14. Given the critical and major role of the ICAAP in banks’ sustainability and strategy, the Board of Directors is required to approve the ICAAP. The ICAAP should be subject to an effective decision-making process, by which the assumptions, projections, and conclusions are thoroughly discussed, analysed, and challenged at several levels in the organisation including (i) the relevant committees of subject matter experts, (ii) Senior Management, and (iii) the Board.

15. The Board has ultimate ownership and responsibility of the ICAAP. It is required to approve an ICAAP on a yearly basis. The Board is also expected to approve the ICAAP governance framework with a clear and transparent assignment of responsibilities, adhering to the segregation of functions, as described in Refer to Appendix 3.1. The governance framework should ensure that the ICAAP is an integral part of the bank’s management process and decision-making. The ICAAP governance framework should include a clear approach to the regular internal review and validation by the appropriate functions of the bank.

16. The policy framework should be approved by the Board. Senior Management has to implement the framework via effective procedures and systems. The framework must include measures reflected in the ICAAP report applied in day-to-day business and supported by suitable MIS at appropriate frequencies. A key aspect of this requirement is the “Use Test” principle covered in the next section. The risk framework has to be applied across the organisation.