This Charter of Best Practice has been approved by the Committee of the Association for recommendation to its members. It is based the Charter of Best Practice published by the International Group of Treasury Associations (IGTA), of which the Association is a member, and has been adapted for use in the Irish market. The IGTA Charter is, in turn, based on PricewaterhouseCoopers’ Generally Accepted Risk Principles (published in 1996).
Listing of Principles
- 1. Risk Management StrategyPrinciple 1: Role of the Board
The responsibility for understanding the risks run by the company, and ensuring that they are appropriately managed within well defined risk management policies, is placed clearly with the board of directors. The boardís understanding of the risks and the approved risk management policies must be set out in the treasury policy, which must be formally approved by the board, with compliance therewith reviewed by the board at least on an annual basis.
Principle 2: Role of the Executive Committee
The board of directors must approve risk management strategies, but will delegate authority for day-to-day decisions to an executive committee/treasury so that risk can be effectively managed in the company.
Principle 3: Identification and Assessment of Risk
The board, through the executive committee, should identify and assess the risks the firm is taking on and develop a firm-wide risk management strategy to cover those risks. It should put structures in place to actively manage the quantifiable risks the firm takes on and to control the unquantifiable risks.
Principle 4: Role of the Risk Management Group
A risk management group, including members of the executive committee, should be responsible for defining the companyís risk management policies and ensuring that the risk strategy is implemented through the development of appropriate procedures and investment in skills and systems.
Principle 5: Risk Management Policies
Risk management policies must be prepared by the risk management group and reviewed and approved, on a regular basis by the executive committee, which in turn must submit them to the board of directors for adoption. The risk management group should be provided with adequate resources and systems to enable them to implement these policies effectively.
Principle 6: Lines of Responsibility
The group organisation structure should have clear reporting lines and responsibilities to enable the executive committee to monitor and control activities.
Principle 7: Delegation of Risk Authority
The group organisation should provide a risk framework by which authority is delegated to business units/subsidiaries, within clear mandates set by the board and the executive committee.
Principle 8: Risk Limits
The risk management group should initiate and maintain a set of limits to manage and restrict the maximum amount of risk across business units. This set of limits should be agreed, through the executive committee, with the board.
Principle 9: Evaluation of Effectiveness
The executive committee should evaluate the independence and overall effectiveness of the firmís control and risk management infrastructure on a regular basis.
- 2. The Risk Management FunctionPrinciple 10: Role of the Risk Management Function
There should be an independent risk management function with clearly defined responsibilities, reporting directly to the risk management group.
In certain organisations the risk management function may equate to the treasury.
Principle 11: Role of the Head of Risk
There should be a head of the risk management function that is responsible for ensuring day-to-day measurement, monitoring and evaluation of risk across the company.
Principle 12: Prudent Selection of Risk Management Instruments
The risk management function should only assume the management of risk, using risk management instruments and techniques approved for use in the treasury policy and of which it has proven ability to independently:
identify, quantify and re-value the risk of the instruments ongoing,
trade the component parts of the risk management structure efficiently, and are able to report the results of comprehensively.
Principle 13: Ethical Behaviour of the Risk Management Function
The risk management function should in its dealing with banks and other counter parties adhere to the ethical standards determined by the Irish Association of Corporate Treasurers.
- 3. Risk Measurement, Reporting & Control3.1 Market Risk Measurement
Principle 14: Valuation
All positions should be independently valued at fair value using approved policies and procedures at daily/weekly or other regular intervals, as appropriate, depending on their volume, complexity and risk profile.
Principle 15: Risk Decomposition
Market risk components inherent in any product should be identified to provide a basis for ensuring that market risk measurement is accurate.
3.2 Credit Risk Measurement
Principle 16: Netting
Companies should net credit exposures only where supported by the appropriate legal netting agreements.
Principle 17: Creditworthiness
The executive committee should be responsible for the evaluation of customer and counterparty creditworthiness and the setting of individual credit limits.
Principle 18: Settlement Risk Measurement
Settlement risk exposure should be measured in addition to pre-settlement risk and compared to separate settlement risk limits for individual counterparties on a daily basis
3.3 Liquidity Risk Measurement
Principle 19: Cash Management
Short-term projected cash flows for each currency should be measured and monitored in order to anticipate future funding requirements.
Principle 20: Funding Strategies
Alternative strategies to meet liquidity needs arising from either a loss of market liquidity or market access should be incorporated into the company’s contingency liquidity planning process.
Principle 21: Liquidity Assurance and Compliance Reporting
Assuring the liquidity of the company by whatever means available should be the first priority of treasury. However in the event where a liquidity crisis becomes likely it is the duty of the Treasurer to immediately notify the board officially of the situation.
3.4 Risk monitoring & aggregation
Principle 22: Risk Consolidation and Monitoring
Market, credit and liquidity risks should be aggregated on a company-wide basis and monitored against company-wide guidelines or limits on a daily basis, with regular reporting on any risk, limit or guideline breaches.
Principle 23: Limit Review Procedures
Risk limits should be re-examined in connection with market conditions and any changes in trading strategy.
Principle 24: New Product Evaluation and Authorisation
A formal process should be established for new product trading which details the rationale for the use of the product, alterations required to existing policy documents, a valuation process, a list of potential counterparties and assurances that adequate controls and procedures, systems and risk analysis techniques are in place.
- 4. Operations4.1 Front Office
Principle 25: Authorisation
Management should set clear levels of authority for committing the company to different types of transactions.
Principle 26: Trade Capture
Controls need to be in place to ensure the completeness, accuracy and timeliness of trade captured.
4.2 Middle and Back Office
Principle 27: Valuations
Formally documented and approved policies and procedures should be used for the revaluation of positions. Valuations should be based on an appropriate bid or offer level obtained from a recognised provider of market data and, where applicable, calculated using standard market techniques and models. This should be in compliance with generally accepted accounting standards.
Principle 28: Profit and Loss Reporting
Preparation of profit and loss statements for the companyís portfolios should be performed on a regular basis consistent with the nature and complexity of the companyís treasury activities.
Principle 29: Price Verification
Prices and rates used for revaluation should be taken from independent sources. Where in-house prices are used, independent review procedures should be in place, including independent models.
Principle 30: Trade Processing
Approved transactions should be processed in a timely manner, with an audit trail that links the transaction to the initiator.
Principle 31: Confirmation
All transactions should be confirmed independently of the trading function with the trading counterparty within defined time constraints. All outstanding confirmations should be reported and followed up on a daily basis.
Principle 32: Settlements
All cash and security movements should be properly authorised by senior staff and be executed by staff independent of the trading, trade processing and reconciling functions, with each movement requiring the involvement of at least two such independent staff.
Principle 33: Reconciliation
Independent reconciliation should be carried out with third parties on a regular basis (consistent with the level of transactions) and internal reconciliation should be performed as appropriate.
Principle 34: Asset Control
Controls should exist to ensure that all assets (the companyís own and third parties) are safeguarded and those belonging to third parties are identified and segregated.
Principle 35: Transaction Reporting
Management should take sufficient measures to satisfy itself that its transactions are being reported to all necessary regulators and exchanges, if applicable, on a timely basis.
Principle 36: Recruitment and Staffing
The company should ensure that all treasury management, trading, operations, risk management and auditing activities are undertaken by professionals in sufficient number and with appropriate experience, skill levels and degree of specialisation.
Principle 37: Training
The requisite skills, training and experience for each level of treasury resource should be aligned to the output expected from an employee on that level (as defined in the education framework proposed to the International Group of Treasury Associations (IGTA))
Principle 38: Compensation Policies
Compensation levels should reflect the skills required in each area of the business: compensation policies should not encourage behaviour that is inconsistent with the companyís goals.
Principle 39: Internal Audit
An internal audit function should be set up by the board to examine, evaluate and report on accounting and other controls over operations. Internal audit should be specifically charged with assessing, for each area it examines, the adequacy or otherwise of the IT and other systems in operation, in relation to the risk management strategy adopted.
Principle 40: Taxation
The executive committee should ensure that the firmís activities taken as a whole, and the individual company and business lines taken separately, are subject to regular informed review by tax experts so that the business should not be exposed to material risk of loss due to breaches of tax legislation or failure to anticipate tax problems.
Principle 41: Legal Documentation
Relationships with all custodians, brokers and trading counterparties should be determined and appropriate legal documentation should be in place before any business commences. This should also apply where a group of companies under common ownership transacts and/or deals between its members.
Principle 42: Business Continuation
The board must ensure that adequate and comprehensive business continuation plans have been established and tested to address any disruption to normal business operations.
- 5. Risk Management SystemsPrinciple 43: Frequency of Information Delivery
The application architecture should define the required frequency and format of all risk reporting, including ad hoc queries.
Principle no. 44: Data Storage
The data architecture should define the data storage requirements of the company, including structure, level of detail and location.
Principle 45: Data Integrity and Ownership
The data architecture should ensure the completeness and accuracy of all risk information, through validation and reconciliation procedures. Ownership and maintenance responsibilities should also be defined.
Principle 46: Inter-Operability
The technical architecture should ensure risk system comparatbility with the firmís stated IT strategy, in terms of hardware platform, operating system, database management system and communications infrastructure.
Principle 47: Level of Sophistication
The technical architecture should define the level of sophistication required for treasury management, including the appropriate use of emerging technologies and package solutions.
Principle 48: System and Model Security
The technical architecture should define the required levels of security, to ensure integrity and confidentiality of the companyís information, systems and models.
Principle 49: Back-up, Recovery and Contingency Planning
The technical architecture should define adequate back up and recovery procedures to ensure the company can withstand failures of hardware, software or telecommunications with an acceptable level of disruption. Full contingency plans should be in place in the event of failure.
Principle 50: IT Developments
All treasury IT developments, whether bespoke or package based, should be specified, developed and implemented in a controlled manner.