Checklist on policy, procedures and controls (Compliance Manual) for Financial Institution / Fund
Corporate Governance
1. Do you have any written policies and control procedures to ensure that your board of directors
| a) | establish a management structure which includes the roles, responsibilities, accountability and reporting lines of your senior management; | Yes ☐ | No ☐ | N/A ☐ |
| b) | oversee the appointment of your senior management; | ☐ | ☐ | ☐ |
| c) | establish systems and controls to supervise your senior management and supervisory staff members who act under the delegated authority by your board of directors; | ☐ | ☐ | ☐ |
| d) | establish systems and controls to monitor and regularly evaluate the performance of your senior management in their respective areas of responsibility; and | ☐ | ☐ | ☐ |
| e) | establish policies to ensure that the senior management have access to regular training to maintain and enhance their competencies and to keep themselves updated on industry and regulatory developments relevant to their respective areas of responsibility? | ☐ | ☐ | ☐ |
| 2 | How often will your board of directors evaluate the performance of your senior management in their respective areas of responsibility? |
| 3 | Do you have any written policies and control procedures to ensure that your senior management |
| a) | have a sound understanding of your business activities and their associated risks; | ☐ | ☐ | ☐ | |
| b) | oversee the development and implementation of risk management policies and control procedures to ensure that your risks can be identified, monitored and controlled and that financial and management information is reliable, timely and complete; | ☐ | ☐ | ☐ | |
| c) | establish policies to ensure that your risk management, compliance, operational control and review functions are properly positioned, staffed and resourced and carry out their responsibilities independently, objectively and effectively; and | ☐ | ☐ | ☐ | |
| d) | review and update regularly your risk management measures to ensure that they remain adequate and consistent with your operating environment, and are able to support business expansion? | ☐ | ☐ | ☐ | |
| 4 | Do you have any written policies and control procedures on the following functions? If yes, please indicate how often such policies and control procedures will be reviewed and updated by your senior management. | ☐ | ☐ | ☐ |
| a) | each of your key business lines | ☐ | ☐ | ☐ |
| frequency of review: |
| b) | operational control and review | ☐ | ☐ | ☐ |
| frequency of review: |
| c) | risk management | ☐ | ☐ | ☐ |
| frequency of review: |
| d) | finance and accounting | ☐ | ☐ | ☐ |
| frequency of review: |
| e) | information technology | ☐ | ☐ | ☐ |
| frequency of review: |
| f) | compliance | ☐ | ☐ | ☐ |
| frequency of review: |
| g) | AML and CFT | ☐ | ☐ | ☐ |
| frequency of review: |
| 5 | Do you have any written policies and control procedures to ensure that your senior management provide regular, adequate and comprehensive information to your board of directors in relation to the following matters? If yes, please indicate how often such matters will be reported to your board of directors. | ☐ | ☐ | ☐ |
| a) | implementation of, and adherence to business objectives, strategies and plans | ☐ | ☐ | ☐ |
| frequency of reporting: |
| b) | business performance | ☐ | ☐ | ☐ |
| frequency of reporting: |
| c) | risks associated with business operations and financial position | ☐ | ☐ | ☐ |
| frequency of reporting: |
| d) | internal control deficiencies identified | ☐ | ☐ | ☐ |
| frequency of reporting: |
| e) | compliance issues with laws, rules, regulations, codes and internal policies and control procedures | ☐ | ☐ | ☐ |
| frequency of reporting: |
| 6 | Do you have any written policies and control procedures to ensure that |
| a) | a management structure that clearly defined reporting lines of staff members with supervisory and reporting responsibilities appropriately assigned is implemented; | ☐ | ☐ | ☐ | |
| b) | authorisations and approvals, and the authority of key positions are clearly defined and communicated to and followed by staff members; | ☐ | ☐ | ☐ | |
| c) | only persons, who are fit and proper to perform the duties for which they are employed, are employed and that such persons are duly registered with all applicable regulatory bodies as required; | ☐ | ☐ | ☐ | |
| d) | management and supervisory functions are performed by qualified and experienced individuals; and | ☐ | ☐ | ☐ | |
| e) | adequate training suitable for the specific duties which staff members perform is provided both initially and on an ongoing basis? | ☐ | ☐ | ☐ | |
| | | | | | |
Risk Management Policies and Control Procedures
| 1 | Do your risk management policies and control procedures cover |
| a) | the appointment of a risk manager who has the appropriate qualifications to oversee and monitor the risk exposures and systems; | ☐ | ☐ | ☐ | |
| b) | the presence of clear reporting lines for the risk manager; | ☐ | ☐ | ☐ | |
| c) | the way that risk exposure limits are set and communicated to the responsible persons; | ☐ | ☐ | ☐ | |
| d) | the way that risks are being measured and monitored; | ☐ | ☐ | ☐ | |
| e) | the procedures to deal with exceptions to risk limits; and | ☐ | ☐ | ☐ | |
| f) | processes to ensure that you regularly carry out stress testing using appropriate measures? | ☐ | ☐ | ☐ | |
| 2 | Do you have any written policies and control procedures to ensure that your risk management policies will be | |
| a) | monitored by a risk management function which consists of a sufficient number of suitably qualified and experienced professionals; and | ☐ | ☐ | ☐ |
| b) | subject to comprehensive reviews at suitable intervals, and wherever there is significant change in the business, operations or key personnel, to ensure that your risk of suffering losses, whether financial or otherwise, as a result of fraud, errors and omissions, interruptions or other operational or control failures are maintained at acceptable and appropriate levels? | ☐ | ☐ | ☐ |
| 3 | Who will be responsible for reviewing your risk management policies and control procedures? (Please specify title and name if available.) |
| 4 | Do you have any written policies and control procedures to ensure that your staff members performing risk management function are independent of the front office and reporting directly to senior management? | ☐ | ☐ | ☐ |
Market Risk
| 1 | Will you adopt any risk pricing model (e.g. value-at-risk, economic value of equity models, etc.) as primary risk measurement and management tool? | ☐ | ☐ | ☐ |
| 2 | Do you have any written policies and control procedures in relation to the following areas of your proprietary trading? |
| a) | clearly defined trading authority | ☐ | ☐ | ☐ |
| b) | setting up trading and exposure limits | ☐ | ☐ | ☐ |
| c) | management supervision to ensure proprietary trading is within limit | ☐ | ☐ | ☐ |
| d) | measures to be taken in case of exceeding the limits and applicable sanctions | ☐ | ☐ | ☐ |
| e) | hedging strategy for your proprietary trading positions | ☐ | ☐ | ☐ |
| f) | performing regular stress testing to quantify the impact from changing market conditions | ☐ | ☐ | ☐ |
| 3 | Do you have any written policies and control procedures to ensure that information is available for the senior management to monitor the following areas of your proprietary trading? |
| a) | profit and loss | ☐ | ☐ | ☐ |
| b) | exposure level | ☐ | ☐ | ☐ |
| c) | value-at-risk | ☐ | ☐ | ☐ |
| d) | limit utilisation | ☐ | ☐ | ☐ |
| e) | stress test or simulation | ☐ | ☐ | ☐ |
| f) | risk adjusted performance | ☐ | ☐ | ☐ |
| 4 | Do you have any written policies and control procedures in relation to the following areas? |
| a) | assessing and monitoring the credit status of each client or counterparty | ☐ | ☐ | ☐ |
| b) | making a margin call or a repayment demand to a client in a timely manner | ☐ | ☐ | ☐ |
| c) | dealing with the consequence of a client’s failure to meet a margin call or a repayment demand | ☐ | ☐ | ☐ |
| d) | regular exception reporting to the senior management | ☐ | ☐ | ☐ |
| e) | compulsory closing out a client’s position | ☐ | ☐ | ☐ |
| f) | record keeping for margin calls or repayment demands | ☐ | ☐ | ☐ |
| g) | regular review of lending ratios on securities accepted by you | ☐ | ☐ | ☐ |
| 5 | Do you have any written policies and control procedures to |
| a) | ensure that clients or counterparties are not allowed to trade when there is a significant unsettled transaction or long overdue balance (except for the rolling balance cash clients and margin clients with adequate collateral); and | ☐ | ☐ | ☐ |
| b) | manage any concentration in the following exposures and report to senior management on a regular basis? |
| i) | exposures to a particular client or group of related clients | ☐ | ☐ | ☐ |
| ii) | exposures to a particular counterparty or group of related counterparties | ☐ | ☐ | ☐ |
| iii) | exposures to a particular investment product | ☐ | ☐ | ☐ |
Where the answer to any question above is "N/A", please explain in the space provided below why the question is not applicable.
........................................