EX-99.1 13 dex991.htm GOVERNANCE AND CONTROLS Governance and Controls
Table of Contents

Exhibit 99.1








Committee of Chief Risk Officers Organizational

Independence and Governance Working Group


November 19, 2002





Table of Contents

Table of Contents








Governance and Controls








Board of Directors




Risk Oversight Committee




Chief Risk Officer




Corporate Risk Management




Front, Middle, and Back Offices




Front Office




Middle Office




Back Office




Support Functions








Internal Audit




Information Technology
















Deal Life Cycle




Deal Execution




Deal Validation




Risk Management




Settlements and Accounting Close








Energy Trading Systems




Inventory of Processes









Risk Policy




Risk Control Operational Procedures


Table of Contents

List of Figures


Figure 1. Levels of Risk Governance and Control


Figure 2. High-level Process Flow


Figure 3. Deal Flow Processes and Subprocesses


Table of Contents



By participating in energy commodities markets throughout the world, companies are exposed to a variety of market and credit risks. However, each company has developed its own financial reporting practices, risk management techniques, and infrastructure to manage its business. The Committee of Chief Risk Officers (CCRO or the Committee) has been formed in an effort to compile risk management practices surrounding these activities. The Committee is composed of Chief Risk Officers from leading companies that are active in both physical and financial energy trading and marketing. They are committed to opening channels of communication and establishing best practices for risk management in the industry.


The impetus behind the formation of the CCRO was the recognition that the merchant energy market has developed to the point where the industry needs to revisit existing methods. We have attempted to provide guidance on new methods and tools to establish a strong foundation for future growth in the industry. We view this as an opportunity to establish industry practices to benefit market participants, investors, and ultimately consumers.


The CCRO established working groups to address four key areas—Organizational Independence and Governance, Valuation and Risk Metrics, Credit Risk Management, and Risk Management Disclosures. The Governance Working Group was charged with developing guidance on the control infrastructure for two primary areas: the business processes and the governance over them. The Valuation Working Group was charged with developing methodologies and risk metrics to provide management with meaningful, consistent information about the values and risk exposures inherent in merchant energy operations. The Credit Working Group was charged with developing guidance on credit risk management and efficient use of credit. Finally, the Disclosure Working Group was charged with developing meaningful disclosures that are responsive to stakeholders, such as investors, credit rating agencies, financial analysts, regulatory bodies, other industry associations, and the media, and that provide insight into company and industry performance.


In the following white papers, the CCRO presents the results of the first phase (March–October 2002) of our efforts. During this phase, the working groups met regularly to review and discuss participant company practices and studies, as well as feedback from external stakeholders. In presenting these best practices, the CCRO intends to create common nomenclature, methodology, metrics, and processes.


These best practices build on and strengthen current industry standards. During our research process, we found that while many companies already followed many of these practices, they were not codified and universally accepted as standards. The CCRO strongly encourages the industry to adopt the best practices outlined in the white papers. We believe that adoption of these practices reduces risk, fosters liquidity, and increases the efficiency of the trading and marketing of energy, which benefits consumers and investors. We expect that these best practices will evolve and further develop through our future investigations and through the efforts and experience of the companies adopting and implementing them.


Note that the best practices herein are offered as a resource. Their use is voluntary, and no company has agreed to or is required to use them. In addition, they may be modified as appropriate by individual companies, and they do not relieve any company from the need to comply with their legal and professional requirements.


For further information on the aims and the objectives of the CCRO (including appropriate use of best practices), please refer to Volume 1 of this set of white papers.



Table of Contents

1.0    Governance and Controls


Governance follows a top-down approach whereby the board of directors1 discusses policies with respect to risk assessment and risk management, followed by the development of strategic policy development and oversight by a senior management-level risk oversight committee (ROC) chaired by a chief risk officer (CRO). Controls should be implemented and aligned throughout an organizational structure, with distinct roles and responsibilities that result in an enhanced control environment. Accordingly, the risk management roles and responsibilities of the board, the ROC, the CRO, and the corporate risk department are organized to support a risk management framework. Note that some companies may not have a corporate risk department; if not, the functions may be performed by the middle office.


The following information outlines best practices for governance and control of energy trading and marketing operations and related risk management activities. Governance and controls will enact organizational setup, policies, and procedures that support the company’s business models, establish risk tolerances, and segregate responsibilities for the front, middle, and back offices. While this white paper is primarily focused on risk controls and governance to support energy trading and marketing activities, readers should recognize that the board and corporate officers have broader responsibilities.


Specifically, this document outlines governance responsibilities of the board, the ROC, and the CRO and then steps through the risk control responsibilities and duties of the front, middle, and back offices (the “three-office” structure). This approach has been patterned after that of the banking industry, with adaptations to the intricacies of the energy industry. By formalizing processes for front, middle, and back offices in this structure and implementing a written risk policy, companies may help minimize operational risk, including conflicts of interest.


The front office, which executes the company’s risk taking and risk mitigation strategies, has a significant financial impact. Front-office functions include deal execution, initial capturing and logging of a transaction’s specific terms and conditions, and other transaction support roles such as scheduling and nominations. Due to the real-time market opportunities available to the front office, executed transactions have the potential to expose the company to significant market, credit, liquidity, and operational risk. Therefore, an infrastructure of control separate from that of the front office is necessary to monitor market participation.


The middle office controls and polices a significant amount of the front office’s activities. Middle office functions include assuring data integrity through deal validation and confirmations, analyzing and monitoring market and credit risks, validating price curves, and reporting risk data to management, in compliance with policies authorized by the ROC.


The back office expands the control environment through balance sheet maintenance (reconciliations, accounts receivable [A/R], and accounts payable [A/P]), settlements, and financial reporting.


Also discussed in this document are support areas such as legal, internal audit, information technology, and treasury, which play active roles in reducing the business risk profile of a trading and marketing operation.


1   The board of directors’ roles and responsibilities can be performed at either the board or board committee level (both are referred to here as “the board”).



Table of Contents

2.0    Oversight


The oversight functions follow a strategic, tactical, and operational corporate hierarchy, as shown in Figure 1. (This chart is not intended to depict an organizational structure, but rather to represent functional relationships and accountabilities.)


Figure 1. Levels of Risk Governance and Control




2.1    Board of Directors


The board, which has oversight responsibility for the financial health of the company, must oversee trading and marketing operations. The company’s energy market participation must be clearly understood at the board level. The board must understand the company’s risk management objectives, risk tolerance, and overall risk management framework and conduct ongoing formal communications with management. It is recommended that the board detail the specific board reporting requirements of the ROC.


Board of Directors—Responsibilities and Duties


    Establish appropriate board committees, with formal charters and director qualifications.


    Understand trading and marketing strategies and associated risk.



Table of Contents
    Discuss guidelines and strategic policies that govern the process by which senior management and the ROC assess and manage risks.2


    Understand the company’s risk management objectives and risk tolerances.


    Discuss a strategic risk policy that establishes an overall framework for risk management.


    Discuss the company’s major financial risk exposures and the steps management has taken to monitor and control such exposures.2


    Establish scope and frequency for management reporting to the board.


    Review compensation policies to ensure that they are structured so as to avoid incentives for excessive risk taking (compensation policies are typically reviewed by a compensation committee).


2.2    Risk Oversight Committee


Membership of the ROC includes, at a minimum, the CRO, CFO, and senior management of the energy trading and marketing organization. The ROC should not predominantly consist of front office representatives. The ROC establishes a forum for discussion of the company’s energy trading and marketing operations and must develop guidelines required to implement an appropriate risk management control infrastructure; this includes implementation and monitoring of compliance with the company’s risk policy. The ROC executes its risk management responsibilities through direct oversight and prudent delegation of its responsibilities to the corporate risk management department and/or middle office, as well as to other corporate and business unit personnel.


ROC—Responsibilities and Duties


    Review and approve the risk policy and oversee enforcement by corporate risk management and the middle office.


    Ensure that risk management objectives, risk tolerances, and limits are employed throughout the organization.


    Review and approve the risk management strategy proposals around each affiliate’s business plan. Each proposal should be reviewed for strategic fit, risk exposure monitoring, and reporting and control requirements; these should be consistent with each affiliate’s approved yearly business plan.


    Periodically review any risk management program approved in light of recent market changes, and ensure continued compliance with its established guidelines. (Perform a detailed review at least once a year.)


    Review and approve new products, markets, trading locations, and trading offices.


    Formulate risk management strategy and policy necessary for new product or market implementation.


    Require and review regular risk reports prepared by the corporate risk management department and/or the middle office. These must include, but need not be limited to, the following:


    Profits and losses (P&L), both realized and unrealized.


    Open positions.


    Limit utilization.


    Status of exemptions and exceptions.


    Credit utilization.


    Periodically engage an independent audit (internal and/or external) of risk control processes and procedures.


2   The NYSE Corporate Accountability and Listing Standards recommend that these activities be an audit committee responsibility.



Table of Contents

ROC—Responsibilities and Duties (continued)


    Understand which trading activities are accounted for using mark-to-market (MTM) accounting and which using accrual accounting.


    Approve the level (from individual trader to front-office management) at which authority to conduct trades in both MTM and accrual books resides.


    Hold formal ROC meetings at least monthly. Standing agenda items should include, but not be limited to, current trading strategy, review of current exposure position, control requirements/enhancements, and review of counterparty credit exposure.


    Perform an annual review of trading policies and codes of ethics. This includes review of disciplinary actions upon violation of ROC policies and procedures. (Note: The CCRO supports the principles and objectives of the Electric Power Supply Association (EPSA) Code of Ethics and encourages companies to implement this code or augment existing codes of ethics to embodies its principles.)


    Enforce disciplinary action upon violation of ROC policies and procedures.


    Ensure that transacting and risk management personnel are appropriately skilled.


    Review the infrastructure supporting risk management (human resources, analytical tools, reporting procedures, etc.) and ensure that it meets the requirements for risk oversight and compliance


    Review compensation policies to ensure that they are structured so as to avoid incentives for excessive risk taking.


2.3    Chief Risk Officer


The CRO is a corporate officer position independent of the front office. To support independence in the risk management governance structure, the CRO reports to the company’s chief executive officer or to another top executive not aligned with the front office. The CRO also has dotted-line reporting to the board. He or she serves as chair of the ROC and leads the corporate risk management department.


The CRO position should be high enough in the corporate organizational structure to facilitate independent assessment of risk on an enterprise-wide basis. This includes assessment of risk taking activities managed by the CFO (capital structure activities involving derivatives and other commitments and guarantees, marketable equity securities, investment decisions, etc.). The board should approve the reporting line for the CRO. To maintain independence, the CRO’s incentive compensation should not be tied to trading or merchant energy unit performance.


CRO—Responsibilities and Duties


    Perform responsibilities delegated by the ROC.


    Conduct ROC meetings.


    Engage the ROC in discussions regarding events or developments that could expose the company to potential losses.


    Assess risks to the company in aggregate, by business unit, and by material business activities.


    Measure and report on the company’s risk profile.


    Develop, recommend, and administer corporate risk management and /or middle-office processes and procedures.


    Research, develop, test, and implement risk measurement methodologies and models.


    Recommend to the ROC specific risk limits consistent with the company’s risk management objectives, risk tolerance, and risk management policy.


    Provide direction to the internal audit group, facilitating independent audits of risk control processes and procedures.



Table of Contents

CRO—Responsibilities and Duties (continued)


    Evaluate proposed transactions with respect to their potential impact on the company’s risk profile, consistency with risk management objectives and risk tolerance, and compliance with risk management policy.


    Develop and monitor the implementation of provisions to the risk management policy, and oversee other risk management processes and procedures established by this policy or otherwise by the ROC.


    Report to the board of directors and the ROC on the company’s compliance with its risk policy and risk management in accordance with the risk policy.


The CRO prudently delegates responsibilities to the corporate risk management department and the middle office. Business units or support functions may be required to provide the CRO with reports or information required for risk assessment and analysis on a regular or ad hoc basis.


2.4    Corporate Risk Management


The corporate risk management department reports to the CRO. The department is responsible for implementation of, administration of, and compliance with the company’s risk policy and risk management processes and procedures. To maintain independence, the incentive compensation for corporate risk management should not be tied to trading or merchant energy unit performance. Business units or support functions may be required to provide the CRO with reports or information required for risk assessment and analysis on a regular or ad hoc basis.


Corporate Risk Management—Responsibilities and Duties


    Develop and review systems and controls to measure risk.


    Monitor compliance as required by the risk policy, including aggregation of risks across the company and review of the company’s overall risk profile.


    Review and recommend market risk and credit risk limits.


    Develop risk measurement techniques.


    Review and recommend for approval, risk measurement calculation and standardized position methodologies.


    Review curve validation and stress-test results.


    Evaluate the effectiveness of the risk metrics employed.


    Oversee the model development, validation, and testing process to ensure that market and credit risks are accurately quantified.


    Recommend operational risk and business risk assessment guidelines.


    Review business unit returns relative to expectations and to the level of risk incurred.


    Assess valuation issues and perform or review analyses on the company’s overall risks, using specialized stress tests and scenario analyses.


    Aggregate or consolidate risk measures into enterprise-wide market risk measurement. This includes reviewing the effectiveness of transaction processing systems and procedures relating to risk measurement and overseeing adherence to risk policies, procedures, and limits.


    Assess and recommend the allocation of resources necessary for risk oversight and compliance (i.e., human resources, analytical tools, reporting infrastructure, etc.).


    Coordinate and distribute independent market fundamental analysis.



Table of Contents

The corporate risk management function principally conducts its activities through two subgroups, the market risk function and the credit risk function. Both functions report to the CRO.


2.4.1    Market Risk Function


A company that has multiple trading business units with separate middle offices may choose to institute a corporate market risk function. The market risk function ensures consistency across the company, aggregates enterprise risk positions, and economically allocates quantitative and other analytical resources. Alternatively, some of these responsibilities may be performed by the middle office. The market risk function reports separately from the front office.


Market Risk Function—Responsibilities and Duties


    Review and validate valuation methodologies, curves, and assumptions.


    Develop risk measurement techniques.


    Review the effectiveness of transaction processing systems and procedures relating to risk measurement.


    Review daily risk reports prepared by the middle office.


    Produce all enterprise-wide market risk reports.


    Perform back-testing and stress testing of risk measures such as VaR, EaR, or CFaR3 at least quarterly.


    Perform exception, variance, and risk-adjusted return on capital (RAROC) analyses.


    Oversee adherence to risk policies, procedures, and limits.


    Evaluate and recommend appropriate measurement techniques for reserves.


    Participate, as staff, to the ROC and carry out committee requests.


    Participate in new product reviews.


    Aggregate or consolidate risk measures into an enterprise-wide measurement.


    Identify, assess, and inventory market risks in all business units; advise the ROC on risk issues.


    Assess the impact of new business opportunities, (new markets, assets, strategies, etc.) on the corporate risk profile.


    Develop and distribute independent market fundamental analysis.


    Review and approve market assumptions in significant new deals.


2.4.2    Credit Risk Function


To facilitate enterprise-wide credit risk assessment, measurement, and management, and to maintain efficiency, credit risk management is best performed at a corporate level and independently from the front office. The specific tasks performed at the corporate and business-unit levels may vary by company, but an overall consolidated credit risk management approach is considered best practice. (See the Credit Risk Management White Paper)


3   See the Valuation and Risk Metrics White Paper and Glossary for full details and descriptions of these Risk Management metrics.



Table of Contents

Credit Risk Function—Responsibilities and Duties


    Review and approve counterparties and transactions before execution in order to identify, measure, and price the associated credit risk.


    Perform due diligence on issuers of counterparty guarantees, ensuring that they meet minimum credit standards.


    Coordinate review and execution of all counterparty documents with the business unit’s contract management group and the company’s office of general counsel; negotiate directly with counterparties to ensure that credit risk is mitigated through contractual arrangements.


    Using internal and external information sources, monitor counterparty credit events and industry/market trends for potentially adverse effects on the counterparty’s credit profile.


    Calculate and report to the ROC credit exposures, credit risk metrics, and other requested information.


    Report, as required by the risk policy, any credit risk limit violation, loss notification, or other exception to the limit structure.


    Administer collateral (i.e., margins, parental guarantees, letters of credit held or given).


3.0    Front, Middle, and Back Offices


As discussed above, to ensure independence of functional trading and marketing activities, companies should establish a three-office organizational structure. This structure ensures appropriate checks and balances and maintenance of data integrity, security, and accountability alignment. Each office has specific responsibilities and duties, many of which must be located in the office identified herein, irrespective of the strategic intent or degree of activity connected with a company’s market participation. However, certain functions present no incremental risk if located in another office or support function. These functions are highlighted and the alternative office(s) listed.


3.1    Front Office


The front office (the trading group and any other party that can commit the company to a transaction) executes the company’s risk taking and risk mitigation strategies. The front office’s functions include deal execution—buying, selling, and hedging of physical commodities or financial instruments. The front office is responsible for initial capturing and logging of a transaction’s specific terms and conditions; it also performs other transaction support such as scheduling and nominations.


Front Office—Responsibilities and Duties




    Seek ROC approval for participation in new products, markets, or services that meet the company’s business objectives.


    Understand, sign, and comply with the ROC risk policy and all other company policies, including the company code of ethics.


    Maintain confidentiality of information used in trading and risk management.


    Report violations of company policies.


    Abide by any non-compete agreements.


    Develop and maintain documentation outlining standard procedures for conducting business.


    Set up and maintain physical contracts in the operations systems.



Table of Contents

Front Office—Responsibilities and Duties (continued)


Trading and Asset Management


    Ensure that traders have proper knowledge and understanding of the products they are authorized to trade.


    Understand and abide by ROC trading limits, authorized product rules, and restricted activities.


    Develop trading, hedging, procurement, and marketing strategies in compliance with ROC policy and procedures.


    Execute all authorized trading, hedging, and marketing transactions.


    Comply with all personal trading restrictions and limitations.


    Arrange for the exchange of physical commodities at/on the appropriate facilities (pipelines, plants, pools, etc.).


    Trade only in approved market forums (ICOs, power exchanges, electronic trading platforms, exchanges, etc.).


    Communicate the operational status of appropriate facilities (pipelines, plants, pools, etc.) to the organization.


Deal Entry and Logistics


    Input transaction detail into deal-capture system in accordance with established procedures.


    Acknowledge daily trading activity.


    Work with the middle and back offices to resolve errors on a timely basis.


    Ensure accuracy of transaction terms (including difference between nominated and confirmed volumes) in the deal-capture system.


3.2    Middle Office


The middle office is responsible for maintaining the overall control environment and assessing compliance with the risk policy. The middle office provides a significant level of control and policing of the front office’s activities and, therefore, should be independent of the front office, reporting through the CRO or CFO. To maintain independence, incentive compensation for the middle office should not be tied to the business unit’s performance. The middle office’s functions include assuring data integrity through deal validation and executing the risk monitoring requirements authorized by the ROC. In some organizations, the middle office may also perform the role of corporate risk management and/or the credit function discussed in section I-2.4.2 above.


Middle Office—Responsibilities and Duties


Risk Control


    Confirm all appropriate transactions within established industry standards.


    Establish a rigorous process to insure that confirmations are sent and reviewed pursuant to contract terms. Errors should be resolved, and changes should be communicated to appropriate personnel on a timely basis.


    Validate all transaction details to the relevant risk management systems.


    Foster a cooperative error-resolution effort between front, middle, and back offices.



Table of Contents

Middle Office—Responsibilities and Duties (continued)


    Maintain appropriate transaction detail and acknowledgement records.


    Develop and maintain documentation outlining standard procedures for conducting business.


    Routinely check trader authority and reconcile that authority with the appropriate external counterparties, exchanges, brokers, etc.


    Lead and/or support risk systems and infrastructure development efforts.


    Provide staff support to the ROC.


    Maintain risk systems.


    Monitor compliance with policies, guidelines, and limits; report violations.


    Identify weaknesses and opportunities for enhancement in the control environment; develop solutions and implementation strategies.


    Approve and manage the trading book structure designed to accomplish both front- and back-office objectives.


    Monitor and ensure the appropriateness of intra-book trades.


Risk Analysis


    Provide daily report of risk exposures (e.g., P&L positions and change drivers) to the ROC.


    Perform periodic back-testing and stress testing.


    Calculate MTM and risk metrics such as VaR, EaR, and CFaR of portfolios on a daily basis.


    Analyze and explain changes in the portfolio.


    Calculate and monitor position Greeks.




    Validate and model forward curves for all commodity exposures (market analysis).


    Access market quotes for MTM assessment.


3.3    Back Office


Back-office functions include processes in support of the front office such as accounting, invoicing, dispute resolution, check-outs, actualization, accounts receivable, accounts payable, tax reporting, financial reporting (including disclosures), and contract administration.


Back Office—Responsibilities and Duties


    Perform financial accounting and compliance.


    Comply with tax rules and make appropriate tax elections.


    Account for hedging and derivatives activities.


    Record realized and unrealized gains and losses.


    Reconcile general ledger and cash positions.


    Reconcile margin accounts.


    Implement tax-hedge accounting policies and other regulatory tax requirements.



Table of Contents

Back Office—Responsibilities and Duties (continued)


    Develop and maintain documentation outlining standard procedures for conducting business.


    Invoice counterparties.


    Resolve billing disputes.


    Perform daily/weekly/monthly checkout with counterparties.


    Develop and maintain documentation outlining standard procedures for conducting business.


4.0    Support Functions


Support areas such as legal, internal audit, information technology, treasury, and tax play active roles in reducing the business risk profile of a trading and marketing operation.


4.1    Legal


Legal support can be in-house or outsourced, but must be skilled and knowledgeable in regulatory, contract, bankruptcy, and insolvency laws. Legal support is necessary when establishing new trade agreements or contracts, seeking to enter new markets or business lines, and resolving counterparty non-performance events.


Legal should review trade agreements and contracts for changes in market practices and applicable laws. Additionally, legal should evaluate transactions to determine whether they are permissible under applicable laws and regulations. Legal should also advise the credit risk department on applicable bankruptcy or insolvency laws and on the procedures necessary to ensure enforceable transactions and adequate documents.


4.2    Internal Audit


Internal audit’s minimum responsibilities in support of the trading and marketing operations include annual financial and process audits and reviews. If the ROC engages outside consultants to perform process reviews, reviews should be coordinated with internal audit, and internal audit may be asked to lend support to those engagements. Internal audit should conduct routine audits of trading operations to ensure compliance with controls, policies, and procedures.


4.3    Information Technology


Information technology (IT) is critical to trading and marketing operation in ensuring that systems are in place and function so that transactions may be accurately captured and reported in a timely manner. A company’s IT policy supporting a trading and marketing operation must provide for: redundancies for networks and telecommunications failures; effective management of data (i.e., reliable availability, integrity, migration across systems, development, and maintenance of tools to obtain and utilize data); security of data and physical location; change control; disaster recovery; and business continuity plans. IT functions should be performed by personnel independent of the front office.


4.4    Treasury


Treasury’s minimum responsibilities in support of the trading and marketing operations are cash management activities not supported by the back office. Critical activities include analyzing the company’s liquidity position (including stress testing and contingency planning), developing interest rate curves, and hedging foreign exchange exposures. Further discussion of treasury activities in support of energy trading and marketing activities are outside the scope of this document.



Table of Contents

4.5    Tax


Tax support of a trading and marketing operation requires knowledge of the tax laws of federal, state, and (if applicable) foreign governments. This knowledge extends beyond income tax to sales, franchise, excise, and other taxes. Tax support is necessary when seeking to enter new markets and to trade and market new products, including new types of financial instruments.


Tax support should determine the effect of changes in tax laws. This group also determines the tax effect of transactions (including determining the most efficient tax structure for transactions). Tax support should also develop hedge identification procedures that meet tax laws and regulations.



Table of Contents



The following section provides clear and concise directives for business processes for typical energy trading and marketing activities. It is not meant to be prescriptive, but rather to serve as a high-level aggregation of industry best practices surrounding certain processes. This section will:


    Publish processes and controls that reflect general corporate policies; these policies, when implemented, establish uniform practices and proper segregation of duties across the corporation.


    Enhance business capabilities by:


    Disseminating knowledge of best practices.


    Developing process guidance for employee training.


    Fostering communication inside and outside the corporation.


    Identifying how IT systems can effectively streamline processes.


Note that the best practices herein are offered as a resource. Their use is voluntary, and no company has agreed to or is required to use them. In addition, they may be modified as appropriate by individual companies, and they do not relieve any company from the need to comply with their legal and professional requirements.


Note that for companies with a corporate risk management department, some functions described here that are performed by the middle office may be performed by, or with the assistance of, corporate risk management.


1.0    Deal Life Cycle


In general, the processes performed by energy trading and marketing companies center on execution, validation, risk management, and accounting of individual transactions; together, these processes can be labeled as the life cycle of a deal. Before a deal is executed, senior management works with the front office to establish strategies that develop the business in alignment with the risk/ reward profile of the company. The front office then executes deals that satisfy that strategy. More complex or long-term deals may require additional structuring or pricing to assess their true value. If a deal is within defined limits and the terms are approved, a contract is put in place. The deal is then executed with the counterparty and the terms are captured in a system. The deal is then assigned to a portfolio for ongoing management over the term of the deal as market conditions change. If a deal requires the movement of a physical commodity, the front office schedules product flow with a transportation provider.


After a deal has been executed and captured, the middle office must independently verify the accuracy of the terms through system reconciliations, third-party confirmations, and risk analytics. These processes serve as key control functions over the deal execution process. The credit and contract administration groups will also monitor the deal over its life, ensuring that contract provisions are maintained and credit risk managed. Once the deal has reached its term and the contract provisions have been satisfied, the back office will settle the deal (i.e., resolve discrepancies and invoice the counterparty) and book the appropriate entry in the financial records.


The life cycle of a deal is dependent upon proper organizational setup and governance structure (discussed in section I of this document) and also on maintenance of the system infrastructure that supports the business. The processes that support the deal life cycle are illustrated in Figure 2 and described in more detail in the sections that follow.



Table of Contents

Figure 2. High-level Process Flow




1.1    Deal Execution


1.1.1    New Product Development


Process Overview


New product development consists of determining commodity offerings, performing market and asset selection, and developing products that are aligned with management’s strategy and risk tolerances. Within this process, the front office performs the research required to understand market rules, risks, barriers to entry, competition, customer needs, logistics, etc. Based on the information gathered, the front office then analyzes the economics, develops a business plan or report, and submits it to the middle office for independent validation of assumptions and measurement of market risks. Once the assessment is complete and senior management has decided to move forward with the new business, the revised plan is sent to the ROC for approval or rejection. If it is approved, limits are set, authorizations made, and the desired activity communicated to the organization.




    Ensure that due diligence has been performed before a company enters new markets, trades in new commodities, or introduces new products. (Products include assets, origination deal structures, and other offerings.)


    Develop a full understanding of the market, including risks.


    Establish proper management approval before entering into contracts in new markets, with new commodities, or with new products.



Table of Contents

Best Practices and Controls


    Senior management should meet regularly with the front office to develop short- and long-term strategies and enhance communication of corporate direction and risk tolerances.


    The front office should develop new business after extensive research; it should document the information in a market business plan or risk analysis report. This documentation includes, but is not limited to, industry background, entry and exit plans, risk analysis, return on investment, and proposed limits. Before its plan is approved, the middle office should validate the appropriateness of the market research, models, curves, and assumptions used to value the new business. Additionally, the middle office should independently identify and quantify the various risks involved in accepting the new business activity.


    To ensure compliance, the middle office should compare the proposed new business activity to the parameters defined in the risk policy.


    The market business plan or risk analysis report should be presented to the ROC for approval or rejection.


    The middle office should maintain a list of approved commodities, markets, and products. This list should be made available to all front-office personnel for easy reference.


    The front office should communicate the new business information to the rest of the front, middle, and back offices to ensure that the system can capture the risk, contracts can be developed, and the proper accounting treatment can be achieved.


Key Reports


    Market business plan or risk analysis report.


    List of approved commodities/markets/products.


1.1.2    Trading, Contracts, and Asset Management


Process Overview


At the start of the trading day, the front office should evaluate all open trading contracts and asset positions and review daily risk and credit reports. A daily meeting should be held to discuss market events, and determine the day’s trading strategies. Different groups within the front office may be responsible for executing different deal types, such as standard deals or complex deals that require structuring or long-term obligations. For the purposes of this document, this section covers standard deals. (See Section II-1.1.3 Origination, Structuring, and Pricing section for the processes for complex deals.) Before the deal is finalized, the front office verifies that a contract is in place, credit is sufficient, and the deal is within the trader’s authority and does not exceed any risk limits. Once all controls have been checked and both parties agree to the terms, the deal is finalized.




    Add value to the portfolio through the execution of authorized transactions.


    Mitigate risk through deal creation.


    Manage positions as a combined set of deals, contracts, and assets to optimize the portfolio.


    Satisfy customer needs.


Best Practices and Controls


    The front office should conduct a daily strategy meeting to share market information, review positions, and assess strategic direction.


    When necessary, the middle office should aid in strategy development by providing stress-test results to the front office.



Table of Contents
    If the counterparty is new, credit approval and limits should be obtained.


    Transactions should not be entered into with any counterparty until a valid contract has been executed and authorized by contract administration.


    If credit is insufficient, the trader should help the credit department obtain the necessary credit enhancement before completing the deal.


    The front office must follow appropriate procedures for obtaining exceptions for transactions that do not meet the authorized terms or limits.


Key Reports


    Price discovery reports (e.g., broker quotes, electronic trading platforms, data feeds).


    Position report in total and by region, book, or trader.


    P&L report in total and by region, book, or trader.


1.1.3    Origination, Structuring, and Pricing


Process Overview


While the processes above pertain to standard trading deals, complex deals generally require additional review and approval, as appropriate, from the middle office, back office, and senior management, who assess risk and value deal components appropriately. After the front office meets with the counterparty to initiate the deal, participants from the front, middle, and back offices meet to understand the deal components and develop a valuation structure. This effort is generally led by a structuring group.


The primary functions of structuring are to develop a deal structure, characterize risks, and value the deal. The structuring group generally works with the origination group to create structure that optimizes risk-reward profile and is in accordance with corporate guidelines. Based on the defined parameters, the structure group then breaks down the risk components of the deal (credit risk, price risk, volatility risk, commodity risk, etc.) for more detailed analysis. To value the deal, a model is developed or selected, and the assumptions, deal terms, and current market data are entered into the model. Model elements include the cost of operational uncertainties (production, delivery, etc.), cost of liquidity, market risk, swing risk, and other embedded optionality. Once the risk components are valued, the structure is presented to the appropriate levels of the organization for approval and presentation to the customer.




    Value deal components based on risk segregation.


    Ensure that deals are structured in a way that is consistent with corporate standards and captures optionality, risk, and asset performance.


Best Practices and Controls


    Origination or complex deals are presented to all affected areas of the organization (middle office, back office, treasury, credit, legal, and front-office management) for review and approval.


    The structure group should not engage in the execution of deals.


    In order to fully understand all aspects of the deal and ensure that it falls within risk tolerances, its risks should be disaggregated and analyzed before the deal is completed.


    The valuation should be documented on a deal approval sheet (electronic or hard copy).



Table of Contents
    The middle office should maintain an inventory of all approved models.


    Models should be back-tested to ensure validity and monitor performance.


    Each model should be thoroughly documented, including an analysis of the financial theory and empirical work upon which it is based (including assumptions, limitations, and intended use).


    A model validation report should include checks on the analytical derivation of the model used and any numerical solution procedures and code.


    Any changes to the model should be documented and approved by the middle office.


    All models should be interfaced with the trading and risk management system.


    All models and interfaces should be tested to ensure proper functionality.


    A deal approval sheet should be routed internally among all levels of the organization for signature.



Key Reports


    Price discovery reports (e.g., broker quotes, electronic trading platforms, data feeds).


    Position report in total and by region, book, or trader.


    P&L report in total and by region, book, or trader.


    Deal approval sheet.


    Inventory of approved models.


    Model documentation and validation report.


1.1.4    Price Curve Development


Process Overview


A price curve is essentially a graphic illustration of prices for one commodity and one location over time. For purposes of this section, “price” includes correlation and volatility. Prices are obtained from broker quotes, online trading platforms, industry publications, forward projections based on historical trends or fundamental analysis, extrapolation techniques, trades executed with third parties, and other methods. The data-collection process is referred to as “price discovery.” The price curve is generally disaggregated into two components based on liquidity: market years4 (forward periods with liquid markets) and non-market years (forward periods without liquid markets), based on liquidity.


The front office is responsible for price discovery for determining the value of the transactions in a company’s portfolio. Traders, the most active market participants, continuously perform price discovery throughout the day and provide data for the more liquid portion of the price curve. All prices provided by the front office should be validated by the middle office. As projections extend into the future, where markets become illiquid and available prices harder to determine, models are typically used to value the prices for these non-market years. Such models should be evaluated and approved by the middle office.




    Value business transactions using current market data or models.


    Ensure that forward price curves are reasonable and reflect reality.


    Ensure that curves are developed using sound methods approved by the middle office.


4   See the Valuation and Risk Metrics White Paper for the definition of market years



Table of Contents

Best Practices and Controls


    For all active positions, each forward curve should be developed and owned by only one person unless precluded by regulations.


    The forward price curve should be developed using market prices for liquid commodities/markets/products and modeled for illiquid commodities/markets/products.


    Volatility curves should be modeled for open positions in illiquid markets; implied volatility curves should be developed for actively traded options.


    Correlation curves should be developed using historical forward curve correlations and other relevant market data.


    Specific liquid commodities/markets/products curves should be updated at least once a day, within one hour of market close. Other curves should be updated as markets change.


    A formal valuation methodology should be established for developing each curve and related sources of information.


    While price discovery is usually performed by the front office in both market and non-market years, it should be validated by the middle office.


Key Reports


    Price discovery reports (e.g., broker quotes, electronic trading platforms, data feeds).


    Price curves.


1.1.5    Deal Entry


Process Overview


Upon completion of a deal, the dealmaker should ensure that the terms of the deal, broken out by individual risk components, are entered into the deal capture system. This should be done no later than the close of business on the date of execution so that those downstream (scheduling, risk management, accounting, etc.) can understand the deal and perform their tasks accordingly. The actual data entry can be performed by the dealmaker, front office support, or other designee. If someone other than the dealmaker enters the terms into the system, the dealmaker must review the activity to ensure accurate and timely entry.




    Capture deal terms in the system for proper management.


    Establish procedures that ensure complete, accurate, and timely deal entry.


Best Practices and Controls


    All telephone-initiated deals should be executed on a recorded line.


    Once a deal is executed, dealmakers should ensure that deals are entered into the system immediately so the terms can be accessed by the front, middle, and back offices.


    The deal should be assigned a unique identification number in the system so it can be cross-referenced with downstream systems.


    If deal tickets are used, they should be numbered sequentially, entered into the system within one hour of deal execution, and stored in a safe location for the life of the deal.


    If the deal is a hedge, it should be designated as such in the system.



Table of Contents

Key Reports


    Deal summary report by trader.


    Position report.


    P&L report.


    Log of tape recordings.


1.1.6    Logistics


Process Overview


The logistics process comprises of scheduling the movement of a physical commodity from point A to point B. To do so, the scheduler reviews current position in the system by commodity, delivery / supply point, and time period in order to understand the quantities and location that need to be scheduled. Demand is reforecast if applicable, and positions are netted out where possible to minimize delivery risk. The scheduler then performs an analysis of the transportation means, ensuring that the product can be moved efficiently. If there are constraints, the scheduler contacts the deal owner for resolution. The delivery / supply schedule is then developed, and the scheduler nominates the quantities with the transportation provider according to industry guidelines and regulations. The scheduler then obtains actual flow from the transportation provider and compares it to expected flow. Any variance (imbalance) is communicated immediately to the deal owner and documented in the system.




    Coordinate the physical movement of the commodity as dictated by the terms of the deal with the transportation provider.


    Track and monitor physical imbalance for proper management.


    Maximize transportation opportunities.


Best Practices and Controls


    Scheduled quantities should be made available in the system in a time frame as close to real-time as feasible.


    Nominations should be submitted following industry-standard regulations and deadlines.


    All product movements should be tracked and balanced throughout the month.


    In the event of a cut or shortcoming in delivery or supply, the scheduler’s ability to correct the error in the marketplace by entering into a transaction should be appropriately limited.


Key Reports


    Position report by location.


    Nomination schedule.


    Imbalance report.


1.1.7    Deal Management


Process Overview


After a deal has been executed and captured in the system, the risks must be managed over the life of the deal. For standard deals, this can be accomplished through portfolio position management; more complex deals can be assigned to a deal manager. The deal manager resides in the front office, and should ensure that the deal is



Table of Contents

executed consistently with the terms and conditions of the contract. Any potential or actual violations of contract terms should be immediately identified, communicated internally and to the counterparty, measured, and resolved. The effects of the resolution on the deal should be recorded in the system and documented.


If the deal has any optionality owned by the company, the deal manager is responsible for ensuring that these options are exercised when they are of value. The deal manager performs this function by communicating with the front office groups (logistics, trading, pricing, etc.), understanding the positions as provided by system reports, and negotiating standard deals to complement the original deal.




    Manage the risks and realize the value initially identified and modeled in the origination and structuring processes (trading, contracts and asset management and structuring).


    Ensure that the responsibilities of all parties to the contract are performed; if they are not performed, ensure that the resulting economic effect and risks from non-performance are identified, valued, communicated, and resolved on a real-time bases.


    Realize any incremental commercial opportunities resulting from changes in market conditions as factored into the original deal structure (e.g., upselling the original deal).


    Measure the accuracy of original assumptions and performance of the deal as originally modeled over its life; account for the value created from the deal through ongoing deal management.


Best Practices and Controls


    Manage positions by portfolio, based on risk decomposition and modeled in a timely and consistent manner.


    Assign complex deals to an individual owner who works with all levels of the organization to communicate changes. This deal owner should execute transactions in support of the deal, optimize the deal value in response to changing market conditions, and ensure that the counterparty performs its tasks relative to the terms of the contract.


    Assess the accuracy of the original assumptions and valuation.


    Measure ongoing performance at least once a quarter to determine economic impact, if any.


    Tie incentive pay for current and deferred components to the deal.


Key Reports


    P&L report.


    Position report.


    Budget versus actual report.


1.2    Deal Validation


1.2.1    Validating a Deal


The process of validating a deal, a key control over deal entry, is essential to proper risk management. Deal validation can be broken down into three primary categories: validation of deal structure, valuation, and approval; validation of deal entry; and reconciliation of brokered transactions. Each is detailed below.



Table of Contents

Validation of Deal Structure, Valuation, and Approval of Structured Deals


Process Overview


During deal structuring, the middle office is responsible for reviewing the terms and structure of the deal and ensuring that the assumptions used are sound. Numerous analytical techniques are used to understand and quantify the risk. The metrics used depend on the type of deal structured. In general, the middle office should verify that a deal is properly structured and valued; that it includes only approved products, commodities, and markets and is executed by authorized personnel; and that it is accurately broken down into its individual risk components.




    Before a deal is finalized with a counterparty:


    Ensure that each risk component of the deal is correctly measured, modeled, priced, and reassembled in a structure that is consistent with the description of the deal.


    Ensure that the value of the deal is accurately calculated.


    Ensure that the risk/reward balance of the deal meets corporate guidelines.


    Ensure that the necessary approvals for the deal are obtained.


    Provide a sound internal control environment with a separation of duties between the creation of a deal by the front office and the verification of a deal by the middle office.


Best Practices and Controls


    The middle office should perform statistical analysis using stress tests and simulations.


    The middle office should ensure that selected models are sound, properly reflect the value of the deal, and are used in accordance with modeling guidelines.


    The middle office should validate the calculations, market data, and assumptions used to determine costs of operation and liquidity, market, and swing risks.


    The middle office should sign the deal approval sheet, attesting that the risks of the proposed deal structure have been accurately calculated and meet corporate guidelines, as verified by an entity independent of the front office.


Key Reports


    Deal approval sheet.


    Stress-test results.


Validation of Deal Entry


Process Overview


Once a deal has been entered into the system, there are two lines of defense against inaccurate or incomplete deals: a daily front-office deal review and an independent middle-office review. First, the front office should reconcile its individual trade records with the system and sign off on a daily deal summary report indicating that the deals are accurate and complete. The middle office should then review the reports and perform any secondary reconciliation to ensure compliance. If the deal terms are not discovered or corrected at the close of business for the trade day, the error may not be found until the transaction settles. If this occurs, the company will be managing the risks of the business based on inaccurate information. For that reason, this process serves as one of the key trading controls.



Table of Contents



    Ensure that the dealmaker quickly and accurately enters all deals and their individual risk components into the deal capture system.


    Provide a sound internal control environment with a separation of duties between a deal’s creation by the front office and its verification by the middle office.


Best Practices and Controls


    If the middle office is involved, it should account for all deal tickets by the daily close of business, locate missing deal tickets, and reconcile the system to the deal ticket, ensuring that all terms have been correctly entered into the system.


    At the close of the business day, traders should review deal summary reports from the system, verifying deal capture and approving the report, indicating that all deals are complete and accurate.


    The middle office should collect and monitor the dealmaker’s sign-off reports and should review the system daily to confirm that each risk component of the deal is captured on time and accurately.


    The middle office should review the portfolio allocation to ensure that MTM, accrual, and hedge transactions are identified correctly.


    If deal tickets are not used, all transactions must be input directly into an electronic trading system that creates a unique trade identification number and provides an audit trail of who has entered or changed the transaction.


Key Reports


    Deal summary report.


    Position report.


    P&L report.


Reconciliation of Brokered Transactions


Process Overview


As in deal validation, each day the middle office (or the back office) should reconcile the terms of the brokered transactions with those in the deal capture system, ensuring accuracy of the deal entry. This third-party verification adds another level of control over the deal capture process.




    Ensure accurate and timely deal capture through third-party verification.


    Deter unauthorized deal making.


    Ensure that all deals and their individual risk components are entered into the deal capture system accurately and on time.


    Diminish the possibility of exposure to unknown risks.


    Provide a sound internal control environment, with separation of duties between the creation of a deal by the front office and the verification of a deal by the middle office.



Table of Contents

Best Practices and Controls


    Each day, the middle office should obtain broker statements, compare terms from the broker to the terms in the system, and notify the front office of any discrepancies to be resolved.


    Once agreed on, the deal record should be locked in the system and should not be modified without proper approval.


    Information on approved counterparties should be communicated to involved clearinghouses and banks.


    Each day, an appropriate independent group should review the margin activity to determine if more margin is needed or if there is too much margin on hand per guidelines established by treasury. If a change in margin is needed, treasury should be contacted for resolution.


Key Reports


    Deal summary report.


    Position report.


    P&L report.


1.2.2    Confirmation


Process Overview


Like deal entry validation, confirmation—sending a written deal confirmation to any involved third party to verify agreement with terms—is a key control over deal entry. To establish the proper segregation of duties and maintain a sound control infrastructure, this process must be performed by a group uninvolved with deal making. A confirmation is simply a one- to two-page document that lists the individual terms of the deal and makes reference to the legal contract already in place. Once both parties have agreed to the terms and signed the deal confirmation, the document should be retained to resolve any subsequent dispute.




    Establish in writing that a deal has been executed.


    Ensure accurate and timely deal capture through third-party verification; deter unauthorized deal making.


    Increase accuracy of the portfolio.


    Enhance the company’s ability to effectively manage risk.


Best Practices and Controls


    For deals with a duration of one day or longer, the middle office’s confirmation group should electronically generate a standard confirmation from the system on the following business day. The confirming party should be designated in the contract.


    The confirmation template should be approved by the legal department.


    The confirmation group should review the confirmation to verify compliance with the delegation of authority and should fax or e-mail a confirmation to the counterparty within two business days of the trade date or by a time specified in the contract.


    Once sent, the deal should be locked in to the system and should not be modified without the proper approval.


    After the confirmation has been sent, the status of the confirmation should be updated in the system in order to monitor exceptions and ensure completion.



Table of Contents
    The confirmation group should review a list of outstanding confirmations daily and should follow up on each with the relevant counterparty.


    If a disputed confirmation is received from the counterparty, the confirmation group should notify both front-office management and the counterparty within 24 hours of receipt, so that all parties are aware of the discrepancy and the appropriate personnel can reconcile the issue.


    The confirmation should be retained for reporting requirements or per the company’s document retention policy.


Key Reports




    List of outstanding confirmations.


1.2.3    Contract Management


Process Overview


Before executing a transaction with a new counterparty, the dealmakers or the credit department should ask contract administration to set up a new counterparty in the system and develop a legally binding contract. To develop a contract, the contract administration group and legal department work together with the counterparty to reach consensus on language and provisions by which both parties can abide. Once an agreement is reached, the contracts are signed and captured in the system; they are continually monitored to ensure that their provisions are met.


Although it is best practice to have a contract in place before executing transactions with a counterparty, it is not always practical to satisfy this requirement. If a contract is not complete, a long-form confirmation should be used to provide the company some legal recourse. A long-form confirmation is a summary of the deal terms with additional legal provisions that would normally be included in a contract.




    Ensure that valid enabling agreements and contracts are in place before the company commits to deals.


    Ensure that the terms of the contract are met throughout its life.


Best Practices and Controls


    Contract administration should contact the counterparty to obtain company information and enter that information into the common company system. Contract management should be responsible for processing all contracts and coordinating negotiations with the dealmaker and the credit and legal departments.


    All systems should be linked to the common system to ensure that proper names, addresses, etc., are used consistently by all business units.


    Any changes to the counterparty’s name, address, etc., should be entered into the system only by the contract administration department.


    Approved counterparties should be communicated to involved clearinghouses and banks.


    Each new contract should be assigned an owner; the status of the contract should be maintained in a tracking system.


    For enabling agreements, industry-standard master agreements (ISDAs, GISBs, etc.) should be used when possible. For other contracts, the company should use its general terms and conditions or long-form confirmation as approved by the legal department.



Table of Contents
    Net-out, set-off, and margining provisions should be detailed in the contract.


    Any significant change to the contract should be communicated to all appropriate parties.


    Once completed, the contract should be routed through an approval process based on level of authorization. Contract management should facilitate the approval process and ensure that all signatures are obtained and filed.


    Contracts should require the signature of both counterparties to be legally executed.


    Once executed, the original contract should be stored offsite in a locked, fireproof environment.


    To effectively monitor the contracts, contract determinants should be written and stored in a database for quick reference and sorting.


    A contract number should be linked to each deal in the trading system; this allows cross-referencing of deals with their respective contracts.


    Contract management should sort and screen contracts to identify those that may be close to expiration or be approaching other contract limits; if one is found, personnel should notify the front office.


    Each quarter, contract management should verify that all deals in the trading system have valid counterparties and contracts.


    Each year, contract management should update the status of all counterparties and contracts that are no longer active in the system.


Key Reports




    List of approved counterparties.


    Contract summary report.


1.3    Risk Management


1.3.1    Daily Risk Monitoring


Process Overview


Each day the middle office ensures that positions are captured accurately and risks monitored. This process begins with a review of the daily risk reports to assess the activity from the previous trading day, continues throughout the day with monitoring positions, and concludes with a daily close-of-business lockdown to close system activity and prepare the risk reports for processing.




    Ensure that positions are captured accurately and market risk can be continuously monitored.


    Support the best practice of segregation of duties and risk control.


Best Practices and Controls


    Each morning, the middle office should verify that all overnight risk reports were generated and review the reports for completeness, outliers, and limit violations. (Companies often start the calculation and report generation process the evening before.)


    Limit violations should be communicated to the head of trading and the CRO.


    The middle office must ensure that actions are taken to become compliant with defined limits.



Table of Contents
    Throughout the day, the system should maintain real-time positions by commodity, pricing point, and time period.


    Positions should be recorded in trading books and aggregated at the business unit and corporate levels.


    Limit exposures should be monitored in real time as trading activity and curves are updated in the system.


    Limit violation notifications should be sent to management throughout the day.


    At the close of each day’s business, the middle office should perform a lockdown, validating the updated curves and trades, “locking down” the system, and rolling the system date forward. The middle office should then initiate the close-of-business risk report run (including positions, MTM, P&L, and VaR).


Key Reports


    Position reports.


    P&L reports.


    Limit compliance reports.


    MTM reports.


    VaR reports.


1.3.2    Price Curve Validation


Price curves are the primary driver of portfolio valuation, and it is essential to ensure the accuracy of the prices. As such, price curve validation is a key control performed by the middle office, which should independently obtain market prices and verify the accuracy of the forward curves for both market and non-market years.




    Value transactions of the business using current market data and/or models.


    Ensure that forward price curves are reasonable and reflect reality.


    Ensure that curves are developed using sound methods approved by the middle office.


Best Practices and Controls


    The middle office should validate each forward curve daily.


    Curve validation should include reviewing curves for outliers.


    Validation is always performed by the middle office in both market and non-market years.


    Although the front office may be involved in the validation process, authority for validation rests with the middle office.


    If the front and middle offices disagree on the price curve, it should be marked to the price chosen by the middle office and later submitted for resolution by the CRO or his or her assignee, with input from commercial management.


    For market years, inputs include broker quotes and transaction prices, along with models for extrapolation and interpolation.


    For non-market years, the primary inputs are models, which should undergo rigorous testing and assumption review.



Table of Contents

Key Reports


    Price discovery reports (broker quotes, electronic trading platforms, data feeds).


    Price curve validation reports.


    Model testing and validation reports.


    Model user and technical documentation.


1.3.3    Risk Control and Analysis


Process Overview


The risk control and analysis process consists of verifying the MTM valuation, calculating daily P&L, reconciling the P&L, calculating risk measures such as VaR, EaR, and CFaR, performing sensitivity analysis, performing stress testing, analyzing liquidity risk, and calculating any other risk metrics.




    Standardize the types of risk measures and their method of calculation in a way that corresponds to industry best practices.


    Ensure that transactions are valued appropriately.


    Gain an understanding of where risks concentrations lie in the portfolio.


    Quantify the risks in the portfolio.


    Evaluate the profitability of an activity.


    Analyze the potential impact of changes in the market on the portfolio.


    Assess the return on the portfolio based on the amount of risk taken.


Best Practices and Controls


1)    Marking Transactions to Market


    For risk management purposes, physical and derivatives positions should be marked to market on at least a daily basis.5


    Marking to market is the only valuation that correctly reflects the current value of derivatives cash flows to be managed and provides information about market risk and appropriate hedging actions.6


    Daily change in MTM should be adequately documented and explained by new deals, changes in reserves, roll-off of old deals, or changes in the “Greek” risk exposure measurements.


    MTM should be calculated on both a nominal and a PV basis.


    Prices and rates used for reevaluation should be taken from independent sources. Where in-house prices are used, independent review procedures using third-party data sources should be in place, including independent models.


5   The Group of 30—Recommended Best Practices for Risk Management, July 1993
6   Ibid.



Table of Contents

2)    Developing Market Valuation Methodology


    Physical and derivatives portfolios of energy providers should be valued based on appropriate bid or offer levels.


    Mid-market valuation adjustments should allow for expected future costs such as unearned credit spread, closeout costs, investing and funding costs, and administrative costs.


    Futures, swaps, forwards, and physical assets should be valued against the appropriate market-based curves.


    Single-variable options should be valued against market price and volatility curves.


    Dual-variable options should be valued against market price, volatility, and correlation curves between two variables.


    Reserves should be taken in accordance with approved accounting policies.


3)    Calculating Profit and Loss


    Components of revenue should be measured regularly and in sufficient detail to understand the sources of risk.7


    P&L should be calculated daily.


    P&L calculations should include cumulative month-to-date and year-to-date results.


4)    Measuring Market Risk


    A consistent measure should be used daily to calculate the market risk of derivatives positions and compare it with market risk limits.8


    Market risk is best measured as value at risk using probability analysis.


    Transactions (e.g., OTC options, assets, and contracts) containing embedded option exposures or dynamic risks should be measured using individual “Greek” risk exposure measurements including absolute price or rate change (delta), convexity (gamma), volatility (vega), time decay (theta), basis or correlation, and discount rate (rho).9


    Parameters for calculating VaR and other risk metrics (e.g., EaR and DEaR), issuing limits, and back-testing the methodology within each business unit should comply with guidelines established by the ROC.


    A standard set of time buckets should be used to represent common market granularity.


    To better understand the inherent risks in specific portfolios, risk metrics such as VaR, CFaR and EaR should be calculated using varying horizons and methods that are appropriate to measure and analyze the risk.


    Simulations that forecast how a portfolio would perform under stress conditions should be performed regularly.


    The middle office should report risk exposure on a daily basis at the transaction, portfolio, business unit, and corporate levels.


    Liquidity risk should be managed through VaR, CFaR, notional limits, and accounting reserves.


    No single position should exceed a given percentage of the VaR without approval of the ROC.


7   The Group of 30—Recommended Best Practices for Risk Management, July 1993
8   Ibid
9   Ibid



Table of Contents

Key Reports


    Position reports.


    P&L reports.


    Limit compliance reports.


    MTM reports.


    Greek exposure reports.


    VaR reports.


1.3.4    Credit10


Process Overview


The credit process can be broken into establishing credit and limits and monitoring exposure. Before accepting a new counterparty, the credit department must analyze the party’s profile and set a limit on the amount of activity the company is willing to transact with that counterparty, based on risk tolerances. Once the limit is established, the department should monitor credit exposure throughout the day. If the credit exposure amount exceeds the counterparty credit limit, the credit department should verify the limit violation and then notify credit management and front-office senior management so that a corrective action can be sought. In addition to monitoring exposure and limits, the credit department should calculate and analyze various credit risk metrics to better understand the current and potential risks in the portfolio.




    Establish credit tolerances for the company.


    Evaluate all counterparties that do business with the company and establish appropriate limits for each.


    Quantify the credit risks of the portfolio.


    Protect the company against credit risk for counterparties with bad credit ratings, poor payment history, or risk of insolvency.


    Maintain credit exposures within acceptable parameters.


    Analyze the potential portfolio impact of changes to a counterparty.


    Provide the means to react to changing market and counterparty conditions.


    Provide a sound internal control environment, with separation of duties between the front-office creation of a deal and the verification of the counterparty by the credit department.


    Integrate credit risk management for the energy trading and marketing function with the enterprise-wide credit function.


Best Practices and Controls


    A corporate-wide credit policy should be established and approved by the ROC. This policy should provide guidance on risk tolerance. It should include processes for establishing and approving limits, methods for ensuring that contracts have adequate credit protection, and procedures for monitoring exposure, maintaining collateral, and obtaining exceptions.


    Ratings should be established for all counterparties, and appropriate limits (including concentration limits) should be set.


10   See the Credit Risk Management White Paper for a full description of credit best practices.



Table of Contents
    Acceptable collateral should be negotiated up front and maintained throughout the duration of the contract.


    Before deal execution, contract terms should be reviewed and approved by corporate risk management to ensure that the credit risk can be managed adequately.


    Master netting agreements (including margining provisions) and multilateral clearing platforms should be used when possible to minimize credit exposure.


    Credit exposure by counterparty should be calculated and reported at least once a day. This should include A/R, A/P, unbilled revenues, and MTM gains and losses on all positions.


    New trades should be monitored throughout the day to ensure compliance with limits.


    Credit limit violations should be reported immediately to the CRO and the front office.


    At least twice a year, periodic reviews of limits should be performed to assess whether changes should be made.


    News articles, bankruptcy filings, legal actions, etc., should be monitored on a daily basis for all established counterparties.


    Appropriate credit reserves should be calculated and recorded monthly.


Key Reports


    Rating agency reports.


    P&L reports.


    MTM reports.


    A/R aging reports.


    Credit limit compliance reports.


    Credit VaR reports.


1.4    Settlements and Accounting Close


1.4.1    Actualization


Process Overview


Actualization is the process of truing up any volumetric or pricing estimates to the actual amount before invoicing the customer. Invoice items are also confirmed with the counterparty as part of a monthly invoice checkout process. Any discrepancies should be brought to the attention of the appropriate front-office personnel for timely resolution. This process should be performed independently of deal execution and logistics.




    Ensure that the physical estimated volumes, as recorded in the system, are adjusted for the actual volumes provided by third-party statements.


    Load settlement prices into the system.


    Resolve any discrepancies between the counterparties regarding actual volumes and prices to be invoiced.


    Record resolutions.


    Track causes of variances by counterparty, location, and transport contract.


    Communicate variances, resolutions, and trends to appropriate personnel for active management.



Table of Contents

Best Practices and Controls


    The back office should reconcile scheduled volumes with actual volumes flowed via third-party statements and should update the system as necessary.


    The system should have the ability to retain the scheduled and actual volumes as a trail.


    Price feeds should be linked to the system to update index prices when published.


    To confirm that the current month’s activity is accurately captured on the invoice, the counterparty should be contacted as part of the monthly invoice checkout process.


    Any discrepancies identified during the monthly invoice checkout process should be documented in an issue database and assigned to an individual for resolution. This individual should contact the appropriate internal and external groups to receive information supporting a resolution of the discrepancy. From this information, the individual should determine the resolution of the discrepancy, gain agreement from the counterparty, and, if required, post a system adjustment that reflects the resolution. The issue database should then be cleared of the discrepancy.


    Checkout procedures should be documented for reference.


    An issue database should be used to track patterns of discrepancies, as sorted by counterparty, location, transport contract, or dealmaker, with the patterns being communicated to appropriate personnel for active management.


    Settlement statements should be netted where possible, aggregating purchases and sales by counterparty.


    Intercompany transactions should be confirmed and net amounts captured in financial records.


Key Reports


    Third-party statements.


    Nomination versus actual reports.


    Monthly checkout results.


    Issues database reports.


1.4.2    Settlements


Process Overview


The settlement process performed by the back office includes verification of information between the parties in a transaction and the procedures used to account for transactions; the back office also initiates billings and payments. These functions should be performed independently of the trading, trade processing, and reconciliation functions.




    Ensure that cash and security movements are properly authorized and executed.


Best Practices and Controls


    Standard settlement and delivery instructions should be established for all counterparties. This includes setting up proper controls for establishing and authorizing instructions, for changing previously approved instructions, for structured transactions, and for non-standard deals.


    Telephone conversations regarding settlement issues should be recorded.


    When warranted, automated settlement balances should be validated through third-party verifications.



Table of Contents
    Variances in settlement statements should be investigated and resolved with counterparties in a timely manner.


    Billings should be prepared and sent to customers as required by settlement agreements.


    The back office should maintain a list of counterparties that are required to prepay before physical delivery, based on information provided by the credit department.


    The back office should monitor receipts and payments of balances due and immediately notify appropriate credit management personnel, trading personnel, and/or originators responsible for executing the transaction of material past-due payments or underpayments.


    A payment issue resolution process should be approved and documented.


    Approved authorized limits for payments prior to disbursement should be defined and documented.


    The settlement and disbursement functions should be independent of each other and of the trade processing function.


    All payments should be made on a timely basis in accordance with contractual agreements.


    Payment values should be automatically calculated based on trade data entered into a designated transaction management system.


    The back office is responsible for ensuring that payment requests are properly submitted to the accounts payable department for payment.


    The treasury department should transfer the funds to the proper counterparty, based on the time frame for payment and payment instructions specified on the request.


    Access to the payment system should be secured and restricted.


Key Reports


    Settlement statements.


    Delivery instructions.


1.4.3    Reconciliation


Process Overview


Preparing reconciliations is a key control over the completeness and accuracy of the information in the trade, payment, billing, and general accounting systems. To establish the proper segregation of duties and maintain a sound control infrastructure, a group independent of deal making must perform this process.




Ensure that a company’s systems and databases are internally balanced and validate that internal records are consistent with those of external parties.


Best Practices and Controls


    Reconciliations should be automated where possible.


    Systems supporting the front, middle, and back offices, if different, should be reconciled daily. The following are examples of typical reconciliations:


    Trade blotter and trade capture system.



Table of Contents
    Trade capture systems and risk management system (if different).


    Trade capture and billing/ general ledger (GL).


    External party information should be reconciled with internal data on a regular basis.


    A formal, documented process should set out how reconciling items are investigated, explained, and resolved.


    All reconciliations should be reported to appropriate management and should carry evidence that management has reviewed them.


    In order to validate P&L figures derived from valuations, reconciliations should be completed between front-office expectations and back office results. These should include:


    Documentation of the reason for the discrepancy, the P&L impact, and the final resolution.


    Reporting of material discrepancies to senior management.


    Controls adequate to prohibit the front office from reevaluations made to correct the discrepancies.


    A monthly reconciliation of the A/R and A/P sub-ledgers and GL should be performed to ensure that the balances tie and are appropriate, based on invoices received and payments made.


Key Reports


    Reconciliation reports.


    P&L reports.


1.4.4    Compliance with Accounting and Disclosure Requirements11


Process Overview


It is the responsibility of the back office to ensure that the proper accounting treatment for transactions is performed. The back office should work in conjunction with the front office, the middle office, and various support functions to obtain the appropriate information required to book transactions correctly. Financial reporting should work with corporate risk management, the middle office, and the back office to ensure that the information necessary to meet disclosure requirements, as defined by various regulatory agencies (e.g., SEC, FASB, FERC), is reported accurately and in a timely manner.




    Ensure that appropriate entries are booked in accordance with current accounting regulations.


    Provide necessary disclosures, as defined by various regulatory agencies.


Best Practices and Controls


    Proper accounting rules and regulations should be followed (FAS 133, EITF 98-10, EITF 02-03, etc.).


    Adhere to disclosure requirements, as defined by various regulatory agencies.


    Accounting entries should be booked on a timely basis.


    Analysis and calculations should be documented and retained as an audit trial.


11   See the Risk Management Disclosures White Paper



Table of Contents
    Appropriate audit procedures should be performed by both internal and external auditors at least once a year.


    Changes in accounting methods, measurement techniques, and estimates should be properly disclosed.


Key Reports


    Periodic financial statements.


    SEC reports (10K and 10Qs).


    FERC Forms 1 and 2.


1.5    Reporting


1.5.1    Risk Reporting


Process Overview


Risk reports help management monitor, understand, and make decisions regarding market, credit, and operational risks. Reports are generated and distributed daily by the middle office.




    Report all risks and positions associated with all trades, assets, and origination deals.


    Ensure consistency of source data.


    Ensure that corporate and business units use similar measures and methodologies.


    Monitor, understand, and facilitate decisions regarding market risks.


Best Practices and Controls


    Risk reports should be available in real time in the risk management system.


    Daily risk reports should be initiated as soon as possible after market close. Other risk analysis reports (stress-test scenario analysis, risk return metrics, etc.) should be generated as needed.


    Risk reports should be distributed at the beginning of the next business day.


    All reports should be system-generated and presented via an employee portal.


    Risk reports should include all risks and positions associated with trades, assets, contracts, and origination deals and should be reviewed and validated by the middle office.


    The middle office should rely on the system to create error logs for missing data and to check for statistical outliers.


    The process should allow for drill-down capability to the transaction level and for the ability to document comments.


    The system should be capable of displaying graphs and trends and should allow for access to historical and market data.


    Positions should be reported by commodity, region, book, and tenor and aggregated to the corporate level.


    MTM reports should be presented by commodity, region, and book.



Table of Contents
    P&L reports should consist of the following:


    Unrealized P&L is the MTM of all forward positions (market, operational, and credit risks remain).


    Realized P&L reflects contracts where commodity has flowed and volumes and prices are known (credit risk remains).


    Finalized P&L reflects all deals where cash has been received (no risk remains).


    VaR should be reported daily.


    Limits (market and credit) should be reported daily along with exposure.


    Monthly reports should include:


    Margin reports with confidence intervals.


    Risk/return measures.


    Stress-test results.


    Hedging guideline results.


    Limit violations.


    Accounting reserves.


Key Reports


    Position reports.


    P&L reports.


    Limit compliance reports.


    MTM reports.


    Greek exposure reports.


    VaR, EaR and CFaR reports.


1.5.2    Internal Financial Reporting


Process Overview


The back office should produce an individual balance sheet, income statement, and cash flow statement (financial reports) on a monthly basis.




    Report all financial results of the company.


    Ensure consistency of data.


Best Practices and Controls


    Each month, the back office should produce an individual balance sheet, income statement, and cash flow statement (financial reports) automatically from the accounting system.


    Intercompany activity should be automatically eliminated.


    Graphs and ratios should be compared from one period to the next to depict progress; significant variances from one period to the next should be explained and documented in the system.



Table of Contents
    All historical information should be retained.


    The middle or back office should produce reports of financial results.


Key Reports


    Balance sheet.


    Income statement.


    Cash flow statement.


    P&L explanation reports.


2.0    Energy Trading Systems


Process Overview


One of the key components of a sound energy trading and marketing infrastructure is a risk management system. This system should be used to capture deal terms, document and manage physical scheduling, value transactions, document approvals and validations, and calculate risk and return metrics. The actual system used may vary by company because of differences in business objectives and the markets in which a company makes transactions.




Ensure that the information systems used to support trading and risk management operations have the capability, security, and data integrity to properly serve the business.


Best Practices and Controls


    Employee access to the system should be limited, and security should be established by location, application, function and data.


    Security clearances should be approved by direct supervision.


    Formal procedures should be established whereby a single system owner, independent of the front office, sets up counterparties, commodities, products, books, and locations.


    Reference data (names, curves, models, limits, etc.) should be reviewed periodically as appropriate (at least annually) to verify accuracy and should be linked to or coded into the system to minimize human error.


    The risk systems should be able to capture all energy transactions or positions, disaggregate risks by component parts, capture forward curves, capture volatilities and correlations, calculate MTM and P&L, value optionality in the portfolio, set user security by book of business and functionality, and contain a detailed audit trail/change log by user ID.


    Controls should be established to ensure that changes to prices, volumes, and other deal terms are not changed without proper authorization once captured. Alternatively, if these terms are changed, the system should alert the middle office that a confirmation is needed.


    All mission-critical systems should have 24-hour availability and should be backed up systematically once a day at a minimum.


    Hard copies should be retained for all transaction data not stored electronically.


    All data storage (electronic and hard copy) should be kept offsite in a secure location.


    Complete business continuity plans should be maintained and tested and should include a site at which to continue operations if events prevent access to the trading floor.



Table of Contents

3.0    Inventory of Processes


Figure 3 delineates the processes and subprocesses across a deal flow for a typical energy trading and marketing company.


Figure 3. Deal Flow Processes and Subprocesses


Deal Execution


Deal Validation


Risk Management


Settlements & Accounting




Support Services

New Product Development    Validate Deal    Daily Risk Monitoring    Actualization    Reporting Guidelines    Legal Services

•    Determine Commodity Offerings

•    Perform Market Selection

•    Develop Product Design


Trading, Contracts and Asset Management

•    Aggregate Positions

•    Develop Strategies

•    Negotiate Standard Deal


Origination, Structuring, and Pricing

•    Develop Deal Structure and Decompose Risks

•    Assemble Deal Components and Value

•    Originate Complex Deal


Pricing Curve Development

•    Conduct Price Discovery

•    Develop Forward Prices


Deal Entry

•    Record Deal Terms



•    Schedule Product

•    Manage Imbalances

•    Optimize Transportation


Deal Management

•    Manage Position

•    Manage Terms of Deal

•    Measure Deal


•    Validate Deal Structure, Valuation, and Approval

•    Validate Deal Entry

•    Reconcile Brokered Transactions



•    Generate Confirmation

•    Monitor Confirmation


Contract Management

•    Set up Counterparties

•    Contract Administration

•    Monitor Compliance


•    Review Beginning-of-Day Reports

•    Monitor Intra-day Positions

•    Perform End-of-Day Lockdown


Price Curve Validation

•    Approve Curve Methodology

•    Verify Prices for Market Years

•    Validate Curves for Non-Market Years


Risk Control & Analysis

•    Verify Mark to Market (MTM)

•    Calculate Profit & Loss (P&L)

•    Reconcile P&L

•    Calculate Value at Risk (VaR)/Daily Earnings at Risk (DEaR)

•    Perform Sensitivity Analysis (Greeks)

•    Perform Stress Testing and Scenario Testing Analysis

•    Analyze Liquidity Risk

•    Measure Risk/Return Metrics



•    Evaluate Credit and Establish Limits

•    Monitor Credit Exposure

•    Manage Contracts

•    Manage Collateral


•    Actualize Deal Terms

•    Resolve Discrepancies

•    Net out Amounts



•    Margin Settlement

•    Premium Settlement

•    Financial Settlement

•    Prepare Company Invoice

•    Verify Customer Invoice


Compliance with Accounting and Disclosure Requirements

•    Verify Transaction Type

•    Determine Hedge Effectiveness

•    Book Accounting Entry



•    Reconcile General Ledger P&L

•    Reconcile Cash Receipts/Payments


Accounts Receivable (A/R) & Accounts Payable (A/P)

•    Update Subledger

•    Apply Cash

•    Distribute Cash

•    Resolve Discrepancies


Month-end Close

•    Develop Accruals

•    Update General Ledger

•    Reconcile General Ledger Accounts


•    Establish Timeliness of Reports

•    Automate Reporting

•    Ensure Accuracy of Reports

•    Create Format for Reports


Daily Risk Reporting

•    Prepare Position Reports

•    Prepare Mark-to-Market (MTM) Reports

•    Prepare P&L Reports

•    Prepare DEaR Reports

•    Prepare Limit Compliance Reports


Monthly Reporting

•    Develop Risk Reports

•    Create Financial Reports


Board Reporting


•    Support Contract Development

•    Resolve Conflicts


Internal Audit

•    Conduct internal audits to ensure compliance


Information Technology

•    Ensure Proper Data Management

•    Ensure Data Security



•    Develop Interest Rate Curves

•    Manage FX Exposure

•    Manage Cash



•    Determine Tax Effect of Transactions



•    Define Roles and Responsibilities

•    Create Policies and Procedures

•    Modeling Guidelines



    Governance and System Infrastructure    


System Infrastructure Maintenance

•    Employee Setup and Security

•    Reference Data Maintenance

•    Data Backup and Security



Table of Contents



A company’s corporate ethics and risk policy documents are the primary governing documents for its energy trading and marketing activities. The business unit may create and maintain individual policies specific to the company’s business and markets, but these must conform to the corporate policies. Such policies should include (but are not limited to) a prohibition of trade on personal accounts; disciplinary action in the event of a violation; delegation of authority; hedging guidelines; authorized traders, commodities and products; and core risk measures. All policies should be approved by the ROC, and the corporate risk policy should be approved by the board (see section I for more detail). All personnel engaged in trading and marketing activities should review the policies and sign an acknowledgement statement at least once a year.


In addition to setting up the processes and standards for the company, a risk policy also defines the authority of the personnel involved in the process. The following are general principles for designating authority in the organization (according to the recommendation of the Group of 30):


    Management of energy providers and end users should designate who is authorized to commit their institutions to derivatives transactions.


    Authority may be delegated to certain individuals or to persons holding certain positions within the organization.


    Management may choose to limit authority to certain types of transactions—for example, to certain maturities, amounts, or types of underlying risks.


    Communication and information are essential to this process.


1.0    Risk Policy


The following is an outline of the contents of a typical policy and procedures manual for an energy trading and marketing company. Companies with operations other than trading and marketing may have broader risk management issues that are addressed in their risk policy; accordingly, the various roles and responsibilities of specific functions may be broader than those risk management issues solely focused on trading operations. The policy should provide guidelines for the establishment of supplementary policies and operational procedures at each business unit. Depending on the corporate structure, a company can have risk policy and procedures that are enterprise-wide, as well as risk policies for each subsidiary or business unit. A typical risk policy may include the following elements:


1.    Policy Introduction


    Purpose of policies.


    Scope of policy.


    Policy establishment, authority, approval, and revision.


2.    Oversight Responsibilities and Organizational Structure




    Organizational structure and reporting relationships.


    Board of directors.


    Purpose of board of directors’ committee.


    Board of directors’ committee responsibilities.



Table of Contents
    Risk oversight committee (ROC).


    Purpose of the ROC.


    ROC membership.


    ROC governance and meeting frequency.


    ROC responsibilities.


    Audit committee.


    Front office.


    Front-office policies.


    Front-office responsibilities.


    Middle office.


    Middle-office policies.


    Middle-office responsibilities.


    Back office.


    Back-office policies.


    Back-office responsibilities.




    Tax department responsibilities.


    Legal department responsibilities.


    Internal audit department responsibilities.


    Operating company responsibilities.


    System technology.


3.    General Policy Statement


    Business objectives and strategies.


    Identified risks.


    Risk controls:


    Segregation of duties and responsibilities.


    Independent oversight and monitoring.


    Risk limit structures.


    Trading products and approval.


4.    Market Risk Management


    Market risk identification.


    Risk measurement.


    Risk limits, monitoring, and compliance.


    Valuation and model approval.


    Risk reporting.



Table of Contents

5.    Credit Risk Management


    Credit risk identification.


    Credit risk measurement.


    Credit risk limits, monitoring, and compliance.


    Credit risk reporting.


6.    Non-Commodity Risk Management


    Non-commodity risk identification.


    Non-commodity risk measurement and monitoring.




2.0    Risk Control Operational Procedures


The operational procedures provide guidelines and operation steps that each business unit should follow in conducting its operation. The policies and procedures should be designed according to the overall principles outlined in the risk policy and tailored to the roles and responsibilities of each business area. The following is a list of typical operational procedures.


1.    Front-Office Processes


    Business development.


    Trading, marketing, and origination.






    Deal entry.




    Deal management.


2.    Portfolio Design and Management


    Position tracking process.


    Book structure.


    Valuation methodologies.


    Sources of market price information.


    Risk management instrument types.


    Forward contracts.


    Futures contracts.







Table of Contents

3.    Middle Office Processes


    Deal validation.




    Contract administration.


    Risk reporting.


    Risk analytics.


    MTM and valuation adjustments.




    Greek framework.


    Stress testing.


    Other risk measures.


4.    Personnel Policies and Other Responsibilities




    Background checks.


    New-hire orientation.


    New employee/contractor checklist.


    Designated employees.


    Authorized transactions and exceptions.


    Trading for own account.


    Conflict of interest.


    Credit policy.


    Concealment of trades.


    Disclosure of confidential information.


    Duty to report violations.


    Disciplinary action.


    Compliance program.


    Business ethics policy.


    Securities trading policy.


5.    Limit Structure




    Hedging and trading strategies.











Table of Contents


    Delegation of authority.






    Transaction exposure.




6.    Process to authorize exceptions.


    Limit violations.


    Authorized products.


    New product approval.


7.    Credit Risk Policy, Controls, and Limits




    Credit risk management process.


    Establishing credit.


    Authorizing a counterparty.


    Establishing credit limits.


    Establishing counterparty ratings.


    Establishing counterparty collateral.


    Approval process.


    Increasing a counterparty’s credit limit.


    Measuring credit risk exposure.


    Role in use of credit derivatives.


    Use of the credit reserve.


    Credit risk reporting.




    Exceptions to credit risk limits.


    Credit limit review process by credit management.


    Credit availability review process by designated employees.


    Consequences for policy violations.


    Credit risk mitigating actions.


    Credit risk assessment.


    Credit VaR.


    Credit concentrations.


    Maintenance of counterparty credit files (frequency of updates and sources).



Table of Contents

7.    Accounting Standards, Hedging Effectiveness, and FAS 133 Compliance


    Accounting standards.


    Purpose of FAS 133.


    Hedged items—nature of the risks being hedged, hedging instruments, and specific strategies.


    Summary of hedging strategies.


    Hedging strategy documentation.