The Financial Services Authority has warned UK banks and building societies to tighten up their risk management procedures after an onsite review of treasury systems across the sector identified significant gaps and weaknesses in controls.
In a letter sent to chief executives of all banks and building societes, Philip Robinson, director of the FSA's deposit takers division (DTD), states: "Although there have been numerous well-publicised examples of material losses arising from inadequate controls within treasury operations, it seems that in many instances firms are still failing to address effectively some fairly basic issues."
The review highlighted flaws in segregation of duties across front, middle and back office, poor understanding of risks by senior management, inadequate internal audit and IT procurement and implementation practices, and weaknesses in limit management, risk measurement and pricing policies.
The cross-section of firms visited included domestic banks and building societies, and a number of branches and subsidiaries of international banks. Their treasury operations varied widely in terms of their size and complexity, says the FSA, and in the nature of their dealing or trading activities.
"In general, we were disappointed that, in most firms visited, we found at least one material failing," states the FSA. "In a number of cases there were many significant issues identified."
Although the need for adequate segregation of duties was generally accepted, the FSA noted numerous weaknesses in firms' implementation of this, even in the larger firms visited. In particular, failings in reporting lines between dealing and risk management functions were widespread. Arrangements for staff cover and allocation of access rights and passwords were also found to be wanting.
The FSA also noted examples of insufficient controls in place to prevent potential trade manipulation.
"While a number of firms monitored the level of amended or cancelled trades, few undertook systematic reviews of the nature of these amendments and cancellations," states Robinson in his letter to CEOs. "There were also examples of lax confirmation checking, and a lack of risk-based chasing of outstanding confirmations."
These problems were particularly acute for those operations where the risk management function or settlement function was not based in the UK.
IT procurement and implementation controls were also found to be inadequate at several firms "which had encountered significant issues during new systems implementations and upgrades - due, it appeared, to weak scoping and management arrangements for IT projects".
The FSA is asking all banks and building societies to review their treasury controls and notify external auditors of the salient isssues. The watchdog says futures reviews will aim to assess whether firms are taking due account of best practice in designing their treasury systems and controls.