What is the ICAAP (Internal Capital Adequacy Assessment Process)?

The **Internal Capital Adequacy Assessment Process (ICAAP)** is a bank’s own internal process for determining, on an ongoing basis, whether its internal capital is adequate to cover all the material risks to which it is, or might be, exposed. Its legal basis is **Art. 73 of the Capital Requirements Directive (CRD, Directive 2013/36/EU)**: institutions must have “sound, effective and comprehensive strategies and processes” to assess and maintain “the amounts, types and distribution of internal capital” on an ongoing basis — proportionate to the nature, scale and complexity of their activities ^[1].

The liquidity-side counterpart is the **ILAAP (Internal Liquidity Adequacy Assessment Process)** under **Art. 86(1) CRD**: the same mechanism for the identification, measurement, management and monitoring of liquidity risk. The ICAAP and ILAAP are the two internal processes the institution itself owns — as distinct from the SREP, which the supervisor runs ^[1].

The ECB expects the ICAAP to be operated from **two complementary perspectives** (Principle 3 of the ECB Guide); effective risk management requires both, and they “mutually inform each other.” The **normative perspective** is a **multi-year** assessment of the institution’s ability to meet all capital-related regulatory and supervisory requirements on an ongoing basis — under the baseline and under adverse scenarios across the planning horizon ^[2].

The **economic perspective** requires the institution to identify and quantify **all material risks** that may cause economic losses and deplete internal capital, and to ensure those risks are adequately covered by internal capital — assessed on an economic-value basis rather than regulatory or accounting figures ^[2].

The ICAAP and ILAAP are key inputs into the supervisor’s **SREP** (Supervisory Review and Evaluation Process). The SREP has four assessment blocks: (1) business model, (2) internal governance and risk management, (3) **risks to capital — fed by the ICAAP**, and (4) **risks to liquidity — fed by the ILAAP**. The ECB Guide states that the ICAAP “feeds into all SREP assessments and into the Pillar 2 capital determination process” ^[2][5].

In practice, the quality of the ICAAP shapes the calibration of the **Pillar 2 Requirement (P2R, binding)** and **Pillar 2 Guidance (P2G, non-binding)**. Robust, well-documented ICAAP submissions materially improve the SREP outcome; weak ICAAP processes can themselves become the subject of qualitative supervisory measures ^[5].

The ECB published its **Guide to the ICAAP** in **November 2018** (applicable since 1 January 2019, alongside an **ILAAP Guide**); it sets out **seven principles** and is intended to help banks strengthen their processes. Importantly, the Guide is **not binding law** — it expressly states that it “does not substitute or supersede” applicable law, and that where they diverge the applicable law (Art. 73 CRD) prevails ^[2][3].

The ICAAP must be **proportionate**: Art. 73 CRD requires it to be appropriate to the nature, scale and complexity of the institution. In practice, supervisors scale depth and intensity along the **four SREP categories (1–4)** of the EBA Guidelines (EBA/GL/2014/13, revised by EBA/GL/2022/03), which classify institutions by systemic importance and cross-border activity — larger, more complex institutions must maintain a correspondingly deeper ICAAP ^[4][5].

In a horizontal analysis of the ICAAP submissions of **37 significant institutions** (ECB report, 2020), supervisors found the basics broadly established but flagged **three key areas of concern**: **data quality** (“many banks show material deficiencies in this key area”), the **economic perspective** (weak implementation of the concept, inconsistent and insufficiently conservative quantification), and **stress-testing** (many banks do not systematically monitor their environment to identify new threats early enough) ^[6].

The implication: the ICAAP is not an annual document drop but an ongoing process that is only as good as the data beneath it. Complete, auditable data histories across all material risks — and their consistent aggregation — are the precondition for the economic perspective and stress-testing to withstand supervisory scrutiny ^[6].