- Sign up for our FREE Newsletter
Have A Question?
We'll get right back to you.
| Follow Us: |  |
 |
Interest Rate Risk Internal Controls - Is your Audit Process Sufficient?
4/1/2010
Financial Institution Letter 2-2010, Financial Institution Management of Interest Rate Risk, was issued on January 20, 2010, to clarify existing interest rate risk guidance. While much of the guidance relates to the measurement, monitoring and mitigation of interest rate risk, the guidance also sets-forth regulatory expectations for internal controls over the interest rate risk management process and the validation of interest rate risk models. As banks begin to implement their 2010 internal audit programs, it is important that those programs include testing of interest rate risk processes and models.
As stated in the Advisory On Interest Rate Risk Management that accompanied the Financial Institution Letter, “the regulators expect institutions to have an adequate system of internal controls to ensure the integrity of all elements of their IRR management process, including the adequacy of corporate governance, compliance with policies and procedures, and the comprehensiveness of IRR measurement and management information systems.” Accordingly, financial institutions are expected to conduct independent reviews of their interest rate risk models, which include the following:
- Assessment of the reasonableness of model assumptions.
- Assessment of the process used to determine assumptions.
- Backtesting of assumptions and results.
- Testing of model integrity. For internal models, this involves testing of model mechanics and mathematics. For models provided by vendors, this involves review of vendor documentation showing evidence of mechanical and mathematical validation by an independent third party.
- Verification of any corrective action implemented by management.
Other best-practice internal audit procedures relative to interest rate risk include the following:
- Reviewing interest rate risk policies and procedures and determining whether they are commensurate with the size, complexity and risk profile of the institution.
- Testing interest rate risk governance and management practices for compliance with policies and procedures.
- Benchmarking internal models.
Interest rate risk internal audit procedures should be performed by qualified persons who are independent of interest rate risk functions. Depending on the nature, complexity and resources of the institution, these persons may include in-house internal audit staff, other internal parties independent of the interest rate risk function, or external auditors.