From Open Risk Manual


ICAAP is an abbreviation of Internal Capital Adequacy Assessment Process, a set of activities and processes that must be undertaken by regulated financial institutions in compliance with the Basel II regulatory framework.


The ICAAP concept and process was introduced through the set of regulatory reforms denoted as Basel II. Under Pillar II, regulated financial firms are expected to establish sound, effective and complete strategies and processes to assess and maintain, on an ongoing basis, the amounts, types and distribution of internal capital commensurate to their risk profiles, as well as robust governance and internal control arrangements.

Under the framework, a regulated institutions management bears responsibility for ensuring that the bank has adequate Risk Capital to support its risks beyond the minimum Regulatory Capital requirements stipulated under Pillar I.[1]. The Banks’ ICAAPs are often the starting point for developing supervisory Pillar II expectations.

The ICAAP comprises of strategies and processes to assess and maintain on an ongoing basis the amounts, types and distribution of internal capital that banks consider adequate to cover the nature and level of the risks to which they are or might be exposed. These strategies and processes are subject to regular internal review to ensure that they remain comprehensive and proportionate to the nature, scale and complexity of the activities of the institution concerned. See also Article 73 of Directive 2013/36/EU, which requires institutions to have in place a sound, effective and comprehensive ICAAP.


In order to better understand and verify metrics reported by a bank, supervisors compare bank results with external benchmarks (eg industry assessments). This comparison can help reveal potential weaknesses or inconsistencies in a bank’s ICAAP, which can then inform additional supervisory dialogues with the bank.


A bank’s board has the ultimate responsibility for the sound operation and financial condition of the bank. While the operationalisation of a risk management framework can be delegated to senior management, the board should review and approve the main objectives of the ICAAP and agree on the main assumptions of Risk Identification and Risk Measurement.

See Also


  1. Basel Committee on Banking Supervision, "Overview of Pillar 2 supervisory review practices and approaches", June 2019