Isle of Man Financial Services Authority Guidance Note on Internal Capital Adequacy Assessment Process (ICAAP)

Isle of Man Financial Services Authority Page 1 of 30 GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) (Applies to Isle of Man incorporated entities only) Internal Capital Adequacy Assessment Process (“ICAAP”) JUNE 2018 (updated April 2024) STATUS OF GUIDANCE The Isle of Man Financial Services Authority (“the Authority”) issues guidance for various purposes including to illustrate best practice, to assist licenceholders to comply with legislation and to provide examples or illustrations. Guidance is, by its nature, not law, however it is persuasive. Where a person follows guidance this would tend to indicate compliance with the legislative provisions, and vice versa.

Isle of Man Financial Services Authority Page 2 of 30 Contents 1 Background & Scope ....................................................................... 3 2 Key Features of the ICAAP ............................................................................ 5 3 Design of the ICAAP ....................................................................... 9 4 Material risks .................................................................10 5 Stress testing, scenario analysis and capital planning ................................. 14 6 Reverse stress testing and recovery planning ............................................. 15 7 Supervisory Review and Evaluation Process (SREP)..................................... 16 8 The setting of a Total Capital Requirement (‘TCR’) and Buffers ..................17 Appendix 1- ICAAP Submission ...................................................................................23 Appendix 2 – Glossary ................................................................................................ 29

Isle of Man Financial Services Authority Page 3 of 30

1. Background & Scope 1.1 The main aims of the guidance note are: A) To provide guidance on the content of the ICAAP, including:  Best practice observed by the Authority;  Some of the of risks that are particularly relevant to Isle of Man incorporated deposit takers (hereinafter referred to as “banks” or “bank”);  Additional guidance in respect of Pillar 2, buffers and the quality of capital; and  The link to recovery planning including reverse stress testing. B) To explain how the Authority usesthe ICAAP in its assessment of capital requirements (section 4); C) To explain the Authority’s expectations regarding the ongoing annual submission of revised ICAAP documentation (section 4); and D) To explain the capital terminology the Authority uses, in particular the terms ‘Total Capital Requirement’ (TCR) to refer to the amount and quality of capital a firm must maintain in relation to Pillar 1 and Pillar 2 and ‘Overall Capital Requirement’ (OCR), which incorporates any appropriate buffers. 1.2 Rule 2.19(1)(a) of the Financial Services Rule Book requires a bank incorporated in the Isle of Man to establish and maintain an internal capital adequacy assessment process (“ICAAP”) which is appropriate to the nature and scale of its business. 1.3 The ICAAP should relate risks to the amount of capital a bank holds and be forward looking. A bank has to have an ICAAP and must be able to explain it to the Authority; the Authority has a duty to review a bank’s ICAAP. This review is an integral part of the Authority’s risk assessment of the bank, and determination of a bank’s minimum capital adequacy ratios. 1.4 The minimum total capital ratio (requirement) for any bank is 10% as prescribed in the Financial Services Rule Book, although this may be set at a higher level for individual banks by way of Direction. All banks are required to observe a notification ratio of at least 1% above the prescribed minimum total capital ratio. This is intended to provide a cushion to reduce the risk of a bank breaching the minimum requirement and to provide an early warning signal of deterioration in a bank’s capital adequacy.

Isle of Man Financial Services Authority Page 4 of 30 1.5 It is expected that a bank will adopt a proportionate approach to the ICAAP and the Authority expects ICAAPs to vary in detail depending on the nature, scale and complexity of individual banks. 1.6 The responsibility for the ICAAP is that of the Board and Senior Management. 1.7 The Authority expects the ICAAP to be subject to a periodic review, which should be annual as a minimum. If there is no material change to the risk profile of a bank, confirmation of this to the Authority will be sufficient. However, where a bank’s risk profile has changed to a material extent during the year, the Authority will require a revised ICAAP to be submitted1 which will be reviewed as part of the SREP. 1.8 The data utilised within the ICAAP should, ideally, be as timely as possible, and within 6 months of the approval of the ICAAP by the board of the bank. For example, if data used is at 31 December, the ICAAP should be approved by the board of the bank by the following June. 1.9 Certain inherent risks are within the scope of the minimum capital requirements of Pillar 1, and so capital has already been allocated to these. However, there are residual risks arising, which are not covered under Pillar 1, and there are other inherent risks which are not covered at all and which must be addressed by the ICAAP under Pillar 2. The following table provides a summary:- Risk category Capital Requirements Type of Risk Source Documents Category One Risks covered by Pillar 1 capital requirements  Credit risk  Market risk and settlement risk  Operational risk Quarterly Prudential Returns Category Two Risks only partially covered by Pillar 1 capital requirements  Residual risk  Counterparty credit risk  Securitisation risk  Model risk  Underestimation of credit, market, settlement or operational risk in Pillar 1 ICAAP Category Three Risks not covered by Pillar 1 – Captured as Pillar 2  Strategic risk  Concentration risk  Liquidity risk  Group risk  Reputation Risk  Interest rate risk  Underwriting risk  Pension risk  Transfer risk ICAAP

1 As per the Financial Services Rule Book 2016, Rule 2.19(7) the ICAAP should be submitted to the Authority within 20 business days of the approval by the directors.

Isle of Man Financial Services Authority Page 5 of 30  Weaknesses in credit risk mitigation Category Four External factors – Captured as Pillar 2  Business risk (earnings and costs)  Strategy  Economic environment  Regulatory environment ICAAP 1.10 Pillar 3 establishes measures to make better use of market discipline. Pillar 3 applies only at the top consolidated level of a banking group and is therefore generally not considered to be applicable to Isle of Man incorporated banks. 2. Key Features of the ICAAP The five main features of a rigorous ICAAP are as follows:  Board and senior management oversight;  Sound capital assessment;  Comprehensive assessment of risks;  Monitoring and reporting; and  Internal control and mitigation review. 2.1 Board and senior management oversight 2.1.1 The Board and Senior Management have primary responsibility for ensuring that a bank has adequate capital to support its risks. The capital required should, as a minimum, enable a bank to operate as a going concern and be sufficient to provide for business growth. 2.1.2 To meet its responsibility the Board should establish a capital policy that includes:  A bank’s capital adequacy goals in relation to its risk profile, taking into account its strategic focus and business plan;  Approved capital targets (capital planning) that are consistent with a bank’s overall risk profile and financial positions;  Measures that would be taken in the event capital falls below a targeted level; and,  Measures to ensure that a bank is in compliance with minimum regulatory standards.

Isle of Man Financial Services Authority Page 6 of 30 2.1.3 The Board should also maintain policies to supplement the capital policy in relation to:  Risk Management;  Stress Testing;  Dividend Payments; and,  Provisioning methodology. 2.1.4 The Board is responsible for integrating capital planning and capital management into a bank’s overall risk management approach. The ICAAP should form an integral part of the management process and decision making culture of a bank. 2.2 Sound Capital Assessment 2.2.1 The Basel Committee for Banking Supervision (“BCBS”) has established as a standard that banks should have enough capital available to meet needs over a one-year time horizon at the 99.9th percentile confidence interval. This is equivalent to saying that capital should be adequate to cover all losses 999 times out of every 1,000. 2.2.2 The Authority recognises that mathematical modelling may not always be the most appropriate approach and that considering risks on a ‘realistic worse case loss’ may be more appropriate in certain circumstances. 2.2.3 There should be policies and procedures to ensure that a bank identifies, measures and reports all material risks. 2.2.4 There should be a process that relates capital to the level of risk. 2.2.5 There should be a process of internal controls, reviews and audit to ensure the integrity of the overall process. 2.2.6 The ICAAP should be fully documented (specification, methodologies, assumptions, procedures, responsibilities) as should a bank’s capital policy. A periodic review should be carried out by the Board (at least annually). 2.2.7 The ICAAP should be comprehensive and should cover Pillar 1 risks, risks not fully captured under Pillar 1 (e.g. underestimation of credit/operational risks using the simpler approaches), Pillar 2 risks (e.g. liquidity, concentration risk, strategic risk), and risk factors external to a bank which may arise from the regulatory or economic environment.

Isle of Man Financial Services Authority Page 7 of 30 2.2.8 The ICAAP should be forward looking and should take into account a bank’s strategic plans e.g. loan growth expectations. Banks should conduct appropriate stress tests. 2.2.9 The ICAAP should produce a “reasonable” outcome. A bank should be able to explain the similarities and differences between its ICAAP and its own funding requirements. 2.3 Comprehensive assessment of risks 2.3.1 The full range of material risks faced by a bank will vary from one bank to another, dependent upon such factors as the customer base, operational complexity, market activities and outsourced functions. It remains a bank’s responsibility to comprehensively identify, measure, control and adequately mitigate all risks of significance that it faces and to maintain sufficient capital to reflect that overall risk position. 2.3.2 The adequacy of a bank’s capital is a function of its risk profile. Capital targets should be consistent with the risk profile and operating environment of a bank. Other considerations such as external rating goals may also be taken into account, although this may not be especially relevant to banks on the Isle of Man. 2.3.3 ICAAPs are likely to be a mixture of detailed calculations and estimates with some risks being assessed on a quantitative basis and others being more qualitative. A bank should clearly establish such distinctions. 2.3.4 Non-quantifiable risks should be included if they are material even if it is only possible to estimate them, though this requirement could be eased if there is a clear policy to mitigate such risks. 2.3.5 Banks’ assessments are expected to be forward looking, assessing the impact over an extended period that is appropriate for the bank but which is expected to be typically at least three years. This assessment should document both the impact of perceived risk levels on capital requirements and the impact of other expectations, including budget profits, capital raising and dividends. 2.3.6 The assessment should cover three factors:  Baseline: a baseline forecast should be provided, showing key drivers and how the capital ratios (CET1, Tier 1 and Total Capital) are expected to evolve over the three/five year period;  Stress scenarios: where scenarios are used, the impact should be evaluated over a similar period to the baseline forecast; and  Risk events: the impact of risk events should be determined after taking into account forecast changes in the bank’s risk profile.

Isle of Man Financial Services Authority Page 8 of 30 2.4 Monitoring and Reporting 2.4.1 A bank should have a system for monitoring and reporting risk exposures and assessing how a bank’s changing risk profile affects the need for capital. 2.4.2 The Board should regularly receive reports on a bank’s risk profile and its capital needs, allowing them to:  Evaluate the level and trend of material risks and their effect on capital levels;  Evaluate the sensitivity and reasonableness of key assumptions used in the capital assessment measurement system;  Determine that a bank holds sufficient capital in light of the bank’s risks; and,  Assess future capital requirements and adjust the strategic plan accordingly. 2.5 Internal Control Review 2.5.1 The ICAAP should be reviewed regularly and at least annually (refer Rule 2.19 1(b) of the Financial Services Rule Book) to ensure it is still appropriate. It should also be subject to independent review with the involvement of internal and external audit where appropriate. 2.5.2 A bank should conduct periodic reviews of the risk management process including the appropriateness of the capital assessment process, given the nature and scale of the bank’s operations, identification of large exposures and risk concentrations, accuracy and completeness of data inputs into a bank’s assessment process, and reasonableness and validity of scenarios used in the process. 2.6 Group/parent ICAAPs 2.6.1 An Isle of Man incorporated bank is a separate legal entity regulated by the Authority and as such, the Authority expects a bank to have its own ICAAP. However, it is acknowledged that a bank may wish to leverage off expertise at group level and draw on the group/parent ICAAP. In such cases local management is expected to be able to explain how this relates to the Isle of Man subsidiary and demonstrate why they are satisfied that the level of capital is adequate given a bank’s risk profile. It is also expected that the Isle of Man ICAAP will have been reviewed and signed off by Group in these situations.

Isle of Man Financial Services Authority Page 9 of 30 2.6.2 Although there is a requirement for stress testing, to identify possible events or changes in market conditions that could adversely affect a bank, it is recognised that stress testing is sometimes best performed on a group basis. As such, it is acceptable for a banking group to determine the capital requirement at group level and either retain it at a consolidated or sub￾consolidated level or allocate it across the group using a proxy such as balance sheet size. 3. Design of the ICAAP 3.1 There is no prescribed format for the ICAAP and it is acknowledged that ICAAPs will vary depending on the nature and complexity of individual banks’ operations. However, Appendix 1 includes details of a suggested format that banks may wish to use. 3.2 A simple option is to use the statutory minimum as a starting point, adjusting it with a capital add-on to take into account elements outside the consideration of Pillar 1, including forward looking elements. 3.3 A bank would need to be able to demonstrate that it had adequately assessed all material risks outside the statutory minimum and found that these were addressed by the capital add-on. A bank may conclude that no capital add-on is required. 3.4 A bank may decide to take the following approach:-  Prepare a list of the major risks to which each business line is exposed;  Identify and consider a bank’s largest losses over the past 3 – 5 years and estimate where future losses may arise;  Consider what actions a bank would take and how much capital would be required in the event that each of the risks materialised;  Consider the extent to which a bank’s Pillar 1 capital requirement adequately captures the above and how much additional capital may be required;  Consider a bank’s strategy and business projections and estimate the impact on the bank’s capital;  Carry out sensitivity tests to analyse the impact on earnings of a shift in parameters (e.g. an increase in interest rate risks) and consider the impact of a range of adverse economic scenarios on the bank’s future earnings;  Document the conclusions of the above process ensuring that  Senior management has been involved in arriving at these conclusions; and,  A process is in place to ensure the integrity of the conclusions.

Isle of Man Financial Services Authority Page 10 of 30 4. Material risks 4.1 The below list provides examples of risks typically faced by banks incorporated in the Isle of Man. It is not definitive and a bank must identify its key risks for itself. 4.2 Specific risk guidance may be issued by the Authority from time to time. Banks are recommended to remain cognisant of all relevant papers issued by the BCBS on the management of risk, which can be found at www.bis.org/bcbs/. 4.3 Credit risk, market risk and operational risk 4.3.1 Banks should use the Pillar 1 methodology for initial capital calculations in respect of credit risk, market risk & settlement risk, and operational risk. 4.4 Residual risk 4.4.1 While banks use credit risk mitigation (“CRM”) techniques to reduce their credit risk, these techniques can give rise to risks that may render the overall risk reduction less effective. These additional risks are mainly legal risk and documentation risk. 4.5 Credit concentration risk 4.5.1 A risk concentration is any single exposure or group of related exposures with the potential to produce losses large enough to threaten a bank’s health or ability to maintain its core operations. Such concentrations are not addressed in the Pillar 1 capital charge for credit risk. 4.5.2 Credit risk concentrations include:-  Large exposures;  Credit exposures to parties connected to the bank (including in relation to material loans / exposure to parent / group banks – also see sections 4.10 and 6);  Credit exposures to counterparties in the same economic sector or geographic region;  Credit exposures to counterparties whose financial performance is dependent on the same activity or commodity; and,  Indirect credit exposures arising from a bank’s CRM activities (e.g. exposure to a single collateral type). 4.5.3 The Authority has published guidance on Credit Risk and Large Exposures which is available on its website www.iomfsa.im

Isle of Man Financial Services Authority Page 11 of 30 4.6 Underestimation of credit, market or operational risk in Pillar 1 4.6.1 This occurs where the amount of capital required, as determined under Pillar 2, exceeds the amount required under Pillar 1 (10% of RWAs). Offsets between these categories are not allowed; each of the three risk categories must be considered alone. 4.6.2 The increment required is the amount by which the Pillar 2 calculation exceeds the Pillar 1 capital charge. For example, if the internal assessment of credit risk indicated that £11 million of capital is required and the bank has Pillar 1 credit RWAs of £100 million, then the underestimation would be £1 million under Pillar 2, based on the statutory minimum total capital ratio requirement in the Isle of Man of 10%. 4.6.3 Some examples of where the Pillar 1 process may not adequately estimate all risks are:  Credit risk - differences between the use of simplified standardised approach (‘SSA’) for credit risk and standardised approach (noting that over time the use of the SSA has diminished).  Credit risk - indicative credit facilities (on an uncommitted basis) where banks may take a commercial decision to honour an arrangement due to a wider relationship.  Operational risk - gross income, used in the Basic Indicator and Standardised Approaches for operational risk, is only a proxy for the scale of operational risk exposure of a bank and can, in some cases (e.g. for banks with low profitability), underestimate the need for capital for operational risk. The Authority will consider whether the capital requirement generated by the Pillar 1 calculation gives a consistent picture of a bank’s operational risk exposure. 4.7 Liquidity risk 4.7.1 Many of the scenarios developed for ICAAPs in respect of capital requirements are likely to lead to an impact on liquidity risks. When developing and considering scenarios banks should therefore seek to ensure that they have identified and considered both capital and liquidity risks. This should not prevent banks from developing liquidity risk specific scenarios. The reverse is also true. 4.7.2 This is particularly important when identifying necessary mitigating actions; these should aim to ensure that a bank remains liquid as well as maintaining required minimum capital levels.

Isle of Man Financial Services Authority Page 12 of 30 4.8 Interest rate risk in the banking book (‘IRRBB’) 4.8.1 The Authority’s view is that if the value at risk reported as part of the prudential return (refer form SR3B) exceeds 5% of Tier 1 capital, this category should be specifically addressed within the ICAAP. 4.8.2 The BCBS also published detailed standards on IRRBB in April 2016 (https://www.bis.org/bcbs/publ/d368.pdf). The BCBS standards confirm that IRRBB is a risk to be addressed in Pillar 2. Amongst a range of principles, matters most relevant to ICAAP include:  Information on how a bank could conduct stress testing / scenario analysis (also refer to section 5) including interest rate shocks, and a way of measuring this; and  Information (principle 9 of the standards) regarding the factors that should be considered when assessing capital adequacy in respect of IRRBB. 4.9 Market risk / Foreign exchange risk 4.9.1 For some banks, capital adequacy may be materially impacted by exchange rates. For example, this can arise where capital is held in a different currency to some assets; where the capital is held in a foreign currency (i.e. not the accounting currency of the bank) and/or assets (and hence risk weighted assets) are held in a foreign currency. 4.9.2 Where applicable, banks should have contingency plans in place to address such a situation, so for example a capital buffer in place to address the immediate impact. 4.10 Group risk 4.10.1 In most banks’ cases, the importance of the parent’s or group’s financial strength is such that it should be addressed separately in the ICAAP, including the ability of the parent / group to provide support, in terms of capital and liquidity2 as may be appropriate. 4.10.2 Where relevant, the risk arising from the direct counterparty exposure to the parent (or other group bank) through up-streaming should also be addressed, including the impact on credit RWAs if a credit rating downgrade were to occur (and the likelihood of such a downgrade having a material effect on the bank’s RWAs and capital adequacy). [Also, see sections 4.5 and 6].

2 Reference can also made to any liquidity contingency arrangements submitted to the Authority in this respect.

Isle of Man Financial Services Authority Page 13 of 30 4.11 Pension risk 4.11.1 Pension risk is the risk of pension funding arrangements not being adequate to meet pension payment obligations. Banks with local funded defined pension schemes will need to take account of their risks in this area, including both current and potential shortfalls, and the impact that these might have on their capital. 4.12 Strategic risk 4.12.1 Strategic risk is the current or prospective risk to earnings and capital arising from changes in the business environment and from adverse business decisions, improper implementation of decisions or lack of responsiveness to changes in the business environment. 4.13 Reputational risk [including conduct risk] 4.13.1 Reputational risk is clearly a significant risk to be captured under Pillar 2 and can be one of the most significant risks in financial centres such as the Isle of Man. 4.13.2 The Authority expects banks to have assessed the reputational risk contained in its higher risk customer accounts and relationships, and where appropriate to generate a capital charge for reputational risk and /or provide evidence of measures in place to mitigate reputational risk. 4.13.3 Individual products and services should also be considered and assessed. For example, the presence of any tax based lending structures which lack an underlying commercial validity, or are particularly complex, can be of particular concern and warrant additional consideration. 4.14 Regulatory risk [including financial crime and conduct risk] 4.14.1 The ICAAP should identify possible impacts of non-compliance with existing regulations and the risk posed by changes in the regulatory environment. Areas of change could include proposals from regulators, governments, the Basel Committee and other international standard setters. 4.14.2 Banks may also face the risks of regulatory fines for failings in their conduct, from both the Authority and other regulatory bodies (depending on their operations and exposures).

Isle of Man Financial Services Authority Page 14 of 30 4.15 Environmental, social or governance risk (‘ESG Risk’) 4.15.1 ESG risks are the risks of any negative financial impact on the bank stemming from the current or prospective impacts of ESG factors on its counterparties or invested assets. 4.15.2 ESG risk is not viewed as being a standalone risk and it should be identified, assessed and managed as part of the consideration of other risks, for example credit risk, operational risk and reputational risk. 4.15.3 ESG risks can be a driver of financial risks and should be managed in a manner that is consistent with the bank’s risk appetite and be reflected, where appropriate and proportionate, within the ICAAP. 5. Stress testing, scenario analysis and capital planning 5.1 Banks are expected to have in place appropriate stress testing processes. These should form an integral part of the governance and risk management culture of a bank and should be reflected in its ICAAP. 5.2 Both stress testing and scenario analysis are forward-looking analytical techniques, which seek to anticipate possible losses that might occur if an identified economic downturn or a risk event crystallises. 5.3 Stress testing typically refers to shifting the values of individual parameters that affect the financial position of a bank, determining the effect on the bank’s financial position. 5.4 Scenario analysis typically refers to a wider range of parameters being varied at the same times. Scenario analysis often examine the impact of adverse events on the bank’s financial position, for example, simultaneous movements in a number of risk drivers affecting all of a bank’s business operations, such as business volumes and investment values. 5.5 There are four broad purposes of stress testing and scenario analysis:  As a means of quantifying how much capital might be absorbed if an adverse event(s) occurs;  To provide a check on the outputs and accuracy of risk models, particularly in identifying non-linear effects when aggregating risks;  To explore sensitivities in longer-term business plans and how capital needs might change over time; and  Evaluating the impact on a wider range of measures, such as liquidity and profitability. 5.6 Both stress tests and scenario analysis are undertaken by a bank to improve its understanding of the vulnerabilities that it faces under adverse conditions.

Isle of Man Financial Services Authority Page 15 of 30 They are based on the analysis of the impact of a range of events of varying nature, severity and duration. These events can be economic, financial, operational or legal, or relate to any other risk that might have an impact on a bank. 5.7 A bank should use the results of its stress testing and scenario analysis not only to assess capital needs, but also to decide if measures should be put in place to minimise the adverse effect on the bank if the risks covered by the stress test or scenario analysis actually materialise. Such measures might be a contingency plan or more concrete risk mitigation steps. 5.8 The Authority expects a bank to project its capital resources and capital requirements over a three to five year horizon, taking account of its business plan and the impact of relevant adverse scenarios. 5.9 The Authority expects banks to identify any realistic management actions intended to maintain or restore capital adequacy. A bank should reflect management actions in its projections only where it could, and would, take actions, taking into account of factors such as market conditions in the stress scenario and any effects upon the bank’s reputation with counterparties and investors (if relevant). The combined effect on capital and retained earnings should be estimated. 6. Reverse stress testing and recovery planning 6.1 Reverse stress testing is a risk management tool used to increase a bank’s awareness of its business model vulnerabilities. A bank should carry out stress tests and scenario analysis that tests its business plan to failure. 6.2 Business plan failure in the context of reverse stress testing should be understood as the point at which the market loses confidence in a bank and, as a result, the bank is no longer able to carry out its business activities. For a bank in the Isle of Man, a loss in market confidence could arise through issues at the parent / group level [also see sections 4.5 and 4.10] 6.3 The Authority may request a bank to quantify the level of financial resources which, in the bank’s view, would place it in a situation of business failure should the identified adverse circumstances crystallise. 6.4 Reverse stress testing should be appropriate to the nature, size and complexity of the bank’s business plans and of the risks it bears. Where reverse stress testing reveals that a bank’s risk of business failure is unacceptably high, the bank should devise realistic measures to prevent or mitigate the risk of business failure, taking into account the time that it would have to react to these events and implement those measures.

Isle of Man Financial Services Authority Page 16 of 30 6.5 In carrying out its reverse stress testing, a bank should consider scenarios in which the failure of one or more of its major counterparties or a significant market disruption arising from the failure of a major market participant, whether or not combined, would cause the bank to fail. 6.6 Banks may choose to use reverse stress testing as a starting point for their recovery plan scenarios. The Authority has published specific guidance on Recovery Planning, which is available on its website www.iomfsa.im. 7. Supervisory Review and Evaluation Process (SREP) 7.1 The Authority will have regard to:-  The soundness of the overall ICAAP given the nature and scale of a bank’s business activities;  The degree of management involvement in the process e.g. whether target and actual capital levels are monitored and reviewed by the Board;  The extent to which the internal capital assessment is used routinely within a bank for decision-making purposes;  The extent to which a bank has provided for unexpected events in setting capital levels;  The reasonableness of the outcome of the ICAAP in terms of whether:  The amount of capital required as demonstrated by the ICAAP is sufficient to support the risks faced by the bank; and  Whether the levels and composition of capital chosen by the bank are comprehensive, relevant to the current operating environment, and appropriate for the nature and scale of the bank’s business activities. 7.2 A bank should be able to explain and demonstrate to the Authority:  How its ICAAP meets supervisory requirements;  How its material risks are defined, categorised and measured;  How internal capital targets are chosen and how those targets are consistent with the overall risk profile, current operating environment and future business needs; and  The reason for any differences between the ICAAP’s level of capital and the regulatory requirement.

Isle of Man Financial Services Authority Page 17 of 30 8. The setting of a Total Capital Requirement (‘TCR’) and Buffers 8.1 Basel III strengthened micro-prudential regulation and supervision and added a macro-prudential overlay that includes capital buffers. It introduced enhanced requirements for:  The quality and quantity of capital;  A basis for new liquidity3 and leverage requirements;  New rules for counterparty risk4 ;  New macro-prudential standards including a countercyclical capital buffer; and  Buffers for systemically important institutions. 8.2 Figure A sets out the main reforms delivered by Basel III, some of which are not directly applicable to banks incorporated in the Isle of Man, or have not yet been progressed by the Authority. Banks should however remain cognisant to the overall framework.

3 The Authority has not yet implemented the Basel III liquidity framework. 4 The Authority has not implemented all of these changes.

Isle of Man Financial Services Authority Page 18 of 30 Figure A – Basel Committee on Banking Supervision reforms – Basel III Capital Pillar 1 Pillar 2 Pillar 3 Quality and level of capital Greater focus on common equity. The Authority s minimum will be 8.5% of risk￾weighted assets, after deductions Capital loss absorption at the point of non￾viability Contractual terms of capital instruments will include a clause that allows – at the discretion of the Authority – write-off or conversion to common shares if the bank is judged to be non￾viable. The principle increases the contribution of the private sector to resolving future banking crises and thereby reduces moral hazard. Capital conservation buffer This is not required by the Authority in this form due to the higher minimum capital requirements that are set and the mandatory min 1% notification buffer Countercyclical buffer Operates within a range of 0%-2.5% comprising common equity, when a relevant authority judges that credit growth is resulting in an unacceptable build up of systemic risk in their jurisdiction. This is calculated based on the weighted average of buffers in effect in the jurisdictions to which banks have a credit exposure. Systemically Important buffer In the Isle of Man context this relates to Domestic Systemically Important Banks ( D￾SIBs ) and is imposed in the range of 0%-2.5% comprising common equity. This requirement is to reduce the probability of the failure of a D￾SIB Securitisations Strengthens the capital treatment for certain complex securitisations. Requires banks to conduct more rigorous credit analysis of externally rated securitisation exposures Trading book Significantly higher capital for trading and derivatives activities, as well as complex securitisations held in the trading book. Introduction of a stressed value-at-risk framework to help mitigate procyclicality. A capital charge for incremental risk that estimates the default and migration risks of unsecuritised credit products and takes liquidity into account. Counterparty credit risk Substantial strengthening of the counterparty credit risk framework. Includes: more stringent requirements for measuring exposure; capital incentives for banks to use central counterparties for derivatives, and higher capital for inter￾financial sector exposures. Bank exposures to central counterparties (CCPs) The Basel Committee has proposed that trade exposures to a qualifying CCP will receive a 2% risk weight and default fund exposures to a qualifying CCP will be capitalised according to a risk-based method that consistently and simply estimates risk arising from such default fund. Leverage ratio This is currently advisory only for IOM banks A non-risk based leverage ratio that includes off￾balance sheet exposures will serve as a backstop to the risk-based capital requirement. Also helps contain system wide build-up of leverage. Supplemental Pillar 2 requirements Address firm-wide governance and risk management; capturing the risk of off-balance sheet exposures and securitisation activities; managing risk concentrations; providing incentives for banks to better manage risk and returns over the long term; sound compensation practices; stress testing; accounting standards for financial instruments; corporate governance and supervisory colleges. Revised Pillar 3 disclosures requirements Pillar 3 only applies to the top consolidated level of a banking group and is therefore considered not to be applicable for IOM banks. Licence holders do however need to be cognisant of the overall framework. The requirements introduced relate to securitisation exposures, sponsorship of off￾balance sheet vehicles, consolidation of exiting disclosures and enhanced disclosures focused on key prudential metrics including total loss￾absorbing capital. In addition to meeting the Basel III requirements, locally incorporated domestic systemically important banks (D-SIBs) may be required to have a higher loss absorbing ( HLA ) capacity to reflect the greater risks that they pose to the Islands financial system. The Authority has developed a methodology that includes both quantitative indicators and qualitative elements to identify DSIBs. The additional loss absorbency are to be met with a progressive Common Equity Tier 1 (CET1) capital requirement ranging from 0% to 2.5%, depending on a number of factors. Liquidity Risk Coverage Risk Management and Supervision Market Discipline Containing Leverage Liquidity coverage ratio The liquidity coverage ratio (LCR) requires banks to have sufficient high-quality liquid assets to withstand a 30-day stressed funding scenario that is specified by supervisors Net stable funding ratio The net stable funding ratio (NSFR) is a longer-term structural ratio designed to address liquidity mismatches. It covers the entire balance sheet and provides incentives for banks to use stable sources of funding Principles for Sound Liquidity Risk Management and Supervision The Basel Committee s 2008 guidance Principles for Sound Liquidity Risk Management and Supervision takes account of lessons learned during the crisis and is based on a fundamental review of sound practices for managing liquidity risk in banking organisations. Supervisory monitoring The liquidity framework includes a common set of monitoring metrics to assist supervisors in identifying and analysing liquidity risk trends and both the bank and system￾wide level. Global liquidity standard and supervisory monitoring. To be introduced. All Banks D-SIBs Capital

Isle of Man Financial Services Authority Page 19 of 30 8.3 Following the SREP, including both a review of the ICAAP and any other interactions with the bank, the Authority will normally set a Total Capital Requirement (‘TCR’) [this covers Pillar 1 and Pillar 2], and advise the bank of the amount and quality of capital that it considers the bank should hold. 8.4 The capital requirements will always involve a specified minimum TCR (which can be the same as the minimum total capital ratio of 10%, if no pillar 2 risks are identified), a minimum regulatory buffer (at least 1%) and any other buffers or particular capital treatment, such as capital deductions, to be applied. The addition of buffers will be incorporated into an Overall Capital Requirement (‘OCR’). 8.5 In considering the TCR and OCR the Authority will also take into account the extent of a bank’s reported leverage, and expects a bank to consider its level of leverage as part of its capital planning. 8.6 Even if Pillar 2 risks are identified the TCR might not always be increased above the statutory minimum total capital ratio of 10%. For example:  In the case of credit, operational and market risk, the Pillar 2 risk capital requirement is not more than that required under Pillar 1;  The amounts are not material;  Other requirements are considered to be more appropriate, such as requiring deductions from capital; or  A buffer is considered to be an adequate mitigant, taking into account the scale and nature of the risks. 8.7 The Authority’s buffer (‘regulatory buffer’) 8.7.1 As per Rule 2.19 of the Financial Services Rule Book the Authority requires a bank to notify it immediately if its total capital ratio falls to within 1% of its minimum total capital ratio. In other words, a bank is expected to hold a minimum notification buffer of at least 1% of RWAs. 8.7.2 Following the SREP, the Authority may also notify a bank of an amount of capital that it should hold in addition to the minimum notification buffer and this is collectively referred to as the ‘regulatory buffer’. This buffer should be of a sufficient amount to allow a bank to continue to meet its TCR, even in the event of adverse circumstances, after allowing for realistic management actions that a bank could, and would, take in a severe stress scenario but avoiding duplication with other buffers.

Isle of Man Financial Services Authority Page 20 of 30 8.7.3 On a periodic basis the Authority will complete a Risk Assessment of a bank, which will take into consideration relevant information obtained from prudential returns, reviews, meetings, media coverage, general interactions with the Authority and other research. The assessment will produce ratings (for inherent risk, controls and residual risk) that reflect the Authority’s assessment of the riskiness of the bank across a range of risk categories as set out in the Authority’s Supervisory Methodology Framework. The Risk Assessment will form part of the assessment of an appropriate regulatory buffer. Where the Authority assesses an area of the bank’s risk profile as “High” or “Medium High”, it may set the regulatory buffer to include an amount of additional capital in a range from 0-2% (in addition to the standard 1% minimum notification buffer). 8.8 Countercyclical buffer 8.8.1 A countercyclical capital buffer (“CCyB”) is time-varying and is designed to require banks to hold additional capital to remove or reduce the build-up of systemic risk in times of credit boom, providing additional loss absorbing capacity and acting as an incentive for banks to constrain further credit growth. The scale of the buffer is determined by reference to buffer rates set by a relevant authority5 . 8.8.2 The Isle of Man as a jurisdiction does not set a countercyclical buffer; however a bank may have material exposures to assets in jurisdictions where such buffers are established, and therefore a bank is expected to consider those in its ICAAP, and the relevance to its business. 8.8.3 Any buffer is typically calculated by multiplying the weighted average of the CCyB rates that apply to exposures in the jurisdictions where a bank’s relevant credit exposures are located. For example: Assumption Country A has a CCyB set at 1% A bank has £100m total credit RWAs relating to country A The bank’s total credit risk RWAs are £300m Calculation £100m x 1% (CCyB) = £1m £1m/£300m = 0.33% Overall capital impact of the CCyB will be the bank’s Pillar 1 RWA x 0.33%

5 Details of the countercyclical capital buffer (CCyB) rates set by a relevant authority can be found at https://www.bis.org/bcbs/ccyb/. This site includes a link to set up a designated email alert so that firms will be notified of updates.

Isle of Man Financial Services Authority Page 21 of 30 8.8.4 The Authority will consider the materiality of any exposures, any other buffers and the overall quantity and quality of capital being held to help determine if an additional countercyclical buffer is required. 8.9 Systemic buffer 8.9.1 In the Isle of Man context this relates to Domestic Systemically Important Banks (‘D-SIBs’) and is imposed in the range of 0%-2.5% comprising common equity. This requirement is to reduce the probability of the failure of a D-SIB. Banks that have been classified as a D-SIB will receive a formal notification from the Authority. 8.9.2 More information can be found in the Authority’s Supervisory Policy Statement on D-SIBs, which is available on its website www.iomfsa.im. 8.10 Failure to meet the TCR and use of buffers 8.10.1 The Authority expects every bank to hold at least the level and quality of capital advised to it in its TCR at all times. 8.10.2 The use of the regulatory and other buffers is not itself a breach of capital requirements under Rule 2.19 (unless a bank fails to notify the Authority once its actual capital is below the OCR), however banks should only use the buffers to absorb losses or meet increased capital requirements if certain circumstances materialise. These should be circumstances beyond a bank’s normal and direct control, whether relating to a deteriorating external environment or periods of stress such as macroeconomic downturns or financial/market shocks, or bank-specific circumstances. 8.10.3 In some cases it may be appropriate for the Authority to reduce a buffer if a risk has crystallised into a Pillar 1 requirement, for example. Conversely, a bank should also take steps to restore its actual capital to above the set OCR over an agreed period of time. 8.10.4 Consistent with Rule 2.19, a bank must immediately notify the Authority if it, at any time, has reason to believe that it would need to use the regulatory buffer. 8.10.5 As a matter of good practice, a bank may set its own internal management buffer that would sit above the OCR. 8.10.6 Figure B illustrates a bank’s TCR, its relationship with other buffers that make up the OCR and the quality of capital that must held. Capital that banks use to meet their Pillar 1 capital and Pillar 2 capital requirements cannot be counted towards meeting their buffers. All buffers are in CET1 capital.

Isle of Man Financial Services Authority Page 22 of 30 Figure B - The Capital Framework Capital Stack D-SIB Buffer Countercyclical Buffer Regulatory Buffer Pillar 2 Requirements Pillar 1 (Minimum Requirements) Capital Requirements % 0%-2.5% 0%-2.5% Min 1% Min 10% Minimum Capital Quality CET1 (Expected) CET1 CET1 – 56% AT1 – 19% T2 – 25% CET1 - 8.5% RWAs AT1 -8.5% RWAs T2 -1.5% RWAs Total Capital Requirement (‘TCR’) Min 10% (8.5% CET1) Firm Specific Firm Specific Firm Specific Firm’s own internal management buffer (not set by the Authority) CET1 Overall Capital Requirement (‘OCR’) Min 11% (8.5% CET1)

Isle of Man Financial Services Authority Page 23 of 30 Appendix 1- ICAAP Submission The ICAAP document The ICAAP document is the bank’s explanation to the Authority of its internal capital adequacy assessment process. The Authority expects this document to be signed off by the bank’s Board of directors. The level of detail provided will vary from bank to bank but it is suggested that any working papers used to support the document’s conclusions are attached as appendices.

1. EXECUTIVE SUMMARY The purpose of the Executive Summary is to present an overview of the ICAAP methodology and results. This would typically include:  The purpose of the report and the regulated entities covered;  The main findings of the ICAAP analysis; o The amount of capital the bank considers it should hold compared to the Pillar 1 calculation; o The adequacy of the bank’s risk management processes;  A summary of the financial position of the bank;  An overview of the bank’s strategy;  A brief description of the capital and dividend plan; how the bank intends to manage capital going forward and for what purposes;  Commentary on the most material risks, why the level of risk is acceptable or what mitigating actions have been/will be put in place;  Commentary on major issues where further analysis is required;  Who has carried out the assessment, how it has been challenged and who has approved it.

Isle of Man Financial Services Authority Page 24 of 30 2. BACKGROUND This section should include relevant organisational and historical financial data for the bank. This may include details of the group structure, profitability, dividends, capital resources, deposit liabilities and any conclusions that can be drawn from trends in the data that may have implications for the future. It would also give a brief description of expected changes to the bank’s current business profile. 3. SUMMARY OF CURRENT AND PROJECTED FINANCIAL AND CAPITAL POSITIONS This section should explain the present financial position of the bank, any changes to its current business profile, projected business volumes, projected financial position and future planned sources of capital. 4. CAPITAL ADEQUACY This section is the detailed review of the capital adequacy of the bank and should include the following information:- Timing  The effective date of the ICAAP calculations, with details of any events that have happened since and that may materially change the ICAAP’s calculations. The impact of such events should be included.  Details of, and rationale for, the time period over which the capital has been assessed. Risks analysed  Articulation of the bank’s risk appetite;

 Identification of the areas of risk considered and the major risks arising in those areas;  Details of mitigating actions in relation to major risks;  Details of any restrictions on the ability to transfer capital into or out of the bank;  Conclusions arising out of the risk assessment, including an analysis of significant movements in available capital and capital required since the last ICAAP and a comparison of the capital required under Pillar 1 calculations, as compared with the overall capital requirement identified by the ICAAP.

Isle of Man Financial Services Authority Page 25 of 30 Methodology and assumptions  A description of how the risk assessment has been carried out and what assumptions have been made;  An explanation of how the risk assessment relates to the additional capital the bank concludes is required;  It is assumed that most banks in the Isle of Man will use the following methodology:- o Calculation of the capital required under Pillar 1; o Consider the risks not covered or not fully covered under Pillar 1 and assess what additional capital is required; o Add Pillar 1 and Pillar 2 calculations; o Consider stress testing / scenario analysis, and buffers.  Where internal models are being used to quantify risks the following information will be required:- o The key assumptions and parameters within the capital modelling work and background information on the derivation of key assumptions; o How parameters have been chosen, including the historical period used and the calibration process; o The limitations of the model; o The sensitivity of the model to changes in the key assumptions or parameters chosen; o The validation work undertaken to ensure the continuing adequacy of the model(s). Sensitivity Analysis This section would detail the sensitivity tests undertaken to key assumptions and factors that have a significant impact on the broader financial condition of the bank e.g. changes in interest rates. Material changes in the financial risks to which the business is exposed would be explored and quantified as far as possible. Stress testing Where this is performed on a group basis, a decision may be made to retain any required capital at a consolidated or sub-consolidated level. Alternatively, capital may be allocated across the group on a pro rata basis. This section should include an explanation of what methodology has been used and the rationale. Where stress testing is carried out at the bank level, this section should include details of these. Information such as the range of scenarios, key assumptions and confidence levels should be provided.

Isle of Man Financial Services Authority Page 26 of 30 Typical scenarios at group level or locally could include:-  How an economic downturn would affect the bank’s or group’s capital resources, Pillar 1 capital requirements and its future earnings;  How changes in the credit quality of the bank’s credit risk counterparties affect the bank’s capital and its credit risk requirement;  An assessment by the bank or group of how it would continue to meet its regulatory capital requirements through a recession, the severity of the recession being one that occurs once in a 25 year period  The impact of a downgrade in respect of a parent or parent’s jurisdiction  Worse case losses as a result fraud, mis-selling or pending litigation. Good risk management includes planning for unlikely severe scenarios. Examples could include a disorderly exit of a country, or countries from the Eurozone, an exit of a country from a fixed exchange rate regime or the breakdown of such a regime. Appropriate scenarios will differ between banks and they should consider if they are materially exposed to such events and any elements that may specifically apply to them. Reverse stress-testing should include a range of severities for each scenario so that it is possible to demonstrate both where recovery actions would be necessary to ensure survival and identify very extreme conditions under which, even taking into account recovery plans, resolution would become necessary. The number of scenarios will vary depending on the number of potential risks that could bring down the banks. As a minimum, banks are expected to identify at least one systemic or market-wide scenario and at least one idiosyncratic or group/bank￾specific scenario. Scenarios would be expected to result from a number of factors. Group Involvement Where the bank has had recourse to the group ICAAP and/or stress testing, this should be stated together with an explanation as to how this relates to the group’s Isle of Man operation. 5. AGGREGATION AND DIVERSIFICATION This section would describe how the results of separate risk assessments have been combined to obtain an overall view of capital adequacy. This requires some sort of methodology to be used to quantify the amount of capital required to support individual risks so that they can be aggregated into a total figure. Any adjustments made for diversification or risk correlations should be explained.

Isle of Man Financial Services Authority Page 27 of 30 6. CHALLENGE AND ADOPTION OF THE ICAAP This section would describe the extent of challenge and testing of the ICAAP. It would include any testing and details of the review and approval process. Details of the reliance placed on group ICAAPs, or reports obtained from an external reviewer or internal audit should be referred to in this section. Relevant copies of such reports should be attached. 7. USE OF ICAAP WITHIN THE BANK This would demonstrate the extent to which capital management is embedded within the bank including the extent and use of capital modelling or scenario analysis and stress testing e.g. for setting prices and reviewing the level and nature of future business. Details of any planned future refinements of the ICAAP should also be included. 8. ICAAP SUBMISSION SUMMARY SHEET The Authority has produced an ICAAP Submission Summary (‘ISS’) template (Figure C) to assist banks in presenting the output of their ICAAP in a consistent format to help ensure that Pillar 1, Pillar 2 and buffer requirements have adequately been considered. The Authority recommends that banks use this template based on their last audited set of figures (i.e. last audited year-end), and projected figures for the position as at the next two year ends.

Isle of Man Financial Services Authority Page 28 of 30 Figure C – ICAAP Submission Summary (Please fill in the shaded areas) Reporting bank: Credit Risk Methodology used Operational Risk Methodology used ICAAP Pillar 1 ICAAP Page Reference * GBP'000 Credit Risk RWA £0 Operational Risk RWA £0 Market Risk RWA £0 Settlement Risk RWA £0 Pillar 1 RWA £0 Pillar 1 Capital requirement £0 Minimum (Pillar 1) capital ratio 10% ICAAP Pillar 2 capital requirement Add-ons for: Residual Risk £0 Counterparty credit risk £0 Securitisation risk £0 Model risk £0 Residual Credit risk £0 Residual Operational risk £0 Residual Market risk £0 Residual Settlement Risk £0 Strategic risk £0 Concentration risk £0 Liquidity risk £0 Reputation risk £0 Interest Rate risk in the Banking Book £0 Underwriting risk £0 Pension risk £0 Transfer risk £0 Weaknesses in credit risk mitigation £0 Business risk (earnings and costs) £0 Strategy £0 Economic environment £0 Regulatory environment £0 Pillar 2 capital requirement £0 D-SIB Buffer (%) 0.0% Countercyclical Buffer (%) 0.00% Regulatory Buffer (%) 0.0% Minimum 1% Capital Requirements (as % of RWA) Capital Requirements GBP'000 Total Capital Requirement Overall Capital Requirement #DIV/0! £0 #DIV/0! £0 #DIV/0! £0 #DIV/0! £0 10.00% £0 Total Capital Requirement (TCR) as % of Pillar 1 RWA #DIV/0! Total Capital Requirement (TCR) as % of Pillar 1 capital #DIV/0! Minimum required CET1 (GBP '000) for TCR £0 CET1 capital requirement as % of Pillar 1 RWA #DIV/0! Minimum required Tier 1 (GBP '000) for TCR £0 This includes the CET1 above Tier 1 capital requirement as % of Pillar 1 RWA #DIV/0! Overall Capital Requirement (OCR) as % of Pillar 1 RWA #DIV/0! Overall Capital Requirement (OCR) as % of Pillar 1 capital #DIV/0! Minimum expected CET1 (GBP '000) for OCR £0 This is the equivalent of the bank specific minima in line F.3 of Form SR-2C This is the equivalent of the bank specific minima in line F.1 of Form SR-2C This is the equivalent of the bank specific minima in line F.2 of Form SR-2C ICAAP Submission Summary Sheet Standardised Approach Standardised Approach Category One Category Two Assumes all buffers held as CET1 Category Three Pillar Regulatory Buffer £0 Countercyclical Buffer D-SIB Buffer Pillar 2 Requirements £0 Pillar 1 Requirements As pre advised (0% to 2.5%) Refer to ICAAP guidance section 8.8 Category Four Other risks identified Buffers This is the equivalent of the bank specific minima in line F.4 of Form SR-2C

Isle of Man Financial Services Authority Page 29 of 30 Appendix 2 – Glossary (the) Authority The Isle of Man Financial Services Authority Basel II Accepted short form for the BCBS’s internationally recognised capital adequacy framework for internationally active banks, published in its paper “International Convergence of Capital Measurement and Capital Standards: A Revised Framework – Comprehensive Version”, issued in June 2006. Basel III Basel III is an internationally agreed set of measures developed by the BCBS in response to the financial crisis of 2007-09. The measures aim to strengthen the regulation, supervision and risk management of banks. Bank The Isle of Man incorporated deposit taker. BCBS The Basel Committee on Banking Supervision. CET1 ratio In relation to a bank, means a ratio of its Common Equity Tier 1 capital available to cover its risk weighted assets, calculated in accordance with rule 2.20 of the Financial Services Rule Book. D-SIB Domestic Systemically Important Bank. ICAAP Internal Capital Adequacy Assessment Process. OCR Overall capital requirements, which includes Pillar 1, Pillar 2 and any buffers. Pillar 1 One of the three Pillars established in Basel II /Basel III; this deals with the formulaic calculation of minimum regulatory capital requirements in respect of credit, market & settlement, and operational risk, based on risk weighted assets. Pillar 2 Covers a requirement for each bank to assess and record the full range of risks to which it is exposed, the mitigation it applies and any resultant capital requirement in addition to that generated under Pillar 1. Pillar 3 Pillar 3 focuses on disclosure requirements and only applies at the top consolidated level of a banking group and is therefore considered not to be generally applicable for banks in the Isle of Man. Recovery Plan Contingency plans to be established to restore capital adequacy and maintain liquidity or otherwise mitigate the impact of stresses on the bank and its customers. Recovery Trigger Trigger for consideration of action in a recovery plan. Reverse Stress Test Reverse stress tests are stress tests that require a firm to assess scenarios and circumstances that would render its business model unviable, thereby identifying potential business vulnerabilities. This differs from typical stress and scenario testing, which tests for outcomes arising from changes in circumstances. Risk Weighted Assets / RWAs In relation to a bank means assets weighted by risk (calculated in accordance with rule 2.20 of the Financial Services Rule Book). Risk Weighting Risk weightings are percentages set within the Standardised Approach and the Simplified Standardised Approach in relation to different types of assets that are used to calculate RWAs. Standardised Approaches These approaches are established in Pillar 1 of Basel II/Basel III as acceptable methods of calculating capital requirements for credit, market & settlement and operational risk. Basel II allows regulators discretion in implementing these approaches, especially in respect of the calculations for credit and operational risk.

Isle of Man Financial Services Authority Page 30 of 30 The Authority has established the following variants as available in the Isle of Man;

• the Standardised Approach and the Simplified Standardised Approach, or “SSA”, for credit risk;
• the Standardised Approach, the Alternative Standardised Approach and the Basic Indicator Approach for Operational Risk; and
• the Standardised Approach for market and settlement risk Under Basel III there are various changes to these approaches, and the resulting calculation of risk weighted assets. The Authority will continue to monitor changes to international standards and where appropriate and proportionate will look to align to any new standards. SREP Is the supervisory review and evaluation process (in relation to a bank’s ICAAP) TCR Total Capital Requirement: the amount and quality of capital a firm must hold to comply with the Authority’s minimum Pillar 1 and Pillar 2 capital requirements for a bank. Tier 1 ratio In relation to a bank, means a ratio of its Tier 1 capital available to cover its risk weighted assets, calculated in accordance with rule 2.20 of the Financial Services Rule Book. Total capital ratio In relation to a bank, means a ratio of its Total capital available to cover its risk weighted assets, calculated in accordance with rule 2.20 of the Financial Services Rule Book.