Services Provided by a Custodian
Services provided by a bank custodian are typically the settlement, safekeeping, and reporting of customers’ marketable securities and cash.
Banks provide custody services to a variety of customers, including mutual funds and investment managers, retirement plans, bank fiduciary and agency accounts, bank marketable securities accounts, insurance companies, corporations, endowments and foundations, and private banking clients.
Core Custody Services
A custodian providing core domestic custody services typically settles trades, invests cash balances as directed, collects income, processes corporate actions, prices securities positions, and provides recordkeeping and reporting services.
Global Custody Services
A global custodian provides custody services for cross-border securities transactions. In addition to providing core custody services in a number of foreign markets, a global custodian typically provides services such as executing foreign exchange transactions and processing tax reclaims. A global custodian typically has a sub-custodian, or agent bank, in each local market to help provide custody services in the foreign country. The volume of global assets under custody has grown rapidly in recent years as investors around the world are buying foreign securities for additional investment opportunities.
Securities Lending and Other Value-Added Services
A bank may offer securities lending to its custody customers. Securities lending can allow a customer to make additional income on its custody assets by loaning its securities to approved borrowers on a short-term basis. In addition, a custodian may contract to provide its customers with other value-added services such as performance measurement, risk measurement, and compliance monitoring.
Risks Associated with Custody Services
A financial authority has defined nine categories of risk in custody services: credit, interest rate, liquidity, price, foreign currency translation, transaction, compliance, strategic, and reputation. These categories are not mutually exclusive; any product or service may expose a bank to multiple risks. The primary risks associated with custody services are: transaction, compliance, credit, strategic, and reputation.
Transaction risk is the current and prospective risk to earnings or capital from fraud, error, and the inability to deliver products or services, maintain a competitive position, and manage information. Risk is inherent in efforts to gain strategic advantage, and in the failure to keep pace with changes in the financial services marketplace.
Transaction risk encompasses product development and delivery, transaction processing, systems development, computing systems, the complexity of products and services, and the internal control environment.
Transaction risk is also referred to as operational risk. This risk is inherently high in custody services because of the high volume of transactions processed daily. Experience in the custody field has shown that errors in corporate action, settlement, foreign exchange (FX), and operating (suspense) account processing are common causes of losses attributable to custody activities.
Effective policies and procedures, a strong control environment, and efficient use of technology are essential risk management tools. Meaningful reporting, based on accurate and reliable data, is needed to provide management with monitoring tools. The risks may be magnified in a global custody operation where transactions occur around the clock in a variety of different markets. A global custodian must consider a variety of additional factors including differing market rules and conventions, the degree of automation in the foreign market, different types of securities, capital or currency restrictions, and the availability and communication of timely and accurate information.
Compliance risk is the current and prospective risk to earnings or capital arising from violations of, or nonconformance with, laws, rules, regulations, prescribed practices, internal policies and procedures, or ethical standards. Compliance risk also arises in situations where the laws or rules governing certain bank products or activities of a bank’s clients may be ambiguous or untested. Compliance risk exposes the institution to fines, civil money penalties, payment of damages, and the voiding of contracts. Compliance risk can also lead to a diminished reputation, reduced franchise value, limited business opportunities, reduced expansion potential, and an inability to enforce contracts.
Custody services are contractual in nature, and a bank must ensure compliance with the provisions of all applicable agreements. A strong compliance program should include monitoring the variety of laws and regulations that may affect a custodian’s business and reporting any material changes to the customer. Global custodians in particular must be aware of the regulatory environments in which they operate. Compliance risk may be heightened in foreign markets because different markets have different rules and regulations. These differences make supervision challenging.
Credit risk is the current and prospective risk to earnings or capital arising from an obligor’s failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Credit risk is found in all activities that depend on counterparty, issuer, or borrower performance. It arises any time funds are extended, committed, invested, or otherwise exposed through actual or implied contractual agreements, whether reflected on or off the balance sheet.
The market settlement practice of delivery versus payment (DVP) virtually eliminates counterparty credit risk in the settlement process.However, a custodian may be exposed to credit risk if it advances funds to settle trades for a customer. In addition, securities lending activities may expose a bank to counterparty credit risk.
Global custodians may be exposed to credit risk from several sources. First, if a sub-custodian fails, the custodian may have difficulty obtaining its customers’ securities. Second, not all markets settle transactions DVP, so there is risk if the custodian delivers securities without receiving payment or pays without receiving securities. Third, in some markets a custodian may offer contractual settlement. In this case, a custodian makes the entries to its customer’s account on the contractual settlement date even if the custodian hasn’t actually received the cash or securities needed to settle the trade. Here, the credit risk is with the global custodian’s customer. Contract provisions should provide for reversal of the transaction if the trade fails or a specified amount of time passes.
Strategic risk is the current and prospective risk to earnings or capital arising from adverse business decisions, improper implementation of decisions, or lack of responsiveness to industry changes. This risk depends on the compatibility of an organization’s strategic goals, the business strategies developed to achieve those goals, the resources deployed toward these goals, and the quality of implementation. The resources needed to carry out business strategies are both tangible and intangible.
A bank’s decision to participate in the custody business, and its ability to be competitive if it does, is a source of strategic risk to the bank. The industry is competitive. To compete, a custodian must be able to achieve a size that creates an economy of scale, and continually invest in systems and technology.
Reputation risk is the current and prospective impact on earnings and capital arising from negative public opinion. This affects the institution’s ability to establish new relationships or services or to continue servicing existing relationships.
Reputation risk exposure is present throughout the organization and an abundance of caution is to be exercised in dealing with its customers and community. The importance of a custodian’s reputation cannot be overstated. The ability of the bank to deliver services as promised is critical to maintaining its reputation. The transaction-oriented custody services business makes a bank’s failure to perform a contracted service highly visible to its customer. Virtually any problem that the bank encounters in its custody business line can affect its reputation if it is made public.
A bank’s custody customers may also be exposed to interest rate, liquidity, price, credit, and foreign currency translation risk through the assets they hold in their custody accounts. Although any related losses are not direct risks to the bank providing custody services, some customers may hold the bank at fault for them. The possibility that these customers will make their claims or allegations public presents some reputation risk.
The bank must have adequate systems in place to identify, measure, monitor, and control risks in the custody services area. Such systems include policies, procedures, internal controls, and management information systems governing custody services. Effective internal control is essential to a bank’s management of the risks found in custody services. A properly designed and consistently enforced system of internal controls will help management safeguard assets under custody, produce reliable financial reports, and comply with laws and regulations.
Strong operational controls are essential to effectively manage transaction risk.
Separation of Duties
Control can best be achieved through a division of duties. A bank first segregates administrative and operational functions, and then it segregates duties (both physical and logical access) within the operating system itself. It is the responsibility of management to assess the control environment and ensure that an appropriate system of internal control, including separation of duties, is in place.
Assets under custody should be properly controlled and safeguarded at all times. Dual control procedures should ensure that one person, acting alone, does not have the ability to complete all phases of a transaction, or move custody assets. Procedures should require dual control in processing of all custody assets, including securities, cash, income payments, and corporate actions.
Independent control processes should ensure the accuracy of a custodian’s records and accounting systems. Accounting controls are used to monitor and measure transactional work flows and their accuracy. Accounting controls include blotters, reconcilement of cash and asset movements, and suspense accounts.
Customer Account Acceptance and Monitoring
The account acceptance process is the first step in managing risk related to customers. The risks associated with an individual account should be addressed prior to acceptance. A custodian’s acceptance process should provide an adequate review of the customer’s needs and wants. During the acceptance process, the custodian should also assess whether its duties are within its capabilities, are lawful, and can be performed profitably.
A properly documented account acceptance process will provide sufficient information for the bank to make an informed decision. The procedures should provide sales personnel with "front-end guidance" related to the review and acceptance of new accounts, and should include a bank’s requirements related to customer due diligence and required documentation.
Assessment of New Business
The due diligence process should ensure that the services the customer wants the custodian to perform are legal (in the relevant jurisdictions) and within the custodian’s capabilities. The account acceptance process should include an assessment of the proposed relationship including a review of the products and services needed by the customer, likely transactions (type and volume), and customer information necessary to facilitate custody transactions (such as tax information related to foreign tax relief). The due diligence process should include a review for compliance with anti-money laundering rules.
When accepting new business the bank should consider the operational needs of the account. The bank should consult all applicable departments (including legal, accounting, operations, credit, and compliance) to determine whether it has the capacity to serve the customer without incurring unreasonable costs.
Custody relationships are contractual in nature and are essentially directed agencies. The customer is the principal, and the custodian is the agent. The custody agreement is important as a risk management tool. The agreement should clearly establish the custodian’s duties and responsibilities. Custody agreements should be standardized when possible, and any deviations from the standardized agreement should be reviewed prior to acceptance.
Management Information Systems
A management information system (MIS) is a system or process that provides the information necessary to manage an organization effectively. MIS and the information it generates are generally considered essential to internal control.
A primary objective of custody services MIS is the management of transaction risk. Sound MIS produces information that is accurate, timely, consistent, complete, and relevant. It allows a bank to measure operational performance to designated benchmarks. While a custodian’s MIS enables a bank to determine whether its operations are profitable, it should also inform management about other essential matters, such as whether internal controls are working.
A contingency plan is an extension of a bank’s system of internal control and physical security. The plans should include provisions for continuance of operation, and recovery when threats may damage or disrupt the institution’s data processing support. A bank that relies on an outside servicer for the bulk of its data processing should take steps to determine whether the contingency plans of the servicer are adequate and whether its own plans complement those of the servicer.
Comprehensive contingency planning policies and procedures for all business lines are a responsibility of the board of directors and senior management of a national bank. The board is responsible for reviewing and approving the institution’s contingency plans annually and documenting the reviews in its minutes.
Originally posted in Knol (28)