RISK MANAGEMENT GUIDELINES FOR TRUST AND OTHER FIDUCIARY BUSINESS AND INVESTMENT MANAGEMENT ACTIVITIES
(Appendix to Sec. 401)
II. Statement of Policy
III. Risk Management Principles for Fiduciary Activities
a. Active and appropriate oversight by the board of directors/Trust Committee or its functional oversight equivalent in case of foreign banks/institutions;
b. Adequate risk management processes, policies and procedures;
c. Appropriate risk measurement system, prudent risk limits, monitoring and management information system; and
d. Comprehensive and effective internal control system, audit, and compliance program.
IV. Risks Associated with Fiduciary Activities
a. Credit/counterparty risk is the current and prospective risk to client’s earnings or principal contribution arising from an obligor’s failure to meet the terms of any contract with the trust entity or otherwise perform as agreed. Credit risk is found in all activities where success depends on counterparty, issuer, or borrower performance. It arises anytime fiduciary funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, and reflected in the client’s financial statements. Credit/counterparty risk exists in the loan portfolio and other forms of credit accommodations.
b. Market risk is the current and prospective risk to client’s earnings or principal contribution arising from changes in the value of the trust entity’s holdings of investment portfolios. Market risk arises from dealing and position-taking activities in interest rate, foreign exchange and equity markets.
c. Liquidity risk is the current and prospective risk to client’s earnings or principal contribution arising from a trust entity’s inability to recognize or address unplanned changes in client’s and/or beneficiary’s needs thereby affecting the ability to liquidate assets quickly with minimal loss in value. The trust entity shall determine and maintain adequate level of liquidity in each accounts based on client-defined constraints/circumstances or product specifications.
d. Operational risk is the current and prospective risk to the bank’s earnings or capital arising from fraud or error, and the inability of the trust entity to deliver products or services, maintain a competitive position and manage information. Operational risk is evident in each fiduciary product and service offered. As the fiduciary products and services become sophisticated or volume of activities expands, so does the level of operational risk. This risk encompasses product development and delivery, operational processing, systems development, and the internal control environment. Operational risk is present in the day-to-day operations of trust entities and in all aspects of fiduciary activities.
e. Compliance risk is the current and prospective risk to the bank’s earnings or capital arising from violation of laws, rules and regulations of regulatory authorities, prescribed practices or sound fiduciary principles, internal policies and procedures, and prudent ethical standards. Compliance risk also arises in situations where the laws or rules governing certain fiduciary products or activities of the trust entity may be ambiguous or untested. This risk exposes the trust entity to fines, payment of damages, and the voiding of contracts. Compliance risk can lead to limited business opportunities, reduced expansionary potential, unenforceability of contract or even adversely affect trust entity’s reputation.
f. Strategic risk is the current and prospective risk to the bank’s earnings and capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes. Strategic risk is a function of the compatibility of a financial institution’s strategic goals, the business strategies developed to achieve those goals, the resources deployed in support of these goals, and the quality of implementation. The trust entity’s internal characteristics must be evaluated against the impact of economic, technological, competitive, regulatory, and other environmental changes. Financial success requires a sound strategic planning process embraced by the board and senior management.
g. Reputation risk is the current and prospective risk to the bank’s earnings and capital arising from negative publicity regarding the financial institution’s fiduciary business practices. The negative public opinion can cause (a) clients to question or doubt the trust entity’s integrity to engage in fiduciary activities which can result in the termination of fiduciary relationships, (b) litigation costs to increase, or (c) revenues to decline. Reputation risk affects the trust entity’s ability to establish new fiduciary relationships or services, or continue servicing existing relationships. Since public’s perception is critical in the fiduciary business, trust entities should exercise an abundance of caution in dealing with clients and the public in general.
V. Risk Management Process
a. Identify risk. Trust entities shall recognize and understand existing exposures or those that may arise from new products/services, acceptance of new clients, and changes in operating environment. They shall establish procedures that identify and address such risks prior to initiation of the activities. Risk identification is a continuing process that should be embedded in all phases of trust entity’s activities and shall cover both the individual investment transactions and portfolio activities. Identifying risk also involves the determination of the desired level of exposures both for the trust entity and client after taking into account the willingness and the ability to absorb risks.
b. Measure risk. Trust entities shall have appropriate systems or tools in place that could adequately quantify or measure both their client and their own risk exposure/s. It shall be the trust entity’s responsibility to ensure that the risk measurement tools can adequately and reliably capture and quantify exposures. Risk measurement tools shall be subjected to independent and periodic validation and review to ensure that they remain reliable and appropriate. Effective risk measurement systems assess the risks of both individual transactions and portfolios and ensure that the sophistication of the risk measurement tools remains proportionate to the complexity of exposures.
c. Monitor risk. Trust entities shall monitor risk levels to ensure timely review of risk positions and exceptions. Monitoring reports should be frequent, timely, accurate, and informative and should be distributed to clients/individuals and appropriate level of management to ensure corrective action, when necessary.
d. Control risk. Trust entities shall establish and communicate risk limits through policies, standards, and procedures that define responsibility and authority. The types and sophistication of control processes shall be consistent with the risk tolerance standards defined by the board of directors/Trust Committee and the client. Trust entities shall implement a process for tracking and reporting exposures to monitor the trust entity‘s compliance with risk tolerance standards.
VI. Sound Risk Management System
A. Active Board and Senior Management Oversight
a. The board of directors (or its functional oversight equivalent which may include the country head in the case of foreign banks/ institutions) and the Trust Committee shall perform their responsibilities in accordance with the applicable provisions of this Manual.
b. Independent Risk Management Function. To uphold the principles of undivided loyalty and impartiality, and discourage possible conflicts of interest, the process of measuring, monitoring, and controlling risks shall be managed as independently as practicable by a body or personnel apart from those individuals who have the authority to initiate transactions. The Board- designated body or personnel performing independent risk management on fiduciary activities shall either be part of or directly report to the risk management unit/department of the bank proper to ensure holistic implementation of enterprise-wide risk management framework. Nevertheless, the Board-designated body or personnel tasked to perform risk management function for fiduciary activities is not precluded to freely communicate with the trust officer or relevant trust committee any information relative to the discharge of its function.
B. Adequate Risk Management Processes, Policies and Procedures
1. Scope of fiduciary products and types of services offered to clients with clear description of each product and service
2. Organizational structure
3. Authorities and responsibilities of the:
(a) Board of directors
(b) Trust committee
(c) Trust investment committee and other related committees
(d) Trust officer1
(e) Trust Department/Branch/Unit Heads2
(f) Account officers/Marketing personnel, including those assigned in branches3
(g) Trading or Dealing officers and staff4
(h) Backroom officers and staff5
4. Basic standards in the administration of trust, other fiduciary business and investment management activities
5. Accounting and records maintenance
6. Policy review
7. System of financial and regulatory reporting
8. Client-oriented safety nets
C. Appropriate Risk Measurement System, Prudent Risk Limits, Monitoring and Management Information System
Risk Measurement System
a. Frequency of risk measurement
b. Sources of data, i.e., market prices
c. Appropriateness of risk measurement tools given the complexity and level of risk assumed (including the reasonableness and validity of assumptions)
d. Frequency of validation of risk measurement tools
e. Ability to measure risk at both transactional and portfolio levels
f. Frequency of review of the risk measurement system by the board of directors and the trust committee
Prudent Risk Limits
Risk Monitoring and Management Information Systems (MIS)
D. Comprehensive and effective internal controls, audit, and compliance program
Internal Control Systems
• The change in the nature and extent of significant risks, and the trust entity’s ability to respond to such changes;
• The scope and quality of management’s ongoing monitoring of risks and of the system of internal control, and the work of its internal audit function;
• The extent and frequency of the communication of results of the monitoring to the board of directors or appropriate committee;
• The incidence of significant control failings or weaknesses that have been identified, and the extent to which they have resulted in losses or potential losses; and
• The effectiveness of the trust entity’s reporting processes.
a. A strong commitment from the board of directors and Trust Committee;
b. A formalized program coordinated by a designated compliance officer that includes periodic testing and validation process;
c. Responsibility and accountability from line management;
d. Comprehensive training programs; and
e. Timely reporting and follow-up process.
(Circular No. 972 dated 22 August 2017)