S
M
L

Search Result

Title Self-inspection Checklist for the Establishment of Risk Management Mechanisms by Futures Commission Merchants CH
Date 2005.04.04 ( Announced )

Article Content

1     Organizational structure for risk management
    A futures commission merchant (FCM) shall establish an organizational structure for risk management that is capable of effectively implementing risk management policies. The structure shall include the following units and functions:
  1. Risk manager or risk management unit
    1. An FCM shall have an independent risk manager or risk management unit.
    2. The independence of the risk manager or risk management unit within the FCM's internal organizational structure shall be guaranteed.
      1. Is board of director approval required for the appointment or dismissal of the risk management unit supervisor
      2. When a business unit fails to comply with a risk management mechanism, what are the risk manager or risk management unit's reporting procedures, and what are the company's handling procedures (is the inspection process independent)
      3. Do risk managers, or the risk management unit, report directly to the board of directors
    3. A risk manager or risk management unit shall have proper authorization and carry out risk management-related duties, including the following:
      1. Formulating the company's risk management policies and strategies.
      2. Adopting risk management mechanisms.
      3. Setting risk limits.
      4. Setting up or assisting with the setup of a risk management information system.
      5. Measuring value at risk.
      6. Monitoring and control of risks.
      7. Regular (daily, weekly, or monthly) preparation of a risk management report and submission to the company's senior management in accordance with established procedures.
      8. Does the risk manager or risk management unit inspect the financial instrument pricing models and valuation systems used by the business unit.
    4. Risk managers shall have professional expertise and experience.
      1. Do risk managers understand the nature and the associated risks of the business that they monitor and control.
      2. Do risk managers have professional expertise in risk management.
      3. Does the company have a curriculum for ongoing training of its risk managers.
      4. Do risk managers have relevant professional licenses.
  2. Board of directors.
    1. The board of directors shall ensure the efficacy of risk management and bear ultimate responsibility for risk management.
    2. Has a risk management committee been set up that reports directly to the board of directors and is responsible for supervising the implementation of risk management.
    3. Has the FCM specified the roles and duties of the board of directors (including the risk management committee) within the risk management framework.
  3. Business units
    Business units shall understand the risks assumed in the course of their business, take part in establishing risk management mechanisms, comply with the company-approved risk management mechanisms, and control all risks to within the limits authorized by the company.
  4. Other relevant departments.
    1. An FCM shall clearly define the types of risk it manages and whether the following are included: market risk, credit risk, liquidity risk, operational risk, legal risk, model risk, reputational risk, and other risks.
    2. Is there a specific department or unit responsible for controlling each type of risk.
    3. Within the risk management framework, what are the duties and tasks of the risk managers or unit, internal audit department, legal affairs department, clearing department, and financial accounting department.
    4. Are front- and back-office personnel separate and independent of each other.
2     Adoption and implementation of a risk management system
  1. An FCM shall adopt a risk management system.
    1. Does the risk management system cover all types of risk (including market risk, credit risk, liquidity risk, operational risk, legal risk, model risk, and other risks)
    2. There shall be definite procedures for the adoption, amendment, and review of the risk management system, which shall be documented in writing.
    3. Has the risk management system take affiliated enterprises into account and adopted a risk management policy for the business group.
  2. Disclosure of the risk management system
    1. Risk management rules and procedures shall be documented in writing.
    2. Management shall understand risk management rules and procedures.
    3. Business units shall understand risk management rules and procedures.
    4. Relevant personnel in business units shall understand risk management rules and procedures, and shall regard their implementation as falling within the scope of job duties for which they are required to take responsibility.
  3. An FCM shall adopt risk management system implementation procedures.
    1. Do the risk management system implementation procedures include risk management policies, the setting of risk limits, risk measurement, risk monitoring and control, methods of handling exceeded risk limits, and risk reporting.
    2. Has a procedure been established for setting risk limits and for their monitoring and control.
    3. How often is each risk monitored and controlled (real-time monitoring during market hours, or daily, weekly, or monthly).
    4. Has a procedure been established for handling instances where risk limits are exceeded.
    5. Is a risk management report prepared and submitted to the company's top policy makers on a daily basis.
    6. Are risk management meetings held on either a regular or irregular basis.
    7. What is the procedure for handling and reporting material risks.
    8. Does the internal audit unit inspect the implementation of the risk management system? If an inspection reveals deficiencies, are they mentioned in the internal audit report, and are follow-up inspections conducted.
  4. Risk management information system
    1. Has a risk management information system been established? What is the scope of risks it covers.
    2. Does the FCM have specialized information systems personnel to develop and maintain the risk management information system.
    3. Do users take part in designing the functions of the risk management information system and in testing the system, to ensure that it meets the risk management requirements
    4. Regardless whether the risk management information system is set up in-house or is outsourced for development, has the FCM obtained the source code to set up the system
    5. Does the risk management information system provide a real-time monitoring and control function
    6. Does the risk management information system ensure that the calculation methods and the models and data that are used across different departments and different products are consistent.
    7. Is there an inspection procedure for verifying the accuracy and completeness of the source of risk information.
    8. Does the risk management information system allow access authorization to be set in order to ensure the integrity and confidentiality of the FCM's information, systems, and models.
    9. Does the risk management information system set up by the FCM have appropriate procedures for data backup and restoration to ensure that necessary operations are maintained during an emergency, and have comprehensive response measures been adopted.
  5. Disclosure of risk management information
    1. Is related information disclosed in accordance with the competent authority's requirements.
    2. Is qualitative and quantitative risk management information, including the items below, disclosed in annual reports and financial reports, on the FCM website, or other locations.
      1. Risk management policies
      2. Risk management models
      3. Previous risk forecasts and actual gains or losses
      4. Adjusted net capital
      5. Related information that the competent authority requires be disclosed.
      6. Other related information of benefit to the operation of risk management mechanisms.
3     Content of the risk management system and degree of implementation
  1. Market risks
    1. Has a market risk management mechanism been adopted, and does it include position limits, stop-loss limits, market risk limits, and other related limits for each line of business?
    2. Have market risk management procedures been adopted, and do they include procedures for monitoring and controlling the use of limits, methods of handling exceeded limits, and management by exception?
    3. Are quantitative models used to measure market risks?
      1. What methods of measurement are used?
      2. Does the company regularly carry out model verification tests and review all assumptions and parameters to ensure the accuracy and reliability of risk model forecasts?
    4. Are market risks measured on a daily basis and checked and monitored relative to approved market risk limits?
    5. Is a market risk report submitted to management every day, and what is the content of the report?
  2. Credit risks

    1. Has a credit risk management mechanism been adopted, and does it expressly set a credit risk limit for each line of business?
    2. Have credit risk management procedures been adopted, and do they include procedures for monitoring and controlling the use of limits, methods of handling exceeded limits, and management by exception?
    3. Are pre-transaction credit assessments carried out, and if so, what is the assessment method?
    4. Has an appropriate credit rating system been established as a basis for implementation of credit risk management?
    5. Have different credit limits been adopted for counterparties of different types and with different credit standings in order to exercise ratings-based management?
    6. Is the credit status of counterparties monitored on an ongoing basis?
    7. Are credit risks measured on a daily basis and checked and monitored relative to approved credit risk limits?
    8. Are quantitative measurements of credit risk carried out?
      1. What measurement methods are used?
      2. Is model validity evaluated on a regular basis?
  3. Liquidity risks
    1. Has a market liquidity risk management mechanism been adopted, and does it expressly set a market liquidity risk limit for each line of business?
    2. Have market liquidity risk management procedures been adopted, and do they include procedures for monitoring and controlling the use of limits, methods of handling exceeded limits, and management by exception?
    3. Has a financial liquidity risk management mechanism been adopted, and does it take into account the requirements of domestic short-term funds allocations, cross-border funds allocations, and cross-market funds allocations? Is the mechanism being properly implemented?
    4. Has an independent funds allocation unit been established, and does it provide the information needed by the risk managers or risk management unit?
  4. Operational risks
    1. Has an internal control system been established? Are controls implemented by the internal audit unit in accordance with the required operating procedures and control priorities?
    2. Apart from the internal control system, have appropriate control mechanisms been adopted for the operational risks associated with the company's businesses and trading procedures? Are they being strictly implemented?
    3. Is there an appropriate segregation of authority and duties between front-, middle-, and back-office operating procedures to avoid possible fraudulent behavior?
    4. Is an audit trail maintained for all trades in order to control risks arising in the course of trading?
    5. Is price information obtained by the financial department, or by the risk managers or risk management unit, from a unit independent of the trading department for the purpose of valuing the FCM's positions?
    6. After a transaction is completed, is transaction data confirmed with the counterparty by a person who is not from the trading department?
    7. Have customer margin management procedures been adopted, and are they strictly implemented?
  5. Legal risks
    1. Is there a specialized legal compliance department that is responsible for formulating rules governing the FCM's overall financial and operational activities, and for evaluating and managing the company's legal risks?
    2. Before accepting business, does the FCM have an appropriate procedure for confirming with the counterparty the rights and responsibilities of both parties and the legality of the transaction in question? And does it have lawful documents that can be inspected?
  6. Model risks
    1. Is internal control of model risks strictly implemented in accordance with the risk management procedures adopted by the company?
    2. When controlling model risks, have the accuracy of a model and its program design received previous verification?
  7. Crisis management
    1. Is a stress testing model used for regular quantitative and qualitative analysis of the impact of irregular market fluctuations on investment portfolios? Have response measures been proposed based on the results?
    2. Has a crisis management system been established to ensure that the company can continue operating in the event of a major crisis?
  8. Performance measurement
    1. Are consistent quantitative and qualitative performance assessments used regularly to rate the performance of each business unit?
    2. Are risk-adjusted performance measurement indicators used as the basis of capital allocations?
Top