|
[Main Tabs]
[Table of Contents - 5000]
[Index]
[Previous Page]
[Next Page]
[Search]
5000 - Statements of Policy
{{2-28-07 p.5376.01}}
INTERAGENCY STATEMENT ON SOUND PRACTICES CONCERNING ELEVATED RISK
COMPLEX STRUCTURED FINANCE ACTIVITIES
I. Introduction
Financial markets have grown rapidly over the past decade, and
innovations in financial instruments have facilitated the structuring
of cash flows and allocation of risk among creditors, borrowers and
investors in more efficient ways. Financial derivatives for market and
credit risk, asset-backed securities with customized cash flow
features, specialized financial conduits that manage pools of assets
and other types of structured finance transactions serve important
business purposes, such as diversifying risks, allocating cash flows,
and reducing cost of capital. As a result, structured finance
transactions now are an essential part of U.S. and international
capital markets. Financial institutions have played and continue to
play an active and important role in the development of structured
finance products and markets, including the market for the more complex
variations of structured finance products.
When a financial institution participates in a complex structured
finance transaction ("CSFT"), it bears the usual market, credit,
and operational risks associated with the transaction. In some
circumstances, a financial institution also may face heightened legal
or reputational risks due to its involvement in a CSFT. For example, in
some circumstances, a financial institution may face heightened legal
or reputational risk if a customer's regulatory, tax or accounting
treatment for a CSFT, or disclosures to investors concerning the CSFT
in the customer's public filings or financial statements, do not
comply with applicable laws, regulations or accounting principles.
Indeed, in some instances, CSFTs have been used to misrepresent a
customer's financial condition to investors, regulatory authorities
and others. In these situations, investors have been harmed, and
financial institutions have incurred significant legal and reputational
exposure. In addition to legal risk, reputational risk poses a
significant threat to financial institutions because the nature of
their business requires them to maintain the confidence of customers,
creditors and the general marketplace.
The Office of the Comptroller of the Currency, the Office of Thrift
Supervision, the Board of Governors of the Federal Reserve System, the
Federal Deposit Insurance Corporation, and the Securities and Exchange
Commission (the "Agencies") have long expected financial
institutions to develop and maintain robust control infrastructures
that enable them to identify, evaluate and address the risks associated
with their business activities. Financial institutions also must
conduct their activities in accordance with applicable statutes and
regulations.
II. Scope and Purpose of Statement
The Agencies are issuing this Statement to describe the types of
risk management principles that we believe may help a financial
institution to identify CSFTs that may pose heightened legal or
reputational risks to the institution ("elevated risk CSFTs") and
to evaluate, manage and address these risks within the institution's
internal control framework. 1
Structured financial transactions encompass a broad array of
products with varying levels of complexity. Most structured finance
transactions, such as standard public mortgage-
{{2-28-07 p.5376.02}}backed securities transactions,
public securitizations of retail credit cards, asset-backed commercial
paper conduit transactions, and hedging-type transactions involving
"plain vanilla" derivatives and collateralized loan obligations,
are familiar to participants in the financial markets, and these
vehicles have a well-established track record. These transactions
typically would not be considered CSFTs for the purpose of this
Statement.
Because this Statement focuses on sound practices related to CSFTs
that may create heightened legal or reputational risks--transactions
that typically are conducted by a limited number of large financial
institutions--it will not affect or apply to the vast majority of
financial institutions, including most small institutions. As in all
cases, a financial institution should tailor its internal controls so
that they are appropriate in light of the nature, scope, complexity and
risks of its activities. Thus, for example, an institution that is
actively involved in structuring and offering CSFTs that may create
heightened legal or reputational risk for the institution should have a
more formalized and detailed control framework than an institution that
participates in these types of transactions less frequently. The
internal controls and procedures discussed in this Statement are not
all inclusive, and, in appropriate circumstances, an institution may
find that other controls, policies, or procedures are appropriate in
light of its particular CSFT activities.
Because many of the core elements of an effective control
infrastructure are the same regardless of the business line involved,
this Statement draws heavily on controls and procedures that the
Agencies previously have found to be effective in assisting a financial
institution to manage and control risks and identifies ways in which
these controls and procedures can be effectively applied to elevated
risk CSFTs. Although this Statement highlights some of the most
significant risks associated with elevated risk CSFTs, it is not
intended to present a full exposition of all risks associated with
these transactions. Financial institutions are encouraged to refer to
other supervisory guidance prepared by the Agencies for further
information concerning market, credit, operational, legal and
reputational risks as well as internal audit and other appropriate
internal controls.
This Statement does not create any private rights of action, and
does not alter or expand the legal duties and obligations that a
financial institution may have to a customer, its shareholders or other
third parties under applicable law. At the same time, adherence to the
principles discussed in this Statement would not necessarily insulate a
financial institution from regulatory action or any liability the
institution may have to third parties under applicable law.
III. Identification and Review of Elevated Risk Complex
Structured Finance Transactions
A financial institution that engages in CSFTs should maintain a set
of formal, written, firm-wide policies and procedures that are designed
to allow the institution to identify, evaluate, assess, document, and
control the full range of credit, market, operational, legal and
reputational risks associated with these transactions. These policies
may be developed specifically for CSFTs, or included in the set of
broader policies governing the institution generally. A financial
institution operating in foreign jurisdictions may tailor its policies
and procedures as appropriate to account for, and comply with, the
applicable laws, regulations and standards of those
jurisdictions. 2
A financial institution's policies and procedures should establish
a clear framework for the review and approval of individual CSFTs.
These policies and procedures should set forth the responsibilities of
the personnel involved in the origination, structuring, trading,
review, approval, documentation verification, and execution of CSFTs.
Financial institutions may find it helpful to incorporate the review of
new CSFTs into their existing new product policies. In this regard, a
financial institution should define what constitutes a "new"
complex structured finance product and establish a control process for
the approval of such
{{2-28-07 p.5376.03}}new products. In determining whether
a CSFT is new, a financial institution may consider a variety of
factors, including whether it contains structural or pricing variations
from existing products, whether the product is targeted at a new class
of customers, whether it is designed to address a new need of
customers, whether it raises significant new legal, compliance or
regulatory issues, and whether it or the manner in which it would be
offered would materially deviate from standard market practices. An
institution's policies should require new complex structured finance
products to receive the approval of all relevant control areas that are
independent of the profit center before the product is offered to
customers.
A. Identifying Elevated Risk CSFTs
As part of its transaction and new product approval controls, a
financial institution should establish and maintain policies,
procedures and systems to identify elevated risk CSFTs. Because of the
potential risks they present to the institution, transactions or new
products identified as elevated risk CSFTs should be subject to
heightened reviews during the institution's transaction or new product
approval processes. Examples of transactions that an institution may
determine warrant this additional scrutiny are those that (either
individually or collectively) appear to the institution during the
ordinary course of its transaction approval or new product approval
process to:
Lack economic substance or business purpose;
Be designed or used primarily for questionable accounting,
regulatory, or tax objectives, particularly when the transactions are
executed at year end or at the end of a reporting period for the
customer;
Raise concerns that the client will report or disclose the
transaction in its public filings or financial statements in a manner
that is materially misleading or inconsistent with the substance of the
transaction or applicable regulatory or accounting requirements;
Involve circular transfers of risk (either between the
financial institution and the customer or between the customer and
other related parties) that lack economic substance or business
purpose;
Involve oral or undocumented agreements that, when taken into
account, would have a material impact on the regulatory, tax, or
accounting treatment of the related transaction, or the client's
disclosure obligations; 3
Have material economic terms that are inconsistent with market
norms (e.g., deep "in the money" options or historic
rate rollovers); or
Provide the financial institution with compensation that
appears substantially disproportionate to the services provided or
investment made by the financial institution or to the credit, market
or operational risk assumed by the institution.
The examples listed previously are provided for illustrative
purposes only, and the policies and procedures established by financial
institutions may differ in how they seek to identify elevated risk
CSFTs. The goal of each institution's policies and procedures,
however, should remain the same--to identify those CSFTs that warrant
additional scrutiny in the transaction or new product approval process
due to concerns regarding legal or reputational risks.
Financial institutions that structure or market, act as an advisor
to a customer regarding, or otherwise play a substantial role in a
transaction may have more information concerning the customer's
business purpose for the transaction and any special accounting, tax or
financial disclosure issues raised by the transaction than institutions
that play a more limited role. Thus, the ability of a financial
institution to identify the risks associated with an elevated risk CSFT
may differ depending on its role.
{{2-28-07 p.5376.04}}
B. Due Diligence, Approval and Documentation Process for Elevated
Risk CSFTs
Having developed a process to identify elevated risk CSFTs, a
financial institution should implement policies and procedures to
conduct a heightened level of due diligence for these transactions. The
financial institution should design these policies and procedures to
allow personnel at an appropriate level to understand and evaluate the
potential legal or reputational risks presented by the transaction to
the institution and to manage and address any heightened legal or
reputational risks ultimately found to exist with the transaction.
Due Diligence. If a CSFT is identified as an elevated
risk CSFT, the institution should carefully evaluate and take
appropriate steps to address the risks presented by the transaction
with a particular focus on those issues identified as potentially
creating heightened levels of legal or reputational risk for the
institution. In general, a financial institution should conduct the
level and amount of due diligence for an elevated risk CSFT that is
commensurate with the level of risks identified. A financial
institution that structures or markets an elevated risk CSFT to a
customer, or that acts as an advisor to a customer or investors
concerning an elevated risk CSFT, may have additional responsibilities
under the federal securities laws, the Internal Revenue Code, state
fiduciary laws or other laws or regulations and, thus, may have greater
legal and reputational risk exposure with respect to an elevated risk
CSFT than a financial institution that acts only as a counterparty for
the transaction. Accordingly, a financial institution may need to
exercise a higher degree of care in conducting its due diligence when
the institution structures or markets an elevated risk CSFT or acts as
an advisor concerning such a transaction than when the institution
plays a more limited role in the transaction.
To appropriately understand and evaluate the potential legal and
reputational risks associated with an elevated risk CSFT that a
financial institution has identified, the institution may find it
useful or necessary to obtain additional information from the customer
or to obtain specialized advise from qualified in-house or outside
accounting, tax, legal, or other professionals. As with any
transaction, an institution should obtain satisfactory responses to its
material questions and concerns prior to consummation of a
transaction. 4
In conducting its due diligence for an elevated risk CSFT, a
financial institution should independently analyze the potential risks
to the institution from both the transaction and the institution's
overall relationship with the customer. Institutions should not
conclude that a transaction identified as being an elevated risk CSFT
involves minimal or manageable risks solely because another financial
institution will participate in the transaction or because of the size
or sophistication of the customer or counterparty. Moreover, a
financial institution should carefully consider whether it would be
appropriate to rely on opinions or analyses prepared by or for the
customer concerning any significant accounting, tax or legal issues
associated with an elevated risk CSFT.
Approval Process. A financial institution's policies and
procedures should provide that CSFTs identified as having elevated
legal or reputational risk are reviewed and approved by appropriate
levels of control and management personnel. The designated approval
process for such CSFTs should include representatives from the relevant
business line(s) and/or client management, as well as from appropriate
control areas that are independent of the business line(s) involved in
the transaction. The personnel responsible for approving an elevated
risk CSFT on behalf of a financial institution should have sufficient
experience, training and stature within the organization to evaluate
the legal and reputational risks, as well as the credit, market and
operational risks to the institution.
The institution's control framework should have procedures to
deliver the necessary or appropriate information to the personnel
responsible for reviewing or approving an elevated risk CSFT to allow
them to properly perform their duties. Such information may include,
for example, the material terms of the transaction, a summary of the
institution's relationship with the customer, and a discussion of the
significant legal, reputational, credit, market and operational risks
presented by the transaction.
{{2-28-07 p.5376.05}}
Some institutions have established a senior management committee
that is designed to involve experienced business executives and senior
representatives from all of the relevant control functions within the
financial institution (including such groups as independent risk
management, tax, accounting, policy, legal, compliance, and financial
control) in the oversight and approval of those elevated risk CSFTs
that are identified by the institution's personnel as requiring senior
management review and approval due to the potential risks associated
with the transactions. While this type of management committee may not
be appropriate for all financial institutions, a financial institution
should establish processes that assist the institution in consistently
managing the review and approval of elevated risk CSFTs on a firm-wide
basis. 5
If, after evaluating an elevated risk CSFT, the financial
institution determines that its participation in the CSFT would create
significant legal or reputational risks for the institution, the
institution should take appropriate steps to address those risks. Such
actions may include declining to participate in the transaction, or
conditioning its participation upon the receipt of representations or
assurances from the customer that reasonably address the heightened
legal or reputation risks presented by the transaction. Any
representations or assurances provided by a customer should be obtained
before a transaction is executed and be received from, or approved by,
an appropriate level of the customer's management. A financial
institution should decline to participate in an elevated risk CSFT if,
after conducting appropriate due diligence and taking appropriate steps
to address the risks from the transaction, the institution determines
that the transaction presents unacceptable risk to the institution or
would result in a violation of applicable laws, regulations or
accounting principles.
Documentation. The documentation that financial
institutions use to support CSFTs is often highly customized for
individual transactions and negotiated with the customer. Careful
generation, collection and retention of documents associated with
elevated risk CSFTs are important control mechanisms that may help an
institution monitor and manage the legal, reputational, operational,
market, and credit risks associated with the transactions. In addition,
sound documentation practices may help reduce unwarranted exposure to
the financial institution's reputation.
A financial institution should create and collect sufficient
documentation to allow the institution to:
Document the material terms of the transaction;
Enforce the material obligations of the counterparties;
Confirm that the institution has provided the customer any
disclosures concerning the transaction that the institution is
otherwise required to provide; and
Verify that the institution's policies and procedures are
being followed and allow the internal audit function to monitor
compliance with those policies and procedures.
When an institution's policies and procedures require an elevated
risk CSFT to be submitted for approval to senior management, the
institution should maintain the transaction-related documentation
provided to senior management as well as other documentation, such as
minutes of the relevant senior management committee, that reflect
senior management's approval (or disapproval) of the transaction, any
conditions imposed by senior management, and the factors considered in
taking such action. The institution should retain documents created for
elevated risk CSFTs in accordance with its record retention policies
and procedures as well as applicable statutes and regulations.
C. Other Risk Management Principles for Elevated Risk CSFTs
General Business Ethics. The board and senior management
of a financial institution also should establish a "tone at the
top" through both actions and formalized policies that sends a
strong message throughout the financial institution about the
importance of compliance with the law and overall good business ethics.
The board and senior management should
{{2-28-07 p.5376.06}}strive to create a firm-wide
corporate culture that is sensitive to ethical or legal issues as well
as the potential risks to the financial institution that may arise form
unethical or illegal behavior. This kind of culture coupled with
appropriate procedures should reinforce business-line ownership of risk
identification, and encourage personnel to move ethical or legal
concerns regarding elevated risk CSFTs to appropriate levels of
management. In appropriate circumstances, financial institutions may
also need to consider implementing mechanisms to protect personnel by
permitting the confidential disclosure of
concerns. 6
As in other areas of financial institution management, compensation and
incentive plans should be structured, in the context of elevated risk
CSFTs, so that they provide personnel with appropriate incentives to
have due regard for the legal, ethical and reputational risk interests
of the institution.
Reporting. A financial institution's policies and
procedures should provide for the appropriate levels of management and
the board of directors to receive sufficient information and reports
concerning the institution's elevated risk CSFTs to perform their
oversight functions.
Monitoring Compliance with Internal Policies and Procedures.
The events of recent years evidence the need for an effective
oversight and review program for elevated risk CSFTs. A financial
institution's program should provide for periodic independent reviews
of its CSFT activities to verify and monitor that its policies and
controls relating to elevated risk CSFTs are being implemented
effectively and that elevated risk CSFTs are accurately identified and
received proper approvals. These independent reviews should be
performed by appropriately qualified audit, compliance or other
personnel in a manner consistent with the institution's overall
framework for compliance monitoring, which should include consideration
of issues such as the independence of reviewing personnel from the
business line. Such monitoring may include more frequent assessments of
the risk arising from elevated risk CSFTs, both individually and within
the context of the overall customer relationship, and the results of
this monitoring should be provided to an appropriate level of
management in the financial institution.
Audit. The internal audit department of any financial
institution is integral to its defense against fraud, unauthorized risk
taking and damage to the financial institution's reputation. The
internal audit department of a financial institution should regularly
audit the financial institution's adherence to its own control
procedures relating to elevated risk CSFTs, and further assess the
adequacy of its policies and procedures related to elevated risk CSFTs.
Internal audit should periodically validate the business lines and
individual employees are complying with the financial institution's
standards for elevated risk CSFTs and appropriately identifying any
exceptions. This validation should include transaction testing for
elevated risk CSFTs.
Training. An institution should identify relevant
personnel who may need specialized training regarding CSFTs to be able
to effectively perform their oversight and review responsibilities.
Appropriate training on the financial institution's policies and
procedures for handling elevated risk CSFTs is critical. Financial
institution personnel involved in CSFTs should be familiar with the
institution's policies and procedures concerning elevated risk CSFTs,
including the processes established by the institution for
identification and approval of elevated risk CSFTs and new complex
structured finance products and for the elevation of concerns regarding
transactions or products to appropriate levels of management. Financial
institution personnel involved in CSFTs should be trained to identify
and properly handle elevated risk CSFTs that may result in a violation
of law.
IV. Conclusion
Structured finance products have become an essential and important
part of the U.S. and international capital markets, and financial
institutions have played an important role in the
{{2-28-07 p.5376.07}}development of structured finance
markets. In some instances, however, CSFTs have been used to
misrepresent a customer's financial condition to investors and others,
and financial institutions involved in these transactions have
sustained significant legal and reputational harm. In light of the
potential legal and reputational risks associated with CSFTs, a
financial institution should have effective risk management and
internal control systems that are designed to allow the institution to
identify elevated risk CSFTs, to evaluate, manage and address the risks
arising from such transactions, and to conduct those activities in
compliance with applicable law.
[Source: 72 Fed. Reg. 1377, January 11, 2007]
[The page following this is 5377.]
1 As used in this Statement, the term "financial
institution" or "institution" refers to national banks in the
case of the Office of the Comptroller of the Currency; federal and
state savings associations and savings and loan holding companies in
the case of the Office of Thrift Supervision; state member banks and
bank holding companies (other than foreign banking organizations) in
the case of the Federal Reserve Board; state nonmember banks in the
case of the Federal Deposit Insurance Corporation; and registered
broker-dealers and investment advisers in the case of the Securities
and Exchange Commission. The U.S. branches and agencies of foreign
banks supervised by the Office of the Comptroller, the Federal Reserve
Board and the Federal Deposit Insurance Corporation also are considered
to be financial institutions for purposes of this Statement. Go Back to Text
2 In the case of U.S. branches and agencies of foreign banks,
these policies, including management, review and approval requirements,
should be coordinated with the foreign bank's group-wide policies
developed in accordance with the rules of the foreign bank's home
country supervisor and should be consistent with the foreign bank's
overall corporate and management structure as well as its framework for
risk management and internal controls. Go Back to Text
3 This item is not intended to include traditional,
non-binding "comfort" letters or assurances provided to financial
institutions in the loan process where, for example, the parent of a
loan customer states that the customer states that the customer
(i.e., the parent's subsidiary) is an integral and
important part of the parent's operations. Go Back to Text
4 Of course, financial institutions also should ensure that
their own accounting for transactions complies with applicable
accounting standards, consistently applied. Go Back to Text
5 The control processes that a financial institution
establishes for CSFTs should take account of, and be consistent with,
any informational barriers established by the institution to manage
potential conflicts of interest, insider trading or other concerns. Go Back to Text
6 The agencies note that the Sarbanes-Oxley Act of 2002
requires companies listed on a national securities exchange or
inter-dealer quotation system of a national securities association to
establish procedures that enable employees to submit concerns regarding
questionable accounting or auditing matters on a confidential anonymous
basis. See 15 U.S.C.
78j--l(m). Go Back to Text
[Main Tabs]
[Table of Contents - 5000]
[Index]
[Previous Page]
[Next Page]
[Search]
|