Basic control points with regards to Dealing, Deal recording and Confirmations:
- Multiple quotes are obtained by the trader before striking a deal to ensure best rates
- All telephonic deals are recorded (automatically) and stored for reference and audits
- Where deals are made other than telephonically, deal ticket is made immediately – in most such cases, the system generates a deal ticket. This too is saved for reference, checking and audits.
- All deals entered into the front office system auto flows into the mid and back office systems. Usually there is STP (Straight Through Processing). Each system is connected to all the other and information is seamlessly passed on to all the relevant system on ‘need to know’ basis.
- Deal confirmation should be exchanged with the counterparty on the same day
- Deal confirmation should not be drafted or checked or signed by the front office. There is clear demarcation in the work to be carried on by the front and back office staff with regards to this.
- Audits of individual tasks (front, mid and back) are carried on independently.
- All the limits should be closely monitored and reported in case of breach.
- Standard Settlement Instructions should be exchanged with each counterparty and any changes should be notified immediately.
- Telephone recording system should be regularly checked for ensure they are working fine.
- In most cases, there is always a maker-checker concept in place.
- Trades done outside the Negotiated Deal Settlement (NDS), between institutions which are members of the NDS should be entered in the NDS within 15 minutes from the time of conclusion of the trade.
Access Controls: Information stored by each of the three departments (Front, Mid and Back) should not be accessible by the other two. Each of them must have their own and independent information that can be used for reconciliation – especially by the Audits team
Physical access control should also be implemented. Physical access to front office should not be available to all staff. It should be only on ‘requirement’ basis.
Insurance policies covering losses due to frauds and errors by treasury staff should be in place.
Payment control: Most organizations (banks / corporate houses) make all their payment online – electronic banking system. Online banking is easily available with most firms. Access to these machines, Login ID, etc should be monitored strictly.
There should be two level of authorization required before making any payment. There should be proper written proofs in records before making any payments. Proper authorization needs to be ensured.
Maker-checker (two people) should be involved in every payment – to ensure fraud control.
Different staff should be involved for payment input, verification and final authorization. Audits should happen on checking if these different staff were involved and did they have proper powers to authorize. Reconciliation should be in place to ensure all books tally.
The code of conduct (as applicable) formulated by FEDAI / RBI / BIS should be followed by the Banks.