[Federal Register Volume 62, Number 192 (Friday, October 3, 1997)]
[Notices]
[Pages 51862-51867]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-26207]


=======================================================================
-----------------------------------------------------------------------

FEDERAL FINANCIAL INSTITUTIONS EXAMINATION COUNCIL


Supervisory Policy Statement on Investment Securities and End-
User Derivatives Activities

AGENCY: Federal Financial Institutions Examination Council.

ACTION: Notice and request for comment.

-----------------------------------------------------------------------

SUMMARY: The Board of Governors of the Federal Reserve System (FRB), 
the Federal Deposit Insurance Corporation (FDIC), the Office of the 
Comptroller of the Currency (OCC), the Office of Thrift Supervision 
(OTS), and the National Credit Union Administration (NCUA) 
(collectively referred to as the agencies), under the auspices of the 
Federal Financial Institutions Examination Council (FFIEC), request 
comment on a Supervisory Policy Statement on Investment Securities and 
End-User Derivatives Activities (1997 Statement) to provide guidance on 
sound practices for managing the risks of investment activities. The 
agencies also are seeking comment on their intent to rescind the 
Supervisory Policy Statement on Securities Activities published on 
February 3, 1992 (1992 Statement). Many elements of that prior 
statement are retained in the 1997 Statement, while other elements have 
been revised or eliminated. Changes in generally accepted accounting 
principles, various developments in both securities and derivatives 
markets, and revisions to the regulators' approach to risk management 
have contributed to the need to reassess the 1992 Statement. In 
particular, the agencies are proposing to eliminate the specific 
constraints on investing in ``high risk'' mortgage derivative products 
that were stated in the 1992 Statement. The agencies believe that it is 
a sound practice for institutions to understand the risks related to 
their investment holdings. Accordingly, the 1997 Statement substitutes 
broader guidance than the specific pass/fail requirements contained in 
the 1992 Statement. Other than for the supervisory guidance contained 
in the 1992 Statement, the 1997 Statement does not supersede any other 
requirements of the respective agencies' statutory rules, regulations, 
policies, or supervisory guidance.

DATES: Comments must be received by November 17, 1997.

ADDRESSES: Comments should be sent to Joe M. Cleaver, Executive 
Secretary, Federal Financial Institutions Examination Council, 2100 
Pennsylvania Avenue, NW, Suite 200, Washington, D.C. 20037 or by 
facsimile transmission to (202) 634-6556.

FOR FURTHER INFORMATION CONTACT: FRB: James Embersit, Manager, 
Financial Analysis, (202) 452-5249, Division of Banking Supervision and 
Regulation; Gregory Baer, Managing Senior Counsel, (202) 452-3236, 
Board of Governors of the Federal Reserve System. For the hearing 
impaired only, Telecommunication Device for the Deaf (TDD), Dorothea 
Thompson, (202) 452-3544, Board of Governors of the Federal Reserve 
System, 20th and C Streets, NW, Washington, DC 20551.
    FDIC: William A. Stark, Assistant Director, (202) 898-6972, Miguel 
D. Browne, Manager, (202) 898-6789, John J. Feid, Chief, Risk 
Management, (202) 898-8649, Division of Supervision; Michael B. 
Phillips, Counsel, (202) 898-3581, Legal Division, Federal Deposit 
Insurance Corporation, 550 17th Street, NW, Washington, DC 20429.
    OCC: Kurt Wilhelm, National Bank Examiner, (202) 874-5670, J. Ray 
Diggs, National Bank Examiner, (202) 874-5670, Treasury and Market 
Risk; Mark J. Tenhundfeld, Assistant Director, (202) 874-5090, 
Legislative and Regulatory Activities Division, Office of the 
Comptroller of the Currency, 250 E Street, SW, Washington, DC 20219.
    OTS: Robert A. Kazdin, Senior Project Manager, (202) 906-5759, 
Anthony G. Cornyn, Director, (202) 906-5727, Risk Management; Christine 
Harrington, Counsel (Banking and Finance), (202) 906-7957, Regulations 
and Legislation Division, Chief Counsel's Office, Office

[[Page 51863]]

of Thrift Supervision, 1700 G Street, NW, Washington, DC 20552.
    NCUA: Daniel Gordon, Senior Investment Officer, (703) 518-6360, 
Office of Investment Services; Lisa Henderson, Attorney, (703) 518-
6540, National Credit Union Administration, 1775 Duke Street, 
Alexandria, VA 22314-3428.

SUPPLEMENTARY INFORMATION: In 1992, the agencies implemented the 
FFIEC's Supervisory Policy Statement on Securities Activities. The 1992 
Statement addressed: (1) Selection of securities dealers, (2) portfolio 
policy and strategies (including unsuitable investment practices), and 
(3) residential mortgage derivative products (MDPs).
    The final section of the 1992 Statement directed institutions to 
subject MDPs to supervisory tests to determine the degree of risk and 
the investment portfolio eligibility of these instruments. At that 
time, the agencies believed that many institutions had demonstrated an 
insufficient understanding of the risks associated with investments in 
MDPs. This occurred, in part, because most MDPs were issued or backed 
by collateral guaranteed by government sponsored enterprises. 
Therefore, most MDPs were not subject to legal investment limits. The 
agencies were concerned that the absence of significant credit risk on 
most MDPs had allowed institutions to overlook the significant interest 
rate risk present in certain structures of these instruments. In an 
effort to enhance the investment decision making process at financial 
institutions, and to emphasize the interest rate risk of highly price 
sensitive instruments, the agencies implemented supervisory tests 
designed to identify those MDPs with price and average life risks 
greater than a newly issued residential mortgage pass-through security.
    These supervisory tests provided a discipline that helped 
institutions to better understand the risks of MDPs prior to purchase. 
The 1992 Statement generally provided that institutions should not hold 
a high risk MDP in their investment portfolios.1 A high risk 
MDP was defined as a mortgage derivative security that failed any of 
three supervisory tests. The three tests included: an average life 
test, an average life sensitivity test, and a price sensitivity 
test.2
---------------------------------------------------------------------------

    \1\ The only exceptions granted were for those high risk 
securities that either reduced interest rate risk or were placed in 
a trading account. Federal credit unions were not permitted these 
exceptions.
    \2\ Average Life: Weighted average life of no more than 10 
years; Average Life Sensitivity: (a) Weighted average life extends 
by not more than 4 years (300 basis point parallel shift in rates), 
(b) weighted average life shortens by no more than 6 years (300 
basis point parallel shift in rates); Price Sensitivity: price does 
not change by more than 17 percent (increase or decrease) for a 300 
basis point parallel shift in rates.
---------------------------------------------------------------------------

    These supervisory tests, commonly referred to as the ``high risk 
tests,'' successfully protected institutions from significant losses in 
MDPs. By requiring a pre-purchase price sensitivity analysis that 
helped institutions to better understand the interest rate risk of 
MDPs, the high risk tests effectively precluded institutions from 
investing in many types of MDPs that resulted in large losses for other 
investors. However, the high risk tests may have created unintended 
distortions of the investment decision making process. Many 
institutions eliminated all MDPs from their investment choices, 
regardless of the risk versus return merits of such instruments. These 
reactions were due, in part, to concerns about regulatory burden, such 
as higher than normal examiner review of MDPs. By focusing only on 
MDPs, the test and its accompanying burden indirectly provided 
incentives for institutions to acquire other types of securities with 
complex cash flows, often with price sensitivities similar to high risk 
MDPs. The emergence of the structured note market is just one example. 
The test may have also created the impression that supervisors were 
more concerned with the type of instrument involved (i.e., residential 
mortgage products), rather than the risk characteristics of the 
instrument, since only MDPs were subject to the high risk test. The 
specification of tests applied to individual securities may have also 
inhibited some institutions from applying more comprehensive analytical 
techniques at the portfolio and institutional level.
    As a result, the agencies no longer believe that the pass/fail 
criteria of the high risk tests as applied to specific instruments are 
useful for the supervision of well-managed institutions. The agencies 
believe that an effective risk management program, through which an 
institution identifies, measures, monitors, and controls the risks of 
investment activities, provides a better framework. Consequently, the 
agencies are proposing to rescind the 1992 Policy Statement and 
eliminate the high risk tests as binding constraints on MDP purchases.
    Effective risk management addresses risks across all types of 
instruments on an investment portfolio basis and ideally, across the 
entire institution. The complexity of many financial products, both on 
and off the balance sheet, has increased the need for a more 
comprehensive approach to the risk management of investment activities. 
To advance such an initiative, the agencies are seeking industry 
comment on the practices identified in the proposed policy statement.
    The proposal to rescind the high risk tests as a constraint on an 
institution's investment activities does not signal that MDPs with high 
levels of price risk are either appropriate or inappropriate 
investments for an institution. Whether a security, MDP or otherwise, 
is an appropriate investment depends upon a variety of factors, 
including the institution's capital level, the security's impact on the 
aggregate risk of the portfolio, and management's ability to measure 
and manage risk. The agencies continue to believe that the stress 
testing of MDP investments, as well as other investments, has 
significant value for risk management purposes. Institutions should 
employ valuation methodologies that take into account all of the risk 
elements necessary to price these investments. The proposed policy 
statement indicates that the agencies believe, as a matter of sound 
practice, institutions should know the value and price sensitivity of 
their investments prior to purchase and on an ongoing basis.
    The proposed text of the 1997 Statement follows.

Supervisory Policy Statement on Investment Securities and End-User 
Derivatives Activities

I. Purpose

    This policy statement (Statement) provides guidance to financial 
institutions (institutions) on sound practices for managing the risks 
of investment securities and end-user derivatives activities. The FFIEC 
agencies--the Board of Governors of the Federal Reserve System, the 
Federal Deposit Insurance Corporation, the Office of the Comptroller of 
the Currency, the Office of Thrift Supervision, and the National Credit 
Union Administration--believe that effective management of the risks 
associated with securities and derivative instruments represents an 
essential component of safe and sound practices. This guidance 
describes the practices that a prudent manager normally would follow 
and is not intended to be a checklist. Management should establish 
practices and maintain documentation appropriate to the institution's 
individual circumstances, consistent with this Statement.

[[Page 51864]]

II. Scope

    This guidance applies to all securities in held-to-maturity and 
available-for-sale accounts as defined in the Statement of Financial 
Accounting Standards No. 115 (FAS 115), certificates of deposit held 
for investment purposes, and end-user derivative contracts not held in 
trading accounts. This guidance covers all securities used for 
investment purposes, including: money market instruments, fixed-rate 
and floating-rate notes and bonds, structured notes, mortgage pass-
through and other asset-backed securities, and mortgage-derivative 
products. Similarly, this guidance covers all end-user derivative 
instruments used for nontrading purposes, such as swaps, futures, and 
options.3 This Statement applies to all federally-insured 
commercial banks, savings banks, savings associations, and federally 
chartered credit unions.
---------------------------------------------------------------------------

    \3\ Federal credit unions are not permitted to purchase asset-
backed securities and may participate in derivative programs only if 
authorized by the NCUA.
---------------------------------------------------------------------------

    As a matter of sound practice, institutions should have programs to 
manage the market, credit, liquidity, legal, operational and other 
risks of investment securities and end-user derivatives activities 
(investment activities). While risk management programs will differ 
among institutions, there are certain elements that are fundamental to 
all sound risk management programs. These elements include board and 
senior management oversight and a comprehensive risk management process 
that effectively identifies, measures, monitors, and controls risk. 
This Statement describes sound principles and practices for managing 
and controlling the risks associated with investment activities.
    Institutions should fully understand and effectively manage the 
risks inherent in their investment activities. Failure to understand 
and adequately manage the risks in these areas constitutes an unsafe 
and unsound practice.

III. Board and Senior Management Oversight

    Board of director and senior management oversight is an integral 
part of an effective risk management program. The board of directors is 
responsible for approving major policies for conducting investment 
activities, including the establishment of risk limits. The board 
should ensure that management has the requisite skills to manage the 
risks associated with such activities. To properly discharge its 
oversight responsibilities, the board should review portfolio activity 
and risk levels, and require management to demonstrate compliance with 
approved risk limits. Boards should have an adequate understanding of 
investment activities. Boards that do not, should obtain professional 
advice to enhance its understanding of investment activity oversight, 
so as to enable it to meet its responsibilities under this Statement.
    Senior management is responsible for the daily management of an 
institution's investments. Management should establish and enforce 
policies and procedures for conducting investment activities on both a 
long-range (strategic) and day-to-day (operational) basis. Senior 
management should have an understanding of the nature and level of 
various risks involved in the institution's investments and how such 
risks fit within the institution's overall business strategies. 
Management should ensure that the risk management process is 
commensurate with the size, scope, and complexity of the institution's 
holdings. Management should also ensure that the responsibilities for 
managing investment activities are properly segregated to maintain 
operational integrity. Institutions with significant investment 
activities should ensure that back-office, settlement, and transaction 
reconciliation responsibilities are conducted and managed by personnel 
who are independent of those initiating risk taking positions.

IV. Risk Management Process

    An effective risk management process for investment activities 
includes: (1) Policies, procedures, and limits; (2) the identification, 
measurement, and reporting of risk exposures; and (3) a system of 
internal controls.
Policies, Procedures, and Limits
    Investment policies, procedures, and limits provide the structure 
to effectively manage investment activities. Policies should be 
consistent with the organization's broader business strategies, capital 
adequacy, technical expertise, and risk tolerance. Policies should 
identify relevant investment objectives, constraints, and guidelines 
for the acquisition and ongoing management of securities and derivative 
instruments. Potential investment objectives include: generating 
earnings, providing liquidity, hedging risk exposures, taking risk 
positions, modifying and managing risk profiles, managing tax 
liabilities, and meeting pledging requirements, if applicable. Policies 
should also identify the risk characteristics of permissible 
investments and should delineate clear lines of responsibility and 
authority for investment activities.
    An institution's policies should ensure an understanding of the 
risks and cashflow characteristics of its investments. This is 
particularly important for products that have unusual, leveraged, or 
highly variable cashflows. An institution should not acquire a material 
position in an instrument until senior management and all relevant 
personnel understand and can manage the risks associated with the 
product.
    An institution's investment activities should be fully integrated 
into any institution-wide risk limits. In so doing, some institutions 
rely only on the institution-wide limits, while others may apply limits 
at the investment portfolio, sub-portfolio, or individual instrument 
level.
    The board and senior management should review, at least annually, 
the appropriateness of its investment strategies, policies, procedures, 
and limits.
Risk Identification, Measurement and Reporting
    Institutions should ensure that they identify and measure the risks 
associated with individual transactions prior to acquisition and 
periodically after purchase. Depending upon the complexity and 
sophistication of the risk measurement systems, this can be done at the 
institutional, portfolio, or individual instrument level. Prudent 
management of investment activities entails examination of the risk 
profile of a particular investment in light of its impact on the risk 
profile of the institution. To the extent practicable, institutions 
should measure exposures to each type of risk and these measurements 
should be aggregated and integrated with similar exposures arising from 
other business activities to obtain the institution's overall risk 
profile.
    In measuring risks, institutions should conduct their own in-house 
pre-acquisition analyses, or to the extent possible, make use of 
specific third party analyses that are independent of the seller or 
counterparty. Irrespective of any responsibility, legal or otherwise, 
assumed by a dealer, counterparty, or financial advisor regarding a 
transaction, the acquiring institution is ultimately responsible for 
the appropriate personnel understanding and managing the risks of the 
transaction into which it enters.
    Reports to the board of directors and senior management should 
summarize the risks related to the institution's

[[Page 51865]]

investment activities and should address compliance with the investment 
policy's objectives, constraints, and legal requirements, including any 
exceptions to established policies, procedures, and limits. Reports to 
management should generally reflect more detail than reports to the 
board of the institution. Reporting should be frequent enough to 
provide timely and adequate information to judge the changing nature of 
the institution's risk profile and to evaluate compliance with stated 
policy objectives and constraints.
Internal Controls
    An institution's internal control structure is critical to the safe 
and sound functioning of the organization generally and the management 
of investment activities in particular. A system of internal controls 
promotes efficient operations, reliable financial and regulatory 
reporting, and compliance with relevant laws, regulations, and 
institutional policies. An effective system of internal controls 
includes enforcing official lines of authority, maintaining appropriate 
separation of duties, and conducting independent reviews of investment 
activities.
    For institutions with significant investment activities, internal 
and external audits are integral to the implementation of a risk 
management process to control risks in investment activities. An 
institution should conduct periodic independent reviews of its risk 
management program to ensure its integrity, accuracy, and 
reasonableness. Items that should be reviewed include:
    (1) Compliance with and the appropriateness of investment policies, 
procedures, and limits;
    (2) The appropriateness of the institution's risk measurement 
system given the nature, scope, and complexity of its activities;
    (3) The timeliness, integrity, and usefulness of reports to the 
board of directors and senior management.
    The review should note exceptions to policies, procedures, and 
limits and suggest corrective actions. The findings of such reviews 
should be reported to the board and corrective actions taken on a 
timely basis.
    The accounting systems and procedures used for public and 
regulatory reporting purposes are critically important to the 
evaluation of an organization's risk profile and the assessment of its 
financial condition and capital adequacy. Accordingly, an institution's 
policies should provide clear guidelines regarding the reporting 
treatment for all securities and derivatives holdings. This treatment 
should be consistent with the organization's business objectives, 
generally accepted accounting principles (GAAP), and regulatory 
reporting standards.

V. The Risks of Investment Activities

    The following discussion identifies particular sound practices for 
managing the specific risks involved in investment activities. In 
addition to these sound practices, institutions should follow any 
specific guidance or requirements from their primary supervisor related 
to these activities.
Market Risk
    Market risk is the risk to an institution's financial condition 
resulting from adverse changes in the value of its holdings arising 
from movements in interest rates, foreign exchange rates, equity 
prices, or commodity prices. An institution's exposure to market risk 
can be measured by assessing the effect of changing rates and prices on 
either the earnings or economic value of an individual instrument, a 
portfolio, or the entire institution. For most institutions, the most 
significant market risk of investment activities is interest rate risk.
    Investment activities may represent a significant component of an 
institution's overall interest rate risk profile. It is a sound 
practice for institutions to manage interest rate risk on an 
institution-wide basis. This sound practice includes monitoring the 
price sensitivity of the institution's investment portfolio (changes in 
the investment portfolio's value over different interest rate/yield 
curve scenarios). Consistent with agency guidance, institutions should 
specify institution-wide interest rate risk limits that appropriately 
account for these activities and the strength of the institution's 
capital position. These limits are generally established for economic 
value or earnings exposures. Institutions may find it useful to 
establish price sensitivity limits on their investment portfolio or on 
individual securities. These sub-institution limits, if established, 
should also be consistent with agency guidance.
    It is a sound practice for an institution's management to fully 
understand the market risks associated with investment securities and 
derivative instruments prior to acquisition and on an ongoing basis. 
Accordingly, institutions should have appropriate policies to ensure 
such understanding. In particular, institutions should have policies 
that specify the types of market risk analyses that should be conducted 
for various types or classes of instruments, including that conducted 
prior to their acquisition (pre-purchase analysis) and on an ongoing 
basis. Policies should also specify any required documentation needed 
to verify the analysis.
    It is expected that the substance and form of such analyses will 
vary with the type of instrument. Not all investment instruments may 
need to be subjected to a pre-purchase analysis. Relatively simple or 
standardized instruments, the risks of which are well known to the 
institution, would likely require no or significantly less analysis 
than would more volatile, complex instruments.4
---------------------------------------------------------------------------

    \4\ Federal credit unions must comply with the investment 
monitoring requirements of 12 CFR Sec. 703.90. See 62 FR 32989 (June 
18, 1997).
---------------------------------------------------------------------------

    For relatively more complex instruments, less familiar instruments, 
and potentially volatile instruments, institutions should fully address 
pre-purchase analyses in their policies. Price sensitivity analysis is 
an effective way to perform the pre-purchase analysis of individual 
instruments. For example, a pre-purchase analysis should show the 
impact of an immediate parallel shift in the yield curve of plus and 
minus 100, 200, and 300 basis points. Where appropriate, such analysis 
should encompass a wider range of scenarios, including non-parallel 
changes in the yield curve. A comprehensive analysis may also take into 
account other relevant factors, such as changes in interest rate 
volatility and changes in credit spreads.
    When the incremental effect of an investment position is likely to 
have a significant effect on the risk profile of the institution, it is 
a sound practice to analyze the effect of such a position on the 
overall financial condition of the institution.
    Accurately measuring an institution's market risk requires timely 
information about the current carrying and market values of its 
investments. Accordingly, institutions should have market risk 
measurement systems commensurate with the size and nature of these 
investments. Institutions with significant holdings of highly complex 
instruments should ensure that they have the means to value their 
positions. Institutions employing internal models should have adequate 
procedures to validate the models and to periodically review all 
elements of the modeling process, including its assumptions and risk 
measurement techniques. Managements relying on third parties for market 
risk measurement systems and analyses should ensure that they

[[Page 51866]]

fully understand the assumptions and techniques used.
    Institutions should provide reports to their boards on the market 
risk exposures of their investments on a regular basis. To do so, the 
institution may report the market risk exposure of the whole 
institution. Otherwise, these reports should contain evaluations that 
assess trends in aggregate market risk exposure and the performance of 
portfolios in terms of established objectives and risk constraints. 
They also should identify compliance with board approved limits and 
identify any exceptions to established standards. Institutions should 
have mechanisms to detect and adequately address exceptions to limits 
and guidelines. Management reports on market risk should appropriately 
address potential exposures to yield curve changes and other factors 
pertinent to the institution's holdings.
Credit Risk
    Broadly defined, credit risk is the risk that an issuer or 
counterparty will fail to perform on an obligation to the institution. 
For many financial institutions, credit risk in the investment 
portfolio may be low relative to other areas, such as lending. However, 
this risk, as with any other risk, should be effectively identified, 
measured, monitored, and controlled.
    An institution should not acquire investments or enter into 
derivative contracts without assessing the creditworthiness of the 
issuer or counterparty. The credit risk arising from these positions 
should be incorporated into the overall credit risk profile of the 
institution as comprehensively as practicable. Institutions are legally 
required to meet certain quality standards (i.e., investment grade) for 
security purchases. Many institutions maintain and update ratings 
reports from one of the major rating services. For non-rated 
securities, institutions should establish guidelines to ensure that the 
securities meet legal requirements and that the institution fully 
understands the risk involved. Institutions should establish limits on 
individual counterparty exposures. Policies should also provide credit 
risk and concentration limits. Such limits may define concentrations 
relating to a single or related issuer or counterparty, a geographical 
area, or obligations with similar characteristics.
    In managing credit risk, institutions should consider settlement 
and pre-settlement credit risk. These risks are the possibility that a 
counterparty will fail to honor its obligation at or before the time of 
settlement. The selection of dealers, investment bankers, and brokers 
is particularly important in effectively managing these risks. An 
institution's policies should identify criteria for selecting these 
organizations and should list all approved firms. The approval process 
should include a review of each firm's financial statements and an 
evaluation of its ability to honor its commitments. An inquiry into the 
general reputation of the dealer is also appropriate. This includes 
review of information from state or federal securities regulators and 
industry self-regulatory organizations such as the National Association 
of Securities Dealers concerning any formal enforcement actions against 
the dealer, its affiliates, or associated personnel.
    The board of directors, or a committee thereof, should set limits 
on the amounts and types of transactions authorized for each securities 
firm with whom the institution deals. At least annually, the board of 
directors should review and reconfirm the list of authorized dealers, 
investment bankers, and brokers.
    Sound credit risk management requires that credit limits be 
developed by personnel who are as independent as practicable of the 
acquisition function. In authorizing issuer and counterparty credit 
lines, these personnel should use standards that are consistent with 
those used for other activities conducted within the institution and 
with the organization's over-all policies and consolidated exposures.
Liquidity Risk
    Liquidity risk is the risk that an institution cannot easily sell, 
unwind, or offset a particular position at a fair price because of 
inadequate market depth. In specifying permissible instruments for 
accomplishing established objectives, institutions should ensure that 
they take into account the liquidity of the market for those 
instruments and the effect that such characteristics have on achieving 
their objectives. The liquidity of certain types of instruments may 
make them inappropriate for certain objectives. Institutions should 
ensure that they consider the effects that market risk can have on the 
liquidity of different types of instruments under various scenarios. 
Accordingly, institutions should articulate clearly the liquidity 
characteristics of instruments to be used in accomplishing 
institutional objectives.
    Complex and illiquid instruments can often involve greater risk 
than actively traded, more liquid securities. Oftentimes, this higher 
potential risk arising from illiquidity is not captured by standardized 
financial modeling techniques. Such risk is particularly acute for 
instruments that are highly leveraged or that are designed to benefit 
from specific, narrowly defined market shifts. If market prices or 
rates do not move as expected, the demand for such instruments can 
evaporate, decreasing the market value of the instrument below the 
modeled value.
Operational (Transaction) Risk
    Operational (transaction) risk is the risk that deficiencies in 
information systems or internal controls will result in unexpected 
loss. Sources of operating risk include inadequate procedures, human 
error, system failure, or fraud. Inaccurately assessing or controlling 
operating risks is one of the more likely sources of problems facing 
institutions involved in investment activities.
    Effective internal controls are the first line of defense in 
controlling the operating risks involved in an institution's investment 
activities. Of particular importance are internal controls that ensure 
the separation of duties and supervision of persons executing 
transactions from those responsible for processing contracts, 
confirming transactions, controlling various clearing accounts, 
preparing or posting the accounting entries, approving the accounting 
methodology or entries, and performing revaluations.
    Consistent with the operational support of other activities within 
the financial institution, securities operations should be as 
independent as practicable from business units. Adequate resources 
should be devoted, such that systems and capacity are commensurate with 
the size and complexity of the institution's investment activities. 
Effective risk management should also include, at least, the following:
     Valuation. Procedures should ensure independent portfolio 
pricing. For thinly traded or illiquid securities, completely 
independent pricing may be difficult. In such cases, operational units 
may need to use portfolio manager prices. For unique instruments where 
the pricing is being provided by a single source (e.g., the dealer 
providing the instrument), the institution should review and understand 
the assumptions used to price the instrument.
     Personnel. The increasingly complex nature of securities 
available in the marketplace makes it important that operational 
personnel have strong technical skills. This will enable them to better 
understand the complex financial structures of some investment 
instruments.

[[Page 51867]]

     Documentation. Institutions should clearly define 
documentation requirements for securities transactions, saving and 
safeguarding important documents, as well as maintaining possession and 
control of instruments purchased.
    An institution's policies should also provide guidelines for 
conflicts of interest for employees who are directly involved in 
purchasing and selling securities for the institution from securities 
dealers. These guidelines should ensure that all directors, officers, 
and employees act in the best interest of the institution. The board 
may wish to adopt policies prohibiting these employees from engaging in 
personal securities transactions with these same securities firms 
without specific prior board approval. The board may also wish to adopt 
a policy applicable to directors, officers, and employees restricting 
or prohibiting the receipt of gifts, gratuities, or travel expenses 
from approved securities dealer firms and their representatives.
Legal Risk
    Legal risk is the risk that contracts are not legally enforceable 
or documented correctly. Institutions should adequately evaluate the 
enforceability of its agreements before individual transactions are 
consummated. Institutions should also ensure that the counterparty has 
authority to enter into the transaction and that the terms of the 
agreement are legally enforceable. Institutions should further 
ascertain that netting agreements are adequately documented, executed 
properly, and are enforceable in all relevant jurisdictions. 
Institutions should have knowledge of relevant tax laws and 
interpretations governing the use of these instruments.

    Dated: September 29, 1997.
Joe M. Cleaver,
Executive Secretary, Federal Financial Institutions Examination 
Council.
[FR Doc. 97-26207 Filed 10-2-97; 8:45 am]
BILLING CODE 6210-01-P, 6720-01-P, 6714-01-P, 4810-01-P, 7535-01-P