Internal Control Questionnaires and Verification Procedures

Transaction Risk

  1. Have the board and management established transaction risk policies and procedures for derivative activities that address:

    1. Segregation of duties between risk-taking, processing, and payment functions?

    2. Description of accounts?

    3. Trade entry and transaction documentation?

    4. Confirmations?

    5. Settlement?

    6. Exception reporting?

    7. Documentation tracking and reporting?

    8. Revaluation?

    9. Reconciliations including frequency?

    10. Discrepancies and disputed trades?

    11. Broker accounts?

    12. Accounting treatment?

    13. Management reporting?

  2. Is the back office functionally independent of the front office? Does the back office (operation/accounting function) report to senior financial or operations manager and not to the risk-taker?

  3. Do controls over the confirmation process ensure that:

    1. The back office initiates, follows up on, and controls the confirmation process?

    2. The method of confirmation provides a documentation trail that supports the bank’s position in the event of disputes (recorded telephone lines, paper confirmation, telex/SWIFT messages, logs of other contacts)?

    3. Persons independent of the employees who execute trades handle incoming confirmations?

    4. All discrepancies requiring corrective action are promptly identified and resolved by an independent party?

    5. All discrepancies (including outstanding confirmations) are tracked, aged, and reported to management? Trends by type are identified and addressed?

    6. The back office compares, for consistency, the terms of the written confirmation with those of the earlier oral agreement?

  4. Do controls over the settlement process ensure that:

    1. Standardized settlement instructions have been established where possible?

    2. Changes to standardized settlement instructions are properly controlled?

    3. Nostro accounts do not contain old or stale dated items?

    4. Aging schedules are prepared to track outstanding settlement items?

    5. Aging information is reported to the appropriate level of operations and trading management?

    6. Disbursements and receipts have been recalculated to reflect the net amounts of legally binding netting arrangements?

  5. Do back office controls over the release of funds (swap payments, margin, collateral) ensure that the person responsible for the release of funds is independent of confirmation responsibilities and sensitive operational processing duties?

  6. Do persons who do not have trading authority make general ledger entries and reconciliations?

  7. Do controls over the documentation tracking process ensure that:

    1. Missing documents are identified in a timely manner?

    2. The bank has an organized follow-up process for obtaining these missing documents?

    3. Documentation exceptions are resolved in a timely manner?

    4. Documentation exception reports are provided to operations and trading management?

  8. Has a tickler system been established to:

    1. Ensure timely payments to the counterparty?

    2. Monitor and follow up on late payments?

  9. Do controls over the back office revaluation process ensure that:

    1. Key pricing parameters are obtained from or verified by a source independent of the traders and are representative of the market?

    2. If rates are reset manually, there is a tickler system to prompt such action?

    3. Rate resets are verified for accuracy?

    4. Active position-takers perform revaluations at least monthly and are able to do so daily? Limited end-users perform valuations at least quarterly and are able to do so monthly?

    5. Profits and losses resulting from revaluations are closed to the general ledger at least once a month?

    6. The models have been independently reviewed or otherwise validated if models are used to derive or interpolate specific market factors?

    7. The model is controlled by operations and that market factors (volatility, yield curves, etc.) are obtained from an independent source, if positions in thinly traded or illiquid portfolios are marked to model?

  10. Do controls over the resolution of trade discrepancies ensure that:

    1. Someone resolves trade disputes other than the person who executed the contract?

    2. Trade discrepancies are brought to the immediate attention of the operations manager?

    3. Discrepancy documentation contains the key financial terms of the transaction, indicates the disputed item, and summarizes the resolution?

    4. The counterparty is notified of the final disposition of the trade?

    5. The level and frequency of disputed trades is reasonable?

  11. Do controls over the payment of broker commissions and fees ensure that:

    1. The back office reviews broker’s statements, reconciles charges to bank estimates, checks commissions, and initiates payment?

    2. There is a mechanism to report unusual trends or charges to back office management?

    3. Brokerage activity is spread over a reasonable number of brokers and there is no evidence of favoritism?

  12. If applicable, determine whether there is an adequate system to control collateral on derivative transactions. Determine whether:

    1. Trading personnel are prohibited access to collateral or collateral records?

    2. Collateral is physically safeguarded and kept under dual control to prevent loss, unauthorized disposal, or use?

    3. Collateral is counted frequently on an unannounced basis, reconciled to the collateral record, and the results reported to management?

    4. Collateral is periodically revalued and compared with mark-to-market exposures?

  13. Do controls over collateral in the custody of others ensure that:

    1. Collateral statements from brokers and other dealers are sent to the back office (or other appropriate department independent of the trading area), reconciled promptly, and differences resolved?

    2. Trading personnel are prevented from authorizing release of collateral?

  14. Do policies and controls regarding the use of personal computers, including spreadsheet applications, ensure:

    1. Traders cannot make changes to key spreadsheets for valuation or risk management purposes?

    2. Data and applications are protected?

  15. If multiple databases are used to support subsidiary systems, are there reconciliation controls at each point that multiple data files are brought together?

  16. Has the bank addressed the processing, confirmation, and record keeping of derivative transactions in operational policies and procedures?

  17. Does the bank have the operational capacity to process, confirm, and record derivative transactions in a controlled environment?

    1. Are transactions processed and confirmed independently of the area that enters the transactions?

    2. If transactions are maintained on a personal computer spreadsheet, do adequate controls safeguard the data?

    3. Are revaluations done at least monthly for MIS and risk control purposes?

    4. Are prices for periodic market valuations obtained or verified from a source independent of the area that enters into the transactions?

    5. Do personnel who are independent of the transaction make general ledger entries?

    6. Are the persons who reconcile accounts independent of risk-taking and confirmation duties?

Previous: Credit Risk Next: Verification Procedures