FX Dealings & Internal Controls, Compliance & Risk Management

FX Dealing and Internal Controls

Stephen Cheesewright

26 March 2010

ADVISORY

FINANCIAL RISK MANAGEMENT

Structure of the Presentation

What we can learn from history

Understanding the implications of control failure

We can learn from these incidents but always with the thought – “there but for the grace of God go I”

These are my personal views and don’t necessarily represent the views of KPMG

What we can learn from History

A recurring history of disaster

Date Event or Company $ Loss Product

1987 Stock market crash Indeterminate Systemic1987 AWA $50 million Foreign Exchange1988 Hammersmith & Fulham 500 million pounds Swaps

1991 Allied Lyons 150 million pounds Currency Options

1992 European currency crisis, Dell Computer

$8 million USD Systemic

1993 Showa Shell Shekiyu 165 Billion Yen Current Options1993 Metallgesellschaft $1.3 Billion USD Energy Futures

1994 Gibsons Greetings $20 million USD Leveraged I/rate derivatives

1994 Dell Computer $35 million USD Options and leveraged products1994 Glaxo 115 million pounds Mortgage derivatives1994 Proctor & Gamble $157 million USD Currency Swaps1995 Barings, Mexican Peso crisis 1 billion pounds Stock index futures

1997 Asian currency crisis Indeterminate Systemic1998 Russian bond crisis/

Long Term Capital Management

Stability of banking system Systemic

1999 Brazilian debt crisis Stability of banking system Economy wide2000 Pasminco, Grains Board $1 billion AUD Currency hedges2001 Enron, Andersen Indeterminate Accounting & corporate governance2002 Allied Irish Bank $691 million USD Currency options2004 NAB $360 million Currency options

Allied Irish Bank – Another Leeson?

AIB subsidiary in Baltimore incurred a $US 691m loss ($A1.2 billion) over 5 years

Governance – lack of management involvement in the business realities

No policy and procedures review

Cultural Issues – bullying, disdain for auditors and back-office staff & “aggressive compensation”

Rusnak was able to “create at will assets on Allfirst’s books

Rusnak sold options to fund losses and keep trading

“The fraud was so inelegant….[but] nobody caught it”

Numerous control deficiencies


Audit issues detected but not followed through

Internal audit suffered from inadequate staffing , lack of experience and did not focus on foreign exchange trading

Inappropriateness of risk reporting

Any challenge to status quo was met with aggression and resistance

Simple exchange traded products (ETCs) were tested by the auditors – only 1 of the much higher error risk, over the counter (OTCs) products, was tested


The LessonsUnderstand and ensure fundamental controls are effective and are complied with

Aggressive behaviour is an indicator of problems

Need to challenge unusual trading strategies Be wary of sold option positions – why is cash being raised in this way?“The trades made no sense for a number of reasons” Ludwig Report 2002

National Australia Bank – Another AIB?

The losses/overstatements occurred over a number of years and appear to have increased exponentially

Analysis of losses / overstatements (AUD’s)

September 01 4 millionSeptember 02 8 millionSeptember 03 42 millionDecember 03 92 millionJanuary 04 84 millionFebruary 04 360 million


Aggressive profit targets linked to bonus structures

Traders were not honest

Use of false revaluation rates – independence of the source of revaluation rates appears to have been compromised

Management ignored limit breaches and warnings

External warnings ignored

Limit breaches not sufficiently escalated

Financial control was poor

Back office lapses – cut off and confirmation procedures were deficient – false transactions not detected because internal confirmations stopped


The Board was provided with incorrect and incomplete information

Audit Committee was provided with limited information and did not recognise the implications of the control breakdown

Risk Committee was provided with incorrect information

Executive Committee not advised of breaches

Management disbelieved limit breaches

Risk escalation not pursued

CultureFocus on processes rather than substanceAbdication of responsibility‘It can’t happen to us’


The Lessons

Fundamental controls can’t be ignored

If the limit system continually reports breaches then activities may need to be scaled down (lessening the risk) until the source of the continual limit breaches can be ascertained

There needs to be a robust and independent structure for the escalation of limit breaches

Reporting needs to also escalate issues to appropriate risk committees

Inculcating a compliance culture is important

Unlikely as it may seem – ‘it can happen to us’

Pasminco – No unauthorised activities or fraud but:

Ambitious expansion plan - $5 billion market value goalHostile takeover of Savage – debt levels and value of legacy hedge book significantly underestimated ( approx $300 million)Planned and executed transactions that were designed around a view that the AUD spot level would be 69c and the zinc price would be USD 1200 per tonne over the next 12 months

Relied on a consensus view of 42 banks that forecast the AUD/USD spot level to be 69 cents - but over the next 12 months:The $AUD dived to below 50 cents The zinc price fell to $USD800 per tonne

6 month forecast

0.50

0.60

0.70

0.80

0.90

1.00

Jan-84

Jan-86

Jan-88

Jan-90

Jan-92

Jan-94

Jan-96

Jan-98

Jan-00


Zinc price was not hedged

Policy allowed currency hedging – $2.3 billion of option ‘collars’ in a 3 cent band between 68 and 65 were eventually closed out at a $850 million loss

Sensitivity analysis – Did not give due consideration to extreme outcomes which subsequently eventuated

Poor cash management/information system – slowed reaction of management

Domineering CEO – overrode the CFO, Management and the Board


The Lessons –Impossible to predict future price movements – hazardous to position a company to ‘take advantage’ of an unknown future price movement

We need to do more than just understand the treasury policy – could it potentially create an undesirable situation?

More sensitivity analysis - financial risk exposure profile of a firm as a going concern

The need for corporate governance and moderation of authority

Understanding the implications of control failure

Type of Control : Policy

Board is aware of organisation’s financial risks and has a process in place to manage them

Organisation is caught unaware of risks and suffers unexpected loss

Board understands financial risk management and the risks and rewards

Approved risk management approach results in an outcome which the board does not expect or desire

There is no ambiguity in understanding the policy

Management has a different understanding, of the approved risk management approach, to the Board

Rationale Implications of failure

Type of Control Policy cont..

Specification of precisely which financial instruments are being used i.e. a bought option and a sold option are significantly different

Board and senior management are unaware of the potential outcome of some derivative instruments/strategies

Clear delegations and limitations of authority

If it is not ‘Black Letter Law’ it can’t be tested, monitored or discretion limited

Written policy means breaches can be clearly defined

If breaches of policy are not detected and reported there is no point in having a policy

Rationale Implications of failure

Type of Control: Matching of Inward Confirmations

Designed to detect errors in interpretation of transactions

Transactions may have long lives, rates may move significantly and losses may be severe if transaction errors take a long time to detect or are not detected until settlement

Designed to detect bogus transactions

Where a transaction is bogus and the back office does not seek confirmation – then the bogus transaction will not be detected

Designed to ensure the data in treasury and transaction systems has integrity

The system has incorrect data therefore the position is misunderstood and settlement is incorrect.

Rationale Implications of Failure

Type of Control: Protection of the Routing of Inward Confirmations

Designed to prevent interception by dealers

The dealer intercepts the inward confirmation to prevent detection of an erroneous or unauthorised transaction.


Type of Control: Segregation of rights in Electronic Banking Systems

Systems AdministrationSeparation of administrator rights prevents uncontrolled operation of users and authorizers

Non separation of administrator rights allow unauthorised creation of users and authorisers – thus facilitating a fraud

Creation and Authorisation of PaymentsSegregation of payment duties prevent the creation of unauthorised payments

Non separation of payment rights potentially allows the creation of unauthorised payments

Locking of Payment TemplatesLocking of payment templates enables authorisers to rely on payment templates

Non locking of payment templates means that payment details including account numbers cannot be relied on by authorisers without thorough checking


Type of Control : Prohibition of Facsimile Payment Instructions

Receiver of facsimiles cannot detect whether the payment instructions originated from an authorised or unauthorised source or whether they has been tampered with

An external party sends unauthorised payment instructions to the organisation’s banker – which it acts upon it

Ditto A fraud is facilitated by the ability of officer or director of the organisation producing an unauthorised payment instruction to use previously authorised transactions

Ditto The payment instructions may be authorised but have then been amended in an unauthorised manner


Type of Control : Standard Settlement Instructions (‘SSI’s)

SSIs issued to counterparties ensure that they only pay funds to accounts properly controlled by your entity

Counterparties may receive instructions (either within - or by a party external to the organisation) to pay funds to an unauthorised location/beneficiary

SSIs received from a counterparty means that officers authorising payments to a counterparty can verify beneficiary account details to a ‘certified’ document

Payment instruction (whether manual or electronic) may outwardly appear to be made to the correct counterparty – but may have incorrect account details.


Type of Control : Outward Confirmations/Return of Inward Confirmations

The sending of outward confirmations ensures that your organisation has confirmed its version of events and that should there be a bogus transaction entered in the system – then this may be confirmed by the counterparty querying the transaction

Absent an outward confirmation – the organisation is potentially reliant on the counterparties view of events

Ditto Reduces error detection

Ditto A bogus transaction may not be detected – there is no inward confirmation


Type of Control : Independent Reconciliation of ‘Nostro’/Bank and Suspense Accounts

Timely detection of ‘non – system’ originated entries

Lose control of reconciliation processes – inability to account for transactions – inability to reconcile the bank account to the G/L

Detection of unauthorised transactions

If reconciliation is undertaken by staff initiating &/or settling transactions then they may be able to prevent detection of a fraud by accounting staff

Detection and differentiation of foreign exchange positions versus asset and liability positions

Inadvertent creation of unintended foreign exchange positions


Type of Control : Monitoring of Transaction Activity by an Independent Party

Detection of unauthorised transactions or unusual trading patterns

Unauthorised transactions or trading patterns may go undetected


Type of Control : Control the establishment of Bank Accounts and Facilities

Control over the opening of bank account ensures that funds cannot disbursed throughout the organisation

Treasury loses control of the organisations liquidity

Control over the opening of bank account assist to ensure that all funds are only banked to authorised accounts

Fraud

Banking facilities should only be Board authorised so that unauthorised losses cannot be hidden

Unauthorised losses are not detected in a timely manner


Type of Control : Independent Sourcing of revaluation rates

It is important that revaluations rates are not tampered with so that profit is correctly stated and risk systems correctly reflect the risk position

P&L is overstated disguising unauthorised losses

Ditto Risk Metric System understates the risks being run by the organisation.


Contacts

Presenter’s contact detailsName: Stephen Cheesewright

Position: Director

Phone: (03) 9288 5645

Email: [email protected]

www.kpmg.com.au

Disclaimer

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions contained in the presentation / paper are those of the author and do not necessarily represent the views and opinions of KPMG, an Australian partnership, part of the KPMG International network. The author disclaims all liability to any person or entity in respect to any consequences of anything done, or omitted to be done.

FX Dealings & Internal Controls, Compliance & Risk Management

Economy & Finance

Transcript of FX Dealings & Internal Controls, Compliance & Risk Management