The four federal banking agencies published final guidance relating to supervisory review of capital adequacy (the “Supervisory Review Guidance”) meant to supplement the US Basel II Advanced Capital Adequacy Framework (the “Advanced Framework”) final rule discussed in the November 6, 2007 and November 27, 2007 issues of the Alert. The final Supervisory Review Guidance does not differ significantly from the proposal published in February, 2007, and becomes effective 30 days from its publication in the Federal Register.
The Supervisory Review Guidance includes three components: (1) comprehensive supervisory review of capital adequacy; (2) compliance with regulatory capital requirements; and (3) internal capital adequacy assessment process (“ICAAP”). The Supervisory Review Guidance makes clear that it does not supersede the US Prompt Corrective Action Rules or the otherwise applicable risk management practices. Rather, it is intended to help bank regulators intervene when necessary to protect an institution’s capital safety and soundness.
Comprehensive Supervisory Assessment. The Supervisory Review Guidance first reiterates that, consistent with historical practice, regulators expect banks to hold capital above their minimum capital requirements, commensurate with their overall risk profile. In evaluating the extent to which banks should hold excess capital, the regulators will consider the combined implications of a bank’s compliance with qualification requirements for regulatory capital standards, the bank’s ICAAP, and the bank’s own risk management and control structure. The relevant federal bank regulator has the authority to evaluate whether a bank’s capital is adequate as circumstances change, and to take action if it determines that a bank’s capital is inadequate. In response to a commentator’s suggestion, the final Supervisory Review Guidance makes clear that an increased risk profile will not necessarily result in a need for additional capital if the bank already holds capital well in excess of what its internal processes and supervisors consider adequate.
Regulatory Capital Compliance. The Supervisory Review Guidance highlights that regulators must ensure that banks are meeting the qualification requirements that the Advanced Approach imposes for the calculation of regulatory capital. Banks must demonstrate that they meet this qualification requirements not just initially, but also on an ongoing basis. If a bank fails to satisfy the ongoing standards, it would be required to develop a satisfactory plan explaining how it would return to compliance. The Supervisory Review Guidance also makes clear that banks using the Advanced Approach must satisfy the qualification requirements at the subsidiary bank level (unless the subsidiary bank is not subject to the Advanced Approach), as well as at the consolidated entity level.
ICAAP. The proposal emphasizes that, in addition to calculation of regulatory capital, a bank must calculate ICAAP, which is the bank’s assessment of its overall capital adequacy in relation to its risk profile. The Supervisory Review Guidance further details that the three main objectives of a sound ICAAP policy are to: (1) identify and measure material risks; (2) establish and assess internal adequacy goals that directly relate to that risk; and (3) ensure the integrity of the foregoing assessments on an ongoing basis. Each bank should have an ICAAP unique to its risk profile and should not just rely on assessments at the parent level. A bank also may use assumptions built into its minimum capital requirements, or economic capital models, but must ensure its ICAAP model meets the three objectives listed above and further detailed below.
Identification and Measurement of Material Risks. The Supervisory Review Guidance states that the bank must identify all material risks, including credit risk (including concentrations and exposure dependencies), market risk (including illiquid instruments, leverage and correlations), operational risk, interest rate risk (including on and off balance sheet exposures in the bank both from a short and long term perspective), liquidity risk (which remained part of ICAAP despite commentator objections), and also (if material) reputational risk, strategic risk, and country risk. If a bank uses risk mitigation techniques, it should be able to specify how each of those techniques apply to each risk. In assessing these risks, a quantitative approach should be the foundation of the bank’s framework, but qualitative methods are appropriate, particularly when risks cannot be reliably measured quantitatively. These risks should be measured across the entire bank (understanding the challenges of risk aggregation), and include the possible effects of new products, markets and activities concentration and diversification. Banks using internal or third party models should recognize the limitations on their accuracy, and in any event banks should regularly stress test their qualitative measures.
Internal Capital Adequacy Goals. The Supervisory Review Guidance provides that a bank’s goal should be to set and assess capital adequacy goals in relation to all material risks, with capital reflecting not only measured risk, but also uncertainty, such as contingent exposures and changing environments. In assessing capital adequacy, a bank should consider internal factors and assumptions, external conditions, and also ensure capital is held not with respect only to a point in time, but also over time to account for periodic changes in the bank’s direction or in the market place. The bank should clearly state how it defines “capital” for purposes of ICAAP (and how its capital components provide adequate capital), and also how the capital plan will address both short and long term capital adequacy.
Integrity. Finally, as to the third subpart, the Supervisory Review Guidance also highlights that a bank’s determination of adequate capital also must be subject to proper oversight and controls. Adequate internal controls and documentation (including designation of the bank’s overall capital management process, the committees and individuals responsible for ICAAP, the frequency and distribution of ICAAP reporting, and the procedures for periodic ICAAP evaluation) should exist to ensure transparency, objectivity, and consistency with ICAAP. The controls and documentations should be enhanced and refined over time as learning and experience warrant. The system created should be subject to validation policies and procedures. Moreover, while the primary use of an ICAAP is to provide an assessment of internal capital adequacy, management should be able to demonstrate that it uses the data in decision making. Furthermore, the Board and senior management of the bank should be involved in this process, and at least annually should review the assessment of overall capital adequacy.