LISTEN TO AUDIO VERSION:
What is the background?
The ECB has initiated a multi-year project entitled “SSM Guides on ICAAP and ILAAP for significant institutions“. It aims at a consistent definition of the ICAAP and ILAAP in the euro area as well as the harmonization of the documentation and information to be submitted by the credit institutions.
Seven key principles are described as the supervisory authority’s expectations regarding ICAAP and ILAAP:
- Responsibility of the management body: The overall responsibility for implementing the ICAAP and ILAAP rests with the management body which has to establish an adequate governance structure and make a capital adequacy statement (CAS). In particular, the supervisory authority perceives a considerable gap regarding the involvement the management body and the adequate discussion of ICAAP/ILAAP topics within the institutions.
- Definition of decision-making processes: The ECB expects the integration of ICAAP and ILAAP as integral components of the risk management and decision-making processes. In particular, the interlinking of ICAAP and capital planning as well as the granularity of information for decision-making in many institutions are regarded as inadequate by the supervisory authority.
- ICAAP/ILAAP to ensure banks’ ability to survive: This principle—a core principle from the supervisors’ point of view—requires the comprehensive analysis of scenarios for the capital and liquidity position from various perspectives (normative and economic) and over various time horizons. Especially with regard to the suitability of the scenarios and their detailed adjustment for individual institutions, the supervisory authority sees a clear need for action.
- Identification and consideration of material risks: In the risk inventory, the consideration of all material risks is demanded. The focus should be shifted to risk types that have been rather neglected in the past, such as implicit options, legal risks, conduct risks and model risks.
- Quality of internal capital: From a supervisory point of view, the internal capital has to be of a very high quality in order to actually be available for risk absorption as and when the need arises. In this context, special attention should be paid to the treatment of hidden liabilities or reserves as well as deferred taxes.
- Quantification methods: The demand for adequate, consistent and validated risk quantification methods as such is not new. However, as the supervisory authority perceives deficits both in the independent validation of the models and the review by internal auditors, in practice special importance is attached to improving validation.
- Requirement for stress testing: The design of the stress tests must be adequate with regard to the institution’s risk situation and business situation—a flexible scenario capability is highly important in this context.
Time is of the essence—the supervisory authority’s procedure makes this very clear: The systemically important banks were asked to submit their feedback on the new requirements to the ECB by May 31 of this year. The institutions are supposed to apply the new principles as early as in 2019.
What is new?
With the principles outlined above, the supervisory authority is setting new standards in the following six key areas:
(1) Emphasis on the responsibility of the management body: ICAAP and ILAAP as internal management instruments must be fully integrated into the bank’s risk governance to ensure that the management body fulfills its responsibilities. This begins with interlinking the business and risk strategy with the risk appetite framework, the integration into the management and decision-making processes and other management KPIs into the reporting landscape.
(2) Importance of ILAAP versus ICAAP: The fundamentally identical representation of the principles underlying ICAAP and ILAAP suggests that from a supervisory point of view both management areas have the same importance. Compared to already existing documents, especially the requirements for the ILAAP have been substantially extended—thus, considerably more value has been attached to the ILAAP. After entry into force, ICAAP and ILAAP will be on an equal footing (and supplement each other). Their immediate integration and implementation is the responsibility of the institutions’ top management body, which additionally underlines their significance.
(3) Focus on going concern in a multi-year view: What’s new in the ICAAP model is the explicit requirement for two perspectives—the regulatory (normative) and the economic one—as well as the clear positioning on measuring the relevant balance sheet items according to the going concern principle. From zeb’s point of view, dispensing with the gone concern principle leads to more clarity for the banks and puts the focus of measurement on ensuring that the institutions’ operations can be continued. This is closer to the supervisors’ objective of safer and more robust institutions that are able to generate profits in the long-term. In the regulatory perspective, the short-term and the medium-term horizon are given center stage. The economic perspective based on the present value approach continues to focus on a short-term horizon.
(4) Scenario orientation instead of distribution orientation for risks: Scenario analysis is gaining increasing importance in bank management. This is due to the fact that the results of scenario analyses are understandable and interpretable from the management’s perspective. In contrast to the derivation of distribution-based risk measures, such as value-at-risk measures, the derivation of scenario-based risk measures is no “black box” for a credit institution’s decision-makers and is thus more suitable for triggering genuine impulses for action. Additionally, consistent scenarios can fulfill a bracket function for a large number of other application fields in risk controlling and in overall bank management:
- The risk appetite can be derived by means of stress scenarios. From the additional burden put on the risk-bearing capacity in a stress scenario, it is possible to derive a risk buffer which will not be touched in the course of considerations regarding the allocation of risk capital.
- Capital planning in adverse scenarios can be performed in a scenario-based manner, similar to reviewing the going concern risk-bearing capacity.
- Based on the scenario analysis, additional relevant information for risk management can be derived. This includes for example information for the materiality assessments in the course of the risk inventory for specific risk types or intra-risk and inter-risk concentrations, information on the quantification of the model risks and information on the capitalization of insufficiently quantified risk types and effects in risk-bearing capacity.
- When implementing the requirements on the MaSan, critical thresholds for the capital ratios must be defined which trigger measures for recovery or resolution. These thresholds can be derived by means of dynamic simulation of these ratios taking the scenario analyses into account.
(5) New validation requirements for economic risk models: The validation process for ICAAP quantification methods should correspond to the respective standards of the internal pillar-1 models (IRBA / internal market risk model). In the capital requirement regulation (CRR), these are clearly outlined for counterparty and market risk and thus also represent the framework for the internal validation processes of pillar 2—including the requirement for functional separation of development and validation of models.
(6) Stress tests: For the current and surely also for future supervisory requirements, it will be essential that the stress test results of the ICAAP and the ILAAP should be consistent. Due to these interdependencies and feedback effects, the number of possible scenarios regarding assumptions, results and projected management decisions increases. Thus, the flexibilization requirements for the scenario models also increase.
What are the implications?
We are convinced that the new ICAAP/ILAAP will and should be implemented as currently proposed or in a similar form. In our view, ICAAP and ILAAP have the potential to become a core component of profit-oriented bank management.
SIBs will thus be facing the following challenges:
(1) Enhancement of scenario capability: Apart from the application areas outlined above relating to risk scenarios which take unexpected developments into account, scenario analyses are used in business planning and in business model analysis. The challenge for credit institutions lies in providing flexible infrastructures for scenario analysis. The abovementioned flexibility refers to various aspects:
- the range of measures to be simulated in the scenarios,
- the flexibility to take new scenarios into account and to parameterize them,
- the option to adjust or evolve simulation methods and
- the ambition to generate scenario results as quickly as possible and thus avoid excessive coordination efforts in the provision of data.
In particular, these flexibility considerations require a harmonized stress test infrastructure. The EBA stress test guidelines currently in consultation demand the implementation of the risk data aggregation requirements (RDA, BCBS #239) also for stress tests. Current projects on the implementation of the RDA requirements should therefore be extended to include stress test data and IT structures. In addition, according to the consultation paper, stress tests are supposed to be an integral part of the IT architecture—many Excel solutions commonly used today can only be regarded as prototypes or preliminary steps in the development process.
(2) Systematic integration of ICAAP/ILAAP into risk governance: The institutions’ management bodies are facing two challenges. On the one hand, they have to spend significantly more of their time on risk-related issues such as governance and frameworks. On the other hand, they have to clearly define the risk appetite framework, risk management-oriented decision-making bodies as well as a systematically integrated strategy, capital and liquidity planning process in order to fulfill the responsibility of a management body for robust governance. The basis for this are adequate and timely information and reports. From zeb’s perspective, the implementation of these requirements will have to be accompanied by further, systematic training of management bodies in these areas.
(3) Continuous process to ensure ICAAP/ILAAP compliance: For an early and valid derivation of the supervisory authority’s expectations, institutions will have to further strengthen their regulatory monitoring (identification, assessment and structuring of relevant new and existing requirements). The ICAAP and ILAAP process must be regarded as a continuous process that will regularly require process-related, organizational, methodological and IT innovations.
What requires further clarification?
Against the background of the rather brief SSM guidelines on the ICAAP and ILAAP, zeb identifies further need for clarification and detailing, especially in the following areas:
- Pillar 1+ approach: Even if the fundamental system and objective of the pillar 1+ approach are understandable in principle, mixing the approaches of pillar 1 and pillar 2 still requires explanation and should be more clearly defined against the background of a going concern perspective so that systematic disadvantages compared to the gone concern approach can be avoided.
- Treatment of hidden reserves: The requirements for the capability to take hidden reserves into account in the economic risk-bearing capacity must be specified further and/or additional guidelines must be provided.
- Ensuring harmonization / level playing field: According to the supervisory authority, the harmonization of the underlying data and the credit institutions’ requirements are a major objective of the ICAAP and ILAAP guideline. How this can be ensured in a future cross-border roll-out in the euro area is currently still unclear.
All in all, from zeb’s point of view, the implementation of the concretized ILAAP and ICAAP requirements at an early stage is to be welcomed for the reasons given above.
We especially regard the emphasis on the scenario capability as significant. In today’s environment characterized by uncertainties, the establishment of robust models to ensure scenario capability in a bank’s operations thus plays a key role which will not only be required by supervisors, but is also of special importance for strategic bank management.