Norma vigente
Texto consolidado
[1]
In view of the regulatory and supervisory changes seen in recent years, the guidelines on the Internal Capital Adequacy Assessment Process (ICAAP) at credit institutions, published by the Banco de España in June 2008 (ICAAP guidelines), have been updated.
This update seeks to adapt the ICAAP guidelines to:
a. Current European legislation, Directive 2013/36/EU (hereafter, the Directive).
b. Current Spanish legislation, Law 10/2014 of 26 June 2014 on the regulation, supervision and solvency of credit institutions, and implementing regulations, primarily Royal Decree 84/2015 of 13 February 2015.
c. The supervisory methodologies and practices set out in the Guidelines of the European Banking Authority (EBA Guidelines), primarily EBA/GL/2014/13, Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP), and EBA/GL/2016/10, Guidelines on ICAAP and ILAAP information collected for SREP purposes.[2]
Specifically, Articles 73, 86 and 74 of the Directive have been transposed into Spanish legislation, in Articles 41, 42 and 29 of Law 10/2014 on the regulation, supervision and solvency of credit institutions, implemented, in turn, in Articles 45 and 53 of Royal Decree 84/2015 and in Chapters 4 to 6 of Banco de España Circular 2/2016 on supervision and solvency (hereafter, the Circular).
The main change in these guidelines is the inclusion of a new section on the Internal Liquidity Adequacy Assessment Process (ILAAP), reflected in the name of the guidelines which become Guidelines on the Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP) at credit institutions (hereafter, ICAAP/ILAAP guidelines), and in the name of the former Internal Capital Adequacy Assessment Report, which becomes the Internal Capital and Liquidity Adequacy Assessment Report (hereafter, ICAAP/ILAAP report), to be submitted by institutions each year to the Banco de España.[3]
According to the EBA Guidelines,[4] review of ILAAP has become one of the main elements of the supervisory review and evaluation process (SREP). The reason for this greater emphasis on liquidity adequacy assessment is that, as a consequence of the recent crisis, liquidity risk has become very significant. Accordingly, it is no longer assessed within the SREP process as just one of the risks that can affect capital and is now assessed independently.
To facilitate the Banco de España’s liquidity risk review, these guidelines include various recommendations on the information to be sent by institutions on their ILAAP.
Another significant change in these guidelines is the recommendation that institutions attach to the ICAAP/ILAAP report, at annex, an internal audit report on ICAAP and ILAAP. Changes are also made to the simplified options for treatment of concentration risk and interest rate risk in the banking book (IRRBB), in keeping with European supervisory practice in this field.
Following the launch of the Single Supervisory Mechanism (SSM), the scope of the ICAAP/ILAAP guidelines has narrowed to cover only less significant credit institutions directly supervised by the Banco de España. The narrower scope has permitted greater simplification and the disappearance of certain processes included in the ICAAP guidelines that related to more sophisticated institutions.
The contents of the guidelines have been rearranged and, following the order established in EBA/GL/2016/10 (hereafter, the EBA Guidelines), section 4 of the ICAAP/ILAAP report distinguishes between three main information blocks:
i. ICAAP and ILAAP general information, subsections 2 to 7, 10 and 11.
ii. ICAAP-specific information, subsection 8.
iii. ILAAP-specific information, subsection 9.
The general information common to both processes includes three new chapters:
i. Information on the risk appetite framework.
ii. Information on stress tests.
iii. Information on risk data, aggregation and IT systems.
Moreover, given the importance of the business model and medium-term strategy within the SREP, a specific section is included on these aspects in the annual ICAAP/ILAAP report.
Lastly, it is important to note that although Spanish legislation envisages that institutions assess their liquidity, there is no obligation to include that analysis in an annual internal adequacy assessment report to be submitted to the Banco de España. However, in view of the EBA Guidelines, institutions are advised to include their internal liquidity adequacy assessment in the ICAAP/ILAAP report. For the same reason, they are advised to include their risk appetite framework in the ICAAP/ILAAP report and, at annex, an internal audit report on ICAAP and ILAAP.
2.1 Authority of the Banco de España
These guidelines have been prepared by the Banco de España under the authorisation envisaged in Article 54 of Law 10/2014, whereby it may draw up technical guidelines addressed to supervised institutions and groups, indicating the criteria, practices, methodologies or procedures considered suitable for compliance with supervisory regulations.
2.2 Purpose, material scope and entry into force
The purpose of these guidelines is to assist credit institutions in application of the internal capital and liquidity adequacy assessment processes established in Articles 73 and 86 of the Directive and implemented in Articles 41 and 42 of Law 10/2014, Articles 45 and 53 of Royal Decree 84/2015 and Rules 44 and 51 of Circular 2/2016.
Specifically, the guidelines elaborate on certain aspects of the processes used by institutions to assess quantitative aspects relating to:
a. Measuring the risks to capital to which they are exposed.
b. Estimating the own funds required to cover the risks to capital.
c. Measuring the level of liquidity.
In addition, to ensure efficient risk management, the guidelines also elaborate on qualitative aspects to be considered by institutions on the matters envisaged in Article 74 of the Directive and transcribed in Article 29 of Law 10/2014 relating to:
a. Internal corporate governance.
b. Identifying, managing, monitoring and reporting risk.
c. Internal controls.
These processes are referred to in these guidelines as ICAAP (Internal Capital Adequacy Assessment Process) and ILAAP (Internal Liquidity Adequacy Assessment Process).
These guidelines come into force on 31.12.2017, without prejudice to provisions on specific matters contained in the corresponding sections.
2.3 Subject scope
In general, these guidelines are addressed to consolidated groups of credit institutions established in Spain and considered less significant institutions for the purposes of Regulation (EU) 1024/2013, without prejudice to the provisions of paragraph 4.1, and to specialised lending institutions (SLIs) required by the Banco de España to prepare an annual internal capital adequacy assessment report, pursuant to Article 29 of Royal Decree 309/2020. [5]
ICAAP and ILAAP should be performed, taking into account both the quantitative aspects of risk measurement, that is, estimating own funds and liquidity requirements, and the qualitative aspects of risk management and control.
When performing ICAAP and ILAAP, institutions should take into account the following criteria:
– Internal adequacy assessment processes are institutions’ responsibility and should be developed by them. For this reason, although these guidelines seek to offer guidance on these processes, it is for the credit institutions themselves to determine the content, scope and depth of the assessment, applying the principle of proportionality established in the following two points:
– Internal adequacy assessment processes should be proportionate to the degree of sophistication of the activities of each institution, the importance of their risks, their risk management systems and the Pillar 1 approaches (standardised or advanced) used.
– Institutions should focus their internal adequacy assessment on organisational and control aspects and on risks that are important for them and that may have a significant impact on their present or future solvency or liquidity.
– These processes should take into consideration the possible impact of the economic cycle and other adverse short-term factors on institutions’ own funds and liquidity. This will entail building stress scenarios for the different risks.
If, as a result of these internal adequacy assessment processes, shortcomings or weaknesses are revealed, institutions will not necessarily have to increase their own funds requirements or liquidity levels, but they may also, or alternatively, have to improve their internal governance, strengthen their risk management systems or intensify their internal controls.
The internal capital adequacy assessment process (ICAAP) should be based on credit institutions’ own risk analysis (inherent risk) and on analysis of their risk management (controls). Based on these analyses, own funds requirements will be calculated that allow institutions to permanently maintain a level of capital determined as the sum of: a) legal capital requirements[6]; and b) any expectations of additional capital notified to institutions by the Banco de España.
In addition, to determine own funds requirements, institutions should consider capital planning and stress tests that are consistent with the risks inherent to their activity, the economic environment in which they operate, the risk management, control and governance systems in place, the strategic business plan and the quality of the available own funds (common equity tier 1 (CET 1) as a percentage of total capital). When determining own funds requirements, institutions should take into account the real possibilities of obtaining more own funds if this were to prove necessary.
The internal liquidity adequacy assessment process (ILAAP) should consist of analysis and management of liquidity and funding risks,[7] performed by credit institutions in order to ensure that their liquidity levels are proportionate to the nature, scale and complexity of their activities and are in keeping with applicable regulatory requirements.
The Banco de España should review and evaluate ICAAP and ILAAP as part of the SREP. Dialogue between the institution and the Banco de España on ICAAP and ILAAP will be an essential part of this process. For evaluation of these processes, the Banco de España should also take into account other relevant information at its disposal, especially information deriving from its capacity as supervisory authority.
In order to formalise the Internal Capital Adequacy Assessment Process (ICAAP) and the Internal Liquidity Adequacy Assessment Process (ILAAP), it is recommended that institutions include in their annual ICAAP report the information on ILAAP, which thus becomes the ICAAP/ILAAP report, to be submitted to the Banco de España on the stipulated date. It is also recommended that the ICAAP/ILAAP report include, at annex, an internal audit report on the consistency of the information contained in the ICAAP/ILAAP report, and on any other relevant matter in the view of internal audit.
Given the importance of this report, both for institutions and the Banco de España, it should be submitted to and approved by their management body (Board of Directors or equivalent). In the case of institutions that are members of an institutional protection scheme (IPS), the governing body of the central institution is responsible for presenting the report to the governing bodies of the other IPS members.
The ICAAP/ILAAP report should be delivered to the Banco de España in its capacity as supervisor. Given the confidential nature of the report, the Banco de España should use it exclusively in the exercise of its supervisory function, in accordance with Article 82 of Law 10/2014.
The ICAAP/ILAAP report should comprise the following sections:
1. Conclusions.
2. Business model and medium-term strategy.
3. Governance framework. Risk management and control.
4. Risk appetite framework.
5. Risk profile.
6. Stress tests.
7. Information on risk data, aggregation and IT systems.
8. Internal capital adequacy assessment (ICAAP).
9. Internal liquidity adequacy assessment (ILAAP).
10. Future action plan.
11. Other matters.
Annex 1.1 sets out the expected content of each section.
As a general rule, in the case of the larger less significant institutions, the body of the ICAAP/ILAAP report should not exceed 30 pages; for institutions with assets under €1 bn, it should not exceed 15 pages. Institutions should include at annex any additional information they deem necessary or appropriate.
Institutions should submit to the Banco de España, together with the ICAAP/ILAAP report, the ICAAP summary return (IAC01) which is the subject of Annex 1.2 hereto. In the case of consolidated groups of credit institutions, this summary return should be broken down by significant credit institution, which should be identified for such purposes in the first section of the ICAAP/ILAAP report.
The following headings 4.1 to 4.11 describe in detail the expected content of the different sections of the report. These sections should also be broken down by significant credit institution when there are important differences with respect to the group.
Institutions should, however, adapt the content of their ICAAP/ILAAP reports to their individual characteristics. The reports should contain the relevant information supporting the conclusions drawn and, where appropriate, the future action plan. In addition, in accordance with the principle of proportionality indicated in section 3, the ICAAP/ILAAP report should focus on the material risks and significant aspects for each institution.
The ICAAP/ILAAP report should be self-explanatory, it being understood that the institutions that include in the report the information indicated in these guidelines will be providing the level of detail on their ICAAP and ILAAP that the Banco de España understands to be appropriate. In order to prevent institutions from duplicating information already released, either at their own initiative or by law, the different parts of the report content, with the exception of section 1 (Conclusions) and section 10 (Future action plan), may be completed by including parts of other reports already released. This should be notified, together with reference to the relevant documents or publications, which should be updated and may be attached at annex. In any event, the information included should address the purpose and requirements of the ICAAP/ILAAP report.
4.1 Conclusions
The aim of this section of the report is to present the conclusions of the internal capital and liquidity adequacy assessment processes, which will be elaborated on in the different sections of the ICAAP/ILAAP report.
First, the scope of the ICAAP and the ILAAP (individual institution or consolidated group) should be indicated. In the case of a consolidated group of credit institutions, the institutions included in both processes should be listed at annex, noting those considered significant for the purposes of each process. If in a consolidated group of credit institutions there are major differences in any significant subsidiary institution with respect to the group as a whole, such differences should be specified in the corresponding section of the ICAAP/ILAAP report, indicating the institution where such differences are present and, where appropriate, the envisaged period within which the subsidiary institution in question will become included in the general scope of the group.
This should be followed by a brief summary of the most important aspects and the main conclusions of the ICAAP/ILAAP report on the risk profile of the institution and its internal capital and liquidity adequacy assessment.
To conclude, information should be included on any significant changes occurred recently or expected in the short term on the following aspects:
a. Business model, medium-term strategy and risk appetite framework.
b. Risk management and control framework.
c. Improvements made to the previous year’s ICAAP and ILAAP, following the experience of the previous year, internal audit recommendations and dialogue with the Banco de España.
As the ICAAP/ILAAP report contains sections that correspond to different departments within institutions, the person or, where appropriate, the department responsible for combining the different parts should be indicated.
The ICAAP/ILAAP report should specify the date of its approval by the Board of Directors or equivalent body.
4.2 Business model and medium-term strategy
A summary of the business model should be included, identifying the main lines of activity, markets, geographical areas and products that are important for the institution.
A summary of the medium-term strategic plan (at least three years) in force at the reporting date, approved by the Board of Directors or equivalent body, should be provided, together with any significant changes expected in the present business model or underlying activities. For this purpose, projections of the key financial parameters of the main business lines and markets in which the institution operates should be included.
4.3 Governance framework. Risk management and control
This section of the report should contain a summary of the qualitative aspects relating to internal governance, risk management and control and internal audit.
The content of this section should be proportionate to the size and complexity of each institution.
Given the broad scope of this section, the body of the report should include only the assessments and, where appropriate, any changes vis-à-vis the previous year’s ICAAP/ILAAP report, with the information overall included at annex. The annex should be updated every three years, or sooner if there are significant changes.
4.3.1 Organisation of the institution
The aim of this section of the report is to provide a summary of the institution’s organisation and governance policies relating to risk management and control.
The information in this section should comprise:
– Description of the institution’s organisation
Details of the governing bodies and their committees should be indicated, specifying their: (i) composition; (ii) functions and responsibilities; (iii) organisational and working rules; (iv) powers and delegations. By way of illustration, organisation charts may be included, i.e. diagrams depicting the organisation and the functional and hierarchical reporting lines and relationships between the different bodies.
– Justification of the functions and responsibilities of the Board of Directors or equivalent body relating to risk management and internal risk control
It should be specified how the institution’s Board of Directors takes responsibility for:
a. The nature and level of the risks taken.
b. The correspondence between this risk level and existing capital.
It should be stated how the institution’s Board of Directors establishes the corporate risk culture and ensures that:
a. The sophistication of risk management and measurement processes is appropriate for the institution’s risks and business.
b. The internal control systems are appropriate to ensure orderly and prudent management of the institution’s business and risks.
c. The capital targets are appropriate for the institution’s risk profile and the economic environment in which it operates.
d. The liquidity targets are appropriate.
For illustrative purposes, this section should include a summary report of the activities relating to risk management and measurement performed by the Board of Directors in the year.
– Internal governance assessment
This section should conclude with an assessment of the institution’s internal governance (activities of the Board of Directors and its committees and of the executive bodies) relating to risk management and control, indicating where appropriate any deficient aspects.
This internal governance assessment should be made in accordance with the criteria and the scale established for that purpose in the EBA’s SREP Guidelines.
4.3.2 Risk management and control
In this section the report should include:
4.3.2.1 General principles of risk management and control
The general principles of risk management should be summarised, indicating the governing body that establishes these principles and the internal policies for their application. The information channels and the frequency of presentation to the Board of Directors or equivalent body of periodic information on risk management and control should also be described.
The processes and mechanisms in place to ensure that the institution has a sound and integrated framework for management of its material risks should be described, together with, where appropriate, the functions and responsibilities of the overall risk management and control area and how it is integrated in the institution’s organisation chart.
4.3.2.2 Specific aspects of each risk
For each of the institution’s material risks, the following aspects should be indicated:
– Risk policy: limits, diversification and mitigation
The maximum exposure limits set for each risk, which should be consistent with the institution’s risk appetite and the policies in place for risk mitigation and diversification, should be reported, with indication of how these policies are applied in practice in the decision-making process.
– Organisation of the risk function, powers, responsibilities and delegations. Risk control function. Reports on the risk function
The hierarchy established for managing each material risk in its three facets (risk taking, measurement and control) should be described, along with the delegation of functions and responsibilities. The levels of management centralisation-decentralisation, the boundaries of responsibility and authorisation, and the separation of functions of the various risk management bodies should be explained.
– Management tools: measurement, admission, reporting, control and monitoring systems
A summary description should be given of the tools and procedures for management of the various materials risks, indicating the measurement or assessment methodology, the admission, internal reporting, control and monitoring systems and procedures and the IT systems used for management.
The management reports used, whether periodic or sporadic, and their addressees should be indicated, specifically identifying those addressed to the Board of Directors.
– Policy and tools for monitoring and recovery of impaired assets
For those risks for which it is appropriate, the systems and procedures in place for monitoring and recovery of impaired assets and unpaid debts should be indicated.
– Assessment of risk management and control
For each of the institution’s material risks, the policy, organisation (organisational structure, delegation of functions, activity of risk-related committees,…), measurement methodology, and management and control systems and procedures should be assessed. This assessment should be made in accordance with the criteria and the scale established for that purpose in the EBA’s SREP Guidelines.
4.3.2.3 Overall assessment of risk management and control
Based on the individual assessment of the management and relative materiality of each risk for the institution, an overall assessment should be made of the policy, organisation (suitability of the organisational structure, of the delegation of functions, of the activity of the risk-related committees,...), measurement methodologies, and risk management and control systems and procedures in place.
This assessment should be made in accordance with the criteria and the scale established for that purpose in the EBA’s SREP Guidelines.
4.3.3 Internal audit and regulatory compliance function
The organisation and reporting lines of the internal audit and regulatory compliance functions should be described.
4.3.3.1 Internal audit function
The functions assigned and resources allocated to the internal audit function should be described.
The governing body to which internal audit reports are addressed should be indicated, and the governing body responsible for verifying compliance and implementation of corrective measures proposed.
4.3.3.2 Regulatory compliance function
The functions assigned and resources allocated to the regulatory compliance function should be described.
The activities performed by the regulatory compliance function relating to compliance risks should be described, in particular, where significant, activities relating to the provision of investment services, activities provided for in anti-money laundering regulations, activities relating to the sale of financial products and activities performed to comply with the regulations on remuneration and fit and proper assessments of senior management.
The main conclusions of the reports prepared by the regulatory compliance function as a result of the work performed on the different compliance risks should be included, along with the corrective measures proposed, where appropriate, and monitoring of such measures, indicating the governing body to which the reports are addressed.
– Assessment of regulatory compliance function
This section should conclude with an assessment of the regulatory compliance function and its resources, in accordance with the criteria and the scale established for that purpose in the EBA’s SREP Guidelines.
4.4 Risk appetite framework
In this section, proportionate to the size and complexity of their business, institutions should describe their risk appetite framework (RAF), which should be consistent with their strategic objectives and should consider all their material risks, including those to their reputation vis-à-vis depositors, investors and customers.
The governance procedures whereby the institution establishes its risk appetite framework, including the functions and responsibilities of the Board of Directors or equivalent body as regards the design and implementation of the framework, how it is communicated within the organisation and its monitoring and oversight, should be described.
The risk appetite framework should include a formal risk appetite statement by the Board of Directors. In accordance with the RAS, limits should be set for each of the different material risks taken by the institution, together with the appropriate procedures to keep those maximum thresholds updated.
The risk appetite statement should be compatible with the institution’s ability to bear the various risks taken and, at the same time, to achieve its strategic objectives and fulfil its business plan. To that end, the consistency between the institution’s strategic objectives and business plan, on the one hand, and its risk appetite and capital planning, on the other, should be explained.
4.5 Risk profile
The material risks to which the institution is exposed should be identified and a summary assessment of the exposure to those risks and of the quality of the exposures (inherent risk) made. Wherever possible, the assessment should be based on quantitative data. For this purpose, exposure and risk quality indices and parameters suited to the different risks should be used.
Risks considered non-material should be listed, including, in any event, where appropriate, Pillar 1 risks, single name and sectoral credit concentration risks and interest rate risk in the banking book (IRRBB). For each of the risks listed as non-material, a brief explanation of the reasons for this classification should be given.
Institutions should use the scale established in the EBA’s SREP Guidelines to assess each of the risks identified as material: this scale goes from 1 to 4, from less to more risk.
The institution’s overall inherent risk profile should be determined, based on the significance (size) and assessment (quality) of each risk, using the EBA scale mentioned in the previous paragraph.
4.6 Stress tests
4.6.1 Stress scenarios: capital
Each year institutions should conduct, and reflect in their ICAAP/ILAAP report, a general stress test, based on macroeconomic aspects, considering a scenario of general deterioration of economic activity stemming from an adverse performance of GDP, interest rates, credit spreads, employment and house prices combined.
For the purposes of these stress tests, the EBA Guidelines and any guidelines provided by the Banco de España should be taken into account, as well as any macroeconomic forecasts furnished to this effect by the Banco de España, the ECB or the EBA.
The stress tests should have the same time horizon as that used for capital planning, i.e. three years, and should seek to estimate the possible additional capital buffer needed to continue to meet capital requirements in the stress scenario, in the manner established by the EBA or the Banco de España.
Institutions should also conduct other stress tests where relevant to them, for example, the following scenarios:
a. Specific deterioration of economic sectors in which the institution’s activity is concentrated, for which purpose variables that have a significant direct impact on the activities on which the institution’s business is based should be taken into account.
b. Situations of particular tension and volatility in the money markets and markets for other financial products.
c. Scenarios of significant stock market falls.
d. Scenarios of serious operating losses.
e. Scenarios of errors in the pricing of complex financial products.
These stress scenarios should be sufficiently intense and should consider situations that have occurred in an institution’s markets over a sufficiently long period (for example, in the last 20-30 years). They may include active management strategies to mitigate the effects of these situations.
The stress test exercises should be presented without considering active management strategies for mitigation of their effects, i.e. pre-mitigation. Where appropriate, mitigation effects should be described in this section separately.
Institutions should also conduct reverse stress testing, geared to determine the level of non-performing loans that would give rise to a breach of their capital requirements (both Pillar 1 and Pillar 2 requirements), over a 3-year horizon, assuming that the level of non-performing loans is achieved linearly over that period or using the indicators they consider most relevant for their business model. If an institution has conducted a similar stress test for the purposes of the recovery plan, that stress test may be included. The results of these stress tests should be taken into account when determining the severity of the stress scenarios for the purposes of the ICAAP.
4.6.2 Stress scenarios: liquidity
Institutions should conduct a liquidity stress test exercise in which they should estimate their survival period (time during which they are able to meet their scheduled payments) in a stress scenario in which they would be unable to adopt extraordinary measures or raise new funds. For this purpose they should follow the recommendations established by the EBA or the Banco de España.
4.7 Information on risk data, aggregation and IT systems
The risk data structure used for the purposes of the ICAAP and the ILAAP should be described in brief, together with the systems used for processing and internal reporting of both processes.
4.8 Internal capital adequacy assessment process (ICAAP)
In this section, institutions should identify, measure and aggregate their risks and should determine the capital needed to cover those risks, expressing the capital needed in terms of regulatory capital.
Institutions should also include in this section their medium-term capital planning, including in that planning the adverse macroeconomic scenario referred to in section 4.6.1 above.
Any difference in the scope of the risks envisaged in the ICAAP and in the risk appetite framework should be explained.
4.8.1. Available capital
This section should include the regulatory own funds available to the institution to cover the ICAAP capital estimates, broken down by category.
If the institution considers a different type of capital (internal capital), the differences should be explained and justified in detail.
4.8.2 Risk measurement and quantification of capital needed to cover risk
To assess credit, market and operational risks, institutions should use the approach and result obtained under Pillar 1, including where necessary the aspects of each risk not captured in Pillar 1.
For all other material risks, institutions should make the necessary estimates, which they should include in the corresponding section of this report.
In the case of single name credit concentration risk, sectoral credit concentration risk and interest rate risk in the banking book (IRRBB), institutions may use the simplified options described in these guidelines, without being required to justify their outcome. If institutions choose to make their own estimates, any differences compared with the outcome of the simplified option, which should also be calculated, should be justified.
In the case of consolidated groups of credit institutions, if for any risk there are significant differences in measurement methodologies at any significant group institution, such differences should be indicated in the corresponding section.
4.8.2.1 Credit risk
To assess capital requirements for credit risk, institutions should use Pillar 1 methodology, aggregating where appropriate any aspects of credit risk not captured in Pillar 1.
4.8.2.2 Credit concentration risk
To assess capital requirements for credit concentration risk, institutions may use the simplified approach set out below. If institutions choose to make their own estimates, any differences compared with the outcome of the simplified option, which should also be calculated, should be justified.
To estimate capital requirements for sectoral credit concentration risk in accordance with the simplified option, institutions should calculate the sectoral concentration index (SCI) of their credit portfolio and the corporate and cyclical reduction factors (corporate RF and cyclical RF, respectively), as described in Annex 2. Based on those data, institutions should apply a multiplier to their own funds requirements for credit risk under Pillar 1, as per the following formula, when the outcome is a positive figure:
Multiplier (%) = (SCI – 18) x corporate RF x cyclical RF
To calculate capital requirements for single name credit concentration risk in accordance with the simplified option, institutions should calculate the single name concentration index (SNCI) of the 1,000 borrowers to which they have the largest direct exposure using the method set out in Annex 2. If the SNCI exceeds the value of 0.1, they should multiply the Pillar 1 own funds requirements for credit risk for the borrowers included in the index by the multiplier obtained by linear interpolation of the values in the following table:
Additionally, institutions should include a list of the ten highest indirect and counterparty risks, indicating in both cases the obligor and the amount.
In addition to the result obtained, the ICAAP/ILAAP report should also include the information indicated in Annex 2.
4.8.2.3 Market risk
To assess capital requirements for market risk, institutions may use the methodology and result obtained under Pillar 1 (standardised approach or VaR models).
Institutions not subject to own funds requirements for market risk need not complete this section.
The ICAAP/ILAAP report should include, in addition to the result obtained, a specific analysis of any material aspects of this risk for the institution that are not captured in Pillar 1, and the additional capital requirements, if any.
4.8.2.4 Operational risk
To assess capital requirements for operational risk, institutions may use the methodology and result obtained under Pillar 1.
The ICAAP/ILAAP report should include, in addition to the result obtained, a specific analysis of any material aspects of this risk for the institution that are not captured in Pillar 1.
4.8.2.5 IRRBB
To assess capital needs for interest rate risk in the banking book, institutions may use the simplified option of calculating the difference between the decrease in economic value (in the most adverse of the scenarios set out in Article 68 bis(1)(a) of Law 10/2014) and the lower of the sum of the recurring income of the last three years or 15% of the institution’s Tier 1 capital.
For these purposes, recurring income should be calculated drawing on the data contained in the statement of profit or loss F2.00 in Circular 4/2004, as follows:
Recurring income = Net interest income (NII) + Dividends + Fees & Commissions – Administrative expenses – Amortisation/Depreciation.
In addition, institutions should indicate in the ICAAP/ILAAP report the impact of unfavourable movements in interest rates (in the most adverse of the scenarios considered in Article 68bis(1)(b) of Law 10/2014) on earnings one year ahead. This impact should be calculated as the sum of the impacts (sensitivities) on net interest income, the fair value of banking book portfolios measured at fair value through profit or loss or other comprehensive income, the hedge-accounting derivatives in these portfolios and other derivatives in the banking book which are not designated as accounting hedges. If this impact amounts to more than 50% of the recurring income expected for the following year, the institution should indicate the management measures planned to mitigate that impact and assess the need for additional capital for this purpose, avoiding double counting[8] of the capital allocated for economic value.
In any event, the supervisor will assess the management measures envisaged to mitigate this impact in conjunction with the institution’s estimate of the capital needed.
If the institution uses a different approach, the ICAAP/ILAAP report should contain a brief mention of the methodology used and the results obtained, which will be compared with those of the previous simplified option.
4.8.2.6 Other risks
Insofar as institutions are subject to any material risks other than those described above, they should include in this section details of such risks and of the amount of capital needed to cover them. In this paragraph, institutions are expected to explicitly assess the materiality of credit spread risk from non-trading book activities (CSRBB), providing information about the way they quantify, value and, where appropriate, allocate internal capital to the CSRBB they incur [9]
4.8.3 Aggregation of internal capital requirements and reconciliation adjustments
4.8.3.1 Aggregation of internal capital requirements for the various risks.
Institutions should calculate their total internal capital requirements by simple summation of the capital needed to cover each of their risks separately, as per the result of the individual measurements envisaged in section 4.8.2 above.
4.8.3.2 Adjustments for reconciliation between regulatory and internal capital
If institutions use an internal capital figure that is different from regulatory own funds to cover the internal capital requirements for the risks to which they are exposed, they should reconcile the internal capital figures to those used from a regulatory standpoint, in order to clarify the differences.
4.8.4 Capital planning
Institutions should plan their future capital requirements stemming from compliance with their future capital requirements under Pillar 1 and Pillar 2. To this effect, every year they should estimate the capital sources and allocations within their planning horizon, which they should define for this purpose and which may not be less than three years
To this end, and according to the institution’s strategic business plan, the following, inter alia, should be projected:
a. Capitalised profit.
b. Dividends.
c. Share issues.
d. Subordinated capital issues.
e. Capital needs deriving from (i) expected growth in activity; (ii) possible changes in the institution’s risk profile; (iii) other risks assessed in the ICAAP; (iv) one-off transactions.
In addition, institutions should indicate the degree of compliance with future regulatory requirements according to the projected capital planning.
In this section the ICAAP/ILAAP report should include:
a. Analysis of departures in the year from the previous year’s capital planning.
b. Planning horizon.
c. Summary of the planning methodology used and its outcome.
d. Description of the main assumptions used.
This section should include, for the various years in the planning horizon, the estimated amount of the main balance sheet items (including loans to the public and private sectors, private sector deposits, nonperforming loans and loan loss provisions), a representative disaggregation of risk-weighted assets, net interest income, gross income, net operating income and profit or loss before tax.
Any significant direct adjustments to equity expected within the planning horizon should also be indicated, along with any equity capital issues or retirements planned, regardless of the nature of the instruments involved (common equity tier 1, additional tier 1 or tier 2 capital).
4.9 Internal liquidity adequacy assessment process (ILAAP)
In this section institutions should indicate their liquidity management and funding framework, and specifically their funding plan and liquidity metrics. They should also describe their liquidity buffer target and collateral management, cost-benefit allocation mechanism and intraday liquidity risk management. Lastly they should describe in detail their liquidity contingency plan.
4.9.1 Liquidity management and funding framework
The governance framework for liquidity management and funding should be described briefly, including the processes, systems and tools used to identify, measure and control the corresponding risk.
4.9.2 Funding plan and liquidity metrics
Institutions should provide a summary of the latest funding plan notified to the Banco de España in the context of the forward-looking exercise on Spanish banks (FLESB), setting out the main sources of funding and the maturity structure expected in the markets and products in which the institution operates.
The policies that the institution has in place to ensure that its funding plan functions properly in respect of the following should also be indicated:
a. Maintaining its presence in the different markets and its capacity to access funding markets.
b. The risk deriving from possible concentration in its sources of funding.
Institutions should report the values of the following liquidity ratios at the date of the ICAAP/ILAAP report, and also the values of the internal targets set for the ratios (if any):
a. Liquidity coverage ratio (LCR)
b. Funding concentration ratio
c. Short-term wholesale funding ratio
d. Liquidity buffer quality ratio
e. Net stable funding ratio (NSFR)
f. Loan to deposit ratio
g. Loan to net stable funding ratio
h. Unsecured funding ratio
4.9.3 Liquidity buffer target and collateral management management
The criteria used to determine the minimum liquidity buffer ratio (LCR) should be described.
Institutions should describe the policies on:
a. Management of assets eligible as collateral in liquidity management, including principles in relation to the location and transferability of collateral.
b. Asset encumbrance, including principles for measuring and monitoring both encumbered and unencumbered assets and linking the limit and control framework regarding asset encumbrance to the institution’s (liquidity and funding) risk appetite.
c. Liquidity concentration risk in the liquidity buffer (LCR).
The minimum volume of liquid assets considered appropriate to be held over a time horizon of one year should be quantified, taking into account not only business as usual conditions but also possible adverse scenarios.
4.9.4 Cost-benefit allocation mechanism
Institutions should describe the liquidity cost allocation mechanism, if there is one in place, and its effect on the profitability of the different business areas and on the institution’s earnings.
4.9.5 Intraday liquidity risk management
Institutions should describe, where significant, the criteria and tools used to measure and monitor intraday liquidity risks, and the policy in place for escalation to the Board of Directors or equivalent body of intraday liquidity shortfalls.
Any intraday liquidity shortfalls occurring in the last year that exceeded the specific threshold defined by the institution should be indicated, together with a breakdown of the payments not made in a timely manner and a brief explanation of the causes.
4.9.6 Liquidity contingency plan
The institution’s current liquidity contingency plan should be described, including the reporting lines for design and execution of the plan, and also the strategies the institution has in place to address liquidity shortfalls in emergency situations.
4.10 Future action plan
In view of the assessments made in sections 4.3, 4.5, 4,6, 4.8 and 4.9, and in the internal audit report attached to the ICAAP/ILAAP report at annex, if the main shortcomings and weaknesses found are significant, an action plan should be drawn up to correct them and may include the following:
a. Changes to the institution’s risk profile: reduction in certain activity, application of new risk mitigation techniques, etc.
b. Improvements in governance and internal organisation, in risk management and internal control.
c. Changes to the own funds level, indicating, where appropriate, the adaptation period.
d. Improvements relating to liquidity management and control and the institution’s funding.
In any event, all aspects relating to future plans for improvement should be included in this section; they may also be cross-referenced in the relevant section.
4.11 Other matters
This section should be used to report all relevant matters that the institution considers necessary or appropriate to include in the report and that are not envisaged in any of the preceding sections.
The Banco de España should include, in its annual supervisory plans, review and assessment of the ICAAP and the ILAAP and should determine whether the institution’s level, composition and distribution of own funds, liquidity risk management, funding strategy and action plan (in the event that shortcomings have been detected) are consistent with its risk profile. The ICAAP/ILAAP report should be the basis for review of the ICAAP and the ILAAP.
ANNUAL REPORT ON THE INTERNAL CAPITAL AND LIQUIDITY ADEQUACY ASSESSMENT PROCESS AT CREDIT INSTITUTIONS (ICAAP/ILAAP REPORT)
Date: (reporting date)
1. Conclusions
- Institution.
- Scope. In the case of consolidated groups of credit institutions, the credit institutions included in the ICAAP and the ILAAP should be listed at annex, indicating those which are considered significant for the purposes of each internal adequacy assessment process. - Brief comment on the most significant aspects and the main conclusions drawn in the ICAAP/ILAAP report.
- Significant changes (made or expected) affecting:
- Risk management and control framework.
- Business models, medium-term strategy or risk appetite framework.
- Changes to the ICAAP or ILAAP compared with the previous year, following the experience of the previous year, internal audit reports and dialogue with the Banco de España.
- Department in charge of preparing the ICAAP/ILAAP report.
- Date of approval of the ICAAP/ILAAP report by the Board of Directors or equivalent body.
2. Business model and medium-term strategy
- Identify main lines of activity, markets, geographical areas and products that are important for the institution.
- Medium-term strategic plan (at least three years) and, where appropriate, changes expected in the business model and underlying activities.
- Projections of the key financial parameters for the main business lines and markets in which the institution operates.
3. Governance framework. Risk management and control
3.1 Organisation of the institution
- Describe the organisation of the institution.
- Substantiate the development of the functions and responsibilities of the Board of Directors or equivalent body relating to risk management and internal risk control.
- Assess internal governance.
3.2 Risk management and control
- General principles of risk management and control.
- Describe the information channels and the frequency of presentation to the management body of periodic information on risk management and control.
- Describe the processes and mechanisms in place to ensure that the institution has a sound and integrated framework for management of its material risks.
- For each material risk the institution should indicate:
- Risk policy: limits, diversification and mitigation.
- Organisation of the risk function, powers, responsibilities and delegations. Risk control function. Report of the risk function.
- Management tools: measurement, admission, reporting, control and monitoring systems. - Policy and tools for monitoring and recovery of impaired assets, where appropriate.
- Assessment of risk management and control.
- Overall assessment of risk management and control.
3.3 Internal audit of risk and regulatory compliance
- Internal audit function: functions assigned, resources, governing body to which the reports are addressed and body responsible for verifying compliance and implementation of corrective measures proposed.
- Regulatory compliance function: functions assigned, resources, details of actions taken, main conclusions of the reports of the regulatory compliance function and assessment of the regulatory compliance function.
4. Risk appetite framework
- Regarding the design and implementation of the risk appetite framework, how it is communicated and its monitoring and oversight: describe the governance procedures, including the functions and responsibilities of the Board of Directors or equivalent body. - Formal risk appetite statement by the Board of Directors or equivalent body.
- Identify the material risks to which the institution is or could be exposed, the risk limits for each material risk and the procedures in place to keep the maximum thresholds updated.
- Explain the correspondence between the institution’s strategic objectives and business plan, on the one hand, and its risk appetite framework and capital planning, on the other.
5. Risk profile
- Identify the material risks to which the institution is exposed and make a brief assessment of the exposure to those risks and the quality of the exposures.
- List the risks considered non-material, including a brief explanation of the reasons for their being deemed non-material.
- Analysis and assessment of the institution’s overall risk profile.
6. Stress tests
6.1 Stress scenarios: capital
- Describe the general stress test conducted each year by the institution.
- Describe, where appropriate, any other stress tests conducted by the institution.
- Describe the reverse stress test conducted, geared to determine the level of nonperforming loans that would give rise to a breach of capital requirements.
- Refer, where appropriate, to any similar stress test conducted for the purposes of the recovery plan.
6.2 Stress scenarios: liquidity
- Describe the liquidity stress test conducted by the institution, in which it should estimate its survival period in a stress scenario in which it would be unable to adopt extraordinary measures or raise new funds.
7. Information on risk data, aggregation and IT systems
- Describe the risk data structure used for the purposes of the ICAAP and the ILAAP and the systems used for processing and internal reporting of both processes.
8. Internal capital adequacy assessment process (ICAAP)
8.1 Available capital
-Include the regulatory own funds available to the institution to cover the ICAAP capital estimates, broken down by category.
- Explain, where appropriate, the reasons for the differences compared with the type of capital used by the institution (internal capital).
8.2 Risk measurement and quantification of capital needed to cover risk
- Use the approach and result obtained under Pillar 1 to assess credit, market and operational risks. Include where necessary aspects of each risk not captured in Pillar 1.
- For all other material risks make the necessary estimates, which should be detailed in the corresponding sections of the report.
- For single name credit concentration risk, sectoral credit concentration risk and interest rate risk in the banking book (IRRBB), institutions may use the simplified options described in the guidelines. If they choose not to do so, they should justify any differences compared with the outcome of the simplified option.
- Include, in the case of consolidated groups, significant differences in measurement methodologies, if any, at any group institution.
8.2.1 Credit risk
- Results of calculation of internal capital estimates for credit risk.
8.2.2 Concentration risk
- Results of calculation of internal capital estimates for concentration risk.
8.2.3 Market risk
- Results of calculation of internal capital estimates for market risk.
8.2.4 Operational risk
- Results of calculation of internal capital estimates for operational risk.
8.2.5 IRRBB
- Results of calculation of internal capital estimates for interest rate risk in the banking book.
8.2.6 Other risks
- Results of calculation of internal capital estimates for other risks.
8.3 Aggregation of internal capital requirements for the various risks and reconciliation adjustments between internal and regulatory capital
- Calculate total capital requirements by summation of the capital needed to cover each risk separately (as per the individual measurements in section 4.8.2).
- Reconcile internal and regulatory capital figures, in the case of institutions that use different internal capital figures.
8.4 Capital planning
- Include future capital requirements stemming from compliance with future capital requirements under Pillar 1 and Pillar 2. Estimate each year the capital sources and allocations within the planning horizon, which may not be less than three years.
- Indicate the level of cover of future regulatory requirements according to projected capital planning.
- Explain the institution’s contingency plans.
- Include analysis of any departures from the previous year’s capital planning, the planning horizon, a summary of the methodology used and its outcome, and a description of the main assumptions used.
- Reflect for each year the estimated amount of the main balance sheet items, a representative disaggregation of risk-weighted assets, net interest income, gross income and net operating income, and profit or loss before tax.
- Reflect any significant direct adjustments to equity and any equity capital issues and retirements planned.
9. Measurement of liquidity requirements
9.1 Liquidity management and funding framework
- Explain briefly the governance framework for liquidity management and funding, including the processes, systems and tools used to identify, measure and control the risks.
9.2 Funding plan and liquidity metrics
- Summarise the latest funding plan notified to the Banco de España, setting out the main sources of funding and the maturity structure expected in the markets and products in which the institution operates.
- Indicate the policies that the institution has in place to ensure that its funding plan functions properly, in respect of maintaining its capacity to access different markets and its market presence, and the risk deriving from concentration in sources of funding.
- Report the values of the liquidity ratios envisaged in the corresponding section of the guidelines.
9.3 Liquidity buffer target and collateral management
- Describe the criteria used to determine the minimum liquidity buffer ratio (LCR).
- Describe the policies on collateral management, encumbered assets and liquidity concentration risk in the liquidity buffer.
- Quantify the minimum volume of liquid assets considered appropriate to be held over a time horizon of one year, taking into account business as usual conditions and adverse scenarios.
9.4 Cost-benefit allocation mechanism
- Describe, where appropriate, the liquidity cost allocation mechanism and its effect on the profitability of the different business areas and on earnings.
9.5 Intraday liquidity risk management
- Describe, where significant, the criteria and tools used to measure and monitor intraday liquidity risks and the policy in place for escalation to the management body of intraday liquidity shortfalls.
- Describe any intraday liquidity shortfalls occurring in the last year that exceeded the threshold defined by the institution and payments not made in a timely manner, with an explanation of the causes.
9.6 Liquidity contingency plan
- Describe the liquidity contingency plan in place, including the reporting lines for design and execution of the plan and the strategies in place to address liquidity shortfalls in emergency situations.
10. Future action plan
- Summarise the main shortcomings and weaknesses detected. If they are significant, draw up an action plan to correct them, including:
- Changes to the institution’s risk profile.
- Improvements in governance and internal organisation and in risk management and internal control.
- Changes to the own funds level, indicating, where appropriate, the adaptation period.
- Improvements relating to liquidity management and control and the institution’s funding.
- Include future changes planned or changes under way in risk, capital and liquidity management.
- Describe any other aspects relating to future plans for improvement.
11. Other matters
- Include other relevant matters not envisaged in the preceding sections.
CRITERIA FOR COMPLETING RETURN IAC01 SUMMARY OF INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)
GENERAL CRITERIA
These criteria relate to the preparation of Return IAC01 in accordance with the guidelines on the internal capital adequacy and liquidity assessment process, which in turn set forth the criteria to be taken into account by institutions in preparing the capital and liquidity report.
Monetary amounts will be expressed in thousands of euro and ratios as percentages to two decimal places (x.xx%). Cells shaded in grey are not to be filled in.
In accordance with Rules 2 and 44 of Banco de España Circular CBE 2/2016 of 2 February 2016 on supervision and solvency (hereafter “the Circular”), this return must be prepared by consolidated groups and sub-groups of credit institutions and by individual credit institutions set up in Spain, whether or not they form part of a consolidated group.
Consolidated groups of credit institutions will take into account the need to submit, in addition to consolidated Return IAC01, the summary ICAAP return[10] broken down by banking subsidiary (or subgroup). This will be construed without prejudice to the power of the Banco de España to request this breakdown with respect to other significant subsidiaries when necessary for proper valuation of the capital adequacy assessment process adopted by the group.
SPECIFIC CRITERIA FOR RETURN IAC01 SUMMARY OF INTERNAL CAPITAL ADEQUACY ASSESSMENT PROCESS (ICAAP)
A. GENERAL DESCRIPTION
Return IAC01 includes information on the capital adequacy assessment process according to the criteria established by the Banco de España in the ICAAP/ILAAP guidelines and to Rule 44 of Circular 2/2016, which transposes Article 73 of Directive 2013/36/EU and implements Articles 41 of Law 10/2014 and 45 of Royal Decree 84/2015. This process should enable institutions to assess and maintain on an ongoing basis the amounts, types and distribution of the own funds they consider necessary to cover all risks, depending on their nature and level, to which they are or may be exposed.
For the purpose of this return, own funds comprise those listed in Article 72 of Implementing Regulation (EU) No 575/2013 and detailed in Chapters 1 to 4 of Part Two, Title I of said Regulation.
RETURN IAC01 consists of two pages. Page one sets out the institution’s regulatory capital (as percentage and absolute amount), the regulatory own funds requirement and the internal capital requirement according to the institution’s estimates. Page two consists of three sections devoted to: (i) ordinary planning, (ii) own funds under stress scenarios and (iii) alternative sources of capital.
Page one of this return has five columns: the first sets out, as a ratio, the institution’s total capital available, including a breakdown into total capital, total tier 1 capital and common equity tier 1; the second and third columns give the amounts (at the reporting date) of own funds and of the own funds requirements for credit, market and operational risk; and, finally, the fourth and fifth columns show the capital requirement for the main risks according to the institution’s own calculations (column 5) using the methodology indicated in the option column (column 4).
As regards the rows, they are divided into three sections: one relating to the percentage of capital available, another to own funds at the reporting date and the third to quantification of the capital needed to cover the risks faced by the institution, including the adjustments made to reconcile the regulatory capital to the internal capital in those cases in which institutions use their own methodologies to calculate their capital requirements. The content of the rows in this last section will depend on the method used by the institution to determine the own funds for the various risks.
The second page is as follows. Each of the first two sections, devoted to ordinary planning and stressscenario planning, consists of three sets of columns. There is one set for each of the three years for which projections of future capital requirements are made. Each of these sets in turn contains three columns: one for the total and tier 1 (total and CET1) capital ratio the institution hopes to have at the end of each of those three years, another for the estimated own funds requirement for all risks (Pillar 1 and Pillar 2) and the third for estimated total and tier 1 (total and CET1) capital. The section relating to stress-scenario planning sets out the various scenarios considered by the institution. The third and last section, which relates to alternative sources of capital, consists of four columns setting out the amount of other possible sources of capital at the reporting date and at the end of each of the three projection years. The various sources considered by the institution in its planning should be listed.
B. PAGE ONE
The columns are as follows:
1. PERCENTAGE: See Section 4.8.1 of these guidelines. The information of this column, relating to the institution’s capital available, should be expressed as a percentage in the form of a total solvency ratio, tier 1 capital ratio and common equity tier 1 capital ratio.
2. AMOUNT: Contains the amounts of available own funds reported in rows 1 Own funds, 1.1 Tier 1 capital, 1.1.1 Common equity tier 1 capital, and 1.2 Tier 2 capital per Template C.01.00 at the reporting date.
3. REGULATORY OWN FUNDS REQUIREMENT: This column states the amount of the capital requirements for the risks referred to in Article 92.3 of Implementing Regulation (EU) No 575/2013. Therefore, the figures stated here will necessarily coincide with the amounts in Return C.02.00 multiplied by 8% for those risks.
4. ICAAP – OPTION: This column, along with column 5 (“capital requirement”), summarises the figures of the internal capital adequacy assessment process carried out by the institution. It should be completed by entering the following numerical codes denoting the method chosen from those proposed in the guidelines:
If the institution uses its own methodology in the ICAAP for some portfolios but not for all of them, option 2 should be entered in column 4.
In the case of credit, market and operational risk, the reference to the option chosen for ICAAP will be included on the line used to reflect the regulatory own funds requirement. That is to say, if, for example, the institution has entered €200,000,000 in row 3.1.1 relating to the standardised approach, but in its internal capital adequacy assessment process it used a methodology similar to that required for advanced approaches (whether or not approved by the Banco de España), this amount will be included in the same row, entering a 2 in the “option” column, as established in the following table:
5. ICAAP – CAPITAL REQUIREMENT: This column will include the capital requirements estimated by the institution in the framework of its internal capital adequacy assessment process to cover the risks indicated in the related rows.
THE ROWS ARE AS FOLLOWS:
6. CAPITAL RATIOS OF THE INSTITUTION: See also the explanations of the column “percentage” in point 1 above.
6.1. TOTAL CAPITAL RATIO: This ratio will be determined in a way consistent with the procedure used in row 5 “Total capital ratio per Template C.03.00”, and, accordingly, will be calculated as the quotient of the institution’s own funds and the amounts of risk exposure.
6.2. TIER 1 CAPITAL RATIO: This ratio will coincide with that reported in row 3 “Tier 1 capital ratio per Template C.03.00”.
6.3. COMMON EQUITY TIER 1 CAPITAL RATIO (CET 1): The ratio reported here will be that given in row 1 “Common equity tier 1 capital ratio per Template C.03.00”.
7. OWN FUNDS: The figures are the amounts of own funds per Template C.01.00, specifically:
7.1. COMMON EQUITY TIER 1 CAPITAL: Amount stated in row 1.1.1 of Template C.01.00.
7.2. ADDITIONAL TIER 1 CAPITAL: Amount stated in row 1.1.2 of Template C.01.00.
7.3. TIER 2 CAPITAL: Amount stated in row 1.2 of Template C.01.00.
8. QUANTIFICATION OF CAPITAL REQUIREMENT: Sum of the capital needed for the following risks:
8.1. CREDIT RISK: See Section 4.8.2.1 of these ICAAP guidelines. It is the sum of rows 3.1.1 (standardised approach), 3.1.2 (basic IRB approach) and 3.1.3 (advanced IRB approach). In column 3, institutions will state the amounts reflected, respectively, in rows 1.1.1, 1.1.2.1 and 1.1.2.2 plus those in rows 1.1.2.3, 1.1.2.4, 1.1.2.5 and 1.6 of Template C.02.00, all multiplied by 8%.
In Section 3.1.3 “Advanced IRB approach” of Return IAC01, the sum of the captions “Simple riskweighted approach”, “PD/LGD approach” and “Internal models approach” is equal to row 1.1.2.3 “Equity exposures under the IRB approach” of Template C.02.00. Column 4 will list, where applicable, the options chosen for carrying out the ICAAP (see ICAAP – OPTION above); and Column 5 will show the capital requirement under the option. Institutions which use simultaneously the standardised approach, basic IRB approach and/or advanced IRB approach and thus enter in Template C.02.00 risk exposure amounts in more than one of the rows 1.1.1, 1.1.2.1 and 1.1.2.2 will distinguish between the related portfolios also in Return IAC01, for which purpose they will use rows 3.1.1, 3.1.2 and 3.1.3.
8.2. MARKET RISK: See Section 4.8.2.3 of these ICAAP guidelines. The amount of this row will be equal to that reported in row 1.3 of Template C.02.00 multiplied by 8% and is the sum of rows 3.2.1 (standardised approach) and 3.2.2 (VaR approach). In column 3, institutions will enter the amounts reflected, respectively, in rows 1.2, 1.3.1 and 1.3.2 of Template C.02.00 multiplied by 8%; in column 4, the option chosen for carrying out the ICAAP (see ICAAP – OPTION above); and in column 5 the capital requirement under that option.
8.3. OPERATIONAL RISK: See Section 4.8.2.4 of these ICAAP guidelines. The amount of this row will be equal to that reported in row 1.4 of Template C.02.00 multiplied by 8% and is the sum of rows 3.3.1 (basic indicator approach), 3.3.2 (standardised approach) and 3.3.3 (advanced approaches). In column 3, institutions will enter the amounts reflected, respectively, in rows 1.4.1, 1.4.2 and 1.4.3 of Template C.02.00 multiplied by 8%; column 4 will list the option chosen for carrying out the ICAAP (see ICAAP – OPTION above); and column 5 will specify the capital requirement under that option.
8.4. INTEREST RATE RISK: See Section 4.8.2.5 of these ICAAP guidelines.
8.5. CONCENTRATION RISK: See Section 4.8.2.2 and Annex 2 of these ICAAP guidelines. It is the sum of rows 3.5.1 (single name concentration), 3.5.2 (sectoral concentration) and 3.5.3 (other types of concentration). The following table gives an example of how to carry out these calculations:
Given the following portfolio:
The calculations are as follows*:
*Note: the risk ratios used in the example (sectoral ratio 0.08 and single-name ratio 0.04) are those that would result from applying the related simplified approaches for the sectoral and single name concentration, respectively.
If the simplified option were chosen, Return IAC01 would be completed as follows:
8.6. OTHER RISKS: See Section 4.8.2.6 of these ICAAP guidelines.
Column 3 states the sum of rows 1.5, 17 y 1.8 of Template C.02.00 multiplied by 8%, as described below. In column 4 institutions will enter option 1 if the simplified option of these guidelines is used for reputational and business risks; otherwise, they should enter option 2. In column 5 they will include, in addition to the requirements for other risks, the amounts of rows 1.5, 1.7 and 1.8 of Template C.02.00, unless the institution justifies in the report the use of another criterion.
9. ADJUSTMENTS TO RECONCILE INTERNAL CAPITAL TO REGULATORY CAPITAL: See Section 4.8.3.2 of these guidelines.
10. TOTAL CAPITAL REQUIREMENT: Sum of the capital requirements for the various risks considered significant for the institution, plus or minus the reconciliation adjustments included in the preceding point.
C. SECOND PAGE
1. CAPITAL PLANNING: See Section 4.8.4 of these ICAAP guidelines. Capital planning is divided into three broad sections: ordinary planning, stress scenarios and alternative sources of capital. The first two include nine columns relating to the three years which, as a minimum, have to be covered by the future
capital requirements projection (three columns per year), while the third section also contains information relating to the reporting date. The explanations about this page are given by means of a description of its columns.
2. EXPECTED PERIOD-END OWN FUNDS ACCORDING TO PLANNING: For each of the projection years included in planning, information will be reported on the capital ratio (column 1), estimated own funds requirements (column 2) and estimated own funds (column 3). The figures given will be the estimates made by the institution in its ordinary planning or “baseline scenario”. In columns 1 and 3, these estimates will refer to total own funds, common equity tier 1 capital and total tier 1 capital. In column 2, the estimates will refer to total own funds. If the projections are fulfilled, the figures entered in the row “1. Estimated period-end own funds according to planning” will be equal to those entered, respectively, in the following three years in rows 5 of Template C.03.00 (Capital ratio), 6 of Template IAC01 (Total capital requirement) and 1 of Template C.01.00 (Own funds).
The related ratios are calculated as follows:
Ratio = (Estimated own funds × 8%)/ (Estimated own funds requirements).
If the institution considers in its planning the issuance of shares, subordinated capital, etc. (see second paragraph of Section 4.8.4 of these ICAAP guidelines), these sources will not be listed in the section relating to alternative sources of capital.
3. CAPITAL UNDER STRESS SCENARIOS: See Section 4.6 of these guidelines. The columns of this section will state, for each of the years of the planning projections, the common equity tier 1 capital ratio, the total own funds requirement and the common equity tier 1 capital ratio (CET1) estimated for the various stress scenarios which the institution sees fit to analyse. The outcome of the various stress scenarios should be stated on a gross basis, i.e. the effect of management actions undertaken or alternative sources of capital issued to mitigate the impact of the stress should not be included.
4. TOTAL ALTERNATIVE SOURCES OF CAPITAL:
Each source considered by the institution as useful under a stress situation will be entered in a separate row. Only the alternative capital sources that increase own funds shall be shown here. Information on those other sources that reduce the own funds requirements should be given in the “Capital Planning” section of the capital report.
In order to calculate sectoral and single nameconcentration indices, all of the institution’s direct risk exposures in the EU (including discounted trade bills, credit, loans, fixed-income securities, equity securities, undrawn amounts, off-balance-sheet items and guarantees provided by means of CDSs – applying a 100% credit conversion factor – and any other form of financial support) should be considered, irrespective of the portfolio in which they are recorded (held for trading, available for sale or held to maturity). For these purposes, none of the following should be included: risk exposures to general government or to deposit institutions, securitised assets treated as such for the purposes of own funds calculations or exposures associated with other derivatives.
The balances to be considered should be gross of any risk mitigation factor (guarantees received, deposits pledged, etc.). In the case of sectoral concentration they should be net of provisions and coverage mechanisms under asset protection schemes, whereas in the case of single name concentration they should be gross of both these concepts.
Sectoral concentration:
The institution’s direct exposure, excluding exposures to individuals (except for those derived from business activities), should be grouped, according to the above criteria, in the 12 economic sectors listed in the table below, based on the 2009 CNAE (Spanish National Economic Activity Classification) codes and sections of the borrowers, as follows:
1) Real estate activities (BRC): F, C2892 and L.
2) Basic materials (MAT): B081, B0729, C23, C251, B071, B0891, B0893, B0899, B0990, C2012 to C2014, C2016, C2017, C203, C205 and C206.
3) Non-banking financial services (FNB): K65, K6499 and K66.
4) Processing and manufacturing industries (IND): C301 to C304, C283, C24, C284, C252 to C257, C259, C27, C281, C282, C2891, C2893 to C2896, C2899, C29, C309, C31, C32, C17, C18, C16, C22 and C13 to C15.
5) Consumer discretionary (CNB): G466 to G467, G45, I, J581, J5821, J59, J60, J639, R, P, G4622, G4624, G4641 to G4643, G4647 to G4649, G465, G469, G4612 to G4616, G4618, G4619, G474 to G476, G4771, G4772, G4776 to G4779, G4782, G4789, G4791, G4799, G4719, N79, N772, S95 and S96.
6) Telecommunication and IT services (CIT): C26, J5829, J631, J62 and J61.
7) Transportation and logistics (TRL): H52, H49 to H51 and H53.
8) Business and professional services (SCP): M71 to M74, M70, M69, N771, N773, N774, C33, N78, N80 to N82, E37 to E39 and S94.
9) Staple products (PPN): C2015, C202, A, G4621, G4623, G4611, C10 to C12, C204, G4644 to G4646, G463, G4617, G4711, G472, G4773 to G4775 and G4781.
10) Public utility supplies (SUP): B0620, C2011, D and E36.
11) Health and health care (SAL): C21, M75 and Q.
12) Fossil fuels (ENE): B0910, B0721, B05, B061, B0892, C19 and G473.
Exposures to borrowers whose activity is Financial leasing (CNAE K6491) should be assigned to BRC if the activity relates mainly to real estate and to FNB if it relates mainly to other assets.
Exposures to borrowers whose activity belongs to Other credit granting (CNAE K6492) should be assigned to BRC if the activity relates mainly to mortgages and otherwise to FNB.
Exposures to borrowers whose activity falls under Collective investment schemes, funds and similar financial entities (CNAE K643) and under Holding companies (CNAE K642) should be distributed according to the activity of their underlying assets and investees. In this respect, exposures to undertakings for collective investments in transferable securities (UCITS), non-mortgage securitisation SPVs and other investment vehicles (including holding companies) should be included in the group that predominates among their underlying assets (group of investees) if that group amounts to more than 80% of the total. If this is not the case, exposures should be distributed proportionally according to their content (the lookthrough approach). Exposures that cannot be assigned in this manner should be distributed proportionally according to the weight of each of the 12 groups before such exposures are included.
Lastly, any residual exposures that cannot be assigned on a sectoral basis should also be distributed proportionally as indicated above.
The following formula should be used to calculate the sectoral concentration index:
ICS= ∑x2/(∑x)2 x 100
where x is the value of the investment in each sectoral group.
A reduction factor should be obtained, relating to exposures to corporates as a proportion of the institution’s total exposures. This corporate reduction factor (corporate RF) should be calculated according to the amount of the Total column in row 4 “Non-financial corporations and sole proprietors” in return C.22-2 (S.10-2 for individual institutions) of Banco de España Circular 4/2004, as a proportion of the sum of rows 1 to 5 of that column. The corporate RF will have a value of 1 if the ratio obtained by dividing the above-mentioned proportion by 35% is equal to or greater than 1, and it will be equal to that ratio if the ratio is less than 1.
In addition, a cyclical reduction factor (cyclical RF) should be calculated. This will be equal to 1 when the sectoral group with the highest risk exposure is Real estate activities (BRC).
Otherwise, the value of the cyclical RF will be obtained according to the difference between the percentage exposure of the group with the highest proportion (GHP) and that of Real estate activities (BRC), by means of linear interpolation, as in the following table:
The multiplier should only be applied to own funds requirements for credit risk corresponding to the exposures considered for calculation of the sectoral concentration index.
Single name concentration:
The institution’s direct exposure (according to the same criteria as for the calculation of the sectoral concentration index) to the 1,000 borrowers to which it has the largest exposure, irrespective of their legal form or personality, should be calculated. Borrowers that are connected, constituting an economic group or decision-making unit, should be grouped together and considered as a single exposure. The following formula should be used to calculate the single-name concentration index (SNCI):
SNCI= ∑x2 /(∑y)2 x 100
where x is the value of the total direct investment of each borrower or group belonging to the 1,000 borrowers to which the institution has the largest exposure, and the amount of the institution’s total direct exposure (considering investment overall).
If the institution has 1,000 or fewer borrowers or groups of borrowers, the above calculation should be made based on all borrowers. The multiplier should be applied to own funds requirements for credit risk corresponding to the borrowers considered for calculation of the single name concentration index (y).
The European Solvency Directive includes specific rules on the working and structure of Internal Governance at institutions. In particular, it establishes that institutions should have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks they are or might be exposed to, adequate internal control mechanisms, including sound administration and accounting procedures, and remuneration policies and practices that are consistent with and promote sound and effective risk management.
Spanish legislation includes and implements these rules.
The EBA Guidelines complete these legal provisions in terms of governance, taking into account the principle of proportionality, specifying the tasks, responsibilities and organisation of the management body, institutions’ organisation, including the need to establish transparent structures permitting supervision of all activities. In their internal governance assessment, institutions should consider the degree of compliance with these provisions.
Specifically, the Directives in force establish requirements relating to the following areas and aspects:
I. Proportionality
II. Role and composition of the management body and committees
1. Role and responsibilities of the management body
2. Management function of the management body
3. Supervisory function of the management body
4. Role of chair of the management body
5. Committees of the management body in its supervisory function
5.1 Setting up committees
5.2 Composition of committees
5.3 Committees’s processes
5.4 Role of the risk committee
5.5 Role of the audit committee
5.6 Combined committees
III. Governance framework
6. Organisational framework and structure
6.1 Organisational framework
6.2 Know-your-structure
6.3 Complex structures, non-standard or non-transparent activities
7. Organisational framework in a group context
8. Outsourcing policy
IV. Risk culture and business conduct
9. Risk culture
10. Corporate values and code of conduct
11. Conflict of interest policy at institutional level
12. Conflict of interest policy for staff
13. Internal alert procedures
14. Reporting of breaches to competent authorities
V. Internal control framework and mechanisms
15. Internal control framework
16. Implementing an internal control framework
17. Risk management framework
18. New products and significant changes
19. Internal control functions
19.1 Heads of the internal control functions
19.2 Independence of internal control functions
19.3 Combination of internal control functions
19.4 Resources of internal control functions
20. Risk management function (RMF)
20.1 RMF’s role in strategy and decisions
20.2 RMF’s role in material changes
20.3 RMF’s role in identification, measurement, assessment, management, mitigation, monitoring and reporting of risks
20.4 RMF’s role in unapproved exposures
20.5 Head of the risk management function
21. Compliance function
22. Internal audit function
VI. Business continuity management
VII. Transparency
The annex referred to in the first paragraph of section 4 of these guidelines should contain details of the scope and conclusions and the corrective measures proposed on the aspects reviewed by internal audit in the year in the risk area, including:
a. Compliance with internal risk management rules (limits, procedures,…).
b. Effective and appropriate use of risk management tools by the organisation as a whole (use test).
c. Adequacy of risk management IT systems.
d. Accuracy and sufficiency of the data used in the ICAAP/ILAAP report.
– Directive 2013/36/EU of the European Parliament and of the Council of 26 June 2013 on access to the activity of credit institutions and the prudential supervision of credit institutions and investment firms, amending Directive 2002/87/EC and repealing Directives 2006/48/EC and 2006/49/EC.
– Council Regulation (EU) No 1024/2013 of 15 October 2013 conferring specific tasks on the European Central Bank concerning policies relating to the prudential supervision of credit institutions.
– EBA Guidelines, mainly:
. EBA/GL/2014/13, published on 19 December 2014, Guidelines on common procedures and methodologies for the supervisory review and evaluation process (SREP).
. EBA/GL/2016/10, published on 3 November 2016, Guidelines on ICAAP and ILAAP information collected for SREP purposes.
. Guidelines GL 44: EBA Guidelines on Internal Governance (GL 44) of 27 September 2011, in force up to June 2018.
. EBA/GL/2017/11: EBA Guidelines on Internal Governance of 26 September 2017, to come into force in June 2018.
– Law 10/2014 of 26 June 2014 on the regulation, supervision and solvency of credit institutions.
– Royal Decree 84/2015 of 13 February 2015 implementing Law 10/2014 of 26 June 2014 on the regulation, supervision and solvency of credit institutions.
– Circular 2/2016: Banco de España Circular 2/2016 of 2 February 2016 to credit institutions on supervision and solvency, which completes the adaptation of Spanish law to Directive 2013/36/EU and to Regulation (EU) No 575/2013 (published in the Official State Gazette on 9 February 2016).
