Internal Capital Adequacy Review Assessment

Affecting European Investment Firms for 2022

This article is written for the Cyprus Investment Firms


ICAAP will be replaced by ICARA

The European Commissions Commission has introduced the IFR and IFD to enhance and strengthen the EU's Investment Firms' prudential framework. As a result for the year 2022 inclusive the ICAAP (Internal Capital Adequacy Assessment Process) has been replaced with ICARA (Internal Capital Adequacy Review Assessment) and unlike ICAAP, ICARA takes into consideration the interrelations of clients' orders, clients' funds, daily order flow which replace credit risk.

For those preparing the actual ICAAP, this is a major change as the entire ICAAP and stress testing scenarios will need to be redesigned based on Operational Risk, Market Risk, and K Factors instead of Operational Risk, Market, and Credit risks.

Unlike ICAAP and the previous Capital Adequacy Reports (COREPs) which were heavily based on Company financials (on-balance sheet items), the new framework requires the IFs to focus more on the off-balance sheet items by using the K - Factors. As Credit risk is more appropriate to the banking industry the IFR has replaced Credit Risk entirely with the new K- Factors. The new framework also requires IFs to design and implement software and procedures so that the data needed by the new framework and the K- Factors (details follow) are easily extracted per requirements.

Some background reading?

Want to read more about the new IFR framework?

Want to know more about the new COREP forms?

Cyprus Investment Firms - Capital Adequacy Reports (COREP) - Common Errors & Guidance


Following the new IFPR requirements in 2022 and the Investment Services and Activities and Regulated Markets Law 144(I)/2007 to 2017 of the Cyprus Securities and Exchange Commission ("CySEC" or "the Commission"):

  • Cyprus Investment Firms (CIFs) shall have in place sound, effective and complete strategies and processes to assess and maintain on an ongoing basis the amounts, types, and distribution of internal capital that it considers adequate to cover the nature and level of the risks to which it is or may be exposed. In this respect, Fidus shall adopt the relevant guidelines issued by CySEC.
  • These strategies and processes shall be subject to regular internal review to ensure that they remain comprehensive and proportionate to the nature, scale, and complexity of the activities of the Company.

The new ICARA is a new tool to meet these requirements.

What is the ICARA - in detail

As its name indicates, the ICARA (Internal Capital Adequacy Review Assessment) is an internal assessment prepared by the firm / a tool that allows IFs to assess their position and determine the amount of internal capital the IF needs to hold to be covered against all the risks it is facing or to which it could be exposed in the future.

The ICARA falls under the scope of Pillar 2, which can be described as a set of relationships between the Commission and the Investment Firm, the objective of which is to enhance the link between the IF's risk profile, and its risk management and risk mitigation systems, and its capital.

Pillar 2 establishes a process of prudential interaction that complements and strengthens Pillar 1, by promoting an active dialogue between CySEC and Fidus such that, any inadequacies or weaknesses of the internal control framework and other important risks, the fulfillment of which may entail threats to Fidus, are identified and managed effectively with the enforcement of additional controls and mitigating measures.

The ICARA comprises all the measures and procedures adopted by the IFs, with to ensure

§ the appropriate identification and measurement of risks,

§ an appropriate level of internal capital in relation to the Company's risk profile, and

§ the application and further development of suitable risk management and internal control systems and tools.

The ICARA is owned and approved by the IFs Board of Directors ("Board").

The importance of ICARA for CIFs

From the Investment Firms perspective, the ICARA:

§ Is a key element of its day-to-day governance process and its strategic management initiatives.

§ Promotes a comprehensive risk management framework.

§ Aligns capital with risk management and strategy, and

§ Provides a tool for communicating to the Board and the regulator the key aspects of its risk management and governance framework.

§ Works performed are subject to the CIFs class categorization (class 1, class 2, or class 3).

The IFs approach to Pillar 1

At present, the Company calculates its Pillar 1 capital requirements using the following methods:

  • The Standardised Approach for Market Risk.
  • The Fixed Overheads Approach for Operational Risk
  • The K-Factor calculation approach.

ICARA Profile and Methodology

The planning of the ICARA is closely related to the size of the Company and the complexity of its operations, taking into consideration the principle of proportionality. Depending on its size ICARA has 3 district CIF categories, 1,2, and 3.

According to the size of the CIF and the complexity of its operations, the Company utilizes the minimum capital requirement approach for the calculation of the additional capital for Pillar 2, i.e. a Pillar 1 plus approach.

Amongst others, the IF will have to implement the minimum capital requirement approach in stages:

§ The Pillar 1 minimum capital requirement was used as the foundation since it reflects the Company's exposure to Pillar 1 risks (K Factor, Operational Risk, and Market Risk).

§ The adequacy of the minimum capital required under Pillar 1 was then assessed, regarding the risks arising from the following three categories:

Then the IF will have to consider the following

§ Risks covered in Pillar 1 but not adequately, based on Fidus's internal assessment.

§ Risks not fully covered in Pillar 1 (e.g. Concentration Risk).

§ Risks not covered in Pillar 1 (e.g. Liquidity Risk, Strategic Risk, Reputation Risk, etc.).

A comprehensive risk assessment needs to be carried out for all groups of risks, during which a profile was determined for each risk (high/medium/low), based on its anticipated impact and its likelihood of occurrence. All high and medium-profile risks were further analyzed and mitigation measures were set for the Company to better control and mitigate them.

The additional measures set for the mitigation of these risks are considered over and above the capital allocated for Pillar 1 purposes and can take the following forms:

§ Provision of additional capital, corresponding to the risks not covered, either fully or partially, by Pillar 1 capital.

§ Enhancement of internal procedures to reduce the likelihood of these risks materializing and/or the impact (severity) of these risks on the Company.

The ICARA Report

The ICARA report reflects Fidus ICARA process as a discipline embedded within its business and explains:

§ How the Company has implemented and embedded the ICARA process within its business.

§ The Company's risk profile and risk appetite, and

§ The capital that it considers adequate to be held against all the risks that Fidus is exposed to, in accordance with its internal assessment.

Pillar 1 Requirements

Market Risk - no changes

Market Risk calculation and framework remained the same under the IFD / IFR framework.

Market risk can be defined as the risk of losses in on and off-balance sheet positions arising from adverse movements in market prices with risks such as Default risk, interest rate risk, credit spread risk, equity risk, foreign exchange risk

Operational Risk - no changes

There were no changes to the Operational risk with the new IFR and IFD framework.

Operational Risk is defined as the risk of loss arising from fraud, unauthorized activities, error, omission, inefficiency, systems failure, or external events. This risk is inherent in every organization and covers a wide range of issues.

Credit Risk - Replaced by K- Factors

K-Factor Requirement - Class 2 firms

Under the new prudential framework of the IFD / IFR, K-factors have replaced Credit Risk and must be used by Class 2 firms to determine their capital requirements.

An IF is considered to be a class 2 CIF as it is not a systemic investment firm.

The ICARA requires that a firm's capital requirement is the higher of the following:

  • its permanent minimum capital requirement,
  • Is it a fixed overhead requirement, or
  • it's a K-factor requirement.

The K-factor requirement is the sum of:

Risk-to-Client (RtC), Risk-to-Market (RtM), and Risk-to-Firm (RtF).

Risk-to-Client K-factors (new requirement)

1. Risk-to-Client (RtC)

Risk-to-client measures are proxies for the business areas of the Company where its clients may be exposed to problems/issues which could inherently impact the firm's funds (capital). Within Risk-to-Client (RtC) there are additional 4 subfactors defined:

§ Client Assets Under Management and Ongoing Advice (K-AUM).

This factor assesses the impact on clients of the poor management or execution of client portfolios. By holding capital against this risk, the company safeguards its continuity of service to its client base.

§ Client Assets Safeguarded and Administered (K-ASA).

This K-factor ensures that the Company holds sufficient capital in proportion to assets safeguarded and administered on behalf of clients irrespective if they are on the balance sheet or at third-party accounts.

§ Client money held (K-CMH).

This requirement assesses the exposure when the company holds its clients' money, on the balance sheet or in third-party accounts. The K Factor is further broken down into 2 subsections:

  • money held in segregated accounts (K-CMHS), and
  • money held in non-segregated accounts (K-CMNHS).
  • Client orders handled (K-COH).

This K Factor calculates the risks to clients of the company which executes orders in the names of clients, and not in the firm's name. The K Factor is further broken down into 2 subsections:

  • client orders handled in cash trades (K-COHC), and
  • client orders handled in derivative trades (K-COHD).

K-Factor Calculations

K-factor requirement is calculated on the first business day of each month, and, as you can see, data collection for all K-factors is daily, except for K-AUM which is monthly

B. Risk-to-Market K-factors

Risk-to-Market (RtM) K-factors only apply to firms with a trading book that deals on their account or behalf of their clients, i.e. they deal on a matched principal basis or as a market maker. Fidus does not trade on its account.

C. Risk-to-Firm K-factors

Risk-to-Firm (RTF) is the final set of K-factors and must be modeled by investment firms that deal with their account. They are a simplified version of the banking rules for counterparty credit risk and large exposures. Fidus does not trade with its own account.

Fidus calculates the K Factors applicable to its model of Straight Through Processing (STP) as below:

  • Client money held - CMH additional details
  • Client orders handled - COH additional details
  • K-Net position risk - K-NPR additional detail

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.