Converging SOX & Treasury Function in Banks

Converging SOX & Treasury Function in Banks

Executive Summary

  1. Introduction
  2. Bank’s Treasury Function
  3. SOX Compliance
  4. Implementation of SOX in Treasury
  5. Advantages of Treasury Automation
  6. Specific areas of Automation
  7. Conclusion

The article is written in an attempt to align the requirements of SOX in the Treasury Function in Banks. SOX compliance is an important requirement for financial reporting and since the treasury function in any bank has major financial reporting implications, it becomes necessary for the Banks to ensure SOX compliance in the treasury sphere cautiously. One of the steps that a Bank must take to ensure compliance is the Automation of controls both at the transaction level and at the reporting level.

Key Issues Covered:

The Article delves into the following areas

  • Understanding Banking Treasury Function
  • SOX on Financial Reporting
  • Aligning SOX and its Implication in Treasury Function in Banks
  • Benefit of Automation
  • Specific areas in Treasury, where Automation is possible

The theme of the Article:

Understanding SOX requirements and its implementation in Treasury Function in Banks

At the Outset:

Taking a Treasury transaction as an example in this article, an attempt is made to set a premise on the close magnetism between two functions (SOX Compliance and Treasury in Banks). Further to the larger extent possible, the practical possibility for the Automation of the treasury function for adhering to SOX requirements is also considered and elaborated.


Treasury is the most important function of any bank thus, it requires due adherence to the requirements under Sarbanes-Oxley Act (SOX). SOX being the most stringent legislation ever in the history of U.S. have implications on Bank’s Treasury function too. SOX requires management to have sufficient Internal Controls over Financial Reporting. Treasury function in a bank has a direct and crucial impact on the financial reporting, which begins from the time the transactions of Investments/Borrowings are entered till the time the same is being reported in the Statement of Affairs.

Treasury requires automation of processes. Once the processes are automated unlike the manual process which is prone to errors, automated systems are immune to such errors. With automation, the controls are embedded in the system, which enables as follows:

  1. a) Minimizing the possibility of human errors
  2. b) In-built checks and balances (Embedded as Application Controls)
  3. c) Quick and timely processing of the transaction with minimal flaws.

Before we actually start delving into the topic, let’s understand the Treasury function in Bank first.

Understanding Bank’s Treasury Function requires the following broad discussions:

1) Treasury Products in Banks

2) Treasury Group/Set-up in Banks

3) Treasury Policies in Banks

4) A typical Deal Life Cycle of a Treasury Transaction

1) Treasury Products in Banks:

Banks’ treasury deals in various products such as

(i) Money Market (which includes Inter Bank Term Deposits, Overnight/Call money (Borrowing & Lending), Commercial Papers, Repo & Reverse Repo, Certificate of Deposits, Money Market Mutual Funds, and Asset/Mortgage-backed securities)

(ii) Foreign Exchange and Interest Rate Market (Including Derivatives) (which includes Spot, Forwards, FX Swaps, FX Options, Interest Rate Swaps, FRAs, Cross Currency IRS, Currency Futures, Interest Rate Caps, Floors, and Collars, etc)

(iii) Debt Instruments (which includes Treasury Bills, G-Secs, and Bonds)

(iv) Credit Derivatives (which include Credit Linked Notes, Collateralized Debt Obligations, Credit Default Swaps, CDS Indices and trenches, and Total return swaps)

2) Treasury Group/Set-up in Banks

(i) Front Office (Activities include the dealing desk transacting on Bank’s own account i.e., Banking Book, or for the Client i.e., Trading Book. Front Office has dealers who book the deals, quote the rates, and are responsible for the profitability of the portfolio)

(ii) Middle/Back Office (A control function that validates the transaction so entered by the front office after confirmation from the client/counterparties. The validation process is followed by the confirmation and final settlement with subsequent reporting internally and externally to the regulator’s specific information about the deal transaction. The Middle/Back Office comprises (a) the Operations team and (b) the Accounting team.)

(iii) Reconciliation (This function includes the activities of day-end reconciliation of deal details, profit and loss, and other trade-related aspects)

(iv) Business Compliance and Product Group (This group ensures the day-to-day compliance and product requirements which may be related to the front or middle/back office.)

(3) Treasury Policies in Banks:

(i) Investment Policy: Is framed to ensure that operations in securities, foreign exchange, and derivatives are conducted in accordance with sound and acceptable business practices.

(ii) Credit Policy: Prepared with the objective to build a diversified good asset quality portfolio and optimize the risk-return profile with adequate exit options

(iii) Code of Conduct for Dealers: Framed to facilitate the dealers of the Bank to comply with the requirements of Confidentiality, system access requirements, Privacy about the client’s information, market conduct, normal dealing principles, and general risk management principles on segregation of duties, etc

(iv) Asset and Liability Management Policy: Helps to facilitate the achievement of the Bank’s business objective, while maintaining the market risk at prudent levels and ensuring adequate liquidity at reasonable cost. Primarily, the ALM policy covers the Liquidity, interest rate risk including price risk in the trading book.

(iv) A typical deal life cycle of the Treasury Transaction

In a typical treasury function, the transaction flow can be outlined in the following 15 Steps:

Step Transaction Flow Risk Classification Process Owner Remarks
1 KYC Compliance Business Group KYC means Know Your Customer. It requires to have robust identification & verification process for clients
2 Legal Documentation Legal Business Group (assisted by Legal Department) Certain standard terms and conditions are to be vetted by Legal before the business group starts executing the transaction with the client
3 Creating Client’s Account in the Front end system Operational Middle & Back Office After the documentations are over to regularly transact with the client in the future, the Client’s account is created in the Front end system which will help the Front Office i.e., the Dealers in recognizing and executing the business. Additionally, limits are set for the clients in the front-end system
4 Collateral/Margin Trading Credit Front Office/Dealing Desk Wherever the regulator allows trading on the basis of Margins/Collaterals, the system needs to be made capable of capturing such details
5 Creating Folders in the Front end system Operational Front Office Folders are created product-wise to differentiate products and also to identify trading and banking book
6 Deal Booking Financial Front Office The actual treasury transaction starts from Booking a deal  with the Client (maybe Corporate, Inter-bank, or Individuals, already having limits with us) by the Dealer or through the BrokerThe Deal may be for MM/IAM/FX/Derivatives/Credit Derivatives etc.
7 Deal Capture Operational Front Office After deal terms are finalized with the client  (which is over the phone or Reuter’s conversations), deal details such as exchange rate, currency, trade date, value date, etc are entered into the front-end system
8 Deal Validation Operational Middle Office & Back Office As a control, trade done by the front office is checked by the Middle Office & Back Office, they verify the terms and do the double validation of the trade
9 Deal Confirmation Operational Middle Office & Back Office Middle Office & Back Office with the confirmation details as received from the client, confirms the trade. In this step, SWIFT Messages or fax is sent to the client. SWIFT may be auto-generated through some system which may be an interface to front-end and back-end reporting system
10 Deal Settlement Operational/Credit Middle Office & Back Office Deals are settled and intimated to the client through SWIFT or fax messages. Standard settlement instructions are sent to the clients.
11 P& L Reconciliation Operational Middle Office & Back Office This is a month-end activity where trades are reconciled
12 Deal roll-over, Deal cancellation, and Early Utilization Operational Middle Office & Back Office Based on the list of deals due for delivery the middle & back office either rollovers, cancels, and do early utilization transactions
13 Accounting Financial Middle Office & Back Office Once the deal is validated, confirmed, and settled, the Accounting entries are generated, which are automated in the system. Accounting entries are based on IFRS or US GAAPs and also based on country-specific requirements.
14 Valuations/Reporting Financial Middle Office & Back Office All transactions are valued taking the appropriate rate and accordingly reported internally as well externally. For credit derivatives products, valuation (MTM) is done on a monthly basis and any profit/loss from valuation is adjusted with Profit and loss a/c
15 Statutory/Regulatory Compliance Compliance Middle Office & Back Office Various regulators require information to be provided on a daily, weekly, and monthly basis. The information may be related to Currency positions, forex deals, etc. This is the last step in the journey of a treasury transaction.

SOX Compliance

U.S. investors really saw the bad phase in the financial market with the collapse of big companies like Enron & WorldCom. It took almost 68 years to establish the most far-reaching and stringent provisions in the history of U.S. Legislations SOX, since the days when the Securities Exchange Act 1934 was passed. The SOX Act establishes robust provisions on Corporate Accountability and penalties for Corporate Fraud.  The Act applies to all Public Companies listed with SEC and Foreign Private Issuers and their home operations

The Act requires CEO/CFOs to (a) ensure accurate design for Internal Control, (b) also ensure timely operations of Internal Controls. The dire consequences of noncompliance with SOX requirements are directly on CEO/CFOs. Under the Corporate Responsibility for financial reporting, any certification and willful certification would entail a fine of $ 1,000,000 or imprisons up to 10 years or both and a fine of $ 5,000,000 or imprisonment up to 20 years or both respectively.

Since the CEOs/CFOs are not directly responsible for the implementation of adequate Internal Control over Financial Reporting, it is important for them to look for the appropriate Internal Control Framework.

Presently, there are two internationally recognized internal control frameworks that facilitate in creating the internal control environment. The brief details are as below

(1) Committee of Sponsoring Organizations of the Treadway Commission (COSO), which was formed with joint funding by five main professional accounting associations and institutes.

  1. American Institute of Certified Public Accountants (AICPA)
  2. American Accounting Association (AAA)
  3. Financial Executives International (FEI)
  4. Institute of Internal Auditors (IIA)
  5. Institute of Management Accountants (IMA)

The Committee prescribes the internal control framework which comprises of five key components as below:

  1. Control Environment
  2. Risk Assessment
  3. Control Activities
  4. Information & Communication
  5. Monitoring

(2) COBIT, Control Objectives for Information and related Technology as created by Information Technology Governance Institute (ITGI). COBIT is an Information Technology standard that defines IT Controls which can be helpful in SOX Compliance. The IT Governance Institute was founded and began an initiative around the subject area of IT governance, which is focused on the COBIT framework, its processes, control objectives, and maturity models. COSO is an accounting standard, not an information technology standard whereas CobiT is IT Standard. It should be noted that COSO covers all aspects of CobiT, at the same time it can be specified that CobiT is specific to IT. In addition, ITGI Institute issued the Control Objectives for Sarbanes-Oxley, which is tailor-made for SOX for ensuring better control with IT control objectives in place.

The SOX Act which has undergone a recent change has also removed the requirement of use of COSO Framework. Thus, it is the discretion of the organizations to adopt a suitable Internal Control framework according to its need.

Implementation of SOX in Treasury

Many banks are realizing enhanced treasury controls through the automation of system and process flow resulting in compliance with the requirements of SOX. As the COBIT framework is a control standard with the convergence of information technology, banks would definitely use this to their advantage. Additionally, COSO also prescribes the control attributes which can be embedded as a control in the treasury function for better control.

Under SOX, banks have the challenge to create a robust “Internal Control Environment”. With manual processes the control environment cannot be compliant in all respect as far as SOX requirements are concerned, thus it’s the bank’s responsibility to automate the controls in the treasury sphere to the extent possible to ensure proper compliance.

There are numerous reasons which vote for the implementation of SOX requirement in treasury.

They are:

(i) Mitigating the Operations Risk (both at the product and the process level)

(ii) Treasury has a large financial implication; a small mistake in dealing with the transaction may wipe out the net worth of the Bank and may impact the profitability

(iii) The large volume of trades

(iv) Clients money involved, not handled adequately may result in litigations and legal risk

(v) Necessary that the “Design’ and the “Operations of the control” internally are appropriate.

Advantages of Treasury Automation

Effective treasury management demands strong system support- it is no longer viable to rely on outdated and fragmented systems. Treasuries are increasingly integrating systems for cash reporting and forecasting, risk management, market information, transaction processing, dealing, and banking. From the complex calculations required for understanding a derivatives transaction to simple interest accruals; from VaR computations to identification of non-performing investment, the organization has to be satisfied that controls are adequately deployed such that the computer system is performing as desired and the outputs generated are free from material error. A few systems globally used for treasury are as follows:

(i) Kondor + – Deployed by Reuters. It is a deal capture, position-keeping, and pricing system.

(ii) Reuters 3000 Xtra: It gives users a commanding view of the global real-time financial arena and provides a combination of news, information, and insights as well as access to the global Reuters trading community.

(iii) Murex: Developed by Murex, Equip the treasury department with a comprehensive treasury solution enabling real-time analysis, access to derivatives, global risk and limits management, full processing, and accounting conforming to the most recent regulations

(iv) Society for World Wide Interbank Financial Telecommunication (SWIFT): It is the industry-owned co-operative supplying secure, standardized messaging service and interface software to over 8100 financial institutions in 208 countries and territories. SWIFT Members include banks, brokers, dealers, and investment bankers. It is the messaging service exchanged between the market participants.

Still, the various advantages of treasury automation are enumerated below:

  • Reduced Human Errors
  • Quick access and retrieval of Information
  • CFO or the Senior Management can have online access to facts and figures relating to the treasury (ex Net Open Operating Position for foreign currency or the Aggregate Gap limit etc)
  • Regulatory Reporting-with automated controls, daily, weekly or monthly reporting to regulators is also done without risk of reporting any wrong information

Let’s make an analysis of the end-to-end treasury transaction and assess what all processes can be automated.

Step Transaction Flow Whether can be Automated or not? Possibility Remarks
1 KYC Yes Considering the Regulatory permission as non-face-to-face KYC is not allowed by many regulators in view of AML issues. If automated, clients can submit their documents directly through an online mechanism
2 Legal Documentation No Need to be seen, read, and signed in evidence
3 Creating Client’s Account in the Front end system Yes With the support of Information Technology (“IT”)
4 Collateral/Margin Trading Yes Automated messages can be sent to clients if money shortfalls in the account, also the system will not allow entering transactions unless a % balance amount is not available in the account
5 Creating Folders in the Front end system Yes With the Support of IT
6 Deal Booking Partially It involves manual entries in the system
7 Deal Capture Partially It involves manual entries in the system
8 Deal Validation Partially It involves cross-verification of information (Deal ticket  as generated from the front-end system with the Client’s confirmation received through Fax, Reuters, or mail)
9 Deal Confirmation Partially It involves interaction with the Client
10 Deal Settlement Partially It involves manual entries in the system based on information from the Client
11 P&L  Reconciliation Yes With the Support of IT
12 Deal roll-over, Deal cancellation, and Early Utilization Partially It involves manual entries in the system based on information from Client
13 Accounting Yes With the Support of IT
14 Valuations/Reporting Yes With the Support of IT
15 Statutory/Regulatory Compliance Yes With the Support of IT

Automation enables treasury departments to improve the effectiveness of their internal controls. Compliance efforts are streamlined by eliminating highly manual and labor-intensive control procedures that are the sources of errors, omissions, or fraud risks. From SOX’s perspective, the benefits of treasury process automation are two-fold. Firstly, the system provides greater automated controls as it replaces labor-intensive manual processes and controls. Secondly, it improves information sharing with the regulator

Specific Areas of Automation

Monitoring Client’s exposure – Most treasury deals are large in volume and with Banks, Corporate, or Business houses. Thus, the exposure (which may be product-wise or Dealer wise) is to be created in the system. When the dealer enters the deal for the client (also called Counter Party), the automated system will show him the present limit that the client has and further to what volume the transaction can be executed. The system will not allow the deal entry if the limit is not sufficient in the account of the client. Dealer may have to take approval from Senior Dealer for entering a transaction that exceeds the limit specified in the system. By automating these process chances of transaction exceeding the limits to a client is avoided completely.

Accounting Entries – With the International Financial Reporting System (IFRS) coming into the picture, the biggest challenge for the treasury is to automate the posting of accounting entries. With the automated system, deal-wise entries, and currency-wise account details, Trail balance can be retrieved easily.

Mark to Market (“MTM”) – All product and portfolios which are held for trading needs to be marked to market considering the daily closing rates to arrive at the market value as of date. Any plus/minus in the portfolio after MTM shall be booked into the profit & loss account.

Regulatory Reporting

In the treasury, various reports are required to be sent to regulators on currency open positions, asset–liability positions, deal details, futures, option positions, etc. As much as possible the regulatory returns must be automated for the accuracy of information submitted to regulators.

Automation of Daily Transaction Reports (DTR)

In the Daily Transaction report, the portfolio details and the profit and loss and being highlighted for the information of management. If the DTR gets automated the accuracy of the information disclosed on a daily basis to senior management also improves and the chances of wrong reports get eliminated.

Risk Monitoring Reports:

Market risk, liquidity risk, and operational risk at the treasury are also reported with close help from the Risk Management team. On Automation the figures of Value at Risk, derivative, and Bonds valuation models accurately show the correct picture of the treasury portfolio.


Banks faced with the SOX requirements are trying to gain overall control over the Compliance process for Treasury. The effort requires mapping the processes in the entire treasury function starting from introducing a client to the bank till the time the transaction is settled and reported. In each of these stages, the “risk” is to be identified, and “existing controls” are to be countered with the risk. The result of such mapping will be (a) existing controls are not sufficient or (b) existing controls are sufficient. In situation (a) when the existing controls are not sufficient, the internal controls need to be strengthened with robust automated controls mechanism which could be possible using the COBIT framework, and in situation (b) when the existing controls are sufficient; the internal controls to be further looked into to tackle any chance of error. In both situations, the actual walkthrough of these processes along with the adequate sampling techniques, needs to be carried out which will form the base of reporting on Internal Controls over Financial Reporting.

Though RBI has not categorically mentioned automation in the regulations outlined the intent as far as quality is concerned relating to treasury may not be compromised by them while conducting their inspection. Whereas, internationally the automation of treasury systems is great on demand for the sake of reduced transaction execution time and accuracy of the information.

The brief chart below the significance of Automation requirements domestically and internationally:

Sn Geography Implication Explicitly required Regulatory inspection impact
1 Domestically Partly for Automation No, but a quality perspective required High
2 Internationally Fully for Automation Yes Medium


Abhishek R Sharma

Published in SEBI and Corporate Laws Journal – June 1 to 7, 2009.

Leave a Comment

Your email address will not be published. Required fields are marked *