Internal Control Questionnaires and Verification Procedures

Senior Management and Board Oversight

  1. Has the board of directors, consistent with its duties and responsibilities, adopted a policy and control framework for the use of derivatives that:

    1. Details the type and nature of activities that are authorized, require specific approval, and are inappropriate?

    2. Reflects the board’s risk appetite?

    3. Is consistent with underlying strategic and business objectives?

    4. Establishes a code of conduct for the trading and sales staff?

    5. Assigns clear responsibility for derivative activities?

    6. Provides sufficient managerial and operational resources to conduct the activity in a safe and sound manner?

    7. Requires the development and implementation of sufficiently detailed procedures to guide the bank’s daily activities?

    8. Ensures that the key risk control functions, including internal audit, are structured and staffed appropriately? (Expertise, credibility, and independence are paramount.)

    9. Establishes a process for the evaluation and approval of new business or product initiatives (the product assessment and approval process)?

    10. Establishes guidelines for dealing with affiliates?

    11. Provides for a comprehensive limit structure that:

      • Addresses all key risk factors?

      • Is commensurate with the volume and complexity of activity?

      • Is consistent with bank strategies, historical performance, and the overall level of earnings or capital the board is willing to risk?

      • Aggregates the level of risk exposure and expresses it as value-at-risk?

      • Is reviewed and approved by the board, or a committee thereof, at least annually?

      • Is communicated to all appropriate parties (e.g., traders, risk managers, operations, and audit)?

    12. Provides for a limit exception reporting and approval process?

    13. Requires regular risk position and performance reporting?

    14. Requires periodic stress testing of risk positions?

    15. Requires an independent assessment and validation of risk measurement methodologies?

  2. Has the board established a new product policy? Does the policy require that all relevant areas such as the business line, systems, risk control, credit, accounting, legal, operations, tax, and regulatory compliance evaluate risks and controls? Does the policy:

    1. Define a new product or activity?

    2. Establish a process to identify new product transactions? Is new product documentation required to:

      • Describe the product?

      • Explain the product’s consistency with business strategies and objectives?

      • Identify and evaluate risks and describe how they will be managed?

      • Describe the limit and exception approval processes?

      • Describe capital allocations?

      • Describe accounting procedures?

      • Summarize operational procedures and controls?

      • Detail approval of legal documentation?

      • Address other legal and regulatory issues?

      • Explain tax implications?

      • Describe the ongoing maintenance process?

  3. Has the board established a code of ethics/conflict of interest policy for trading activities that provides an adequate framework to control risk to the bank’s reputation?

    1. Does the policy:

      • Prohibit any deceptive, dishonest, or unfair practice?

      • Provide for a mechanism to monitor gifts and gratuities?

      • Prohibit false or materially misleading marketing material?

      • Provide for the disclosures and consents necessary to avoid conflicts of interest?

      • Provide for a system to determine the existence of possible control relationships?

      • Prohibit the use of confidential, nonpublic information without the written approval of affected counterparties?

      • Prohibit the improper use of funds held on another’s behalf?

      • Designate specific principals to supervise personnel and business conduct in general?

      • Adopt price mark-up guidelines?

      • Allocate responsibility for transactions with the bank’s own employees and employees of other dealers?

    2. Is there a mechanism to promote awareness of its code of ethics/conflict of interest policies?

    3. Are trading and sales personnel required to confirm in writing their acknowledgment of various codes and to report violations?

    4. Is there a mechanism to ensure compliance with the code of ethics/conflict of interest policy and report those violations?

Previous: Tier I and Tier II Dealers Next: Price Risk