Section 3.3 — Securities and Derivatives

Introduction

Overview

Securities and end-user derivatives (investment) activities can provide banks with earnings, liquidity, and capital appreciation. Carefully constructed positions can also reduce overall bank risk exposures. However, investment activities can also create considerable risk exposures, particularly:

• Market risk,
• Credit risk,
• Liquidity risk,
• Operating risk,
• Legal risk,
• Settlement risk, and
• Interconnection risk.

This section provides guidance, policy, and sound practices regarding:

• Policies, procedures and risk limits,
• Internal controls,
• Unsuitable investment activities,
• Risk Identification, measurement, and reporting,
• Board and senior management oversight,
• Compliance,
• Report of examination treatment, and
• Other guidance (trading, accounting, and information services).

Use this section to assess how effectively a bank’s board and management identifies, measures, monitors, and controls investment activity risks. Incorporate findings into relevant examination assessments, including sensitivity to market risk, liquidity, asset quality, and management.

Refer to the Capital Markets Examination Handbook for reference information on a wide range of activities and instruments, including fixed income instruments, mutual funds, derivatives, sensitivity to market risk, portfolio management, and specialized examination procedures. That handbook’s information focuses more closely on specific activities and instruments than this section’s general guidance.

Policy Statement

The Supervisory Policy Statement on Investment Securities and End-User Derivatives Activities (Policy Statement) was adopted by the FDIC, Office of the Comptroller of the Currency, Board of Governors of the Federal Reserve System, Office of Thrift Supervision, and National Credit Union Administration, effective May 26, 1998. The Policy Statement provides guidance and sound principles to bankers for managing investment securities and derivatives risks. It makes clear the importance of board oversight and management supervision, and focuses on risk management. The Policy Statement covers all securities used for investment purposes and all end-user derivative instruments used for non-trading purposes. It applies to all federally-insured commercial banks, savings banks, and savings associations. Notably, the Policy Statement:

• Underscores the importance of board oversight and management supervision,
• Emphasizes effective risk management,
• Contains no specific constraints on holding high risk mortgage derivative products,
• Eliminates the requirement to obtain the former regulatory volatility test for mortgage derivative products, and
• Applies to all permissible investment securities and end-user derivatives.

The Policy Statement declares that banks should implement programs to manage the market, credit, liquidity, legal, operational, and other risks that result from investment activities. Adequate risk management programs identify, measure, monitor, and control these risks.

Failure to understand and adequately manage investment activity risks is an unsafe and unsound practice.

Risk Management Process Summary

This subsection provides guidance for evaluating a risk management program’s effectiveness at identifying, measuring, monitoring, and controlling investment activity risks. It also includes guidance for assessing those risks relative to overall risk exposure.

Management should establish a risk management program that identifies, measures, monitors, and controls investment activity risks. Its intricacy and detail should be commensurate with the bank’s size, complexity, and investment activities. Thus, the program should be tailored to the bank’s needs and circumstances. Regardless, an effective risk management program will include the following processes:

• The board should adopt policies that establish clear goals and risk limits.
• The board should review and act upon management’s reports.
• The board should establish an independent review function and review its reports.
• Management should develop investment strategies to achieve the board’s goals.
• Management should analyze and select investments consistent with its strategies.
• Management should maintain an effective internal control program.
• Management should regularly measure the portfolio’s risk levels and performance.
• Management should provide periodic reports to the board.
• The board and management should periodically evaluate and, when warranted, modify the program.

The following sections of the guidance cover each of the above steps in greater detail.

Management must determine, consistent with board policy, how investment activity risks will be managed. The Policy Statement provides considerable flexibility by permitting banks to manage risk on an individual instrument basis, on an aggregate portfolio basis, or on a whole bank basis.

Banks that engage in less complex activities may effectively manage investment activity risk on an individual instrument basis. That is, each instrument’s risk and return is evaluated independently. An instrument’s contribution to overall portfolio risk and return may only be considered in general terms. This approach requires rather specific individual instrument risk limits, but typically does not involve aggregate portfolio analysis.

Banks with complex or extensive investment activities should strongly consider the portfolio approach for managing investment activity risk. Under a portfolio approach, management evaluates an instrument’s contribution to overall portfolio risk and return. It requires portfolio risk limits and a system for aggregating and measuring overall portfolio risk and return. More complex aggregate portfolio risk and return measurements should be incorporated into overall interest rate risk or asset/liability management programs.

In recommending that all banks consider portfolio or whole bank risk management, the Policy Statement notes that such approaches generally provide certain advantages over the individual instrument approach, including:

• Integrated management of risk and return
• Understanding of each instrument’s contribution to overall risk and return
• Increased flexibility when selecting instruments

Policies, Procedures, and Risk Limits

Policies

The board is responsible for adopting comprehensive, written investment policies that clearly express the board’s investment goals and risk tolerance. Policies should be tailored to the bank’s needs and should address:

• The board’s investment goals,
• Authorized activities and instruments,
• Internal controls and independent review,
• Selecting broker/dealers,
• Risk limits,
• Risk and performance measurement,
• Reporting, and
• Accounting and taxation.

At most banks, the investment portfolio serves as a secondary source of both earnings and liquidity. At some banks, the investment portfolio is a primary earnings component. The policies should articulate the investment portfolio’s purpose, risk limits, and return goals. Return goals should express the board’s earnings objectives for the investment portfolio. The board may also establish portfolio performance targets.

Policies should describe all authorized investment activities and set guidelines for new products or activities. Further, policies should delegate investment authority, including naming specific personnel. The board’s approved policies should also provide management with general guidelines for selecting securities broker/dealers and limiting broker/dealer credit risk exposure.

The bank should have policies that ensure an understanding of the market risks associated with investment securities and derivative instruments before purchase. Accordingly, banks should have policies that define the characteristics of authorized instruments. The policy should sufficiently detail the characteristics of authorized instruments. For example, a policy that merely authorizes the purchase of agency securities would not be sufficiently detailed. The price sensitivities of agency pass-throughs, step-up structured notes, agency callable debt or leveraged inverse floaters are very different. Therefore, the policy should delineate the authorized types of agency securities that may be purchased. Management should analyze the risks in an instrument that has not been authorized and should seek the board’s permission to alter the list of authorized instruments before purchase.

Banks should have policies that specify the analysis of the risk of an investment that must be conducted prior to purchase. The pre-purchase analysis is meant to discover and quantify all relevant risks in the investment. Not all investments will require pre-purchase analysis. Relatively simple or standardized instruments, the risks of which are well known to the bank, would likely require no or significantly less analysis than would more complex or volatile instruments. Policies should delineate which of the authorized investments do not require pre-purchase analysis.

The list of authorized instruments may include instruments of varying characteristics. Policies should divide the spectrum of authorized investments into segments of instruments of similar risk characteristics. Policies should also require appropriate pre-purchase analysis for each segment.

Risk Limits

To effectively oversee investment activities, the board must approve the bank’s risk limits. Management should set these risk limits, consistent with the board’s goals, objectives, and risk appetite. The risk limits should be formally approved and incorporated within the board’s policies. Limits may be expressed in terms of bank-wide risk, investment portfolio risk, portfolio segment risk, or even individual instrument risk.

Risk limits should be consistent with the bank’s strategic plans and overall asset/liability management objectives. Limits should be placed on:

• Market risk,
• Credit risk,
• Liquidity risk,
• Asset types, and
• Maturities.

At a minimum, risk limits should be expressed relative to meaningful standards, such as capital or earnings. More complex investment activities may require more detailed risk limits.

Market risk limits should at least quantify maximum permissible portfolio or individual instrument price sensitivity as percentage of capital or earnings. Capital-based risk limits clearly illustrate the potential threat to the bank’s viability, while earnings-based limits reflect potential profitability effects. In addition, the board may choose to establish limits relative to earnings, total assets, total investment securities, or other standards.

Credit risk limits should generally restrict management to investment grade instruments. The board may permit management to acquire nonrated instruments; however, these instruments should be consistent with investment grade standards. For example, management may wish to purchase a nonrated bond issued by a local municipality. Regardless, the board should carefully monitor such activity.

Liquidity risk limits should restrict positions in less marketable instruments. These limits should apply to securities that management would have difficulty selling at or near fair value. Less marketable instruments may not meet the board’s investment goals, and holdings should generally be small. Obscure issues, complex instruments, defaulted securities, and instruments with thin markets may all have limited liquidity.

Asset type limits should limit concentrations in specific issuers, market sectors, and instrument types. These limits will require management to diversify the portfolio. When properly diversified, a portfolio can have lower risk for a given yield or can earn a higher yield for a given risk level. For example, the board may limit total investment in a particular instrument type to a specific percentage of capital.

Maturity limits should place restrictions on the maximum stated maturity, weighted average maturity, or duration of instruments that management may purchase. Longer-term securities have greater interest rate risk, price risk, and cash flow uncertainty than shorter-term instruments possess. Therefore, maturity limits should complement market risk limits, liquidity risk limits, and the board’s investment goals.

In addition, management should establish a standard risk measurement methodology. The measurement system must capture all material risks and accurately calculate risk exposures. Management should provide the board with consistent, accurate risk measurements in a format that directly illustrates compliance with the board’s risk limits. Refer to the Risk and Performance Measurement subsection for additional guidance.

Internal Controls

Internal Control Program

Effective internal controls are the first line of defense in supervising investment activity operating risks. Ineffective controls can lead to bank failures. Consequently, examiners will carefully evaluate the internal control program. Examiners will emphasize separation of duties between the individuals who execute, settle, and account for transactions.

The internal control program should be commensurate with the volume and complexity of the investment activity conducted, and should be as independent as practical from related operations.

The board has responsibility for establishing general internal control guidelines, which management should translate into clear procedures that govern daily operations. Management’s internal control program should include procedures for the following:

• Portfolio valuation,
• Personnel,
• Settlement,
• Physical control and documentation,
• Conflict of interest,
• Accounting,
• Reporting, and
• Independent review.

Internal controls should promote efficiency, reliable internal and regulatory reporting, and compliance with regulations and bank policies.

Portfolio valuation procedures should require independent portfolio pricing. The availability of independent pricing provides an effective gauge of the market depth for thinly traded instruments, allowing management to assess the potential liquidity of specific issues. For these and other illiquid or complex instruments, completely independent pricing may be difficult to obtain. In such cases, estimated or modeled values may be used. However, management should understand and agree with the methods and assumptions used to estimate value.

Personnel guidelines should require sufficient staffing resources and expertise for the bank’s approved investment activities.

Settlement practices should be evaluated against the guidelines provided in the Settlement Practices, Confirmation and Delivery Requirements, and Delivery Documentation Addenda.

Physical control and documentation requirements should include:

• Possessing and controlling purchased instruments,
• Saving and safeguarding important documents, and
• Invoice review.

Invoice review requirements should address standards for all securities and derivatives sold or purchased. Invoices and confirmations display each instrument’s original purchase price, which provides a basis to establish book value and to identify reporting errors. Invoice reviews can also be used when determining if the bank is involved in any of the following inappropriate activities:

• Engaging one securities dealer or representative for virtually all transactions.
• Purchasing from or selling to the bank’s trading department.
• Unsuitable investment practices (refer to following page.).
• Inaccurate reporting.

Conflict of interest guidelines should govern all employees authorized to purchase and sell securities for the bank. These guidelines should ensure that all directors, officers, and employees act in the bank’s best interest. The board should adopt polices that address authorized employees’ personal relationships, including securities transactions, with the bank’s approved securities broker/dealers. The board may also adopt policies that address the circumstances under which directors, officers, and employees may accept gifts, gratuities, or travel expenses from securities broker/dealers and associated personnel.

Accounting practices should be evaluated against the standards, opinions, and interpretations listed in this section.

Reporting procedures should be evaluated against the guidelines discussed in the Risk Reporting subsection Risk Identification, Assessment and Reporting.

Independent review of the risk management program should be conducted at regular intervals to ensure the integrity, accuracy, and reasonableness of the program. Independent review may encompass external audits or an internal audit program. At many banks, however, evaluation by personnel independent of the portfolio management function will suffice. The independent review program’s scope and formality should correspond to the size and complexity of the bank’s investment activities. Independent review of investment activity should be at least commensurate with the independent review of other primary bank activities. It should assess:

• Adherence to the board’s policies and risk limits,
• The risk measurement system’s adequacy and accuracy,
• The reporting system’s timeliness, accuracy, and usefulness,
• Personnel resources and capabilities,
• Compliance with regulatory standards,
• The internal control environment,
• Accounting and documentation practices, and
• Conflicts of interest.

Banks with complex investment activities should consider augmenting the independent review with internal or external auditors, while banks with less complex investment activities may rely on less formal review. Sophisticated risk measurement systems, particularly those developed in-house, should be independently tested and validated.

Independent review findings should be reported directly to the board at least annually. The board should carefully review the independent review reports and ensure that material exceptions are corrected.

Examiners will evaluate the independent review’s scope and veracity, and will rely on sound independent review findings during examinations. However, when the independent review is unsatisfactory, examiners will perform review procedures to reach independent conclusions. When warranted, examiners will conduct a detailed review of all investment activities.

Unsuitable Investment Activities

Trading activity within the held-to-maturity (HTM) or available-for-sale (AFS) portfolio is an unsuitable investment activity and may be considered unsafe and unsound. Each of the following activities are unsuitable within the HTM or AFS portfolio, and any resulting securities acquisitions should be reported as trading assets. The bank’s internal control program should be designed to prevent the following unsuitable investment activities:

• Gains trading,
• When-issued securities,
• Pair-offs,
• Extended settlement,
• Repositioning repurchase agreement, and
• Adjusted trading.

Gains trading is the purchase and subsequent sale of a security at a profit after a short holding period, while securities acquired for this purpose that cannot be sold at a profit are retained in the AFS or HTM portfolio. Gains trading may be intended to defer loss recognition, as unrealized losses on debt securities in such categories do not directly affect regulatory capital and generally are not reported in income until the security is sold.

Examiners should scrutinize institutions with a pattern of reporting significant amounts of realized gains on sales of non-trading securities (typically, AFS securities) after short holding periods while continuing to hold other non-trading securities with significant amounts of unrealized losses. If, in the examiner’s judgment, such a practice has occurred, the examiner should consult with the Regional Office for additional guidance on whether some or all of the securities reported outside of the trading category will be designated as trading assets.

When-issued securities trading is the buying and selling of securities in the period between the announcement of an offering and the issuance and payment date of the securities. A purchaser of a when-issued security acquires the risks and rewards of owning a security and may sell the when-issued security at a profit before having to take delivery and pay for it.

Pair-offs are security purchase transactions that are closed-out or sold at or before the settlement date. In a pair-off, an institution commits to purchase a security. Then, before the predetermined settlement date, the bank pairs-off the purchase with a sale of the same security. Pair-offs are settled net when one party to the transaction remits the difference between the purchase and sale price to the counterparty. Pair-offs may also involve the same sequence of events using swaps, options on swaps, forward commitments, options on forward commitments, or other off-balance sheet derivative contracts.

Extended Settlement is the use of a securities trade settlement period in excess of the regular-way settlement period. Regular-way settlement for U.S. Government and Federal agency securities (except mortgage-backed securities and derivative contracts) is one business day after the trade date. Regular-way settlement for corporate and municipal securities is three business days after the trade date, and for mortgage-backed securities it can be up to 60 days or more after the trade date. The use of a settlement period in excess of the regular-way settlement period to facilitate speculation is considered a trading activity.

A repositioning repurchase agreement is offered by a dealer to allow an institution that has entered into a when-issued trade or a pair-off (which may include an extended settlement) that cannot be closed out at a profit on the payment or settlement date to hold its speculative position until the security can be sold at a gain. The institution purchasing the security pays the dealer a small margin that approximates the actual loss in the security. The dealer then agrees to fund the purchase of the security by buying it back from the purchaser under a resale agreement. Any securities acquired through a dealer financing technique such as a repositioning repurchase agreement that is used to fund the speculative purchase of securities should be reported as trading assets.

A short sale is the sale of a security that is not owned. The purpose of a short sale generally is to speculate on a fall in the price of the security. Short sales should be conducted in the trading portfolio. A short sale that involves the delivery of the security sold short by borrowing it from the depository institution’s AFS or HTM portfolio should not be reported as a short sale. Instead, it should be reported as a sale of the underlying security with gain or loss recognized in current earnings.

Adjusted trading involves the sale of a security to a broker or dealer at a price above the prevailing market value and the simultaneous purchase and booking of a different security, frequently a lower rated or quality issue or one with a longer maturity, at a price above its market value. Thus, the dealer is reimbursed for losses on the purchase from the institution and ensured a profit. Such transactions inappropriately defer the recognition of losses on the security sold and establish an excessive cost basis for the newly acquired security. Consequently, such transactions are prohibited and may be in violation of 18 U.S.C. Sections 1001-False Statements or Entries and 1005-False Entries.

Risk Identification, Measurement, and Reporting

Risk Identification

All investment activities create risk exposures, but the risk types and levels depend upon the activity conducted. The following guidance summarizes the major risk exposures. Refer to the Capital Markets Examination Handbook for additional guidance on specific instruments, markets, and strategies.

Market risk is the possibility that an instrument will lose value due to a change in the price of an underlying instrument, change in the value of an index of financial instruments, changes in various interest rates, or other factors. Frequently, an instrument will increase a bank’s market risk due to price volatility, embedded options, leverage factors, or other structural factors. The three principal types of market risk are price risk, interest rate risk and basis risk.

Price risk is the possibility that an instrument’s price fluctuation will unfavorably affect income, capital, or risk reduction strategies. Price risk is usually influenced by other risks. For example, a bond’s price risk could be a function of rising interest rates, while a currency-linked note’s price risk could be a function of devaluation in the linked currency.

Interest rate risk is the possibility that an instrument’s value will fluctuate in response to current or expected market interest rate changes.

Yield curve risk is the possibility that an instrument’s value will fluctuate in response to a nonparallel yield curve shift. Yield curve risk is a form of interest rate risk.

Basis risk is the possibility that an instrument’s value will fluctuate at a rate that differs from the change in value of a related instrument. For example, three-month Eurodollar funding is not perfectly correlated with Treasury bill yields. This imperfect correlation between funding cost and asset yield creates basis risk.

Credit risk is the possibility of loss due to a counterparty’s or issuer’s default, or inability to meet contractual payment terms. The amount of credit risk equals the replacement cost (also referred to as current exposure ) of an identical instrument. The replacement cost is established by assessing the instrument’s current market value rather than its value at inception.

In addition, default exposes a bank to market risk. After default, losses on a now unhedged position may occur before the defaulted hedge instrument can be replaced. Such losses would have been largely (or completely) offset if the counterparty had not defaulted.

Exchange-traded derivatives (futures, options, and options on futures) contain minimal credit risk. These instruments are marked-to-market at the end of each trading day, or on an intra-day basis, by the exchange clearinghouse. Position value changes are settled on a cash basis at least daily. To reduce credit risk, all exchange participants must post a performance bond or maintain margin with the exchange. Many over-the-counter (OTC) transactions use collateral agreements. OTC transaction collateral agreements can be one- or two-sided (only one party is required to post collateral on out-of-the-money positions, or both are required to post such collateral). Netting and collateral agreements and their specific terms can materially reduce credit risk exposure. For additional explanation of the treatment of netting for capital calculations, refer to Part 325 of the FDIC Rules and Regulations.

In managing credit exposure, institutions should consider settlement and pre-settlement credit risk. The selection of dealers, investment bankers, and brokers is particularly important in effectively managing these risks. When selecting a dealer, investment banker, or broker, management should, at a minimum:

• Review each firm’s most current financial statements, such as annual reports and credit reports, and evaluate its ability to honor its commitments.
• Inquire into the general reputation of the firm by contacting previous or current customers.
• Review information from State or Federal securities regulators and industry self-regulatory organizations such as NASD Regulation, Inc. concerning any formal enforcement actions against the dealer, its affiliates, or associated personnel.

Liquidity risk is the possibility that an instrument cannot be obtained, closed out, or sold at (or very close to) its economic value. As individual markets evolve, their liquidity will gradually change, but market liquidity can also fluctuate rapidly during stress periods. In some markets, liquidity can vary materially during a single day. Some markets are liquid for particular maturities or volumes, but are illiquid for others. For example, the Eurodollar futures market is liquid for contracts with maturities up to four years, but liquidity decreases for greater maturities (although maturities of up to 10 years are listed).

Many instruments trade in established secondary markets with a large number of participating counterparties. This ensures liquidity under normal market conditions. However, uniquely tailored or more thinly traded products may not have sufficient supply, demand, or willing counterparties in periods of market stress.

Operational risk is the possibility that inadequate internal controls or procedures, human error, system failure or fraud can cause losses. Operating risk can result in unanticipated open positions or risk exposures that exceed established limits.

Legal risk is the possibility that legal action will preclude a counterparty’s contractual performance. Legal risk may occur when a contract or instrument violates laws or regulations. Legal risk may also occur when a law or regulation prohibits a counterparty from entering into a particular contract, or if an individual is not authorized to execute transactions on behalf of the counterparty. Banks should ensure that all agreements are enforceable and that counterparties can legally enter into specific transactions.

Settlement risk is the possibility of loss from a counterparty that does not perform after the investor has delivered funds or assets (before receiving the contractual proceeds). Settlement risk may result from time differences between foreign counterparties, delivery that is not synchronized with payment, or method of payment delays. Few transactions are settled on a real-time basis, and any delay in receiving funds or assets after delivering funds or assets will create settlement risk.

The most famous settlement risk example occurred in the foreign exchange markets. German regulators closed Bankhaus Herstatt after it had received deutschemarks on its foreign exchange trades, but before it had sent out its currency payments. Settlement risk is sometimes referred to as Herstatt risk.

Interconnection risk is the possibility of loss due to changes in interest rates, indices or other instrument values that may or may not be held by the investor. Cash flows associated with an instrument may be directly or indirectly tied to a number of other rates, indices or instrument values. These interconnections frequently involve cross-border and cross-market links and a wide range of individual financial instruments.

For example, a U.S. dollar denominated structured note may have a coupon formula linked to a currency exchange rate. Structured notes with coupon payments linked to the relationship between the Mexican peso and the U.S. dollar fell substantially in value when the peso fluctuated in the wake of the assassination of a Mexican presidential candidate.

Risk Measurement

Effective investment activity oversight requires accurate risk measurement. Without periodic assessments, management can not determine the success of its investment strategies. Further, the board can not determine if management has achieved the board’s goals or complied with its policies.

Risk measurement should be tailored to the cash flow characteristics of each particular instrument type. For example, a mortgage derivative product should be given far more sophisticated analysis than a U.S. Treasury bill. Management’s analysis should focus on risk, return, and compliance with risk limits.

Authorized investment instruments should be segregated into groups of like risk characteristics. There will likely be a group of relatively simple or standardized instruments, the risks of which are well known to the bank, which will require no pre-purchase analysis. All other authorized instruments will require pre-purchase analysis. It is important that these groups be well defined and that the pre-purchase analysis is tailored to capture the risks of the instruments. For example, it would not be appropriate to group dual-indexed structured notes with agency pass-throughs. The characteristics of these two types of instruments are different and each will require separate and distinct pre-purchase analysis. It would also not be appropriate to group simple agency pass-throughs with inverse floater collateralized mortgage obligations (CMOs). The inverse floaters are not only subject to similar prepayment optionality as the pass-throughs but also contain leverage and vastly different cash flow characteristics.

In addition to pre-purchase analysis, management should also periodically monitor investment portfolio risks. As with pre-purchase analysis, this periodic analysis should identify and measure the instrument’s or the portfolio’s risk characteristics. Management can perform this periodic analysis on an individual instrument basis or total portfolio (or bank) basis.

The market risk measurement system used to conduct pre-purchase analysis and periodic monitoring should be commensurate with the size and nature of the investment portfolio. For detailed comments regarding the types of risk measurement systems, refer to the Sensitivity to Market Risk section of this Manual. The risk measurement system should identify and measure all material risks. Management should translate its measurements into results that illustrate compliance with the board’s risk limits. For example, to measure market risk the system should:

• Identify and measure the price sensitivity of embedded options (modified and Macaulay duration measures do not capture option risk). 1
• Use interest rate shocks large enough to measure realistic potential market movements and risk (such as 100, 200, and 300 basis points).
• Include adjustments (for example, convexity) to accurately measure price changes when interest rate movements exceed 100 basis points. 2
• Subject instruments to nonparallel interest rate shocks when those instruments are exposed to risk from changes in the yield curve’s shape.

While management may measure risk and performance on an individual instrument basis, broader risk management should be considered. Management may aggregate individual instrument risk and return measurements to produce risk and return results for the entire investment portfolio. Portfolio results may then be aggregated into the bank’s overall interest rate risk measurement system. Aggregation does not necessarily require complex systems. Management may simply combine individual instrument results to calculate portfolio analysis, or use portfolio results to compile whole bank analysis. Examiners should coordinate risk aggregation review with the staff completing the Sensitivity to Market Risk review.

Risk Reporting

To properly exercise its oversight responsibilities, the board must review periodic investment activity reports. The board should require management to periodically provide a complete investment activity report. Report frequency and substance should be commensurate with the portfolio’s complexity and risk profile. Management’s reports to the board should:

• Summarize all investment activity,
• Clearly illustrate investment portfolio risk and return,
• Evaluate management’s compliance with the investment policy and all risk limits, and
• List exceptions to internal policy and regulatory requirements.

Management should receive reports that contain sufficient detail to comprehensively and frequently assess the portfolio.

Management should regularly ensure compliance with internal policies and regulatory requirements. In addition, management should periodically evaluate portfolio performance. The board should review and consider each policy exception. Management should present exceptions for approval before engaging in an unauthorized activity. Recurring exceptions should prompt close scrutiny from the board. When warranted, the board may consider changing its policies to permit an activity. The board should take strong action when management fails to seek prior approval for an unauthorized activity.

Board and Senior Management Oversight

Board Oversight

Throughout this guidance, board references either the board or directors or a designated board committee. Board oversight is vital to effective investment risk management, and the board has very specific investment activity responsibilities. The board should adopt policies that establish guidelines for management and periodically review management’s performance. The board should:

• Approve broad goals and risk limits,
• Adopt major investment and risk management policies,
• Understand the approved investment activities,
• Ensure competent investment management,
• Periodically review management’s investment activity,
• Require management to demonstrate compliance with the board’s goals and risk limits, and
• Mandate an independent review program and review its findings.

Senior Management Oversight

Management is responsible for daily oversight of all investment activity. Management should:

• Establish policies, procedures, and risk limits to achieve the board’s goals,
• Implement operational policies that establish a strong internal control environment,
• Understand all approved investment activities and the related risks,
• Identify, measure, monitor, and control investment activity risks,
• Report investment activity and risks to the board;,
• Ensure that its staff is competent and adequately trained, and
• Adhere to securities broker/dealer selection policies.

Investment activity risk is not effectively managed if the board and management do not fulfill their responsibilities. Ineffective risk management can be an unsafe and unsound practice. While the board or management may obtain professional advice to supplement their understanding of investment activities and risks, their responsibilities can not be transferred to another party. The board and senior management should also periodically evaluate and, when warranted, modify the risk management process.

Investment Strategies

Management should employ reasonable investment strategies to achieve the board’s portfolio objectives. A strategy is a set of plans that management uses to direct daily portfolio operations. In order to develop sound strategies, management must understand the board’s goals, applicable risk limits, and related instruments and markets. Investment strategies should also be consistent with the following:

• Overall strategic goals,
• Capital position,
• Asset/liability structure,
• Earnings composition, and
• Competitive market position.

Strategies will vary widely between banks, ranging from simple to extremely complex. However, any strategy should be documented, reasonable, and supportable. Examiners will evaluate strategies to determine their effect on risk levels, earnings, capital, liquidity, asset quality, and overall safety and soundness. Additional guidance on investment strategies and market risk modification strategies is provided in this section under the headings Investment Strategies and the Market Risk Modification respectively.

Delegation of Investment Authority

Investment authority may be delegated to a third party, with specific board approval. Regardless of whether the board’s policies permit management to delegate investment authority to a third party, management must understand every investment’s risk, return, and cash flow characteristics. To conduct its independent analysis, management may rely on information and industry standard analysis tools provided by the broker/dealer, provided that:

• The analysis uses reasonable calculation methods and assumptions,
• Management understands the analysis and assumptions, and
• Management’s investment decisions remain independent.

If management does not understand an investment’s risk characteristics, then management should not engage in that activity until it possesses the necessary knowledge. Failure to adequately understand and manage investment activity risks constitutes an unsafe and unsound practice.

Before delegating investment authority to a third party, management should thoroughly evaluate the third party’s reputation, performance, creditworthiness, and regulatory background. Any third party arrangement should be governed by a formal written agreement that specifies:

• Compensation,
• Approved broker/dealers,
• Investment goals,
• Approved activities and investments,
• Risk limits,
• Risk and performance measurement,
• Reporting requirements,
• Settlement practices, and
• Independent review.

In addition, written agreements should require that all trade invoices, safekeeping receipts, and investment analyses are readily available to the bank.

Program Evaluation

Periodically, the board and management should evaluate the risk management program to ensure that its investment activities reasonably meet the board’s goals and the bank’s strategic needs. Without such an assessment, the board and management cannot prudently oversee investment activities. The scope and detail of the evaluation should correspond to the bank’s size, complexity, and investment activities. At most banks, annual evaluations should be sufficient. In larger or more complex banks, quarterly (or more frequent) evaluation may be necessary.

The board should review management’s reports, including an investment activity summary, portfolio risk and performance measures, and independent review findings to identify broad weaknesses and determine if:

• Stated goals accurately represent the board’s objectives,
• Risk limits properly reflect the board’s risk tolerance,
• Risk limits reasonably protect the bank’s safety and soundness,
• Management has appropriately pursued the board’s goals,
• Internal controls remain adequate,
• Any new activities are warranted, and
• Policies provide sufficient guidance for management.

The board should first consider the bank’s current and expected condition, competitive environment, and strategic plans. Then, the board should reassess its portfolio goals to ensure that they do not conflict with the overall strategic plan. When necessary, the board should adjust its portfolio goals.

After evaluating its goals, the board should then affirm that the existing risk limits accurately reflect the board’s risk tolerance. When warranted, the board should consider either relaxing or tightening the risk limits placed on management. Before altering its risk limits, the board should discuss the effects of accepting increased or reduced risk. The board should consider if increased or diminished risk would produce satisfactory returns.

In addition, the board should evaluate management’s performance. That review should encompass management’s success at achieving the board’s goals, adherence to policies and risk limits, and maintenance of an effective control environment. The board should determine the cause of any material deficiencies and obtain management’s commitment to rectify those deficiencies.

Finally, the board should determine if any changes to its policies are warranted. For example, management may request authority to engage in new investment activities. The board should carefully consider such requests and determine if the proposed activity comports with its investment goals and risk tolerance.

Management should review the portfolio management program in more detail to identify both broad and specific weaknesses. Management’s responsibilities include:

• Measuring portfolio risk and performance,
• Validating risk measurement systems’ adequacy and accuracy,
• Reporting portfolio activity and performance to the board,
• Adjusting investment strategies to better achieve the board’s goals, and
• Correcting policy and regulatory exceptions.

At many banks, the periodic evaluation will result in few program alterations. Less complex programs will naturally require fewer modifications than more complex programs. Successful programs will similarly need fewer changes than unsuccessful programs. Examiners will assess the periodic evaluations to determine if the board and management effectively oversee the portfolio management process.

Compliance

Permissible Activities

Part 362 of the FDIC’s Rules and Regulations, Activities and Investments of Insured State Banks,www.occ.treas.gov/ftp/regs/part1a.txt.

In limited circumstances, the FDIC may grant an exception to Part 362, on a case-by-case basis, if the FDIC determines that:

• The activity presents no significant risk to the deposit insurance fund, and
• The bank complies with the FDIC’s capital regulations.

While Part 362 contains investment type restrictions, it does not include the investment amount restrictions that apply to national banks.

Report of Examination Treatment

Adverse Classification

Examiners may adversely classify subinvestment quality securities and off-balance sheet derivatives in the Report of Examination. Any classifications should be consistent with the Uniform Agreement on the Classification of Assets and Appraisal of Securities Held by Banks and Thrifts. This Agreement addresses the examination treatment for adversely classified assets and:

• Provides definitions of the Substandard, Doubtful, and Loss categories used for criticizing bank and thrift assets,
• Defines characteristics of investment quality and subinvestment quality securities.,
• Establishes specific guidance for the classification of subinvestment quality debt securities and other-than-temporary impairment on investment quality debt securities, and
• Provides examiners discretion in classifying debt securities beyond a ratings-based approach in certain cases.

Substandard assets are inadequately protected by the current sound worth and paying capacity of the obligor or of the collateral pledged, if any. Assets so classified must have a well-defined weakness or weaknesses that jeopardize liquidation of the debt. They are characterized by the distinct possibility that the bank will sustain some loss if the deficiencies are not corrected.

Doubtful assets have all the weaknesses found in Substandard assets, with the added characteristic that the weaknesses make collection or liquidation in full (on the basis of currently existing facts, conditions, and values) highly questionable and improbable.

Loss classifications are assigned to assets that are considered uncollectible and of such little value that their continuance as bankable assets is not warranted. This classification does not mean that the asset has absolutely no recovery or salvage value, but rather it is not practical or desirable to defer writing off this basically worthless asset even though partial recovery may be affected in the future. Amounts classified Loss should be promptly charged off.

Investment quality debt securities are marketable obligations in which the investment characteristics are not distinctly or predominantly speculative. This group generally includes investment securities in the four highest rating categories provided by nationally recognized statistical rating organizations (NRSROs) and unrated debt securities of equivalent quality. The Securities and Exchange Commission (SEC) lists the following as NRSROs:

• Dominion Bond Rating Service Ltd.,
• Fitch, Inc.,
• Moody’s Investors Service, and
• Standard & Poor’s Division of the McGraw Hill Companies Inc.

(Check the SEC’s website to find the most current list of NRSROs).

When two or more NRSROs list different credit ratings for the same instrument, examiners will generally base their assessments on the more recently issued ratings.

Since investment quality debt securities do not exhibit weaknesses that justify an adverse classification rating, examiners generally will not classify them. However, published credit ratings occasionally lag demonstrated changes in credit quality and examiners may, in limited cases, classify a security notwithstanding an investment grade rating.

Some debt securities may have investment quality ratings by one (or more) rating agencies and sub-investment quality ratings by others. Examiners will generally classify such securities, particularly when the most recently assigned rating is not investment quality. However, an examiner has discretion to pass a debt security with both investment and sub-investment quality ratings. The examiner may use that discretion if, for example, the institution has demonstrated through its documented credit analysis that the security is the credit equivalent of investment grade.

Some individual debt securities have ratings for principal, but not interest. The absence of a rating for interest typically reflects uncertainty regarding the source and amount of interest the investor will receive. Because of the speculative nature of the interest component, examiners will generally classify such securities, regardless of the rating for the principal.

Non-rated debt securities have no ratings from a NRSRO and the FDIC expects institutions holding individually large non-rated debt security exposures, or having significant aggregate exposures from small individual holdings, to demonstrate that they have made prudent pre-acquisition credit decisions and have effective, risk-based standards for the ongoing assessment of credit risk. Examiners will review the institution’s program for monitoring and measuring the credit risk of such holdings and, if the assessment process is considered acceptable, generally will rely upon those assessments during the examination process. If an institution has not established independent risk-based standards and a satisfactory process to assess the quality of such exposures, examiners may classify such securities, including those of a credit quality deemed to be the equivalent of subinvestment grade, as appropriate.

Some non-rated debt securities held in investment portfolios represent small exposures relative to capital, both individually and in aggregate. While institutions generally have the same supervisory requirements (as applicable to large holdings) to show that these holdings are the credit equivalent of investment grade at purchase, comprehensive credit analysis subsequent to purchase may be impractical and not cost effective. For such small individual exposures, institutions should continue to obtain and review available financial information, and assign risk ratings. Examiners may rely upon the bank’s internal ratings when evaluating such holdings.

Foreign debt securities are often assigned transfer risk ratings for cross border exposures from the Interagency Country Exposure Review Committee (ICERC). However, examiners should use the guidelines in the Uniform Agreement rather than ICERC transfer risk ratings in assigning security classifications, except when the ICERC ratings result in a more severe classification.

Subinvestment quality debt securities are those in which the investment characteristics are distinctly or predominantly speculative. This group generally includes debt securities, including hybrid equity instruments (i.e. trust preferred securities), in grades below the four highest rating categories, unrated debt securities of equivalent quality, and defaulted debt securities.

Other Types of Securities such as certain equity holdings or securities with equity-like risk and return profiles, have highly speculative performance characteristics. Examiners should generally classify such holdings based upon an assessment of the applicable facts and circumstances.

Treatment of Declines in Fair Value

Under generally accepted accounting principles (GAAP), an institution must assess whether a decline in fair value below the amortized cost of a security — that is, the depreciation on the security — is a temporary or other-than-temporary impairment. When the decline in fair value on an individual security represents other-than-temporary impairment, the cost basis of the security must be written down to fair value, thereby establishing a new cost basis for the security, and the amount of the write-down must be reflected in current period earnings. This new cost basis should not be adjusted through earnings for subsequent recoveries in fair value. If an institution’s process for assessing impairment is considered acceptable, examiners may use those assessments in determining the appropriate classification of declines in fair value below amortized cost on individual debt securities.

Any decline in fair value below amortized cost on defaulted debt securities will be classified as indicated in the General Debt Security Classification Guidelines Table following. Apart from classification, for impairment write-downs or charge-offs on adversely classified debt securities, the existence of a payment default will generally be considered a presumptive indicator of other-than-temporary impairment.

The following table outlines the uniform classification approach the agencies will generally use when assessing credit quality in debt securities portfolios:

General Debt Security Classification Guidelines Table