Internal Control Questionnaires and Verification Procedures

Transaction Risk

Have the board and management established transaction risk policies and procedures for derivative activities that address:
1. Segregation of duties between trading, processing, and payment functions?
2. Description of accounts?
3. Trade entry and transaction documentation?
4. Confirmations?
5. Settlement?
6. Exception reporting?
7. Documentation tracking and reporting?
8. Revaluation?
9. Reconciliations including frequency?
10. Discrepancies and disputed trades?
11. Broker accounts?
12. Accounting treatment?
13. Management reporting?
Is the back office functionally independent of the front office? Does the back office (operation/accounting function) report to a senior financial or operations manager and not to the risk-taker?
Do controls over the trade entry and processing environment:
1. Limit access to trading systems using passwords or similar controls?
2. Ensure that all trades are captured through the use of
  - Pre-numbered tickets or sequential numbering systems?
  - Recorded telephone conversations?
  - Chronological records of telex/SWIFT messages?
  :
3. Ensure that transaction documentation supports the reporting of limit exceptions? Ensure that records of original entry capture sufficient details to establish valid contracts, including:
  - Time and date executed?
  - Name of party executing transactions?
  - Name of party entering transaction data?
  - Type of instrument, price, and amount?
  - Adequate description of the components of complex transactions?
  - Settlement or effective date?
  - Payment or settlement instructions?
  - Brokers’ fees or commissions and other expenses?
4. Reduce the likelihood of errors by reconciling individual traders’ positions/blotters to aggregate positions daily:
  - Front office to back office?
  - Aggregate position by instrument?
  - Customer/counterparty records?
5. Safeguard assets by establishing controls over movement of cash, collateral, or other assets?
6. Facilitate tracking and correction of errors through use of management information systems that monitor errors introduced by:
  - The party executing the trade?
  - The party entering the trade?
  - The settlement agent?
Are traders prohibited from changing the terms of a transaction after they have orally committed to it?
Are the phone lines of traders and salespeople taped? Are the recordings stored long enough to be used for resolving possible disputes?
Do controls over the confirmation process ensure that:
1. The back office initiates, follows up on, and controls the confirmation process?
2. Outgoing confirmations are initiated no later than one business day after the transaction date?
3. The method of confirmation used provides a documentation trail that supports the bank’s position in the event of disputes (recorded telephone lines, paper confirmation, telex/SWIFT messages, logs of other contacts)?
4. Outgoing confirmations are sent to the attention of a department at the counterparty that is independent of the trading unit?
5. Outgoing confirmations contain all relevant contract details?
6. Persons independent of the employees who execute trades handle incoming confirmations? Information on incoming confirmations is compared with outgoing information?
7. All discrepancies requiring corrective action are promptly identified and followed up on by an independent party?
8. All discrepancies (including outstanding confirmations) are tracked, dated, and reported to management? Trends by type are identified and addressed?
9. The back office compares, for consistency, a deal’s particulars (as evidenced in confirmations) with its earlier oral terms?
Do controls over the settlement process ensure that:
1. Standardized settlement instructions have been established where possible?
2. Changes to standard settlement instructions are properly controlled?
3. Nostro accounts do not contain old or stale dated items?
4. Aging schedules are prepared to track outstanding settlement items?
5. Aging information is reported to the appropriate level of operations and trading management?
6. Disbursements/receipts have been recalculated to reflect the net amounts of legally binding netting arrangements?
Do back office controls over the release of funds (payments, margin, and collateral) ensure that the person responsible for the release of funds is independent of confirmation responsibilities and sensitive operations processing duties?
Do persons who do not have trading authority make general ledger entries and reconciliations?
Do controls over the documentation tracking process ensure:
1. Timely identification of missing documents?
2. An organized follow-up process for obtaining missing documents?
3. Timely resolution of documentation exceptions?
4. That documentation exception reports are provided to operations and trading management?
Has a tickler system been established to:
1. Ensure timely payments to the counterparty?
2. Monitor and follow up on late payments?
Do controls over the back office revaluation process ensure that:
1. Key pricing parameters are obtained from or verified by a source independent of the traders and are representative of the market?
2. If rates are reset manually, there is a tickler system to prompt such action?
3. Rate resets are verified for accuracy?
4. For dealers, revaluations are performed daily?
5. Profits and losses resulting from revaluations are closed to the general ledger at least once a month?
6. If models are used to derive or interpolate specific market factors, the models have been independently reviewed or otherwise validated?
7. If positions in thinly traded or illiquid portfolios are marked to model, the model is controlled by operations and that market factors (volatility, yield curves, etc.) are obtained from an independent source?
Do controls over the resolution of trade discrepancies ensure that:
1. Someone resolves trade disputes other than the person who executed the contract?
2. Trade discrepancies are brought to the immediate attention of the operations manager?
3. Discrepancy documentation contains the key financial terms of the transaction, indicates the disputed item, and summarizes the resolution?
4. The counterparty receives notice of the final disposition of the trade?
5. The level and frequency of disputed trades is reasonable?
Do controls over the payment of broker commissions and fees ensure that:
1. The back office reviews broker’s statements, reconciles charges to bank estimates, checks commissions, and initiates payment?
2. There is a mechanism to report unusual trends or charges to back office management?
3. Brokerage activity is spread over a reasonable number of brokers and there is no evidence of favoritism?
If apple cable, determine whether there is an adequate system to control collateral for derivative transactions. Determine whether:
1. Trading personnel are prohibited access to collateral or collateral records?
2. Collateral is physically safeguarded and kept under dual control to prevent loss, unauthorized disposal, or use?
3. Collateral is verified periodically, reconciled to the collateral record, and the results reported to management?
4. Collateral is periodically revalued and compared to mark-to-market exposures?
Do controls over collateral in the custody of others ensure that:
1. Collateral statements from brokers and other dealers are sent to the back office (or other appropriate department independent of the trading area), reconciled promptly, and differences investigated?
2. Trading personnel are prevented from authorizing release of collateral?
Do policies and controls regarding the use of personal computers, including spreadsheet applications, ensure that:
1. Traders cannot make changes to key spreadsheets for valuation or risk management purposes?
2. Data and applications are protected?
If multiple databases are used to support subsidiary systems, are there reconciliation controls at each point that multiple data files are brought together?

Previous: Credit Risk

Next: Compliance Risk