The Federal Government has introduced a new standardized format for deposit-taking organizations (DTIs) to submit Internal Capacity Adequacy Process (ICAAP) data. The first returns under this new regime must be filed by March 31, 2024, using year-end data for small and medium-sized DTIs. Your institution must begin preparing now.
Background
The ICAAP is a federal standard administered by the Office of the Superintendent of Financial Institutions (OSFI). It is used to assess the effectiveness of management oversight. It is also used to determine whether Canadian DTIs can financially support material risks they take in the regular course of business and under scenarios of stress.
Canadian DTIs previously had broad discretion to tailor ICAAP to their specific business needs and activities. From 2024, the process will follow a more prescriptive template across a common risk taxonomy. The changes are intended to provide greater consistency and standardization.
What will be required in the new ICAAP return?
Changes will focus on the format, frequency, and level of attestation required by external auditors, internal auditors, and senior management — similar to the expectations on assurance over key ratios noted in our article, Unpacking new OSFI guidelines for assurance on capital, leverage, and liquidity returns.
Further entity-specific information on the ICAAP Data Return and instructions for DTIs are forthcoming if not yet available. The updated guidance will likely align closely with the previous ICAAP framework.
Enterprise Risk Services
How can your institution prepare for these changes?
As of March 31, 2024, reporting will be based on balance sheets for fiscal year-end 2023. There is limited time to ensure your risk assessment and attestation processes are sufficiently rigorous to meet the new standards.
Moreover, the completeness and accuracy of ICAAP Reporting can impact the level of regulatory scrutiny, administrative costs, and risk ratings imposed on DTIs and the individuals responsible. Internal Audit should already be tabling ICAAP as a priority agenda item for committee meetings.
Key items to consider include:
- Underlying data accuracy given inter-connected enterprise data sources
- Impacts of high interest rates and inflation as these manifest in the risk assessment process
- Changes to the management of interest rate and liquidity risk through the ICAAP process, given recent U.S. bank failures
- Integration of ICAAP within capital management and risk management processes for increased organizational efficiency and process streamlining
- The extent and capability of the Board and senior management to review and challenge stressed scenarios and the methodology used in ICAAP, given the rapid shift in the economy
- Management of model risk inherent within the sophisticated calculations/models supporting ICAAP (whether developed within the Bank or provided by a third-party vendor).
When to contact an advisor
A third-party advisor can provide valuable perspective across your bank’s respective lines of defence. Given the magnitude of these changes, now may be a good time to provide updated ICAAP education at the Board level or assess the maturity of your ICAAP program relative to your industry and peers.
Advisors can also support second-line functions. Some examples include process and control design and effectiveness-related reviews in preparation for the ICAAP filing. You will also need to work with a third-party advisor to conduct the independent audits the OSFI guidance now requires.
There are many dynamic elements to consider within the ICAAP and underlying supporting processes. The right advisor will ensure you meet your capital adequacy assessment needs.
Contact us
Catharine Dutt CPA, CA, CPA (Delaware), CGMA
Partner