report 15 4.1 Executive Summary 16 4.2 Business Background 17 4.3 Internal Governance of the CIF 17 4.4 Risk Management Framework 19 4.5 Stress Testing 25 4.6 Calculation and allocation of Pillar 2 Capital and Capital Planning 27 4.7 Next Steps and Review of the ICAAP from the Commission 28 5 ICAAP Methodology 30 5.1 Steps in the methodology 30 5.2 Critical Success Factors for the ICAAP Implementation 31 6 ICAAP Building Blocks 33 A Appendix: Basis of Application of the ICAAP 34 B Appendix: Proposed ICAAP Report Contents 37 C Appendix: List of Specific Risks 38 D Appendix: Risk Assessment Tool 39 E Appendix: Principles of Internal Governance 41 F Appendix: Examples of Stress Testing Scenarios 46 G Appendix Pillar 2 Capital Allocation and Capital Planning 48 1 Introduction 1.1 Background In accordance with Paragraph 31, Chapter 6, Part C of Directive DI144-2007-05 of 2011 (the “Directive”) of the Cyprus Securities and Exchange Commission (“the Commission”), on the Capital Requirements of Investment Firms (“IFs”), and Section 68 of the Investment Services and Activities and Regulated Markets Law of 2007, as amended (‘the Law’), all Cyprus Investment Firms (“CIF”) shall have in place sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that they consider adequate to cover the nature and level of the risks to which they are or might be exposed. These strategies and processes shall be subject to regular internal review to ensure that they remain comprehensive and proportionate to the nature, scale and complexity of the activities of the CIF. 1.2 Summary Despite the fact that the CIF has the full responsibility of proving its compliance with the provisions of the aforementioned Directives, the Commission has prepared these guidelines to assist the CIFs in taking the necessary actions in order to comply with the provisions of the aforementioned Directives. Although these guidelines are not binding, a CIF which decides not to apply them shall, upon request, inform the Commission about the alternative procedures that it has established and applied regarding these issues. In such a case, the Commission must be satisfied with the fulfillment of the requirements of the aforementioned Directives by the alternative procedures. This guidance document addresses the distinctive components and framework for the implementation of the Internal Capital Adequacy Assessment Process (“ICAAP”) providing the guidelines on how the provisions of the Directive in terms of the ICAAP should be interpreted and applied in practice. Furthermore, this document, in conjunction with the document regarding the Supervisory Review and Evaluation Process (“SREP”), sets out the principles and methods which the Commission intends to apply for assessing the capital requirement calculations of the CIFs under its supervision. The Directive is a transposition of Directives 2006/48/EC and 2006/49/EC of the European Commission, which are based on the rules set by the Basel II Capital Accord of the Bank of International Settlements. The Basel II Capital Accord is structured on three pillars. The first pillar sets out the mechanism for calculating the minimum regulatory capital that a CIF needs to hold to cover credit risk, operational risk, and market risk. ICAAP and the SREP fall within the scope of the second 1 pillar, which aims at providing the regulatory authorities with a tool to assess the completeness and adequacy of each CIF’s capital adequacy vis-à-vis the risks that it faces. The third pillar aims to complement the other two by developing a set of disclosure requirements which allow the market participants to gauge the capital adequacy of CIFs. The present guidelines fall within the scope of Pillar 2 and are applied to all CIFs that are subject to the Directive. Pillar 2 can be described as a set of relationships between the Commission and the CIFs, the objective of which is to enhance the link between a CIF’s risk profile, its risk management and risk mitigation systems, and its capital (see diagram 1). Pillar 2 establishes a process of prudential interaction that complements and strengthens Pillar 1, by promoting an active dialogue between the Commission and CIFs such that, any inadequacies or weaknesses of the internal control framework and also other important risks, the fulfillment of which may entail threats for the CIF, are identified and managed effectively with the enforcement of regulatory measures like e.g. the support of the internal control system or additional supplementary capital, in addition to Pillar 1 minimum levels. After each CIF has designed and implemented its ICAAP, resulting in an ICAAP Report submitted to CySEC, the Commission assesses through the SREP, the entire process and accordingly imposes the appropriate measures as mentioned above (additional capital and/or additional internal controls). Risk is a significant aspect of business activities in a market economy. As risk taking constitutes a major characteristic of every CIF business, it is especially important for CIFs to address risk management issues. The necessity from a business perspective, to introduce the ICAAP, has arisen from developments in the financial markets and the limitations in the risk control environment of CIFs. Therefore, the implementation of an ICAAP is not rooted exclusively in supervisory considerations; rather it should be in the best interest of all stakeholders of a CIF. The main motive for introducing the ICAAP can therefore be seen in ensuring a viable risk position by dealing with risks in the appropriate manner. In particular, it is important to detect developments which may endanger the CIF as early as possible in order to enable the CIF to take suitable countermeasures. In this respect, introducing an ICAAP serves the interests of all the internal and external stakeholders of a CIF. This document provides the guidelines and the basic principles for the implementation of an ICAAP, since the regulatory requirements regarding internal capital adequacy calculation vary based on the type, size and service complexity of the CIF concerned. As a standardized method that is equally applicable to all CIFs cannot be provided, the Commission develops requirements for specific CIFs taking into account the principle of proportionality1. The Commission would like to note that during the development of this Guidelines document has considered principles applied by other European supervisory authorities in respect of the 1Methods and procedures used within the framework of ICAAP and SREP should be compatible to the nature, scale and complexity of the business activities of the CIF, especially when taking into account the nature and range of the investment services and activities it undertakes in terms of the said business activities (see section 3 for further information). 2 internal capital adequacy assessment process, as well as best practices and lessons learned from other European financial markets. Diagram 1: Pillar 2 1.3 Definitions The following definitions, within the scope of the Pillar II, are essential in the process of adequately comprehending the following chapters of this Guidance document: 1.3.1 ICAAP: Internal Capital Adequacy Assessment Process The ICAAP comprises of all the procedures and measures adopted by a CIF, with the purpose of ensuring the following: the appropriate identification and measurement of risks; an appropriate level of internal capital in relation to the CIFs risk profile and the application and further development of suitable risk management and internal control systems. 3 1.3.2 ICAAP Report The ICAAP Report is the document submitted to the Commission, explaining how the CIF has implemented and embedded the ICAAP (process) within its business, describing its risk profile and the extent of risk appetite that is prepared to accept as well as the capital that it considers as adequate to be held against all the risks that it is exposed to. The ICAAP Report must reflect the reality of the CIF’s ICAAP as a discipline embedded within the business and it cannot simply be a regulatory compliance exercise. 1.3.3 SREP: Supervisory Review and Evaluation Process The SREP comprises of the processes and measures applied by the Commission to ensure that CIFs have sufficient capital to support all material risks to which their business exposes them. The processes followed by the Commission in terms of the SREP include the review and evaluation of the CIF’s ICAAP, the performance of an independent assessment of the CIF’s risk profile and, if necessary, taking prudential measures and other supervisory actions. Additional information about this process can be found in the Commission’s SREP Guidelines. 1.3.4 Internal Capital Internal capital is the level of capital that each CIF, after the application of its internal risk assessment procedures, considers as adequate for the coverage of all the risks that is, or could be, exposed to. Internal capital needs can be regarded as the total capital requirement resulting from the CIF’s Pillar 1 and Pillar 2 calculations. 1.3.5 Regulatory Capital Regulatory capital can be given the following two interpretations: The minimum amount of capital that a CIF is required to hold against all risks that is, or could be, exposed to, The capital requirement that results from the SREP performed by the Commission (i.e. the total capital need required by the Commission) 1.4 Structure of the Guidelines As already stated, the purpose of this Guidance Document is to provide all CIFs with the guidelines and minimum requirements of the Commission for the design and implementation of a sound and robust ICAAP and the submission of a complete and adequate ICAAP Report. Furthermore, in conjunction with the SREP Guidelines, that have been prepared by the 4 Commission, the areas that will be the subject of review, under the supervisory review and evaluation process, are being laid out and detailed. This Document follows the structure below: Pillar 2 and the ICAAP: In this first section, the Commission highlights the importance of the ICAAP, as regards to the risk management and internal control framework of the CIFs and, additionally, outlines its input to the supervision review process, to be carried out by the Commission. The principles for the implementation of the ICAAP are also outlined, as proposed by the European Banking Authority (former Committee of European Banking Supervisors – CEBS). Principle of proportionality and levels of application of the ICAAP: The section focuses on the extent of supervisory expectations regarding the internal capital requirement calculations which highly depend on the nature, scale, complexity and systemic importance of each CIF. Additionally the methods for the application of the ICAAP are laid out (pillar 1 minimum capital approach and advanced approaches). Furthermore a detailed description of the application requirements within groups are presented (solo, sub consolidated and consolidated basis). Implementation of the ICAAP and the ICAAP Report: The practical aspects of the ICAAP implementation and its components are presented in this fourth section. Through a proposed ICAAP Report structure, the different components of the ICAAP (process) are unraveled and explained, since at the completion of the process, these will be the subject of the Commission’s review. ICAAP Implementation Process: The guidance document is completed with the presentation of the four distinct phases that the Commission would expect to see in the implementation process of the ICAAP and also the critical success factors are outlined. 5 2 Pillar 2 and the ICAAP 2.1 The Commission’s general approach to Pillar 2 As its name indicates, the ICAAP is an internal tool, which shall allow CIFs to assess their position and hold the internal capital they deem appropriate in order to cover all the risks to which they are or could be exposed to in the future. Since the ICAAP is essentially an internal process, it is not for the Commission to determine in detail the approach in which it shall be carried out or implemented within each CIF. There is no single correct methodology for assessing internal capital adequacy. ICAAP is based on the approach chosen entirely by each CIF’s management, which must be in place to justify to the Commission the validity and soundness of its approach. Consequently, the purpose of this document is to indicate to the CIFs its minimum expectations in relation to the ICAAP, since it will be the object of supervision under the SREP. The Commission would like to note that the implementation of these guidelines should follow the principle of “comply or explain” which foresees that CIFs must be able to explain to the Commission the reasons for any failure in implementing or partial implementing of a certain requirement stated in these Guidelines. 2.2 Principles for the implementation of the ICAAP As stated, the ICAAP comprises all of a CIF’s procedures and measures designed to ensure the following: the appropriate identification and measurement of risks; an appropriate level of internal capital in relation to the CIFs risk profile; and the application and further development of suitable risk management systems. The implementation of the ICAAP by every CIF should be based on the following principles2: Every CIF must have a process for assessing its capital adequacy relative to its risk profile (an ICAAP) – the Commission requires for each CIF to have an effective and sound ICAAP in place. The ICAAP is the responsibility of the CIF – each CIF is responsible for having in place an effective ICAAP based on regulatory requirements and guidelines, and for setting target levels for own funds that are consistent with its risk profile and operating environment. The 2Guidelines on the Application of the Supervisory Review Process under Pillar 2 (CP03 Revised), EBA/CEBS, January 2006 6 CIF retains full responsibility for their ICAAP regardless of the degree of outsourcing components or procedures of the ICAAP to third parties. The ICAAP’s design should be fully specified, the CIF’s capital policy should be fully documented, and the Board of Directors (“BoD”) and Senior Management should take responsibility for the ICAAP – The responsibility for initiating and designing the ICAAP rests with the BoD and the Senior Management of the CIF. The BoD should approve the design of the ICAAP and the detailed implementation is the responsibility of the Senior Management. The CIF’s ICAAP should be formally documented. The results of the ICAAP should be reported to the management and the BoD of the CIF. The ICAAP should form an integral part of the management process and decision making culture of the CIF – The ICAAP should form an integral part of the CIF’s management processes so as to enable the BoD and Senior Management of the CIF, to assess, on an ongoing basis, the risks that are inherent in their activities and material to the CIF. The ICAAP should be reviewed regularly – The ICAAP should be reviewed by the CIF as often as is deemed necessary to ensure that risks are covered adequately and that capital coverage reflects the actual risk profile of the CIF. This review should take place at least annually. The ICAAP and its review process should be subject to independent assessment by a function or person that has not been involved in the ICAAP process (e.g. the Internal Audit Function). Any changes in the CIF’s strategic focus, business plan, operating environment or other factors that materially affect assumptions or methodologies used in the ICAAP should initiate appropriate adjustments to the ICAAP. The ICAAP should be risk based – The additional capital charge for the CIF will be significantly relied on its risk profile and operating environment. All considerations and factors taken into account for the set of an internal capital target should be presented through the dialogue with the Commission and the assessment procedure for each one should be explained and documented (quantitative and qualitative approaches). The ICAAP should be comprehensive – The ICAAP should capture all the material risks to which the CIF is exposed to, albeit there is no standard categorization of risk types and definition of materiality. ICAAP should cover risks covered under Pillar 1, risks not fully captured under Pillar 1 (e.g. operational risk, concentration risk, etc.) and Pillar 2 risks (e.g. strategic risk, liquidity risk, reputation risk, etc.). The ICAAP should be forward-looking – The ICAAP should be strongly interconnected with the strategic plans of the CIF and a forward capital plan should be put in place in function with a 3 to 5 year budget. The CIF should conduct appropriate stress tests which take into account, all the material risks identified, and analyzing the impact of the test to the future capital requirements of the CIF. 7
Description: