Certified Financial Services Auditor Examination

CFSA Study Guide

Albert J. Marcella Jr., Ph.D., CFSA, COAP, CSP, CQA, CDP, CISA William J. Sampias, CFSA, CISA James K. Kincaid, CFSA

Reviewers and Contributors

The authors wish to acknowledge the Institute of Internal Auditors, the Information Systems Audit and Control Association, the National Association of Certified Financial Services Auditors, and the American Institute of Certified Public Accountants for permission to quote extensively from Standards for the Professional Practice of Internal Auditing, Statements on Auditing Standards, Control Objectives for Information and related Technology, and Codes of Professional Ethics, and other publications. The willingness of these professional bodies to permit use of these materials contributed greatly to the development of this study guide series. Additionally, the following individuals were instrumental in providing evaluation, constructive feedback and suggestions for improvement, to these professionals we are also indebted to:

Michael I. Balbirnie, Senior Vice President, First Union Corp Robert J. McNichols, Director of Internal Audit, Penn National Insurance Bruce Monahan, Vice President/Director of Internal Audit, GRE Insurance Group

Dedication
Special thanks go to our families, spouses, parents, and children, whose continuing support, love, and patience has been a source of strength and motivation. With heartfelt thanks,

AJM WJS JKK

About the Authors Albert J. Marcella, Jr. Ph.D., CFSA, COAP, CQA, CSP, CDP, CISA, is an Associate Professor of Management in the School of Business and Technology, Department of Management, at Webster University, in Saint Louis, MO. Dr. Marcella remains the president of Business Automation Consultants, an information technology and management-consulting firm. He has contributed numerous articles to audit related publications and has authored and co-authored 15 audit related texts. Dr. Marcella, holds a Ph.D. in Management with emphasis in Information Technology from Walden University in Minneapolis, a Masters of Business Administration in Finance, from The University of New Haven in Connecticut, and a Bachelor of Science degree in Business Administration with a dual major in Management Information Systems and Management from Bryant College in Rhode Island.

William J. Sampias, CFSA, CISA, has been involved in the auditing profession for the last decade with a primary emphasis on audits of information systems. Mr. Sampias has published several works in the areas of disaster contingency planning, end-user computing, fraud, effective communications, and security awareness. Mr. Sampias is currently Director of an Information Systems Audit group. He holds an MBA from the University of Illinois at Springfield.

James K. Kincaid, CFSA, has over 15 years experience conducting and managing audits to assess the effectiveness of government programs and operations. Prior to entering the government auditing field, Mr. Kincaid worked in the insurance industry. He is the co-author of several books, articles, and training courses on topics such as fraud auditing, business ethics, writing skills, and computers. In addition to auditing, Mr. Kincaid has served as an adjunct instructor at Lincoln Land Community College. He has also taught many audit training courses and spoken at several audit conferences. He holds a Master of Arts degree in English and an MBA from the University of Illinois at Springfield. .

Please contact the following to obtain additional information on obtaining copies of this Study Guide: The Institute of Internal Auditors C.S. 1616 Alpharetta GA 30009-1616 +1-877-867-4957 (toll free in the U.S. and Canada) or +1-770-442-8633 ext. 275 email: iiapubs@pbd.com online: www.theiia.org

Copyright 2000. All rights reserved. No part of this work may be used or reproduced in any manner whatsoever, including but not limited to electronic medium, without express written permission from The IIA.

CFSA Study Guide Table of Contents

Preface Special Notice Core Competencies for Financial Services Auditors Recommended Review Materials Internet Resources Preparing to Pass the CFSA Examination Core Competency Number One: Auditing Unit 1 - Audit Standards A. Institute of Internal Auditors (IIA) Standards B. Introduction to IIA Standards C. Text of the IIA Standards D. AICPA Statements on Auditing Standards Overview of SAS 65 Overview of SAS 70 E. CFSA Code of Professional Ethics Unit 2 - Internal Audit Organization A. Audit Charter B. Reporting Responsibility C. Audit Committee Unit 3 - Internal Control A. IIA Standards for Internal Control B. Summary of AICPA Standards for Internal Control C. Elements and Types of Internal Control D. Evaluation of the System of Internal Control E. Internal Control Integrated Framework (COSO) F. Control Self Assessment Unit 4 - Audit Process I. Audit Planning A. IIA Standards for Audit Planning B. AICPA Standards for Planning Audits that Involve Computers II. Audit Programs A. IIA Standards for Writing Audit Programs B. Functions of Audit Programs C. Contents of Audit Programs III. Audit Workpapers

A. IIA Standards for Workpapers B. Purposes of Workpapers C. Basic Workpaper Guidelines D. Types of Information Typically Contained in Workpapers E. The Role of Workpapers in Audit Supervision IV. Audit Evidence A. IIA Standards for Audit Evidence B. Use of Evidence to Support Audit Findings C Types of Evidence D. Unsupported Allegations E. Adequacy of Audit Evidence V. Review and Evaluation of Findings A. IIA Standards for Review and Evaluation of Findings B. Additional Guidelines for the review and Evaluation of Findings VI. Audit Reports A. IIA Standards for Audit Reports B. Additional Guidelines for Audit Reports VII. Permanent Files A. IIA Standards for Permanent Files B. Types of Information Typically Contained in Permanent Files Unit 5 - Audit Techniques I. Risk Assessment A. IIA Standards for Risk Assessment B. AICPA Standards for Audit Risk C. Overview of SAS 47 D. Overview of SAS 82 E. Types of Audit Risk F. Methodology for Evaluating Audit Risk G. Documentation of Risk Assessment II. Analytical Review A. IIA Standards for Analytical Reviews B. AICPA Procedures for Analytical Procedures C. Benefits of Analytical Reviews D. Types of Analytical Reviews III. Statistical Sampling A. AICPA Standards for Audit Sampling B. Basic Steps for Developing a Statistical Sample C. Variables Affecting Sample Size D. Variables Sampling E. Attribute Sampling IV. Flowcharting A. Flowcharting B. Narratives C Questionnaires V. Confirmations A. AICPA Standards on Confirmations

B. Common Ways Auditors Use Confirmations VI. Compliance and Substantive Testing A. Compliance Testing B. Substantive Testing Unit 6 - Information Systems Auditing A. Internal Control Development B. Input/Processing/Output Controls C. Segregation of Duties D. Separation of Processing and Development E. Reconciliation of Input to Output F. Control of Data Files G. Authorization of Transactions H. Physical and Data Security Access Controls I. End-User Computing - Including Microcomputers J. Business Risk Planning K. Audit Tools L. Automated Administrative Procedures Core Competency Number Two: Banking Industry Unit 1 Financial Statement Applications I. Assets A. Cash and Due From Banks B. Federal Funds Sold and Securities Purchased Under Resale C. Interest Bearing Accounts D. Trading Securities E. Securities Available for Resale F. Loans G. Allowance for Loan Losses H. Premises and Equipment I. Customer Acceptance (Letters of Credit) E. Intangible Assets F. Other Assets II. Liabilities and Shareholders Equity A. Deposits B. Securities Sold Under Repurchase Agreements and Federal Funds Purchased C. Other Borrowed Funds D. Long-Term Debt E. Preferred/Common Stock F. Retained Earings G. Treasury Stock III. Other Services/Operations A. Payroll/Employee Benefits B. Automated Clearing House and Wire Transfer C. Branch Operations D. Trust

E. Investment Products F. Asset/Liability Management G. Use of Derivatives H. Statement of Cash Flows IV. Money and Banking A. Role of Money and Banking B. Bond and Stock Markets C. Effect of Interest Rate Movements D. Monetary Management Theories Unit 2 Laws/Regulations and Regulatory Environment A. Overview of the Regulatory Environment B. Laws and Regulations Core Competency Number Three: Insurance Industry Unit 1 Applications/Processes A. Marketing, Sales, and Distribution B. Underwriting C. Reinsurance D. Acturial E. Claims F. Financial Reporting G. Compliance H. Investment Operations I. Risk Management J. Premium Audit H. Administration Unit 2 Laws and Regulations A. The McCarran Ferguson Act B. State Insurance Commissions C. The National Association of Insurance Commissioners (NAIC) D. The Securities and Exchange Commission E. Employment Retirement Income Security Act (ERISA) F. State Model Laws Unit 3 Products A. Life, Pension, and Annuity B. Property and Casualty Products Core Competency Number Four: Securities Industry Unit 1 Financial Markets A. Overview B. The Stock Exchanges D. Over-The-Counter Market E. Options Market Unit 2 Equities, Debt Securities, Options, New Issues A. Common Stock B. Preferred Stock

C. Warrants D. Debt Securities E. Options Unit 3 Mutual Funds A. Basic Concepts B. Income Mutual Funds C. Stock Funds D. Growth Mutual Funds E. Balanced Funds F. Specialized Funds Unit 4 Investment Trusts A. Unit Investment Trusts (UITs) B. Real Estate Investment Trusts (REITs) Unit 5- Regulations A. Securities Act of 1933 B. Securities Exchange Act of 1934 C. Investment Company Act and Advisors Act of 1940 D. National Association of Securities Dealers Rules E. Municipal Securities Rule Making Board F. Margin Lending Appendix A- Questions, Comments or Corrections Concerning the CFSA Study Guide Appendix B- Study Question Answers

10

Preface
The purpose of this Study Guide is to help you prepare to pass the Certified Financial Services Auditor (CFSA) Examination. The Guide provides a general overview of the topics that will be covered in the exam. However, it is critical that you perform additional study in areas where your experience or background dictates the need for additional review. A list of resource materials is included to provide additional resources to supplement your study. Please feel free to submit your questions, comments, or corrections concerning the Guide to the authors. The last page of the book has been designed to facilitate your notation of corrections and comments. We appreciate any feedback, as it will help us improve future editions of the Guide. Good luck on the CFSA Exam.

10

11

SPECIAL NOTICE
The IIA assumed management of the CFSA during a merger with the National Association of Financial Services Auditors (NAFSA) in June 2002. The CFSA designation was launched a few years ago by NAFSA, who offered it as a four-part examination, twice annually. The IIA is modifying the exam slightly by offering it in a one-part format, similar to other IIA specialty examinations. The CFSA demonstrates competency in financial-services audit practices and methodologies. The 150-question pilot will test candidates knowledge on financial services auditing, banking, insurance, and securities. THE IIA WILL OFFER A PILOT OF THE REVISED CERTIFIED FINANCIAL SERVICES AUDITOR (CFSA) exam on November 21, 2002 at IIA examination sites throughout the United States. This guide is intended for use as study material for the November 2002 CFSA pilot exam. For more information, visit Certifications on The IIA web site.

11

12

Core Competencies for Financial Services Auditors

The Core Competencies for Financial Services Auditors, in the fields of Audit, the Banking industry, the Insurance industry and the Securities Industry are used as a basis for construction of the Certified Financial Services Auditor's examination. The Core Competencies are included below. This Study Guide is designed around the core competencies listed in the following section. Each of the items listed below is addressed in the CFSA Study Guide. I. A.

Auditing Brokerage Financial Institutions Insurance

Auditing Audit Standards 1. IIA Standards a. Independence b. Professional Proficiency c. Scope of Work d. Performance of Audit Work e. Management of the Internal Audit Department 2. AICPA Statements on Auditing Standards (SAS's) (emphasis on #65 & #70) 3. CFSA Code of Ethics

B.

Internal Audit Organization 1. Audit Charter 2. Reporting Responsibility 3. Audit Committee

C.

Internal Control 1. 2. 3. 4. Elements and Types Evaluation of the System of Internal Control Internal Control Integrated Framework (COSO) Control Self Assessment

12

13

D.

Audit Process 1. 2. 3. 4. 5. 6. 7. 8. Audit Planning Audit Programs Audit Workpapers Audit Evidence Review and Evaluation of Findings Audit Reports Audit Workpapers Permanent Files

E.

Audit Techniques 1. 2. 3. 4. 5. 6. Risk Assessment Analytical Review Statistical Sampling Flowcharting, Narratives and Questionnaires Confirmations Compliance and Substantive Testing

F.

Information Systems Auditing (LANs, WANs, Mainframes, Microcomputers) 1. Internal Control Development 2. Input/Processing/Output Controls 3. Segregation of Duties 4. Separation of Processing and Development 5. Reconciliation of Input to Output 6. Control of Data Files 7. Authorization of Transactions 8. Physical and Data Security Access Control 9. End-User Computing - Including Microcomputers 10. Business Risk Planning 11. Audit Tools a. Computer Assisted Auditing Techniques b. Automated Administrative Processes

13

14

II. Banking Industry (Commercial Banks, Savings Banks, Credit Unions, Trust Companies, Finance Companies, Credit Card Companies, Leasing Companies, Mortgage Bankers) A. Financial Statement Application 1. Assets a. Cash and Due from Banks b. Federal Funds Sold and Securities Purchased under Resale Agreements c. Interest Bearing Accounts d. Trading Securities e. Securities Available for Sale f. Loans Held for Sale g. Loans I. Commercial II. Residential III. Consumer IV. Leases V. Credit Card VI. International h. Allowance for Loan Losses i. Premises and Equipment j. Customer Acceptances (Letters of Credit) k. Intangible Assets l. Other Real Estate Owned m. Other Assets 2. Liabilities and Shareholders Equity a. Deposits I. Non Interest Bearing II. Interest Bearing III. Savings IV. Time b. Securities Sold under Repurchase Agreements c. Federal Funds Purchased d. Other Borrowed Funds e. Long Term Debt f. Preferred/Common Stock g. Retained Earnings h. Treasury Stock

14

15

3. Other Services/Operations a. Payroll/Employee Benefits b. ACH/Wire Transfer c. Branch Operations d. Trust I. Personal II. Corporate III. Employee Benefit IV. Transfer/Registrar e. Investment Products f. Asset/Liability Management g. Use of Derivatives h. Statement of Cash Flows 4. Money & Banking a. Role of Money and Banking b. Bond and Stock Markets c. Effect of Interest Rate Movements d. Monetary Management Theories B. Laws/Regulations and Regulatory Environment 1. Overview of the Regulatory Environment a. Federal Reserve System b. Office of the Comptroller of the Currency c. FDIC d. State Regulatory Systems e. NCUA 2. Laws and Regulations Reg A - Borrowing by Depository Institutions Reg B - Equal Credit Opportunity Act Reg C - Home Mortgage Disclosure Act Reg D - Reserve Requirements Reg E - Electronic Funds Transfer Act Reg J - Collection of Checks and other Items Reg K - Edge Act Reg L - Depository Institution Man. Interlocks Act Reg M - Consumer Leasing Reg O - Loans to Executive Officers Reg P/Reg 21- Bank Protection Act Reg Q - Interest on Deposits Reg U - Credit by Banks for Purchase of Margin Stocks Reg Y - Bank Holding Company Act Reg Z - Truth in Lending (open end, closed end, credit cards, home equity, right of rescission, restitution)

15

16

Reg BB - Community Reinvestment Act Reg CC - Availability of Funds and Collection of Checks Reg DD - Truth in Savings Reg 34 - Real Estate Lending and Appraisals Bank Bribery Act Bank Secrecy Act Fair Credit Reporting Act Fair Debt Collection Practices Act Fair Housing Act Financial Institution Reform, Recovery and Enforcement Act (FIRREA) FDIC Bank Improvement Act of 1991 Foreign Corrupt Practices Act National Flood Insurance Program OFAC Real Estate Settlement Procedures Act Right to Financial Privacy Act Tax Identification Reporting (TIN Compliance) Transactions with Affiliates - FRB Sections 23 A&B Trust - 12 CFR Part 9

III. Insurance Industry A. Applications/processes 1. Marketing, Sales and Distribution 2. Underwriting 3. Reinsurance 4. Actuarial 5. Claims 6. Financial Reporting 7. Compliance 8. Investment Operations 9. Risk Management 10. Premium Audit 11. Administration Laws and Regulations 1. The McCarran Ferguson Act 2. State Insurance Commissions 3. The NAIC 4. The Securities and Exchange Commission 5. ERISA 6. State Model Laws

B.

16

17

C.

Products 1. Life, Pension and Annuity a. Individual Insurance I. Whole Life II. Term Life III. Universal Life IV. Endowments b. Group Insurance I. Life II. Accident and Health III. Accidental Death and Dismemberment IV. Disability V. Dental VI. HMO's VII. Managed Care VIII. Utilization Management IX. Preferred Provider Organizations X. Administrative Service Only c. Pensions I. Qualified Plans II. Tax Favored Individual Retirement Plans III. Qualification Rules IV. Plan Discrimination V. Savings Plans VI. Vesting VII. Fiduciaries VIII. Prohibited Transactions IX. Annuity X. Fixed Annuities XI. Variable Annuities d. Reinsurance 2. Property and Casualty Products a. Workers Compensation b. General Liability c. Automobile d. Homeowners e. Umbrella Coverage f. Financial Guarantees g. Other

17

18

IV. Securities Industry (Broker Dealers, Full Service/Discount Brokers, Investment Bankers) A. Financial Markets 1. Overview a. Brokers and Dealers b. Types of markets c. Types of orders d. New issues e. Clearing and Settlement process 2. The Stock Exchanges a. How the exchanges function b. Listing and delisting rules c. The consolidated tape d. Specific rules relating to the NYSE e. Regional stock exchanges 3. Over-The-Counter (OTC) Market a. How the OTC functions b. Listing and delisting rules c. OTC rules 4. Options markets a. How the option markets function B. Equities, Debt Securities, Options, New Issues 1. Common Stock a. Terms and definitions b. Rights of common shareholders 2. Preferred Stock a. Terms and definitions b. Preferred stock prices and features 3. Warrants a. Terms and definitions 4. Debt Securities a. Corporate debt b. U.S. Government debt c. Municipal debt d. Money market debt e. Eurodollar debt f. Effect of Interest Rates on Bond prices g. Bond ratings

18

19

5. Options a. Equity options b. Index options c. Interest Rate and Foreign Currency Options d. Options Clearing Corp rules e. Financial Listings C. Mutual Funds 1. Income Mutual Funds 2. Stock Funds 3. Growth Mutual Funds 4. Balanced Funds 5. Specialized Funds Annuities 1. Unit Investment Trusts (UIT's) a. Fixed Annuities b. Variable Annuities 2. Real Estate Investment Trusts (REIT's) E. Regulations 1. Securities and Exchange Acts of 1933/1934 2. Investment Company Act and Advisors Act of 1940 3. National Association of Securities Dealers Rules a. Registered Representative rules b. Conduct of Customer Account rules c. Trading and Market rules d. Communications with the Public 4. Municipal Securities Rule Making Board a. Registered Representative rules b. Conduct of Customer Account rules c. Trading and Market rules d. Advertising and other rules 5. Margin Lending

D.

19

20

Certified Financial Services Auditor Program Recommended Review Materials

Audit Standards for the Professional Practice of Internal Auditing Institute of Internal Auditors 247 Maitland Avenue Altamonte Springs, FL 32701-4201 Phone # (407) 937-1100 www.theiia.org/

COSO Internal Control - Integrated Framework AICPA Harborside Financial Center 201 Plaza Three Jersey City, NJ 07311-3881 (800) 862-4272

Brokerage Introduction to Brokerage Operations Department Procedures New York Institute of Finance ISBN 0-13-478975-X (212) 859-5000 Audits of Investment Companies AICPA P. O. Box 9264 Church Street Station New York, NY 10256-9264 (800) 862-4272

Financial Institutions AICPA Audit & Accounting Guide for Banks and Savings Institutions AICPA Kenneth J. Namjestnik Trust Audit Manual Bank Administration Institute Rolling Meadows, IL 60008-4097 (800) 323-8552

20

21

The Price Waterhouse Compliance Series IRWIN Professional Publishing Chicago 1996

IS Audit Control Objectives for Information and Related Technology (Cobit), 1996 Information Systems Audit and Control Association and Foundation http://www.isaca.org/cobit.htm or Systems Auditablity and Control Institute of Internal Auditors http://www.theiia.org/tech/sacrep.htm

Insurance Kenneth Huggins & Robert D. Land, Operations of Life and Health Insurance Companies 2nd Edition (LOMA - Life Management Institute, March 1996) c/o PBD, Inc. PO Box 930108 Atlanta, Georgia 31193 (770) 442-8631 Harriett E. Jones & Dani L. Long, Principles of Insurance, Life, Health & Annuities (LOMA - Life Management Institute, 1996) c/o PBD, Inc. PO Box 930108 Atlanta, Georgia 31193 (770) 442-8631 Barry D. Smith & Erica Wiening How Insurance Works 2nd Edition 1994 Insurance Institute of America 720 Providence Road Malvern, PA 19355- 0716 (800) 644-2101

21

22

Internet Resources
National Association of Financial Services Auditors (NAFSA) www.nafsa.com/ The Institute of Internal Auditors (IIA) www.theiia.org/ Information Systems Audit and Control Association (ISACA) www.isaca.org/ IT Audit Forum www.itaudit.org/ Information Infrastructure Task Force www.iitf.nist.gov/ American Institute of Certified Public Accountants (AICPA) www.aicpa.org/index.htm Association of Certified Fraud Auditors www.cfenet.com Auditnet www.auditnet.org Federal Reserve System www.federalreserve.gov/general.htm Office of the Comptroller of the Currency www.occ.treas.gov Federal Deposit Insurance Corporation www.fdic.gov Code of Federal Regulations www.access.gpo.gov Bankinfo.com www.bankinfo.com

22

23

Preparing to Pass the CFSA Examination

1. Begin preparing well in advance of the test date. 2. Secure the proper study materials. A list of supplemental books and materials is provided in this study guide. 3. Find a suitable place to study. 4. Familiarize yourself with the exam site and surrounding facilities. 5. Relax and get plenty of sleep the night before the test. 6. Arrive at the exam site in plenty of time before the test begins. 7. Dress comfortably. Test Taking Tips 1. Read the entire question slowly and carefully before attempting to answer it. 2. Answer the questions in which you are certain of the answer first, then go back and spend the remainder of the available time working on the other questions. 3. Budget your time. 4. Read answer choices carefully. 5. Answer all questions. The number of correct answers determines your final score on the CFSA examination. Therefore, there is no penalty for providing a wrong answer. So guessing is better than not answering a question at all

23

24

VOLUME I AUDITING

24

25

CORE COMPETENCY NUMBER ONE: AUDITING

A general definition of auditing is the systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users. i

UNIT 1: AUDIT STANDARDS

Audit standards help define the role and responsibilities of auditors to internal and external entities. Standards establish the basic principles and guidance to assist auditors in the performance of their duties. The principles establish the framework to promote the credibility of the auditors work product. A. Institute of Internal Auditors (IIA) Standards Established in 1941, The IIA serves more than 60,000 members in internal auditing, governance and internal control, Information Technology (IT) audit, education, and security from more than 100 countries. The world's leader in certification, education, research, and technological guidance for the profession, The Institute serves as the profession's watchdog and resource on significant auditing issues around the globe. Presenting important conferences and seminars for professional development, producing leadingedge educational products, certifying qualified auditing professionals, providing quality assurance reviews and benchmarking, and conducting valuable research projects through The IIA Research Foundation are just a few of The Institute's many activities. The IIA also provides internal auditing practitioners, executive management, boards of directors and audit committees with standards, guidance, and information on internal auditing best practices. The Institute is a dynamic international organization that meets the needs of a worldwide body of internal auditors. The history of internal auditing has been synonymous with that of The IIA and its motto, "Progress Through Sharing." ii B. Introduction to IIA Standards As this study guide was being developed, the IIA standards were in the process of being modified. Since all of the Standards have not been updated, most of the information in this Unit pertains to Standards that existed prior to changes made in June 1999 and beyond. New 1999 Definition of Internal Auditing

25

26

The Professional Practices Framework (PPF) and Definition of Internal Auditing were approved by The IIA's Board of Directors in June 1999. In general, a framework provides a structural blueprint of how a body of knowledge and guidance fits together. As a coherent system, it facilitates consistent development, interpretation, and application of concepts, methodologies, and techniques useful to a discipline or profession. Specifically, the overall purpose of the PPF is to organize the full range of existing and developing practice guidance in a manner that is readily accessible on a timely basis to internal auditors. By encompassing current internal auditing practice as well as leading future expansion, the PPF is intended to assist practitioners in being responsive to the expanding market for high quality internal auditing services. The Professional Practices Framework consists of the following components: Definition of Internal Auditing: Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes The IIA is also proposing changes to other standards. An exposure draft of revision of the Code of Ethics was available for public comment from October 1, 1999 through January 15, 2000. An exposure draft of revision of the Attribute and Performance Standards was available for public comment from December 1, 1999 through February 29, 2000. Information on the new standards was taken from the IIA web site, go to: http://www.theiia.org/standard/standard.htm for more information. Introduction to IIA Standards (prior to June 1999) iii Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. To this end, internal auditing furnishes them with analyses, appraisals, recommendations, counsel, and information concerning the activities reviewed. The audit objective includes promoting effective control at reasonable cost. The members of the organization assisted by internal auditing include those in management and the board. Internal auditors owe a responsibility to both, providing them with information about the adequacy and effectiveness of the organizations system of internal control and the quality of performance. The information furnished to each may differ in format and detail, depending upon the requirements and requests of management and the board. The internal auditing department is an integral part of the organization and functions under the policies established by senior management and the board. The statement of purpose, authority, and responsibility (charter) for the internal auditing department, approved by senior management

26

27

and accepted by the board, should be consistent with these Standards for the Professional Practice of Internal Auditing. The charter should make clear the purposes of the internal auditing department, specify the unrestricted scope of its work, and declare that auditors are to have no authority or responsibility for the activities they audit. Throughout the world internal auditing is performed in diverse environments and within organizations that vary in purpose, size, and structure. In addition, the laws and customs within various countries differ from one another. These differences may affect the practice of internal auditing in each environment. The implementation of these Standards, therefore, will be governed by the environment in which the internal auditing department carries out its assigned responsibilities. Compliance with the concepts enunciated by the Standards is essential before the responsibilities of internal auditors can be met. As stated in the Code of Ethics, Members of The Institute of Internal Auditors and Certified Internal Auditors shall adopt suitable means to comply with the Standards. Independence, as used in the Standards, requires clarification. Internal auditors should be independent of the activities they audit. Such independence permits internal auditors to perform their work freely and objectively. Without independence, the desired results of internal auditing cannot be realized. In establishing the Standards, the following matters were considered: 1. Boards of directors are being held accountable for the adequacy and effectiveness of their organizations systems of internal control and quality of performance. 2. Members of management are relying upon internal auditing as a means of supplying objective analyses, appraisals, recommendations, counsel, and information on the organizations controls and performance. 3. External auditors are using the results of internal audits to complement their own work where the internal auditors have provided suitable evidence of independence and adequate, professional audit work. In the light of such matters, the purposes of the Standards are to: 1. Impart an understanding of the role and responsibilities of internal auditing to all levels of management, boards of directors, public bodies, external auditors, and related professional organizations. 2. Establish the basis for the guidance and measurement of internal auditing performance. 3. Improve the practice of internal auditing. The Standards differentiate among the varied responsibilities of the organization, the internal auditing department, the director of internal auditing, and internal auditors. 27

28

The Standards encompass: Section 100: The independence of the internal auditing department from the activities audited and the objectivity of internal auditors. Section 200: The proficiency of internal auditors and the professional care they should exercise. Section 300: The scope of internal auditing work. Section 400: The performance of internal auditing assignments. Section 500: The management of the internal auditing department. C. Text of the IIA Standards The complete text of sections 100 and 200, and parts of section 500, are printed below. Sections 300 and 400 and the remainder of section 500 are printed later in this discussion of auditing.
100 INDEPENDENCE INTERNAL AUDITORS SHOULD BE INDEPENDENT OF THE ACTIVITIES THEY AUDIT. 01. Internal auditors are independent when they can carry out their work freely and objectively. Independence permits internal auditors to render the impartial and unbiased judgments essential to the proper conduct of audits. It is achieved through organizational status and objectivity. 110 Organizational Status The organizational status of the internal auditing department should be sufficient to permit the accomplishment of its audit responsibilities. 01.Internal auditors should have the support of senior management and of the board so that they can gain the cooperation of auditees and perform their work free from interference. 1. The director of the internal auditing department should be responsible to an individual in the organization with sufficient authority to promote independence and to ensure broad audit coverage, adequate consideration of audit reports, and appropriate action on audit recommendations. 2. The director should have direct communication with the board. Regular communication with the board helps assure independence and provides a means for the board and the director to keep each other informed on matters of mutual interest. a. Direct communication occurs when the director regularly attends and participates in those meetings of the board which relate to its oversight responsibilities for auditing, financial reporting, organizational governance and control. The directors attendance at these meetings and the presentation of written and/or oral reports provides for an exchange of information concerning the plans and activities of the internal auditing department. The director of internal auditing should meet privately with the board at least annually.

28

29

3. Independence is enhanced when the board concurs in the appointment or removal of the director of the internal auditing department. 4. The purpose, authority, and responsibility of the internal auditing department should be defined in a formal written document (charter). The director should seek approval of the charter by senior management as well as acceptance by the board. The charter should (a) establish the departments position within the organization; (b) authorize access to records, personnel, and physical properties relevant to the performance of audits; and (c) define the scope of internal auditing activities.

a. The director of internal auditing should periodically assess whether the purpose,
authority, and responsibility, as defined in the charter, continue to be adequate to enable the internal auditing department to accomplish its objectives. The result of this periodic assessment should be communicated to senior management and the board.

5. The director of internal auditing should submit annually to senior management for approval
and to the board for its information a summary of the departments audit work schedule, staffing plan, and financial budget. The director should also submit all significant interim changes for approval and information. Audit work schedules, staffing plans, and financial budgets should inform senior management and the board of the scope of internal auditing work and of any limitations placed on that scope. a. The approved audit work schedule, staffing plan, and financial budget, along with all significant interim changes, should contain sufficient information to enable the board to ascertain whether the internal auditing departments objectives and plans support those of the organization and the board. This information should be communicated, preferably in writing. b. A scope limitation is a restriction placed upon the internal auditing department that precludes the department from accomplishing its objectives and plans. Among other things, a scope limitation may restrict the: Scope defined in the charter. Departments access to records, personnel, and physical properties relevant to the performance of audits. Approved audit work schedule. Performance of necessary auditing procedures. Approved staffing plan and financial budget. c. A scope limitation along with its potential effect should be communicated, preferably in writing, to the board. d. The director of internal auditing should consider whether it is appropriate to inform the board regarding scope limitations which were previously communicated to and accepted by the board. This may be necessary particularly when there have been organization, board, senior management, or other changes.

6. The director of internal auditing should submit activity reports to senior management and to
the board annually or more frequently as necessary. Activity reports should highlight significant audit findings and recommendations and should inform senior management and the board of any significant deviations from approved audit work schedules, staffing plans, and financial budgets, and the reasons for them. a. Activity reports should be communicated, preferably in writing.

29

30

b. Significant audit findings are those conditions which, in the judgment of the director of internal auditing, could adversely affect the organization. Significant audit findings may include conditions dealing with irregularities, illegal acts, errors, inefficiency, waste, ineffectiveness, conflicts of interest, and control weaknesses. After reviewing such findings with senior management, the director of internal auditing should communicate significant audit findings to the board, whether or not they have been satisfactorily resolved. c. Managements responsibility is to make decisions on the appropriate action to be taken regarding significant audit findings. Senior management may decide to assume the risk of not correcting the reported condition because of cost or other considerations. The board should be informed of senior managements decision on all significant audit findings. d. The director of internal auditing should consider whether it is appropriate to inform the board regarding previously reported, significant audit findings in those instances when senior management and the board assumed the risk of not correcting the reported condition. This may be necessary, particularly when there have been organization, board, senior management, or other changes. e. The reasons for significant deviations from approved audit work schedules, staffing plans, and financial budgets that may require explanation include: Organization and management changes. Economic conditions. Legal and regulatory requirements. Internal auditing staff changes. Management requests. Expansion or reduction of audit scope as determined by the director of internal auditing.

120 Objectivity Internal auditors should be objective in performing audits. 01. Objectivity is an independent mental attitude which internal auditors should maintain in performing audits. Internal auditors are not to subordinate their judgment on audit matters to that of others. 02. Objectivity requires internal auditors to perform audits in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Internal auditors are not to be placed in situations in which they feel unable to make objective professional judgments. 1. Staff assignments should be made so that potential and actual conflicts of interest and bias are avoided. The director should periodically obtain from the internal auditing staff information concerning potential conflicts of interest and bias. 2. Internal auditors should report to the director any situations in which a conflict of interest or bias is present or may reasonably be inferred. The director should then reassign such auditors. 3. Staff assignments of internal auditors should be rotated periodically whenever it is practicable to do so. 4. Internal auditors should not assume operating responsibilities. But if on occasion senior management directs internal auditors to perform nonaudit work, it should be understood that they are not functioning as internal auditors. Moreover, objectivity is presumed to be impaired when

30

31

internal auditors audit any activity for which they had authority or responsibility. This impairment should be considered when reporting audit results. 5. Persons transferred to or temporarily engaged by the internal auditing department should not be assigned to audit those activities they previously performed until a reasonable period of time has elapsed. Such assignments are presumed to impair objectivity and should be considered when supervising the audit work and reporting audit results.

6. The results of internal auditing work should be reviewed before the related audit report is
released to provide reasonable assurance that the work was performed objectively. 03 The internal auditors objectivity is not adversely affected when the auditor recommends standards of control for systems or reviews procedures before they are implemented. Designing, installing, and operating systems are not audit functions. Also, the drafting of procedures for systems is not an audit function. Performing such activities is presumed to impair audit objectivity.

200 PROFESSIONAL PROFICIENCY INTERNAL AUDITS SHOULD BE PERFORMED WITH PROFICIENCY AND DUE PROFESSIONAL CARE. 01. Professional proficiency is the responsibility of the director of internal auditing and each internal auditor. The director should ensure that persons assigned to each audit collectively possess the necessary knowledge, skills, and disciplines to conduct the audit properly. The Internal Auditing Department 210 Staffing The director of internal auditing should ensure that the technical proficiency and educational background of internal auditors are appropriate for the audits to be performed. 01. The director of internal auditing should establish suitable criteria of education and experience for filling internal auditing positions, giving due consideration to scope of work and level of responsibility. 02. Reasonable assurance should be obtained as to each prospective auditors qualifications and proficiency. 220 Knowledge, Skills, and Disciplines The internal auditing department should possess or should obtain the knowledge, skills, and disciplines needed to carry out its audit responsibilities. 01. The internal auditing staff should collectively possess the knowledge and skills essential to the practice of the profession within the organization. These attributes include proficiency in applying internal auditing standards, procedures, and techniques. 02. The internal auditing department should have employees or use outside service providers who are qualified in disciplines such as accounting, auditing, economics, finance, statistics, information technology, engineering, taxation, law, environmental affairs, and such other areas as needed to meet the departments audit responsibilities. Each member of the department, however, need not be qualified in all disciplines. 1. An outside service provider is a person or firm, independent of the organization, who has special knowledge, skill, and experience in a particular discipline. Outside service providers include, among others, actuaries, accountants, appraisers, environmental specialists, fraud

31

32

investigators, lawyers, engineers, geologists, security specialists, statisticians, information technology specialists, the organizations external auditors, and other auditing organizations. An outside service provider may be engaged by the board, senior management, or the director of internal auditing. 2. Outside service providers may be used by the internal auditing department in connection with, among other things: a. Auditing activities where a specialized skill and knowledge are required such as information technology, statistics, taxes, language translations, or to achieve the objectives in the audit work schedule. b. Valuations of assets such as land and buildings, works of art, precious gems, investments, and complex financial instruments. c. Determination of quantities or physical condition of certain assets such as mineral and petroleum reserves. d. Measuring the work completed and to be completed on contracts in progress. e. Fraud and security investigations. f. Determination of amounts by using specialized methods such as actuarial determinations of employee benefit obligations. g. Interpretation of legal, technical, and regulatory requirements. h. Evaluating the internal auditing departments quality assurance program in accordance with Section 560 of the Standards. i. Mergers and acquisitions. 3. When the director of internal auditing intends to use and rely on the work of an outside service provider, the director should assess the competency, independence, and objectivity of the outside service provider as it relates to the particular assignment to be performed. This assessment should also be made when the outside service provider is selected by senior management or the board, and the director intends to use and rely on the outside service providers work. When the selection is made by others and the assessment determines that the director should not use and rely on the work of an outside service provider, then the results of the assessment should be communicated to senior management or the board, as appropriate. 4. The director of internal auditing should determine that the outside service provider possesses the necessary knowledge, skills, and ability to perform the assignment. When assessing competency, the director should consider the following: a. Professional certification, license, or other recognition of the outside service providers competency in their particular discipline. b. Membership of the outside service provider in an appropriate professional organization and adherence to that organizations code of ethics. c. The reputation of the outside service provider. This may include contacting others familiar with the outside service providers work. d. The outside service providers experience in the type of work being considered.

32

33

e. The extent of education and training received by the outside service provider in disciplines that pertain to the particular assignment. f. The outside service providers knowledge and experience in the industry in which the organization operates. 5. The director of internal auditing should assess the relationship of the outside service provider to the organization and to the internal auditing department to ensure that independence and objectivity are maintained throughout the assignment. In performing the assessment, the director of internal auditing should determine that there are no financial, organizational, or personal relationships that will prevent the outside service provider from rendering impartial and unbiased judgments and opinions when performing or reporting on the assignment. 6. In assessing the independence and objectivity of the outside service provider, the director of internal auditing should consider: a. The financial interest the provider may have in the organization. b. The personal or professional affiliation the provider may have to the board, senior management, or others within the organization. c. The relationship the provider may have had with the organization or the activities being reviewed. d. The extent of other ongoing services the provider may be performing for the organization. e. Compensation or other incentives that the provider may have. 7. If the outside service provider is also the organizations external auditor and the nature of the assignment is extended audit services, the director should ascertain that work performed does not impair the external auditors independence. Extended audit services refers to those services beyond the requirements of auditing standards generally accepted by external auditors. If the organizations external auditors act or appear to act as members of senior management, management, or as employees of the organization, then their independence may be impaired. Additionally, external auditors may provide the organization with other services such as tax and consulting. Independence, however, should be assessed in relation to the full range of services provided to the organization. 8. The director of internal auditing should obtain sufficient information regarding the scope of the outside service providers work. This is necessary in order to ascertain that the scope of work is adequate for the purposes of the internal auditing department. 9. The director of internal auditing should review with the outside service provider: a. Objectives and scope of work. b. Specific matters expected to be covered in the report to be rendered, if applicable. c. Access to relevant records, personnel, and physical properties. d. Information regarding assumptions and procedures to be employed. e. Ownership and custody of audit workpapers, if applicable. f. Confidentiality and restrictions on information obtained during the assignment.

33

34

It may be preferable to have these and other matters documented in an engagement letter or contract. 10. Where the outside service provider performs internal auditing activities, the director of internal auditing should specify and ensure that the work complies with the Standards for the Professional Practice of Internal Auditing. 11. In reviewing the work of an outside service provider, the director of internal auditing should evaluate the adequacy of work performed. This evaluation should include sufficiency of information obtained to afford a reasonable basis for the conclusions reached and the resolution of significant exceptions or other unusual matters. 12. When the director of internal auditing issues an audit report, and an outside service provider was used, the director may, as appropriate, refer to such services provided. 13. The outside service provider should be informed or, if appropriate, concurrence should be obtained, prior to making such reference in the report. 230 Supervision The director of internal auditing should ensure that internal audits are properly supervised. 01. The director of internal auditing is responsible for ensuring that appropriate audit supervision is provided. Supervision is a process which begins with planning and continues throughout the examination, evaluation, report, and follow-up phases of the audit assignment. 02. Supervision includes: 1. Ensuring that the auditors assigned possess the requisite knowledge and skills. 2. Providing appropriate instructions during the planning of the audit and approving the audit program. 3. Seeing that the approved audit program is carried out unless changes are both justified and authorized. 4. Determining that audit workpapers adequately support the audit findings, conclusions, and reports. 5. Ensuring that audit reports are accurate, objective, clear, concise, constructive, and timely. 6. Ensuring that audit objectives are met. 7. Providing opportunities for developing internal auditors knowledge and skills. 03. Appropriate evidence of supervision should be documented and retained. 04. The extent of supervision required will depend on the proficiency and experience of internal auditors and the complexity of the audit assignment. Appropriately experienced internal auditors may be utilized to review the work of other internal auditors. 05. All internal auditing assignments, whether performed by or for the internal auditing department, remain the responsibility of its director. The director is responsible for all significant professional judgments made in the planning, examination, evaluation, report, and follow-up phases of the audit assignment. The director should adopt suitable means to ensure that this responsibility is met. Suitable means include policies and procedures designed to:

34

35

1. Minimize the risk that professional judgments may be made by internal auditors, or others performing work for the internal auditing department, that are inconsistent with the professional judgment of the director such that a significant adverse effect on the audit assignment could result. 2 Resolve differences in professional judgment between the director and internal auditing staff members over significant issues relating to the audit assignment. Such means may include: (a) discussion of pertinent facts; (b) further inquiry and/or research; and (c) documentation and disposition of the differing viewpoints in the audit workpapers. In instances of a difference in professional judgment over an ethical issue, suitable means may include referral of the issue to those individuals in the organization having responsibility over ethical matters. 06. Supervision extends to staff training and development, employee performance evaluation, time and expense control, and similar administrative areas.

240 Compliance with Standards of Conduct Internal auditors should comply with professional standards of conduct. 01. The Code of Ethics of The Institute of Internal Auditors sets forth standards of conduct and provides a basis for enforcement. The Code calls for high standards of honesty, objectivity, diligence, and loyalty to which internal auditors should conform. 250 Knowledge, Skills, and Disciplines Internal auditors should possess the knowledge, skills, and disciplines essential to the performance of internal audits. 01. Each internal auditor should possess certain knowledge and skills as follows: 1. Proficiency in applying internal auditing standards, procedures, and techniques is required in performing internal audits. Proficiency means the ability to apply knowledge to situations likely to be encountered and to deal with them without extensive recourse to technical research and assistance. 2. Proficiency in accounting principles and techniques is required of auditors who work extensively with financial records and reports. 3. An understanding of management principles is required to recognize and evaluate the materiality and significance of deviations from good business practice. An understanding means the ability to apply broad knowledge to situations likely to be encountered, to recognize significant deviations, and to be able to carry out the research necessary to arrive at reasonable solutions. 4. An appreciation is required of the fundamentals of such subjects as accounting, economics, commercial law, taxation, finance, quantitative methods, and information technology. An appreciation means the ability to recognize the existence of problems or potential problems and to determine the further research to be undertaken or the assistance to be obtained. 260 Human Relations and Communications Internal auditors should be skilled in dealing with people and in communicating effectively. 01. Internal auditors should understand human relations and maintain satisfactory relationships with auditees.

35

36

02. Internal auditors should be skilled in oral and written communications so that they can clearly and effectively convey such matters as audit objectives, evaluations, conclusions, and recommendations. 270 Continuing Education Internal auditors should maintain their technical competence through continuing education. 01. Internal auditors are responsible for continuing their education in order to maintain their proficiency. They should keep informed about improvements and current developments in internal auditing standards, procedures, and techniques. Continuing education may be obtained through membership and participation in professional societies; attendance at conferences, seminars, college courses, and in-house training programs; and participation in research projects. 280 Due Professional Care Internal auditors should exercise due professional care in performing internal audits. 01. Due professional care calls for the application of the care and skill expected of a reasonably prudent and competent internal auditor in the same or similar circumstances. Professional care should, therefore, be appropriate to the complexities of the audit being performed. In exercising due professional care, internal auditors should be alert to the possibility of intentional wrongdoing, errors and omissions, inefficiency, waste, ineffectiveness, and conflicts of interest. They should also be alert to those conditions and activities where irregularities are most likely to occur. In addition, they should identify inadequate controls and recommend improvements to promote compliance with acceptable procedures and practices. 1. Fraud encompasses an array of irregularities and illegal acts characterized by intentional deception. It can be perpetrated for the benefit of or to the detriment of the organization and by persons outside as well as inside the organization. 2. Fraud designed to benefit the organization generally produces such benefit by exploiting an unfair or dishonest advantage that also may deceive an outside party. Perpetrators of such frauds usually benefit indirectly, since personal benefit usually accrues when the organization is aided by the act. Some examples are: a. Sale or assignment of fictitious or misrepresented assets. b. Improper payments such as illegal political contributions, bribes, kickbacks, and payoffs to government officials, intermediaries of government officials, customers, or suppliers. c. Intentional, improper representation or valuation of transactions, assets, liabilities, or income. d. Intentional, improper transfer pricing (e.g., valuation of goods exchanged between related organizations). By purposely structuring pricing techniques improperly, management can improve the operating results of an organization involved in the transaction to the detriment of the other organization. e. Intentional, improper related-party transactions in which one party receives some benefit not obtainable in an arms-length transaction. f. Intentional failure to record or disclose significant information to improve the financial picture of the organization to outside parties. g. Prohibited business activities such as those which violate government statutes, rules, regulations, or contracts.

36

37

h. Tax fraud. 3. Fraud perpetrated to the detriment of the organization generally is for the direct or indirect benefit of an employee, outside individual, or another organization. Some examples are: a. Acceptance of bribes or kickbacks. b. Diversion to an employee or outsider of a potentially profitable transaction that would normally generate profits for the organization. c. Embezzlement, as typified by the misappropriation of money or property, and falsification of financial records to cover up the act, thus making detection difficult. d. Intentional concealment or misrepresentation of events or data. e. Claims submitted for services or goods not actually provided to the organization. 4. Deterrence of fraud consists of those actions taken to discourage the perpetration of fraud and limit the exposure if fraud does occur. The principal mechanism for deterring fraud is control. Primary responsibility for establishing and maintaining control rests with management. 5. Internal auditors are responsible for assisting in the deterrence of fraud by examining and evaluating the adequacy and the effectiveness of the system of internal control, commensurate with the extent of the potential exposure/risk in the various segments of the organizations operations. In carrying out this responsibility, internal auditors should, for example, determine whether: a. The organizational environment fosters control consciousness. b. Realistic organizational goals and objectives are set. c. Written policies (e.g., code of conduct) exist that describe prohibited activities and the action required whenever violations are discovered. d. Appropriate authorization policies for transactions are established and maintained. e. Policies, practices, procedures, reports, and other mechanisms are developed to monitor activities and safeguard assets, particularly in high-risk areas. f. Communication channels provide management with adequate and reliable information. g. Recommendations need to be made for the establishment or enhancement of costeffective controls to help deter fraud. 02. Due care implies reasonable care and competence, not infallibility or extraordinary performance. Due care requires the auditor to conduct examinations and verifications to a reasonable extent, but does not require detailed audits of all transactions. Accordingly, internal auditors cannot give absolute assurance that noncompliance or irregularities do not exist. Nevertheless, the possibility of material irregularities or noncompliance should be considered whenever an internal auditor undertakes an internal auditing assignment. 1. Detection of fraud consists of identifying indicators of fraud sufficient to warrant recommending an investigation. These indicators may arise as a result of controls established by management, tests conducted by auditors, and other sources both within and outside the organization.

37

38

2. In conducting audit assignments, the internal auditors responsibilities for detecting fraud are to: a. Have sufficient knowledge of fraud to be able to identify indicators that fraud may have been committed. This knowledge includes the need to know the characteristics of fraud, the techniques used to commit fraud, and the types of frauds associated with the activities audited. b. Be alert to opportunities, such as control weaknesses, that could allow fraud. If significant control weaknesses are detected, additional tests conducted by internal auditors should include tests directed toward identification of other indicators of fraud. Some examples of indicators are unauthorized transactions, override of controls, unexplained pricing exceptions, and unusually large product losses. Internal auditors should recognize that the presence of more than one indicator at any one time increases the probability that fraud may have occurred. c. Evaluate the indicators that fraud may have been committed and decide whether any further action is necessary or whether an investigation should be recommended.

d. Notify the appropriate authorities within the organization if a determination is made that
there are sufficient indicators of the commission of a fraud to recommend an investigation. 3. Internal auditors are not expected to have knowledge equivalent to that of a person whose primary responsibility is detecting and investigating fraud. Also, audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected. 03. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization should be informed. The internal auditor may recommend whatever investigation is considered necessary in the circumstances. Thereafter, the auditor should follow up to see that the internal auditing departments responsibilities have been met. 1. Investigation of fraud consists of performing extended procedures necessary to determine whether fraud, as suggested by the indicators, has occurred. It includes gathering sufficient information about the specific details of a discovered fraud. Internal auditors, lawyers, investigators, security personnel, and other specialists from inside or outside the organization are the parties that usually conduct or participate in fraud investigations. 2. When conducting fraud investigations, internal auditors should: a. Assess the probable level and the extent of complicity in the fraud within the organization. This can be critical to ensuring that the internal auditor avoids providing information to or obtaining misleading information from persons who may be involved. b. Determine the knowledge, skills, and disciplines needed to effectively carry out the investigation. An assessment of the qualifications and the skills of internal auditors and of the specialists available to participate in the investigation should be performed to ensure that it is conducted by individuals having the appropriate type and level of technical expertise. This should include assurances on such matters as professional certifications, licenses, reputation, and that there is no relationship to those being investigated or to any of the employees or management of the organization. c. Design procedures to follow in attempting to identify the perpetrators, extent of the fraud, techniques used, and cause of the fraud.

38

39

d. Coordinate activities with management personnel, legal counsel, and other specialists as appropriate throughout the course of the investigation. e. Be cognizant of the rights of alleged perpetrators and personnel within the scope of the investigation and the reputation of the organization itself. 3. Once a fraud investigation is concluded, internal auditors should assess the facts known in order to: a. Determine if controls need to be implemented or strengthened to reduce future vulnerability. b. Design audit tests to help disclose the existence of similar frauds in the future. c. Help meet the internal auditors responsibility to maintain sufficient knowledge of fraud and thereby be able to identify future indicators of fraud. 4. Reporting of fraud consists of the various oral or written, interim or final communications to management regarding the status and results of fraud investigations. 5. A preliminary or final report may be desirable at the conclusion of the detection phase. The report should include the internal auditors conclusion as to whether sufficient information exists to conduct an investigation. It should also summarize findings that serve as the basis for such decision. 6. Section 430 of the Standards provides interpretations applicable to internal audit reports issued as a result of fraud investigations. Additional interpretive guidelines on reporting of fraud are as follows: a. When the incidence of significant fraud has been established to a reasonable certainty, senior management and the board should be notified immediately. b. The results of a fraud investigation may indicate that fraud has had a previously undiscovered significant adverse effect on the financial position and results of operations of an organization for one or more years on which financial statements have already been issued. Internal auditors should inform senior management and the board of such a discovery. c. A written report should be issued at the conclusion of the investigation phase. It should include all findings, conclusions, recommendations, and corrective action taken. d. A draft of the proposed report on fraud should be submitted to legal counsel for review. In those cases in which the internal auditor wants to invoke client privilege, consideration should be given to addressing the report to legal counsel. 04 Exercising due professional care means using reasonable audit skill and judgment in performing the audit. To this end, the internal auditor should consider: 1. The extent of audit work needed to achieve audit objectives. 2. The relative materiality or significance of matters to which audit procedures are applied. 3. The adequacy and effectiveness of internal controls. 4. The cost of auditing in relation to potential benefits.

39

40

05 Due professional care includes evaluating established operating standards and determining whether those standards are acceptable and are being met. When such standards are vague, authoritative interpretations should be sought. If internal auditors are required to interpret or select operating standards, they should seek agreement with auditees as to the standards needed to measure operating performance.

300 SCOPE OF WORK THE SCOPE OF INTERNAL AUDITING SHOULD ENCOMPASS THE EXAMINATION AND EVALUATION OF THE ADEQUACY AND EFFECTIVENESS OF THE ORGANIZATIONS SYSTEM OF INTERNAL CONTROL AND THE QUALITY OF PERFORMANCE IN CARRYING OUT ASSIGNED RESPONSIBILITIES.

Note: The full text of this section is printed in Unit 3 of Volume 1.

400 PERFORMANCE OF AUDIT WORK AUDIT WORK SHOULD INCLUDE PLANNING THE AUDIT, EXAMINING AND EVALUATING INFORMATION, COMMUNICATING RESULTS, AND FOLLOWING UP.

Note: The full text of this section is printed in Unit 4 of Volume 1.

500 MANAGEMENT OF THE INTERNAL AUDITING DEPARTMENT THE DIRECTOR OF INTERNAL AUDITING SHOULD PROPERLY MANAGE THE INTERNAL AUDITING DEPARTMENT. 01. The director of internal auditing is responsible for properly managing the department so that: 1. Audit work fulfills the general purposes and responsibilities approved by senior management and accepted by the board. 2. Resources of the internal auditing department are efficiently and effectively employed. 3. Audit work conforms to the Standards for the Professional Practice of Internal Auditing.

Note: The full text of Sections 510 and 520 are printed in Units 2 and 4respectively, of Volume 1.
530 Policies and Procedures The director of internal auditing should provide written policies and procedures to guide the audit staff. 01. The form and content of written policies and procedures should be appropriate to the size and structure of the internal auditing department and the complexity of its work. Formal administrative and technical audit manuals may not be needed by all internal auditing departments. A small internal auditing department may be managed informally. Its audit staff may be directed and controlled through daily, close supervision and written memoranda. In a large internal auditing department, more formal and

40

41

comprehensive policies and procedures are essential to guide the audit staff in the consistent compliance with the departments standards of performance. 540 Personnel Management and Development The director of internal auditing should establish a program for selecting and developing the human resources of the internal auditing department. 01. The program should provide for: 1. Developing written job descriptions for each level of the audit staff. 2. Selecting qualified and competent individuals. 3. Training and providing continuing educational opportunities for each internal auditor. 4. Appraising each internal auditors performance at least annually. 5. Providing counsel to internal auditors on their performance and professional development. 550 External Auditors The director of internal auditing should coordinate internal and external audit efforts. 01. Internal and external auditing work should be coordinated to ensure adequate audit coverage and to minimize duplicate efforts. 1. The scope of internal auditing work encompasses both financial and operational objectives and activities. The scope of internal auditing work is covered by Section 300 of the Standards. On the other hand, the external auditors ordinary examination is designed to obtain sufficient evidential matter to support an opinion on the overall fairness of the annual financial statements. The scope of the work of external auditors is determined by their professional standards, and they are responsible for judging the adequacy of procedures performed and evidence obtained for purposes of expressing their opinion on the annual financial statements. 2. Oversight of the work of external auditors, including coordination with the internal auditing department, is generally the responsibility of the board. Actual coordination should be the responsibility of the director of internal auditing. The director of internal auditing will require the support of the board to achieve effective coordination of audit work. 3. In coordinating the work of internal auditors with the work of external auditors, the director of internal auditing should ensure that work to be performed by internal auditors in fulfillment of Section 300 of the Standards does not duplicate the work of external auditors which can be relied on for purposes of internal auditing coverage. To the extent that professional and organizational reporting responsibilities allow, internal auditors should conduct examinations in a manner that allows for maximum audit coordination and efficiency. 4. The director of internal auditing may agree to perform work for external auditors in connection with their annual audit of the financial statements. Work performed by internal auditors to assist external auditors in fulfilling their responsibility is subject to all relevant provisions of the Standards for the Professional Practice of Internal Auditing. 5. The director of internal auditing should make regular evaluations of the coordination between internal and external auditors. Such evaluations may also include assessments of the overall efficiency and effectiveness of internal and external auditing activities, including aggregate audit cost.

41

42

6. In exercising its oversight role, the board may request the director of internal auditing to assess the performance of external auditors. Such assessments should ordinarily be made in the context of the director of internal auditings role of coordinating internal and external auditing activities, and should extend to other performance matters only at the specific request of senior management or the board. 7. Assessments of the performance of external auditors should be based on sufficient information to support the conclusions reached. Assessments of the external auditors performance with respect to the coordination of internal and external auditing activities should reflect the criteria described in Section 550.02 of the Standards. 8. Assessments of the performance of external auditors extending to matters beyond coordination with the internal auditors may address such additional factors as: a. Professional knowledge and experience. b. Knowledge of the organizations industry. c. Independence. d. Availability of specialized services. e. Anticipation of and responsiveness to the needs of the organization. f. Reasonable continuity of key engagement personnel. g. Maintenance of appropriate working relationships. h. Achievement of contract commitments. i. Delivery of overall value to the organization. 9. The director of internal auditing should communicate the results of evaluations of coordination between internal and external auditors to senior management and the board along with, as appropriate, any relevant comments about the performance of external auditors. 10. External auditors may be required by their professional standards to ensure that certain matters are communicated to the board. The director of internal auditing should communicate with external auditors regarding these matters so as to have an understanding of the issues. These matters may include: a. Significant control weaknesses. b. Errors and irregularities. c. Illegal acts. d. Management judgments and accounting estimates. e. Significant audit adjustments. f. Disagreements with management. g. Difficulties encountered in performing the audit.

42

43

02. Coordination of audit efforts involves: 1. Periodic meetings to discuss matters of mutual interest. a. Planned audit activities of internal and external auditors should be discussed to assure that audit coverage is coordinated and duplicate efforts are minimized. Sufficient meetings should be scheduled during the audit process to assure coordination of audit work and efficient and timely completion of audit activities, and to determine whether findings from work performed to date require that the scope of planned work be adjusted. 2. Access to each others audit programs and workpapers. a. Access to the external auditors programs and workpapers may be important in order for internal auditors to be satisfied as to the propriety for internal audit purposes of relying on the external auditors work. Such access carries with it the responsibility for internal auditors to respect the confidentiality of those programs and workpapers. Similarly, access to the internal auditors programs and workpapers should be given to external auditors in order for external auditors to be satisfied as to the propriety, for external audit purposes, of relying on the internal auditors work. 3. Exchange of audit reports and management letters. a. Internal audit reports, managements responses to those reports, and subsequent internal auditing department follow-up reviews should be made available to external auditors. These reports assist external auditors in determining and adjusting the scope of work. b. Internal auditors need access to the external auditors management letters. Matters discussed in management letters assist internal auditors in planning the areas to emphasize in future internal audit work. After review of management letters and initiation of any needed corrective action by appropriate members of management and the board, the director of internal auditing should ensure that appropriate follow-up and corrective action have been taken. 4. Common understanding of audit techniques, methods, and terminology. a. The director of internal auditing should understand the scope of work planned by external auditors and should be satisfied that the external auditors planned work, in conjunction with the internal auditors planned work, satisfies the requirements of Section 300 of the Standards. Such satisfaction requires an understanding of the level of materiality used by external auditors for planning and the nature and extent of the external auditors planned procedures. b. The director of internal auditing should ensure that the external auditors techniques, methods, and terminology are sufficiently understood by internal auditors to enable the director of internal auditing to (a) coordinate internal and external auditing work; (b) evaluate, for purposes of reliance, the external auditors work; and (c) ensure that internal auditors who are to perform work to fulfill the external auditors objectives can communicate effectively with external auditors. c. The director of internal auditing should provide sufficient information to enable external auditors to understand the internal auditors techniques, methods, and terminology to facilitate reliance by external auditors on work performed using such techniques, methods, and terminology.

43

44

a. It may be more efficient for internal and external auditors to use similar techniques, methods, and terminology to effectively coordinate their work and to rely on the work of one another. 560 Quality Assurance The director of internal auditing should establish and maintain a quality assurance program to evaluate the operations of the internal auditing department. 01. The purpose of this program is to provide reasonable assurance that internal auditing work conforms with the Standards for the Professional Practice of Internal Auditing, the internal auditing departments charter, and other applicable standards. A quality assurance program should include the following elements: Supervision. Internal reviews. External reviews. 1. The reasonable assurance mentioned in this guideline serves the needs of several constituencies in addition to that of the director of internal auditing. These may include senior management, external auditors, the board, and regulatory agencies, each of whom may have reasons to rely upon the performance of the internal auditing department. 2. Conformity with applicable standards is more than simply complying with established policies and procedures. It includes performance of the internal auditing department at a high level of efficiency and effectiveness. Quality assurance is essential to achieving such performance, as well as to maintaining the internal auditing departments credibility with those it serves. 3. A key criterion against which an internal auditing department should be measured is its charter. Consideration of the departments charter should also include an assessment of the charter in terms of the elements specified in Section 110 of the Standards. 4. The following are examples of other applicable standards and potential measurement criteria that should be considered in evaluating the performance of the internal auditing department: a. The Code of Ethics. b. The internal auditing departments objectives, policies, and procedures. c. The organizations policies and procedures that apply to the internal auditing department. d. Laws, regulations, and government or industry standards which specify auditing and reporting requirements. e. Methods for identifying auditable activities, assessing risk, and determining frequency and scope of audits. f. Audit planning documents, particularly those submitted to senior management and the board. g. The plan of organization, statements of job requirements, position descriptions, and professional development plans of the internal auditing department.

44

45

02. Supervision of the work of internal auditors should be carried out to assure conformance with internal auditing standards, departmental policies, and audit programs. 1. Adequate supervision is the most fundamental element of a quality assurance program. As such, it provides a foundation upon which internal and external reviews can subsequently be built. 2. The nature and responsibility for supervision are set forth in Section 230 of the Standards, and related guidelines. 03. Internal reviews should be performed periodically by members of the internal auditing staff to appraise the quality of the audit work performed. These reviews should be performed in the same manner as any other internal audit. 1. Formal internal reviews are periodic self-assessments of the internal auditing department. These reviews generally are performed by a team or an individual selected by the director of internal auditing. Larger departments may have a person designated as manager of quality assurance or with a similar title and responsibilities. 2. Internal quality assurance reviews primarily serve the needs of the director of internal auditing, but can also provide senior management and the board with an assessment of the internal auditing department. These reviews should be structured so as to indicate the degree of compliance with the Standards for the Professional Practice of Internal Auditing, level of audit effectiveness, and extent of compliance with the organization and departmental policies and standards. The review should also provide recommendations for improvement. 3. An internal review program, particularly in smaller internal auditing departments, will require adaptations that take into consideration the structure of the department and degree of involvement of the director in individual audits. 4. When formal internal reviews are not appropriate to the internal auditing departments needs, or to supplement such reviews, the following methods can provide elements of internal review coverage: a. Reviews by the director of internal auditing, audit managers, or supervisors of a sample of audits (and areas of audit administration) where the work was performed under the direction of other managers or supervisors. As an ongoing process this can provide training, exchange of ideas, and greater uniformity, as well as assurance to the director of internal auditing. b. Feedback from auditees (in addition to that from personal contact) through the use of questionnaires or surveys, either routinely after each audit or periodically for selected audits. This process will elicit managements perception of the internal auditing department and may also result in suggestions to make it more effective and responsive to managements needs. 5. The director of internal auditing should initiate and monitor the internal review process. In selecting and instructing the team for an internal review, the director of internal auditing should ensure that the team is qualified and as independent as practicable. 6. The director should receive a written report of the results of each internal review and ensure that appropriate action is taken. Although the purpose of internal reviews is to assess the effectiveness of the internal auditing department for internal purposes, it may be appropriate for the director to share the results with persons outside the department, such as senior management, the board, and external auditors. Internal reviews can also be useful as part of the self-assessment process in preparation for an external review.

45

46

04. External reviews of the internal auditing department should be performed to appraise the quality of the departments operations. These reviews should be performed by qualified persons who are independent of the organization and who do not have either a real or an apparent conflict of interest. Such reviews should be conducted at least once every three years. On completion of the review, a formal, written report should be issued. The report should express an opinion as to the departments compliance with the Standards for the Professional Practice of Internal Auditing and, as appropriate, should include recommendations for improvement. 1. External reviews can have considerable value to the director and other members of the internal auditing department. Another important purpose of external reviews is to provide independent assurance of quality to senior management, the board, and others such as external auditors who rely on the work of the internal auditing department. 2. The director of internal auditing should discuss with senior management and the board the nature of an external review in the context of the overall quality assurance program and should involve them in the selection of an external reviewer. 3. External reviews should be performed by qualified individuals who are independent of the organization and who do not have either a real or an apparent conflict of interest. Qualified individuals are persons with the technical proficiency and educational background appropriate for the audit activities to be reviewed and could include internal auditors from outside the organization or outside service providers. Independent of the organization means not a part of, or under the control of, the organization to which the internal auditing department belongs. In the selection of an external reviewer, consideration should be given to a possible real or apparent conflict of interest which the reviewer may have due to present or past relationships with the organization or its internal auditing department. 4. Organizations of external auditors in various countries have specified certain limited review procedures that they should consider in evaluating and using the work of the internal auditing department. These relate primarily to quality of work and degree of independence from auditees. These limited review procedures by external auditors usually relate only to their audit of an organizations financial statements and generally would not constitute an external review. 5. Upon completion of an external review, the review team should issue a formal report containing an opinion as to the departments compliance with the Standards. The report should also address compliance with the departments charter and other applicable standards and include appropriate recommendations for improvement. The report should be addressed to the person or organization who requested the review. The director of internal auditing should prepare a written action plan in response to the significant comments and recommendations contained in the report of external review. Appropriate follow-up is also the directors responsibility. 6. External reviews should be conducted at least once every three years. However, there may be circumstances that justify a different interval. These circumstances include: (a) significant review and monitoring by the board; (b) in-depth reviews by external auditors or others; and (c) the relative stability of the internal auditing departments charter, organization, staff, and catalog of auditable activities. The nature, scope, degree of independence, and overall results of the internal review program should also be considered in determining the external review interval. 7. External review is an important element of the program for achieving quality assurance. However, if resources are limited, or for other reasons previously noted, the internal auditing department may be currently unable to obtain an external review. In these circumstances, more emphasis should be placed on supervision, periodic internal reviews, and other quality assurance methods that are available to the department. It is the responsibility of the director of internal auditing to annually assess the conditions which restrict an external review. Another interim method is the use of qualified internal groups to conduct a review (e.g., former audit managers in the employ of the organization, other audit directors in a decentralized audit organization, or

46

47

internal management advisory personnel). However, such a review should not be expected to achieve all of the objectives of an external review.

D. AICPA STATEMENTS ON AUDITING STANDARDS (SAS) Independent auditors occasionally receive assistance or information from outside sources when conducting an audit. Two AICPA standards relate to the independent auditors consideration of work by outside entities. SAS 65 describes the auditors consideration of the internal audit function in an audit of financial statements, and SAS 70, which describes the consideration of reports on the processing of transactions by service organizations. These two statements are summarized below. 1. Summary of SAS 65 The Auditors Consideration of the Internal Audit Function in an Audit of Financial Statements. a. SAS 65 provides the auditor with guidance on considering the work of internal auditors and on using internal auditors to provide assistance to the auditor in an audit performed in accordance with generally accepted auditing standards. b. When obtaining an understanding of internal control, the auditor should obtain an understanding of the internal audit function sufficient to identify those internal audit activities that are relevant to planning the audit. c. The auditor ordinarily should make inquiries of appropriate management and internal audit personnel about the internal auditors: 1. Organizational status within the entity. 2. Application of professional standards. 3. Audit plan, including the nature, timing, and extent of the audit work. 4. Access to records and whether there are limitations on the scope of their activities. d. The auditor may find the results of the following procedures helpful in assessing the relevancy of internal audit activities: 1. Considering knowledge from prior-year audits. 2. Reviewing how the internal auditors allocate their audit resources to financial or operating areas in response to their risk assessment process. 3. Reading internal audit reports to obtain detailed information about the scope of internal audit activities.

47

48

e. When assessing the internal auditors competence, the auditor should obtain or update information from prior years about such factors as: 1. Educational level and professional experience of internal auditors. 2. Professional certification and continuing education. 3. Audit policies, programs, and procedures. 4. Practices regarding assignment of internal auditors. 5. Supervision and review of internal auditors activities. 6. Quality of workpaper documentation, reports, and recommendations. 7. Evaluation of internal auditors performance. f. When assessing the internal auditors objectivity, the auditor should obtain or update information from prior years about such factors as: 1. The organizational status of the internal auditor responsible for the internal audit function, including: Whether the internal auditor reports to an officer of sufficient status to ensure broad coverage and adequate consideration of, and action on, the findings and recommendations of the internal auditors. Whether the internal auditor has direct access and reports regularly to the board of directors, the audit committee, or the owner-manager. Whether the board of directors, the audit committee, or the ownermanager oversees employment decisions related to the internal auditor.

2. Policies to maintain internal auditors objectivity about the areas audited, including: Policies prohibiting internal auditors from auditing areas where relatives are employed in important or audit-sensitive areas. Policies prohibiting internal auditors from auditing areas where they were recently assigned or are scheduled to be assigned on completion of responsibilities in the internal audit function.

g. Even though the internal auditors work may affect the auditors procedures, the auditor should perform procedures to obtain sufficient and competent evidential matter to support the auditors report.

48

49

h. If the work of the internal auditors is expected to have an effect on the auditors procedures, it may be efficient for the auditor and the internal auditors to coordinate their work by: 1. Holding periodic meetings. 2. Scheduling audit work. 3. Providing access to internal auditors workpapers. 4. Reviewing audit reports. 5. Discussing possible accounting and auditing issues. i. The auditor should perform procedures to evaluate the quality and effectiveness of the internal auditors work. In developing the evaluation procedures, the auditor should consider such factors as whether the internal auditors: 1. Scope of work is appropriate to meet the objectives. 2. Audit programs are adequate. 3. Workpapers adequately document work performed, including evidence of supervision and review. 4. Conclusions are appropriate in the circumstances. 5. Reports are consistent with the results of the work performed.

2. Summary of SAS 70 Reports on the Processing of Transactions by Service Organizations. a. This section provides guidance on the factors an independent auditor should consider when auditing the financial statement of an entity that uses a service organization to process certain transactions. b. Service organizations typically provide services such as executing transactions and maintaining the related accountability, or recording transactions and processing related data. Examples of service organizations include bank trust departments that invest and hold assets for employee benefit plans or for others, mortgage bankers that service mortgages for others, and electronic data processing service centers that process transactions and related data for others. c. When a user organization uses a service organization, transactions that affect the user organizations financial statements are subjected to controls that are, at least in part, 49

50

physically and operationally separate from the user organization. The relationship of the controls of the service organization to those of the user organization depends primarily on the nature of the services provided by the service organization. d. If an entity uses a service organization, certain controls and records of the service organization may be relevant to the user organizations ability to record, process, summarize, and report financial data consistent with the assertions embodied in the entitys financial statements. In determining the significance of these controls and records to planning the audit, the user should consider such factors as: 1. The significance of the financial statement assertions that are affected by the controls of the service organization. 2. The inherent risk associated with the assertions affected by the controls of the service organization. 3. The nature of the services provided by the service organization and whether they are highly standardized and used extensively by many user organizations or unique and used only by a few. 4. The extent to which the user organizations controls interact with the controls of the service organization. 5. The user organizations controls that are applied to the transactions affected by the service organizations activities. 6. The terms of the contract between the user organization and the service organization (for example, their respective responsibilities and the extent of the service organizations discretion to initiate transactions). 7. The service organizations capabilities, including its record of performance, insurance coverage, and financial stability. 8. The user auditors prior experience with the service organization. 9. The extent of auditable data in the user organizations possession. 10. The existence of specific regulatory requirements that may dictate the application of audit procedures beyond those required to comply with generally accepted auditing standards. e. After obtaining an understanding of internal controls, the user auditor assesses control risk for the assertions embodied in the account balances and classes of transactions, including those that are affected by the activities of the service organization.

50

51

f. The user organization may establish effective controls over the service organizations activities that may be tested and that may enable the user auditor to reduce the assessed level of control risk below the maximum for some or all of the related assertions. g. The user auditors assessments of control risk regarding assertions about account balances or classes of transactions are based on the combined evidence provided by the service auditors report and the user auditors own procedures. h. The user auditor should not make reference to the report of the service auditor as a basis, in part, for his or her own opinion on the user organizations financial statements. The service auditors report is used in the audit, but the service auditor is not responsible for examining any portion of the financial statements as of any specific date or for any specified period. Thus, there cannot be a division of responsibility for the audit of the financial statements.

E. CFSA Code of Professional Ethics To promote professionalism and integrity among its member, the CFSA like most professional organizations has defined a code of professional ethics. Article One A Certified Financial Services Auditor shall at all times demonstrate a commitment to professionalism in the performance of his or her duties.

Article Two A Certified Financial Services Auditor shall at all times exhibit the highest levels of honesty, integrity and objectivity in the performance of his or her duties and responsibilities.

Article Three A Certified Financial Services Auditor shall not knowingly engage in any illegal or fraudulent act.

Article Four A Certified Financial Services Auditor will neither use information obtained during an audit for personal gain nor allow anyone else to use such information for personal gain. Article Five A Certified Financial Services Auditor will use the designation of CFSA with pride and professionalism and will continue to strive to enhance his or her proficiency and value to the profession.

51

52

Article Six A Certified Financial Services Auditor shall not engage in any activity deemed to be in conflict with the interests of the Association or which would compromise personal objectivity.

52

53

UNIT 2: INTERNAL AUDIT ORGANIZATION

As management encountered increasing difficulty in monitoring operations and activities, internal audit departments became a necessary function. At the inception of internal auditing, the focus was on the safeguarding of assets and fraud detection. As policies, regulations, and laws increased, compliance auditing became an internal audit responsibility. There are three key components of effective internal audit organizations. They are: A. Audit Charter B. Reporting Responsibility C. Audit Committee A. Audit Charter
IIA Standard 510 Purpose, Authority, and Responsibility The director of internal auditing should have a statement of purpose, authority, and responsibility for the internal auditing department. 01. The director of internal auditing is responsible for seeking the approval of senior management and the acceptance by the board of a formal written document (charter) for the internal auditing department.

1. An audit charter is generally an official policy statement that establishes an internal audit function as an independent appraisal activity to examine and evaluate the operations of the organization. The charter establishes the general authority and responsibility of the internal audit department to conduct audits. 2. Audit charters typically provide detailed information on the objectives of the internal audit department. An audit charter may contain a statement such as: The primary objective of an internal audit function is to assist management achieve its objectives through advice on risk management and internal control practices. Internal control is a management process designed to provide reasonable assurance regarding the achievement of the following objectives: Assessing the reliability and integrity of information; Assessing compliance with policy, plans, procedures, laws and regulations; Appraising the safeguarding of assets; Assessing economical, effective, and efficient use of resources; Assessing the accomplishment of established objectives and goals for an operation or program;

53

54

Appraising the adequacy, integrity, security, reliability, and usefulness of management information systems; Helping to generate an awareness of risk management and effective control techniques with a commitment to using them throughout the organization; Cooperating in providing a range of professional internal consulting services to management.

As indicated in the Unit 1, section, B. Introduction to IIA Standards, a new Definition of Internal Auditing was approved by The IIA's Board of Directors in June 1999. New Definition of Internal Auditing Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes 3. Internal audit scope includes all activities of the organization and its controlled entities. Management is responsible for determining acceptable levels of risk and to ensure adequate internal control systems are in place. Internal audit will help define, design, and monitor internal control systems to ensure that objectives are achieved.

B. Reporting Responsibility 1. The charter usually establishes the independence of the internal audit department and the reporting requirements. The internal auditor usually reports to an audit committee (see following section) and/or an executive level manager. Internal audit must have the ability to bypass executive management and bring issues directly to the audit committee and/or board of directors if warranted. 2. Charters often provide for the internal audit department to have unrestricted access to all organization activities, records, property, and personnel. To remain independent, internal audit departments should not have authority over, nor direct responsibility for, any of the activities they review. In addition, it must be made clear that internal auditors perform advisory functions only, and in no way relieve line department personnel of operating responsibilities assigned to them. 3. The charter may require the development of an annual audit plan. The internal audit plan is prepared in consultation with management and the Audit Committee and approved by the Committee each year. The plan is usually based on a risk assessment and will be the guide for audit activity throughout the year.

54

55

C. Audit Committee iv 1. An audit committee's primary purpose is to protect the interests of the shareholders and directors. The audit committee may assist the board of directors in fulfilling its oversight responsibility over the financial reporting process and the internal control structure and maintain communication on these matters among the board of directors, management, the independent auditors, and internal auditors. 2. Some examples of audit committee's duties are: Oversee the company's internal control structure over financial reporting Review the work of the internal audit department Recommend the independent auditors Review the plan for the annual audit with the independent auditors Review the results of the audit with the independent auditors Review the annual report Review the process of assessing the risk of fraudulent financial reporting Monitor procedures for compliance with government regulations Communicate with corporate counsel and assess the effect of litigation on the financial statements

3. Audit committee members should have broad knowledge and experience in financial matters, rather than in-depth knowledge in one area, and must be independent of the company's management in substance as well as appearance. 4. Audit committees are involved in a broad range of corporate concerns, some of which are extensions of the committee's traditional role. Although the audit committee's duties and responsibilities generally reflect the company's specific needs and characteristics, external entities are continually placing greater demands on the audit committee. 5. An increasing number of companies have been forming audit committees because of the requirements of regulatory bodies and because boards of directors are recognizing that audit committees play a key role in corporate accountability and governance. In February 1999, the Blue Ribbon Committee on Improving the Effectiveness of Corporate Audit Committees (Blue Ribbon Committee) issued its Report and Recommendations with respect to audit committee composition and practices. Also, in a collaborative effort, the Securities and Exchange Commission, the securities exchanges and the Auditing Standards Board adopted rules in response to the Blue Ribbon Committees recommendations. The central message of the Blue Ribbon Committees report and the intent of the new rules is that audit committees need to be diligent in their oversight of the financial reporting process. To achieve this objective, audit committees need to work closely with management, internal auditors, and independent auditors to promote accurate, high-quality, and timely disclosure of financial and other information to the board, the public markets, and shareholders.

55

56

The rule changes from the NYSE and NASD (the latter of which apply to both NASDAQ and Amex listed companies) amend their audit committee requirements in order to strengthen the independence and qualifications of the audit committee. Companies need to assess whether their audit committees comply with the new composition and qualifications requirements. In making their assessment, companies should keep in mind that the new securities exchange rules also require written affirmation (NYSE) or certification (NASD) regarding the independence and qualifications of audit committee members. Further, new SEC rules require annual proxy statement disclosures regarding audit committee member independence. These disclosure requirements are further discussed in the section titled Disclosure by Audit Committees. Following are the new NYSE rules regarding the attributes of the audit committee: Composition/Expertise Requirement of Audit Committee Members. (a) Each audit committee shall consist of at least three directors, all of whom have no relationship to the company that may interfere with the exercise of their independence from management and the company ("Independent"); (b) Each member of the audit committee shall be financially literate, as such qualification is interpreted by the company's Board of Directors in its business judgment, or must become financially literate within a reasonable period of time after his or her appointment to the audit committee; and (c) At least one member of the audit committee must have accounting or related financial management expertise, as the Board of Directors interprets such qualification in its business judgment. Independence Requirement of Audit Committee Members. In addition to the definition of Independent provided above, the following restrictions shall apply to every audit committee member: (a) Employees. A director who is an employee (including non-employee executive officers) of the company or any of its affiliates may not serve on the audit committee until three years following the termination of his or her employment. In the event the employment relationship is with a former parent or predecessor of the company, the director could serve on the audit committee after three years following the termination of the relationship between the company and the former parent or predecessor. (b) Business Relationship. A director (i) who is a partner, controlling shareholder, or executive officer of an organization that has a business relationship with the company, or (ii) who has a direct business relationship with the company (e.g., a consultant) may serve on the audit committee only if the company's Board of Directors determines in its business judgment that the relationship does not interfere with the director's exercise of independent judgment. In making a determination regarding the independence of a director pursuant to this paragraph, the Board of Directors should consider, among other 56

57

things, the materiality of the relationship to the company, to the director, and, if applicable, to the organization with which the director is affiliated. "Business relationships" can include commercial, industrial, banking, consulting, legal, accounting and other relationships. A director can have this relationship directly with the company, or the director can be a partner, officer or employee of an organization that has such a relationship. The director may serve on the audit committee without the abovereferenced Board of Directors' determination after three years following the termination of, as applicable, either (1) the relationship between the organization with which the director is affiliated and the company, (2) the relationship between the director and his or her partnership status, shareholder interest or executive officer position, or (3) the direct business relationship between the director and the company. 3 (c) Cross Compensation Committee Link. A director who is employed as an executive of another corporation where any of the company's executives serves on that corporation's compensation committee may not serve on the audit committee. (d) Immediate Family. A director who is an Immediate Family member of an individual who is an executive officer of the company or any of its affiliates cannot serve on the audit committee until three years following the termination of such employment relationship. Independence Exception. One director who is no longer an employee or who is an Immediate Family member of a former executive officer of the company or its affiliates, but is not considered independent pursuant to these provisions due to the three-year restriction period, may be appointed, under exceptional and limited circumstances, to the audit committee if the company's board of directors determines in its business judgment that membership on the committee by the individual is required by the best interests of the corporation and its shareholders, and the company discloses, in the next annual proxy statement subsequent to such determination, the nature of the relationship and the reasons for that determination. Initial Public Offering. Companies listing in conjunction with their initial public offering (including spin-offs and carve outs) will be required to have two qualified audit committee members in place within three months of listing and a third qualified member in place within twelve months of listing. "Immediate Family" includes a person's spouse, parents, children, siblings, mothers-inlaw and fathers-in-law, sons and daughters-in-law, brothers and sisters-in-law, and anyone (other than employees) who shares such person's home. "Affiliate" includes a subsidiary, sibling company, predecessor, parent company, or former parent company. "Officer" shall have the meaning specified in Rule 16a-1(f) under the Securities Exchange Act of 1934, or any successor rule. Rule 16a-1(f) states, The term officer

57

58

shall mean an issuer's president, principal financial officer, principal accounting officer (or, if there is no such accounting officer, the controller), any vice-president of the issuer in charge of a principal business unit, division or function (such as sales, administration or finance), any other officer who performs a policy-making function, or any other person who performs similar policy-making functions for the issuer. Officers of the issuer's parent(s) or subsidiaries shall be deemed officers of the issuer if they perform such policy-making functions for the issuer. In addition, when the issuer is a limited partnership, officers or employees of the general partner(s) who perform policy-making functions for the limited partnership are deemed officers of the limited partnership. When the issuer is a trust, officers or employees of the trustee(s) who perform policy-making functions for the trust are deemed officers of the trust. Following are the new NASD rules regarding the attributes of the audit committee: Audit Committee Composition. Each issuer must have, and certify that it has and will continue to have, an audit committee of at least three members, comprised solely of independent directors, each of whom is able to read and understand fundamental financial statements, including a company's balance sheet, income statement, and cash flow statement or will become able to do so within a reasonable period of time after his or her appointment to the audit committee. Additionally, each issuer must certify that it has, and will continue to have, at least one member of the audit committee that has past employment experience in finance or accounting, requisite professional certification in accounting, or any other comparable experience or background which results in the individual's financial sophistication, including being or having been a chief executive officer, chief financial officer or other senior officer with financial oversight responsibilities. Independent director means a person other than an officer or employee of the company or its subsidiaries or any other individual having a relationship which, in the opinion of the company's board of directors, would interfere with the exercise of independent judgment in carrying out the responsibilities of a director. The following persons shall not be considered independent: (a) a director who is employed by the corporation or any of its affiliates for the current year or any of the past three years; (b) a director who accepts any compensation from the corporation or any of its affiliates in excess of $60,000 during the previous fiscal year, other than compensation for board service, benefits under a tax-qualified retirement plan, or non-discretionary compensation; (c) a director who is a member of the immediate family of an individual who is, or has been in any of the past three years, employed by the corporation or any of its affiliates as an executive officer. Immediate family includes a person's spouse, parents, children, siblings, mother-in-law, father-in-law, brother-in-law, sister-in-law, son-in-law, daughterin-law, and anyone who resides in such person's home;

58

59

(d) a director who is a partner in, or a controlling shareholder or an executive officer of, any for-profit business organization to which the corporation made, or from which the corporation received, payments (other than those arising solely from investments in the corporation's securities) that exceed 5% of the corporation's or business organization's consolidated gross revenues for that year, or $200,000, whichever is more, in any of the past three years; and (e) a director who is employed as an executive of another entity where any of the company's executives serve on that entity's compensation committee. Independence Exception. One director who is not independent as defined above, and is not a current employee or an immediate family member of such employee, may be appointed to the audit committee, if the board, under exceptional and limited circumstances, determines that membership on the committee by the individual is required by the best interests of the corporation and its shareholders, and the board discloses, in the next annual proxy statement subsequent to such determination, the nature of the relationship and the reasons for that determination. Exception for Small Business Filers The new composition (three members) and qualification (financially literate) requirements do not apply to issuers that file reports under SEC Regulation S-B. Such issuers must establish and maintain an audit committee of at least two members, a majority of the members of which shall be independent directors (as defined above).

For more information on these new rules go to: Background information and the text of the New York Stock Exchange and National Association of Securities Dealers final audit committee-related rules may be found at the following Worldwide Web address: http://www.sec.gov/rules/sroindx.htm Background information and the text of the Securities and Exchange Commissions final audit committee-related rules may be found at the following Worldwide Web address: http://www.sec.gov/rules/finrindx.htm Statement on Auditing Standards No 90, Audit Committee Communications, which amends Statement on Auditing Standards No. 61, Communication with Audit Committees, and Statement on Auditing Standards No. 71, Interim Financial Information may be found at: http://www.aicpa.org The information relating to the Blue Ribbon Committee was taken from a document developed by Ernst & Young titled, Audit Committees, Implementing the New Rules.

59

60

UNIT 3: INTERNAL CONTROL

Internal control encompasses the processes designed to provide reasonable assurances regarding the achievement of organizational objectives.

A. IIA Standards for Internal Control Specific guidance for audit planning internal audits is given in IIA Standard 300. The following is the complete text of IIA Standard 300:
300 SCOPE OF WORK THE SCOPE OF INTERNAL AUDITING SHOULD ENCOMPASS THE EXAMINATION AND EVALUATION OF THE ADEQUACY AND EFFECTIVENESS OF THE ORGANIZATIONS SYSTEM OF INTERNAL CONTROL AND THE QUALITY OF PERFORMANCE IN CARRYING OUT ASSIGNED RESPONSIBILITIES. 01. The scope of internal auditing work, as specified in this standard, encompasses what audit work should be performed. It is recognized, however, that senior management and the board provide general direction as to the scope of work and the activities to be audited. 02. The purpose of the review for adequacy of the system of internal control is to ascertain whether the system established provides reasonable assurance that the organizations objectives and goals will be met efficiently and economically. 1. Objectives are the broadest statements of what the organization chooses to accomplish. The establishment of objectives precedes the selection of goals and the design, implementation, and maintenance of systems whose purpose is to meet the organizations objectives and goals. 2. Goals are specific objectives of specific systems and may be otherwise referred to as operating or program objectives or goals, operating standards, performance levels, targets, or expected results. Goals should be identified for each system. They should be clearly defined, measurable, attainable, and consistent with established broader objectives; and they should explicitly recognize the risks associated with not achieving those objectives. 3. A system (process, operation, function, or activity) is an arrangement, a set, or a collection of concepts, parts, activities, and/or people that are connected or interrelated to achieve objectives and goals. (This definition applies to both manual and automated systems.) A system may also be a collection of subsystems operating together for a common objective or goal. 4. Adequate control is present if management has planned and organized (designed) in a manner which provides reasonable assurance that the organizations objectives and goals will be achieved efficiently and economically. The system design process begins with the establishment of objectives and goals. This is followed by connecting or interrelating concepts, parts, activities, and/or people in such a manner as to operate together to achieve the established objectives and goals. If system design is properly performed, planned activities should be executed as designed and expected results should be attained.

60

61

5. Reasonable assurance is provided when cost-effective actions are taken to restrict deviations to a tolerable level. This implies, for example, that material errors and improper or illegal acts will be prevented or detected and corrected within a timely period by employees in the normal course of performing their assigned duties. The cost-benefit relationship is considered by management during the design of systems. The potential loss associated with any exposure or risk is weighed against the cost to control it. 6. Efficient performance accomplishes objectives and goals in an accurate and timely fashion with minimal use of resources. 7. Economical performance accomplishes objectives and goals at a cost commensurate with the risk. The term efficient incorporates the concept of economical performance. 03. The purpose of the review for effectiveness of the system of internal control is to ascertain whether the system is functioning as intended. 1. Effective control is present when management directs systems in such a manner as to provide reasonable assurance that the organizations objectives and goals will be achieved. 2. Directing involves, in addition to accomplishing objectives and planned activities, authorizing and monitoring performance, periodically comparing actual with planned performance, and documenting these activities to provide additional assurance that systems operate as planned. a. Authorizing includes initiating or granting permission to perform activities or transactions. Authorization implies that the authorizing authority has verified and validated that the activity or transaction conforms with established policies and procedures. b. Monitoring encompasses supervising, observing, and testing activities and appropriately reporting to responsible individuals. Monitoring provides an ongoing verification of progress toward achievement of objectives and goals. c. Periodic comparison of actual to planned performance enhances the likelihood that activities occur as planned. d. Documenting provides evidence of the exercise of authority and responsibility; compliance with policies, procedures, and standards of performance; supervising, observing, and testing activities; and verification of planned performance. 04. The purpose of the review for quality of performance is to ascertain whether the organizations objectives and goals have been achieved. 05. The primary objectives of internal control are to ensure: 1. The reliability and integrity of information. 2. Compliance with policies, plans, procedures, laws, regulations, and contracts. 3. The safeguarding of assets. 4. The economical and efficient use of resources. 5. The accomplishment of established objectives and goals for operations or programs. 06. A control is any action taken by management to enhance the likelihood that established objectives and goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to

61

62

provide reasonable assurance that objectives and goals will be achieved. Thus, control is the result of proper planning, organizing, and directing by management. 1. Controls may be preventive (to deter undesirable events from occurring), detective (to detect and correct undesirable events which have occurred), or directive (to cause or encourage a desirable event to occur). 2. All variants of the term control (administrative control, internal accounting control, internal control, management control, operational control, output control, preventive control, etc.) can be incorporated within the generic term. These variants differ primarily in terms of the objectives to be achieved. Since these variants are useful in describing specific control applications, participants in the control process should be familiar with the terms as well as their applications. However, the methodology followed by internal auditors in evaluating such controls is consistent for all of the variants. 3. The variant internal control came into general use to distinguish controls within an organization from those existing externally to the organization (such as laws). Since internal auditors operate within an organization and, among other responsibilities, evaluate managements response to external stimuli (such as laws), no such distinction between internal and external controls is necessary. Also, from the organizations viewpoint, internal controls are all activities which attempt to ensure the accomplishment of the organizations objectives and goals. Internal control is considered synonymous with control within the organization. 4. The overall system of control is conceptual in nature. It is the integrated collection of controlled systems used by an organization to achieve its objectives and goals. 07. Management plans, organizes, and directs in such a fashion as to provide reasonable assurance that established objectives and goals will be achieved. 1. Planning and organizing involve the establishment of objectives and goals and the use of such tools as organization charts, flowcharts, procedures, records, and reports to establish the flow of data and the responsibilities of individuals for performing activities, establishing information trails, and setting standards of performance. 2. Directing involves certain activities to provide additional assurance that systems operate as planned. These activities include authorizing and monitoring performance, periodically comparing actual with planned performance, and appropriately documenting these activities. 3. Management ensures that its objectives and goals remain appropriate and that its systems remain current. Therefore, management periodically reviews its objectives and goals and modifies its systems to accommodate changes in internal and external conditions. 4. Management establishes and maintains an environment that fosters control. 08. Internal auditors examine and evaluate the planning, organizing, and directing processes to determine whether reasonable assurance exists that objectives and goals will be achieved. Such evaluations, in the aggregate, provide information to appraise the overall system of internal control. 1. All systems, processes, operations, functions, and activities within the organization are subject to the internal auditors evaluations. 2. Such evaluations should encompass whether reasonable assurance exists that: a. Objectives and goals have been established.

62

63

b. Authorizing, monitoring, and periodic comparison activities have been planned, performed, and documented as necessary to attain objectives and goals. c. Planned results have been achieved (objectives and goals have been accomplished). 3. Internal auditors perform evaluations at specific points in time but should be alert to actual or potential changes in conditions which affect the ability to provide assurance from a forwardlooking perspective. In those cases, internal auditors should address the risk that performance may deteriorate. 310 Reliability and Integrity of Information Internal auditors should review the reliability and integrity of financial and operating information and the means used to identify, measure, classify, and report such information. 01. Information systems provide data for decision making, control, and compliance with external requirements. Therefore, internal auditors should examine information systems and, as appropriate, ascertain whether: 1. Financial and operating records and reports contain accurate, reliable, timely, complete, and useful information. 2. Controls over record keeping and reporting are adequate and effective. 320 Compliance with Policies, Plans, Procedures, Laws, Regulations, and Contracts Internal auditors should review the systems established to ensure compliance with those policies, plans, procedures, laws, regulations, and contracts which could have a significant impact on operations and reports, and should determine whether the organization is in compliance. 01. Management is responsible for establishing the systems designed to ensure compliance with such requirements as policies, plans, procedures, applicable laws and regulations, and contracts. Internal auditors are responsible for determining whether the systems are adequate and effective and whether the activities audited are complying with the appropriate requirements. 1. The term compliance refers to the ability to reasonably ensure conformity and adherence to organization policies, plans, procedures, laws, regulations, and contracts. 2. The term compliance requirement refers to conditions established by management for the organization. The term also refers to conditions which may be imposed on the organization by law or regulation, or agreed to by contractual arrangement. These conditions affect the manner in which an organizations operations are conducted and objectives are achieved. Compliance requirements include those established, imposed, or agreed to for the purpose of safeguarding organization assets including prevention and/or detection of unauthorized acquisition, use, or disposition of resources. 3. Management is responsible for having knowledge of compliance requirements of all laws, regulations, and contracts applicable to the organization which are significant to achieving internal control objectives set forth in Section 300.05 of the Standards. 4. Management is responsible for designing and implementing policies, plans, and procedures, including those intended to comply with laws, regulations, and contracts. a. The policies, plans, and procedures designed and implemented by management should be sufficient to reasonably ensure prevention and/or detection of noncompliance with applicable laws, regulations, and contracts that are significant to achieving internal

63

64

control objectives. Significant noncompliance with laws, regulations, or contracts may constitute illegal acts, as described in Section 280 of the Standards. Significant noncompliance can also occur with respect to policies, plans, and procedures in which no law or regulation is involved. b. Management is responsible for determining whether noncompliance brought to its attention by internal auditors, or by discovery, may violate laws, regulations, or contractual agreements, and/or constitute illegal acts. In addition, management is responsible for initiating such corrective actions necessary to achieve compliance. This may require reporting by management to the board and appropriate legal, funding, and/or regulatory authorities. 5. In determining audit objectives, internal auditors should make inquiry regarding specific compliance requirements that are significant to internal control objectives. Internal auditors should consider inquiring about significant compliance requirements with: a. Organization management having financial, operational, and oversight responsibilities. b. Internal or external legal counsel. c. Funding or contracting organizations. d. Governmental or other regulatory authorities. e. External auditors. 6. Internal auditors are responsible for establishing objectives that include planning and performing a scope of work which provides a reasonable basis for reporting on the extent of organization compliance with policies, plans, procedures, laws, regulations, and contracts that are significant to internal control objectives. 7. Internal auditors may perform additional procedures which provide insight with respect to compliance with laws, regulations, and contracts. Such performance may provide insight as to the existence and impact of exposure to significant instances of noncompliance. 8. Internal auditors should promptly inform senior management and the board of all relevant facts when information gathered from the performance of internal auditing procedures indicates the existence of significant noncompliance or an unreasonable exposure to significant instances of noncompliance. 330 Safeguarding of Assets Internal auditors should review the means of safeguarding assets and, as appropriate, verify the existence of such assets. 01. Internal auditors should review the means used to safeguard assets from various types of losses such as those resulting from theft, fire, improper or illegal activities, and exposure to elements. 02. Internal auditors, when verifying the existence of assets, should use appropriate audit procedures. 340 Economical and Efficient Use of Resources Internal auditors should appraise the economy and efficiency with which resources are employed. 01. Management is responsible for setting operating standards to measure an activitys economical and efficient use of resources. Internal auditors are responsible for determining whether:

64

65

1. Operating standards have been established for measuring economy and efficiency. 2. Established operating standards are understood and are being met. 3. Deviations from operating standards are identified, analyzed, and communicated to those responsible for corrective action. 4. Corrective action has been taken. 02. Audits related to the economical and efficient use of resources should identify such conditions as: 1. Underutilized facilities. 2. Nonproductive work. 3. Procedures which are not cost justified. 4. Overstaffing or understaffing. 350 Accomplishment of Established Objectives and Goals for Operations or Programs Internal auditors should review operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned. 01. Management is responsible for establishing operating or program objectives and goals, developing and implementing control procedures, and accomplishing desired operating or program results. Internal auditors should ascertain whether such objectives and goals conform with those of the organization and whether they are being met. 1. The term operations refers to the recurring activities of an organization directed toward producing a product or rendering a service. Such activities may include, but are not limited to, marketing, sales, production, purchasing, human resources, finance and accounting, and governmental assistance. An operations results may be measured against established objectives and goals which may include budgets, time or production schedules, and/or operating plans. 2. The term programs refers to special purpose activities of an organization. Such activities include, but are not limited to, the raising of capital, sale of a facility, fund-raising campaigns, new product or service introduction campaigns, capital expenditures, and special purpose government grants. Special purpose activities may be short-term or long-term, spanning several years. When a program is completed, it generally ceases to exist. Program results may be measured against established program objectives and goals. 3. Management is responsible for establishing criteria to determine if objectives and goals have been accomplished. 4. Internal auditors should ascertain whether criteria have been established. If so, internal auditors should use such criteria for evaluation if they are considered adequate. 5. If management has not established criteria, or if the established criteria, in the internal auditors opinion, are less than adequate, internal auditors should report such conditions to the appropriate levels of management. Additionally, internal auditors may recommend appropriate courses of action depending on the circumstances. 6. Internal auditors may recommend alternative sources of criteria to management, such as:

65

66

a. Acceptable industry standards. b. Standards developed by professions or associations. c. Standards in law and government regulations. 7. If adequate criteria are not established by management, internal auditors may still formulate criteria they believe to be adequate in order to perform an audit, form an opinion, and issue a report on the accomplishment of established objectives and goals. 8. The internal auditors evaluation of the accomplishment of established objectives and goals may be carried out with respect to an entire operation or program or only a portion of it. Audit objectives may include determining whether: a. The objectives and goals established by management for a proposed, new, or existing operation or program are adequate and have been effectively articulated and communicated. b. The operation or program achieves its desired level of interim or final results. c. The factors which inhibit satisfactory performance are identified, evaluated, and controlled in an appropriate manner. d. Management has considered alternatives for directing an operation or program which may yield more effective and efficient results. e. An operation or program complements, duplicates, overlaps, or conflicts with other operations or programs. f. Controls for measuring and reporting the accomplishment of objectives and goals are established and are adequate. g. An operation or program is in compliance with policies, plans, procedures, laws, and regulations. 9. Internal auditors should communicate the audit results to the appropriate levels of management. The report should state the criteria established by management and employed by internal auditors and disclose the nonexistence or inadequacy of any needed criteria. If internal auditors formulated criteria by which to measure the accomplishment of objectives and goals, the report should clearly state that internal auditors formulated the criteria and then present the audit results. 02. Internal auditors can provide assistance to managers who are developing objectives, goals, and systems by determining whether the underlying assumptions are appropriate; whether accurate, current, and relevant information is being used; and whether suitable controls have been incorporated into the operations or programs.

B. Summary of AICPA Standards for Internal Controls 1. SAS 55 and 78 (AU Section 319.06) define internal control as the process effected by an entitys board of directors, management, and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

66

67

a. Operational controls - relating to the effective and efficient use of the entitys resources. b. Financial reporting controls - relating to the preparation of reliable published financial statements. c. Compliance controls - relating to the entitys compliance with applicable laws and regulations. C. Elements and Types of Internal Control 1. SAS 55 and 78 (AU Section 319.32) identify five internal control components: a. Control Environment forms the foundation for the other internal control components. The control environment is often a function of the organizational culture and is usually only as strong as the ethics and attitudes of those in charge of implementing internal controls. Organizations that foster an ethical environment and promote compliance with internal controls, especially through top management, have a solid foundation. These organizations often have effective personnel policies and a code of conduct. A strong training program is also a key ingredient. For example, some retail organizations have found that training programs to identify instances of fraud and theft and the associated penalties have reduced the instances of fraud and theft in sales and cashier positions. Internal auditing can also have a positive impact as it assists in preventing and detecting invalid transactions and statements. Internal audit also reviews compliance with accepted policies, procedures, and practices to ensure that basic internal controls (such as segregation of duties) are present. b. Risk Assessment is the process of assessing the inherent risks associated with achieving business goals. The effective management of business risk can help increase the profitability of an organization. For risk management controls to be implemented, operating objectives must be instituted and be reasonably obtainable. The risks associated with operating objectives include the business climate, competitors, technology, customer requirements, and legislation. There are also risk associated with compliance with laws and regulations. These are often more difficult to implement since compliance may actually negatively impact financial goals in the short term. For example, noncompliance with environmental regulations may seem cost-effective in the current quarter; however, the fines and associated negative publicity could have severe long term consequences.

67

68

Internal audit routinely reviews compliance risk and also should be reviewing business risk. The efforts to control both risk types will enhance the short- and longterm profitability and viability of an organization. c. Information and communication is critical to ensuring the effectiveness of an internal control system. Management needs to receive the necessary reports and information to determine if organizational objectives are being met. Often these reports are generated from an information system and should be sufficiently detailed to management to carry out their responsibilities. In todays environment, information systems has become analogous to computer system. Therefore, the controls associated with the integrity and security of computer systems have a direct impact on the validity of information. The basic controls include: Input - controls over the entry of information from source documents. In todays environment, a paper-based source document may not be available due to real time data entry; therefore, the edit checks and other input controls are critical. Edit checks are defined as the programmed edits that permit or prevent the input of invalid data. For example, a Social Security Number must be 9 characters and numeric. More complex edit checks include ranges (maximum monthly salary of $15,000, for example) or other logical groupings. processing - controls over the actual processing of the information. The programming that manipulates, categorizes, or summarizes the data (financial transactions, for example). These controls ensure that valid data will be processed and produce expected and valid results. output - controls the dissemination of the information either in hard copy or electronic format. Reports must be readable and understandable and those that contain sensitive information must be adequately safeguarded.

Communication of internal requirements is a key concern for external auditors because the internal control structure has an impact on the financial statements and associated audit opinion. Employees must be aware of and implement the accepted control procedures. Awareness can be communicated through formal policies and procedures and through the requirements outlined in job descriptions. Training programs are also an excellent means to ensure employees understand their responsibility. d. Control activities are the policies and procedures that assist management in ensuring that objectives are carried out. They also help ensure that necessary actions are taken to assess the risks associated with the achievement of managements objectives.

68

69

Control activities are designed to prevent and detect errors in financial transactions and to promote accurate financial statements. Although there are numerous separate and distinct control activities, some of the more common ones include: segregation of duties - ensures that accounting staff and payment staff (those that have access to financial assets) do not have access to the records or assets controlled by the other group. Segregation of duties would prevent one person from misappropriating assets and the concealing the crime by making false entries into accounting records. documentation, review, and approval of transactions - all financial transactions should be documented and have a sufficient audit trail. In addition, all transactions should be reviewed and approved by someone other than the person entering the transaction. pre-numbered documents - help ensure that financial documents cannot be taken and used inappropriately without detection. Frequent verification and reconciliation of the pre-numbered forms must be conducted. computer controls - such as online edit checks (that test validity of data for reasonableness, limits, etc.) to ensure that data meets basic parameters. In addition controls over systems development, including controlling changes to programs, must be in place. frequent review of activities - to ensure that policies and procedures are being followed. These would also include reviews of inventory, accounting records, transaction logs, etc. In many instances these reviews may be performed internal audit staff; however, spot checks are often performed by supervisory staff in specific areas. controlled adjustment and error processing - to ensure that adjustments are recorded, reviewed, and approved prior to being incorporated into the financial statements. This includes the review and re-processing of data that had errors in the initial entry of the data.

The control activities listed above are some of the basic processes and procedures that help establish the framework for an effective system of internal control over financial activities. e. Monitoring is the process of reviewing internal controls to ensure that they are effective. Even the best system of internal controls must be continually reviewed to ensure that the activities are being followed and continue to meet organizational needs. Beyond routine activities of monitoring (such as comparing budget to actual performance) more extensive evaluations of the internal control system should be conducted. Internal auditors generally perform these in-depth evaluations of internal control systems. Some of the routine monitoring activities may include:

69

70

monthly bank reconciliations cash register audit to verify that cash and cash register tapes are reconciled periodic inventory of assets (cash, equipment, product inventory, etc.) review of accounts payable for appropriateness follow-up on customer inquiries regarding exceptions to billing statements.

D. Evaluation of the System of Internal Control 1. Since the internal control environment has a significant impact on the integrity of transactions and, subsequently, the financial statements, the internal control environment must be evaluated. This includes reviewing the internal control system to determine the probability of material misstatements or the potential for fraud. Therefore, to effectively plan for an audit, an understanding of the internal control system must be obtained. 2. Auditors need to review the system of internal control to: a. determine whether the necessary controls to prevent misstatement and fraud have been developed. b. determine whether the necessary controls to prevent misstatement and fraud have been implemented. c. identify that weaknesses exist in the internal control environment. d. report significant weaknesses to the auditee. e. design tests to reflect the weaknesses identified in the internal control environment. 3. There are four steps in evaluating internal controls: a. Identify the control points that exist in the system. For example, segregation of the accounts payable, disbursement, and accounting functions would be a control point. This segregation would prevent a fraudulent payment transaction unless collusion was involved. In some instances, the accepted or expected control may not exist; however, a compensating control may exist. In the previous example, if the functions were not segregated but an independent person reviewed and approved all payments, an auditor may determine that a sufficient compensating control exists. b. Document an understanding of the control environment. Sufficient documentation can come in a variety of forms, including:

70

71

1. memorandums - documents that outline the control environment, control points, and weaknesses in a narrative format. 2. questionnaires - a document that follows a prescribed format where specific questions are asked and answers are placed directly on the form. This approach works best when it is supplemented with a memorandum. 3. checklists - a document that is similar to a questionnaire that contains less narrative and more yes/no questions. In most instances, a checklist does not provide sufficient documentation unless accompanied with a memorandum. 4. flowchart - a document that outlines in visual and narrative format the processes and control points within the process. A flowchart is an excellent way to document the control environment in an understandable format. c. Assess the level of control risk. This assessment will determine the necessary level of substantive testing. Control risk can range from minimum (effective controls exist) to maximum (limited controls exist). If control risk is maximum, extensive substantive testing will be necessary to determine the validity of transactions and data. If minimum is selected, the need for substantive tests is greatly reduced. The level of control risk can be modified during testing if test results indicate that a change is warranted. In some cases, auditors may assess control risk at maximum (even though the internal control system appears strong) to increase the testing levels to verify the integrity of transactions and data. In any case, any decisions relating to the assessment of control risk must be thoroughly documented. d. Communicate reportable conditions to management. The AICPA (AU Section 325.02) defines reportable condition as: Matters coming to the attention of auditors attention, that in his/her judgment, should be communicated to the audit committee because they represent significant deficiencies in the design or operation of the internal control (system), which could adversely affect the organizations ability to record, process, summarize, and report financial data consistent with the assertions of management in the financial statements. Some examples of reportable conditions include: a. lack of appropriate segregation of duties b. evidence of fraudulent activities by employees or management c. failure to correct reportable conditions identified in prior engagements d. failure to safeguard assets from loss, damage or misappropriation

71

72

e. evidence of system flaws that fail to provide complete and accurate information. Reportable conditions are often called material weaknesses and are reported to management in a formal letter. It should be noted that auditors are not required to search for and/or identify reportable conditions; however, if they are identified, they must be reported to management.

E. Internal Control Integrated Framework (COSO) 1. The Committee on Sponsoring Organizations (COSO) was a private-sector initiative started in the 1980s to address the problem of fraudulent financial reporting. In the 1970s there were a number of scandals that called into question the integrity of corporate financial reporting. For example, some corporations made significant payments to foreign entities to secure contracts and business opportunities. However, the payments were not properly recorded or disclosed in financial reports. These scandals led to the enactment of the Foreign Corrupt Practices Act of 1977. 2. Problems continued to persist in the 1980s and the private sector was wary of additional government intervention, so five organizations banded together to form COSO: the American Institute of CPAs, the American Accounting Association, the Financial Executives Institute, the Institute of Internal Auditors, and the Institute of Management Accountants. 3. COSOs mission was to improve the quality of financial reporting through a focus on corporate governance, internal controls, and ethical standards. 4. The initial project was the Treadway Commission Report, issued in October 1987. The Treadway Commission Report called for an adequate system of internal control. The report also recommended a public management report describing managements responsibility for a companys financial statements and internal controls, and an assessment of the internal control system. The Treadway Commission developed an internal control framework called the Internal Control Integrated Framework. The Framework defines internal control broadly and does not limit internal controls to accounting controls over financial reporting. While financial reporting is an important responsibility of the audit committee, there are other very important aspects of the business relating to resource protection, operational efficiency and economy, and compliance with rules, regulations, and policies that are also important. The Framework promotes the concept that effective internal control is managements responsibility and requires the participation of all persons within an organization if it is to be effective. 5. COSO defines internal control, describes its components, and provides criteria against which control systems can be evaluated. It offers guidance for public reporting on internal control and provides materials that management, auditors, and others can use to evaluate an internal control system. 6. Two major goals of COSO were to: 72

73

a. establish a common definition of internal control b. provide a standard against which organizations can assess their control systems 7. COSO has a similar definition of internal control as the AICPA and defines internal control as: a process, effected by an entity's board of directors, management, and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: a. effectiveness and efficiency of operations b. reliability of financial reporting c. compliance with applicable laws and regulations 8. COSO emphasizes that the internal control system is a tool of, but not a substitute for, management and that controls should be built into, rather than built onto, operating activities. Although the report defines internal control as a process, it recommends evaluating the effectiveness of internal control as of a point in time. 9. COSO also addresses the limitations of an internal control system and the roles and responsibilities of the parties that affect a system. Limitations include faulty human judgment, misunderstanding of instructions, errors, management override, collusion, and cost/benefit considerations. For additional information on COSO, access this web site: http://www.aicpa.org/news/p032699b.htm F. Control Self Assessment 1. To ensure that internal controls exist and are operating properly, every organization should make a self-assessment of its control system. The self-assessment may be made in specific areas deemed to be of high risk by senior management rather than across the board. 2. An objective of the initial self assessment is to provide insight into how to proceed with a more in-depth evaluation of the internal control system. 3. The concept of self assessment is included in COSO and many other documents that provide guidance on internal control activities. 4. Self assessment places responsibility on the organization and individuals responsible for key areas (sales, payroll, manufacturing, accounting, etc.) to develop procedures to adequately control their functions. If responsibility for controls is clearly delineated to key staff, the internal control system is far more likely to be effective. As a result, internal and external

73

74

auditors can place more reliance on the internal control system, and, more importantly, the likelihood of inaccurate financial reporting is greatly diminished.

74

75

UNIT 4: AUDIT PROCESS

The audit process encompasses all of the aspects of an audit from the inception through the development of the final product. Audit standards have been developed to guide the process and promote an objective and quality product. I. AUDIT PLANNING All audit work should be adequately planned. Generally, audit planning involves gathering background information about the audit area, defining the audits scope and objectives, and preparing an audit program.

A. IIA Standards for Audit Planning Specific guidance for audit planning internal audits is given in IIA Standard 400-410 and 520. The following is the complete text of IIA Standard 400-410 and 520:
400 PERFORMANCE OF AUDIT WORK AUDIT WORK SHOULD INCLUDE PLANNING THE AUDIT, EXAMINING AND EVALUATING INFORMATION, COMMUNICATING RESULTS, AND FOLLOWING UP. 01. The internal auditor is responsible for planning and conducting the audit assignment, subject to supervisory review and approval. 410 Planning the Audit Internal auditors should plan each audit. .01 Planning should be documented and should include: .1 Establishing audit objectives and scope of work. a. Audit objectives are broad statements developed by internal auditors and define intended audit accomplishments. Audit procedures are the means to attain audit objectives. Audit objectives and procedures, taken together, define the scope of the internal auditors work. Audit objectives and procedures should address the risks associated with the activity under audit. The term risk is the probability that an event or action may adversely affect the activity under audit. The guidelines contained in Sections 520.04.1 - .14 of the Standards should be used by internal auditors to assess risk for individual audit assignments. The purpose of the risk assessment during the planning phase of the audit is to identify significant areas of the auditable activity.

b.

c.

.2 Obtaining background information about the activities to be audited.

75

76

a.

A review of background information should be performed to determine the impact on the audit. Such items include: Objectives and goals. Policies, plans, procedures, laws, regulations, and contracts which could have a significant impact on operations and reports. Organizational information, e.g., number and names of employees, key employees, job descriptions, and details about recent changes in the organization, including major system changes. Budget information, operating results, and financial data of the activity to be audited. Prior audit workpapers. Results of other audits, including the work of external auditors, completed or in process. Correspondence files to determine potential significant audit issues. Authoritative and technical literature appropriate to the activity.

b.

Other requirements of the audit, such as the audit period covered and estimated completion dates, should be determined. The final audit report format should be considered, since proper planning at this stage facilitates writing the final audit report.

.3 Determining the resources necessary to perform the audit. a. The number and experience level of the internal auditing staff required should be based on an evaluation of the nature and complexity of the audit assignment, time constraints, and available resources. Knowledge, skills, and disciplines of the internal auditing staff should be considered in selecting internal auditors for the audit assignment. Training needs of internal auditors should be considered, since each audit assignment serves as a basis for meeting developmental needs of the internal auditing department. Consideration of the use of external resources in instances where additional knowledge, skills, and disciplines are needed.

b.

c.

d.

.4 Communicating with all who need to know about the audit. a. Meetings should be held with management responsible for the activity being examined. Topics of discussion may include: Planned audit objectives and scope of work. The timing of audit work. Internal auditors assigned to the audit.

76

77

The process of communicating throughout the audit, including the methods, time frames, and individuals who will be responsible. Business conditions and operations of the activity being audited, including recent changes in management or major systems. Concerns or any requests of management. Matters of particular interest or concern to the internal auditor. Description of the internal auditing departments reporting procedures and follow-up process.

b.

A summary of matters discussed at meetings and any conclusions reached should be prepared, distributed to individuals, as appropriate, and retained in the audit workpapers.

.5 Performing, as appropriate, a survey to become familiar with the activities, risks, and controls to identify areas for audit emphasis, and to invite auditee comments and suggestions. a. A survey is a process for gathering information, without detailed verification, on the activity being examined. The main purposes are to: b. Understand the activity under review. Identify significant areas warranting special emphasis. Obtain information for use in performing the audit. Determine whether further auditing is necessary.

A survey permits an informed approach to planning and carrying out audit work, and is an effective tool for applying the internal auditing departments resources where they can be used most effectively. The focus of a survey will vary depending upon the nature of the audit. The scope of work and the time requirements of a survey will vary. Contributing factors include the internal auditors training and experience, knowledge of the activity being examined, the type of audit being performed, and whether the survey is part of a recurring or follow-up assignment. Time requirements will also be influenced by the size and complexity of the activity being examined, and by the geographical dispersion of the activity. A survey may involve use of the following procedures: Discussions with the auditee. Interviews with individuals affected by the activity, e.g., users of the activitys output. On-site observations. Review of management reports and studies. Analytical auditing procedures.

c. d.

e.

77

78 f.

Flowcharting. Functional "walk-through" (tests of specific work activities from beginning to end). Documenting key control activities.

A summary of results should be prepared at the conclusion of the survey. The summary should identify: Significant audit issues and reasons for pursuing them in more depth. Pertinent information developed during the survey. Audit objectives, audit procedures, and special approaches such as computer-assisted audit techniques. Potential critical control points, control deficiencies, and/or excess controls. Preliminary estimates of time and resource requirements. Revised dates for reporting phases and completing the audit. When applicable, reasons for not continuing the audit.

520 Planning The director of internal auditing should establish plans to carry out the responsibilities of the internal auditing department. 01. These plans should be consistent with the internal auditing departments charter and with the goals of the organization. 02. The planning process involves establishing: 1. Goals. 2. Audit work schedules. 3. Staffing plans and financial budgets. 4. Activity reports. 03. The goals of the internal auditing department should be capable of being accomplished within specified operating plans and budgets and, to the extent possible, should be measurable. They should be accompanied by measurement criteria and targeted dates of accomplishment. 04. Audit work schedules should include (a) what activities are to be audited; (b) when they will be audited; and (c) the estimated time required, taking into account the scope of the audit work planned and the nature and extent of audit work performed by others. Matters to be considered in establishing audit work schedule priorities should include (a) the date and results of the last audit; (b) financial exposure; (c) potential loss and risk; (d) requests by management; (e) major changes in operations, programs, systems, and controls; (f) opportunities to achieve operating benefits; and (g) changes to and capabilities of the audit staff. The work schedules should be sufficiently flexible to cover unanticipated demands on the internal auditing department.

78

79

Note: The full text of Sections 520.04.1 520.04.14 are printed in Unit 5
05. Staffing plans and financial budgets, including the number of auditors and the knowledge, skills, and disciplines required to perform their work, should be determined from audit work schedules, administrative activities, education and training requirements, and audit research and development efforts. 06. Activity reports should be submitted periodically to senior management and to the board. These reports should compare (a) performance with the departments goals and audit work schedules and (b) expenditures with financial budgets. They should explain the reason for major variances and indicate any action taken or needed.

B. AICPA Standards for Planning Audits that Involve Computers SAS 22 (AU Section 311) provides additional guidance when planning an audit that involves computer-generated information or the use of computer-assisted audit techniques. This statement suggests that auditors should consider matters such as: 1. The extent to which the computer is used in each significant accounting application. 2. The complexity of the entitys computer operations, including the use of an outside service center. 3. The organizational structure of the computer processing activities. 4. The availability of data. Documents that are used to enter information into the computer for processing, certain computer files, and other evidential matter that may be required by the auditor may exist only for a short period or only in the computer-readable form. In some computer systems, input documents may not exist at all because information is directly entered into the system. An entitys data retention policies may require the auditor to request retention of some information for review or to perform audit procedures at a time when the information is available. In addition, certain information generated by the computer for managements internal purposes may be useful in performing substantive tests. 5. The use of computer-assisted audit techniques to increase the efficiency of performing audit procedures. Using computer-assisted audit techniques may also provide the auditor with an opportunity to apply certain procedures to an entire population of accounts or transactions. In addition, in some accounting systems, it may be difficult or impossible for the auditor to analyze certain data or test specific control procedures without computer assistance.

79

80

II. AUDIT PROGRAMS Audit programs are designed to document the audit objectives decided upon during the planning phase of the audit. In addition, the audit program documents the methods and procedures assigned auditors will use to achieve the audit objectives.

A. IIA Standards for Writing the Audit Program Specific guidance for audit planning internal audits is given in IIA Standard 410.6-410.8. The following is the complete text of IIA Standard 410.6-410.8:
410.6 Writing the audit program. a. Audit programs should: Document the internal auditors procedures for collecting, analyzing, interpreting, and documenting information during the audit. State the objectives of the audit. Set forth the scope and degree of testing required to achieve the audit objectives in each phase of the audit. Identify technical aspects, risks, processes, and transactions which should be examined. State the nature and extent of testing required. Be prepared prior to the commencement of audit work and modified, as appropriate, during the course of the audit.

410.7 Determining how, when, and to whom audit results will be communicated. a. The director of internal auditing is responsible for determining how, when, and to whom audit results will be communicated. This determination should be documented and communicated to management, to the extent deemed practical, during the planning phase of the audit. Subsequent changes which affect the timing or reporting of audit results should also be communicated to management, if appropriate.

410.8 Obtaining approval of the audit work plan. a. Audit work plans should be approved in writing by the director of internal auditing or designee prior to the commencement of audit work. Adjustments to audit work plans should be approved in a timely manner. Initially, approval may be obtained orally, if factors preclude obtaining written approval prior to commencing audit work.

b.

B. Functions of Audit Programs

80

81

1. Audit programs document the agreed upon objectives and overall strategy for the audit. The extent of the audit program will vary depending on the size and complexity of the area audited. 2. Audit programs provide a written record of the audit objectives, scope, and methodology, and the auditors reasons for these decisions. 3. Audit programs provide an opportunity to determine whether sufficient staff and resources are available to adequately satisfy the audit objectives. 4. Audit programs should be flexible enough to incorporate necessary changes as the audit progresses. C. Contents of Audit Programs The extent and type of information included in an audit program will vary depending on the nature of the assignment and the assigned auditors knowledge of and experience with the audit area. However, audit programs may include the following: 1. background information about the audit area 2. discussion of relevant legal issues 3. a list of relevant past audit findings 4. the names and numbers of key auditee contacts 5. specific audit tasks for auditors to carry out the audit objectives 6. a timeline for completing the various audit phases and the final report 7. a listing of staff assigned to the audit and their qualifications

III. AUDIT WORKPAPERS Workpapers are the basic medium on which audit evidence is recorded and stored. Therefore, workpapers represent a record of the work performed and the conclusions reached during the audit. Workpapers may be prepared manually or by computer. The specific form and content of workpapers will vary according to the complexity and nature of individual audits. A. IIA Standards for Workpapers Specific guidance for audit planning internal audits is given in IIA Standard 420.5. The following is the complete text of IIA Standard 420.5:

81

82

420.5 Workpapers that document the audit should be prepared by the auditor and reviewed by management of the internal auditing department. These papers should record the information obtained and the analyses made and should support the bases for the findings and recommendations to be reported. a. Audit workpapers generally serve to: Provide the principal support for the internal audit report. Aid in the planning, performance, and review of audits. Document whether the audit objectives were achieved. Facilitate third-party reviews. Provide a basis for evaluating the internal auditing departments quality assurance program. Provide support in circumstances such as insurance claims, fraud cases, and lawsuits. Aid in the professional development of the internal auditing staff. Demonstrate the internal auditing departments compliance with the Standards for the Professional Practice of Internal Auditing.

b.

The organization, design, and content of audit workpapers will depend on the nature of the audit. Audit workpapers should, however, document the following aspects of the audit process: Planning. The examination and evaluation of the adequacy and effectiveness of the system of internal control. The auditing procedures performed, the information obtained, and the conclusions reached. Review. Reporting. Follow-up.

c. d.

Audit workpapers should be complete and include support for audit conclusions reached. Among other things, audit workpapers may include: Planning documents and audit programs. Control questionnaires, flowcharts, checklists, and narratives. Notes and memoranda resulting from interviews. Organizational data, such as organization charts and job descriptions. Copies of important contracts and agreements.

82

83

e.

Information about operating and financial policies. Results of control evaluations. Letters of confirmation and representation. Analysis and tests of transactions, processes, and account balances. Results of analytical auditing procedures. The audit report and managements responses. Audit correspondence if it documents audit conclusions reached.

Audit workpapers may be in the form of paper, tapes, disks, diskettes, films, or other media. If audit workpapers are in the form of media other than paper, consideration should be given to generating backup copies. If internal auditors are reporting on financial information, the audit workpapers should document whether the accounting records agree or reconcile with such financial information. Some audit workpapers may be categorized as permanent or carry-forward audit files. These files generally contain information of continuing importance. The director of internal auditing should establish policies for the types of audit workingpaper files maintained, stationery used, indexing and other related matters. Standardized audit workpapers such as questionnaires and audit programs may improve the efficiency of an audit and facilitate the delegation of audit work. The following are typical audit working-paper preparation techniques: Each audit workpaper should contain a heading. The heading usually consists of the name of the organization or activity being examined, a title or description of the contents or purpose of the workpaper, and the date or period covered by the audit. Each audit workpaper should be signed (or initialed) and dated by the internal auditor. Each audit workpaper should contain an index or reference number. Audit verification symbols (tick marks) should be explained. Sources of data should be clearly identified.

f.

g.

h.

i.

j.

All audit workpapers should be reviewed to ensure that they properly support the audit report and that all necessary auditing procedures have been performed. Evidence of supervisory review should be documented in the audit workpapers. The director of internal auditing has overall responsibility for review but may designate appropriately experienced members of the internal auditing department to perform the review. Evidence of supervisory review should consist of the reviewer initialing and dating each workpaper after it is reviewed.

k.

83

84

l.

Other review techniques that provide evidence of supervisory review include completing an audit working-paper review checklist and/or preparing a memorandum specifying the nature, extent, and results of the review.

m. Reviewers may make a written record (review notes) of questions arising from the review process. When clearing review notes, care should be taken to ensure that the workpapers provide adequate evidence that questions raised during the review have been resolved. Acceptable alternatives with respect to disposition of review notes are as follows: Retain the review notes as a record of the questions raised by the reviewer and the steps taken in their resolution. Discard the review notes after the questions raised have been resolved and the appropriate audit workpapers have been amended to provide the additional information requested. n. o. Audit workpapers are the property of the organization. Audit working-paper files should generally remain under the control of the internal auditing department and should be accessible only to authorized personnel. Management and other members of the organization may request access to audit working papers. Such access may be necessary to substantiate or explain audit findings or to utilize audit documentation for other business purposes. These requests for access should be subject to the approval of the director of internal auditing. It is common practice for internal and external auditors to grant access to each others audit workpapers. Access to audit workpapers by external auditors should be subject to the approval of the director of internal auditing. There are circumstances where requests for access to audit workpapers and reports are made by parties outside the organization other than external auditors. Prior to releasing such documentation, the director of internal auditing should obtain the approval of senior management and/or legal counsel, as appropriate. The director of internal auditing should develop retention requirements for audit working papers. These retention requirements should be consistent with the organizations guidelines and any pertinent legal or other requirements.

p.

q.

r.

s.

B. Purposes of Workpapers Workpapers are: 1. A record of the purpose and scope of the audit 2. Documentation of work performed during the audit 3. Support for the information, conclusions, and recommendations contained in the audit report

84

85

4. A tool for monitoring progress during the audit by showing what work has been completed and what work remains 5. A source for determining additional areas that may require testing 6. A means of collecting and organizing data into manageable components 7. Support for discussions with management about the organizations operations and controls 8. A source of information that aids continuity when audit staff changes 9. A data source for future reference 10. A basis for management to evaluate the auditors technical ability and proficiency 11. Documentation to facilitate external reviews by providing evidence that auditors complied with audit standards when conducting the audit C. Basic Workpaper Guidelines 1. The auditor preparing the workpaper should be primarily responsible for its format, content, and accuracy. Subsequent reviews by others should not relieve the initial preparer of this responsibility. 2. Workpapers should be complete and accurate. They should leave a clear, concise, and adequate record that fully documents the audit procedures followed, who performed the audit work, and who reviewed the work. Workpapers should be so clearly prepared that it would be possible, even years later, to allow a third party to reconstruct the tests and analyses that have been performed. 3. Workpapers should be legible and neat in order to facilitate prompt and thorough supervisory review. 4. Workpapers should be relevant and orderly, rather than just represent a collection of random information. 5. Workpapers may contain the following information: a. Name of the auditee and/or the specific area being audited b. Subject of the workpaper c. Date or period covered d. Source of the information 85

86

e. Purpose of the workpaper f. Signature or initials of the preparer g. Date prepared h. Evidence of supervisory review i. Index or reference number j. Cross indexes to audit program or other workpapers 6. Use footnotes or other identifying explanations to annotate workpapers as necessary for a clear understanding of the work performed. D. Type of Information Typically Contained in the Workpapers The workpapers should contain everything that is pertinent to the work being performed and to understanding how the work was planned and carried out, including: 1. Audit programs 2. Correspondence 3. Interview write-ups 4. Memoranda 5. Policies and procedures 6. Legal Information 7. Sampling plans 8. Flow charts 9. Questionnaires 10. Previous audits, responses, and results of follow-up 11. Supporting data 12. Results of tests 13. Observations 86

87

E. The Role of Workpapers in Audit Supervision 1. Workpapers assist audit supervisors in monitoring and controlling audits (e.g., establishing quality control, organizing staff assignments, and determining compliance with audit standards). 2. Workpapers provide a record of audit information for use in planning and carrying out subsequent audit assignment. 3. Workpapers provide a basis for auditor evaluations.

IV. AUDIT EVIDENCE Auditors accumulate evidence during fieldwork to fulfill the audit objectives and to support audit findings. Evidence is gathered by using analytical auditing procedures. A. IIA Standards for Audit Evidence Specific guidance for audit evidence is given in IIA Standards 420.2 - 420.4. The following is the complete text of these IIA Standards:
420.2 Information should be sufficient, competent, relevant, and useful to provide a sound basis for audit findings and recommendations. a. Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Competent information is reliable and the best attainable through the use of appropriate audit techniques. Relevant information supports audit findings and recommendations and is consistent with the objectives for the audit. Useful information helps the organization meet its goals.

b.

c.

d.

.3 Audit procedures, including the testing and sampling techniques employed, should be selected in advance, where practicable, and expanded or altered if circumstances warrant. .4 The process of collecting, analyzing, interpreting, and documenting information should be supervised to provide reasonable assurance that the auditors objectivity is maintained and that audit goals are met.

B. Use of Evidence to Support Audit Findings

87

88

Evidence can be classified in three broad categories according to its value in supporting a conclusion: 1. Primary or Direct Evidence supports a finding with the greatest degree of certainty. Generally, only evidence which is considered proof of fact would be included in this category. Such evidence does not require an inference or presumption on the part of the auditor in coming to a conclusion. A signed contract, for example, is generally considered direct evidence of the terms of a contract. However, if there is doubt as to the authenticity of the signatures, the evidence may be downgraded to secondary. 2. Secondary of Indirect Evidence provides less certainty in supporting a finding or conclusion. Typical examples of secondary evidence include interviews and internally prepared documents. However, the specific use the evidence and the importance of the finding determine whether such evidence is considered primary or secondary. 3. Corroborative Evidence is additional evidence in support of primary or secondary evidence. This type of evidence cannot support a finding or conclusion by itself.

C. Types of Evidence There are four categories of evidence: documentary evidence, analytical evidence, testimonial evidence, and physical evidence. 1. Documentary Evidence is usually the most reliable type of evidence. Documentation such as letters, contracts, ledgers, invoices, and canceled checks are generally very reliable and objective sources of evidence. However, in cases where the validity of the documentation is in doubt, corroborative evidence should be obtained. 2. Analytical Evidence is evidence compiled by the auditor from other types of evidence. Analytical evidence includes calculations, comparisons, and interpretations made by the auditor. The quality of analytical evidence depends on the quality of the data used and the quality of the analysis performed. Therefore, auditors relying on analytical evidence should fully document the analytical procedure used. 3. Testimonial Evidence consists of information obtained from individuals through oral or written statements. Testimonial evidence includes interviews, surveys, and questionnaires. Interview information critical to the audit should be corroborated when possible by examining records or other information. The value of testimonial evidence depends on the validity of the information source. Auditors should ask themselves whether their source of information is free from bias and whether the individual is in a position to be truly knowledgeable about the topic in question. 4. Physical Evidence is gathered by the auditor through direct inspection or observation of people, property, or events. Such evidence may be documented in the form of memoranda, photographs, maps, or samples. Inspection or observation is used for:

88

89

a. Documenting procedures and workflows b. Inventory counts, estimating transaction volumes, and other condition measurements c. Testing compliance with statutes, administrative rules, policies, and procedures. The use of observation has some potential limitations for the following reasons: a. Individuals may behave differently while under observation. b. The case or incident observed may be an aberration and not typical of standard practice. c. Observations are subject to interpretation and may be refuted. Auditors must exercise judgment when using observation as an audit tool. If possible, observations should be corroborated with other evidence. D. Unsupported Allegations Auditors may occasionally receive unsupported allegations about personnel or programs under review. The following guidelines address this issue: 1. Unsupported allegations are not evidence. 2. Auditors should use judgment in deciding whether or not to follow-up on unsupported allegations by asking: a. b. c. d. Is the allegation related to the audit? Is the allegation serious? Is the source of the information reliable? Is the source of the information in a position to know what they are talking about?

3. Unsupported allegations must be corroborated with additional evidence before a finding can be developed.

E. Adequacy of Audit Evidence Evidence must be relevant, sufficient, and competent in order to adequately support an audit finding. Auditors must judge for themselves whether their evidence meets these criteria. 1. Relevant Evidence is evidence that has a logical relationship to the issue.

89

90

2. Sufficient Evidence exists when there is enough factual and convincing information to support a finding. 3. Competent Evidence exists when the information is valid and reliable. The following general rules apply to competency: a. Evidence from an independent source is generally more competent than a nonindependent source. b. The stronger the auditees control systems, the more competent the evidence. c. Evidence obtained through physical examination, observation, computation, and inspection is more competent than evidence obtained indirectly (e.g., through interviews). d. Original documents are more competent than copies. V. REVIEW AND EVALUATION OF FINDINGS Audit supervisors are responsible for reviewing findings developed through the audit process. All findings included in audit reports must be supported by information contained in the workpapers.

A. IIA Standards for Review and Evaluation of Findings Specific guidance for communicating results is given in IIA Standard 430.04.5 through 430.05. The following is the complete text of IIA Standard 430.04.5 through 430.05:
430.04.5 Results may include findings, conclusions (opinions), and recommendations. .6 Findings are pertinent statements of fact. Those findings which are necessary to support or prevent misunderstanding of the internal auditors conclusions and recommendations should be included in the final audit report. Less significant information or findings may be communicated orally or through informal correspondence. .7 Audit findings emerge by a process of comparing what should be with what is. Whether or not there is a difference, the internal auditor has a foundation on which to build the report. When conditions meet the criteria, acknowledgment in the audit report of satisfactory performance may be appropriate. Findings should be based on the following attributes: a. Criteria: The standards, measures, or expectations used in making an evaluation and/or verification (what should exist). Condition: The factual evidence which the internal auditor found in the course of the examination (what does exist). Cause: The reason for the difference between the expected and actual conditions (why the difference exists).

b.

c.

90

91

d.

Effect: The risk or exposure the auditee organization and/or others encounter because the condition is not the same as the criteria (the impact of the difference). In determining the degree of risk or exposure, internal auditors should consider the effect their audit findings may have on the organizations financial statements. Reported findings may also include recommendations, auditee accomplishments, and supportive information if not included elsewhere.

e.

.8 Conclusions (opinions) are the internal auditors evaluations of the effects of the findings on the activities reviewed. They usually put the findings in perspective based upon their overall implications. Audit conclusions, if included in the audit report, should be clearly identified as such. Conclusions may encompass the entire scope of an audit or specific aspects. They may cover, but are not limited to, whether operating or program objectives and goals conform with those of the organization, whether the organizations objectives and goals are being met, and whether the activity under review is functioning as intended. .05 Reports may include recommendations for potential improvements and acknowledge satisfactory performance and corrective action. .1 Recommendations are based on the internal auditors findings and conclusions. They call for action to correct existing conditions or improve operations. Recommendations may suggest approaches to correcting or enhancing performance as a guide for management in achieving desired results. Recommendations may be general or specific. For example, under some circumstances, it may be desirable to recommend a general course of action and specific suggestions for implementation. In other circumstances, it may be appropriate only to suggest further investigation or study. .2 Auditee accomplishments, in terms of improvements since the last audit or the establishment of a well-controlled operation, may be included in the audit report. This information may be necessary to fairly represent the existing conditions and to provide a proper perspective and appropriate balance to the audit report.

B. Additional Guidelines for the Review and Evaluation of Findings 1. There are five elements of a finding: a. Condition (what is happening now or what has happened in the past) b. Criteria (the standard of what should exist) c. Cause (why condition does not agree with criteria) d. Effect (so what?) e. Recommendations (suggestions to correct the existing condition and to prevent it from recurring) 2. All of the elements of a finding should be present when possible. If an element is missing, the supervisor must determine whether it is the result of deficient audit work or inadequate presentation.

91

92

3. Recommendations should address specific actions to correct the problem and should not merely reiterate the condition statements. 4. Audit criteria should be reasonable and relate to management objectives. 5. Effect statements should not be overstated or understated.

VI. AUDIT REPORTS The audit report describes the results of the audit process. Reports should be prepared with due professional care because they represent the primary form of communication with management regarding the state of the organizations control systems.

A. IIA Standards for Audit Reports Specific guidance for communicating results is given in IIA Standard 430.01 through 430.04.4. The following is the complete text of IIA Standard 430.01 through 430.04.4:
430 Communicating Results Internal auditors should report the results of their audit work. .01 A signed, written report should be issued after the audit examination is completed. Interim reports may be written or oral and may be transmitted formally or informally. .1 Interim reports may be used to communicate information which requires immediate attention, to communicate a change in audit scope for the activity under review, or to keep management informed of audit progress when audits extend over a long period. The use of interim reports does not diminish or eliminate the need for a final report. .2 Summary reports highlighting audit results may be appropriate for levels of management above the auditee. They may be issued separately from or in conjunction with the final report. .3 The term signed means that the authorized internal auditors name should be manually signed in the report. Alternatively, the signature may appear on a cover letter. The internal auditor authorized to sign the report should be designated by the director of internal auditing. .4 If audit reports are distributed by electronic means, a signed version of the report should be kept on file in the internal auditing department. .02 Internal auditors should discuss conclusions and recommendations at appropriate levels of management before issuing final written reports. .1 Discussion of conclusions and recommendations is usually accomplished during the course of the audit and/or at post-audit meetings (exit interviews). Another technique is the review of draft audit reports by management of the auditee. These discussions and reviews help ensure that there have been no misunderstandings or misinterpretations of fact by providing the opportunity for the auditee to clarify specific items and to express views of the findings, conclusions, and recommendations.

92

93

.2 Although the level of participants in the discussions and reviews may vary by organization and by the nature of the report, they will generally include those individuals who are knowledgeable of detailed operations and those who can authorize the implementation of corrective action. .03 Reports should be objective, clear, concise, constructive, and timely. .1 Objective reports are factual, unbiased, and free from distortion. Findings, conclusions, and recommendations should be included without prejudice. a. If it is determined that a final audit report contains an error, the director of internal auditing should consider the need to issue an amended report which identifies the information being corrected. The amended audit report should be distributed to all individuals who received the audit report being corrected. b. An error is defined as an unintentional misstatement or omission of significant information in a final audit report. .2 Clear reports are easily understood and logical. Clarity can be improved by avoiding unnecessary technical language and providing sufficient supportive information. .3 Concise reports are to the point and avoid unnecessary detail. They express thoughts completely in the fewest possible words. .4 Constructive reports are those which, as a result of their content and tone, help the auditee and the organization and lead to improvements where needed. .5 Timely reports are those which are issued without undue delay and enable prompt effective action. .04 Reports should present the purpose, scope, and results of the audit; and, where appropriate, reports should contain an expression of the auditors opinion. .1 Although the format and content of the audit reports may vary by organization or type of audit, they should contain, at a minimum, the purpose, scope, and results of the audit. .2 Audit reports may include background information and summaries. Background information may identify the organizational units and activities reviewed and provide relevant explanatory information. They may also include the status of findings, conclusions, and recommendations from prior reports. There may also be an indication of whether the report covers a scheduled audit or the response to a request. Summaries, if included, should be balanced representations of the audit report content. .3 Purpose statements should describe the audit objectives and may, where necessary, inform the reader why the audit was conducted and what it was expected to achieve. .4 Scope statements should identify the audited activities and include, where appropriate, supportive information such as time period audited. Related activities not audited should be identified if necessary to delineate the boundaries of the audit. The nature and extent of auditing performed also should be described.

B. Additional Guidelines for Audit Reports 1. Audit reports should be objective.

93

94

2. Audit reports must be factual. All questions of fact should be discussed and resolved with the auditee prior to issuing the report. 3. Findings must be adequately supported. Burden of proof for findings rests with the auditor, not the auditee. 4. The tone of the report should be constructive. Focus should be more on emphasizing needed improvements, rather than on criticizing past deficiencies. 5. Executive summaries are typically one-page attachments to the report that briefly describe what was audited, the auditors conclusions and significant findings, and action taken by the auditee on the findings. 6. The purpose of a written report is to communicate the results of the audit and to facilitate corrective action. 7. A description of the scope of the audit and the methodologies used helps readers understand the purpose of the audit and judge the quality of the work performed. 8. The scope and methodology section may include a description of criteria, sampling plans, and significant assumptions. 9. In some cases, it may be necessary to include a statement of objectives or issue areas that were not pursued during the audit. VII. PERMANENT FILES Permanent files contain information of continuing interest and relevance to a particular audit. Auditors assigned to a project should review information in the permanent file before beginning the audit. Also, the permanent file records should be updated on a regular basis.

A. IIA Standards for Permanent Files Specific guidance for communicating results is given in IIA Standard 420.01.1.g. The following is the complete text of IIA Standard 420.01.1.g :
420.01.1 g. Some audit workpapers may be categorized as permanent or carry-forward audit files. These files generally contain information of continuing importance.

B. Types of Information Typically Contained in Permanent Files 1. Background and history information 2. Organizational charts

94

95

3. Mission statements 4. Articles of incorporation 5. Bylaws 6. Charter 7. Outstanding bond indenture agreements 8. Contracts 9. Process flowcharts 10. Prior audits 11. Annual Reports

95

96

UNIT 5: AUDIT TECHNIQUES

Audit techniques encompasses the generally accepted methods for the performance of audits in accordance with audit standards. I. RISK ASSESSMENT Risk assessment is a way of identifying potential effects and their significance

A. IIA Standards for Risk Assessment Specific guidance for communicating results is given in IIA Standard 520.04.1-14. The following is the complete text of IIA Standard 520.04.1-14:
520.04.1 The risk assessment process includes identification of auditable activities, identification of relevant risk factors, and an assessment of their relative significance. .2 The term risk is the probability that an event or action may adversely affect the organization. .3 The effects of risk can involve: a. An erroneous decision from using incorrect, untimely, incomplete, or otherwise unreliable information. Erroneous record keeping, inappropriate accounting, fraudulent financial reporting, financial loss and exposure. Failure to adequately safeguard assets. Customer dissatisfaction, negative publicity, and damage to the organizations reputation. Failure to adhere to organizational policies, plans, and procedures, or not complying with relevant laws and regulations. Acquiring resources uneconomically or using them inefficiently or ineffectively. Failure to accomplish established objectives and goals for operations or programs.

b.

c. d. e.

f. g.

.4 The first phase of the risk assessment process is to identify and catalog the auditable activities. .5 Auditable activities consist of those subjects, units, or systems which are capable of being defined and evaluated. Auditable activities may include: a. b. Policies, procedures, and practices. Cost centers, profit centers, and investment centers.

96

97

c. d. e. f. g.

General ledger account balances. Information systems (manual and computerized). Major contracts and programs. Organizational units such as product or service lines. Functions such as information technology, purchasing, marketing, production, finance, accounting, and human resources. Transaction systems for activities such as sales, collection, purchasing, disbursement, inventory and cost accounting, production, treasury, payroll, and capital assets. Financial statements. Laws and regulations.

h.

i. j.

.6 Risk factors are the criteria used to identify the relative significance of, and likelihood that, conditions and/or events may occur that could adversely affect the organization. .7 The number of risk factors utilized should be limited, but sufficient to provide the director of internal auditing with confidence that the risk assessment is comprehensive. .8 Risk factors may include: a. b. c. d. e. f. g. h. i. j. k. l. Ethical climate and pressure on management to meet objectives. Competence, adequacy, and integrity of personnel. Asset size, liquidity, or transaction volume. Financial and economic conditions. Competitive conditions. Complexity or volatility of activities. Impact of customers, suppliers, and government regulations. Degree of computerized information systems. Geographical dispersion of operations. Adequacy and effectiveness of the system of internal control. Organizational, operational, technological, or economic changes. Management judgments and accounting estimates.

m. Acceptance of audit findings and corrective action taken. n. Date and results of previous audits.

97

98

.9 The director of internal auditing may decide to weigh the risk factors to signify their relative significance. The weighing of risk factors reflects the directors judgment about the relative impact a factor may have on selecting an activity for audit. .10 Risk assessment is a systematic process for assessing and integrating professional judgments about probable adverse conditions and/or events. The risk assessment process should provide a means of organizing and integrating professional judgments for development of the audit work schedule. The director of internal auditing should generally assign higher audit priorities to activities with higher risks. .11 The director should incorporate information from a variety of sources into the risk assessment process. Such sources include, but are not limited to: discussions with the board and various members of management; discussions among management and staff of the internal auditing department; discussions with external auditors; consideration of applicable laws and regulations; analyses of financial and operating data; review of prior audits; and industry or economic trends. .12 The risk assessment process should lead the director of internal auditing to establish audit work schedule priorities. The director may adjust the planned audit work schedule after considering other information such as coordination with external auditors and requests by management and the board. .13 There should be a periodic assessment of the effect of any major changes in the catalog of auditable activities or related risk factors which have occurred since the audit work schedule was prepared. Such an assessment will assist the director of internal auditing in making appropriate adjustments to audit priorities and the work schedule. .14 The risk assessment process should be conducted annually. However, because conditions change, audit priorities determined through the risk assessment process may be reviewed and updated throughout the year.

B. AICPA Standards for Audit Risk SAS 47 (AU Section 312) and SAS 82 (AU Section 316) provides additional guidance when considering risk factors in an audit. SAS 47 discusses audit risk and materiality in conducting an audit, and SAS 82 addresses the consideration of fraud in a financial statement audit. These statements are discusses below.

C. Overview of SAS 47 Audit Risk and Materiality in Conducting an Audit 1. The auditor is concerned with matters that could be material to the financial statements. The auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that misstatements, whether caused by errors or fraud, that are not material to the financial statements are detected. 2. The term errors refers to unintentional misstatements or omissions of amounts or disclosures in financial statements. 3. The primary factor that distinguishes fraud from error is whether the underlying action that results in the misstatement in financial statements is intentional or unintentional.

98

99

4. When fraud is detected, the auditor should consider the implications for the integrity of management or employees and the possible effect on other aspects of the audit. 5. The auditors consideration of materiality is a matter of professional judgment and is influenced by his or her perception of the needs of a reasonable person who will rely on the financial statements.

D. Overview of SAS 82 Fraud in a Financial Statement Audit 1. As part of the risk assessment, the auditor should inquire of management (a) to obtain managements understanding regarding the risk of fraud in the entity and (b) to determine whether they have knowledge of fraud that has been perpetuated on or within the entity. 2. The auditor should use professional judgment when assessing the significance and relevance of fraud risk factors and determining the appropriate audit responses. 3. Risk factors that relate to misstatements arising from fraudulent financial reporting may be grouped in the following three categories: a. Managements characteristics and influence over the control environment. These pertain to managements abilities, pressures, style, and attitude relating to internal control and the financial reporting process. b. Industry conditions. These involve the economic and regulatory environment in which the entity operates. c. Operating characteristics and financial stability. These pertain to the nature and complexity of the entity and its transactions, the entitys financial condition, and its profitability. 4. Risk factors that relate to misstatements arising from misappropriation of assest may be grouped into two categories: a. Susceptibility of assets to misappropriation. These pertain to the nature of an entitys assets and the degree to which they are subject to theft. b. Controls. These involve the lack of controls designed to prevent or detect misappropriations of assets.

E. Types of Audit Risk 1. Inherent risk is the susceptibility to material misstatement or material noncompliance assuming there are not related internal control structure policies or procedures.

99

100

2. Control risk is the risk that material misstatement or material noncompliance could occur and not be detected on a timely basis by the entitys internal control structure policies and procedures. 3. Detection risk is the risk that audit procedures will not detect material misstatement or material noncompliance when it exists.

F. Methodology for Evaluating Risk 1. Preliminary risk analysis includes obtaining knowledge and understanding of the procedures and methods prescribed in the system and assessing the extent to which the prescribed procedures and methods are capable of satisfying the auditees control objectives. 2. Specific risk analysis includes limited control testing to ascertain the extent to which a risk exists that the prescribed procedures and methods are not in use or are not operating as planned. 3. Substantive control testing includes the performance of detailed control tests, focusing on those control objectives and control techniques which are the most significant and have the greatest potential for fraud, waste, and abuse.

G. Documentation of Risk Assessment The auditor should document in the workpapers evidence that the risk assessment was performed. The document should include: 1. The risk factors identified. 2. The auditors response to the risk factors identified. II. ANALYTICAL REVIEWS Analytical reviews, often referred to as reasonableness tests, are procedures to determine the reasonableness of data. Analytical reviews can be used to determine the reasonableness of financial information or to assess operational results.

A. IIA Standards for Analytical Reviews Specific guidance for analytical reviews is given in IIA Standard 420.01. The following is the complete text of IIA Standard 420.01: 420 Examining and Evaluating Information

100

101

Internal auditors should collect, analyze, interpret, and document information to support audit results. .01 The process of examining and evaluating information is as follows: .1 Information should be collected on all matters related to the audit objectives and scope of work. a. Internal auditors use analytical auditing procedures when examining and evaluating information. Analytical auditing procedures are performed by studying and comparing relationships among both financial and nonfinancial information. The application of analytical auditing procedures is based on the premise that, in the absence of known conditions to the contrary, relationships among information may reasonably be expected to exist and continue. Examples of contrary conditions include unusual or nonrecurring transactions or events; accounting, organizational, operational, environmental, and technological changes; inefficiencies; ineffectiveness; errors; irregularities, or illegal acts. Analytical auditing procedures provide internal auditors with an efficient and effective means of making an assessment of information collected in an audit. The assessment results from comparing such information with expectations identified or developed by the internal auditor. Analytical auditing procedures are useful in identifying, among other things: Differences that are not expected. The absence of differences when they are expected. Potential errors. Potential irregularities or illegal acts. Other unusual or nonrecurring transactions or events. f. Analytical auditing procedures may include: Comparison of current period information with similar information for prior periods. Comparison of current period information with budgets or forecasts. Study of relationships of financial information with the appropriate nonfinancial information (for example, recorded payroll expense compared to changes in average number of employees). Study of relationships among elements of information (for example, fluctuation in recorded interest expense compared to changes in related debt balances). Comparison of information with similar information for other organizational units. Comparison of information with similar information for the industry in which the organization operates. g. Analytical auditing procedures may be performed using monetary amounts, physical quantities, ratios, or percentages.

b.

c.

d.

e.

101

102

h.

Specific analytical auditing procedures include, but are not limited to, ratio, trend, and regression analysis, reasonableness tests, period-to-period comparisons, comparisons with budgets, forecasts, and external economic information. Analytical auditing procedures assist internal auditors in identifying conditions which may require subsequent auditing procedures. Internal auditors should use analytical auditing procedures in planning the audit in accordance with the guidelines contained in Section 410 of the Standards. Analytical auditing procedures should also be used during the audit to examine and evaluate information to support audit results. Internal auditors should consider the following factors in determining the extent to which analytical auditing procedures should be used: The significance of the area being examined. The adequacy of the system of internal control. The availability and reliability of financial and nonfinancial information. The precision with which the results of analytical auditing procedures can be predicted. The availability and comparability of information regarding the industry in which the organization operates. The extent to which other auditing procedures provide support for audit results.

i.

j.

After evaluating the aforementioned factors, internal auditors should consider and use additional auditing procedures, as necessary, to achieve the audit objective. k. When analytical auditing procedures identify unexpected results or relationships, internal auditors should examine and evaluate such results or relationships. The examination and evaluation of unexpected results or relationships from applying analytical auditing procedures should include inquiries of management and the application of other auditing procedures until internal auditors are satisfied that the results or relationships are sufficiently explained.

l.

m. Unexplained results or relationships from applying analytical auditing procedures may be indicative of a significant condition such as a potential error, irregularity, or illegal act. n. Results or relationships from applying analytical auditing procedures that are not sufficiently explained should be communicated to the appropriate levels of management. Internal auditors may recommend appropriate courses of action, depending on the circumstances.

B. AICPA Standards for Analytical Procedures SAS 56 (AU Section 329) provides guidance regarding the use of analytical procedures. The major points of SAS 56 are summarized as follows: 1. Analytical procedures consist of evaluations of financial information made by a study of plausible relationships among both financial and nonfinancial data.

102

103

2. Analytical procedures range from simple comparisons to the use of complex models involving many relationships and elements of data. 3. A basic premise underlying the application of analytical procedures is that plausible relationships among data may reasonably be expected to exist and continue in the absence of known conditions to the contrary. Particular conditions that can cause variations in these relationships include, for example, specific unusual transactions or events, accounting changes, business changes, random fluctuations, or misstatements. 4. Analytical procedures are used for the following purposes: a. To assist the auditor in planning the nature, timing, and extent of other auditing procedures. b. As a substantive test to obtain evidential matter about particular assertions related to account balances or classes of transactions. c. As an overall review of the financial information in the final review state of the audit. 5. Analytical procedures involve comparisons of recorded amounts, or ratios developed from recorded amounts, to expectations developed by the auditor. The auditor develops such expectations by identifying and using plausible relationships that are reasonably expected to exist based on the auditors understanding of the client and of the industry in which the client operates. Following are examples of sources of information for developing expectations: a. Financial information for comparable prior period(s) giving consideration to known changes. b. Anticipated resultsfor example, budgets or forecasts, including extrapolations from interim or annual data. c. Relationships among elements of financial information within the period. d. Information regarding the industry in which the client operatesfor example, gross margin information. e. Relationships of financial information with relevant nonfinancial information. 6. The expected effectiveness and efficiency of an analytical procedure in identifying potential misstatements depends on, among other things: a. The nature of the assertion. b. The plausibility and predictability of the relationship.

103

104

c. The availability and reliability of the data used to develop the expectation. d. The precision of the expectation. 7. It is important for the auditor to understand the reasons that make relationships plausible because data sometimes appear to be related when they are not, which could lead the auditor to erroneous conclusions. 8. The reliability of the data used to develop the expectations should be appropriate for the desired level of assurance from the analytical procedures. 9. The following factors influence the auditors consideration of the reliability of data for purposes of achieving audit objectives: a. Whether the data was obtained from independent sources outside the entity or from sources within the entity. b. Whether sources within the entity were independent of those individuals responsible for the amount being audited. c. Whether the data was developed under a reliable system of controls. d. Whether the data was subjected to audit testing in the current or prior year. e. Whether the expectations were developed using data from a variety of sources. C. Benefits of Analytical Reviews 1. Useful in planning audits and defining scope. 2. Often less costly and less time consuming than other substantive tests. 3. Aids in the selection of entities to audit. 4. Directs attention to potential problem areas. 5. Provides information for analyzing risk.

D. Types of Analytical Reviews 1. Trend analysis is used to compare current account balances with the account balances for the prior year(s).

104

105

2. Ratio analysis is used to compare current ratios with ratios for the prior year(s) or with an industry average. 3. Regression analysis is used to show relationships between two or more variables.

III. STATISTICAL SAMPLING The cost associated with a complete review of all records or transactions is often prohibitive. In these cases, sampling is necessary. The proper use of statistical sampling helps ensure the accuracy and reliability of the sample results. There are two general approaches to audit sampling: non-statistical and statistical. This section generally focuses on techniques and approaches for performing a statistical sample. A. AICPA Standards for Audit Sampling SAS 39 (AU Sections 350) provides guidance regarding the use of audit sampling. The major points of these Statements that are relevant to this section are as follows: 1. Audit sampling is the application of an audit procedure to less than 100 percent of the items within an account balance or class of transactions for the purpose of evaluating some characteristic of the balance or class. 2. Sampling risk arises from the possibility that, when a test of controls or a substantive test is restricted to a sample, the auditors conclusions may be different from the conclusions that would be reached if the test were applied in the same way to all items in the account balance or class of transactions. The auditor is concerned with four aspects of sampling risk: a. The risk of incorrect acceptance is the risk that the sample supports the conclusion that the recorded account balance is not materially misstated when it is materially misstated. b. The risk of incorrect rejection is the risk that the sample supports the conclusion that the recorded account balance is materially misstated when it is not materially misstated. c. The risk of assessing control risk too low is the risk that the assessed level of control risk based on the sample is less than the true operating effectiveness of the control. d. The risk of assessing control risk too high is the risk that the assessed level of control risk based on the sample is greater than the true operating effectiveness of the control.

105

106

3. Non-sampling risk includes all the aspects of audit risk that are not due to sampling. 4. When planning a sample for a substantive test of details, the auditor uses judgment to determine which items, if any, in an account balance or class of transactions should be individually examined and which items, if any, should be subject to sampling. Auditors should examine those items for which, in their judgment, acceptance of some sampling risk is not justified. 5. The auditor may be able to reduce the required sample size by separating items subject to sampling into relatively homogeneous groups on the basis of some characteristic related to the specific audit objective. 6. Sample items should be selected in such a way that the sample can be expected to represent the population. Therefore, all items in the population should have an opportunity to be selected. 7. When planning a particular audit sample for a test of controls, the auditor should consider: a. The relationship of the sample to the objective of the test of controls. b. The maximum rate of deviations from prescribed controls that would support the assessed level of control risk. c. The auditors allowable risk of assessing control risk too low. d. Characteristics of the population (i.e., the items comprising the account balance or class of transactions of interest). 8. Statistical sampling helps the auditor: a. To design an efficient sample. b. To measure the sufficiency of the evidential matter obtained. c. To evaluate the sample results. 9. By using statistical sampling techniques, the auditor can quantify sampling risk to assist in limiting it to an acceptable level.

B. Basic Steps For Developing a Statistical Sample 1. Determine the objectives of the test. 2. Define the population (e.g., number of transactions during the audit period).

106

107

3. Assess sampling risk and determine an acceptable level (e.g., 5% or 10%). 4. If appropriate, stratify the sample. Stratifying a sample involves assigning similar items into subgroups. A sample is then selected from one or more subgroups as necessary to meet audit objectives. 5. Determine the sample size. This can be done by using printed or electronic tables or formulas. 6. Select a sampling methodology, such as: a. Random sampling, which involves using a random number generator to select items to be tested. b. Systematic sampling, which involves taking a random start and then every nth item. c. Cluster or block sampling, which involves randomly selecting groups of items to sample. 7. Take the sample. 8. Review the items selected. 9. Document the results of the tests.

C. Variables Affecting Sample Size 1. Population size. Generally, larger populations require a larger sample. 2. Acceptable level of risk. Smaller amounts of acceptable risk require larger samples. 3. Population variability. Larger variability in the population (measured by the standard deviation for variables sampling or the expected deviation rate for attribute sampling) requires a larger sample. 4. Acceptable level of misstatement or deviation. The smaller the acceptable misstatement amount (in variables sampling) or the smaller acceptable deviation rate (in attribute sampling), the larger the required sample.

D. Variables Sampling

107

108

A variables sampling plan is most commonly used to test whether recorded account balances are fairly stated. The auditor uses variables sampling to reach conclusions about a population in terms of a dollar amount. Common types of variables sampling are described below: 1. Difference estimation. The auditor determines differences between the recorded and audited values for items in the sample, divides the net sample difference by the sample size, and then multiplies the result by the population size. The difference is then added (if there is a net understatement) or subtracted (if there is an net overstatement) to yield an estimated audited value. 2. Ratio estimation. The auditor estimates the population misstatement by multiplying the recorded value of the population by the ratio of the total audit value of the sample items to their total recorded value. 3. Mean-per-unit estimation. The auditor estimates the average audited value for each population item from the average in the sample and then calculates the estimated audited value for the account by multiplying the average audited value and the population size.

E. Attributes Sampling Attribute sampling concerns binary (e.g., yes/no) propositions. Attributes sampling is commonly used to test the rate of deviation (or rate of occurrence) in a population. Common types of attributes sampling are described below. 1. Sequential (stop or go) sampling. The auditor performs the sampling plan in stages. Following each stage, the auditor decides whether or not to go to the next stage. 2. Discovery sampling. When the expected rate of deviation is very low (near zero), the auditor tries find at least one deviation in the sample.

IV. FLOWCHARTING, NARRATIVES, AND QUESTIONNAIRES The three primary methods auditors use to document an entitys internal controls are flowcharts, narratives, and questionnaires. The auditor may decide to use one or more of these methods to document a system. Each method is described below. A. Flowcharting A flowchart is a visual representation of how a process works. Interrelated symbols are used to diagram the flow of events or data through a system. Flowcharts can provide a good initial overview of an entire system. Flowcharting Symbols

108

109

There are 6 basic symbols commonly used in flowcharting of assembly language programs: Terminal, Process, Input/Output, Decision, Connector and Predefined Process. This is not a complete list of all the possible flowcharting symbols, it is a list of commonly used symbols.

Symbol

Name

Function

Process

Indicates any type of internal operation inside the Processor or Memory

Input/Output

Used for any Input / Output operation Outside the Processor.

Decision

Used to ask a question that can be answered in a binary format (Yes/No, True/False)

109

110

Off-page Connector

Allows the flowchart to be carried forward to subsequent pages, while preserving a link back to an original point of reference. Upper frame reserved for the sending page, bottom frame points to the destination page.

On-page Connector

Allows for the continuos flow of logic to be described, on the same page, without intersecting lines or a reverse flow.

Predefined Process

Used to invoke a subroutine or an interrupt program.

Terminal

Indicates the starting or ending of the program, process, or interrupt program.

General Rules for flowcharting 1. All boxes of the flowchart are connected with Arrows. (Not lines) 2. Flowchart symbols have an entry point on the top of the symbol with no other entry points. 3. The exit point for all flowchart symbols is on the bottom except for the Decision symbol. The Decision symbol has two exit points; these can be on the sides or the bottom and one side. 4. Generally a flowchart will flow from top to bottom. However, an upward flow can be shown as long as it does not exceed 3 symbols. 5. Connectors are used to connect breaks in the flowchart. Examples are: From one page to another page. From the bottom of the page to the top of the same page. An upward flow of more then 3 symbols 6. Subroutines and Interrupt programs have their own and independent flowcharts. 7. All flow charts start with a Terminal or Predefined Process (for interrupt programs or subroutines) symbol. 8. All flowcharts end with a terminal or a continuous loop.

110

111

B. Narratives A narrative is a written description of a phase or a particular phase of a system. A written narrative is most useful when describing relatively simple systems, simply because a complex, lengthy written description of a system is often difficult to understand.

C. Questionnaires An internal control questionnaire is designed to indicate control deficiencies. The internal control questionnaire for a particular audit area is typically filled-out at the beginning of the audit. Any potential deficiencies or weaknesses noted in the questionnaires indicate areas that should be focused on during fieldwork testing.

V. CONFIRMATIONS A confirmation is a letter or affidavit from an independent third party that confirms the existence and valuation of some account balance. A. AICPA Standards on Confirmations SAS 67 (AU Section 330) provides guidance on the use of confirmations. The key points of this Statement are: 1. The confirmation process includes: a. Selecting items for which confirmations are to be requested. b. Designing the confirmation request. c. Communicating the confirmation request to the appropriate third party. d. Obtaining the response from the third party. e. Evaluating the information, or lack thereof, provided by the third party about the audit objectives, including the reliability of that information. 2. Because confirmations provide evidence, confirmations are particularly useful in instances when inherent and control risk are determined to be high. 3. When obtaining evidence for assertions not adequately addressed by confirmations, auditors should consider other audit procedures to complement confirmation procedures or to be used instead of confirmation procedures.

111

112

4. The auditor should exercise an appropriate level of professional skepticism when designing the confirmation request, performing the confirmation procedures, and evaluating the results of the confirmation procedures. 5. There are two types of confirmation requests: positive confirmations (the positive form) and negative confirmations (the negative form). 6. Some positive forms request respondents to indicate whether they agree with the information stated on the request. Other positive forms, referred to as blank forms, do not state the amount (or other information) on the confirmation request, but request the recipient to fill in the balance or furnish other information. Blank forms generally produce a higher degree of assurance, but they often result in a lower response rate. Positive forms provide audit evidence only when responses are received from the recipients; nonresponses do not provide audit evidence about the financial statement assertions being addressed. 7. Negative forms request recipients to respond only if they disagree with the information stated on the request. Negative confirmation requests may be used to reduce audit risk to an acceptable level when: a. The combined assessed level of inherent risk and control risk is low. b. A large number of small balances in involved. c. The auditor has no reason to believe that the recipients of the requests are unlikely to give them consideration. 8. To restrict the risks associated with facsimile responses, the auditor should consider taking certain precautions, such as verifying the source and content of the facsimile in a telephone call to the purported sender. In addition, the auditor should consider asking the purported sender to mail the original confirmation directly to the auditor. 9. When using confirmation requests other than the negative form, the auditor should generally follow up with a second and sometimes a third request to those parties from whom replies have not been received. 10. When evaluating the results of confirmation procedures, the auditor should consider: a. The reliability of the confirmations and alternative procedures. b. The nature of any exceptions, including the implications, both quantitative and qualitative, of those exceptions. c. The evidence provided by other procedures. d. Whether additional evidence is needed.

112

113

11. It is generally presumed that evidence obtained from third parties will provide the auditor with higher-quality audit evidence than is typically available from within the entity. Thus, it is presumed that the auditor will request the confirmation of accounts receivable during an audit unless one of the following is true: a. Accounts receivable are immaterial to the financial statements. b. The use of confirmations would be ineffective. c. The audit risk is acceptably low.

B. Common Ways Auditors Use Confirmations 1. Confirm receivables balances. Auditors can determine the existence and valuation of an account by asking the customer in writing whether a recorded receivable is in the entitys account payable. 2. Confirm cash balances at banks and other depositories. 3. Confirm off-premises inventory. 4. Confirm securities and other negotiable instruments held by independent custodians. 5. Confirm bonds directly with trustees. 6. Confirm loans and notes payable directly with creditors.

VI. COMPLIANCE AND SUBSTANTIVE TESTING A. Compliance Testing Compliance testing is designed to determine whether an entity has complied with applicable laws, regulations, policies, and procedures. The auditor is to determine whether any instances of noncompliance may have a material effect on the financial statements. B. Substantive Testing Substantive tests provide evidence about monetary misstatements. The extent of substantive testing depends on the acceptable level of detection risk. Some key points regarding substantive testing include: 1. The purpose of substantive testing is to hold detection risk to an acceptable level. Detection risk is the risk that the auditors procedures will not detect an error.

113

114

2. The objectives of substantive tests of sales, receivables, and cash balances are to determine that the account balances exist, are accurate and complete, and are properly presented and disclosed. 3. Specific substantive tests include: a. b. c. d. e. f. g. h. i. j. k. l. m. n. o. verifying the mathematical accuracy of accounts confirming receivables balances determining whether receivables are collectable confirming cash balances confirming payables testing cutoff (e.g., verifying that purchases and payables were recorded in the appropriate period) determining whether unrecorded liabilities exist verifying prepaid expenses (e.g., reviewing insurance policies to confirm coverage) verifying payroll preparation and distribution counting physical inventory verifying the accuracy of recorded fixed assets confirming or physically inspecting securities confirming bonds, loans, and notes payable examining bond indentures and other long-term indebtedness agreements verifying shareholders equity balances

114

115

UNIT 6: INFORMATION SYSTEMS AUDITING

I. Information Systems Auditing In todays environment most information is produced through the use of computer systems. The use of information systems permeates all aspects of an organization from electronic mail to the generation of annual reports. As a result, information systems controls have become a critical control point. Until recently, there were limited audit standards for information systems auditors. The Information Systems Audit and Control Association developed Control Objectives for Information and related Technology (COBIT) in 1996 to provide auditors with information systems guidelines. Below are some excerpts from the COBIT Executive Summary v It is management's responsibility to safeguard all the assets of the enterprise. For many organizations, information and the technology that supports it represent the organization's most valuable assets. Organizations must satisfy for their information, as for all assets, the requirements for quality, fiduciary reporting and security. Management must balance the use of available resources including people, facilities, technology, application systems and data. To discharge this responsibility, as well as to achieve its expectations, management must establish an adequate system of internal control. Such a system or framework must support the business processes and must be clear on how each individual control activity impacts the resources and satisfies the requirements. Control which includes policies, organizational structures, practices and procedures is management's responsibility. A Control Objective is a statement of the desired result or purpose to be achieved by implementing specific control procedures within an IT activity. IT Resources need to be managed by a set of naturally grouped IT processes to provide the information that the enterprise needs to achieve its objectives. COBIT has a set of 32 high-level Control Objectives, one for each of the IT Processes, grouped into four domains: planning & organization, acquisition & implementation, delivery & support, and monitoring. Impact on IT resources is highlighted in the CobiT Framework together with the business requirements for effectiveness, efficiency, confidentiality, integrity, availability, compliance and reliability that need to be satisfied. Additionally, the Framework gives definitions for the business requirements that are distilled from higher level objectives for

115

116

quality, security and fiduciary reporting as they relate to Information Technology. The management of the enterprise needs a framework of generally applicable and accepted IT security and control practices to benchmark their existing and planned IT environment. The main objective of the CobiT project is to enable the development of clear policy and good practice for IT control throughout industry, worldwide. It is CobiT's goal to provide these control objectives, within the defined framework, and obtain endorsement from the commercial, governmental and professional world-at-large. Note: COBIT is included in the recommended reading materials. There are two broad categories of information system controls, general and application controls. General controls are those that apply to all computer activities. They generally apply to the entire computer operation and include physical and logical security controls that apply organization wide. Application controls apply to a specific application and are unique to that particular application. For example, the physical security controls would be the same for all applications, but the specific edit checks built into an application are unique to that application. An effective security program emphasizes both general and application controls. Some specific general and application control areas are: A. B. C. D. E. F. G. H. I. J. K. Internal Control Development Input/Processing/Output Controls Segregation of Duties Separation of Processing and Development Reconciliation of Input to Output Control of Data Files Authorization of Transactions Physical and Data Security Access Control End-User Computing Including Microcomputers Business Risk Planning Audit Tools 1) Computer Assisted Audit Techniques 2) Automated Administrative Processes

A. Internal Control Development As outlined in the Executive Summary of COBIT, information and by association, information processing have become a very valuable asset for many organizations. As a result, internal controls must be developed to safeguard the asset. However, since information is not a tangible asset, it has been more difficult for many organizations to understand the value of information and, subsequently, to effectively control it. Although organizations are beginning to understand the value of information, the controls to protect information continue to lag behind. As indicated by the development of COBIT and the internal controls that will be discussed in this unit, information systems controls are gaining importance in progressive organizations.

116

117

B.

Input/Processing/Output Controls

Input/processing/output controls are associated with a specific application and are referred to as application controls. Application controls relate to specific tasks performed by a computer system. An example of an application is a payroll system which would automatically calculate pay rates and generate warrants. Programmed edits such as the verification of employment status and salary limits are considered application controls. There are three specific categories of application controls: Input controls help ensure that data received for processing have been properly authorized and converted, and is complete and accurate. Input controls also relate to the rejection, correction, and resubmission of data that was originally incorrect. Processing controls help ensure that the processing has been performed as intended. They also ensure that all transactions are processed as authorized, no authorized transactions are omitted, an that no unauthorized transactions were added. Output controls help ensure that reports (hard copy or online) or other output such as warrants or invoices are accurate and are received or available to only authorized staff.

C. Segregation of Duties Segregation of duties is a general control area and is critical in the information systems arena. Segregation of duties is a basic control principle that prohibits the performance of duties that may permit someone to commit and conceal inappropriate activities. For example, it would be a significant control weakness for one person to perform data entry functions and receive and review the output. Some examples of information system duties that should be segregated are listed below. Computer operators are responsible for the actual processing of data and operate the equipment and respond to messages to permit final processing. Computer operators should not have any programming duties and should be prohibited from accessing documentation not required to perform their job function. Librarians are the keeper of documentation, programs, and data. Librarians should be prohibited from performing any operations or programming functions. Some people advocate that librarians have limited access to equipment and have little or no programming skills.

D. Separation of Processing and Development

117

118

The most important areas to segregate are the processing and development functions. As discussed above, computer operators (processing function) must be clearly segregated from programming activities. The opposite is also true: programmers should be prohibited from entering the computer room where the consoles reside. In addition, programmers must be prohibited from accessing or invoking any processing commands. For example, operators often respond to requests on the console to permit programmer access to restricted libraries, but the operator should deny access unless an approved request is on file. The increased reliance on computer output without verification increases the need for additional controls. The lack of effective controls over the programming function can permit unauthorized changes to made with minimal chance of detection. A programmer who has access to processing functions will have the capability to bypass controls to make and conceal unauthorized changes.

E. Reconciliation of Input to Output In a manual system, reconciliation of input to output is a normal and routine process. Accountants and internal auditors routinely perform reconciliation procedures in manual environment. For example, many of us manually reconcile our check register to our checking account statement on a monthly basis. However, in a computerized environment, the source document (processed check or check register information) may not exist. This makes manual reconciliation of input to output virtually impossible. In addition, the number of transactions in some systems makes it time- and cost-prohibitive to perform a manual reconciliation. As auditors adapt to the computerized environment, they are auditing through the computer rather than auditing around the computer. Auditing around the computer has been the standard in the audit community. This approach required the auditor to perform a manual reconciliation of computer output to the source documents. Basically little or no reliance was placed on the integrity of the computer system and the audit techniques were similar to those used in the precomputer period. Auditing through the computer is becoming the accepted practice in the audit community. This approach requires the auditor to review the general and application controls that affect a computer system and verify the integrity and accuracy of the computer system. The auditor only needs to perform limited reconciliation of input to output to provide an acceptable comfort level with the integrity of the output.

F. Control of Data Files Control of data files or access controls is the use of techniques to prevent improper access, use, or manipulation of data files and programs. The primary logical security control in use today is the use of an ID and password. Each authorized user is provided with an ID that provides access to programs and data files based on job requirements. The password is a secret code known only by the user and changed periodically ensure its confidentiality. For example, a payroll clerk for the administration division may have an ID - PAY22 - which provides read and update to access to administration employees payroll records but prohibits access to all other payroll records and accounting data. The user PAY22 is required to have a password that is at least six characters in length and requires the use of a number in at least two of the six characters.

118

119

The use of passwords has been an effective security tool; however, as more critical and confidential information is placed on computers, additional security measures have been developed. Two examples of these include: Encryption uses an algorithm to manipulate plain text and render it unreadable. Any user with the proper key can decrypt the information into readable text. This approach works well when transferring confidential or proprietary information over an unsecured network. Encryption can also be an effective control when storing confidential or proprietary information on computers. Biometrics uses something unique about an individual such as fingerprints, voice patterns, retina patterns, or hand geometry to distinguish users. Under this approach, users will have their fingerprint or other characteristics scanned into the security system and access will be permitted only after comparing the scanned information to the current information. For example, a user would place his or her index finger in a reader and this information would be compared to the stored information to permit or deny access. Although biometrics provides excellent security, there are several issues associated with it use. There is the possibility of a false-positive reading, thereby permitting an unauthorized access. This situation is relatively rare and biometrics provide much greater security than passwords. A bigger issue is a false-negative reading, where an authorized user is denied access. This can be due to changes in the individual or a faulty reading by the device. In either case, there is a high level of frustration for a denied user. There is also some resistance in the user community due to the perception that biometric devices are personally intrusive.

G. Authorization of Transactions Authorization of transactions is actually a subset of the information outlined in the previous section. The same techniques are used; however, access is permitted or denied at a transaction rather than data file level. For example, in some instances update access to data may be permitted for all authorized users, with no distinction between users. However, in most cases an additional level of security is required and that is where transaction level security comes into play. Extending the sample above, read access (data can be read but not modified) may be acceptable for all users, but only 10% of the users need to perform selected transactions. Additionally, particularly sensitive transactions may be limited to 1% of the users. An effective way to employ transaction security is to place users in common groups, where people who perform the same function have the same access capability. This simplifies the administration of security. See the example below: Payroll system Group 1 - general user - no access to the system or transactions Group 2 - payroll administrators - read only access to the system

119

120

Group 3 - payroll clerks - update transaction permitted for select fields, no access to update transactions for any monetary fields. Group 4 - master payroll clerks - update transaction permitted for all fields.

Under this approach, individuals are placed in groups and permitted or denied access based on the security parameters in the group. This approach will work with password and biometric based security systems.

H. Physical and Data Security Access Control Physical security is the security over access to the building and sensitive areas. We are all aware of the physical security controls associated with banks. Most computer facilities have detailed physical security controls and they generally include: Access security most facilities restrict physical access to authorized personnel. In many cases guards and/or card-key systems are used to prevent unauthorized access. Card-key systems prevent or allow access to the main facility and can also further restrict access to sensitive areas within the facility. Fire prevention and detection since the information stored within a facility is extremely valuable, extensive fire prevention and detection are employed. Disaster contingency planning information processing is the lifeblood of many organizations, as a result, alternate processing plans must be developed and tested. For example, major credit card companies have detailed an extensive contingency plans that permit a seamless transfer of processing capability from an inoperable site to an alternate site. Most other organizations have less extensive plans and have a backup site available that will permit them to continue operations in a 24-hour period. In any event, data must be backed up and stored off-site for a disaster contingency plan to be effective.

Although physical security is still very important, its importance has diminished with the widespread connectivity provided by networks. Prior to microcomputers and networks (local and international (Internet)), physical access to a specific terminal was often required to perform sensitive transactions. In todays environment, physical boundaries no longer exist, so logical security controls such as those in the two previous sections provide the primary security control.

I. End-User Computing Including Microcomputers End-user computing is the phenomenon that occurred after the introduction and acceptance of microcomputers. The historic computing environment consisted of a data center (computer facility), mainframe computer, and attached terminals. Everything from purchase, maintenance, support, application development, and security was controlled by data center staff. This centralized process promoted the establishment of accepted and consistent development and security standards. As the need for additional computer resources increased, users were often

120

121

unable to have their computer needs satisfied by central data center staff. Microcomputers and local area networks provided users with the ability to satisfy their computing needs by procuring or developing their own systems. As this approach grew in popularity it was dubbed end-user computing. End-user computing proliferated in the late 1980s and early 1990s. It provided users with the ability to develop or procure systems that met their unique needs. However, some of the basic control concepts from the centralized environment were not transferred to the end-user computing environment. Some end-user computing issues include: Technical expertise most end-users do not have a programming or computer science background and lack some of the basic knowledge to develop effective long term solutions. Compatibility issues end-users were interested in meeting their individual needs and did not look at systems from an organizational perspective. For example, separate divisions often purchased incompatible hardware and software that prevented the transfer or sharing of data within the organization. Security issues since security was not centrally controlled, end-users decided what level of security was appropriate. In many cases, security was an after-thought and confidential and proprietary data was not always controlled properly. Backup and contingency planning issues although end-users relied on their systems to meet their objectives, basic control concepts such as backing-up data and storing it offsite were not adhered to. Development issues end-users often developed systems without using accepted development techniques. Accepted control concepts such as developing adequate documentation of the system and programming were not adhered to. This made it difficult to modify the application. In addition, adequate testing to determine that the system processed correctly were not conducted; thus, in some cases, system calculations were wrong.

End-user computing brought power to the users; however, it significantly increased the risk of data loss, unauthorized access, and incorrect processing results.

J. Business Risk Planning There are inherent risks associated with any business. The basic business risks are routinely reviewed by senior management. The basic risks involve financing, investment, supply, marketing, and production. In addition to the basic risks there are many other internal and external risks that impact businesses. Some of these risks include:

121

122

Information systems risks are risks that occur from the electronic transfer and storage of key business information. Computer systems, computer failures can significantly disrupt business operations. Similar to natural disasters, preparations must be made to reduce the impact of computer failures on operations. For example, some companies that rely on computer systems to perform their primary business functions (such as credit card companies) have redundant computer and telecommunications systems that permit a seamless transition in case of a failure in one of the systems. External risks are risks associated with dealings with external parties. These include dealings with creditors, investors, employees, shareholders, customers, competitors, and regulators. Although an individual business may not be able to control these risk areas, they must analyze these risk areas and take action as appropriate. Legislative risks are risks associated with changes with law and policy that impact a business. These include changes to tax law, safety or environmental regulations, and new statutory limitations. Disaster risks are risks that occur from natural disaster such as earthquakes, fires, or hurricanes. Although unpredictable, preparations to reduce the potential negative consequences from a disasters must be made. Time and again, businesses that did not adequately prepare for disasters have been unable recover the effects of disaster and been forces out of business.

As outlined in previous sections, risks must be continually analyzed and addressed. Information systems risks will continue to be a major concern as more organizations rely on these systems to perform primary business functions.

K.

Audit Tools

As computers became integral to the performance of primary business functions, auditors needed to develop new audit techniques and tools. Auditors had a choice to either audit around the computer or through the computer. Initially auditors audited around the computer and focused their efforts on the input and output from the system, not the processing. This approach assumes that the processing is accurate if the inputs and outputs are correct. As more and more primary business functions were computerized auditors wanted additional assurances on the integrity of processing logic. As a result, audit tools were developed to permit auditors to efficiently audit through the computer. Under this approach, the program logic and edit checks are reviewed and verified. In some instances, test data is run through the system to check for processing accuracy, the enforcement of edit checks, and output accuracy. Some specific methods or tools for auditing include: Integrated Test Facility (ITF) - under this approach, a fictitious entity is created and processed along with live data. For example, in a payroll system a fictitious employee

122

123

would be created and processed along with the normal payroll processing. The predetermined results would be compared to the actual results. Systems Control Audit Review File (SCARF) - under this approach, an embedded audit module collects data for subsequent review and analysis. Like the ITF approach, SCARF information is collected using the live data and system.

Computer Assisted Audit Techniques (CAATs) has become a common term in the information systems audit profession. The audit community learned the value of computerization to enhance the quality and timeliness of audits. Some general CAATs include: Data Analysis Software - software that assists the auditor in analyzing data and selecting samples. Historically auditors selected a sample (often a judgmental sample or a random sample) and tested the sample transactions to verify the integrity of the internal controls. Although sampling provides effective audit results, data analysis software provides auditors with the capability to test all transactions. For example, software can be used to find financial variances (such as a limit in the $ amount of a transaction) by identifying all transactions that exceeded the threshold. Security Review Software - software that assists the auditor by performing online analysis of security software and operating system parameters. Auditors frequently review global security standards such as password length and change interval. Historically, auditors would review the global system parameters and a sample of users and try to identify those that had less restrictive parameters. Security review software provides auditors with the capability to identify any user that has less restrictive parameters. For example, all users with a password of less than 6 characters could be identified.

As indicated above, computer assisted techniques will continue to evolve into routine audit techniques. Computerization provides core business units with increased ability to perform effectively, and the same is true for auditors.

L.

Automated Administrative Processes

Routine administrative processes such as payroll had a detailed internal control structure to prevent inappropriate transactions and access. However, as more and more of these administrative processes became computerized, the historical internal controls were no longer valid or effective. As a result, new internal control systems (as discussed previously) are required to effectively protect assets in the information age.

123

124

STUDY QUESTIONS FOR VOLUME 1: AUDITING

1. According to the Standards for the Professional Practice of Internal Auditing, independence in the internal auditor is achieved through A. management directive. B. impartiality and fairness. C. organizational status and objectivity. D. personnel management and development. 2. According the CFSA Code of Professional Ethics, a CFSA A. will use the CFSA designation with pride and professionalism. B. strives to provide a value-added service to the organization. C. is responsible for providing a professional evaluation of the system of internal control. D. is obligated to report illegal or fraudulent activities to the appropriate authorities.

3. Which of the following is an Audit Committee most likely to review and approve? A. Audit director's salary. B. Audit department's annual budget. C. Annual audit plan. D. Annual financial statements.

4.Which of the following would be most likely to be considered inadequate segregation of duties? A. Maintaining custody of signed checks prior to mailing and preparing expense account subsidiary ledgers. B. Collecting payments on accounts and reconciling accounts receivable records. C. Approving changes to employee records and processing general ledger transactions D. Preparing customer statements and collecting payments on accounts. 5. Which of the following objectives would be most likely to be classified as operational auditing? A. Evaluating the adequacy and effectiveness of the system of internal control. B. Reviewing the reliability and integrity of financial and operating information. C. Identifying opportunities for improvement in performance of key functions. D. Examining the means of safeguarding assets.

124

125

6. The primary purpose of an internal audit is to A. appraise the organization's internal control system. B. attest to the accuracy of the organization's financial statements. C. evaluate the organization's financial accounting system and those activities having a material effect on the financial statements. D. evaluate the organization's compliance with regulatory requirements. 7. Which of the following best describes analytical review procedures? A. Compliance tests to review the system of internal control. B. Compliance tests to evaluate the reasonableness of financial information. C. Substantive tests to review the system of internal control. D. Substantive tests to evaluate the reasonableness of financial information. 8. The relationship between substantive tests and internal control is A. direct. B. inverse. C. parallel. D. complementary. 9. Which of the following are control considerations for batch systems? A. Program change control, segregation of duties, and interim input reconciliations. B. Segregation of duties, interim input reconciliations, and interactive transaction authorization. C. Program change control, segregation of duties, and interactive data input telecommunication controls. D. Program change control, interim input reconciliations, and interactive transaction authorization. 10. Which of the following are true concerning data files? I. Failure to detect or prevent file version errors and update or posting errors are caused by inadequate input controls. II. Processing controls are intended to detect or prevent program bugs such as mathematical errors and decision tree errors. III. Input controls include flagging duplicate transactions and validating special fields. IV. One objective of output controls is to ensure the integrity of stored data until it is deleted, modified, or merged with other data. A. B. C. D. I and IV only I, II, and III only II, III, and IV only I, II, III, and IV

125

126

VOLUME II BANKING

126

127

CORE COMPETENCY NUMBER TWO: BANKING INDUSTRY

This study guide covers a wide range of issues relating to commercial banks, savings banks, credit unions, trust companies, finance companies, credit card companies, leasing companies, and mortgage bankers. The guide is divided into two units. Unit 1 discusses financial statement applications. Unit 2 describes laws and regulations affecting the banking industry.

UNIT 1: FINANCIAL STATEMENT APPLICATIONS

This unit covers the common financial statement applications in the banking industry. The unit addresses issues related to assets, liabilities, shareholders equity, and other services/operations such as wire transfers, branch operations, and trusts. In addition, this unit highlights other important money and banking issues.

I. ASSETS Assets are one major element of the financial statements. Something has asset value if it can contribute directly or indirectly to an entitys cash flow. In other words, assets are future economic benefits controlled by an entity. Assets may be tangible or intangible. Current assets typically include those assets an entity expects to convert into cash or be sold within one year. Current assets include cash, receivables, and short-term investments. Noncurrent assets include long-term investments, property and equipment, and intangible assets. This section describes various categories of assets and their relationship to the financial statements.

A. Cash and Due From Banks 1. Due from bank balances are bank assets on deposit in other banks. Due from bank balances are used to ensure liquid reserves, to facilitate the transfer of funds, and to use as compensation for correspondent banking services.

127

128

2. There are four categories of cash and cash due from banks: Cash items are other items easily liquidated such as maturing coupons, returned checks, and unposted debits. Cash items also include many other types of instruments that are considered cash equivalents. Cash on hand refers to funds in the bank, either at teller windows, in the vault, in Automated Teller Machines (ATMs), and at satellite locations. Clearings and exchanges are checks drawn on other banks. Due from bank accounts are correspondent banks that are used to collect checks. Checks are sent to the due from bank. The due from bank either credits the due to banks account or pays the due to bank directly with a bank draft.

3. Cash and due from other bank accounts that are listed as a caption on the balance sheet should include all currency and coin, cash being collected, and account balances with other banks (except material interest-bearing accounts, which should be disclosed separately).

B. Federal Funds Sold and Securities Purchased Under Resale 1. Federal funds are deposit balances held at Federal Reserve banks. These banks buy and sell federal funds to temporally redistribute total bank reserves. Sales are good for one day only. The federal funds are returned to the selling bank on the following business day. 2. Federal funds transactions may take the form of an unsecured loan where a bank sells funds one day and is repaid the next business day. Federal funds may also be sold through collateralized transactions where a purchasing bank puts securities in a custody account until the funds are repaid to the seller. 3. Repurchase agreements (repos) and resell agreements (also known as reverse repurchase agreements or reverse repos) govern instances when a bank invests excess funds by buying securities from another bank or securities dealer. On a specified date (usually the next day), the borrowing bank agrees to repurchase the securities at the same price plus interest from the seller. Thus, banks borrow under repurchase agreements and lend under resell agreements. 4. Federal funds transactions do not involve an actual transfer of funds. The Federal Reserve credits the borrowers reserve balance and charges the lenders reserve balance. Each bank then makes the necessary charge to federal funds sold or purchased. 5. Banks should classify any federal funds transaction that matures in more than one business day as a loan.

128

129

C. Interest Bearing Accounts 1. The types of accounts that bear interest include savings accounts, negotiable orders of withdrawal (NOW) accounts, and certificates of deposit. These interest bearing accounts are known as time deposits. 2. Traditionally, banks manually posted time deposit transactions on ledger sheets. Bank tellers also recorded the transaction in the customers passbook. Today, most banks use computergenerated ledger sheets to record transaction activity and account balances. 3. The financial statements should disclose savings account liabilities and certificates of deposit of $100,000 or more. Any material NOW account should also be disclosed.

D. Trading Securities 1. Trading securities are securities that a bank intends to sell within a short period, usually less than one month. 2. Commercial banks can underwrite and initiate securities transactions. How banks record securities transactions on their financial statements depends on whether the securities are purchased for trading purposes or for inclusion in the banks own investment account. Management should approve whether purchased securities belong in the trading account or the investment account. The decision on how to record the securities in the financial statement should be immediate. It is not advisable to record purchased securities in a suspense account and then later decide whether the securities are for trading or investment. 3. Banks generally record securities transactions as of the trade date. However, it is acceptable to record the transactions as of the settlement date if the difference between the settlement date and trade date is not materially different. Settlement date accounting requires the bank to record both the purchase and sale of the securities and the income statement effects of the transactions. 4. Banks should account for securities held for resale as follows: Marketable securities should be accounted for at current market value. Securities and other investments with no ready market should be accounted for at fair value as determined by management, with costs disclosed. Increases or decreases in unrealized appreciation or depreciation should be included in the income statement.

5. Banks should account for trading securities at market value. Any changes in cost should be regarded as an unrealized gain or loss within net income. The total unrealized gain or loss is the difference between the total cost of the securities and their total fair value. Also, banks

129

130

should use market value to transfer securities from a trading account to an investment account, with any resulting gain or loss regarded as trading income; in this scenario, the securities should be recorded in the investment account as a new acquisition. In cases where banks transfer investment account securities to a trading account, a write-down from cost to estimated market value should be charged to investment security losses at the time of the transfer. The bank should not recognize the gain from the write-up of cost to estimated market value until final disposition of the securities, since the securities were not designated as part of the trading account at the original acquisition date. Such gains, when recognized, should be reported as investment security gains. 6. Banks can record interest earned on trading securities as either interest income or trading income. However, the recommended method is to report interest income separately from trading income if the amount is material. Also, it may be necessary to include a note to the financial statements that discloses the major categories of securities in the trading portfolio.

E. Securities Available for Resale 1. Banks hold some securities with the intent of selling them in the future. Any securities intended for sale in the next year or operating cycle are classified as current assets on the balance sheet. Otherwise, they are classified as long-term assets in the investments portion of the balance sheet. 2. Securities available for resale should be reported at fair value. When this type of security has an unrealized gain or loss, it is not reported on the income statement. Rather, it is reported as a separate component of stockholders equity. Also, for securities available for resale, unrealized gains or losses are carried forward to future periods and adjusted based on the current fair value.

F. Loans 1. State and federal regulations restrict the amount banks may loan to an individual borrower, set limits on specific types of loans, and define the conditions governing loans to directors, executive officers, and principal shareholders. 2. Bank loans can generally be classified in several ways: Time loans are made for a specific time period. Demand loans have no fixed maturity date and are payable on demand of the lender. Line-of-credit arrangements allow the borrower to borrow up to a maximum limit for a specific period. A revolving credit agreement, commonly used for consumer credit cards, is a typical line-of-credit arrangement.

130

131

Installment loans require periodic principal and interest payments. A real estate mortgage loan is an example of an installment loan.

Each type of loan typically has a separate general ledger control account that should be supported by subsidiary records. Depending on the type of subsidiary records used, single or multiple records may be needed to record loan information such as escrow balances or monthly payment amounts. Many banks use ancillary ledgers to post all borrowers liability transactions. 3. Interest on time, demand, and real estate loans usually accumulates daily or monthly. Interest income on loans is normally credited to operating income. 4. When a loan becomes delinquent or when collection seems unlikely, banks often suspend accrual of interest. If principal is paid on a loan after it has been placed on non-accrual status, the bank must determine whether it should record the payment as a reduction of the loan principal amount or as interest income. 5. Accrued interest receivable is either included in other assets or stated separately. Unearned discounts, allowances for loan losses, and unamortized loan origination fees should be deducted from the loan balances. However, if there are other unamortized loan fees that are material, they should be presented as other liabilities. 6. Banks often make loans to officers, directors, employees, and principal shareholders. Disclosure of these related-party transactions is required if they are material to the loan portfolio or in relation to total stockholders equity. 7. Customer overdrafts should be recorded as loans on the financial statements. 8. There types of loans include the following: a. Commercial loans are typically made for business purposes to sole proprietors, partnerships, and corporations. A commercial loan may be secured or unsecured. A loan is secured when the bank holds a lien against pledged collateral. Commercial loans may be written as short-term time loans, demand loans, or term loans. Some types of commercial loans include: Short-term working capital loans generally finance the production needs of manufacturing companies until finished goods are sold. Asset-based financing involves loans that are secured by the borrowers current assets (receivables or inventories). Seasonal loans provide funds to businesses to carry them through off-season periods of the year.

131

132

Term loans are extended-maturity loans that allow businesses to acquire capital assets. Because of the extended maturity dates, term loans have a greater risk of loss. For this reason, term loans are usually secured, may require amortization, and may contain other restrictive covenants. Agricultural loans are common in rural areas and offer alternative financing to farmers who must often wait years before new operations begin turning a profit. Floor-plan financing allows businesses that sell durable goods such as automobiles to finance inventories. As the business sells goods, the loan advance against those goods is repaid.

b. Residential loans are usually secured by mortgages, deeds of trust, land contracts, or other types of real estate liens. Interest rates for residential mortgage loans may be fixed or variable. Repayment of principal may be set up for full amortization, negative amortization, or partial amortization with a balloon payment at a specified date. Lending institutions may require some borrowers to purchase credit life insurance to reduce the institutions credit risk. The Federal Housing Administration (FHA) insures the real estate loans of borrowers who qualify for the program. Borrowers whose loans are insured by the FHA pay an annual insurance premium based on their loan balance. The Department of Veterans Affairs (VA) partially guarantees the loans of military veterans. VA loans feature little or no down payment and prohibit mortgage brokers commissions. Both the VA and FHA are required to establish lending policies that cover portfolio diversification standards, underwriting standards, loan administration policies, and other documentation and reporting requirements. Also, both agencies require an appraisal by a certified or licensed real estate appraiser for transactions valued at $250,000 or more. c. Consumer loans cover personal use items such as automobiles, appliances, vacations, educational expenses, and home repairs or updates. These loans are generally for smaller amounts and are repaid each month over the loan period. Two primary types of consumer loans are: Installment loans allow the consumer to repay a loan over a set period. The loan is generally secured by the item being purchased. Automobile loans are a common type of installment loan. Credit cards allow customers to make purchases up to a set dollar limit. Most credit cards are unsecured, but some secured card programs are available for customers that are a high credit risk. Many cards carry an annual fee and charge interest on balances unpaid after a specified period.

132

133

d. Leases allow a customer to use an institutions property for a specified period. Most lease agreements give the lessee the option of purchasing the property at fair market value after the lease period ends. The total amount of lease payments receivable plus the estimated residual value, less unearned income and loss allowances, may be shown as loans on the balance sheet or in a separate caption. e. International loans include loans made to foreign governments and banks. A commercial or consumer loan made by the foreign branch of a large bank is also considered an international loan. These types of loans are subject to cross-border risk, which is the risk that the borrowing entitys exchange reserves will not be sufficient to meet its repayment obligations. International loans are also known as foreign loans or cross-border loans.

G. Allowance for Loan Losses 1. All banks assume some loans will not be repaid. Banks are required to estimate the amount of losses they expect from their loan portfolio. Bank management sets the reserve at a given point based on factors such as the number and type of loans made, the quality of the loans made, the number of problem loans, historical loss experience, collateral value on nonperforming loans, guarantors financial strength, and the general state of the economy. If more funds than expected are needed to cover loan losses in a given period, the reserve must be increased and the difference is charged to operating expenses. 2. In most case, uncollectable loans should be written off and charged against the reserve for possible loan losses. However, banks with assets under $25 million with a reserve account should charge uncollectable loans directly to operating expenses.

H. Premises and Equipment 1. Banks own fixed assets, such as buildings, land, and equipment, for use in business operations. However, regulations set limits on the amount of fixed assets a bank may own. A banks holdings of real estate must not exceed a stated percentage of the banks capital and surplus, unless approved by regulatory authorities. 2. Banks generally may not own rental property unless they are going to use the property for banking operations in the near future. A national bank must sell any real estate within five years of acquisition if it is not used for banking purposes. A bank should record real estate not used for banking purposes on its balance sheet as other real estate owned. The amount of the real estate should be listed as the lower of the annual value or the banks investment. A banks real estate holdings must be appraised each year, unless the investment is under $25,000 or is 5% or less of the banks equity capital. 3. Banks should use fair value to record assets acquired through foreclosure. However, the fair value amount should not exceed the amount at which the investment was recorded. If the 133

134

recorded investment amount exceeds the fair value of the real estate, then the bank should record a loss. Fair value is the amount a seller can expect to receive in a normal sale between a willing seller and willing buyer. Fair value is often synonymous with market value. 4. Banks should use Generally Accepted Accounting Principles (GAAP) to capitalize and depreciate their fixed assets. Premises and equipment acquired after June 30, 1967, should be stated at cost less accumulated depreciation or amortization. The account for any fixed asset still in use that has not been capitalized according to GAAP should be reinstated along with the accumulated depreciation. Supervisory agencies may deem it necessary to approve this entry because it could be considered a write-up of assets. 5. The cost of a fixed asset should include all acquisition and construction costs (e.g., transportation costs, installation costs, excavation costs, and architects fees).

I. Customer Acceptances (Letters of Credit) 1. Letters of credit state that a bank will guarantee payment on the drafts or bills of exchange of a person or entity. Any accepted draft or bill of exchange under one of these agreements represents a liability to the bank. Banks should classify any draft or Bill of Exchange they hold as a loan. 2. Letters of credit are usually valid for a period not exceeding six months, and they may be revocable or irrevocable. Only the customer can revoke an irrevocable letter of credit. However, a bank can revoke or modify a revocable letter of credit without the customers consent. 3. Letters of credit can be used as a form of payment. However, they are often used to prevent default. 4. The issuing bank has three banking days to honor a demand for payment subject to a letter of credit.

J. Intangible Assets 1. Intangible assets do not physically exist. Rather, they are the ideas, expertise, capacities, and privileges that belong to an entity. 2. Common types of intangible assets are: Copyrights prevent others from violating an entitys proprietary rights to writings, designs, or processes. Research and development costs associated with copyrights are treated as expenses. Legal expenses necessary to defend a copyright may be capitalized. Amortization of a copyright usually is done in five years or less.

134

135

Patents give owners exclusive rights to unique products or processes. The U.S. government issues patents for a 17-year period. Patents may be purchased or developed individually. Purchased patents are recorded at cost and developed patents are recorded at cost minus any costs for research and development. Franchises allow a franchisee to provide a companys products or services. Franchise fees paid in advance are capitalized and amortized over the useful life of this intangible asset. Trademarks are symbols that allow the public to easily recognize a product or company name. Trademark development costs, except for associated research and development, are capitalized. Amortization of a trademark must be completed in less than 40 years. Goodwill is the establishment of a reputation and the perception among stakeholders and customers regarding quality of service. Leases allow one party to use another partys property for a fee. Lease payments paid in advance are capitalized in the leasehold account. A leasehold improvements account is set up to record any improvements made by the lessee. Leaseholds are amortized over the life of the lease. Leasehold improvements are amortized over the remaining life of the lease or over the useful life of the improvement, whichever is less.

3. Intangible assets are initially recorded at cost. Most entities calculate depreciation using the straight-line method.

K. Other Assets 1. Some of the accounts grouped under other assets include: Accounts receivable Accrued interest receivable Accrued interest receivable Customers acceptance liability (described in an earlier section) Other real estate owned by the bank (described in the Premises and Equipment section) Unconsolidated investments in subsidiaries Suspense accounts 135

136

Prepaid expenses and deferred charges

2. When these other asset categories are material, they may be presented in the balance sheet.

II.

LIABILITIES AND SHAREHOLDERS EQUITY

Liabilities and equity are other important elements of the financial statements. Liabilities are probable future sacrifices of economic benefits due to present obligations or conditions. Equity is the amount of assets that remain after liabilities are subtracted from assets. This section discusses major types of liabilities and equity in the banking industry. A. Deposits 1. Non-interest-bearing accounts typically include checking accounts and escrow accounts, although some types of checking accounts, such as negotiable orders of withdrawal (NOW) accounts, usually accrue interest. Checking accounts and NOW accounts are known as types of demand deposit accounts. A demand deposit account allows customers to safely and easily transfer money through the use of checks, automated teller machines (ATMs), electronic funds transfers (EFTs), or point-of-sale (POS) terminals. Demand deposit accounts are federally insured. Owners of demand deposit accounts receive regular statements from their bank showing a record of deposits and payments during the previous period. Banks record any check they write as a liability. Banks also record a liability when they certify a customers check. In both cases the cash account is reduced only after the check is paid. Issued or certified items are listed in a check register and removed from the file after they are paid. 2. Savings accounts are a common type of interest-bearing account. Savings accounts are also known as time deposit accounts. Examples of savings accounts include passbook accounts, statement accounts, and money market accounts. Traditionally, passbook accounts required the customer to present a passbook when a transaction was made. The teller then would record the transaction in the passbook. The increased use of electronic banking has made passbooks nearly obsolete. Most banks now use ledger cards or computer-generated statements to account for activity on time deposit accounts. The Federal Deposit Insurance Corporation (FDIC) insures funds held in all types of savings accounts. Savings accounts have no stated maturity date. 3. Other types of time deposits accounts include certificates of deposit, individual retirement accounts, and Keogh accounts. These types of accounts bear interest for a fixed period of time.

136

137

Certificate of deposit (CDs) are sold with a specific maturity and rate of interest. Bearer CDs are payable to the owner, and registered CDs are payable to a specified person or entity. Negotiable CDs are short-term instruments generally purchased by companies and pension funds in large denominations. Negotiable CDs over $100,000 are regarded as money market instruments and are free from interest ceilings. Non-negotiable CDs are usually sold in smaller denominations. There is a penalty payable if the holder of a non-negotiable CD redeems the certificate prior to the maturity date. Individual retirement accounts (IRAs) and Keogh accounts are generally maintained as CDs. However, these accounts usually have long maturity dates because they are established as tax-deferred savings plans. 4. Posting of time deposit transactions usually occurs on the day the transaction occurs or the next day. During the posting process, banks may reject some transactions because they lack proper endorsements or are subject to stop payment orders. A bank may also reject a transaction if it would create an overdraft; these items are referred to holdover items or throwouts).

B. Securities Sold Under Repurchase Agreements and Federal Funds Purchased 1. The federal funds market refers to transactions banks make for short-term financing purposes. Specifically, banks use interbank transactions to redistribute their financial resources on a short-term basis. Banks make unsecured loans to other banks by selling federal funds one day and being repaid for them the next day. Banks make collateralized transactions by placing U.S. government securities it purchases in a custody account until the seller makes repayment. 2. In a securities sold under repurchase agreement transaction, a bank sells U.S. government securities one day and repurchases them for the same price plus interest on the next day. Under this type of arrangement, the purchasing banks is said to entered into a securities purchased under reverse repurchase agreement transaction. 3. Federal funds transactions do not involve a physical transfer of funds. The Federal Reserve facilitates these transactions by making the appropriate credits or charges to the reserve accounts of the banks involved. The banks then make the appropriate credits or charges to their federal funds purchased or sold accounts. 4. Any federal funds transactions exceeding one business day should be treated as a loan.

C. Other Borrowed Funds 1. Other types of borrowed funds include: Short-Term Borrowing e.g., commercial paper, lines of credit, and unsecured notes.

137

138

Debentures unsecured debt securities issued by banks. Discounting or Advancing through Counts with a Federal Reserve Bank Discounting involves the Federal Reserve rediscounting with recourse the banks eligible loans. Advancing occurs when member bank executes a promissory note using government securities as collateral; the term discount refers to the interest charged in these transactions. Treasury Tax and Loan Note Option Accounts deposits held at a Federal Reserve bank that are subject to withdrawals and are supported by an open-ended, interestbearing note. Mortgages Payable refers to indebtedness incurred to finance bank expansion programs.

2. Borrowings from the Federal Reserve are grouped with promissory notes and reported on the balance sheet as other borrowed funds. Debentures, subordinated notes, and mortgages payable are often included in separate liability categories on the balance sheet.

D. Long-Term Debt 1. Common types of long-term debt include notes payable and bonds payable. Notes are debt instruments issued to a single investor. Bonds are debt instruments issued to multiple investors. Both notes and bonds have written agreements that describe the principal and interest payable. 2. Long-term debt instruments are sold at discount when the market rate exceeds the stated interest rate. An instrument is sold at a premium when the stated rate exceeds the market rate. An instrument is sold at face value when the market rate and stated rate are equal. 3. The discount on bonds payable account is debited when a bond sells at discount. The premium on bonds payable account is credited with a bonds sells at a premium. The discount or premium is amortized over the life of the bond. 4. Bond issuance costs, such as costs for underwriting fees, printing, and advertising, should be charged to a prepaid expense account. 5. Volume IV of this CFSA Study Guide is devoted to issues and concepts related to the securities industry, including long-term debt instruments.

E. Preferred/Common Stock

138

139

1. Preferred stock and common stock make up a part of a banks total capital. However, regulations limit the amount of equity a bank may have in relation to the banks size and asset mix. 2. When only one class of stock is issued it is classified as common stock. When two classes of stock exist they are classified as common and preferred. 3. Banks can account for stock dividends in two ways: by transferring from retained earnings to capital stock an amount equal to the par value of the additional shares being issued by transferring from retained earnings to a category of permanent capitalization an amount equal to the fair value of the additional shares issued

4. Stock dividends are recorded at the fair market value of the stock on the date the dividend was declared. 5. Volume IV of this CFSA Study Guide is devoted to issues and concepts related to the securities industry, including preferred and common stock.

F. Retained Earnings 1. Retained earnings are the accumulated revenues and expenses of a bank. Therefore, this account increases or decreases based on fluctuations in earnings and dividend distributions. 2. Net losses reduce retained earnings and net income increases retained earnings. Prior period adjustments to correct financial statement errors from a previous period can either increase or decrease retained earnings. The payment of dividends serves to decrease retained earnings.

G. Treasury Stock 1. The term treasury stock refers to outstanding stock that a corporation reacquires or repurchases. Corporations can use treasury stock to prevent against takeover by other companies or to facilitate the takeover of another company. Outstanding stock is also reacquired to meet the needs of employee stock option plans. 2. Treasury stock reduces shareholders equity and is deducted from the contributed capital and earned capital lines on the balance sheet. 3. Reacquiring outstanding shares increases a corporations earnings per share by reducing the number of shares outstanding. 4. Dividends are not paid on treasury stock.

139

140

5. Treasury stock can be recorded at cost or at the stated (or par) value.

III.

OTHER SERVICES/OPERATIONS

This section discusses some other bank services and operations. These include payroll/employee benefits, automated clearinghouses and wire transfers, branch operations, trusts, investment products, asset/liability management, derivatives, and statement of cash flows. Proper management of these services and operations is necessary to reduce the risk of a negative effect on the financial statements. A. Payroll/Employee Benefits 1. Salaries are one of the largest operating expenses in many banks. Losses can occur if a bank does not have adequate controls over this function. 2. The largest risks banks face in this function are making salary payments to employees no longer on the payroll; paying employees for unearned overtime, sick time, or vacation time; entering improper or unauthorized salary increases into the system; and miscalculating Social Security or income tax deductions. Additional risks include failing to monitor employee benefit providers and compliance with federal regulations.

B. Automated Clearing House and Wire Transfer 1. The Automated Clearing House (ACH) is method banks use to move money electronically. The ACH receives, records, and facilitates debit and credit transactions between banks. 2. Some of the transactions the ACH facilitates include direct payroll deposits, government payments, pension payments, dividends, direct debits, corporate cash disbursements, and corporate payments. 3. Wire transfer systems are another method of electronic funds transfer. Transferring funds by wire is immediate and irrevocable. 4. FedWire and CHIPS provide the majority of wire transfer services in the U.S. The Federal Reserve operates FedWire. CHIPS is operated by the New York Clearing House for use by banks in the New York area. 5. The following terms are associated with the Wire Transfer Function:1

Correspondent Banks Financial institutions that maintain account relationships with each other.

140

141

Credit Party The party to be paid by the receiving financial institution. Draw Down An instruction to reduce the balance of the senders account serviced by the receiver with a payment to the senders account at another financial institution. Execution Date The day on which the sending bank may properly issue a payment order in execution of the originators orders. The execution date may be determined by the originator, but cannot be earlier than the day the order is received and, unless otherwise determined, is the day the order is received. Federal (Fed) Funds United States dollars on deposit at a Federal Reserve Bank. Fed funds are commonly used to refer to the transfer (sale/purchase) of excess balances between financial institutions for a stated period of time. Intermediary Bank A financial institution to which funds are transferred for further credit to the beneficiarys bank. Immediate Funds Funds available immediately. Initiator The originator or an agent of the originator of the transfer instructions. Methods of Initiation The transfer instructions can be transmitted by various means, including electronic initiation systems, orally (e.g., in person or by phone), and writing (e.g., hand or mail delivery or fax). Payment Order An instruction of an originator to a sending bank, transmitted orally, electronically, or in writing, to pay or to cause another bank to pay, a fixed or determinable amount of money to a beneficiary. PUPID (Pay Upon Proper Identification) Wire A PUPID is an incoming wire transfer with instruction to pay the beneficiary upon presentment of proper identification. The beneficiary usually does not maintain a checking or savings account with the paying financial institution. Receiving Bank The financial institution receiving funds from the sender on behalf of the beneficiary. Remitter A general term meaning the source of funds in a payment order. Repetitive Transfer A transaction for which all information has been established on the funds transfer system and assigned a unique identifier to be accessed and transferred upon the customers request. The dollar amount and date are the only variables in the transfer.

141

142

Same Day Funds Funds available for transfer today subject to settlement of the transaction through the payment mechanism used. Sending Bank The financial institution that inputs the transaction into a funds transfer system or message service such as FedWire. SWIFT (Society for Worldwide Interbank Financial Telecommunications) A private international telecommunications network for transmitting and routing financial messages. SWIFT carries messages only and does not provide settlement. Test Key A code between the sender and the receiver used in a message to validate the source and/or amount, date, etc. Transit Routing Number A financial institutions identifier with the Federal Reserve Bank. Value Date Date upon which funds are to be available to the receiving bank.

C. Branch Operations 1. Each state has established its own regulations regarding branch banking. Note: some banks operate under a national charter and are regulated by the Office of the Comptroller of the Currency. Therefore, state regulations may not apply to these banks. 2. The Interstate Act of 1994 allows interstate branch banking through the merger of banks in the same state owned by the same holding company. However, states retain the authority to disregard the Interstate Act and prohibit branch banking. 3. A de novo branch bank is a new branch not resulting from a merger. The Interstate Act permits states to adopt legislation allowing de novo branches on the condition that the state must also permit de novo branches of banks headquartered in other states. 4. The Federal Reserve Board governs the foreign activities of U.S. banks. Board approval is required before a foreign bank subsidiary can establish an initial branch in its first two countries outside its own country. Banks must also advise the Board regarding plans to establish additional branches in that country. Foreign branches of member banks may engage in the same banking activities allowed the member bank under U.S. banking law and its charter.

D. Trust 1. Trust departments administer trusts, estates, pension accounts, profit sharing accounts, and custodian accounts. The Board of Directors has fiduciary responsibility for any trust funds

142

143

the bank holds. The Board or its designees must accept in writing all trust funds held. The assets of any trust account accepted must be reviewed at least once every 15 months. 2. All bank employees participating in trust operations must be bonded. 3. Funds held in trust accounts are not assets of the bank. Therefore, records relating to trust accounts must be segregated from other bank accounts. Banks must keep trust account records for three years after their fiduciary relationship ends. 4. Funds a bank holds in trust cannot be reinvested in the banks own securities. Banks may transfer funds from one trust account to another unless prohibited by a trust agreement or unless it is unfair to either account. 5. Banks provide the following personal trust services for individuals: Estate Settlement Banks serve as executors or administrators of estates. Courts can also appoint a bank to serve as administrator cum testamento annexo (c.t.a.) for persons that specify no executor in a their will or whose named executor is unable or unwilling to serve. As administrator of an estate, the banks major duties are to assemble, control, and inventory the deceased persons assets; arrange to pay applicable costs, taxes, and claims; and distribute the net remaining estate according to the terms of the will. Trust Development The bank may be specified as trustee under a trust by agreement arrangement. Trust by declaration occurs when the bank makes a contract with a third party agree to be trustee for someone elses property. Trusts under will occur when a will names the bank as a trustee of property for another party named in the will. Charitable trusts are established by will or agreement for religious, educational, or community improvement purposes. Trusts by court order occur when the courts appoint the bank as trustee for a designated person. Serve as Guardians of Estates Courts may direct a bank to hold and manage the assets of a minor until he or she is of legal age. Banks may also be appointed to serve as guardians of assets for adults who are deemed incompetent or unable to manage their money. Serve as Co-Fiduciary Some wills specify that more than one responsible party share the trustee responsibilities of an estate. The named parties are referred to as cofiduciaries. Serve as Agent A bank serves as agent when the bank takes possession of a piece of property but the owner retains the title. Agency accounts at a bank include when the bank serves as custodian of property, escrow agent, investment advisory agent, or safekeeping agent. A bank also serves as agent when it executes any authorized powers of attorney.

143

144

6. A banks corporate trust department handles the functions related to stocks and bonds. Corporations, government entities, and other organizations use banks as trustees to handle the issuance, redemption, transfer, and recordkeeping functions associated with a stock or bond issue. A trust agreement or indenture specifies the banks responsibilities. Additional duties of corporate trust departments include: Stock Transfer Agent The transfer agent may issue stock certificates to increase shares outstanding or reissue new certificates when ownership changes. Bond Registrar The bond registrar is responsible for registering bonds at issue. Stock Registrar The stock registrar checks new issues and transfers to prevent overissuance. Dividend Reinvestment Agent The dividend reinvestment agent receives a stockholders dividends and purchases additional shares on the stockholders behalf.

7. A bank may serve as the administrator, trustee, co-trustee, agent, custodian, or depository for a companys employee benefit and retirement plans. Types of retirement plans that banks may administer include: Pension Plans These plans provide retirement income for employees. Pension plans that an employer establishes for retired or disabled employees, regardless of whether an employee contributes, are known as defined benefit plans. The Pension Benefit Guarantee Corporation (PBGC) insures this type of plan, so employees assume no investment risk for any portion they contribute. On the other hand, the PBGC does not insure defined contribution plans, which are plans funded either at a fixed rate (often based on a percentage of an eligible employees salary) or at the discretion of companys directors. Defined contribution plans include profit-sharing plans and stock bonus plans. Self-Employed Retirement Trusts Banks may serve as trustee or custodian for pension and profit sharing plans that self-employed individuals establish for themselves and their employees. These types of trusts are referred to as Keogh plans. Individual Retirement Accounts (IRAs) Banks may administer IRA accounts in accordance with individual agreements with customers. Individuals do not have to pay taxes on deferred income, and any additional contributions are tax deductible until withdrawals begin, which must occur between the ages of 59 and 70.

8. Banks may serve as a transfer agent to perform services such as recording stock ownership changes, maintaining accurate records, paying dividends, handling stock subscriptions and exchanges, and mailing notices and proxies to stockholders. Transfer agents must verify that certificates are unaltered and properly endorsed, witnessed, and dated. Banks must establish standards for accepting signatures. A bank must also ensure

144

145

that certificates include the certificate number and date issued, the number of shares of stock or the principal dollar amount of debt issued, the names and addresses of the registered owners, and the cancellation date. 9. Banks also serve as registrar for stock and bond issues. The registrar accounts for all shares issued, certificates outstanding, and certificates cancelled. The role of the registrar is to ensure that transfer agent does not issue too many shares. The registrars duties include ensuring that old certificates are properly cancelled and that new certificates are properly issued in the correct numerical sequence.

E. Investment Products 1. Investment products are either short-term or long-term. In general, short-term investments include savings accounts, certificates of deposit, Treasury bills, and marketable stocks and bonds. Short-term investments qualify as current assets if they are marketable and easily liquidated. Otherwise, investments are considered long-term and are classified as noncurrent assets. 2. The balance sheet should show marketable equity securities at either the lower of aggregate cost or aggregate market value. Investment securities should be shown at cost, with adjustments for premium amortization and discount accretion. Marketable debt securities are carried at cost. 3. The Comptroller of the Currency restricts the types of security investments that national banks can make. For this purpose, securities are divided into five types: Type I Securities This category of security is backed by the full faith and credit of the U.S. government. These securities are also known as bank-eligible securities because banks can invest in them without restriction. Type II Securities This category of security includes obligations of the World Bank, Inter-American Development Bank, Inter-American Investment Corporation, African Development Bank, and Tennessee Valley Authority. State obligations issued for housing, university, or dormitory purposes are also considered Type II securities. Banks are allowed to purchase no more than 10 percent of their capital and surplus from one source of Type II security. Type III Securities These are investment securities that do not fall under one of the other four types of securities. Banks are allowed to purchase no more than 10 percent of their capital and surplus from one source of Type III security. Type IV Securities These are securities composed of interests in a pool of loans. Examples of Type IV securities include certain residential and commercial mortgagerelated securities. Banks are allowed to purchase no more than 25 percent of their capital and surplus from one source of Type IV security.

145

146

Type V Securities These are marketable investment grade securities that are not Type IV. Banks are allowed to purchase no more than 25 percent of their capital and surplus from one source of Type V security.

F. Asset/Liability Management 1. Asset/liability management (ALM) is a short- and long-term planning tool designed to maximize earnings. ALM tries to create optimal risk/reward decisions and focuses on creating prices that achieve a desired spread. 2. A sound ALM policy must manage four types of risks: Credit Risk Loans are more profitable than most investments, but loans are also riskier. Liquidity Risk Banks must maintain some liquid assets, but not too much because liquid assets typically draw little or no interest. Interest-Rate Risk Earnings and capital can fluctuate due to changes in interest rates. Capital Risk Banks must maintain adequate capital levels. However, retaining too much capital can reduce the banks growth potential.

3. Banks should develop policies related to ALM, including specific guidelines regarding risk/reward tradeoffs. In developing these policies bank officials review historical financial reports, ratio reports, the balance sheet, the income statement, liquidity reports, and other available information.

L. Use of Derivatives 1. A derivative is a financial contract whose value depends on the value of other assets. Types of derivatives include: Swaps A swap occurs when two parties exchange streams of payments for a set period of time. For example, an interest-rate swap occurs when one party trades a variable interest rate for a fixed rate, or vice versa. Options An option gives a party the right to buy or sell a financial instrument at a fixed price up to a set amount during a specified period. Futures Contracts A futures contract specifies an amount of a commodity or financial instrument to be delivered at a specified future date.

146

147

Forward Contracts A forward contract is similar to a futures contract, except there is no exchange acting as intermediary, no daily settlement, and no margin.

2. The SEC requires certain disclosures for entities that use derivatives. These required disclosures include: If derivatives are material, the notes to the financial statements should include a descriptions of the types of derivatives used and a discussion of the method used to account for derivatives. Outside of the financial statements, entities should provide quantitative and qualitative information about derivatives for investors. The information should be separated into two categories: derivatives used for trading and derivatives used for other purposes. The information should address the extent derivatives are exposed to market risk and the methods the entity uses to manage the market risk.

3. Derivatives can be effective, low-cost tools for managing exposure to risks, although some banks may experience losses due to interest rate changes, commodity price changes, or other fluctuations. In order to manage risks, banks should have adequate oversight by senior management and the board of directors, as well as a comprehensive policies and procedures governing the use of derivatives.

M. Statement of Cash Flows 1. A statement of cash flows reports the cash receipts, cash payments, and the net change in cash resulting from the activities of a bank during a given period. The statement reconciles beginning and ending cash balances. 2. The term cash refers both to cash and cash equivalents. Cash equivalents are short-term investments that are readily convertible to cash. Because these are short-term investments, they are relatively insensitive to interest rate changes. Examples of cash equivalents include Treasury bills, money market funds, and commercial paper. 3. The statement of cash flows reports on the operating activities, investing activities, and financing activities of the bank. The operating section appears first, followed by the sections on investing activities and financing activities. 4. The function of the statement of cash flows is to show the banks ability to generate future cash flows and to meet its financial obligations.

147

148

IV.

MONEY AND BANKING

This section provides a brief introduction to the concepts of money and banking and how money relates to the banking industry. A. Role of Money and Banking 1. Broadly defined, money is anything of value that can function as a medium of exchange. The money supply in the U.S. typically refers to paper money, coins, and funds in checking accounts. Near-monies are highly liquid assets such as savings accounts and U.S. government bonds. A bank can lend money up to a specified amount based on the size of its excess reserves. 2. Money has value in relation to its purchasing power. Therefore, if prices rise, the value of money falls. If prices fall, the value of money increases.

B. Bond and Stock Markets 1. The financial markets help keep the economy function by giving individuals and businesses the opportunity to transfer and borrow money. 2. Money can be transferred directly between individuals or companies, such as occurs when a company sells its stocks or directly to the public. Banks can increase the money supply and stimulate the economy through the funds its invests and loans. 3. There are two types of financial asset markets. Primary markets deal in new issues of securities, and secondary markets trade in shares outstanding, mortgages, and loans. 4. The two types of stock markets in the U.S. are the formal security exchanges (e.g., the New York Stock Exchange) and the over-the-counter market. 5. Volume IV of this Study Guide addresses the subject of financial markets in more detail.

C. Effect of Interest Rate Movements 1. Interest is the amount paid to borrow funds. Thus, the interest rate influences the cost of money. 2. The riskier the loan, the higher the interest rate. Because short-term loans are less risky, their interest rates are usually lower than long-term rates. 3. High inflation causes interest rates to rise. The real interest rate refers to the stated rate adjusted for inflation.

148

149

4. Interest rates rise when the U.S. government borrows or prints money. Interest rates also increase as the federal deficit increases. High interest rates in foreign countries also contribute to high interest rates in the U.S.

D. Monetary Management Theories 1. Based on the theory that lower interest rates encourage investment, the Federal Reserve can control the money supply and credit availability in the U.S. in the following ways: Change the Discount Rate The discount rate is the rate the Federal Reserve charges member banks to borrow funds. Decreasing the discount rate stimulates borrowing among member banks (which then lend more to customers). Therefore, if the Federal Reserve wished to decrease the money supply to try to reduce inflationary pressures, it would increase the discount rate to discourage borrowing. Buy or Sell Securities on the Open Market The Federal Reserve buys government securities to increase the reserves of member banks and sells government securities to decrease in member banks reserves. Moral Suasion The Federal Reserve issues oral or written statements to encourage banks to increase or decrease their lending activities. Change Legal Reserve Requirements Increasing legal reserve requirements decreases the amount of money that a bank has available to lend. Thus, increasing the legal reserve requirements decreases the money supply, and vice versa.

2. The Federal Reserves monetary policies described above are designed to influence investment spending. Lower interest rates serve to stimulate investment activities.

149

150

UNIT 2: LAWS/REGULATIONS AND REGULATORY ENVIRONMENT

The banking industry is heavily regulated, and compliance with the intent of banking laws and regulations helps the system function effectively and protects the interests of consumers and shareholders. There are thousands of laws and regulations that affect banking, and this unit will provide a snapshot of a small sample of these regulations. To facilitate the review of current laws and regulations, excerpts from the actual text of some laws and regulations has been included. In addition, web sites to provide current and detailed information have been included throughout this unit. The sections for this unit are: A. Overview of the Regulatory Environment B. Laws and Regulations

A. Overview of the Regulatory Environment The banking industry is regulated by the entities listed below. Legislation has been enacted to serve the interests of consumers and the entities involved in commercial banking activities. Although, there are multiple competing interests that vie for changes to banking laws to accommodate their interests, the overall banking system functions well. The primary regulatory entities for banking include: Federal Reserve System Office of the Comptroller of the Currency Federal Deposit Insurance Corporation (FDIC) State Regulatory Systems National Credit Union Administration (NCUA)

1. Federal Reserve System The Federal Reserve, the central bank of the United States, was founded by Congress in 1913 to provide the nation with a safer, more flexible, and more stable monetary and financial system. Today the Federal Reserve's duties fall into four general areas: (1) conducting the nation's monetary policy; (2) supervising and regulating banking institutions and protecting the credit rights of consumers; (3) maintaining the stability of the financial system; and (4) providing certain financial services to the U.S. government, the public, financial institutions, and foreign official institutions. Appointments to the Board - The seven members of the Board of Governors are appointed by the President and confirmed by the Senate to serve 14-year terms of office. Members may serve only one full term, but a member who has been appointed to complete an unexpired

150

151

term may be reappointed to a full term. The President designates, and the Senate confirms, two members of the Board to be Chairman and Vice Chairman, for four-year terms. Representation - Only one member of the Board may be selected from any one of the twelve Federal Reserve Districts. In making appointments, the President is directed by law to select a "fair representation of the financial, agricultural, industrial, and commercial interests and geographical divisions of the country." These aspects of selection are intended to ensure representation of regional interests and the interests of various sectors of the public. Responsibilities - The primary responsibility of the Board members is the formulation of monetary policy. The seven Board members constitute a majority of the 12-member Federal Open Market Committee (FOMC), the group that makes the key decisions affecting the cost and availability of money and credit in the economy. The other five members of the FOMC are Reserve Bank presidents, one of whom is the president of the Federal Reserve Bank of New York. The other Bank presidents serve one-year terms on a rotating basis. By statute the FOMC determines its own organization, and by tradition it elects the Chairman of the Board of Governors as its Chairman and the President of the New York Bank as its Vice Chairman. The Board sets reserve requirements and shares the responsibility with the Reserve Banks for discount rate policy. These two functions plus open market operations constitute the monetary policy tools of the Federal Reserve System. In addition to monetary policy responsibilities, the Federal Reserve Board has supervisory and regulatory responsibilities over banks that are members of the System, bank holding companies, international banking facilities in the United States, Edge Act and agreement corporations, foreign activities of member banks, and the U.S. activities of foreign-owned banks. The Board also sets margin requirements which limit the use of credit for purchasing or carrying securities. In addition, the Board plays a key role in assuring the smooth functioning and continued development of the nation's vast payments system. Another area of Board responsibility is the development and administration of regulations that implement major federal laws governing consumer credit such as the Truth in Lending Act, the Equal Credit Opportunity Act, the Home Mortgage Disclosure Act and the Truth in Savings Act. Meetings - The Board usually meets several times a week. Meetings are conducted in compliance with the Government in the Sunshine Act, and many meetings are open to the public. If the Board has convened to consider confidential financial information, however, the sessions are closed to public observation. Contacts within Government - As they carry out their duties, members of the Board routinely confer with officials of other government agencies, representatives of banking industry groups, officials of the central banks of other countries, members of Congress and academicians. For example, they meet frequently with Treasury officials and the Council of Economic Advisers to help evaluate the economic climate and to discuss objectives for the nation's economy. Governors also discuss the international monetary system with central bankers of other countries and are in close contact with the heads of the U.S. agencies that make foreign loans and conduct foreign financial transactions.

151

152

(The information above was taken from the Federal Reserve System Web site on November 6, 1999 - http://www.federalreserve.gov/general.htm) Banks must purchase the stock of bank in its district to be a member of the Federal Reserve. Regulation I outlines the amount of stock that must be purchased by an individual bank. The amount is generally a percentage of the banks capital and surplus. National banks are obligated to be members of the FRS. Although membership is not required for state chartered banks, many are members of the FRS. Members of the FRS are required to maintain a certain percentage of cash-reserves in their vault or in non-interesting bearing accounts at FRS bank. Some advantages of being a member of the Federal Reserve System include: Ability to borrow funds from the Federal Reserve at a discount rate. This is called the members rate. Right to store securities at Reserve banks at no charge. Ability to request current information on banking issues. Ability to use the FRS check clearing system. Ability to use the FRS automated clearing house. Ability to use FRS regional check processing centers.

2. Office of the Comptroller of the Currency The Office of the Comptroller of the Currency (OCC) charters, regulates, and supervises all national banks. It also supervises the federal branches and agencies of foreign banks. Headquartered in Washington, D.C., the OCC has six district offices plus an office in London to supervise the international activities of national banks. The OCC was established in 1863 as a bureau of the U.S. Department of the Treasury. The OCC is headed by the Comptroller, who is appointed by the President, with the advice and consent of the Senate, for a five-year term. The Comptroller also serves as a director of the Federal Deposit Insurance Corporation (FDIC) and a director of the Neighborhood Reinvestment Corporation. The OCCs nationwide staff of examiners conducts on-site reviews of national banks and provides sustained supervision of bank operations. The agency issues rules, legal interpretations, and corporate decisions concerning banking, bank investments, bank community development activities, and other aspects of bank operations. National bank examiners supervise domestic and international activities of national banks and perform corporate analyses. Examiners analyze a banks loan and investment portfolios, funds management, capital, earnings, liquidity, sensitivity to market risk, and compliance with consumer banking laws, including the Community Reinvestment Act. They review the

152

153

banks internal controls, internal and external audit, and compliance with law. They also evaluate bank managements ability to identify and control risk. In regulating national banks, the OCC has the power to: Examine the banks. Approve or deny applications for new charters, branches, capital, or other changes in corporate or banking structure. Take supervisory actions against banks that do not comply with laws and regulations or that otherwise engage in unsound banking practices. The agency can remove officers and directors, negotiate agreements to change banking practices, and issue cease and desist orders as well as civil money penalties. Issue rules and regulations governing bank investments, lending, and other practices.

The OCCs Objectives - The OCCs activities are predicated on four objectives that support the OCCs mission to ensure a stable and competitive national banking system. The four objectives are: To ensure the safety and soundness of the national banking system. To foster competition by allowing banks to offer new products and services. To improve the efficiency and effectiveness of OCC supervision, including reducing regulatory burden. To ensure fair and equal access to financial services for all Americans.

History - In the National Currency Act of 1863, the administration of the new national banking system was vested in the newly created OCC and its chief administrator, the Comptroller of the Currency. The law was completely rewritten and re-enacted as the National Bank Act. That act authorized the Comptroller of the Currency to hire a staff of national bank examiners to supervise and periodically examine national banks. The act also gave the Comptroller authority to regulate lending and investment activities of national banks. One of the reasons Congress created a banking system that issued national currency was to finance the Civil War. Although national banks no longer issue currency, they continue to play a prominent role in the nations economic life. Today, the OCC regulates and supervises more than 2,600 national banks that hold about 58 percent of the total assets of all U.S. commercial banks. OCC Funding - The OCC does not receive any appropriations from Congress. Instead, its operations are funded primarily by assessments on national banks. National banks pay for their examinations, and they pay for the OCCs processing of their corporate applications. The OCC also receives revenue from its investment income, primarily from U.S. Treasury securities.

153

154

FDIC Insurance - The FDIC insures the deposits in all national banks. An individual is limited to $100,000 in insurance coverage at each bank (including all branches). The OCCs primary function is the supervision and examination of national banks. The OCC has a role in coordinating banking examinations among different federal regulatory agencies. The OCC also issues banking bulletins and circulars to inform the banking community of regulations. Below is a list of banking circulars: Date 11/07/93 09/03/93 06/16/93 05/25/93 05/21/93 02/25/93 01/05/93 12/03/92 07/14/92 03/05/92 02/27/92 05/14/93 03/19/93 01/05/92 03/13/93 07/30/91 09/12/90 02/07/90 10/27/93 10/27/93 10/14/92 04/18/91 06/08/90 09/07/89 05/10/89 02/03/89 05/31/88 01/25/88 11/21/86 10/31/86 09/11/86 06/18/86 07/26/85 05/22/85 05/23/85 05/07/85 05/07/85 Title Risk Management of Financial Derivatives Free Riding In Custody Accounts Civil Money Penalties EFT Switches and Network Services Civil Money Penalty for Delinquent/Inaccurate Call Prompt Corrective Action FFIEC Statement: Large Funds Transfer for Money Laundering National Bank Fair Lending Efforts EDP Service Contracts Stock Appraisals External Fraud External Fraud - Central Bank (Denver) Certificates External Fraud External Fraud External Fraud Troubled Loan Workouts and Loans to Borrowers Application of Securities Laws to Common Trust Funds Suspicious Transactions Suspicious Transactions - Depository Trust Suspicious Transactions - Pethahiah Suspicious Transactions Suspicious Transactions Suspicious Transactions Push Down Policy International Payments Systems Risk Acceptance of Financial Benefits by Bank Trust Depts. Information Security End-User Computing Investment In Investment Co's Composed of Bank Eligible Sweep Fees Securities Denominated In Foreign Currencies Collateral Evaluation and Classification of Energy Loans OCC Staff No-Objection Positions Accounting for Loan Swaps Loan Production Offices Premiums on U.S. Government Guaranteed Loans Securities Lending

154

155

Financial Information on Data Processing Servicers Issuance of "Due Bills" to Customers Purchasing Securities Purchases of Loans In Whole or In Part-Participations Federal Home Loan Mortgage Corporation (FHLMC) Swap Program Charges by a Federal Reserve Bank Against a NB Service Charges on Dormant Accounts Abandoned Property Law Uniform Class. of Assets & Appraisal of Securities Exception to Lending Limits for OPIC Insured Standby Letters of Credit Issued by National Banks 11/03/81 - Coin and Bullion 12/28/83 - Sale of Commemorative Coins 07/01/76 - Bank Holding Company Affiliates 01/14/70 - NBs May Make Investments In Partnerships In Which the Housing Partnership is a Partner 01/14/70 - National Banks May Make Investments In National Housing Partnership - II 01/14/70 - Purchase of Shares In the Common Stock

01/18/85 03/07/84 08/02/84 06/11/82 04/09/82 09/25/80 04/26/91 10/18/76 -

Standards for Developing Regulations On January 21, 1997, the Office of the Comptroller of the Currency issued OCC Bulletin 978, adopting standards for developing regulations that apply to all the rules that the agency issues. Those standards are based on the standards that the OCC used in the comprehensive revision of its regulations under its Regulation Review Program. Regulations are risk-focused if they effectively target the areas of bank activity that present the greatest risk to safety and soundness, the payments system, or the long-term vitality of the national banking system, and when they address areas where either banks or the OCC have clearly established statutory responsibilities. In assessing how to regulate a particular activity and the need for regulation in that area, the OCC will, when appropriate, consider how nonbanks performing comparable functions are regulated and then assess the potential for alternative regulatory approaches to be applied to the regulation of national banks. Regulations are results-oriented if they focus on the achievement of key regulatory or supervisory objectives rather than mandating compliance with detailed steps leading up to those objectives. In developing regulations, the OCC takes into account changes in banking organizations' structures and the impact of technology on how banks deliver products and services. The OCC seeks to identify regulatory and supervisory goals that will remain valid even as banking structures change and the means by which banks operate and serve their customers evolve. In this way, the OCC ensures that its rules set the standards for the effective supervision of national banks without stifling banks' ability to undertake innovation or accommodate change. The OCC eliminates regulatory requirements that are not necessary to ensure the safety and soundness of national banks, to support consumers' access to financial services, or to accomplish other aspects of the OCC's statutory mission.

155

156

To minimize the burden that results from requirements that are necessary for effective supervision, the OCC uses a differential regulatory approach when appropriate to the issue under review. Differential regulation means that requirements are not imposed on a "onesize-fits-all" basis, but are, instead, tailored to the condition or characteristics of different categories of national banks. For example, risk levels are often dependent upon differences in banks' capital levels, CAMEL ratings, size, or other objective factors. Moreover, some regulatory requirements impose disproportionately greater burdens on small banks. Therefore, the OCC may vary regulatory requirements according to these differences. Similarly, reporting or recordkeeping requirements may differ depending on a bank's size or risk levels. In some instances, national banks must apply to or consult with the OCC before expanding their lines of business or undertaking certain activities. The OCC's regulations establish application criteria and procedures that allow maximum flexibility for the strongest banks and closer scrutiny and controls for banks with demonstrated weaknesses. The OCC's regulations provide for processes that are predictable, so that banks know what is necessary in order to request OCC approval; orderly, so that banks can plan appropriately; and reasonably prompt, so that banks do not lose competitive opportunities as a result of unnecessary regulatory delay. National banks operate in a competitive environment in which providers of financial services are subject to different regulatory schemes administered by different federal and state agencies. When possible, the OCC consults and coordinates with the other federal banking agencies (the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision) and with other financial services regulators to achieve consistency in the way national banks and their competitors are regulated in the conduct of the same or similar activities. Regulatory burden and cost result if bankers must always seek the advice of experts in order to understand the requirements that apply to them. The OCC writes regulations in a clear, plain style and structures regulations to enhance their clarity. In drafting its regulations, the OCC uses the approach best suited to the subject of the rule. Some regulations may appropriately prescribe a bright-line standard, which provides the greatest certainty to banks about the limits of acceptable conduct. Other regulations may contain more general standards that offer banks greater flexibility but reserve more discretion to the OCC. Often, a combination of approaches is best. In each case, the OCC balances banks' need for a predictable response from the regulator against the goal of providing maximum flexibility to bank management consistent with principles of safety and soundness and other statutory requirements. The OCC facilitates participation in its rulemakings by banks and members of the public by allowing time for thoughtful comment. Absent unusual circumstances, the OCC allows a comment period of not less than 60 days. The OCC accepts comments in a variety of formats, including by facsimile transmission and electronic mail. The OCC uses sparingly the

156

157

discretion it has under applicable laws to dispense with prior notice and opportunity for comment. Consistent with applicable statutory requirements, the OCC times the effective dates of its regulations to allow an adequate period for national banks to adjust their data systems and business planning processes to accommodate change. The OCC uses sparingly the discretion is has under applicable laws to accelerate the effective dates of regulations. National banks operate in a rapidly changing business environment in which the effectiveness or utility of today's regulations may be eroded by tomorrow's developments in products, services, or technology. The OCC is committed to keeping its regulations current. The OCC encourages national banks, members of the public, and its own staff to provide feedback on how its regulations are working. The OCC uses a variety of mechanisms to obtain feedback either directly or indirectly. These mechanisms may include: a new initiative to assess the effectiveness of regulations in meeting articulated policy goals; participation by the Comptroller and senior members of the agency's staff in outreach or focus group meetings with bankers and public interest groups; meetings with representatives of individual banks or with members of trade, professional, or public interest groups; intra-agency updates and feedback via meetings and electronic mail; and solicitation of comment on a continuing basis via the Internet. (The information above was taken from the Office of the Comptroller of the Currency Web site on November 6, 1999 - http://www.occ.treas.gov)

3. Federal Deposit Insurance Corporation (FDIC) - The FDIC's mission is to maintain the stability of and public confidence in the nation's financial system. To achieve this goal, the FDIC has insured deposits and promoted safe and sound banking practices since 1933. The FDIC sign, posted in insured financial institutions across the country, has become a symbol of confidence. This publication describes why and how the FDIC fulfills its mission. You also will learn where to turn for more information at the FDIC. Introduction - The Great Depression of the late 1920s and early 1930s caused financial chaos in America. More than 9,000 banks closed between the stock market crash of October 1929 and March of 1933, when President Franklin Delano Roosevelt took office. For all practical purposes, the nation's banking system had shut down completely even before President Roosevelt, less than 48 hours after his inauguration, declared a "banking holiday" suspending all banking activities until stability could be restored. Among the actions taken by Congress to bring order to the system was the creation of the FDIC in June 1933. The intent was to provide a federal government guarantee of deposits so that customers' funds, within certain limits, would be safe and available to them on demand. Since the start of FDIC insurance on January 1, 1934, not one depositor has lost a cent of insured funds as a result of a failure. Mission - The heart of the FDIC's mission is to maintain stability and public confidence in the nation's financial system.

157

158

Today the FDIC: Insures deposits up to $100,000 in virtually all United States banks and savings associations (also called savings and loan associations or S&Ls). Arranges a resolution for each failing institution, one that is the least-costly to the insurance fund and, when possible, the least disruptive for customers. Promotes the safety and soundness of insured depository institutions and the U.S. financial system by identifying, monitoring and addressing risks to the deposit insurance funds. The FDIC also is the primary federal regulator of about 6,000 statechartered "nonmember" banks (commercial and savings banks that are not members of the Federal Reserve System).

Structure & Funding - An independent agency of the federal government, the FDIC is managed by a five-member board of directors appointed by the President and confirmed by the Senate. The FDIC is subject to audits by the General Accounting Office and oversight by Congress. The FDIC administers two federal deposit insurance funds, the Bank Insurance Fund (BIF) and the Savings Association Insurance Fund (SAIF). Deposits in most commercial banks and many savings banks are insured by the BIF. In 1989, Congress created the SAIF to succeed the Federal Savings and Loan Insurance Corporation (FSLIC) to insure deposits to specified amounts at savings associations and many savings banks. The FDIC was assigned responsibility for managing the SAIF. Both the BIF and SAIF deposit insurance programs are backed by the full faith and credit of the U.S. government. The FDIC receives no congressional appropriations to carry out its mission as a deposit insurer and banking regulator. The money for these purposes comes from deposit insurance premiums paid by banks and savings associations and from earnings on investments in U.S. Treasury securities. The FDIC separately manages the FSLIC Resolution Fund (FRF), which was created by Congress in 1989 in response to the thrift industry crisis of the 1980s. The FRF, which is funded by congressional appropriations, is responsible for wrapping up the obligations of the former FSLIC and the former Resolution Trust Corporation (RTC). Insurance Coverage - When federal deposit insurance became effective in 1934, coverage was limited to $2,500 per depositor. Over time, coverage has increased. On March 31, 1980, coverage was raised to its current $100,000 limit. Savings, checking and other deposit accounts, when combined, are generally insured up to $100,000 per depositor in each financial institution insured by the FDIC. Deposits held in different ownership categories, such as single or joint accounts, may be separately insured. Also, separate $100,000 coverage is generally provided for retirement accounts such as individual retirement accounts (IRAs) and Keoghs.

158

159

Federal deposit insurance coverage is limited to deposits, and does not include securities, mutual funds or similar types of investments that may be offered for sale at FDIC-insured banks and savings and loan associations. When a federally insured bank or S&L fails to protect insured depositors, the FDIC responds immediately. Institutions generally are closed by their chartering authority the state regulator, the Office of the Comptroller of the Currency, or the Office of Thrift Supervision. The FDIC's job involves paying depositors up to the $100,000 insurance limit and recovering as much money as possible from the failed institution's assets (primarily loans, real estate and securities). The FDIC has several options for resolving failed institutions, but by law it must use the least-costly approach in each case. The option generally used is called a "purchase-andassumption agreement," where the FDIC arranges with an existing or newly chartered institution to assume either the insured deposits or all of the deposits (insured and uninsured) of the failed institution, along with all or some of the loans and other assets. Customers of the failed institution automatically become customers of the assuming institution. By maintaining banking services at most or all of the failed institution's offices, the purchaseand-assumption approach is less disruptive to the community than other options available to the FDIC. The assuming institution also usually pays a premium to the FDIC, which helps reduce the agency's costs of handling the failed institution. In rare instances, when the FDIC is unable to arrange for an assuming institution, payments are made directly to insured depositors. No matter which option the FDIC uses, funds within the $100,000 insurance limit are always fully protected. The FDIC uses recoveries from a failed institution's assets for two main purposes: (1) to replenish the insurance fund that protected the failed institution's depositors, and (2) to minimize the losses suffered by parties who are not protected by the insurance fund, such as uninsured depositors (those over the $100,000 insurance limit). The FDIC attempts to return the assets of the failed institution to the private sector as quickly as possible, and most of the assets are sold to healthy institutions soon after the troubled institution is closed. It may be necessary for the FDIC to retain and manage some of the less-desirable assets. Proceeds from asset sales are used to reimburse the insurance funds and to pay uninsured depositors, to the extent possible. General creditors are paid to the extent possible only after all depositors are paid in full. Shareholders of the failed institution receive any residual value, although there usually is none. Supervision - The FDIC is the primary federal regulator of state nonmember banks and, for insurance purposes, is the back-up supervisor over the remaining federally insured banks and savings associations. Examinations are the foundation of the FDIC's efforts to ensure the safety and soundness of institutions. They are used to determine the condition of an institution and to check for compliance with laws and regulations. The FDIC's process for examining and supervising institutions includes on-site examinations and off-site analyses of reports filed by institutions.

159

160

As part of its examination, the FDIC looks for poor risk-management or excessive risk-taking by an institution, and seeks early remedies. In the 1980s and early 1990s, the nation faced a financial crisis not paralleled since the Great Depression. Approximately 2,900 banks and savings institutions failed between 1980 and 1993. But by the mid-1990s, the health of the banking and thrift industries was dramatically improved. Banks and S&Ls were earning record profits, translating into rapidly declining numbers of failures and problem institutions. In recent years, the FDIC has developed a number of initiatives aimed at identifying and addressing emerging risks to the banking industry and the insurance funds. The FDIC identifies and monitors such risks to the funds by drawing on a number of sources of information, including FDIC examiners and financial analysts, as well as other bank regulatory agencies, other government sources of economic statistics, and analyses and data from the private sector. The FDIC also aims to reduce the regulatory burden on banks where regulations no longer reduce the risk to the deposit insurance funds or protect consumers. In addition, the FDIC examines state nonmember banks to ensure their compliance with equal credit and other consumer protection laws. Two examples are the Community Reinvestment Act (CRA) and the Truth in Lending Act. The CRA encourages banks and thrifts to help meet the credit needs of their communities. The Truth in Lending Act requires accurate disclosures of interest rates and finance charges so that loan applicants can comparison-shop for mortgages or consumer loans. By statute, the FDIC issues regulations governing banks' and savings associations' procedures and performance, and conducts several kinds of banking examinations. Examinations - The FDIC, in conjunction with other federal and state regulatory agencies, examines financial institutions to ensure they are conducting business in compliance with consumer protection rules and in a way that minimizes risk to their customers and to the deposit insurance funds. Community Reinvestment Act - In 1977, Congress enacted the Community Reinvestment Act (CRA) to encourage federally insured banks and thrifts to meet the credit needs of their entire community, including low-and moderate-income residents. Compliance - The FDIC performs compliance examinations to determine whether the institutions it supervises meet the requirements of various consumer protection, fair lending and related regulations. Guidance for officers and employees of banks and savings institutions to assist them in meeting these responsibilities. Information Systems & E-banking - Examination procedures that address banks' and savings institutions' use of electronic data processing systems and online banking (sometimes called E-banking).

160

161

Safety & Soundness - A safety and soundness examination is what most people think of when they hear "bank examination." These periodic, on-premise FDIC examinations help assess an institution's financial condition, policies and procedures, and adherence to certain laws and regulations. Safety and soundness examinations are a vital tool in protecting the financial integrity of the deposit insurance funds and promoting public confidence in the banking system and individual banks. Trust - Banks and savings institutions may be granted trust (fiduciary) powers under the jurisdiction of Federal Financial Institutions Examination Council (FFIEC) regulatory agencies. The FDIC examines the trust operations of FDIC-regulated financial institutions. Laws & Regulation - The FDIC was created by the Banking Act of 1933 and continues to be governed by a variety of laws enacted by Congress. The FDIC, in collaboration with other Federal Financial Institutions Examination Council (FFIEC) regulatory agencies, writes and enforces regulations that govern the way banks and savings institutions do business. Examiner Training Program - Descriptions of training programs for federal and state examiners, conducted by the Federal Financial Institutions Examination Council (FFIEC), an interagency body empowered to "prescribe uniform principles and standards for the federal examination of financial institutions." The FDIC promotes compliance with fair lending, Community Reinvestment Act, and other consumer protection laws and regulations. It also works with lenders, organizations and the general public to revitalize and educate communities. Consumer Affairs Program and Publications - The FDIC's consumer outreach programs and publications address the concerns of depositors and other customers of banks and savings associations. Community Affairs Program - The Community Affairs Program assists consumer and community groups, government officials, financial institutions, examiners and other interested groups and individuals in understanding and participating in the Community Reinvestment Act. In its capacity as court-appointed receiver, the FDIC liquidates a variety of assets including loans and real estate. (The information above was taken from the Federal Deposit Insurance Corporation Web site on November 6, 1999 - http://www.fdic.gov/) 4. State Regulatory Systems - States have also enacted laws and regulations to govern banking activities. Generally, national banking laws and regulations supersede the laws and regulations in individual states. Additionally, specific banking laws and regulations differ from state to state, as a result, very little emphasis is placed on banking regulations in individual states.

161

162

An example, of a regulatory agency in a State is the Illinois Office of Banks and Real Estate, Bureau of Banks and Trust Companies. The Web site for the Illinois Bureau of Banks and Trust Companies states: The mission of the Bureau of Banks and Trust Companies is to charter or authorize and supervise state-chartered commercial banks, foreign bank offices, electronic funds transfer systems, corporate fiduciaries, and their information systems in order to assure the safety and soundness of such institutions in compliance with applicable laws and regulations for the benefit of the public. The Bureaus mission also includes registering check printers and nonfinancial institution deployers of Automated Teller Machines and licensing pawnbrokers that operate in Illinois. (The information above was taken from the State of Illinois, Office of Banks and Real Estate Web site on December 31, 1999 - http://www.obre.state.il.us/) 5. National Credit Union Administration (NCUA) is an independent federal agency that supervises and insures 6,707 federal credit unions and insures 4,134 state-chartered credit unions. It is entirely funded by credit unions and receives no tax dollars. NCUA is an independent financial regulatory agency of the federal government, responsible for chartering, supervising, examining, and insuring federal credit unions. NCUA also insures state credit unions which apply and qualify for insurance. A credit union is a member-owned, non-profit financial cooperative organized to promote thrift among its members and to make loans to its members from accumulated savings. Unlike banks and other financial institutions, a credit union is chartered according to a specific field of membership. The field is made up of people who have a common bond of occupation, residence, or association. Anyone who falls within a credit unions field of membership may join. Credit unions range in size from the very small to large and complex world-wide operations. Credit unions are good, solid, well-operated, and well-managed financial institutions. Credit unions are the fastest growing of all financial institutions and are rated highest in customer satisfaction. Credit unions believe in serving the underserved. In addition to serving employees of large corporations, they have expanded their memberships to low-income communities, distressed areas and rural neighborhoods. The following section is an excerpt of text of the National credit Union Administration Act. TITLE 12--BANKS AND BANKING CHAPTER VII--NATIONAL CREDIT UNION ADMINISTRATION Sec. 700.1 Definitions (a) Act means the Federal Credit Union Act (73 Stat. 628, 84 Stat. 944, 12 U.S.C. 1751 through 1790).

162

163

(b) Administration means the National Credit Union Administration. (c) Board means the Board of the National Credit Union Administration. (d) Credit Union means a credit union chartered under the Federal Credit Union Act or, as the context permits, under the laws of any State. (e) Regional Director means the representative of the Administration in the designated geographical area in which the office of the Federal credit union is located. (f) Regional Office means the office of the Administration located in the designated geographical areas in which the office of the Federal credit union is located. (g) State means a State of the United States, the District of Columbia, any of the several Territories and possessions of the United States, the Panama Canal Zone, and the Commonwealth of Puerto Rico. (h) Remaining maturity is the time period from the date of the required reserve transfer to the stated date of maturity of the instrument. (i) For the purpose of establishing the reserves required by section 116 of the Federal Credit Union Act, all assets except the following shall be considered risk assets: (1) Cash on hand. (2) Deposits and/or shares in federally or state-insured banks, savings and loan associations, and credit unions that have a remaining maturity of 5 years or less. (3) Assets that have a remaining maturity of 5 years or less and are insured by, fully guaranteed as to principal and interest by, or due from the U.S. Government, its agencies, the Federal National Mortgage Association. Federal Home Loan Mortgage Corporation, or the Government National Mortgage Association. Collateralized mortgage obligations that are comprised of government guaranteed mortgage loans shall be included in this asset category. (4) Loans to other credit unions that have a remaining maturity of 5 years or less. (5) Student loans insured under the provisions of title IV, Part B of the Higher Education Act of 1965 (20 U.S.C. 1071, et seq.) or similar state insurance programs that have a remaining maturity of 5 years or less. (6) Loans that have a remaining maturity of 5 years or less and are fully insured or guaranteed by the Federal or a state government or any agency of either. (7) Shares or deposits in a corporate credit union that have a remaining maturity of 5 years or less, other than Membership Capital Share Deposit accounts as defined in part 704. (i) Is operated primarily for the purpose of serving other credit unions; (ii) Is designated by the National Credit Union Administration as a corporate credit union; and (iii) Limits natural person members to the minimum required by state or federal law to charter and operate the credit union. (8) Common trust investments, including mutual funds, which deal exclusively in investments authorized by the Federal Credit Union Act that are either carried at the lower cost or market, or are marked to market value monthly. (9) Prepaid expenses. (10) Accrued interest on non-risk investments. (11) Loans fully secured by a pledge of shares in the lending Federal credit union, equal to and maintained to at least the amount of the loan outstanding. (12) Loans which are purchased from liquidating credit unions and guaranteed by the National Credit Union Administration.

163

164

(13) National Credit Union Share Insurance Fund Guaranty Accounts established with the authorization of the National Credit Union Administration under the authority of section 208(a)(1) of the Federal Credit Union Act. (14) Investments in shares of the National Credit Union Administration Central Liquidity Facility. (15) Assets included in numbered items 2, 3, 4, 5, 6, and 7 with maturities greater than 5 years are exempt from risk assets if the asset is being carried on the credit union's records at the lower of cost or market, or are being marked to market value monthly. (16) Assets included in numbered items 2, 3, 4, 5, 6, and 7, with remaining maturities greater than 5 years are exempt from risk assets provided they meet the following criteria, irrespective of whether or not the asset is being carried on the credit union's records at the lower of cost or market, or are being marked to market value monthly. (17) Fixed Assets as defined in Sec. 701.36(b). (18) Deposit in the National Credit Union Share Insurance Fund representing a federally insured credit union's capitalization account balance of one percent of insured shares. (j)(1) Insolvency. A credit union will be determined to be insolvent when the total amount of its shares exceeds the present cash value of its assets after providing for liabilities unless: (i) It is determined by the Board that the facts that caused the deficient share-asset ratio no longer exist; and (ii) The likelihood of further depreciation of the share-asset ratio is not probable; and (iii) The return of the share-asset ratio to its normal limits within a reasonable time for the credit union concerned is probable; and (iv) The probability of a further potential loss to the insurance fund is negligible. (2) For purposes of this section, the following definitions are used: (i) Cash value of assets. Recorded value will be considered the cash value of any asset account providing accepted accounting principles and practices are followed and the provisions of law, regulation, and bylaws are met. (ii) Liabilities. Recorded liabilities which are due and payable, excluding shares of members and non-members, are considered liabilities. (k) For purposes of determining the amount required to be transferred to regular reserves under sections 116 and 201(b)(6) of the Federal Credit Union Act, gross income means the total of the operating income accounts reduced by the following. (1) Dividends received on shares in the National Credit Union Administration Central Liquidity Facility; (2) Dividends received by credit unions on special share accounts held in Agent members of the Central Liquidity Facility authorized by Sec. 725.7 of this chapter; and (3) Interest received by an Agent member of the Central Liquidity Facility to the extent of interest paid to the Facility by the Agent member. In the case of an Agent member of the Central Liquidity Facility that is a group of central credit unions-(i) Interest received by the Agent group representative, as defined in Sec. 725.1(b) of this chapter, to the extent of interest paid to the Facility by the Agent group representative; and (ii) Interest received by each central credit union in the Agent group (other than the Agent group representative) to the extent of interest paid by each such central credit union to the Agent group representative on Agent group representative loans, as defined in Sec. 725.1(b) of this chapter. Non-operating gains and losses are not included in gross income. [36 FR 23794, Dec. 15, 1971; 37 FR 329, Jan. 11, 1972, as amended at 37

164

165

FR 10342, May 20, 1972; 45 FR 47121, July 14, 1980; 54 FR 48234, Nov. 22, 1989; 54 FR 52015, Dec. 20, 1989; 55 FR 1794, Jan. 19, 1990; 57 FR 47985, Oct. 21, 1992; 58 FR 40042, July 27, 1993] (The information above was taken from the Code of Federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv6_98.html#700)

B. Laws and Regulations Legislation has been enacted to serve the interests of consumers and the entities involved in commercial banking activities. Some of the laws and regulations that govern banking are listed below. Reg A - Borrowing by Depository Institutions Reg B - Equal Credit Opportunity Act Reg C - Home Mortgage Disclosure Act Reg D - Reserve Requirements Reg E - Electronic Funds Transfer Act Reg J - Collection of Checks and other Items Reg K - Edge Act Reg L - Depository Institution Man. Interlocks Act Reg M - Consumer Leasing Reg O - Loans to Executive Officers Reg P/Reg 21- Bank Protection Act Reg Q - Interest on Deposits Reg U - Credit by Banks for Purchase of Margin Stocks Reg Y - Bank Holding Company Act Reg Z - Truth in Lending (open end, closed end, credit cards, home equity, right of rescission, restitution) Reg BB - Community Reinvestment Act Reg CC - Availability of Funds and Collection of Checks Reg DD - Truth in Savings Reg 34 - Real Estate Lending and Appraisals Bank Bribery Act Bank Secrecy Act Fair Credit Reporting Act Fair Debt Collection Practices Act Fair Housing Act Financial Institution Reform, Recovery and Enforcement Act (FIRREA) FDIC Bank Improvement Act of 1991 Foreign Corrupt Practices Act National Flood Insurance Program OFAC Real Estate Settlement Procedures Act 165

166

Right to Financial Privacy Act Tax Identification Reporting (TIN Compliance) Transactions with Affiliates - FRB Sections 23 A&B Trust - 12 CFR Part 9

Following will be a brief discussion of each of these regulations. In most cases, the actual text of the legislation will be included to supplement the brief summary. In some cases, portions of the legislation have been bolded by the authors to highlight key information. 1. Regulation A Borrowing by Depository Institutions - governs borrowing at the Federal Reserve discount window. Banks or other depository institutions may participate in the following lending programs: An adjustment credit is available to help institutions meet short-term obligations when the normal source of funds is not available. An extended credit is available to help institutions meet long-term needs. An emergency credit is available to help non-depository institutions to obtain credit to limit adverse impact on the economy. Entities such as corporations, partnerships, and individuals can obtain emergency credit.

The following section is an excerpt of text of Regulation A TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 201.1 Authority, scope and purpose (a) Authority and scope. This part is issued under the authority of sections 10A, 10B, 13, 13A, and 19 of the FRA (12 U.S.C. 347a, 347b, 343 et seq., 347c, 348 et seq., 374, 374a, and 461), other provisions of the FRA, and section 7(b) of the International Banking Act of 1978 (12 U.S.C. 347d) and relates to extensions of credit by Federal Reserve Banks to depository institutions and others. (b) Purpose. This part establishes rules under which Federal Reserve Banks may extend credit to depository institutions and others. Extending credit to depository institutions to accommodate commerce, industry, and agriculture is a principal function of Federal Reserve Banks. While open market operations are the primary means of affecting the overall supply of reserves, the lending function of the Federal Reserve Banks is an effective method of supplying reserves to meet the particular credit needs of individual depository institutions. The lending functions of the Federal Reserve System are conducted with due regard to the basic objectives of monetary policy and the maintenance of a sound and orderly financial system. [58 FR 68512, Dec. 28, 1993] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html)

166

167

2. Regulation B Equal Credit Opportunity Act - promotes the availability of credit to all credit-worthy applicants. Creditors are prohibited from discriminating on non-financial factors such as race, color, religion, national origin, sex, marital status, or age. Additionally, banks are required to provide applicants with a notice of action regarding the loan application and collect monitoring information regarding an applicants race, color, religion, national origin, sex, marital status, and age. The following section is an excerpt of text of Regulation B. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 202.1 Authority, scope and purpose. (a) Authority and scope. This regulation is issued by the Board of Governors of the Federal Reserve System pursuant to title VII (Equal Credit Opportunity Act) of the Consumer Credit Protection Act, as amended (15 U.S.C. 1601 et seq.). Except as otherwise provided herein, the regulation applies to all persons who are creditors, as defined in Sec. 202.2(1). Information collection requirements contained in this regulation have been approved by the Office of Management and Budget under the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB control number 7100-0201. (b) Purpose. The purpose of this regulation is to promote the availability of credit to all creditworthy applicants without regard to race, color, religion, national origin, sex, marital status, or age (provided the applicant has the capacity to contract); to the fact that all or part of the applicant's income derives from a public assistance program; or to the fact that the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The regulation prohibits creditor practices that discriminate on the basis of any of these factors. The regulation also requires creditors to notify applicants of action taken on their applications; to report credit history in the names of both spouses on an account; to retain records of credit applications; to collect information about the applicant's race and other personal characteristics in applications for certain dwelling-related loans; and to provide applicants with copies of appraisal reports used in connection with credit transactions. [Reg. B, 50 FR 48026, Nov. 20, 1985, as amended at 58 FR 65661, Dec. 16, 1993] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 3. Regulation C Home Mortgage Disclosure Act - provide the public with loan data that can be used to: To help determine whether financial institutions are serving the housing needs of their communities; To assist public officials in distributing public-sector investments so as to attract private investment to areas where it is needed; and

167

168

To assist in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes.

The following section is an excerpt of text of Regulation C. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 203.1 Authority, purpose, and scope. (a) Authority. This regulation is issued by the Board of Governors of the Federal Reserve System (``Board'') pursuant to the Home Mortgage Disclosure Act (12 U.S.C. 2801 et seq.), as amended. The information-collection requirements have been approved by the U.S. Office of Management and Budget under 44 U.S.C. 3501 et seq. and have been assigned OMB Numbers 1557-0159, 3064-0046, 1550-0021, and 7100-0247 for institutions reporting data to the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the Federal Reserve System, respectively; numbers for the National Credit Union Administration and the Department of Housing and Urban Development are pending. (b) Purpose. (1) This regulation implements the Home Mortgage Disclosure Act, which is intended to provide the public with loan data that can be used: (i) To help determine whether financial institutions are serving the housing needs of their communities; (ii) To assist public officials in distributing public-sector investments so as to attract private investment to areas where it is needed; and (iii) To assist in identifying possible discriminatory lending patterns and enforcing antidiscrimination statutes. (2) Neither the act nor this regulation is intended to encourage unsound lending practices or the allocation of credit. (c) Scope. This regulation applies to certain financial institutions, including banks, saving associations, credit unions, and other mortgage lending institutions, as defined in Sec. 203.2(e). It requires an institution to report data to its supervisory agency about home purchase and home improvement loans it originates or purchases, or for which it receives applications; and to disclose certain data to the public. (d) Loan aggregation and central data depositories. Using the loan data made available by financial institutions, the Federal Financial Institutions Examination Council will prepare disclosure statements and will produce various reports for individual institutions for each metropolitan statistical area (MSA), showing lending patterns by location, age of housing stock, income level, sex, and racial characteristics. The disclosure statements and reports will be available to the public at central data depositories located in each MSA. A listing of central data depositories can be obtained from the Federal Financial Institutions Examination Council, Washington, DC 20006. [Reg. C, 54 FR 51362, Dec. 15, 1989, as amended at 63 FR 52142, Sept. 30, 1998]

168

169

(The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 4. Regulation D Reserve Requirements - relates to reserves that depository institutions are required to maintain for the purpose of facilitating the implementation of monetary policy by the Federal Reserve System. Depository institutions must maintain reserves in the form of vault cash or have an adequate balance at a Federal Reserve or corresponding bank. The following section is an excerpt of text of Regulation D. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 204.1 Authority, purpose and scope. (a) Authority. This part is issued under the authority of section 19 (12 U.S.C. 461 et seq.) and other provisions of the Federal Reserve Act and of section 7 of the International Banking Act of 1978 (12 U.S.C. 3105). (b) Purpose. This part relates to reserves that depository institutions are required to maintain for the purpose of facilitating the implementation of monetary policy by the Federal Reserve System. (c) Scope. (1) The following depository institutions are required to maintain reserves in accordance with this part: (i) Any insured bank as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(h)) or any bank that is eligible to apply to become an insured bank under section 5 of such Act (12 U.S.C. 1815); (ii) Any savings bank or mutual savings bank as defined in section 3 of the Federal Deposit Insurance Act (12 U.S.C. 1813(f), (g)); (iii) Any insured credit union as defined in section 101 of the Federal Credit Union Act (12 U.S.C. 1752(7)) or any credit union that is eligible to apply to become an insured credit union under section 201 of such Act (12 U.S.C. 1781); (iv) Any member as defined in section 2 of the Federal Home Loan Bank Act (12 U.S.C. 1422(4)); and (v) Any insured institution as defined in section 401 of the National Housing Act (12 U.S.C. 1724(a)) or any institution which is eligible to apply to become an insured institution under section 403 of such Act (12 U.S.C. 1726). (2) Except as may be otherwise provided by the Board, a foreign bank's branch or agency located in the United States is required to comply with the provisions of this part in the same manner and to the same extent as if the branch or agency were a member bank, if its parent foreign bank (i) has total worldwide consolidated bank assets in excess of $1 billion; or (ii) is controlled by a foreign company or by a group of foreign companies that own or control foreign banks that in the aggregate have total worldwide consolidated bank assets in excess of $1 billion. In addition, any other foreign bank's branch located in the United States that is eligible to apply to become an insured bank under section 5 of the Federal Deposit Insurance Act (12 U.S.C. 1815) is required to maintain reserves in accordance with this part as a nonmember depository institution.

169

170

(3) Except as may be otherwise provided by the Board, an Edge Corporation (12 U.S.C. 611 et seq.) or an Agreement Corporation (12 U.S.C. 601 et seq.) is required to comply with the provisions of this part in the same manner and to the same extent as a member bank. (4) This part does not apply to any financial institution that (i) is organized solely to do business with other financial institutions; (ii) is owned primarily by the financial institutions with which it does business; and (iii) does not do business with the general public. (5) The provisions of this part do not apply to any deposit that is payable only at an office located outside the United States. [45 FR 56018, Aug. 22, 1980] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 5. Regulation E Electronic Funds Transfer Act purpose is to protect consumers engaging in electronic funds transfers. It became a law in 1978 and establishes the basic rights, liabilities, and responsibilities of consumers and banks involved in electronic funds transfers. The following section is an excerpt of text of Regulation E. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 205.1 Authority and purpose (a) Authority. The regulation in this part, known as Regulation E, is issued by the Board of Governors of the Federal Reserve System pursuant to the Electronic Fund Transfer Act (15 U.S.C. 1693 et seq.). The information-collection requirements have been approved by the Office of Management and Budget under 44 U.S.C. 3501 et seq. and have been assigned OMB No. 7100-0200. (b) Purpose. This part carries out the purposes of the Electronic Fund Transfer Act, which establishes the basic rights, liabilities, and responsibilities of consumers who use electronic fund transfer services and of financial institutions that offer these services. The primary objective of the act and this part is the protection of individual consumers engaging in electronic fund transfers. (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 6. Regulation J Collection of Checks and Other Items purpose is to provide rules for collecting and returning items and settling balances. The following section is an excerpt of text of Regulation J. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 210.1 Authority, purpose, and scope.

170

171

The Board of Governors of the Federal Reserve System (Board) has issued this subpart pursuant to the Federal Reserve Act, sections 11 (i) and (j) (12 U.S.C. 248 (i) and (j)), section 13 (12 U.S.C. 342), section 16 (12 U.S.C. 248(o) and 360), and section 19(f) (12 U.S.C. 464); the Expedited Funds Availability Act (12 U.S.C. 4001 et seq.); and other laws. This subpart governs the collection of checks and other cash and noncash items and the handling of returned checks by Federal Reserve Banks. Its purpose is to provide rules for collecting and returning items and settling balances. [53 FR 21984, June 13, 1988, as amended at Reg. J, 59 FR 22965, May 4, 1994] Sec. 210.3 General provisions. (a) General. Each Reserve Bank shall receive and handle items in accordance with this subpart, and shall issue operating circulars governing the details of its handling of items and other matters deemed appropriate by the Reserve Bank. The circulars may, among other things, classify cash items and noncash items, require separate sorts and letters, provide different closing times for the receipt of different classes or types of items, provide for instructions by an Administrative Reserve Bank to other Reserve Banks, set forth terms of services, and establish procedures for adjustments on a Reserve Bank's books, including amounts, waiver of expenses, and payment of interest by as-of adjustment. (b) Binding effect. This subpart, together with subpart C of part 229 and the operating circulars of the Reserve Banks, are binding on all parties interested in an item handled by any Reserve Bank. (c) Government items. As depositaries and fiscal agents of the United States, Reserve Banks handle certain items payable by the United States or certain Federal agencies as cash or noncash items. To the extent provided by regulations issued by, and arrangements made with, the United States Treasury Department and other Government departments and agencies, the handling of such items is governed by this subpart. The Reserve Banks shall include in their operating circulars such information regarding these regulations and arrangements as the Reserve Banks deem appropriate. (d) Government senders. Except as otherwise provided by statutes of the United States, or regulations issued or arrangements made thereunder, this subpart and the operating circulars of the Reserve Banks apply to the following when acting as a sender: a department, agency, instrumentality, independent establishment, or office of the United States, or a wholly owned or controlled Government corporation, that maintains or uses an account with a Reserve Bank. (e) Foreign items. A Reserve Bank also may receive and handle certain items payable outside a Federal Reserve District, as provided in its operating circulars. The handling of such items in a state is governed by this subpart, and the handling of such items outside a state is governed by the local law. (f) Relation to other law. The provisions of this subpart supersede any inconsistent provisions of the Uniform Commercial Code, of any other state law, or of part 229 of this title, but only to the extent of the inconsistency. [45 FR 68634, Oct. 16, 1980, as amended at 51 FR 21744, June 16, 1986; 53 FR 21984, June 13, 1988; Reg. J, 59 FR 22965, May 4, 1994; 62 FR 48171, Sept. 15, 1997]

171

172

(The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 7. Regulation K Edge Act purpose is to provide rules governing the international and foreign activities of U.S. banking organizations, including procedures for establishing foreign branches and Edge corporations to engage in international banking and for investments in foreign organizations. The Edge Act was first enacted in 1919 and Regulation K was promulgated in 1979. The following section is an excerpt of text of Regulation K. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 211.1 Authority, purpose, and scope. (a) Authority. This subpart is issued by the Board of Governors of the Federal Reserve System (``Board'') under the authority of the Federal Reserve Act (``FRA'') (12 U.S.C. 221 et seq.); the Bank Holding Company Act of 1956 (``BHC Act'') (12 U.S.C. 1841 et seq.); and the International Banking Act of 1978 (``IBA'') (12 U.S.C. 3101 et seq.). Requirements for the collection of information contained in this regulation have been approved by the Office of Management and Budget under the provision of 44 U.S.C. 3501, et seq. and have been assigned OMB numbers 7100-0107; 7100-0109; 7100-0110; 7100-0069; 7100-0086; and 7100-0073. (b) Purpose. This subpart sets out rules governing the international and foreign activities of U.S. banking organizations, including procedures for establishing foreign branches and Edge corporations to engage in international banking and for investments in foreign organizations. (c) Scope. This subpart applies to: (1) Corporations organized under section 25(a) of the FRA (12 U.S.C. 611-631), ``Edge corporations''; (2) Corporations having an agreement or undertaking with the Board under section 25 of the FRA (12 U.S.C. 601-604a), ``Agreement corporations''; (3) Member banks with respect to their foreign branches and investments in foreign banks under section 25 of the FRA (12 U.S.C. 601-604a);\1\ and \1\ Section 25 of the FRA, which refers to national banking associations, also applies to state member banks of the Federal Reserve System by virtue of section 9 of the FRA (12 U.S.C. 321). (4) Bank holding companies with respect to the exemption from the nonbanking prohibitions of the BHC Act afforded by section 4(c)(13) of the BHC Act (12 U.S.C. 1843(c)(13)). [56 FR 19565, Apr. 29, 1991, unless otherwise noted.] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 8. Regulation L Interlocks Act was designed to foster competition in the banking industry by limiting the sharing of banking personnel. For example, a management official cant

172

173

serve in a management capacity of two institutions in the same community. The following section is an excerpt of text of Regulation L. SEC. 202. As used in this title-(1) the term "depository institution" means a commercial bank, a savings bank, a trust company, a savings and loan association, a building and loan association, a homestead association, a cooperative bank, an industrial bank, or a credit union; (2) the term "depository holding company" means a bank holding company as defined in section 2(a) of the Bank Holding Company Act of 1956, a company which would be a bank holding company as defined in section 2(a) of the Bank Holding Company Act of 1956 but for the exemption contained in section 2(a)(5)(F) thereof, or a savings and loan holding company as defined in section 408(a)(1)(D) of the National Housing Act; (3) the characterization of any corporation (including depository institutions and depository holding companies), as an "affiliate of," or as "affiliated" with any other corporation means that-(A) one of the corporations is a depository holding company and the other is a subsidiary thereof, or both corporations are subsidiaries of the same depository holding company, as the term "subsidiary" is defined in either section 2(d) of the Bank Holding Company Act of 1956 in the case of a bank holding company or section 408(a)(1)(H) of the National Housing Act in the case of a savings and loan holding company; or (B) more than 25 percent of the voting stock of one corporation is beneficially owned in the aggregate by one or more persons who also beneficially own in the aggregate more than 25 percent of the voting stock of the other corporation; or (C) one of the corporations is a trust company all of the stock of which, except for directors qualifying shares, was owned by one or more mutual savings banks on the date of enactment of this Act, and the other corporation is a mutual savings bank; or {{10-31-94 p.8592}} (D) one of the corporations is a bank, insured by the Federal Deposit Insurance Corporation and chartered under State law, and is a bankers' bank, described in Paragraph Seventh of section 5136 of the Revised Statutes; or (E) one of the corporations is a bank, chartered under State law and insured by the Federal Deposit Insurance Corporation, the voting securities of which are held only by persons who are officers of other banks, as permitted by State law, and which bank is primarily engaged in providing banking services for other banks and not for the public: Provided, however, That in no case shall the voting securities of such corporation be held by such officers of other banks in excess of 6 per centum of the paid-in capital and 6 per centum of the surplus of such a bank. (4) the term "management official" means an employee or officer with management functions, a director (including an advisory or honorary director, except in the case of a depository institution with total assets of less than $100,000,000), a trustee of a business organization under the control of trustees, or any person who has a representative or nominee serving in any such capacity: Provided, That if a corporator, trustee, director, or other officer of a State-chartered savings bank or cooperative bank is specifically authorized under the laws of the State in which said institution is located to serve as a trustee, director, or other officer of a State-chartered trust company which does not make real estate mortgage loans and does not accept savings deposits from natural persons, then, for the purposes of this title,

173

174

such corporator, trustee, director, or other officer shall not be deemed to be a management official of such trust company: And provided further, That if a management official of a State-chartered trust company which does not make real estate mortgages loans and does not accept savings deposits from natural persons is specifically authorized under the laws of the State in which said institution is located to serve as a corporator, trustee, director, or other officer of a State-chartered savings bank or cooperative bank, then, for the purposes of this title, such management official shall not be deemed to be a management official of any such savings bank or cooperative bank; and (5) the term "office" used with reference to a depository institution means either a principal office or a branch. [Codified to 12 U.S.C. 3201] [Source: Section 202 of title II of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3672), effective March 10, 1979, as amended by sections 2, 3, and 5(b)(1) of the Act of November 10, 1988, (Pub. L. No. 100--650; 102 Stat. 3819 and 3820), effective November 10, 1988; section 322(c)(2) of title III of the Act of September 23, 1994 (Pub. L. No. 103-325; 108 Stat. 2227), effective September 23, 1994] SEC. 203. A management official of a depository institution or a depository holding company may not serve as a management official of any other depository institution or depository holding company not affiliated therewith if an office of one of the institutions or any depository institution that is an affiliate of such institutions is located within either-(1) the same primary metropolitan statistical area, the same metropolitan statistical area, or the same consolidated metropolitan statistical area that is not comprised of designated primary metropolitan statistical areas as defined by the Office of Management and Budget, except in the case of depository institutions with less than $20,000,000 in assets in which case the provision of paragraph (2) shall apply, as that in which an office of the other institution or any depository institution that is an affiliate of such other institution is located, or (2) the same city, town, or village as that in which an office of the other institution or any depository institution that is an affiliate of such other institution is located, or in any city, town, or village contiguous or adjacent thereto. [Codified to 12 U.S.C. 3202] [Source: Section 203 of title II of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3673), effective March 10, 1979, as amended by section 701(c) of title VII of the Act of November 30, 1983 (Pub. L. No. 98--181; 97 Stat. 1267), effective November 30, 1983] {{430-97 p.8593}} SEC. 204. If a depository institution or a depository holding company has total assets exceeding $2,500,000,000, a management official of such institution or any affiliate thereof may not serve as a management official of any other nonaffiliated depository institution or depository holding company having total assets exceeding $1,500,000,000 or as a management official of any affiliate of such other institution. In order to allow for inflation or

174

175

market changes, the appropriate Federal depository institutions regulatory agencies may, by regulation, adjust, as necessary, the amount of total assets required for depository institutions or depository holding companies under this section. [Codified to 12 U.S.C. 3203] [Source: Section 204 of title II of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3673), effective March 10, 1979; as amended by section 2210(a) of title II of the Act of September 30, 1996 (Pub. L. No. 104--208; 110 Stat. 3009--409), effective September 30, 1996] SEC. 205. The prohibitions contained in sections 203 and 204 shall not apply in the case of any one or more of the following or subsidiary thereof: (1) A depository institution or depository holding company which has been placed formally in liquidation, or which is in the hands of a receiver, conservator, or other official exercising a similar function. (2) A corporation operating under section 25 or 25(a) of the Federal Reserve Act. (3) A credit union being served by a management official of another credit union. (4) A depository institution or depository holding company which does not do business within any State of the United States, the District of Columbia, any territory of the United States, Puerto Rico, Guam, American Samoa, or the Virgin Islands except as an incident to its activities outside the United States. (5) A State-chartered savings and loan guaranty corporation. (6) A Federal Home Loan Bank or any other bank organized specifically to serve depository institutions. (7) A depository institution or a depository holding company which-(A) is closed or is in danger of closing, as determined by the appropriate Federal depository institutions regulatory agency in accordance with regulations prescribed by such agency; and (B) is acquired by another depository institution or depository holding company, during the 5-year period beginning on the date of the acquisition of the depository institution or depository holding company described in subparagraph (A). (8)(A) A diversified savings and loan holding company (as defined in section 408(a)(1)(F) of the National Housing Act) with respect to the service of a director of such company who is also a director of any nonaffiliated depository institution or depository holding company (including a savings and loan holding company) if-(i) notice of the proposed dual service is given by such diversified savings and loan holding company to-(I) the appropriate Federal depository institutions regulatory agency for such company; and (II) the appropriate Federal depository institutions regulatory agency for the nonaffiliated depository institution or depository holding company of which such person is also a director, not less than 60 days before such dual service is proposed to begin; and (ii) the proposed dual service is not disapproved by any such appropriate Federal depository institutions regulatory agency before the end of such 60-day period.

175

176

(B) Any appropriate Federal depository institutions regulatory agency may disapprove, under subparagraph (A)(ii), a notice of proposed dual service by any individual if such agency finds that-- {{4-30-97 p.8594}} (i) the dual service cannot be structured or limited so as to preclude the dual service's resulting in a monopoly or substantial lessening of competition in financial services in any part of the United States; (ii) the dual service would lead to substantial conflicts of interest or unsafe or unsound practices; or (iii) the diversified savings and loan holding company has neglected, failed, or refused to furnish all the information required by such agency. (C) Any appropriate Federal depository institutions regulatory agency may, at any time after the end of the 60-day period referred to in subparagraph (A), require that any dual service by any individual which was not disapproved by such agency during such period be terminated if a change in circumstances occurs with respect to any depository institution or depository holding company of which such individual is a director that would have provided a basis for disapproval of the dual service during such period. (9) Any savings association (as defined in section 10(a)(1)(A) of the Home Owners' Loan Act or any savings and loan holding company (as defined in section 10(a)(1)(D) of such Act) which has issued stock in connection with a qualified stock issuance pursuant to section 10(q) of such Act, except that this paragraph shall apply only with respect to service as a single management official of such savings association or holding company, or any subsidiary of such savings association or holding company, by a single management official of the savings and loan holding company which purchased the stock issued in connection with such qualified stock issuance, and shall apply only when the Director of the Office of Thrift Supervision has determined that such service is consistent with the purposes of this Act and the Home Owners' Loan Act. [Codified to 12 U.S.C. 3204] [Source: Section 205 of title II of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3673), effective March 10, 1979, as amended by section 425(d) of title IV of the Act of October 15, 1982 (Pub. L. No. 97--320; 96 Stat. 1524), effective October 15, 1982; sections 4 and 5(a) of the Act of November 10, 1988 (Pub. L. No. 100--650; 102 Stat. 3819), effective November 10, 1988; section 604(a) of title VI of the Act of August 9, 1989 (Pub. L. No. 101-73; 103 Stat. 410), effective August 9, 1989] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 31, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) Use this generic site 9. Regulation M Consumer Leasing Implements the consumer leasing provisions of the Truth in Lending Act. The purpose of this part is: To ensure that lessees of personal property receive meaningful disclosures that enable them to compare lease terms with other leases and, where appropriate, with credit transactions; To limit the amount of balloon payments in consumer lease transactions; and

176

177

To provide for the accurate disclosure of lease terms in advertising.

The following section is an excerpt of text of Regulation M. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 213.1 Authority, scope, purpose, and enforcement. (a) Authority. The regulation in this part, known as Regulation M, is issued by the Board of Governors of the Federal Reserve System to implement the consumer leasing provisions of the Truth in Lending Act, which is Title I of the Consumer Credit Protection Act, as amended (15 U.S.C. 1601 et seq.). Information collection requirements contained in this regulation have been approved by the Office of Management and Budget under the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB control number 71000202. (b) Scope and purpose. This part applies to all persons that are lessors of personal property under consumer leases as those terms are defined in Sec. 213.2(e)(1) and (h). The purpose of this part is: (1) To ensure that lessees of personal property receive meaningful disclosures that enable them to compare lease terms with other leases and, where appropriate, with credit transactions; (2) To limit the amount of balloon payments in consumer lease transactions; and (3) To provide for the accurate disclosure of lease terms in advertising. (c) Enforcement and liability. Section 108 of the act contains the administrative enforcement provisions. Sections 112, 130, 131, and 185 of the act contain the liability provisions for failing to comply with the requirements of the act and this part. [Reg. M, 61 FR 52258, Oct. 7, 1996, as amended at 62 FR 15367, Apr. 1, 1997] (The information above was taken from the Code of federal Regulations Web site on December 21, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfr213_99.html) 10. Regulation O Loans to Executive Officer purpose is to govern any extension of credit by a member bank to an executive officer, director, or principal shareholder of the member bank, a bank holding company of which the member bank is a subsidiary, and any other subsidiary of that bank holding company. It was created to control insider lending where an officer would receive preferential treatment and favorable loan terms. The purpose is to limit the opportunity for preferential treatment to insiders. The following section is an excerpt of text of Regulation O. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 215.1 Authority, purpose, and scope. (a) Authority. This subpart is issued pursuant to sections 11(i), 22(g), and 22(h) of the Federal Reserve Act (12 U.S.C. 248(i), 375a, and 375b), 12 U.S.C. 1817(k), and section 306

177

178

of the Federal Deposit Insurance Corporation Improvement Act of 1991 (Pub. L. 102-242, 105 Stat. 2236 (1991)). (b) Purpose and scope. This subpart A governs any extension of credit by a member bank to an executive officer, director, or principal shareholder of: The member bank; a bank holding company of which the member bank is a subsidiary; and any other subsidiary of that bank holding company. It also applies to any extension of credit by a member bank to: A company controlled by such a person; and a political or campaign committee that benefits or is controlled by such a person. This subpart A also implements the reporting requirements of 12 U.S.C. 375a concerning extensions of credit by a member bank to its executive officers and of 12 U.S.C. 1817(k) concerning extensions of credit by a member bank to its executive officers or principal shareholders, or the related interests of such persons. [Reg. O, 59 FR 8837, Feb. 24, 1994, unless otherwise noted.] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 11. Regulation P Bank Protection Act purpose is to provide security measures for banks and other financial institutions, and to provide for the appointment of the Federal Savings and Loan Insurance Corporation as receiver. There are two primary reasons for this act. First, it established minimum standards of security devices to prevent burglaries, robberies, and larcenies at banks. Second, it promoted the design of procedures assists banks in the identification and apprehension of persons who commit illegal acts. In addition it made banks accountable for their enforcement actions and forced banks to maintain appropriate documentation to demonstrate compliance to regulatory agencies. Note: As of October 1, 1998 the provisions of Regulation P have been incorporated into Regulation H. The following section is an excerpt of text of Regulation P. BANK PROTECTION ACT OF 1968 To provide security measures for banks and other financial institutions, and to provide for the appointment of the Federal Savings and Loan Insurance Corporation as receiver. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, That this Act may be cited as the "Bank Protection Act of 1968". [Codified to 12 U.S.C. 1881 note] [Source: Section 1 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 294), effective July 7, 1968] SEC. 2. As used in this Act the term "Federal supervisory agency" means-(1) The Comptroller of the Currency with respect to national banks and district banks, (2) The Board of Governors of the Federal Reserve System with respect to Federal Reserve banks and State banks which are members of the Federal Reserve System,

178

179

(3) The Federal Deposit Insurance Corporation with respect to State banks which are not members of the Federal Reserve System but the deposits of which are insured by the Federal Deposit Insurance Corporation and State savings associations, and (4) The Director of the Office of Thrift Supervision with respect to Federal savings. [Codified to 12 U.S.C. 1881] [Source: Section 2 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 294) effective July 7, 1968; as amended by section 744(h) of title VII of the Act of August 9, 1989 (Pub. L. No. 101--73; 103 Stat. 439), effective August 9, 1989] SEC. 3. (a) Within six months from the date of this Act, each Federal supervisory agency shall promulgate rules establishing minimum standards with which each bank or savings and loan association must comply with respect to the installation, maintenance, and operation of security devices and procedures, reasonable in cost, to discourage robberies, burglaries, and larcenies and to assist in the identification and apprehension of persons who commit such acts. (b) The rules shall establish the time limits within which banks and savings and loan associations shall comply with the standards. [Codified to 12 U.S.C. 1882] [Source: Section 3 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 295), effective July 7, 1968; as amended by section 911(a) of title IX of the Act of August 9, 1989 (Pub. L. No. 101--73; 103 Stat. 478), effective August 9, 1989] SEC. 4. The Federal supervisory agencies shall consult with (1) insurers furnishing insurance protection against losses resulting from robberies, burglaries, and larcenies committed against financial institutions referred to in section 2, and (2) State agencies having supervisory or regulatory responsibilities with respect to such insurers to determine the feasibility and desirability of premium rate differentials based on the installation, maintenance, and operation of security devices and procedures. The Federal supervisory agencies shall report to the Congress the results of their consultations pursuant to this section not later than two years after the date of enactment of this Act. [Codified to 12 U.S.C. 1883] [Source: Section 4 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 295), effective July 7, 1968] {{8-30-96 p.8074}} SEC. 5. A bank or savings and loan association which violates a rule promulgated pursuant to this Act shall be subject to a civil penalty which shall not exceed $100 for each day of the violation.

179

180

[Codified to 12 U.S.C. 1884] [Source: Section 5 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 295), effective July 7, 1968] 326.2 Designation of security officer. Upon the issuance of federal deposit insurance, the board of directors of each insured nonmember bank{2} {2 The term "board of directors" includes the managing official of an insured branch of a foreign bank for purposes of 12 CFR 326.0--326.4.} shall designate a security officer who shall have the authority, subject to the approval of the board of directors, to develop, within a reasonable time, but no later than 180 days, and to administer a written security program for each banking office. [Codified to 12 C.F.R. 326.2] [Section 326.2 amended at 53 Fed. Reg. 17917, May 19, 1988; 56 Fed. Reg. 13581, April 3, 1991, effective May 3, 1991] 326.3 Security program. (a) Contents of security program. The security program shall: (1) Establish procedures for opening and closing for business and for the safekeeping of all currency, negotiable securities, and similar valuables at all times; (2) Establish procedures that will assist in identifying persons committing crimes against the bank and that will preserve evidence that may aid in their identification and prosecution; such procedures may include, but are not limited to: (i) Retaining a record of any robbery, burglary, or larceny committed against the bank; (ii) Maintaining a camera that records activity in the banking office; and (iii) Using identification devices, such as prerecorded serial-numbered bills, or chemical and electronic devices; (3) Provide for initial and periodic training of officers and employees in their responsibilities under the security program and in proper employee conduct during and after a robbery, burglar or larceny; and (4) Provide for selecting, testing, operating and maintaining appropriate security devices, as specified in paragraph (b) of this section. (b) Security devices. Each insured nonmember bank shall have, at a minimum, the following security devices: (1) A means of protecting cash or other liquid assets, such as a vault, safe, or other secure space;

180

181

(2) A lighting system for illuminating, during the hours of darkness, the area around the vault, if the vault is visible from outside the banking office; (3) An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; (4) Tamper-resistant locks on exterior doors and exterior windows that may be opened; and (5) Such other devices as the security officer determines to be appropriate, taking into consideration: (i) The incidence of crimes against financial institutions in the area; (ii) The amount of currency or other valuables exposed to robbery, burglary, and larceny; (iii) The distance of the banking office from the nearest responsible law enforcement officers; (iv) The cost of the security devices; (v) Other security measures in effect at the banking office; and (vi) The physical characteristics of the structure of the banking office and its surroundings. {{4-30-98 p.2265}} [Codified to 12 C.F.R. 326.3] [Section 326.3 amended at 56 Fed. Reg. 13581, April 3, 1991, effective May 3, 1991] 326.4 Reports. The security officer for each insured nonmember bank shall report at least annually to the bank's board of directors on the implementation, administration, and effectiveness of the security program. [Codified to 12 C.F.R. 326.4] [Section 326.4 amended at 53 Fed. Reg. 17917, May 19, 1988; 56 Fed. Reg. 13582, April 3, 1991, effective May 3, 1991] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) 12. Regulation Q Interest on Deposits - prohibits the payment of interest on demand deposits by member banks and other depository institutions. It also set guidelines regarding advertisements of interest rates and stresses the importance of accuracy of advertisements. The regulations require banks to utilize truth in advertising; thus, a bank is expected to provide all advertised services and rates. The following section is an excerpt of text of Regulation Q. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 217.1 Authority, purpose, and scope.

181

182

(a) Authority. This part is issued under the authority of section 19 of the Federal Reserve Act (12 U.S.C. 371a, 461, 505), section 7 of the International Banking Act of 1978 (12 U.S.C. 3105), section 11 of the Federal Reserve Act (12 U.S.C. 248), and section 8 of the Federal Deposit Insurance Act (12 U.S.C. 1818), unless otherwise noted. (b) Purpose. This part prohibits the payment of interest on demand deposits by member banks and other depository institutions within the scope of this part. (c) Scope. (1) This regulation applies to state chartered banks that are members of the Federal Reserve under section 9 of the Federal Reserve Act (12 U.S.C. 321, et seq.) and to all national banks. The regulation also applies to any Federal branch or agency of a foreign bank and to a State uninsured branch or agency of a foreign bank in the same manner and to the same extent as if the branch or agency were a member bank, except as may be otherwise provided by the Board, if: (i) Its parent foreign bank has total worldwide consolidated bank assets in excess of $1 billion; (ii) Its parent foreign bank is controlled by a foreign company which owns or controls foreign banks that in the aggregate have total worldwide consolidated bank assets in excess of $1 billion; or (iii) Its parent foreign bank is controlled by a group of foreign companies that own or control foreign banks that in the aggregate have total worldwide consolidated bank assets in excess of $1 billion. (2) For deposits held by a member bank or a foreign bank, this regulation does not apply to any deposit that is payable only at an office located outside of the United States'' (i.e., the States of the United States and the District of Columbia) as defined in Sec. 204.2(t) of the Board's Regulation D-- Reserve Requirements of Depository Institutions (12 CFR 20.4). [Reg. Q, 51 FR 9637, Mar. 20, 1986, as amended at 57 FR 43336, Sept. 21, 1992] Sec. 217.2 Definitions. For purposes of this part, the following definitions apply unless otherwise specified; (a) Demand deposit means any deposit that is considered to be a demand deposit under Sec. 204.2(b) of the Board's Regulation D--Reserve Requirements of Depository Institutions (12 CFR part 204). (b) Deposit means any liability of a member bank that is considered to be a deposit under Sec. 204.2(a) of the Board's Regulation D--Reserve Requirements of Depository Institutions (12 CFR part 204). (c) Foreign bank means any bank that is considered to be a foreign bank under Sec. 204.2(o) of the Board's Regulation D--Reserve Requirements of Depository Institutions (12 CFR part 204). (d) Interest means any payment to or for the account of any depositor as compensation for the use of funds constituting a deposit. A member bank's absorption of expenses incident to providing a normal banking function or its forbearance from charging a fee in connection with such a service is not considered a payment of interest. Sec. 217.3 Interest on demand deposits.

182

183

No member bank of the Federal Reserve System shall, directly or indirectly, by any device whatsoever, pay any interest on any demand deposit.\1\ \1\ A member bank may continue to pay interest on a time deposit for not more than ten calendar days; (1) Where the member bank has provided in the time deposit contract that, if the deposit or any portion thereof is withdrawn not more than ten calendar days after a maturity date (one business day for ``IBF time deposits'' as defined in Sec. 204.8(a)(2) of Regulation D), interest will continue to be paid for such period; or (2) for a period between a maturity date and the date of renewal of the deposit, provided that such certificate is renewed within ten calendar days after maturity. Sec. 217.101 Premiums on deposits. (a) Section 19(i) of the Federal Reserve Act and Sec. 217.3 of Regulation Q prohibits a member bank from paying interest on a demand deposit. Premiums, whether in the form of merchandise, credit, or cash, given by a member bank to a depositor will be regarded as an advertising or promotional expense rather than a payment of interest if: (1) The premium is given to a depositor only at the time of the opening of a new account or an addition to an existing account; (2) No more than two premiums per account are given within a 12-month period; and (3) The value of the premium or, in the case, of articles of merchandise, the total cost (including taxes, shipping, warehousing, packaging, and handling costs) does not exceed $10 for deposits of less than $5,000 or $20 for deposits of $5,000 or more. The costs of premiums may not be averaged. The member bank should retain sufficient supporting documentation showing that the total cost of a premium, including shipping, warehousing, packaging, and handling costs, does not exceed the applicable $10/$20 limitations and that no portion of the total cost of any premium has been attributed to development, advertising, promotional, or other expenses. A member bank is not permitted directly or indirectly to solicit or promote deposits from customers on the basis that the funds will be divided into more than one account by the institution for the purpose of providing more than two premiums per deposit within a 12-month period. (b) Notwithstanding paragraph (a) of this section, any premium that is not, directly or indirectly, related to or dependent on the balance in a demand deposit account and the duration of the account balance shall not be considered the payment of interest on a demand deposit account and shall not be subject to the limitations in paragraph (a) of this section. [52 FR 47698, Dec. 16, 1987. Redesignated at 57 FR 43336, Sept. 21, 1992; 62 FR 26737, May 15, 1997] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html) 13. Regulation U Interest on Deposits - imposes credit restrictions upon persons other than brokers or dealers (hereinafter lenders) that extend credit for the purpose of buying or carrying margin stock if the credit is secured directly or indirectly by margin stock. Lenders

183

184

may not extend more than the maximum loan value of the collateral securing such credit. The following section is an excerpt of text of Regulation U. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 221.1 Authority, purpose, and scope. (a) Authority. Regulation U (this part) is issued by the Board of Governors of the Federal Reserve System (the Board) pursuant to the Securities Exchange Act of 1934 (the Act) (15 U.S.C. 78a et seq.). (b) Purpose and scope. (1) This part imposes credit restrictions upon persons other than brokers or dealers (hereinafter lenders) that extend credit for the purpose of buying or carrying margin stock if the credit is secured directly or indirectly by margin stock. Lenders include ``banks'' (as defined in Sec. 221.2) and other persons who are required to register with the Board under Sec. 221.3(b). Lenders may not extend more than the maximum loan value of the collateral securing such credit, as set by the Board in Sec. 221.7 (the Supplement). (2) This part does not apply to clearing agencies regulated by the Securities and Exchange Commission or the Commodity Futures Trading Commission that accept deposits of margin stock in connection with: (i) The issuance of, or guarantee of, or the clearance of transactions in, any security (including options on any security, certificate of deposit, securities index or foreign currency); or (ii) The guarantee of contracts for the purchase or sale of a commodity for future delivery or options on such contracts. (3) This part does not apply to credit extended to an exempted borrower. (c) Availability of forms. The forms referenced in this part are available from the Federal Reserve Banks. Sec. 221.3 General requirements. (a) Extending, maintaining, and arranging credit--(1) Extending credit. No bank shall extend any purpose credit, secured directly or indirectly by margin stock, in an amount that exceeds the maximum loan value of the collateral securing the credit. The maximum loan value of margin stock (set forth in Sec. 221.8 of this part) is assigned by the Board in terms of a percentage of the current market value of the margin stock. All other collateral has good faith loan value, as defined in Sec. 221.2(f) of this part. (2) Maintaining credit. A bank may continue to maintain any credit initially extended in compliance with this part, regardless of: (i) Reduction in the customer's equity resulting from change in market prices; (ii) Change in the maximum loan value prescribed by this part; or (iii) Change in the status of the security (from nonmargin to margin) securing an existing purpose credit.

184

185

(3) Arranging credit. No bank may arrange for the extension or maintenance of any purpose credit, except upon the same terms and conditions under which the bank itself may extend or maintain purpose credit under this part. (b) Purpose statement. Except for credit extended under paragraph (c) of this section, whenever a bank extends credit secured directly or indirectly by any margin stock, in an amount exceeding $100,000, the bank shall require its customer to execute Form FR U-1 (OMB No. 7100-0115), which shall be signed and accepted by a duly authorized officer of the bank acting in good faith. (c) Purpose statement for revolving-credit or multiple-draw agreements. (1) If a bank extends credit, secured directly or indirectly by any margin stock, in an amount exceeding $100,000, under a revolving-credit or other multiple-draw agreement, Form FR U-1 can either be executed each time a disbursement is made under the agreement, or at the time the credit arrangement is originally established. (2) If a purpose statement executed at the time the credit arrangement is initially made indicates that the purpose is to purchase or carry margin stock, the credit will be deemed in compliance with this part if the maximum loan value of the collateral at least equals the aggregate amount of funds actually disbursed. For any purpose credit disbursed under the agreement, the bank shall obtain and attach to the executed Form FR U-1 a current list of collateral which adequately supports all credit extended under the agreement. (d) Single credit rule. (1) All purpose credit extended to a customer shall be treated as a single credit, and all the collateral securing such credit shall be considered in determining whether or not the credit complies with this part. (2) A bank that has extended purpose credit secured by margin stock may not subsequently extend unsecured purpose credit to the same customer unless the combined credit does not exceed the maximum loan value of the collateral securing the prior credit. (3) If a bank extended unsecured purpose credit to a customer prior to the extension of purpose credit secured by margin stock, the credits shall be combined and treated as a single credit solely for the purposes of the withdrawal and substitution provision of paragraph (f) of this section. (4) If a bank extends purpose credit secured by any margin stock and non-purpose credit to the same customer, the bank shall treat the credits as two separate loans and may not rely upon the required collateral securing the purpose credit for the nonpurpose credit. (e) Mixed collateral loans. A purpose credit secured in part by margin stock, and in part by other collateral shall be treated as two separate loans, one secured by margin stock and one by all other collateral. A bank may use a single credit agreement, if it maintains records identifying each portion of the credit and its collateral. (f) Withdrawals and substitutions. (1) A bank may permit any withdrawal or substitution of cash or collateral by the customer if the withdrawal or substitution would not: (i) Cause the credit to exceed the maximum loan value of the collateral; or (ii) Increase the amount by which the credit exceeds the maximum loan value of the collateral. (2) For purposes of this section, the maximum loan value of the collateral on the day of the withdrawal or substitution shall be used. (g) Exchange offers. To enable a customer to participate in a reorganization, recapitalization or exchange offer that is made to holders of an issue of margin stock, a bank

185

186

may permit substitution of the securities received. A nonmargin, nonexempted security acquired in exchange for a margin stock shall be treated as if it is margin stock for a period of 60 days following the exchange. (h) Renewals and extensions of maturity. A renewal or extension of maturity of a credit need not be considered a new extension of credit if the amount of the credit is increased only by the addition of interest, service charges, or taxes with respect to the credit. (i) Transfers of credit. (1) A transfer of a credit between customers or banks or between a bank and a lender subject to part 207 of this chapter shall not be considered a new extension of credit if: (i) The original credit was extended by a bank in compliance with this part or by a lender subject to part 207 of this chapter in a manner that would have complied with this part; (ii) The transfer is not made to evade this part or part 207 of this chapter; (iii) The amount of credit is not increased; and (iv) The collateral for the credit is not changed. (2) Any transfer between customers at the same bank shall be accompanied by a statement by the transferor customer describing the circumstances giving rise to the transfer and shall be accepted and signed by an officer of the bank acting in good faith. The bank shall keep such statement with its records of the transferee account. (3) When a transfer is made between banks or between a bank and a lender subject to part 207 of this chapter, the transferee shall obtain a copy of the Form FR U-1 or Form FR G-3 originally filed with the transferor and retain the copy with its records of the transferee account. If no form was originally filed with the transferor, the transferee may accept in good faith a statement from the transferor describing the purpose of the loan and the collateral securing it. (j) Action for bank's protection. Nothing in this part shall require a bank to waive or forego any lien or prevent a bank from taking any action it deems necessary in good faith for its protection. (k) Mistakes in good faith. A mistake in good faith in connection with the extension of maintenance of credit shall not be a violation of this part. (l) Lack of notice of NMS security designation. Failure to treat an NMS security as a margin stock in connection with an extension of credit shall not be deemed a violation of this part if the designation is made between quarterly publications of the Board's List of OTC Margin Stocks and the bank does not have actual notice of the designation. [Reg. U, 48 FR 35076, Aug. 3, 1983, as amended at 49 FR 35758, Sept. 12, 1984; 52 FR 35683, Sept. 23, 1987; 56 FR 46111, Sept. 10, 1991; 56 FR 66120, Dec. 20, 1991] Sec. 221.8 Supplement, maximum loan value of margin stock and other collateral. (a) Maximum loan value of margin stock. The maximum loan value of any margin stock expect options is fifty per cent of its current market value. (b) Maximum loan value of nonmargin stock and all other collateral. The maximum loan value of nonmargin stock and all other collateral except puts, calls, or combinations thereof is their good faith loan value.

186

187

(c) Maximum loan value of options. Except for purposes of Sec. 221.5(c)(10) of this part, puts, calls, and combinations thereof have no loan value. (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 14. Regulation Y Bank Holding Company Act - purpose is to: Regulate the acquisition of control of banks by companies and individuals; Define and regulate the nonbanking activities in which bank holding companies and foreign banking organizations with United States operations may engage; and Set forth the procedures for securing approval for these transactions and activities The Bank Holding Company act of 1956 was designed to control interstate banking activities by requiring that the State being expanded into specifically allowed the formation of an interstate bank. The following section is an excerpt of text of Regulation Y. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 225.1 Authority, purpose, and scope. (a) Authority. This part <SUP>1</SUP> (Regulation Y) is issued by the Board of Governors of the Federal Reserve System (Board) under section 5(b) of the Bank Holding Company Act of 1956, as amended (12 U.S.C. 1844(b)) (BHC Act); sections 8 and 13(a) of the International Banking Act of 1978 (12 U.S.C. 3106 and 3108); section 7(j)(13) of the Federal Deposit Insurance Act, as amended by the Change in Bank Control Act of 1978 (12 U.S.C. 1817(j)(13)) (Bank Control Act); section 8(b) of the Federal Deposit Insurance Act (12 U.S.C. 1818(b)); section 914 of the Financial Institutions Reform, Recovery and Enforcement Act of 1989 (12 U.S.C. 1831i); section 106 of the Bank Holding Company Act Amendments of 1970 (12 U.S.C. 1972); and the International Lending Supervision Act of 1983 (Pub. L. 98-181, title IX). The BHC Act is codified at 12 U.S.C. 1841, et seq. \1\ Code of Federal Regulations, title 12, chapter II, part 225. (b) Purpose. The principal purposes of this part are to: (1) Regulate the acquisition of control of banks by companies and individuals; (2) Define and regulate the nonbanking activities in which bank holding companies and foreign banking organizations with United States operations may engage; and (3) Set forth the procedures for securing approval for these transactions and activities. (c) Scope--(1) Subpart A contains general provisions and definitions of terms used in this regulation. (2) Subpart B governs acquisitions of bank or bank holding company securities and assets by bank holding companies or by any company that will become a bank holding company as a result of the acquisition. (3) Subpart C defines and regulates the nonbanking activities in which bank holding companies and foreign banking organizations may engage directly or through a subsidiary. The Board's Regulation K governs certain nonbanking activities conducted by foreign

187

188

banking organizations and certain foreign activities conducted by bank holding companies (12 CFR part 211, International Banking Operations). (4) Subpart D specifies situations in which a company is presumed to control voting securities or to have the power to exercise a controlling influence over the management or policies of a bank or other company; sets forth the procedures for making a control determination; and provides rules governing the effectiveness of divestitures by bank holding companies. (5) Subpart E governs changes in bank control resulting from the acquisition by individuals or companies (other than bank holding companies) of voting securities of a bank holding company or state member bank of the Federal Reserve System. (6) Subpart F specifies the limitations that govern companies that control so-called nonbank banks and the activities of nonbank banks. (7) Subpart G prescribes minimum standards that apply to the performance of real estate appraisals and identifies transactions that require state certified appraisers. (8) Subpart H identifies the circumstances when written notice must be provided to the Board prior to the appointment of a director or senior officer of a bank holding company and establishes procedures for obtaining the required Board approval. (9) Appendix A to the regulation contains the Board's Risk-Based Capital Adequacy Guidelines for bank holding companies. (10) Appendix B contains the Board's Capital Adequacy Guidelines for measuring leverage for bank holding companies and state member banks. (11) Appendix C contains the Board's policy statement governing small bank holding companies. (12) Appendix D contains the Board's Capital Adequacy Guidelines for measuring tier 1 leverage for bank holding companies. (13) Appendix E contains the Board's Capital Adequacy Guidelines for measuring market risk of bank holding companies. [Reg. Y, 62 FR 9319, Feb. 28, 1997, unless otherwise noted.] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 15. Regulation Z Truth in Lending - purpose is to promote the informed use of consumer credit by requiring disclosures about its terms and cost. The regulation gives consumers the right to cancel certain credit transactions that involve a lien on a consumer's principal dwelling, regulates certain credit card practices, and provides a means for fair and timely resolution of credit billing disputes. The following section is an excerpt of text of Regulation Z. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 226.1 Authority, purpose, coverage, organization, enforcement and liability. (a) Authority. This regulation, known as Regulation Z, is issued by the Board of Governors of the Federal Reserve System to implement the Federal Truth in Lending Act, which is contained in title I of the Consumer Credit Protection Act, as amended (15 U.S.C.

188

189

1601 et seq.). This regulation also implements title XII, section 1204 of the Competitive Equality Banking Act of 1987 (Pub. L. 100-86, 101 Stat. 552). Information-collection requirements contained in this regulation have been approved by the Office of Management and Budget under the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB number 7100-0199. (b) The purpose of this regulation is to promote the informed use of consumer credit by requiring disclosures about its terms and cost. The regulation gives consumers the right to cancel certain credit transactions that involve a lien on a consumer's principal dwelling, regulates certain credit card practices, and provides a means for fair and timely resolution of credit billing disputes. The regulation does not govern charges for consumer credit. The regulation requires a maximum interest rate to be stated in variable-rate contracts secured by the consumer's dwelling. It also imposes limitations on home equity plans that are subject to the requirements of Sec. 226.5b and mortgages that are subject to the requirements of Sec. 226.32. (c) Coverage. (1) In general, this regulation applies to each individual or business that offers or extends credit when four conditions are met: (i) The credit is offered or extended to consumers; (ii) the offering or extension of credit is done regularly; (iii) the credit is subject to a finance charge or is payable by a written agreement in more than 4 installments; and (iv) the credit is primarily for personal, family, or household purposes. (2) If a credit card is involved, however, certain provisions apply even if the credit is not subject to a finance charge, or is not payable by a written agreement in more than 4 installments, or if the credit card is to be used for business purposes. (3) In addition, certain requirements of Sec. 226.5b apply to persons who are not creditors but who provide applications for home equity plans to consumers. (d) Organization. The regulation is divided into subparts and appendices as follows: (1) Subpart A contains general information. It sets forth: (i) The authority, purpose, coverage, and organization of the regulation; (ii) the definitions of basic terms; (iii) the transactions that are exempt from coverage; and (iv) the method of determining the finance charge. (2) Subpart B contains the rules for open-end credit. It requires that initial disclosures and periodic statements be provided, as well as additional disclosures for credit and charge card applications and solicitations and for home equity plans subject to the requirements of Secs. 226.5a and 226.5b, respectively. (3) Subpart C relates to closed-end credit. It contains rules on disclosures, treatment of credit balances, annual percentage rate calculations, rescission requirements, and advertising. (4) Subpart D contains rules on oral disclosures, Spanish language disclosure in Puerto Rico, record retention, effect on state laws, state exemptions, and rate limitations. (5) Subpart E relates to mortgage transactions covered by Sec. 226.32 and reverse mortgage transactions. It contains rules on disclosures, fees, and total annual loan cost rates. (6) Several appendices contain information such as the procedures for determinations about state laws, state exemptions and issuance of staff interpretations, special rules for certain kinds of credit plans, a list of enforcement agencies, and the rules for computing annual percentage rates in closed-end credit transactions and total annual loan cost rates for reverse mortgage transactions. (e) Enforcement and liability. Section 108 of the act contains the administrative enforcement provisions. Sections 112, 113, 130, 131, and 134 contain provisions relating to

189

190

liability for failure to comply with the requirements of the act and the regulation. Section 1204(c) of title XII of the Competitive Equality Banking Act of 1987, Pub. L. 100-86, 101 Stat. 552, incorporates by reference administrative enforcement and civil liability provisions of sections 108 and 130 of the act. [Reg. Z, 46 FR 20892, Apr. 7, 1981, as amended at 52 FR 43181, Nov. 9, 1987; 54 FR 13865, Apr. 6, 1989; 54 FR 24686, June 9, 1989; 60 FR 15471, Mar. 24, 1995] (The information above was taken from the Code of federal Regulations Web site on December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 16. Regulation BB Community Reinvestment Act - purpose is to assess an institution's record of helping to meet the credit needs of the local communities in which the institution is chartered, consistent with the safe and sound operation of the institution, and to take this record into account in the agency's evaluation of an application for a deposit facility by the institution. The following section is an excerpt of text of Regulation BB. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 228.11 Authority, purposes, and scope. (a) Authority. The Board of Governors of the Federal Reserve System (the Board) issues this part to implement the Community Reinvestment Act (12 U.S.C. 2901 et seq.) (CRA). The regulations comprising this part are issued under the authority of the CRA and under the provisions of the United States Code authorizing the Board: (1) To conduct examinations of State-chartered banks that are members of the Federal Reserve System (12 U.S.C. 325); (2) To conduct examinations of bank holding companies and their subsidiaries (12 U.S.C. 1844); and (3) To consider applications for: (i) Domestic branches by State member banks (12 U.S.C. 321); (ii) Mergers in which the resulting bank would be a State member bank (12 U.S.C. 1828(c)); (iii) Formations of, acquisitions of banks by, and mergers of, bank holding companies (12 U.S.C. 1842); and (iv) The acquisition of savings associations by bank holding companies (12 U.S.C. 1843). (b) Purposes. In enacting the CRA, the Congress required each appropriate Federal financial supervisory agency to assess an institution's record of helping to meet the credit needs of the local communities in which the institution is chartered, consistent with the safe and sound operation of the institution, and to take this record into account in the agency's evaluation of an application for a deposit facility by the institution. This part is intended to carry out the purposes of the CRA by: (1) Establishing the framework and criteria by which the Board assesses a bank's record of helping to meet the credit needs of its entire community, including low- and moderateincome neighborhoods, consistent with the safe and sound operation of the bank; and

190

191

(2) Providing that the Board takes that record into account in considering certain applications. (c) Scope--(1) General. This part applies to all banks except as provided in paragraph (c)(3) of this section. (2) Foreign bank acquisitions. This part also applies to an uninsured State branch (other than a limited branch) of a foreign bank that results from an acquisition described in section 5(a)(8) of the International Banking Act of 1978 (12 U.S.C. 3103(a)(8)). The terms ``State branch'' and ``foreign bank'' have the same meanings as in section 1(b) of the International Banking Act of 1978 (12 U.S.C. 3101 et seq.); the term ``uninsured State branch'' means a State branch the deposits of which are not insured by the Federal Deposit Insurance Corporation; the term ``limited branch'' means a State branch that accepts only deposits that are permissible for a corporation organized under section 25A of the Federal Reserve Act (12 U.S.C. 611 et seq.). (3) Certain special purpose banks. This part does not apply to special purpose banks that do not perform commercial or retail banking services by granting credit to the public in the ordinary course of business, other than as incident to their specialized operations. These banks include banker's banks, as defined in 12 U.S.C. 24 (Seventh), and banks that engage only in one or more of the following activities: providing cash management controlled disbursement services or serving as correspondent banks, trust companies, or clearing agents. [Reg. Y, 62 FR 9319, Feb. 28, 1997, unless otherwise noted.] (The information above was taken from the Code of federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 17. Regulation CC Availability of Funds and Collections of Checks - purpose is to assess an institution's record of helping to meet the credit needs of the local communities in which the institution is chartered, consistent with the safe and sound operation of the institution, and to take this record into account in the agency's evaluation of an application for a deposit facility by the institution. The following section is an excerpt of text of Regulation CC. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 229.1 Authority and purpose; organization. (a) Authority and purpose. This part (Regulation CC; 12 CFR part 229) is issued by the Board of Governors of the Federal Reserve System (Board) to implement the Expedited Funds Availability Act (Act) (title VI of Pub. L. 100-86, 101 Stat. 552, 635), as amended by section 1001 of the Cranston-Gonzalez National Affordable Housing Act of 1990 (Pub. L. 101-625, 104 Stat. 4079, 4424) and sections 212(h), 225, and 227 of the Federal Deposit Insurance Corporation Improvement Act of 1991 (Pub. L. 102-242, 105 Stat. 2236, 2303, 2307). (b) Organization. This part is divided into subparts and appendices as follows-(1) Subpart A contains general information. It sets forth-(i) The authority, purpose, and organization;

191

192

(ii) Definition of terms; and (iii) Authority for administrative enforcement of this part's provisions. (2) Subpart B of this part contains rules regarding the duty of banks to make funds deposited into accounts available for withdrawal, including availability schedules. Subpart B of this part also contains rules regarding exceptions to the schedules, disclosure of funds availability policies, payment of interest, liability of banks for failure to comply with Subpart B of this part, and other matters. (3) Subpart C of this part contains rules to expedite the collection and return of checks by banks. These rules cover the direct return of checks, the manner in which the paying bank and returning banks must return checks to the depositary bank, notification of nonpayment by the paying bank, indorsement and presentment of checks, same-day settlement for certain checks, the liability of banks for failure to comply with subpart C of this part, and other matters. [53 FR 19433, May 27, 1988, as amended at 57 FR 36598, Aug. 14, 1992; 57 FR 46972, Oct. 14, 1992; Reg. CC, 60 FR 51670, Oct. 3, 1995] (The information above was taken from the Code of federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 18. Regulation DD Truth in Savings - purpose is to enable consumers to make informed decisions about accounts at depository institutions. This part requires depository institutions to provide disclosures so that consumers can make meaningful comparisons among depository institutions. The following section is an excerpt of text of Regulation DD. TITLE 12--BANKS AND BANKING CHAPTER II--FEDERAL RESERVE SYSTEM Sec. 230.1 Authority, purpose, coverage, and effect on state laws. (a) Authority. This part, known as Regulation DD, is issued by the Board of Governors of the Federal Reserve System to implement the Truth in Savings Act of 1991 (the act), contained in the Federal Deposit Insurance Corporation Improvement Act of 1991 (12 U.S.C. 4301 et seq., Pub. L. 102-242, 105 Stat. 2236). Information collection requirements contained in this part have been approved by the Office of Management and Budget under the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB No. 7100-0255. (b) Purpose. The purpose of this part is to enable consumers to make informed decisions about accounts at depository institutions. This part requires depository institutions to provide disclosures so that consumers can make meaningful comparisons among depository institutions. (c) Coverage. This part applies to depository institutions except for credit unions. In addition, the advertising rules in Sec. 230.8 of this part apply to any person who advertises an account offered by a depository institution, including deposit brokers. (d) Effect on state laws. State law requirements that are inconsistent with the requirements of the act and this part are preempted to the extent of the inconsistency. Additional information on inconsistent state laws and the procedures for requesting a preemption determination from the Board are set forth in appendix C of this part.

192

193

(The information above was taken from the Code of federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html) 19. Regulation 34 Real Estate Lending and Appraisals - purpose is to set forth standards for real estate-related lending and associated activities by national banks. The following section is an excerpt of text of Regulation 34. TITLE 12--BANKS AND BANKING CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY

Sec. 34.1 Purpose and scope. (a) Purpose. The purpose of this part is to set forth standards for real estate-related lending and associated activities by national banks. (b) Scope. This part applies to national banks and their operating subsidiaries as provided in 12 CFR 5.34. For the purposes of 12 U.S.C. 371 and subparts A and B of this part, loans secured by liens on interests in real estate include loans made upon the security of condominiums, leaseholds, cooperatives, forest tracts, land sales contracts, and construction project loans. Construction project loans are not subject to subparts A and B of this part, however, if they have a maturity not exceeding 60 months and are made to finance the construction of either: (1) A building where there is a valid and binding agreement entered into by a financially responsible lender or other party to advance the full amount of the bank's loan upon completion of the building; or (2) A residential or farm building. Sec. 34.2 Definitions. (a) Due-on-sale clause means any clause that gives the lender or any assignee or transferee of the lender the power to declare the entire debt payable if all or part of the legal or equitable title or an equivalent contractual interest in the property securing the loan is transferred to another person, whether by deed, contract, or otherwise. (b) State means any State of the United States of America, the District of Columbia, Puerto Rico, the Virgin Islands, the Northern Mariana Islands, American Samoa, and Guam. (c) State law limitations means any State statute, regulation, or order of any State agency, or judicial decision interpreting State law. Sec. 34.3 General rule. A national bank may make, arrange, purchase, or sell loans or extensions of credit, or interests therein, that are secured by liens on, or interests in, real estate, subject to terms, conditions, and limitations prescribed by the Comptroller of the Currency by regulation or order. [61 FR 11300, Mar. 20, 1996, unless otherwise noted.]

193

194

(The information above was taken from the Code of federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/cgi-bin/cfrassemble.cgi?title=199812 20. Bank Bribery Act - purpose is to govern the activities of financial institution employees regarding the receipt of anything in value in return for favorable loan procurements. The following section is an excerpt of text of the Bank Bribery Act. 215. Receipt of commissions or gifts for procuring loans.{*} (a) Whoever-(1) corruptly gives, offers, or promises anything of value to any person, with intent to influence or reward an officer, director, employee, agent, or attorney of a financial institution in connection with any business or transaction of such institution; or (2) as an officer, director, employee, agent, or attorney of a financial institution, corruptly solicits or demands for the benefit of any person, or corruptly accepts or agrees to accept, anything of value from any person, intending to be influenced or rewarded in connection with any business or transaction of such institution; shall be fined under this title or three times the value of the thing given, offered, promised, solicited, demanded, accepted, or agreed to be accepted, whichever is greater, or imprisoned not more than 30 years, or both, but if the value of the thing given, offered, promised, solicited, demanded, accepted, or agreed to be accepted does not exceed $1,000, shall be fined under this title or imprisoned not more than one year, or both. (b) [Revoked] (c) This section shall not apply to bona fide salary, wages, fees, or other compensation paid, or expenses paid or reimbursed, in the usual course of business. (d) Federal agencies with responsibility for regulating a financial institution shall jointly establish such guidelines as are appropriate to assist an officer, director, employee, agent, or attorney of a financial institution to comply with this section. Such agencies shall make such guidelines available to the public. {* The Act of August 4, 1986 (Pub. L. No. 99--370; 100 Stat. 779), which amends section 215, may be cited as the "Bank Bribery Amendments Act of 1985."} [Codified to 18 U.S.C. 215] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 21, 1999 - http://www.fdic.gov/regulations/laws/rules/8000-7.html#8284 21. Bank Secrecy Act - was passed in 1970 to require banks to document and file certain transaction reports for possible use in criminal, tax, or regulatory proceedings. The purpose was to provide an audit trail of banking transactions to reduce the potential for money laundering activities by those involved in illegal activities. The regulations emphasize the development and implementation of know your customer policies and procedures by banks. Compliance with the Act is extremely important as civil and criminal penalties can be imposed including the termination of banking licenses.

194

195

Each bank is required to develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with the recordkeeping and reporting requirements. The following section is an excerpt of text of the Bank Secrecy Act. TITLE 12--BANKS AND BANKING CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY Sec. 21 (a)(1) The Congress finds that adequate records maintained by insured depository institutions have a high degree of usefulness in criminal, tax, and regulatory investigations and proceedings. The Congress further finds that microfilm or other reproductions and other records made by banks of checks, as well as records kept by banks of the identity of persons maintaining or authorized to act with respect to accounts therein, have been of particular value in this respect. (2) It is the purpose of this section to require the maintenance of appropriate types of records by insured depository institutions in the United States where such records have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings. Subpart C--Procedures for Monitoring Bank Secrecy Act Compliance Sec. 21.21 Bank Secrecy Act compliance. (a) Purpose. This subpart is issued to assure that all national banks establish and maintain procedures reasonably designed to assure and monitor their compliance with the requirements of subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR part 103. (b) Compliance procedures. On or before April 27, 1987, each bank shall develop and provide for the continued administration of a program reasonably designed to assure and monitor compliance with the recordkeeping and reporting requirements set forth in subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR part 103. The compliance program shall be reduced to writing, approved by the board of directors and noted in the minutes. (c) Contents of compliance program. The compliance program shall, at a minimum: (1) Provide for a system of internal controls to assure ongoing compliance; (2) Provide for independent testing for compliance to be conducted by bank personnel or by an outside party; (3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and (4) Provide training for appropriate personnel. (Approved by the Office of Management and Budget under control number 1557-0180) [52 FR 2859, Jan. 27, 1987]

195

196

(The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) The following information details some requirement outlined in the Code of Federal Regulations. (b) At one time. For purposes of Sec. 103.23 of this part, a person who transports, mails, ships or receives; is about to or attempts to transport, mail or ship; or causes the transportation, mailing, shipment or receipt of monetary instruments, is deemed to do so ``at one time'' if: (1) That person either alone, in conjunction with or on behalf of others; (2) Transports, mails, ships or receives in any manner; is about to transport, mail or ship in any manner; or causes the transportation, mailing, shipment or receipt in any manner of; (3) Monetary instruments; (4) Into the United States or out of the United States; (5) Totaling more than $10,000; (6)(i) On one calendar day or (ii) if for the purpose of evading the reporting requirements of Sec. 103.23, on one or more days. 103.22 Reports of transactions in currency. (a) General. This section sets forth the rules for the reporting by financial institutions of transactions in currency. The reporting obligations themselves are stated in paragraph (b) of this section. The reporting rules relating to aggregation are stated in paragraph (c) of this section. Rules permitting banks to exempt certain transactions from the reporting obligations appear in paragraph (d) of this section. (b) Filing obligations(1) Financial institutions other than casinos. Each financial institution other than a casino shall file a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution which involves a transaction in currency of more than $10,000, except as otherwise provided in this section. In the case of the Postal Service, the obligation contained in the preceding sentence shall not apply to payments or transfers made solely in connection with the purchase of postage or philatelic products. (2) Casinos. Each casino shall file a report of each transaction in currency, involving either cash in or cash out, of more than $10,000. (i) Transactions in currency involving cash in include, but are not limited to: (A) Purchases of chips, tokens, and plaques; (B) Front money deposits; (C) Safekeeping deposits; (D) Payments on any form of credit, including markers and counter checks; (E) Bets of currency; (F) Currency received by a casino for transmittal of funds through wire transfer for a customer;

196

197

(G) Purchases of a casinos check; and (H) Exchanges of currency for currency, including foreign currency. (ii) Transactions in currency involving cash out include, but are not limited to: (A) Redemptions of chips, tokens, and plaques; (B) Front money withdrawals; (C) Safekeeping withdrawals; (D) Advances on any form of credit, including markers and counter checks; (E) Payments on bets, including slot jackpots; (F) Payments by a casino to a customer based on receipt of funds through wire transfer for credit to a customer; (G) Cashing of checks or other negotiable instruments; and (I) Reimbursements for customers travel and entertainment expenses by the casino. (c) Aggregation(1) Multiple branches. A financial institution includes all of its domestic branch offices, and any recordkeeping facility, wherever located, that contains records relating to the transactions of the institutions domestic offices, for purposes of this sections reporting requirements. (2) Multiple transactionsgeneral. In the case of financial institutions other than casinos, for purposes of this section, multiple currency transactions shall be treated as a single transaction if the financial institution has knowledge that they are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any one business day (or in the case of the Postal Service, any one day). Deposits made at night or over a weekend or holiday shall be treated as if received on the next business day following the deposit. (3) Multiple transactionscasinos. In the case of a casino, multiple currency transactions shall be treated as a single transaction if the casino has knowledge that they are by or on behalf of any person and result in either cash in or cash out totaling more than $10,000 during any gaming day. For purposes of this paragraph (c)(3), a casino shall be deemed to have the knowledge described in the preceding sentence, if: any sole proprietor, partner, officer, director, or employee of the casino, acting within the scope of his or her employment, has knowledge that such multiple currency transactions have occurred, including knowledge from examining the books, records, logs, information retained on magnetic disk, tape or other machine-readable media, or in any manual system, and similar documents and information, which the casino maintains pursuant to any law or regulation or within the ordinary course of its business, and which contain information that such multiple currency transactions have occurred. (d) Transactions of exempt persons (1) General. No bank is required to file a report otherwise required by paragraph (b) of this section with respect to any transaction in currency between an exempt person and such bank, or, to the extent provided in paragraph (d)(6)(vi) of this section, between such exempt person and other banks affiliated with such bank. In addition, a non-bank financial institution is not required to file a report otherwise required by paragraph (b) of this section with respect to a

197

198

transaction in currency between the institution and a commercial bank. (A limitation on the exemption described in this paragraph (d)(1) is set forth in paragraph (d)(7) of this section.) (The information above was taken from the Code of Federal Regulations Web site on December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv6_98.html#700 22. Fair Credit Reporting Act - purpose is to ensure fair and accurate credit reporting to ensure public confidence and to provide for fair and private evaluation of credit worthiness. The following section is an excerpt of text of the Fair Credit Reporting Act. 601. Short title This title may be cited as the Fair Credit Reporting Act. [Codified to 15 U.S.C. 1681 note] [Source: Section 601 of title VI of the Act of May 29, 1968 (Pub. L. No. 90-321), as added by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91-508; 84 Stat. 1128), effective April 25, 1971] 602. Findings and purpose (a) The Congress makes the following findings: (1) The banking system is dependent upon fair and accurate credit reporting. Inaccurate credit reports directly impair the efficiency of the banking system, and unfair credit reporting methods undermine the public confidence which is essential to the continued functioning of the banking system. (2) An elaborate mechanism has been developed for investigating and evaluating the credit worthiness, credit standing, credit capacity, character, and general reputation of consumers. (3) Consumer reporting agencies have assumed a vital role in assembling and evaluating consumer credit and other information on consumers. (4) There is a need to insure that consumer reporting agencies exercise their grave responsibilities with fairness, impartiality, and a respect for the consumer's right to privacy. (b) It is the purpose of this title to require that consumer reporting agencies adopt reasonable procedures for meeting the needs of commerce for consumer credit, personnel, insurance, and other information in a manner which is fair and equitable to the consumer, with regard to the confidentiality, accuracy, relevancy, and proper utilization of such information in accordance with the requirements of this title. [Codified to 15 U.S.C. 1681] [Source: Section 602 of title VI of the Act of May 29, 1968 (Pub. L. No. 90-321), as added by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91-508; 84 Stat. 1128), effective April 25, 1971] 603. Definitions and rules of construction

198

199

(a) Definitions and rules of construction set forth in this section are applicable for the purposes of this title. (b) The term "person" means any individual, partnership, corporation, trust, estate, cooperative, association, government or governmental subdivision or agency, or other entity. (c) The term "consumer" means an individual. (d) CONSUMER REPORT.-- {{4-30-99 p.6602}} (1) IN GENERAL.--The term "consumer report" means any written, oral, or other communication of any information by a consumer reporting agency bearing on a consumer's credit worthiness, credit standing, credit capacity, character, general reputation, personal characteristics, or mode of living which is used or expected to be used or collected in whole or in part for the purpose of serving as a factor in establishing the consumer's eligibility for-(A) credit or insurance to be used primarily for personal, family, or household purposes; (B) employment purposes; or (C) any other purpose authorized under section 604. (2) EXCLUSIONS.--The term "consumer report" does not include-(A) any-(i) report containing information solely as to transactions or experiences between the consumer and the person making the report; (ii) communication of that information among persons related by common ownership or affiliated by corporate control; or (iii) communication of other information among persons related by common ownership or affiliated by corporate control, if it is clearly and conspicuously disclosed to the consumer that the information may be communicated among such persons and the consumer is given the opportunity, before the time that the information is initially communicated, to direct that such information not be communicated among such persons; (B) any authorization or approval of a specific extension of credit directly or indirectly by the issuer of a credit card or similar device; (C) any report in which a person who has been requested by a third party to make a specific extension of credit directly or indirectly to a consumer conveys his or her decision with respect to such request, if the third party advises the consumer of the name and address of the person to whom the request was made, and such person makes the disclosures to the consumer required under section 615; or (e) The term "investigative consumer report" means a consumer report or portion thereof in which information on a consumer's character, general reputation, personal characteristics, or mode of living is obtained through personal interviews with neighbors, friends, or associates of the consumer reported on or with others with whom he is acquainted or who may have knowledge concerning any such items of information. However, such information shall not include specific factual information on a consumer's credit record obtained directly from a creditor of the consumer or from a consumer reporting agency when such information was obtained directly from a creditor of the consumer or from the consumer. (f) The term "consumer reporting agency" means any person which, for monetary fees, dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice of assembling or evaluating consumer credit information or other information on consumers

199

200

for the purpose of furnishing consumer reports to third parties, and which uses any means or facility of interstate commerce for the purpose of preparing or furnishing consumer reports. (g) The term "file", when used in connection with information on any consumer, means all of the information on that consumer recorded and retained by a consumer reporting agency regardless of how the information is stored. (h) The term "employment purposes" when used in connection with a consumer report means a report used for the purpose of evaluating a consumer for employment, promotion, reassignment or retention as an employee. (i) The term "medical information" means information or records obtained, with the consent of the individual to whom it relates, from licensed physicians or medical practitioners, hospitals, clinics, or other medical or medically related facilities. (k) ADVERSE ACTION.-(1) ACTIONS INCLUDED.--The term "adverse action"-{{4-30-99 p.6603}} (A) has the same meaning as in section 701(d)(6) of the Equal Credit Opportunity Act; and (B) means-(i) a denial or cancellation of, an increase in any charge for, or a reduction or other adverse or unfavorable change in the terms of coverage or amount of, any insurance, existing or applied for, in connection with the underwriting of insurance; (ii) a denial of employment or any other decision for employment purposes that adversely affects any current or prospective employee; (iii) a denial or cancellation of, an increase in any charge for, or any other adverse or unfavorable change in the terms of, any license or benefit described in section 604(a)(3)(D); and (iv) an action taken or determination that is-(I) made in connection with an application that was made by, or a transaction that was initiated by, any consumer, or in connection with a review of an account under section 604(a)(3)(F)(ii); and (II) adverse to the interests of the consumer. (2) APPLICABLE FINDINGS, DECISIONS, COMMENTARY AND ORDERS.--For purposes of any determination of whether an action is an adverse action under paragraph (1)(A), all appropriate final findings, decisions, commentary, and orders issued under section 701(d)(6) of the Equal Credit Opportunity Act by the Board of Governors of the Federal Reserve System or any court shall apply. (l) FIRM OFFER OF CREDIT OR INSURANCE.--The term "firm offer of credit or insurance" means any offer of credit or insurance to a consumer that will be honored if the consumer is determined, based on information in a consumer report on the consumer, to meet the specific criteria used to select the consumer for the offer, except that the offer may be further conditioned on one or more of the following: (1) The consumer being determined, based on information in the consumer's application for the credit or insurance, to meet specific criteria bearing on credit worthiness or insurability, as applicable, that are established-(A) before selection of the consumer for the offer; and (B) for the purpose of determining whether to extend credit or insurance pursuant to the offer.

200

201

(2) Verification-(A) that the consumer continues to meet the specific criteria used to select the consumer for the offer, by using information in a consumer report on the consumer, information in the consumer's application for the credit or insurance, or other information bearing on the credit worthiness or insurability of the consumer; or (B) of the information in the consumer's application for the credit or insurance, to determine that the consumer meets the specific criteria bearing on credit worthiness or insurability. (3) The consumer furnishing any collateral that is a requirement for the extension of the credit or insurance that was-(A) established before selection of the consumer for the offer of credit or insurance; and (B) disclosed to the consumer in the offer of credit or insurance. (m) CREDIT OR INSURANCE TRANSACTION THAT IS NOT INITIATED BY THE CONSUMER.--The term "credit or insurance transaction that is not initiated by the consumer" does not include the use of a consumer report by a person with which the consumer has an account or insurance policy, for purposes of-(1) reviewing the account or insurance policy; or (2) collecting the account. (n) STATE.--The term "State" means any State, the Commonwealth of Puerto Rico, the District of Columbia, and any territory or possession of the United States. (o) EXCLUDED COMMUNICATIONS.--A communication described in this subsection if it is a communication-- {{4-30-99 p.6604}} (1) that, but for subsection (d)(2)(D), would be an investigative consumer report; (2) that is made to a prospective employer for the purpose of-(A) procuring an employee for the employer; or (B) procuring an opportunity for a natural person to work for the employer; (3) that is made by a person who regularly performs such procurement; (4) that is not used by any person for any purpose other than a purpose described in subparagraph (A) or (B) of paragraph (2); and (5) with respect to which-(A) the consumer who is the subject of the communication-(i) consents orally or in writing to the nature and scope of the communication, before the collection of any information for the purpose of making the communication; (ii) consents orally or in writing to the making of the communication to a prospective employer, before the making of the communication; and (iii) in the case of consent under clause (i) or (ii) given orally, is provided written confirmation of that consent by the person making the communication, not later than 3 business days after the receipt of the consent by that person; (B) the person who makes the communication does not, for the purpose of making the communication, make any inquiry that if made by a prospective employer of the consumer who is the subject of the communication would violate any applicable Federal or State equal employment opportunity law or regulation; and (C) the person who makes the communication-(i) discloses in writing to the consumer who is the subject of the communication, not later than 5 business days after receiving any request from the consumer for such disclosure, the nature and substance of all information in the consumer's file at the time of the request,

201

202

except that the sources of any information that is acquired solely for use in making the communication and is actually used for no other purpose, need not be disclosed other than under appropriate discovery procedures in any court of competent jurisdiction in which an action is brought; and (ii) notifies the consumer who is the subject of the communication, in writing, of the consumer's right to request the information described in clause (i). (p) CONSUMER REPORTING AGENCY THAT COMPILES AND MAINTAINS FILES ON CONSUMERS ON A NATIONWIDE BASIS.--The term "consumer reporting agency that compiles and maintains files on consumers on a nationwide basis" means a consumer reporting agency that regularly engages in the practice of assembling or evaluating, and maintaining, for the purpose of furnishing consumer reports to third parties bearing on a consumer's credit worthiness, credit standing, or credit capacity, each of the following regarding consumers residing nationwide: (1) Public record information. (2) Credit account information from persons who furnish that information regularly and in the ordinary course of business. [Codified to 15 U.S.C. 1681a] [Source: Section 603 of title VI of the Act of May 29, 1968 (Pub. L. No. 90321), as added by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91508; 84 Stat. 1128), effective April 25, 1971; section 2402 of title II of the Act of September 30, 1996 (Pub. L. No. 104208, 110 Stat. 3009426430), effective September 30, 1997; section 6(1)(3) of the Act of November 2, 1998 (Pub. L. No. 105347; 112 Stat. 3211), effective September 30, 1997] 604. Permissible purposes of reports (a) IN GENERAL.--Subject to subsection (c), any consumer reporting agency may furnish a consumer report under the following circumstances and no other: (1) In response to the order of a court having jurisdiction to issue such an order, or a subpoena issued in connection with proceedings before a Federal grand jury. (2) In accordance with the written instructions of the consumer to whom it relates. (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) Use this generic site 23. Fair Debt Collection Practices Act - purpose is to eliminate abusive debt collection practices by debt collectors, to insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against debt collection abuses The following section is an excerpt of text of the Fair Debt Collection Practices Act.

202

203

801. Short title This title may be cited as the "Fair Debt Collection Practices Act". [Codified to 15 U.S.C. 1601 note] [Source: Section 801 of title VIII of the Act of May 29, 1968 (Pub. L. No. 90--321), as added by the Act of September 20, 1977 (Pub. L. No. 95--109; 91 Stat. 874), effective March 20, 1978] 802. Findings and purpose (a) There is abundant evidence of the use of abusive, deceptive, and unfair debt collection practices by many debt collectors. Abusive debt collection practices contribute to the number of personal bankruptcies, to marital instability, to the loss of jobs, and to invasions of individual privacy. (b) Existing laws and procedures for redressing these injuries are inadequate to protect consumers. (c) Means other than misrepresentation or other abusive debt collection practices are available for the effective collection of debts. (d) Abusive debt collection practices are carried on to a substantial extent in interstate commerce and through means and instrumentalities of such commerce. Even where abusive debt collection practices are purely intrastate in character, they nevertheless directly affect interstate commerce. {{8-29-86 p.6617}} (e) It is the purpose of this title to eliminate abusive debt collection practices by debt collectors, to insure that those debt collectors who refrain from using abusive debt collection practices are not competitively disadvantaged, and to promote consistent State action to protect consumers against debt collection abuses. [Codified to 15 U.S.C. 1692] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 21, 1999 - http://www.fdic.gov/regulations/laws/rules/8000-7.html#8284 24. Fair Housing Act - purpose is to reduce discrimination in housing procurement. It is unlawful to: refuse to sell or rent after the making of a bona fide offer, or to refuse to negotiate for the sale or rental of, or otherwise make unavailable or deny, a dwelling to any person because of race, color, religion, sex, familial status, or national origin. (b) To discriminate against any person in the terms, conditions, or privileges of sale or rental of a dwelling, or in the provision of services or facilities in connection therewith, because of race, color, religion, sex, familial status, or national origin. The following section is an excerpt of text of the Fair Housing Act. DISCRIMINATION IN THE SALE OR RENTAL OF HOUSING AND OTHER PROHIBITED PRACTICES

203

204

SEC. 804. As made applicable by section 803 and except as exempted by sections 803(b) and 807, it shall be unlawful-(a) to refuse to sell or rent after the making of a bona fide offer, or to refuse to negotiate for the sale or rental of, or otherwise make unavailable or deny, a dwelling to any person because of race, color, religion, sex, familial status, or national origin. (b) To discriminate against any person in the terms, conditions, or privileges of sale or rental of a dwelling, or in the provision of services or facilities in connection therewith, because of race, color, religion, sex, familial status, or national origin. (c) To make, print, or publish, or cause to be made, printed, or published any notice, statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any preference, limitation, or discrimination based on race, color, religion, sex, handicap, familial status, or national origin, or an intention to make any such preference, limitation, or discrimination. (d) To represent to any person because of race, color, religion, sex, handicap, familial status, or national origin that any dwelling is not available for inspection, sale, or rental when such dwelling is in fact so available. (e) For profit, to induce or attempt to induce any person to sell or rent any dwelling by representations regarding the entry or prospective entry into the neighborhood of a person or persons of a particular race, color, religion, sex, handicap, familial status, or national origin. {{10-31-88 p.8204}} (f)(1) To discriminate in the sale or rental, or to otherwise make unavailable or deny, a dwelling to any buyer or renter because of a handicap of-(A) that buyer or renter; (B) a person residing in or intending to reside in that dwelling after it is so sold, rented, or made available; or (C) any person associated with that buyer or renter. (2) To discriminate against any person in the terms, conditions, or privileges of sale or rental of a dwelling, or in the provision of services or facilities in connection with such dwelling, because of a handicap of-(A) that person; or (B) a person residing in or intending to reside in that dwelling after it is so sold, rented, or made available; or (C) any person associated with that person. (3) For purposes of this subsection, discrimination includes-(A) a refusal to permit, at the expense of the handicapped person, reasonable modifications of existing premises occupied or to be occupied by such person if such modifications may be necessary to afford such person full enjoyment of the premises; (B) a refusal to make reasonable accommodations in rules, policies, practices, or services, when such accommodations may be necessary to afford such person equal opportunity to use and enjoy a dwelling; or (C) in connection with the design and construction of covered multifamily dwellings for first occupancy after the date that is 30 months after the date of enactment of the Fair Housing Amendments Act of 1988, a failure to design and construct those dwellings in such a manner that-(i) the public use and common use portions of such dwellings are readily accessible to and usable by handicapped persons;

204

205

(ii) all the doors designed to allow passage into and within all premises within such dwellings are sufficiently wide to allow passage by handicapped persons in wheelchairs; and (iii) all premises within such dwellings contain the following features of adaptive design: (I) an accessible route into and through the dwelling; (II) light switches, electrical outlets, thermostats, and other environmental controls in accessible locations; (III) reinforcements in bathroom walls to allow later installation of grab bars; and (IV) usable kitchens and bathrooms such that an individual in a wheelchair can maneuver about the space. (4) Compliance with the appropriate requirements of the American National Standard for buildings and facilities providing accessibility and usability for physically handicapped people (commonly cited as "ANSI A117.1") suffices to satisfy the requirements of paragraph (3)(C)(iii). (5)(A) If a State or unit of general local government has incorporated into its laws the requirements set forth in paragraph (3)(C), compliance with such laws shall be deemed to satisfy the requirements of that paragraph. (B) A State or unit of general local government may review and approve newly constructed covered multifamily dwellings for the purpose of making determinations as to whether the design and construction requirements of paragraph (3)(C) are met. (C) The Secretary shall encourage, but may not require, States and units of local government to include in their existing procedures for the review and approval of newly constructed covered multifamily dwellings, determinations as to whether the design and construction of such dwellings are consistent with paragraph (3)(C), and shall provide technical assistance to States and units of local government and other persons to implement the requirements of paragraph (3)(C). {{10-31-88 p.8205}} (D) Nothing in this title shall be construed to require the Secretary to review or approve the plans, designs or construction of all covered multifamily dwellings, to determine whether the design and construction of such dwellings are consistent with the requirements of paragraph 3(C). (6)(A) Nothing in paragraph (5) shall be construed to affect the authority and responsibility of the Secretary or a State or local public agency certified pursuant to section 810(f)(3) of this Act to receive and process complaints or otherwise engage in enforcement activities under this title. (B) Determinations by a State or a unit of general local government under paragraphs (5) (A) and (B) shall not be conclusive in enforcement proceedings under this title. (7) As used in this subsection, the term "covered multifamily dwellings" means-(A) buildings consisting of 4 or more units if such buildings have one or more elevators; and (B) ground floor units in other buildings consisting of 4 or more units. (8) Nothing in this title shall be construed to invalidate or limit any law of a State or political subdivision of a State, or other jurisdiction in which this title shall be effective, that requires dwellings to be designed and constructed in a manner that affords handicapped persons greater access than is required by this title.

205

206

(9) Nothing in this subsection requires that a dwelling be made available to an individual whose tenancy would constitute a direct threat to the health or safety of other individuals or whose tenancy would result in substantial physical damage to the property of others. [Codified to 42 U.S.C. 3604] [Codified to 42 U.S.C. 3601 note] SEC. 805. (a) IN GENERAL.--It shall be unlawful for any person or other entity whose business includes engaging in residential real estate-related transactions to discriminate against any person in making available such a transaction, or in the terms or conditions of such a transaction, because of race, color, religion, sex, handicap, familial status, or national origin. (b) DEFINITION.--As used in this section, the term "residential real estate-related transaction" means any of the following: (1) The making or purchasing of loans or providing other financial assistance-(A) for purchasing, constructing, improving, repairing, or maintaining a dwelling; or (B) secured by residential real estate. (2) The selling, brokering, or appraising of residential real property. (c) APPRAISAL EXEMPTION.--Nothing in this title prohibits a person engaged in the business of furnishing appraisals of real property to take into consideration factors other than race, color, religion, national origin, sex, handicap, or familial status. [Codified to 42 U.S.C. 3605] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 21, 1999 - http://www.fdic.gov/regulations/laws/rules/8000-7.html#8284 25. Financial Institution Reform, Recovery and Enforcement Act (FIRREA) - purpose is to reform, recapitalize, and consolidate the Federal deposit insurance system, to enhance the regulatory and enforcement powers of Federal financial institutions regulatory agencies. The following section is an excerpt of text of the Financial Institution Reform, Recovery and Enforcement Act. FINANCIAL INSTITUTIONS REFORM, RECOVERY AND ENFORCEMENT ACT OF 1989 To reform, recapitalize, and consolidate the Federal deposit insurance system, to enhance the regulatory and enforcement powers of Federal financial institutions regulatory agencies, and for other purposes. SEC. 1103. FUNCTIONS OF APPRAISAL SUBCOMMITTEE. (a) IN GENERAL.--The Appraisal Subcommittee shall-(1) monitor the requirements established by States for the certification and licensing of individuals who are qualified to perform appraisals in connection with federally related transactions, including a code of professional responsibility;

206

207

(2) monitor the requirements established by the Federal financial institutions regulatory agencies and the Resolution Trust Corporation with respect to-(A) appraisal standards for federally related transactions under their jurisdiction, and (B) determinations as to which federally related transactions under their jurisdiction require the services of a State certified appraiser and which require the services of a State licensed appraiser; (3) maintain a national registry of State certified and licensed appraisers who are eligible to perform appraisals in federally related transactions; and (4) transmit an annual report to the Congress not later than January 31 of each year which describes the manner in which each function assigned to the Appraisal Subcommittee has been carried out during the preceding year. (b) MONITORING AND REVIEWING FOUNDATION.--The Appraisal Subcommittee shall monitor and review the practices, procedures, activities, and organizational structure of the Appraisal Foundation. [Codified to 12 U.S.C. 3332] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 21, 1999 - http://www.fdic.gov/regulations/laws/rules/8000-7.html#8284 26. FDIC Improvement Act of 1991 - purpose is to require the least-cost resolution of insured depository institutions, to improve supervision and examinations, to provide additional resources to the Bank Insurance Fund The following section is an excerpt of text of the FDIC Improvement Act of 1991. FEDERAL DEPOSIT INSURANCE CORPORATION IMPROVEMENT ACT OF 1991 To require the least-cost resolution of insured depository institutions, to improve supervision and examinations, to provide additional resources to the Bank Insurance Fund, and for other purposes. Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, SECTION 1. SHORT TITLE. This Act may be cited as the "Federal Deposit Insurance Corporation Improvement Act of 1991". [Codified to 12 U.S.C. 1811 note] [Source: Section 1 of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2236), effective December 19, 1991] TITLE I--SAFETY AND SOUNDNESS Subtitle B--Supervisory Reforms

207

208

SEC. 111. IMPROVED EXAMINATIONS. (c) TRANSITION RULE.--Notwithstanding section 10(d) of the Federal Deposit Insurance Act (as added by subsection (a)), during the period beginning on the date of enactment of this Act and ending on December 31, 1993, a full-scope, on-site examination of an insured depository institution is not required more often than once during every 18-month period, unless-(1) the institution, when most recently examined, was found to be in a less than satisfactory condition; or (2) 1 or more persons acquired control of the institution. [Codified to 12 U.S.C. 1820 note] [Source: Section 111(c) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2241), effective December 19, 1991] (d) EXAMINATION IMPROVEMENT PROGRAM.-(1) IN GENERAL.--The appropriate Federal banking agencies, acting through the Federal Financial Institutions Examination Council, shall each establish a comparable examination improvement program that meets the requirements of paragraph (2). (2) REQUIREMENTS.--An examination improvement program meets the requirements of this paragraph if, under the program, the agency is required-(A) to periodically review the organization and training of the staff of the agency who are responsible for conducting examinations of insured depository institutions and to make such improvements as the agency determines to be appropriate to ensure frequent, objective, and thorough examinations of such institutions; and (B) to increase the number of examiners, supervisors, and other individuals employed by the agency in connection with conducting or supervising examinations of insured depository institutions to the extent necessary to ensure frequent, objective, and thorough examinations of such institutions. [Codified to 12 U.S.C. 3305 note] {2-28-92 p.8550} [Source: Section 111(d) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2241), effective December 19, 1991] Subtitle C--Accounting Reforms SEC. 122. SMALL BUSINESS AND SMALL FARM LOAN INFORMATION. (a) IN GENERAL.--Before the end of the 180-day period beginning on the date of the enactment of this Act, the appropriate Federal banking agency shall prescribe regulations requiring insured depository institutions to annually submit information on small businesses and small farm lending in their reports of condition.

208

209

[Codified to 12 U.S.C. 1817 note] [Source: Section 122(a) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2251), effective December 19, 1991] (b) CREDIT AVAILABILITY.--The regulations prescribed under subsection (a) shall require insured depository institutions to submit such information as the agency may need to assess the availability of credit to small businesses and small farms. [Codified to 12 U.S.C. 1817 note] [Source: Section 122(b) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2251), effective December 19, 1991] (d) CONTENTS.--The information required under subsection (a) may include information regarding the following: (1) The total number and aggregate dollar amount of commercial loans and commercial mortgage loans to small businesses. (2) Charge-offs, interest, and interest fee income on commercial loans and commercial mortgage loans to small businesses. (3) Agricultural loans to small farms. [Codified to 12 U.S.C. 1817 note] [Source: Section 122(d) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2251), effective December 19, 1991] Subtitle E--Least-Cost Resolution SEC. 143. EARLY RESOLUTION. (a) IN GENERAL.--It is the sense of the Congress that the Federal banking agencies should facilitate early resolution of troubled insured depository institutions whenever feasible if early resolution would have the least possible long-term cost to the deposit insurance fund, consistent with the least-cost and prompt corrective action provisions of the Federal Deposit Insurance Act. [Codified to 12 U.S.C. 1823 note] [Source: Section 143(a) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2281), effective December 19, 1991] {{2-28-92 p.8550.01}} (b) GENERAL PRINCIPLES.--In encouraging the Federal banking agencies to pursue early resolution strategies, the Congress contemplates that any resolution transaction under section 13(c) of that Act would observe the following general principles:

209

210

(1) COMPETITIVE NEGOTIATION.--The transaction should be negotiated competitively, taking into account the value of expediting the process. (2) RESULTING INSTITUTION ADEQUATELY CAPITALIZED.--Any insured depository institution created or assisted in the transaction (hereafter the "resulting institution") and any institution acquiring the troubled institution should meet all applicable minimum capital standards. (3) SUBSTANTIAL PRIVATE INVESTMENT.--The transaction should involve substantial private investment. (4) CONCESSIONS.--Preexisting owners and debtholders of any troubled institution or its holding company should make substantial concessions. (5) QUALIFIED MANAGEMENT.--Directors and senior management of the resulting institution should be qualified to perform their duties, and should not include individuals substantially responsible for the troubled institution's problems. (6) FDIC'S PARTICIPATION.--The transaction should give the Federal Deposit Insurance Corporation an opportunity to participate in the success of the resulting institution. (7) STRUCTURE OF TRANSACTION.--The transaction should, insofar as practical, be structured so that-(A) the Federal Deposit Insurance Corporation-(i) does not acquire a significant proportion of the troubled institution's problem assets; (ii) succeeds to the interests of the troubled institution's preexisting owners and debtholders in proportion to the assistance the Corporation provides; and (iii) limits the Corporation's assistance in term and amount; and (B) new investors share risk with the Corporation. [Codified to 12 U.S.C. 1823 note] [Source: Section 143(b) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2281), effective December 19, 1991] (c) REPORT.--Two years after the date of enactment of this Act, the Federal Deposit Insurance Corporation shall submit a report to Congress analyzing the effect of early resolution on the deposit insurance funds. [Codified to 12 U.S.C. 1823 note] [Source: Section 143(c) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2282), effective December 19, 1991] TITLE II--REGULATORY IMPROVEMENT Subtitle A--Regulation of Foreign Banks SEC. 201. SHORT TITLE. This subtitle may be cited as the "Foreign Bank Supervision Enhancement Act of 1991". [Codified to 12 U.S.C. 3101 note]

210

211

[Source: Section 201 of title II of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2286), effective December 19, 1991] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) 27. Foreign Corrupt Practices Act - The Foreign Corrupt Practices Act was added to the Securities and Exchange of 1934 in 1977. The primary purpose is to prevent the misrepresentation of accounting and business records to permit financial gains through questionable or illegal payments. Detailed record requirements are imposed to prevent the bribery of foreign officials for financial gain. The Act includes civil and criminal penalties and applies to the person giving the bribe rather than the recipient of the bribe. The following section is an excerpt of text of the Foreign Corrupt Practices Act. Foreign corrupt practices by domestic concerns. Section 104 of title I of the Act of December 19, 1977 (Pub. L. No. 95--213; 91 Stat. 1496), effective December 19, 1977, reads as follows: PROHIBITED FOREIGN TRADEPRACTICES BY DOMESTIC CONCERNS SEC. 104. (a) PROHIBITION.--It shall be unlawful for any domestic concern, other than an issuer which is subject to section 30A of the Securities Exchange Act of 1934, or any officer, director, employee, or agent of such domestic concern or any stockholder thereof acting on behalf of such domestic concern, to make use of the mails or any means or instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to-(1) any foreign official for purposes of-(A)(i) influencing any act or decision of such foreign official in his official capacity, (ii) inducing such foreign official to do or omit to do any act in violation of the lawful duty of such official, or (iii) securing any improper advantage; or (B) inducing such foreign official to use his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality, in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person; (2) any foreign political party or official thereof or any candidate for foreign political office for purposes of-(A)(i) influencing any act or decision of such party, official, or candidate in its or his official capacity, (ii) inducing such party, official, or candidate to do or omit to {{2-26-99 p.9263}}do an act in violation of the lawful duty of such party, official, or candidate, or (iii) securing any improper advantage; or (B) inducing such party, official, or candidate to use its or his influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality, in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person; or

211

212

(3) any person, while knowing that all or a portion of such money or thing of value will be offered, given, or promised, directly or indirectly, to any foreign official, to any foreign political party or official thereof, or to any candidate for foreign political office, for purposes of-(A)(i) influencing any act or decision of such foreign official, political party, party official, or candidate in his or its official capacity, (ii) inducing such foreign official, political party, party official, or candidate to do or omit to do any act in violation of the lawful duty of such foreign official, political party, party official, or candidate, or (iii) securing any improper advantage; or (B) inducing such foreign official, political party, party official, or candidate to use his or its influence with a foreign government or instrumentality thereof to affect or influence any act or decision of such government or instrumentality, in order to assist such domestic concern in obtaining or retaining business for or with, or directing business to, any person. (b) EXCEPTION FOR ROUTINE GOVERNMENTAL ACTION.--Subsections (a) and (i) shall not apply to any facilitating or expediting payment to a foreign official, political party, or party official the purpose of which is to expedite or to secure the performance of a routine governmental action by a foreign official, political party, or party official. (c) AFFIRMATIVE DEFENSES.--It shall be an affirmative defense to actions under subsections (a) and (i) that-(1) the payment, gift, offer, or promise of anything of value that was made, was lawful under the written laws and regulations of the foreign official's, political party's, party official's, or candidate's country; or (2) the payment, gift, offer, or promise of anything of value that was made, was a reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on behalf of a foreign official, party, party official, or candidate and was directly related to-(A) the promotion, demonstration, or explanation of products or services; or (B) the execution or performance of a contract with a foreign government or agency thereof. (d) INJUNCTIVE RELIEF.--(1) When it appears to the Attorney General that any domestic concern to which this section applies, or officer, director, employee, agent, or stockholder thereof, is engaged, or about to engage, in any act or practice constituting a violation of subsections (a) and (i) of this section, the Attorney General may, in his discretion, bring a civil action in an appropriate district court of the United States to enjoin such act or practice, and upon a proper showing, a permanent injunction or a temporary restraining order shall be granted without bond. (2) For the purpose of any civil investigation which, in the opinion of the Attorney General, is necessary and proper to enforce this section, the Attorney General or his designee are empowered to administer oaths and affirmations, subpoena witnesses, take evidence, and require the production of any books, papers, or other documents which the Attorney General deems relevant or material to such investigation. The attendance of witnesses and the production of documentary evidence may be required from any place in the United States, or any territory, possession, or commonwealth of the United States, at any designated place of hearing. (3) In case of contumacy by, or refusal to obey a subpoena issued to, any person, the Attorney General may invoke the aid of any court of the United States within the jurisdiction

212

213

of which such investigation or proceeding is carried on, or where such person resides or carries on business, in requiring the attendance and testimony of witnesses and the production of books, papers, or other documents. Any such court may issue an order requiring such person to appear before the Attorney General or his designee, there to produce {{2-26-99 p.9264}}records, if so ordered, or to give testimony touching the matter under investigation. Any failure to obey such order of the court may be punished by such court as a contempt thereof. All process in any such case may be served in the judicial district in which such person resides or may be found. The Attorney General may make such rules relating to civil investigations as may be necessary or appropriate to implement the provisions of this subsection. (e) GUIDELINES BY THE ATTORNEY GENERAL.--Not later than 6 months after the date of the enactment of the Foreign Corrupt Practices Act Amendments of 1988, the Attorney General, after consultation with the Securities and Exchange Commission, the Secretary Commerce, the United States Trade Representative, the Secretary of State, and the Secretary of the Treasury, and after obtaining the views of all interested persons through public notice and comment procedures, shall determine to what extent compliance with this section would be enhanced and the business community would be assisted by further clarification of the preceding provisions of this section and may, based on such determination and to the extent necessary and appropriate, issue-(1) guidelines describing specific types of conduct, associated with common types of export sales arrangements and business contracts, which for purposes of the Department of Justice's present enforcement policy, the Attorney General determines would be in conformance with the preceding provisions of this section; and (2) general precautionary procedures which domestic concerns may use on a voluntary basis to conform their conduct to the Department of Justice's present enforcement policy regarding the preceding provisions of this section. The Attorney General shall issue the guidelines and procedures referred to in the preceding sentence in accordance with the provisions of subchapter II of chapter 5 of title 5, United States Code, and those guidelines and procedures shall be subject to the provisions of chapter 7 of that title. (f) OPINIONS OF THE ATTORNEY GENERAL.--(1) The Attorney General, after consultation with appropriate departments and agencies of the United States and after obtaining the views of all interested persons through public notice and comment procedures, shall establish a procedure to provide responses to specific inquiries by domestic concerns concerning conformance of their conduct with the Department of Justice's present enforcement policy regarding the preceding provisions of this section. The Attorney General shall, within 30 days after receiving such a request, issue an opinion in response to that request. The opinion shall state whether or not certain specified prospective conduct would, for purposes of the Department of Justice's present enforcement policy, violate the preceding provisions of this section. Additional requests for opinions may be filed with the Attorney General regarding other specified prospective conduct that is beyond the scope of conduct specified in previous requests. In any action brought under the applicable provisions of this section, there shall be a rebuttable presumption that conduct, which is specified in a request by a domestic concern and for which the Attorney General has issued an opinion that such conduct is in conformity with the

213

214

Department of Justice's present enforcement policy, is in compliance with the preceding provisions of this section. Such a presumption may be rebutted by a preponderance of the evidence. In considering the presumption for purposes of this paragraph, a court shall weigh all relevant factors, including but not limited to whether the information submitted to the Attorney General was accurate and complete and whether it was within the scope of the conduct specified in any request received by the Attorney General. The Attorney General shall establish the procedure required by this paragraph in accordance with the provisions of subchapter II of chapter 5 of title 5, United States Code, and that procedure shall be subject to the provisions of chapter 7 of that title. (2) Any document or other material which is provided to, received by, or prepared in the Department of Justice or any other department or agency of the United States in connection with a request by a domestic concern under the procedure established under paragraph (1), shall be exempt from disclosure under section 552 of title 5, United States Code, and shall not, except with the consent of the domestic concern, {{2-26-99 p.9265}}be made publicly available, regardless of whether the Attorney General responds to such a request or the domestic concern withdraws such request before receiving a response. (3) Any domestic concern who has made a request to the Attorney General under paragraph (1) may withdraw such request prior to the time the Attorney General issues an opinion in response to such request. Any request so withdrawn shall have no force or effect. (4) The Attorney General shall, to the maximum extent practicable, provide timely guidance concerning the Department of Justice's present enforcement policy with respect to the preceding provisions of this section to potential exporters and small businesses that are unable to obtain specialized counsel on issues pertaining to such provisions. Such guidance shall be limited to responses to requests under paragraph (1) concerning conformity of specified prospective conduct with the Department of Justice's present enforcement policy regarding the preceding provisions of this section and general explanations of compliance responsibilities and of potential liabilities under the preceding provisions of this section. (g) PENALTIES.--(1)(A) Any domestic concern that is not a natural person and that violates subsections (a) and (i) of this section shall be fined not more than $2,000,000. (B) Any domestic concern that violates subsection (a) shall be subject to a civil penalty of not more than $10,000 imposed in an action brought by the Attorney General. (2)(A) Any natural person that is an officer, director, employee, or agent of a domestic concern, or stockholder acting on behalf of such domestic concern, who willfully violates subsection (a) shall be fined not more than $100,000, or imprisoned not more than 5 years, or both. (B) Any employee or agent of a domestic concern who is a United States citizen, national, or resident or is otherwise subject to the jurisdiction of the United States (other than an officer, director, or stockholder acting on behalf of such domestic concern), and who willfully violates subsection (a), shall be fined not more than $100,000, or imprisoned not more than 5 years, or both. (C) Any officer, director, employee, or agent of a domestic concern, or stockholder acting on behalf of such domestic concern, who violates subsection (a) shall be subject to a civil penalty of not more than $10,000 imposed in an action brought by the Attorney General.

214

215

(3) Whenever a fine is imposed under paragraph (2) upon any officer, director, employee, agent, or stockholder of a domestic concern, such fine may not be paid, directly or indirectly, by such domestic concern. (h) DEFINITIONS.--For purposes of this section: (1) The term "domestic concern" means-(A) any individual who is a citizen, national, or resident of the United States; and (B) any corporation, partnership, association, joint-stock company, business trust, unincorporated organization, or sole proprietorship which has its principal place of business in the United States, or which is organized under the laws of a State of the United States or a territory, possession, or commonwealth of the United States. (2)(A) The term "foreign official" means any officer or employee of a foreign government or any department, agency, or instrumentality thereof, or of a public international organization, or any person acting in an official capacity for or on behalf of any such government or department, agency, or instrumentality, or for or on behalf of any such public international organization. (B) For purposes of subparagraph (A), the term "public international organization" means-(i) an organization that is designated by Executive order pursuant to section 1 of the International Organizations Immunities Act (22 U.S.C. 288); or (ii) any other international organization that is designated by the President by Executive order for the purposes of this section, effective as of the date of publication of such order in the Federal Register. (3)(A) A person's state of mind is "knowing" with respect to conduct, a circumstance, or a result if-(i) such person is aware that such person is engaging in such conduct, that such circumstance exists, or that such {{2-26-99 p.9266}}result is substantially certain to occur; or (ii) such person has a firm belief that such circumstance exists or that such result is substantially certain to occur. (B) When knowledge of the existence of a particular circumstance is required for an offense, such knowledge is established if a person is aware of a high probability of the existence of such circumstance, unless the person actually believes that such circumstance does not exist. (4)(A) The term "routine governmental action" means only an action which is ordinarily and commonly performed by a foreign official in-(i) obtaining permits, licenses, or other official documents to qualify a person to do business in a foreign country; (ii) processing governmental papers, such as visas and work orders; (iii) providing police protection, mail pick-up and delivery, or scheduling inspections associated with contract performance or inspections related to transit of goods across country; (iv) providing phone service, power and water supply, loading and unloading cargo, or protecting perishable products or commodities from deterioration; or (v) actions of a similar nature. (B) The term "routine governmental action" does not include any decision by a foreign official whether, or on what terms, to award new business to or to continue business with a

215

216

particular party, or any action taken by a foreign official involved in the decision-making process to encourage a decision to award new business to or continue business with a particular party. (5) The term "interstate commerce" means trade, commerce, transportation, or communication among the several States, or between any foreign country and any State or between any State and any place or ship outside thereof, and such term includes the intrastate use of-(A) a telephone or other interstate means of communication, or (B) any other interstate instrumentality. (g) ALTERNATIVE JURISDICTION.-(1) It shall also be unlawful for any issuer organized under the laws of the United States, or a State, territory, possession, or commonwealth of the United States or a political subdivision thereof and which has a class of securities registered pursuant to section 12 of this title or which is required to file reports under section 15(d) of this title, or for any United States person that is an officer, director, employee, or agent of such issuer or a stockholder thereof acting on behalf of such issuer, to corruptly do any act outside the United States in furtherance of an offer, payment, promise to pay, or authorization of the payment of any money, or offer, gift, promise to give, or authorization of the giving of anything of value to any of the persons or entities set forth in paragraphs (1), (2), and (3) of subsection (a) of this section for the purposes set forth therein, irrespective of whether such issuer or such officer, director, employee, agent, or stockholder makes use of the mails or any means or instrumentality of interstate commerce in furtherance of such offer, gift, payment, promise, or authorization. (2) As used in this subsection, the term "United States person" means a national of the United States (as defined in section 101 of the Immigration and Nationality Act (8 U.S.C. 1101)) or any corporation, partnership, association, joint-stock company, business trust, unincorporated organization, or sole proprietorship organized under the laws of the United States or any State, territory, possession, or commonwealth of the United States, or any political subdivision thereof. [Codified to 15 U.S.C. 78dd2] [Source: Section 104 of title I of the Act of December 19, 1977 (Pub. L. No. 95213; 91 Stat. 1496), effective December 19, 1977; as amended by section 5003(c) of title V of the Act of August 23, 1988 (Pub. L. No. 100418; 102 Stat. 14191424), effective August 23, 1988; section 330005 of title XXXIII of the Act of September 13, 1994 (Pub. L. No. 103 322; 108 Stat. 2142), effective September 13, 1994; sections 3(a)3(e) of the Act of November 10, 1998 (Pub. L. No. 105366; 112 Stat. 3304 and 3305), effective November 10, 1998] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) 28. National Flood Insurance Program - Congress found that (1) from time to time flood disasters have created personal hardships and economic distress which have required unforeseen disaster relief measures and have placed an increasing burden on the Nation's

216

217

resources; (2) despite the installation of preventive and protective works and the adoption of other public programs designed to reduce losses caused by flood damage, these methods have not been sufficient to protect adequately against growing exposure to future flood losses; (3) as a matter of national policy, a reasonable method of sharing the risk of flood losses is through a program of flood insurance which can complement and encourage preventive and protective measures; and (4) if such a program is initiated and carried out gradually, it can be expanded as knowledge is gained and experience is appraised, thus eventually making flood insurance coverage available on reasonable terms and conditions to persons who have need for such protection. Text above is from http://www4.law.cornell.edu/uscode/42/4001.html on January 2, 2000. The following section is an excerpt of text of the National Flood Insurance Program. TITLE XIII--NATIONAL FLOOD INSURANCE SHORT TITLE Sec. 1301. This title may be cited as the "National Flood Insurance Act of 1968". [Codified to 42 U.S.C. 4001] [Source: Section 1301 of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448; 82 Stat. 570), effective August 1, 1968] NATURE AND LIMITATION OF INSURANCE COVERAGE SEC. 1306 (b) REGULATIONS RESPECTING AMOUNT OF COVERAGE.--In addition to any other terms and conditions under subsection (a) of this section, such regulations shall provide that-(1) any flood insurance coverage based on chargeable premium rates under section 4015 of this title which are less than the estimated premium rates under section 4014(a)(1) of this title shall not exceed-(A) in the case of residential properties-(i) $35,000 aggregate liability for any single-family dwelling, and $100,000 for any residential structure containing more than one dwelling unit, (ii) $10,000 aggregate liability per dwelling unit for any contents related to such unit, and (iii) in the States of Alaska and Hawaii, and in the Virgin Islands and Guam, the limits provided in clause (i) of this sentence shall be: $50,000 aggregate liability for any singlefamily dwelling, and $150,000 for any residential structure containing more than one dwelling unit; (B) in the case of business properties which are owned or leased and operated by small business concerns, an aggregate liability with respect to any single structure, including any contents thereof related to premises of small business occupants (as that term is defined by

217

218

the Director), which shall be equal to (i) $100,000 plus (ii) $100,000 multiplied by the number of such occupants and shall be allocated among such occupants (or among the occupant or occupants and the owner) under regulations prescribed by the Director; except that the aggregate liability for the structure itself may in no case exceed $100,000; and (C) in the case of church properties and any other properties which may become eligible for flood insurance under section 1305-(i) $100,000 aggregate liability for any single structure, and (ii) $100,000 aggregate liability per unit for any contents related to such unit; and (2) in the case of any residential property for which the risk premium rate is determined in accordance with the provisions of section 4014(a)(1) of this title, additional flood insurance in excess of the limits specified in clause (i) of subparagraph (A) of paragraph (1) shall be made available to every insured upon renewal and every applicant for insurance so as to enable such insured or applicant to receive coverage up to a total amount (including such limits specified in paragraph (1)(A)(i)) of $250,000; (3) in the case of any residential property for which the risk premium rate is determined in accordance with the provisions of section 4014(a)(1) of this title, additional flood insurance in excess of the limits specified in clause (ii) of subparagraph (A) of paragraph (1) shall be made available to every insured upon renewal and every applicant for insurance so as to enable any such insured or applicant to receive coverage up to a total amount (including such limits specified in paragraph (1)(A)(ii)) of $100,000; {{10-31-94 p.8656}} (4) in the case of any nonresidential property, including churches, for which the risk premium rate is determined in accordance with the provisions of section 1307(a)(1), additional flood insurance in excess of the limits specified in subparagraphs (B) and (C) of paragraph (1) shall be made available to every insured upon renewal and every applicant for insurance, in respect to any single structure, up to a total amount (including such limit specified in subparagraph (B) or (C) of paragraph (1), as applicable) of $500,000 for each structure and $500,000 for any contents related to each structure; and (5) any flood insurance coverage which may be made available in excess of the limits specified in subparagraph (A), (B), or (C) of paragraph (1), shall be based only on chargeable premium rates under section 4015 of this title which are not less than the estimated premium rates under section 4014(a)(1) of this title, and the amount of such excess coverage shall not in any case exceed an amount equal to the applicable limit so specified (or allocated) under paragraph (1)(C), (2), (3), or (4), as applicable; [Codified to 42 U.S.C. 4013b] Source: Section 1306(b) of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448; 82 Stat. 575), effective August 1, 1968; amended by section 2(c)(2) of the Act of December 22, 1971 (Pub. L. No. 92--213; 85 Stat. 775), effective December 22, 1971; section 101 of Title I of the Act of December 31, 1973 (Pub. L. No. 93--234; 87 Stat. 977), effective December 31, 1973; section 704(a) of title VII of the Act of October 12, 1977 (Pub. L. No. 95--128; 91 Stat. 1145), effective October 12, 1977; section 451(d)(1) of title IV of the Act of November 30, 1983 (Pub. L. No. 98--181; 97 Stat. 1229), effective November 30, 1983; section 527 of title V of the Act of September 23, 1994 (Pub. L. No. 103-325; 108 Stat. 2263), effective September 23, 1994]

218

219

NOTICE REQUIREMENTS SEC. 1364. (a) NOTIFICATION OF SPECIAL FLOOD HAZARDS.-(1) REGULATED LENDING INSTITUTIONS.--Each Federal entity for lending regulation (after consultation and coordination with the Financial Institutions Examination Council) shall by regulation require regulated lending institutions, as a condition of making, increasing, extending, or renewing any loan secured by improved real estate or a mobile home that the regulated lending institution determines is located or is to be located in an area that has been identified by the Director under this title or the Flood Disaster Protection Act of 1973 as an area having special flood hazards, to notify the purchaser or lessee (or obtain satisfactory assurances that the seller or lessor has notified the purchaser or lessee) and the servicer of the loan of such special flood hazards, in writing, a reasonable period in advance of the signing of the purchase agreement, lease, or other documents involved in the transaction. The regulations shall also require that the regulated lending institution retain a record of the receipt of the notices by the purchaser or lessee and the servicer. (2) FEDERAL AGENCY LENDERS.--Each Federal agency lender shall by regulation require notification in the manner provided under paragraph (1) with respect to any loan that is made by the Federal agency lender and secured by improved real estate or a mobile home located or to be located in an area that has been identified by the Director under this title or the Flood Disaster Protection Act of 1973 as an area having special flood hazards. Any regulations issued under this paragraph shall be consistent with and substantially identical to the regulations issued under paragraph (1). (3) CONTENTS OF NOTICE.--Written notification required under this subsection shall include-(A) a warning, in a form to be established by the Director, stating that the building on the improved real estate securing the loan is located, or the mobile home securing the loan is or is to be located, in an area having special flood hazards; {{10-31-94 p.8657}} (B) a description of the flood insurance purchase requirements under section 102(b) of the Flood Disaster Protection Act of 1973; (C) a statement that flood insurance coverage may be purchased under the national flood insurance program and is also available from private insurers; and (D) any other information that the Director considers necessary to carry out the purposes of the national flood insurance program. (b) NOTIFICATION OF CHANGE OF SERVICER.-(1) LENDING INSTITUTIONS.--Each Federal entity for lending regulation (after consultation and coordination with the Financial Institutions Examination Council) shall by regulation require regulated lending institutions, in connection with the making, increasing, extending, renewing, selling, or transferring any loan described in subsection (a)(1), to notify the Director (or the designee of the Director) in writing during the term of the loan of the servicer of the loan. Such institutions shall also notify the Director (or such designee) of any change in the servicer of the loan, not later than 60 days after the effective date of such change. The regulations under this subsection shall provide that upon any change in the servicing of a loan, the duty to provide notification under this subsection shall transfer to the transferee servicer of the loan. (2) FEDERAL AGENCY LENDERS.--Each Federal agency lender shall by regulation provide for notification in the manner provided under paragraph (1) with respect to any loan

219

220

described in subsection (a)(1) that is made by the Federal agency lender. Any regulations issued under this paragraph shall be consistent with and substantially identical to the regulations issued under paragraph (1) of this subsection. (c) NOTIFICATION OF EXPIRATION OF INSURANCE.--The Director (or the designee of the Director) shall, not less than 45 days before the expiration of any contract for flood insurance under this title, issue notice of such expiration by first class mail to the owner of the property covered by the contract, the servicer of any loan secured by the property covered by the contract, and (if known to the Director) the owner of the loan. [Codified to 42 U.S.C. 4104a] [Source: Section 1364 of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448), effective August 1, 1968; as added by section 816(a) of title VIII of the Act of August 22, 1974 (Pub. L. No. 93-383; 88 Stat. 739), effective August 22, 1974; amended by section 451(d)(1) of the Act of November 30, 1983 (Pub. L. No. 98--181; 97 Stat. 1229), effective November 30, 1983; section 527 of title V of the Act of September 23, 1994 (Pub. L. No. 103--325; 108 Stat. 2263), effective September 23, 1994] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) 29. OFAC - The Office of Foreign Assets Control of the U.S. Department of the Treasury administers and enforces economic and trade sanctions against targeted foreign countries, terrorism sponsoring organizations and international narcotics traffickers based on U.S. foreign policy and national security goals. OFAC acts under Presidential wartime and national emergency powers, as well as authority granted by specific legislation, to impose controls on transactions and freeze foreign assets under U.S. jurisdiction. Many of the sanctions are based on United Nations and other international mandates, are multilateral in scope, and involve close cooperation with allied governments. (This information was taken from the U.S Treasury Web site on December 31, 1999 http://www.ustreas.gov/ofac/index.html.) 30. Real Estate Settlement Procedures Act - purpose is to ensure that consumers are provided with timely, detailed, and accurate information regarding settlement costs. It also protects consumers against abusive practices such as charging unnecessarily high closing costs. The following section is an excerpt of text of the Real Estate Settlement Procedures Act. REAL ESTATE SETTLEMENT PROCEDURES ACT OF 1974{*} An Act to further the national housing goal of encouraging homeownership by regulating certain lending practices and closing and settlement procedures in federally related mortgage transactions to the end that unnecessary costs and difficulties of purchasing housing are minimized, and for other purposes.

220

221

{* Delegation of Authority: Effective March 22, 1976, the Assistant Secretary for Consumer Affairs and Regulatory Functions is authorized to exercise the power and authority of the Secretary of Housing and Urban Development with respect to the administration of the Real Estate Settlement Procedures Act of 1974. (41 Fed. Reg. 12917, March 29, 1976).} SHORT TITLE SECTION 1. This Act may be cited as the "Real Estate Settlement Procedures Act of 1974". [Codified to 12 U.S.C. 2601 note] [Source: Section 1 of the Act of December 22, 1974 (Pub. L. No. 93-533; 88 Stat. 1724), effective June 20, 1975] FINDINGS AND PURPOSE SEC. 2. (a) The Congress finds that significant reforms in the real estate settlement process are needed to insure that consumers throughout the Nation are provided with greater and more timely information on the nature and costs of the settlement process and are protected from unnecessarily high settlement charges caused by certain abusive practices that have developed in some areas of the country. The Congress also finds that it has been over two years since the Secretary of Housing and Urban Development and the Administrator of Veterans' Affairs submitted their joint report to the Congress on "Mortgage Settlement Costs" and that the time has come for the recommendations for Federal legislative action made in that report to be implemented. (b) It is the purpose of this Act to effect certain changes in the settlement process for residential real estate that will result-(1) in more effective advance disclosure to home buyers and sellers of settlement costs; (2) in the elimination of kickbacks or referral fees that tend to increase unnecessarily the costs of certain settlement services; (3) in a reduction in the amounts home buyers are required to place in escrow accounts established to insure the payment of real estate taxes and insurance; and (4) in significant reform and modernization of local recordkeeping of land title information. [Codified to 12 U.S.C. 2601] [Source: Section 2 of the Act of December 22, 1974 (Pub. L. No. 93-533; 88 Stat. 1724), effective June 20, 1975] DEFINITIONS SEC. 3. For purposes of this Act-(1) the term "federally related mortgage loan" includes any loan (other than temporary financing such as a construction loan) which-- {{4-30-97 p.8856}}

221

222

(A) is secured by a first or subordinate lien on residential real property (including individual units of condominiums and cooperatives) designed principally for the occupancy of from one to four families, including any such secured loan, the proceeds of which are used to prepay or pay off an existing loan secured by the same property; and (B)(i) is made in whole or in part by any lender the deposits or accounts of which are insured by any agency of the Federal Government, or is made in whole or in part by any lender which is regulated by any agency of the Federal Government; or (ii) is made in whole or in part, or insured, guaranteed, supplemented, or assisted in any way, by the Secretary or any other officer or agency of the Federal Government or under or in connection with a housing or urban development program administered by the Secretary or a housing or related program administered by any other such officer or agency; or (iii) is intended to be sold by the originating lender to the Federal National Mortgage Association, the Government National Mortgage Association, the Federal Home Loan Mortgage Corporation, or a financial institution from which it is to be purchased by the Federal Home Loan Mortgage Corporation; or (iv) is made in whole or in part by any "creditor", as defined in section 103(f) of the Consumer Credit Protection Act (15 U.S.C. 1602(f)), who makes or invests in residential real estate loans aggregating more than $1,000,000 per year, except that for the purpose of this Act, the term "creditor" does not include any agency or instrumentality of any State; (2) the term "thing of value" includes any payment, advance, funds, loan, service, or other consideration; (3) the term "settlement services" includes any service provided in connection with a real estate settlement including, but not limited to, the following: title searches, title examinations, the provision of title certificates, title insurance, services rendered by an attorney, the preparation of documents, property surveys, the rendering of credit reports or appraisals, pest and fungus inspections, services rendered by a real estate agent or broker the origination of a federally related mortgage loan (including, but not limited to, the taking of loan applications, loan processing, and the underwriting and funding of loans), and the handling of the processing, and closing or settlement; (4) the term "title company" means any institution which is qualified to issue title insurance, directly or through its agents, and also refers to any duly authorized agent of a title company; (5) the term "person" includes individuals, corporations, associations, partnerships, and trusts; (6) the term "Secretary" means the Secretary of Housing and Urban Development; (7) the term "affiliated business arrangement" means an arrangement in which (A) a person who is in a position to refer business incident to or a part of a real estate settlement service involving a federally related mortgage loan, or an associate of such person, has either an affiliate relationship with or a direct or beneficial ownership interest of more than 1 percent in a provider of settlement services; and (B) either of such persons directly or indirectly refers such business to that provider or affirmatively influences the selection of that provider; and (8) the term "associate" means one who has one or more of the following relationships with a person in a position to refer settlement business: (A) a spouse, parent, or child of such person; (B) a corporation or business entity that controls, is controlled by, or is under common control with such person; (C) an employer, officer, director, partner, franchisor, or

222

223

franchisee of such person; or (D) anyone who has an agreement, arrangement, or understanding, with such person, the purpose or substantial effect of which is to enable the person in a position to refer settlement business to benefit financially from the referrals of such business. [Codified to 12 U.S.C. 2602] {{4-30-97 p.8857}} [Source: Section 3 of the Act of December 22, 1974 (Pub. L. No. 93-533; 88 Stat. 1724), effective June 20, 1975, as amended by section 2 of the Act of January 2, 1976 (Pub. L. No. 94-205; 89 Stat. 1157), effective January 2, 1976; section 461(a) of title IV of the Act of November 30, 1983 (Pub. L. No. 98-181; 97 Stat. 1230), effective January 1, 1984; section 908(a) and (b) of title IX of the Act of October 28, 1992 (Pub. L. No. 102--550; 106 Stat. 3873) effective October 28, 1992; section 2103(c)(1) of title II of the Act of September 30, 1996 (Pub. L. No. 104--208; 110 Stat. 3009--400), effective September 30, 1996] (The information above was taken from the Federal Deposit Insurance Corporations Web site on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) 31. Right to Financial Privacy Act - purpose is to outline and regulate the circumstances under which a financial institution is permitted to provide customer information to government institutions. For the most part, a customer must be informed of the request, usually via a certification from the requesting agency. In some instances, such as a court or grand jury subpoena, notice or certification to the customer is not required. The following section is an excerpt of text of the Right to Financial Privacy Act. TITLE XI--RIGHT TO FINANCIAL PRIVACY SEC. 1100. This title may be cited as the "Right to Financial Privacy Act of 1978". [Codified to 12 U.S.C. 3401 note] [Source: Section 1100 of title XI of the Act of November 10, 1978 (Pub L. No. 95--630; 92 Stat. 3697), effective March 10, 1979] DEFINITIONS SEC. 1101. For the purpose of this title, the term-(1) "financial institution" means any office of a bank, savings bank, card issuer as defined in section 103 of the Consumers Credit Protection Act (15 U.S.C. 1602(n)), industrial loan company, trust company, savings association, building and loan, or homestead association (including cooperative banks), credit union, or consumer finance institution, located in any State or territory of the United States, the District of Columbia, Puerto Rico, Guam, American Samoa, or the Virgin Islands; (2) "financial record" means an original of, a copy of, or information known to have been derived from, any record held by a financial institution pertaining to a customer's relationship with the financial institution;

223

224

(3) "Government authority" means any agency or department of the United States, or any officer, employee, or agent thereof; {{10-31-94 p.8598.02}} (4) "person" means an individual or a partnership of five or fewer individuals; (5) "customer" means any person or authorized representative of that person who utilized or is utilizing any service of a financial institution, or for whom a financial institution is acting or has acted as a fiduciary, in relation to an account mantained in the person's name; (6) "holding company" means-(A) any bank holding company (as defined in section 2 of the Bank Holding Company Act of 1956); (B) any company described in section 4(f)(1) of the Bank Holding Company Act of 1956; and (C) any savings and loan holding company (as defined in the Home Owners' Loan Act); (7) "supervisory agency" means with respect to any particular financial institution, holding company, or any subsidiary of a financial institution or holding company, any of the following which has statutory authority to examine the financial condition, business operations, or records or transactions of that institution, holding company, or subsidiary-(A) the Federal Deposit Insurance Corporation; (B) the Director, Office of Thrift Supervision; (C) the National Credit Union Administration; (D) the Board of Governors of the Federal Reserve System; (E) the Comptroller of the Currency; (F) the Securities and Exchange Commission; (G) the Secretary of the Treasury, with respect to the Bank Secrecy Act and the Currency and Foreign Transactions Reporting Act (Public Law 91--508, title I and II); or (H) any State banking or securities department or agency; and (8) "law enforcement inquiry" means a lawful investigation or official proceeding inquiring into a violation of, or failure to comply with, any criminal or civil statute or any regulation, rule, or order issued pursuant thereto. [Codified to 12 U.S.C. 3401] [Source: Section 1101 of title XI of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3697), effective March 10, 1979; as amended by sections 744(b) of title VII and 941 of title IX of the Act of August 9, 1989 (Pub. L. No. 101--73; 103 Stat. 438 and 496, respectively), effective August 9, 1989; section 2596(c) of title XXV of the Act of November 29, 1990 (Pub. L. No. 101--647; 104 Stat. 4908), effective November 29, 1990] CONFIDENTIALITY OF RECORDS--GOVERNMENT AUTHORITIES SEC. 1102. Except as provided by section 1103(c) or (d), 1113, or 1114, no Government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution unless the financial records are reasonably described and-(1) such customer has authorized such disclosure in accordance with section 1104; (2) such financial records are disclosed in response to an administrative subpena or summons which meets the requirements of section 1105;

224

225

(3) such financial records are disclosed in response to a search warrant which meets the requirements of section 1106; (4) such financial records are disclosed in response to a judicial subpena which meets the requirements of section 1107; or (5) such financial records are disclosed in response to a formal written request which meets the requirements of section 1108. [Codified to 12 U.S.C. 3402] [Source: Section 1102 of title XI of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3697), effective March 10, 1979] {{10-31-94 p.8598.03}} CONFIDENTIALITY OF RECORDS--FINANCIAL INSTITUTIONS SEC. 1103. (a) No financial institution, or officer, employees, or agent of a financial institution, may provide to any Government authority access to or copies of, or the information contained in, the financial records of any customer except in accordance with the provisions of this title. (b) A financial institution shall not release the financial records of a customer until the Government authority seeking such records certifies in writing to the financial institution that it has complied with the applicable provisions of this title. (c) Nothing in this title shall preclude any financial institution, or any officer, employee, or agent of a financial institution, from notifying a Government authority that such institution, or officer, employee, or agent has information which may be relevant to a possible violation of any statute or regulation. Such information may include only the name or other identifying information concerning any individual, corporation, or account involved in and the nature of any suspected illegal activity. Such information may be disclosed notwithstanding any constitution, law, or regulation of any State or political subdivision thereof to the contrary. Any financial institution, or officer, employee, or agent thereof, making a disclosure of information pursuant to this subsection, shall not be liable to the customer under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the customer of such disclosure. (d)(1) Nothing in this title shall preclude a financial institution, as an incident to perfecting a security interest, proving a claim in bankruptcy, or otherwise collecting on a debt owing either to the financial institution itself or in its role as a fiduciary, from providing copies of any financial record to any court or Government authority. (2) Nothing in this title shall preclude a financial institution, as an incident to processing an application for assistance to a customer in the form of a Government loan, loan guaranty, or loan insurance agreement, or as an incident to processing a default on, or administering, a Government guaranteed or insured loan, from initiating contact with an appropriate Government authority for the purpose of providing any financial record necessary to permit such authority to carry out its responsibilities under a loan, loan guaranty, or loan insurance agreement.

225

226

[Codified to 12 U.S.C. 3403] [Source: Section 1103 of title XI of the Act of November 10, 1978 (Pub. L. No. 95--630; 92 Stat. 3698), effective March 10, 1979; as amended by section 1353(a) of subtitle H of title I of the Act of October 27, 1986 (Pub. L. No. 99--570; 100 Stat. 3207--21), effective October 27, 1986; and section 6186(a) of title VI of the Act of November 18, 1988 (Pub. L. No. 100-690; 102 Stat. 4357), effective November 18, 1988] CUSTOMER AUTHORIZATIONS SEC. 1104. (a) A customer may authorize disclosure under section 1102(1) if he furnishes to the financial institution and to the Government authority seeking to obtain such disclosure a signed and dated statement which-(1) authorizes such disclosure for a period not in excess of three months; (2) states that the customer may revoke such authorization at any time before the financial records are disclosed; (3) identifies the financial records which are authorized to be disclosed; (4) specifies the purposes for which, and the Government authority to which, such records may be disclosed; and (5) states the customer's rights under this title. (b) No such authorization shall be required as a condition of doing business with any financial institution. (c) The customer has the right, unless the Government authority obtains a court order as provided in section 1109, to obtain a copy of the record which the financial institution shall keep of all instances in which the customer's record is disclosed to a Government {{10-15-90 p.8599}} authority pursuant to this section, including the identity of the Government authority to which such disclosure is made. [Codified to 12 U.S.C. 3404] [Source: Section 1104 of title XI of the Act of November 10, 1978 (Pub. L. No. 95-630; 92 Stat. 3698), effective March 10, 1979; section 1104(d) repealed by the Act of March 7, 1979 (Pub. L. No. 96-3; 93 Stat. 5)] 32. Tax Identification Reporting (TIN Compliance) - purpose is to ensure that an adequate audit trail exists to reduce money laundering activities from illegal enterprises. The TIN reporting compliance is a part of the Bank Secrecy Act (see section 21 above). The following section is an excerpt of text of the Tax Identification Reporting section of the Bank Secrecy Act. Sec. 103.28 Identification required. Before concluding any transaction with respect to which a report is required under Sec. 103.22, a financial institution shall verify and record the name and address of the individual presenting a transaction, as well as record the identity, account number, and the social security or taxpayer identification number, if any, of any person or entity on whose behalf

226

227

such transaction is to be effected. Verification of the identity of an individual who indicates that he or she is an alien or is not a resident of the United States must be made by passport, alien identification card, or other official document evidencing nationality or residence (e.g., a Provincial driver's license with indication of home address). Verification of identity in any other case shall be made by examination of a document, other than a bank signature card, that is normally acceptable within the banking community as a means of identification when cashing checks for nondepositors (e.g., a drivers license or credit card). A bank signature card may be relied upon only if it was issued after documents establishing the identity of the individual were examined and notation of the specific information was made on the signature card. In each instance, the specific identifying information (i.e., the account number of the credit card, the driver's license number, etc.) used in verifying the identity of the customer shall be recorded on the report, and the mere notation of ``known customer'' or ``bank signature card on file'' on the report is prohibited. http://www.bankinfo.com/Regs-aag/bsa1.html#10328 33. Transactions with Affiliates FRB Sections 23 A&B - purpose of Section A is to protect banks from abuses in financial transactions with companies with which the bank is affiliated. Section A applies to all federally insured banks. Section B outlines specific restrictions and prohibitions related to transactions with affliates. 34. Trust 12 CFR Part 9 - The Office of the Comptroller of the Currency (OCC) is amending its rules governing national banks' fiduciary activities by issuing an interpretive ruling to clarify the types of investment advisory activities that come within the scope of these rules. This action will assist banks in determining the extent to which their investment advisory activities are subject to the OCC's fiduciary rules. 1996 Revision of 12CFR Part 9 On December 30, 1996, the OCC issued a final rule revising 12CFR part 9, effective January 29, 1997 (61 FR 68543). Among other changes, the final rule revised the terms that specify the types of activities governed by part 9. In particular, the final rule replaced the former regulation's terms ``fiduciary'' and ``managing agent'' with the term ``fiduciary capacity,'' found at Sec.9.2(e). Under the revised part 9, if a national bank acts in a fiduciary capacity while engaging in an activity, then part 9 governs that activity. One of the fiduciary capacities set forth in Sec.9.2(e) is ``investment adviser, if the bank receives a fee for its investment advice.'' The concept of investment adviser for a fee is new to part 9, and the OCC's addition of this term to the list of fiduciary capacities raised questions from the banking industry about what activities entail providing investment advice for a fee. (The information above was taken from the Office of the Comptroller of the Currency Web site on January 12, 2000 - http://www.occ.treas.gov/ftp/regs/part9fr.txt)

227

228

BIBLIOGRAPHY
1. Cannon Financial Institute, Inc., Internal Audit II, University of North Carolina-Charlotte, 1999.

228

229

STUDY QUESTIONS FOR VOLUME 2: BANKING INDUSTRY

1. During an audit of Common Trust Funds, which of the following conditions is most likely to be cause for concern? A. B. C. D. The public accounting firm certifying your banks financial statements also performs an independent audit of the fund. An outside counselor is providing advice to the fund for a fee. A fee is charged for the internal audit of the plan. The fund valuation is only being performed on a quarterly basis.

2. If a corporation has a liability sensitive gap in a rising interest rate environment, which of the following would be considered an appropriate hedging strategy to prevent a decrease in net interest income? A. B. C. D. Do nothing. Purchase an interest rate floor. Enter into an interest swap to receive fixed and pay floating rate payments. Enter into an interest rate swap to receive floating and pay fixed rate payments.

3. The Bank Secrecy Act uses the term structure or structuring to refer to A. B. C. D. balancing cash in with cash out for a specific account or group of accounts to avoid reporting requirements. granting exemptions to qualified businesses based on their demonstrated normal levels of cash business. providing two or more layers of review for compliance with reporting requirements. conducting currency transactions in a manner to avoid reporting requirements.

4. Which of the following is most susceptible to credit risk? A. B. C. D. OREO Commercial loans Deposit accounts Investment portfolio

229

230

5. In a lease agreement that transfers the risks and rewards from the lessor to the lessee, how should the lease be treated? A. B. C. D. As a sale of the lessor and a purchase by the lessee As a lease by the lessor and a purchase by the lessee As a sale by the lessor and a lease by the lessee As a lease by the lessor and a lease by the lessee

6. In which of the following situations would the OCC require, for regulatory financial reporting purposes, that securities sold under a repurchase agreement (repo) be recorded as sales (or purchases)? I. II. III. IV. The repo matures at the same time as the underlying security. The market value of underlying securities is greater than 100% of the principal of the repo. The repo has a maturity date that exceeds 50% of the remaining maturity of the underlying security on the date the repo is entered into. The underlying securities are physically transferred between the parties to the repo on the start and maturity dates of the transaction. I and III only I and IV only II and IV only II, III and IV only

A. B. C. D.

7. The money supply (M1) includes A. B. C. D. currency only. currency and checking accounts only. currency, checking accounts, and non-checking savings deposits. currency, checking accounts, and money market mutual funds.

230

231

8. Which of the following are members of the Federal Financial Institutions Examination Council (FFIEC)? I. II. III. IV. A. B. C. D. Federal Reserve Bank Securities and Exchange Commission Office of the Comptroller of the Currency National Credit Union Administration I, II and III only. I, II and IV only. I, III and IV only. II, III and IV only.

9. During a review of dormant savings accounts, which of the following procedures would you be most likely to consider a concern? A. B. C. D. Positive confirmations are sent just prior to accounts going dormant. The activity date used to determine dormancy is updated by internal debit memos. Accounts are automatically coded dormant status after two years with no activity. Signature cards for dormant accounts are segregated and placed under dual control.

10. Mortgage servicing rights derive their value from which of the following? I. II. III. IV. A. B. C. D. servicing fee income payment float prepayment charges late payment charges III and IV only I, II and III only I, II and IV only I, II, III and IV

231

232

VOLUME III INSURANCE

232

233

CORE COMPETENCY NUMBER THREE: INSURANCE INDUSTRY

UNIT 1: APPLICATIONS/PROCESSES

This unit covers the common applications and processes associated with the operation and management of insurance companies. These applications and processes include marketing, sales, and distribution; underwriting; reinsurance; actuarial; claims; financial reporting; compliance; investment operations; risk management; premium audit; and administration.

A. Marketing, Sales, and Distribution Systems 1. Marketing is the process of identifying customers and developing products and processes to meet their needs. Sales is the process of agents addressing potential customers and writing applications for new policies. 2. An insurance company is considered authorized or admitted if it holds a valid certificate of authority from the insurance department in the state in which it does business. An unauthorized or non-admitted insurance company does not qualify for a certificate of authority. 3. Agents are insurance company representatives with the authority to sell the companys products. Agents must be licensed in the state in which they do business. Most agents conduct business through authorized companies. Captive agents, also known as exclusive agents, represent one company exclusively. Independent agents represent more than one company. Captive agents who work out of a field office are known as a companys field force. However, some agents, known as detached agents, work out of a private office or their home. 4. Insurance brokers work for insureds rather than for a specific company. The function of an insurance broker is to choose the best coverage available to meet a clients needs. 5. The following are examples of illegal sales practices: a. Misrepresentation occurs when agents make false or misleading statements in an attempt to encourage an individual to buy a policy. Agents are also forbidden from guaranteeing policy dividends.

233

234

b. Twisting occurs when an agent purposefully misguides an individual into canceling one policy and purchasing a new one. c. Rebating occurs when an agent agrees to give an individual a share of the commission as an incentive to buy a policy. 6. A distribution system is the network of individuals and organizations that perform the marketing activities required to convey the insurers products to its customers. There are two commonly used distribution systems in the insurance industry: a. Personal selling distribution systems market products by using sales representatives to make face-to-face presentations with prospective clients. Sales representatives working in personal selling distribution systems are paid by commission or salary or a combination of both. A major type of personal selling distribution system is the agency-building distribution system. Two common agency-building distribution systems include ordinary and multiple-line: 1. The ordinary agency system (also known as the career agency system) uses agents usually working out of a companys branch offices to sell policies. 2. The multiple-line (or all-lines) agency system uses agents who sell the policies of a group of affiliated companies. b. Direct response distribution systems use telemarketing, direct mailings, and other advertisements to solicit potential customers. Clients purchase policies and file claims directly with the company rather than through a sales representative.

B. Underwriting 1. Underwriters evaluate insurance applications and determine the degree of risk they present to the insurer. The function of the underwriter is to determine acceptable risks and to calculate appropriate premiums. 2. In attempting to assess acceptable risks, underwriters review information about the proposed insured that is contained on the insurance application prepared by the insurance agent (sometimes also referred to as a field underwriter). A health insurance application, for example, should contain specific information about the proposed insureds medical history, including specific diagnoses, treatments, and medications. 3. Underwriters may conduct physical inspections to ascertain hazards affecting property and casualty applications. 4. Underwriters may obtain information about an applicants finances or background by reviewing consumer credit reports.

234

235

5. Many insurance companies improve the efficiency of the underwriting process by using jet screening, which uses trained personnel to quickly approve applications that clearly meet acceptable criteria, or computer screening, which uses computer programs to screen applications. 6. Underwriters assign applicants to a risk class. Common risk classes include standard, preferred, nonsmoker, substandard, and uninsurable. However, each insurer has its own risk classes and acceptable levels of risk. Rates are often developed by assessing the loss history for a particular class. Underwriters also use judgment to assess appropriate premium levels. 7. Auditors can judge the quality of the underwriting function by reviewing loss and expense ratios. A loss ratio is calculated by dividing losses by total premiums earned. Loss ratios can be calculated by account, by line of insurance, by agency or agency, or for all business written by an insurer. An expense ratio is calculated by dividing an insurers total written operating expenses by total premiums. The insurer breaks even when the combined loss and expense ratio is 100%, excluding investment income. An underwriting loss is experienced when the combined ratio exceeds 100%, and an underwriting gain occurs when the combined ratio is less than 100%.

C. Reinsurance 1. Reinsurance occurs when an insurance company buys insurance from another company. The reason a company buys reinsurance is to cover part of all of the risk it has undertaken. Insurance companies typically reinsure their policies either because an applicant wants a larger death benefit or presents a greater risk than the insurer can safely assume. 2. The company reinsuring its risks is the ceding company, or direct writing company. The company accepting the risk is the reinsurer or assuming company. The reinsurance contract is called the reinsurance treaty. An automatic reinsurance treaty allows the reinsurer to provide reinsurance automatically for all amounts in excess of the ceding companys retention limit up to a specified amount, known as the automatic binding limit. A facultative reinsurance treaty allows to reinsurer to make an underwriting decision for each risk sent by the ceding company. 3. The ceding company often sets a retention limit, which is the maximum amount of insurance that a company will carry at its own risk. Any amount exceeding the retention limit is reinsured. The reinsurer also sets a retention limit, and the excess beyond that limit is ceded to another reinsurer. This process is called retrocession. The company that accepts the risk of another reinsurer is the retrocessionaire. 4. There are two major types of reinsurance plans: proportional and non-proportional. In a proportional reinsurance plan, the reinsurance treaty specifies the proportions of risk that the ceding company and the reinsurer will bear. In a non-proportional reinsurance plan, the reinsurance treaty does not specify the proportions of risk carried by each company.

235

236

Individual insurance typically uses proportional reinsurance plans, and group insurance typically uses non-proportional reinsurance plans. 5. There are three types of proportional reinsurance: a. Under yearly renewable term (YRT) plans, also known as risk premium reinsurance (RPR) plans, the ceding company purchases yearly renewable term insurance from the reinsurer in the amount being reinsured. b. Under a coinsurance plan, the ceding company pays the reinsurer part of the premium paid by the insured and the reinsurer in turn agrees to pay the ceding company part of the death benefit when a claim is filed. c. Under a modified coinsurance (modco) plan, the provisions are similar to a coinsurance plan, except that the ceding company holds the reserves for the entire policy. 6. There are two types of non-proportional reinsurance plans: a. Under a stop-loss reinsurance plan, also known as an excess-loss plan, the reinsurer agrees to pay a percentage of all claims paid by the ceding company that exceed a specified amount in a certain period. b. Under a catastrophic reinsurance plan, the reinsurer agrees to pay losses in excess of the plan deductible when more than a specified minimum number of claims result from a single accidental occurrence, such as a hurricane or earthquake. The reinsurers liability is limited to a maximum amount per catastrophe.

D. Actuarial 1. Actuaries apply mathematical and statistical principles to calculate and predict death rates, illness rates, injury rates, insurance rates, expected loss ratios, expenses, and other statistical projections. 2. Actuaries also conduct research on short- and long-term trends in interest rates, policy lapses, and policy loans. They are also responsible for calculating the value of the companys reserve liabilities.

E. Claims 1. The claims function is concerned with ensuring that claims are paid promptly and correctly to the claimant (e.g., the insured or its beneficiaries).

236

237

2. Claim specialists (commonly referred to as claim examiners or claim analysts) consider information related to the approval or denial of a claim. Claim specialists should be trained to recognize instances of insurance fraud or improper claims. 3. The insured is generally responsible for notifying the insurer in writing when a loss occurs. Most policies outline the proper procedures for filing a claim. There may be time limits regarding when a claim can be filed. 4. Depending on the type of claim, the insured may be required to file a signed proof of loss statement. Insurers may also require additional evidence, such as a death certificate or a physicians statement, before approving a claim. Some property insurance policies may require the insured to have an appraisal of the property before a claim is paid. 5. Arbitration is often used to settle claims when the insured or insurer cannot agree on the amount of loss. 6. The claims department considers the following questions when reviewing claims: a. Did a loss occur? b. Was the loss covered by the policy? c. Was the policy in force when the loss occurred? d. Was the insured covered by the policy? e. How much is payable to the insured or beneficiaries? f. Who are the beneficiaries? 7. Questionable claims may be subject to a claim investigation. The purpose of a claim investigation is to gather additional information related to the claim. Insurance companies decide on a case-by-case basis whether an investigation is necessary. Risk factors that may signal a need for an investigation include the amount of the claim, the nature of the loss, the presence of conflicting information, and the length of time the policy was in force. 8. For life insurance policies, when no clear beneficiary can be determined, the insurance company may file a bill of interpleader with a court. The interpleader allows the company to pay the policy proceeds to the court, and then the court decides how to settle the claim. 9. Health insurance claims may be subject to the following provisions: a. Exclusions: Expenses that the policy does not cover. These may range from cosmetic surgery to self-inflicted injuries.

237

238

b. Waiting Periods: A prescribed amount of time after the policy is issued before medical expenses are covered. c. Pre-existing Conditions: Injuries or medical conditions that are excluded from coverage because they occurred before the policy was issued. d. Deductibles: An amount the insured must pay before any medical expenses are covered. e. Co-payments: The percentage of expense that the insured must pay. For example, many policies require the insured to pay 20 percent of covered expenses, plus any deductible amount. The insurance company agrees to pay the remaining amount for covered expenses. f. Coordination of Benefits Clause: Prevents the insured from receiving more than 100 percent of medical expenses incurred in cases where the insured has more than one medical policy. The coordination of benefits clause designates a primary provider. After the primary provider pays its share of the claim, the insured may file a claim for the remaining amount with the insurers on the other policies. 10. Occasionally, independent agents will fail to inform the insurance company that a customer requests specific coverage. This scenario would result in a customer incorrectly believing that they are covered for a specific occurrence. If such a loss occurs, the insurance company will deny the claim. However, most companies will still reimburse the customer and charge the amount to the agencys errors and omissions policy.

F. Financial Reporting 1. Financial reports help the insurance company monitor its financial position and plan its operations. Industry analysts, brokerage houses, and private investors use financial information to evaluate a companys performance relative to other companies in the industry. Insurance regulators and the National Association of Insurance Commissioners (NAIC) also use financial information to analyze a companys financial position. 2. Types of financial reports and analyses used in the insurance industry include: a. Audited financial statements b. Stockholder reports c. Comparison of financial results in two or more financial periods d. Comparison of one companys financial results to another company e. Comparison of sales to sales goals

238

239

f. Comparison of actual expenses to budgeted expenses g. Comparison of claims paid to projected claim expenses 3. Budgets are a plan for allocating financial resources during a specific period. The purpose of budgeting is to assist management in planning the companys operations. There are several types of budgets: a. Cash receipts and disbursements budgets are used to monitor cash flow. b. Capitol expenditure budgets are used to allocate funds for major purchases. c. Revenue budgets project income for the coming year. Insurance industry revenue consists primarily of premium receipts and investment income. d. Expense budgets project the companys possible expenses from items such as claims, policy dividends, policy loans, sales expenses, and administrative expenses. 4. In order to reduce the risk of insolvency, insurance companies must adhere to capital and surplus requirements. These limits are set by states to define the insurers capacity or limit on the amount of business that the company may own. Without these limits, insurers might assume an amount of risk beyond their capacity to pay claims. . G. Compliance 1. The legal department is assigned the responsibility of ensuring that the companys operations comply with applicable laws and insurance regulations. Insurance companies typically have legal responsibilities to insureds, beneficiaries, stockholders, employees, and regulative agents. 2. Individual state governments have the primary responsibility for regulating the insurance industry. Each state has its own insurance laws governing financial stability, insurance products, and general business conduct. State insurance laws are known collectively as insurance law. 3. The courts regard insurance policies as legal contracts. The legal department assists in resolving contract disputes related to insurance policies. There are four elements that constitute a legal, binding contract: a. Agreement: A valid contract involves one party making an offer and the other party accepting that offer. The contract is not considered valid if fraud, undue influence, or duress are used in securing the agreement of another party.

239

240

b. Consideration: A valid contract involves each party giving something of value. This exchange of value, or consideration, may take the form of money, action, or promise. For insurance contracts, the insureds consideration is the payment of premiums and a promise to fulfill the conditions of the contract, and the insurers consideration is the promise to pay after a loss occurs. c. Competent Parties: A valid contract must involve legally competent parties. Types of parties typically considered not legally competent to enter into contracts include minors, people with mental impairments, and people under the influence of alcohol or drugs. An adult parent or guardian is usually required to sign a minors insurance application in order to avoid any legal confusion. d. Legal Purpose: A valid contract must have a legal purpose, and every insured must have a valid insurable interest. For example, insurers cannot issue polices to cover intentional or criminal actions. 4. The legal department is responsible for these other duties: a. Reviewing policy drafts to ensure they comply with applicable laws and regulations b. Assisting the claims department in resolving settlement disputes c. Drafting agreements that outline the relationship and responsibilities of the company and its agents d. Applying securities laws that govern the companys sale and purchase of stocks and bonds e. Applying real property laws that govern the companys investments in real estate f. Applying employment laws that govern employee rights and collective bargaining agreements g. Interpreting tax laws that apply to employee benefits and settlement payments h. Applying corporate laws to proposed mergers and takeovers i. Initiating or responding to litigation

H. Investment Operations 1. Most commercial insurance companies are owned by stockholders and are known as stock companies. Some life, health, or property/casualty companies are set up as mutual companies that are owned by policyholders. These insurance companies invest billions of dollars of corporate assets each year. Proper management of these investments is of prime

240

241

importance to policyholders and stockholders. The performance of these investments can also affect the premium prices that a company charges for its insurance products. 2. Many insurance companies employ an asset manager to manage all of the companys assets, including its investment portfolio. The investment portfolio is the aggregate name for the companys investments in stocks, bonds, mortgages, and real estate. Instead of hiring an asset manager to manage all assets, some companies use a portfolio manager to focus only on the assets in the investment portfolio. 3. The need for a company to produce high investment returns is mitigated by the need to minimize the risk of financial loss. Consequently, the board of directors of an insurance company typically appoints members to serve on an investment committee or finance committee. The purpose of the investment committee is to develop general investment policies for the company. Company executives or influential stockholders may also serve on the investment committee as outside directors. 4. Specific functions of the investment committee may include setting: a. Investment objectives, including desired rates of return b. Acceptable risk levels for investments to help ensure the safety of assets c. Specific types of approved and forbidden investments d. Dollar levels that investment personnel can approve at various levels of authority

I. Risk Management 1. The concept of insurance is based on the fact that there is risk that the thing being insured will be lost, destroyed, damaged, injured, or adversely affected in some other way. Insurance is a method of transferring, for a fee, the financial responsibility for the risk to another party. 2. Transferring risk through insurance is not the only method of reducing risk. Risk can be avoided by removing the exposure through change (such as changing a behavior or removing a hazard). Risk can also be reduced (such as by implementing additional controls). Companies and individuals may also choose to retain a portion of the risk through the use of deductibles or co-payments. 3. Insurance companies assist individuals in managing personal risk through risk pooling. Risk pooling is based on fact that the probability of any one type of loss occurring for a given individual is small. Therefore, insurers can insure a large number of people against a given peril, based on the knowledge that only a small percentage of those insured will ever file a claim for that particular peril. For example, of the many people who buy earthquake insurance, only a small percentage will suffer earthquake damage to their property. However, earthquake insurance will cost more in high-risk areas.

241

242

4. Underwriters and actuaries help insurance companies assess risks. These functions are discussed elsewhere in this CFSA Study Guide.

J. Premium Audit 1. Premium auditing focuses on the billing and collection processes. Specifically, auditors/accountants should determine that the premium billings are timely and accurate, and that collections are properly recorded in accounting statements and on policyholders records. 2. Insurance companies collect premiums in a variety of ways. Traditionally, policyholders receive premium notices and pay one premium at a time by mail. Insurance companies now often use a preauthorized payment system or a lock-box system to collect premiums. Under a preauthorized payment system, policyholders authorize the insurance company to withdraw premiums from their savings or checking accounts. The premium withdraw under a preauthorized payment system is often done via an electronic funds transfer (EFT) system. Under a lock-box system, payments are sent to a post office box accessible by the bank. The bank collects the checks for the insurance company and deposits them directly into the companys account. 3. Group insurance billing plans can be self-administered or insurer-administered. Under a selfadministered billing plan, the policyholder performs most of the administrative functions, such as keeping the groups records and processing required paperwork. The insurance company performs these functions, as well as calculating and mailing monthly premium statements to the policyholder, under an insurer-administered billing plan.

K. Administration 1. The customer service department is responsible for the day-to-day administration of insurance policies. The functions of the customer service department may include providing general assistance to customers, making changes requested by policyholders, calculating and processing policy loans and dividends, and sending premium notices and collecting payments. 2. Specific policy changes that policyholders can request include: a. Conversion privilege. Members under group policies often have the right to convert to individual coverage. The customer service department is often charged with administering the conversion and adjusting premiums if necessary. b. Supplementary Benefit Riders. When a policyholders coverage is specifically expanded or limited, a rider is issued to describe the change. The rider becomes part of the insurance contract. The customer service department is often charged with evaluating requests for supplementary benefits riders. Factors considered include

242

243

type and amount of coverage currently in force, type and amount of extra coverage requested, risk factors associated with the policyholder, and length of time since the policy was issued. c. Reissues. Policies are occasionally reissued for various reasons. For example, a policy would be reissued if the original policy contained an error or omission. Policies may also be reissued in order to reduce the death benefit amount or to change insureds. Insured changes usually occur when a key person insured by an organization terminates employment; insurance companies often reissue these policies under the name of the new key person. Responsibility for reissuing policies often rests with the customer service department. 3. The customer service department must ensure that several factors are met when considering the reinstatement of lapsed policies: a. The policyholder must submit a written request within a specified time period, usually no more than five years after the policy lapsed. b. The policyholder must repay all unpaid premiums, including any interested charges assessed by the insurance company. c. Any loans against the policy must be repaid or restored. d. The policyholder must show evidence of insurability. 4. When a policyholder initiates the replacement of an old life insurance policy with a new life insurance policy, the customer service department must determine the policys final cash value by adding any accumulated dividends and subtracting any loan amounts payable.

243

244

UNIT 2: LAWS AND REGULATIONS

The insurance industry is regulated by state governments, the federal government, and nongovernmental entities. The major regulations and regulatory entities affecting the insurance industry are described below.

A. The McCarran-Ferguson Act (Public Law 15) 1. The McCarran-Ferguson Act was passed in 1945. 2. The Act allowed states to retain the right to regulate the insurance industry. 3. The Act allowed the federal government to assume regulation of the insurance industry if Congress feels that state regulation is inadequate or does not serve the public interest.

B. State Insurance Commissions 1. Because the states regulate the insurance industry, each state must have an insurance commission. 2. Each states insurance commission holds legal authority over insurance company operations. 3. Each states insurance commission is directed by a state insurance commissioner, superintendent, or director. 4. The responsibilities of state insurance commissions include: a. Make the states insurance rules and regulations b. Authorize companies to operate in the state thorough the issuance of licenses and certificates of authority c. Issue licenses to insurance agents d. Hold hearings and suspend or revoke licenses or certificates of authority e. Review insurance companies financial statements f. Verify that policy forms meet all requirements and contain all provisions and disclosures 244

245

g. Ensure insurance company compliance with reserve requirements and investment guidelines h. Receive and follow-up on consumer complaints

C. The National Association of Insurance Commissioners (NAIC) 1. The NAIC is a non-governmental organization comprised of the various state insurance commissioners, superintendents, or directors. 2. A major function of the NAIC is to encourage uniformity among state insurance departments through the development of model bills and regulations. However, the NAIC has no direct regulatory authority. 3. The NAIC Financial Regulation Standards (adopted September 1989) recommend minimum levels of resources and authority necessary for effective solvency regulation. 4. The NAIC Financial Regulation Standards and Accreditation Program (adopted June 1990) set up a system of peer review among state insurance commissions. 5. The NAIC created a zone system to streamline the financial examination of companies operating in more than one state. The NAIC divided the United States into four zones (western, midwestern, northeastern, southeastern). Each zone has a pool of examiners supplied by the each states insurance commission within the zone. The following guidelines apply to insurance company examinations: a. The examiner-in-charge must be from the companys home state. b. Examiners from other states in the zone may also participate in the examination. c. A zone examiner may be assigned from any zone in which a company receives as much as $1 million premiums or more than 20 percent of its total premiums. d. Insurance companies are usually examined once every three to five years. e. A written report of the examination must be issued. f. The home-state commissioner is responsible for resolving any disagreements that arise between the examiners and the company regarding the content of the final report. g. The final report of the examination is a matter of public record.

245

246

D. The Securities and Exchange Commission (SEC) 1. The SEC has regulatory authority over investment products. Investment-based life insurance products or variable insurance products include annuities, variable life insurance, and variable universal life insurance. These products, which are also known as non-guaranteed products, are considered speculative because the cash value or benefit level can change relative to the performance of the insurers investments. 2. Insurers that sell investment-based insurance products must comply with federal laws that govern securities. 3. Agents selling investment-based insurance products must be certified by the SEC, be licensed as a broker/dealer with the National Association of Securities Dealers (NASD), an be licensed as a state insurance agent.

E. Employment Retirement Income Security Act (ERISA) 1. ERISA is a federal law that governs welfare benefit plans and employer-sponsored retirement plans. 2. ERISA defines a welfare benefit plan as any plan an employer establishes to provide certain benefits to plan participants and their beneficiaries. ERISA requires that welfare benefit plans have a written plan document that describes the benefits of the plan, how the plan will be funded, and how the plan will be amended if necessary. The written plan must also name the fiduciary responsible for managing the benefit plan. A fiduciary can be held personally liable for any losses that result from a failure to follow guidelines set in ERISA. Welfare Benefit Plans are subject to ERISA if they offer any of the following benefits: a. Medical, surgical, or hospital care benefits b. Sickness, accident, disability, death, or unemployment benefits c. Vacation benefits d. Day-care benefits e. Scholarship funds f. Prepaid legal services g. Apprenticeship or training programs h. Certain benefits, which includes severance benefits and housing benefits, described in the Labor Management Relations Act

246

247

ERISA requires that a summary plan description be provided to each plan participant and to the Department of Labor. Each plan participant and the Department of Labor must also be informed of any significant changes to the plan. ERISA also requires that plan administrator file the plans annual report with the Internal Revenue Service. 3. ERISA contains standards that all retirement plans must meet. Major requirements of ERISA include: a. Qualified retirement plans are prohibited from discriminating in favor of highly paid employees. b. A participants right to receive benefits must vest within a specified period after the participant becomes eligible to join the plan. Participants are vested when they can receive partial of full benefits even if they terminate employment prior to retirement. c. Fiduciaries must ensure the safety of the plans assets.

F. State Model Laws 1. The National Association of Insurance Commissioners (NAIC) develops model laws to encourage uniformity among states. 2. As the NAIC has no regulatory authority, states may adopt the model laws as written or they may modify them to meet their specific situation. 3. Examples of NAIC model laws include: a. Uniform Individual Accident and Sickness Policy Provision Law (Individual Health Insurance Model Law), which is designed to regulate individual health insurance policy provisions b. Group Health Insurance Definition and Group Health Insurance Standard Provisions Model Act (Group Health Insurance Model Act), which defines eligibility for group health insurance and outlines specific policy provisions c. Group Life Insurance Model Act, which provides guidelines for regulating group life insurance programs d. Model Health Maintenance Organization (HMO) Act, which lists requirements for qualifying as an HMO e. Model Claims Settlement Act, which lists unethical practices for claims personnel

247

248

f. Group Health Insurance Mandatory Conversion Privilege Model Act, which allows insureds under group health policies to convert to an individual health insurance policy if either their employment or the group contract terminates g. Model Newborn Children Bill, which requires policies covering dependent children to also extend coverage to newborn children of the insured. h. Group Coordination of Benefits Regulations and Guidelines, which establishes uniform overinsurance provisions to allow for expedited payment of claims and conflict resolution when the insured has duplicate coverage by more than one insurer

248

249

UNIT 3: PRODUCTS

This unit is divided into two sections. The sections cover the two basic categories of insurance products: (1) life, pension, and annuity and (2) property and casualty. LIFE, PENSION, AND ANNUITY PRODUCTS I. INDIVIDUAL INSURANCE Some people do not qualify for group insurance policies. These individuals must purchase individual insurance policies. In an individual insurance policy, the contract between the insurer and the insured describes applicable coverages, exclusions, and benefits that are specific to the individual policy. This section looks at four types of individual insurance: whole life, term life, universal life, and endowments. A. Whole Life Insurance 1. Whole life insurance offers lifetime coverage at a level premium rate that does not increase as the insured ages. Whole life policies accrue a cash value that the insurer must surrender to the policyholder if the policy does not remain in force until the policyholders death. The actual cash value payable to the policyholder in this circumstance would be less any surrender charges or policy loan repayments outstanding. The cash value usually does not equal the face amount of the policy until the policyholder reaches the age at the end of the mortality table used to calculate the premiums for the policy, usually age 99 or 100. At that time, the insurance company usually pays the policyholder the full face amount of the policy, even if the policyholder is still living. 2. Whole life policies are classified as continuous premium policies (or straight life policies), limited payment policies, or single premium policies. Premiums are payable under continuous premium policies until the death of the insured. Because premiums are payable for a longer period, each premium payment is lower than for limited payment policies. Premiums for limited payment policies are payable for a stated period (for example, 20 years from the policys inception or until the insured reaches a certain age) or until the death of the insured, whichever comes first. Single premium policies require only one premium payment. 3. Modified premium whole life policies have premium payments that change during the life of the policy. Typically, premium payments increase at specified intervals (for example, every five years) during the life of the policy. This allows young policyholders to purchase a higher level of coverage than they may otherwise be able to afford.

249

250

4. Joint whole life policies (or first-to-die policies) insure two lives under one policy. Death benefits are paid to the surviving insured. The surviving insured usually has the option of purchasing an individual whole life policy of the same face amount without providing evidence of insurability. 5. Last survivor life insurance policies (or second-to-die policies) pay benefits only after both insureds covered by the policy have died. Married couples typically use this type of policy to pay estate taxes after they die.

B. Term Life Insurance 1. Term life policies provide a death benefit when the insured dies during a specified period. The term of this type of policy is usually not less than one year, but may be up to 40 years or more. Term life provides only temporary protection because coverage ends at the end of the term of coverage stated in the policy. 2. Level term life insurance policies provide the same level of death benefit throughout the term of the policy. The premium for a level term policy usually stays the same throughout term of coverage. 3. Decreasing term life insurance policies provide decreasing policy benefits over the term of coverage. The policys death benefit begins at a set value and gradually decreases to a level stated in the policy. For example, a $50,000 five-year policy might decrease to $40,000 in benefits payable the second year, to $30,000 the third year, to $20,000 the fourth year, and to $10,000 in the final year. At the end of the fifth year, the policy expires. Premiums for decreasing term policies usually remain level throughout the term of coverage. 4. Increasing term life insurance policies provide an increasing amount of death benefit throughout the life of the policy. Premiums for increasing term life policies usually increase during the term of coverage. 5. Term policies often contain provisions that allow the policyholder to keep life insurance coverage after the policy expires. Renewable term insurance policies contain a renewal provision that allows the policyholder to renew the term policy at the end of the term. However, the premium rate increases when the policy is renewed. Convertible term life insurance policies contain a conversion privilege that allows the policyholder to convert the term policy to permanent coverage without providing evidence of insurability. Therefore, an increase in the premium for the permanent coverage cannot be based on level of the insureds health, even if the insured has serious health problems. Some insurers reduce their risk by not permitting conversions after a specific age, such as 55. When term policies are converted under an attained age conversion, the renewal premium is based on the insureds age at the time of conversion. On the other hand, original age conversions base the premium for permanent coverage on the insureds age at the time the original term policy was purchased.

250

251

C. Universal Life Insurance 1. Universal life insurance is a form of permanent life insurance that has flexible premiums, flexible face amounts, and separate pricing for the three major pricing categories: a. Mortality charges based on the insurers risk classification b. Interest rate paid on the cash value c. Expenses associated with administering the policy 2. Purchasers of universal life policies specify the policys face amount and whether the death benefit will be level or vary as the policys cash value changes. Under level death benefit policies the death benefit payable equals the policys face amount. Under variable level death benefit policies the death benefit is equal to the policys face amount plus any accumulated cash value. 3. Within limits, universal life policyholders can choose how much to pay for initial and subsequent premiums. Insurance companies set maximum payment amounts to maintain the policys status as a contract, as well as minimum initial payment amounts. However, the policy will remain in force, even if no premiums are paid, as long as the cash value is large enough to pay the periodic charges assessed by the insurer. 4. Universal life insurance policies accumulate cash values that are tax deferred. D. Endowment Insurance 1. Endowment insurance provides a specified benefit amount in either of the following cases: a. If the insured survives to the maturity date of the policy b. If the insured dies before the maturity date of the policy is reached Policy maturity dates may be set either when the insured reaches a certain age (e.g., age 65) or after a stated period of time has elapsed (e.g., 20 years) from the date the policy is issued. 2. Endowment policies are similar to permanent life insurance policies in that premiums are usually level throughout the term of the policy and the policies build cash values. However, an endowment policy builds cash value more rapidly than a comparable whole life policy. This is because the reserve and cash value of an endowment policy usually equals the policys face amount on the policys maturity date, which is typically for a much shorter period than for a whole life policy. Whole life policies do not accrue a reserve and cash value equal to the face amount until the insured reaches the age at the end of the mortality table used to calculate the policys premium (usually age 99 or 100).

251

252

II. GROUP INSURANCE Insurance that employers provide to employees through an employee benefit plan is known as group insurance. This section covers the many types of group insurance including life insurance, accident and health, accidental death and dismemberment, disability, and dental. Also covered are the different ways to administer group insurance including health maintenance organizations, managed care, utilization management, preferred provider organizations, and administrative service only. All members of a group insurance plan (group insureds) are covered under a single contract, known as a master group insurance contract. The employer or entity purchasing the group insurance is known as the group policyholder. In a noncontributory plan, group insureds do not pay any premium for the coverage. In a contributory plan, group insureds pay a premium in order to receive coverage under the plan, typically through a payroll deduction. A. Life Insurance 1. The provisions of group life insurance policies are similar to those found in individual life insurance policies. For example, group life policies usually include provisions for eligibility requirements and termination clauses. 2. Group policies usually contain a benefit schedule that is used to determine the amount of life insurance for group insureds and their dependents covered under the plan. The coverage amounts may be determined by a formula, such as a multiple of the employees salary, or it may be set in the policy (e.g., X amount for all group insureds or X amount for all group insureds in a specific job classification). A group policy cannot describe coverage amounts for specific individuals. 3. Under all types of group life insurance policies, except creditor group life insurance policies, each group insured can name a beneficiary who will receive the benefits payable when the insured dies. The group insured also has the right to change the named beneficiary. 4. The National Association of Insurance Commissioners (NAIC) Model Act requires that group life policies have a conversion privilege that allows a group insured whose group coverage terminates to convert to an individual life insurance policy without providing evidence of insurability. The amount of individual coverage the individual can purchase may be limited to the amount of insurance held under the group policy. Insurance companies must charge the standard premium rate that any individual of the insureds sex and age would normally pay for the type of policy being issued. 5. The NAIC Model Act requires that group insureds covered under a policy for at least five years be given the right to convert to individual coverage if the group policy terminates. Insureds are allowed a 31-day conversion period to purchase the individual insurance without providing evidence of insurability. The maximum amount of individual insurance the insured can purchase is the lesser of either $10,000 or the amount of coverage previously held under the terminated plan minus the amount of group coverage for which the insured becomes eligible for within 31 days of the policy termination.

252

253

6. If the insured dies during the 31-day conversion period before being issued an individual policy, the NAIC Model Act requires that the insurer pay the insureds beneficiaries the largest amount the insurer would have issued as an individual policy to the group insured. 7. If an incorrect premium amount is paid because a group insured misstated his or her age, the insurer will retroactively adjust the premium amount to reflect the insureds correct age. 8. Most group insurance policies are yearly renewable term (YRT) insurance plans. These policies do not require insureds to provide evidence of insurability when the policy is renewed each year. Also, YRT policies do not build cash values. B. Accident and Health 1. A group heath insurance policy is a contract between an insurance company and the employer or other group purchasing the policy. Employees or other individuals receive specific benefits covered in the policy, but they are not issued individual policies. Optional dependent coverage is usually available through group policies for an additional fee. 2. Group policies typically include a pre-existing condition provision that excludes coverage for conditions that the individual received treatment for during specified period (often three months) prior to the effective date of coverage. Some policies include exceptions to the preexisting condition provision which allow for coverage if the individual was not treated for the condition for a specified period (e.g., for 3 consecutive months) or if the individual has been covered under the group plan for a specified period (e.g., 12 months). Most policies also waive the pre-existing condition provision if the group switches carriers and the member was covered under the previous group policy. 3. Most group health policies contain a coordination of benefits (COB) provision to prevent individuals covered under more than one plan from receiving benefits greater than the expense incurred. The COB provision defines the group plan that will serve as a primary provider and the one that will be the secondary provider. The primary provider is usually the one that covers the individual as an employee rather than as a dependent. After the primary provider pays all claims payable, the individual can submit any unpaid bills to the secondary provider.
4.

Most group health policies contain a conversion provision that allows an individual leaving the group to purchase individual insurance without providing evidence of insurability. An exception to the conversion provision applies to individuals who are changing jobs and are being covered under another group policy. In these cases, purchasing individual insurance in addition to the new group policy coverage may result in the individual being overinsured.

5. Most group disability income policies contain a physical examination provision that requires a doctor to examine a claimant before a claim is paid. The insurer may also require the claimant to undergo periodic examinations to verify that the disability still exists. The insurer bears the cost of these examinations.

253

254

6. The cost of a group health insurance plan depends on the type of business in which the members work, the ages of the group members, and the number of males and females in the group. C. Accidental Death and Dismemberment 1. Accidental death and dismemberment policies pay stated benefit amounts if the insured dies as the result of an accident or if the insured loses limbs or eyesight. 2. Accidental death and dismemberment policies are usually low in cost. 3. Some accidental death and dismemberment policies only cover accidents that occur while an employee is traveling on the job. D. Disability Income 1. Disability income insurance is designed to provide income replacement for individuals who become unable to work because of an illness or accidental injury. Short-term group disability income coverage provides benefits for less than one year. Long-term group disability coverage allows insureds to receive benefits for more than one year. Disability income policies usually provide an incentive for the insured to return to work by providing insureds less income than they received before they became disabled. The actual amount payable is typically based on a percentage of the insureds pre-disability earnings or flat rate determined when the policy is purchased. 2. In order to receive benefits, the insured must meet the total disability requirement specified in the policy (although some disability income policies pay for partial disabilities). Most policies initially define total disability as the inability of the insured to perform the duties of his or her regular occupation. However, after a specified period following the incident that caused the disability, insureds may be considered disabled only if they cannot work in any occupation that they are reasonably fitted for by education, training, or experience. Disability income payments made through group policies usually cease when the insured returns to work in any gainful occupation. 3. Presumptive disability provisions allow the insured to be considered totally disabled if certain conditions arise. Presumptive disability conditions typically include permanent blindness, speech loss, or hearing loss. Insureds disabled in these ways receive full benefits even if they resume employment in their former occupation. 4. Many disability income policies include a waiting period. The waiting period is a specified time that must pass after a person becomes disabled before the insurance company begins making benefit payments. The purpose of waiting periods is to reduce the need to pay for disabilities that last only for a short period.

254

255

5. Disability income policies typically do not cover injuries that are intentionally self-inflicted or those that are caused by active participation in a war or riot. E. Dental 1. Most dental insurance is provided through group policies. Very few individual dental policies are written.
2.

Group dental policies emphasize preventative care such as examinations and x-rays. Most group dental policies provide full coverage for examinations and preventative treatments, but deductibles or co-payments generally apply to specific corrective procedures.

F. Health Maintenance Organizations (HMOs) 1. HMOs are governed by the HMO Act of 1973. An HMO is both an insurer and a provider of health care services. In other words, HMOs serve two functions: a. To pay insureds medical expenses b. To provide a medical network (e.g., doctors and hospitals) for medical care to plan insureds, commonly known as HMO subscribers Subscribers must receive their medical care from within their HMOs network of providers. 2. HMOs pay for preventative care as well as medical treatments. Providers within the HMO network are typically reimbursed a set fee for each service they provide, although some physicians receive a salary. Additionally, HMOs often require subscribers to pay a copayment for some services. 3. Subscribers are usually required to select a primary care physician. The primary care physician serves as the subscribers personal physician and refers the subscriber to any specialists that are needed. 4. Open panel HMOs allow any qualified physician or provider to provide services to the HMO members. Closed panel HMOs require physicians to belong to the group under contract with the HMO before providing services to members. G. Managed Care 1. Managed care is defined as an integrated method of financing and delivering health care. HMOs contain many characteristics of managed care plans. 2. Managed care plans require insureds to receive care only from physicians or providers that participate in the managed care network.

255

256

3. Managed care plans have fee arrangements that encourage providers to deliver the most costeffective care possible. In other words, patients overuse of medical services is discouraged under managed care plans. H. Utilization Management 1. Insurance companies and managed care plans use utilization management to ensure that services provided to patients are appropriate and cost effective. The specific process of reviewing a patients care is called a utilization review. 2. Utilization reviews begin with a preadmission certification. Except in cases of emergency, insureds must have approval from their insurance company or care plan before being admitted to a hospital. In emergency situations, insureds must make notification within 48 hours of admission or face reduced or lost benefits. 3. Utilization reviewers monitor the appropriateness of care while a patient is hospitalized. This is known as a concurrent review. 4. After a patient is released, a retrospective review takes place. This review is designed to catch billing errors and to identify excessive costs. I. Preferred Provider Organizations (PPOs) 1. Preferred Provider Organizations are another form of managed care. PPOs are similar to HMOs in that they contract with health care providers to deliver medical services. 2. Traditional PPOs offer coverage to subscribers who use out-of-network providers. However, traditional PPOs typically reimburse at a lower rate when the subscriber uses an out-of-network provider. 3. Increasingly common are gatekeeper PPOs, which require subscribers to choose a primary care physician from within the PPOs network. Gatekeeper PPOs reimburse at a higher rate if subscribers coordinate their care through their primary care physician. 4. Traditional PPOs pay providers on a fee-for-service basis. Gatekeeper PPOs pay providers a flat amount, usually paid monthly, for each subscriber the provider serves (called a capitation rate). J. Administrative Service Only (ASO) 1. Some employers allow outside parties to administer their group insurance plans. Administrative service only contracts allow an insurer or other third party administrator to assume the administrative responsibilities of a group benefit plan. 2. Fees paid for administrative service only contracts are not subject to state premium taxes.

256

257

III. PENSIONS Employers establish pension plans to provide employees with a monthly income benefit when they retire. Many pension plans are funded at least in part by employee contributions. Most pension plans are qualified pension plans. Individuals can also establish their own retirement plans through products such as the individual retirement account (IRA). A. Qualified Plans (tax implications, savings plans, qualification rules, nondiscrimination requirements, vesting, fiduciaries, prohibited transactions) 1. Federal income tax laws provide tax benefits to employers that provide retirement plans to their employees. Employees who contribute to qualified pension plans do not pay tax on the contributions until the funds are withdrawn from the plan. Any retirement plan that is legally authorized to receive these tax benefits is known as a qualified plan. The Internal Revenue Service approves qualified plans entitled to receive favorable tax treatment. 2. Qualified plans that are funded at least in part by employee contributions are known as thrift and savings plans. There is usually a limit on the amount that employees can contribute to their retirement plans each period. Limits are usually set as a percentage of the employees salary or at a specific amount or percentage based on the employers contributions. 3. A common tax-favored employee retirement plan is known as the 401(k) plan. Employee contributions to 401(k) plans are not included as part of the employees gross taxable income. However, funds are taxed when the employee withdraws them from the plan. 4. Individual retirement accounts (IRAs) are another type of retirement plan that receives favorable treatment under federal income tax laws. Keogh plans are individual retirement accounts that are specifically for self-employed persons. Individuals may establish their IRA and Keogh accounts through insurance companies. The principle and interest in an IRA or Keogh fund are not taxed until the funds are withdrawn. 5. The Employee Retirement Income Security Act (ERISA) regulates retirement plans in the United States. 6. Qualified retirement plans have a nondiscrimination requirement that prohibits plan administrators from discriminating in favor of highly paid employees. 7. Plan administrators must establish a minimum time in which an employee must be employed before being vested in the plan. Vested employees are entitled to receive benefits even if they terminate employment before retiring. 8. Individuals who administer qualified plans are considered to be fiduciaries or persons who holds positions of trust. ERISA requires that fiduciaries act in the best interest of the plan. Fiduciaries may be held criminally liable for any losses that occur because they did not adequately perform their fiduciary duties.

257

258

9. ERISA imposes restrictions on certain investment transactions involving the assets of a qualified plan. A primary goal of these restrictions is to ensure the safety of participants investments. An insurance company or a designated trustee is typically responsible for investing the assets of qualified plans. B. Annuities 1. An annuity is a series of periodic payments. The purchaser of the annuity (known as the annuitant) typically pays a single premium (i.e., single-premium annuity) to the issuer, who invests these funds for a stated period and at a stated interest rate (known as the accumulation period). When the maturity date of the annuity arrives, the insurer begins making a series of payments to the annuitant over a stated period (known as the payout period). Annuities are considered to be the opposite of life insurance because annuities protect against the risk of outliving ones resources, whereas life insurance is a method for accumulating an estate. 2. The actual amounts of annuity payments are based on: a. the amount of money invested b. the interest rate c. the length of time the principle has been invested d. the number of annuity payments to be made If the annuitant dies before payments begin, the insurer pays the annuitys cash value to the annuitants beneficiaries. 3. Annuities contain a withdrawal provision that allows the annuitant to withdraw a percentage of the annuitys accumulated value each year. There is usually a withdrawal charge only if the annuitant withdraws more than the maximum withdrawal amount stated in the contract. 4. An annuitant can surrender the annuity in exchange for its cash surrender value, which equals the accumulated value of the annuity minus any applicable surrender charges. Surrender charges usually apply only if the annuity has not been in force for a minimum period of time. 5. The payout period varies for each type of annuity. A life annuity provides benefits for at least the life of the annuitant but perhaps for an additional period. A temporary life annuity pays benefits for a specified period or until the annuitant dies, whichever comes first. An annuity certain provides benefits for a stated period of time, regardless of whether the annuitant lives or dies. 6. Single-life annuities cover a single individual. Joint and survivor annuities provide a series of payments for two or more individuals until the last one dies.

258

259

7. Fixed annuities guarantee a minimum monthly benefit based on the size of the annuity. Variable annuities pay a monthly benefit amount that changes as the investments (e.g., securities) purchased with the annuitys funds rise and fall. Variable annuities are considered to be securities contracts and are thus regulated by the federal Securities and Exchange Commission (SEC).

IV. PROPERTY AND CASUALTY PRODUCTS Property and casualty insurance policies protect individuals and businesses from financial loss. Workers compensation policies protect an employer from financial loss resulting from an employees injury on the job. General liability policies provide additional liability coverage for businesses. Individuals are protected by automobile and homeowner policies. Umbrella policies provide the most extensive liability coverage for individuals and businesses. A. Workers Compensation 1. Workers compensation is a type of insurance that employers provide for employees. Workers compensation pays: a. Medical expenses for employees who are injured or who contract an occupational disease through work b. Disability income and rehabilitation benefits for employees who become disabled through work c. Death benefits for survivors of employees who die because of an occupational injury of disease 2. Each state has its own workers compensation laws. In most states, the majority of employees receive workers compensation coverage, except for employees who work for very small companies. 3. Employers pay the entire premium for workers compensation coverage. Premium amounts are based on the class rating for the type of business being covered. There are several hundred class ratings used to calculate workers compensation rates. The classifications reflect the risk associated with each type of occupation. A companys premium can also vary based on the number of claims during a given period. This process of adjusting rates either up or down is known as an experience modification. 4. Injured employees must file claims with the agency that administers workers compensation in their state. The employer must also be notified. 5. Employees of the federal government receive workers compensation under the Federal Employees Compensation Act.

259

260

B. General Liability 1. General liability insurance covers the major liability exposures of a business. These potential liabilities include lawsuits from public use of an organizations facilities or products. 2. General liability insurance does not cover liabilities that a business incurs through the use of its automobiles. Therefore, businesses must buy separate automobile coverage for its rolling fleet. 3. General liability also does not cover damage to property not owned by the business, even if that property is left in the care of the business. 4. Products liability coverage covers damages caused by products sold by a business. 5. Completed products liability coverage covers damages that result from work (such as repair work) done by a business. 6. Medical payments liability coverage covers injuries to the public that occur on the premises of a business. C. Automobile 1. Personal automobile policies typically provide the following types of coverage: a. Liability coverage pays benefits to parties the insured injures in an automobile accident. The liability section also covers property damage. Coverage usually applies to autos mentioned in the policys declaration, as well as autos temporally used by the insured (such as rental cars or a borrowed car). The insureds car is also covered when other people drive it. Personal auto policies typically do not cover autos used for regular business purposes. Business auto policies are used to extend coverage to a companys rolling fleet. b. Medical coverage pays benefits to all passengers in a vehicle involved in an accident, not only the insured, even if the insured was not legally responsible. Benefits are usually limited, with the dollar amount of the limit set according to the premium paid. c. Auto coverage pays benefits in cases where the auto is stolen, damaged, or destroyed. Collision insurance provides coverage when the auto strikes another vehicle or object. Other than collision insurance or comprehensive coverage covers incidents other than collision. These incidents may include theft, fire and hail damage, or broken glass. d. Uninsured motorist coverage pays damages incurred by the insured and the insureds passengers when injured in an auto accident caused by a motorist without liability insurance. This coverage also covers accidents caused by hit-and-run drivers.

260

261

2. Auto policies do not cover damage that is intentionally inflicted. Coverage is also excluded for individuals who use the car without believing they were authorized to do so. 3. In cases when an accident occurs in another state with higher liability limits, most auto policies will protect the insured by raising the level of benefits payable to the higher level. D. Homeowners 1. Homeowner policies combine property and casualty coverage into the same policy (known as multi-line policies). 2. Homeowner policies provide four major types of property coverage: a. Dwellingcovers the house and attached structures, such as an attached garage or carport. b. Other buildings or structurescovers unattached structures such as a tool shed, a swimming pool, or a fence. c. Personal propertycovers the contents of the house and other items, such as patio furniture. Automobiles are not covered as personal property under a homeowner policy. Limits are usually set on jewelry, furs, fine art and other items likely to be stolen. Homeowners have the option of buying additional coverage on valuable personal items. d. Loss of useprovides additional living expenses when the home is unlivable so homeowners can continue to live comfortably. While the home is being made livable, the homeowner policy will pay for items such as rented rooms at a hotel, restaurant meals, and laundry expenses. 3. Homeowner policies provide two major types of liability coverage: a. Personal liabilitycovers claims for bodily injury or property damage caused by the insured. For example, the policy would cover an incident where someone is injured by tripping on a crack in the sidewalk in front of the insureds home. b. Medical paymentsprovides a low level of medical payment to help avoid legal action between the insured and the injured party, regardless of whether on not the insured is legally liable for the incident. For example, if the insureds dog bit a neighbor, the policy would cover the cost of the emergency room visit (usually up to about $1,000) without the need to establish fault. 4. Broad form policies provide coverage for loss due to causes such as fire, lightening, wind, hail, explosion, riot, vandalism, theft, and volcanic eruption. Common exclusions from homeowner policies include intentional acts, negligence, flood, earthquake, and war.

261

262

E. Umbrella Coverage 1. Personal umbrella policies are designed to provide coverage if losses exceed the limits of a basic homeowner or automobile policy. The liability limit for an umbrella policy is usually highoften $1 million or more. A small deductible, known as a self-insured retention, may apply. 2. Commercial umbrella policies are similar to personal umbrella policies. However, the self-insured retention is usually higher for a commercial umbrella policyoften $10,000 or more.

262

263

STUDY QUESTIONS FOR VOLUME 3 INSURANCE INDUSTRY

1. The combined ratio of an insurance company is the ratio from combining which of the following? I. II. III. IV. A. B. C. D. The loss ratio The other underwriting expense ratio The expense ratio The IBNR I and II only I and III only III and IV only I, II, III, and IV

2. A plan participants right to receive partial or full benefits under a private retirement plan even if the participant terminates employment prior to retirement is referred to as A. B. C. D. contributing accumulating vesting non-revocation

3. Which of the following are duties of Insurance Commissioners in regulating insurers? I. II. III. IV. A. B. C. D. Rule of the constitutionality of insurance laws Determine if an insurer meets the requirements to obtain a license Render decisions on the meaning of policy terms Conduct financial investigations of insurers operating in the state I and II only I and III only II and IV only I, II, III, and

263

264

4. You are auditing the claim handling of your branch office. You note that one of the claims is for lost revenue due to a windstorm damaging the building. The claim file states that the insured requested coverage for this type of loss. However, the independent agent failed to request the coverage through an oversight. Which action is required to appropriately handle the claim? A. The claim should be denied since coverage was never present, and the claim should be placed against the agencys Errors and Omissions policy for reimbursement of the claimant. B. The claim should be accepted and paid up to the policy limits since the insured meant to create coverage for business interruption. Due premiums for the coverage can be charged retrospectively. C. The claim should be denied since repaying for business interruption and lost revenues would financially enrich the insured, which is against one of the principles of insurance. D. The claim should be paid and the insured indemnified since the insured requested the coverage. Since the producer was acting as an agent of the carrier, they commute their liability.

5. Which of the following accounts would NOT be found on a life insurance companys statutory financial statements? A. B. C. D. Nonadmitted assets Nonledger assets Deferred acquisition costs Policy loans

6. Recent activities in the marketplace have caused your company to comply with requests from 50% of your policyholders to cancel their policies. The company complies and refunds them amounts due. Your audit of this should ensure these refunds were charged against what account? A. B. C. D. Incurred but not reported (IBNR) Unearned premium reserve Goodwill Allocation for uncollectible accounts

264

265

7. Which two of the following characteristics apply to universal life insurance policies? I. II. III. IV. A. B. C. D. To provide the insured with a number of investment options To provide the insured with a minimum guaranteed cash value To provide a cash value fund that accumulates tax deferred To provide flexibility of both premium and death benefits I and IV II and III III and IV I and III

8. Which of the following are NOT common funding vehicles used by insurers to invest retirement plan assets as they are accumulated? A. B. C. D. Group deferred annuities Deposit administration contracts Separate account contracts Keogh plans

9. A manufacturer wants to protect the company from financial loss resulting from third party lawsuits. The manufacturer has learned of several recent jury awards over $7 million for product defects. The manufacturer currently has only $5 million in this type of coverage. The manufacturer has also learned that several automobile claims have been recently awarded against other companys cars in accidents over $1 million. The manufacturer has only $5 million in coverage for automobile insurance. These events have damaged his competition and the manufacturer wants to protect his company further than the current policy allows. What insurance coverage product will the manufacturer likely buy? A. B. C. D. A personal injury protection (PIP) policy to protect others from personal injury. An umbrella policy to place a protective umbrella over existing coverage. A surplus lines policy to protect against claims in surplus of the policy limits. A floater policy to float coverages where needed.

10. The two most common types of commercial insurance companies are A. B. C. D. sole proprietor and stock equity and debt stock and mutual partnership and corporation

265

266

VOLUME IV SECURITIES

266

267

CORE COMPETENCY NUMBER FOUR: SECURITIES INDUSTRY

UNIT 1: FINANCIAL MARKETS

In order to understand the trading of negotiable securities, it is necessary to understand the financial markets. The items covered in this section are: A. B. C. D. Overview The Stock Exchanges Over-The-Counter (OTC) Market Options Market

A. Overview Negotiable securities trade in specific markets. These markets, as well as specifics about the particular markets, are covered in the following section: 1. Brokers and Dealers - Although they perform similar functions, brokers and dealers actually perform a separate and distinct function. The securities market must be liquid to function. That means that orders to buy and sell must be processed (filled) at all times; this is called making a market. Dealers are expected to maintain an inventory of each security in which they make a market. Therefore, dealers are expected to have specific securities to sell if a customer wishes to buy them, and conversely, to buy these securities if a customer wishes to sell. Dealers make their money through the spread - which is the difference between the Ask and Bid prices. The Ask price is the price at which the dealer will sell a security. The Bid price is the price at which the dealer will buy a security. The Bid price is always lower than the Ask price. For example, a dealer may market Stock A in the following fashion: Bid (10) and Ask (10.5). Thus, the spread or dealer profit is 0.5 point for each share bought and sold. On stock exchanges, dealer firms are generally called specialist firms and have the sole (are the only ones who may sell) market for specific stocks on an exchange. The specialists deal with retail members or brokers of an exchange. Brokers are the middle person between dealers and the public. A public customer places an order with a broker and the broker executes the trade with a dealer. The broker receives a commission for the transaction from the public customer.

267

268

Dealers and brokers must be independent from each other. Additionally, dealers are prohibited from dealing directly with the public, except in the Over-The-Counter (OTC) market where a firm may perform either function, but cannot perform both on the same transaction. These firms are referred to as Broker/Dealer firms in the Over-The-Counter Market. The OTC market will be discussed later in this Unit. 2. Types of Markets - Negotiable securities are traded in specific markets, primarily the primary and secondary markets. The Primary Market is the market where new issues are sold. A new issue is a previously unissued security that is being sold to the public for the first time. Most new issues are traded in the OTC market, since the stock exchanges have more rigorous listing requirements. Transactions on the primary market are performed by an underwriter (the investment banking firm that is backing the transaction). After a security has been properly registered and priced in the primary market, it may be traded on the secondary market. The Secondary Market is the market that promotes the trading (buying and selling) of issued securities. There are several component markets that comprise the secondary market. They are: First market - where listed securities are traded on the floor of a stock exchange. The largest first market is the New York Stock Exchange (NYSE). Second market - is the trading of securities that are not listed on an exchange, i.e., (OTC). The secondary market actually has a greater trade volume than the exchanges and trades a greater number of companies. The OTC market is controlled by the National Association of Security Dealers (NASD). The market is generally called NASDAQ, which stands for NASD Automated Quotations. Third market - is the trading of listed securities (first market) which generally takes place outside of exchange trading hours. Third market companies stay open 24 hours a day and can perform trades of listed stocks even though the stock exchange is closed. Fourth market - is the direct trading of securities between institutions without a broker. This reduces the commissions paid to brokers by institutional investors (i.e., pension systems, mutual funds or insurance companies).

3. Types of Orders - an order is the mechanism that is used by a registered representative of a broker to execute the trade for a public customer. An order ticket is used by a broker to convey the information to exchange floor traders (specialists) or OTC traders. Information that is included on an order ticket includes: Customer name and account number Date submitted Buy or Sell indication Order size (number of shares) Name and symbol of security being bought or sold Price information (specific pricing information discussed below)

268

269

Duration of the order (unless specified all orders not executed are canceled at the end of the day)

There are four basic types of orders: Market orders are orders that are to be filled (executed) immediately at the current market price. There is no price specified on a market order. Market orders do not carry over to the next day. Limit orders specify a price at which a security should be bought or sold. In most cases, limit orders will either be a buy or a sell limit order. A buy limit order would specify a target price for a security. To illustrate this, assuming that stock As current market price is $20, a buy limit order for $18 is an order that will only be executed if the price drops to $18. A sell limit order is similar to a buy order except the public customer is hoping the market price rises. To illustrate this, assume stock As current market price is $20, a sell limit order for $22 is an order that will only be executed if the price rises to $22. Note - in many instances limit orders are submitted as good till canceled (GTC) to stop the order from being canceled at the end of the day. Stop orders are orders at specific prices that are used to limit losses on long and short positions. A sell stop order will not be executed until the market price reaches a specific target. To illustrate this, lets assume a sell stop order was placed on stock A at a price of $20. Once a trade is made at $20 the sell order is triggered and is executed as a market order (thus, the actual price could be higher or lower). Sell stop orders are used to limit losses on long positions (the public customer actually owns the stock) in falling markets; therefore, they are placed below current market levels. Similarly, a buy stop order will not be executed until the market price reaches a specific target and the trade is triggered the same as a sell stop order. Buy stop orders are used to limit losses on short positions (the public customer sold stock that they do not own and must deliver (buy the stock they sold) by a specified date) in rising markets; therefore, they are placed above current market levels. Stop limit orders are similar to stop orders except that the order does not become a market order and must be filled at the limit price or better. To illustrate this, assume a sell stop limit order was placed on stock A with a stop of $20 and a limit of $18. Once a trade is made at $20 the sell order is triggered and is turned into a limit order that will only be executed if the market price is $18 or higher. 4. New Issues - are used by corporations when they need to raise capital for long-term needs. In these cases, corporations often issue new securities. Although corporations can sell their own securities to investors, they usually work through an investment banking firm. Investment banking firms act as an intermediary between the corporation seeking capital and the individual or institutional investors. Investment bankers often underwrite (buy the securities and resell them) the new issue. The dollar amounts of these transactions are very high and the investment banking business is

269

270

extremely risky. Due to the high risk, commercial banks are prohibited from entering into the investment banking arena. Before a new issue can be sold, the security must be registered with the Securities Exchange Commission (SEC). This provides for full disclosure about the company and new issue to prospective investors. The SEC has a minimum of 20 days (called a cooling off period) from registration to perform a review. While the SEC is performing its review, a preliminary prospectus (red herring) may be issued to provide information to potential investors. This prospectus contains information similar to the SEC registration document. Although a price may not be set in either the registration document or the red herring, an expected price range may be indicated . The security also must be registered in each state in which it will be sold, in accordance with the laws of that state. At the end of the cooling off period a meeting is held between the investment banking firm and the responsible officers of the corporation to establish the public offering price of the issue. An amendment to the registration statement, setting the price must be messengered to the SEC. The following day the issue is effective and may be sold. The investment banking firm announces the new issue to the press. This is called a tombstone announcement. All buyers must receive a final prospectus prior to buying a new issue. Depending on the market demand for an issue, the investment banking firm may need to stabilize the issue by buying back shares at a price below the initial public offering. On the other hand, there are some securities that sell for a premium on the secondary market immediately after initial issue. This is the result of the demand for the new issue exceeding the supply. In the late 1990s, a number of internet-based companies fell into this category and the price on the secondary market rose substantially. There are generally two types of offerings: Primary offering - called the initial public offering or IPO. The IPO is the first time that shares of a company are offered publicly. Proceeds from primary offerings generally go directly to the issuer. Secondary offering - when the investment banking firm distributes securities (often large blocks) held by individual owners. 5. Clearing and Settlement Process - is the process of delivering to the buyer and paying the seller for securities. The securities must be delivered in good form to clear the deal. There are multiple requirements and conditions regarding good delivery. For example, a registered security must be assigned or properly endorsed on the back of the certificate exactly as indicated on

270

271

front of the certificate. If certificates are held by a brokerage firm (in which the holder has signed the power of transfer to a brokerage firm) the certificate can be transferred without a signature. The settlement date for stock, municipal bond and corporate bonds is three business days after the transaction date. This is called the regular way transaction. Other settlement dates are: Cash - a same day settlement, usually before 2:30 pm EST. U.S. Government securities - a next business day settlement. Sellers and Buyers option - in both of these cases the settlement date is extended beyond 3 days at the request of seller or buyer. When, As, and If Issued (WAII) - the settlement is postponed until 3 days after certificates are issued. This is associated with a new issue and the certificates are not available on the transaction date. If the new issue is canceled, then the original trade is canceled.

B. The Stock Exchanges * A stock exchange is the location where buyers and sellers trade securities. The largest and most widely known stock exchange is the New York Stock Exchange (NYSE). Other stock exchanges include: The American Stock Exchange Midwest Stock Exchange Pacific Stock Exchange Philadelphia Stock Exchange Boston Stock Exchange All of these exchanges function in a similar manner and listed securities must be traded in the physical boundaries of the exchange floor. It should be noted that the NYSE handles over half of all securities transactions. * To simplify discussions of exchanges most of the examples will be related to the NYSE; however, it should be noted that regional stock exchanges function in a similar manner. 1. How the exchanges function - Although exchanges are not involved in the market, they do have an enforcement role to ensure that trades conform to laws and regulations. An exchange board of directors sets policy, enforces rules, determines which stocks will be listed, and handles memberships. The board is comprised of an equal number of members (see below) and the general public. The board also includes an elected full-time chairman. Memberships on the NYSE are limited to 1,366 seats. These memberships are open only to individuals; corporations and partnerships may not hold seats. Seats are sold to any qualified person and prices range from thousands to millions of dollars. Although brokerage firms are not permitted to hold a seat, they may conduct business if a partner in the firm holds a seat. Categories of memberships are:

271

272

Commission house brokers - the members generally execute customer orders for a fee or commission. They may also execute trades for their own account. Floor brokers - these members generally execute orders for other brokers when they are too busy. Bond members - these members deal exclusively in bonds. Market Maker or Specialist - these members stay in a particular floor location and are involved only in trades in which they specialize. Registered trader - these members usually executes trades only for their own account.

2. Listing and delisting rules - to be listed on a stock exchange a company must meet specific requirements that are designated by the exchange. Only listed stocks can be bought and sold at the exchange. For example, the NYSE has some general and specific requirements (the requirements periodically change). The requirements for listing on the NYSE include: A minimum market value A minimum number of outstanding shares A minimum number of shareholders A minimum threshold for corporate earnings Financial condition of the corporation Future prospects of the corporation Corporation must permit full voting rights to common shareholders Corporation must provide relevant information to investors on a timely basis The NYSE Board also determines if there is sufficient national interest in the corporation

Delisting can occur if the corporation falls below the minimum listing requirements described above. Additionally, a corporation can be delisted if they disallow common stock voting rights, file for bankruptcy, or fail to disclose financial statements. A corporation may request an exchange to delist them. To delist a corporation on the NYSE, two-thirds of the common stockholders must vote to delist, holders of no more than 10% of the outstanding shares may object, and a majority of the corporations board of directors must agree to the delisting. 3. The consolidated tape - stock transactions are shown on a tape within seconds of a transaction. The information on the tape is submitted by the selling broker and includes the number of shares and price. There are three tape networks: Network A - covers all stocks listed on the NYSE and includes all trades of the listed stocks (including regional exchange transactions and third and fourth market transactions) Network B - covers American Exchange (AMEX) transactions and trades from regional exchanges of stocks listed on the AMEX or NYSE.

272

273

Consolidated quotation services - provides quotes on exchange listed securities traded in the OTC market.

The tape contains the following abbreviations and symbols: Ticker symbol or abbreviation for the stock is listed at the top of the line (for example International Business machine is listed as IBM). Trades are listed in multiples of 100s and followed by an 's', with the exception of trade volume over 10,000, which is listed at the exact amount. Share price is listed in the dollar amount with the minimum value being one sixteenth of a dollar. Preferred stocks are identified with a Pr. If a stock opening is delayed, the tape would have OPD or OPENING DELAYED next to that particular stock. If trading is halted, the tape would have TRADING HALTED next to that particular stock. Trades that are reported late are listed with SLD. Some basic examples of tape information follow: IBM 11s110 SLD 9s108 5sPr/150

(1,100 shares of IBM at $110) (900 shares of IBM at $108 sometime earlier) (500 preferred shares of IBM at $150)

4. Specific rules relating to the NYSE beyond the listing and delisting rules discussed in section 2, the NYSE has trading rules to ensure that the market functions effectively and that members and brokers do not have an unfair advantage over the public. A list of some of the NYSE trading rules follow: Prohibition of prearranged trades (rule 78) prearranged trades to sell securities with an offer to buy back at a stated price is prohibited. Prohibition of crossing orders within a firm (rule 76) a member firm holding a sell order and a buy order from two customers is prohibited from making the trade within the firm. The firm must first send the trade to the exchange floor and if the order is not taken, then the firm may complete the trade within the firm. Trading limitations based on market volatility (rules 80A and 80B) after the market crash in October, 1987, the NYSE instituted these rules to decrease market volatility. Rule 80A reduces computerized institutional orders by routing them to a specialist for approval. This rule is invoked if the Dow Jones Industrial Average (DJIA) moves by 50 points or more or if the Standard and Poors 500 Index moves by 12 points or more. Rule 80B halts trading for all stocks for 1 hour if the DJIA declines by 250 points. If after trading reopens on that day and the DJIA decreases another 150 points, trading is halted for 2 hours.

273

274

Customer orders must receive priority over firm orders (rule 92) a customers order must receive priority over an order for the firms trading account for anyone associated with the firm. Trade records retained for 3 years (rule 410) records of trade orders transmitted to the floor must be retained for 3 years with 2 years worth of these trades readily accessible. Firms are prohibited from the following activities (rule 435) Trading an account too frequently or trading an excessive amount in proportion to the account Participating in any customer manipulation Circulating rumors to influence market price Changing the price of a transaction before the settlement date

5. Regional Stock Exchanges - A stock exchange is the location where buyers and sellers trade securities. Some of the regional stock exchanges and their Internet web sites as of (August 1999) are listed below: The American Stock Exchange (http://www.amex.com/) Pacific Stock Exchange (http://www.pacificex.com/) Philadelphia Stock Exchange (http://www.phlx.com/index.stm) Boston Stock Exchange (http://www.bostonstock.com/) These exchanges perform the same function as the NYSE, but deal in smaller volumes.

C. Over-The-Counter (OTC) Market As outlined in section I.A., the OTC market is generally called the second market (note it is also sometimes called the third market). The term Over-The Counter's', with the exception of trade volume over 10,000, which is listed at the exact amount is used to describe securities trading that does not take place on the floor of an exchange. There is no centralized location and individual firms make a market in a specific set of securities. All securities not listed on an exchange are traded on the OTC market; however, any stock may be traded OTC. 1. How the OTC functions Unlike exchanges where prices are determined by bidding conducted on the floor, OTC prices are negotiated. For example, someone who wants to buy a security will make a bid (set a price at which they will buy a security) and someone wishing to sell will ask (set a price at which they will sell a security) for a price. The difference between the bid and ask is the spread. Some of the particulars of the OTC include: OTC transactions are governed by National Association of Securities Dealers (NASD). Smaller and newer companies tend to trade on the OTC (since they generally cant meet the exchange listing requirements). All types of issues are traded OTC. For example, listed and unlisted securities, bank and insurance company shares, government securities, mutual fund shares, government bonds and corporate bonds are all traded in the OTC market.

274

275

A market maker (dealer) makes money through the spread (or markup) rather than through a commission. Brokers act as an agent for a buyer or seller and make money through commissions. Dealers may also be brokers; however, they can not act a dealer and broker on the same transaction (i.e., earn a markup and charge a commission). Brokers must send written confirmations to the customer (for retail customers, confirmations must be sent on the settlement date).

NADAQ includes 3 levels of quotes. Level 1 for retail customers and includes the highest bid and lowest offer for a security. Level 2 provides a listing of all market makers and their current bid and offers. Level 3 for the use of market makers and permits the entry of their current quotes. 2. Listing and delisting and other OTC rules Although not nearly as stringent as the listing requirement for an exchange, there are specific requirement for NASDAQ listing. The requirement for listing a security on NASDAQ include: Registration under the Securities Act of 1934 or the Investment Company Act of 1940. A minimum of 10,000 publicly held shares. A minimum of 300 stockholders. A minimum price of $5.00 per share. A minimum of $1 million to $2 million in capital and surplus. A minimum of two market makers for domestic companies and three for foreign companies. Market makers on NASDAQ also have specific rules that they must follow. These requirements include: Maintain business hours of at least 8:30am to 4:30pm (Eastern Standard Time). Require net capital position of at least $2,500 on each issue. Report trades within 90 seconds of execution. Require quotes for each issue. Require daily and monthly reporting regarding trading volume.

D. Options Market The options market provides an opportunity to enter into a contract to buy or sell securities for a set price until a specified date. The individual who buys a contract is not required to finalize the trade, but has the option to do so. If the buyer exercises the option, the securities must be sold or bought at the specified price. 1. How the options market functions To understand the options market, some basic terms must be defined. Long A term used to describe the position of the holder (buyer) of the contract.

275

276

Short A term used to describe the position of the writer (seller) of the contract. Premium the fee paid to the writer of an option by the holder. The premium is paid whether or not the option is exercised. Expiration date the month (date) in which the option expires. Strike or exercise price the specified price included in the contract. Call option the holder of the option has the option (right) to buy securities from the writer for a specified price. Put option the holder of the option has the option (right) to sell securities to the writer for a specified price.

To help explain options, two example are listed below: Example 1 (Call Option) - Customer X buys an option for the month of January to buy 100 shares of stock Z at $40 per share for a premium of $300. If stock Z falls below $40, then customer X will let the option expire and lose the $300 premium. If stock Z rises to $50 then customer X may decide to exercise the option. In this case, customer X buys the stock for $4,000 ($40 x 100) and then sells it for $5,000 ($50 x 100). Customer X would realize a profit of $700 ($5,000 $4,000 - $300 = $700). Example 2 (Put Option) - Customer X buys an option for the month of January to sell 100 shares of stock Z at $40 per share for a premium of $300. If stock Z rises above $40, then customer X will let the option expire and lose the $300 premium. If stock Z falls to $32 then customer X may decide to exercise the option. In this case, customer X sells the stock for $4,000 ($40 x 100) and buys it for the sale $3,200 ($32 x 100). Customer X would realize a profit of $500 ($4,000 $3,200 - $300 = $500).

One way to analyze options is through a break-even analysis* for the holder and writer. The holder of a call has a break-even point when the stock price equals the strike price plus the premium paid. Using example 1 outlined above, the break-even price is $43 [($40X100 shares) + 300= $4300/100 shares = $43/share]. The holder of a put has a break-even point when the stock price equals the strike price minus the premium received. The holder of the put in example 2 has a break-even price of [($40X100 shares) - 300= $3700/100 shares = $37/share]. The writer of a call has the same break-even point when writing an uncovered call (the writer will buy the stock at the time of the transaction). If the call is covered (the stock has already been purchased) then the break-even analysis is a little more complex. Using example 1 outlined above and adding the writers original purchase price $38, the break-even price is [($38x100 shares) - 300= $3500/100 shares = $35/share]. The writer of a put has a breakeven point when the stock price = strike price premium received. In example 2 the writer has a break-even price of $37 [($40x100 shares) - 300= $3700/100 shares = $37/share]. * Note: For simplicity, brokerage fees are omitted from the break-even analysis.

276

277

UNIT 2: EQUITIES, DEBT SECURITIES, OPTIONS, NEW ISSUES

Negotiable securities traded in the primary and secondary market can be divided into five basic categories. They are: A. B. C. D. E. A. Common Stock Common stock is the term used to identify a unit (share) of ownership in a corporation. Corporations are legal entities that are chartered under the laws of the state in which they are incorporated. Common stock is the means for an individual or group to have ownership in a corporation with limited liability. 1. Terms and definitions To understand the common stock principles, some basic terms must be defined: Authorized stock the number of shares permitted to be issued. A limit on the number of shares is usually listed in the articles of incorporation. Issued stock the number of shares sold to investors. Note: issued stock may not exceed the number of authorized shares. Unissued stock the number of shares that have not been sold. The number of unissued shares can be determined by subtracting the number of issued shares from the number of authorized shares. Corporations often hold in reserve some shares (unissued) for future use. Outstanding stock the number of shares currently held by the public. Treasury stock the number of issued shares that have been acquired by the corporation. Treasury stock does not have voting or dividend rights. Note: the number of shares of treasury stock plus the number of outstanding shares should equal the number of issued shares. Par value a value that is printed on the stock certificate. It is usually a low number and does not have a relationship to the actual value of the stock. Book value a value determined by taking the net worth of the corporation divided by the number of outstanding shares. Note: treasury stock is not generally included in this calculation. Market value the current price of a share in the market. Common Stock Preferred Stock Warrants Debt Securities Options

To assist investors, some additional terms have been developed to classify stocks. This helps investors determine if a particular stock meets their financial objectives. For example, a 30277

278

year-old investor may be fairly risk tolerant and interested in a growth stock that may appreciate over time, while a 65-year-old investor may be less tolerant for risk and interested in an income producing stock that is less volatile. Some classification terms include: Growth stocks corporations that are in a growth mode and are projected to grow rapidly. These corporations generally reinvest earnings rather than pay dividends. Investors are hoping for long term capital appreciation (the market price significantly increases). Income stocks corporations in established industries where the market price is less volatile and a large portion of earnings is paid in dividends. Stocks in the utilities industry are generally considered income stocks. Blue chip stocks corporations that are well-established and have a historical record of strong performance and earnings. These stocks can have excellent growth and income potential. Speculative stocks relatively new corporations that have poor earnings records but have the possibility for capital gains. These stocks are extremely risky as many such companies will not prosper; however, the prospect for astonishing returns makes them a viable investment for risk takers. Stocks in startup Internet companies are generally speculative. Cyclical stocks corporations that historically have returns that mirror the economy. Defensive stocks corporations that are historically unaffected by the economy and business cycles.

2. Rights of common shareholders stockholders are the owners of a corporation, and as such have certain rights of ownership. As outlined below, although all stockholders have the same rights, there is correlation between the number of shares held and rights. Stockholder or shareholder rights include: Voting rights most corporations have an annual meeting where stockholders have the opportunity to vote on important issues. These issues include: Election of the board of directors (the officers of the corporation). Changes to the corporate charter. Reorganizations. Mergers and acquisitions. Recapitalization (to exchange stock, preferred stock, or a bond to another type of security). The most common issues voted on are the election of the board of directors and proposed changes to the charter. Although voting procedures vary, there is a relationship between the number of shares held and votes. For example, an individual with 100 shares generally has 100 votes and likewise a person with 100,000 shares has 100,000 votes. As a result, individuals who hold large blocks of shares are more likely to be board members. Proxy rights most shareholders, particularly those with modest holdings are unable to travel to and attend annual meetings. As a result, all corporations are required to 278

279

send all shareholders a proxy, which is effectively a power of attorney. A proxy can allow the holder of the proxy to vote the shares on behalf of the shareholder. This process is often used during a hostile takeover where an external group tries to take control of a corporation by replacing the current directors with their own. A shareholder can allow the proxyholder to vote the shares as he or she wishes or provide specific voting instructions. A common practice permits the shareholder to return a proxy card with specific voting directions. Pre-emptive rights although these rights do not always exist, if they do shareholders are entitled to buy any new issue of stock in proportion to their holdings. If a person owns 5% of a corporation, then he or she would have the right to buy 5% of newly issued shares. Inspection rights shareholders have the right to inspect certain records such as accounting records, shareholder meeting minutes, annual meeting minutes, and lists of all shareholders. Liquidation rights if a corporation is dissolved, shareholders have the rights to any assets remaining after liabilities, bondholders, and preferred stockholders are paid.

Shareholders also have the right to receive declared dividends. Besides the potential for capital appreciation, investors also have the potential to receive dividend income. They are several types of dividends: Cash dividends cash payments declared as a particular dollar amount for each share owned. Dividends are often paid quarterly; however, they are also paid semiannually and annually. For example, a dividend of $1.00 per share would pay $500 to a shareholder with 500 shares of stock. Stock dividends rather than giving cash to investors, corporations may provide shareholders with additional shares of stock. A stock dividend is usually declared as a percentage. For example, a 5% stock dividend for the shareholder with 500 shares would provide the investor with 25 additional shares of stock. Stock splits if a corporation wants to reduce the price of a share of its stock, it may authorize a stock split. For example, an investor with 500 shares of stock selling at $50 per share would have 1,000 shares at $25 per share after a 2 for 1 stock split. As noted in the example, at the time of the split, the investors net share value remains the same.

B. Preferred Stock Preferred stock is similar to common stock in that it represents ownership in a corporation. However, preferred stock is in many ways more similar to a bond than to common stock. As outlined below, preferred stockholders generally receive a fixed dividend rate and preferred stock generally has par value of $100. 1. Terms and definitions To understand the preferred stock principles, some basic terms must be defined:

279

280

Preferred stock has ownership rights and usually has par value of $100 per share. Dividends are generally a fixed percentage or dollar amount. As outlined below, preferred stockholders have specific rights. Cumulative preferred stock since the dividend rate is fixed, if dividends are not declared by the board of directors in a given period, preferred stockholders accumulate payment rates and must be paid in full before any dividends are paid to common stockholders. Non-cumulative preferred stock If dividends are not declared, preferred stockholders lose their dividend rights for that period. Participating preferred stock additional dividends are paid to preferred stockholders (above the fixed percentage) if dividends declared to common stockholders exceed a pre-determined threshold. Convertible preferred stock the shares of preferred stock can be exchanged for common stock at a pre-determined rate. The price of convertible preferred stock tends to mirror the price changes associated with the common stock. Callable preferred stock the corporation reserves the right to purchase the stock from the shareholder at a pre-determined price.

It should be noted that these types of preferred stock can be combined. For example, a corporation could sell convertible, cumulative preferred stock. In addition, a corporation can sell multiple classes of preferred stock. 2. Preferred stock prices and features As outlined in the previous section, preferred stock has some specific features. These features impact the price of preferred stock. Preferred stock generally costs more than common stock because of the additional rights preferred stockholders receive. In addition to the features listed above, preferred stockholders will be paid prior to common stockholders in the event of a liquidation or bankruptcy. In general, preferred stockholders are not granted preemptive rights.

C. Warrants Warrants are similar to options as they provide the holder with the right to purchase a share of common stock at a fixed price (called the exercise price). Although generally attached to bonds or preferred stock, warrants can also be attached to other securities, such as speculative stock. Warrants allow holders to buy more stock as its value appreciates. 1. Terms and definitions To understand warrants, some basic terms must be defined: Warrants are generally attached to a bond or preferred stock and carry the right to purchase common stock at a fixed price. Detached warrants can be traded and have their own value based on the current market and exercise prices. If a warrant is not detachable it has no individual market value. Warrants typically expire after a number of years.

280

281

When exercised, a warrant is relinquished in return for shares of common stock at the exercise price.

D. Debt Securities Debt securities are another major category of investment securities. To most people debt securities are synonymous with bonds. Bonds are long-term, fixed interest debt obligations. Debt securities differ from equity securities in that the investor in debt securities becomes a creditor of the company; the investor in equity securities becomes a part owner of the company. 1. Terms and definitions To understand debt securities, some basic terms must be defined: Bond contract between the issuer and investor that provides the issuer with immediate capital in return for a promise to pay back a given amount at given date and to pay interest at a stated rate throughout the life of the bond. Coupon bonds have actual coupons attached to them that must be clipped and sent to the paying agent for interest payments. Coupon bonds are generally clipped twice a year. These bonds must be kept in a safe place since the certificate and coupon are the only proof of ownership. Bearer bonds similar to coupon bonds in that ownership is based on possession. Bearer bonds have not been issued for the last couple of decades; however, those previously issued, however, will continue to exist until they reach maturity. Registered bonds are registered in the owners name on the issuers records. Interest payments are sent directly to the owner. If a registered bond is sold, the seller must endorse the certificate and send it to a transfer agent who cancels the old certificate and issues a new one. The transfer is completed when the new holder is listed on the bond issuers records. Book-entry bonds no certificate is issued and computer based records of ownership are retained. This is currently the most common form of bond since it reduces costs. Callable bonds are bonds that have call provisions that give the issuer the option of calling (redeeming) the bond before the maturity date. The call provisions outline the possible date of the call and the price. Issuers usually call bonds when interest rates significantly decrease or to change the bond maturity date. Putable bonds similar to callable bonds except the owner has the right to redeem a bond before the bond maturity date. Bond pricing - similar to stocks, bonds have a par value (normally $1,000) and a market value that fluctuates based on market conditions. The price of previously issued bonds has an inverse relationship to market interest rate changes. Bond prices fall as interest rates rise, and bond prices rise as interest rates fall. Bond yields there are three different ways to determine the return (yield) on a bond. Nominal yield the rate of return stated on the bond. This is also called the coupon rate. For example, a $1,000 par value bond with a nominal yield of 10% would return $100 per year. Current yield since bond prices fluctuate based on market conditions, the current yield is based on the current price of the bond. For example, a bond 281

282

currently priced at $1,250 with a 10% nominal yield of $100 would have a current yield of 8%. The same bond priced at $800 would have a current yield of 12.5%. Yield to maturity the return on the bond if it is held to maturity. If at maturity a bond were selling for par ($1,000), then the yield to maturity would equal the nominal yield. However, if at maturity a bond were selling for less than par value, the investor would also receive the difference. An investor would lose the difference on a bond selling for over par value. The exact computation of yield to maturity is complex and is usually left to bond tables. Bond quotations bonds are generally quoted on yield to maturity to make it easier to compare bonds with the same maturity date.

2. Corporate debt Corporations issue debt (bonds) to obtain capital for long term use. Bondholders are considered creditors and unlike equity investors are not owners and have no voice or votes in management decisions. Bondholders do have some specific rights such as the corporations obligation to pay interest. For example, interest on bonds must be paid before any stock dividends are paid. In addition, bondholders claims receive priority over stockholders if corporate assets are liquidated. Some basic terms and definitions for corporate bonds include: Bond certificate shows the name of the issuing firm, face value of the bond, interest rate, interest payment dates, maturity date, special features, and the paying agent (either the corporation or a trustee). Trust indenture a contract that supplements the bond contract that is required by the Trust Indenture Act of 1939. The contract sets forth the terms between the corporation and the bondholders and is designed to protect bondholders rights. A trustee (most often a commercial bank) is generally appointed to ensure that the obligations defined in the agreement are carried out. A copy of the trust indenture must be filed with the SEC. Secured bonds bonds that are backed by real assets. These include: 1st mortgage bonds give bondholders claim against real property. This is the most secure type of corporate bond since it is has priority for claims on assets. 2nd mortgage bonds are also backed by real property but are second in priority for claims on assets. Collateral trust bonds are backed by marketable securities held by a trustee. These are often stocks and/or bonds of corporations other than the bond issuer. Unsecured bonds bonds that are not backed by assets and provide no claim on assets for bondholders. These include: Debentures backed by the good faith and credit of the issuing corporation. These bonds are inferior to secured bonds; however, they are honored before a stockholders claim on assets. Subordinated debenture - similar to debentures except they are honored after debentures on asset claims.

282

283

3. U.S. Government debt The U.S. government is the largest borrower in the world and has a variety of debt instruments. These government obligations or issues are the safest form of debt security (there has never been a default). The full faith and credit of the government back these issues. Some terms and definitions include: Negotiable securities are traded continuously, very liquid, safe, and may have tax advantages. In general these government obligations are exempt from state and local taxes. Some specific types include: Treasury bills (T-bills) - are short-term instruments that are sold at a discount at auctions. Auctions are held weekly for 3 and 6-month issues and monthly for 12-month issues. The auction winner is the bidder offering the highest dollar price, which is in effect the lowest interest rate for the issue. For tax purposes the difference in price is considered interest income rather than a capital gain. Treasury notes are instruments with maturities from 2 to 10 years with amounts from $1,000 to $100,000. They are redeemable at maturity and pay interest twice a year. They are also sold at auction; however, the interest rate is fixed and bids are either at a premium or discount from par. Treasury bonds are instruments with maturities of 30 years for new issues (10 to 30 year issues were allowed in the past). The amounts range from $1,000 to $1,000,000 and are sold at auction in a manner similar to that for treasury notes. Treasury receipts (Strips) were created in the 1980s. The interest payments on Treasury bonds were removed (stripped) from the bonds. The coupons (interest payment) from bonds with the same maturity date were then sold independently by the U.S. Treasury. The groups of bonds are often called strips and trade as a zero coupon bond. Non-negotiable securities are not transferable and can be redeemed only by the purchaser. Since they are not transferable, securities firms generally do not sell them; however, they are a very common investment among individual investors. Two types of U.S. savings bonds are classified as non-negotiable securities: Series EE bonds are registered bonds that are sold at a 50% discount of the face value. These bonds are available in denominations from $50 to $10,000. Maturity varies depending on the interest rate and can be redeemed anytime after being held for 6 months. For tax purposes, gains are treated as ordinary income and can be deferred until redemption for tax purposes. Series HH bonds are registered bonds that are sold at par value with semiannual interest payments. EE bonds must be used to purchase HH bonds which mature in 20 years with an effective interest rate of 7.5%. They must be purchased at U.S. treasury offices or federal reserve banks.

4. Municipal debt These government obligations or issues are issued by state and local governments, US Territories, and any public agency or political subdivisions that are not federal (such as school districts, cities and airport authorities). Municipal debt is considered

283

284

the second safest form of debt security after U.S. government obligations. However, the safety of an issue depends on the financial condition of the entity backing it. Most municipal bonds are issued to raise funds for infrastructure improvements and although default is rare, it can happen. Interest is generally paid semi-annually and the most attractive feature is the exemption from federal tax requirements. Investors that are concerned about tax issues generally hold these issues. Some type of municipal bonds include: General obligation bonds are backed by the full faith and credit and taxing power of the issuer. General obligation bonds are generally used to finance non-revenueproducing projects. An unlimited tax general obligation bond is backed by the issuers unlimited taxing power and is considered a safe investment. A limited bond is backed by an issuer that has a taxing limit and is considered a riskier investment; as a result it will usually have a higher yield. Revenue bonds are the most common type of municipal bonds and are backed by projected revenue streams from the infrastructure built by the bond. These revenues can be in the form of rental or user fees for facilities or even tolls for road improvements. Revenue bonds generally have higher yields than general obligation bonds and are intended to be self-supporting. Special tax bonds are repayable from the proceeds from a special tax. Special tax bonds are also often used to fund infrastructure projects. If these bonds are backed by the full faith and credit of the issuer, then they are then considered general obligation bonds. Some examples of special taxes are taxes on liquor and cigarettes or special assessments for a group affected by an improvement. Double barreled bonds are bonds that are backed by two sources of revenue. For example, a special tax bond that is also backed by the full faith and credit of the issuer is a double barrel bond. Moral obligation bonds are bonds that are backed by the projected revenue from a project. If sufficient revenue is not generated, then the issuer is morally (but not legally) obligated to repay the bonds.

5. Money market debt Short-term debt obligations (of less than 1 year) that are considered secure constitute money market instruments. These include treasury bills, treasury notes, certificates of deposit, and bonds that mature in less than 1 year. These are highly liquid instruments and a common investment form is a money market fund. Some terms and definitions include: Repurchase agreements occur when a security is sold with an agreement to buy it back. The repurchase date is usually very short term, often 1 day. Dealers sell a portion of their securities (minimum amount is $1 million) to entities with cash reserves and agree to buy them back for the principal plus interest (interest for a day is calculated on a 360 day year). If the market price of the instrument rises more than the interest paid, the dealer realizes a profit and conversely if the interest paid is more than the rise in the instrument price, the dealer suffers a loss. Federal Reserve requirements The Federal Reserve requires banks to hold a portion of its funds in reserve. As a result, banks may need to borrow funds in the short term to comply with this requirement. Banks in need often enter into overnight

284

285

borrowing with other banks or the Federal Reserve itself. Interest is calculated on a 360-day year and this daily rate is often called the federal funds rate. The federal funds rate varies significantly depending on the demand for funds. Commercial paper are instruments issued by very credit worthy corporations and are in effect an unsecured promissory note. These instruments are issued at a discount of the face value and have become a substitute for bank borrowing for qualified corporations. Mutual fund companies, insurance companies, and banks often buy these instruments. The minimum amount is $100,000; interest is calculated on a 360-day year, with maturity up to 270 days. Negotiable certificates of deposit are tradable certificates issued by commercial banks in exchange for time deposits. The maturity date is generally 1 year; however, maturity can be as short as 7 days. The minimum amount is $100,000 and interest is calculated on a 360 day year. Money market fund a mutual fund that invests in short term liquid securities. Interest is often calculated daily and reinvested in the investors account at a specified interval. These accounts are very liquid and often provide limited check writing capability as a means to redeem shares.

6. Eurodollar debt is a dollar deposited in a bank outside of the United States. The interest rate is the interbank interest that is generally slightly higher than the rate of treasury bills. The higher interest rate compensates for the increased risk associated with depositing funds in a foreign bank. 7. Effect of interest rates on bond prices as interest rates change, the price of an issued bond also changes. The change in prices has an inverse relationship to changes in interest rates (if one rises, the other falls). If new bond issues are paying a higher interest rate than existing bonds, investors will not purchase existing bonds unless the bond is discounted (sold at a lower price) to align itself with the current interest rate. The discounted bond is in effect being sold with the same total return as the new issue. The opposite is true if a new issue has a lower interest rate than an existing issue. In this case, the existing bond can be sold at a premium (sold at a higher price). If interest rates rise existing bond prices fall If interest rates fall existing bond prices rise

8. Bond ratings most corporate bonds have a rating from an independent firm. These ratings provide investors with information regarding the risk of default on the bond issue. Standard & Poors (S&P) and Moodys are the best-known independent rating firms. The higher rated bonds (S&P - AAA, AA, A, and BBB and Moodys Aaa, Aa, A, Baa) are considered investment grade bonds. These bonds are less risky and as result have a lower yield. Lower rated bonds (S&P - BB and below and Moodys BA and below) are considered speculative (junk bonds). These bonds are more risky and have a higher yield to attract investors.

285

286

E. Options The options market provides an opportunity to enter into a contract to buy or sell securities for a set price until a specified date. The individual who buys a contract is not required to finalize the trade, but has the option to do so. If the buyer exercises the option, the securities must be sold or bought at the specified price. 1. Equity options for detailed information on equity options, please go to unit 1, section D. 2. Index options are based on stock indexes (which are weighted averages of groups of stocks). Investor may trade index options for broad indexes like the S&P 500 or more narrow indexes such as stocks in a single field such as health care. Index options provide the opportunity to mitigate risk through diversification. If investors believe health care stocks will rise but are unsure which particular stocks will rise, they might buy a call on an index of health care stocks. The value of an index option is typically $100 times the value of the index. If the health care index is 185.2, then the value of one option contract is $18, 520. Unlike a stock option, both ends of the option (both the buyer and seller) settle in cash. Settlement occurs the day after the option is exercised, and the price is based on the closing price on the transaction day. If the health care index above closed on the date exercised at 186.4, the holder would receive $120 from the seller. 3. Interest rate options are used to speculate on direction of interest rates. The trading of these contracts is limited. The futures market is the main trading market for securities based on interest rate movements. 4. Foreign currency options are used to exchange currencies at specified exchange rates. The interbank market involves currency exchanges among commercial banks. This market operates 24 hours a day, is self-regulated, and is dominated by major banks and corporations. The Philadelphia Stock Exchange trades currency options. Foreign currency options are traded in fixed contract sizes. Some of the common currencies traded are Deutsche marks, British pounds, European Currency units, Canadian dollars, Swiss francs and Japanese yen. Trading of options on the U.S. dollar in the United States is prohibited. 5. Option Clearing Corp. rules Options are traded on the following exchanges: Chicago Board Options Exchange American Stock Exchange Pacific Stock Exchange Philadelphia Stock Exchange New York Stock Exchange Option contracts traded on the exchanges are standardized under rules set by the Options Clearing Corporation (O.C.C.), which is a subsidiary of the CBOE. The O.C.C. issues all option contracts, guarantees the contracts, and acts as a clearing house for all trades. Options are not traded on all securities, only those of larger market capitalization (NYSE listed issues). The O.C.C. Contract specifications include: Contract size 286

287

Strike price intervals Premium increments Expiration Date Actual Maximum Contract Life Trading Hours Trading cut-off Exercise cut-off

The O.C.C. also has a set of rules by which customers and registered representatives must abide. Along with detailed rules for settlement, maintenance of records and position limits, the registered representative must give to the customer an Options Disclosure document that explains basic option strategies, their risks and uses. 6. Financial listings Options are quoted daily in the newspapers. The listing provides the name of the underlying stock and its closing price that day, the strike price of the option, the closing prices (premiums) of the 3 call and 3 put contracts trading closest to expiration. Listings can be divided into two categories: Option Class Contracts of one type on an underlying issue (e.g., all calls on IBM constitute a class). Option Series Contracts of the same class with the same strike price and expiration (e.g., all calls on IBM with September expiration and 90 premiums constitute a series). Note: any contract followed by an r indicates an option that is not traded.

287

288

UNIT 3: MUTUAL FUNDS

Mutual funds are securities issued by investment companies whose primary purpose is to invest in securities of other entities. These companies sell shares to shareholders and then invest those funds in a portfolio of securities. A shareholder then owns a portion of the securities portfolio. The value of an investment company is based on the worth of its shares, and the value rises and falls based on the value of the securities. Mutual funds provide investment diversification (even for a small investor) and professional management. The following topics will be outlined in this Unit. A. B. C. D. E. F. A. Basic Concepts Basic Concepts To understand mutual fund principles, some basic concepts must be addressed: Advantages to mutual funds: Funds are managed by a full-time professional. Investments can be made in dollar amounts since shares can be purchased in fractional amount. Capability to diversify investment holdings with less money invested. Securities are maintained by the fund company. Fund shares can often be used as collateral for loans. Reinvestment options often exist, where the investor can automatically purchase additional shares with dividend or capital gain distributions. Some fund companies also provide investors with the option to exchange shares into different fund types. Bid and Ask prices - mutual funds are often quoted as bid and ask. Bid - the price at which the fund will redeem its shares (Net Asset Value). Ask - the price at which the fund will sell its shares (Public Offering Price). Net Asset Value (NAV) - is the value of a fund share that is calculated at the close of business each day and is based on the prices of the securities held in the fund. Basic Concepts Income Mutual Funds Stock Funds Growth Mutual Funds Balanced Funds Specialized Funds

288

289

Public Offering Price (POP) Net Asset Value of a fund adjusted for front-end sales charges. Prospectus - is the document that provides a general overview and description of the fund. The intent is to provide a potential investor with enough information to make a sound financial decision. The SEC has suggested that the following information be placed in a prospectus: General description of the fund Condensed financial information (including annual rate of return and fees) Portfolio turnover rate Key management personnel Synopsis of the investment objectives and restraints How to purchase and redeem shares Pending legal proceedings Operating fees and costs - are the fees paid to fund managers, commissions paid to brokers for stock trades, and fees for legal, accounting, and advertising services. These fees are clearly outlined in the prospectus for a mutual fund and are included in the rate of return calculation for a fund. Load and No Load Funds - are the two broad categories of fund types. No Load funds generally do not have sales charges; therefore, the bid and ask prices are normally the same. Load funds have a sales charge, which accounts for the difference between the bid and ask price. Sales charges are imposed only when fund shares are sold to an investor (Commonly referred to Class A shares). These funds are purchased with the aid of a broker/dealer. Redemption fee - some funds charge a redemption fee. Funds that charge redemption fees, which are generally 1% or less, are referred to as Class C Shares. These funds are also purchased with the aid of a broker/dealer. Contingent Deferred Sales Charges some funds charge a sales charge at time of redemption, which decreases on a yearly basis. These funds are referred to as Class B shares. These funds are also purchased with the aid of a broker/dealer.

B. Income Mutual Funds Income mutual funds are funds that invest primarily in income producing securities. The primary objective of an income fund is to produce a steady stream of income for the investor rather than an appreciation in the value of shares. A mutual fund that invested primarily in utility companies and bonds would be an example of an income mutual fund. Bond and preferred stock funds are also examples of income funds.

289

290

C. Stock Funds Stock mutual funds are funds that invest primarily in stocks. Unlike a balanced or income fund, a stock fund invests primarily in equities. A mutual fund that invested primarily in fortune 500 companies would be an example of a stock fund. D. Growth Mutual Funds Growth mutual funds are funds that invest primarily in companies that have excellent potential for growth. The primary objective of a growth fund is to have an appreciation in the value of shares. A growth fund has increased risk because funds are invested in companies and fields where there is speculation that the company will grow. For example, mutual funds that invested in high-tech companies such as Intel, Microsoft, and Netscape have reaped the benefits of the tremendous growth in these companies. At the same time, many high-tech companies failed, and as a result, the funds suffered losses. An advantage of a growth fund for an investor is the research capability of the fund manager and firm, and the capability for the fund manager to invest in multiple companies with growth potential (in other words, diversify). E. Balanced Funds Balanced mutual funds invest in a mix of bonds, common, and preferred stock. In general the stock holdings tend to be more conservative to reduce the fluctuation in the price. A primary objective of these funds is to preserve capital (hopefully with a modest increase) and produce a moderate income. F. Specialized (Sector) Funds Specialized (Sector) mutual funds are funds that invest primarily in a particular industry (e.g., technology), related industry (e.g., energy companies), or geographical area (companies based in Europe). The primary objective of a specialized fund is to focus on a particular market and to diversify investments in companies within that market. For example, high-tech mutual funds performed very well in the mid-1990s.

290

291

UNIT 4: INVESTMENT TRUSTS

This section discusses two types of investment trusts: A. Unit Investment Trust (UIT) B. Real Estate Investment Trust (REIT) A. Unit Investment Trust (UIT) Unit investment trusts are a common type of investment company. They differ from the investment companies that offer mutual funds. A UIT issues shares of beneficial interest or units (compared to shares issued by a mutual fund investment company). The unit represents an undivided interest in a portfolio of securities. The units are redeemable with the trust sponsor at their Net Asset Value. There are two types of Unit Investment Trusts. They are: Fixed UIT Participating UIT Fixed UIT In a fixed UIT, the sponsor elects a fixed portfolio (usually bonds) and places the portfolio in a trust. Units of this portfolio are then sold to investors. Once the portfolio is selected, generally no buying or selling of securities takes place in that portfolio. Investors receive current income from the paying agent either monthly, quarterly or semi-annually. As the investments within the trust mature or are called, payments that represent a return of capital are made to investors. When all of the investments have matured, the trust self-liquidates. Participating UIT In a participating UIT, the trust buys shares of a management company. After the shares are purchased, they are placed in the trust until the unit is redeemed. These shares are used to fund annuity contracts issued by insurance companies (variable annuities). An annuity is classified as either a deferred annuity or an immediate annuity. A deferred annuity allows the owner to elect to defer annuity payments for a period in excess of one year. An immediate annuity provides an income stream beginning within one year of purchase. 1. Fixed Annutities The fixed annuity can serve either as a deferred or immediate annuity. The owner invests in the annuity contract. In the case of a deferred annuity, the insurance company guarantees the investor a specified interest rate for a specified period. In the case of an immediate annuity, the insurance company guarantees a specified dollar amount for a specified period. In a fixed annuity, the insurance company assumes the risk of the portfolio. 2. Variable Annutities The variable annuity can also serve as either an accumulation vehicle or income-generating vehicle. In the case of the variable annuity, the owner allocates the

291

292

investment among a variety of investment options. The annuitys return varies directly with the performance of the investment options. In the case of an income-producing vehicle, the owner elects to receive payments on either a fixed or variable basis. In a variable annuity, the investor assumes the risk of the portfolio. The insurance company makes no guarantee of performance. All annuities are tax deferred investment vehicles. Income tax is triggered when dollars are distributed from the contract. The amounts received are treated as distributions of interest first (taxable) and recovery of cost second (non-taxable return of investment). Both fixed and variable annuities offer several payment options at the time when income is desired. These are: Life annuity payments continue for the life of the annuitant. When the annuitant dies, the payments stop. This option usually results in the highest payment to the investor. Life annuity with period certain payments continue for the life of the annuitant, but if that person dies early, then the payments continue for a specified minimum period, for example 10-year period certain. This option usually results in a lower payment amount than the life annuity. Joint and last survivor annuity if the annuitant dies, payments continue for the life of another person (usually the spouse). This payment option is less, since the annuity covers the lifespan of two individuals. Unit refund life annuity If the annuitant dies before receiving the full investment value from the annuity, the estate of the annuitant receives a refund of the remaining value.

B. Real Estate Investment Trusts (REITs) Real Estate Investment Trusts (REITs) invest in real estate, short-term construction loans and mortgages. Shares of beneficial interest in REITs are either listed on exchanges or trade OTC. Investors can always sell shares to another investor. Equity REIT Invest mainly in properties. Mortgage REIT Invest mainly in mortgages and construction loans.

REITs are normally taxed under Subchapter M of the IRS Code. The Trust does not pay tax, all distributions flow to the shareholder, who must report the income on a personal tax return.

292

293

UNIT 5: REGULATIONS
To help ensure that investors receive equitable treatment from companies and investors, regulations have been developed by federal and state governments, and governing bodies for brokers. The following topics will be outlined in this Unit. A. Securities Act of 1933 B. Securities Exchange Act of 1934 C. Investment Company Act and Advisors Act of 1940 D. National Association of Securities Dealers Rules E. Municipal Securities Rule Making Board F. Margin Lending A. Securities Act of 1933 The Securities Act of 1933 was the first legislation designed to regulate the sale of securities and associated activities. The Act was designed to ensure that potential investors receive accurate and complete information. The primary purpose of the Act is to require full and fair public disclosure of important elements in stock issues and to prevent fraud. The Act is administered and enforced by the Securities and Exchange Commission (SEC). Some Requirements of the Act follow. 1. Registration Requirements applies to all new securities sold through interstate commerce and requires registration with the SEC. Registration is accomplished by filing a S-1 statement and a prospectus. The prospectus is an abbreviated version of the registration. There are severe penalties associated with false or misleading information on S-1 statement, including criminal and civil penalties. The S-1 statement includes the following: Information on corporate officers and directors nature of the business financial information for the last 3 years description of the how the proceeds from the issue will be used amount of corporate holdings for all officers and directors and a list of all owners holding more than 10% of the securities legal opinion description of any legal actions pending against the company articles of incorporation fees for the underwriter of the issue. 1. SEC Review process before issues can be sold to the public, the SEC must review the registration. The SEC has 20 days (called the cooling off period) to review the materials;

293

294

however, the period is often longer than 20 days as the SEC may request additional information from the issuer. Note: the SEC may lengthen or shorten the cooling off period. The SEC has the power to issue the following: Deficiency letters - letters that ask the issuer for more information or specific amendments to the registration. Once the new information is received the SEC has additional time to review the information. Stop orders - if the SEC believes that the registration statement contains false or misleading information or that pertinent information has been omitted, it can suspend the process with a stop order. Effective date - after the SEC is satisfied, the effective date is established and sales may begin. The SEC never actually approves an issue or judges the quality of the issue, its primary objective is to review the statements for completeness. 2. Preliminary Prospectus - while the SEC review is in progress, the issuer can circulate a preliminary prospectus to determine the interest in the issue. The preliminary prospectus must include the following: statement that the registration is filed but not effective statement that information is subject to change statement that it is not an offer to buy or a solicitation to sell red ink to distinguish it from a final prospectus. Preliminary prospectuses are often called red herrings. 3. Exempt Securities - The Act specifically exempts certain securities from the registration requirements: These include: Securities issues by the U.S. Government or agencies. Obligations issued by state or other political subdivisions. Commercial paper that matures in less than 270 days. Instruments that are covered by the Interstate Commerce Act (railroads and airlines for example). Non-profit groups. Fixed annuity contracts and insurance policies. Issues of $1.5 million or less (Regulation A small scale offerings that do not exceed $5 million for a 12-month period and must be filed with the SEC at least 10 days prior to the issue). Intrastate issues (Rule 147) - securities are sold only to residents of the state where the issuer resides. Private placements (regulation D) - securities that are sold to selected investors and are not sold to the public. B. Securities Exchange Act of 1934 The Securities Exchange Act of 1934 was enacted to help prevent unfair trade practices on previously issued securities. In other words, the 1934 Act regulated trading in secondary markets while the 1933 Act regulated new issues. The 1934 Act created the Securities and Exchange Commission (SEC).

294

295

SEC is the enforcing authority for the securities industry and is comprised of commissioners. The commissioners are appointed by the President and approved by the Senate. They serve 5year terms and are prohibited from any business or stock activity during their term. The SEC establishes rules to regulate the securities industry. Some specific requirements of the Act include. Registration Requirements National securities exchanges must register with the SEC, agree to abide by the law, and provide information regarding internal rules and regulations. Individuals who are firm members and are engaged in securities transactions and interstate commerce must also register with the SEC. There are some exceptions to the registration requirements, such as small local exchanges and brokers that do not do business with the public. It should also be noted that all securities must be registered with the SEC. Credit Regulations Members of exchanges or broker/dealers are prohibited from borrowing on any listed security, except through a Federal Reserve bank. In addition, they are prohibited from having a total debt that is in excess of 15 times their net capital. It should be noted that these regulations do not apply to exempt securities such as federal government obligations. Manipulation and Deception Fraud and/or the manipulation of securities prices is prohibited by SEC regulations. It is unlawful to generate false trading activities to give the impression that an issue is being actively traded or to provide misleading information to generate sales. Other activities that are prohibited include short sales (preventing an investor from continually driving the price down by selling short only to eventually buy the securities back at reduced prices) and solicitations (soliciting purchases on an exchange). Insider Rules Insiders are not allowed to profit from their information by trading a stock before that information is public. Insiders must file a personal statement with the SEC and must report all personal security transactions in their corporation no later than 10 days after the end of the calendar month in which they occur. Insiders are generally barred form short-selling. Insiders include the officers or directors of a corporation, anyone with 10% or more of the shares, and anyone who has information on the corporation not available to the public. Proxies Regulations state that companies that solicit proxies from shareholders must provide detailed and accurate information regarding proposals to shareholders. A copy of this information must also be submitted to the SEC. If a firm is trying to acquire another company (a proxy contest), then all participants in the proxy contest must register with the SEC. There are possible criminal penalties for those who fail to register.

295

296

C. Investment Company Act of 1940 The Investment Company Act (ICA) of 1940 was instituted to ensure that investors are fully informed and are treated fairly. All firms that are bound to abide by this Act, are also subject to SEC regulations. The Act specifically defines 3 types of investment companies. Unit investment trust company - are companies which issue securities that represent an interest in a specified security. The shares are redeemable and the holdings can be a mutual fund portfolio. Face amount certificate company - are companies that promise to pay an amount at a future date in return for periodic payments from the investor. The payment amount is the face value at maturity or a surrender value if it is redeemed prior to maturity. Management company - are investment companies that do not fit either one of the categories listed above.

Some of the requirements of the ICA are: Sponsors must invest at least $100,000 prior to offering an investment to the public. Changes to investment objectives or policies require a majority vote of the shareholders. Fund managers can not exceed 60% of the Board. In other words, at least 40% of the Board must be outsiders. A contract that specifies the management fees must be developed and the fees should be reasonable and based on performance. Board members must be elected by shareholders.

D. National Association of Securities Dealers (NASD) Rules Note also see Unit 1, Section C for related information. The NASD was established as part of the 1934 Act with the primary objective of regulating the over-the-counter (OTC) market. Broker/dealers involved with interstate commerce or transactions with national exchanges must register with the NASD. Some specific regulations under this portion of the Act include: Recommendations for a particular security to a customer by a broker/dealer must be determined to be reasonable and suitable for the customer. Supervision of all employees of a firm is required. Written procedures to promote adequate supervision must be developed and reviews of customer accounts, transactions, correspondence, and customer complaints must be conducted. Account documentation must be maintained for all customers. This includes developing a consistent method to open a new account and to maintain current and accurate records of customer accounts. In addition, all customer complaints must be maintained.

296

297

In general all broker/dealers must maintain detailed records to ensure that investors are protected. This includes maintaining accounting records and having a review by an independent accountant. Summary accounting information must be distributed to customers annually and the SEC has the right to examine these records at any time. 1. Registered Representative Rules NASD considers any person who solicits or conducts business in securities to be a registered representative. NASD has established some specific rules for registered representatives. The rules include: All correspondence and all transactions must be reviewed and approved by the firm and maintained for 3 years. Disciplinary actions regarding employees must be reported to NASD. Registered representatives are prohibited from giving gifts to anyone (related to their broker activities) in excess of $100 per year. Disputes between registered representatives and firms must be resolved through an independent binding arbitration process. If agreed to by a customer, customer disputes can also be settled by binding arbitration. Firms must maintain fidelity bond coverage on all employees to protect against losses due to theft or misappropriation of securities. Registered representatives that leave the business for two years, lose their licenses, and must retake all required examinations. Continuing education requirements are imposed on all registered representatives to ensure that satisfactory knowledge is maintained. Firms are required to develop a training program for their employees.

2. Conduct of Customer Account Rules - Were designed to provide a consistent and documented process to maintain customer records. In effect to protect customers from unsubstantiated or undocumented losses. The rules include: The financial goals and current financial situation must be assessed in order to make suitable investment recommendations. All new accounts must be approved by a principal in a firm. If a customer formally assigns power of attorney privileges to a representative, then all discretionary transactions must be approved by a principal in a firm. Registered representatives are prohibited from guaranteeing a customers account against loss or from sharing in the losses or gains in an account. Registered representatives are prohibited from charging customers for investment advice. Private transactions conducted outside the firm are prohibited. If a firms stock is publicly traded, employees of the firm may not recommend nor solicit purchases of the firms stock. However, unsolicited purchases are acceptable. High risk (penny stocks selling for less than $5 that are not listed on an exchange or NASDAQ) stocks may not be sold to investors until the customers financial position and market knowledge have been reviewed. In addition, the customer must sign a statement regarding the suitability of the investment prior to the actual transaction. Registered representatives are also prohibited from: 297

298

excessively trading a customers account recommending purchases that are not suitable based on the customers financial capacity engaging in fraudulent activities such as trading without authorization or misappropriating funds soliciting the purchase of stock before the dividend date to promote the receipt of dividends trading in mutual fund shares (the registered representative may not make an inventory of mutual fund shares and act as a market maker for the company).

3. Trading and Market Rules NASD also designed these rules to protect consumers and to provide a consistent and equitable method to sell and purchase securities. Some of the rules include: Trades can not be executed by a broker/dealer unless they have reasonable assurance that the customer will pay (for a purchase) or deliver (for a sale) within 3 business days of the transaction. Trades must be executed under favorable pricing conditions for the customer. In other words, the member must obtain the most favorable pricing for the customer. All quotes and trade reports must be factual. Deceptive quotes are prohibited and members must honor all quotes (cant back-away). Commissions and mark-ups must be fair and reasonable. Five percent has been set as a guideline; however, it should be noted that this is not a rule. However, the 5% guideline does not apply to mutual funds (8 % maximum sales charge rule), limited partnerships (10% maximum sales charge rule), new issues sold under a prospectus, exempt securities and trades made on an exchange floor. Payments of any kind to influence the market price of a security are prohibited. This includes payments to influence newspaper articles or investment services. Payments designed to influence initial public offering price are also prohibited. Manipulative or deceptive practices are prohibited. Improper use of customer funds and securities is prohibited. This includes lending margin securities without a signed loan consent

4. Communications with the Public The NASD rules for communicating with the public are very similar to those used by the New York Stock Exchange. As with the NYSE, NASD wants to ensure that information disseminated to the public is fair and accurate, and does not mislead the public. Note also see Unit 1, Section B.4 for related information on the NYSE. Some specific rules in this area include; Advertising and sales literature must be approved prior to its use by a principal and the documentation must be retained for 3 years. In a firms first year of operation this literature must be submitted to the NASD 10 days prior to its use. The NASD also right to perform periodic checks of compliance. Advertising materials are defined as 298

299

materials for the mass market, which includes mediums such as TV, newspapers, and periodicals. Sales literature includes form letters, seminars, research reports, and similar items. General standards for communication state that communications must be truthful and in good taste. They also must not mislead, make unwarranted claims, or promise specific results. Recommendations must be based in fact and the market price of the security must be included. In addition, if the firm has a relationship with the stock such as ownership or any other interest, such a relationship must be disclosed. Past performance statistics must be for at least a 12-month period. In addition, these materials must contain the statement that past performance does not indicate that future results must be made. Statements regarding investing advantages for a particular security must also include the corresponding risks. If compensated testimonials are used, it must be disclosed. All reports must be clearly dated and reasonably current (generally within the last 6 months).

If a customer files a complaint against a firm or employee, the NASD Code of procedures is used. The Code outlines the process for handling a grievance. There are multiple steps in the process and the length of the process depends upon the customers and firms satisfaction with the remedy. The first step is the filing of the complaint (on a standard complaint form) to a NASD district office. The complaint is then forwarded to the District Business Conduct Committee (DBCC) which forwards the complaint to the firm. The firm must respond in writing to the DBCC and a copy of the response is sent to the customer. The DBCC then determines if a violation has occurred and what actions, if any, are appropriate. Depending upon the satisfaction of the remedy, the customer or firm may ask for a hearing and subsequently go through an appeal process if any of the remedies are not deemed acceptable. Situations which are determined to be minor, generally results in the firm admitting guilt and the imposition of censure or a fine with a maximum of $2,500. E. Municipal Securities Rule Making Board (MSRB) The MSRB was created in 1975 to develop rules and regulations to govern the municipal securities market. Prior to the Boards creation, the municipal securities market was unregulated. The MSRB is comprised of a 15-member board that creates regulations that apply to banks, brokers, and dealers engaged in municipal activities. It should be noted that the MSRB does not regulate municipal issuers, only the market participants. Although the MSRB promulgates regulations, it relies on other agencies to enforce its rules. These include the Federal Reserve Board, FDIC, SEC, and NASD among others.

299

300

1. Registered Representative Rules MSRB Rule G-2 requires that all parties effecting a municipal transaction must be qualified. Qualified is generally determined by the passing of an appropriate examination. Some example of individuals and examinations are: Municipal securities principal - any person engaged in management supervision, or direction of municipal sales activities (underwriting, advising, communications, trading, processing, etc. of municipal securities). Such a person must have successfully passed the Series #53 (municipal securities principal) exam. Every firm must have at least one principal. Municipal securities financial and operations principal - any person engaged in (preparing or approving financial reports, supervision of accountants, supervision of individuals that process, clear, or store municipal securities, etc.). Such a person must have successfully passed the Series #27 (municipal securities financial and operations principal) exam. Municipal securities representative - any person who is not a principal, whose functions are not solely clerical, and who are engaged in (underwriting, advising, communications, trading, researching, etc. of municipal securities). Such a person must have successfully passed the Series #52 (municipal securities representative) exam or the Series #7 (general securities representative) exam. There is a 90-day apprentice period for new municipal securities representatives during which time they must pass the Series #52 or #7 exam. During this time, they are not authorized to transact municipal business or receive commissions on municipal transactions. However, they may be salaried employees during this period. Representatives may not solicit orders, new accounts, or new customers without passing the appropriate exam. If an exam is failed, it may not be taken again for 30 days. If an exam is failed 3 times, it may not be taken again for a period of 6 months. Also, if you leave the business for 2 years you must retake the exam(s). Firms or representatives may be disqualified if they willfully mislead the public, are convicted of money related crimes, or been expelled by other organizations such as the SEC, etc. New accounts must be promptly reviewed by a principal. Municipal broker/dealers are required to deal fairly with all persons and can not engage in any deceptive or misleading practices. Municipal broker/dealers cannot give a gift greater than $100 to anyone (other than its employees) in the municipal securities business. A copy of the MSRB manual must be maintained in each office and available to customers upon request.

2. Conduct of Customer Account Rules The MSRB has established rules (similar to those discussed previously) to protect the customer. The MSRB requires that you assess the financial background, tax status, investment objectives, etc. in order to make effective recommendations. As mentioned previously, all new accounts must be approved in writing by a principal. Some specific provisions include:

300

301

Account information must include the name, address, age, SSN, occupation, and type of account (note: margin accounts must be authorized in writing). The form must be signed by the representative and a principal. All recommendations to customers must be based upon a knowledge of the customer and must be suitable for the customer. If a customer refuses to disclose financial information, a recommendation can not be made. If a customer requests an unsuitable trade, it can be made if the representative informs the customer of the unsuitability and the customers still directs that the trade be executed. Discretionary accounts (those where the representative has the authority to make trades on behalf of the customer without specific transaction approval) must be authorized in writing. All discretionary transactions must be reviewed by a principal by the end of the day of the transaction. Municipal broker/dealers are prohibited from guaranteeing a customers account against loss. Municipal broker/dealers are prohibited from sharing in the gain or loss of a customers account. Municipal broker/dealers must disclose any relationships associated with a transaction in writing to a customer. Financial advisors to a municipality who assist in the structuring of a new offer, and who want to be the underwriter, must resign from the advisor relationship and notify the municipality in writing that a conflict of interest exists and disclose the expected financial remuneration from the issue. Customer complaints must be handled through a structured process and resolution must be approved by a principal. Also records of complaints must be retained for 6 years.

3. Trading and Market Rules The MSRB has established rules (they are similar to the new issue rules discussed in Unit 1, Section A.4) to govern the municipal market. Some of the rules include: All quotes must be bona fide whether they are written or oral. Although, it should be noted that the quotes are subject to change and to prior purchase or sale by another party. All quotes must represent the broker/dealers best judgement of the fair market value of the securities. The quotes do not have to be the exact fair market value, but a reasonable judgement based upon relevant factors such as possible market movements and the firms inventory of the securities. Firms can quote securities that it does not own if it can deliver the security. Such quotes are prohibited if the firm has knowledge that the security is not available. Quotes can be in the form of bids wanted (BW), offers wanted (OW), nominal quotes, and subject quotes. Nominal quotes are informational quotes that indicate that the firm is not willing to trade at those prices. Subject quotes are ones that are subject to some condition. This condition is often that the price is subject to change before the trade occurs.

301

302

Broker/dealers are prohibited from reporting information on a trade unless it is known that a trade occurred at that price. False reports are considered to be a deceptive practice. Prices charged for municipal bond trades must be fair and reasonable. This applies to both principal and agency trades. If transactions are submitted through a syndicate (a group of dealers), the broker/dealer must disclose whether the securities are for their own account, a related account (one controlled by the dealer) or an accumulation account established by an investment trust. Syndicate transactions must be filled in a specific order that has been determined by the manager. Normal priority order is: 1) Pre-sale orders orders taken by the syndicate prior to the date the underwriter was selected (usually applies to underwriting that was subject to a competitive bid). 2) Group net-orders orders taken during an established time period after the bid has been won by a syndicate. 3) Designated net-orders orders where a designated member of the syndicate may receive extra profit to complete the sale of an issue. 4) Member takedown orders any orders after all designated net-orders have been completed. The identity of customers for group net-orders must be disclosed to the manager to prevent one customer from purchasing too much of an issue.

4. Advertising and Other Rules The MSRB has established rules to control the dissemination of materials to the public. The basic definition of advertising is material designed for dissemination to the public through public media or promotional literature. This includes almost anything that is disseminated to the public such as notices, circulars, brochures, form letters, reprints, and market letters. It should be noted that internal memos or communications are excluded from this rule since they are not intended to be publicly distributed. Some of the rules include: Summaries or abstracts of official statement and offering circulars are included under these rules. Since these documents do not contain all of the information included in the official document, and may not be complete and accurate, they are considered advertisements. It should be noted that the complete official statement or offering circular is not considered an advertisement. Any advertisement may not contain false or misleading information. New issues may be advertised and the initial yield offering may be included in the advertisement as long as the date of the initial sale is included in the advertisement. However, the yields listed must have been in effect at the time of the publication. In addition, the new issue bonds must actually be available (not completely pre-sold) to be advertised. Secondary bond market advertising has the following rules: If the advertisement shows yields or bond prices the information must be accurate as of the date of the advertisement. If a percentage rate is shown, the ad must state whether it is a nominal rate or yield and whether it is a pre- or post-tax yield.

302

303

If current yield is included in the advertisement, the yield to maturity or yield to call must also be included. Dealers can advertise bonds which they dont have in inventory if the material states: subject to availability, the dealer will attempt to acquire the bonds if requested, and the advertisement states that bonds are subject to change in yield and price. If bonds are advertised as tax-free, it must be tax-free or all tax-related issues must be disclosed. All advertisements must be approved by a principal in the firm. Brokers are not permitted to accept any additional compensation for the sale of the bonds other than those disclosed in the prospectus. Computerized Uniform Securities Identification Program (CUSIP) - numbers are assigned to all new issues and must be included in all sales confirmations. Municipal dealers are prohibited from engaging in the municipal securities business for 2 years after a contribution is made to an elected official. This includes contributions from PACs controlled dealers. However, it should be noted that gifts of $250 or less are permitted. Municipal securities transactions claims or disputes must be resolved through arbitration.

F. Margin Lending Margin accounts are accounts where the broker/dealer extends credit to the customer and only a percentage of the purchase price is actually paid. The advantage to a customer is the ability to leverage their money, in effect buy additional securities with less cash. Some definitions associated with margin accounts are: Margin the percentage of the sale price the customer must deposit. The margin percentage varies depending upon changes in federal regulations. It is usually between 40 and 60%. The margin amount is currently 50%, which means that a customer pays $.50 for every $1 of security purchased. Hypothecation the practice of pledging securities as collateral. Rehypothecation the practice of a broker pledging a customers securities with a bank or other loan source. Loan Value the percentage of the securitys market value that the firm lends to the customer. If the margin requirement is 50% then the loan value is 50%.

The Federal Reserve Board has set regulations for margin accounts. Regulation U limits the amount can be borrowed by brokers who use any customer securities as collateral. Regulation G limits the amount a non-bank lender can lend to brokers who use customer securities (rehypothecate) as collateral. Regulation T limits the amounts brokers can lend to customers on various types of securities.

303

304

There are special characteristics associated with margin accounts. Since they involve credit it was determined that special requirements were needed. New margin accounts must have a signed margin agreement in addition to the usual new account information. The margin agreement should state that all transactions are subject to pertinent laws and regulations. The customer must also agree to: Allow the brokerage firm to pledge or repledge securities for broker loans The accrual of interest charges on debt balances in their account Permission to sell held securities with or without notifying the customer if equity is not adequate Some individuals who work for exchanges (and their spouses) may require special approval from their employer before a margin account can be opened. Also a registered representative may not open a margin account without branch manager approval. Only listed securities (those listed on national exchanges) and or securities listed on an OTC margin list (which is updated regularly) may be traded on margin per regulation T. Certain securities are exempted from regulation T margin requirements. These include federal government debt issues, state or municipal government issues, and other issues from taxing entities. Since these issues are exempt, firms can assign a higher loan value to them. Other terms and definitions associated with margins are: Long market value is the customers gross cost and includes any charges and commission and is the amount used to calculate the margin requirement. Debit balance is amount of the loan to the customer from the firm. Equity the customers net worth in their account. To calculate the equity, subtract the debit balance from the long market value. Restricted accounts if the equity balance declines in an account due to a decline in the market price of security and the current equity position falls below margin requirements, the account is classified as restricted. Restricted accounts are subject to specific rules; however, no specific action on the account (i.e. increase the equity balance) is required per Regulation T. If additional securities are purchased, only the new purchases are subject to the original margin requirement. Industry requirements - NASD and NYSE have established some margin requirements (voluntarily) that are more strict than Regulation T. For example, mew margin accounts have a $2,000 minimum value of an account that is added to the margin amount; thus, the actual margin amount is usually greater than 50%. In addition, NASD and NYSE have rules that require at least 25% equity in a long account. Maintenance calls - if the equity position in an account falls below the 25% threshold, the customer is required to place cash or securities in their account within 48 hours or be subject to the sale of shares from their account. Special memorandum account - if the market price of securities rises and the equity balance exceeds the margin requirement, the excess amount may be used to purchase additional securities on margin. Although no funds actually change hands, an additional line of credit is established for the customer.

304

305

STUDY QUESTIONS FOR VOLUME 4 SECURITIUES INDUSTRY

1. The New York Stock Exchange is an example of a(n) A. Primary Market. B. Secondary Market. C. Tertiary Market. D. Over the Counter Market. To get immediate execution WITHOUT restrictions or limits, an order should be placed as a(n) A. fill or kill (FOK) order. B. good till canceled order. C. all or none (AON) order. D. market order. Treasury stock A. is outstanding stock repurchased by the company. B. has voting rights. C. receives dividends. D. is authorized but unissued. A revenue bond might be backed by which of the following? A. Fines B. Real estate taxes C. Sales taxes D. Lease rental payment. Which two of the following option strategies would be profitable in a declining market? I. Long call II. Long put III. Short call IV. Short put A. B. C. D. 6. I and III I and IV II and III II and IV

2.

3.

4.

5.

An individual soliciting the sale of a closed-end corporate bond fund to a customer in the secondary market would need to be registered as: A. Series 1 Post-IPO Securities Representative. B. Series 6 Investment Company/Variable Contract Representative. C. Series 7 General Securities Registered Representative.

305

306

D. Series 52 Municipal Securities Representative. 7. Which of the following is a futures contract? A. Individually negotiated contract to purchase or sell specified financial instruments on a future date at a specified price. B. Standardized contract to purchase or sell specified financial instruments on a future date at a specified price. C. Individually negotiated contract between two parties in which the buyer, in return for a fee, receives cash payments from the seller at a future date if the specified interest rate exceeds the strike price. D. Standardized contract between two parties in which the buyer, in return for a fee, receives cash payments from the seller at a future date if the specified interest rate exceeds the strike price. The primary authority regulating the issuance of industrial revenue bonds is the A. SEC. B. MSRB. C. NASD. D. IRS XYZ Company stock has 2 million shares outstanding at $15 par value. XYZ declares a 3 for 2 split. What is the new par value and the number of shares outstanding? A. $15 par value and 1.5 million shares B. $10 par value and 3 million shares outstanding C. $7.50 par value and 2.5 million shares outstanding D. no change The Securities Investors Protection Corporation was formed to protect: A. investors from abusive trading practices of brokers. B. investors cash and securities if the broker fails and is liquidated. C. investors from fraudulent financial statements issued by brokers. D. investors margin accounts in the custody of brokers.

8.

9.

10.

306

307

Appendix A Questions, Comments, or Corrections Concerning the CFSA Study Guide

Please forward comments, suggestions, and corrections to: NAFSA, P.O. Box 48357, Athens, GA 30604 (706) 353-3898 or acaple@cannonfinancial.com # 1. Page # Comment

2.

3.

4.

5.

6.

7.

8.

9.

10.

11.

307

308

12.

13.

14.

15.

16.

17.

18.

19.

20.

INFORMATION
Name: ___________________________________________________ Date: ______________________

Company: _______________________________________________________________________________ Address: _________________________________________________________________________________ City, State, Zip:

___________________________________________________________________________
Phone: (_____)_____________ Fax: (_____)________________ E-mail: ____________________________

308

309

Appendix B Study Question Answers Volume 1

1. C. Organizational status and objectivity. 2. A. Will use the CFSA designation with pride and professionalism. 3. C. Annual audit plan. 4. B. Collecting payments on accounts and reconciling accounts receivable records. 5. C. Identifying opportunities for improvement in performance of key functions. 6. A. Appraise the organization's internal control system. 7. D. Substantive tests to evaluate the reasonableness of financial information. 8. B. Inverse. 9. A. Program change control, segregation of duties, and interim input reconciliations. 10. C. II, III, and IV only.

309

310

Study Question Answers Volume 2

1. C. A fee is charged for the internal audit of the plan. 2. D. Enter into an interest rate swap to receive floating and pay fixed rate payments. 3. D. Conducting currency transactions in a manner to avoid reporting requirements. 4. B. Commercial loans. 5. A. As a sale of the lessor and a purchase by the lessee. 6. A. I and III only. 7. B. Currency and checking accounts only. 8. C. I, III and IV only. 9. B. The activity date used to determine dormancy is updated by internal debit memos. 10. D. I, II, III and IV.

310

311

Study Question Answers Volume 3

1. B. I and III only 2. C. Vesting 3. C. II and IV only 4. A. The claim should be denied since coverage was never present, and the claim should be placed against the agencys Errors and Omissions policy for reimbursement of the claimant. 5. C. Deferred acquisition costs. 6. B. Unearned premium reserve. 7. C. III and IV 8. D. Keogh plans 9. B. An umbrella policy to place a protective umbrella over existing coverage. 10. C. Stock and mutual funds.

311

312

Study Question Answers Volume 4

1. B. The NYSE trades in secondary securities, that is, non newly-issued securities which are usually offered by an underwriting syndicate. 2. D. Market orders are executed immediately at the best available market price if the stock is trading, without restrictions or limits. 3. A. 4. D. The others back general obligation bonds. 5. C. Calls decline in a declining market, and puts increase in value in a declining market. Shorting calls allows the seller to buy the calls back at a lower price. Being long puts allows the holder to sell at a higher price as the value of the put increases. 6. C. The sale of closed-end investment company shares are treated like a general security. The sale of general securities must be sold by a general securities registered representative (Series 7), Regulations NASD Rules. 7. B. See AICPA Brokers and Dealers in Securities, May 2000, pgs. 13 and 14. 8. B. The Municipal Securities Rulemaking Board is the primary regulator of IRBs and all Municipal Securities. 9. B. There is no change in the total amount of capitalization. A 3 for 2 stock split simply means that there will be 1.5 times as many shares outstanding at 2/3 of the value as prior to the split. In this case that equates to choice B. 10. B. AICPA Brokers and Dealers in Securities, May 2000 - pg. 10.

Committee on Basic Auditing Concepts, A statement of basic Auditing Concepts, Sarasota FL: American Accounting Association, 1973, p.2. ii Information on IIA taken from their web site -- http://www.theiia.org/aboutiia/about.htm on May 14, 1999. iii Information on IIA taken from their web site -- http://www.theiia.org/aboutiia/about.htm on May 14, 1999 iv Some information was derived from, Handbook For Audit Committee Members, Copyright 1996 Grant Thornton LLP, http://www.gt.com/gtonline/assuranc/handtoc.html v COBIT - Governance, Control, and Audit for Information and related Technology, Information Systems Audit and Control Foundation, April 1998, 2nd edition

312