Corporate Governance and Treasury | Embrace the Corporate Treasury Policy

| 18-02-2020 | François de Witte | treasuryXL |


Corporate Governance

Corporate Governance is a mechanism through which boards and directors can direct, monitor and supervise the conduct and operation of the corporation and its management in a way that ensures appropriate levels of authority, accountability, stewardship, leadership, direction and control.

The ultimate responsibility for Treasury management within an organization lies with the board of directors. Due to the practicalities and technical aspects involved in corporate treasury, the board typically delegates the daily management of risk to responsible individuals in each department. In the case of financial risks, many of these are delegated to the treasurer.

Whilst, due to its specific activities, the corporate treasurer needs to take a lot of actions and decisions independently, it is important that he does this within a framework and Governance. Quite a lot of corporates have formalized this in a “Corporate Treasury Policy”.

Corporate Treasury Policy

The Corporate Treasury Policy is the mechanisms by which the board, or risk management committee (RMC), can delegate financial decisions in a controlled manner. This document should be a summary of all the principles approved by the Board or the Financial Committee of the Board as a mandate of the Board to the treasurer (the Treasury Mandate).

The Corporate Treasury Policy is a framework document, which covers the following areas:

Organization of the Treasury Function

In most of the companies, the Corporate Treasury Reports to the CFO. The CFO is usually himself a Member of the Executive Committee, which itself reports directly to the Board of Directors. (Treasurer – CFO – Treasury Committee – Audit Committee – Board):

A policy should set out clearly which decisions are delegated to the treasurer and when the treasurer should refer a decision back to the board or other person within the organization. Within several corporate, the Board of Directors have delegated the decision process to dedicated committee, like the Risk Committee, and the Liquidity and Funding Committee.

Treasury Control Framework (including the Code of Conduct)

Procedures and controls to manage the risk should be put in place to provide an overall framework for decision-making by the treasury team.

Ideally, this should also include a code of conduct. The Corporate Treasurer should act as a Corporate Custodian. In other words, he is Protector of the company’s assets, and should act according to a strict Code of Conduct and Ethics. There exist examples of codes developed by professional organizations such as IGTA, ATEB, AFTE, ACT and ATEL.

Liquidity and funding

The board should be informed about funding possibilities to put currency, maturity, cost and equity/debt character into a wider context. The board should decide on the strategy but can delegate fund raising decisions and actions to treasury. However, I recommend that Treasury asks the final board approval for strategic decisions (e.g. major syndicated loans, bond issues, etc.).

The board should have an overall view on the liquidity risk of the company. The Board should also define the financial policy, covering the gearing and maturity issues, fixed and variable interest rate obligations, dividend policy and covenants.

Banking Relationship

Banks chosen by the treasurer must be able to meet the needs of the organization, both domestically and internationally. I recommend that the Board approves annually criteria for selecting the banks with whom it will work.

Risk Management

The Treasurer must identify the various risks to which the company is exposed, quantify the impact, and should inform the Board thereof. He should estimate the size of these exposure risks and their impact on the he overall operations and financial performance of the company, and make recommendations in these areas

The board must approve the hedging policy, the company’s foreign exchange, interest rate and commodity risk management policy and its attitude to risk. It should define which part of the risks must be hedged and the hedging horizon. I recommend that the Treasurer submits at regular intervals to the Board the list of authorized instruments, the amount per instrument and their term

Investment Policy – Counterparty Credit Risk

The board should approve the treasury’s Investment policy including the choice of instruments, the list of counterparties used + the maximum amount/counterparty & maturity. It is recommended that the Board provides guidelines and limits per instrument.

It is recommended that the Board approves the guidelines for fixing counterparty limits, and maximum exposure per counterparty.

Authorized instruments and Arrangements – Authorized Approvers

The Treasurer should make sure that the board must understands and approve the strategies and instruments used and sets guidelines for the appropriate limits for their use. These guidelines need to ensure that treasury has not sacrificed long-term flexibility or

survival for short-term gain, especially in view of the volatile financial market’s situation.

Treasury Operational Risk

The treasurer should make the Board aware of the operational risks to which the company is exposed. He should provide recommendations in this area. Furthermore, the treasurer should also submit recommendations to the board on the treasury organization and the ways to reduce the operational risks.

Monitoring

A Corporate Treasury Policy has only sense, if there is a regular follow up and control framework; Hence procedures and controls to manage the risk should be put in place to provide an overall framework for decision-making by the treasury team.

It is also important to provide to the Board a regular update on the way the treasurer complies with the policy. The policy should also be regularly reviewed.

Treasury must alert the board to external changes and internal strategic developments, which may have long-term implications for the organization and make proposals for managing them.

The policy needs also to be reviewed at regular intervals each “Policy” in function of the market and of other internal or external developments. I recommend having treasury on the Board’s agenda on a quarterly basis.

Conclusion

Treasury is not an island in the company. It is closely linked to the corporate governance. Hence it is important to define the right framework.

I recommend to corporates to put in place a treasury policy validated by the Board of Directors and reviewed regularly. It is important to update the Board at regular intervals about strategic topics, such as strategic financing topics and risk management.

The treasurer has also an important educational role, as he must be able to make complex treasury topics understandable for the board members.

Hence there must be a good interaction between the treasurer, the CFO and the Board is key, where the Treasurer is the linking pin.

 

François de Witte
Founder & Senior Consultant at FDW Consult
Managing Director and CFO at SafeTrade Holding S.A.
treasuryXL ambassador

Managing treasury risk: Operational Risk (Part VII)

| 21-3-2017 | Lionel Pavey |

 

There are lots of discussions concerning risk, but let us start by trying to define what we mean by risk. In my last article on how to manage treasury risk I will write something about operational risk. The Bank for International Settlements (BIS) defines this as “the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.  If you want to read my earlier articles on managing the different treasury risks please refer to the complete list at the end of today’s article.

 

Whilst this is the last article in this series, it is actually – potentially – the most significant risk that a company can face, as there are many different ways that a loss could occur, together with the fact that when it happens the amount lost can be very large. Even if the size of the loss could be considered small, there is always the threat of reputation risk which, once identified, is very difficult to erase from the memory.

While it is possible to insure against rogue trading for a company (the risk present in the Treasury function can be quantified and qualified) it is very rare that damage is caused by just one individual – a financial version of the lone wolf theory. Operational risks tend to be interlinked – a fraudulent payment could be initiated by human involvement (either as fraud or human error) and facilitated by weak processes together with insecure technological systems.

There are 2 main areas of operational risk within treasury for a company

  1. Internal
  2. External

There are 3 main categories of operational risk within treasury for a company:

  1. Computer System, Information Technology
  2. Theft and Fraud
  3. Unauthorised Activity

Computer System, Information Technology

A lack of robustness and deficiencies in the technology and systems contribute to circumstances for failures, errors, data losses, corruption and fraud. Internally considerable care and attention should be given to the protocol for Static Data. This encompasses all the relevant reference data for a counterparty and should be subject to at least an input and verification procedure before entering the computer system. Changes to Static Data have to be recorded, together with the proper paper trail and authorization matrix. Externally the risks relate mainly to illegal entry (hacking), together with the complete theft of data.

Theft and Fraud

Both internally and externally main areas include:

  • Theft – both physical and electronic
  • Extortion
  • Embezzlement
  • Forgery
  • Misappropriation
  • Willful destruction
  • Bribes
  • Kickbacks
  • Insider Trading

Unauthorised Activity

From the Treasury point of view, this is an internal activity and mainly relates to 2 types of transactions – unauthorized by transaction and or type; transactions that are not captured in the system and reported. These can lead to monetary losses (though a gain is possible – at the price of an operational risk), together with loss of reputation.
The last category clearly shows where the biggest risk occurs within a company – at the human level. Generally speaking, these are caused by incompetence, lack of knowledge, misuse of power or compulsion to act caused by external factors – extortion.
It is clear therefore that whilst the electronic systems employed by a company can be a liability if not properly programmed or safeguarded, even here, most of the errors can be traced by to human intervention.

So why are the human risks so often underestimated? Naturally a company wishes to have the feeling that its staff can be trusted (within reason). After all, the company felt that the staff were the right people to employ. It is not my intention to formulate the reasoning and thinking of people who perform illegal acts. However certain areas that can be considered include how staff are treated; the demand placed on them; the rewards given; the levels of transparency and inequity within the company; a closed-off attitude (problems in one department are kept within that department and not discussed throughout the company); the role model set by owners, directors and managers; loss of personnel, reduction in morale; disinterested and unmotivated staff.

 Solutions

An effective framework of operational risk management needs to be designed and implemented within the business. This requires input and commitment from all departments within the company, meeting one agreed standard and not being shaped to every individual department’s wishes. The framework has to run and meet the requirements for all different strategies within the company.

I wish to finish with 2 examples of operational risk to illustrate how large they can be.

In 1995 the world’s second oldest merchant bank (Barings Bank) collapsed due to the actions of a rogue trader. Corruption and a lack of internal control led to a loss of GBP 827 million.

Around the same time I was employed as an international money broker working in the interbank market and travelled every day from The Hague to Amsterdam via train. As I knew the route off by heart, I read all the time – magazines, papers, books – anything. I purchased a book called “The Cuckoo’s Egg” as it seemed interesting and would pass the time away sitting on the train.
The synopsis told me that an unreconciled accounting discrepancy of just 75 cents would lead to a world of computer espionage and spies. I highly recommend reading the book to understand how a simple error can grow to show the dangers of ignoring operational risks. If you like acronyms then you will enjoy reading about the FBI, CIA, NSA and KGB – all hacked via a UNIX server at a laboratory linked to the University of California.The story is true and threatened national security.

Trust people – but do not place temptation in their way.

Lionel Pavey

 

 

Lionel Pavey

Cash Management and Treasury Specialist

 

 

More articles of this series:

Managing treasury risk: Risk management

Managing treasury risk: Interest rate risk 

Managing treasury risk: Foreign exchange risk

Managing treasury risk: Commodity Risk

Managing treasury risk: Credit Risk

Managing treasury risk: Liquidity risk

Safety of payments

| 3-1-2017 | Lionel Pavey | GT News

Fraud and cybercrime protection is of major importance for corporate treasurers. In the past year a new risk had to be added to the list: connectivity. Reports of banks being hacked and losing millions through unauthorised payments appeared more and more frequently and since protecting payment connectivity workflows was not a high priority item on the list of treasurers, it created damage in the industry.
GT News deals with the topic of how to protect payments in their article’ ‘Five tips for keeping your payments safe‘ on december 21st, 2016. We asked our expert Lionel Pavey to comment on the article and give us his own view on how to protect payments.

Safety of payments

As even medium size companies can easily have over 100,000 bank transactions per year, it is imperative for a company to ascertain the validity of all payments so that no fraudulent payments take place.

Authorisation Matrix

It is necessary to embed a clearly defined matrix within the company. This should follow a six-eye principle and be traceable within the payment system – invariably a bank payment system. The matrix should include the names of all those authorized; the amount they may authorize; the distinct legal entities they may represent etc. This data also needs to maintained and secured away from the payment centre (IT or legal department). If a new person needs to be added to the list who implements the procedure – Treasury or IT?

Types of payments

There are various workflows that will generate payments and these should be mapped and a complete process should be designed for each one – procurement system and creditors in the book keeping; financial obligations from the existing financing operations (loans, bonds etc.); tax on wages; social premiums; Value Added Tax (BTW); manual payments normally arising from expense claims and incidental purchases outside the normal procurement channel.

Validity of payments

Normal payments relating to creditors are relatively easy to follow – authorization has taken place in 2 different areas (procurement and book keeping). VAT requires data from book keeping for both debtors and creditors. Tax on wages and social premiums are normally presented just once a month either through the administration/controller channel or directly from HR. The biggest area of concern relates to manual payments.

Manual payments

These generally relate to purchases (normally one-off). The obvious question that arises is why is there a need for suppliers that are not in the existing procurement system? It is not impossible to ensure that there are preferred suppliers for all normal desires. Another source is repayments to debtors that are not balanced off against outstanding balances. If a company does not have dedicated software relating to the financing operations who, beyond the Treasury Department, can verify the amounts and dates? The area that requires the greatest vigilance relates to expense claims. Just because a line manager authorizes an expense claim does not mean that it is always compliant with company policy – this is an area where the onus should be on the controller to validate the integrity of the expense claim. Is the expense a genuine expense made in direct relationship to working for the company? An employee away on business and staying in a hotel is entitled to a meal at the expense of the company, but what is the policy towards alcohol and entertainment? Is the amount being claimed excessive and work related?

Integrity of bank systems

How secure is the bank system? When a batch is prepared for payment and an authorisation code produced, how is the code produced – what are the underlying factors that generate the code? Is it possible to alter the beneficiary’s account number after the batch has been produced? Would an alteration be seen by the system, resulting in an incorrect authorisation code? Banks generally do not provide a lot of information as to how their system generates codes.

Reconciliation

Who can extract data from the bank systems? Does this occur daily? Are all entries processed the following day in the book keeping system? What happens to items that are not immediately reconciled?

Conclusion

With regard to standard procurement, it should be easy to construct a solid working system that can be followed at all times. Manual payments are a weak link and a serious amount of time and effort has to be used in constructing a strong framework that has to be enforced and maintained at all times.

Lionel Pavey

 

 

Lionel Pavey

Cash Management and Treasury Specialist