Bankpulse
BanksHomeSearchLatestCo-pilotRankingsCrosswalkHistoryWithdrawnDashboardsRBI UniverseMethodologyGlossaryCircularsAskAnswersChangelogReviewsAbout
HomeCirculars › RBI/2007-2008/266

Pillar 2 Guidelines: Supervisory Review & ICAAP for Banks

Withdrawn / supersededStatus reviewed by Vikram Jain. Verify against the official RBI source below.
Issued by RBI: 26 Mar 2008  ·  Withdrawn: w.e.f. 04 Dec 2025  ·  Decoded by BankPulse: 21 Jun 2026, 01:16 IST
⏱ ~2 min read
📄 Official RBI source ↗
Quick answerRBI issued Pillar 2 guidelines under Basel II, requiring banks to have a Board-approved ICAAP policy. Banks must assess capital for risks not fully captured under Pillar 1, such as interest rate risk in banking book, concentration risk, and liquidity risk, and maintain adequate capital cushions.

What changed

RBI provided detailed guidance on the Supervisory Review Process (SRP) and Internal Capital Adequacy Assessment Process (ICAAP) under the New Capital Adequacy Framework. Banks are now required to assess capital adequacy for risks beyond the three Pillar 1 risks (credit, market, operational), including interest rate risk in banking book, credit concentration risk, liquidity risk, and others. An illustrative ICAAP document format was also furnished.

What it means for you

Banks must go beyond regulatory minimum capital ratios and conduct their own comprehensive risk assessments. This ensures they hold adequate capital for all material risks, including those not fully captured or omitted by Pillar 1. It encourages better risk management practices and a proactive dialogue with RBI, potentially leading to capital augmentation or risk reduction interventions.

What you must do

Who it affects

All commercial banks (excluding Local Area Banks and Regional Rural Banks), Risk management departments, Board of Directors and senior management, Compliance and internal audit teams

What is the purpose of the Supervisory Review Process (SRP)?

The SRP ensures banks have adequate capital to support all business risks and encourages better risk management techniques. It involves a well-defined internal assessment process (ICAAP) and active dialogue with RBI to allow timely intervention if needed.

Which risks must banks assess under ICAAP that are not fully covered by Pillar 1?

Banks must assess risks like interest rate risk in the banking book, credit concentration risk, liquidity risk, settlement risk, reputational risk, strategic risk, model risk, and residual risk of securitization, among others.

Is there a single prescribed approach for conducting ICAAP?

No, RBI recognizes that no single approach exists and best practices are still evolving. The guidelines provide broad principles, and banks can develop their own methodologies, especially for non-quantifiable risks like reputational and strategic risks.

Track this rule
⏳ How this rule evolved — History Map →Full RBI rulebook crosswalk →
AI-drafted · 3-model AI consensus fact-check · under the editorial review of Vikram Jain · decoded & published by BankPulse · 21 Jun 2026, 01:16 IST
Official RBI source: https://www.rbi.org.in/Scripts/NotificationUser.aspx?Id=4087&Mode=0 — Plain-English summary by BankPulse (bankpulse.ai), reviewed by Vikram Jain. Independent platform, not affiliated with the Reserve Bank of India; never reproduces RBI text verbatim.