FX Dealings & Internal Controls, Compliance & Risk Management
-
Upload
expoco -
Category
Economy & Finance
-
view
640 -
download
0
description
Transcript of FX Dealings & Internal Controls, Compliance & Risk Management
FX Dealing and Internal Controls
Stephen Cheesewright
26 March 2010
ADVISORY
FINANCIAL RISK MANAGEMENT
Structure of the Presentation
What we can learn from history
Understanding the implications of control failure
We can learn from these incidents but always with the thought – “there but for the grace of God go I”
These are my personal views and don’t necessarily represent the views of KPMG
What we can learn from History
A recurring history of disaster
Date Event or Company $ Loss Product
1987 Stock market crash Indeterminate Systemic1987 AWA $50 million Foreign Exchange1988 Hammersmith & Fulham 500 million pounds Swaps
1991 Allied Lyons 150 million pounds Currency Options
1992 European currency crisis, Dell Computer
$8 million USD Systemic
1993 Showa Shell Shekiyu 165 Billion Yen Current Options1993 Metallgesellschaft $1.3 Billion USD Energy Futures
1994 Gibsons Greetings $20 million USD Leveraged I/rate derivatives
1994 Dell Computer $35 million USD Options and leveraged products1994 Glaxo 115 million pounds Mortgage derivatives1994 Proctor & Gamble $157 million USD Currency Swaps1995 Barings, Mexican Peso crisis 1 billion pounds Stock index futures
1997 Asian currency crisis Indeterminate Systemic1998 Russian bond crisis/
Long Term Capital Management
Stability of banking system Systemic
1999 Brazilian debt crisis Stability of banking system Economy wide2000 Pasminco, Grains Board $1 billion AUD Currency hedges2001 Enron, Andersen Indeterminate Accounting & corporate governance2002 Allied Irish Bank $691 million USD Currency options2004 NAB $360 million Currency options
Allied Irish Bank – Another Leeson?
AIB subsidiary in Baltimore incurred a $US 691m loss ($A1.2 billion) over 5 years
Governance – lack of management involvement in the business realities
No policy and procedures review
Cultural Issues – bullying, disdain for auditors and back-office staff & “aggressive compensation”
Rusnak was able to “create at will assets on Allfirst’s books
Rusnak sold options to fund losses and keep trading
“The fraud was so inelegant….[but] nobody caught it”
Numerous control deficiencies
Allied Irish Bank – Another Leeson?
Audit issues detected but not followed through
Internal audit suffered from inadequate staffing , lack of experience and did not focus on foreign exchange trading
Inappropriateness of risk reporting
Any challenge to status quo was met with aggression and resistance
Simple exchange traded products (ETCs) were tested by the auditors – only 1 of the much higher error risk, over the counter (OTCs) products, was tested
Allied Irish Bank – Another Leeson?
The LessonsUnderstand and ensure fundamental controls are effective and are complied with
Aggressive behaviour is an indicator of problems
Need to challenge unusual trading strategies Be wary of sold option positions – why is cash being raised in this way?“The trades made no sense for a number of reasons” Ludwig Report 2002
National Australia Bank – Another AIB?
The losses/overstatements occurred over a number of years and appear to have increased exponentially
Analysis of losses / overstatements (AUD’s)
September 01 4 millionSeptember 02 8 millionSeptember 03 42 millionDecember 03 92 millionJanuary 04 84 millionFebruary 04 360 million
National Australia Bank – Another AIB?
Aggressive profit targets linked to bonus structures
Traders were not honest
Use of false revaluation rates – independence of the source of revaluation rates appears to have been compromised
Management ignored limit breaches and warnings
External warnings ignored
Limit breaches not sufficiently escalated
Financial control was poor
Back office lapses – cut off and confirmation procedures were deficient – false transactions not detected because internal confirmations stopped
National Australia Bank – Another AIB?
The Board was provided with incorrect and incomplete information
Audit Committee was provided with limited information and did not recognise the implications of the control breakdown
Risk Committee was provided with incorrect information
Executive Committee not advised of breaches
Management disbelieved limit breaches
Risk escalation not pursued
CultureFocus on processes rather than substanceAbdication of responsibility‘It can’t happen to us’
National Australia Bank – Another AIB?
The Lessons
Fundamental controls can’t be ignored
If the limit system continually reports breaches then activities may need to be scaled down (lessening the risk) until the source of the continual limit breaches can be ascertained
There needs to be a robust and independent structure for the escalation of limit breaches
Reporting needs to also escalate issues to appropriate risk committees
Inculcating a compliance culture is important
Unlikely as it may seem – ‘it can happen to us’
Pasminco – No unauthorised activities or fraud but:
Ambitious expansion plan - $5 billion market value goalHostile takeover of Savage – debt levels and value of legacy hedge book significantly underestimated ( approx $300 million)Planned and executed transactions that were designed around a view that the AUD spot level would be 69c and the zinc price would be USD 1200 per tonne over the next 12 months
Relied on a consensus view of 42 banks that forecast the AUD/USD spot level to be 69 cents - but over the next 12 months:The $AUD dived to below 50 cents The zinc price fell to $USD800 per tonne
6 month forecast
0.50
0.60
0.70
0.80
0.90
1.00
Jan-84
Jan-86
Jan-88
Jan-90
Jan-92
Jan-94
Jan-96
Jan-98
Jan-00
Pasminco – No unauthorised activities or fraud but:
Zinc price was not hedged
Policy allowed currency hedging – $2.3 billion of option ‘collars’ in a 3 cent band between 68 and 65 were eventually closed out at a $850 million loss
Sensitivity analysis – Did not give due consideration to extreme outcomes which subsequently eventuated
Poor cash management/information system – slowed reaction of management
Domineering CEO – overrode the CFO, Management and the Board
Pasminco – No unauthorised activities or fraud but:
The Lessons –Impossible to predict future price movements – hazardous to position a company to ‘take advantage’ of an unknown future price movement
We need to do more than just understand the treasury policy – could it potentially create an undesirable situation?
More sensitivity analysis - financial risk exposure profile of a firm as a going concern
The need for corporate governance and moderation of authority
Understanding the implications of control failure
Type of Control : Policy
Board is aware of organisation’s financial risks and has a process in place to manage them
Organisation is caught unaware of risks and suffers unexpected loss
Board understands financial risk management and the risks and rewards
Approved risk management approach results in an outcome which the board does not expect or desire
There is no ambiguity in understanding the policy
Management has a different understanding, of the approved risk management approach, to the Board
Rationale Implications of failure
Type of Control Policy cont..
Specification of precisely which financial instruments are being used i.e. a bought option and a sold option are significantly different
Board and senior management are unaware of the potential outcome of some derivative instruments/strategies
Clear delegations and limitations of authority
If it is not ‘Black Letter Law’ it can’t be tested, monitored or discretion limited
Written policy means breaches can be clearly defined
If breaches of policy are not detected and reported there is no point in having a policy
Rationale Implications of failure
Type of Control: Matching of Inward Confirmations
Designed to detect errors in interpretation of transactions
Transactions may have long lives, rates may move significantly and losses may be severe if transaction errors take a long time to detect or are not detected until settlement
Designed to detect bogus transactions
Where a transaction is bogus and the back office does not seek confirmation – then the bogus transaction will not be detected
Designed to ensure the data in treasury and transaction systems has integrity
The system has incorrect data therefore the position is misunderstood and settlement is incorrect.
Rationale Implications of Failure
Type of Control: Protection of the Routing of Inward Confirmations
Designed to prevent interception by dealers
The dealer intercepts the inward confirmation to prevent detection of an erroneous or unauthorised transaction.
Rationale Implications of Failure
Type of Control: Segregation of rights in Electronic Banking Systems
Systems AdministrationSeparation of administrator rights prevents uncontrolled operation of users and authorizers
Non separation of administrator rights allow unauthorised creation of users and authorisers – thus facilitating a fraud
Creation and Authorisation of PaymentsSegregation of payment duties prevent the creation of unauthorised payments
Non separation of payment rights potentially allows the creation of unauthorised payments
Locking of Payment TemplatesLocking of payment templates enables authorisers to rely on payment templates
Non locking of payment templates means that payment details including account numbers cannot be relied on by authorisers without thorough checking
Rationale Implications of Failure
Type of Control : Prohibition of Facsimile Payment Instructions
Receiver of facsimiles cannot detect whether the payment instructions originated from an authorised or unauthorised source or whether they has been tampered with
An external party sends unauthorised payment instructions to the organisation’s banker – which it acts upon it
Ditto A fraud is facilitated by the ability of officer or director of the organisation producing an unauthorised payment instruction to use previously authorised transactions
Ditto The payment instructions may be authorised but have then been amended in an unauthorised manner
Rationale Implications of Failure
Type of Control : Standard Settlement Instructions (‘SSI’s)
SSIs issued to counterparties ensure that they only pay funds to accounts properly controlled by your entity
Counterparties may receive instructions (either within - or by a party external to the organisation) to pay funds to an unauthorised location/beneficiary
SSIs received from a counterparty means that officers authorising payments to a counterparty can verify beneficiary account details to a ‘certified’ document
Payment instruction (whether manual or electronic) may outwardly appear to be made to the correct counterparty – but may have incorrect account details.
Rationale Implications of Failure
Type of Control : Outward Confirmations/Return of Inward Confirmations
The sending of outward confirmations ensures that your organisation has confirmed its version of events and that should there be a bogus transaction entered in the system – then this may be confirmed by the counterparty querying the transaction
Absent an outward confirmation – the organisation is potentially reliant on the counterparties view of events
Ditto Reduces error detection
Ditto A bogus transaction may not be detected – there is no inward confirmation
Rationale Implications of Failure
Type of Control : Independent Reconciliation of ‘Nostro’/Bank and Suspense Accounts
Timely detection of ‘non – system’ originated entries
Lose control of reconciliation processes – inability to account for transactions – inability to reconcile the bank account to the G/L
Detection of unauthorised transactions
If reconciliation is undertaken by staff initiating &/or settling transactions then they may be able to prevent detection of a fraud by accounting staff
Detection and differentiation of foreign exchange positions versus asset and liability positions
Inadvertent creation of unintended foreign exchange positions
Rationale Implications of Failure
Type of Control : Monitoring of Transaction Activity by an Independent Party
Detection of unauthorised transactions or unusual trading patterns
Unauthorised transactions or trading patterns may go undetected
Rationale Implications of Failure
Type of Control : Control the establishment of Bank Accounts and Facilities
Control over the opening of bank account ensures that funds cannot disbursed throughout the organisation
Treasury loses control of the organisations liquidity
Control over the opening of bank account assist to ensure that all funds are only banked to authorised accounts
Fraud
Banking facilities should only be Board authorised so that unauthorised losses cannot be hidden
Unauthorised losses are not detected in a timely manner
Rationale Implications of Failure
Type of Control : Independent Sourcing of revaluation rates
It is important that revaluations rates are not tampered with so that profit is correctly stated and risk systems correctly reflect the risk position
P&L is overstated disguising unauthorised losses
Ditto Risk Metric System understates the risks being run by the organisation.
Rationale Implications of Failure
Contacts
Presenter’s contact detailsName: Stephen Cheesewright
Position: Director
Phone: (03) 9288 5645
Email: [email protected]
www.kpmg.com.au
Disclaimer
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions contained in the presentation / paper are those of the author and do not necessarily represent the views and opinions of KPMG, an Australian partnership, part of the KPMG International network. The author disclaims all liability to any person or entity in respect to any consequences of anything done, or omitted to be done.