Overview of Risk Management in Trading Activities … of Risk Management in Trading Activities Section ... tion’s risk related to capital-markets ... 2000.1 Overview of Risk Management

Overview of Risk Management in Trading ActivitiesSection 2000.1

Risk is an inevitable component of intermedia-tion and trading activity. Given the fundamentaltrade-off between risks and returns, the objec-tive of regulators is to determine when riskexposures either become excessive relative tothe financial institution’s capital position andfinancial condition or have not been identified tothe extent that the situation represents an unsafeand unsound banking practice.

Determination of whether the institution’srisk-management system can measure and con-trol its risks is of particular importance. Theprimary components of a sound risk-managementprocess are a comprehensive risk-measurementapproach; a detailed structure of limits, guide-lines, and other parameters used to govern risktaking; and a strong management informationsystem for monitoring and reporting risks. Thesecomponents are fundamental to both trading andnontrading activities. Moreover, the underlyingrisks associated with these activities, such asmarket, credit, liquidity, operations, and legalrisks, are not new to banking, although theirmeasurement can be more complex for tradingactivities than for lending activities. Accord-ingly, the process of risk management for capital-markets and trading activities should be inte-grated into the institution’s overall risk-management system to the fullest extent possibleusing a conceptual framework common to thefinancial institution’s other business activities.Such a common framework enables the institu-tion to consolidate risk exposure more effec-tively, especially since the various individualrisks involved in capital-markets and tradingactivities can be interconnected and may tran-scend specific markets.

The examiner must apply a multitude ofanalyses to appropriately assess the risk-management system of an institution. Theassessment of risk-management systems andcontrols may be performed in consideration ofthe type of risk, the type of instrument, or byfunction or activity. The examiner must becomefamiliar with the institution’s range of businessactivities, global risk-management framework,risk-measurement models, and system of inter-nal controls. Furthermore, the examiner mustassess the qualitative and quantitative assump-tions implicit in the risk-management systemas well as the effectiveness of the institution’sapproach to controlling risks. The examiner

must determine that the computer system, man-agement information reports, and other forms ofcommunication are adequate and accurate forthe level of business activity of the institution.

GLOBAL RISK-MANAGEMENTFRAMEWORK

The primary goal of risk management is toensure that a financial institution’s trading,position-taking, credit extension, and opera-tional activities do not expose it to losses thatcould threaten the viability of the firm. Globalrisk management is ultimately the responsibilityof senior management and the board of direc-tors; it involves setting the strategic direction ofthe firm and determining the firm’s tolerance forrisk. The examiner should verify that the riskmanagement of capital-markets and tradingactivities is embedded in a strong global (firm-wide) risk-management system, and that seniormanagement and the directors are actively in-volved in overseeing the risk management ofcapital-markets products.

Role of Senior Managementand the Board of Directors

Senior management and the board of directorshave a responsibility to fully understand therisks involved in the institution’s activities,question line management about the nature andmanagement of those risks, set high standardsfor prompt and open discussion of internalcontrol problems and losses, and engage man-agement in discussions regarding the events ordevelopments that could expose the firm tosubstantial loss. The commitment to risk man-agement in any organization should be clearlydelineated in practice and codified in writtenpolicies and procedures approved by the boardof directors. These policies should be consistentwith the financial institution’s broader businessstrategies and overall willingness to take risk.Accordingly, the board of directors should beinformed regularly of the risk exposure of theinstitution and should regularly reevaluate theorganization’s exposure and its risk toleranceregarding these activities. Middle and senior

Trading and Capital-Markets Activities Manual February 1998Page 1

management, including trading and control staff,should be well versed in the risk-measurementand risk-management methodology of the finan-cial institution.

Senior management is responsible for ensur-ing that adequate policies and procedures forconducting long-term and day-to-day activitiesare in place. This responsibility includes ensur-ing clear delineations of responsibility for man-aging risk, adequate systems for measuring risk,appropriately structured limits on risk taking,effective internal controls, and a comprehensiverisk-reporting process.

The risk-management mandate from seniormanagement and the board of directors shouldinclude—

• identifying and assessing risks• establishing policies, procedures, and risk

limits• monitoring and reporting compliance with

limits• delineating capital allocation and portfolio

management• developing guidelines for new products and

including new exposures within the currentframework

• applying new measurement methods to exist-ing products

The limit structure should reflect the risk-measurement system in place, as well as thefinancial institution’s tolerance for risk, given itsrisk profile, activities, and management’s objec-tives. The limit structure should also be consis-tent with management’s experience and theoverall financial strength of the institution.

In addition, senior management and the boardof directors are responsible for maintaining theinstitution’s activities with adequate financialsupport and staffing to manage and control therisks of its activities. Highly qualified personnelmust staff not only front-office positions such astrading desks, relationship or account officers,and sales, but also all back-office functionsresponsible for risk management and internalcontrol.

Comprehensiveness of theRisk-Management System

The examiner should verify that the global risk-management system is comprehensive and

adequately identifies the major risks to whichthe institution is exposed. The global risk-management system should cover all areas ofthe institution, including ‘‘special portfolios’’such as exotic currency and interest-rate optionsor specially structured derivatives. At a mini-mum, the global risk-management system shouldprovide for the separate institution-wide mea-surement and management of credit, market,liquidity, legal, and operational risk.

The evaluation of the firm’s institution-widerisk relative to the firm’s capital, earningscapacity, market liquidity, and professional andtechnological resources is an essential responsi-bility of senior management. The examinershould also verify that senior management over-sees each of the major risk categories (credit,market, liquidity, operational, and legal risk).

Examiners should ascertain whether the finan-cial institution has an effective process to evalu-ate and review the risks involved in productsthat are (1) either new to the firm or new to themarketplace and (2) of potential interest to thefirm. In general, a bank should not trade aproduct until senior management and all rele-vant personnel (including those in risk manage-ment, internal control, legal, accounting, andaudit) understand the product and are able tointegrate the product into the financial institu-tion’s risk-measurement and control systems.Examiners should determine whether the finan-cial institution has a formal process for review-ing new products and whether it introduces newproducts in a manner that adequately limitspotential losses.

Financial institutions active in the derivativesmarkets generate many new products that arevariants of existing instruments they offer. Inevaluating whether these products should besubject to the new-product-evaluation process,examiners should consider whether the firm hasadequately identified and aggregated all signifi-cant risks. In general, all significant structuralvariations in options products should receivesome form of new-product review, even whenthe firm is dealing in similar products.

ORGANIZATIONAL STRUCTUREOF RISK MANAGEMENT

Examiners should evaluate the company’s orga-nizational structure and job descriptions to makesure that there is a clear understanding of the

2000.1 Overview of Risk Management in Trading Activities

February 1998 Trading and Capital-Markets Activities ManualPage 2

appropriate personnel interaction required tocontrol risk. In particular, measuring and settingparameters for the total amount of various risksfacing the institution are distinct functions thatshould be clearly separated from the day-to-daymanagement of risks associated with the normalflow of business. Normally, these parametersshould be managed independently by seniormanagement, with approval from the institu-tion’s board of directors.

The trading-risk-management role within anorganization includes defining trading-risk-management policies, setting uniform standardsof risk assessment and capital allocation, pro-viding senior management with global riskreporting and evaluation, monitoring compli-ance with limits, and assisting in strategic plan-ning related to risk management.

In some organizations, risk management has acontrol or policing function; in others, it is acounselor to the trading-operations area. Regard-less of how it is implemented, the risk-management function should have reporting linesthat are fully independent of the trading groups.

When defining an institution’s exposures, riskmanagers must address all risks, those that areeasily quantifiable and those that are not. Manytrading risks lend themselves to commonfinancial-estimation methods. Quantifiable risksrelated to price changes should be applied con-sistently to derive realistic estimates of marketexposure. Consequently, examiners must subjec-tively and pragmatically evaluate an institu-tion’s risk related to capital-markets and tradingactivities.

The risk measurement and management of aninstitution will only be as strong as its internalcontrol system. Effective internal control mecha-nisms for monitoring risk require that risk man-agers maintain a level of independence from thetrading and marketing functions—a requirementnot only for the development of the conceptualframework applied but for determining the appli-cable parameters used in daily evaluations ofmarket risks. This function would be respon-sible for measuring risk, setting risk parameters,identifying risk vulnerabilities, monitoring risklimits, and evaluating or validating pricing andvaluation models. Examiners should ascertainthat the financial institution has some form ofindependent risk management and that manage-ment information is comprehensive and reportedto senior management on a frequency commen-surate with the level of trading activity.

The day-to-day management of risks that

occur in the normal course of business can beaccomplished through either centralized ordecentralized structures. The choice of approachshould reflect the organization’s risk profile,trading philosophy, and strategy. In a highlydecentralized structure, examiners should ascer-tain that adequate controls are in place to ensurethe integrity of the aggregate information pro-vided to senior management and the board ofdirectors.

Trading positions must be accurately trans-mitted to the risk-measurement systems. Theappropriate reconciliations should be performedto ensure data integrity across the full range ofproducts, including new products that may bemonitored apart from the main processing net-works. Management reports should be reviewedto determine the frequency and magnitude oflimit excesses over time. Traders, risk manag-ers, and senior management should be able todefine constraints on trading and justify identi-fied excesses. The integrity of the managementinformation system is especially important inthis regard (See section 2040.1, ‘‘Operationsand Systems Risk (Management InformationSystems)’’.) Examiners should also review andassess the compensation arrangements of risk-management staff to ensure that there are noincentives which may conflict with maintainingthe integrity of the risk-control system.

Measurement of Risks

The increasing globalization and complexity ofcapital markets and the expanding range ofesoteric financial instruments have made trading-risk management more difficult to accomplishand evaluate. Fortunately, a number of com-monly used risk-measurement systems have beendeveloped to assist financial institutions in evalu-ating their unique combinations of risk expo-sures. These systems all aim to identify the risksassociated with particular business activities andgroup them into generic components, resultingin a single measure for each type of risk. Thesesystems also allow institutions to manage riskson a portfolio basis and to consider exposures inrelation to the institution’s global strategy andrisk profile.

Managing the residual exposure or net posi-tion of a portfolio, instead of separate transac-tions and positions, provides two importantbenefits: a better understanding of the port-

Overview of Risk Management in Trading Activities 2000.1


folio’s exposure and more efficient hedging. Amarket maker’s portfolio benefits from econo-mies of scale in market-risk managementbecause large portfolios tend to contain natu-rally offsetting positions, which may signifi-cantly reduce the overall market risk. Hedgingthe residual risk of the net portfolio positionrather than individual transactions greatlyreduces transactions costs. A portfolio-focusedmanagement approach reduces the complexityof position tracking and management.

All major risks should be measured explicitlyand consistently and integrated into the firm-wide risk-management system. Systems andprocedures should recognize that measurementof some types of risk is an approximation andthat some risks, such as the market liquidity of amarketable instrument, can be very difficult toquantify and can vary with economic and mar-ket conditions. Nevertheless, at a minimum, thevulnerabilities of the firm to these risks shouldbe explicitly assessed on an ongoing basis inresponse to changing circumstances.

Sound risk-measurement practices include thecareful and continuous identification of possibleevents or changes in market behavior that couldhave a detrimental impact on the financial insti-tution. The financial institution’s ability to with-stand economic and market shocks points to thedesirability of developing comprehensive andflexible data-management systems.

Risk Limits

The risk-management system should include asound system of integrated institution-wide risklimits that should be developed under the direc-tion of and approved by senior management andthe board of directors. The established limitsstructure should apply to all risks arising froman institution’s activities. For credit and marketrisk, in particular, limits on derivatives shouldbe directly integrated with institution-wide lim-its on those risks as they arise in all otheractivities of the firm. When risks are not quan-tifiable, management should demonstrate anawareness of their potential impact.

In addition to credit risk and market risk,limits or firm guidelines should be established toaddress liquidity and funding risk, operationalrisk, and legal risk. Careful assessment ofoperational risk by the financial institution isespecially important, since the identification ofvulnerabilities in the operational process can

often lead to improvements in procedures, dataprocessing systems, and contingency plans thatsignificantly reduce operational risk.

Examiners should ascertain whether manage-ment has considered the largest losses whichmight arise during adverse events, even sce-narios which the financial institution may con-sider fairly remote possibilities. The evaluationof worst-case scenarios does not suggest that thelimits themselves must reflect the outcomes of aworst-case scenario or that the financial institu-tion would be imprudent to assume risk posi-tions that involve large losses if remote eventswere to occur. However, financial institutionsshould have a sense of how large this type ofrisk might be and how the institution wouldmanage its positions if such an event occured.Evaluation of such scenarios is crucial to riskmanagement since significant deviations frompast experience do occur, such as the breakdownin 1992 and 1993 of the traditionally highcorrelation of the movements of the dollar andother European currencies of the Europeanmonetary system.

An institution’s exposures should be moni-tored against limits by control staff who are fullyindependent of the trading function. The processfor approving limit excesses should require that,before exceeding limits, trading personnelobtain at least oral approval from senior man-agement independent of the trading area. Theorganization should require written approval oflimit excesses and maintenance of such docu-mentation. Limits need not be absolute; how-ever, appropriate dialogue with nontrading seniormanagement should take place before limits areexceeded. Finally, senior management shouldproperly address repeated limit excesses anddivergences from approved trading strategies.

Procedures should address the frequency oflimit review, method of approval, and authorityrequired to change limits. Relevant managementreports and their routing through the organiza-tion should be delineated.

Maintenance Issues

Complex instruments require sound analyticaltools to assess their risk. These tools aregrounded in rigorous financial theory and math-ematics. As an institution commits more resourcesto structured products, complex cash instru-ments, or derivatives, existing staff will berequired to develop an understanding of the



methodologies applied. Institutions should notcreate an environment in which only tradingstaff can evaluate market risk; information onnew products and their attendant risks should bewidely disseminated.

Concurrent with the review of the existingrisk-management framework, the resources pro-vided to maintain the integrity of the risk-measurement system should be evaluated.Limits should be reviewed at least annually.Assumptions underlying the established limitsshould be reviewed in the context of changes instrategy, the risk tolerance of the institution, ormarket conditions. Automated systems shouldbe upgraded to accommodate increased volumesand added financial complexity, either in apply-ing new valuation methodologies or implement-ing tools to evaluate new products. Productsthat are recorded ‘‘off-line,’’ that is, not on themainframe or LAN (linked personal computers),should provide automated data feeds to therisk-measurement systems to reduce the inci-dence of manual error.

Internal Controls and Audits

A review of internal controls has long beencentral to the examination of capital-marketsand trading activities. The examiner shouldreview the system of internal controls to ensurethat they promote effective and efficient opera-tions; reliable financial and regulatory reporting;and compliance with relevant laws and regu-lations, safe and sound banking practices, andpolicies of the board of directors and manage-ment. Evaluating the ability of internal controlsto achieve these objectives involves understand-ing and documenting adherence to controlactivities such as approvals, verifications, andreconciliations.

When evaluating internal controls, examinersshould consider the frequency, scope, and find-ings of internal and external audits and theability of those auditors to review the capital-markets and trading activities. Internal auditorsshould audit and test the risk-management pro-cess and internal controls periodically, with thefrequency based on a careful risk assessment.Adequate test work should be conducted tore-create summary risk factors in managementreports from exposures in the trading position.This may include validation of risk-measurementalgorithms independent of the trading or controlfunctions with special emphasis on new, com-

plex products. Internal auditors should alsotest compliance with risk limits and evaluatethe reliability and timeliness of informationreported to the financial institution’s senior man-agement and the board of directors. Internalauditors are also expected to evaluate the inde-pendence and overall effectiveness of the finan-cial institution’s risk-management functions.

The level of confidence that examiners placein the audit work, the nature of the auditfindings, and management’s response to thosefindings will influence the scope of the currentexamination. Even when the audit process andfindings are satisfactory, examiners should testcritical internal controls, including the revalua-tion process, the credit-approval process, andadherence to established limits. Significantchanges in product lines; modeling; or risk-management methodologies, limits, and internalcontrols should receive special attention. Sub-stantial changes in earnings from capital-marketsand trading activities, in the size of positions, orthe value-at-risk associated with these activitiesshould also be investigated during the examina-tion. These findings and evaluations and otherfactors, as appropriate, should be the basis fordecisions to dedicate greater resources to exam-ining the trading functions.

SOUND PRACTICES

Capital-markets and trading operations vary sig-nificantly among financial institutions, depend-ing on the size of the trading operation, tradingand management expertise, organizational struc-tures, the sophistication of computer systems,the institution’s focus and strategy, historicaland expected income, past problems and losses,risks, and types and sophistication of the tradingproducts and activities. As a result, the risk-management practices, policies, and proceduresexpected in one institution may not be necessaryin another. With these caveats in mind, a list ofsound practices for financial institutions activelyengaged in capital-markets and trading opera-tions follows:

• Every organization should have a risk-management function that is independent ofits trading staff.

• Every organization should have a risk-management policy that is approved by theboard of directors annually. The policy shouldoutline products traded, parameters for risk

Overview of Risk Management in Trading Activities 2000.1


activities, the limit structure, over-limit-approval procedures, and frequency of review.In addition, every organization should have aprocess to periodically review limit policies,pricing assumptions, and model inputs underchanging market conditions. In some markets,frequent, high-level review of such factorsmay be warranted.

• Every organization should have a new-productpolicy that requires review and approval by alloperational areas affected by such transactions(for example, risk management, credit man-agement, trading, accounting, regulatoryreporting, back office, audit, compliance, andlegal). This policy should be evidenced by anaudit trail of approvals before a new product isintroduced.

• Every organization should be able to aggre-gate each major type of risk on a singlecommon basis, including market, credit, andoperational risks. Ideally, risks would be evalu-ated within a value-at-risk framework to deter-mine the overall level of risk to the institution.The risk-measurement system should also per-mit disaggregation of risk by type and bycustomer, instrument, or business unit toeffectively support the management and con-trol of risks.

• Every organization should have a methodol-ogy to stress test the institution’s portfolioswith respect to key variables or events tocreate plausible worst-case scenarios forreview by senior management. The limit struc-ture of the institution should consider theresults of the stress tests.

• Every organization should have an integratedmanagement information system that controlsmarket risks and provides comprehensivereporting. The sophistication of the systemshould match the level of risk and complexityof trading activity. Every institution shouldhave adequate financial applications in placeto quantify and monitor risk positions and toprocess the variety of instruments currentlyin use. A minimum of manual interventionshould be required to process and monitortransactions.

• Risk management or the control functionshould be able to produce a risk-managementreport that highlights positions, limits, andexcesses on a basis commensurate with trad-ing activity. This report should be sent tosenior management, reviewed, signed, andreturned to control staff.

• Counterparty credit exposure on derivativetransactions should be measured on areplacement-cost and potential-exposure basis.Every organization should perform a periodicassessment of credit exposure to redefinestatistical parameters used to derive potentialexposure.

• With regard to credit risk, any organizationthat employs netting should have a policyrelated to netting agreements. Appropriatelegal inquiry should be conducted to deter-mine enforceability by jurisdiction and coun-terparty type. Netting should be implementedonly when legally enforceable.

• Every organization should have middle andsenior management inside and outside thetrading room who are familiar with the statedphilosophy on market and credit risk. Also,pricing methods employed by the tradersshould be well understood.

• Every organization should be cognizant ofnonquantifiable risks (such as operationalrisks), have an approach to assessing them,and have guidelines and trading practices tocontrol them.

• Every organization with a high level of trad-ing activity should be able to demonstrate thatit can adjust strategies and positions underrapidly changing market conditions and crisissituations on a timely basis.

• For business lines with high levels of activity,risk management should be able to reviewexposures on an intraday basis.

• Management information systems should pro-vide sufficient reporting for decision makingon market and credit risks, as well as opera-tional data including profitability, unsettleditems, and payments.

• A periodic compliance review should be con-ducted to ensure conformity with federal,state, and foreign securities laws and regula-tory guidelines.

• Every institution should have a compensationsystem that does not create incentives whichmay conflict with maintaining the integrity ofthe risk-control system.

• Auditors should perform a comprehensivereview of risk management annually, empha-sizing segregation of duties and validation ofdata integrity. Additional test work should beperformed when numerous new products ormodels are introduced. Models used by boththe front and back offices should be reassessedperiodically to ensure sound results.



Market RiskSection 2010.1

Market risk is the potential that changes in themarket prices of an institution’s holdings mayhave an adverse effect on its financial condition.The four most common market-risk factors areinterest rates, foreign-exchange rates, equityprices, and commodity prices. The market riskof both individual financial instruments andportfolios of instruments can be a function ofone, several, or all of these basic factors and, inmany cases, can be significantly complex. Themarket risks arising from positions with options,either explicit or embedded in other instruments,can be especially complex and difficult to man-age. Institutions should ensure that they ade-quately measure, monitor, and control the mar-ket risks involved in their trading activities.

The measurement of market risk should takedue account of hedging and diversification effectsand should recognize generally accepted mea-surement techniques and concepts. Althoughseveral types of approaches are available formeasuring market risk, institutions have increas-ingly adopted the ‘‘value-at-risk’’ approach fortheir trading operations. Regardless of the spe-cific approach used, risk measures should besufficiently accurate and rigorous to adequatelyreflect all of an institution’s meaningful market-risk exposure and should be adequately incor-porated into the risk-management process.

Risk monitoring is the foundation of an effec-tive risk-management process. Accordingly, in-stitutions should ensure that they have adequateinternal reporting systems that address theirmarket-risk exposures. Regular reports withappropriate detail and frequency should be pro-vided to the various levels of trading operationsand senior management, from individual tradersand trading desks to business-line managementand senior management and, ultimately, theboard of directors.

A well-constructed system of limits and poli-cies on acceptable levels of risk exposure is aparticularly important element of risk control intrading operations. Financial institutions shouldestablish limits for market risk that relate to theirrisk measures and are consistent with maximumexposures authorized by their senior manage-ment and board of directors. These limits canbe allocated to business units, product lines, orother appropriate organizational units and shouldbe clearly understood by all relevant parties. Inpractice, some limit systems often include addi-

tional elements such as stop-loss limits andother trading guidelines that may play an impor-tant role in controlling risk at the trader andbusiness-unit level. All limits should be appro-priately enforced and adequate internal controlsshould exist to ensure that any exceptions tolimits are detected and adequately addressed bymanagement.

TYPES OF MARKET RISKS

Interest-Rate Risk

Interest-rate risk is the potential that changes ininterest rates may adversely affect the value of afinancial instrument or portfolio, or the condi-tion of the institution as a whole. Althoughinterest-rate risk arises in all types of financialinstruments, it is most pronouced in debt instru-ments, derivatives that have debt instrumentsas their underlying reference asset, and otherderivatives whose values are linked to marketinterest rates. In general, the values of longer-term instruments are often more sensitive tointerest-rate changes than the values of shorter-term instruments.

Risk in trading activities arises from open orunhedged positions and from imperfect correla-tions between offsetting positions. With regardto interest-rate risk, open positions arise mostoften from differences in the maturities orrepricing dates of positions and cash flows thatare asset-like (i.e., ‘‘longs’’) and those that areliability-like (i.e., ‘‘shorts’’). The exposure thatsuch ‘‘mismatches’’ represent to an institutiondepends not only on each instrument’s or posi-tion’s sensitivity to interest-rate changes and theamount held, but also on how these sensitivitiesare correlated within portfolios and, morebroadly, across trading desks and business lines.In sum, the overall level of interest-rate risk inan open portfolio is determined by the extent towhich the risk characteristics of the instrumentsin that portfolio interact.

Imperfect correlations in the behavior of off-setting or hedged instruments in response tochanges in interest rates—both across the yieldcurve and within the same maturity or repricingcategory—can allow for significant interest-raterisk exposure. Offsetting positions with differentmaturities, although theoretically weighted to


create hedged positions, may be exposed toimperfect correlations in the underlying refer-ence rates. Such ‘‘yield curve’’ risk can arise inportfolios in which long and short positions ofdifferent maturities are well hedged against achange in the overall level of interest rates, butnot against a change in the shape of the yieldcurve when interest rates of different maturitieschange by varying amounts.

Imperfect correlation in rates and values ofoffsetting positions within a maturity or repric-ing category can also be a source of significantrisk. This ‘‘basis’’ risk exists when offsetingpositions have different and less than perfectlycorrelated coupon or reference rates. For exam-ple, three-month interbank deposits, three-month Eurodollars, and three-month Treasurybills all pay three-month interest rates. However,these three-month rates are not perfectly corre-lated with each other, and spreads between theiryields may vary over time. As a result, three-month Treasury bills, for example, funded bythree-month Eurodollar deposits, represent animperfectly offset or hedged position. One vari-ant of basis risk that is central to the manage-ment of global trading risk is ‘‘cross-currencyinterest-rate risk,’’ that is, the risk that compa-rable interest rates in different currency marketsmay not move in tandem.

Foreign-Exchange Risk

Foreign-exchange risk is the potential that move-ments in exchange rates may adversely affectthe value of an institution’s holdings and, thus,its financial condition. Foreign-exchange ratescan be subject to large and sudden swings, andunderstanding and managing the risk associatedwith exchange-rate volatility can be especiallycomplex. Although it is important to acknowl-edge exchange rates as a distinct market-riskfactor, the valuation of foreign-exchange instru-ments generally requires knowledge of the be-havior of both spot exchange rates and interestrates. Any forward premium or discount in thevalue of a foreign currency relative to thedomestic currency is determined largely byrelative interest rates in the two nationalmarkets.

As with all market risks, foreign-exchangerisk arises from both open or imperfectly offsetor hedged positions. Imperfect correlationsacross currencies and international interest-rate

markets pose particular challenges to the effec-tiveness of foreign-currency hedging strategies.

Equity-Price Risk

Equity-price risk is the potential for adversechanges in the value of an institution’s equity-related holdings. Price risks associated withequities are often classified into two categories:general (or undiversifiable) equity risk and spe-cific (or diversifiable) equity risk.

‘‘General equity-price risk’’ refers to the sen-sitivity of an instrument’s or portfolio’s value tochanges in the overall level of equity prices. Assuch, general risk cannot be reduced by diver-sifying one’s holdings of equity intruments.Many broad equity indexes, for example, prima-rily involve general market risk.

Specific equity-price riskrefers to that portionof an individual equity instrument’s price vola-tility that is determined by the firm-specificcharacteristics. This risk is distinct from market-wide price fluctuations and can be reduced bydiversification across other equity instruments.By assembling a portfolio with a sufficientlylarge number of different securities, specific riskcan be greatly reduced because the uniquefluctuations in the price of any single equity willtend to be canceled out by fluctuations in theopposite direction of prices of other securities,leaving only general-equity risk.

Commodity-Price Risk

Commodity-price risk is the potential for ad-verse changes in the value of an institution’scommodity-related holdings. Price risks associ-ated with commodities differ considerably frominterest-rate and foreign-exchange-rate risk andrequire even more careful monitoring and man-agement. Most commodities are traded in mar-kets in which the concentration of supply canmagnify price volatility. Moreover, fluctuationsin market liquidity often accompany high pricevolatility. Therefore, commodity prices gener-ally have higher volatilities and larger pricediscontinuities than most commonly tradedfinancial assets. An evaluation of commodity-price risk should be performed on a market-by-market basis and include not only an analysis ofhistorical price behavior, but also an assessmentof the structure of supply and demand in the

2010.1 Market Risk


marketplace to evaluate the potential for unusu-ally large price movements.

OPTIONS

Exposure to any and all of the various types ofmarket risk can be significantly magnified by thepresence of explicit or embedded options ininstruments and portfolios. Moreover, assessingthe true risk profile of options can be complex.Under certain conditions, the significant lever-age involved in many options can translate smallchanges in the underlying reference instrumentinto large changes in the value of the option.

Moreover, an option’s value is, in part, highlydependent on the likelihood or probability that itmay become profitable to exercise in the future.In turn, this probability can be affected byseveral factors including the time to expirationof the option and the volatility of the underlyingreference instrument. Accordingly, factors otherthan changes in the underlying reference instru-ment can lead to changes in the value of theoption. For example, as the price variability ofthe reference instrument increases, the probabil-ity that the option becomes profitable increases.Therefore, a change in the market’s assessmentof volatility can affect the value of an optioneven without any change in the current price ofthe underlying asset.

The presence of option characteristics is amajor complicating factor in managing the mar-ket risks of trading activities. Institutions shouldensure that they fully understand, measure, andcontrol the various sources of optionality influ-encing their market-risk exposures. Measure-ment issues arising from the presence of optionsare addressed more fully in the instrumentprofile on options (section 4330.1).

MARKET-RISK MEASUREMENT

There are a number of methods for measuringthe various market risks encountered in tradingoperations. All require adequate information oncurrent positions, market conditions, and instru-ment characteristics. Regardless of the methodsused, the scope and sophistication of an institu-tion’s measurement systems should be commen-surate with the scale, complexity, and nature ofits trading activities and positions held.

Adequate controls should be imposed on allelements of the process for market-risk measure-ment and monitoring, including the gatheringand transmission of data on positions, marketfactors and market conditions, key assumptionsand parameters, the calculation of the risk mea-sures, and the reporting of risk exposures throughappropriate chains of authority and responsibil-ity. Moreover, all of these elements should besubject to internal validation and independentreview.

In most institutions, computer models areused to measure market risk. Even within asingle organization, a large number of modelsmay be used, often serving different purposes.For example, individual traders or desks mayuse ‘‘quick and dirty’’ models that allow speedyevaluation of opportunities and risks, whilemore sophisticated and precise models areneeded for daily portfolio revaluation and forsystematically evaluating the overall risk of theinstitution and its performance against risk lim-its. Models used in the risk-measurement andfront- and back-office control functions shouldbe independently validated by risk-managementstaff or by internal or outside auditors.

Examiners should ensure that institutions haveinternal controls to check the adequacy of thevaluation parameters, algorithms, and assump-tions used in market-risk models. Specific con-siderations with regard to the oversight of mod-els used in trading operations and the adequacyof reporting systems are discussed in sections2100 and 2110, ‘‘Financial Performance’’ and‘‘Capital Adequacy of Trading Activities,’’respectively.

Basic Measures of Market Risk

Nominal Measures

Nominal or notional measurements are the mostbasic methodologies used in market-risk man-agement. They represent risk positions based onthe nominal amount of transactions and hold-ings. Typical nominal measurement methodsmay summarize net risk positions or gross riskpositions. Nominal measurements may also beused in conjunction with other risk-measurementmethodologies. For example, an institution mayuse nominal measurements to control marketrisks arising from foreign-exchange trading whileusing duration measurements to control interest-rate risks.

Market Risk 2010.1


For certain institutions with limited, noncom-plex risk profiles, nominal measures and con-trols based on them may be sufficient to ade-quately control risk. In addition, the ease ofcomputation in a nominal measurement systemmay provide more timely results. However,nominal measures have several limitations.Often, the nominal size of an exposure is aninaccurate measure of risk since it does notreflect price sensitivity or price volatility. This isespecially the case with derivative instruments.Also, for sophisticated institutions, nominal mea-sures often do not allow an accurate aggregationof risks across instruments and trading desks.

Factor-Sensitivity Measures

Basic factor-sensitivity measures offer a some-what higher level of measurement sophisticationthan nominal measures. As the name implies,these measures gauge the sensitivity of the valueof an instrument or portfolio to changes in aprimary risk factor. For example, the price valueof a basis point change in yield and the conceptof duration are often used as factor-sensitivitymeasures in assessing the interest-rate risk offixed-income instruments and portfolios. Beta,or the measure of the systematic risk of equities,is often considered a first-order sensitivity mea-sure of the change in an equity-related instru-ment or portfolio to changes in broad equityindexes.

Duration provides a useful illustration of afactor-sensitivity measure. Duration measuresthe sensitivity of the present value or price of afinancial instrument with respect to a change ininterest rates. By calculating the weighted aver-age duration of the instruments held in a port-folio, the price sensitivity of different instru-ments can be aggregated using a single basisthat converts nominal positions into an overallprice sensitivity for that portfolio. These port-folio durations can then be used as the primarymeasure of interest-rate risk exposure.

Alternatively, institutions can express the basicprice sensitivities of their holdings in terms ofone representative instrument. Continuing theexample using duration, an institution may con-vert its positions into the duration equivalents ofone reference instrument such as a four-yearU.S. Treasury, three-month Eurodollar, or someother common financial instrument. For exam-ple, all interest-rate risk exposures might beconverted into a dollar amount of a ‘‘two-year’’

U.S. Treasury security. The institution can thenaggregate the instruments and evaluate the riskas if the instruments were a single position in thecommon base.

While basic factor-sensitivity measures canprovide useful insights, they do have certainlimitations—especially in measuring the expo-sure of complex instruments and portfolios. Forexample, they do not assess an instrument’sconvexity or volatility and can be difficult tounderstand outside of the context of marketevents. Examiners should ensure that factor-sensitivity measures are used appropriately and,where necessary, supported with more sophisti-cated measures of market-risk exposure.

Basic Measures of Optionality

At its most basic level, the value of an optioncan generally be viewed as a function of theprice of the underlying instrument or referencerate relative to the exercise price of the option,the volatility of the underlying instrument orreference rate, the option contract’s time toexpiration, and the level of market interest rates.Institutions may use simple measures of each ofthese elements to identify and manage the mar-ket risks of their option positions, including thefollowing:

• ‘‘Delta’’ measures the degree to which theoption’s value will be affected by a (small)change in the price of the underlyinginstrument.

• ‘‘Gamma’’ measures the degree to which theoption’s delta will change as the instrument’sprice changes; a higher gamma typicallyimplies that the option has greater value to itsholder.

• ‘‘Vega’’ measures the sensitivity of the optionvalue to changes in the market’s expectationsfor the volatility of the underlying instrument;a higher vega typically increases the value ofthe option to its holder.

• ‘‘Theta’’ measures how much an option’svalue changes as the option moves closer to itsexpiration date; a higher theta is typicallyassociated with a higher option value to itsholder.

• ‘‘Rho’’ measures how an option’s valuechanges in response to a change in short-terminterest rates; a higher rho typically is associ-ated with a lower option value to its holder.

2010.1 Market Risk


Measurement issues arising from the presenceof options are addressed more fully in theinstrument profile on options (section 4330.1).

Scenario Simulations

Another level of risk-exposure measurement isthe direct estimation of the potential change inthe value of instruments and portfolios underspecified scenarios of changes in risk factors. Ona simple basis, changes in risk factors can beapplied to factor-sensitivity measures such asduration or the present value of a basis pointto derive a change in value under the selectedscenario. These scenarios can be arbitrarilydetermined or statistically inferred either fromanalyzing historical data on changes in theappropriate risk factor or from running multipleforecasts using a modeled or assumed stochasticprocess that describes how a risk factor maybehave under certain circumstances. In statisti-cal inference, a scenario is selected based on theprobability that it will occur over a selected timehorizon. A simple statistical measure used toinfer such probabilities is the standard deviation.

Standard deviation is a summary measure ofthe dispersion or variability of a random vari-able such as the change in price of a financialinstrument. The size of the standard deviation,combined with some knowledge of the type ofprobability distribution governing the behaviorof a random variable, allows an analyst toquantify risk by inferring the probability that acertain scenario may occur. For a random vari-able with a normal distribution, 68 percent of theobserved outcomes will fall within plus orminus one (±1) standard deviation of the aver-age change, 90 percent within 1.65 standarddeviations, 95 percent within 1.96 standarddeviations, and 99 percent within 2.58 standarddeviations. Assuming that changes in risk fac-tors are normally distributed, calculated stan-dard deviations of these changes can be used tospecify a scenario that has a statistically inferredprobability of occurrence (for example, a sce-nario that would be as severe as 95 percent or99 percent of all possible outcomes). An alter-native to such statistical inference is to usedirectly observed historical scenarios andassume that their future probability of occur-rence is the same as their historical frequency ofoccurrence.

However, some technicians contend that short-

term movements in the prices of many financialinstruments are not normally distributed, inparticular, that the probability of extreme move-ments is considerably higher than would bepredicted by an application of the normal distri-bution. Accordingly, more sophisticated institu-tions use more complex volatility-measurementtechniques to define appropriate scenarios.

A particularly important consideration in con-ducting scenario simulations is the interactionsand relationships between positions. Theseinterrelationships are often identified explicitlywith the use of correlation coefficients. A cor-relation coefficient is a quantitative measure ofthe extent to which changes in one variable arerelated to another. The magnitude of the coeffi-cient measues the likelihood that the two vari-ables will move together in a linear relationship.Two variables (that is, instrument prices) whosemovements correspond closely would have acorrelation coefficient close to 1. In the caseof inversely related variables, the correlationcoefficient would be close to−1.

Conceptually, using correlation coefficientsallows an institution to incorporate multiple riskfactors into a single risk analysis. This is impor-tant for instruments whose value is linked tomore than one risk factor, such as foreign-exchange derivatives, and for measuring the riskof a trading portfolio. The use of correlationsallows the institution to hedge positions—topartially offset long positions in a particularcurrency/maturity bucket with short positions ina different currency/maturity bucket—and todiversify price risk for the portfolio as a wholein a unitary conceptual framework. The degreeto which individual instruments and positionsare correlated determines the degree of riskoffset or diversification. By fully incorporatingcorrelation, an institution may be able to expressall positions, across all risk factors, as a singlerisk figure.

Value-at-Risk

Value-at-risk (VAR) is the most common mea-surement technique used by trading institutionsto summarize their market-risk exposures. VARis defined as the estimated maximum loss on aninstrument or portfolio that can be expected overa given time interval at a specified level ofprobability. Two basic approaches are generallyused to forecast changes in risk factors for a

Market Risk 2010.1


desired probability or confidence interval. Oneinvolves direct specification of how marketfactors will act using a defined stochastic pro-cess and Monte Carlo techniques to simulatemultiple possible outcomes. Statistical inferencefrom these multiple outcomes provides expectedvalues at some confidence interval. An alter-native approach involves the use of historicalchanges in risk factors and parameters observedover some defined sample period. Under thisalternative approach, forecasts can be derivedusing either variance-covariance or historical-simulation methodologies. Variance-covarianceestimation uses standard deviations and corre-lations of risk factors to statistically infer theprobability of possible scenarios, while thehistorical-simulation method uses actual distri-butions of historical changes in risk factors toestimate VAR at the desired confidence interval.

Some organizations allocate capital to variousdivisions based on an internal transfer-pricingprocess using measures of value-at-risk. Ratesof return from each business unit are measuredagainst this capital to assess the unit’s efficiencyas well as to determine future strategies andcommitments to various business lines. In addi-tion, as explained in the section on capitaladequacy, the internal value-at-risk models areused for risk-based capital purposes.

Assumptions about market liquidity are likelyto have a critical effect on the severity ofconditions used to estimate risk. Some institu-tions may estimate exposure under the assump-tion that dynamic hedging or other rapid port-folio adjustments will keep risk within a givenrange even when significant changes in marketprices occur. Dynamic hedging depends onthe existence of sufficient market liquidity toexecute the desired transactions at reasonablecosts as underlying prices change. If a market-liquidity disruption were to occur, the difficultyof executing transactions would cause the actualmarket risk to be higher than anticipated.

To recognize the importance of market-liquidity assumptions, measures such as value-at-risk should be estimated over a number ofdifferent time horizons. The use of a short timehorizon, such as a day, may be useful forday-to-day risk management. However, prudentmanagers will also estimate risk over longerhorizons, since the use of a short horizon relieson an assumption that market liquidity willalways be sufficient to allow positions to beclosed out at minimal losses. In a crisis, thefirm’s access to markets may be so impaired that

closing out or hedging positions may be impos-sible except at extremely unfavorable prices, inwhich case positions may be held for longerthan envisioned. This unexpected lengthening ofthe holding period will cause a portfolio’s riskprofile to be much greater than expected becausethe likelihood of a large price change increaseswith time (holding period), and the risk profileof some instruments, such as options, changessubstantially as their remaining time to maturitydecreases.

Stress Testing

The underlying statistical methods used in dailyrisk measurements summarize exposures thatreflect the most probable market conditions.Market participants should periodically performsimulations to determine how their portfolioswill perform under exceptional conditions. Theframework of this stress testing should bedetailed in the risk-management policy state-ment, and senior management should be regu-larly apprised of the findings. Assumptionsshould be critically questioned and inputparameters altered to reflect changing marketconditions.

The examiner should review available simu-lations to determine the base case, as well asreview comparable scenarios to determinewhether the resulting ‘‘worst case’’ is suffi-ciently conservative. Similar analyses should beconducted to derive worst-case credit exposures.Nonquantifiable risks, such as operational andlegal risks, constraints on market or productliquidity, and the probability of discontinuitiesin various trading markets, are importantconsiderations in the review process. Concernsinclude unanticipated political and economicevents which may result in market disruptions ordistortions. This overall evaluation should includean assessment of the institution’s ability to alterhedge strategies or liquidate positions. Addi-tional attention should be committed to evaluat-ing the frequency of stress tests.

MARKET-RISK LIMITS

Market-risk limits are one of the most funda-mental controls over the risks inherent in aninstitution’s trading activities. Banks shouldestablish limits for market risk that relate to their

2010.1 Market Risk


risk measures and are consistent with maximumexposures authorized by their senior manage-ment and board of directors. These limits shouldbe allocated to business units and individualtraders and be clearly understood by all relevantparties. Internal controls should ensure thatexceptions to limits are detected and adequatelyaddressed by management. In practice, somelimit systems include additional elements, suchas stop-loss limits and trading guidelines, thatmay play an important role in controlling risk atthe trader and business-unit level. Examinersshould include these elements in their review ofthe limit system. Other institutions may haveseveral levels of limits informally allocated byproduct or by staff. For example, policy guide-lines may give head traders substantial discre-tion in allocating limits among staff. Someinstitutions that permit traders to take positionsin multiple instruments may apply limits broadlyacross the organization, with sublevels of advi-sory limits when gross exposures exceed a givenpercentage, such as 75 percent, of overall levels.

When analyzing an institution’s limits, exam-iners should evaluate the size of limits againstthe institution’s financial strength. The risksresulting from full utilization of an institution’slimits should not compromise its safety andsoundness. Examiners should also evaluate thepercentage of limit use over time. Excessivelylarge limits may circumvent normal reportinglines; an increase in activity or position may notbe properly highlighted to senior management.Conversely, overly restrictive limits which arefrequently exceeded may undermine the disci-pline of the limit structure in place. Finally,examiners should evaluate profitability alongwith position taking. Institutions should be ableto explain abnormal daily profits or losses giventhe size of their positions.

The following is a summary of limits fre-quently used by financial institutions:

• Limits on net and gross positions.Limits maybe placed on gross positions, net positions, orboth. Limits on gross positions restrict the sizeof a long or short position in a given instru-ment. Limits on net positions, on the otherhand, attempt to recognize the natural offset oflong and short positions. Institutions generallyshould employ both types of limits in theirrisk management.

• Maximum allowable loss (‘‘stop-loss’’).Lim-its may be established to avoid the accumula-

tion of excessive losses in a position. Typi-cally, if these limits are reached, a seniormanagement response is required to hedge orliquidate a position. These limits are usuallymore restrictive than overall position limits.Typical stop-loss limits are retrospective andcover cumulative losses for a day, week, ormonth.

• Value-at-risk limits.Management may placelimits on the extent to which the value of aportfolio is affected by changes in underlyingrisk factors. Limits can be specified as themaximum loss for a specified scenario (forexample, a 100 basis point change in rates) orfor scenarios defined at some specified confi-dence level derived from internal VAR mea-sures (for example, 99 percent of possibleoccurrences over a one-day time horizon).Generally, measures of sensitivity are basedon historical volatilities of risk.

• Maturity gap limits. These limits enable aninstitution to control the risk of adversechanges in rates for the periods designated inthe institution’s planning time horizon. Limitsmight range from stated absolute amounts foreach time frame to weighted limits that em-phasize increasing rate-movement exposureapplicable to the relative distance into thefuture in which the gap appears. In addition,these limits should specify the maximummaturity of the specific instrument or combi-nation of instruments. Typically, institutionsemploy maturity gap limits to control risksarising from nonparallel shifts in yield curvesand forward curves.

• Limits on options positions.An institutionshould place unique limits on options posi-tions to adequately control trading risks.Options limits should include limits whichaddress exposures to small changes in theprice of the underlying instrument (delta), rateof change in the price of the underlyinginstrument (gamma), changes in the volatilityof the price of the underlying instrument(vega), changes in the option’s time to expi-ration (theta), and changes in interest rates(rho).

• Limits for volatile or illiquid markets.Man-agement may choose to limit trading in espe-cially volatile markets, in which losses couldaccumulate quickly, or in illiquid markets, inwhich management may be forced to take aloss to close a position it cannot offset.

Market Risk 2010.1


Market RiskExamination Objectives Section 2010.2

1. To evaluate the organizational structure ofthe market-risk-management function.

2. To evaluate the adequacy of internal market-risk-management policies and proceduresfor capital-markets and trading activitiesand to determine that actual operating prac-tices reflect such policies.

3. To identify the market risks of the insti-tution.

4. To determine if the institution’s market-risk-measurement system has been correctlyimplemented and adequately measures theinstitution’s market risks.

5. To determine how the institution measuresnonstandard products such as exotic options,structured financings, and certain mortgage-backed securities.

6. To determine if senior management and theboard of directors of the financial institution

understand the potential market exposuresof the capital-markets and trading activitiesof the institution.

7. To ensure that business-level managementhas formulated contingency plans forilliquid market conditions.

8. To review management information sys-tems for comprehensive coverage of marketrisks.

9. To assess the effectiveness of the globalrisk-management system and determine if itcan evaluate market, liquidity, credit, opera-tional, and legal risks and that managementat the highest level is aware of the institu-tion’s global exposure.

10. To recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient.


Market RiskExamination Procedures Section 2010.3

These procedures list processes and activitiesthat may be reviewed during a full-scope exami-nation. The examiner-in-charge will establishthe general scope of examination and work withthe examination staff to tailor specific areas forreview as circumstances warrant. As part of thisprocess, the examiner reviewing a function orproduct will analyze and evaluate internal auditcomments and previous examination work-papers to assist in designing the scope of exami-nation. In addition, after a general review of aparticular area to be examined, the examinershould use these procedures, to the extent theyare applicable, for further guidance. Ultimately,it is the seasoned judgment of the examiner andthe examiner-in-charge that determines whichprocedures are warranted in examining anyparticular activity.

1. Review the market-risk-managementorganization.a. Check that the institution has a market-

risk-management function with sepa-rate reporting lines from traders andmarketers.

b. Determine if market-risk-control person-nel have sufficient credibility in the finan-cial institution to question traders’ andmarketers’ decisions.

c. Determine if market-risk management isinvolved in new-product discussions.

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instruments.Obtain copies of all risk-managementreports prepared by the institution.a Define the use and purpose of the insti-

tution’s capital-markets products.b. Define the institution’s range, scope, and

size of risk exposures. Determine theproducts in which the institution makesmarkets. Determine the hedging instru-ments used to hedge these products.

c. Evaluate market-risk-control personnel’sdemonstrated knowledge of the productstraded by the financial institution andtheir understanding of current and poten-tial exposures.

3. Obtain and evaluate the adequacy of risk-management policies and procedures forcapital-markets and trading activities.a. Review market-risk policies, procedures,

and limits. Determine whether the risk-measurement model and methodologyadequately address all identified marketrisks and are appropriate for the institu-tion’s activities.

b. Review contingency market-risk plansfor adequacy.

c. Check that limits are in place for marketexposures before transacting a deal. Ifthe financial institution relies on one-offapprovals, check that the approval pro-cess is well documented.

d. Review accounting and revaluation poli-cies and procedures. Determine thatrevaluation procedures are appropriate.

4. Determine the credit rating and marketacceptance of the financial institution as acounterparty in the markets.

5. Obtain all management information analyz-ing market risk.a. Determine the comprehensiveness, accu-

racy, and integrity of analysis.b. Review valuation and simulation meth-

ods in place.c. Review stress tests, analyzing changes in

market conditions.d. Determine whether the management

information reports accurately reflectrisks and that reports are provided to theappropriate level of management.

6. Determine if any recent market disruptionshave affected the institution’s trading activi-ties. If so, determine the institution’s marketresponse.

7. Establish that the financial institution isfollowing its internal policies and proce-dures. Determine whether the establishedlimits adequately control the range of mar-ket risks. Determine whether managementis aware of limit excesses and takes appro-priate action when necessary.

8. Determine whether the institution has estab-lished an effective audit trail that summa-rizes exposures and management approvalswith the appropriate frequency.

9. Determine whether management consideredthe full range of exposures when establish-ing capital-at-risk exposures.a. Determine if the financial institution

established capital-at-risk limits whichaddress both normal and distressed mar-ket conditions.


b. Determine if senior management and theboard of directors are advised of market-risk exposures in times of market dis-ruption and under normal marketconditions.

10. Determine that business managers havedeveloped contingency plans which outlineactions to be taken in times of marketdisruption to minimize losses as well as thepotential damage to the institution’s market-making reputation.

11. Based on information provided, determinethe institution’s exposure from dynamichedging strategies during times of marketdisruption.

12. Recommend corrective action when poli-cies, procedures, practices, internal con-trols, and management information systemsare found to be deficient.

2010.3 Market Risk: Examination Procedures


Market RiskInternal Control Questionnaire Section 2010.4

1. Review the market-risk-managementorganization.a. Does the institution have a market-risk-

management function with separatereporting lines from traders andmarketers?

b. Do market-risk-control personnel havesufficient credibility in the financialinstitution to question traders’ and mar-keters’ decisions?

c. Is market-risk management involved innew-product discussions in the financialinstitution?

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instrumentsand obtain copies of all risk-managementreports prepared.a. Do summaries identify all the institu-

tion’s capital-markets products?b. Define the role that the institution takes

for the range of capital-markets prod-ucts. Determine the hedging instrumentsused to hedge these products. Is theinstitution an end-user, dealer, marketmaker? In what products?

c. Do market-risk-control personnel dem-onstrate knowledge of the products tradedby the financial institution? Do theyunderstand the current and potentialexposures to the institution?

3. Does the institution have comprehensive,written risk-management policies and pro-cedures for capital-markets and tradingactivities?a. Have limits been approved by the board

of directors?b. Have policies, procedures, and limits

been reviewed and reapproved within thelast year?

c. Are market-risk policies, procedures, andlimits clearly defined?

d. Are the limits appropriate for the insti-tution and the level of capital-marketsand trading activity?

e. Do the limits adequately distinguishbetween trades used to manage the insti-tution’s asset-liability mismatch positionand discretionary trading activity?

f. Are there contingency market-risk plans?g. Are there appropriate accounting and

revaluation policies and procedures?

h. Do the policies authorize the use ofappropriate hedging instruments?

i. Do the policies address the use ofdynamic hedging strategies?

j. Do the policies establish market-risk lim-its which consider bid/ask spreads for thefull range of products in normal mar-kets?

k. Do the policies provide an explanation ofthe board of directors’ and senior man-agement’s philosophy regarding illiquidmarkets?

l. Do the policies establish market-risk lim-its which consider bid/ask spreads indistressed markets? How do the policiesreflect liquidity concerns?

m. Are limits in place for market exposuresbefore transacting a deal? If the financialinstitution relies on one-off approvals, isthe approval process well documented?

4. If the financial institution has recentlyexperienced a ratings downgrade, ascertainthe impact of the credit-rating downgrade.What has been the market response to thefinancial institution as a counterparty in themarkets? Have instances in which the insti-tution provides collateral to its counterpar-ties significantly increased?

5. Obtain all management information analyz-ing market risk.a. Is management information comprehen-

sive and accurate, and is the analysissound?

b. Are the simulation assumptions for anormal market scenario reasonable?

c. Are stress tests analyzing changes inmarket condition appropriate? Are themarket assumptions reasonable?

d. Do management information reportsaccurately reflect risks? Are reportsprovided to the appropriate level ofmanagement?

6. If there have been any recent market dis-ruptions affecting the institution’s tradingactivities, what has been the institution’smarket response?

7. Is the financial institution following itsinternal policies and procedures? Do theestablished limits adequately control therange of market risks? Are the limits appro-priate for the institution’s level of activity?Is management aware of limit excesses?


Does management take appropriate actionwhen necessary?

8. Has the institution established an effectiveaudit trail that summarizes exposures andmanagement approvals with the appropriatefrequency? Are risk-management, revalua-tions, and close-out valuation reserves sub-ject to audit?

9. Has management considered possible mar-ket disruptions when establishing capital-at-risk exposures?a. Has the financial institution established

capital-at-risk limits which address bothnormal and distressed market condi-tions? Are these limits aggregated on aglobal basis?

b. Are senior management and the board ofdirectors advised of market-risk expo-sures in illiquid markets?

10. Have business managers developed contin-gency plans which outline actions to betaken to minimize losses as well as tominimize the potential damage to the insti-tution’s market-making reputation when

market disruptions occur? Are manage-ment’s activities in times of market disrup-tions prudent?a. Do opportunities for liquidation or

unwinding of transactions exist?b. Is the depth (volume, size, number of

market makers) of the market such thatundue risk is not being taken?

c. If executed on an exchange, is the openinterest in the contract sufficient toensure that management would becapable of hedging or closing outopen positions in one-way directionalmarkets?

d. Can management execute transactions inlarge enough size to hedge and/or closeout market-risk exposures without result-ing in significant price adjustments?

11. Has management determined the institu-tion’s exposure to dynamic hedging strate-gies during times of market disruption?

12. Does the institution have a methodology foraddressing difficult-to-value products orpositions?

2010.4 Market Risk: Internal Control Questionnaire


Counterparty Credit Risk and Presettlement RiskSection 2020.1

Broadly defined, credit risk is the risk of eco-nomic loss from the failure of an obligor toperform according to the terms and conditionsof a contract or agreement. Credit risk exists inall activities that depend on the performance ofissuers, borrowers, or counterparties, and virtu-ally all capital-markets and trading transactionsinvolve credit exposure. Over-the-counter (OTC)derivative transactions such as foreign exchange,swaps, and options can involve particularlylarge and dynamic credit exposures. Accord-ingly, institutions should ensure that they iden-tify, measure, monitor, and control all of thevarious types of credit risks encountered in theirtrading of both derivative and nonderivativeproducts.

Credit risk should be managed through aformal and independent process guided byappropriate policies and procedures. Measure-ment systems should provide appropriate andrealistic estimates of the credit-risk exposureand should use generally accepted measurementmethodologies and techniques. The develop-ment of customer credit limits and the monitor-ing of exposures against those limits is a criticalcontrol function and should form the backboneof an institution’s credit-risk-management pro-cess. The most common forms of credit risksencountered in trading activities are issuer creditrisk and counterparty credit risk. Issuer risk isthe risk of default or credit deterioration of anissuer of instruments that are held as longpositions in trading portfolios. While the shorttime horizon of trading activities limits much ofthe issuer credit risk for relatively high-qualityand liquid instruments, other less-liquid instru-ments such as loans, emerging-market debt, andbelow-investment-quality debt instruments, maybe the source of significant issuer credit risk.

Counterparty risks, the most significant creditrisks faced in trading operations, consist of both‘‘presettlement’’ risk and ‘‘settlement’’ risk. Pre-settlement risk is the risk of loss due to acounterparty’s failure to perform on a contractor agreement during the life of a transaction. Formost cash instruments, the duration of this riskexposure is limited to the hours or days from thetime a transaction is agreed upon until settle-ment. However, in the case of many derivativeproducts, this exposure can often exist for aperiod of several years. Given this potentiallylonger-term exposure and the complexity asso-

ciated with some derivative instruments, banksshould ensure that they fully assess the presettle-ment credit risks involved with such instru-ments. This section discusses the nature of thecredit risks involved in trading activities andreviews basic credit-risk-management issues.

Settlement risk is the risk of loss when aninstitution meets its obligation under a contract(through either an advance of funds or securi-ties) before the counterparty meets its obliga-tion. Failures to perform at settlement can arisefrom counterparty default, operational prob-lems, market liquidity constraints, and otherfactors. Settlement risk exists from the time anoutgoing payment instruction cannot be recalleduntil the incoming payment is received withfinality. This risk exists with any traded productand is greatest when delivery is made in differ-ent time zones. Issues and examination proce-dures regarding settlement risk are discussed atlength in section 2021.1.

CREDIT-RISK-MANAGEMENTORGANIZATION

An institution’s process and program for man-aging credit risks should be commensurate withthe range and scope of its activities. Institutionswith relatively small trading operations in non-complex instruments may not need the samelevel of automated systems and policies, or thesame level of highly skilled staff, as firms thatmake markets in a variety of cash and derivativeproducts.

Credit-risk management should begin at thehighest levels of the organization, with credit-risk policies approved by the board of directors,the formation of a credit-risk policy committeeof senior management, a credit-approval pro-cess, and credit-risk management staff whomeasure and monitor credit exposures through-out the organization. Although the organiza-tional approaches used to manage credit riskmay vary, the credit-risk management of tradingactivities should be integrated into the overallcredit-risk management of the institution to thefullest extent practicable. With regard to poli-cies, most complex banking organizations appearto have extensive written policies covering theirassessment of counterparty creditworthiness forboth the initial due-diligence process (that is,

Trading and Capital-Markets Activities Manual September 1999Page 1

before conducting business with a customer)and ongoing monitoring. However, examinersshould focus particular attention on how suchpolicies are structured and implemented.

Typically, credit-risk management in tradingoperations consists of (1) developing andapproving credit-exposure measurement stan-dards, (2) setting counterparty credit limits,(3) monitoring credit-limit usage and reviewingcredits and concentrations of credit risk, and(4) implementing minimum documentation stan-dards. In general, staff responsible for approvingexposures should be segregated from thoseresponsible for monitoring risk limits and mea-suring exposures. Traders and marketers shouldnot be permitted to assume risks without ade-quate institutional credit-risk controls.

Institutions with very large trading operationsoften have a credit function in the trading area;staff in this area develop a high level of exper-tise in trading-product credit analysis and meetthe demand for rapid credit approval in a tradingenvironment. To carry out these responsibilitieswithout compromising internal controls, thecredit-risk-management function must be inde-pendent of these marketing and trading person-nel who are directly involved in the execution ofthe transactions. While the credit staff in thetrading area may possess great expertise intrading-product credit analysis, the personsresponsible for the institution’s global creditfunction should have a solid understanding ofthe measurement of credit-risk exposures intrading products and the techniques available tomanage those exposures. The examiner’s reviewof credit-risk management in trading activitiesshould evaluate the quality and timeliness ofinformation going to the global credit functionand the way that information is integrated intoglobal exposure reports.

Examiners should evaluate whether bankinginstitutions—

• devote sufficient resources and adequate atten-tion to the management of the risks involvedin growing, highly profitable, or potentiallyhigh-risk activities and product lines;

• have internal audit and independent risk-management functions that adequately focuson growth, profitability, and risk criteria intargeting their reviews;

• achieve an appropriate balance among allelements of credit-risk management, includ-ing both qualitative and quantitative assess-ments of counterparty creditworthiness; mea-

surement and evaluation of both on- andoff-balance-sheet exposures, including poten-tial future exposure; adequate stress testing;reliance on collateral and other credit enhance-ments; and the monitoring of exposures againstmeaningful limits;

• employ policies that are sufficiently calibratedto the risk profiles of particular types ofcounterparties and instruments to ensure ade-quate credit-risk assessment, exposure mea-surement, limit setting, and use of creditenhancements;

• ensure that actual business practices conformwith stated policies and their intent; and

• are moving in a timely fashion to enhancetheir measurement of counterparty-credit-riskexposures, including refining potential futureexposure measures and establishing stress-testing methodologies that better incorporatethe interaction of market and credit risks.

To adequately evaluate these conditions, exam-iners should conduct sufficient and targetedtransaction testing. See SR-99-3 (February 1,1999).

CREDIT-RISK MEASUREMENT

Appropriate measurement of exposures is essen-tial for effective credit-risk management in trad-ing operations. For most cash instruments, pre-settlement credit exposure is measured as currentcarrying value. However, in the case of manyderivative contracts, especially those traded inOTC markets, presettlement exposure is mea-sured as the current value or replacement cost ofthe position, plus an estimate of the institution’spotential future exposure to changes in thereplacement value of that position over the termof the contract. The methods used to measurecounterparty credit risk should be commensu-rate with the volume and level of complexity ofthe instruments involved. Importantly, measure-ment systems should use techniques that presenta relevant picture of the true nature of the creditexposures involved. Some techniques used tomeasure presettlement risk can generate verylarge exposure estimates that, by definition, areunlikely to materialize. Unrealistic measures ofcredit exposure suggest important flaws in theinstitution’s risk-management process and shouldreceive special examiner attention.

2020.1 Counterparty Credit Risk and Presettlement Risk

September 1999 Trading and Capital-Markets Activities ManualPage 2

Presettlement Risk

Presettlement credit exposure for cash instru-ments is measured as the current carrying value,which for trading operations is the market valueor fair value of the instrument. Market valuescan be obtained from direct market quotationsand pricing services or, in the case of morecomplex instruments, may be estimated usinggenerally accepted valuation techniques. Forderivative contracts, credit exposure is mea-sured as the current value or replacement cost ofthe position, plus an estimate of the institution’spotential future exposure to changes in thatreplacement value in response to market pricechanges. Together, replacement cost and esti-mated potential future exposure make up theloan-equivalent value of a derivative contract.

For derivative contracts, presettlement expo-sure to a counterparty exists whenever a con-tract’s replacement cost has positive value to theinstitution (‘‘in the money’’) and negative valueto the counterparty (‘‘out of the money’’). Thecurrent replacement cost of the contract is itsmark-to-market value. If a counterparty defaultson a transaction before settlement or expirationof the deal, the other counterparty has an imme-diate exposure which must be filled. If thecontract is in the money for the nondefaultingparty, then the nondefaulting counterparty hassuffered a credit loss. Thus, all deals with apositive mark-to-market value represent actualcredit exposure. The replacement cost of deriva-tive contracts is usually much smaller than theface or notional value of derivative transactions.

Some derivatives involving firm commit-ments, such as swaps, initially have a zero netpresent value and, therefore, no replacementcost at inception. At inception, the only potentialfor credit exposure these contracts have is whatcan arise from subsequent changes in the marketprice of the instrument, index, or interest rateunderlying them. Once market prices move tocreate a positive contract value, the contract hasthe current credit-risk exposure of its replace-ment cost as well as the potential credit expo-sure that can arise from subsequent changes inmarket prices.

Options and derivative contracts which con-tain options (for example, swaptions and rate-protection agreements) face both current andpotential credit exposure. However, a differencewith option contracts is that they have a positivevalue at inception reflected by the premium paid

by the purchaser to the writer of the option. Thevalue of the purchased option may be reduced asa result of market movements, but cannot becomenegative. The seller or writer of an optionreceives a premium, usually at inception, andmust deliver the underlying at exercise. There-fore, the party that buys the option contract willalways have credit exposure when the option isin the money, and the party selling the optioncontract will have none, except for settlementrisk while awaiting payment of the premium.

Potential Future Exposure

Potential future exposure is an estimate of therisk that subsequent changes in market pricescould increase credit exposure. In measuringpotential exposure, institutions attempt to deter-mine how much a contract can move into themoney for the institution and out of the moneyfor the counterparty over time. Given the impor-tant interrelationships between the market-riskand credit-risk exposures involved in banks’derivative activities that have been emphasizedover the past two years of financial-marketturbulence, examiners should be alert to situa-tions in which banks may need to enhance theircurrent computations of potential future expo-sures and loan equivalents used to measure andmonitor their derivative counterparty creditexposure.

Estimating potential exposure can be subjec-tive, and firms approach its measurement inseveral different ways. One technique is to use‘‘rules of thumb’’ or factors, such as percentagesof the notional value of the contract, similar tothe ‘‘add-on’’ factors used in bank risk-basedcapital. Institutions using such an approachshould be able to demonstrate that the rules ofthumb or factors provide adequate estimates ofpotential exposure. For example, differences inthe add-ons used for different instruments shouldreflect differences in the volatility of the under-lying instruments and in the tenor (or maturity)across instruments, and should be adjusted peri-odically to reflect changes in market conditionsand the passage of time.

A more sophisticated and complex practice ofmeasuring the potential exposure of derivativesis to statistically estimate the maximum prob-able value that the derivative contract mightreach over a specified time horizon, whichsometimes may be the life of the contract. Thisis often done by estimating the highest value the

Counterparty Credit Risk and Presettlement Risk 2020.1


contract will achieve within some confidenceinterval (for example, 95, 97.5, or 99 percentconfidence) based on the estimated distributionof the contract’s possible values at each point intime over the time horizon, given historicalchanges in underlying risk factors. The specifiedpercentile or confidence level of the distributionrepresents the maximum expected value ofthe contract at each point over the time horizon.

The time horizon used to calculate potentialfuture exposure can vary depending on thebank’s risk tolerance, collateral protection, andability to terminate its credit exposure. Someinstitutions may use a time horizon equal to thelife of the respective instrument. While such atime horizon may be appropriate for unsecuredpositions, for collateralized exposures, the useof lifetime, worst-case estimates of potentialfuture exposure may be ineffective in measuringthe true nature of counterparty risk exposure—especially given the increasing volatility andcomplexity of financial markets and derivativesinstruments. While life-of-contract potentialfuture exposure measures provide an objectiveand conservative long-term exposure estimate,they bear little relationship to the actual creditexposures banks typically incur in the case ofcollateralized relationships. In such cases, abank’s actual credit exposure is the potentialfuture exposure from the time a counterpartyfails to meet a collateral call until the time thebank liquidates its collateral—a period which istypically much shorter than the contract’s life.For some institutions, more realistic measures ofcollateralized exposures in times of market stressare needed. These measures should take intoaccount the shorter time horizons over whichaction can be taken to mitigate losses. Theyshould also incorporate estimates of collateral-recovery rates given the impact of potentialmarket events on the liquidity of collateralvalues.

Institutions with vigorous monitoring systemscan employ additional credit-risk-measurementmethodologies that will tend to generate moreprecise and often smaller reported exposurelevels. Some institutions already calculate suchmeasures by assessing the worst-case value ofpositions over a time horizon of one or twoweeks—their estimate of a reasonable liquida-tion period in times of stress. Other institutionsare moving to build the capability of estimatingportfolio-based potential future exposures byany one of several different time horizons orbuckets, owing to the liquidity and breadth of

the underlying instrument or risk factor. Someinstitutions measure the ‘‘expected’’ exposure ofa contract in addition to its maximum probableexposure. The expected exposure is the mean ofall possible probability-weighted replacementcosts estimated over the specified time horizon.This calculation may reflect a good estimate ofthe present value of the positive exposure that islikely to materialize. As such, expected expo-sure can be an important measure for use in aninstitution’s internal pricing, limit-setting, andcredit-reserving decisions. However, expectedexposure is by definition lower than maximumprobable exposure and may underestimatepotential credit exposure. For this reason,expected exposure estimates are not frequentlyused as loan-equivalent amounts in assessingcapital adequacy from either an internal orregulatory basis.

Statistically generated measures of futureexposure use sophisticated risk-measurementmodels that, in turn, involve the use of importantassumptions, parameters, and algorithms. Insti-tutions using such techniques should ensure thatappropriate controls are in place regarding thedevelopment, use, and periodic review of themodels and their associated assumptions andparameters. The variables and models used forboth replacement cost and potential exposureshould be approved and tested by the credit-risk-management function and should be subject toaudit by independent third parties with adequatetechnical qualifications. The data-flow processshould also be subject to audit to ensure dataintegrity. Equally important are the approval andtesting of information systems that report posi-tions. The functions responsible for managingcredit risk should validate any modifications tomodels made to accommodate new products orvariations on existing products.

Aggregate Exposures

In measuring aggregate presettlement credit-riskexposures to a single counterparty, institutionsmay use either a transactions approach or a port-folio approach. Under a transactions approach,the loan-equivalent amounts for each derivativecontract with a counterparty are added together.Some institutions may take a purely transac-tional approach to aggregation and do not incor-porate the netting of long and short derivativescontracts, even when legally enforceable bilat-eral netting agreements are available. In such



cases, simple sum estimates of positive expo-sures may seriously overestimate true creditexposure, and examiners should monitor andencourage an institution’s movement towardmore realistic measures of counterparty expo-sure. When they exist, legally enforceable close-out netting agreements should be factored intothese measurements, whatever approach is usedto obtain them. Master close-out netting agree-ments are bilateral contracts intended to reducepresettlement credit risk in the event that acounterparty becomes insolvent before settle-ment. Upon default, the nondefaulting party netsgains and losses with the defaulting counter-party to a single payment for all covered trans-actions. All credit-risk-exposure measures shouldfully reflect the existence of such legally bindingnetting agreements as well as any other creditenhancements.

Some financial institutions measure potentialcredit-risk exposures on a portfolio basis, whereinformation systems allow and incorporate net-ting (both within and across products, businesslines, or risk factors) and portfolio correlationeffects to construct a more comprehensive coun-terparty exposures measure. The portfolioapproach recognizes the improbability that alltransactions with a given counterparty will reachtheir maximum potential exposure at the sametime as is implicitly assumed under the transac-tions approach. The portfolio approach usessimulation modeling to calculate aggregateexposures through time for each counterparty.As discussed in section 2070.1, ‘‘Legal Risk,’’gains and losses may be offset in measuringpotential credit-risk exposure with the portfolioapproach. If legally enforceable netting is not inplace, then the sum of contracts with positivevalue under the simulation should be used as ameasure of potential exposure. Contracts withnegative value should only be considered as anoffset for gains when netting is deemed to belegally enforceable. If executed correctly, theportfolio approach may provide a more realisticmeasurement of potential credit exposure for theportfolio than simply summing the potentialworst-case exposures for each instrument in theportfolio. Whatever approach is used, the credit-risk-management function should clearly definethe measurement aggregation methodology andapply it consistently across all instruments andtypes of capital-markets exposures.

In addition, examiners should ensure that aninstitution has adequate internal controls gov-erning exposure estimation, including robust

model-review processes and data integritychecks. Examiners should be aware that somebanks may need to develop more meaningfulmeasures of credit-risk exposures under volatilemarket conditions by developing and implement-ing timely and plausible stress tests of counter-party credit exposures. Stress testing shouldevaluate the impact of large market moves onthe credit exposure to individual counterpartiesand on the inherent liquidation effects. Stresstesting also should consider liquidity impacts onunderlying markets and positions, and theireffect on the value of any collateral received.Moreover, stress-testing results should be incor-porated in senior management reports and pro-vide sufficient information to trigger risk-reducing actions when necessary. Simplyapplying higher confidence intervals or longertime horizons to potential future exposure mea-sures may not capture the market and exposuredynamics under turbulent market conditions,particularly as they relate to the interactionbetween market, credit, and liquidity risk.Examiners should determine whether stress test-ing has led to risk-reducing actions or a redefi-nition of the institution’s risk appetite underappropriate circumstances.

Global Exposures

While an institution may use various methods tomeasure the credit exposure of specific types ofinstruments, credit exposures for both loans andcapital-markets products should be consolidatedby counterparty to enable senior management toevaluate the overall counterparty credit risk. Toobtain an aggregate, institution-wide creditexposure for a customer in the global credit-risk-management system, many institutions use therisk in commercial loans as a base and convertcredit-risk exposures in capital-markets instru-ments, both on- and off-balance-sheet, to thesame base using loan-equivalent amounts.Together these two measures can be added toany other credit exposures to get the total creditexposure to a given counterparty.

CREDIT ENHANCEMENTS

As the derivatives market has expanded so hasthe number of market participants with lowercredit ratings. Accordingly, institutions have



increased the use of credit enhancements in thederivatives marketplace. Some of the more com-mon credit enhancements include the following:

• Collateral arrangements in which one or bothcounterparties agree to pledge collateral, usu-ally consisting of cash or liquid securities, tosecure credit exposures arising from deriva-tive transactions.

• Special-purpose vehicles (SPVs) that can beseparately capitalized subsidiaries or speciallydesigned collateral programs organized toobtain a triple A counterparty credit rating.

• Mark-to-market cash settlement in which coun-terparties periodically mark transactions tomarket and make cash payments equal to theirnet present value, thus reducing any exposureto a preset threshold.

• Option-to-terminate or ‘‘close out’’ contractswhich give either counterparty, after an agreed-upon interval, the option to instruct the otherparty to cash settle and terminate a transactionbased on the transaction’s net present value asquoted by agreed-upon reference dealers. Theexistence of the option allows both parties toview the transaction as having a maturitywhich is effectively reduced to the term of theoption.

• Material-change triggers that convey the rightto change the terms of or terminate a contractif a prespecified credit event occurs such as arating downgrade, failure to pay or deliver, anadverse change in the counterparty’s financialstanding, or a merger event. Credit events maytrigger the termination of a contract, theimposition of a collateral requirement, orstricter collateral terms.

Credit enhancements and other nonprice termsshould be tailored to the counterparty and closelylinked to assessments of counterparty creditquality.

Collateral Arrangements

Collateral arrangements are becoming an increas-ingly common form of credit enhancement inthe derivatives market. There are generally twotypes of collateral arrangements. In the firsttype, the counterparty does not post collateraluntil exposure has exceeded a prespecifiedamount (threshold). The second type of collat-eral arrangement requires an initial pledge of

liquid assets (initial margin) and often involvescalls for additional collateral based on a periodicmarking to market of the position. This type ofarrangement is intended to reduce the frequencyof collateral movements and protect the institu-tion against unanticipated swings in creditexposure. Collateral agreements can requireeither one or both counterparties to pledgecollateral. Increasingly, collateral arrangementsare being formed bilaterally, where either coun-terparty may be asked to post collateral, depend-ing on whose position is out of the money.

The use of collateral raises several importantconsiderations. Similar to other credit enhance-ments, collateralization mitigates but does noteliminate credit risk. To the extent that collateralis sufficient, credit risk is transferred from thecounterparty to the obligor of the collateralinstrument. However, institutions should ensurethat overreliance on collateralization does notcompromise other elements of sound counter-party credit risk management, such as the due-diligence process. In addition, collateralizationmay reduce credit risk at the expense of increas-ing other risks, such as legal, operational, andliquidity risk. For instance, heavy reliance oncollateral-management systems poses increasedoperational risk. Collateral agreements must bemonitored, the collateral posted must be trackedand marked to market, and the physical safe-keeping of the collateral must be ensured. Finally,the use of collateral is potentially more costlythan other forms of credit enhancements, in partbecause it requires a substantial investment insystems and back-office support.

The fundamental aspects of a collateral rela-tionship are usually specified in a security agree-ment or in the credit annex of a master nettingagreement. The calculation of required collat-eral is usually based on the net market value ofthe portfolio. The amount of required collateraland appropriate margin levels are largely deter-mined by the volatility of the underlying port-folio, the frequency of collateral calls, and thetype of counterparty. In general, the higher thevolatility of an underlying portfolio, the greaterthe amount of collateral and margin required.Frequent collateral calls will result in smalleramounts of margin and collateral posted. Insti-tutions should be aware that if volatility increasesbeyond what is covered in the predeterminedmargin level, credit exposure to a counterpartymay be greater than originally anticipated. Forthis reason, institutions generally revalue boththe portfolio and the collateral regularly.



The amount of collateral and margining levelsalso should be based on the type of counterpartyinvolved. Policies should not be overly broad soas to compromise the risk-reducing nature ofcollateral agreements with certain types of coun-terparties. Indeed, policies governing collateralarrangements should specifically define thosecases in which initial and variation margin isrequired, and should explicitly identify situa-tions in which lack of transparency, business-line risk profiles, and other counterparty charac-teristics merit special treatment. Whenappropriate to the risk profile of the counter-party, policies should specify when marginingrequirements based on estimates of potentialfuture exposures might be warranted.

Securities that are posted as collateral aregenerally subject to haircuts, with the mostliquid and least volatile carrying the smallesthaircuts. Acceptable forms of collateral tradi-tionally include cash and U.S. Treasury andagency securities. However, letters of credit,Eurobonds, mortgage-backed securities, equi-ties, and corporate bonds are increasingly beingconsidered acceptable collateral by some marketparticipants. Institutions that actively accept col-lateral should ensure that haircuts for instru-ments accepted as collateral are reviewed atleast annually to reflect their volatility andliquidity.

Collateral arrangements sometimes includerehypothecation rights, in which a counterpartyrepledges collateral to a third party. Institutionswith rehypothecation rights may be exposed tothe risk that the third party holding the rehypoth-ecated collateral may fail to return the collateralor may return a different type of collateral.Institutions should ensure that they review thelegal issues arising from collateral arrangementscarefully, especially when rehypothecation rightsare involved and when different locales canclaim jurisdiction over determining the effective-ness of security interests. Rehypothecation ofcollateral may have an impact on a counterpar-ty’s right to set off the value of the collateralagainst amounts owed by a defaulting counter-party. In addition, institutions should review thelaws of jurisdictions to which they are poten-tially subject to determine the potential effectsof stays and the competing claims of othercreditors on the enforcement of security interests.

Institutions with collateralization programsshould establish policies and procedures thataddress position and collateral revaluations, thefrequency of margin calls, the resolution of

valuation disputes, the party holding the collat-eral, the window of time allowed for movingcollateral, trigger thresholds, closeout rights,and rehypothecation. In addition, these policiesand procedures should address the process ofoverriding credit limits, making margin calls,and waiving margin requirements.

In September 1998, the Committee of Pay-ment and Settlement Systems and the Euro-currency Standing Committee (now the Com-mittee on the Global Financial System) of thecentral banks of the Group of Ten countriespublished a report entitled ‘‘OTC DerivativesSettlement Procedures and Counterparty RiskManagement’’ that recommended that deriva-tives counterparties carefully assess the liquid-ity, legal, custody, and operational risks of usingcollateral. The report made the following spe-cific recommendations to counterparties:

• Counterparties should review the backlogs ofunsigned master agreements and outstandingconfirmations and take appropriate steps tomanage the risks effectively.

• Counterparties should assess the potential forreducing backlogs and associated risks throughuse of existing or new systems for the elec-tronic exchange or matching of confirmations.

• Counterparties should assess the potential forclearinghouses for OTC derivatives to reducecredit risks and other counterparty risks, tak-ing into account the effectiveness of the clear-inghouse’s risk-management procedures andthe effects on contracts that are not cleared.

In March 1999, the International Swaps andDerivatives Association (ISDA) published its1999 collateral review. The ISDA collateralreview was an assessment of the effectiveness ofexisting collateral-management practices and rec-ommendations for improvements in those prac-tices. Among the market-practice recommenda-tions for counterparties arising from the ISDAcollateral review were the following:

• Counterparties should understand the role ofcollateral as a complement to, not a replace-ment for, credit analysis tailored to the riskprofile presented by the counterparty, type oftransaction, size of potential future exposure,term of risk, and other relevant factors.

• Counterparties should assess the secondaryrisks of collateralization, for example:— Legal risk.The risk that close-out netting



provisions under a master agreement arenot enforceable upon the counterparty’sinsolvency, thus allowing the bankruptcyrepresentative to ‘‘cherry pick’’ and repu-diate contracts.

— Operational risk.The risk that deficienciesin information systems or internal controlscould result in losses.

— Credit risk. Replacement-cost risk when acounterparty defaults prior to settlement,and settlement risk

— Correlation risk. Default may be highlycorrelated with the market value of thecontract, as was the case with dollar-denominated instruments held by counter-parties in emerging-market countries.

— Liquidity risk. Close-out provisions trig-gered by a ratings downgrade may createsubstantial liquidity demands at a timewhen meeting those demands is particu-larly costly.

• Counterparties should centralize and automatethe collateral function and reconciliation pro-cedures and impose a rigorous control envi-ronment.

• Counterparties should coordinate the collat-eral, payments, and settlement functions inorder to maximize information flows regard-ing counterparties and markets in stress situ-ations.

• Counterparties should consider the use of awider range of assets as collateral and acceptcash when a collateral-delivery failure occurs.(Counterparties often do not wish to acceptcash because of the costs of reinvestment.)

• Counterparties should establish clear internalpolicies and methodologies for setting initialmargins based on the volatility of the value ofthe derivative position.

• When setting haircut levels, counterpartiesshould ensure that appropriate asset pricevolatility measures are considered over theappropriate timeframe.

• Counterparties should ensure that collateralagreements address the potential for changesin credit quality over the course of the trans-action.

Other Credit Enhancements

Adequate polices should also govern the use ofmaterial-change triggers and close-out provi-sions, which should take into account

counterparty-specific situations and risk pro-files. For example, close-out provisions basedon annual events or material-change triggersbased on long-term performance may proveineffective for counterparties whose risk profilescan change rapidly.

In evaluating an institution’s management ofits collateral arrangements and other credit en-hancements, examiners should assess not onlythe adequacy of policies but should determinewhether internal controls are sufficient to ensurethat practices comply with these policies.Accordingly, in reviewing targeted areas dealingwith counterparty credit risk management,examiners should identify the types of creditenhancements and contractual covenants usedby an institution and determine whether theinstitution has sufficiently assessed theiradequacy relative to the risk profile of thecounterparty. Finally, examiners should be alertto situations in which collateralized exposuresmay be mis-estimated, and they should encour-age management at these institutions to enhancetheir exposure-measurement systems andcollateral-protection programs accordingly.

COUNTERPARTY ASSESSMENT

As with traditional banking transactions, anindependent credit function should conduct aninternal credit review before engaging in trans-actions with a prospective counterparty. Creditguidelines should be employed to ensure thatlimits are approved for only those counterpartiesthat meet the appropriate credit criteria, incor-porating any relevant credit support. The credit-risk-management function should verify thatlimits are approved by credit specialists withsufficient signing authority.

The quick credit-approval process oftenrequired in trading operations may lead financialinstitutions to conduct only summary financialanalysis. Institutions should ensure that the levelof financial analysis is adequate and that alltransactions have formal credit approval. If thecredit officers prefer not to establish a formalline for a new relationship, a transaction-specificwritten approval should be given based on thepotential exposure from the transaction. In mak-ing such one-off approvals, credit officers andcredit-risk management should keep settlementrisks in mind.



Broad policies that were structured in theinterests of flexibility to apply to all types ofcounterparties may prove inadequate for direct-ing bank staff in the proper review of the risksposed by specific types of counterparties. Theassessment of counterparties based on simplebalance-sheet measures and traditional assess-ments of financial condition may be adequatefor many types of counterparties. However,these assessments may be entirely insufficientfor those counterparties whose off-balance-sheetpositions are a source of significant leverage andwhose risk profiles are narrowly based on con-centrated business lines, such as with hedgefunds and other institutional investors.

General policies calling for annual counter-party credit reviews are another example ofbroad policies that may compromise the integ-rity of the assessment of individual counterpar-ties or types of counterparties—especially incases when a counterparty’s risk profile canchange significantly over much shorter timehorizons. Moreover, credit-risk assessment poli-cies should properly define the types of analysisto be conducted for particular types of counter-parties, based on the nature of their risk profile.In addition to customizing fundamental analysesbased on the industry and business-line charac-teristics of a counterparty, stress testing may beneeded when a counterparty’s creditworthinessmay be adversely affected by short-term fluctua-tions in financial markets—especially whenpotential credit exposure to a counterpartyincreases when credit quality deteriorates.

A key responsibility of examiners has alwaysbeen to identify areas where bank practices maynot conform to stated policies. These efforts aremade especially difficult when bank policieslack sufficient granularity, or specificity, to prop-erly focus bank-counterparty risk assessments.Accordingly, examiners should ensure that abank’s counterparty credit-risk assessment poli-cies are sufficiently defined to adequately addressthe risk profiles of specific types of counterpar-ties and instruments. Policies should specify(1) the types of counterparties that may requirespecial consideration; (2) the types and fre-quency of information to be obtained from suchcounterparties; (3) the types and frequency ofanalyses to be conducted, including the need forand type of any stress-testing analysis; and(4) how such information and analyses appro-priately address the risk profile of the particulartype of counterparty. This definition in policy isparticularly important when limited transpar-

ency may hinder market discipline on the risk-taking activities of counterparties—which mayhave been the case with hedge funds. Bankingorganizations should also understand their conter-parties’ business purpose for entering intoderivatives transactions with the institution.Understanding the underlying business rationalefor the transaction allows the institution toevaluate the credit, legal, and reputational risksthat may arise if the counterparty has enteredinto the transaction to evade taxes, hide losses,or circumvent legal or regulatory restrictions.

Even when credit-risk assessment policiesappear to be sufficiently defined, examinersshould place increasing emphasis on ensuringthat existing practice conforms with both thestated objectives and intent of the organization’sestablished policies. Quite often, in highly com-petitive and fast-moving transaction environ-ments, examiners found that the analyses speci-fied in policies, such as the review of acounterparty’s ability to manage the risks of itsbusiness, were not done or were executed in aperfunctory manner.

Necessary internal controls for ensuring thatpractices conform with stated policies includeactively enforced documentation standards andperiodic independent reviews by internal audi-tors or other risk-control units. Examiners shouldevaluate an institution’s documentation stan-dards and determine if internal reviews areadequately conducted for business lines, prod-ucts, exposures to particular groups of counter-parties, and individual customers that exhibitsignificant growth or above-normal profitability.As always, examiners should evaluate the integ-rity of these internal controls through their owntransaction testing of such situations, using tar-geted examinations and reviews. Testing shouldinclude robust sampling of transactions with aninstitution’s major counterparties in the targetedarea, as well as sufficient stratification to ensurethat practices involving smaller relationshipsalso adhere to stated policies.

In stratifying samples and selecting counter-parties and transactions on which to base tar-geted testing of practices and internal controls,examiners should incorporate measures ofpotential future exposure, regardless of whethersuch exposures are collateralized. As evidencedby banks’ experience with hedge-fund relation-ships in 1998, meaningful counterparty creditrisks during periods of stress can go undetectedif only unsecured exposures are used in transac-tion testing.


Trading and Capital-Markets Activities Manual September 2002Page 8.1

OTC and Exchange-TradedInstruments

Assessing the financial health of counterpartiesis a critical element in effectively identifyingand managing credit-risk exposures. Before con-ducting transactions, institutions should conductdue-diligence assessments of their potentialcredit-risk exposure to all of the parties thatmight be involved in the transaction. For OTCtransactions, this generally involves a singlecounterparty. For exchange-traded instruments,involved parties may include brokers, clearingfirms, and the exchange’s clearinghouse. Inexchange-traded transactions, the clearinghouseguarantees settlement of all transactions.

An institution’s policies should clearly iden-tify criteria for evaluating and approving bothOTC counterparties and, for exchange-tradedinstruments, all entities related to a transaction.For counterparties, brokers, and dealers, theapproval process should include a review oftheir financial statements and an evaluation ofthe counterparty’s ability to honor its commit-ments. An inquiry into the general reputation ofthe counterparty, dealer, or broker is also appro-priate. At a minimum, institutions should con-sider the following in establishing relationshipswith counterparties and the dealers and brokersused to conduct exchange-traded transactions:

• the ability of the counterparty; broker; andclearinghouse and its subsidiaries, affiliates, ormembers to fulfill commitments as evidencedby capital strength, liquidity, and operatingresults

• the entity’s general reputation for financialstability and fair and honest dealings withcustomers

• a counterparty’s ability to understand andmanage the risks inherent in the product ortransaction

• information available from state or federalregulators, industry self-regulatory organiza-tions, and exchanges concerning any formal


September 2002 Trading and Capital-Markets Activities ManualPage 8.2

enforcement actions against the counterparty,dealer, broker, its affiliates, or associatedpersonnel

With regard to exchange-traded transactions,institutions should assure themselves that suffi-cient safeguards and risk-management practicesare in place at the involved entities to limitpotential presettlement and settlement riskexposure. Exchange clearinghouses generallyuse a variety of safeguards to limit the like-lihood of defaults by clearing members andensure that there are adequate resources to meetany losses should a default occur. These safe-guards can include (1) financial and operatingrequirements for clearinghouse membership,(2) margin requirements that collateralize cur-rent or potential future exposures and periodicsettlements of gains and losses that are struc-tured to limit the buildup of these exposures,(3) procedures that authorize resolution of aclearing member’s default through close-out ofits proprietary positions and transfer or close-outof its client’s positions, and (4) the maintenanceof supplemental clearinghouse resources (forexample, capital, asset pools, credit lines, guar-antees, or the authority to make assessments onnondefaulting members) to cover losses thatmay exceed the value of a defaulting member’smargin collateral and to provide liquidity duringthe time it takes to realize the value of thatmargin collateral. Institutions should assurethemselves of the adequacy of these safeguardsbefore conducting transactions on exchanges.

Due diligence is especially important whendealing with foreign exchanges; institutionsshould be cognizant of differences in the regu-latory and legal regimes in these markets. Sub-stantial differences exist across countries,exchanges, and clearinghouses in fundamentalareas such as mutualization of risk, legal rela-tionships between the clearinghouse and itsmembers, legal relationships between the clear-inghouse and customers, procedures in the eventof default, and segregation of customer funds.These considerations are particularly importantfor institutions such as futures commission mer-chants (FCMs) that conduct trades for customers.1

COUNTERPARTY CREDIT RISKLIMITS

Exposure-monitoring and limit systems are criti-cal to the effective management of counterpartycredit risk. Examiners should focus specialattention on the policies, practices, and internalcontrols of banking institutions. An effectiveexposure-monitoring system consists of estab-lishing meaningful limits on the risk exposuresan institution is willing to take, independentongoing monitoring of exposures against suchlimits, and adequate controls to ensure thatreporting and meaningful risk-reducing actiontakes place when limits are exceeded. Since aneffective exposure-monitoring and limit processdepends on meaningful exposure-measurementmethodologies, examiners should closely evalu-ate the integrity of these systems at institutionsthat may have inadequate exposure-measurementsystems—especially regarding the estimation ofpotential future exposures. Overly conservativemeasures or other types of less-than-meaningfulexposure measurements can easily compromisewell-structured policies and procedures. Suchsituations can lead to limits being driven prima-rily by customer demand and used only to defineand monitor customer facilities, instead of usinglimits as strict levels, defined by credit manage-ment, for initiating exposure-reducing actions.

Limits should be set on the amounts and typesof transactions authorized for each entity beforeexecution of any trade. Distinct limits for pre-settlement and settlement risk should be estab-lished and periodically reviewed and recon-firmed. Both overall limits and product sublimitsmay be established. For example, a customermay be assigned a foreign-exchange tradingline, while interest-rate or cross-currency swapsare approved against the general line on atransaction-by-transaction basis. In some cases,the approach to assigning sublimits reflects thepace of transactions in the marketplace as wellas the amount of credit risk (largely a reflectionof tenor). The sum of product-specific sublimitsmay well exceed the aggregate limit, reflectingmanagement’s experience that all sublimits arenot used simultaneously. In such cases, how-ever, the organization should have sufficientmonitoring of global credit exposures to detect abreach of the global limit.

The frequency with which credit exposuresare monitored depends on the size of the tradingand derivatives portfolios and on the nature of

1. See section 3030.1, ‘‘Futures Brokerage Activities andFutures Commission Merchants,’’ as well as the FederalReserve’sBank Holding Company Supervision Manual.


Trading and Capital-Markets Activities Manual March 1999Page 9

the trading activities. Active dealers should havecounterparty credit exposure monitored daily.Irrespective of how credit exposure is moni-tored, the replacement cost should be calculateddaily and compared to the approved potentialexposure figure for validity.

Unusual market movements may lead to rapidaccumulation of credit exposure. The creditwor-thiness of counterparties can also change.Between its regular reviews of credit exposures,the institution should have a mechanism thatguarantees timely recognition of either unusualcredit-exposure buildups or credit deteriorationin a counterparty. For institutions that are deal-ers in these markets, the monitoring should bevery frequent, and regular reviews should beconducted with the same frequency as for othersignificant credit customers.

Management should have procedures for con-trolling credit-risk exposures when they becomelarge, a counterparty’s credit standing weakens,or the market comes under stress. Managementshould show clear ability to reduce large posi-tions. Common ways of reducing exposureinclude halting any new business with a coun-terparty and allowing current deals to expire,assigning transactions to another counterparty,and restructuring the transaction to limit poten-tial exposure or make it less sensitive to marketvolatility. Institutions can also use many of thecredit enhancement tools mentioned earlier tomanage exposures that have become uncomfort-ably large.

INSTITUTIONAL INVESTORSAND HEDGE FUNDS

Examiners should pay increasing attention to theappropriateness, specificity, and rigor of thepolicies, procedures, and internal controls thatinstitutions use in assessing, measuring, andlimiting the counterparty credit risks arisingfrom their trading and derivative activities withinstitutional investors in general, and particu-larly with hedge funds. In the area of counter-party assessment, institutions doing businesswith institutional investors and hedge fundsshould have sufficient information on which toassess the counterparty and its inherent risks,including information on total leverage, bothon- and off-balance-sheet, and firm strategies.Banks should conduct in-depth due-diligencereviews of the effectiveness of a counterparty’s

risk-management systems and capabilities andits internal control environment to make effec-tive decisions regarding the level of risk they arewilling to assume. Institutions should be cau-tioned to obtain supporting documentation forthe claims of fund managers.

Counterparty credit risk management shouldemphasize comprehensive stress testing across avariety of scenarios, with particular focus onpossible asset or position concentrations. Insti-tutions should also determine the investor’s orfund’s ability to stress test its portfolio. Inlimiting counterparty credit risks through theuse of collateral and other credit enhancements,it should be recognized that standard arrange-ments that may be suitable for most counterpar-ties may not be suitable for counterparties thathave the potential to quickly change their port-folios, such as hedge funds. For example, 12-month rolling average close-out provisions maybe inappropriate for counterparties engaged inactive trading, where a prior month’s gains canmask serious losses in the current month. Insti-tutions that deal with institutional investors andhedge funds should have the policies, proce-dures, and internal controls in place to ensurethat these exposures are measured, monitored,and controlled by management on an on-goingbasis.

The Basle Committee on Banking Supervi-sion released a report that analyzed the risksposed by hedge funds to creditors and publishedsound practices standards for interactions withhedge funds. The sound practices standardsidentified areas in which bank practices could beenhanced, including—

• establishing clear policies and procedures thatdefine the bank’s risk appetite and drive theprocess for setting credit standards;

• obtaining adequate information on which tobase sound judgments of counterparty creditquality;

• performing adequate due diligence, includingsetting standards for risk management bycounterparties that are commensurate with thelevel of sophistication and complexity of theiractivities;

• developing meaningful limits for derivativescounterparties and more accurate measures ofpotential future exposure;

• adequately assessing and measuring unse-cured exposures under collateralized deriva-tives transactions, and setting meaningfulcredit limits based on such assessments;


March 1999 Trading and Capital-Markets Activities ManualPage 10

• adequately stress-testing counterparty creditrisk under a variety of scenarios that take intoaccount liquidity effects, and incorporatingresults into management decisions about risktaking and limit setting;

• closely linking nonprice terms, including col-lateral arrangements and termination provi-sions, to assessments of counterparty creditquality; and

• timely monitoring counterparty transactionsand credit exposures, including frequentlyreassessing banks’ large exposures, counter-party leverage, and concentration of counter-party activities and strategies.

UNNAMED COUNTERPARTIES

Institutions that deal in products such as foreignexchange, securities, and derivatives sometimesface situations in which they are unaware of acounterparty’s identity. Investment advisers oragents typically conduct trades on behalf of theirinvestment-management clients and do not pro-vide the names of the ultimate counterparty onthe grounds of confidentiality. In this situation,the dealing institution will most likely neverknow the identity of its counterparties.

Because institutions may not be able to assessthe creditworthiness of unnamed counterpartiesin advance, institutions should develop policiesand procedures that define the conditions underwhich such transactions can be conducted.Exposures arising from these transactions shouldbe closely monitored and controlled. Given thepotential reputational risks involved, trans-actions with unnamed counterparties should berestricted to reputable agents and firms. Institu-tions that have significant relationships withinvestment advisers who trade on behalf ofundisclosed counterparties may wish to estab-lish agency agreements with those advisers.These agreements can provide for a series ofrepresentations and warranties from the invest-ment adviser on a variety of issues, includingcompliance with local and national laws andregulations, particularly money-launderingregulations.

Techniques used to reduce credit exposure toundisclosed counterparties include setting limitson the aggregate amount of business or on thetypes of instruments or transactions conductedwith unnamed counterparties. In addition, insti-tutions often pay particular attention when

processing an agent’s trades for an unnamedcounterparty. An effective and efficient back-office process helps to ensure that the institutionis aware of the size of such exposures on atimely basis.

Similarly, institutions often manage the settle-ment process with unnamed counterparties moreclosely than they do with traditional tradingcounterparties. Institutions often set settlementlimits with unnamed counterparties so that largesums are not settled on a single day. Institu-tions sometimes develop procedures that ensuremanagement is made immediately aware ofsettlement failures by unnamed counterparties.

OFF-MARKET OR PREFUNDEDDERIVATIVES TRANSACTIONS

Banking organizations may enter into off-market or prefunded derivatives contracts thatare the functional equivalent of extensions ofcredit to trading counterparties. However, thebusiness or legal structure of some of thesetransactions may not readily convey their eco-nomic function. Institutions should ensure thatoff-market or prefunded transactions are recog-nized appropriately as credit extensions andrepresented accurately and adequately in theinstitution’s internal risk-management processes,regulatory reports, and published financial state-ments. Moreover, since off-market or prefundedtransactions may have the potential to obscurethe true nature of a counterparty’s assets, liabili-ties, income, or expenses, these transactionsmay expose the originating banking organiza-tion to increased reputational, legal, or creditrisk. Accordingly, banking organizations shouldhave formal policies, procedures, and internalcontrols for assessing the business purpose andappropriateness of off-market or prefunded trans-actions with customers.2

Typical Off-Market or PrefundedDerivatives Transactions

Off-market or prefunded derivatives transac-tions involve an up-front extension of credit tothe counterparty, either in the form of new

2. See the committee letter ‘‘Historical-Rate Rollovers: ADangerous Practice’’ (December 26, 1991), Foreign ExchangeCommittee, Federal Reserve Bank of New York(www.newyorkfed.org/fxc/fx26.html).


Trading and Capital-Markets Activities Manual April 2003Page 11

money or as a rollover of existing debt. Examplesof some off-market or prefunded derivativestransactions are described below.

Historical-Rate Rollovers

Often, historical-rate rollovers involve a deal-er’s extension of a forward foreign-exchangecontract, on behalf of the customer, at off-market rates. In a typical rollover, the customerwill ask the dealer to apply the historical rate ofa maturing contract to the spot end of a new pairof contracts, which in effect extends the matur-ing contract and defers any gains or losses on it.Historical-rate rollovers virtually always involvethe extension of credit from one party to theother. If the customer has a loss on the maturingcontract, the rollover would in effect represent aloan by the dealer to the customer. If thecustomer has a profit, the dealer would in effectbe borrowing from the customer. The resultingloan or borrowing amount and associatedinterest-rate charges are typically built into theforward points the dealer quotes to the customer.

Off-Market Swap Transactions

In off-market swap transactions, the contractualmarket rates (for example, the interest rate orcurrency-exchange rate) used in the swap trans-action are varied from current market levels.This necessitates payment at the commencementof the transaction, by one counterparty to theother, to compensate for the off-market coupon.

Prepaid Swaps

A prepaid swap is generally a physical-commodity forward contract featuring an up-frontbuyer payment that is equal to the present valueof future commodity deliveries. The commoditydeliveries may be priced at the spot prices ineffect on each delivery date, making the trans-action a loan secured by an obligation to deliverthe commodity at future market prices. Alterna-tively, the contract may call for delivery ofspecific quantities of the commodity on eachdelivery date, in effect fixing future deliveryprices. A prepaid swap can also be an annuity-like transaction in which the present value offuture payments on one side of a swap is paid upfront, while (variable) payments on the other

side of the swap are paid on a traditional swapschedule. This is the functional equivalent of avariable-rate loan.

Deep-in-the-Money Options

Sales of deep-in-the-money options can gener-ate large up-front premiums for the option seller.Deep-in-the-money options are functionallyequivalent to loans to the seller because theoption is almost certain to be exercised by thebuyer.

Zero-Coupon Swaps

A zero-coupon swap (zero) is an interest-rateswap agreement with the fixed-rate side basedon a zero-coupon bond. With the agreement ofthe counterparty, the swap agreement may callfor a single fixed payment at maturity by theholder of the zero. The payments on the otherside may follow typical swap interim-paymentschedules. Because of the payment mismatch, azero-coupon swap exposes one counterparty tosignificant credit risk and is the functionalequivalent of a loan to the holder of the zero.

Reverse Zero-Coupon Swaps

In a reverse zero-coupon swap, one counterpartymakes a zero-coupon payment up front, and theother counterparty pays interest and principalpayments over time. Like a zero-coupon swap, areverse zero-coupon swap is the functionalequivalent of a term loan from the counterpartymaking the up-front payment.

Specific Risks of Off-Market orPrefunded Derivatives Transactions

Credit Risk

Off-market and prefunded derivative transac-tions may expose a banking organization tosignificant credit risk. Therefore, institutionsshould adopt written credit policies and proce-dures guiding the use of these transactions.Off-market and prefunded transactions shouldbe treated as credit extensions for purposes ofthe lending institution’s credit-approval, risk-measurement, monitoring, and control systems.Failure to recognize the transaction as a credit


April 2003 Trading and Capital-Markets Activities ManualPage 12

extension could threaten centralized control overthe management of credit risk. Lending institu-tions should also consider establishing transac-tion sizes, maturity limits, and collateral guide-lines for these types of nontraditional transactions.Procedures for obtaining appropriate sign-offfrom the finance function to ensure properaccounting for the transaction should also be inplace.

Reputational Risk

Banking organizations should establish writtenpolicies and procedures for assessing the appro-priateness of and for approving off-market orprefunded derivatives transactions with a cus-tomer. These policies should consider thesophistication of the customer, the reason for thetransaction, whether the customer understandsthe risks in the transaction, whether the transac-tion is consistent with the customer’s internalpolicies, and whether it has been approved atappropriate levels in the customer’s organiza-tion. Transactions generating significant profitsor losses, nontraditional transactions, and trans-actions or patterns of activity that may not becompatible with a customer’s business lines orrisk profile should be referred to senior manage-ment of both the banking organization and thecounterparty. Importantly, in marketing off-market or prefunded transactions, institutionsshould ensure that the transactions are presentedand described in a manner consistent with theirtrue economic substance.

Legal Risk

Even if a banking organization properly marketsan off-market or prefunded derivatives transac-tion, the organization may be faced with repu-tational and legal risk exposure if its counter-party mischaracterizes the transaction inregulatory or public reports. Failure to ensurethat the management of both counterpartiesunderstands and signs off on a transactionincreases the risk that the transaction may bemischaracterized. To manage this risk, bankingorganizations should adopt specific written poli-cies and procedures to ensure that senior man-agement of the banking organization and thecounterparty fully understand and approve ofthe transaction, including the appropriate repre-sentation and accounting of the transaction on

the books and records of both counterparties.These policies and procedures may include—

• written documentation from senior manage-ment of the counterparty that is requesting theoff-market or prefunded transaction thatexplains the reason for the request and con-firms that the request is a request for anextension of credit that is consistent with thefirm’s internal policies;

• written documentation from senior manage-ment in the appropriate credit, finance, andaccounting functions of the banking organiza-tion that explains the reason for the transac-tion and the accounting that will be followedto reflect the transaction on the institution’sbooks; and

• written confirmation to senior management ofthe counterparty that confirms the particularsof the transaction and explicitly states theimplied loan amount and pricing terms.

BLOCK TRADES WITHINVESTMENT ADVISERS

Frequently, investment advisers or agents willbundle together trades for several clients, par-ticularly in the case of mutual funds and hedgefunds.3 Most of these trades are accompaniedby information about how the trade should beallocated among the funds for which it wasexecuted, or they are subject to standing alloca-tion information. Occasionally, investmentadvisers may fail to give institutions timelyallocation information. Institutions should beconcerned that such delays do not becomehabitual. When significant investment-adviserrelationships exist, institutions should adopt poli-cies requiring that all transactions be allocatedwithin some minimum period (for example, bythe end of the business day). The credit depart-ment should be promptly notified of any excep-tions to such policies.

Many institutions track the allocation arrange-ments made by investment advisers. While lateallocations or frequent changes to allocation

3. The Securities and Exchange Commission, in a numberof no-action letters, has permitted this practice as long as theadviser does not favor any one client over another, has awritten allocation statement before the bundled order wasplaced, and receives the client’s written approval. See thefollowing SEC letters: SMC Capital, Inc. (September 5,1995), and Western Capital Management, Inc. (August 11,1977).



arrangements are often symptomatic of back-office problems at the investment adviser, theycould also indicate that the investment adviser isengaging in unfair allocation.

Sometimes the allocations provided by invest-ment advisers include counterparties that maynot have established credit lines with the insti-tution. Institutions should try to minimize suchsituations and may wish to limit the percentageof any trade that can be allocated to counterpar-ties that do not have an existing credit line withthe institution.

MANAGEMENT INFORMATIONSYSTEMS

Management information systems (MIS) used tocontrol counterparty credit risk include systemsto monitor exposure levels; track customer lim-its and limit excesses; and, when used, value andtrack collateral. Important inputs to these sys-tems include transaction data, current marketvalues, and estimated potential credit exposures.The primary purpose of these systems is toprovide comprehensive, accurate, and timelycredit information to credit-risk managementpersonnel; front-office personnel; business-lineand other senior management; and, ultimately,the board of directors. Institutions should ensurethat their credit MIS are adequate for the rangeand scope of their trading and derivative activi-ties and that there are appropriate controls inplace to ensure the integrity of these systems. Aspart of the normal audit program, internal auditshould review credit MIS to ensure theirintegrity.

A critical element of MIS is their timelinessin reflecting credit exposures. For derivativecontracts, institutions should be able to updatethe current market values and potential creditexposures of their holdings throughout the lifeof a contract. The frequency of updates forcredit-risk management purposes often dependson the complexity of the product and the volumeof trading activity. More sophisticated systemsprovide intraday exposure numbers that enablethe front office to determine, without any addi-tional calculations, whether a proposed deal willcause a credit excess.

Institutions that use collateral to manage creditrisk usually maintain collateral-management sys-tems for valuation and monitoring purposes.The sophistication of an institution’s collateral-

management system should reflect the size ofthe collateral program, frequency of collateralrevaluations and associated credit-exposure cal-culations, nature of collateral-posting events,and location of the collateral. The most effectivecollateral-management systems are global andhave the ability to identify, post, value, stress-test, and monitor collateral. When collateral-management systems are able to feed data intothe front-office’s credit-line-availability system,an institution can factor collateral into credit-approval decisions and, consequently, have amore accurate picture of unsecured credit risk.

Institutions often maintain databases that detailthe extent to which netting is applicable for agiven counterparty. Depending on whether net-ting is applicable, obligations are presented on anet or gross basis in credit-monitoring reports.

Credit MIS should furnish adequate reports tocredit personnel and business-line management.Daily reports should address significant counter-party line usage and exceptions to limits. Lessfrequent reports on the maturity or tenor ofcredit exposures, sector and industry concentra-tions, trends in counterparty exposures, trends inlimit excesses, ‘‘ watch lists,’’ and other pertinentreports are also appropriate. Periodic summaryreports on credit exposures should also be pre-sented to senior management and the board.

DOCUMENTATION OF POLICIESAND PROCEDURES

Current and sufficient documentation is criticalto the effective operation of a credit-riskmanagement program and is necessary to ensurethat the program is consistent with the statedintentions of senior management and the board.The institution’s credit-policy manual is animportant tool for both auditors and examiners,as well as an important resource for resolvingany disputes between credit-risk managementand traders or marketers.

All policies and procedures specific to credit-risk management for trading should be added tothe financial institution’s overall credit-policymanual. Procedures should include limit-approval procedures, limit-excess and one-offapproval procedures, exposure-measurementmethodologies, and procedures for accommodat-ing new products and variations on existingproducts. Policies should also address the meth-



odologies for assessing credit-loss reserves fortrading operations. When established, suchreserves should take into account both currentand potential future exposure. Credit-approvaldocumentation should also be closely tracked bythe credit-risk-management function. All limitapprovals should be filed by counterparty andmade available to traders so that they know

the available limit to a counterparty beforeentering into a deal. Signed over-limit or one-off approvals should also be tracked down andkept in a file for historical records. A log shouldbe maintained for all missing signed approvals,and approvals for new products should bemaintained.



Counterparty Credit Risk and Presettlement RiskExamination Objectives Section 2020.2

1. To evaluate the organizational structure ofthe credit-risk-management function.

2. To evaluate the adequacy of internal credit-risk-management policies and proceduresrelating to the institution’s capital-marketsand trading activities and to determine thatsufficient resources and adequate attentionare devoted to the management of the risksinvolved in growing, highly profitable, orpotentially high-risk activitivies and prod-uct lines.

3. To ensure that actual operating practicesreflect such policies.

4. To identify the credit risks of the institution.5. To determine if the institution’s credit-risk-

measurement system has been correctlyimplemented and adequately measures theinstitution’s credit risks.

6. To determine if the institution’s credit-risk-management processes achieve an appropri-ate balance among all elements of credit-risk management, including both qualitativeand quantitative assessments of counter-party creditworthiness; measurement andevaluation of both on- and off-balance-sheetexposures, including potential future expo-sure; adequate stress testing; reliance oncollateral and other credit enhancements;and the monitoring of exposures againstmeaningful limits.

7. To determine how the institution measuresdifficult-to-value exposures.

8. To determine if senior management and theboard of directors of the institution under-stand the potential credit exposures of thecapital-markets and trading activities of theinstitution.

9. To ensure that business-level managementhas formulated contingency plans in theevent of credit deterioration and associatedmarket disruptions.

10. To evaluate the adequacy of the policies,

procedures, and legal and operational sup-port relating to the institution’s use of creditenhancements.

11. To determine if the institution has imple-mented adequate policies and proceduresthat are sufficiently calibrated to the riskprofiles of particular types of counterpartiesand instruments to ensure adequate credit-risk assessment, exposure measurement,limit setting, and use of credit enhancements.

12. To ensure the comprehensiveness, accuracy,and integrity of management informationsystems that analyze credit exposures andto ensure that the methodology and auto-mated processing can accommodate net-ting and other legal offset agreements, ifapplicable.

13. To determine if the institution’s credit-risk-management system has been correctlyimplemented and adequately measures theinstitution’s exposures.

14. To determine if the institution has an effec-tive global risk-management system thatcan aggregate and evaluate market, liquid-ity, credit, settlement, operational, and legalrisks, and that management at the highestlevel is aware of the institution’s globalexposure.

15. To determine if the institution is moving ina timely fashion to enhance its measure-ment of counterparty-credit-risk exposures,including the refinement of potential futureexposure measures and the establishment ofstress-testing methodologies that better in-corporate the interaction of market andcredit risks.

16. To recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient.


Counterparty Credit Risk and Presettlement RiskExamination Procedures Section 2020.3

These procedures are processes and activitiesthat may be considered in reviewing the credit-risk-management of trading and derivativeoperations. The examiner-in-charge will estab-lish the general scope of examination and workwith the examination staff to tailor specific areasfor review as circumstances warrant. As part ofthis process, the examiner reviewing a functionor product will analyze and evaluate internalaudit comments and previous examination work-papers to assist in designing the scope of theexamination. In addition, after a general reviewof a particular area to be examined, the examinershould use these procedures, to the extent theyare applicable, for further guidance. Ultimately,it is the seasoned judgment of the examiner andthe examiner-in-charge as to which proceduresare warranted in examining any particularactivity.

1. Review the credit-risk-managementorganization.a. Check that the institution has a credit-

risk-management function with a sepa-rate reporting line from traders andmarketers.

b. Determine if credit-risk-control person-nel have sufficient authority in the insti-tution to question traders’ and marketers’decisions.

c. Determine if credit-risk management isinvolved in new-product discussions inthe institution.

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instruments.Obtain copies of all risk-management reportsprepared by the institution. Using thisinformation, evaluate credit-risk-control per-sonnel’s demonstrated knowledge of theproducts traded by the institution and theirunderstanding of current and potentialexposures.

3. Obtain and evaluate the adequacy of risk-management policies and procedures forcapital-markets and trading activities.a. Review credit-risk policies, procedures,

and limits. Determine whether the risk-measurement model and methodologyadequately address all identified creditrisks and are appropriate for the institu-tion’s activities. Review the methodolo-

gies used to measure current exposureand potential exposure.

b. Review credit-administration procedures.• Determine how frequently counter-

party credit conditions are analyzedand lines reviewed. This should bedone no less frequently than annually.

• Assess whether management has dem-onstrated an ability to identify down-grades in creditworthiness betweenreviews.

• Determine if credit-risk-managementstaff demonstrate an ability to workout of positions with counterpartieswhose credit quality has deteriorated.

• Check that limits are in place forcounterparties before transacting a deal.If the institution relies on one-offapprovals, check that the approval pro-cess is as formal as that for counter-party limits.

c. Review contingency credit-risk plans foradequacy.

d. Review accounting and revaluationpolicies and procedures. Determine thatrevaluation procedures are appropriatelycontrolled.

e. Determine the extent to which manage-ment relies on netting agreements. Deter-mine if aggregation of exposure assumesnetting, and check that netting agree-ments are in place and that legal researchis performed to justify management’sconfidence in the enforceability of thenetting agreements.

4. Determine the credit rating and marketacceptance of the institution as a counter-party in the markets.

5. Obtain all management information analyz-ing credit risk.a. Determine the comprehensiveness, accu-

racy, and integrity of analysis.b. Review valuation and simulation meth-

ods in place.c. Review stress tests analyzing changes in

credit quality, including deterioration ofcredit due to changing macroeconomicconditions. Review stress-testing meth-odologies to determine the extent towhich they incorporate both credit andmarket risk.

d. Review potential future exposure calcu-


lations to determine whether they reflectrealistic measures of exposure in bothnormal and stressed markets.

e. Determine whether the managementinformation reports accurately reflectrisks and whether reports are provided tothe appropriate levels of management.

6. Determine if any of the institution’s coun-terparties have recently experienced creditdowngrades or deteriorations and whetherthe institution’s trading activities have beenaffected. If so, determine the institution’sresponse.

7. Review documentation that evidences credit-risk management’s adherence to its program.a. Obtain copies of written approvals for

limit excesses or one-off approvals.Determine the timeliness of theseapprovals.

b. Select a sample of master agreementsto ensure that each counterparty withwhom management nets exposure forrisk-management purposes has signed amaster agreement. Review the masteragreement aging report of unsignedmaster agreements to ensure adequatechasing procedures are in place.

8. Establish that the institution is following itsinternal policies and procedures. Determinewhether the established limits adequatelycontrol the range of credit risks. Determinethat the limits are appropriate for the insti-tution’s level of activity. Determine whethermanagement is aware of limit excesses andtakes appropriate action when necessary.

9. Determine whether the internal-audit andindependent risk-management functionsadequately focus on growth, profitability,and risk criteria in targeting their reviews.

10. Determine whether the institution hasestablished an effective audit trail thatsummarizes exposures and managementapprovals with the appropriate frequency.

11. Determine that business managers havedeveloped contingency plans which reflectactions to be taken in times of marketdisruption (and major credit deteriorations)to minimize losses as well as the potentialdamage to the institution’s market-makingreputation. These should include controlsover the settlement process.

12. Obtain and evaluate the adequacy of poli-cies and procedures relating to the institu-

tion’s use of credit enhancements.a. Review collateralization policies and

procedures.• Determine the frequency of margin

calls and portfolio and collateralrevaluations.

• Ensure that legal agreements are inplace and that the fundamental aspectsof collateral relationships are specifiedin the agreements.

• Review the policies for determiningthe types of acceptable collateral, hair-cuts on the collateral, and marginrequirements.

b. Determine whether the institution hasrehypothecation rights. Determinewhether appropriate policies and pro-cedures are in place to manage therisks associated with collateralrehypothecation.

c. Ensure that collateral-management sys-tems and operational internal controlsare fully documented and able to supportthe institution’s credit enhancementactivity.

13. Determine whether policies and proceduresreflect the risk profiles of particular coun-terparties and instruments. If the institutiontrades with institutional investors, hedgefunds, or unnamed counterparties, deter-mine if the institution has an overall limit ontrading with these types of counterparties.

14. Determine whether appropriate policies andprocedures are in place if the institutionengages in block trades with investmentadvisors.a. Determine if the institution has a policy

that all trades not allocated at the time ofthe trade must be allocated by the end ofthe trading day. Determine whetherexceptions to such a policy are moni-tored by the credit area.

b. Determine how the institution deals withinvestment advisors who are habituallylate with allocation information.

c. Determine whether the institution limitsthe percentage of a block trade that canbe allocated to counterparties withoutcredit lines.

15. Recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient.

2020.3 Counterparty Credit Risk and Presettlement Risk: Examination Procedures


Counterparty Credit Risk and Presettlement RiskInternal Control Questionnaire Section 2020.4

1. Review the credit-risk-managementorganization.a. Does the institution have a credit-risk-

management function with a separatereporting line from traders and marketers?

b. Do credit-risk-control personnel havesufficient credibility in the institution toquestion traders’ and marketers’decisions?

c. Is credit-risk management involved innew-product discussions in theinstitution?

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instruments andobtain copies of all risk-management reportsprepared.a. Do summaries identify all the institu-


for the range of capital-markets prod-ucts. Determine the instruments used tohedge these products. Is the institutionan end-user, dealer, or market maker? Ifso, in what products?

c. Do credit-risk-control personnel demon-strate knowledge of the products tradedby the institution? Do they understandthe current and potential exposures to theinstitution?

3. Does the institution have comprehensive,written risk-management policies and pro-cedures for capital-markets and tradingactivities?a. Review credit-risk policies and

procedures.• Do the risk-measurement model and

methodology adequately address allidentified credit risks? Are the risk-measurement model and methodologyappropriate for the institution’sactivities?

• Do the policies explain the board ofdirectors’ and senior management’sphilosophy regarding illiquid marketsand credit events (downgrades/deteriorations)?

b. Review credit-administration procedures.• Are counterparty credit conditions

analyzed and lines reviewed withadequate frequency? (This should bedone no less frequently than annually.)

• Can management identify downgradesin creditworthiness between reviews?

• Has credit-risk-management staffdemonstrated an ability to work out ofpositions with counterparties whosecredit quality has deteriorated?

• Are limits in place for counterpartiesbefore transacting a deal? If the insti-tution relies on one-off approvals, isthe approval process as formal as thatfor counterparty limits?

c. Have limits been approved by the boardof directors?

d. Have policies, procedures, and limitsbeen reviewed and reapproved within thelast year?

e. Are credit-risk policies, procedures, andlimits clearly defined?

f. Are the credit limits appropriate for theinstitution and its level of capital?

g. Are there contingency credit-risk plans?h. Are there appropriate accounting and

revaluation policies and procedures?i. Does management rely on netting

agreements?• Does aggregation of exposure assume

netting?• Are netting agreements in place and

has legal research been performedto justify management’s confidencein the enforceability of the nettingagreements?

4. Has there been a credit-rating downgradefor the examined institution? What has beenthe market response to the financial institu-tion as a counterparty in the markets?

5. Obtain all management information analyz-ing credit risk.a. Is management information comprehen-

sive and accurate and is the analysissound?

b. Are the simulation assumptions for anormal market scenario reasonable?

c. Are stress tests analyzing changes incredit quality appropriate? Are the mar-ket assumptions reasonable given creditdeterioration of concentrations? Do stress-testing methodologies incorporate bothcredit and market risk?

d. Are calculations of potential futureexposure realistic in both normal andstressed markets?


e. Do management information reportsaccurately reflect risks? Are reportsprovided to the appropriate levels ofmanagement?

6. Have any of the institution’s counterpartiesrecently experienced credit downgrades ordeteriorations? If so, how have the institu-tion’s trading activities been affected andwhat was the institution’s response?

7. Review documentation that evidences creditmanagement’s adherence to its program.a. Does the institution maintain copies of

written approvals for limit excesses orone-off approvals? Are these prepared ina timely manner?

b. Obtain a sample of master agreements.Are they appropriately signed? Are theysigned in a timely manner? Does theinstitution have an appropriate chasingprocess to follow up on unsigned masteragreements?

8. Is the institution following its internal poli-cies and procedures? Do the establishedlimits adequately control the range of creditrisks? Are the limits appropriate for theinstitution’s level of activity? Is manage-ment aware of limit excesses? Does man-agement take appropriate action whennecessary?

9. Do the internal audit and independent risk-management functions adequately focus ongrowth, profitability, and risk criteria intargeting their reviews?

10. Has the institution established an effectiveaudit trail that summarizes exposures andmanagement approvals with the appropriatefrequency? Are risk-management, revalua-tions, and closeout valuation reserves sub-ject to audit?

11. If any recent market disruptions affected theinstitution’s trading activities, what has beenthe institution’s market response?

12. Does the institution have comprehensivewritten policies and procedures relating toits use of credit enhancements?a. Does the institution revalue collateral

and positions with adequate frequency?b. Are the fundamental aspects of collateral

relationships reflected in legalagreements?

c. Does the institution have policies speci-fying the types of acceptable collateral,haircuts on the collateral, and marginrequirements? How often are these poli-cies reviewed by management?

d. Does the institution have rehypotheca-tion rights?• Does the institution have policies and

procedures in place to manage the riskthat a third party holding rehypoth-ecated collateral may fail to return thecollateral or may return a differenttype of collateral?

• Does the institution have measures inplace to protect its security interest inthe rehypothecated collateral?

e. Do material-change triggers and close-out provisions take into accountcounterparty-specific situations and riskprofiles?

f. Are the collateral-management systemand operational environment able tosupport the institution’s collateralactivity?

13. Does the institution trade with institu-tional investors, hedge funds, or unnamedcounterparties?a. Does the institution place an overall limit

on trading with these types ofcounterparties?

b. Are credit officers aware of all casesin which a counterparty’s identity isunknown?

14. Does the institution engage in block tradeswith investment advisors?a. Does the institution have a policy that all

trades not allocated at the time of thetrade must be allocated by the end of thetrading day? Are exceptions to the policymonitored closely by the credit area?

b. How does the institution deal with invest-ment advisors who are habitually latewith allocation information?

c. Does the institution limit the percentageof a block trade that can be allocated tocounterparties without credit lines?

15. Do policies and procedures generally reflectthe risk profiles of particular counter-parties and instruments?

2020.4 Counterparty Credit Risk and Presettlement Risk: Internal Control Questionnaire


Counterparty Credit Risk and Settlement RiskSection 2021.1

Settlement risk is the risk of loss when aninstitution meets its payment obligation under acontract (through either an advance of funds orsecurities) before its counterparty meets a coun-terpayment or delivery obligation. Failures toperform at settlement can arise from counter-party default, operational problems, marketliquidity constraints, and other factors. Settle-ment risk exists for any traded product and isgreatest when delivery is made in different timezones. For banking institutions, foreign-exchange(FX) transactions are, perhaps, the greatestsource of settlement-risk exposure. For large,money-center institutions, FX transactions caninvolve sizable credit exposures amounting totens of billions of dollars each day. Accordingly,although the following general guidance can beapplied to the settlement of all types of tradedinstruments, it focuses primarily on the settle-ment risks involved in FX transactions.

Settlement risk has a number of dimensionsthat extend beyond counterparty credit risk toinclude liquidity, legal, operational, and system-atic risks. Even temporary delays in settlementcan expose a receiving institution to liquiditypressures if unsettled funds are needed to meetobligations to other parties. Such liquidityexposure can be severe if the unsettled amountsare large and alternative sources of funds mustbe raised at short notice in turbulent or unrecep-tive markets. In an extreme example, the finan-cial failure of a counterparty can result in theloss of the entire amount of funds.

As with other forms of credit risk, settlementrisk should be managed through a formal andindependent process with adequate senior man-agement oversight and should be guided byappropriate polices, procedures, and exposurelimits. Measurement systems should provideappropriate and realistic estimates of the settle-ment exposures and should use generally acceptedmeasurement methodologies and techniques. Thedevelopment of customer credit limits and themonitoring of exposures against those limits is acritical control function and should form thebackbone of an institution’s settlement-risk-management process.

This section discusses settlement risks involvedin trading activities, especially as they apply toFX transactions. A primary reference for thismaterial is the 1996 report of the Committee onPayment and Settlement Systems of the central

banks of the Group of Ten Countries, ‘‘Settle-ment in Foreign Exchange Transactions,’’ whichwas prepared under the auspices of the Bank forInternational Settlements. In addition, the Boardissued a policy statement, effective January 4,1999, that addresses risks relating to privatemultilateral settlement systems (63 FR 34888,June 26, 1998).

SETTLEMENT-RISK-MANAGEMENT ORGANIZATION

An institution’s process and program for man-aging its settlement risks should be commensu-rate with the range and scope of its activities.Institutions with relatively small trading opera-tions in noncomplex instruments may not needthe same level of automated systems, policies,and staff skills as do firms that are heavilyengaged in FX transactions and other tradingactivities.

The management of settlement risk shouldbegin at the highest levels of the organization,with senior management exercising appropriateoversight of settlement exposures. Although thespecific organizational approaches may varyacross institutions, managing settlement risk forFX and other trading activities should be inte-grated into the overall risk management of theinstitution to the fullest extent practicable. Set-tling transactions can involve many differentfunctional areas of an institution, including trad-ing, credit, operations, legal, risk assessment,branch management, and correspondent rela-tions. Only senior management can effect thecoordination necessary to define, measure, man-age, and limit settlement risks across such variedfunctions. Accordingly, senior managementshould ensure that they fully understand thesettlement risks incurred by the institution andshould clearly define lines of authority andresponsibility for managing these risks so thatpriorities, incentives, resources, and proceduresacross different areas can be structured to reduceexposures and mitigate risks. Staff responsiblefor all aspects of settlement-risk managementshould be adequately trained.

Measuring FX Settlement Exposures

Settlements generally involve two primary


events: the transmission of payment orders andthe actual advance or receipt of funds. In FXtransactions, it is important to distinguish apayment order, which is an instruction to makea payment, from the payment, which involves anexchange of credits and debits on the accountsof a correspondent bank or the accounts of acentral bank when an interbank transfer takesplace. To avoid paying late delivery fees, bankstry to send their orders to their back office,branch, or correspondent bank on the day oftrade or the next day. Since spot FX transactionsgenerally call for settlement on the second dayafter the trade, orders are transmitted one or twodays before settlement. On settlement day, pay-ment orders are routed to the receiving institu-tion through its correspondent or through thedomestic payment system for actual final pay-ment. Final payment may also be made throughbook-entry transfer if the two trading banks usea common correspondent.

A bank’s settlement exposure runs from thetime that its payment order for the currency soldcan no longer be recalled or canceled withcertainty and lasts until the time that the cur-rency purchased is received with finality. Ingeneral, book-entry payments provide some-what greater flexibility in terms of the ability tocancel a transfer because their processing doesnot rely on domestic payment systems. How-ever, even the cancellation of book-entry trans-fers is still subject to restrictions presented by aninstitution’s internal processing cycles and com-munication networks as well as time zone dif-ferences between branch locations. In theory,institutions may retrieve and cancel paymentorders up until the moment before the funds arefinally paid to a counterparty. However, manyinstitutions have found that operational, eco-nomic, and even legal realities may result inpayment orders becoming effectively irrevo-cable one or two business days before settlementday.

Institutions should specifically identify theactual time past which they can no longer stop apayment without the permission of a third party.This time is termed the unilateral cancellationdeadline and should be used as a key parameterin assessing settlement-risk exposure. The doc-umentation covering a correspondent’s ser-vice agreement generally identifies these cutofftimes. In the event of a dispute, a correspondentis likely to use the contractually agreed-uponunilateral cancellation deadline as a bindingconstraint.

The effect of an institution’s internal process-ing patterns on its settlement risk should also beconsidered. The interval from the unilateralcancellation deadline for sold currency untilfinal receipt of bought currency is generallyreferred to as the period of irrevocability. Thefull face value of the trade is at risk and theexposure on this amount can last overnight andup to one or two full days. If weekends andholidays are included, the exposure can exist forseveral days. The total exposures outstandingduring this interval constitutes an institution’sminimum FX settlement exposure.

The process of reconciling payments receivedwith expected payments can also be a significantsource of settlement-risk exposure. Many insti-tutions may not perform this exercise until theday after settlement. During this interval, thereis uncertainty as to whether the institution hasreceived payments from particular counter-parties. This period of uncertainty can createincreased exposure, if it extends past the unilat-eral cancellation deadline for payments on thefollowing day. For example, if an institution issubject to a unilateral cancellation deadline of3:00 a.m. on settlement day and payments fromthe prior day’s settlements are not reconcileduntil mid-morning on the day following settle-ment, it may be too late to manage its paymentsexposure for that following day. In this case, themaximum exposure from the evening of settle-ment day to morning on the following day canamount to both the receipts expected on settle-ment day (since their receipt has not beenreconciled) and the entire amount of the follow-ing day’s settlements (since they cannot berecalled.) In effect, an estimation of worst-caseor maximum settlement exposures involves add-ing the exposures outstanding during the periodof irrevocability to the exposures outstandingduring the period of uncertainty. In a worst-casesituation, a bank might find itself in the positionof having sent out payments to a counterparty onone day when it had not been paid on theprevious day.

Many institutions commonly define and mea-sure their daily settlement exposures as the totalreceipts coming due that day. In some cases, thistechnique may either understate or overstateexposures. Simple measures using multiples ofdaily receipts can also incorrectly estimate risk.For example, using simple ‘‘rules of thumb’’ oftwo or three days of receipts may not sufficientlyaccount for the appropriate timing of the settle-ment processing across different currencies.

2021.1 Counterparty Credit Risk and Settlement Risk


Appropriately measuring FX settlement expo-sures requires an institution to explicitly identifyboth the unilateral cancellation deadlines andthe reconciliation process times involved in eachtype of currency transaction. Accordingly, anysimple rules used to measure settlement expo-sures should be devised in such a way as toconsider both the unilateral cancellation dead-lines and the reconciliation process involved insettlement. Identifying the duration of the settle-ment process and the related exposures doesnot require real-time tracking of all paymentsand can be accomplished through estimationsbased on standard settlement instructions and anunderstanding of the key milestones in thesettlement process. Institutions should have aclear means of reflecting this risk in their expo-sure measurements.

Explicit consideration of unilateral cancella-tion deadlines and the reconciliation process canhelp an institution identify areas for improve-ment. If the time from its unilateral cancellationdeadline to reconciliation can be reduced tounder 24 hours, then an exposure measure ofone day’s receivables may provide a reasonableapproximation of the duration and size of thesettlement exposure to a counterparty. However,even then it must be recognized that overnightand weekend exposure may remain and thatdifferent currency pairs may require differentintervals, which might overlap.

Limits

Institutions should ensure that settlement expo-sures to counterparties are properly limited. FXsettlement exposures should be subject to anadequate credit-control process, including creditevaluation and review and determination of themaximum exposure the institution is willing totake with a particular counterparty bank. Theprocess is most effective when the counterpar-ty’s FX settlement exposure limit is subject tothe same procedures used to devise limits onexposures of similar duration and size to thesame counterparty. For example, in cases wherethe FX settlement exposure to a counterpartylasts overnight, the limit might be assessed inrelation to the trading bank’s willingness to lendfed funds on an overnight basis.

Examiners should verify that the firm has setup separate presettlement and settlement linesfor counterparties. Settlement exposures may

also be broken down into sublimits by product.Sublimits may also be specified by date sincesettlement risk tends to be highest on the date ofsettlement.

Effective monitoring of exposures is crucialto the management of settlement risk, and insti-tutions with large settlement exposures shouldstrive to monitor payment flows on a real-timebasis. Institutions should look to reduce settle-ment risk by arranging with their correspondentsand counterparties to minimize, as much aspracticable, the timing of an exchange of pay-ments. Collateral arrangements and net settle-ment agreements are also important settlement-risk-management tools.

The timely reconciliation of nostro accountsalso helps to mitigate settlement risk. Institu-tions often assume they have settlement expo-sure until they can confirm final receipt of fundsor securities. Timely reconciliation enables aninstitution to determine its settlement exposureaccurately and make informed judgments aboutits ability to assume additional settlement risk.

Procedures

From time to time, institutions may misdirecttheir payments, and funds may fail to arrive inpromptly. While such mistakes may be inadvert-ent and corrected within a reasonable time,institutions should have procedures for quicklyidentifying fails, obtaining the funds due, andtaking steps to avoid recurrences. Some institu-tions deduct fails from counterparty limits andreview a series of fails to determine whethertheir pattern suggests that the problem is notprocedural.

Netting

Banks can reduce the size of their counterpartyexposures by entering into legally binding agree-ments for the netting of settlement payments.(Netting of payment obligations should not beconfused with the more common netting ofmark-to-market credit exposures of outstandingcontracts such as swaps and forward FX.) Com-mon arrangements involving bilateral netting ofsettlement flows, including FXNet, ValueNet,and Swift Accord, and bilateral agreementsfollowing IFEMA or other contracts. Legallybinding netting arrangements permit banks to

Counterparty Credit Risk and Settlement Risk 2021.1


offset trades against each other so that only thenet amount in each currency must be paid orreceived by each bank to its netting counter-parts. Depending on trading patterns, netting cansignificantly reduce the value of currenciessettled. Netting also reduces the number ofpayments to one per currency either to or fromthe counterparty.

Netting is most valuable when counterpartieshave a considerable two-way flow of business.As a consequence, netting may only be attrac-tive to the most active institutions. To takeadvantage of risk-reducing opportunities, insti-tutions should have a process for identifyingattractive netting situations that would providenetting benefits that outweigh the costs involved.

Some banks use the procedure of informalpayment netting. Based on trading patterns,back offices of each counterparty will confer bytelephone on the day before settlement andagree to settle only the net amount of the tradesfalling due. Since there may not be a legalopinion underpinning such procedures, institu-tions should ensure that they develop a goodunderstanding of their ability to manage thelegal, credit, and liquidity risks of this practice.

Multilateral Settlement Systems

The use of multilateral settlement systems byinstitutions raises additional settlement risksinsofar as the failure of one system participant tosettle its obligations when due can have credit orliquidity effects on participants that have notdealt with the defaulting participant. The Board’srecent Policy Statement on Privately OperatedMultilateral Settlement Systems provides guid-ance on the risks of these systems. The policystatement applies to systems with three or moreparticipants that settle U.S. dollar payments withan aggregate gross value of more than $5 billionon any one day. However, the principles setforth in the policy statement can be used toevaluate risks in smaller systems.

The policy statement addresses the credit,liquidity, operational, and legal risks of multi-lateral settlement systems and provides risk-management measures for consideration. Thepolicy statement is intended to provide a flex-ible, risk-based approach to multilateralsettlement system risk management and shouldnot be interpreted as mandating uniform, rigidrequirements for all systems under its purview.

Risk-management measures to mitigate creditrisk include monitoring participants’ financialcondition; setting caps or limits on some or allparticipants’ positions in the system; and requir-ing collateral, margin, or other security. Tomitigate liquidity risk, institutions operating mul-tilateral settlement systems may also considerexternal liquidity resources and contingencyarrangements. Liquidity risk also is mitigated bytimely notification of settlement failures to enableparticipants to borrow funds to cover shortfalls.Operational risks are mitigated by contingencyplans, redundant systems, and backup facilities.Legal risks are mitigated by operating rules andparticipant agreements, especially when transac-tions are not covered by an established body oflaw.

Large multilateral settlement systems alsomust meet the more comprehensive require-ments of the Lamfalussy Minimum Standardsestablished by the central banks of the Group ofTen countries. Under the policy statement, indetermining whether a system must meet theLamfalussy Minimum Standards, the Board willconsider whether the system settles a high pro-portion of large-value interbank or other finan-cial market transactions, has very large liquidityexposures that have potentially systemic conse-quences, or has systemic credit exposures rela-tive to the participants’ financial capacity.

Contingency Planning

Contingency planning and stress testing shouldbe an integral part of the settlement-risk-management process. Contingencies should beestablished to span a broad spectrum of stressevents, ranging from internal operational diffi-culties to individual counterparty defaults tobroad market-related events. Adequate contin-gency planning in the FX settlement-risk areaincludes ensuring timely access to key infor-mation such as payments made, received, or inprocess; developing procedures for obtaininginformation and support from correspondentinstitutions; and well-defined procedures forinforming senior management about impendingproblems.

Internal Audit

Institutions should have in place adequate inter-nal audit coverage of the settlement areas to

2021.1 Counterparty Credit Risk and Settlement Risk


ensure that operating procedures are adequate tominimize exposure to settlement risk. The scopeof the FX settlement internal audit programshould be appropriate to the risks associatedwith the market environment in which the insti-tution operates. The audit frequency should beadequate for the relevant risk associated with theFX settlement area. Most institutions base auditfrequency on a risk-assessment basis, andexaminers should consult with the internal auditexaminer to determine the adequacy of therisk-assessment methodology used by theinstitution.

Audit reports should be distributed to appro-priate levels of management, who should takeappropriate corrective action to address findingspointed out by the internal audit department.Audit reports should make recommendations forminimizing settlement risk in cases where weak-nesses are cited. Management should providewritten responses to internal audit reports, indi-cating its intended action to correct deficiencieswhere noted.

When audit findings identify areas forimprovement in the FX settlement area, otherareas of the institution on which this mayhave an impact should be notified. This couldinclude credit-risk management, reconciliations/

accounting, systems development, and manage-ment information systems. In automated FXsettlement processing, the internal audit depart-ment should have some level of specialization ininformation technology auditing, especially ifthe institution maintains its own computerfacility.

Management Information Systems

In larger, more complex institutions, counter-party exposures and positions can run acrossdepartments, legal entities, and product lines.Institutions should have clearly defined methodsand techniques for aggregating exposures acrossmultiple systems. In general, automated aggre-gation produces fewer errors and a higher levelof accuracy in a more timely manner thanmanual methods.

The institution should have a contingencyplan in place to ensure continuity of its FXsettlement operations if its main production sitebecomes unusable. This plan should be docu-mented and supported by contracts with outsidevendors, where appropriate. The plan should betested periodically.

Counterparty Credit Risk and Settlement Risk 2021.1


Market Liquidity Risk of Trading ActivitiesSection 2030.1

Market liquidity risk refers to the risk of beingunable to close out open positions quicklyenough and in sufficient quantities at a reason-able price. In dealer markets, the size of thebid-asked spread of a particular instrument pro-vides a general indication as to the depth of themarket under normal circumstances. However,disruptions in the marketplace, contraction inthe number of market makers, and the executionof large block transactions are some factors thatmay result in the widening of bid-asked spreads.

Disruptions in various financial markets mayhave serious consequences for a financialinstitution that makes markets in particularinstruments. These disruptions may be specificto a particular instrument, such as those cre-ated by a sudden and extreme imbalance in thesupply and demand for a particular product.Alternatively, a market disruption may be all-encompassing, such as the stock market crash ofOctober 1987 and the associated liquidity crisis.

The decision of major market makers to enteror exit specific markets may also significantlyaffect market liquidity, resulting in the wideningof bid-asked spreads. The liquidity of certainmarkets may depend significantly on the activepresence of large institutional investors; if theseinvestors pull out of the market or cease to tradeactively, liquidity for other market participantscan decline substantially.

Market liquidity risk is also associated withthe probability that large transactions in particu-lar instruments, by nature, may have a signifi-cant effect on the transaction price. Large trans-actions can strain liquidity in markets that arenot deep. Also relevant is the risk of an unex-pected and sudden erosion of liquidity, possiblyas a result of a sharp price movement or jump involatility. This could lead to illiquid markets, inwhich bid-asked spreads are likely to widen,reflecting declining liquidity and further increas-ing transaction costs.

OVER-THE-COUNTERINSTRUMENTS

Market liquidity in over-the-counter (OTC)dealer markets depends on the willingness ofmarket participants to accept the credit risk ofmajor market makers. Changes in the credit riskof major market participants can have an impor-

tant impact on the liquidity of the market.Market liquidity for an instrument may erode if,for example, a decline in the credit quality ofcertain market makers eliminates them asacceptable counterparties. The impact on marketliquidity could be severe in those OTC marketsin which a particularly high proportion of activ-ity is concentrated with a few market makers. Inaddition, if market makers have increased con-cerns about the credit risk of some of theircounterparties, they may reduce their activitiesby reducing credit limits, shortening maturities,or seeking collateral for security—thus dimin-ishing market liquidity.

In the case of OTC off-balance-sheet instru-ments, liquid secondary markets often do notexist. While cash instruments can be liquidatedand exchange-traded instruments can be closedout, the ability to effectively unwind OTCderivative contracts is limited. Many of thesecontracts tend to be illiquid, since they cangenerally only be canceled by an agreementwith the counterparty. Should the counterpartyrefuse to cancel the open contract, the financialinstitution could also try to arrange an assign-ment whereby another party is ‘‘assigned’’ thecontract. Contract assignments, however, can bedifficult and cumbersome to arrange. A financialinstitution’s ability to cancel these financialcontracts is a critical determinant of the degreeof liquidity associated with the instruments.Financial institutions that are market makers,therefore, typically attempt to mitigate or elimi-nate market-risk exposures by arranging OTCcontracts with other counterparties executinghedge transactions on the appropriate exchanges,or, most typically, a combination of the two.

In using these alternative routes, the financialinstitution must deal with two or more times thenumber of contracts to cancel its risk exposures.While market-risk exposures can be mitigated orcompletely canceled in this manner, the finan-cial institution’s credit-risk exposure increasesin the process.

EXCHANGE-TRADEDINSTRUMENTS

For exchange-traded instruments, counterpartycredit exposures are assumed by the clearing-house and managed through netting and margin


arrangements. The combination of marginrequirements and netting arrangements of clear-inghouses is designed to limit the spread ofcredit and liquidity problems if individual firmsor customers have difficulty meeting their obli-gations. However, if there are sharp price changesin the market, the margin payments that clear-inghouses require to mitigate credit risk canhave adverse effects on liquidity, especially in afalling market. In this instance, market partici-pants may sell assets to meet margin calls,further exacerbating liquidity problems in themarketplace.

Many exchange-traded instruments are liquidonly for small lots, and attempts to execute alarge block can cause a significant price change.Additionally, not all financial contracts listed onthe exchanges are heavily traded. While somecontracts have greater trading volume than theunderlying cash markets, others trade infre-quently. Even with actively traded futures oroptions contracts, the bulk of trading generallyoccurs in short-dated contracts. Open interest, orthe total transaction volume, in an exchange-traded contract, however, provides an indicationof the liquidity of the contract in normal marketconditions.

‘‘UNBUNDLING’’ OF PRODUCTRISK

Both on- and off-balance-sheet products typi-cally contain more than one element of market-risk exposure; therefore, various hedging instru-ments may need to be used to hedge the inherentrisk in one product. For example, a fixed couponforeign currency–denominated security hasinterest-rate and foreign-exchange risks whichthe financial institution may choose to hedge.The hedging of the risks of this security wouldlikely result in the use of both foreign-exchangeand interest-rate contracts. Likewise, the hedg-ing of a currency interest-rate swap, for exam-ple, would require the same.

By breaking the market risk of a particularproduct down into its fundamental elements, or‘‘unbundling’’ the risks, market makers are ableto move beyond product liquidity to risk liquid-ity. Unbundling not only eases the control ofrisk, it facilitates the assumption of more riskthan was previously possible without causingimmediate market concern or building up unac-ceptable levels of risk. For example, the interest-

rate risk of a U.S. dollar interest-rate swap canbe hedged with other swaps, forward rate agree-ments (FRAs), Eurodollar futures contracts,Treasury notes, or even bank loans and deposits.The customized swap may appear to be illiquidbut, if its component risks are not, then othermarket makers would, under normal marketconditions, be willing and able to provide thenecessary liquidity. Positions, however, canbecome illiquid, particularly in a crisis.

DYNAMIC HEDGING RISKS

Certain unbundled market-risk exposures maytend to be managed as individual transactions,while other risks may be managed on a portfoliobasis. The more ‘‘perfectly hedged’’ the trans-actions in the portfolio are, the less the need toactively manage residual risk exposures. Con-versely, the use of dynamic hedging strategies tocover open price-risk exposures exposes thefinancial institution to increased risk whenhedges cannot be easily adjusted. (Dynamichedging is not applied to an entire portfolio butonly to the uncovered risk.) The use of dynamichedging strategies and technical trading by asufficient number of market participants canintroduce feedback mechanisms that cause pricemovements to be amplified and lead to one-waymarkets. Some managers may estimate exposureon the basis of the assumption that dynamichedging or other rapid portfolio adjustments willkeep risk within a given range even in the faceof large changes in market prices. However,such portfolio adjustments depend on the exist-ence of sufficient market liquidity to execute thedesired transactions, at reasonable costs, asunderlying prices change. If a liquidity disrup-tion were to occur, difficulty in executing thetransactions needed to change the portfolio’sexposure will cause the actual risk to be higherthan anticipated. Those institutions who haveopen positions in written options and, thus, areshort volatility and gamma will be the mostexposed.

The complexity of the derivatives strategiesof many market-making institutions can furtherexacerbate the problems of managing rapidlychanging positions. Some financial institutionsconstruct complex arbitrage positions,sometimes spanning several foreign marketsand involving legs in markets of very differentliquidity properties. For example, a dollar-

2030.1 Market Liquidity Risk of Trading Activities


based institution might hedge a deutschemarkconvertible bond for both equities and foreign-exchange risk and finance the bond with adollar-deutschemark bond swap. Such a transac-tion may lock in many basis points in profit forthe institution but exposes it to considerableliquidity risk, especially if the arbitrage transac-tion involves a combination of long-term andshort-term instruments (for example, if theforeign-exchange hedging was done throughthree-month forwards, and the bond had amaturity over one year). If key elements of thearbitrage transaction fall away, it may beextremely difficult for the institution to find suit-able instruments to close the gap withoutsustaining a loss.

Multifaceted transactions can also be particu-larly difficult to unwind. The difficulty ofunwinding all legs of the transaction simulta-neously can temporarily create large, unhedgedexposures for the financial institution. The abil-ity to control the risk profile of many of thesetransactions lies in the ability to execute tradesmore or less simultaneously and continuously inmultiple markets, some of which may be subjectto significant liquidity risks. Thus, the examinershould determine whether senior management isaware of multifaceted transactions and can moni-tor exposures to such linked activity, and whetheradequate approaches exist to control the associ-ated risks in a dynamic environment.

CONCENTRATED POSITIONS

If positions, either long or short, are sizablerelative to the traded volume in a market, theliquidation of those positions may disrupt themarket and cause a market participant to suffergreater-than-expected losses when exiting thepositions. Market makers should monitor theextent to which the positions they take constitutea large portion of open interest, volume, or someother indicator of market size. Contracts thathave different maturities or expirations, that aretraded on different exchanges, or that representeven slightly different underlying products mayhave different market liquidity characteristicsand should be monitored separately. Marketmakers should also (1) monitor the concentra-tion of positions of counterparties relative to themarket and (2) recognize that counterparties thattake on large positions relative to the marketvolume are taking on greater price risk and may

have difficulty unwinding their positions with-out substantial losses.

MARKET LIQUIDITY RISKLIMITS

Risk measures under stress scenarios should beestimated over a number of different time hori-zons. While the use of a short time horizon, suchas a day, may be useful for day-to-day riskmanagement, prudent managers will also esti-mate risk over longer horizons because the useof such a short horizon assumes that marketliquidity will always be sufficient to allow posi-tions to be closed out at minimal losses. How-ever, in a crisis, market liquidity, or the institu-tion’s access to markets, may be so impairedthat closing out or hedging positions may beimpossible, except at extremely unfavorableprices, in which case positions may be held forlonger than envisioned. This unforeseen length-ening of the holding period will cause a portfo-lio’s risk profile to be much greater than envi-sioned in the original risk measure, as thelikelihood of a large price change (volatility)increases with the horizon length. Additionally,the risk profiles of some instruments, such asoptions, change radically as their remainingtime to maturity decreases. Market makersshould consider the bid-asked spreads in normalmarkets and potential bid-asked spreads in dis-tressed markets and establish risk limits thatconsider the potential illiquidity of the instru-ments and products. Stress tests evidencing the‘‘capital-at-risk’’ exposures under both sce-narios should be available for examiner review.Market makers should consider placing limitson the size of concentrated positions relative tothe market volume.

REVALUATION ISSUES

Market makers may establish closeout valuationreserves covering open positions to take intoconsideration a potential lack of liquidity in themarketplace upon liquidation, or closing out, ofmarket-risk exposures. These ‘‘holdback’’reserves are typically booked as a contra accountfor the unrealized gain account. Since transac-tions are marked to market, holdback reservesestablish some comfort that profits taken intocurrent earnings will not dissipate over time as a

Market Liquidity Risk of Trading Activities 2030.1


result of ongoing hedging costs. Holdbackreserves may represent a significant portion ofthe current mark-to-market exposure of a trans-action or portfolio, especially for those transac-tions involving a large degree of dynamic hedg-

ing. The examiner should ensure, however, thatthe analysis provided can demonstrate a quanti-tative methodology for the establishment ofthese reserves and that these reserves, if neces-sary, are adequate.

2030.1 Market Liquidity Risk of Trading Activities


Market Liquidity Risk of Trading ActivitiesExamination Objectives Section 2030.2

For examination objectives on funding liquidityrisk, see section 3005.2. The following exami-nation objectives relate to the examination ofmarket liquidity risk.

1. To evaluate the organizational structure ofthe risk-management function.

2. To evaluate the adequacy of internal poli-cies and procedures relating to the institu-tion’s capital-markets and trading activitiesin illiquid markets and to determine thatactual operating practices reflect suchpolicies.

3. To identify the institution’s exposure andpotential exposure resulting from trading inilliquid markets.

4. To determine the institution’s potentialexposure if liquid markets suddenly becomeilliquid.

5. To determine if senior management and theboard of directors of the financial institutionunderstand the potential market liquidityrisk exposures of the institution’s tradingactivities.

6. To ensure that business-level managementhas formulated contingency plans in theevent of sudden illiquid markets.

7. To ensure the comprehensiveness, accuracy,and integrity of the management informa-tion systems that analyze market liquidityrisk exposures.

8. To determine if the institution’s liquidity-risk management system has been correctlyimplemented and adequately measures theinstitution’s exposures.

9. To determine if the open interest in exchange-traded contracts is sufficient to ensure thatmanagement would be capable of hedgingor closing out open positions in one-waydirectional markets.

10. To determine if management is aware oflimit excesses and takes appropriate actionwhen necessary.

11. To recommend corrective action when poli-cies, procedures, practices, or internal con-trols are found to be deficient.


Market Liquidity Risk of Trading ActivitiesExamination Procedures Section 2030.3

These procedures list processes and activitiesthat can be reviewed during a full-scope exami-nation. The examiner-in-charge will establishthe general scope of examination and work withthe examination staff to tailor specific areas forreview as circumstances warrant. As part of thisprocess, the examiner reviewing a function orproduct will analyze and evaluate internal auditcomments and previous examination workpa-pers to assist in designing the scope of exami-nation. In addition, after a general review of aparticular area to be examined, the examinershould use these procedures, to the extent theyare applicable, for further guidance. Ultimately,the seasoned judgment of the examiner and theexaminer-in-charge will determine which proce-dures are warranted in examining any particularactivity.

For examination procedures on funding liquid-ity risk, see section 3005.3. The followingexamination procedures relate to the examina-tion of market liquidity risk.

1. Review the organization of liquidity-riskmanagement.a. Check that the institution has a liquidity-

risk management function that has aseparate reporting line from that of trad-ers and marketers.

b. Determine if liquidity-risk control per-sonnel have sufficient credibility in thefinancial institution to question traders’and marketers’ decisions.

c. Determine if liquidity-risk managementis involved in new-product discussionsin the financial institution.

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instruments.Obtain copies of all risk-management reportsprepared by the institution in order to evalu-ate liquidity-risk control personnel’s dem-onstrated knowledge of the products tradedby the financial institution and their under-standing of current and potential exposures.

3. Obtain and evaluate the adequacy of risk-management policies and procedures forcapital-markets and trading activities.a. Review market-risk policies, procedures,

and limits.b. Review contingency plans for market

liquidity risk both at the parent bank

holding company and subsidiary banklevels. Determine if contingency plansare appropriate in light of (1) anticipatedsources and uses of funds and (2) thetiming of those sources and uses. Deter-mine if the plans identify stable, flexible,and diverse sources of liquidity underboth business-as-usual and stressscenarios.

c. Review accounting and revaluation poli-cies and procedures. Determine if revalu-ation procedures are appropriate.

4. Determine the credit rating and marketacceptance of the financial institution as acounterparty in the markets.

5. Obtain all management information analyz-ing market liquidity risk.a. Determine the comprehensiveness, accu-

racy, and integrity of analysis.b. Review bid-asked assumptions in a nor-

mal market scenario.c. Review stress tests that analyze the wid-

ening of bid-asked spreads and deter-mine the reasonableness of assumptions.

d. Determine whether management infor-mation reports accurately reflect risksand whether reports are provided to theappropriate level of management.

6. Determine if any recent market disruptionshave affected the institution’s trading activi-ties. If so, determine the institution’s marketresponse.

7. Establish that the financial institution isfollowing its internal policies and proce-dures. Determine whether the establishedlimits adequately control the range of liquid-ity risks, the limits are appropriate for theinstitution’s level of activity, and manage-ment is aware of limit excesses and takesappropriate action when necessary.

8. Determine whether the institution has estab-lished an effective audit trail that summa-rizes, with the appropriate frequency, expo-sures and management approvals.

9. Determine whether management consideredthe potential illiquidity of the markets whenestablishing the institution’s capital-at-riskexposures.a. Determine if the financial institution

established capital-at-risk limits to addressboth normal and distressed marketconditions.


b. Determine if senior management and theboard of directors are advised of marketliquidity risk exposures in illiquid mar-kets and of potential risk arising as aresult of distressed market conditions.

10. Determine whether business managers havedeveloped contingency plans that specifyactions to be taken in suddenly illiquidmarkets in order to minimize losses as wellas potential damage to the institution’s

market-making reputation.11. On the basis of the information provided,

determine the institution’s exposure to sud-denly illiquid markets as a result of itsdynamic hedging strategies.

12. Recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient.

2030.3 Market Liquidity Risk of Trading Activities: Examination Procedures


Market Liquidity Risk of Trading ActivitiesInternal Control Questionnaire Section 2030.4

For the internal control questionnaire on fundingliquidity risk, see section 3005.4. The followinginternal control questions relate to the examina-tion of market liquidity risk.

1. Review the liquidity-risk managementorganization.a. Does the institution have a liquidity-risk

management function that has a separatereporting line from that of traders andmarketers?

b. Do liquidity-risk control personnel havesufficient credibility in the financialinstitution to question traders’ and mar-keters’ decisions?

c. Is liquidity-risk management involved innew-product discussions in the financialinstitution?

2. Identify the institution’s capital-markets andtrading activities and the related balance-sheet and off-balance-sheet instruments;obtain copies of all risk-management reportsprepared.a. Do summaries identify all the institu-


for the range of capital-markets prod-ucts. Is the institution an end-user, dealer,or market maker? If so, in what prod-ucts? Determine the hedging instrumentsused to hedge these products.

c. Do liquidity-risk control personnel dem-onstrate knowledge of the products tradedby the financial institution? Do theyunderstand the current and potentialexposures to the institution?

3. Does the institution have comprehensive,written risk-management policies and pro-cedures for capital-markets and tradingactivities?a. Do the policies explain the board of

directors’ and senior management’s phi-losophy regarding illiquid markets?

b. Have limits been approved by the boardof directors?

c. Have policies, procedures, and limitsbeen reviewed and reapproved within thelast year?

d. Are policies, procedures, and limits formarket liquidity risk clearly defined?

e. Are the limits appropriate for the insti-tution and its level of capital?

f. Are there contingency plans for marketliquidity risk?

g. Do the policies address the use ofdynamic hedging strategies?

4. Has there been a credit-rating downgrade?What has been the market response to thefinancial institution as a counterparty in themarkets? Are instances in which the insti-tution provides collateral to its counterpar-ties minimal?

5. Obtain all management information analyz-ing market liquidity risk.a. Is management information comprehen-

sive and accurate, and is the analysissound?

b. Are the bid-asked assumptions in a nor-mal market scenario reasonable?

c. Do management information reportsaccurately reflect risks? Are reports pro-vided to the appropriate level ofmanagement?

6. If any recent market disruptions affected theinstitution’s trading activities, what has beenthe institution’s market response?

7. Is the financial institution following itsinternal policies and procedures? Do theestablished limits adequately control therange of liquidity risks? Are the limitsappropriate for the institution’s level ofactivity?

8. Has the institution established an effectiveaudit trail that summarizes exposures andmanagement approvals? Are these sum-mary reports presented and reviewed withthe appropriate frequency?

9. Has management considered potential illi-quidity of the markets when establishingcapital-at-risk exposures?a. Has the financial institution established

capital-at-risk limits that address bothnormal and distressed market condi-tions? Are these limits aggregated on aglobal basis?

b. Are senior management and the board ofdirectors advised of market liquidity riskexposures in illiquid markets, as well asof potential risk arising as a result ofdistressed market conditions?

10. Has management determined the institu-tion’s exposure to suddenly illiquid marketsresulting from dynamic hedging strategies?


Operations and Systems Risk(Management Information Systems) Section 2040.1

Management information systems (MIS) shouldaccumulate, interpret, and communicate infor-mation regarding the institution’s positions, prof-its, business activities, and inherent risks. Theform and content of management informationfor trading activities will be a function of thesize and complexity of the trading operation andorganization, policies and procedures, and man-agement reporting lines. MIS generally take twoforms: computing systems with business appli-cations and management reporting. For institu-tions with trading operations, a computerizedsystem should be in place. For a small numberof institutions with limited trading activity, anelaborate computerized system may not be costeffective. Not all management information sys-tems are fully integrated. Examiners shouldexpect to see varying degrees of manual inter-vention and should determine whether the integ-rity of the data is preserved through propercontrols. The examiner should review and eval-uate the sophistication and capability of thefinancial institution’s computer systems and soft-ware, which should be capable of supporting,processing, and monitoring the capital-marketsand trading activities of the financial institution.

An accurate, informative, and timely manage-ment information system is essential to theprudent operation of a trading or derivativeactivity. Accordingly, the examiner’s assess-ment of the quality of the management informa-tion system is an important factor in the overallevaluation of the risk-management process.Examiners should determine the extent to whichthe risk-management function monitors andreports its measure of trading risks to appropri-ate levels of senior management and the boardof directors. Exposures and profit-and-loss state-ments should be reported at least daily to man-agers who supervise but do not conduct tradingactivities. More frequent reports should be madeas market conditions dictate. Reports to otherlevels of senior management and the board mayoccur less frequently, but examiners shoulddetermine whether the frequency of reportingprovides these individuals with adequate infor-mation to judge the changing nature of theinstitution’s risk profile.

Examiners should ensure that the manage-ment information systems translate the mea-sured risk from a technical and quantitativeformat to one that can be easily read and

understood by senior managers and directors,who may not have specialized and technicalknowledge of trading activities and derivativeproducts. Risk exposures arising from variousproducts within the trading function should bereported to senior managers and directors usinga common conceptual framework for measuringand limiting risks.

PROFESSIONAL EXPERTISE

The trading institution should have personnelwith sufficient expertise to understand the finan-cial instruments and maintain the managementinformation system. Reports should be updatedto reflect the changes in the business environ-ment. Institutions that develop their own appli-cations should have adequate staff to alter andtest current software. Also, the implementationof automated reporting systems is not a substi-tute for an adequate reconcilement procedurethat would ensure the integrity of data inputs.The system must be independently audited bypersonnel with sufficient expertise to perform acomprehensive review of management report-ing, financial applications, and systems capacity.

COMPUTING SYSTEMS

Worldwide deregulation of financial marketscombined with the latest tools in informationtechnologies have brought capital marketstogether so that geographic financial centers areno longer as important. Access to markets oncompetitive terms from any location is madepossible by instantaneous worldwide transmis-sion of news and market information. To man-age their risk-management process in the currentfinancial and technological environment, finan-cial institutions are more readily prepared toincorporate the latest communications systemsand database management techniques. In addi-tion, new financial concepts are rapidly becom-ing standard practice in the industry, madepossible by powerful computing tools and com-munications systems.

Some capital-markets instruments requireinformation technologies that are more complexthan those used for more traditional bankingproducts, such as loans, deposits, and standard


foreign-exchange transactions. Indeed, a depart-ment developing specialized trading productsand their supporting systems is often viewed bysenior management as the laboratory for thefinancial institution. For financial institutionsactive in capital markets, conducting business ina safe and sound manner depends on the suc-cessful integration of management informationsystems into the daily processes of market- andcredit-risk management; transaction processing;settlement; accounting; and financial, regula-tory, and management reporting.

Examiners should evaluate the processes ofsoftware development, technical specifications,database management, local area networks, andcommunication systems. Access to the auto-mated systems should be adequately protected.If the organization uses PCs, a written policy toaddress access, development, maintenance, andother relevant issues should exist. Given thespecialized management skills and heightenedsophistication in information technologies foundin many trading rooms, an evaluation of systemsmanagement should be incorporated into theoverall assessment of management and internalcontrols. A full-scope examination of theseareas is best performed by specialized electronicdata processing examiners. However, a generalreview of these processes must also be incorpo-rated in the financial examination.

For examination purposes, the scope of thereview should be tailored to the functionality ofthe management information system as opposedto its technical specifications. Functionality refersto how well the system serves the needs of usersin all areas of the institution, including seniormanagement, risk management, front office, backoffice, financial reporting, and internal audit.The organization should have flow charts ornarratives that indicate the data flow from inputthrough reporting. The comprehensiveness ofthis information, however, will depend on thelevel of reporting necessary for the institution.

An important aspect of evaluating informa-tion technology is the degree to which varioussystems interface. For purposes of this discus-sion, automated systems refers to the collectionof various front-office and control systems.Financial institutions relying on a single data-base of client and transaction files may havestronger controls on data integrity than thosewith multiple sources of data. However, rarelydoes a single automated system handle dataentry and all processing and control functionsrelevant to all over-the-counter and exchange-

traded instruments used by an institution. Thegroup of systems used may be a combination ofsystems purchased from vendors and applica-tions developed in-house by the firm’s softwareprogrammers. Standard instructions should beset within the automated systems. The organi-zation should identify which instructions may beoverridden and under what circumstances.

The organization should give plannedenhancement or development projects appropri-ate priority, given management’s stated goalsand capital-markets activity. Third-party ven-dors should be provided with adequate lead timeto make changes to existing programs. Sufficienttesting should be performed before systemupgrades are implemented.

When consolidating data derived from mul-tiple sources, the institution should performcontrols and reconciliations that minimize thepotential for corrupting consolidated data. Ifindependent databases are used to supportsubsidiary systems, then reconciliation controlsshould be evident at each point that multipledata files are brought together. Regardless of thecombination of automated systems and manualprocesses, examiners should ensure that appro-priate validation processes are effected to ensuredata integrity.

Not all financial institutions have the sameautomation requirements. For institutions withlimited transaction volume, it is not cost effec-tive to perform risk-management reporting in anautomated environment, and most analysis canbe handled manually. When volumes increasesuch that timely risk monitoring can no longerbe handled manually, then automated applica-tions may be appropriate.

MODEL RISK

A key element of the management informationsystem of trading operations is models andalgorithms used to measure and manage risk.The frequency and extent to which financialinstitutions should reevaluate their models andassumptions depend, in part, on the specific riskexposures created by their trading activities, thepace and nature of market changes, and the paceof innovation with respect to measuring andmanaging risks. At a minimum, financialinstitutions with significant capital-markets andtrading activities should review the underlyingmethodologies and assumptions of their models

2040.1 Operations and Systems Risk (Management Information Systems)


at least annually, and more often as marketconditions dictate, to ensure that they are appro-priate and consistent for all products. Suchinternal evaluations may, in many cases, besupplemented with reviews by external auditorsor other qualified outside parties, such as con-sultants who have expertise with highly techni-cal models and risk-management techniques.When a pricing model is introduced, systemspersonnel should ensure that testing of thealgorithm is adequate. The users of the model(traders, controllers, and auditors) should alsosign off on it. In practice, pricing models for themost heavily traded financial instruments arewell tested. Financial algorithms for complex,exotic products should be well documented aspart of the policies and procedures manual andthe functional specifications. Hazards are morelikely to arise for instruments that have non-standard or option-like features. The use ofproprietary models that employ unconventionaltechniques that are not widely agreed upon bymarket participants should lead to further ques-tioning by examiners. Even the use of standardmodels may lead to errors if the financial toolsare not appropriate for a given instrument.

NEW PRODUCTS

The development of new products is a keyfeature of capital-markets and trading opera-tions. The general risks associated with newproducts should be addressed through the new-product approval process. When reviewing finan-cial applications, examiners should evaluatewhether the current tools quantify and monitorthe range of relevant exposures. New applica-tions require special review and additional mea-sures of control. In the absence of a model thatprovides a reasonable simulation of market price,the risk-management, control, and audit areasshould be responsible for developing an appro-priate valuation methodology. All software appli-cations should proceed through the institution’ssoftware development process for testing beforeimplementation. They should not be releasedfor actual business use until validation andsign-off is obtained from appropriate functionaldepartments.

Parameter Selection and Review

Examiners should ensure that financial institu-

tions have a process whereby parameters used invaluation models depend on rigorous statisticalmethods and are updated to reflect changingmarket conditions. To the extent possible, theresults derived from statistical methods shouldbe validated against available market information.

Models that incorporate assumptions aboutunderlying market conditions or price relation-ships require ongoing monitoring. Input param-eters such as volatility, correlations betweenmarket prices, interest rates and currencies, andprepayment speeds of underlying mortgage poolsrequire frequent review. For example, volatilityquotes may be compared with those in availablepublished sources, or they may be impliedvolatilities derived from a pricing model usingcurrent market prices of actively traded exchange-listed options. Mortgage securities prepaymentassumptions can be compared with vectors pro-vided by the dealer community to automatedservices or with factors provided by third-partyvendors.

Examiners should evaluate the ability of aninstitution’s model to accommodate changes inassumptions and parameters. Institutions shouldconduct ‘‘what-if’’ analyses and tests of thesensitivity of specific portfolios or their aggre-gate risk position. Examiners should expect therisk-management and measurement system to besufficiently flexible to stress-test the range ofportfolios managed by the institution. Anyparameter variations used for stress tests orwhat-if analyses should be clearly identified.These simulations usually summarize the profitor loss given a change in interest rates, foreign-exchange rates, equity or commodity prices,volatility, or time to maturity or expiry.

MANAGEMENT INFORMATIONREPORTING

Management reporting summarizes day-to-dayoperations, including risk exposure. The finan-cial institution’s goal and market profile will bereflected in the reporting format and process atthe operational level. These reporting formatsshould be evaluated for data integrity and clar-ity. Examiners should determine if reporting issufficiently comprehensive for sound decisionmaking.

In addition, reports are used to provide man-agement with an overall view of business activ-ity for strategic planning. Overall management

Operations and Systems Risk (Management Information Systems) 2040.1


reporting should reflect the organizational struc-ture of the institution and the risk tolerance ofsenior management. Examiners should expectreports to aggregate data across geographiclocations when appropriate and to segregatepositions by legal entity when appropriate.Examiners may find that periodic reporting isprovided to management on market-limit andcredit-line utilization. Management uses thesereports to reevaluate the limit structure, relaterisks to profitability over a discrete period,evaluate growing businesses, and identify areasof potential profit. Management reporting alsoshould relate risks undertaken to return oncapital. In fact, management information sys-tems should allow management to identify andaddress market, credit, and liquidity risks. (Seesections 2010.1, 2020.1, and 2030.1.)

Management reports will usually be gener-ated by control departments within the institu-tion, independent from front-office influence.When front-office managers have input onreports, the senior managers should be well

aware of potential weaknesses in the data pro-vided. Risk reporting should be assessed andperformed independently of the front office toensure objectivity and accuracy and to preventmanipulation or fraud. However, if the backoffice uses databases and software programs thatare independent from those used in the frontoffice, it needs to perform a periodic reconcili-ation of differences. For financial institutionsoperating in a less automated environment, reportpreparation should be evaluated in terms oftimeliness and data accuracy. Cross-checkingand sign-off by the report preparer and a reviewerwith appropriate authority should be evident.

Each financial institution will define theacceptable tradeoff between model accuracy andinformation timeliness. As part of their appraisalof risk management, examiners should reviewthe frequency and accuracy of reporting againstthe institution’s posture in the marketplace,volume of activity, aggregate range of expo-sures, and capacity to absorb losses.

2040.1 Operations and Systems Risk (Management Information Systems)


Operations and Systems Risk(Management Information Systems)Examination Objectives Section 2040.2

1. To determine the scope and adequacy of theaudit function for management informationsystems and management reporting.

2. To determine if the policies, practices, pro-cedures, and internal controls regardingmanagement information systems and man-agement reporting are adequate.

3. To ensure that only authorized users areable to gain access to automated systems.

4. To evaluate computer systems, communica-tions networks, and software applications interms of their ability to support and controlthe capital-markets and trading activities.

5. To determine that the functions of auto-mated systems and reporting processesare well understood by staff and are fullydocumented.

6. To determine that software applications per-taining to risk reporting, pricing, and otherapplications that depend on modeling arefully documented and subject to indepen-dent review.

7. To determine that the automated systems

and manual processes are designed withsufficient audit trails to evaluate and ensuredata integrity.

8. To ensure that reports are fully describedin functional specifications and are alsoincluded in the policies and procedures ofthe respective user departments.

9. To determine whether management report-ing provides adequate information for stra-tegic planning.

10. To determine that risk-management report-ing summarizes the quantifiable and non-quantifiable risks facing the institution.

11. To determine whether financial perfor-mance reports are accurate and sufficientlydetailed to relate profits to risks assumed.

12. To evaluate summary reports on operationsfor adequacy.

13. To recommend corrective action when poli-cies, practices, procedures, internal con-trols, or management information systemsare deficient.


Operations and Systems Risk(Management Information Systems)Examination Procedures Section 2040.3

These procedures represent a list of processesand activities that may be reviewed during afull-scope examination. The examiner-in-chargewill establish the general scope of examinationand work with the examination staff to tailorspecific areas for review as circumstanceswarrant. As part of this process, the examinerreviewing a function or product will analyze andevaluate internal-audit comments and previousexamination workpapers to assist in designingthe scope of examination. In addition, after ageneral review of a particular area to be exam-ined, the examiner should use these procedures,to the extent they are applicable, for furtherguidance. Ultimately, it is the seasoned judg-ment of the examiner and the examiner-in-charge as to which procedures are warranted inexamining any particular activity.

1. Obtain copies of internal and external auditreports for MIS and management reporting.Review findings and management’sresponses to them and determine whetherappropriate corrective action was taken.

2. Obtain a flow chart of reporting and sys-tems flows and review information to iden-tify important risk points. Review policiesand procedures for MIS. Review the per-sonal computer policy for the institution, ifavailable.

3. Determine the usage of financial applica-tions on terminals that are not part of themainframe, minicomputer, or local area net-work. For instance, traders may use theirown written spreadsheet to monitor riskexposure or for reconciliation.

4. Obtain an overview of the system’s func-tional features. Browse the system with theinstitution’s systems administrator. Deter-mine whether passwords are used andaccess to the automated system is restrictedto approved users.

5. Review a list of ongoing or planned man-agement information systems projects. Deter-mine whether the priority of projects isjustified given management’s strategic goalsand recent mix of business activity.

6. From the systems overview, ascertain therange of databases in use. Some systemarchitecture may use independent databasesfor front office, back office, or credit admin-

istration. Determine the types of reconcili-ations performed, frequency of databasereconciliation, and tolerance for variance.The more independent databases are, themore the potential for data error exists.

7. Determine the extent of data-parameterdefaults, for example, standard settlementinstructions to alleviate manual interven-tion. Determine the extent of manual inter-vention for transaction processing, financialanalysis, and management reporting.

8. Review the policies and procedures manualfor reporting requirements for management.

9. Determine whether the automated andmanual process have sufficient audit trailsto evaluate and ensure data integrity for therange of functional applications. Determinehow control staff validates report contentand whether the report content is wellunderstood by the preparer.

10. Determine whether the processing and pro-duction of reports is segregated from front-office staff. When the front office has influ-ence, how does management validatesummary data and findings?

11. Review the functional applications such ascredit administration, trade settlement,accounting, revaluation, and risk monitor-ing to determine the combination of auto-mation and manual intervention for man-agement reporting. Compare findings withexaminers reviewing specific products orbusiness lines.

12. Determine whether the documentation sup-porting pricing models is adequate. Deter-mine whether ‘‘user instructions’’ providesufficient guidance in model use.

13. Determine whether the range of risk-management reports is adequately docu-mented in terms of inputs (databases, data-feeds external to the organization, economicand market assumptions), computational fea-tures, and outputs (report formats, defini-tions). Evaluate the documentation for thor-oughness and comprehensiveness.

14. Determine whether the range of reports(risk management, financial performanceand operational controls) provides validresults to evaluate business activity and forstrategic planning.


15. Recommend corrective action when poli-cies, practices, procedures, internal con-trols, or management information systemsare deficient.

2040.3 Operations and Systems Risk (Management Information Systems): Examination Procedures


Operations and Systems Risk(Management Information Systems)Internal Control Questionnaire Section 2040.4

1. Is the scope of the audit coverage compre-hensive? Are audits for management infor-mation systems and reporting available?Are findings discussed with management?Has management implemented timely cor-rective actions for deficiencies?

2. Do policies and procedures address therange of system development and technicalmaintenance at the institution, including theuse of outside vendors and consultants?Does the institution have a comprehensivepersonal computer policy? If the organiza-tion uses PCs, is there a written policy toaddress access, development, maintenance,and other relevant issues?

3. Do the new product policies and proceduresrequire notification and sign-off by keysystems development and managementreporting staff?

4. Are there functional specifications for thesystems? Are they adequate for the currentrange of automated systems at the institu-tion? Do they address both automated andmanual input and intervention?

5. Does the organization have flow charts ornarratives that indicate the data flow frominput through reporting? Is this informationcomprehensive for the level of reportingnecessary for the financial institution?

6. Is access to the automated systems ade-quately protected?a. Do access rights, passwords, and logon

ID’s protect key databases fromcorruption?

b. Are ‘‘write or edit’’ commands restrictedto a limited set of individuals?

c. Are specific functions assigned to a lim-ited set of individuals? Are access rightsreviewed periodically?

d. Does the system have an audit report formonitoring user access?

e. Is access logon information stored inrecords for audit trail support?

7. Is management information provided frommainframe, minicomputers, local area net-works (multiuser personal computer net-works), or single-user personal computersor a combination of the above?

8. Are third-party vendors provided with ade-quate lead time to make changes to existingprograms? Is sufficient testing performed

before system upgrades are implemented?9. Do planned enhancement or development

projects have appropriate priority, givenmanagement’s stated goals and capital-markets activity?

10. Identify the key databases used for therange of management reports.a. Are direct electronic feeds from external

services such as Reuters, Telerate, andBloomberg employed? How are incom-plete datafeeds identified? Can marketdata be overridden by users? How doesthe institution ensure the data integrity ofdatafeeds or manually input rates, yields,or prices from market sources?

b. Are standard instructions set within theautomated systems? Can these be over-ridden? Under what circumstances?

c. For merging and combining databases,how does the institution ensure accurateoutput?

d. What periodic reconciliations are per-formed to ensure data integrity? Is thereconciliation clerk sufficiently familiarwith the information to identify ‘‘con-taminated’’ data?

11. Does the institution have a model-validationprocess? Does the organization use consult-ants for model development and validation?Are these consultants used effectively? Arethe yield curve calculations, interpolationmethods, discount factors, and other param-eters used clearly documented and appro-priate to the instruments utilized? Regard-less of the source of the model, how doesmanagement ensure accurate and consistentresults?

12. Does the system design account for thedifferent pricing conventions and accrualmethods across the range of products in useat the financial institution? Evaluate therange of system limitations for processingand valuation across the range of productsused by the institution. Assess the pos-sible impact on accuracy of managementreporting.

13. Is management reporting prepared on asufficiently independent basis from line man-agement? Is management reporting ade-quate for the volume and complexity of


capital-markets and trading activities for thetypes of reports listed below? Are reportscomplete? Do they have clear formats?Are the data accurate? Are exceptions high-lighted? Is appropriate segregation of dutiesin place for report preparation? Are therereports for the following:a. Market-risk exposure against limits?b. Credit-risk exposure against limits?c. Market-liquidity risk exposure against

limits?d. Funding-liquidity risk exposure against

market demand?e. Transaction volumes and business mix?f. Profit and loss?g. Other risk exposures and management

information reports?14. Do reports reflect aggregation of data across

geographic locations when appropriate?

15. Do reports segregate positions by legalentity when appropriate?

16. Determine whether the system for measur-ing and managing risk is sufficiently flex-ible to stress test the range of portfoliosmanaged by the institution. Does the systemprovide usable and accurate output? If theinstitution does not perform automated stresstesting, what process is used to minimizequantifiable risks in adverse markets?

17. Are parameter variations used for stresstests or are ‘‘what if’’ analyses clearlyidentified?

18. Does management reporting relate risksundertaken to return on capital?

19. Do reports provide information on the busi-ness units that is adequate for sound strate-gic planning? Are profitable and unprofit-able businesses clearly identified? Doesmanagement have adequate information?

2040.4 Operations and Systems Risk (Management Information Systems): Internal Control Questionnaire


Operations and Systems Risk (Front-Office Operations)Section 2050.1

The front office is where trading is initiated andthe actual trading takes place. It consists oftraders, marketing staff, and sometimes othertrading-support staff. Front-office personnelexecute customer orders, take positions, andmanage the institution’s market risks. The frontoffice is usually organizationally and function-ally separate and distinct from the back-officeoperation, which is part of the institution’soverall operations and control infrastructure.

The back-office function completes the trad-ing transactions executed by the front office.(See section 2060, ‘‘Back-Office Operations.’’)It processes contracts, controls various clearingaccounts, confirms transactions, and is typicallyresponsible for performing trade revaluations.Additionally, back-office personnel investigateoperational problems which may arise as a resultof business activities. The back office provideslogistical support to the trading room and shouldbe the area where errors are caught and broughtto the attention of the traders. While the dealingroom and back office must cooperate closely toensure efficiency and prevent problems, theirduties should be segregated to provide anappropriate level of independence and control.

While the overall size, structure, and sophis-tication of an institution’s front office willvary, the general functions and responsibilitiesdescribed in this section prevail across themajority of financial institutions. The followingdiscussion describes a typical front office, but itis important to consider individual instrumentprofiles and market-specific characteristics inconjunction with the review of front-officeactivities.

ROLE AND STRUCTUREOF THE FRONT OFFICE

The trading operation of a financial institutioncan be categorized by the various roles the frontoffice performs in the marketplace. The frontoffice’s responsibilities may include any combi-nation of the following: market maker (dealer),proprietary trader, intermediary, and end-user.

A market makermakes two-way markets.When initially contacted, the market maker maynot know whether the counterparty wishes tobuy or sell a particular product. The marketmaker quotes two-way prices, reflective of the

bid/ask levels in the marketplace. The differencebetween the bid and the ask is called the spread.

Dealersare not necessarily obliged to maketwo-way markets. Many market participants areactively involved in facilitating customer trans-actions even though they are not consideredmarket makers. In some cases, these institutionsact similarly to market makers, hedging incre-mental transactions derived from their customerbase. In other cases, the institution may marktransactions up from the bid/ask levels in themarketplace, enter into a transaction with itscustomer, and fill the order in the marketplace,effectively taking a spread on the transaction.While it may appear as if the dealer is acting asa broker, it should be noted that both thetransaction with the customer and the transac-tion with the marketplace are executed with thefinancial institution as principal.

A proprietary trader takes on risk on theinstitution’s behalf, based on a view of eco-nomic and market perceptions and expectations.This type of trader will take a position in themarket to profit from price movements and pricevolatility. Proprietary traders may incur highlevels of market risk by managing significantpositions which reflect their view of futuremarket conditions. This type of activity requiresthe highest level of experience and sophistica-tion of all traders in the institution.

Intermediaries communicatebid and asklevels to potential principals and otherwisearrange transactions. These transactions areentered into on an ‘‘as agent’’ basis, and donotresult in the financial institution acting as aprincipal to either counterparty involved in thetransaction. An intermediary typically charges afee for its service.

End-usersare purchasers or sellers of prod-ucts for investment or hedging purposes. Some-times an end-user will be a short-term trader, butits volume will usually be lower than that of aproprietary trader.

An institution may not function in all theabove-mentioned roles. Each type of marketparticipant strives to maintain or improve itsposture in the market based on its own actual orperceived competitive advantages. The institu-tion may also have a sales force or marketingstaff that receives price quotes from the institu-tion’s trading staff and represents market oppor-tunities to current and potential clients. Usually,


marketing staff is paid based on volume or onthe profit margin for the business developed.

Sound business practices dictate that financialinstitutions take steps to ascertain the characterand financial sophistication of counterparties.These practices include efforts to ensure that thecounterparties understand the nature of the trans-actions into which they are entering. When thecounterparties are unsophisticated, either gen-erally or with respect to a particular type oftransaction, financial institutions should takeadditional steps to ensure that they adequatelydisclose the risks associated with the specifictype of transaction. Ultimately, counterpartiesare responsible for the transactions into whichthey choose to enter. However, when an insti-tution recommends specific transactions to anunsophisticated counterparty, the institutionshould ensure that it has adequate informationon which to base its recommendation.

Organizational Structure

The organizational structure of the front officeis usually a function of the particular roles itperforms. In general, the broader the scope of afinancial institution’s trading activities, the morestructured the front-office organization. A mar-ket maker of various products can be expectedto have numerous trading and sales desks, witheach business activity managed independentlyand overseen by the trading manager. Corre-spondingly, traders acting exclusively in a pro-prietary capacity may act relatively indepen-dently, reporting only to the trading manager.

TRADE CONSUMMATION

Trading is transacted through a network ofcommunications links among financial institu-tions and brokers, including telephone lines,telexes, facsimile machines, and other electronicmeans. The party initiating the transaction con-tacts one or more dealers, typically over tapedtelephone lines, to request a ‘‘market,’’ that is, atwo-sided quote. More than one institution maybe contacted to obtain the most favorable rate orexecute several trades quickly.

The initiating trader does not normally indi-cate which side of the market he or she is on. Inresponse, the trader receiving the call considersthe current market, the institution’s actual and

desired positions, and the likely needs of theinitiating trader. The trader assesses the currentstatus of the market through informationobtained from other financial institutions, bro-kers, or information services, and uses thisinformation to anticipate the direction of themarket. Upon determining the most favorablerate, the initiating trader closes the transactionby signifying a purchase or sale on the quotingtrader’s terms.

Before closing the transaction, the tradersmust also ensure that it falls within the institu-tion’s counterparty credit lines and authorizedtrading limits. A trade is usually completed in amatter of seconds and the commitments enteredinto are considered firm contracts.

Traders at competing institutions may arrangeprofit-sharing arrangements or provide otherforms of kickbacks without attracting the noticeof control staff or trading management. Toprotect against this occurrence, a daily blotter(price/rate sheet) or comparable record or data-base should be maintained. The blotter or data-base should be validated against the dailytrading range within a narrow tolerance level.Off-market rates should be recorded in alog with appropriate control justification andsign-off.

Time-stamping of trade tickets by the traderor computer system permits comparison betweenthe market rates recorded on the rate sheet andthe rates at which trades are transacted. Thissystem not only protects against deliberate trans-actions at off-market rates, but it is also useful inresolving rate discrepancies in transactions withother financial institutions and customers.

Transaction Flow

Upon execution of the transaction, vital tradeinformation is captured. The form in whichdetails of trade transactions are captured iscontingent on the trading systems of the finan-cial institution. When distinct front- and back-office transaction systems are used, trade ticketsor initial input forms typically provide the inputdetail for the back office. These trade tickets areusually handwritten by the trader and hand-delivered to the back office. When straight-through or automated processing systems areused, trade input is typically performed by thefront office. Details are input onto a computerscreen and verified by the back office beforefinal acceptance. In either case, trade details

2050.1 Operations and Systems Risk (Front-Office Operations)


should include such basic information as thetrade date, time of trade, settlement date, coun-terparty, instrument, amount, price or rate, and,depending on the instrument, manner and placeof settlement.

The trader’s own principal record is the trad-ing blotter or position book, which is a chrono-logical record of deals and a running record ofthe trader’s position. The blotter may or may notbe automated, depending on the sophisticationof the computer systems at the institution.

Transaction Reporting

Traders track market-risk exposures and profitand loss in the ordinary course of business.These calculations, however, should not formthe basis for official risk or profit-and-lossreporting. Management information distributedto senior management should be prepared andreviewed independent of the trading function.

TRAINING AND TECHNICALCOMPETENCE

Trading-support functions are technical andrequire levels of skills and training commensu-rate with the type of institution and the type andvariety of products handled. Back-office person-nel should demonstrate a level of competence sothat they act as a viable check and balance to thefinancial institution’s front-office staff. Addition-ally, financial institutions must be able to attractand retain competent personnel, as well as trainthem effectively. Finally, a sufficient level ofstaffing is required to ensure the timely andaccurate processing, reporting, controlling, andauditing of trading activities.

ETHICS

The potential risk of trading transactions to afinancial institution emphasizes the importanceof management’s ascertaining the character ofits potential traders. While there are no guaran-tees as to how a particular trader may react toseriously adverse market conditions, proper per-sonnel screening, internal controls, and commu-nication of corporate policies should reduce thepossibility of trading improprieties.

Additionally, management should establish

policies and procedures governing standards fordealing with counterparties. An appropriate levelof due diligence should be performed on allcounterparties with which the institution deals,even if the transactions do not expose thefinancial institution to much credit risk (forexample, collateralized transactions).

Finally, management should ensure that themarketing practices of its salespersons are ethi-cal. Standards addressing the sales of complexproducts should be established to ensure thatcustomers are not entering into transactionsabout which they have no understanding of thepotential risks. Management should remain cog-nizant of the risk to the institution’s reputation atall times. Once an institution’s reputation isdamaged, it can be very difficult to restore. (Seesection 2150, ‘‘Ethics.’’)

UNACCEPTABLE PRACTICES

Certain trading practices are considered unac-ceptable and require close supervision to controlor prevent. In the foreign-exchange market, inwhich prices will probably change before adispute or counterparty can be settled, the prac-tice of brokers’ pointshas evolved. The use ofbrokers’ points involves one side agreeing to theother’s price in a disputed trade, but with thecaveat that the discrepancy will be made up inthe future. The parties keep an unofficial list ofowed or lent monies. The party agreeing to theother’s price can then call in the favor at a laterdate. This practice may be used to hide lossesin a trading portfolio until there are sufficientprofits to offset them. The practice of brokers’points is considered an unsafe and unsoundbanking practice, and a financial institutionshould have a policy forbidding it.

Another unacceptable practice isadjusted-price trading. This practice is used to conceallosses in a trading portfolio and involves acollusive agreement with a securities dealerfrom which the institution previously purchaseda security that has now dropped in value. Thesecurity is resold to the dealer at the institution’soriginal purchase price, and the institution pur-chases other securities from the dealer at aninflated price. This practice could also involve‘‘cross parking,’’ whereby the collusive partiesare both attempting to conceal trading losses.Adjusted-price trading is further described in theMunicipal Securities Activities Exam Manual.

Operations and Systems Risk (Front-Office Operations) 2050.1


Transactions involving off-market rates(including foreign-exchange historical-rate roll-overs) should be permitted only in limited cir-cumstances with strict management oversight.The use of off-market rates introduces risksabove and beyond those normally faced bydealing institutions in day-to-day trading activi-ties. Because off-market rates could be used toshift income from one institution to another orfrom one reporting period to another, they canserve illegitimate purposes, such as to conceallosses, evade taxes, or defraud a trading institu-tion. All financial institutions should have poli-cies and procedures for dealing with tradesconducted at off-market rates.

Customers may give a financial institution thediscretionary authority to trade on their behalf.This authority should be documented in a writ-ten agreement between the parties that clearlylists the permissible instruments and financialterms, collateral provisions and monitoring, con-firmation of trades, reporting to the client, andadditional rights of both parties. For institutionsthat have discretionary authority, examinersshould ensure that additional policies and pro-cedures are in place to prevent excessive tradingin the client’s account (account churning). Closesupervision of sales and marketing staff andadequate client reporting and notification areextremely important to ensure that the institu-tion adheres to the signed agreement.

From a management standpoint, inappropri-ate trading and sales practices can be avoided byestablishing proper guidelines and limits, enforc-ing a reporting system that keeps managementinformed of all trading activities, and enforcingthe segregation of responsibilities. Experiencehas shown that losses can occur when suchguidelines are not respected.

SOUND PRACTICES

Capital-markets and trading operations vary sig-nificantly among financial institutions, depend-ing on the size of the trading operation, tradingand management expertise, the organizationalstructure, the sophistication of computer sys-tems, the institution’s focus and strategy, histori-cal and expected income, past problems andlosses, risks, and the types and sophistication ofthe trading products and activities. As a result,practices, policies, and procedures expected inone institution may not be necessary in another.

Evaluating the adequacy of internal controlsrequires sound judgment on the part of theexaminer. The following is a list of some of thepractices examiners should look for.

• Every organization should have comprehen-sive policies and procedures in place thatdescribe the full range of capital-markets andtrading activities performed. These docu-ments, typically organized into manuals,should at a minimum include front- and back-office operations, reconciliation guidelines andfrequency, revaluation guidelines, accountingguidelines, descriptions of accounts, brokerpolicies, a code of ethics, and the risk-measurement and management methods,including the limit structure.

• For every institution, existing policies andprocedures should ensure the segregation ofduties between trading, control, and paymentfunctions.

• The revaluation of positions may be con-ducted by traders to monitor positions, bycontrollers to record periodic profit and loss,and by risk managers who seek to estimaterisk under various market conditions. Thefrequency of revaluation should be driven bythe level of an institution’s trading activity.Trading operations with high levels of activityshould perform daily revaluation. Every insti-tution should conduct revaluation for profitand loss at least monthly; the accountingrevaluation should apply rates and prices fromsources independent of trader input.

• Taping of trader and dealer telephone linesfacilitates the resolution of disputes and canbe a valuable source of information to audi-tors, managers, and examiners.

• Trade tickets and blotters (or their electronicequivalents) should be created in a timely andcomplete manner to allow for easy reconcili-ation and appropriate position-and-exposuremonitoring. The volume and pace of tradingmay warrant the virtually simultaneous cre-ation of records in some cases.

• Computer hardware and software applicationsmust accommodate the current and projectedlevel of trading activity. Appropriate disaster-recovery plans should be tested regularly.

• Every institution should have a methodologyto identify and justify any off-market transac-tions. Ideally, off-market transactions wouldbe forbidden.

• A clear institutional policy should exist con-cerning personal trading. If personal trading is

2050.1 Operations and Systems Risk (Front-Office Operations)


permitted at all, procedures should be estab-lished to avoid even the appearance of con-flicts of interest.

• Every institution should ensure that manage-ment of after-hours and off-premises trading,if permitted at all, is well documented so thattransactions are not omitted from the auto-mated blotter or the bank’s records.

• Every institution should ensure that staff isboth aware of and complies with internalpolicies governing the trader-brokerrelationship.

• Every institution that uses brokers shouldmonitor the patterns of broker usage, be alertto possible undue concentrations of business,and review the short list of approved brokersat least annually.

• Every institution that uses brokers shouldestablish a firm policy to minimize namesubstitutions of brokered transactions. All suchtransactions should be clearly designated as

switches, and relevant credit authorities shouldbe involved.

• Every institution that uses brokers for foreign-exchange transactions should establish aclear statement forbidding lending or borrow-ing brokers’ points as a method to resolvediscrepancies.

• Every organization should have explicit com-pensation policies to resolve disputed tradesfor all traded products. Under no circum-stances should soft-dollar or off-the-bookscompensation be permitted for disputeresolution.

• Every institution should have ‘‘know-your-customer’’ policies, and they should be under-stood and acknowledged by trading and salesstaff.

• The designated compliance officer should per-form a review of trading practices annually.In institutions with a high level of activity,interim reviews may be warranted.

Operations and Systems Risk (Front-Office Operations) 2050.1


Operations and Systems Risk (Front-Office Operations)Examination Objectives Section 2050.2

1. To review the organization and range ofactivities of the front office.

2. To determine whether the policies, proce-dures, and internal systems and controls forthe front office are adequate and effectivefor the range of capital-markets productsused by the financial institution.

3. To determine whether the financial insti-tution adequately segregates the duties ofpersonnel engaged in the front office fromthose involved in the back-office-controlfunction.

4. To ascertain that the front office is comply-ing with policies and established marketand counterparty limits.

5. To determine that trade consummation andtransaction flow do not expose the financialinstitution to operational risks.

6. To ensure that management’s reporting tofront-office managers, traders, and market-

ing staff is adequate for sound decisionmaking.

7. To evaluate the adequacy of the supervisionof trading and marketing personnel.

8. To determine that front-office personnel aretechnically competent and well trained, andthat ethical standards are established andrespected.

9. To ascertain the extent, if any, of unaccept-able business practices.

10. To determine that traders and salespeopleknow their customers and engage inactivities appropriate for the institution’scounterparties.

11. To recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient, or when violationsof laws, rulings, or regulations have beennoted.


Operations and Systems Risk (Front-Office Operations)Examination Procedures Section 2050.3

These procedures represent a list of processesand activities that may be reviewed during afull-scope examination. The examiner-in-chargewill establish the general scope of examinationand work with the examination staff to tailorspecific areas for review as circumstanceswarrant. As part of this process, the examinerreviewing a function or product will analyze andevaluate internal audit comments and previousexamination workpapers to assist in designingthe scope of examination. In addition, after ageneral review of a particular area to be exam-ined, the examiner should use these procedures,to the extent they are applicable, for furtherguidance. Ultimately, it is the seasoned judg-ment of the examiner and the examiner-in-charge as to which procedures are warranted inexamining any particular activity.

GENERAL PROCEDURES

1. Obtain the following:a. policies and proceduresb. organization chartc. resumes of key trading personneld. systems configuratione. management information reports

2. Determine the roles of front office in themarketplace.

3. Ensure that the terms under which brokerageservice is to be rendered are clear and thatmanagement has the authority to intercede inany disputes that may arise. Additionally,ensure that any exclusive broker relation-ships in a single market do not result in anoverdependence or other vulnerability on thepart of the financial institution.

POLICIES AND PROCEDURES

1. Check that procedures clearly indicate underwhat conditions, if any, market-risk limitsmay be exceeded and what authorizationsmust be obtained. (See section 2010, ‘‘Mar-ket Risk.’’)

2. Check that procedures clearly indicate underwhat conditions, if any, counterparty risklimits may be exceeded and what approvalsmust be obtained. If netting agreements exist

for any counterparties, determine that trans-actions are appropriately reflected. (See sec-tion 2020, ‘‘Counterparty Credit Risk andPresettlement Risk.’’)

3. Ensure that comprehensive policies and pro-cedures covering the introduction of newtrading products exist. A full review of therisks involved should be performed by allrelevant parties: trading, credit- and market-risk management, audit, accounting, legal,tax, and operations.

4. Determine that policies and proceduresadequately address the following:a. The financial institution complies with

regulatory policy regarding brokers’ points.b. The financial institution has policies

addressing traders’ self-dealing in com-modities or instruments closely related tothose traded within the institution. A writ-ten policy requires senior management togrant explicit permission for traders totrade for their personal account, and pro-cedures are established that permit man-agement to monitor these trading activities.

c. The financial institution does not engagein adjusted-price trading.

d. The financial institution has adequate poli-cies regarding off-market-rate transac-tions. All requests for the use of off-market rates are referred to managementfor policy and credit judgments as wellas for guidance on appropriate internalaccounting procedures. Specifically, reviewand assess the financial institution’s poli-cies and procedures regardinghistorical-rate rollovers.

e. Adequate control procedures are in placefor trading that is conducted outside ofnormal business hours—either at the officeor at traders’ homes. Personnel permittedto engage in such dealing should be clearlyidentified along with the types of autho-rized transactions. Additionally, proce-dures ensure thatoff-premises transac-tions will not exceed risk limits.

f. The financial institution has adequate pro-cedures for handling customer stop-lossorders. Documentation related to both theagreed-on arrangements as well as theindividual transactions is available forreview.


g. The financial institution requires that theappropriate level of due diligence be per-formed on all counterparties with whichthe institution enters into transactions,even if the transactions do not expose thefinancial institution to credit risk (forexample, delivery versus payment andcollateralized transactions).

h. The marketing practices of the institu-tion’s salespersons are ethical. Standardsaddress the sales of complex products toensure that customers are not entering intotransactions about which they have nounderstanding of the potential risks.

TRAINING AND TECHNICALCOMPETENCE PROCEDURES

1. Evaluate key personnel policies and practicesand their effects on the financial institution’scapital-markets and trading activities.a. Evaluate the experience level of senior

personnel.b. Determine the extent of internal and

external training programs.c. Assess the turnover rate of front-office

personnel. If the rate has been high, deter-mine the reasons for the turnover andevaluate what effect the turnover hashad on the financial institution’s tradingoperations.

d. Review the financial institution’s compen-sation program for trading activities todetermine whether remuneration is basedon volume and profitability criteria. If so,determine whether controls are in place toprevent personnel from taking excessiverisks to meet the criteria.

e. Determine the reasons for each trader’stermination or resignation.

2. Determine whether the financial institutionhas a management succession plan.

3. Evaluate the competence of trading and mar-keting personnel. Determine whether infor-mation on the organization, trading strategy,and goals is well disseminated.

4. Determine if management remains informedabout pertinent laws, regulations, and account-ing rules.

SEGREGATION OF DUTIESPROCEDURES

1. Ensure that all transactions are promptly

recorded by the trader after the deal has beencompleted.

2. Ensure that the financial institution hasestablished satisfactory controls over tradeinput.

3. Confirm that a separation of duties exists forthe revaluation of the portfolio, reconcilia-tion of traders’ positions and profits, and theconfirmation of trades.

TRANSACTION-CONSUMMATIONPROCEDURES

1. Ensure that traders and marketers check thatthey are within market- and credit-risk limitsbefore the execution of the transaction.

TRANSACTION-FLOWPROCEDURES

1. Ensure that trade tickets or input sheetsinclude all trade details needed to validatetransactions.

2. Ensure that transactions are processed in atimely manner. Check that some type ofmethod exists to reconstruct trading history.

3. Ensure that the transaction-discrepancy pro-cedure is adequate and includes independentvalidation of the back office.

TRANSACTION REPORTING

1. Ensure that management information reportsprepared for front-office management pro-vide adequate information for risk moni-toring, including financial performance andtransaction detail, to ensure sound decisionmaking.

ETHICS PROCEDURES

1. Evaluate the level of due diligence per-formed on counterparties.

2. Evaluate the code of ethics and staff adher-ence to it.

3. Evaluate ‘‘know-your-customer’’ guidelinesand staff adherence.

4. Evaluate the management of trading andmarketing staff. Evaluate the seriousness ofany ethical lapses.

2050.3 Operations and Systems Risk (Front-Office Operations): Examination Procedures


CORRECTIVE ACTION

1. Recommend corrective action when policies,procedures, practices, internal controls, or

management information systems are foundto be deficient, or when violations of laws,rulings, or regulations have been noted.

Operations and Systems Risk (Front-Office Operations): Examination Procedures 2050.3


Operations and Systems Risk (Front-Office Operations)Internal Control Questionnaire Section 2050.4


1. Do policies and procedures establish market-risk limits, and do the policies and pro-cedures clarify the process for obtainingapprovals for excessions?

2. Do policies and procedures establish credit-risk limits, and do the policies and pro-cedures clarify the process for obtainingapprovals for excessions?

3. Do policies address the approval process fornew products?

4. Is an appropriate level of approval obtainedfor off-market transactions and for additionalcredit risk incurred on off-market trades?

5. Does management make sure that seniormanagement is aware of off-market tradesand the special risks involved?

6. Does management inquire about a custom-er’s motivation in requesting an off-market-rate trade to ascertain its commercialjustification?

7. Do procedures manuals cover all the securi-ties activities that the financial institutionconducts, and do they prescribe appropriateinternal controls relevant to those functions(such as revaluation procedures, accountingand accrual procedures, settlement proce-dures, confirmation procedures, accountingand auditing trails, and procedures for estab-lishing the sequential order and time oftransactions)?

ROLE OF THE FRONT OFFICE

1. Do policies clarify the responsibilities oftraders as to market making, dealing, pro-prietary, and intermediary roles?

2. Are the financial institution’s dealings withbrokers prudent?

3. Is the financial institution’s customer basediverse? Is the customer base of high creditand ethical quality?

SEGREGATION OF DUTIES

1. Is there adequate segregation of dutiesbetween the front and back office?

TRANSACTION CONSUMMATION

1. Do traders ensure that transactions are withinmarket- and credit-risk limits before theexecution of the transaction?

TRANSACTION FLOW

1. Do trade tickets or input sheets include allnecessary trade details?

2. Does the institution have procedures to ensurethe timely processing of all transactions?

3. Does the institution have a method withwhich to resolve trade discrepancies ontransactions, regardless of communicationmedium used?

4. Do traders include an adequate amount oftrade details on blotters, input sheets, andcomputer screens to enable reconciliation bythe front and back office?

5. Do automated systems for input appearadequate for the volumes and range of prod-ucts transacted by the institution?

TRANSACTION REPORTING

1. Are reports prepared for front-office manage-ment to allow the monitoring of market- andcredit-risk limits?

TRAINING AND TECHNICALCOMPETENCE

1. Does the financial institution have a manage-ment succession plan?

2. Does the financial institution have anappropriate program for cross-training ofpersonnel?

3. Does the financial institution provide for theadequate training of front-office personnel?

4. Are traders technically competent in theirexisting positions?

5. Does management remain informed aboutpertinent laws, regulations, and accountingrules?

ETHICS

1. Is an appropriate level of due diligenceperformed on all counterparties with which


the front office enters into transactions,regardless of collateralization?

2. Is there a code of ethics? Do traders andmarketers appear to be familiar with it?

3. Are there ‘‘know-your-customer’’ guide-lines? Do traders and marketers appear to befamiliar with them?

4. Do internal memos detail any ethical lapses?If so, how were they resolved? Does seniormanagement take its guidance role seriously?

5. Are customer relationships monitored bysenior management in the front office? Howare customer complaints resolved? Are theback office, control staff, and complianceinvolved in the process? Are overall controlsfor customer complaints adequate?

6. Were any unacceptable practices noted byinternal or external auditors? Has manage-ment addressed these actions? From exam-iner observation, are there any ongoingunacceptable practices? Is management’sresponse to deficiencies adequate?

7. Does the financial institution have discretion-ary authority over client monies? Are poli-cies and procedures adequate to controlexcessive trading by sales and marketingstaff? Is front-office supervision adequate?Does the back office have additional controlsto alert senior control staff and the compli-ance department of deficiencies? Is discre-tionary trading activity included in the insti-tution’s audit program?

2050.4 Operations and Systems Risk (Front-Office Operations): Internal Control Questionnaire


Operations and Systems Risk (Back-Office Operations)Section 2060.1

Operational risks managed outside of the deal-ing room are potentially more costly than thosemanaged inside the dealing room. While thefunction of dealers in the front office is primarilyto transact and manage positions, the processingof transactions, the recording of contracts in theaccounting system, and reconciliations and pro-cedures required to avoid errors are functionsthat must take place outside the dealing room. Inconducting these functions, the back office pro-vides the necessary checks to prevent unautho-rized trading.

Back office, for the purposes of this manual,may be a single department or multiple units(such as financial control, risk management,accounting, or securities custody), depending onthe organizational structure of the financialinstitution. Some institutions have combinedsome of the responsibilities usually found in theback office into a middle-office function, whichis also independent of dealing activities.

Close cooperation must exist between thedealing room and the back office to preventcostly mistakes. An understanding of each roleand function is important. While their prioritiesare different, both functions work toward thesame goal of proper processing, control, andrecording of contracts; this goal is essential to thesuccess of a trading department.

The back office serves several vital functions.It records and confirms trades transacted by thefront office and provides the internal-controlmechanism of segregation of duties. The checksand balances provided by the back-office func-tion help management supervise the tradingactivities conducted by the front office. A prop-erly functioning back office will help ensure theintegrity of the financial institution and mini-mize operations, settlement, and legal risks.

Segregation of front- and back-office dutiesminimizes legal violations, such as fraud orembezzlement, or violation of regulations.Operational integrity is maintained through theindependent processing of trades, trade confir-mations, and settlements. The goal is to avoidpotentially costly mistakes such as incorrectlyrecorded or unrecorded contracts. The backoffice also is responsible for the reconcilementof positions and broker statements and maymonitor broker relationships with the financialinstitution. The back-office staff independentlyassesses the price quotes used for the revalua-

tion process that leads to the maintenance of thesubsidiary ledgers and the general ledger.Another crucial function of the back office isaccepting or releasing securities, commodities,and payments on trades, as well as identifyingpossible mistakes. Clearly, trading personnelneed to be separate from control of receipts,disbursements, and custody functions to mini-mize the potential for manipulation. Regulatoryreports and management accounting may also bethe responsibility of the back office.

Management responsibilities performed bythe back office vary by institution. The evalua-tion of transaction exposure against establishedmarket, liquidity, or credit limits may be per-formed by back-office staff or by a separaterisk-management function, independent of front-office traders and marketers. Risk-managementreporting may also be performed by back-officestaff. Legal documentation, while initiated byinternal or external counsel, may be followed up(chased) by back-office staff.

The links between front- and back-officeoperations may range from totally manual tofully computerized systems in which the func-tions are directly linked. The complexity oflinking systems should be related to the volumeand complexity of capital-markets and tradingactivities undertaken. Manual operations aresubject to error. However, management shouldnot have a false sense of security with auto-mated systems. Changes in programming codesinstalled through the maintenance process, newfinancial structures, and inadequate testing ofsoftware may lead to computational and process-ing errors. Regardless of the operational processin place, the back-office functions should besubject to comprehensive audit.

Operational risk is the risk that deficiencies ininformation systems or internal controls willresult in unexpected loss. Although operationalrisk is difficult to quantify, it can be evaluated byexamining a series of plausible worst-case orwhat-if scenarios, such as a power loss, dou-bling of transaction volume, or mistake found inthe pricing software. It can also be assessedthrough periodic reviews of procedures, dataprocessing systems, contingency plans, and otheroperating practices. These reviews may helpreduce the likelihood of errors and a breakdownin controls, improve the control of risk and theeffectiveness of the limit system, and prevent


unsound marketing practices and prematureadoption of new products or lines of business.Considering the extent that capital-marketsactivities rely on computerized systems, finan-cial institutions should have plans that take intoaccount potential problems with their normalprocessing procedures.

Financial institutions should also ensure thattrades that are consummated orally are con-firmed as soon as possible. Oral transactionsconducted over the telephone should be recordedand subsequently supported by written or printeddocuments. Examiners should ensure that theinstitution monitors the consistency between theterms of transactions as they were orally agreedon and as they were subsequently confirmed.

Examiners should also consider the extentto which financial institutions evaluate and con-trol operating risks through the use of internalaudits, stress testing, contingency planning, andother managerial and analytical techniques.Financial institutions should have approved poli-cies that specify documentation requirementsfor capital-markets activities as well as formalprocedures for saving and safeguarding impor-tant documents. All policies and proceduresshould be consistent with legal requirements andinternal policies.

INTERNAL CONTROLS

Management is responsible for minimizing therisks inherent in executing financial contracts.Policies and procedures should be established tocover organizational structure, segregation ofduties, operating and accounting system con-trols, and comprehensive management report-ing. Formal written procedures should be inplace for purchases and sales, processing,accounting, clearance, and safekeeping activi-ties relating to financial contracts transactions.In general, these procedures should be designedto ensure that all financial contracts are properlyrecorded and that senior management is awareof the exposure and gains or losses resultingfrom these activities. Desirable controls include—

• written documentation indicating the range ofpermissible products, trading authorities, andpermissible counterparties;

• written position limits for each type of con-tract or risk type established by the board ofdirectors;

• a market-risk-management system to monitorthe organization’s exposure to market risk,and written procedures for authorizing tradesand excesses of position limits;

• a credit-risk management system to monitorthe organization’s exposure to customers andbroker-dealers;

• separation of duties and supervision to ensurethat persons executing transactions are notinvolved in approving the accounting method-ology or entries (Persons executing transac-tions should not have the authority to signincoming or outgoing confirmations or con-tracts, reconcile records, clear transactions, orcontrol the disbursement of margin payments.);

• a clearly defined flow of order tickets andconfirmations (The flow of order tickets andconfirmations should be designed to verifytheir accuracy and enable reconciliationsthroughout the system and to enable the rec-oncilement of traders’ position reports to thosepositions maintained by an operating unit.);

• procedures for promptly resolving failures toreceive or deliver securities on the date secu-rities are settled;

• procedures for someone other than the personwho executed the contract to resolve customercomplaints;

• procedures for verifying brokers’ reports ofmargin deposits and contract positions and forreconciling such reports to records; and

• guidelines for the appropriate behavior ofdealing and control staff and for the selectionand training of competent personnel to followwritten policies and guidelines.

TICKET FLOW

Once a transaction has been initiated by thefront office, the primary responsibility for pro-cessing trades rests with various back-officepersonnel. Back-office staff process all pay-ments and delivery or receipt of securities,commodities, and written contracts. Addition-ally, the back office is responsible for verifyingthe amounts and direction of payments, whichare made under a range of netting agreements.

After sending the trade tickets to the backoffice, the traders are removed from the rest ofthe processing, except to check their daily posi-tions against the records developed separatelyby the back office and to verify any periodic

2060.1 Operations and Systems Risk (Back-Office Operations)


reports it prepared. After receipt of the tradeticket from the front office, back-office person-nel verify the accuracy of the trade ticket, andany missing information is obtained and recorded.A confirming communication will be sent to thecounterparty, who, in turn, will respond with anacceptance communication. The acceptancecomunication will either confirm the trade oridentify discrepancies for resolution. The tradeis then ready to be processed.

Trade processing involves entering the tradeagreement on the correct form or into an auto-mated system. When the front office has alreadyperformed this function, verification of transac-tion data should be performed. The copy of thetrade agreement to be sent to the counterparty isonce more checked against the original ticket,and the trade agreement is transmitted.

Other copies of the trade agreement will beused for all bookkeeping entries and settlementduring the life of the agreement. For instance,all contingent liability, general ledger, and sub-ledger entries will be supported by copies of thetrade agreement, with the relevant entry high-lighted on the copy. Likewise, at maturity ofan agreement, payment or receipt orders will beinitiated by the relevant trade-agreementcopies.

After the trades are recorded on the institu-tion’s books, they will be periodically revalued.Over time, trades will mature or be sold,unwound, exercised, or expire as worthless,depending on circumstances and instruments.Subsequently, these transactions will be removedfrom the books of the institution, and relateddeferred accounts will pass through the account-ing cycle.

Financial institutions active in global marketsmay permit some traders to transact businessafter normal business hours. This activity shouldbe well defined in the institution’s policies andprocedures manual, in which trading instru-ments should be listed and possible counterpar-ties defined. Supervisory responsibility of after-hours and off-premises trading and the authoritiesfor traders should be delineated.

A policy should be in place for off-markettransactions, and the organization should reviewtrading activity to determine if off-market ratesare used. Justification for off-market transac-tions should be registered in a log by the backoffice. Frequent use of off-market rates mayreflect the extension of credit to a counterpartyand should be the subject of further examinerinquiry.

Examiners should determine whether systemsand processes enable audit and control staff toadequately monitor dealing activity. Time stamp-ing transactions at the time of execution willenable an institution to validate intraday dealingprices and reconstruct trading activity. More-over, time-stamp sequences of the trade ticketsshould closely, if not exactly, match the serialorder for a particular trader or dealer.

It is appropriate to evaluate whether an insti-tution’s automated systems provide adequatesupport for its dealing and processing functions.Systems that have increased dealing volumesshould be examined for downtime, capacityconstraints, and error rates for transactionthroughput. Further, institutions that deal incomplex derivative products should have auto-mated systems commensurate with the analyti-cal and processing tasks required.

TRADE TRANSACTIONS

Confirmations

Whenever trading transactions are agreed upon,a confirmation is sent to the counterparty to theagreement. A confirmation is the record of theterms of a transaction sent out by each party,before the actual settlement of the transactionitself. The confirmation contains the exact detailsof the transaction and thus serves legal, practi-cal, and antifraud purposes. The confirmationcan be generated manually or automatically byan on-line computer trading system.

The back office should initiate, follow up, andcontrol counterparty confirmations. Usually, anincoming confirmation from the counterpartycan be compared with a copy of the outgoingconfirmation. If an incoming confirmation is notexpected or if the transaction is carried out withcommercial customers and individuals, it is wiseto send confirmations in duplicate and request areturn copy signed or authenticated by the otherparty.

When a financial institution deals in faster-paced markets, such as foreign exchange, or ininstruments which have very short settlementperiods, trade validation may be performedthrough taped telephone conversations beforethe exchange, with corroboration of a written orelectronically dispatched confirmation. The useof taped phone conversations can help reducethe number and size of discrepancies and is a

Operations and Systems Risk (Back-Office Operations) 2060.1


useful complement to (as opposed to a substitutefor) the process of sending out and verifyingconfirmations. At a minimum, institutions shouldretain the past 90 days of taped phone conver-sations, but this time frame may need to beexpanded depending on the volume and term ofinstruments traded. It is poor practice to relysolely on telephone verifications because oftheir ineffectiveness in litigation in some juris-dictions. Additionally, certain jurisdictions onlyrecognize physical confirmations.

An institution dealing in global markets shouldensure the adequacy of its confirmations throughlegal study of the regulations specific to theforeign locales of its counterparties. In alltrading markets, the confirmation should pro-vide a final safeguard against dealing errors orfraud.

All confirmations should be sent to the atten-tion of a department at the counterparty institu-tion which is independent of the trading room.Incoming information should be compared indetail with the outgoing confirmation, and anydiscrepancies should be carefully appraised.If the discrepancy is significant, it should beinvestigated independently. If the discrepancy issmall, a copy of the confirmation may be givento the trader for clarification with the counter-party, since the trader will probably have dailycontact with the other party. Most importantly,the department should follow up on all thesediscrepancies and ensure that new confirma-tions are obtained for any agreed-on changes interms.

A strictly controlled confirmation processhelps to prevent fraudulent trades. For example,in a fraudulent deal, a trader could enter into acontract, mail out the original of a confirmation,and then destroy all copies. This techniquewould enable a trader to build up positionswithout the knowledge of the financial institu-tion’s management. If the incoming confirma-tion is directed to the trader, it could be destroyedas well, and nobody would ever know about theposition. The trader, when closing this position,would make up a ticket for the originallydestroyed contract and pass it on together withthe offsetting contract so that the position issquare again. Receipt and verification of theincoming confirmation by an independentdepartment would immediately uncover this typeof fraudulent activity. An additional protectionis the use of serially numbered manifold formsfor confirmations, with an exact accounting of

and comprehensive explanation for any formsnot used.

Settlement Process

After an outright or contingent purchase or salehas been made, the transaction must be clearedand settled through back-office interaction withthe clearing agent. On the date of settlement(value date), payments or instruments areexchanged and general-ledger entries are updated.Depending on the nature of the deal, currencyinstruments will be received, paid, or both. Theprocess of paying and receiving must be handledcarefully because errors can be extremely costly.When all the proper information is recorded,contracts are placed in ‘‘dead files.’’

Settlementis completed when the buyer (orthe buyer’s agent) has received the securities orproducts, and the seller has been paid. Brokersmay assign these tasks to a separate organiza-tion, such as a clearinghouse, but remain respon-sible to their customers for ensuring that thetransactions are handled properly. They are alsoresponsible for maintaining accurate accountingrecords.

Examiners should review the various methodsof settlement for the range of products coveredand note any exceptions to commonly acceptedpractices. Unsettled items should be monitoredclosely by the institution. The handling of prob-lems is always a delicate matter, especially whenthe cost is considerable. Anything more than aroutine situation should be brought to the atten-tion of the chief dealer and a senior officer in theback office. Further action should be handled bymanagement.

Losses may be incurred if a counterparty failsto make delivery. In some cases, the clearing-house and broker may be liable for any prob-lems that occur in completing the transaction.Settlement risk should be controlled through thecontinuous monitoring of movement of theinstitution’s money and securities and by theestablishment of counterparty limits by the creditdepartment. A maximum settlement-risk limitshould be established for each counterparty.

Foreign Payments

Two control steps are involved when makingforeign payments. The first step is internal; each



payment should be carefully checked with thecorresponding contract to ensure the accuracy ofthe amount, date, and delivery instructions. Thesecond is checking with the dealer responsiblefor the currency involved to ensure that cash-flow figures for the delivery date, excludingnostro balances, agree with the net of all con-tracts maturing on that day.

If the financial institution uses more than onefinancial institution abroad for the payment orreceipt of a currency, the back office mustensure that the flow of funds does not leave oneaccount in overdraft while another account hasexcessive balances; this check will avoid unnec-essary overdraft charges. The final check offlows of foreign funds is made through thereconciliation of the foreign account. This isalways aretrospectivereconciliation because ofthe delays in receiving the statement of account.Some extra actions that can help prevent prob-lems abroad or resolve them more quickly are(1) sending details of expected receipts to thecounterparty or correspondent with a request toadvise if funds are not received, (2) askingthe correspondent financial institution to adviseimmediately if the account is in overdraft orif balances are above a certain level, and(3) establishing a contact person in the corre-spondent bank to be notified if problems arise.

Delivery versus payment.Many foreign secu-rities and U.S. Treasury securities are settled ona delivery-versus-payment basis, under whichcounterparties are assured that delivery of asecurity from the seller to the buyer will becompleted if, and only if, the buyer pays theseller.

Reconciliations

The back office should perform timely reconcili-ations in conformity with the policies and pro-cedures of the institution. The minimum appro-priate frequency for reconciliation will be linkedto the volume and complexity of the transactionsat the financial institution. The individualresponsible for performing the reconcilement ofaccounts should be independent of the personresponsible for the input of transaction data.

Reconciliations should determine positionsheld by the front office, as well as provide anaudit trail detailing reclassified accounts forregulatory reporting. Typical reports to be rec-

onciled include trader position sheets to thegeneral ledger, general ledger to regulatoryreports, broker statements to the general ledger,and the income statement.

DISCREPANCIES AND DISPUTEDTRADES

Any discrepancy in trading transactions mustbe brought immediately to the attention of theappropriate operations manager. All discrepan-cies should be entered into a log, which shouldbe reviewed regularly by a senior operationsofficer. The log should contain the key financialterms of the transaction, indicate the disputeditems, and summarize the resolution. The coun-terparty should receive notice of the final dispo-sition of the trade, and an adequate audit trailof that notice should be on file in the backoffice. The institution should have clear anddocumented policies and procedures regard-ing the resolution of disputed trades withcounterparties.

Brokers’ Commissions and Fees

Brokers charge a commission or fee for eachtransaction they perform. The commission shouldnot be included in the price of the transaction,and it should be billed separately by the brokers.Checking the commissions, initiating the pay-ments, and reviewing brokers’ statements areother functions of the back office. To ensure theintegrity of fees and commissions, brokers’points arrangements and other trader-negotiatedsolutions to trade disputes should be avoided.

REVALUATION

Revaluation is the process by which financialinstitutions update or ‘‘mark to market’’ thevalue of their trading-product portfolios. Guide-lines for the formal revaluation should be delin-eated in written policies and procedures. Weakpolicies and procedures increase the potentialfor fraud and raise doubt about the integrity oftrading profits and a firm’s ability to evaluaterisk. A common deficiency of revaluation pro-cedures is the improper segregation of dutiesbetween traders and control personnel, includ-ing a disproportionate dependence on trader



input and the lack of independent verification ofpricing parameters. In addition, the use ofinconsistent pricing assumptions and methodolo-gies between the trading desk and back officecan lead to incorrect financial reporting andevaluations of market risk.

The determination of current market value isboth an intraday activity performed by traders tomonitor their position as well as a daily activityperformed by control staff to determine theimpact on earnings. Discrepancies between traderinput and independent market rates should beresolved and documented. Procedures should beestablished for maintaining a discrepancy logcontaining the reason for the discrepancy andthe profit-and-loss impact. Significant dis-crepancies should be reported to seniormanagement.

Sufficient information regarding the periodicrevaluation and resolution of discrepanciesshould be documented and maintained. In addi-tion, any adjustments to the general ledger dueto changes in revaluation estimates should beclearly recorded and reported to management.

The revaluation process is transparent forsecurities, futures, and other instruments that aretraded on organized exchanges. Published pricesfrom exchanges provide an objective checkagainst the price provided by traders, althoughliquidity considerations make evaluating quotedprices more complex. A secondary comfortlevel for exchange-traded products is the margincall in which a position is evaluated at theposted end-of-day price. Prices of actively tradedover-the-counter (OTC) products available fromelectronic wire services provide a similar checkagainst trader prices for these products.

However, with less actively traded products,especially exotic OTC-traded derivatives andoptions, the revaluation process is more com-plex. The pricing of illiquid instruments has agreater potential for error or abuse becausevaluation is more subjective. For example,options that are tailored for customer require-ments may have no two-way market, yet stillmust be evaluated at current market value.While various pricing models exist, all dependon critical assumptions and estimates used tocalculate the probable price. Errors can arisefrom incorrect estimates or manipulation ofvariables and assumptions. One particular vul-nerability concerns the observed volatility ofoptions. See section 2010.1, ‘‘Market Risk,’’ fora discussion of problems that can arise withmeasuring volatilities.

The mark-to-market methodology for riskmanagement may be calculated on the samebasis as the controller’s income-recognitionmethod. Some financial institutions use equiva-lency formulas that convert gross exposures tostandard measures based on the price sensitivityof benchmark securities. In this regard, therevaluation process serves as a starting point forrisk assessment of capital-markets products. Theassessment of exposures by risk management,however, should never be less conservative thanassessment by actual market levels.

ACCOUNTING

The recording of outstanding transactions allowsverification of dealer positions, risk control, andrecording of profit and loss. Each institutionshould follow guidelines established by industrypractice or the applicable governing bodies,including—

• generally accepted accounting principles(GAAP)

• regulatory accepted principles (RAP)• Federal Reserve Board policy statements• Federal Financial Institutions Examination

Council statements

For further discussion, see sections 2120.1,‘‘Accounting,’’ and 2130.1, ‘‘RegulatoryReporting.’’

MANAGEMENT INFORMATIONREPORTS

Management information reports are preparedby the back office and trader-support areas toenable management and trading personnel toassess the trading position, risk positions, profitand loss, operational efficiency, settlement costs,and volume monitoring of the institution. Forfurther discussion, see section 2040.1, ‘‘Man-agement Information Systems.’’

DOCUMENTATION ANDRECORDKEEPING

Accurate recording of transactions by back-office personnel is crucial to minimizing the risk



of loss from contractual disputes. Poor docu-mentation can lead to unenforceable transac-tions. Similarly, poor recordkeeping can renderaudit trails ineffective, and can result in aqualified or adverse opinion by the publicaccountant, a violation of Federal Reserve Boardpolicy, or loss due to fraud.

An institution should keep confirmations sum-marizing the specific terms of each trade. Addi-tionally, master agreements should be kept onpremises or a copy should be available locallyfor examiner reference. For further discussionon master agreements, see section 2070.1, ‘‘LegalRisk.’’

AUDITS

The scope and frequency of an institution’saudit program should be designed to review itsinternal control procedures and verify that con-trols are, in fact, being followed. Any weak-nesses in internal control procedures should bereported to management, along with recommen-dations for corrective action.

Audits of capital-markets and trading prod-ucts provide an indication of the internal controlweaknesses of the financial institution. Theaudit function should have a risk-assessmentmap of the capital-markets and trading functionthat identifies important risk points for theinstitution. For back-office operations, the riskassessment may highlight manual processes,complex automated computations, independentrevaluation, key reconciliations, approval pro-cesses, and required investigations or staffinquiries. Examiners should review a sample ofinternal auditors’ workpapers and findings todetermine their adequacy. The institution’s man-agement should review responses to internalaudit findings. Appropriate follow-up by audi-tors should be in evidence to ensure that defi-ciencies are, in fact, remedied. Assuming thatexaminers are comfortable with the quality of aninternal audit, they should use audit findingsfrom internal and external auditors as a startingpoint to evaluate the internal controls of theinstitution.

SOUND PRACTICES FORBACK-OFFICE OPERATIONS

Capital-markets and trading operations vary sig-nificantly among financial institutions, depend-

ing on the size of the trading operation, tradingand management expertise, organizational struc-ture, sophistication of computer systems, insti-tution’s focus and strategy, historical andexpected income, past problems and losses,risks, and types and sophistication of the tradingproducts and activities. As a result, practices,policies, and procedures expected in one insti-tution may not be necessary in another. Theadequacy of internal controls requires soundjudgment on the part of the examiner. Thefollowing is a list of sound back-office opera-tions to check for.

• Every organization should have comprehen-sive policies and procedures in place thatdescribe the full range of capital-markets andtrading activities performed. These docu-ments, typically organized into manuals,should at a minimum include front- and back-office operations; reconciliation guidelines andfrequency; revaluation guidelines; accountingguidelines; descriptions of accounts; brokerpolicies; a code of ethics; and the risk-measurement and risk-management methods,including the limit structure.

• For every institution, existing policies andprocedures should ensure the segregation ofduties between trading, control, and paymentfunctions.

• The revaluation of positions may be con-ducted by traders to monitor positions, bycontrollers to record periodic profit and loss,and by risk managers who seek to estimaterisk under various market conditions. Thefrequency of revaluation should be driven bythe level of an institution’s trading activity.Trading operations with high levels of activityshould perform daily revaluation. Every insti-tution should conduct revaluation for profitand loss at least monthly; the accountingrevaluation should apply rates and prices fromsources independent of trader input.

• The organization should have an efficientconfirmation-matching process that is fullyindependent from the dealing function. Docu-mentation should be completed and exchangedas close to completion of a transaction aspossible.

• Computer hardware and software applicationsmust have the capacity to accommodate thecurrent and projected level of trading activity.Appropriate disaster-recovery plans should betested regularly.

• Auditors should review trade integrity and



monitoring on a schedule that conforms withthe institution’s appropriate operational-riskdesignation.

• Every institution should have a method-ology to identify and justify any off-markettransactions.

• A clear institutional policy should exist con-cerning personal trading. If permitted at all,procedures should be established to avoideven the appearance of conflicts of interest.

• Every institution should ensure that the man-agement of after-hours and off-premises trad-ing, if permitted at all, is well documented sothat transactions are not omitted from theautomated blotter or the bank’s records.

• Every institution should ensure that staff isboth aware of and complies with internalpolicies governing the trader-brokerrelationship.

• Every institution that uses brokers shouldmonitor the patterns of broker usage, be alertto possible undue concentrations of business,and review the short list of approved brokersat least annually.

• Every institution that uses brokers shouldestablish a firm policy to minimize namesubstitutions of brokered transactions. All

transactions should be clearly designated asswitches, and relevant credit authorities shouldbe involved.

• Every institution that uses brokers for foreign-exchange transactions should establish a clearstatement forbidding lending or borrowingbroker’s points as a method to resolvediscrepancies.

• Every organization should have explicit com-pensation policies to resolve disputed tradesfor all traded products. Under no circum-stances should soft-dollar or off-the-bookscompensation be permitted for dispute resolu-tion.

• Every institution should have ‘‘know-your-customer’’ policies, which should be under-stood and acknowledged by trading and salesstaff.

• In organizations that have customers whotrade on margin, procedures for collateralvaluation and segregated custody accountsshould be established.

• The designated compliance officer shouldperform a review of trading practices annu-ally. In institutions with a high level of activ-ity, interim reviews may be warranted.



Operations and Systems Risk (Back-Office Operations)Examination Objectives Section 2060.2

1. To determine whether the policies, proce-dures, practices, and internal systems andcontrols for back-office operations areadequate and effective for the range ofcapital-markets products used by the finan-cial institution.

2. To determine whether trade-processing per-sonnel are operating in conformance withestablished policies and procedures.

3. To determine whether the financial institu-tion adequately segregates the duties ofpersonnel engaged in the front office fromthose involved in the back-office controlfunction (operations, revaluation, account-ing, risk management, and financialreporting).

4. To evaluate the adequacy of supervision ofthe trade-processing operation.

5. To evaluate the sophistication and capabil-ity of computer systems and software forthe operation and control function.

6. To assess the adequacy of confirmationprocedures.

7. To assess the adequacy of settlementprocedures.

8. To evaluate the adequacy and timeliness ofthe reconciliation procedures of outstandingtrades, positions, and earnings with thefront office and the general ledger.

9. To evaluate the process for resolvingdiscrepancies.

10. To evaluate the process for resolving dis-puted trades with customers and brokers.

11. To determine the reasonableness of brokers’fees and commissions.

12. To evaluate the effectiveness of and con-trols on the revaluation process.

13. To review the accounting treatment, report-ing, and control of deals for adherence togenerally accepted accounting principles andthe institution’s internal chart of accountsand procedures.

14. To review adherence to regulatory reportinginstructions.

15. To evaluate the adequacy of managementinformation reporting systems on tradingactivities.

16. To evaluate the adequacy of documentationand other requirements necessary to accu-rately record trading activity, such as signedagreements, dealer tickets, and confirmations.

17. To evaluate the adequacy of audits of capital-markets and trading activities.

18. To recommend corrective action when poli-cies, procedures, practices, internal con-trols, or management information systemsare found to be deficient, or when violationsof laws, rulings, or regulations have beennoted.


Operations and Systems Risk (Back-Office Operations)Examination Procedures Section 2060.3

These procedures represent a list of processesand activities that may be reviewed during afull-scope examination. The examiner-in-chargewill establish the general scope of examinationand work with the examination staff to tailorspecific areas for review as circumstances war-rant. As part of this process, the examinerreviewing a function or product will analyze andevaluate internal-audit comments and previousexamination workpapers to assist in designingthe scope of examination. In addition, after ageneral review of a particular area to be exam-ined, the examiner should use these procedures,to the extent they are applicable, for furtherguidance. Ultimately, it is the seasoned judg-ment of the examiner and the examiner-in-charge as to which procedures are warranted inexamining any particular activity.

GENERAL PROCEDURES

1. Obtain copies of all policies and proceduresgoverning back-office operations. Policiesand procedures should at a minimum includethe following.a. the mission statementb. organizational structure and responsibili-

tiesc permissible activities and off-premises

dealing rulesd. limits approved by the board of directors

for the full range of activities and risks,including intraday and overnight net openpositions, instrument types, contracts,individual traders, settlement, price move-ment, market liquidity, counterparty, andcommodity or product types, if applicable(For more details on limits, see sec-tions 2010.1, 2020.1, and 2030.1, ‘‘Mar-ket Risk,’’ ‘‘Counterparty Credit and Pre-settlement Risk,’’ and ‘‘Liquidity Risk,’’respectively.)

e. the limit-monitoring process used by back-office or risk-management staff indepen-dent of the front office, and limit-excess-approval procedures

f. a detailed description of transaction-processing procedures and flow

g. procedures for confirming tradesh. procedures for settlement of tradesi. required reconciliations

j. an approved list of brokers, counterpar-ties, and an explicit dispute-resolutionmethodology (that is, brokers’ pointspolicy)

k. the procedure for addressing disputedtrades and discrepancies in financial terms

l. revaluation proceduresm. accounting procedures, including a chart

of accounts and booking policies forinternal transactions and transactions withaffiliates

n. guidelines for management informationreporting

o. requirements for documentation andrecordkeeping

p. guidelines for the quality control and stor-age of taped conversations of dealertransactions

q. guidelines for brokers’ commissions andfees and their appropriate reconciliations

r. a code of ethics for traders and otherpersonnel with insider information, and‘‘know-your-customer’’ guidelines

s. personal-trading guidelines and monitor-ing procedures

t. a list of authorized signaturesu. the policy for off-market rates which

includes the following:• A letter from someone in senior cus-

tomer management (treasurer or above)should be kept on file explaining (1) thatthe customer will occasionally requestoff-market rates, (2) the reasons suchrequests will be made, and (3) that suchrequests are consistent with the cus-tomer firm’s internal policies. This let-ter should be kept current.

• The dealer should solicit an explanationfrom the customer for each request foran off-market-rate deal at the time therequest is made.

• Senior management and appropriatecredit officers at the dealer institutionshould be informed of and approve eachtransaction and any effective extensionof credit.

• A letter should be sent to senior cus-tomer management immediately aftereach off-market transaction is executedexplaining the particulars of the trade


and explicitly stating the implied loan orborrowing amount.

• Normally, existing forward contractsshould not be extended for more thanthree months nor extended more thanonce; however, any extension of a roll-over should itself meet the requirementsabove.

2. Review the financial institution’s policies todetermine whether they are adequate andeffective. Does top management have cleardirectives regarding the responsibilities ofmanagement personnel in charge of oversee-ing and controlling risk? See sections 2010.1,2020.1, 2030.1, and 2070.1, ‘‘Market Risk,’’‘‘Counterparty Credit and PresettlementRisk,’’ ‘‘Liquidity Risk,’’ and ‘‘Legal Risk,’’respectively.

3. Conduct interviews with senior and middlemanagement to determine their familiaritywith policy directives in day-to-day situa-tions. Develop conclusions as to the adequacyof these policies in defining responsibilitiesat lower levels of management in addressingthe nature of the business and the businessrisks being undertaken, and in defining spe-cific limitations on all types of transactionalrisks and operational failures intended toprotect the organization from unsustainablelosses. Are these policies reviewed periodi-cally to ensure that all risk-bearing busi-nesses of the financial institutions come underdirectives approved by top management andin light of the financial institution’s profitexperience? Develop an understanding of thedegree of commitment of middle and lower-level management to the institution’s policydirectives.a. Evaluate whether management is

informed about pertinent laws, regula-tions, and accounting conventions. Evalu-ate whether training of back-office staff isadequate for the institution’s volume andbusiness mix.

b. Evaluate the management-succession planfor back-office and control staff.

c. Evaluate the impact of staff turnover onback-office operations.

4. Determine the extent to which the financialinstitution adheres to its established limits,policies, and procedures.

5. Determine the adherence of key personnel toestablished policies, procedures, and limits.


1. Ensure that the process of executing trades isseparate from that of confirming, reconciling,revaluing, or clearing these transactions orcontrolling the disbursement of funds, secu-rities, or other payments, such as margins,commissions, and fees.

2. Ensure that individuals initiating transactionsdo not confirm trades, revalue positions,approve or make general-ledger entries, orresolve disputed trades. Additionally, withinthe back office, segregation must occurbetween reconciling and confirming posi-tions. Accounting entry and payment receiptand disbursement must also be performed bydistinct individuals with separate reportinglines.

3. Determine whether access to trading prod-ucts, trading records, critical forms, and boththe dealing room and processing areas ispermitted only in accordance with statedpolicies and procedures.

4. Determine whether a unit independent of thetrading room is responsible for reviewingdaily reports to detect excesses of approvedtrading limits.

5. Review the job descriptions and reportinglines of all trading and supervisory personnelto ensure that they support the segregation ofduties outlined in the financial institution’spolicies. In addition, during the course of theexamination, observe the performance of per-sonnel to determine whether certain dutiesthat are supposed to be segregated are trulysegregated.

TICKET-FLOW PROCEDURES

1. Confirm that the trading tickets or auto-mated transactions used to record pur-chases, sales, and trading contracts are wellcontrolled. Sequential ticketing may beappropriate to permit reconstruction of trad-ing history, if required.

2. Verify that trading tickets are verified andtime coded by the front-office personnel.

3. If risk management is monitored by theback office, determine that traders areadhering to stated limits. If limit excessesexist, ensure that management approval hasbeen obtained and documented before theoccurrence of the limit violation. Determine

2060.3 Operations and Systems Risk (Back-Office Operations): Examination Procedures


whether the institution maintains adequaterecords of limit violations.

4. Review transactions for any unusual patternor activity, such as an increase in volume,new trading counterparties, or a pattern oftop-price or bottom-price trades relative tothe day’s trading range or with the samecounterparties.

5. Determine whether the institution holds col-lateral for margin trading. Determine whetheradequate procedures are in place to monitorpositions against collateral. Ensure that themargin-monitoring process is wholly inde-pendent of the front office. Review theadequacy of procedures for verifying reportsof margin deposits and contract-positionvaluations (based on outside pricing sources)submitted by brokers and futures commis-sion merchants. Review procedures for rec-onciling these reports to the financial insti-tution’s records.

6. Review the financial institution’s system forensuring that deals are transacted at marketrates.

7. Determine whether the institution can iden-tify off-market rates for the range of instru-ments transacted. Determine whether appro-priate justification for these transactions ison file and acknowledged by senior man-agement.

8. Review the holdover-trade policy and theholdover register’s record of trades madebut not posted to the ledgers at the end ofthe day, the identification of such contractsas ‘‘holdover’’ items, and their inclusion intrader or trading-office position reports tomanagement.

9. Determine whether all holdover trades areproperly recorded and monitored. In addi-tion, review the financial institution’s hold-over register and evaluate the reasons forany unusually high incidence of held-overdeals.

10. Identify transactions undertaken with affili-ated counterparties to determine whethersuch dealings have been transacted at pricescomparable to those employed in deals withnonaffiliated counterparties.

CONFIRMATION PROCEDURES

1. Determine whether the confirmation processis controlled by the back-office area. Differ-

ent types of transactions sometimes havevarying legal or regulatory standards for themedium of communication that can be used(such as telex).

2. Review the confirmation process andfollow-up procedures. Determine that person-nel check all incoming confirmations tointernal records and immediately record,investigate, and correct any discrepancies. Inaddition, determine whether—a. outgoing confirmations are sent not later

than one business day after the transactiondate;

b. outgoing confirmations contain all rel-evant contract details, and incoming con-firmations are delivered directly to theback office for review;

c. all discrepancies between an incoming con-firmation and the financial institution’sown records are recorded in a confirmation-discrepancy register, regardless of disposi-tion, and open items are reviewed regu-larly and resolved in a timely manner;

d. discrepancies are directed and reviewedfor resolution by an officer independent ofthe trading function;

e. all discrepancies requiring corrective actionare promptly identified and followed upon; and

f. any unusual concentrations of discrepan-cies exist for traders or counterparties.

3. Review confirmation-aging reports to iden-tify trades without confirmations that havebeen outstanding more than 15 days. (Sig-nificantly less than 15 days in some marketsmay be a cause for concern.)

4. Determine whether the information on con-firmations received is verified with the trad-er’s ticket or the contract.

5. Determine whether the institution hasan effective confirmation-matching andconfirmation-chasing process.

SETTLEMENT PROCEDURES

1. In all instances, particularly those in whichthe settlement of trades occurs outside anestablished clearing system, review the finan-cial institution’s settlement controls to deter-mine whether they adequately limit settle-ment risk.

2. Determine whether the financial institutionuses standardized settlement instructions.

Operations and Systems Risk (Back-Office Operations): Examination Procedures 2060.3


(Their use can significantly reduce both theincidence and size of differences arising fromthe mistaken settlement of funds.)

3. Review the nostro accounts to determine ifthere are old or numerous outstanding itemswhich could indicate settlement errors orpoor procedures.

4. Determine if the institution prepares adequateaging schedules and if they are appropriatelymonitored.

5. Determine whether disbursements andreceipts have been recalculated to reflectthe net amounts for legally binding nettingarrangements.

RECONCILIATION PROCEDURES

1. Obtain copies of reconciliations (for trade,revaluation confirmation, positions) forcapital-markets products. Verify that bal-ances reconcile between appropriate subsid-iary controls and the general ledger. Reviewthe reconciliation process used by the backoffice for its adequacy.a. Determine the adequacy of the frequency

of the reconciliations in light of the trad-ing operation.

b. Investigate unusual items and any itemsoutstanding for an inordinately long periodof time.

c. Assess the adequacy of the audit trail toensure that balances and accounts havebeen properly reconciled.

d. Determine that reconciliations are main-tained for an appropriate period of timebefore their destruction.

2. Determine that timely reconciliations are pre-pared in conformity with applicable policiesand procedures of the reporting institutionand with regulatory accounting principles.

3. Determine that the reconcilement of front-office positions is performed by an individualwithout initial transaction responsibility.Determine that timely reconciliations are per-formed given capital-markets and tradingactivity.

PROCEDURES FORDISCREPANCIES AND DISPUTEDTRADES

1. Assess the process and procedures for theresolution of disputed trades.

2. Confirm that customer complaints are resolvedby someone other than the person whoexecuted the contract.

3. Ensure that the institution’s policy prohibitsthe use of brokers’ points in the foreign-exchange market and properly controls anybrokers’ switch transactions that are permitted.

4. Review the trade-investigations log to deter-mine the size and amount of outstandingdisputes, the number resolved and not paid,the amount paid out in the most recentperiod, and the trend of dispute resolutions(the institution’s fault versus counterparties’fault).

5. Review the volume of confirmation and settle-ment discrepancies noted and the correspond-ing levels of overdraft interest or compen-sation expenses paid to counterparties todetermine—a. the adequacy of operations staffing (num-

ber and skill level),b. the adequacy of current operating policies

and procedures, andc. the overall standard of internal controls.

BROKERS’ COMMISSIONS ANDFEES PROCEDURES

1. Evaluate the volume of trading deals trans-acted through brokers.

2. Review brokerage expenses. Determine thatat least monthly brokerage expenses are—a. commensurate with the level of trading

activity and profits,b. spread over a fair number of brokers with

no evidence of favoring particular brokers,c. reconciled by personnel independent of

traders for accuracy and distribution ofexpenses.

3. Scrutinize transactions for which the brokerhas not assessed the usual fee.

4. Does the financial institution retain informa-tion on and authorizations for all overdraftcharges and brokerage bills within the last 12months and retain all telex tapes or copiesand recorded conversation tapes for at least90 days? (This retention period may need tobe considerably longer for some markets.)

5. Review the retention policy for brokers’commission and fee reports.

6. Assess that adequate information is obtainedto substantiate compensated contracts, liqui-dation of contracts, and canceled contracts.

2060.3 Operations and Systems Risk (Back-Office Operations): Examination Procedures


7. Review a sample of brokered transactionsand their documentation.

REVALUATION PROCEDURES

1. Determine whether revaluation proceduresaddress the full range of capital-markets andtrading instruments at the institution.

2. Determine the frequency of revaluation byproduct and application (use).

3. Determine the source of market rates andwhether the selection process is subject tomanipulation or override by traders. Deter-mine if trader override is justified and welldocumented.

4. Evaluate the methodology of revaluing illiq-uid or structured products when prices arenot readily available. If the institution estab-lishes reserves for these products, review theadequacy of those reserves.

5. Determine whether investment portfolios areadequately monitored on a reasonablefrequency.

DOCUMENTATION ANDRECORDKEEPING PROCEDURES

1. Determine the adequacy of control on docu-mentation. Review written documentation forthe following:a. the types of contracts eligible for purchase

or sale by the financial institutionb. individuals eligible to purchase and sell

contractsc. individuals eligible to sign contracts or

confirmations

d. the names of firms or institutions withwhom employees are authorized to con-duct business (counterparties)

2. Determine whether the institution has a for-mal record-retention policy and whether itresults in an adequate audit trail for internaland external auditors.

AUDIT PROCEDURES

1. Determine whether the audit program includesa risk assessment of all front- and back-officeactivities.

2. Determine whether the audits performed arecomprehensive and address areas of concernwith appropriate frequency.

3. Determine whether audit findings arecomplete.

4. Determine whether audit findings are relayedto the appropriate level of management andthat there is appropriate follow-up andresponse.

5. Determine whether the audit staff is adequatelytrained to analyze the range of capital-markets activities at the financial institution.

CORRECTIVE ACTION

1. Recommend corrective action when policies,procedures, practices, internal controls, ormanagement information systems are foundto be deficient, or when violations of laws,rulings, or regulations have been noted.

Operations and Systems Risk (Back-Office Operations): Examination Procedures 2060.3


Operations and Systems Risk (Back-Office Operations)Internal Control Questionnaire Section 2060.4


The following questions are appropriate forpolicies and operating procedures for capital-markets and trading activities.

1. Do the policies and procedures have theapproval of the board of directors?

2. Do they give sufficiently precise guidanceto officers and employees?

3. Do they have clear directives regarding theresponsibilities of management personnel incharge of overseeing and controlling risk?(See sections 2010.1, 2020.1, 2030.1, and2070.1, ‘‘Market Risk,’’ ‘‘CounterpartyCredit and Presettlement Risk,’’ ‘‘LiquidityRisk,’’ and ‘‘Legal Risk,’’ respectively.

4. Do they appear to be appropriate to man-agement’s objectives and the needs of theinstitution’s customers?

5. Do they cover all of the financial institu-tion’s back-office operations and adequatelydescribe the objectives of these activities?

6. Are they updated on a timely basis whennew products are introduced or when exist-ing products are modified?

7. Do they fully describe all the documenta-tion requirements relating to tradingproducts?

8. Do they establish parameters which preventconflicts of interest within the financialinstitution’s overall trading operations (thatis, do safeguards prevent insider abuses)?

9. Do procedures manuals cover all the secu-rities activities that the financial institutionconducts, and do they prescribe appropriateinternal controls relevant to those functions(such as revaluation procedures, accountingand accrual procedures, settlement proce-dures, confirmation procedures, accounting/auditing trails, and procedures for establish-ing the sequential order and time oftransactions)?

10. Do prodedures include a code of ethics? Isthere a ‘‘know-your-customer’’ guideline atthe institution? How does the institutionensure compliance?

11. Are there written procedures to controlafter-hours trades and trades originatingoutside the trading room (for example, atthe trader’s home)? Is there an approved

list of all traders authorized to trade offpremises?


1. Does the back office have a current organi-zation chart? If so, obtain a copy.

2. Is the organization chart supplemented byposition descriptions and summaries ofmajor functions? If so, obtain copies ofthem.

3. Is there a management-succession plan forback-office and control staff, and is it ad-equate? Is the experience level of personnelcommensurate with the institution’s activity?Is the turnover rate high?

4. Compare organizational charts betweenexams. If the turnover rate has been high,determine the reasons for the turnover andevaluate what effect the turnover has had onthe financial institution’s trading operations.Determine the reasons for each trader’stermination or resignation.

5. Are all employees required to take twoconsecutive weeks of vacation annually? Isthis policy followed?

6. Does the institution perform backgroundchecks on employees?

7. Review the financial institution’s compen-sation program for these activities to deter-mine whether remuneration is based onvolume and profitability criteria. If so, deter-mine whether controls are in place to pre-vent personnel from taking excessive risksto meet the criteria.

8. Is there a list of locations where tradingactivities are carried out, supplemented by adescription of the activities at each locationand an explanation of each location’sresponsibilities with regard to risk manage-ment and control? If so, obtain copies of thelist and arrange for access to the supplemen-tal information.

9. Are dealers and position clerks that report tothem excluded from the following functions:a. preparing, validating (officially signing),

and mailing trading contracts?b. recording trading transactions, maintain-

ing position ledgers and maturity files,and preparing daily activity and positionreports (except for memorandum records


used to inform dealers of positioninformation)?

c. periodically revaluing positions anddetermining gains or losses for officialaccounting records?

d. settling transactions and other paying orreceiving functions, such as issuing orreceiving, and processing cable or mailtransactions, drafts, or bills of exchange?

e. receiving counterparty confirmations andreconciling them to contracts or brokerstatements, following up on outstandingconfirmations, and correcting relatederrors and similar processing functions?

f. operating and reconciling nostro andother due-to or due-from accounts relatedto trading activities?

g. preparing, approving, and posting anyother accounting entries?

10. Is management informed about pertinentlaws, regulations, and accounting conven-tions? Is training of back-office staff adequatefor the institution’s volume and businessmix?

11. Does management have a strategy for theback office that parallels that for theorganization?

12. Is the process of executing trades separatefrom that of confirming, reconciling, revalu-ing, or clearing these transactions or fromcontrolling the disbursement of funds, secu-rities, or other payments, such as margins,commissions, or fees?

13. Are front-office functions segregated fromthose individuals who confirm trades, revaluepositions, approve or make general-ledgerentries, or resolve disputed trades? Addi-tionally, within the back office, are recon-ciling and confirming positions segregated?Is accounting entry and payment receipt ordisbursement performed by distinct indi-viduals with separate reporting lines?

14. Is access to trading products, trading records,critical forms, and both the dealing roomand processing areas permitted only inaccordance with stated policies andprocedures?

15. Is a unit independent of the trading roomresponsible for reviewing daily reports todetect excesses of approved trading limits?

16. From observation, are back-office tasks trulysegregated from front-office tasks?

TICKET FLOW

1. Are tickets prenumbered? If not, are tradingtickets assigned a computer-generated num-ber? Does control over tickets appear rea-sonable and adequate?

2. Do tickets clearly define the type of product(for example, interest-rate swap, OTC bondoption, or gold bullion)?

3. Do tickets contain all other pertinent infor-mation to prepare the related contract with-out recourse to the dealing room?

4. Are trading tickets time and date stamped inthe front office? Are dual signatures on thetickets for the trader and back-officepersonnel?

5. Are there any unusual patterns of activity(for example, an increase in volume, newtrading counterparties, a pattern of top-priceor bottom-price trades relative to theday’s trading range or with the samecounterparties)?

6. Are reviews of outstanding contracts per-formed on a frequency commensurate withtrading activity?

7. Are trader positions reviewed and approvedby management on a timely basis?

8. Can the institution identify off-markettransactions?

9. Does the institution ensure that senior cus-tomer management is aware of off-markettransactions and the special risks involved?Is appropriate justification for these trans-actions on file and acknowledged by seniormanagement?

10. Are holdover trades adequately controlled?11. Are all holdover trades properly recorded

and monitored? Can the institution justifythe reasons for any unusually high incidenceof held-over deals?

12. Does the institution transact trades withaffiliated counterparties? Are such dealingstransacted at prices comparable to thoseemployed in deals with nonaffiliatedcounterparties?

13. Does the financial institution have specificpolicies for margin lending, and are cus-tomer requests adequately reviewed andauthorized? Does it enforce all marginrequirements and sell securities if custom-ers do not meet margin calls?

14. Does the back office monitor collateralagainst open positions for margin custom-ers? Is the supervision adequate?

2060.4 Operations and Systems Risk (Back-Office Operations): Internal Control Questionnaire


15. Are margin requirements on all outstandingcontracts for a customer monitored daily?In the case of actively trading customers,are margin requirements checked after cashtrades?

CONFIRMATIONS

Review the confirmation process and follow-upprocedures.

1. Are all data on incoming and outgoingconfirmations compared to file copies ofcontracts? Verify that confirmations containthe following information:a. counterpartyb. instrument purchased or soldc. trade dated. value datee. maturity or expiry datef. financial termsg. delivery and payment instructionsh. definition of any applicable market con-

ventions (for example, the interest-determination methodology)

i. date of preparation, if different from thetransaction date

j amount tradedk. reference number

2. Are signatures on confirmations verified?3. Are outgoing confirmations sent not later

than one business day after the transactiondate?

4. Do outgoing confirmations contain all rel-evant contract details? Are incoming con-firmations delivered directly to the backoffice for review?

5. Does the institution adequately monitor dis-crepancies between an incoming confirma-tion and the financial institution’s ownrecords?

6. Are discrepancies directed to and reviewedfor resolution by an officer independent ofthe trading function?

7. Are all discrepancies requiring correctiveaction promptly identified and followed upon?

8. Are there any unusual concentrations ofdiscrepancies for traders or counterparties?

9. Has the institution conducted adequateresearch to determine the standing of legalor regulatory standards for the medium of

communication that can be used (for exam-ple, telex)?

10. Does the institution have an effectiveconfirmation-matching and confirmation-chasing process?

11. Are there procedures to uncover unusuallyheavy trading by a single counterparty?

SETTLEMENT PROCESS

1. Do the financial institution’s controlsadequately limit settlement risk?

2. Are nostro accounts reconciled frequently?Are there old or numerous outstanding itemswhich could indicate settlement errors orpoor procedures?

3. How are failed securities trades managed?a. Do procedures promptly resolve transac-

tions that are not settled when and asagreed on (‘‘fails’’)?

b. Are stale items valued periodically and, ifany potential loss is indicated, is a par-ticular effort made to clear such items orto protect the financial institution fromloss by other means?

c. Are fail accounts periodically reconciledto the general ledger, and are any differ-ences followed up to a conclusion?

4. Is the back office routinely able to reconcileits cash accounts against securities acceptedor delivered?

5. Is physical security of trading productsadequate?

6. To ensure segregation of duties, are person-nel responsible for releasing funds specifi-cally excluded from any confirmationresponsibilities?

7. Does the institution prepare adequate agingschedules? Are they monitored?

8. Are netting arrangements correctly reflectedin disbursements and receipts?

RECONCILIATIONS

Obtain copies of reconciliations (for trade,revaluation confirmation, and positions) fortraded products. Verify that balances reconcileto appropriate subsidiary controls and the gen-eral ledger. Review the reconciliation processfollowed by the back office for adequacy.

1. Are timely reconciliations prepared in con-formity with applicable policies and proce-

Operations and Systems Risk (Back-Office Operations): Internal Control Questionnaire 2060.4


dures of the reporting institution and regula-tory accounting principles?

2. Are unusual items investigated? Are thereany outstandings?

3. Is the audit trail adequate to ensure thatbalances and accounts have been properlyreconciled?

4. Are reconciliations held on file for an appro-priate period of time?

5. Is the reconcilement of front-office positionsperformed by an individual without initialtransaction responsibility?

DISCREPANCIES AND DISPUTEDTRADES

1. Is the resolution of disputed trades anddetermination of compensation for the earlyunwinding of contractual obligations of thefinancial institution controlled by the backoffice?

2. Are the processes and procedures for theresolution of disputed trades effective?

3. Are customer complaints resolved by some-one other than the person who executed thecontract?

4. Does the institution’s policy prohibit the useof brokers’ points in the foreign-exchangemarket and control any brokers’ switch trans-actions?

5. Is the volume of confirmation and settlementdiscrepancies excessive?

BROKERS’ COMMISSIONS ANDFEES PROCEDURES

1. Evaluate the volume of trading deals trans-acted through brokers. Are commissions andfees—a. commensurate with the level of trading

activity and profits?b. spread over a fair number of brokers? Is

there evidence of favoring a particular orgroup of brokers?

c. reconciled by personnel independent oftraders to determine accuracy and distri-bution of expenses?

2. Are regular statements received from thesebrokers?

3. Are incoming brokers’ statements sent directlyto the accounting or operations departmentand not to trading personnel?

4. Are brokers’ statements reconciled by theback office with the financial institution’srecords before the payment of commissions?

5. Does the back office routinely report anysignificant questions or problems in dealingwith brokers? Are discrepancies on brokers’statements directed to someone outside thetrading function for resolution?

6. Can the institution justify cases in which thebroker has not assessed the usual fee?

7. Is an adequate audit trail established for alloverdraft charges and brokerage bills withinthe last 12 months? Does the process requireretention of all telex tapes or copies andrecorded conversation tapes for at least 90days? (This retention period may need to beconsiderably longer for some markets.)

REVALUATION

1. Do the revaluation procedures address thefull range of capital-markets and tradinginstruments at the institution?

2. Is the frequency of revaluation by productand application (use) adequate?

3. Are the source of market rates and theselection process subject to manipulation oroverride by traders? Is trader override justi-fied and well documented?

4. Are revaluation results discussed with thetrading management? Is an approval processin place to ensure agreement of positions andprofit and loss by back- and front-office staff?

ACCOUNTING

See section 2120.1, ‘‘Accounting.’’

MANAGEMENT INFORMATIONREPORTING

See section 2040.1, ‘‘Management InformationSystems.’’

DOCUMENTATION ANDRECORDKEEPING

1. Is written documentation complete, approvedat the appropriate level (with authorizedsignatures), and enforceable?

2060.4 Operations and Systems Risk (Back-Office Operations): Internal Control Questionnaire


2. Are there procedures in place to ensurecompliance with section 208.34 of Regula-tion H (12 CFR 208.34)?

AUDIT

1. Does the audit program include a risk assess-ment of all the front- and back-officeactivities?

2. Are comprehensive audits performed, and dothey address areas of concern with appropri-ate frequency? Is the scope adequate andclearly stated?

3. Do audit findings summarize all importantareas of concern noted in the workpapers?

4. Are audit findings relayed to the appropriatelevel of management? Is appropriate follow-upand response elicited?

5. Is the audit staff adequately trained to ana-lyze the range of capital-markets activities atthe financial institution?

6. Is there an opportunity for undue influence tobe imposed on audit staff? Is audit staffsufficiently independent of control and front-office functions?

Operations and Systems Risk (Back-Office Operations): Internal Control Questionnaire 2060.4


Documents

Overview of Risk Management in Trading Activities … of Risk Management in Trading Activities Section ... tion’s risk related to capital-markets ... 2000.1 Overview of Risk Management