ICARA Process

ICARA Process: Just another compliance checkbox?

The ICARA Process is deemed to be more than just another compliance checkbox as many perceive it as a fundamental shift in how firms approach internal governance and risk management. Others view it as a set of mandatory requirements for firms. Is it merely a compliance exercise or a way to improve risk management?

The ICARA process, short for Internal Capital and Risk Assessment, has emerged as a significant regulatory framework introduced by the Financial Conduct Authority (FCA) within the UK. Both small, non-interconnected investment firms (SNI) and non-SNI firms now find themselves having to navigate the uncharted waters of these regulatory seas.

It’s deemed to be more than just another compliance checkbox and seen as more of a fundamental shift in how firms approach internal governance and risk management. The FCA has made a concerted effort to emphasise that it is building upon existing frameworks and setting new expectations. The regulatory landscape has evolved quickly over recent years and firms have to adapt to meet these new challenges.

Simply put, the ICARA process aims to be the lynchpin of risk management for MiFID investment firms. It encompasses a comprehensive assessment, including business model evaluation, forecasting, stress testing, recovery planning, and wind-down planning. It’s also introducing the Overall Financial Adequacy Rule (OFAR), a standard against which the FCA measures a firm’s financial resources.

This is not a one-off compliance exercise and formal ICARA reviews will occur annually. That, or after significant business changes, means that it will be an ongoing risk management process. Ensuring that firms maintain adequate financial resources, align with threshold conditions and adhere to any principles. The scale and complexity of a firm’s business will dictate the proportionality of its ICARA process.

The process safeguards firms from potential harms arising from their ongoing operations or business wind-down. It ensures firms have sufficient financial resources, aligns their business models with risk appetite, considers forward-looking own funds requirements and liquid assets, contemplate plausible stress scenarios, and stress test their businesses.

The FCA has also provided clear guidelines on what the ICARA document should contain. What’s required is the following:

  • Description of the firm’s business model and strategy,
  • Analysis of its material activities,
  • Evaluation of risk management processes,
  • Summary of identified harms and mitigation measures
  • Compliance with Overall Financial Adequacy Rule (OFAR)
  • Stress testing rules
  • Thresholds for own funds and liquid assets
  • Potential recovery actions
  • Wind-down planning

Senior managers will play a pivotal role in this process as they will be responsible for reviewing and approving the ICARA document. This is due to the Senior Managers and Certification Regime where senior managers are expected to actively engage in embedding ICARA requirements into their respective areas.

It won’t be all plain sailing though and firms can expect to encounter numerous practical challenges during the process. Some of these challenges will include integrating harm assessments with broader risk assessments, defining relevant harms, ensuring consistency in documentation and addressing plausible wind-down scenarios. Some of the lesser challenges faced may include meeting submission deadlines, briefing senior managers adequately and comprehensive recovery planning.

These are new regulatory waters and the financial industry is going to take some time to chart a course but it’s paramount that there is an understanding to effectively navigate the process. It is a risk-based approach to regulation meaning that the level of detail and rigor required in the ICARA document will vary depending on the size and complexity of the firm. As it is also an ongoing process, senior managers will need to review and update their ICARA documents on a regular basis and remember that it’s not just about compliance. It is a collaborative process that should involve all relevant stakeholders and fortify firms against potential risks, ensuring financial resilience in an ever-flowing regulatory sea.

You may also like

Would you like to read more articles like this?

Sign up using the option below to receive the latest articles sent straight to your inbox.