1. Firms need to establish a mechanism to ensure that they have internal accounting controls and risk management controls. Supervisors need to establish a mechanism to satisfy themselves that the entities they regulate have internal accounting controls and risk management controls. The supervisory mechanism need not prescribe specific and detailed controls, but rather provide general guidance to firms.

2. Firms and supervisors need to determine that controls are set and monitored at the senior management level at a firm; responsibility for monitoring controls is clearly defined; and senior management promotes a culture of controls at all levels within a firm.

Nature and Scope of Controls

3. Firm guidance and guidance from supervisors should cover both internal accounting controls and risk management and controls.

4. Internal accounting controls for firms should include books and records requirements and segregation of duties controls that are designed to safeguard assets of the entity and to safeguard customer property.

5. Risk management and controls for firms should include controls for overall firm and individual trading desk limits, market risk, credit risk, legal risk, operational risk, and liquidity risk.

Implementation

6. Firm guidance from senior management to the business units regarding controls should contain general guidance at the most senior levels and specific and detailed guidance as the information flows to smaller business units and individual trading desks.

7. Firms should have and supervisors should require written documentation about their control procedures.

Verification

8. Firms and supervisors need to determine that controls, once established by management, are effectively operating as designed on a continuous basis.

9. Firms and supervisors need to establish mechanisms to verify that controls, once established, are being followed. The verification procedures should include internal audits, which should be independent of the trading desks and the revenue side of the business, and external audits by independent accountants. For supervisors, additional verification would be accomplished through an examination process. Firms need to determine that recommendations by auditing bodies and supervisors are properly implemented.

10. Firms and supervisors need to determine that controls, once established, keep pace with new products and industry technology.

Reporting

11. Firms need to establish and supervisors should require mechanisms to report material inadequacies or breakdowns in controls to senior management and supervisors on a timely basis.

12. Firms should be prepared to provide supervisors with relevant information about controls. Supervisors should have mechanisms to share information about controls with each other.