Converging SOX & Treasury Function in Banks

Executive Summary

1. Introduction
2. Bank’s Treasury Function
3. SOX Compliance
4. Implementation of SOX in Treasury
5. Advantages of Treasury Automation
6. Specific areas of Automation
7. Conclusion

The article is written in an attempt to align the requirements of SOX in the Treasury Function in Banks. SOX compliance is an important requirement for financial reporting and since the treasury function in any bank has major financial reporting implications, it becomes necessary for the Banks to ensure SOX compliance in the treasury sphere cautiously. One of the steps that a Bank must take to ensure compliance is the Automation of controls both at the transaction level and at the reporting level.

Key Issues Covered:

The Article delves into the following areas

• Understanding Banking Treasury Function
• SOX on Financial Reporting
• Aligning SOX and its Implication in Treasury Function in Banks
• Benefit of Automation
• Specific areas in Treasury, where Automation is possible

The theme of the Article:

Understanding SOX requirements and its implementation in Treasury Function in Banks

At the Outset:

Taking a Treasury transaction as an example in this article, an attempt is made to set a premise on the close magnetism between two functions (SOX Compliance and Treasury in Banks). Further to the larger extent possible, the practical possibility for the Automation of the treasury function for adhering to SOX requirements is also considered and elaborated.

Introduction

Treasury is the most important function of any bank thus, it requires due adherence to the requirements under Sarbanes-Oxley Act (SOX). SOX being the most stringent legislation ever in the history of U.S. have implications on Bank’s Treasury function too. SOX requires management to have sufficient Internal Controls over Financial Reporting. Treasury function in a bank has a direct and crucial impact on the financial reporting, which begins from the time the transactions of Investments/Borrowings are entered till the time the same is being reported in the Statement of Affairs.

Treasury requires automation of processes. Once the processes are automated unlike the manual process which is prone to errors, automated systems are immune to such errors. With automation, the controls are embedded in the system, which enables as follows:

1. a) Minimizing the possibility of human errors
2. b) In-built checks and balances (Embedded as Application Controls)
3. c) Quick and timely processing of the transaction with minimal flaws.

Before we actually start delving into the topic, let’s understand the Treasury function in Bank first.

Understanding Bank’s Treasury Function requires the following broad discussions:

1) Treasury Products in Banks

2) Treasury Group/Set-up in Banks

3) Treasury Policies in Banks

4) A typical Deal Life Cycle of a Treasury Transaction

1) Treasury Products in Banks:

Banks’ treasury deals in various products such as

(i) Money Market (which includes Inter Bank Term Deposits, Overnight/Call money (Borrowing & Lending), Commercial Papers, Repo & Reverse Repo, Certificate of Deposits, Money Market Mutual Funds, and Asset/Mortgage-backed securities)

(ii) Foreign Exchange and Interest Rate Market (Including Derivatives) (which includes Spot, Forwards, FX Swaps, FX Options, Interest Rate Swaps, FRAs, Cross Currency IRS, Currency Futures, Interest Rate Caps, Floors, and Collars, etc)

(iii) Debt Instruments (which includes Treasury Bills, G-Secs, and Bonds)

(iv) Credit Derivatives (which include Credit Linked Notes, Collateralized Debt Obligations, Credit Default Swaps, CDS Indices and trenches, and Total return swaps)

2) Treasury Group/Set-up in Banks

(i) Front Office (Activities include the dealing desk transacting on Bank’s own account i.e., Banking Book, or for the Client i.e., Trading Book. Front Office has dealers who book the deals, quote the rates, and are responsible for the profitability of the portfolio)

(ii) Middle/Back Office (A control function that validates the transaction so entered by the front office after confirmation from the client/counterparties. The validation process is followed by the confirmation and final settlement with subsequent reporting internally and externally to the regulator’s specific information about the deal transaction. The Middle/Back Office comprises (a) the Operations team and (b) the Accounting team.)

(iii) Reconciliation (This function includes the activities of day-end reconciliation of deal details, profit and loss, and other trade-related aspects)

(iv) Business Compliance and Product Group (This group ensures the day-to-day compliance and product requirements which may be related to the front or middle/back office.)

(3) Treasury Policies in Banks:

(i) Investment Policy: Is framed to ensure that operations in securities, foreign exchange, and derivatives are conducted in accordance with sound and acceptable business practices.

(ii) Credit Policy: Prepared with the objective to build a diversified good asset quality portfolio and optimize the risk-return profile with adequate exit options

(iii) Code of Conduct for Dealers: Framed to facilitate the dealers of the Bank to comply with the requirements of Confidentiality, system access requirements, Privacy about the client’s information, market conduct, normal dealing principles, and general risk management principles on segregation of duties, etc

(iv) Asset and Liability Management Policy: Helps to facilitate the achievement of the Bank’s business objective, while maintaining the market risk at prudent levels and ensuring adequate liquidity at reasonable cost. Primarily, the ALM policy covers the Liquidity, interest rate risk including price risk in the trading book.

(iv) A typical deal life cycle of the Treasury Transaction

In a typical treasury function, the transaction flow can be outlined in the following 15 Steps:

SOX Compliance

U.S. investors really saw the bad phase in the financial market with the collapse of big companies like Enron & WorldCom. It took almost 68 years to establish the most far-reaching and stringent provisions in the history of U.S. Legislations SOX, since the days when the Securities Exchange Act 1934 was passed. The SOX Act establishes robust provisions on Corporate Accountability and penalties for Corporate Fraud.  The Act applies to all Public Companies listed with SEC and Foreign Private Issuers and their home operations

The Act requires CEO/CFOs to (a) ensure accurate design for Internal Control, (b) also ensure timely operations of Internal Controls. The dire consequences of noncompliance with SOX requirements are directly on CEO/CFOs. Under the Corporate Responsibility for financial reporting, any certification and willful certification would entail a fine of $ 1,000,000 or imprisons up to 10 years or both and a fine of $ 5,000,000 or imprisonment up to 20 years or both respectively.

Since the CEOs/CFOs are not directly responsible for the implementation of adequate Internal Control over Financial Reporting, it is important for them to look for the appropriate Internal Control Framework.

Presently, there are two internationally recognized internal control frameworks that facilitate in creating the internal control environment. The brief details are as below

(1) Committee of Sponsoring Organizations of the Treadway Commission (COSO), which was formed with joint funding by five main professional accounting associations and institutes.

1. American Institute of Certified Public Accountants (AICPA)
2. American Accounting Association (AAA)
3. Financial Executives International (FEI)
4. Institute of Internal Auditors (IIA)
5. Institute of Management Accountants (IMA)

The Committee prescribes the internal control framework which comprises of five key components as below:

1. Control Environment
2. Risk Assessment
3. Control Activities
4. Information & Communication
5. Monitoring

(2) COBIT, Control Objectives for Information and related Technology as created by Information Technology Governance Institute (ITGI). COBIT is an Information Technology standard that defines IT Controls which can be helpful in SOX Compliance. The IT Governance Institute was founded and began an initiative around the subject area of IT governance, which is focused on the COBIT framework, its processes, control objectives, and maturity models. COSO is an accounting standard, not an information technology standard whereas CobiT is IT Standard. It should be noted that COSO covers all aspects of CobiT, at the same time it can be specified that CobiT is specific to IT. In addition, ITGI Institute issued the Control Objectives for Sarbanes-Oxley, which is tailor-made for SOX for ensuring better control with IT control objectives in place.

The SOX Act which has undergone a recent change has also removed the requirement of use of COSO Framework. Thus, it is the discretion of the organizations to adopt a suitable Internal Control framework according to its need.

Implementation of SOX in Treasury

Many banks are realizing enhanced treasury controls through the automation of system and process flow resulting in compliance with the requirements of SOX. As the COBIT framework is a control standard with the convergence of information technology, banks would definitely use this to their advantage. Additionally, COSO also prescribes the control attributes which can be embedded as a control in the treasury function for better control.

Under SOX, banks have the challenge to create a robust “Internal Control Environment”. With manual processes the control environment cannot be compliant in all respect as far as SOX requirements are concerned, thus it’s the bank’s responsibility to automate the controls in the treasury sphere to the extent possible to ensure proper compliance.

There are numerous reasons which vote for the implementation of SOX requirement in treasury.

They are:

(i) Mitigating the Operations Risk (both at the product and the process level)

(ii) Treasury has a large financial implication; a small mistake in dealing with the transaction may wipe out the net worth of the Bank and may impact the profitability

(iii) The large volume of trades

(iv) Clients money involved, not handled adequately may result in litigations and legal risk

(v) Necessary that the “Design’ and the “Operations of the control” internally are appropriate.

Advantages of Treasury Automation

Effective treasury management demands strong system support- it is no longer viable to rely on outdated and fragmented systems. Treasuries are increasingly integrating systems for cash reporting and forecasting, risk management, market information, transaction processing, dealing, and banking. From the complex calculations required for understanding a derivatives transaction to simple interest accruals; from VaR computations to identification of non-performing investment, the organization has to be satisfied that controls are adequately deployed such that the computer system is performing as desired and the outputs generated are free from material error. A few systems globally used for treasury are as follows:

(i) Kondor + – Deployed by Reuters. It is a deal capture, position-keeping, and pricing system.

(ii) Reuters 3000 Xtra: It gives users a commanding view of the global real-time financial arena and provides a combination of news, information, and insights as well as access to the global Reuters trading community.

(iii) Murex: Developed by Murex, Equip the treasury department with a comprehensive treasury solution enabling real-time analysis, access to derivatives, global risk and limits management, full processing, and accounting conforming to the most recent regulations

(iv) Society for World Wide Interbank Financial Telecommunication (SWIFT): It is the industry-owned co-operative supplying secure, standardized messaging service and interface software to over 8100 financial institutions in 208 countries and territories. SWIFT Members include banks, brokers, dealers, and investment bankers. It is the messaging service exchanged between the market participants.

Still, the various advantages of treasury automation are enumerated below:

• Reduced Human Errors
• Quick access and retrieval of Information
• CFO or the Senior Management can have online access to facts and figures relating to the treasury (ex Net Open Operating Position for foreign currency or the Aggregate Gap limit etc)
• Regulatory Reporting-with automated controls, daily, weekly or monthly reporting to regulators is also done without risk of reporting any wrong information

Let’s make an analysis of the end-to-end treasury transaction and assess what all processes can be automated.

Automation enables treasury departments to improve the effectiveness of their internal controls. Compliance efforts are streamlined by eliminating highly manual and labor-intensive control procedures that are the sources of errors, omissions, or fraud risks. From SOX’s perspective, the benefits of treasury process automation are two-fold. Firstly, the system provides greater automated controls as it replaces labor-intensive manual processes and controls. Secondly, it improves information sharing with the regulator

Specific Areas of Automation

Monitoring Client’s exposure – Most treasury deals are large in volume and with Banks, Corporate, or Business houses. Thus, the exposure (which may be product-wise or Dealer wise) is to be created in the system. When the dealer enters the deal for the client (also called Counter Party), the automated system will show him the present limit that the client has and further to what volume the transaction can be executed. The system will not allow the deal entry if the limit is not sufficient in the account of the client. Dealer may have to take approval from Senior Dealer for entering a transaction that exceeds the limit specified in the system. By automating these process chances of transaction exceeding the limits to a client is avoided completely.

Accounting Entries – With the International Financial Reporting System (IFRS) coming into the picture, the biggest challenge for the treasury is to automate the posting of accounting entries. With the automated system, deal-wise entries, and currency-wise account details, Trail balance can be retrieved easily.

Mark to Market (“MTM”) – All product and portfolios which are held for trading needs to be marked to market considering the daily closing rates to arrive at the market value as of date. Any plus/minus in the portfolio after MTM shall be booked into the profit & loss account.

Regulatory Reporting

In the treasury, various reports are required to be sent to regulators on currency open positions, asset–liability positions, deal details, futures, option positions, etc. As much as possible the regulatory returns must be automated for the accuracy of information submitted to regulators.

Automation of Daily Transaction Reports (DTR)

In the Daily Transaction report, the portfolio details and the profit and loss and being highlighted for the information of management. If the DTR gets automated the accuracy of the information disclosed on a daily basis to senior management also improves and the chances of wrong reports get eliminated.

Risk Monitoring Reports:

Market risk, liquidity risk, and operational risk at the treasury are also reported with close help from the Risk Management team. On Automation the figures of Value at Risk, derivative, and Bonds valuation models accurately show the correct picture of the treasury portfolio.

Conclusion

Banks faced with the SOX requirements are trying to gain overall control over the Compliance process for Treasury. The effort requires mapping the processes in the entire treasury function starting from introducing a client to the bank till the time the transaction is settled and reported. In each of these stages, the “risk” is to be identified, and “existing controls” are to be countered with the risk. The result of such mapping will be (a) existing controls are not sufficient or (b) existing controls are sufficient. In situation (a) when the existing controls are not sufficient, the internal controls need to be strengthened with robust automated controls mechanism which could be possible using the COBIT framework, and in situation (b) when the existing controls are sufficient; the internal controls to be further looked into to tackle any chance of error. In both situations, the actual walkthrough of these processes along with the adequate sampling techniques, needs to be carried out which will form the base of reporting on Internal Controls over Financial Reporting.

Though RBI has not categorically mentioned automation in the regulations outlined the intent as far as quality is concerned relating to treasury may not be compromised by them while conducting their inspection. Whereas, internationally the automation of treasury systems is great on demand for the sake of reduced transaction execution time and accuracy of the information.

The brief chart below the significance of Automation requirements domestically and internationally:

Abhishek R Sharma

Published in SEBI and Corporate Laws Journal – June 1 to 7, 2009.