A. Adopt performance or design standards.

Where they have appropriate jurisdiction, regulators could promulgate regulations setting performance or design standards. Regulators could mandate that firms engaging in OTC business have in place a system of operational and financial risk management controls which addresses the issues and meets the objectives specified in Part II above. Regulators could require report by self-audit or third-party audit of material inadequacies or deficiencies in such controls on a periodic basis (e.g., a condition that could inhibit the completion of transactions or result in a failure of an accounting or risk-management system). See E. below.

The appropriate level of detail required to be specified in a system is a matter for discussion. Regardless of the specificity of the policies adopted, the need for management to articulate its system and policies should have a beneficial effect. In particular, such a review should cause management to focus on potential risks and benefits of derivatives as a component of financial and funding activities in general.

Regulators could also consider devising new regulations specifically tailored to OTC derivatives activity. For example, regulators could enact rules expressly requiring regulated firms to supervise their OTC derivatives traders and risk managers and to obtain and maintain timely specified documentation and records of derivatives transactions (e.g., similar to underwriting logs, deal sheets, confirmations, etc.) or to follow other specific risk reduction methodologies (e.g., use master agreements, and document credit analyses).

B. Interpret existing rules to subsume management control requirements for OTC business.

Many regulators currently measure compliance with certain supervisory or other prudential requirements by evaluating management control mechanisms of firms. For example, many jurisdictions interpret their supervisory requirements for regulated entities to apply to accounts, systems, and personnel and to reach up the chain of command to the person with the ultimate authority to hire or fire. Under this reading, certain members of the board of directors may be cited for supervisory failures relative to firm operational controls. Effective management controls generally are considered essential to meeting such supervision requirements.

Other types of requirements could also be met through the implementation of management controls. For example, certain fiduciary requirements in some jurisdictions preclude an intermediary from acting in conflict with the interests of its customers. Further, most regulators impose various recordkeeping requirements on regulatees and/or require minimum capital levels and reporting of shortfalls immediately. This necessitates systems to produce the desired reports. These rules are not particularized to OTC risks and, in some cases, would have to be extended by interpretation to cover such risks.

Some jurisdictions also regard corporate board members and certain types of end-user management (e.g., pension funds) as fiduciaries and impose duties of care and financial responsibility or prudence that may need to be addressed through adequate management and operational controls.

C. Collect information on risks and risk management controls and policies.

Rules also could be adopted which authorize regulators to collect specified information on risks related to OTC derivatives activity undertaken in affiliates of regulated entities and on risk management policies of the regulated firms. Such rules have the beneficial effect of requiring risk analyses to be undertaken within firms by officers responsible for financial reports.

In jurisdictions which require consolidated supervision, guidance could be issued as to how to achieve group controls.

D. Require assessment of counterparties.

Regulators could mandate that regulated intermediaries inquire before entering into transactions with potential counterparties as to certain specified management controls (e.g., marking-to-market and documentation).

Regulators also could consider making inquiries into the existence of management controls (or representations as to their existence) relevant to so-called "suitability," "know your customer," "authority" or "access" determinations made by persons marketing OTC derivatives.

E. Require management assessments and regulatory examinations or auditor's reports on controls - either by internal independent audit staffs or third-party auditors.

Regulators could periodically examine firms' practices and comment on controls in place or could issue rules or guidance compliance with which is established through routine audits conducted by regulators or relevant self-regulating organisations ("SROs").

Regulators also could require management of regulated firms periodically to assess and to document their implementation of the firm's risk management policies, and require the submission of reports on those policies (by independent internal audit staffs, or independent third parties) to regulators.

The discipline of self-assessment and independent auditing and reporting to regulators could be expected to heighten the attention of all levels of management and the board of directors as to the importance of such controls.

A number of models for reporting to regulators by auditors and reporting accountants already exist. In addition to routine reporting arising from audits or specific regulatory assignments, regulators may wish to consider requiring ad hoc reporting by auditors of matters which become known to them in the course of their work.

F. Require Self-Regulatory Organization oversight by reference to industry standards.

In addition to (or as an alternative to) rulemaking aimed directly at market participants, regulators may consider requiring industry SROs to adopt rules directing their members to employ specific management control mechanisms. Regulators also may wish to encourage SROs to implement procedures for SRO or other third-party review of individual firms' management controls. Separately, SROs may seek to develop innovative means of ensuring their members meet management control objectives.

G. Require pre-clearance of systems and controls as part of fitness determinations.

Controls could be reviewed as part of fitness determinations and qualifications to engage in specific types of business.

H. Limit OTC dealer activity to regulated intermediaries.

In order to encourage appropriate use of management policies related to market, credit and other risks, regulators could require OTC dealing activity to be undertaken solely by regulated intermediaries, thus causing existing supervisory rules to pertain to all derivatives dealers.

This approach is complicated by the fact that in most jurisdictions the intermediaries engaged in OTC business are subject to various regulatory regimes. For example, such activities could be conducted in a bank, a securities firm, a commodities intermediary firm, a pension fund or collective investment vehicle, or by a merchant or trader. To the extent activity is undertaken in an entity engaging in "dealing" (that is, "two-way" market making) activities that are not regulated two questions arise: which regulator and which institutional model should be followed. This also raises questions about regulatory convergence between differently regulated institutions. Some jurisdictions consider it unlikely that this is a viable alternative.

I. Nonregulated Market Participants

While regulators cannot impose management control requirements directly over nonregulated entities, regulators may be able to influence the acceptance of best practice.

Nonregulated firms do have significant economic incentives adequately to supervise employees and effectively to manage their derivatives risk. Regulators nevertheless could promote best practice by all potential counterparties by encouraging regulated intermediaries to use contractual or documentation practices that address certain of their customers' management control mechanisms such as marking-to-market or specified documentation.