Internal Control Questionnaires and Verification Procedures

Policies

  1. Determine if board approved securitization policies and procedures are adequate and establish appropriate risk limits. The written policies and procedures should address:

    1. Permissible securitization activities.

    2. Authority and responsibility over

      • Transaction approvals and cancellations.

      • Deal negotiation and execution.

      • Counterparty approvals.

      • Transaction monitoring.

      • Pricing approvals.

      • Personnel supervision.

      • Risk management.

      • Reporting and approving policy exceptions.

    3. Underwriting standards for loans originated or purchased for securitization.

    4. Servicing standards, including criteria for selecting a third-party servicer.

    5. Exposure limits for retained interests as a percentage of Tier 1 capital.

    6. Standards for repurchasing distressed loans from the securitized credit pool that are consistent with contractual recourse obligations.

    7. Hedging activities.

    8. Legal counsel review of contracts or agreements.

    9. Consistently applied accounting methodology.

    10. Regulatory reporting requirements.

    11. Valuation methods for retained interests, including procedures for review and approval of the underlying assumptions.

    12. Management reporting process.

  2. Determine if sufficient operational separation and rotation of duties exist.

  3. Determine if proper safeguards are in place regarding access to and use of records.

  4. Determine if loan servicing statements and trustee reports for each securitization are routinely reconciled.

  5. Determine if deviations from policy parameters are handled in accordance with board approved policies.

  6. When the bank retains recourse in a securitization, determine whether internal controls are in place to ensure recourse payments to the trust do not exceed the bank’s contractual obligation.

  7. Determine if internal management reports provide sufficient information for management’s decisions and for monitoring the results of those decisions. Reports should address the following:

    1. Performance of assets in securitized pools. At a minimum, these reports should provide delinquency, defaults, losses, and prepayment performance of assets sold.

    2. Deal summaries for completed, in process, and prospective securitization transactions. Deal summaries should include collateral type, dollar volume of loans sold, maturity, credit enhancement and subordination features, financial covenants, rights of repurchase, and counterparty exposures.

    3. Vintage analysis for each pool using monthly data.

    4. Static pool cash collection analysis.

    5. A monthly statement of covenant compliance. The report should include compliance with both credit enhancement build triggers and servicing removal triggers.

    6. Quarterly or more frequent sensitivity analyses or stress tests.

    7. Exposure by counterparty and function (e.g., loan originator, credit enhancement provider, servicer).

    8. Profitability analysis by securitization and function (e.g., originator, provider of direct credit substitute).

    9. Liquidity usage and expected funding requirements.

    10. Servicing performance reports. If the institution uses a third party servicer, management reporting needs to provide appropriate information to monitor performance.

  8. Determine if securitization activity information is effectively communicated to the lending, credit review, funds management, servicing, and risk management areas.

  9. Verify that management reviews financial audits or other documentation to analyze the condition of any third party credit enhancement provider, including a subsidiary or an affiliate, involved in the institution’s securitizations.

  10. If a third party servicer is used, including a subsidiary or an affiliate, determine that management reviews operational audits or other documentation to analyze the operating soundness of this entity.

  11. Determine that the authority to provide direct credit substitutes (e.g., financial standby letters of credit) is subject to the approval of the credit department.

  12. Determine that exposures arising from direct credit substitutes are analyzed during the internal credit review process.

  13. If a third party values the retained interest(s), review management’s documentation and evaluate the due diligence performed for determining the qualifications of the third party’s personnel. In addition, determine senior management’s understanding of the methodology used by the third party.

Previous: Internal Control Questionnaire Next: Verification Procedures