1. As is standard practice for most banking activities, an institution should maintain written policies and procedures that clearly outline its risk management guidance for derivatives activities. At a minimum these policies should identify the risk tolerances of the board of directors and should clearly delineate lines of authority and responsibility for managing the risk of these activities. Individuals involved in derivatives activities should be fully aware of all policies and procedures that relate to their specific duties.
Board of directors
2. The board of directors should approve all significant policies relating to the management of risks throughout the institution. These policies, which should include those related to derivatives activities, should be consistent with the organisation's broader business strategies, capital strength, management expertise and overall willingness to take risk. Accordingly, the board should be informed regularly of the risk exposure of the institution and should regularly re-evaluate significant risk management policies and procedures with special emphasis placed on those defining the institution's risk tolerance regarding these activities. The board of directors should also conduct and encourage discussions between its members and senior management, as well as between senior management and others in the institution, regarding the institution's risk management process and risk exposure.
3. Senior management should be responsible for ensuring that there are adequate policies and procedures for conducting derivatives operations on both a long-range and day-to-day basis. This responsibility includes ensuring that there are clear delineations of lines of responsibility for managing risk, adequate systems for measuring risk, appropriately structured limits on risk taking, effective internal controls and a comprehensive risk-reporting process.
4. Before engaging in derivatives activities, management should ensure that all appropriate approvals are obtained and that adequate operational procedures and risk control systems are in place. Proposals to undertake derivatives activities should include, as applicable:
- a description of the relevant financial products, markets and business strategies;
- the resources required to establish sound and effective risk management systems and to attract and retain professionals with specific expertise in derivatives transactions;
- an analysis of the reasonableness of the proposed activities in relation to the institution's overall financial condition and capital levels;
- an analysis of the risks that may arise from the activities;
- the procedures the bank will use to measure, monitor and control risks;
- the relevant accounting guidelines;
- the relevant tax treatment; and
- an analysis of any legal restrictions and whether the activities are permissible.
5. After the institution's initial entry into derivatives activities has been properly approved, any significant changes in such activities or any new derivatives activities should be approved by the board of directors or by an appropriate level of senior management, as designated by the board of directors.
6. Senior management should regularly evaluate the procedures in place to manage risk to ensure that those procedures are appropriate and sound. Senior management should also foster and participate in active discussions with the board, with staff of risk management functions and with traders regarding procedures for measuring and managing risk. Management must also ensure that derivatives activities are allocated sufficient resources and staff to manage and control risks.
7. As a matter of general policy, compensation policies - especially in the risk management, control and senior management functions - should be structured in a way that is sufficiently independent of the performance of trading activities, thereby avoiding the potential incentives for excessive risk taking that can occur if, for example, salaries are tied too closely to the profitability of derivatives.
Independent risk management functions
8. To the extent warranted by the bank's activities, the process of measuring, monitoring and controlling risk consistent with the established policies and procedures should be managed independently of individuals conducting derivatives activities, up through senior levels of the institution. An independent system for reporting exposures to both senior-level management and to the board of directors is an important element of this process.
9. The personnel staffing independent risk management functions should have a complete understanding of the risks associated with all of the bank's derivatives activities. Accordingly, compensation policies for these individuals should be adequate to attract and retain personnel qualified to assess these risks.