Guidelines on the capital review process (5 February 2010)

1. Introduction and legal regime

The aim of these Guidelines is to inform institutions of the criteria and

methodologies used by the Banco de Espaa for the review and evaluation referred
to in paragraph 1 of Article 10.bis of Law 13/1985 on investment ratios, own funds
and reporting requirements of financial intermediaries, which specifies that the
Banco de Espaa, in its capacity as the authority responsible for the supervision of
credit institutions and their consolidatable groups (hereafter institutions), shall:

a) Review the systems, whether they be agreements, strategies, procedures or

mechanisms of any kind, used to comply with the solvency rules in this law and in
its implementing regulations;

b) Assess the risks to which institutions are or may be exposed;

 c) Based on the review and evaluation referred to in a) and b) above, determine
whether the systems mentioned in a) above and the own funds held by institutions
ensure sound risk management and coverage.

d) Publish guidelines to indicate the criteria, practices or procedures institutions

should follow to properly assess the risks to which thay are or may be exposed and
for best complying with the rules on the regulation and discipline they have to
comply. These guidelines may also include the criteria which the Banco de Espaa
will follow in its supervisory review process.

The implementing regulations of the aforesaid article are contained in Chapter

IX of Title I of Royal Decree 216/2008 of 15 February 2008 on the own funds of
financial institutions and in Rule 108 of Banco de Espaa Circular 3/2008 to credit
institutions on determination and control of minimum own funds (hereafter the
Circular).

The aforementioned paragraph 1 of Article 10.bis of Law 13/1985 is the

transposition to Spanish legislation of Articles 124 and 144 of Directive 48/2006 of
the European Parliament and of the Council on the taking up and pursuit of the
business of credit institutions (hereafter the Directive or the CRD), the
implementing rules of which are set out by the Committee of European Banking
Supervisors (CEBS) in its document Guidelines on the Application of the
Supervisory Review Process under Pillar 2, published on 25 January 2006. These
Guidelines are based on the principles and criteria established in the CEBS
guidelines, a summary of which is included in Annex 1. Annex 2 lists other
guidelines relating to Pillar 2 prepared by the CEBS and the Basel Committee on
Banking Supervision.

This task of the Banco de Espaa is generally known by the acronym SREP
(supervisory review and evaluation process) although in these Guidelines it is
referred to by the literal translation (capital review process) of the term used in the
Spanish version (proceso de revisin de capital, PRC).

2. Aim of the capital review process

The aim of the capital review process (PRC) is to ensure that the risk profile of
credit institutions is commensurate with the own funds held by them. To this end the
so-called Pillar 2 of the revised solvency framework known as Basel II establishes
the following four principles:

Principle 1: Credit institutions should have a process for assessing their overall
capital adequacy in relation to their risk profile and a strategy for maintaining their
capital levels.

Principle 2: Supervisors should review and evaluate institutions internal capital

adequacy assessments and strategies, as well as their ability to monitor and ensure
their compliance with regulatory capital ratios. Supervisors should take appropriate
supervisory action if they are not satisfied with the result of this process.

Principle 3: Supervisors should expect institutions to operate above the minimum

regulatory capital ratios and should have the ability to require institutions to hold
capital in excess of the minimum.

Principle 4: Supervisors should seek to intervene at an early stage to prevent

capital from falling below the minimum levels required to support the risk
characteristics of a particular institution and should require rapid remedial action if
capital is not maintained or restored.

It follows from the first of these principles that institutions should have in place
an internal capital adequacy assessment process which is appropriate for their size
and complexity. This principle is laid down in Article 6.4 of Law 13/1985 and
implemented in Article 68 of Royal Decree 216/2008. In order to facilitate
compliance with this obligation, on 25 June 2008 the Banco de Espaa published
the Guidelines on the internal capital adequacy assessment process (ICAAP) at
credit institutions, aimed at helping institutions to carry out this process.

Under the second principle set out above, the Banco de Espaa is responsible for
reviewing the aforementioned internal capital adequacy assessment process and
evaluating whether institutions corporate governance, risk management, control
procedures and own funds level ensure the adequate management and coverage of
the risks to which they are exposed. As stated above, this review and evaluation
process is referred to here as the capital review process (PRC).

This task which the regulation of own funds under Basel II has recently imposed
on supervisors is not, however, new, but rather the explicit and formal expression of
an obligation which has always existed. The Banco de Espaa, in its risk-based
supervisory model (SABER), has already established specific procedures for
assessing institutions risks and capital adecuacy, and this supervisory activity is a
fundamental part of the risk-based supervision of credit institutions performed by
the Banco de Espaa.

Accordingly, the capital review process forms part of the Banco de Espaas
general supervisory process, and receives as inputs the results or conclusions
obtained during the course of all supervisory activities [1] , particularly those
stemming from the assessment of institutions risks and solvency. For this reason
the PRC is included in this activity.

The capital review process is carried out by the Banco de Espaa once it knows
the degree of credit institutions compliance with the rules they have to follow
(particularly with the accounting rules) and after analysing institutions economic
and financial situation. Without such prior knowledge, a review of institutions
capital within the meaning of Article 10.bis of Law 13/1985 cannot be carried out.

The internal capital adequacy assessment process draws on the idea that the
minimum regulatory capital requirements (the so-called Pillar 1 capital) covers
credit, market and operational risk on the basis of uniform rules and constitute a
minimum; and that no set of uniform rules can capture all aspects of every risk or
cover all the risks to which each particular credit institution is exposed.

Therefore, forming a judgement on the risks assumed and on whether the capital
is adequate to support those risks calls for more than a simple assessment of
compliance with minimum regulatory capital requirements according to the rules set
in Pillar 1 of Basel II. But the capital review process cannot consist in setting
automatic increases in capital needs (Pillar 2 add-ons) for the risks not covered in
Pillar 1. It is not just a matter of simply aggregating the risks not considered under
Pillar 1 and determining the capital add-ons needed to cover them, since there may
be good reasons to accept that the total amount of capital required may be less than
the sum of the capital needed to cover the individual risks, as a result of the
well-known diversification effect. [2] In short, it is necessary to carry out an overall
assessment of the institutions risk profile and of the capital needs derived from that
risk profile.

The capital review process ends with a forward-looking assessment which results
from analysing and evaluating the financial strength of each institution to face any
adverse future events which may arise. To this end the institutions capital plan and,
within that capital plan, the envisaged stress scenarios are reviewed and evaluated.

The Banco de Espaa expects institutions to operate above their minimum

capital requirements stablished by the solvency regulation, i.e. above the Pillar 1
figures, and to maintain a buffer above the regulatory minimum, in accordance to its
risk profile. Moreover, the obligation to hold own funds in excess of Pillar 1
requirements is a prudential tool which the Banco de Espaa can use to make
allowance for the risks or weaknesses identified, after having given exhaustive and
careful consideration to other supervisory measures.

______________________________

[1] The supervisory process of the Banco de Espaa consists of four separate
supervisory activities: accounting review, including valuation of assets and
liabilities, economic and financial analysis of institutions, review of regulatory
compliance, and analysis of risks and solvency.

[2] However, due to the difficulty in accurately evaluating the effect of risk
diversification, the Banco de Espaa is particularly prudent in evaluating the
benefit of diversification.

3. Scope of application of the capital review process

The scope of application of the PRC is determined by the scope of application of

own funds regulations, which generally require compliance at consolidated level.
Hence the PRC is conducted at consolidated level, although the review of a banking
group also looks at whether the individual institutions of the group are also
adequately managed and capitalised from an individual standpoint.
 A banking group should be adequately capitalised both in at overall level (in
terms of both volume and quality of capital) and, in addition, there should be an
adequate distribution of the capital within the group, i.e. commensurate with the
allocation of risks at the group, such that each individual bank of the group,
including the parent, has the capital that is appropriate for its risk profile and a
sufficient buffer to allow its ordinary growth.

Each credit institution in the group should be capable of identifying, managing

and assessing its business risks at the individual-entity level, although the risk
techniques, systems and culture used by it may be common to the group, without
prejudice to the application by the parent of its own control mechanisms to the
whole group.

The individual credit institutions in the group, regardless of the degree of control
exercised over them by the parent, should have the capacity to turn to the markets to
finance their activity and arrange individually the appropriate risk coverage.
Intra-group transactions should always be at market prices and not be subsidised in
either direction. The best way of achieving this is for the different institutions in a
banking group to operate directly with the market, since this improves transparency
and enables effective knowledge and rating not only of the group, but also of each
of its components.

The prudential supervision of international banking groups is based on the

current arrangements for the sharing of responsibilities between home and host
supervisors envisaged in Basel Committee documents and in European legislation,
as follows:

- The home supervisor exercises the individual prudential supervision of the

parent and of the group subsidiaries in his country; it also exercises the consolidated
supervision of the group as a whole.

- The host supervisor exercises the individual prudential supervision of all the
subsidiaries authorised in his country. Where existing, it is also responsible for
supervising the sub-consolidated group in his country, formed by the subsidiaries
established in its jurisdiction and the subsidiaries of these.

Neither the new Basel capital framework (Basel II) nor the new capital
requirements directive (CRD) has altered this legal sharing of responsibilities.
Hence, under Pillar 2 the home supervisor carries out the PRC at group and parent
level and the host supervisor carries out the PRC of the subsidiaries in his
jurisdiction (and of the sub-consolidated group, if any, in his country).

Notwithstanding the above, the CRD significantly encourages cooperation

between supervisors in the EU, with the aim of achieving more effective and
efficient supervision of European banking groups, avoiding unnecessary duplication
of supervisory activities and preventing an excessive supervisory burden for
institutions. For this purpose, the European authorities have undertaken to abide by
a reinforced cooperation framework based on close coordination and information
exchange to improve efficiency and efficacy in the performance of the respective
supervisory tasks.

In accordance with the CEBSs principles of home-host country cooperation, the

Banco de Espaa considers that the key features of the framework of cooperation
with other supervisors within the scope of the PRC can be summarised as follows:

- The Banco de Espaa will, as the home supervisor of international Spanish

banking groups with subsidiaries in other EU countries, conduct the PRC for the
group as a whole, assess the internal governance and the group ICAAP, have the
dialogue with the key staff of the group and draw conclusions from the PRC of the
group. The Banco de Espaa should initiate on a timely basis a process of
consultation with the individual supervisors involved, take the lead in establishing
cooperative arrangements based on the group PRC and take into consideration the
local PRCs performed by host supervisors when assessing the capital adecuacy of
the group as a whole.

- The Banco de Espaa will, as host supervisor of the subsidiaries in Spain of

foreign banking groups, perform the PRC at local level in order to assess the ICAAP
of the group subsidiaries in Spain. In doing so, it will take into consideration the
PRC and ICAAP at the group level, within the context of the cooperative
arrangements with the home supervisor.

- The supervisory review process of the Banco de Espaa will take into
consideration the degree of integration of the banking group and its internal
organisation. Banking groups may have centralised certain activities such as their
risk management functions and, consequently, there may be a need to develop a
more integrated and coordinated approach to supervision. In such cases the
coordinating role of the home supervisor should be more important to ensure an
efficient supervisory review.

- The supervisory cooperative framework should contribute to enhancing the

consistency and efficacy of supervisory assessment throughout the whole group and
should allocate, without prejudice to the legal framework of the respective
responsibilities, the various tasks to the supervisor best able to carry them out
effectively.

4. Principles of the capital review process

The PRC analyses the solvency of credit institutions in the broad sense of the
term, i.e. it analyses not only capital adequacy at a given time, but also foreseeable
capital needs and availability. It also analyses the quality of the own funds held, its
distribution in consonance with risk allocation within a banking group, the existence
of unrealised gains and other items which may be used to absorb unexpected losses,
etc. And clearly the PRC considers the ability to generate future profits which can
strengthen an institutions solvency if necessary, since an institutions first line of
defence against possible future losses is a sound profit and loss account based on
recurring earnings.

The main sources of information used by the PRC are the periodical institutions
own funds return to Banco de Espaa and its internal capital adequacy assessment
report (ICAAR). However, the Banco de Espaa uses other relevant information
available to it, most notably all that derived from its supervisory activities.

The PRC is structured so as to ensure uniformity in the treatment of institutions,

although it takes into account the fact that institutions differ in risk profile,
organisation, business strategy and risk management.

The PRC is inspired on the following principles:

- It is comprehensive, in that it includes the review of all significant aspects and

risks affecting institutions solvency and encompasses both quantitative and
qualitative aspects, such as the internal governance of institutions and the
management, control and mitigation of all significant risks.

- It is proportionate. The intensity and depth of the review are proportionate to

the scale, complexity and systemic importance of each institution. The way in which
the review and assessment are carried out is tailored to the organisation and special
features of each particular institution.

- It is periodic. It is conducted at regular time intervals and with differing depths,

in accordance with the inspection plans, and is updated at least once a year.

- It is prospective and evaluates, based on the information known at any given

moment, each institutions ability to comply with the solvency requirements in the
future.

- It is preventive and seeks to identify, where applicable, the prudential measures

required to avoid or reduce the probability of future credit institutions insolvency,
limit the cost of those that eventually occur and avoid its effects on the system.

5. The capital review process conducted by the Banco de Espaa

The supervisory process of the Banco de Espaa is established such that the
multiple tasks comprising the process enable to update as often as necessary, and at
least yearly, each institutions supervisory risk profile and, where applicable, the
Banco de Espaas supervisory strategy and supervisory plan for the institution [3] .

The PRC forms an integral part of the Banco de Espaas risk-based supervisory
process and receives input from all supervisory activities which affect the solvency
of institutions in one way or another. The Banco de Espaa assesses institutions
risk profiles by means of its different supervisory activities, i.e. through off-site
monitoring and analysis, inspection visits and continuous on-site monitoring.
 The PRC is based on all the relevant information available to the Banco de
Espaa about an institution, and, specifically, that resulting from all its supervisory
activities. Notwithstanding this, the PRC basically consists of two activities:

- Review and evaluation of the periodical own funds return to the Banco de
Espaa.

- Review and evaluation of the internal capital adequacy assessment report.

5.1 Review and evaluation of the own funds return

The PRC consists firstly of checking that institutions comply with the regulatory
minimum solvency requirements, and analysing and evaluating such compliance
through review of the own funds returns submitted periodically by institutions to the
Banco de Espaa.

This review and evaluation is conducted basically off-site, [4] but also
periodically in inspection visits in accordance with the supervisory plans. Both
reviews, i.e. off-site and in inspection visits, are carried out by the operating groups.
The off-site review analyses the consistency of the information received, while
inspection visits also check the accuracy of the information sent to the Banco de
Espaa. The review of the own funds return puts particular emphasis on the past
history of the institutions solvency ratios and on comparing these solvency ratios,
in terms of both volume and quality (i.e. percentage of tier 1 capital on total capital
held), with those of peer institutions.

An important part of this review relates to the examination and evaluation of

ongoing compliance with the requirements to be met in order to use advanced
approaches for the calculation of regulatory capital requirements under Pillar 1. This
review aims to ensure that these requirements continue to be met, the models
continue to be valid, any changes to them by institutions are appropriate and the
capital so calculated continous to be adequate. This review is carried out off-site and
also in inspection visits.

As stated below (in Section 6.1.2 on the capital plan), this review includes the
analysis of possible increases in own funds requirements at times of unfavourable
economic circumstances (known as the analysis of capital procyclicality), and also
the analysis of the ability of institutions to develop their strategic business plans
while complying with their regulatory capital requirements at any time in the future.

5.2 Review and evaluation of the internal capital adequacy assessment

report (ICAAR)

Current solvency regulations impose a further obligation on institutions, which is

to have a formal internal capital adequacy assessment process. In Spain this process
is formally displayed in the internal capital adequacy assessment report (ICAAR)
which institutions have to submit to the Banco de Espaa every year.
 Hence the Banco de Espaas incorporates to its former supervisory activities the
task of reviewing and evaluating this internal capital adequacy assessment process
performed by institutions.

The Banco de Espaa reviews and evaluates the internal capital adequacy
assessment process (ICAAP) performed by institutions by means of the review of
the ICAAR and the dialogue with the institution. The dialogue between the
institution and the Banco de Espaa is an essential part of the capital review process
and includes the Banco de Espaa informing the institution of its evaluation of the
ICAAP. The ICAAR is the basic document for this dialogue between the institution
and the Banco de Espaa, whose intensity and depth should be proportionate to the
complexity and systemic importance of the institution.

This dialogue encompasses all the risks held by the institution, which can be
grouped in four categories:

- Pillar 1 risks (credit, market, and operational risk).

- Risks not fully covered under Pillar 1 (for example, residual risk in credit risk
mitigation, and securitisation risk).

- Pillar 2 risks (interest rate risk in the banking book, concentration risk, liquidity
risk, reputation risk, strategic risk, etc.).

- External factors, where not already considered in the previous points, including
the impact of economic cycles.

Regarding the capital held to meet capital needs, although the internal capital
adequacy assessment processes of institutions refer to internal capital (as explained
in the ICAAP guidelines), this concept of capital differs from own funds in both
meaning and composition. Accordingly, for greater clarity, in the dialogue which
compares and contrasts the ICAAP and the PRC, the Banco de Espaa bases this
dialogue in terms of own funds.

Although the review of the ICAAR is ongoing and lies within the general
supervisory process, it has two distinct landmarks: a yearly off-site review, to check
that the ICAAR is complete and is reasonable, and the performance of specific
reviews of greater depth and wider scope, during inspection visits [5] . Both reviews
are subject to the principle of proportionality, whereby the intensity of the review is
commensurate with the importance and complexity of what is being reviewed.

5.2.1 Yearly off-site review of the ICAAR

The yearly off-site review of the ICAAR does not aim to check the information
submitted by the institution, but rather to draw the conclusions which reasonably
derive from that information. However, if major inconsistencies are observed, or if
the institution makes statements clearly contrary to the Banco de Espaas
knowledge of that institution, the pertinent clarifications will be requested. In
extreme cases, the institution will be asked to correct the report and re-submit it to
the Board of Directors for approval.

The yearly review of the ICAAR consists of examining its content to check that
it is complete and reasonable, and of making a first assessment of the report. To this
end, the following two tasks are previously carried out:

- The summary ICAAP return [6] is reconciled to the correspondent own funds
return and any inconsistencies are identified.

- Any relevant omission in the ICAAR is indicated. Significant omissions must

be remedied by the institution.

To review the ICAAR of an institution, account is taken of the ICAARs

submitted by peer institutions.

5.2.2 Review of ICAAR in on-site inspections

The review of the ICAAR is also included in the yearly on-site inspection plan.
The scope of the review is defined before the inspection visit is commenced. This
scope may encompass the full ICAAR or specific aspects of it. It is considered
advisable to carry out the review of the ICAAR together with the review of the
corresponding own funds return because they are closely related to each other.

A major aim of this review is to check that the information in the ICAAR is
adequate and accurate. Another aim is to review and evaluate the methodological
aspects of the ICAAP incorporated into the ICAAR and identify possible
deficiencies and weaknesses affecting the outcome of the ICAAP.

This review includes a review of institutions internal capital models if they are
used to prepare the ICAAP.

5.2.3 Review of ICAAR in on-site continuous monitoring

Notwithstanding what has been said in the preceding two sections, the
supervisory operating groups which engage in on-site continuous monitoring may
review the ICAAR by using the teams located at the institution and the methodology
normally employed in the day-to-day conduct of their supervisory activity.

For this purpose, each year a programme will be drawn up to facilitate the review
of the ICAAR by coordinating the tasks of the various teams which will review each
section of the ICAAR. This programme will set the scope, which will normally be
full.

Given that the monitoring of the different risks addressed in the ICAAR, of
corporate governance and of the controls in place is of a permanent nature, the
information gathered in this monitoring will be used to keep each institutions
supervisory risk profile up to date, independently of whether the yearly review of
the ICAAR has been formally completed.

______________________________

[3] The supervision of credit institutions is carried out by inspection operating

groups. These groups are assigned the function of maintaining an up-to-date
knowledge, information and opinion of the institutions entrusted to them. They do
this by means of three types of supervisory activities, namely continuous off-site
monitoring, inspection visits and continuous on-site monitoring. These activities
allow keeping an up-to-date knowledge, informations and opinion with regard to
each credit institution. Assigning all the supervision tasks (off-site monitoring,
inspection visits and continuous on-site monitoring) to the same group of people
makes for a better knowledge of the institutions. The Banco de Espaa considers
that inspection visits and continuous on-site monitoring are the basic forms of
supervisory activities, since they enable direct, close contact with the people in
charge of day-to-day management of the institution and, in addition, allow the
information received from institutions to be checked.

[4] In the larger banking groups, in which a continuous on-site monitoring system
has been established, this review is conducted basically through this continuous
on-site monitoring procedure.

[5] In the larger banking groups, in which a continuous on-site monitoring system
has been established, this review is conducted basically through this continuous
on-site monitoring procedure.

[6] See Annex 1 of the Guidelines on the ICAAP.

6. Yearly conclusion drawn from the PRC

The supervisory process of the Banco de Espaa is established so that all of the
multiple tasks comprising it are updated and reviewed each year. This enables
supervisory teams to keep up-to-date each institutions risk profile and, when
applicable, the Banco de Espaas supervisory strategy and supervisory plan for the
institution.

Under this supervisory framework, the regular, at least yearly, execution of the
PRC [7] seeks to provide the conclusions needed to better update the institutions
risk profile. To enable this, the ICAARs received from institutions are reviewed and
evaluated and, based on this review and on the other supervisory activities
performed during the year, possible deficiencies are identified, the pertinent
conclusions are drawn and, where applicable, the necessary prudential measures are
taken.

6.1 Evaluation of the institution

 Once the ICAAR has been reviewed it is taken into account, along with all the
results and conclusions from the various supervisory activities carried out during the
year and any other relevant information available, in evaluating the institutions
solvency situation and in reviewing, where applicable, the risk matrix ratings [8]
and supervisory risk profile of the institution. For this purpose the strengths and also
the significant limitations or weaknesses identified are taken into account and the
soundness of internal governance is assessed.

As a result of the review of the ICAAR, a brief memorandum is prepared which

is included in the annual risk profile report of the institution. This memorandum has
the following sections:

1. Capital target. The capital target set by the institution is specified and
assessed. To do so, the institutions specific situation and the targets set by peer
institutions are considered.

2. Capital plan. The capital plan, including stress scenarios and contingency
plans, is analysed to determine its reasonableness. The discrepancies between the
current reality and what was envisaged in the capital planning of prior years are
stated, if significant.

3. Consistency between the institutions internal capital adequacy assessment in

its ICAAR and the risk matrix ratings and risk profile of the institution drawn up by
the Banco de Espaa. The discrepancies considered significant are indicated.

4. Future action programme. The future action programme, if any, is summarised

and assessed. The degree of fulfilment of prior years action programmes, when
applicable, is also summarised and assessed.

5. Noteworthy matters. Other issues considered significant, in view of the

information in the ICAAR and what is known about the institution, are indicated.

The evaluation of the institution is based especially on the reasonableness of the

capital target and on the institutions capital plan.

6.1.1 Capital target

An appropriate capital strategy, based on maintaining a sufficient buffer in

excess of the regulatory minimum requirement, enables institutions to get over
difficult situations and fulfil their strategic business plan.

Institutions ICAARs should display this strategy by means of their capital

target. This target should be reasonable, sustainable over time and consistent with
the institutions strategic business plan, without prejudice to possible temporary
deviations due to adverse impacts or one-time circumstances.

The Banco de Espaa ICAAP guidelines define the capital target as the amount
of capital in excess of the regulatory minimum which the institution considers
necessary to hold both currently and in the future period projected in its capital
planning and which is in accordance with:

- The risks inherent in its activity.

- The economic environment in which it operates.

- The internal governance, risk management and control systems.

- The strategic business plan.

- The quality of the own funds held.

- The real possibility of obtaining further own funds in the future, if needed.

The ICAAR must justify the institutions capital target to the satisfaction of the
Banco de Espaa. In assessing the capital target the Banco de Espaa considers:

- Material risks not covered under Pillar 1.

- Weaknesses in internal governance, risk management and control.

- The institutions strategic business plan.

- The institutions capital plan, including stress tests conducted.

- The Banco de Espaa view, reflected in the risk matrix ratings and the
supervisory risk profile given to the institution.

- The existence of available financial resources not considered in regulatory

solvency calculations (to be more specific, level of general provisions and
unrealised gains).

- The foreseeable increase in own funds requirements in times of crisis. This

matter is particularly important for institutions which use advanced approaches for
calculating their regulatory capital, due to the higher risk-sensitivity of these
approaches.The institutions capital target (in terms of volume and quality) is
compared for this purpose with those of peer institutions. In the case of groups of
credit institutions, the distribution of capital between the various legally separate
institutions is assessed and, specifically, the reasonableness of the parents degree of
leverage in its investment in subsidiaries is analysed.

The Banco de Espaa, in assessing an institutions capital target, will take into
account particularly that this target should be commensurate with the institutions
risk profile. Hence institutions with a risk profile considered high by the Banco de
Espaa should have a higher capital target than institutions with a "medium-high"
risk profile; institutions with a "medium-high" risk profile should have a higher
capital target than institutions with a "medium-low risk profile; and finally,
institutions with a medium-low risk profile should have a higher capital target
than institutions with a "low" risk profile.

6.1.2 Capital plan

The capital plan, in conjunction with the institutions capital target, should allow
the growth envisaged in the strategic business plan and, furthermore, the compliance
with the mnimum capital requirements under Pillar 1 in the event of a severe
recession or of clearly unfavourable business circumstances.

For this purpose, institutions should carry out stress tests and the Banco de
Espaa should evaluate them, since these stress tests should be sufficiently severe
(for example, considering situations occurring once in the last 20-30 years). To
determine the impact in terms of the actual losses arising with a certain probability,
institutions may use (when possible and appropriate) advanced regulatory methods
for calculating own funds and, on the basis of these methods, estimate the losses
which may arise with a certain periodicity (which may be set previously by the
Banco de Espaa).

To review these stress tests, the Banco de Espaa will follow the principles and
recommendations established in this respect by international supervisory bodies [9] ,
and will apply these recommendations to check that the degree of severity of the
stress scenarios used by the various institutions is comparable. The Banco de
Espaa will assist institutions in order for them to establish scenarios of comparable
severity. For this purpose, the Banco de Espaa may provide direct inputs to
institutions for certain stress tests, such as, for example, specific falls in GDP,
certain rises in the unemployment rate, house price falls, increases in doubtful loans
ratios, etc. and may also define specific reverse stress scenarios [10] to be
considered by institutions.

Capital buffers over and above the regulatory minimum are held by institutions
largely so that regulatory capital requirements continue to be met even in situations
of stress, in which extraordinary losses appear. For this reason, if such extraordinary
losses materialise, it does not make sense to require institutions to restore
immediately their capital to its former level, since in such a case this excess capital
lacks utility [11] . In the case those losses occur, the institution should consider a
realistic and prudent plan for returning to its capital target.

6.2 Assessment of the programme of future measures

Based on the assessments set out in the ICAAR, institutions should also
summarise the main deficiencies and weaknesses found and, if significant, draw up
an action plan to remedy them. This action plan may include the following
measures, among others:

- Modification of the institutions risk profile: reduction of certain activities, use

of new risk mitigation techniques, etc.
 - Improvements in governance and internal organisation; improvements in risk
management and internal control.

- Modificate (raise up) the capital target, stating the related adaptation period, if
appropriate.

The Banco de Espaa will analyse and assess, as often as necessary and at least
yearly, the degree of fulfilment of these programmes of future measures which, as
explained in the ICAAP guidelines, constitute a voluntary commitment of the
institution.

______________________________

[7] The yearly conclusion drawn from the PRC aims to comply with the obligation
of yearly updating referred to in the last subparagraph of paragraph 1 of Article
10.bis of Law 13/1985.

[8] For further details on the risk matrix ratings, see the document The Banco de
Espaa supervisory model at Banco de Espaa website.

[9] The BCBS published guidelines on Principles for sound stress testing practices
and supervision in May 2009. The CEBS published guidelines on Technical
aspects of stress testing under the supervisory review process in December 2006.
In December 2009 has published, for consultation, a revised version.

[10] A reverse stress scenario, as defined in the BCBS guidelines, consists of

starting from a given clearly adverse outcome (such as a capital shortfall,
significant losses in certain activities or portfolios, etc.) and then investigate what
events could lead to such an outcome.

[11] Nevertheless, it should be kept in mind that the capital able to absorb losses in
these situations consists solely of the capital that can be used to absorb losses in a
going-concern situation (which is only the highest-quality capital). It must be
realised that if core capital is consumed to absorb losses this will affect the
subsequent eligibility of the lower-quality capital which is leveraged to it. For
example, an institution can (theoretically) have a solvency ratio of 12% with core
capital of 3%, but the other 9% only counts if that 3% exists. If, due to
extraordinary losses, 2% of the core capital is lost, then 6% of the lower-quality
capital automatically ceases to count and the institution would have a solvency
ratio of 4% from that time.

7. Actions of the Banco de Espaa as a result of the capital review process.

Taking into account all the supervisory activities performed in the year and the
result of the review of the ICAAR, decisions considered appropriate are taken.
These decisions may be of internal scope or may have practical implications for the
institution:
 - Decisions of internal scope:

- Changes to risk matrix ratings and to the institutions supervisory risk profile.

- Changes to the supervisory plan for the institution and, where appropriate,
performance of extraordinary supervisory activities.

- Decisions with practical implications for the institution, in accordance with

article 11.3 of Law 13/1985:

- Urge the institution to make changes in its ICAAP or in its ICAAR, in its
capital target, in its capital plan or in its programme of future measures.

- Set up Pillar 2 additional capital requirements or other corrective measures.

Annex 1. Principles of the capital review process

Ten general principles of the capital review process, referred to in principle 2 of

Pillar 2 of the revised solvency framework and in Article 124 of the capital
requirements directive, generally known in English by the acronym SREP
(supervisory review and evaluation process), were formulated by CEBS in its
guidelines on Pillar 2 (Guidelines on the application of the supervisory review
process under Pillar 2). They are as follows:

Principle 1: The PRC [12] should be an integrated part of the authority's

overall risk-based approach to supervision. The PRC underpins the supervisor's
dialogue with the institution.

Principle 2: The PRC should apply to all authorised institutions. The scope
of application of the PRC will be determined by reference to the CRD.

Principle 3: The PRC should cover all the activities of an institution. All
significant business units of the institution, whether operating domestically or
abroad, will be considered in the review and evaluation process.

Principle 4: The PRC should cover all material risks and internal
governance. The supervisory authority will evaluate the institutions risks and
internal governance (including risk controls, compliance, and internal audit). The
evaluation will focus on identifying each institution's risk profile and assessing the
quality of the institution's risk management system. The evaluation of controls
should include, at a minimum, an assessment of the quality of internal governance,
management body, organisational structure, the risk management and control
environment and internal audit and compliance functions. The evaluation should be
forward-looking in the sense that it should consider, based on information known at
the time, whether the risk profile of the institution is likely to change over the
forthcoming period. The supervisor can use stress tests to help determine the need
for early intervention.

Principle 5: The PRC will assess and review the institution's ICAAP. The
supervisor will assess the institution's ICAAP as part of its PRC. This should
include a consideration of the assumptions, components, methodology, coverage
and outcome of the institution's ICAAP.

Principle 6: The PRC will assess and review the institution's compliance
with the requirements laid down in the CRD. As part of the PRC, the supervisor
must also evaluate the institution's compliance with the minimum requirements
under the CRD.

Principle 7: The PRC should identify existing or potential problems and key
risks faced by the institution and deficiencies in its control and risk
management frameworks and it should assess the degree of reliance that can be
placed on the outputs of the institution's ICAAP. The PRC will enable the
supervisory authority to tailor its approach to the individual institution and provide
the foundation for the supervisors general approach to the institution and its
actions.

Principle 8: The PRC will inform supervisors about the need to apply
prudential measures. Once it has evaluated the adequacy of an institution's capital
in relation to its risk profile, the supervisor should identify any prudential measures
or other supervisory actions required. For example, where there is an imbalance
between business and risk controls, on the one hand, and the capital held, on the
other, the supervisor should consider the range of remedial supervisory actions that
may be needed to rectify a deficiency in controls or perceived shortfalls in capital.

Principle 9: The results of the PRC will be communicated to the institution

at the appropriate level together with any action that is required of the
institution and any significant action planned by the supervisory authority. The
authority will convey the results of its risk assessment to the institution. This may be
done as part of the dialogue between the authority and the institution on the internal
systems used to assess capital adequacy. This review and evaluation allows the
supervisor, among other things, to provide qualitative feedback to the institution
about the adequacy of its risk management and internal controls in relation to its
business risk profile.

Principle 10: The supervisory evaluation should be formally reviewed at

least on an annual basis, to ensure that it is up-to-date and remains accurate.
Supervisory authorities agree that this review may not always constitute a full risk
assessment. However, supervisory authorities should at least take stock of any
significant changes to the overall risk profile over the past year. They will take into
account the results of any supervisory visits, inspections and other information
received during the period, and will consider whether the timing of the next full
assessment, as agreed during the previous full assessment process, remains
appropriate. Notwithstanding the above, any significant new information received in
the course of ongoing monitoring and supervision which may affect the institutions
risk profile will trigger consideration by the authority on the need for a formal
review or a full risk assessment.

______________________________

[12] The Spanish acronym Of SREP is used here, in order to be consistent with the
text of these Guidelines.

Annex 2. Guidelines relating to Pillar 2 prepared by the CEBS and the Basel
Committee on Banking Supervision.

The Committee of European Banking Supervisors (http://www.c-ebs.org/) and

the Basel Committee on Banking Supervision (http://www.bis.org/bcbs/) have
prepared various documents and guidelines relating to internal governance, risk
management and measurement and the implementation of Pillar 2 of Basel II, which
institutions must take into account when applying these Guidelines. The following
are directly related to these Guidelines:

- CEBS documents:

- Guidelines on supervisory review process, 25 January 2006.

- Guidelines on Validation. 4 April 2006

- Technical Guideline on Interest Rate Risk in the Banking Book. 3 October

2006.

- Additional Guidelines on Stress Testing 14 December 2006 (under revision)

- Additional Technical Guidelines on Concentration Risk. 14 December 2006

(under revision)

- High-level principles for Remuneration Policies, 20 April 2009

- Compendium of Supplementary Guidelines on implementation issues of

operational risk, 8 September 2009

- Guidelines on Liquidity Buffers, 9 December 2009

- Implementation Guidelines for Hybrid Capital Instruments, 10 December 2009

- Guidelines on reporting requirements for the revised large exposures regime, 11

December 2009

- Guidelines on the implementation of the revised large exposures regime, 11

December 2009
 - Guidelines on Operational Risk Mitigation Techniques, 22 December 2009

- Basel Committee on Banking Supervision documents:

- Framework for Internal Controls, September 1998

- Intra-Group Transactions and Exposures and Risk Concentrations Principles,

July 1999

- Enhancing Corporate Governance for Banking Organizations, September 1999

- Risk Concentrations Principles, December 1999.

- Principles for the Management of Credit Risk, September 2000.

- Sound Practices for the Management and Supervision of Operational Risk,

February 2003.

- Principles for the management and supervision of interest rate risk, July 2004.

- Implementation of Basel II: Practical Considerations, July 2004.

- Compliance and the compliance function in banks, April 2005.

- Enhancing corporate governance for banking organisations, February 2006.

- Home-host information sharing for effective Basel II implementation, June

2006

- The Core Principles Methodology, October 2006

- Core Principles for Effective Banking Supervision, October 2006

- Implementation of the compliance principles, August 2008

- Range of practices and issues in economic capital modelling, August 2008

- Principles for Sound Liquidity Risk Management and Supervision, September

2008

- External audit quality and banking supervision, December 2008

- Principles for sound stress testing practices and supervision, May 2009

- Enhancements to the Basel II framework Supplemental Pillar 2 Guidance.

July 2009