Purpose of policies

To be usable, Polices and Procedures (P&Ps) must stand in the context of a complete
control environment. As a stand-alone document, they have limited usefulness
unless they shape and reinforce corporate policies. P&Ps should provide a context
for determining what rules apply, who has oversight, and what compliance documentation
is appropriate. In order to be effective, the compliance manuals should be
explanatory documents and not simply a listing of requirements. The front office
must adhere closely to these permitted activities. Moreover, the back office must
understand the business strategy so they can help identify bottlenecks and danger
areas. An action may appear valid on the surface but has an unintended consequence
which may breach a limit or cause a change in status. Dangers are often hidden
from plain view and the players are simply caught looking the other way.
P&P exposure limits should reflect true exposure such as leverage or market
replacement cost. Notional limits invite violations since they are a crude measure of
risk. Escalation procedures should be in the document itself and having a bubbleup
process is likely to be more reliable than a static ‘break glass in case of emergency’.
One should specifically designate that if the P&Ps are silent then they do not enable.
Policies should also not be engulfed in such minute detail that they are applicable to
a few desks or for a limited time only.
As one writes derivatives compliance policies, one should build on existing best
practices as exemplified in industry and regulatory guidance.7 Today, there are good
resources and materials available on the Internet so that keeping pace with the
changes and communicating them can be more easily effected. Industry groups,
lobbyists and outside counsel are also good resources.
Desk procedure manuals and guides are required for the micro level of activity.
They should describe the interfaces and responsibilities between and within departments.
A typical compliance manual is often a stand-alone document, a chapter
within an operations manual or woven into an omnibus document. It is often
structured as follows. It commences with a description of the overall compliance
goals and importance of the those goals. It then moves to a classification of derivatives
by category: fixed income, equity, commodity, or credit and describes which products
belong in the appropriate categories. Then a hierarchy of compliance requirements
is laid out. Often there is an accompanying workflow chart that indicates which
department or unit handles each specific step and it outlines the proper sequence of
events. It will provide key questions to ask and answer as well as identify specific
pitfalls to avoid.
The compliance manual will also direct the reader where to seek additional direction
and how to determine whether any of the procedures have been updated or changed.
A typical compliance manual may also become outdated rather quickly. Frequently,
regulations change or the business mix changes and a business outgrows its controls.
Updates must be sent as needed and on a timely basis. Some banks even distribute
single-sheet risk placemats that can be kept at each trading or sales station so that
compliance essentials are available for immediate reference.
A planning and coordination process should occur, so that you have a comprehensive
and logical approach to compliance control that mimics your business processes.
The problem often exists that the compliance process at many large institutions is
the result of ad-hoc, incremental changes and not part of a coherent strategy. This
almost ensures that gaps occur in the oversight process.
A prudent compliance and business strategy is to maintain the same level of
control for unregulated OTC derivative sales as would be sufficient to meet the quality
of SEC/CFTC oversight for exchange traded derivatives. There is always a danger
that at a later date or during the course of litigation a transaction or relationship
may be reclassified and a post-facto application of a different (higher) standard will
be invoked. An aggrieved party might also attempt to invoke the fraud or disclosure
provisions of securities law or commodities law in hopes of bolstering a cause of
action.