Chapter 18 - Treasury Policy and Procedures
Creating a Treasury Policy Document
1. Objectives and Scope 2. Developing the Policy 3. Drafting the Text 4. Policy Approval 5. Procedure Development and Implementation 6. Policy Review, Updates, Revisions
5 Primary Reasons for Treasury Policies and Procedures
1. Organizational needs - documented guide to best practices 2. Risk Management - mitigate identified risks in the operation 3. Roles and Responsibilities - clear definitions 4. Compliance - internal audit and control environment 5. Good Governance - grant and delegate authority
Key Control Considerations for Treasury Policies
1. Structure of Controls 2. Segregation of Duties 3. Delegation of Authority 4. Roles and Responsibilities 5. Records Retention 6. Moving from Controls to Policies and Procedures
Treasury Systems Policy
Access to treasury systems Granular security to limit access to specific areas (e.g., wire transfer modules and cash balance visibility) Password requirements Reconcilement with accounting and other books of record Backup and recovery Off-premise access and use Timeline for disabling access of employees leaving the firm
Drafting the Text
Clear concise language Address what the rule will be, rather than how to implement it Engage relevant team members Describe clear lines of authority Designate expert resources to interpret the policy if questions arise
Cyber Risk Management Policy
Customer data, including payment information and, if relevant, sensitive personal data Intellectual property Negotiating positions with respect to third-party providers Strategy documents, such as treasury plans to support development of new products or launches into new markets Internal email and other messages Financial positions Payment initiations and approvals
Credit and Collections Policy
Customer satisfaction Acceptable payment types (e.g., cash or credit cards) Acceptable credit rating levels for customers Appropriate credit limits for customers, based on specified factors (e.g., experience, credit rating) Incident response Training requirements
Dividend Policy
Definition and calculation of excess cash (including the determination of free cash to be retained) Circumstances when a dividend will be paid Type of dividend (e.g., cash, stock, special) Use of share repurchase program Tax implications of dividend policy Communication of dividend policy decisions to stockholders and the wider investor community
Payment Policy
Delegation of authority Permitted payment methods Permitted payment service providers Payment and approval limits Joint approval requirements Payment authorization requirements Payment risk management, including fraud prevention controls Required documentation
Outsourcing Policy
Delegation of authority Vendor and operational risk management Information security and confidentiality requirements Performance measurement, including compliance with relevant existing company policies Termination of outsourcing contract
Bank Account and Financial Services Authority Policies
Delegation of authority allowing treasury to manage financial service provider relationships Delegation of authority to open and close bank accounts, and to add or remove services Oversight and governance of banking relationships Duties and tasks involved in managing relationships Qualifying types of financial institutions, including counterparty credit assessment Signature authority, including the process to make amendments Financial institution evaluation (e.g., setting minimum standards for an approved financial institution's credit rating or market capitalization) Documentation requirements
Funding/Financing Policies
Funding objectives (this may link to the liquidity policy to ensure compatibility between short-term and long-term funding objectives) Limits and targets for committed funding Limits and targets for different sources of funding (e.g., banks and capital markets) Structural considerations of fixed- versus variable-rate debt Covenants Regulatory restrictions, if any Tax and other compliance mandates Authorization/approval processes and any related delegation of authority Refinancing or prepayment processes Arbitrage rules (which may precipitate spend-down requirements) Uses of derivatives or links to the financial risk management policies References to standard documentation Links to the capital structure and the dividend policy
Cash Flow Forecasting Policy
Goals of the cash flow forecast Forecast frequency (e.g., daily, weekly, monthly) Format Schedule for updating the forecast Acceptable forecasting methods Variance analysis Directions for forecasting cash flows in foreign currencies
Financial Risk Management Policies
Identification and measurement of exposures, including how exposures are to be quantified (e.g., the use of value at risk [VaR] metrics) Scope of permitted hedging and derivative activities Delegation of authority Authorized derivatives Approved counterparties and related limits Decision-making process (i.e., whether to hedge an exposure and how to do so) Transaction management and record keeping Trade/deal limits and monitoring Accounting, including whether to apply hedge accounting Disclosure, including how to report the activity and the effectiveness of any hedge accounting
Investment Valuation and Impairment Policies
Identification of impaired investments, including other-than-temporary impairment Mark-to-market requirements Valuation of impaired securities
Investment Policy Reviews are Done by:
Internal Auditors External Auditors
Liquidity Management Policy
Liquidity management objectives Sources of liquidity, including internal cash Liquidity management, including a link to the cash flow forecasting policy Methods to identify potential events that can create liquidity shortages
Internal Controls
Measures taken by an organization to provide reasonable assurance regarding achievement of the organization's objectives related to operational effectiveness and efficiency, reliable financial reporting, and compliance with laws, regulations, and policies
External Controls
Measures that affect a company's operations, but which are enacted by the government or other organizations rather than by the company itself. These may include any rule or regulation that has an effect on the actions of the company, any tax law enacted by the government which affects the flow of money, a lease that restricts what a company can or cannot do with its office space, or other such measures
Wire Transfer Policy
Minimum wire transfer amount Required documentation Processing times Individual responsibilities for initiators and approvers, including the use of tiered approval matrices Permitted wire systems (e.g., Fedwire, CHIPS [Clearing House Interbank Payments System]) Permitted uses of template and free-form wires Approval requirements (e.g., requirement for dual approval when updating vendor bank changes)
Developing the Policy
Objectives Scope Basic Guidelines Roles and Responsibilities Performance Measurement and Reporting Required controls and compliance considerations Exception Management Review Cycle Definitions Policy Attachments
Objectives and Scope
Primary objective of each treasury function
Payment Card Policies
Program administration, to ensure segregation of duties Types of cards issued Eligibility and approved uses Card and transaction limits Review and reconcilement requirements Purchase restrictions, if any Rules regarding cash advances Payment and fraud risk management
Short-Term and Long-Term Investment Policies
Scope of investment policy (e.g., short-term cash, defined as for periods up to one year) Investment objectives Approved instruments Approved counterparties (e.g., a list of named approved counterparties or a generic definition such as "any issuer with a minimum [short- or long-term, depending on investment term] rating from one or more credit rating agencies") Portfolio management rules, such as diversification requirements and investment horizons Reference to the bank account management policy (both from a counterparty credit quality perspective and to achieve adequate diversification) Performance management Use of external providers, including asset managers and custody providers
Regulatory Compliance Policies
Statement of policy and required compliance Subcontractor and vendor compliance requirements Compliance monitoring activities Audit requirements
Policy Approval
Treasury Department Review Review by other functional area managers Review by internal audit and/or compliance group Final Approval
Merchant Card Policies
Types of cards accepted Approved card acceptance methods (e.g., online, telephone, or in person) Transaction limits, if any Reconcilement requirements PCI DSS compliance requirements[1] Fraud risk management Criteria for selecting a merchant services provider Compliance with merchant services provider policies Compliance with card network rules Compliance with state and local laws Incident response Data protection requirements
Procedure Development and Implementation
Written clearly and understandable Not too restrictive - offer alternatives Documentation should be factual and reviewed for accuracy Step by Step instructions where applicable Easily Accessible
Consultation Phase of Development Policy
it can be useful to identify existing practice (rather than existing policy) across the related processes. For each activity, a flowchart, including workflows and organization charts, could be created to understand existing practice. This will help consultees explain what happens, and help all participants identify where risk points occur and how improvements can be made.
