Determine and evaluate the types of CIF risk control and monitoring systems used by the board and management. Consider the following:

• Board and senior management reporting;

• Audit program;

• CIF risk management groups;

• CIF committee structures, responsibilities, and performance;

• Management information systems;

• Frequency, content, and usefulness of litigation reports;

• Compliance programs; and

• Control self-assessments.

Evaluate the effectiveness of board and senior management supervision of risk from CIF administration. Consider:

• The types and frequency of board and senior management CIF reviews used to determine adherence to policies, operating procedures, and strategic initiatives;

• The accuracy, timeliness, relevance, and distribution of management information reports;

• The responsiveness to risk control deficiencies and the effectiveness of corrective action and follow-up activities;

• The responsiveness to potential or actual litigation; and

• The responsiveness to internal and external audits and regulatory examinations.

Evaluate the CIF compliance program. Consider:

• The strength of board and senior management commitment and support;

• Line management responsibility and accountability;

• Program formalization, transaction testing, reporting structures, and follow-up processes;

• Qualifications and performance of compliance officer and supporting personnel;

• Communication systems; and

• Training programs.

If the bank has implemented a control self-assessment program, obtain information on its assessment of controls in the CIF area. Evaluate the program and the results of recent control self-assessments of business and support functions.

Identify and obtain the bank’s policies and strategic plan relating to CIFs.

Evaluate the policy and procedures. Consider the following:

• Is the policy formally approved and periodically reviewed by the board or a designated committee?

• Does the policy adequately address applicable law including 12 CFR 9.18?

• Does the policy establish a risk management and internal control framework that addresses

  • Organizational and functional charts?

  • Defined lines of authority and responsibility?

  • Delegation authority and approval processes?

  • Processes to select, employ, and evaluate legal counsel?

  • Standards for dealings with affiliated organizations?

  • Conflicts of interest?

  • Personnel practices?

• Does the policy include appropriate screening and review guidelines of new and existing fund assets to ensure that only eligible assets are invested in a CIF? Guidelines should address:

  • New asset investment processes;

  • Asset reviews;

  • Investment reviews;

  • Cash management;

  • Fees and other expenses;

  • Tax preparation and reporting; and

  • Fund termination.

• Does the policy effectively address information systems and technology applications? Consider

  • Accounting and other transaction recordkeeping systems;

  • Management information system requirements;

  • Customer information security; and

  • Systems security and disaster contingency plans.

• Does the policy establish

  • Policy exception definitions and guidelines;

  • Policy exception tracking and reporting processes;

  • Client reporting guidelines;

  • Proxy voting standards;

  • Control self-assessment processes; and

  • Customer complaint resolution procedures?

  Are these guidelines and processes adequate?

Review the strategic plan and supporting financial projections and determine whether the policy is consistent with the bank’s strategic goals and objectives.

Review how strategic initiatives and policies are communicated within the organization and determine whether the communication processes are adequate.

If deficiencies are identified in the policymaking and implementation process, discuss them with management and document the conclusions and recommendations.

Obtain a list of CIF management and key supporting personnel that includes the following information:

• Title and job responsibilities,

• Formal education and training, and

• Related work experience and accomplishments. CIF management will include any bank director, fiduciary committee member, CIF manager, account administrator, third-party vendor, or other bank employee responsible for developing, approving, or implementing CIF business strategies, policies, and information systems.

Review CIF management and supporting personnel and determine whether management is

• Competent based on the size and investment strategies of the bank’s CIFs;

• Knowledgeable of CIF eligibility requirements, investment strategies, and risk tolerance standards; and

• Aware of the bank’s code of ethics, if applicable, and committed to high ethical standards.

Evaluate the adequacy of staffing levels by reviewing and discussing:

• Current strategic initiatives and financial goals;

• Current fund volume, complexity, and risk profiles;

• Recent staffing analyses and recommendations; and

• Impact of company cost-cutting programs, if applicable.

Compare job descriptions and other responsibilities of managers and key supporting personnel with their experience, education, and other training. Determine whether

• Personnel are qualified and adequately trained for positions and responsibilities.

• The number of funds and other responsibilities assigned to administrators appear reasonable.

• Personnel perform tasks outside their job descriptions that adversely affect their overall performance or that pose unacceptable risk to the bank.

Evaluate the bank’s recruitment and employee retention program by reviewing the following:

• Recent successes in hiring and retaining high-quality personnel;

• Level and trends of staff turnover, particularly in key positions; and

• The quality and reasonableness of management succession plans.

Analyze the compensation and performance evaluation program:

• Is the program formalized and periodically reviewed by the board and senior management?

• Is the program consistent with the bank’s risk tolerance and ethical standards?

• Are responsibilities and accountability standards clearly established for the performance evaluation program?

• Is the program applied consistently and functioning as intended?

• Does the program reward behavior and performance that is consistent with the bank’s ethical culture, risk tolerance standards, and strategic initiatives?

• Does the program include an adequate mechanism for the board to evaluate management performance?

Review the training program by considering the following:

• The types and frequency of training and whether the program is adequate and effective;

• How resources are allocated to CIF training and whether the financial resources provided are adequate; and

• Whether employee training needs and accomplishments are a component of the performance evaluation program.

Obtain and evaluate the annual audit and related financial reports prepared in accordance with 12 CFR 9.18(b)(6). Review for compliance with the regulation’s requirements and for identified control weaknesses. Determine whether management has adequately addressed control deficiencies.

Review the bank’s 12 CFR 9.9 fiduciary audit relating to its CIF activities, if applicable. Determine whether the internal and external audit program is effective and reliable. In the course of the review,

• Select and complete appropriate examination procedures from the “Internal and External Audits” booklet of the Comptroller’s Handbook. Coordinate the selection of procedures with the examiner responsible for evaluating the bank’s audit program.

• Obtain appropriate internal audit reports, work papers, and follow-up reports. Disseminate the reports to the appropriate examiners for review and follow-up.

• Determine the adequacy and effectiveness of the internal audit program by reviewing:

  • The timing, scope, and results of audit activity;

  • The quality of audit reports, work papers, and follow-up processes; and

  • The independence, qualifications, and competency of audit staff.

• If the review of audit reports and work papers raises questions about audit effectiveness, discuss the issues with appropriate examiners and determine whether the scope of the audit review should be expanded. Issues that might require an expanded scope include:

  • Unexplained or unexpected changes in auditors or significant changes in the audit program;

  • Inadequate scope of the audit program;

  • Audit work papers that are deficient or do not support audit conclusions;

  • High-growth areas without adequate audit coverage; and

  • Inappropriate actions by insiders to influence the findings or scope of audits.

Draw conclusions about the adequacy and effectiveness of the audit program and forward the findings and recommendations, if applicable, to the examiner responsible for evaluating the bank’s audit program.

As appropriate and approved by the bank EIC and internal control examiner, select and complete appropriate internal control examination procedures from the “Internal Control” booklet of the Comptroller’s Handbook.

After completing the examination procedures selected above and reviewing the results of the control systems examination procedures, draw conclusions on internal control for CIF services.

Table 1.

The overall system of internal control for collective investment fund services is

Table 2.

Submit the assessment of internal control to the examiner responsible for evaluating internal control for asset management activities.

Select a sample of CIFs, including recently established CIFs. If possible, include a variety of fund types: personal trust, employee benefit, and specialized funds.

For each new fund selected, determine whether the fund approval process was adequate and effective. Consider:

• CIF compliance with federal, state, and local laws;

• The bank’s level of technical expertise and operational capabilities;

• The bank’s duties and obligations as administrator of the CIF;

• The terms and conditions of the plan;

• Current or foreseeable problems in administering the CIF;

• Potential or actual conflicts of interest;

• Potential environmental issues, if applicable, given the investment strategy of the fund;

• The adequacy and reasonableness of the CIF fee structure and whether the bank is adequately compensated for the risks associated with administering the fund;

• Any services provided by a third-party vendor; and

• Input from portfolio managers, risk managers, and legal counsel.

Review each selected CIF and determine whether investment management and ongoing administrative processes are adequate and effective. Determine whether:

• The investment of fund assets complies with the fund’s governing instrument and the investment objective of the fund;

• The bank performs account reviews in accordance with 12 CFR 9.6(c) and other applicable law;

• The bank prepares and provides accurate account statements as required by 12 CFR 9.18(b)(6) and any additional required accountings;

• The bank avoids conflicts of interest and self-dealing;

• The bank charges and reports accurate fund fees and complies with the management fee and expense provisions of 12 CFR 9.18(b)(9) and (10); and

• Any services provided by a third-party vendor are properly performed and the vendor’s charges are appropriate and reasonable.

Determine whether CIF managers and administrators have an adequate knowledge and understanding of the funds assigned to them:

• Are CIFs assigned to a specific administrator?

• Are CIF managers aware of problems such as litigation, complaints, and other important administrative matters?

• Have fund administrators maintained records in accordance with policy and sound administrative practices?

Evaluate the bank’s processes for administering accounts invested in CIFs operated by an affiliated bank:

• Determine whether proper and timely written authorizations are obtained when these approvals may be required for important actions;

• Determine the appropriateness of the CIF for the bank’s fiduciary accounts.

Evaluate the fund’s cash management processes:

• Identify and review large uninvested or undistributed cash balances and discuss them with management. Determine whether administration of the fund is appropriate and complies with 12 CFR 9.10, “Fiduciary Funds Awaiting Investment or Distribution,” and with the terms of the fund’s plan as required by 12 CFR 9.18(b)(1).

• Review fund overdrafts, giving attention to large and longstanding items. Determine why they exist and discuss management’s plans to clear them.

Evaluate the bank’s recordkeeping and client reporting processes.

• Is fund income properly received and recorded? Does the bank properly allocate cash to income and principal in accordance with the plan or applicable law?

• Do admissions and withdrawals comply with the fund’s plan, other applicable law, and internal policy?

• Are fees and expenses appropriate, accurate, and consistent with 12 CFR 9.18(b)(9) and (10)?

• Does the bank have an account statement distribution policy and supporting procedures? Is the bank complying with the policy?

• Are statements and reports prepared and distributed to persons entitled to them?

Review CIF tax administration and evaluate the process to prepare and file CIF-related tax returns:

• Are federal and state tax returns filed on time?

• Are appropriate valuations performed on fund assets?

Evaluate the bank’s process for terminating CIFs:

• Is the process clearly defined with specified approval authority?

• Is a review by legal counsel part of the process?

• Are appropriate allocations of income determined at the time of closing?

• Is the fee unit notified when an account is terminated?

• Are estate and federal income tax issues appropriately considered?

• Is an adequate plan of distribution created?

• Are judicial accountings appropriately administered?

Select an appropriate sample of accounts with assets invested in CIFs. A sufficient number of accounts should be selected to form a reliable assessment of the bank’s processes. Account selection may be based on risk factors such as size, complexity, litigation, and insider relationships, but the sample must be of sufficient size to satisfy the examination’s objectives.

Review each selected account and determine whether administrative processes are adequate and effective. Determine whether:

• The investment of account assets in a CIF complies with the terms of the governing instrument and meets the needs of account beneficiaries according to their circumstances;

• The bank has determined that the account is eligible for admission to the A1 or A2 fund;

• The use of a CIF for the account complies with federal laws, state and local laws, and court orders and directions;

• The bank performs account reviews in accordance with 12 CFR 9.6(c) and other applicable law;

• The bank prepares and provides accurate account statements as required by 12 CFR 9.18(b)(6) and any additional required accountings;

• The bank avoids conflicts of interest and self-dealing;

• The bank charges and reports accurate fund fees and complies with the management fee and expense provisions of 12 CFR 9.18(b)(9) and (10); and

• Any services provided a third-party vendor are properly performed and appropriately documented, and the vendor’s charges are appropriate and reasonable.

Evaluate the bank’s CIF admission and withdrawal process.

• Is the process formalized and adequately documented?

• Are relationships with third-party financial intermediaries appropriately documented?

• Is appropriate information obtained during the due diligence review and effectively used in the approval process?

• Is the process complied with? Does it include an appropriate approval process for policy exceptions?

• Does the process include monitoring for potential “late trading” and other preferential treatment in trading practices by CIF participants?

• Does the process include monitoring for potential “market timing,” particularly when the plan’s terms prohibit this practice or when a fund is particularly susceptible to market timing?

• Does the acceptance process comply with the requirements of 12 CFR 9.18?

• Does the withdrawal process comply with the requirements of 12 CFR 9.18?

Select a sample of recently admitted accounts for review. If possible, include a variety of account types, including personal trust and employee benefit.

For each selected account, determine whether the account admission process was adequate and effective. Consider the following:

• The bank’s level of technical expertise and operational capabilities;

• The bank’s duties and obligations as administrator of the CIF;

• The bank’s reliance on third-party intermediaries;

• The terms and conditions of the governing instrument and the character of the account parties;

• Current or foreseeable problems in administering the account;

• Whether the bank is adequately compensated for accepting the risks of administering the account;

• The types of assets currently in the portfolio and the types of assets to be purchased and managed in the portfolio;

• Environmental review issues;

• Input from portfolio managers, risk managers, and legal counsel;

• Potential or actual conflicts of interests;

• Prior fiduciary administration, particularly successor trustee accounts; and

• Co-trustee relationships.

Evaluate how management plans for and develops new funds. Consider the following:

• Types of market research conducted, such as product feasibility studies;

• Cost, pricing, and profitability analyses;

• Risk assessment processes;

• Legal counsel and review;

• Role of risk management and audit functions;

• Information systems and technology impact; and

• Human resource requirements.

Evaluate the product approval process by selecting a sample of funds developed and introduced since the last examination of this area:

• Is the approval authority clearly established and adhered to?

• Were bank policies and procedures adequately followed?

• Does the process require adequate documentation of the factors considered and adequate support for the final decision?

Review policies and procedures for the selection and monitoring of third-party vendors. Discuss the process with management, and document significant weaknesses in risk management processes. Consider the following:

• The quality of the due diligence review process;

• The contract negotiation and approval process;

• Risk assessment processes, including consideration of the exclusive management and “prudent delegation” provisions of 12 CFR 9.18(b)(2);

• Risk management and audit division participation;

• Vendor monitoring processes, such as the assignment of responsibility, the frequency of reviews, and the quality of information reports reviewed; and

• The process for resolving problems with vendors.

Obtain a list of vendors used by the bank to provide CIF services and support. Select a sample from the vendor list, and evaluate the adequacy and effectiveness of the bank’s selection and monitoring processes for each vendor selected. Determine whether the selection and monitoring process require:

• The vendor to be familiar with 12 CFR 9 and the implications of a bank breaching its fiduciary duties; and

• The bank’s contract with the vendor to include a provision that the vendor will establish adequate information-security programs to safeguard customer information consistent with 12 CFR 30 (appendix B).

Review documentation whose subject is any agreement between the bank and the vendor that calls upon the vendor to provide assets to be invested in the bank’s CIFs.

Review policies and procedures used by the bank to ensure that recordkeepers and other intermediaries with access to bank CIFs have effective policies in place to prevent “late trading” and other preferential treatment in trading practices provided to plan participants.

For plans that restrict or prohibit “market timing,” and for funds that are particularly susceptible to market timing, review policies and procedures used by the bank to ensure that recordkeepers and other intermediaries with access to bank CIFs have policies in place to deter or prevent market timing of the fund.