Designed to develop and implement climate risk measurement methodologies, such as stress testing and portfolio alignment methods
Designed to incorporate climate-related and environmental risk considerations into your risk management, governance, ICAAP and disclosures
Free educational workshop for banks
Written by Zsuzsanna Tajti, Principal Consultant
The Internal Capital Adequacy Assessment Process (ICAAP) plays a key role in banks’ risk management. The embedded forward-looking exercises, including comprehensive stress testing and capital planning, are crucial to improving banks’ resilience in stress periods.
Establishing a sound risk identification process and profound materiality assessment, adequate scenario analyses and supplementary impact assessments together with comprehensive and well-structured risk management processes and frameworks can demonstrate the soundness of the bank’s overall risk management capabilities.
The lack of reliable and consistent data and the consequent need for applying qualitative judgements makes the incorporation of climate-related and environmental (C&E) factors into the various risk processes and strategic planning very challenging. However, C&E risks can no longer be considered purely as reputational hazards but also as financial risks requiring proper identification, quantification, reporting, and management actions. Consequently, C&E risks and their integration into the ICAAP receive an increasing regulatory interest and supervisory focus.
In this article, we discuss the main C&E risk considerations to be made as part of the ICAAP, using the general ICAAP requirements as a starting point and combining them with the regulatory and supervisory expectations regarding C&E risk management.
The Basel framework is composed of three pillars. While Pillar 1 establishes minimum capital requirements in accordance with the regulatory view, and the purpose of Pillar 2 is to address risk governance, internal controls and risk management to form a well-developed internal view on capital, Pillar 3 is meant to ensure transparency by requesting supervisory reporting and public disclosure. The ICAAP is part of Pillar 2, also serving as an important input to the Supervisory Review and Evaluation Process (SREP).
The starting point of the ICAAP requirements is Article 73 of the Capital Requirements Directive (CRD IV), which has been transposed differently in each EU Member State, resulting in a wide variety of ICAAP practices. This article focuses on the requirements applicable under the supervision of the European Central Bank (ECB).
The ECB’s view on the ICAAP is elaborated in the “ECB Guide to the internal capital adequacy assessment process (ICAAP1)”, but there are also other international documents (in addition to the relevant European Union and national legislation) which are to be considered, including various publications of the European Banking Authority (EBA2), the Committee of European Banking Supervisors (CEBS), the Basel Committee on Banking Supervision (BCBS) and the Financial Stability Board (FSB).
The ICAAP Guide’s seven principles serve as the basis of assessing each bank’s ICAAP as part of the SREP and in the corresponding supervisory dialogue.
Maintaining adequate capitalisation of banks requires the forward-looking identification and effective management of all material risks (using an appropriate combination of quantification and controls) and covering them with a sufficient amount of high-quality capital.
The ICAAP is a well-established process in most banks, but C&E risk aspects present additional challenges in this respect. In this article, we discuss the main implications of C&E risks for the ICAAP.
Banks have to implement a regular process for identifying all material risks they are or might be exposed to, include them in their comprehensive internal risk inventories, then address them in all parts of the ICAAP in accordance with their internally defined risk taxonomies. According to the ICAAP Guide, “a risk could be regarded as material if its materialisation, omission or misstatement would significantly change or influence the capital adequacy, profitability, or continuity of the institution from an economic perspective, irrespective of the accounting treatment applied”. For determining the internal risk inventory, banks should use their own definitions of materiality and their own internal risk taxonomies, which implies that the bank management is responsible for ensuring that for example, all relevant C&E risks are included and adequate materiality thresholds are defined for each.
The risk identification should be comprehensive, and forward-looking and needs to consider any concentrations within and between the risk categories (intra-risk and inter-risk concentrations) which are associated with the bank’s strategy and operating environment. If a specific risk type is deemed material, the bank has to either allocate capital to cover the risk or document the justification for not holding capital depending on the effectiveness of the risk mitigating actions in place.
Banks have to describe in their Risk Appetite Statements (RAS) their view on the risks they are or may be exposed to and define their intended actions to address them in line with their business strategies. The ICAAP process and its outcome can facilitate sound and effective risk management, providing useful inputs for setting up an adequate risk monitoring and reporting system and a reasonably granular limit structure.
The ICAAP framework and process are meant to regularly reassess the bank’s risk appetite, with due consideration to its risk profile and key vulnerabilities, including material C&E risks. Integration of any risks into the RAS requires the design and calibration of relevant decision-useful risk metrics (Key Performance Indicators – KPIs, Key Risk Indicators – KRIs) which in the C&E risk context can include for example sector- and geography-related metrics, indicators relating to the alignment of exposures to transition scenarios, metrics relevant for EU Taxonomy alignment or portfolio vulnerability to particular physical hazards. In addition to defining the metrics, corresponding thresholds and limits also have to be set as part of the RAS, together with describing the early warning indicators, escalation procedures and management actions.
The key challenge in this regard is the scarcity of relevant and granular data, but the preliminary implementation and analyses can already serve as facilitators of improving the data collection and measurement methodologies which are the pre-requisites of making tangible progress in C&E risk management.
The ICAAP’s objective is to contribute to the banks’ continuity from a capital perspective by ensuring that even during a prolonged period of adverse developments they have sufficient capital to bear their risks, absorb losses and follow a sustainable strategy. Two perspectives need to be applied which are to mutually inform each other and be integrated into all material business activities and decisions.
Both perspectives should mutually inform each other and cover all material risks. As the ICAAP’s scope is not limited to Pillar 1 risks, irrespective of whether the bank considers C&E risks as a separate risk category or interprets them as risk drivers of traditional prudential risk categories, any material C&E risks need to be integrated.
Banks have to implement risk quantification methodologies that are robust, sufficiently stable, risk-sensitive and adequate for their individual circumstances (i.e. they are in line with their risk appetite, market expectations, business model, risk profile, size and complexity). They also need to apply a high level of conservatism to ensure appropriate consideration of tail events and any uncertainties arising from risk quantification methodologies and from the determination of projections. Key parameters in this respect are confidence levels, correlation and scenario assumptions.
Each bank has to establish, calibrate and maintain its risk quantification methodologies in alignment with its own risk appetite, and the stress scenarios also need to be tailored to the bank’s individual circumstances, risk profile, strategy and risk tolerance level. Vendor models are no exceptions either: understanding and adequately customising them remain the responsibility of the bank.
Instead of starting from scratch, banks may opt for complementing their existing rating models with climate scenarios and stochastic simulations. They can also adapt the parametrisation of their portfolio models to account for systematic economic effects through increased correlations and/or adjusted volatility parameters based on climate scenarios or representative stress events such as the current energy crisis. It is not necessary to start with very advanced models such as Climate Value-At-Risk, but the applied methodologies will likely mature in the future.
The ECB’s ICAAP Guide stresses that “risks are not expected to be excluded from the assessment because they are difficult to quantify or the relevant data are not available”, instead tailored approaches and expert judgements (together with appropriate proxies and estimations) need to be applied to compensate for the lack of data and/or sufficiently established methodologies. The risks which are difficult to quantify, such as various C&E risks, also have to be factored appropriately into all relevant risk management and control processes.
Banks should regularly (at least annually) assess their vulnerabilities in order to capture all material risks depending on their individual business models, profiles and operating environment, and define/refine their adequate stress testing programmes accordingly. Under the normative perspective the stress tests take the form of multi-year scenario projections and are preferably informed by the bank’s other stress tests performed throughout the year based on either historical or hypothetical stress events, and also include reverse stress tests. The adverse ICAAP scenarios should be plausible and focused on the bank’s key vulnerabilities.
New threats and significant changes in the external world need to be continuously monitored and identified in order to assess whether the stress scenarios are still appropriate or they have to be adapted to the new circumstances. If there is any material change, the potential impact on the bank’s capital adequacy needs to be assessed “immediately” over the course of the year, instead of waiting until the yearly ICAAP process.
In August 2020, the ECB published its report3 on banks’ ICAAP practices in terms of the seven principles outlined in its ICAAP Guide. Several findings of the report are still valid, especially the ones concerning the shortcoming of the economic ICAAP perspective and the utilisation of its outcomes in risk management, for example, in defining and calibrating an adequate limit structure and corresponding reporting system. The report also highlighted that many banks have not yet set up systematic monitoring to ensure the timely identification of any new threats and their risk quantification methodologies also need further improvements.
In November 2020, the ECB provided 13 recommendations related to strategy, governance, risk management and disclosures in its guide4 on the effective management of C&E risks. Afterwards, in November 2022, the “Walking the talk” report5 revealed important insights into the results of the corresponding thematic review performed by the ECB in early 2022. The report stresses that more than a quarter of the 107 banks in the scope of the ECB’s thematic review have not yet established any capital adequacy assessment for climate-related risks, and approximately half of the banks have only qualitative capital adequacy assessment in place in this regard.
Switching to a fully integrated quantified capital adequacy assessment which already drives the economic capital allocation, will not happen overnight. While the challenges are numerous, we address only two specific aspects in this article, and additional Finalyse articles will be dedicated to other relevant items in the coming weeks and months.
In the context of C&E risks, banks certainly need to improve their forward-looking and pro-active risk identification in order to facilitate effective risk management. The “ECB report on bank’s ICAAP practices” explicitly states that “Starting with risk identification processes, many banks also need to overcome their current silo approaches and start identifying and managing concentrations, particularly across risks. The way things stand, those banks might unconsciously expose themselves to identical or correlated risk drivers that may simultaneously impact them via different risk types, thereby threatening their continuity to a far greater extent than they are aware.”.
Indeed, each C&E risk driver can impact various traditional prudential risk categories at the same time through diverse micro and macro transmission channels.
At first, banks could make some progress in addressing this issue by applying consistent scenarios and assumptions across their credit risk, market risk, etc. portfolios. In a later stage, intra-risk and inter-risk concentrations should also be assessed and integrated into the ICAAP risk quantification methodologies, but due to the lack of adequate historical data this advanced step poses significant challenges. Banks, while developing their more sophisticated models and motivating their underlying assumptions, can already make the first step by implementing consistent scenarios for all relevant traditional prudential risk types.
Although most C&E risk impacts will only materialise in the medium to long term (i.e. beyond banks’ conventional planning horizon), they may have important consequences on for example future cash-flows and portfolio compositions which need to be accounted for under both perspectives, although differently.
The adverse projections of the normative perspective have to simulate bank-specific vulnerabilities, and if such projections show a material impact stemming from for example C&E risks, they need to be adequately quantified in the point-in-time calculation and/or complementary stress tests under the economic perspective too.
The internal stress tests can take various forms and can cover different time horizons as presented below in Figure 4. In some cases the impacts of one-off events are simulated in analogy with the 1-year physical (flood and drought) risk scenarios of the 2022 ECB Climate Stress Test. In other cases long-term projections are applied or the long time horizon is contracted to account for a long-term impact on a medium time horizon such as the frontloaded 3-year disorderly transition risk scenario of the 2022 ECB Climate Stress Test. Long-term C&E risk impacts usually cannot be adequately quantified without applying plausible dynamic balance sheet assumptions.
The need for integrating C&E risks into the ICAAP is consistent with the banking supervision’s increasingly forward-looking approach. Banks have to focus on incorporating them into their risk management frameworks, in order to first define and then gradually refine their strategies, roadmaps and corresponding resource needs, capacity improvements and operative steps which then will be evaluated in future ICAAP assessments. The first phase of this journey is already crucial, as it facilitates the mindset change and the development of target operating models and strategic planning.
Ensuring the proper integration of C&E risk dimensions into the ICAAP requires not only adequate analyses and assessments through risk quantification and stress testing methodologies, but also the application of qualitative statements which should have a demonstrable impact on the bank’s overall strategy and risk profile. Banks need to take a comprehensive approach, embracing the integration into business strategy, internal governance, risk management framework and capital management (determining capital adequacy, planning and allocation policy), and by the end of 2024 at the latest they need to have C&E risks integrated in a sound manner in their stress testing frameworks and their ICAAP.
While the purpose of this article was laying the foundations of incorporating C&E risk considerations into the ICAAP, the presented aspects do not provide a full overview yet. Instead, in order to fill the remaining gaps, we will dive into the details of select subtopics in our upcoming Finalyse publications.
 ECB Guide to the internal capital adequacy assessment process (ICAAP), November 2018. Referred to as the “ICAAP Guide” in the remainder of this article.
 EBA Guidelines on internal governance (EBA/GL/2017/11), EBA Guidelines on institutions’ stress testing (EBA/GL/2018/04), EBA Guidelines on ICAAP and ILAAP information collected for SREP purposes (EBA/GL/2016/10).
 ECB Report on banks’ ICAAP practices (ECB, August 2020)
 ECB Guide on climate-related and environmental risks (ECB, November 2020)
 Walking the talk: Banks gearing up to manage risks from climate change and environmental degradation. Results of the 2022 thematic review on climate-related and environmental risks. (ECB, November 2022)