The framework of risk management policies and procedures and management controls overseen by the board of directors or equivalent management body of the firm should specifically cover derivatives activity, clearly establish responsibility for its implementation, and provide for accurate, informative and timely reporting to management. This framework should be communicated to all concerned and should be reviewed as business and market circumstances change.

The firm's board of directors or other equivalent body should establish and communicate risk management policies and procedures for OTC derivatives activities that are integrated with the firm's overall management policies. Such policies and procedures should address the measurement of market risk and credit risk including aggregate exposures against risk tolerance objectives (position limits or capital at risk); acceptability criteria for counterparties, strategies and products (hedging, covered writing, risk management, position taking and related legal risks); risk monitoring procedures and exception reporting criteria; personnel policies (including expertise, training and compensation policies); the separation of trading and risk management functions; and the establishment of management controls and checks over accounts, traders, operational staff and systems.

The framework should provide for two-way communication between the board and persons responsible for implementing board policies.

Delineation of derivatives authority should be without prejudice to ultimate board supervisory responsibility.

2. Independent Market Risk Management

Management controls should provide for independent market risk management at the firm to develop and monitor the application of risk limit policies, to review and approve pricing models and valuation systems (including mark-to-market mechanisms) for use by front and back office staff, to re-assess such systems from time to time as appropriate, to monitor for significant variances in the volatilities, and to carry out stress simulations.

Controls should address stress scenarios, confidence levels, credit assumptions and market risk measurement methodologies, separation of back office, accounting and compliance functions from trading, risk policies and integration of accounting systems. Stress tests should test the consequences of severe price moves and changes in market behavior, including changes in correlations and other risk assumptions.

3. Independent Credit Risk Management

Management controls should provide for independent credit risk management at the firm to consider credit exposure measurement standards, set and monitor credit limits, and to review leverage, concentration and risk reduction arrangements.

Appetite for risk, quality of credits, level of concentration, reliance on credit enhancements, measurement methodologies and separation of sales supervision from exposure supervision should be subject to controls. Controls also should address the risk of failure to deliver or of termination provisions, as appropriate.

4. In-House Expertise and Resources

In view of the speed of evolution and complexity of derivatives products, firms should devote adequate resources to all aspects of risk management controls, including back office systems and accounting and supervision. Firms also should make every effort to ensure that knowledge at all levels of the firm, and of traders and risk managers is adequate in terms of market developments for the appropriate assessment and management of risks.

5. Risk Reduction Techniques

Firms should as appropriate use risk reduction techniques such as master agreements, netting arrangements, collateralization of transactions and third party credit enhancements, including letters of credit and guarantees. Firms also should consider risk reduction techniques to address operations risk, including contingency planning.

Controls should address credit enhancements in terms of exposure and explore the use of master agreements to reduce documentation risk and to increase the potential to assign and/or otherwise unwind transactions. Legal capacity of counterparties to transact and legality of netting arrangements should be evaluated.

6. Valuations and Exposures

Firms on both an entity and a group basis should have the capability to make accurate risk valuations daily, using an acceptable pricing methodology to mark-to-market and to identify concentrations. Potential exposures to credit and market risk should also be calculated using appropriate methodologies. Exposures may be aggregated provided netting arrangements are acceptable and enforceable.

Arrangements should be made to value dynamic portfolios sufficiently frequently to address exposures taking into account legal netting arrangements. Outputs of simulations should be tested against actual results and adjusted accordingly.

7. Systems

Firms' accounting, risk management and information systems should ensure adequate and timely documenting, processing, confirming, approving as appropriate, and reconciling of trades and valuation systems used by front and back offices; assessing of risk on a global (firm-wide) basis; accurate and timely reporting to management; and external reporting by management. Internal or external independent systems reviews should be used to verify that such systems are operating as designed.

The complexity and dynamic nature of derivatives trading activity and portfolios require that accurate and timely information is always available. Systems must be kept constantly under review to be certain that they permit tracking and reporting financial performance and effectuating management policies. Significant deficiencies in the design or operation of the systems that could adversely affect the entity's ability to record, process, summarize, and report financial data should be reported upon. This is not intended to define the scope of external financial audits.

8. Liquidity, Funding Arrangements and Financial Performance

Firms need to monitor on a continuing basis financial performance, including profit and loss, funding requirements and sources and cash flows.

Risk management personnel need to take account of revenues and the adequacy of funding arrangements in designing and implementing risk management strategies. Liquidity planning should attempt to anticipate changes in cash flow or funding requirements and should accommodate the possible need to rebalance portfolios, augment collateral, and permit the management of defaults.