Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

FX Dealings & Internal Controls, Compliance & Risk Management


Published on

FX Dealings & Internal Controls, Compliance & Risk Management
- by Stephen Cheesewright, Director, Financial Risk Management, KPMG

Published in: Economy & Finance, Business
  • Login to see the comments

  • Be the first to like this

FX Dealings & Internal Controls, Compliance & Risk Management

  1. 1. FX Dealing and Internal Controls Stephen Cheesewright 26 March 2010 ADVISORY FINANCIAL RISK MANAGEMENT
  2. 2. Structure of the Presentation What we can learn from history Understanding the implications of control failure We can learn from these incidents but always with the thought – “there but for the grace of God go I” These are my personal views and don’t necessarily represent the views of KPMG
  3. 3. What we can learn from History
  4. 4. A recurring history of disaster Date Event or Company $ Loss Product 1987 Stock market crash Indeterminate Systemic 1987 AWA $50 million Foreign Exchange 1988 Hammersmith & Fulham 500 million pounds Swaps 1991 Allied Lyons 150 million pounds Currency Options 1992 European currency crisis, Dell Computer $8 million USD Systemic 1993 Showa Shell Shekiyu 165 Billion Yen Current Options 1993 Metallgesellschaft $1.3 Billion USD Energy Futures 1994 Gibsons Greetings $20 million USD Leveraged I/rate derivatives 1994 Dell Computer $35 million USD Options and leveraged products 1994 Glaxo 115 million pounds Mortgage derivatives 1994 Proctor & Gamble $157 million USD Currency Swaps 1995 Barings, Mexican Peso crisis 1 billion pounds Stock index futures 1997 Asian currency crisis Indeterminate Systemic 1998 Russian bond crisis/ Long Term Capital Management Stability of banking system Systemic 1999 Brazilian debt crisis Stability of banking system Economy wide 2000 Pasminco, Grains Board $1 billion AUD Currency hedges 2001 Enron, Andersen Indeterminate Accounting & corporate governance 2002 Allied Irish Bank $691 million USD Currency options 2004 NAB $360 million Currency options
  5. 5. Allied Irish Bank – Another Leeson? AIB subsidiary in Baltimore incurred a $US 691m loss ($A1.2 billion) over 5 years Governance – lack of management involvement in the business realities No policy and procedures review Cultural Issues – bullying, disdain for auditors and back-office staff & “aggressive compensation” Rusnak was able to “create at will assets on Allfirst’s books Rusnak sold options to fund losses and keep trading “The fraud was so inelegant….[but] nobody caught it” Numerous control deficiencies
  6. 6. Allied Irish Bank – Another Leeson? Audit issues detected but not followed through Internal audit suffered from inadequate staffing , lack of experience and did not focus on foreign exchange trading Inappropriateness of risk reporting Any challenge to status quo was met with aggression and resistance Simple exchange traded products (ETCs) were tested by the auditors – only 1 of the much higher error risk, over the counter (OTCs) products, was tested
  7. 7. Allied Irish Bank – Another Leeson? The Lessons Understand and ensure fundamental controls are effective and are complied with Aggressive behaviour is an indicator of problems Need to challenge unusual trading strategies Be wary of sold option positions – why is cash being raised in this way? “The trades made no sense for a number of reasons” Ludwig Report 2002
  8. 8. National Australia Bank – Another AIB? The losses/overstatements occurred over a number of years and appear to have increased exponentially Analysis of losses / overstatements (AUD’s) September 01 4 million September 02 8 million September 03 42 million December 03 92 million January 04 84 million February 04 360 million
  9. 9. National Australia Bank – Another AIB? Aggressive profit targets linked to bonus structures Traders were not honest Use of false revaluation rates – independence of the source of revaluation rates appears to have been compromised Management ignored limit breaches and warnings External warnings ignored Limit breaches not sufficiently escalated Financial control was poor Back office lapses – cut off and confirmation procedures were deficient – false transactions not detected because internal confirmations stopped
  10. 10. National Australia Bank – Another AIB? The Board was provided with incorrect and incomplete information Audit Committee was provided with limited information and did not recognise the implications of the control breakdown Risk Committee was provided with incorrect information Executive Committee not advised of breaches Management disbelieved limit breaches Risk escalation not pursued Culture Focus on processes rather than substance Abdication of responsibility ‘It can’t happen to us’
  11. 11. National Australia Bank – Another AIB? The Lessons Fundamental controls can’t be ignored If the limit system continually reports breaches then activities may need to be scaled down (lessening the risk) until the source of the continual limit breaches can be ascertained There needs to be a robust and independent structure for the escalation of limit breaches Reporting needs to also escalate issues to appropriate risk committees Inculcating a compliance culture is important Unlikely as it may seem – ‘it can happen to us’
  12. 12. Pasminco – No unauthorised activities or fraud but: Ambitious expansion plan - $5 billion market value goal Hostile takeover of Savage – debt levels and value of legacy hedge book significantly underestimated ( approx $300 million) Planned and executed transactions that were designed around a view that the AUD spot level would be 69c and the zinc price would be USD 1200 per tonne over the next 12 months Relied on a consensus view of 42 banks that forecast the AUD/USD spot level to be 69 cents - but over the next 12 months: The $AUD dived to below 50 cents The zinc price fell to $USD800 per tonne 6 month forecast 0.50 0.60 0.70 0.80 0.90 1.0 0 Jan- 84 Jan- 86 Jan- 88 Jan- 90 Jan- 92 Jan- 94 Jan- 96 Jan- 98 Jan- 00
  13. 13. Pasminco – No unauthorised activities or fraud but: Zinc price was not hedged Policy allowed currency hedging – $2.3 billion of option ‘collars’ in a 3 cent band between 68 and 65 were eventually closed out at a $850 million loss Sensitivity analysis – Did not give due consideration to extreme outcomes which subsequently eventuated Poor cash management/information system – slowed reaction of management Domineering CEO – overrode the CFO, Management and the Board
  14. 14. Pasminco – No unauthorised activities or fraud but: The Lessons – Impossible to predict future price movements – hazardous to position a company to ‘take advantage’ of an unknown future price movement We need to do more than just understand the treasury policy – could it potentially create an undesirable situation? More sensitivity analysis - financial risk exposure profile of a firm as a going concern The need for corporate governance and moderation of authority
  15. 15. Understanding the implications of control failure
  16. 16. Type of Control : Policy Board is aware of organisation’s financial risks and has a process in place to manage them Organisation is caught unaware of risks and suffers unexpected loss Board understands financial risk management and the risks and rewards Approved risk management approach results in an outcome which the board does not expect or desire There is no ambiguity in understanding the policy Management has a different understanding, of the approved risk management approach, to the Board Rationale Implications of failure
  17. 17. Type of Control Policy cont.. Specification of precisely which financial instruments are being used i.e. a bought option and a sold option are significantly different Board and senior management are unaware of the potential outcome of some derivative instruments/strategies Clear delegations and limitations of authority If it is not ‘Black Letter Law’ it can’t be tested, monitored or discretion limited Written policy means breaches can be clearly defined If breaches of policy are not detected and reported there is no point in having a policy Rationale Implications of failure
  18. 18. Type of Control: Matching of Inward Confirmations Designed to detect errors in interpretation of transactions Transactions may have long lives, rates may move significantly and losses may be severe if transaction errors take a long time to detect or are not detected until settlement Designed to detect bogus transactions Where a transaction is bogus and the back office does not seek confirmation – then the bogus transaction will not be detected Designed to ensure the data in treasury and transaction systems has integrity The system has incorrect data therefore the position is misunderstood and settlement is incorrect. Rationale Implications of Failure
  19. 19. Type of Control: Protection of the Routing of Inward Confirmations Designed to prevent interception by dealers The dealer intercepts the inward confirmation to prevent detection of an erroneous or unauthorised transaction. Rationale Implications of Failure
  20. 20. Type of Control: Segregation of rights in Electronic Banking Systems Systems Administration Separation of administrator rights prevents uncontrolled operation of users and authorizers Non separation of administrator rights allow unauthorised creation of users and authorisers – thus facilitating a fraud Creation and Authorisation of Payments Segregation of payment duties prevent the creation of unauthorised payments Non separation of payment rights potentially allows the creation of unauthorised payments Locking of Payment Templates Locking of payment templates enables authorisers to rely on payment templates Non locking of payment templates means that payment details including account numbers cannot be relied on by authorisers without thorough checking Rationale Implications of Failure
  21. 21. Type of Control : Prohibition of Facsimile Payment Instructions Receiver of facsimiles cannot detect whether the payment instructions originated from an authorised or unauthorised source or whether they has been tampered with An external party sends unauthorised payment instructions to the organisation’s banker – which it acts upon it Ditto A fraud is facilitated by the ability of officer or director of the organisation producing an unauthorised payment instruction to use previously authorised transactions Ditto The payment instructions may be authorised but have then been amended in an unauthorised manner Rationale Implications of Failure
  22. 22. Type of Control : Standard Settlement Instructions (‘SSI’s) SSIs issued to counterparties ensure that they only pay funds to accounts properly controlled by your entity Counterparties may receive instructions (either within - or by a party external to the organisation) to pay funds to an unauthorised location/beneficiary SSIs received from a counterparty means that officers authorising payments to a counterparty can verify beneficiary account details to a ‘certified’ document Payment instruction (whether manual or electronic) may outwardly appear to be made to the correct counterparty – but may have incorrect account details. Rationale Implications of Failure
  23. 23. Type of Control : Outward Confirmations/Return of Inward Confirmations The sending of outward confirmations ensures that your organisation has confirmed its version of events and that should there be a bogus transaction entered in the system – then this may be confirmed by the counterparty querying the transaction Absent an outward confirmation – the organisation is potentially reliant on the counterparties view of events Ditto Reduces error detection Ditto A bogus transaction may not be detected – there is no inward confirmation Rationale Implications of Failure
  24. 24. Type of Control : Independent Reconciliation of ‘Nostro’/Bank and Suspense Accounts Timely detection of ‘non – system’ originated entries Lose control of reconciliation processes – inability to account for transactions – inability to reconcile the bank account to the G/L Detection of unauthorised transactions If reconciliation is undertaken by staff initiating &/or settling transactions then they may be able to prevent detection of a fraud by accounting staff Detection and differentiation of foreign exchange positions versus asset and liability positions Inadvertent creation of unintended foreign exchange positions Rationale Implications of Failure
  25. 25. Type of Control : Monitoring of Transaction Activity by an Independent Party Detection of unauthorised transactions or unusual trading patterns Unauthorised transactions or trading patterns may go undetected Rationale Implications of Failure
  26. 26. Type of Control : Control the establishment of Bank Accounts and Facilities Control over the opening of bank account ensures that funds cannot disbursed throughout the organisation Treasury loses control of the organisations liquidity Control over the opening of bank account assist to ensure that all funds are only banked to authorised accounts Fraud Banking facilities should only be Board authorised so that unauthorised losses cannot be hidden Unauthorised losses are not detected in a timely manner Rationale Implications of Failure
  27. 27. Type of Control : Independent Sourcing of revaluation rates It is important that revaluations rates are not tampered with so that profit is correctly stated and risk systems correctly reflect the risk position P&L is overstated disguising unauthorised losses Ditto Risk Metric System understates the risks being run by the organisation. Rationale Implications of Failure
  28. 28. Contacts Presenter’s contact details Name: Stephen Cheesewright Position: Director Phone: (03) 9288 5645 Email:
  29. 29. Disclaimer The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The views and opinions contained in the presentation / paper are those of the author and do not necessarily represent the views and opinions of KPMG, an Australian partnership, part of the KPMG International network. The author disclaims all liability to any person or entity in respect to any consequences of anything done, or omitted to be done.