|
[Main Tabs]
[Table of Contents - 5000]
[Index]
[Previous Page]
[Next Page]
[Search]
5000 - Statements of Policy
{{8-31-98 p.5437}}
Supervisory Policy Statement on Investment Securities
and End-User Derivatives Activities
I. Purpose
This policy statement (Statement) provides guidance to financial
institutions (institutions) on sound practices for managing the risks
of investment securities and end-user derivatives
activities. 3
The FFIEC agencies--the Board of Governors of the Federal Reserve
System, the Federal Deposit Insurance Corporation, the Office of the
Comptroller of the Currency, the Office of Thrift Supervision, and the
National Credit Union Administration--believe that effective management
of the risks associated with securities and derivative instruments
represents an essential component of safe and sound practices. This
guidance describes the practices that a prudent manager normally would
follow and is not intended to be a checklist. Management should
establish practices and maintain documentation appropriate to the
institution's individual circumstances, consistent with this
Statement.
II. Scope
This guidance applies to all securities in held-to-maturity and
available-for-sale accounts as defined in the Statement of Financial
Accounting Standards No. 115 (FAS 115), certificates of deposit held
for investment purposes, and end-user derivative contracts not held in
trading accounts. This guidance covers all securities used for
investment purposes, including: money market instruments, fixed-rate
and floating-rate notes and bonds, structured notes, mortgage
pass-through and other asset-backed securities, and mortgage-derivative
products. Similarly, this guidance covers all end-user derivative
instruments used for nontrading purposes, such as swaps, futures, and
options. 4
This Statement applies to all federally-insured commercial banks,
savings banks, savings associations, and federally chartered credit
unions.
As a matter of sound practice, institutions should have programs to
manage the market, credit, liquidity, legal, operational and other
risks of investment securities and end-user derivatives activities
(investment activities). While risk management programs will differ
among institutions, there are certain elements that are fundamental to
all sound risk management programs. These elements include board and
senior management oversight and a comprehensive risk management process
that effectively identifies, measures, monitors, and controls risk.
This Statement describes sound principles and practices for managing
and controlling the risks associated with investment activities.
Institutions should fully understand and effectively manage the
risks inherent in their investment activities. Failure to understand
and adequately manage the risks in these areas constitutes an unsafe
and unsound practice.
III. Board and Senior Management Oversight
Board of director and senior management oversight is an integral
part of an effective risk management program. The board of directors is
responsible for approving major policies for conducting investment
activities, including the establishment of risk limits. The board
should ensure that management has the requisite skills to manage the
risks associated with such activities. To properly discharge its
oversight responsibilities, the board should review portfolio activity
and risk levels, and require management to demonstrate compliance with
approved risk limits. Boards should have an adequate understanding of
investment activities. Boards that do not, should obtain professional
advice to enhance its understanding of investment activity oversight,
so as to enable it to meet its responsibilities under this Statement.
Senior management is responsible for the daily management of an
institution's investments. Management should establish and enforce
policies and procedures for conducting
{{8-31-98 p.5438}}investment activities. Senior
management should have an understanding of the nature and level of
various risks involved in the institution's investments and how such
risks fit within the institution's overall business strategies.
Management should ensure that the risk management process is
commensurate with the size, scope, and complexity of the institution's
holdings. Management should also ensure that the reponsibilities for
managing investment activities are properly segregated to maintain
operational integrity. Institutions with significant investment
activities should ensure that back-office, settlement, and transaction
reconciliation responsibilities are conducted and managed by personnel
who are independent of those initiating risk taking positions.
IV. Risk Management Process
An effective risk management process for investment activities
includes: (1) policies, procedures, and limits; (2) the identification,
measurement, and reporting of risk exposures; and (3) a system of
internal controls.
Policies, Procedures, and Limits
Investment policies, procedures, and limits provide the structure to
effectively manage investment activities. Policies should be consistent
with the organization's broader business strategies, capital adequacy,
technical expertise, and risk tolerance. Policies should identify
relevant investment objectives, constraints, and guidelines for the
acquisition and ongoing management of securities and derivative
instruments. Potential investment objectives include: generating
earnings, providing liquidity, hedging risk exposures, taking risk
positions, modifying and managing risk profiles, managing tax
liabilities, and meeting pledging requirements, if applicable. Policies
should also identify the risk characteristics of permissible
investments and should delineate clear lines of responsibility and
authority for investment activities.
An institution's management should understand the risks and
cashflow characteristics of its investments. This is particularly
important for products that have unusual, leveraged, or highly variable
cashflows. An institution should not acquire a material position in an
instrument until senior management and all relevant personnel
understand and can manage the risks associated with the product.
An institution's investment activities should be fully integrated
into any institution-wide risk limits. In so doing, some institutions
rely only on the institution-wide limits, while others may apply limits
at the investment portfolio, sub-portfolio, or individual instrument
level.
The board and senior management should review, at least annually,
the appropriateness of its investment strategies, policies, procedures,
and limits.
Risk Identification, Measurement and Reporting
Institutions should ensure that they identify and measure the risks
associated with individual transactions prior to acquisition and
periodically after purchase. This can be done at the institutional,
portfolio, or individual instrument level. Prudent management of
investment activities entails examination of the risk profile of a
particular investment in light of its impact on the risk profile of the
institution. To the extent practicable, institutions should measure
exposures to each type of risk and these measurements should be
aggregated and integrated with similar exposures arising from other
business activities to obtain the institution's overall risk profile.
In measuring risks, institutions should conduct their own in-house
preacquisition analyses, or to the extent possible, make use of
specific third party analyses that are independent of the seller or
counterparty. Irrespective of any responsibility, legal or otherwise,
assumed by a dealer, counterparty, or financial advisor regarding a
transaction, the acquiring institution is ultimately responsible for
the appropriate personnel and understanding and managing the risks of
the transaction.
Reports to the board of directors and senior management should
summarize the risks related to the institution's investment activities
and should address compliance with the
{{8-31-98 p.5439}}investment policy's objectives,
constraints, and legal requirements, including any exceptions to
established policies, procedures, and limits. Reports to management
should generally reflect more detail than reports to the board of the
institution. Reporting should be frequent enough to provide timely and
adequate information to judge the changing nature of the institution's
risk profile and to evaluate compliance with stated policy objectives
and constraints.
Internal Controls
An institution's internal control structure is critical to the safe
and sound functioning of the organization generally and the management
of investment activities in particular. A system of internal controls
promotes efficient operations, reliable financial and regulatory
reporting, and compliance with relevant laws, regulations, and
institutional policies. An effective system of internal controls
includes enforcing official lines of authority, maintaining appropriate
separation of duties, and conducting independent reviews of investment
activities.
For institutions with significant investment activities, internal
and external audits are integral to the implementation of a risk
management process to control risks in investment activities. An
institution should conduct periodic independent reviews of its risk
management program to ensure its integrity, accuracy, and
reasonableness. Items that should be reviewed include:
(1) Compliance with and the appropriateness of investment
policies, procedures, and limits;
(2) The appropriateness of the institution's risk measurement
system given the nature, scope, and complexity of its activities;
(3) The timeliness, integrity, and usefulness of reports to the
board of directors and senior management.
The review should note exceptions to policies, procedures, and
limits and suggest corrective actions. The findings of such reviews
should be reported to the board and corrective actions taken on a
timely basis.
The accounting systems and procedures used for public and regulatory
reporting purposes are critically important to the evaluation of an
organization's risk profile and the assessment of its financial
condtion and capital adequacy. Accordingly, an institution's policies
should provide clear guidelines regarding the reporting treatment for
all securities and derivatives holdings. This treatment should be
consistent with the organization's business objectives, generally
accepted accounting principles (GAAP), and regulatory reporting
standards.
V. The Risks of Investment Activities
The following discussion identifies particular sound practices for
managing the specific risks involved in investment activities. In
addition to these sound practices, institutions should follow any
specific guidance or requirements from their primary supervisor related
to these activities.
Market Risk
Market risk is the risk to an institution's financial condition
resulting from adverse changes in the value of its holdings arising
from movements in interest rates, foreign exchange rates, equity
prices, or commodity prices. An institution's exposure to market risk
can be measured by assessing the effect of changing rates and prices on
either the earnings or economic value of an individual instrument, a
portfolio, or the entire institution. For most institutions, the most
significant market risk of investment activities is interest rate risk.
Investment activities may represent a significant component of an
institution's overall interest rate risk profile. It is a sound
practice for institutions to manage interest rate risk on an
institution-wide basis. This sound practice includes monitoring the
price sensitivity of the institution's investment portfolio (changes
in the investment portfolio's value over different interest rate/yield
curve scenarios). Consistent with agency guidance,
institutions
{{8-31-98 p.5440}}should specify institution-wide
interest rate risk limits that appropriately account for these
activities and the strength of the institution's capital position.
These limits are generally established for economic value or earnings
exposures. Institutions may find it useful to establish price
sensitivity limits on their investment portfolio or on individual
securities. These sub-instituion limits, if established, should also be
consistent with agency guidance.
It is a sound practice for an institution's management to fully
understand the market risks associated with investment securities and
derivative instruments prior to acquisition and on an ongoing basis.
Accordingly, institutions should have appropriate policies to ensure
such understanding. In particular, institutions should have policies
that specify the types of market risk analyses that should be conducted
for various types or classes of instruments, including that conducted
prior to their acquisition (pre-purchase analysis) and on an ongoing
basis. Policies should also specify any required documentation needed
to verify the analysis.
It is expected that the substance and form of such analyses will
vary with the type of instrument. Not all investment instruments may
need to be subjected to a pre-purchase analysis. Relatively simple or
standardized instruments, the risks of which are well known to the
institution, would likely require no or significantly less analysis
than would more volatile, complex
instruments. 5
§ 703.90. Sec 62 FR 32989 (June 18, 1997).
For relatively more complex instruments, less familiar instruments,
and potentially volatile instruments, institutions should fully address
pre-purchase analyses in their policies. Price sensitivity analysis is
an effective way to perform the pre-purchase analysis of individual
instruments. For example, a pre-purchase analysis should show the
impact of an immediate parallel shift in the yield curve of plus and
minus 100, 200, and 300 basis points. Where appropriate, such analysis
sould encompass a wider range of scenarios, including non-parallel
changes in the yield curve. A comprehensive analysis may also take into
account other relevant factors, such as changes in interst rate
volatility and changes in credit spreads.
When the incremental effect of an investment position is likely to
have a significant effect on the risk profile of the institution, it is
a sound practice to analyze the effect of such a position on the
overall financial condition of the institution.
Accurately measuring an institution's market risk requires timely
information about the current carrying and market values of its
investments. Accordingly, institutions should have market risk
measurement systems commensurate with the size and nature of these
investments. Institutions with significant holdings of highly complex
instruments should ensure that they have the means to value their
positions. Institutions employing internal models should have adequate
procedures to validate the models and to periodically review all
elements of the modeling process, including its assumptions and risk
measurement techniques. Management relying on third parties for market
risk measurement systems and analyses should ensure that they fully
understand the assumptions and techniques used.
Institutions should provide reports to their boards on the market
risk exposures of their investments on a regular basis. To do so, the
institution may report the market risk exposure of the whole
institution. Alternatively, reports should contain evaluations that
assess trends in aggregate market risk exposure and the performance of
portfolios in terms of established objectives and risk constraints.
They also should identify compliance with board approved limits and
identify any exceptions to established standards. Institutions should
have mechanisms to detect and adequately address exceptions to limits
and guidelines. Management reports on market risk should appropriately
address potential exposures to yield curve changes and other factors
pertinent to the institution's holdings.
Credit Risk
Broadly defined, credit risk is the risk that an issuer or
counterparty will fail to perform on an obligation to the institution.
For many financial institutions, credit risk in the
{{8-31-98 p.5441}}investment portfolio may be low
relative to other areas, such as lending. However, this risk, as with
any other risk, should be effectively identified, measured, monitored,
and controlled.
An institution should not acquire investments or enter into
derivative contracts without assessing the creditworthiness of the
issuer or counterparty. The credit risk arising from these positions
should be incorporated into the overall credit risk profile of the
institution as comprehensively as practicable. Institutions are legally
required to meet certain quality standards (i.e., investment grade) for
security purchases. Many institutions maintain and update ratings
reports from one of the major rating services. For non-rated
securities, institutions should establish guidelines to ensure that the
securities meet legal requirements and that the institution fully
understands the risk involved. Institutions should establish limits on
individual counterparty exposures. Policies should also provide credit
risk and concentration limits. Such limits may define concentrations
relating to a single or related issuer or counterparty, a geographical
area, or obligations with similar characteristics.
In managing credit risk, institutions should consider settlement and
pre-settlement credit risk. These risks are the possibility that a
counterparty will fail to honor its obligation at or before the time of
settlement. The selection of dealers, investment bankers, and brokers
is particularly important in effectively managing these risks. The
approval process should include a review of each firm's financial
statements and an evaluation of its ability to honor its commitments.
An inquiry into the general reputation of the dealer is also
appropriate. This includes review of information from state or federal
securities regulators and industry self-regulatory organizations such
as the National Association of Securities Dealers concerning any formal
enforcement actions against the dealer, its affiliates, or associated
personnel.
The board of directors is responsible for supervision and oversight
of investment portfolio and end-user derivatives activities, including
the approval and periodic review of policies that govern relationships
with securities dealers.
Sound credit risk management requires that credit limits be
developed by personnel who are as independent as practicable of the
acquisition function. In authorizing issuer and counterparty credit
lines, these personnel should use standards that are consistent with
those used for other activities conducted within the institution and
with the organization's over-all policies and consolidated exposures.
Liquidity Risk
Liquidity risk is the risk that an institution cannot easily sell,
unwind, or offset a particular position at a fair price because of
inadequate market depth. In specifying permissible instruments for
accomplishing established objectives, institutions should ensure that
they take into account the liquidity of the market for those
instruments and the effect that such characteristics have on achieving
their objectives. The liquidity of certain types of instruments may
make them inappropriate for certain objectives. Institutions should
ensure that they consider the effects that market risk can have on the
liquidity of different types of instruments under various scenarios.
Accordingly, institutions should articulate clearly the liquidity
characteristics of instruments to be used in accomplishing
institutional objectives.
Complex and illiquid instruments can often involve greater risk than
actively traded, more liquid securities. Oftentimes, this higher
potential risk arising from illiquidity is not captured by standardized
financial modeling techniques. Such risk is particularly acute for
instruments that are highly leveraged or that are designed to benefit
from specific, narrowly defined market shifts. If market prices or
rates do not move as expected, the demand for such instruments can
evaporate, decreasing the market value of the instrument below the
modeled value.
Operational (Transaction) Risk
Operational (transaction) risk is the risk that deficiencies in
information systems or internal controls will result in unexpected
loss. Sources of operating risk include inadequate procedures, human
error, system failure, or fraud. Inaccurately assessing or controlling
operating risks is one of the more likely sources of problems facing
institutions involved in investment activities.
{{8-31-98 p.5442}}
Effective internal controls are the first line of defense in
controlling the operating risks involved in an institution's
investment activities. Of particular importance are internal controls
that ensure the separation of duties and supervision of persons
executing transactions from those responsible for processing contracts,
confirming transactions, controlling various clearing accounts,
preparing or posting the accounting entries, approving the accounting
methodology or entries, and performing revaluations.
Consistent with the operational support of other activities within
the financial institution, securities operations should be as
independent as practicable from business units. Adequate resources
should be devoted, such that systems and capacity are commensurate with
the size and complexity of the institution's investment activities.
Effective risk management should also include, at least, the following:
Valuation. Procedures should ensure independent
portfolio pricing. For thinly traded illiquid securities, completely
independent pricing may be difficult to obtain. In such cases,
operational units may need to use prices provided by the portfolio
manager. For unique instruments where the pricing is being provided by
a single source (e.g., the dealer providing the instrument), the
institution should review and understand the assumptions used to price
the instrument.
Personnel. The increasingly complex nature of
securities available in the marketplace makes it important that
operational personnel have strong technical skills. This will enable
them to better understand the complex financial structures of some
investment instruments.
Documentation. Institutions should clearly define
documentation requirements for securities transactions, saving and
safeguarding important documents, as well as maintaining possession and
control of instruments purchased.
An institution's policies should also provide guidelines for
conflicts of interest for employees who are directly involved in
purchasing and selling securities for the institution from securities
dealers. These guidelines should ensure that all directors, officers,
and employees act in the best interest of the institution. The board
may wish to adopt policies prohibiting these employees from engaging in
personal securities transactions with these same securities firms
without specific prior board approval. The board may also wish to adopt
a policy applicable to directors, officers, and employees restricting
or prohibiting the receipt of gifts, gratuities, or travel expenses
from approved securities dealer firms and their representatives.
Legal Risk
Legal risk is the risk that contracts are not legally enforceable or
documented correctly. Institutions should adequately evaluate the
enforceability of its agreements before individual transactions are
consummated. Institutions should also ensure that the counterparty has
authority to enter into the transaction and that the terms of the
agreement are legally enforceable. Institutions should further
ascertain that netting agreements are adequately documented, executed
properly, and are enforceable in all relevant jurisdictions.
Institutions should have knowledge of relevant tax laws and
interpretations governing the use of these instruments.
[Source:
63 Fed.
Reg. 20191, April 23, 1998, effective May 26,
1998]
3The 1998 Statement does not supersede any other requirements
of the respective agencies' statutory rules, regulations, policies, or
supervisory guidance. Go Back to Text
4Natural person federal credit unions are not permitted to
purchase non-residential mortgage asset-backed securities and may
participate in derivative programs only if authorized by the NCUA. Go Back to Text
5Federal credit unions must comply with the investment
monitoring requirements of 12 C.F.R. § 703.90. See 62 FR
32989 (June 18, 1997). Go Back to Text
[Main Tabs]
[Table of Contents - 5000]
[Index]
[Previous Page]
[Next Page]
[Search]
|