Supervisory Guidance: Supervisory Review Process of Capital Adequacy (Pillar 2) Related to the Implementation of the Basel II Advanced Capital Framework, 44620-44628 [E8-17555]

Download as PDF 44620 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations issued under sec. 184 (42 U.S.C. 2234) and sec. 189, 68 Stat. 955 (42 U.S.C. 2239). Appendix A also issued under sec. 6, Pub. L. 91–550, 84 Stat. 1473 (42 U.S.C. 2135). 2. In § 2.309, paragraph (b)(3)(ii) is removed; paragraph (b)(3)(iii) is redesignated as (b)(3)(ii), and paragraph (b)(3)(i) is revised to read as follows: I § 2.309 Hearing requests, petitions to intervene, requirements for standing, and contentions. § 50.42 Additional standard for class 103 licenses. In determining whether a class 103 license will be issued to an applicant, the Commission will, in addition to applying the standards set forth in § 50.40, consider whether the proposed activities will serve a useful purpose proportionate to the quantities of special nuclear material or source material to be utilized. * * * * (b) * * * (3) * * * (i) The time specified in any notice of hearing or notice of proposed action or as provided by the presiding officer or the Atomic Safety and Licensing Board designated to rule on the request and/ or petition, which may not be less than sixty (60) days from the date of publication of the notice in the Federal Register; or * * * * * Dated at Rockville, Maryland, this 21st day of July, 2008. For the Nuclear Regulatory Commission. R.W. Borchardt, Executive Director for Operations. [FR Doc. E8–17436 Filed 7–30–08; 8:45 am] PART 50—DOMESTIC LICENSING OF PRODUCTION AND UTILIZATION FACILITIES 12 CFR Part 3 3. The authority citation for part 50 continues to read as follows: FEDERAL RESERVE SYSTEM * I yshivers on PROD1PC62 with RULES Authority: Secs. 102, 103, 104, 161, 182, 183, 186, 189, 68 Stat. 936, 937, 938, 948, 953, 954, 955, 956, as amended, sec. 234, 83 Stat. 444, as amended (42 U.S.C. 2132, 2133, 2134, 2135, 2201, 2232, 2233, 2236, 2239, 2282); secs. 201, as amended, 202, 206, 88 Stat. 1242, as amended, 1244, 1246 (42 U.S.C. 5841, 5842, 5846); sec. 1704, 112 Stat. 2750 (44 U.S.C. 3504 note); sec. 651(e), Pub. L. 109–58, 119 Stat. 806–810 (42 U.S.C. 2014, 2021, 2021b, 2111). Section 50.7 also issued under Pub. L. 95–601, sec. 10, 92 Stat. 2951 (42 U.S.C. 5841). Section 50.10 also issued under secs. 101, 185, 68 Stat. 955, as amended (42 U.S.C. 2131, 2235); sec. 102, Pub. L. 91–190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.13, 50.54(dd), and 50.103 also issued under sec. 108, 68 Stat. 939, as amended (42 U.S.C. 2138). Sections 50.23, 50.35, 50.55, and 50.56 also issued under sec. 185, 68 Stat. 955 (42 U.S.C. 2235). Sections 50.33a, 50.55a and Appendix Q also issued under sec. 102, Pub. L. 91–190, 83 Stat. 853 (42 U.S.C. 4332). Sections 50.34 and 50.54 also issued under sec. 204, 88 Stat. 1245 (42 U.S.C. 5844). Sections 50.58, 50.91, and 50.92 also issued under Pub. L. 97–415, 96 Stat. 2073 (42 U.S.C. 2239). Section 50.78 also issued under sec. 122, 68 Stat. 939 (42 U.S.C. 2152). Sections 50.80–50.81 also issued under sec. 184, 68 Stat. 954, as amended (42 U.S.C. 2234). Appendix F also issued under sec. 187, 68 Stat. 955 (42 U.S.C. 2237). § 50.41 [Amended] 4. In § 50.41, paragraph (c) is removed and reserved. I 5. Section 50.42 is revised to read as follows: I VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 BILLING CODE 7590–01–P DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency [Docket ID OCC–2008–0009] 12 CFR Parts 208 and 225 [Docket No. OP–1322] FEDERAL DEPOSIT INSURANCE CORPORATION 12 CFR Part 325 DEPARTMENT OF THE TREASURY Office of Thrift Supervision 12 CFR Part 567 [Docket No. 2008–0008] Supervisory Guidance: Supervisory Review Process of Capital Adequacy (Pillar 2) Related to the Implementation of the Basel II Advanced Capital Framework AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); Board of Governors of the Federal Reserve System (Board); Federal Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision, Treasury (OTS) (collectively, the agencies). ACTION: Final supervisory guidance. SUMMARY: The agencies are publishing guidance regarding the supervisory review process for capital adequacy (Pillar 2) provided in the Basel II advanced approaches final rule, which was published in the Federal Register on December 7, 2007 (advanced PO 00000 Frm 00006 Fmt 4700 Sfmt 4700 approaches final rule). The supervisory review process described in this guidance outlines the agencies’ standards for satisfying the qualification requirements provided in the advanced approaches final rule; addressing the limitations of the minimum risk-based capital requirements for credit risk and operational risk; ensuring that each institution has a rigorous process for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining appropriate capital levels; and encouraging each institution to improve its risk identification and measurement techniques. This supervisory guidance applies to any bank, savings association, or bank holding company 1 implementing the advanced approaches final rule. DATES: This guidance is effective September 2, 2008. Comments on the Paperwork Reduction Act portion of this document may be submitted on or before September 2, 2008. ADDRESSES: Comments on the Paperwork Reduction Act portion of this document should be addressed to: OCC: Communications Division, Office of the Comptroller of the Currency, Public Information Room, Mailstop 1–5, Attention: 1557–NEW, 250 E Street, SW., Washington, DC 20219. In addition, comments may be sent by fax to (202) 874–4448, or by electronic mail to regs.comments@occ.treas.gov. You may personally inspect and photocopy the comments at the OCC’s Public Information Room, 250 E Street, SW., Washington, DC 20219. For security reasons, the OCC requires that visitors make an appointment to inspect comments. You may do so by calling (202) 874–5043. Upon arrival, visitors will be required to present valid government-issued photo identification and submit to security screening in order to inspect and photocopy comments. Board: You may submit comments, identified by OP–1322, by any of the following methods: • Agency Web Site: http:// www.federalreserve.gov. Follow the instructions for submitting comments at http://www.federalreserve.gov/. • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Fax: (202) 452–3819 or (202) 452– 3102. • Mail: Jennifer J. Johnson, Secretary, Board of Governors of the Federal Reserve System, 20th Street and 1 Collectively referred to in the guidance as ‘‘banks’’. E:\FR\FM\31JYR1.SGM 31JYR1 yshivers on PROD1PC62 with RULES Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations Constitution Avenue, NW., Washington, DC 20551. All public comments are available from the Board’s Web site at http:// www.federalreserve.gov/generalinfo/ foia/ProposedRegs.cfm as submitted, unless modified for technical reasons. Accordingly, your comments will not be edited to remove any identifying or contact information. Public comments may also be viewed electronically or in paper form in Room MP–500 of the Board’s Martin Building (20th and C Streets, NW.) between 9 a.m. and 5 p.m. on weekdays. FDIC: You may submit comments by any of the following methods: • Agency Web Site: http:// www.fdic.gov/regulations/laws/federal. Follow instructions for submitting comments on the Agency Web Site. • E-mail: Comments@FDIC.gov. Include ‘‘Basel II Supervisory Guidance’’ in the subject line of the message. • Mail: Robert E. Feldman, Executive Secretary, Attention: Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. • Hand Delivery/Courier: Guard station at the rear of the 550 17th Street Building (located on F Street) on business days between 7 a.m. and 5 p.m. (EST). • Federal eRulemaking Portal: http:// www.regulations.gov. Follow the instructions for submitting comments. • Public Inspection: All comments received will be posted without change to http://www.fdic.gov/regulations/laws/ federal including any personal information provided. Comments may be inspected and photocopied in the FDIC Public Information Center, 3501 North Fairfax Drive, Room E–1002, Arlington, VA 22226, between 9 a.m. and 5 p.m. (EST) on business days. Paper copies of public comments may be ordered from the Public Information Center by telephone at (877) 275–3342 or (703) 562–2200. OTS: Information Collection Comments, Chief Counsel’s Office, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552; send a facsimile transmission to (202) 906–6518; or send an e-mail to infocollection.comments@ots.treas.gov. OTS will post comments and the related index on the OTS Internet site at http://www.ots.treas.gov. In addition, interested persons may inspect the comments at the Public Reading Room, 1700 G Street, NW., by appointment. To make an appointment, call (202) 906– 5922, send an e-mail to public.info@ots.treas.gov, or send a facsimile transmission to (202) 906– VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 7755. A copy of the comments may also be submitted to the OMB desk officer for the Agencies: By mail to U.S. Office of Management and Budget, 725 17th Street, NW., Room 10235, Washington, DC 20503 or by facsimile to 202–395– 6974, Attention: Federal Banking Agency Desk Officer. FOR FURTHER INFORMATION CONTACT: OCC: Akhtarur Siddique, Lead Expert, Risk Analysis, (202) 874–4665; or Ron Shimabukuro, Senior Counsel, Legislative and Regulatory Activities Division, (202) 874–5090; Office of the Comptroller of the Currency, 250 E Street, SW., Washington, DC 20219. Board: David Palmer, Senior Supervisory Financial Analyst, Credit Risk Section, (202) 452–2904 or Sabeth Siddique, Assistant Director, Credit Risk Section, (202) 452–3861; Board of Governors of the Federal Reserve System, 20th Street and Constitution Avenue, NW., Washington, DC 20551. For the hearing impaired only, Telecommunication Device for the Deaf (TDD), (202) 263–4869. FDIC: Gloria Ikosi, Senior Quantitative Risk Analyst, (202) 898– 3997, or Ryan Sheller, Capital Markets Specialist, (202) 898–6614; Capital Markets Policy Section, Division of Supervision and Consumer Protection; or Mark L. Handzlik, Senior Attorney, (202) 898–3990, or Michael B. Phillips, Counsel, (202) 898–3581, Supervision Branch, Legal Division, Federal Deposit Insurance Corporation, 550 17th Street, NW., Washington, DC 20429. OTS: Sonja White, Senior Project Manager, (202) 906–7857, Capital Policy, or Jonathan Jones, Senior Financial Economist, (202) 906–5729, Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552. SUPPLEMENTARY INFORMATION: The agencies issued a notice of proposed rulemaking (NPR) on September 25, 2006,2 seeking comment on a new riskbased capital adequacy framework that requires some and permits other qualifying banks to use an internal ratings-based (IRB) approach to calculate regulatory capital requirements for credit risk and certain advanced measurement approaches (AMA) to calculate regulatory capital requirements for operational risk (together, the IRB and the AMA are referred to as the ‘‘advanced approaches’’). On December 7, 2007, the agencies published the advanced approaches final rule.3 The advanced approaches final rule is based largely on a series of publications by the Basel PO 00000 2 71 3 72 FR 55830. FR 69288. Frm 00007 Fmt 4700 Committee on Banking Supervision (BCBS) that culminated in a comprehensive release in June 2006, titled, ‘‘International Convergence of Capital Measurement and Capital Standards: A Revised Framework’’ (New Accord). The New Accord presents a three-pillar framework for determining risk-based capital requirements for credit risk, market risk, and operational risk (Pillar 1); supervisory review of capital adequacy (Pillar 2); and market discipline through enhanced public disclosure (Pillar 3). On February 28, 2007, the agencies published in the Federal Register three separate documents proposing supervisory guidance related to the implementation of the advanced approaches.4 Two of those documents provided guidance for certain aspects of Pillar 1, that is, for the IRB systems for determining the credit risk of retail and wholesale exposures, and other systems for equity and securitization exposures, and for the AMA for determining operational risk. The third document proposed guidance for Pillar 2. This final guidance document provides supervisory guidance only for Pillar 2, and it does not provide Pillar 1 guidance on the systems for determining regulatory capital requirements for credit risk or for determining regulatory capital requirements for operational risk. This document does not differ significantly from the proposed Pillar 2 guidance. The agencies recognize that a number of institutions may need additional guidance to implement the advanced approaches final rule. Accordingly, consistent with the proposed guidance for Pillar 2, this guidance document highlights certain aspects of existing supervisory review that are being augmented or clarified to support the implementation of the supervisory assessment of overall capital adequacy under the advanced approaches final rule. In making this assessment, the agencies will consider, among other items, whether each institution (i) has satisfied the qualification requirements for implementing the advanced approaches; (ii) has a rigorous process for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining appropriate capital levels (internal capital adequacy assessment process— ICAAP); and (iii) maintains a satisfactory risk management and control structure, consistent with its capital position and overall risk profile. The agencies received ten public comments on the proposed guidance 4 72 Sfmt 4700 44621 E:\FR\FM\31JYR1.SGM FR 9084. 31JYR1 yshivers on PROD1PC62 with RULES 44622 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations from banking organizations, trade associations representing the banking or financial services industry, and other interested parties. Overall, the commenters supported the principlesbased orientation of the guidance. However, some commenters recommended revisions to certain sections of the guidance that they viewed as overly prescriptive. One commenter expressed concern that the guidance appeared to suggest that increases in risk should result in greater capital, even if an institution already maintains a substantial capital buffer. To address this concern, the agencies have revised the guidance to clarify that an increase in risk may not necessarily require an increase in capital where the bank already holds capital at a level exceeding what its internal processes and supervisors regard as adequate. Other commenters expressed concern regarding the agencies’ position that liquidity risk should be addressed within the ICAAP. However, the proposed guidance was consistent with the agencies’ view of liquidity risk as a material risk that can affect capital adequacy. The agencies clarified this section of the guidance to indicate that, within the ICAAP, institutions should consider the capital adequacy implications of liquidity risk. One commenter expressed the concern that each bank’s ICAAP measures would be compared to (and reconciled with) Pillar 1 measures and to other institutions’ ICAAP results. The agencies acknowledge that there may be limited comparability to Pillar 1 measures because a bank’s ICAAP under Pillar 2 should be tailored to its individual risk profile, while Pillar 1 measures are based on certain common assumptions that may not apply to each individual bank. Accordingly, there is likely to be some limit to the comparisons that can be made across institutions. Some commenters expressed confusion about the stress testing requirement in Pillar 1 and stress testing discussed in the Pillar 2 guidance. The agencies regard stress testing as a critical component in the identification and measurement of material risks. Although there are no prescriptive stress testing requirements in Pillar 2, institutions should use stress testing or similar exercises in their ICAAP to consider the consequences of unlikely but severe events and outcomes as an input to the capital adequacy assessment process. Finally, one commenter indicated that it might not be practical to incorporate the ICAAP into bank management’s decision-making process. The agencies believe that for the ICAAP to be VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 meaningful and relevant, it should be consistent with the bank’s other risk management practices. Paperwork Reduction Act A. Request for Comment on Proposed Information Collection In accordance with the requirements of the Paperwork Reduction Act of 1995, the Agencies may not conduct or sponsor, and the respondent is not required to respond to, an information collection unless it displays a currently valid Office of Management and Budget (OMB) control number. The Agencies are requesting comment on a proposed information collection. The Agencies are also giving notice that the proposed collection of information has been submitted to OMB for review and approval. Comments are invited on: (a) Whether the collection of information is necessary for the proper performance of the Agencies’ functions, including whether the information has practical utility; (b) The accuracy of the estimates of the burden of the information collection, including the validity of the methodology and assumptions used; (c) Ways to enhance the quality, utility, and clarity of the information to be collected; (d) Ways to minimize the burden of the information collection on respondents, including through the use of automated collection techniques or other forms of information technology; and (e) Estimates of capital or start up costs and costs of operation, maintenance, and purchase of services to provide information. B. Proposed Information Collection Title of Information Collection: Basel II Interagency Supervisory Guidance for the Supervisory Review Process (Pillar 2). Frequency of Response: Eventgenerated. Affected Public: OCC: National banks. Board: State member banks and bank holding companies. FDIC: Insured state nonmember banks and certain subsidiaries of these entities. OTS: Savings associations and certain of their subsidiaries. Abstract: The notice sets forth a supervisory guidance document for implementing the supervisory review process (Pillar 2). The guidance was issued for 60 days of comment on February 28, 2007 (72 FR 9084). No comments were received on the burden estimates provided in that notice. PO 00000 Frm 00008 Fmt 4700 Sfmt 4700 The Agencies believe that paragraphs 37, 41, 43, and 46 impose new information collection requirements. Section 37 states that banks should state clearly the definition of capital used in any aspect of ICAAP and document any changes in the internal definition of capital. Under section 41, banks should maintain thorough documentation of ICAAP. Section 43 specifies that boards of directors should approve the bank’s ICAAP, review it on a regular basis, and approve any changes. Boards of directors are also required under Section 46 to periodically review the assessment of overall capital adequacy and to analyze how measures of internal capital adequacy compare with other capital measures (such as regulatory or accounting). The agencies burden estimates for these information collection requirements are summarized below. Note that the estimated number of respondents listed below include both institutions for which the Basel II riskbased capital requirements are mandatory and institutions that may be considering opting-in to Basel II (despite the lack of any formal commitment by most of these latter institutions). Estimated Burden: OCC Number of Respondents: 52. Estimated Burden per Respondent: 140 hours. Total Estimated Annual Burden: 7,280 hours. Board Number of Respondents: 15. Estimated Burden per Respondent: 420 hours. Total Estimated Annual Burden: 6,300 hours. FDIC Number of Respondents: 19. Estimated Burden per Respondent: 420 hours. Total Estimated Annual Burden: 7,980 hours. OTS Number of Respondents: 4. Estimated Burden per Respondent: 420 hours. Total Estimated Annual Burden: 1,680 hours. The full text of the guidance follows: Supervisory Review Process of Capital Adequacy (Pillar 2) Related to the Implementation of the Advanced Approaches Final Rule 1. This guidance supplements the final rule published jointly by the U.S. E:\FR\FM\31JYR1.SGM 31JYR1 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations yshivers on PROD1PC62 with RULES Federal banking agencies1 in the Federal Register on December 7, 2007 (advanced approaches rule).2 The advanced approaches rule implements a new risk-based capital framework encompassing three pillars: • Minimum risk-based capital requirements (Pillar 1); • Supervisory review (Pillar 2); and • Market discipline through enhanced public disclosures (Pillar 3). The minimum risk-based capital requirements in Pillar 1 of the advanced approaches rule apply to a bank’s calculation of minimum risk-based capital requirements for credit risk and operational risk.3 If the bank is also subject to the market risk rule,4 then the minimum risk-based capital requirements in that rule would apply.5 2. This document addresses the process for supervisory review in the advanced approaches rule. As described in this guidance, supervisory review covers three main areas: • Comprehensive supervisory review of capital adequacy; • Compliance with regulatory capital requirements; and • Internal capital adequacy assessment process (ICAAP). 3. The process of supervisory review described in this guidance reflects a continuation of the longstanding approach employed by the agencies in their supervision of banks. However, because implementation of the advanced approaches rule affects certain aspects of supervisory review, this guidance highlights areas of existing 1 The Federal banking agencies are the Board of Governors of the Federal Reserve System; the Federal Deposit Insurance Corporation; the Office of the Comptroller of the Currency; and the Office of Thrift Supervision; and are collectively referred to as ‘‘the agencies,’’ ‘‘supervisors,’’ or ‘‘regulators’’ in this guidance. 2 72 FR 69288. The advanced approaches rule as codified at 12 CFR part 3, Appendix C (national banks); 12 CFR part 208, Appendix F (state member banks); 12 CFR part 225, Appendix G (bank holding companies); 12 CFR part 325 Appendix D (state nonmember banks); 12 CFR part 567, Appendix C (savings associations). 3 The term ‘‘bank’’ as used in this guidance includes banks, savings associations and bank holding companies. The terms ‘‘bank holding company’’ and ‘‘BHC’’ refer only to bank holding companies regulated by the Federal Reserve Board and do not include savings and loan holding companies regulated by the Office of Thrift Supervision. 4 12 CFR part 3, Appendix B (national banks), 12 CFR part 208, Appendix E (state member banks), 12 CFR part 225, Appendix E (bank holding companies), 12 CFR part 325, Appendix C (state nonmember banks). OTS intends to codify a market risk capital rule for savings associations at 12 CFR part 567, Appendix D. 5 If a bank is subject to both the advanced approaches rule and the market risk rule, then the bank is subject to this guidance. If a bank is subject only to the market risk rule, it is not subject to this guidance. VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 supervisory review that are being augmented or more clearly defined to support implementation of the advanced approaches rule by U.S. banks. 4. The supervisory review process described in this document is intended to help ensure overall capital adequacy by: • Confirming a bank’s compliance with regulatory capital requirements; • Addressing the limitations of minimum risk-based capital requirements as a measure of a bank’s full risk profile—including risks not covered or not adequately addressed or quantified in Pillar 1; • Ensuring that each bank is able to assess its own capital adequacy (beyond minimum risk-based capital requirements) based on its risk profile and business model; and • Encouraging banks to develop and use better techniques to identify and measure risk. 5. This guidance neither supersedes nor alters the functioning of the existing Prompt Corrective Action requirements.6 Similarly, this guidance does not affect any other requirements for compliance with existing regulations and supervisory standards related to risk-management practices or other areas. The supervisory review process described in this guidance supports the supervisors’ existing ability to: • Require an individual bank to take measures to prevent its capital from falling below the level needed to adequately support its risks; or • Otherwise intervene to ensure that the bank’s capital levels are adequate. Comprehensive Supervisory Review of Capital Adequacy 6. Capital helps protect individual banks from insolvency, thereby promoting safety and soundness in the overall U.S. banking system. Minimum risk-based capital requirements establish a threshold below which a sound bank’s risk-based capital must not fall. Risk-based capital ratios permit some comparative analysis of capital adequacy across banks because they are based on certain common assumptions. However, supervisors must perform a more comprehensive review of capital adequacy that considers the risks that are specific to each individual bank, including those not incorporated in riskbased capital requirements. In short, supervisors must ensure that a bank’s 6 See 12 CFR part 6 (national banks); 12 CFR part 208 (state member banks); 12 CFR 325.103 (state nonmember banks); 12 CFR part 565 (savings associations). In addition, savings associations remain subject to the tangible capital requirement at 12 CFR 567.2(a)(3) and 567.9. PO 00000 Frm 00009 Fmt 4700 Sfmt 4700 44623 overall capital does not fall below the level required to support its entire risk profile. 7. Supervisors generally expect banks to hold capital above their minimum risk-based capital levels, commensurate with their individual risk profiles, to account for all material risks. Going forward under the advanced approaches rule, supervisors will continue to review the overall capital adequacy of any bank through a comprehensive evaluation that considers all relevant available information. In determining the extent to which banks should hold capital in excess of risk-based capital minimums, supervisors will consider: The combined implications of a bank’s compliance with qualification requirements for regulatory capital standards; the quality and results of a bank’s own process for determining whether capital is adequate (the ICAAP); and the bank’s riskmanagement processes, control structure, and other relevant information relating to the bank’s risk profile and capital level.7 This review is consistent with current supervisory practice, under which the agencies assess a bank’s overall capital adequacy through a comprehensive evaluation of all relevant information. 8. The supervisory review process assesses whether a bank has a satisfactory process to determine that its overall capital is adequate, and that the bank maintains adequate capital on an ongoing basis, as underlying conditions change. For example, changes in a bank’s risk profile or in relevant capital measures are areas of particular focus that are effectively addressed through the supervisory review process. Generally, a bank should hold more capital for material increases in risk that are not otherwise mitigated, unless the bank already holds capital at a level exceeding what its internal processes and supervisors would regard as adequate. Conversely, a bank may be able to reduce overall capital (to a level still above regulatory minimums) if the supervisory review supports the conclusion that the bank’s inherent risk has materially declined or that it has been appropriately mitigated. 9. As a result of its comprehensive supervisory review, a bank’s primary Federal supervisor may take action if it is not satisfied that capital is adequate. The primary Federal supervisor may require the bank to take actions to address identified supervisory concerns, which may include requiring the bank to hold additional capital to bring 7 See Part III, section 22(a)(1)–(3) of the advanced approaches rule. E:\FR\FM\31JYR1.SGM 31JYR1 44624 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations capital to levels that the supervisor deems commensurate with the bank’s risk profile. In addition, the primary Federal supervisor may, under its enforcement authority, require a bank to modify or enhance risk-management and internal-control processes, reduce its exposure to risk, or take any action deemed necessary to address identified supervisory concerns. yshivers on PROD1PC62 with RULES Compliance With Regulatory Capital Requirements 10. In order to use the advanced approaches rule to calculate minimum risk-based capital requirements, a bank must meet certain process and systems requirements. As part of the supervisory review process, the agencies will ensure that each bank meets these requirements. The advanced approaches rule provides an explanation of these qualification requirements for any systems and processes used. 11. A bank using the advanced approaches rule must comply with the rule’s qualification requirements for both initial and ongoing qualification. A bank that falls out of compliance with the qualification requirements would be required to establish a plan to return to compliance that satisfies its primary Federal supervisor. 12. Supervisors will ensure that each bank using the advanced approaches rule complies with the qualification requirements both at the consolidated level and at any subsidiary bank that uses the advanced approaches rule. Thus, each bank that applies the advanced approaches rule must have appropriate risk-measurement and riskmanagement processes and systems that meet the rule’s qualification requirements. The ICAAP 13. The qualification requirements in the advanced approaches rule state that ‘‘a bank must have a rigorous process for assessing its overall capital adequacy in relation to its risk profile and a comprehensive strategy for maintaining an appropriate level of capital.’’ 8 Because minimum risk-based capital requirements are based on certain assumptions and address only a subset of risks faced by an individual bank, each bank must conduct an internal assessment of whether its capital is adequate, given its risk profile. A bank must conduct this assessment, using the ICAAP, in addition to its calculation of minimum risk-based capital requirements.9 Accordingly, a bank’s 8 Part III, section 22(a) (1) of the advanced approaches rule. 9 Should the primary Federal supervisor exempt a bank from application of the advanced approaches VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 capital should exceed the level required by its minimum risk-based capital requirements, and also should be adequate according to its own ICAAP. 14. The fundamental objectives of a sound ICAAP are: • Identifying and measuring material risks; • Setting and assessing internal capital adequacy goals that relate directly to risk; and • Ensuring the integrity of internal capital adequacy assessments. 15. Assessing overall capital adequacy through the ICAAP requires thorough identification of all material risks, measurement of those that can be reliably quantified, and systematic assessment for the limitations of minimum risk-based capital requirements. The ICAAP should address the capital implications arising from both on- and off-balance sheet positions, as well as from provisions of explicit or implicit support. Material risks include those that in isolation do not appear to be material at first, but when combined with other risks could lead to material losses. In this manner, the ICAAP should contribute broadly to the development of better risk management within the organization at both the individual entity and consolidated levels. 16. Each bank implementing the advanced approaches rule should have an ICAAP that is appropriate for its unique risk characteristics and should not rely solely upon the assessment of capital adequacy at the parent company level. This does not preclude the use of a consolidated ICAAP as an important input to a subsidiary bank’s own ICAAP, provided that each entity’s board and senior management ensure that the ICAAP is appropriately modified to address the unique structural and operating characteristics and risks of the subsidiary bank. 17. In general, the ICAAP will likely go beyond the assumptions built into minimum risk-based capital requirements. However, in certain instances a bank’s ICAAP—when supported by proper justification and evidence—may build upon and utilize the methods, practices, and results it uses to determine minimum risk-based capital requirements. For example, in developing the ICAAP, a bank may rule based upon a written determination that the application of the rule is not appropriate in light of the bank’s asset size, level of complexity, risk profile, or scope of operations, such exemption would likewise apply to the advanced approaches requirement that the bank have an ICAAP, but would not automatically exempt the bank from other regulatory requirements or supervisory expectations to maintain a satisfactory internal process to assess capital adequacy. PO 00000 Frm 00010 Fmt 4700 Sfmt 4700 choose to use data, ratings, or estimates from internal ratings-based approaches for credit risk; or a bank may choose to use the advanced measurement approaches as the basis for its internal assessment of operational risk. Furthermore, although the ICAAP should be a distinct and comprehensive process that produces its own capital measures, in some cases a bank may be able to demonstrate that minimum riskbased capital measures appropriately reflect certain aspects of a bank’s risk profile and thus are appropriate for use in its ICAAP. 18. The design and operation of any systems used to meet the ICAAP requirements will likely differ, depending on the complexity of each bank’s operations and risk profile. Many banks employ ‘‘economic capital’’ measures for some elements of risk management, such as limit setting, or for evaluating performance or determining aggregate capital needs.10 In some cases, economic capital measures may relate directly to a bank’s assessment of capital adequacy under the ICAAP; however, in other cases, a bank may be using economic capital measures that are not intended for capital adequacy assessments. In the latter case, a bank does not necessarily need to change its existing process or systems, but it may need to build upon or adjust its economic capital measures for use in the ICAAP and the bank would have to demonstrate clearly how it does so. Notably, economic capital is not the only means to meet the ICAAP requirement. Regardless of the specific implementation method(s) chosen, the bank’s ICAAP should address the three ICAAP objectives listed in paragraph 14. Identifying and Measuring Material Risks 19. The first objective of the ICAAP is to identify all material risks. Risks that can be reliably measured and quantified should be treated as rigorously as data and methods allow. The appropriate means and methods to measure and quantify those material risks are likely to vary across banks. The key point is for a bank to be able to identify all material risks and measure those that can be reliably quantified in order to determine how those risks affect the bank’s overall capital adequacy. 20. Some of the risks to which a bank may be exposed include credit risk, 10 The term ‘‘economic capital’’ generally refers to the capital attributed to cover the economic effects of a bank’s risk taking activities. Within the banking industry, economic capital takes on a variety of definitions and is applied in a number of ways at the product, business-line, and consolidated institution level. E:\FR\FM\31JYR1.SGM 31JYR1 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations yshivers on PROD1PC62 with RULES market risk, operational risk, interest rate risk in the banking book, and liquidity risk (as outlined below).11 Other risks, such as reputational risk, business or strategic risk, and country risk may also be material for a bank and, in such cases, should be given equal consideration to the more formally defined risk types.12 Additionally, if a bank employs risk mitigation techniques it should understand the risk to be mitigated and the potential effects of that mitigation (including enforceability and effectiveness). • Credit risk: A bank should have the ability to assess credit risk at the portfolio level in addition to the exposure or counterparty level. In making this assessment, the bank should be particularly attentive to identifying any credit risk concentrations and ensuring that their effects are adequately assessed. The bank should consider the various types of dependence among exposures, and the credit risk effects of extreme outcomes, stress events, and shocks to assumptions about portfolio and exposure behavior. The bank also should carefully assess concentrations in counterparty credit exposures, including those that result from trading in less liquid markets, and determine the effect that these exposures might have on capital adequacy. • Market risk: A bank should be able to identify risks in trading and capital markets activities resulting from a movement in market prices and rates. This determination should consider factors such as illiquidity of instruments, leverage, concentrated positions, one-way markets, non-linear or deep out-of-the money option positions as well as embedded optionality, and the potential for significant shifts in correlations or other types of dependence structures. Assessments that incorporate extreme events, idiosyncratic variations, credit migrations or changes in credit spreads, defaults, and shocks should also be tailored to capture key portfolio vulnerabilities. 11 Examination policies and procedures from each agency provide extensive guidance on the major risk categories. A bank’s risk management processes, including its ICAAP, should be consistent with each corresponding agency’s existing body of guidance, as well as with relevant interagency guidance. 12 For example, a bank may be engaged in businesses for which periodic fluctuations in activity levels, combined with relatively high fixed costs, have the potential to create unanticipated losses that must be supported by adequate capital. Additionally, a bank might be involved in strategic activities (such as expanding business lines or engaging in acquisitions) that introduce significant elements of risk and for which additional capital would be appropriate. VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 44625 • Operational risk: A bank should be able to assess the potential risks resulting from inadequate or failed internal processes, people, and systems, as well as from events external to the bank.13 This assessment should include the effects of extreme events and shocks relating to operational risk. Extreme events could include a substantial or sudden increase in failed processes across business units or a significant incidence of failed internal controls. • Interest rate risk in the banking book: A bank should incorporate interest rate risk in the banking book into its assessment of capital adequacy. In making this assessment, the bank should identify the risks associated with changes in interest rates that impact both on- and off-balance sheet exposures in the banking book from a short- and long-term perspective. This might include the impact of changes due to parallel yield curve shocks, yield curve twists, yield curve inversions, changes in the adjustment of rates earned and paid on different financial instruments with otherwise similar repricing characteristics (basis risk), and other relevant scenarios including some that incorporate stress events, extreme outcomes, and shocks to assumptions. The bank should be able to support any assumptions it has made with respect to the behavioral characteristics of servicing rights, non-maturity deposits, positions subject to prepayment risk, and other assets and liabilities, especially for those exposures characterized by embedded optionality. • Liquidity risk: A bank should incorporate liquidity risk into the assessment of its capital adequacy. A bank should evaluate whether capital is adequate given its own funding liquidity profile and given the liquidity of the markets in which it operates. This assessment should incorporate various types of liquidity environments and include an evaluation of the potential for a material disruption in the sources of liquidity typically relied on by the bank as a result of bank-specific as well as systemic events. A bank should consider the capital adequacy implications of lacking a welldiversified funding base, relying predominantly on wholesale credit markets for its funding, or relying heavily on volatile funding sources. A bank involved in securitization activities should consider the capital adequacy implications of relying on market liquidity to distribute warehoused assets, including the potential for disruptions that would cause a bank to bring certain items onto its balance sheet. In its assessment of the impact of liquidity risk on capital adequacy, the bank should also challenge assumptions built into its definition of liquid products. The risk factors discussed above are not an exhaustive list of those affecting any given bank. A well-developed ICAAP should include an assessment of all relevant factors that present a material source of risk to capital, and should account for concentrations within each risk type. 21. A bank should assess whether its capital is sufficient to absorb any losses that may arise from activities that expose the bank to multiple risks within and across business lines or create concentrations across risk types.14 A bank should recognize that losses could arise in several risk dimensions at the same time, stemming from the same event or a common set of factors. For example, a localized natural disaster could generate losses from credit, market, and operational risks. Additionally, the ICAAP should focus on any complex activities that give rise to multiple risks, and to their interaction. These activities can involve instruments that may be complex, illiquid, or difficult to value. For example, securitization activities expose a bank to a variety of risks that can affect capital adequacy at the same time, including credit, market, liquidity, and reputational risks; structured products can have multiple embedded risks that interact in complex ways and can present losses in multiple risk areas across different business lines at the same time. In general, the ICAAP should include an assessment of the potential effects of convergence of risks within and across business lines and their combined impact on capital adequacy. 22. The ICAAP should take into consideration the linkage between capital adequacy and damage or potential damage to a bank’s reputation. A bank might incur losses affecting capital adequacy because of damage to its reputation, or the bank might incur losses trying to prevent or mitigate damage to its reputation. In assessing the linkage between reputational risk and capital adequacy, a bank should assess risks associated with both onbalance sheet and off-balance sheet exposures and activities, as well as risks associated with affiliates, subsidiaries, 13 In many cases, a bank may capture legal risk within operational risk. Regardless of whether it is classified as its own risk type or included within another risk type, a bank should understand the impact of legal risk on capital adequacy. 14 Concentrations may include exposures or groups of exposures that have the potential to produce losses large enough to threaten an institution’s health or materially change its risk profile. PO 00000 Frm 00011 Fmt 4700 Sfmt 4700 E:\FR\FM\31JYR1.SGM 31JYR1 yshivers on PROD1PC62 with RULES 44626 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations counterparties, clients, or other third parties. The assessment should include activities for which the bank acts as a sponsor or advisor, and cases in which the bank provides explicit or implicit support. A bank should also assess the risk of having to assume the losses of a third party to prevent or mitigate damage to the bank’s reputation. 23. The bank’s ICAAP should assess risks associated with new products, markets and activities. In making this assessment, the bank should account for any uncertainty in the valuation of new products, whether by the bank or a third party, which could be more challenging if the new products are particularly complex or do not have liquid markets. The ICAAP should take into consideration changing dynamics in markets for new products and uncertainty as to how new markets might respond to stress conditions. The ICAAP should also assess the challenges presented by new business lines or strategic acquisitions in terms of their impact on capital adequacy. 24. All measurements of risk should incorporate both quantitative and qualitative elements. Generally, a quantitative approach should form the foundation of a bank’s measurement framework. Quantitative approaches that focus on most likely outcomes for budgeting, forecasting, or performance measurement purposes may not be fully applicable for assessing capital adequacy, which also should take less likely outcomes into account. 25. In some cases, quantitative tools can include the use of large historical databases. These databases are most applicable when they are fully reflective of all relevant risk characteristics, incorporate appropriate variability, and have adequate granularity and history; for example, they should include data based not just on benign but also more stressful economic periods or operating environments. When internal data are not available or do not reflect a bank’s risk profile, a bank may rely on external data for risk measurements, but should ensure that external data have applicability to the bank’s own activities and risk profile. 26. The confidence a bank places in the results of its ICAAP should depend on the quality and robustness of the associated risk assessments. When measuring risks, a bank should understand that estimation and measurement errors are common, and in many cases are themselves difficult to quantify. In general, the bank’s ICAAP should reflect an appropriate level of conservatism to account for uncertainty in risk identification, risk mitigation or control, and risk quantification. In most VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 cases, appropriate conservatism will result in greater capital needs. 27. In many cases, risk assessments may rely to a significant degree on models that use both qualitative and quantitative inputs. The use of models can enhance the ICAAP, but it can also introduce challenges. Specifically, models may fail to work as intended or expected, or they may be used inappropriately for purposes not considered in their initial design. These concerns apply to models purchased from third-party vendors, as well as to models that are internally developed. A bank using models as part of the ICAAP should recognize these possibilities and ensure that appropriate controls, such as rigorous initial and ongoing validation and independent review, are in place to mitigate and manage any risks related to model use. A bank should apply appropriate conservatism to compensate for any risks associated with models. Additional conservatism may be necessary to account for any uncertainties in the use of models to value on- or off-balance sheet exposures or for imperfections and volatility in market-based valuations. Additional conservatism may be necessary to compensate for increased risk, for example, when models or applications are more complex, or when they have a more significant influence on the ICAAP’s results. 28. To gain a fuller understanding of the risks beyond more typical quantitative measures—such as those based on certain parameter behavior or distributional assumptions—a bank should also rely on other types of quantitative exercises. For example, stress testing, including scenario analysis and sensitivity analysis, is an additional quantitative exercise that a bank should regularly apply to complement more typical quantitative measures. A bank may need to rely more heavily on such exercises when internal or demonstrably relevant external data are scarce. These exercises can help gauge the consequences of outcomes that are unlikely, but would have a considerable impact on safety and soundness. 29. In addition to quantitative approaches for assessing risk, a bank should also employ qualitative approaches that incorporate management experience and judgment. Qualitative measures should be employed not only for those cases in which scarce data or unproven quantitative methods limit a full assessment of risk, but also more generally to complement even sophisticated quantitative estimates PO 00000 Frm 00012 Fmt 4700 Sfmt 4700 based on extensive and high-quality data. 30. A bank should be cognizant that both quantitative and qualitative approaches have their own inherent biases and assumptions that affect risk assessment. Accordingly, a bank should recognize the biases and assumptions embedded in, and the limitations of, the approaches used. 31. An effective ICAAP is comprehensive, assessing material risks across the entire bank. Each bank should have systems capable of aggregating across risk types. A bank should understand the challenges presented by risk aggregation and the inherent uncertainty in quantitative estimates used to aggregate risks (including the difficulty in estimating concentrations across risk types as noted in paragraph 21). For example, a bank is encouraged to consider the various interdependencies among risk types, the different techniques used to identify such interdependencies, and the channels through which those interdependencies might arise—across risk types, within the same business line, and across different business lines. Consistent with paragraph 26, any associated uncertainty in aggregating capital estimates across risk types and business lines should translate into greater capital needs. 32. Management should be systematic and rigorous in considering possible effects of diversification. Assumptions about diversification should be identified at each level where diversification is recognized, supported by analysis and evidence, and remain robust over time and under different market environments, including stressed market conditions. For example, a bank calculating the dependence structure within or among risk types should consider data quality and consistency, such as the volatility of correlations over time and during periods of market stress. In general, a bank should consider a wide range of possible adverse outcomes that have the potential to affect multiple risks at the same time and to limit expected diversification benefits. Consistent with paragraph 26, uncertainty in diversification estimates should translate into greater capital needs. Setting and Assessing Capital Adequacy Goals That Relate to Risk 33. The second objective of the ICAAP is to set and assess capital adequacy goals in relation to all material risks. Under this objective, a bank should have a well-defined process to translate estimates of risk into an assessment of capital adequacy. In practice, capital E:\FR\FM\31JYR1.SGM 31JYR1 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations yshivers on PROD1PC62 with RULES adequacy goals may be reflected in various ways. A bank may choose to hold capital in excess of the level internal processes would regard as adequate for any number of business or strategic reasons. Excess capital may fluctuate over time. Each bank should recognize that minimum risk-based capital requirements represent a floor below which the bank’s overall capital level must not fall, even if bank management believes that there is justification to maintain less capital. 34. A bank may establish its risktolerance level to reflect a desired level of risk coverage and/or a certain degree of creditworthiness, such as an explicit solvency standard. Accordingly, assessments of risk and capital adequacy should reflect the chosen risk tolerance of the bank. Because risk profiles and choices of risk tolerance may differ across banks, capital targets may also differ. However, if for internal capital adequacy purposes a bank were to choose to apply a level of risk coverage or a solvency standard that is less than that implied by minimum riskbased capital requirements, the bank would have to be able to: Identify and support the rationale for a lower solvency standard; demonstrate clearly that its ICAAP adequately addresses low-probability, high-severity events; and ensure that there is sufficient capital to absorb losses associated with such extreme events. Regardless of the solvency standard used, supervisors expect banks to hold capital at a level above that established by minimum risk-based capital requirements. 35. A bank should consider external conditions and other factors that influence its overall capital adequacy, including the potential impact of contingent exposures and changing economic and financial environments. The ICAAP should address the potential impact of broader market or systemic events, which could cause risk to increase beyond the bank’s chosen risktolerance level, and have appropriate contingency plans for such outcomes. Such exercises may include stress testing, such as scenario and sensitivity analysis; however, in all cases they should incorporate both quantitative and qualitative methods.15 15 The use of stress testing in identifying and measuring risk exposures and assessing capital adequacy in the ICAAP is not the same as the Pillar 1 stress testing requirement related to minimum risk-based capital requirements and qualification requirements (as described in the advanced approaches rule). The stress testing encouraged in the ICAAP guidance is intended to focus on overall capital needs and their possible fluctuations, not just fluctuations in minimum risk-based capital requirements. However, work conducted to meet the stress testing requirement under Pillar 1 may VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 36. Through the ICAAP, a bank should ensure that adequate capital is held against all material risks, and that capital remains adequate not just at a point in time, but over time, to account for changes in a bank’s strategic direction, evolving economic conditions, and volatility in the financial environment. A bank should be cognizant of the impact of marketdriven valuations on the volatility of capital. Moreover, recognizing the sensitivity of capital to economic and financial cycles should be a critical component of a bank’s planning for current and future capital needs. For example, a bank should consider the potential effects of a sudden, sustained economic downturn. The level of capital deemed adequate by a bank given its ICAAP might also be influenced by the bank’s intention to hold additional capital to mitigate the impact of volatility in capital requirements, its need to support acquisition plans, or its decision to accommodate market perceptions of capital adequacy and their impact on funding costs. 37. In analyzing capital adequacy, a bank should evaluate the capacity of its capital to absorb losses. Because various definitions of capital are used within the banking industry, each bank should state clearly the definition of capital used in any aspect of its ICAAP. Since components of capital are not necessarily alike and have varying capacities to absorb losses, a bank should be able to demonstrate the relationship between its internal capital definition and its assessment of capital adequacy. If a bank’s definition of capital differs from the regulatory definition, the bank should reconcile such differences and provide an analysis to support the inclusion of any capital instruments that are not recognized under the regulatory definition. Although common equity is generally the predominant component of a bank’s capital structure, a bank may be able to support the inclusion of other capital instruments in its internal definition of capital if it can demonstrate a similar capacity to absorb losses. The bank should document any changes in its internal definition of capital, and the reason for those changes. 38. An effective capital plan recognizes a bank’s short- and long-term capital needs and objectives. Accordingly, a bank should evaluate whether long-run capital targets are consistent with short-run goals, based have application to or may provide a starting point for any stress testing banks decide to conduct as part of the ICAAP. PO 00000 Frm 00013 Fmt 4700 Sfmt 4700 44627 on current and planned changes in risk profiles. In developing its capital plan, the bank also should recognize that accommodating additional capital needs can require significant lead time, can be costly, or can be quite difficult, especially during downturns or other times of stress. A bank should have contingency plans to address unexpected capital needs. Ensuring Integrity of Internal Capital Adequacy Assessments 39. A satisfactory ICAAP comprises a complete process with proper oversight and controls, and not just an ability to carry out certain capital calculations. The various elements of a bank’s ICAAP should complement and reinforce one another to achieve the overall objective of assessing capital adequacy, taking into account the bank’s risk profile. 40. A bank should maintain adequate internal controls to ensure the integrity, objectivity, and consistent application of the ICAAP. Decisions regarding the design and operation of the ICAAP should reflect sound risk management, and should not be unduly influenced by competing business objectives. A bank should identify any deficiencies in its ICAAP and plan and take remedial actions to address the deficiencies in a timely manner. The principles underlying a bank’s ICAAP should be incorporated into policies that are reviewed and approved at appropriate levels within the organization. 41. A bank should maintain thorough documentation of its ICAAP to ensure transparency. At a minimum, this should include a description of the bank’s overall capital-management process, including the committees and individuals responsible for the ICAAP; the frequency and distribution of ICAAP-related reporting; and the procedures for the periodic evaluation of the appropriateness and adequacy of the ICAAP. In addition, where applicable, ICAAP documentation should demonstrate the bank’s sound use of quantitative methods (including model selection and limitations) and data-selection techniques, as well as appropriate maintenance, controls, and validation. A bank should document and explain the role of third-party and vendor products, services and information—including methodologies, model inputs, systems, data, and ratings—and the extent to which they are used within the ICAAP. A bank should have a process to regularly evaluate the performance of third-party and vendor products, services and information. As part of the ICAAP documentation, a bank should document the assumptions, methods, E:\FR\FM\31JYR1.SGM 31JYR1 yshivers on PROD1PC62 with RULES 44628 Federal Register / Vol. 73, No. 148 / Thursday, July 31, 2008 / Rules and Regulations data, information, and judgment used in its quantitative and qualitative approaches. 42. The ICAAP should be enhanced and refined over time, with learning and experience (both quantitative and qualitative) contributing to its improvement. The ICAAP should evolve with changes in the risk profile and activities of the bank, as well as with advances in risk measurement and management practices. For example, a bank should incorporate in its ICAAP the introduction of new products and business lines and activities to ensure that the bank’s capital plan is responsive to changes in the operational and/or business environment. 43. The board of directors and senior management have certain responsibilities in developing, implementing, and overseeing the ICAAP. The board should approve the ICAAP and its components. The board or its appropriately delegated agent should review the ICAAP and its components on a regular basis, and approve any revisions. That review should encompass the effectiveness of the ICAAP, the appropriateness of risk tolerance levels and capital planning, and the strength of control infrastructures. Senior management should continually ensure that the ICAAP is functioning effectively and as intended, under a formal review policy that is explicit and well documented. Additionally, a bank’s internal audit function should play a key role in reviewing the controls and governance surrounding the ICAAP on an ongoing basis. 44. Each bank should ensure that the components of its ICAAP, including any models and their inputs, are subject to the bank’s validation policies and procedures. Validation should be independent of the development, implementation, and operation of the ICAAP components, or the validation process should be subject to an independent review of its adequacy and effectiveness. Validation is generally defined as an ongoing process that includes, but is not limited to, the collection and review of developmental evidence, process verification, benchmarking, outcomes analysis, and monitoring activities used to confirm that processes are operating as designed. Validation policies and procedures should reflect the bank’s business, structure, and sophistication, as well as the relative importance of each component of the ICAAP. Accordingly, a bank is encouraged to consult the agencies’ existing guidance on validation. VerDate Aug<31>2005 15:05 Jul 30, 2008 Jkt 214001 45. A bank’s ICAAP should be aligned with and be a part of the bank’s wider internal governance structure and overall risk-management processes. The ICAAP should not be viewed as simply a compliance exercise. Rather, it is a dynamic and evolving process that is used by a bank to provide internal assurance that capital is adequate given the bank’s risk profile. Management is responsible for ensuring that the ICAAP is fully consistent with the overall risk management framework of the bank. Information derived through the ICAAP process should influence decision making at both the consolidated and individual business-line levels, and be used to inform other management processes related to risk assessment, business planning and forecasting, pricing strategies, and performance measurement. 46. As part of the ICAAP, the board or its delegated agent, as well as appropriate senior management, should periodically review the resulting assessment of overall capital adequacy. This review, which should occur at least annually, should include an analysis of how measures of internal capital adequacy compare with other capital measures (such as regulatory, accounting-based or marketdetermined). Upon completion of this review, the board or its delegated agent should determine that, consistent with safety and soundness, the bank’s capital takes into account all material risks and is appropriate for its risk profile. However, in the event a capital deficiency is uncovered (that is, if capital is not consistent with the bank’s risk profile or risk tolerance) management should consult and adhere to formal procedures to correct the capital deficiency. Dated: July 14, 2008. John C. Dugan, Comptroller of the Currency. By order of the Board of Governors of the Federal Reserve System, July 15, 2008. Jennifer J. Johnson, Secretary of the Board. Dated at Washington, DC, the 15th day of July, 2008. By order of the Federal Deposit Insurance Corporation. Robert E. Feldman, Executive Secretary. Dated: July 14, 2008. By the Office of Thrift Supervision. John M. Reich, Director. [FR Doc. E8–17555 Filed 7–30–08; 8:45 am] BILLING CODE 4810–33–P, 6210–01–P, 6714–01–P, 6720–01–P PO 00000 Frm 00014 Fmt 4700 Sfmt 4700 DEPARTMENT OF TRANSPORTATION Federal Aviation Administration 14 CFR Part 39 [Docket No. FAA–2008–0821; Directorate Identifier 2008–NE–20–AD; Amendment 39– 15619; AD 2008–16–01] RIN 2120–AA64 Airworthiness Directives; General Electric Co. (GE) CF34–8E Series Turbofan Engines Federal Aviation Administration (FAA), Department of Transportation (DOT). ACTION: Final rule; request for comments. AGENCY: SUMMARY: The FAA is adopting a new airworthiness directive (AD) for GE CF34–8E series turbofan engines with certain part number (P/N) full authority digital engine controls (FADECs) installed. This AD requires reprogramming the FADEC software from version 8Ev5.40 to an FAAapproved software version. This AD results from six loss of thrust control events from the same software fault scenario. We are issuing this AD to prevent loss of thrust control and controllability of the airplane. DATES: This AD becomes effective August 15, 2008. We must receive any comments on this AD by September 29, 2008. ADDRESSES: Use one of the following addresses to comment on this AD: • Federal eRulemaking Portal: Go to http://www.regulations.gov and follow the instructions for sending your comments electronically. • Mail: U.S. Docket Management Facility, Department of Transportation, 1200 New Jersey Avenue, SE., West Building Ground Floor, Room W12–140, Washington, DC 20590–0001. • Hand Delivery: Deliver to Mail address above between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. • Fax: (202) 493–2251. Contact General Electric Company via Lockheed Martin Technology Services, 10525 Chester Road, Suite C, Cincinnati, Ohio 45215; telephone (513) 672–8400; fax (513) 672–8422, for the service information identified in this AD. FOR FURTHER INFORMATION CONTACT: Kenneth Steeves, Aerospace Engineer, Engine Certification Office, FAA, Engine & Propeller Directorate, 12 New England Executive Park, Burlington, MA 01803; e-mail: kenneth.steeves@faa.gov; telephone (781) 238–7765; fax (781) 238–7199. E:\FR\FM\31JYR1.SGM 31JYR1

Agencies

[Federal Register Volume 73, Number 148 (Thursday, July 31, 2008)]
[Rules and Regulations]
[Pages 44620-44628]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E8-17555]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 3

[Docket ID OCC-2008-0009]

FEDERAL RESERVE SYSTEM

12 CFR Parts 208 and 225

[Docket No. OP-1322]

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 325

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 567

[Docket No. 2008-0008]


Supervisory Guidance: Supervisory Review Process of Capital 
Adequacy (Pillar 2) Related to the Implementation of the Basel II 
Advanced Capital Framework

AGENCIES: Office of the Comptroller of the Currency, Treasury (OCC); 
Board of Governors of the Federal Reserve System (Board); Federal 
Deposit Insurance Corporation (FDIC); and Office of Thrift Supervision, 
Treasury (OTS) (collectively, the agencies).

ACTION: Final supervisory guidance.

-----------------------------------------------------------------------

SUMMARY: The agencies are publishing guidance regarding the supervisory 
review process for capital adequacy (Pillar 2) provided in the Basel II 
advanced approaches final rule, which was published in the Federal 
Register on December 7, 2007 (advanced approaches final rule). The 
supervisory review process described in this guidance outlines the 
agencies' standards for satisfying the qualification requirements 
provided in the advanced approaches final rule; addressing the 
limitations of the minimum risk-based capital requirements for credit 
risk and operational risk; ensuring that each institution has a 
rigorous process for assessing its overall capital adequacy in relation 
to its risk profile and a comprehensive strategy for maintaining 
appropriate capital levels; and encouraging each institution to improve 
its risk identification and measurement techniques. This supervisory 
guidance applies to any bank, savings association, or bank holding 
company \1\ implementing the advanced approaches final rule.
---------------------------------------------------------------------------

    \1\ Collectively referred to in the guidance as ``banks''.

DATES: This guidance is effective September 2, 2008. Comments on the 
Paperwork Reduction Act portion of this document may be submitted on or 
---------------------------------------------------------------------------
before September 2, 2008.

ADDRESSES: Comments on the Paperwork Reduction Act portion of this 
document should be addressed to:
    OCC: Communications Division, Office of the Comptroller of the 
Currency, Public Information Room, Mailstop 1-5, Attention: 1557-NEW, 
250 E Street, SW., Washington, DC 20219. In addition, comments may be 
sent by fax to (202) 874-4448, or by electronic mail to 
regs.comments@occ.treas.gov. You may personally inspect and photocopy 
the comments at the OCC's Public Information Room, 250 E Street, SW., 
Washington, DC 20219. For security reasons, the OCC requires that 
visitors make an appointment to inspect comments. You may do so by 
calling (202) 874-5043. Upon arrival, visitors will be required to 
present valid government-issued photo identification and submit to 
security screening in order to inspect and photocopy comments.
    Board: You may submit comments, identified by OP-1322, by any of 
the following methods:
     Agency Web Site: http://www.federalreserve.gov. Follow the 
instructions for submitting comments at http://www.federalreserve.gov/.
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Fax: (202) 452-3819 or (202) 452-3102.
     Mail: Jennifer J. Johnson, Secretary, Board of Governors 
of the Federal Reserve System, 20th Street and

[[Page 44621]]

Constitution Avenue, NW., Washington, DC 20551.

All public comments are available from the Board's Web site at http://
www.federalreserve.gov/generalinfo/foia/ProposedRegs.cfm as submitted, 
unless modified for technical reasons. Accordingly, your comments will 
not be edited to remove any identifying or contact information. Public 
comments may also be viewed electronically or in paper form in Room MP-
500 of the Board's Martin Building (20th and C Streets, NW.) between 9 
a.m. and 5 p.m. on weekdays.
    FDIC: You may submit comments by any of the following methods:
     Agency Web Site: http://www.fdic.gov/regulations/laws/
federal. Follow instructions for submitting comments on the Agency Web 
Site.
     E-mail: Comments@FDIC.gov. Include ``Basel II Supervisory 
Guidance'' in the subject line of the message.
     Mail: Robert E. Feldman, Executive Secretary, Attention: 
Comments, Federal Deposit Insurance Corporation, 550 17th Street, NW., 
Washington, DC 20429.
     Hand Delivery/Courier: Guard station at the rear of the 
550 17th Street Building (located on F Street) on business days between 
7 a.m. and 5 p.m. (EST).
     Federal eRulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments.
     Public Inspection: All comments received will be posted 
without change to http://www.fdic.gov/regulations/laws/federal 
including any personal information provided. Comments may be inspected 
and photocopied in the FDIC Public Information Center, 3501 North 
Fairfax Drive, Room E-1002, Arlington, VA 22226, between 9 a.m. and 5 
p.m. (EST) on business days. Paper copies of public comments may be 
ordered from the Public Information Center by telephone at (877) 275-
3342 or (703) 562-2200.
    OTS: Information Collection Comments, Chief Counsel's Office, 
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552; 
send a facsimile transmission to (202) 906-6518; or send an e-mail to 
infocollection.comments@ots.treas.gov. OTS will post comments and the 
related index on the OTS Internet site at http://www.ots.treas.gov. In 
addition, interested persons may inspect the comments at the Public 
Reading Room, 1700 G Street, NW., by appointment. To make an 
appointment, call (202) 906-5922, send an e-mail to 
public.info@ots.treas.gov, or send a facsimile transmission to (202) 
906-7755. A copy of the comments may also be submitted to the OMB desk 
officer for the Agencies: By mail to U.S. Office of Management and 
Budget, 725 17th Street, NW., Room 10235, Washington, DC 20503 or by 
facsimile to 202-395-6974, Attention: Federal Banking Agency Desk 
Officer.

FOR FURTHER INFORMATION CONTACT:
    OCC: Akhtarur Siddique, Lead Expert, Risk Analysis, (202) 874-4665; 
or Ron Shimabukuro, Senior Counsel, Legislative and Regulatory 
Activities Division, (202) 874-5090; Office of the Comptroller of the 
Currency, 250 E Street, SW., Washington, DC 20219.
    Board: David Palmer, Senior Supervisory Financial Analyst, Credit 
Risk Section, (202) 452-2904 or Sabeth Siddique, Assistant Director, 
Credit Risk Section, (202) 452-3861; Board of Governors of the Federal 
Reserve System, 20th Street and Constitution Avenue, NW., Washington, 
DC 20551. For the hearing impaired only, Telecommunication Device for 
the Deaf (TDD), (202) 263-4869.
    FDIC: Gloria Ikosi, Senior Quantitative Risk Analyst, (202) 898-
3997, or Ryan Sheller, Capital Markets Specialist, (202) 898-6614; 
Capital Markets Policy Section, Division of Supervision and Consumer 
Protection; or Mark L. Handzlik, Senior Attorney, (202) 898-3990, or 
Michael B. Phillips, Counsel, (202) 898-3581, Supervision Branch, Legal 
Division, Federal Deposit Insurance Corporation, 550 17th Street, NW., 
Washington, DC 20429.
    OTS: Sonja White, Senior Project Manager, (202) 906-7857, Capital 
Policy, or Jonathan Jones, Senior Financial Economist, (202) 906-5729, 
Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION: The agencies issued a notice of proposed 
rulemaking (NPR) on September 25, 2006,\2\ seeking comment on a new 
risk-based capital adequacy framework that requires some and permits 
other qualifying banks to use an internal ratings-based (IRB) approach 
to calculate regulatory capital requirements for credit risk and 
certain advanced measurement approaches (AMA) to calculate regulatory 
capital requirements for operational risk (together, the IRB and the 
AMA are referred to as the ``advanced approaches''). On December 7, 
2007, the agencies published the advanced approaches final rule.\3\ The 
advanced approaches final rule is based largely on a series of 
publications by the Basel Committee on Banking Supervision (BCBS) that 
culminated in a comprehensive release in June 2006, titled, 
``International Convergence of Capital Measurement and Capital 
Standards: A Revised Framework'' (New Accord). The New Accord presents 
a three-pillar framework for determining risk-based capital 
requirements for credit risk, market risk, and operational risk (Pillar 
1); supervisory review of capital adequacy (Pillar 2); and market 
discipline through enhanced public disclosure (Pillar 3).
---------------------------------------------------------------------------

    \2\ 71 FR 55830.
    \3\ 72 FR 69288.
---------------------------------------------------------------------------

    On February 28, 2007, the agencies published in the Federal 
Register three separate documents proposing supervisory guidance 
related to the implementation of the advanced approaches.\4\ Two of 
those documents provided guidance for certain aspects of Pillar 1, that 
is, for the IRB systems for determining the credit risk of retail and 
wholesale exposures, and other systems for equity and securitization 
exposures, and for the AMA for determining operational risk. The third 
document proposed guidance for Pillar 2. This final guidance document 
provides supervisory guidance only for Pillar 2, and it does not 
provide Pillar 1 guidance on the systems for determining regulatory 
capital requirements for credit risk or for determining regulatory 
capital requirements for operational risk. This document does not 
differ significantly from the proposed Pillar 2 guidance.
---------------------------------------------------------------------------

    \4\ 72 FR 9084.
---------------------------------------------------------------------------

    The agencies recognize that a number of institutions may need 
additional guidance to implement the advanced approaches final rule. 
Accordingly, consistent with the proposed guidance for Pillar 2, this 
guidance document highlights certain aspects of existing supervisory 
review that are being augmented or clarified to support the 
implementation of the supervisory assessment of overall capital 
adequacy under the advanced approaches final rule. In making this 
assessment, the agencies will consider, among other items, whether each 
institution (i) has satisfied the qualification requirements for 
implementing the advanced approaches; (ii) has a rigorous process for 
assessing its overall capital adequacy in relation to its risk profile 
and a comprehensive strategy for maintaining appropriate capital levels 
(internal capital adequacy assessment process--ICAAP); and (iii) 
maintains a satisfactory risk management and control structure, 
consistent with its capital position and overall risk profile.
    The agencies received ten public comments on the proposed guidance

[[Page 44622]]

from banking organizations, trade associations representing the banking 
or financial services industry, and other interested parties. Overall, 
the commenters supported the principles-based orientation of the 
guidance. However, some commenters recommended revisions to certain 
sections of the guidance that they viewed as overly prescriptive. One 
commenter expressed concern that the guidance appeared to suggest that 
increases in risk should result in greater capital, even if an 
institution already maintains a substantial capital buffer. To address 
this concern, the agencies have revised the guidance to clarify that an 
increase in risk may not necessarily require an increase in capital 
where the bank already holds capital at a level exceeding what its 
internal processes and supervisors regard as adequate.
    Other commenters expressed concern regarding the agencies' position 
that liquidity risk should be addressed within the ICAAP. However, the 
proposed guidance was consistent with the agencies' view of liquidity 
risk as a material risk that can affect capital adequacy. The agencies 
clarified this section of the guidance to indicate that, within the 
ICAAP, institutions should consider the capital adequacy implications 
of liquidity risk. One commenter expressed the concern that each bank's 
ICAAP measures would be compared to (and reconciled with) Pillar 1 
measures and to other institutions' ICAAP results. The agencies 
acknowledge that there may be limited comparability to Pillar 1 
measures because a bank's ICAAP under Pillar 2 should be tailored to 
its individual risk profile, while Pillar 1 measures are based on 
certain common assumptions that may not apply to each individual bank. 
Accordingly, there is likely to be some limit to the comparisons that 
can be made across institutions.
    Some commenters expressed confusion about the stress testing 
requirement in Pillar 1 and stress testing discussed in the Pillar 2 
guidance. The agencies regard stress testing as a critical component in 
the identification and measurement of material risks. Although there 
are no prescriptive stress testing requirements in Pillar 2, 
institutions should use stress testing or similar exercises in their 
ICAAP to consider the consequences of unlikely but severe events and 
outcomes as an input to the capital adequacy assessment process.
    Finally, one commenter indicated that it might not be practical to 
incorporate the ICAAP into bank management's decision-making process. 
The agencies believe that for the ICAAP to be meaningful and relevant, 
it should be consistent with the bank's other risk management 
practices.

Paperwork Reduction Act

A. Request for Comment on Proposed Information Collection

    In accordance with the requirements of the Paperwork Reduction Act 
of 1995, the Agencies may not conduct or sponsor, and the respondent is 
not required to respond to, an information collection unless it 
displays a currently valid Office of Management and Budget (OMB) 
control number. The Agencies are requesting comment on a proposed 
information collection. The Agencies are also giving notice that the 
proposed collection of information has been submitted to OMB for review 
and approval.
    Comments are invited on:
    (a) Whether the collection of information is necessary for the 
proper performance of the Agencies' functions, including whether the 
information has practical utility;
    (b) The accuracy of the estimates of the burden of the information 
collection, including the validity of the methodology and assumptions 
used;
    (c) Ways to enhance the quality, utility, and clarity of the 
information to be collected;
    (d) Ways to minimize the burden of the information collection on 
respondents, including through the use of automated collection 
techniques or other forms of information technology; and
    (e) Estimates of capital or start up costs and costs of operation, 
maintenance, and purchase of services to provide information.

B. Proposed Information Collection

    Title of Information Collection: Basel II Interagency Supervisory 
Guidance for the Supervisory Review Process (Pillar 2).
    Frequency of Response: Event-generated.
    Affected Public:
    OCC: National banks.
    Board: State member banks and bank holding companies.
    FDIC: Insured state nonmember banks and certain subsidiaries of 
these entities.
    OTS: Savings associations and certain of their subsidiaries.
    Abstract: The notice sets forth a supervisory guidance document for 
implementing the supervisory review process (Pillar 2). The guidance 
was issued for 60 days of comment on February 28, 2007 (72 FR 9084). No 
comments were received on the burden estimates provided in that notice.
    The Agencies believe that paragraphs 37, 41, 43, and 46 impose new 
information collection requirements. Section 37 states that banks 
should state clearly the definition of capital used in any aspect of 
ICAAP and document any changes in the internal definition of capital. 
Under section 41, banks should maintain thorough documentation of 
ICAAP. Section 43 specifies that boards of directors should approve the 
bank's ICAAP, review it on a regular basis, and approve any changes. 
Boards of directors are also required under Section 46 to periodically 
review the assessment of overall capital adequacy and to analyze how 
measures of internal capital adequacy compare with other capital 
measures (such as regulatory or accounting).
    The agencies burden estimates for these information collection 
requirements are summarized below. Note that the estimated number of 
respondents listed below include both institutions for which the Basel 
II risk-based capital requirements are mandatory and institutions that 
may be considering opting-in to Basel II (despite the lack of any 
formal commitment by most of these latter institutions).
    Estimated Burden:
OCC
    Number of Respondents: 52.
    Estimated Burden per Respondent: 140 hours.
    Total Estimated Annual Burden: 7,280 hours.
Board
    Number of Respondents: 15.
    Estimated Burden per Respondent: 420 hours.
    Total Estimated Annual Burden: 6,300 hours.
FDIC
    Number of Respondents: 19.
    Estimated Burden per Respondent: 420 hours.
    Total Estimated Annual Burden: 7,980 hours.
OTS
    Number of Respondents: 4.
    Estimated Burden per Respondent: 420 hours.
    Total Estimated Annual Burden: 1,680 hours.
    The full text of the guidance follows:

Supervisory Review Process of Capital Adequacy (Pillar 2) Related to 
the Implementation of the Advanced Approaches Final Rule

    1. This guidance supplements the final rule published jointly by 
the U.S.

[[Page 44623]]

Federal banking agencies\1\ in the Federal Register on December 7, 2007 
(advanced approaches rule).\2\ The advanced approaches rule implements 
a new risk-based capital framework encompassing three pillars:
---------------------------------------------------------------------------

    \1\ The Federal banking agencies are the Board of Governors of 
the Federal Reserve System; the Federal Deposit Insurance 
Corporation; the Office of the Comptroller of the Currency; and the 
Office of Thrift Supervision; and are collectively referred to as 
``the agencies,'' ``supervisors,'' or ``regulators'' in this 
guidance.
    \2\ 72 FR 69288. The advanced approaches rule as codified at 12 
CFR part 3, Appendix C (national banks); 12 CFR part 208, Appendix F 
(state member banks); 12 CFR part 225, Appendix G (bank holding 
companies); 12 CFR part 325 Appendix D (state nonmember banks); 12 
CFR part 567, Appendix C (savings associations).
---------------------------------------------------------------------------

     Minimum risk-based capital requirements (Pillar 1);
     Supervisory review (Pillar 2); and
     Market discipline through enhanced public disclosures 
(Pillar 3).
    The minimum risk-based capital requirements in Pillar 1 of the 
advanced approaches rule apply to a bank's calculation of minimum risk-
based capital requirements for credit risk and operational risk.\3\ If 
the bank is also subject to the market risk rule,\4\ then the minimum 
risk-based capital requirements in that rule would apply.\5\
---------------------------------------------------------------------------

    \3\ The term ``bank'' as used in this guidance includes banks, 
savings associations and bank holding companies. The terms ``bank 
holding company'' and ``BHC'' refer only to bank holding companies 
regulated by the Federal Reserve Board and do not include savings 
and loan holding companies regulated by the Office of Thrift 
Supervision.
    \4\ 12 CFR part 3, Appendix B (national banks), 12 CFR part 208, 
Appendix E (state member banks), 12 CFR part 225, Appendix E (bank 
holding companies), 12 CFR part 325, Appendix C (state nonmember 
banks). OTS intends to codify a market risk capital rule for savings 
associations at 12 CFR part 567, Appendix D.
    \5\ If a bank is subject to both the advanced approaches rule 
and the market risk rule, then the bank is subject to this guidance. 
If a bank is subject only to the market risk rule, it is not subject 
to this guidance.
---------------------------------------------------------------------------

    2. This document addresses the process for supervisory review in 
the advanced approaches rule. As described in this guidance, 
supervisory review covers three main areas:
     Comprehensive supervisory review of capital adequacy;
     Compliance with regulatory capital requirements; and
     Internal capital adequacy assessment process (ICAAP).
    3. The process of supervisory review described in this guidance 
reflects a continuation of the longstanding approach employed by the 
agencies in their supervision of banks. However, because implementation 
of the advanced approaches rule affects certain aspects of supervisory 
review, this guidance highlights areas of existing supervisory review 
that are being augmented or more clearly defined to support 
implementation of the advanced approaches rule by U.S. banks.
    4. The supervisory review process described in this document is 
intended to help ensure overall capital adequacy by:
     Confirming a bank's compliance with regulatory capital 
requirements;
     Addressing the limitations of minimum risk-based capital 
requirements as a measure of a bank's full risk profile--including 
risks not covered or not adequately addressed or quantified in Pillar 
1;
     Ensuring that each bank is able to assess its own capital 
adequacy (beyond minimum risk-based capital requirements) based on its 
risk profile and business model; and
     Encouraging banks to develop and use better techniques to 
identify and measure risk.
    5. This guidance neither supersedes nor alters the functioning of 
the existing Prompt Corrective Action requirements.\6\ Similarly, this 
guidance does not affect any other requirements for compliance with 
existing regulations and supervisory standards related to risk-
management practices or other areas. The supervisory review process 
described in this guidance supports the supervisors' existing ability 
to:
---------------------------------------------------------------------------

    \6\ See 12 CFR part 6 (national banks); 12 CFR part 208 (state 
member banks); 12 CFR 325.103 (state nonmember banks); 12 CFR part 
565 (savings associations). In addition, savings associations remain 
subject to the tangible capital requirement at 12 CFR 567.2(a)(3) 
and 567.9.
---------------------------------------------------------------------------

     Require an individual bank to take measures to prevent its 
capital from falling below the level needed to adequately support its 
risks; or
     Otherwise intervene to ensure that the bank's capital 
levels are adequate.

Comprehensive Supervisory Review of Capital Adequacy

    6. Capital helps protect individual banks from insolvency, thereby 
promoting safety and soundness in the overall U.S. banking system. 
Minimum risk-based capital requirements establish a threshold below 
which a sound bank's risk-based capital must not fall. Risk-based 
capital ratios permit some comparative analysis of capital adequacy 
across banks because they are based on certain common assumptions. 
However, supervisors must perform a more comprehensive review of 
capital adequacy that considers the risks that are specific to each 
individual bank, including those not incorporated in risk-based capital 
requirements. In short, supervisors must ensure that a bank's overall 
capital does not fall below the level required to support its entire 
risk profile.
    7. Supervisors generally expect banks to hold capital above their 
minimum risk-based capital levels, commensurate with their individual 
risk profiles, to account for all material risks. Going forward under 
the advanced approaches rule, supervisors will continue to review the 
overall capital adequacy of any bank through a comprehensive evaluation 
that considers all relevant available information. In determining the 
extent to which banks should hold capital in excess of risk-based 
capital minimums, supervisors will consider: The combined implications 
of a bank's compliance with qualification requirements for regulatory 
capital standards; the quality and results of a bank's own process for 
determining whether capital is adequate (the ICAAP); and the bank's 
risk-management processes, control structure, and other relevant 
information relating to the bank's risk profile and capital level.\7\ 
This review is consistent with current supervisory practice, under 
which the agencies assess a bank's overall capital adequacy through a 
comprehensive evaluation of all relevant information.
---------------------------------------------------------------------------

    \7\ See Part III, section 22(a)(1)-(3) of the advanced 
approaches rule.
---------------------------------------------------------------------------

    8. The supervisory review process assesses whether a bank has a 
satisfactory process to determine that its overall capital is adequate, 
and that the bank maintains adequate capital on an ongoing basis, as 
underlying conditions change. For example, changes in a bank's risk 
profile or in relevant capital measures are areas of particular focus 
that are effectively addressed through the supervisory review process. 
Generally, a bank should hold more capital for material increases in 
risk that are not otherwise mitigated, unless the bank already holds 
capital at a level exceeding what its internal processes and 
supervisors would regard as adequate. Conversely, a bank may be able to 
reduce overall capital (to a level still above regulatory minimums) if 
the supervisory review supports the conclusion that the bank's inherent 
risk has materially declined or that it has been appropriately 
mitigated.
    9. As a result of its comprehensive supervisory review, a bank's 
primary Federal supervisor may take action if it is not satisfied that 
capital is adequate. The primary Federal supervisor may require the 
bank to take actions to address identified supervisory concerns, which 
may include requiring the bank to hold additional capital to bring

[[Page 44624]]

capital to levels that the supervisor deems commensurate with the 
bank's risk profile. In addition, the primary Federal supervisor may, 
under its enforcement authority, require a bank to modify or enhance 
risk-management and internal-control processes, reduce its exposure to 
risk, or take any action deemed necessary to address identified 
supervisory concerns.

Compliance With Regulatory Capital Requirements

    10. In order to use the advanced approaches rule to calculate 
minimum risk-based capital requirements, a bank must meet certain 
process and systems requirements. As part of the supervisory review 
process, the agencies will ensure that each bank meets these 
requirements. The advanced approaches rule provides an explanation of 
these qualification requirements for any systems and processes used.
    11. A bank using the advanced approaches rule must comply with the 
rule's qualification requirements for both initial and ongoing 
qualification. A bank that falls out of compliance with the 
qualification requirements would be required to establish a plan to 
return to compliance that satisfies its primary Federal supervisor.
    12. Supervisors will ensure that each bank using the advanced 
approaches rule complies with the qualification requirements both at 
the consolidated level and at any subsidiary bank that uses the 
advanced approaches rule. Thus, each bank that applies the advanced 
approaches rule must have appropriate risk-measurement and risk-
management processes and systems that meet the rule's qualification 
requirements.

The ICAAP

    13. The qualification requirements in the advanced approaches rule 
state that ``a bank must have a rigorous process for assessing its 
overall capital adequacy in relation to its risk profile and a 
comprehensive strategy for maintaining an appropriate level of 
capital.'' \8\ Because minimum risk-based capital requirements are 
based on certain assumptions and address only a subset of risks faced 
by an individual bank, each bank must conduct an internal assessment of 
whether its capital is adequate, given its risk profile. A bank must 
conduct this assessment, using the ICAAP, in addition to its 
calculation of minimum risk-based capital requirements.\9\ Accordingly, 
a bank's capital should exceed the level required by its minimum risk-
based capital requirements, and also should be adequate according to 
its own ICAAP.
---------------------------------------------------------------------------

    \8\ Part III, section 22(a) (1) of the advanced approaches rule.
    \9\ Should the primary Federal supervisor exempt a bank from 
application of the advanced approaches rule based upon a written 
determination that the application of the rule is not appropriate in 
light of the bank's asset size, level of complexity, risk profile, 
or scope of operations, such exemption would likewise apply to the 
advanced approaches requirement that the bank have an ICAAP, but 
would not automatically exempt the bank from other regulatory 
requirements or supervisory expectations to maintain a satisfactory 
internal process to assess capital adequacy.
---------------------------------------------------------------------------

    14. The fundamental objectives of a sound ICAAP are:
     Identifying and measuring material risks;
     Setting and assessing internal capital adequacy goals that 
relate directly to risk; and
     Ensuring the integrity of internal capital adequacy 
assessments.
    15. Assessing overall capital adequacy through the ICAAP requires 
thorough identification of all material risks, measurement of those 
that can be reliably quantified, and systematic assessment for the 
limitations of minimum risk-based capital requirements. The ICAAP 
should address the capital implications arising from both on- and off-
balance sheet positions, as well as from provisions of explicit or 
implicit support. Material risks include those that in isolation do not 
appear to be material at first, but when combined with other risks 
could lead to material losses. In this manner, the ICAAP should 
contribute broadly to the development of better risk management within 
the organization at both the individual entity and consolidated levels.
    16. Each bank implementing the advanced approaches rule should have 
an ICAAP that is appropriate for its unique risk characteristics and 
should not rely solely upon the assessment of capital adequacy at the 
parent company level. This does not preclude the use of a consolidated 
ICAAP as an important input to a subsidiary bank's own ICAAP, provided 
that each entity's board and senior management ensure that the ICAAP is 
appropriately modified to address the unique structural and operating 
characteristics and risks of the subsidiary bank.
    17. In general, the ICAAP will likely go beyond the assumptions 
built into minimum risk-based capital requirements. However, in certain 
instances a bank's ICAAP--when supported by proper justification and 
evidence--may build upon and utilize the methods, practices, and 
results it uses to determine minimum risk-based capital requirements. 
For example, in developing the ICAAP, a bank may choose to use data, 
ratings, or estimates from internal ratings-based approaches for credit 
risk; or a bank may choose to use the advanced measurement approaches 
as the basis for its internal assessment of operational risk. 
Furthermore, although the ICAAP should be a distinct and comprehensive 
process that produces its own capital measures, in some cases a bank 
may be able to demonstrate that minimum risk-based capital measures 
appropriately reflect certain aspects of a bank's risk profile and thus 
are appropriate for use in its ICAAP.
    18. The design and operation of any systems used to meet the ICAAP 
requirements will likely differ, depending on the complexity of each 
bank's operations and risk profile. Many banks employ ``economic 
capital'' measures for some elements of risk management, such as limit 
setting, or for evaluating performance or determining aggregate capital 
needs.\10\ In some cases, economic capital measures may relate directly 
to a bank's assessment of capital adequacy under the ICAAP; however, in 
other cases, a bank may be using economic capital measures that are not 
intended for capital adequacy assessments. In the latter case, a bank 
does not necessarily need to change its existing process or systems, 
but it may need to build upon or adjust its economic capital measures 
for use in the ICAAP and the bank would have to demonstrate clearly how 
it does so. Notably, economic capital is not the only means to meet the 
ICAAP requirement. Regardless of the specific implementation method(s) 
chosen, the bank's ICAAP should address the three ICAAP objectives 
listed in paragraph 14.
---------------------------------------------------------------------------

    \10\ The term ``economic capital'' generally refers to the 
capital attributed to cover the economic effects of a bank's risk 
taking activities. Within the banking industry, economic capital 
takes on a variety of definitions and is applied in a number of ways 
at the product, business-line, and consolidated institution level.
---------------------------------------------------------------------------

Identifying and Measuring Material Risks

    19. The first objective of the ICAAP is to identify all material 
risks. Risks that can be reliably measured and quantified should be 
treated as rigorously as data and methods allow. The appropriate means 
and methods to measure and quantify those material risks are likely to 
vary across banks. The key point is for a bank to be able to identify 
all material risks and measure those that can be reliably quantified in 
order to determine how those risks affect the bank's overall capital 
adequacy.
    20. Some of the risks to which a bank may be exposed include credit 
risk,

[[Page 44625]]

market risk, operational risk, interest rate risk in the banking book, 
and liquidity risk (as outlined below).\11\ Other risks, such as 
reputational risk, business or strategic risk, and country risk may 
also be material for a bank and, in such cases, should be given equal 
consideration to the more formally defined risk types.\12\ 
Additionally, if a bank employs risk mitigation techniques it should 
understand the risk to be mitigated and the potential effects of that 
mitigation (including enforceability and effectiveness).
---------------------------------------------------------------------------

    \11\ Examination policies and procedures from each agency 
provide extensive guidance on the major risk categories. A bank's 
risk management processes, including its ICAAP, should be consistent 
with each corresponding agency's existing body of guidance, as well 
as with relevant interagency guidance.
    \12\ For example, a bank may be engaged in businesses for which 
periodic fluctuations in activity levels, combined with relatively 
high fixed costs, have the potential to create unanticipated losses 
that must be supported by adequate capital. Additionally, a bank 
might be involved in strategic activities (such as expanding 
business lines or engaging in acquisitions) that introduce 
significant elements of risk and for which additional capital would 
be appropriate.
---------------------------------------------------------------------------

     Credit risk: A bank should have the ability to assess 
credit risk at the portfolio level in addition to the exposure or 
counterparty level. In making this assessment, the bank should be 
particularly attentive to identifying any credit risk concentrations 
and ensuring that their effects are adequately assessed. The bank 
should consider the various types of dependence among exposures, and 
the credit risk effects of extreme outcomes, stress events, and shocks 
to assumptions about portfolio and exposure behavior. The bank also 
should carefully assess concentrations in counterparty credit 
exposures, including those that result from trading in less liquid 
markets, and determine the effect that these exposures might have on 
capital adequacy.
     Market risk: A bank should be able to identify risks in 
trading and capital markets activities resulting from a movement in 
market prices and rates. This determination should consider factors 
such as illiquidity of instruments, leverage, concentrated positions, 
one-way markets, non-linear or deep out-of-the money option positions 
as well as embedded optionality, and the potential for significant 
shifts in correlations or other types of dependence structures. 
Assessments that incorporate extreme events, idiosyncratic variations, 
credit migrations or changes in credit spreads, defaults, and shocks 
should also be tailored to capture key portfolio vulnerabilities.
     Operational risk: A bank should be able to assess the 
potential risks resulting from inadequate or failed internal processes, 
people, and systems, as well as from events external to the bank.\13\ 
This assessment should include the effects of extreme events and shocks 
relating to operational risk. Extreme events could include a 
substantial or sudden increase in failed processes across business 
units or a significant incidence of failed internal controls.
---------------------------------------------------------------------------

    \13\ In many cases, a bank may capture legal risk within 
operational risk. Regardless of whether it is classified as its own 
risk type or included within another risk type, a bank should 
understand the impact of legal risk on capital adequacy.
---------------------------------------------------------------------------

     Interest rate risk in the banking book: A bank should 
incorporate interest rate risk in the banking book into its assessment 
of capital adequacy. In making this assessment, the bank should 
identify the risks associated with changes in interest rates that 
impact both on- and off-balance sheet exposures in the banking book 
from a short- and long-term perspective. This might include the impact 
of changes due to parallel yield curve shocks, yield curve twists, 
yield curve inversions, changes in the adjustment of rates earned and 
paid on different financial instruments with otherwise similar 
repricing characteristics (basis risk), and other relevant scenarios 
including some that incorporate stress events, extreme outcomes, and 
shocks to assumptions. The bank should be able to support any 
assumptions it has made with respect to the behavioral characteristics 
of servicing rights, non-maturity deposits, positions subject to 
prepayment risk, and other assets and liabilities, especially for those 
exposures characterized by embedded optionality.
     Liquidity risk: A bank should incorporate liquidity risk 
into the assessment of its capital adequacy. A bank should evaluate 
whether capital is adequate given its own funding liquidity profile and 
given the liquidity of the markets in which it operates. This 
assessment should incorporate various types of liquidity environments 
and include an evaluation of the potential for a material disruption in 
the sources of liquidity typically relied on by the bank as a result of 
bank-specific as well as systemic events. A bank should consider the 
capital adequacy implications of lacking a well-diversified funding 
base, relying predominantly on wholesale credit markets for its 
funding, or relying heavily on volatile funding sources. A bank 
involved in securitization activities should consider the capital 
adequacy implications of relying on market liquidity to distribute 
warehoused assets, including the potential for disruptions that would 
cause a bank to bring certain items onto its balance sheet. In its 
assessment of the impact of liquidity risk on capital adequacy, the 
bank should also challenge assumptions built into its definition of 
liquid products.
    The risk factors discussed above are not an exhaustive list of 
those affecting any given bank. A well-developed ICAAP should include 
an assessment of all relevant factors that present a material source of 
risk to capital, and should account for concentrations within each risk 
type.
    21. A bank should assess whether its capital is sufficient to 
absorb any losses that may arise from activities that expose the bank 
to multiple risks within and across business lines or create 
concentrations across risk types.\14\ A bank should recognize that 
losses could arise in several risk dimensions at the same time, 
stemming from the same event or a common set of factors. For example, a 
localized natural disaster could generate losses from credit, market, 
and operational risks. Additionally, the ICAAP should focus on any 
complex activities that give rise to multiple risks, and to their 
interaction. These activities can involve instruments that may be 
complex, illiquid, or difficult to value. For example, securitization 
activities expose a bank to a variety of risks that can affect capital 
adequacy at the same time, including credit, market, liquidity, and 
reputational risks; structured products can have multiple embedded 
risks that interact in complex ways and can present losses in multiple 
risk areas across different business lines at the same time. In 
general, the ICAAP should include an assessment of the potential 
effects of convergence of risks within and across business lines and 
their combined impact on capital adequacy.
---------------------------------------------------------------------------

    \14\ Concentrations may include exposures or groups of exposures 
that have the potential to produce losses large enough to threaten 
an institution's health or materially change its risk profile.
---------------------------------------------------------------------------

    22. The ICAAP should take into consideration the linkage between 
capital adequacy and damage or potential damage to a bank's reputation. 
A bank might incur losses affecting capital adequacy because of damage 
to its reputation, or the bank might incur losses trying to prevent or 
mitigate damage to its reputation. In assessing the linkage between 
reputational risk and capital adequacy, a bank should assess risks 
associated with both on-balance sheet and off-balance sheet exposures 
and activities, as well as risks associated with affiliates, 
subsidiaries,

[[Page 44626]]

counterparties, clients, or other third parties. The assessment should 
include activities for which the bank acts as a sponsor or advisor, and 
cases in which the bank provides explicit or implicit support. A bank 
should also assess the risk of having to assume the losses of a third 
party to prevent or mitigate damage to the bank's reputation.
    23. The bank's ICAAP should assess risks associated with new 
products, markets and activities. In making this assessment, the bank 
should account for any uncertainty in the valuation of new products, 
whether by the bank or a third party, which could be more challenging 
if the new products are particularly complex or do not have liquid 
markets. The ICAAP should take into consideration changing dynamics in 
markets for new products and uncertainty as to how new markets might 
respond to stress conditions. The ICAAP should also assess the 
challenges presented by new business lines or strategic acquisitions in 
terms of their impact on capital adequacy.
    24. All measurements of risk should incorporate both quantitative 
and qualitative elements. Generally, a quantitative approach should 
form the foundation of a bank's measurement framework. Quantitative 
approaches that focus on most likely outcomes for budgeting, 
forecasting, or performance measurement purposes may not be fully 
applicable for assessing capital adequacy, which also should take less 
likely outcomes into account.
    25. In some cases, quantitative tools can include the use of large 
historical databases. These databases are most applicable when they are 
fully reflective of all relevant risk characteristics, incorporate 
appropriate variability, and have adequate granularity and history; for 
example, they should include data based not just on benign but also 
more stressful economic periods or operating environments. When 
internal data are not available or do not reflect a bank's risk 
profile, a bank may rely on external data for risk measurements, but 
should ensure that external data have applicability to the bank's own 
activities and risk profile.
    26. The confidence a bank places in the results of its ICAAP should 
depend on the quality and robustness of the associated risk 
assessments. When measuring risks, a bank should understand that 
estimation and measurement errors are common, and in many cases are 
themselves difficult to quantify. In general, the bank's ICAAP should 
reflect an appropriate level of conservatism to account for uncertainty 
in risk identification, risk mitigation or control, and risk 
quantification. In most cases, appropriate conservatism will result in 
greater capital needs.
    27. In many cases, risk assessments may rely to a significant 
degree on models that use both qualitative and quantitative inputs. The 
use of models can enhance the ICAAP, but it can also introduce 
challenges. Specifically, models may fail to work as intended or 
expected, or they may be used inappropriately for purposes not 
considered in their initial design. These concerns apply to models 
purchased from third-party vendors, as well as to models that are 
internally developed. A bank using models as part of the ICAAP should 
recognize these possibilities and ensure that appropriate controls, 
such as rigorous initial and ongoing validation and independent review, 
are in place to mitigate and manage any risks related to model use. A 
bank should apply appropriate conservatism to compensate for any risks 
associated with models. Additional conservatism may be necessary to 
account for any uncertainties in the use of models to value on- or off-
balance sheet exposures or for imperfections and volatility in market-
based valuations. Additional conservatism may be necessary to 
compensate for increased risk, for example, when models or applications 
are more complex, or when they have a more significant influence on the 
ICAAP's results.
    28. To gain a fuller understanding of the risks beyond more typical 
quantitative measures--such as those based on certain parameter 
behavior or distributional assumptions--a bank should also rely on 
other types of quantitative exercises. For example, stress testing, 
including scenario analysis and sensitivity analysis, is an additional 
quantitative exercise that a bank should regularly apply to complement 
more typical quantitative measures. A bank may need to rely more 
heavily on such exercises when internal or demonstrably relevant 
external data are scarce. These exercises can help gauge the 
consequences of outcomes that are unlikely, but would have a 
considerable impact on safety and soundness.
    29. In addition to quantitative approaches for assessing risk, a 
bank should also employ qualitative approaches that incorporate 
management experience and judgment. Qualitative measures should be 
employed not only for those cases in which scarce data or unproven 
quantitative methods limit a full assessment of risk, but also more 
generally to complement even sophisticated quantitative estimates based 
on extensive and high-quality data.
    30. A bank should be cognizant that both quantitative and 
qualitative approaches have their own inherent biases and assumptions 
that affect risk assessment. Accordingly, a bank should recognize the 
biases and assumptions embedded in, and the limitations of, the 
approaches used.
    31. An effective ICAAP is comprehensive, assessing material risks 
across the entire bank. Each bank should have systems capable of 
aggregating across risk types. A bank should understand the challenges 
presented by risk aggregation and the inherent uncertainty in 
quantitative estimates used to aggregate risks (including the 
difficulty in estimating concentrations across risk types as noted in 
paragraph 21). For example, a bank is encouraged to consider the 
various interdependencies among risk types, the different techniques 
used to identify such interdependencies, and the channels through which 
those interdependencies might arise--across risk types, within the same 
business line, and across different business lines. Consistent with 
paragraph 26, any associated uncertainty in aggregating capital 
estimates across risk types and business lines should translate into 
greater capital needs.
    32. Management should be systematic and rigorous in considering 
possible effects of diversification. Assumptions about diversification 
should be identified at each level where diversification is recognized, 
supported by analysis and evidence, and remain robust over time and 
under different market environments, including stressed market 
conditions. For example, a bank calculating the dependence structure 
within or among risk types should consider data quality and 
consistency, such as the volatility of correlations over time and 
during periods of market stress. In general, a bank should consider a 
wide range of possible adverse outcomes that have the potential to 
affect multiple risks at the same time and to limit expected 
diversification benefits. Consistent with paragraph 26, uncertainty in 
diversification estimates should translate into greater capital needs.

Setting and Assessing Capital Adequacy Goals That Relate to Risk

    33. The second objective of the ICAAP is to set and assess capital 
adequacy goals in relation to all material risks. Under this objective, 
a bank should have a well-defined process to translate estimates of 
risk into an assessment of capital adequacy. In practice, capital

[[Page 44627]]

adequacy goals may be reflected in various ways. A bank may choose to 
hold capital in excess of the level internal processes would regard as 
adequate for any number of business or strategic reasons. Excess 
capital may fluctuate over time. Each bank should recognize that 
minimum risk-based capital requirements represent a floor below which 
the bank's overall capital level must not fall, even if bank management 
believes that there is justification to maintain less capital.
    34. A bank may establish its risk-tolerance level to reflect a 
desired level of risk coverage and/or a certain degree of 
creditworthiness, such as an explicit solvency standard. Accordingly, 
assessments of risk and capital adequacy should reflect the chosen risk 
tolerance of the bank. Because risk profiles and choices of risk 
tolerance may differ across banks, capital targets may also differ. 
However, if for internal capital adequacy purposes a bank were to 
choose to apply a level of risk coverage or a solvency standard that is 
less than that implied by minimum risk-based capital requirements, the 
bank would have to be able to: Identify and support the rationale for a 
lower solvency standard; demonstrate clearly that its ICAAP adequately 
addresses low-probability, high-severity events; and ensure that there 
is sufficient capital to absorb losses associated with such extreme 
events. Regardless of the solvency standard used, supervisors expect 
banks to hold capital at a level above that established by minimum 
risk-based capital requirements.
    35. A bank should consider external conditions and other factors 
that influence its overall capital adequacy, including the potential 
impact of contingent exposures and changing economic and financial 
environments. The ICAAP should address the potential impact of broader 
market or systemic events, which could cause risk to increase beyond 
the bank's chosen risk-tolerance level, and have appropriate 
contingency plans for such outcomes. Such exercises may include stress 
testing, such as scenario and sensitivity analysis; however, in all 
cases they should incorporate both quantitative and qualitative 
methods.\15\
---------------------------------------------------------------------------

    \15\ The use of stress testing in identifying and measuring risk 
exposures and assessing capital adequacy in the ICAAP is not the 
same as the Pillar 1 stress testing requirement related to minimum 
risk-based capital requirements and qualification requirements (as 
described in the advanced approaches rule). The stress testing 
encouraged in the ICAAP guidance is intended to focus on overall 
capital needs and their possible fluctuations, not just fluctuations 
in minimum risk-based capital requirements. However, work conducted 
to meet the stress testing requirement under Pillar 1 may have 
application to or may provide a starting point for any stress 
testing banks decide to conduct as part of the ICAAP.
---------------------------------------------------------------------------

    36. Through the ICAAP, a bank should ensure that adequate capital 
is held against all material risks, and that capital remains adequate 
not just at a point in time, but over time, to account for changes in a 
bank's strategic direction, evolving economic conditions, and 
volatility in the financial environment. A bank should be cognizant of 
the impact of market-driven valuations on the volatility of capital. 
Moreover, recognizing the sensitivity of capital to economic and 
financial cycles should be a critical component of a bank's planning 
for current and future capital needs. For example, a bank should 
consider the potential effects of a sudden, sustained economic 
downturn. The level of capital deemed adequate by a bank given its 
ICAAP might also be influenced by the bank's intention to hold 
additional capital to mitigate the impact of volatility in capital 
requirements, its need to support acquisition plans, or its decision to 
accommodate market perceptions of capital adequacy and their impact on 
funding costs.
    37. In analyzing capital adequacy, a bank should evaluate the 
capacity of its capital to absorb losses. Because various definitions 
of capital are used within the banking industry, each bank should state 
clearly the definition of capital used in any aspect of its ICAAP. 
Since components of capital are not necessarily alike and have varying 
capacities to absorb losses, a bank should be able to demonstrate the 
relationship between its internal capital definition and its assessment 
of capital adequacy. If a bank's definition of capital differs from the 
regulatory definition, the bank should reconcile such differences and 
provide an analysis to support the inclusion of any capital instruments 
that are not recognized under the regulatory definition. Although 
common equity is generally the predominant component of a bank's 
capital structure, a bank may be able to support the inclusion of other 
capital instruments in its internal definition of capital if it can 
demonstrate a similar capacity to absorb losses. The bank should 
document any changes in its internal definition of capital, and the 
reason for those changes.
    38. An effective capital plan recognizes a bank's short- and long-
term capital needs and objectives. Accordingly, a bank should evaluate 
whether long-run capital targets are consistent with short-run goals, 
based on current and planned changes in risk profiles. In developing 
its capital plan, the bank also should recognize that accommodating 
additional capital needs can require significant lead time, can be 
costly, or can be quite difficult, especially during downturns or other 
times of stress. A bank should have contingency plans to address 
unexpected capital needs.

Ensuring Integrity of Internal Capital Adequacy Assessments

    39. A satisfactory ICAAP comprises a complete process with proper 
oversight and controls, and not just an ability to carry out certain 
capital calculations. The various elements of a bank's ICAAP should 
complement and reinforce one another to achieve the overall objective 
of assessing capital adequacy, taking into account the bank's risk 
profile.
    40. A bank should maintain adequate internal controls to ensure the 
integrity, objectivity, and consistent application of the ICAAP. 
Decisions regarding the design and operation of the ICAAP should 
reflect sound risk management, and should not be unduly influenced by 
competing business objectives. A bank should identify any deficiencies 
in its ICAAP and plan and take remedial actions to address the 
deficiencies in a timely manner. The principles underlying a bank's 
ICAAP should be incorporated into policies that are reviewed and 
approved at appropriate levels within the organization.
    41. A bank should maintain thorough documentation of its ICAAP to 
ensure transparency. At a minimum, this should include a description of 
the bank's overall capital-management process, including the committees 
and individuals responsible for the ICAAP; the frequency and 
distribution of ICAAP-related reporting; and the procedures for the 
periodic evaluation of the appropriateness and adequacy of the ICAAP. 
In addition, where applicable, ICAAP documentation should demonstrate 
the bank's sound use of quantitative methods (including model selection 
and limitations) and data-selection techniques, as well as appropriate 
maintenance, controls, and validation. A bank should document and 
explain the role of third-party and vendor products, services and 
information--including methodologies, model inputs, systems, data, and 
ratings--and the extent to which they are used within the ICAAP. A bank 
should have a process to regularly evaluate the performance of third-
party and vendor products, services and information. As part of the 
ICAAP documentation, a bank should document the assumptions, methods,

[[Page 44628]]

data, information, and judgment used in its quantitative and 
qualitative approaches.
    42. The ICAAP should be enhanced and refined over time, with 
learning and experience (both quantitative and qualitative) 
contributing to its improvement. The ICAAP should evolve with changes 
in the risk profile and activities of the bank, as well as with 
advances in risk measurement and management practices. For example, a 
bank should incorporate in its ICAAP the introduction of new products 
and business lines and activities to ensure that the bank's capital 
plan is responsive to changes in the operational and/or business 
environment.
    43. The board of directors and senior management have certain 
responsibilities in developing, implementing, and overseeing the ICAAP. 
The board should approve the ICAAP and its components. The board or its 
appropriately delegated agent should review the ICAAP and its 
components on a regular basis, and approve any revisions. That review 
should encompass the effectiveness of the ICAAP, the appropriateness of 
risk tolerance levels and capital planning, and the strength of control 
infrastructures. Senior management should continually ensure that the 
ICAAP is functioning effectively and as intended, under a formal review 
policy that is explicit and well documented. Additionally, a bank's 
internal audit function should play a key role in reviewing the 
controls and governance surrounding the ICAAP on an ongoing basis.
    44. Each bank should ensure that the components of its ICAAP, 
including any models and their inputs, are subject to the bank's 
validation policies and procedures. Validation should be independent of 
the development, implementation, and operation of the ICAAP components, 
or the validation process should be subject to an independent review of 
its adequacy and effectiveness. Validation is generally defined as an 
ongoing process that includes, but is not limited to, the collection 
and review of developmental evidence, process verification, 
benchmarking, outcomes analysis, and monitoring activities used to 
confirm that processes are operating as designed. Validation policies 
and procedures should reflect the bank's business, structure, and 
sophistication, as well as the relative importance of each component of 
the ICAAP. Accordingly, a bank is encouraged to consult the agencies' 
existing guidance on validation.
    45. A bank's ICAAP should be aligned with and be a part of the 
bank's wider internal governance structure and overall risk-management 
processes. The ICAAP should not be viewed as simply a compliance 
exercise. Rather, it is a dynamic and evolving process that is used by 
a bank to provide internal assurance that capital is adequate given the 
bank's risk profile. Management is responsible for ensuring that the 
ICAAP is fully consistent with the overall risk management framework of 
the bank. Information derived through the ICAAP process should 
influence decision making at both the consolidated and individual 
business-line levels, and be used to inform other management processes 
related to risk assessment, business planning and forecasting, pricing 
strategies, and performance measurement.
    46. As part of the ICAAP, the board or its delegated agent, as well 
as appropriate senior management, should periodically review the 
resulting assessment of overall capital adequacy. This review, which 
should occur at least annually, should include an analysis of how 
measures of internal capital adequacy compare with other capital 
measures (such as regulatory, accounting-based or market-determined). 
Upon completion of this review, the board or its delegated agent should 
determine that, consistent with safety and soundness, the bank's 
capital takes into account all material risks and is appropriate for 
its risk profile. However, in the event a capital deficiency is 
uncovered (that is, if capital is not consistent with the bank's risk 
profile or risk tolerance) management should consult and adhere to 
formal procedures to correct the capital deficiency.

    Dated: July 14, 2008.
John C. Dugan,
Comptroller of the Currency.
    By order of the Board of Governors of the Federal Reserve 
System, July 15, 2008.
Jennifer J. Johnson,
Secretary of the Board.
    Dated at Washington, DC, the 15th day of July, 2008.

    By order of the Federal Deposit Insurance Corporation.
Robert E. Feldman,
Executive Secretary.
    Dated: July 14, 2008.

    By the Office of Thrift Supervision.
John M. Reich,
Director.
[FR Doc. E8-17555 Filed 7-30-08; 8:45 am]
BILLING CODE 4810-33-P, 6210-01-P, 6714-01-P, 6720-01-P