Basel II, ICAAP, Business Continuity Plan & Prudential Supervision

The series of directives known as Capital Requirements Directives (CRD), introduced with the aim to establish a supervisory framework in the European Union, reflect the essence of the rules on capital measurement and capital standards from the Basel accords, II and III. It is of paramount importance for investment firms, to understand the current regulatory framework on these and prepare for the upcoming reforms on the regulatory framework. This is necessary in order to design and implement an effective and sound ICAAP as this report is to be reviewed regularly to ensure that the risks identified are covered adequately.

Within this article, the Risk Compliance department at SALVUS, will elaborate on the requirements under the Basel II, including the regulatory framework of CRD IV and Capital Requirements Regulation (CRR), the additional reporting introduced by the Cyprus Securities and Exchange Commission (CySEC) on Prudential Supervision and Recovery Plans, and the reformed upcoming regulatory framework CRD V and CRR II.

The Basel II Capital Accord is structured on three (3) pillars;

  1. Pillar I: The first pillar defines the mechanism for calculating the minimum regulatory capital required to cover credit risk, operations risk, and market risk.
    1. All Cyprus Investment Firms (CIF) are required to submit to CySEC the Common Reporting Framework (COREP) forms, every quarter. Within the inputs the CIFs are expected to complete in these forms, they will calculate and adequately cover the risks faced and are included in Pillar I of the Basel II Capital Accord.
  2. Pillar II: The second pillar, which we cover below, goes further, and includes the Internal Adequacy Assessment Process (ICAAP) and the Supervisory Review and Evaluation Process (SREP), which provide the regulatory national competent authorities (NCA) with a tool to assess the completeness and adequacy of a firm’s capital adequacy vis-à-vis the risks that it faces.
  3. Pillar III: The third pillar aims to complement the previous two pillars by developing a set of disclosure requirements which allow the market participants to gauge the CIF’s capital adequacy.
    1. All CIFs are required to report to CySEC their Annual External Auditor’s Verification Report in regards to the Disclosures and Market Discipline Report – this is by the 30th of May each year. This verification report provides an assurance of the calculations and information provided to market participants by the CIF. It is worth noting, that the Disclosures and Market Discipline Report, in other words, Pillar III shall be publicly available, published on the CIFs website.

Now, when is the ICAAP under Pillar II submitted and how it is evaluated by the regulator?

The ICAAP shall be submitted to the regulator only upon request by the regulator – for a CIF, this is CySEC. Then, CySEC will use the Supervisory Review and Evaluation Process (SREP) to assess the processes implemented by the firm and the capital requirement calculations performed against the risks it faces.

How will CySEC ensure that CIFs have an ICAAP in place, and that they update this ICAAP annually?

Up until the 11th of July 2019, no other regulatory reporting layer was in place to support the regulator on its supervision role in regards to the ICAAP. On that day, CySEC issued Circular C326 and introduced additional regulatory reporting obligations for all CIFs. Those were titled “The Prudential Supervision Information” and since then, the Form 144-14-11 must be submitted to the regulator by the 30th of June each year. The main objective of the Prudential Supervision Information is to enhance the regulator’s supervision capacity on

  • the assessment of the Internal Capital Adequacy Assessment Process (ICAAP),
  • the assessment of the annual audited financial statements,
  • the safeguarding of clients’ money.

Specifically, within the Prudential Supervision Information regulatory obligation, CIFs are requested to inform CySEC with details on their ICAAP including;

  • the date of the last review performed on the ICAAP,
  • the own funds of the CIF on the reference date the ICAAP was reviewed,
  • the capital requirement for each risk the CIF is exposed (including Pillar I and Pillar II risks),
  • the risk appetite of the CIF,
  • the stress scenarios considered and implemented,
  • the impact of an economic downturn.

The Form 144-14-11 further analyzes the audited financial statements and the reconciliations performed concerning Clients’ money.

Wait, there is more

On the 5th of February 2020, CySEC introduced an additional reporting concerning the preparation and submission of Recovery Plans by CIFs with an initial capital requirement 730,000 EUR (Market Makers/Firms with the Investment Service of Dealing on Own Account).

Firms falling under the scope of simplified obligations in relation to the content and details of the CIF’s recovery plans must submit to CySEC by 30th of September 2020, the Form 20-01.

  • It is worth mentioning, that CIFs are obliged to submit the form every two years, meaning that the next submission is 30th of September 2022 and so on.

So, who is falling under the simplified obligations?

CIFs have not been determined as Other Systemically Important Institutions by the Central Bank of Cyprus (CBC) and meet one of the following criteria according to their latest audited financial statements:

  • Total assets are less than €,
  • Total liabilities are less than €,
  • Total income is less than €100.000.000.

CIFs that do not fulfill the above criteria, are subject to full scope obligations. Those CIFs shall submit to CySEC the Form 20-01 by 30th of June 2020, and submit the updated form annually.

Within the new regulatory obligation – Recovery Plans Form 20-01, CIFs are entitled to inform CySEC regarding their recovering plans and the respective calculations performed under the ICAAP, including

  • Recovering Plan Key Risk Indicators (KRIs) – The current and next year’s budgeted ratios shall be disclosed for
    • Capital Indicators, such as Common Equity Tier 1 Ratio, Total Capital Ratio, Leverage Ratio, and so on.
    • Liquidity Indicators, such as Liquidity Assets over Total Liabilities, Liquid Assets over Off balance sheet liabilities, and so on.
    • Profitability Indicators, such as Return on Equity and Significant operational losses.
    • Asset Quality Indicators, such as Impairment on financial assets.
  • The CIFs shall determine levels at which the KRIs would hit the amber level (early warning levels) and the red level (state of crisis). The green levels indicating the normal business conditions shall be stated as well.
  • Stress Scenarios including a minimum of 2 stress scenarios which are severe enough to bring certain indicators to the red level.
    • Scenario 1: Affects the firm on a stand-alone basis and has a negative impact on its liquidity position.
      • This scenario assumes an operational loss (system, fraud, regulatory related) with a reputational impact on the firm which in turn leads to significant liquidity distress.
    • Scenario 2: Affects the financial market in its entirety and has a negative impact on the firm’s capital position.
  • Recovery Options must be provided with the key information to be implemented in order to restore the CIF’s viability and financial position in response to the stress scenarios previously identified and being materialised.
    • CIFs shall indicate each recovery option versus which Scenario, or a combination of them,
    • the timing (i.e. how long the implementation is expected to take),
    • the feasibility of the recovery option, providing analysis of any material impediments to the effective and timely implementation of the options.
  • CIFs shall indicate the estimated impact of the recovery options selected on the recovery indicators.
    • on the current position – at the current level of the KRIs (at base) – as this is indicated within the KRIs.

It is noted that

  1. It is the CIF’s responsibility to determine the KRIs – Red, Amber and Green levels – based on the knowledge of the business and the relevant regulatory guidance.
  2. The scenarios to be used in the Recovery Plan are likely to be based on the ICAAP stress scenarios. Adjustments might be necessary in order to meet the “close-to-default” requirement of the recovery plan.
  3. A minimum of two and a maximum of four Recovery Options should be employed.
  4. CIFs are expected to present the outcome of the stress scenarios developed as this is derived from the recovery plan arrangements and other recovery plan workings developed and maintained by the CIF.

Upcoming Regulation

The new reform will directly apply to all Banks and Investment Firms within the European Union. The Capital Requirements Directive (CRD V) is part of a broad package of legislative amendments which includes the Capital Requirements Regulation II (CRR II) and aims to improve the risk and compliance management of the firms. For this, the European Banking Authority (EBA) has been mandated to produce the four Regulatory Technical Standards (RTS) on the Standardized Approach for Counterparty Credit Risk (SA-CCR) of the CRR II.

When the new reforms are expected to come into force?

  • 28th June 2021.

What are the expected changes and who is affected by these changes?

  • Read a related article published by the SALVUS Team 28th of May 2019.


It is essential for CIFs to understand the current regulatory framework and get prepared for the reformed regulatory framework.

It is necessary for the CIFs to design & implement an effective & sound ICAAP and this report to be reviewed regularly to ensure that the risks identified by the CIF are covered adequately.

CIFs must review the procedures in place at least once a year and subsequently produce the yearly ICAAP report. Another review of the ICAAP would be necessary if changes in any of the factors mentioned above, affect the assumptions used in the current report and directly impact the business or the risk profile of the firm.

Please contact us, if you require further information for a current or an upcoming regulatory framework. We will be glad to support you comply with the regulatory obligations, either by supporting you to design and implement an effective ICAAP Report, produce the quarterly COREP capital adequacy forms, the Prudential Supervision Information Form 144-14-11, the Recovery Plans Form 20-01, or a reporting obligation covered within SALVUS Regulatory & Compliance expertise.


Should you be interested to read about Risk Management topics for Investment Firms, please visit the selected articles below:

The information provided in this article is for general information purposes only. You should always seek professional advice suitable to your needs.

Share this post