and management policies documentation standards which provided detailed guidance for the day-to-day implementation of the TE's strategies and generally include risk limits, operating procedures and control processes designed to safeguard the TE and its clients from excessive and imprudent risks. Terminologies relevant to trust, other fiduciary and investment management activities shall be specifically defined and clearly described through appropriate sample documents/exhibits to avoid the likelihood of incomplete communication, ambiguities and misinterpretations. 5. Accounting and records maintenance 6. Policy review 7. System of financial and regulatory reporting 8. Client-oriented safety nets C. Appropriate Risk Measurement System, Prudent Risk Limits, Monitoring and Management Information System The process of measuring, controlling and monitoring fiduciary risks shall be carried out independently by personnel not directly involved in fiduciary activities. Results of this process shall be reported to the BOD, or to the appropriate Board-level committee, thru the risk management unit/department of the bank/institution proper in a timely and comprehensive manner. In the same manner, the trust officer or relevant trust committee should be apprised of the results of these processes and relevant risk management issues. Risk Measurement System In formulating the risk measurement models and methodologies for its fiduciary risk-taking activities, the TEs shall be guided by the minimum requirements prescribed in Appendix 73 (appendix to Section X174) and 74 (appendix to Section X175), and the guidelines provided under Appendix 25 (appendix to Section X611) of the Manual of Regulations for Banks, as applicable. TEs are excepted to adopt models/methodologies commensurate to the size, complexity and nature of the fiduciary activities undertaken. In addition, the TE's risk 052379-5 Effective risk monitoring and control is dependent on accurate, timely, reliable, and relevant information processing and reporting systems. Rapid technology advancements create new risk monitoring and control issues, thus, the BOD should ensure that the that the impact of emerging technologies on fiduciary activities is properly considered. The BOD and Trust Committee shall be afforded with adequate information on the trust and investment management activities to properly fulfill their responsibilities. Accordingly, the TEs shall have policies and procedures in reporting information on fiduciary activities to the BOD and trust committee specifying, among other things, the type, amount and timing of information reported; methodology to ensure all identified risks are monitored; frequency, timeliness, accuracy and clarity of monitoring reports; report distribution to management and staff; and comparability of output against predetermined limits. The sophistication of management information system (MIS) shall be commensurate with the complexity and diversity of the TE's operations such that a complex TE shall have a more comprehensive MIS. own Because of the cost involved in developing technology, a TE may opt to purchase information technology rather than develop its internal system. Nonetheless, regardless of the source of information system, the BOD and Trust Committee shall exercise the proper level of control and oversight to appropriately fulfill their fiduciary duties. Service Agreements or vendor contracts shall be thoroughly reviewed by legal counsel to ensure that they include appropriate indemnification and recourse language. In addition, contracts shall contain specific language recognizing the authority of the TE's regulators to conduct reviews of the third-party vendors as part of their overall supervisory activities. D. Comprehensive and effective internal controls, audit, and compliance program Internal Control Systems A comprehensive internal control is the foundation for the safe and sound functioning of a TE and its fiduciary risk management system. It shall form an integral part of the TE's overall system of controls and shall promote effective fiduciary operations and reliable financial and regulatory reporting, safeguard assets and help ensure compliance with relevant laws, regulations, and institutional policies. Effectiveness of the internal control system shall be periodically tested by an An effective audit program shall be based on an appropriate risk assessment methodology that documents the TE's significant fiduciary activities and their associated risks, and internal control systems. Such documentation shall be available for review by the BSP. It shall describe the objectives of specific audit activities and list the procedures to be performed during the process. While the frequency and extent of the internal audit review and testing shall be consistent with the nature, complexity and risk of the TE's fiduciary activities, existing BSP regulations require the conduct of periodic internal audits of the TE at least once every twelve (12) months. The BOD may also require the adoption of a suitable continuous audit system to supplement or replace the periodic audit. In any case, the audit shall ascertain whether the TE's fiduciary activities have been administered in accordance with laws, BSP rules and regulations, and sound fiduciary principles. There shall also be a system that allows sensitive findings (e.g., defined non-observance of the basic principles on fiduciary relationships, unsafe and unsound practices, operational lapses/ deficiencies resulting to recognition of material losses) to be reported directly to the BOD. Moreover, the audit committee and/or BOD shall review the Compliance Program The TE shall develop and implement a compliance system for its trust, other fiduciary business and investment management activities, and appoint/designate a compliance officer to oversee its implementation in accordance with Sections X180/4180Q and their corresponding of the MORB/ MORNBFI, respectively. The Board-designated body or personnel performing independent compliance function on fiduciary activities shall either be part of or directly report to the compliance unit/department of the bank/ institution proper to ensure holistic implementation of enterprise-wide compliance program. Nevertheless, the Boarddesignated body or personnel tasked to implement the compliance program for fiduciary activities is not precluded to freely communicate with the trust officer or relevant trust committee any information relative to the discharge of its function. The compliance system must provide a written and comprehensive compliance program designed to monitor observance with relevant laws, rules and regulations, internal policies including risk limits, internal control systems, fiduciary principles, and agreements with clients. The compliance system shall be periodically reviewed for relevance, effectiveness and appropriate follow-up. The BOD must recognize the scope and implications of applicable laws; approve a compliance program that protects the TE from adverse litigation, increased regulatory oversight, and damage to reputation; and ensure that the compliance officer primarily undertakes to oversee and coordinate the implementation of the compliance system. The extent of formality of the compliance program may vary from one TE to another. Nevertheless, an effective compliance programs have common elements that include: 1. A strong commitment from the BOD and Trust Committee; 2. A formalized program coordinated by a designated compliance officer that includes periodic testing and validation process; 3. Responsibility and accountability from line management; 4. Comprehensive training programs; and 5. Timely reporting and follow-up process. |