Section 1 - Management

The quality of management and the manner in which directors and senior management govern a trust department’s affairs are critical factors in the successful operation of a department. As a fiduciary, the primary duty of bank trust department personnel is the management and care of property for others.

This responsibility requires the duty of loyalty, the duty to keep clear and accurate accounts, the duty to preserve and make productive trust property, and a myriad of other responsibilities that are further discussed in Section 4 - Compliance/Account Administration - Personal and Charitable Accounts of this Manual under the subsection titled Common Law/Fiduciary Principles. With these responsibilities comes risk, and management's ability to monitor and control these risks is of paramount importance. A primary focus of the trust examination is to assess the ability of the Board of Directors and senior management to identify, measure, monitor, and control the risks inherent in fiduciary activities, and their ability to respond appropriately to changing business conditions. In conducting trust activities, management is faced with operational (e.g., transactional, technological, and cyber), strategic, legal, compliance, credit, settlement, market, liquidity, and reputation risks. Appropriate internal policies, practices and controls mitigate these risks. The size and complexity of the trust department will dictate the depth and sophistication of such policies, practices and controls.

Increasing competition from non-bank entities have impacted the fiduciary business. Dealings and affiliations with financial firms such as broker dealers, mutual funds, and insurance industries increase business opportunities, but also increase risk and potential conflicts of interest if not properly managed. Examiners will focus on how trust management exercises its duty of loyalty in approaching new activities and affiliations.

Trust departments of FDIC-supervised institutions operate under the laws of the states in which they are chartered and may be subject to certain other federal fiduciary laws. In addition, the FDIC issued the Statement of Principles of Trust Department Management (SPTDM) to assist the Board of Directors in adopting guidelines for the sound operation of a trust department. Banks applying for the FDIC's consent to exercise trust powers must adopt the SPTDM as a Board approved policy before FDIC approval of the application will be granted. In situations where a bank or trust department was not required to adopt the SPTDM, examiners should strongly recommend that the Board of Directors do so.¹ The SPTDM describes an effective risk management framework related to trust and fiduciary services that is consistent with the safety and soundness standards conveyed in Appendix A to Part 364 of FDIC Rules and Regulations.

Examiners should assess trust management’s efforts toward operating the department in a manner consistent with sound risk management principles. Examiners must use judgment in reviewing management’s efforts to fulfill these principles. Where deficiencies in risk management practices are noted, examiners should inform trust management of the areas needing attention and how they deviate from sound governance, internal controls, risk management principles, or legal requirements.

Examiners should also discuss how the continuation of the deficiency could adversely affect the bank’s financial condition or operations or result in further supervisory action in the future. Examiners should reflect management's commitment to strengthen risk management practices in the Report of Examination.

¹ Banks granted trust powers by state statute or charter prior to December 1, 1950, regardless of whether or not such powers have been exercised, are not required to file an application with the Corporation for consent to exercise trust powers. Such consent is presumed to have been granted with the application for Federal Deposit Insurance.

The SPTDM was last updated by the FDIC on September 10, 1998, and issued via FIL-100-98. The text of the statement is provided below. The minimum requirements to provide for sound banking practices in the operation of a trust department and to provide safeguards for the protection of depositors, fiduciary beneficiaries, creditors, stockholders, and the public, should include:

• Involvement by the board of directors in providing for the establishment and continuing operation of a trust department;
• Operation of the trust department separate and apart from every other department of the bank, with trust assets separated from other assets owned by the bank, and the assets of each trust account separated from the assets of every other trust account; and
• Maintenance of separate books and records for the trust department in sufficient detail to properly reflect all trust department activities.

Nothing herein is intended to prohibit the Board of Directors from acting as the trust committee, or from appointing additional committees and officers to administer the operations of the trust department. When delegating duties to subcommittees and/or officers, the Board and the trust committee continue to be responsible for the oversight of all trust activities. Sufficient reporting and monitoring procedures should be established to fulfill this responsibility.

The board of directors, by proper resolution included in its minutes, should:

1. Designate an officer, qualified and competent, to be responsible for and administer the activities of the trust department. In addition, the board should define the officer's duties.
2. Name a trust committee consisting of at least three directors to be responsible for and supervise the activities of the trust department. The committee should include, where possible, one or more directors who are not active officers of the bank.

   The trust committee should:

   1. Meet at least quarterly, and more frequently if considered necessary and prudent to fulfill its supervisory responsibilities;
   2. Approve and document the opening of all new trust department accounts; all purchases and sales of, and changes in, trust assets; and the closing of trust accounts;
   3. Provide for a comprehensive review of all new accounts for which the bank has investment responsibility promptly following acceptance;
   4. Provide for a review of each trust department account, including collective investment funds, at least once during each calendar year. The scope, frequency, and level of review (trust committee, subcommittee, or disinterested account officer) should be addressed in appropriate written policies, which give consideration to the department's fiduciary responsibilities, type and size of account, and other relevant factors. Generally, discretionary account reviews should cover administration of the account and suitability of the account's investments, and non-discretionary account reviews should address account administration;
   5. Keep comprehensive minutes of meetings held and actions taken; and
   6. Make periodic reports to the board of its actions.
3. Provide comprehensive written policies which address all important areas of trust department activities.
4. Provide competent legal counsel to advise trust officers and the trust committee on legal matters pertaining to fiduciary activities.
5. Provide for adequate internal controls including appropriate controls over trust assets.
6. Provide for an adequate audit (by internal or external auditors or a combination thereof) of all fiduciary activities, annually. The findings of the audit, including actions taken as a result of the audit, should be recorded in its minutes.
   
   If a bank adopts a continuous audit process instead of performing annual audits, audits may be performed on an activity-by-activity basis, at intervals commensurate with the level of risk associated with that activity. Audit intervals must be supported and reassessed regularly to ensure appropriateness given the current risk and volume of the activity.
7. Receive reports from the trust committee and record actions taken in its minutes.
8. Review the examination reports of the trust department by supervisory agencies and record actions taken in its minutes.”

The Board of Directors has the overall authority and responsibility for operating the trust department and administering fiduciary accounts. This administrative responsibility begins with the acceptance of an account and continues until the closing of the account. In discharging its authority and responsibility, the Board of Directors typically delegates duties and responsibilities to such committee(s), director(s), officer(s), employee(s), or legal counsel it deems appropriate. However, the Board retains ultimate responsibility for delegated matters and therefore examiners should assess whether the Board maintains the proper degree of control and supervision.

Only through its written records can the Board demonstrate that it has satisfactorily exercised its authority and responsibility. Consequently, effective Board minutes reflect discussions and decisions reached regarding significant trust related matters. Although sound risk management principles include Board review of information regarding significant trust department activities, summaries of such information are common. In these cases, examiners should confirm whether detailed reports or committee minutes are available to the Board upon request.

The examiner may encounter instances where records of Board actions or information received are deficient or even completely lacking. In such situations, the examiner should inform the directors of the importance of correcting these deficiencies. The examiner should outline the weaknesses in the Report of Examination and indicate management's response and planned corrective measures.

1. Strategic Planning

A key responsibility of the Board is to establish the goals and objectives for the bank, including the trust department. A thoughtful strategic plan provides the framework to guide staff in achieving those goals and objectives. Strategic planning by directors, in consultation with senior officers, is a means to anticipate and respond to changing fiduciary business conditions. Effective plans consider positive influences (strengths, opportunities) and adverse influences (weaknesses, threats) that could impact the trust department in the future. This helps identify opportunities to pursue and gaps that need to be addressed through short- and long-range goals. Well considered goals for fiduciary activities align with the bank’s core mission and values as well as the Board’s risk appetite and policies.

Translating goals into an achievable plan depends on whether the institution has (or can reasonably acquire) the necessary personnel, financial and other resources, and technical systems. These considerations are particularly important for institutions that plan significant growth, new products or locations and online service delivery channels, third-party partnerships, or other initiatives. In addition to well-supported goals, effective strategic planning typically includes performance measures that are periodically reviewed to ensure management’s execution meets the Board’s expectations. Such periodic reviews also enable management and the Board to make adjustments for changing market and economic factors in a timely manner. Effective implementation of plans is also characterized by good communication of the strategic plan to staff and clear assignment of accountability to officers and staff.

Strategic planning is unique to each institution and each individual trust department, driven by its business model, resources, risk appetite, size, geographic location, clientele, and other considerations. The formality of the strategic planning process will vary among banks and trust departments. Some departments may be included in the bank-wide plan, while others may develop separate strategic plans tailored to fiduciary activities. Examiners should review strategic plans for trust services to assess whether plans provide a sound foundation for the department’s activities, and to assess whether they provide clear direction regarding acceptable fiduciary risk exposure levels.

2. Supervisory Responsibilities

The following are certain administrative responsibilities charged to the Board of Directors that may be delegated to duly appointed committees.

1. Acceptance of New Accounts

The acceptance of new accounts is typically documented in Board or committee minutes to acknowledge the trust department’s responsibilities in account administration. While the Board has the authority to delegate approval of new accounts to a junior committee, this practice is typically exercised judiciously as the Board continues to retain responsibility for all accounts accepted.

A common responsibility of management is to delineate standards for the acceptance of new business in order to control potential risks. The standards typically define criteria for accepting or declining new business given management's administrative capabilities and the Board’s risk appetite. The ability of the trust institution's staff, systems, and facilities to handle the proposed duties are also important considerations when accepting new accounts. Other areas for consideration include, but are not limited to:

• Purpose of the account
• Identity of principals and beneficiaries
• Existence of, or potential for, conflicts of interest
• Complexity of provisions
• Composition and nature of assets
• Existence of administrative problems
• Profitability

Examiners should note that the acceptance of an unprofitable account should not necessarily be unfavorably viewed. Unprofitable accounts may be accepted for a number of reasons including, but not limited to: other related accounts which, when viewed as a whole, are profitable; major commercial bank relationships; and pro-bono appointments for charitable or other worthy causes. Fee concessions for director, officer, and employee accounts are also common as part of an employee benefits program that is governed by appropriate documentation and approved by the Board or appropriate committee.

2. Approval of Closed Accounts

Closed accounts should be reviewed to determine whether the responsibilities under the instrument have been properly discharged and account administration was in accordance with the department's policies and procedures. Improper administration of an account can potentially expose the trust department to legal and reputation risk, and resultant financial liability. A significant increase in the number of closed accounts may be indicative of other underlying operational or administrative issues. Formal acknowledgements of closed accounts are typically noted in Board or committee minutes, along with the reason the account was closed. Furthermore, examiners should determine whether trust department records contain a receipt for assets transferred to the successor trustee, administrator, or beneficiaries. Such receipts document the transfer of ownership and responsibility for assets to new parties along with the value and condition of those assets. Receipts also provide supporting evidence for the bank should disagreements arise later between the parties.

3. Discretionary Distributions, Reallocation of Principal and Income, Extraordinary Expenditures, and Other Matters

The Board of Directors or a duly appointed committee (i.e., trust committee or a subcommittee thereof), has the ultimate responsibility and authority to grant discretionary distributions or reallocate principal and income (depending upon state law). This is one of the most important powers vested in a fiduciary. As such, examiners should confirm that any significant discretionary distributions, reallocation actions, or extraordinary expenditures are documented in Board or committee minutes to signify the approval and ratification of these actions. Effective risk management practices typically involve comprehensive documentation that outlines management’s responsibilities, decision rationale, and a clear understanding of their decision processes.

The Uniform Principal and Income Act² (UPIA), originally developed in 1931, provides procedures for trustees administering a trust or estate in separating principal from income. The UPIA had undergone major revisions in 1962 and 1997, the latter to adapt to modern portfolio theory embodied in the Uniform Prudent Investor Act, particularly the principle of investing for total return. Revisions in 2016 clarified the allocation of acquired assets, such as those from corporate distributions, and introduced the concept of an “unincorporated entity” for businesses operated by a trustee, including farming, mineral rights, timber, and rental real estate. Provisions were also added to deal with inequities caused by tax rules. The basic purpose of the UPIA remains to ensure that the intention of the trust creator is the guiding principle for trustees.³ A copy of the UPIA is included in Appendix C of this Manual.

4. Supervision of Discretionary Investments

To the extent the trust department has investment discretion, management has several important responsibilities, including:

• Conservation of the value of the assets entrusted to its care of trust corpus; and
• Optimization of income or growth in value consistent with prudent practices, the terms of the agreement, and the needs of the beneficiaries.

The Board of Directors or its trust committee is responsible for the approval of all purchases and sales of assets, and for the retention or disposition of investments. However, in larger departments, senior management or the trust investment committee often reviews purchases and sales. The frequency (daily, weekly, or monthly) and method of review will vary depending on management preferences, the volume of trades, and the trust accounting system utilized. Some departments may use an exception- based review process. Each review method provides management the opportunity to monitor compliance with internal policies and approved investment lists. Regardless of the method chosen, the review of purchases and sales is an essential component for an effective risk management program. Additional information on investments can be found in this Manual’s Section 3 Part 1 - Asset Management. The suitability of assets held by each individual discretionary account is typically incorporated into the account's annual investment review. Refer to subsection F. - Account Review Program below for items to consider in an investment review.

5. Account Reviews

Regular review of accounts is an important part of an effective fiduciary risk management process. Account reviews facilitate identification of weaknesses in account administration or investment management that could result in a higher risk profile of the department or cause financial harm to the bank if left unaddressed. Reviewing accounts initially upon acceptance and at least once during each calendar year thereafter helps to ensure timely identification of weaknesses. Annual reviews typically incorporate an administrative review, along with a review of investments when the department exercises investment discretion. Frequently, large trust departments delegate this responsibility to another committee or a disinterested trust officer. To support consistency in the review process, the scope of the annual review may be addressed in appropriate policies or other written documentation and give consideration to the department's fiduciary responsibilities, the type and size of accounts, and other relevant factors. Refer to subsection F. - Account Review Program below for more details.

6. Audits and Supervisory Examinations

The Board-adopted SPTDM addresses the need for internal or external audit of fiduciary activities at least annually. The establishment of a thorough audit program provides the Board with an independent assessment of management controls to ensure practices do not contravene policies or violate fiduciary laws and regulations. An effective Board or delegated committee will review the findings of the audit(s) and document the actions taken to respond to the findings. Additionally, an effective Board will ensure that adverse findings identified by regulators are addressed timely by reviewing all examination reports by supervisory agencies and documenting corrective actions taken in the Board minutes. Refer to this Manual’s Section 2 - Operations, Controls and Auditing, for discussion of audits and accounting issues.

7. Retention of Legal Counsel

Legal risk is one of the most prominent risks to which a trust department is exposed, and therefore it is important for management to effectively identify, measure, monitor, and control legal risks. Failure to do so could result in significant financial harm to clients and the bank. This highlights the importance of selecting and retaining competent legal counsel. Prudent due diligence requires that accounts considered for acceptance that involve pending or threatened litigation, complex or unusual documentation, or ambiguous language, be reviewed by counsel.

8. Adequacy of Insurance Coverage

An effective risk management program includes adequate insurance coverage sufficient for the risks inherent in the fiduciary business. Furthermore, periodic review of the policies facilitates maintenance of suitable coverage. However, reliance on insurance coverage is not an appropriate strategy to compensate for poor operational controls or the absence of proper oversight.

3. Organizational Structure

A Board resolution or the bank's bylaws should prescribe the structure and function of the trust department. Examiners are to be mindful that any workable system of organization of the trust department is acceptable, as long as it enables the directors, management, and staff of the trust department to fulfill their respective responsibilities. Examiners are to assess whether the organizational structure of the trust department aligns with the Board’s overall strategic plans.

The Board of Directors may fulfill its fiduciary responsibilities by adopting an organizational plan that effectively accommodates the volume and type of fiduciary services offered, the competitive environment, and future growth. A strong organizational plan contributes to the efficient attainment of a trust department’s objectives by clearly defining reporting lines of authority and responsibility. These lines of authority include effective communication processes that facilitate the exchange of all information necessary to inform all levels of trust department personnel of the institution's policies and directives, and allow senior management to verify that the trust department's operations comply with such policies and directives.

4. Committee Structure

Although the Board may elect to attend to all fiduciary matters, the handling of routine administrative and operational details is usually delegated to others. When the Board assigns functions to a committee, committee actions are typically recorded in minutes or similar records to ensure proper documentation of actions and approvals is maintained. The most effective trust department committees are structured to be flexible and workable. Functions and objectives are also clearly defined and effectively executed. Regular attendance and active participation by committee members is essential for effective oversight. However, utilization of the committee process does not relieve the Board of its responsibilities for the actions taken by those groups.

1. Trust Committee

Normally, the Board establishes a trust committee to oversee fiduciary activities, with the committee reporting its activities back to the Board periodically. In such cases, a trust committee comprised of individuals independent of day-to-day trust operations is tasked with providing objective and sound governance over fiduciary activities. Banks that have adopted the SPTDM typically include at least three directors of the Board on the trust committee with at least one director who is not a bank officer. In cases in which the bank has no outside directors on the committee, the bank will often exclude officers who participate significantly in the responsibilities of the bank’s fiduciary administration as a compensating risk management practice. The trust committee typically meets at least quarterly to stayinformed of trust department activity, and more frequently when practical and necessary to fulfill committee responsibilities. Examiners must assess trust committee independence and the efficacy of the governance practices, and make recommendations where appropriate.

2. Management Committees

It is also common practice to have management-level committees in any size department. These committees typically review items requiring immediate attention and routine department activities. The two most frequently encountered committees are the trust administration committee (TAC) and the trust investment committee (TIC). Larger departments may employ additional sub-committees (such as operations, compliance, proxy, fee deviation, or other topical sub-committees). Like committees in other parts of the bank, trust management committees maintain meeting minutes that document actions taken, and that are subsequently presented to the Board or its designated committee to ensure appropriate communication of committee activities and decisions.

² The Uniform Principal and Income Act (2008) is updated periodically by the National Conference of Commissioners on Uniform State Laws. Note that states have the option to adopt and could change provisions – refer to local state statutes for details.

³ See Uniform Law Commission UPIA (2008).

Examiners must assess management's ability to service fiduciary accounts presently under administration and those to which the department has made a commitment. A primary measure of management's ability is the condition of the trust department and the quality of fiduciary services rendered. The ability to handle anticipated business is also an important consideration, and therefore, examiners must evaluate the degree and quality of participation in strategic planning by executive officers and key staff from the trust department.

1. Trust Officer Duties and Management Skills

A well-run trust department ultimately depends upon knowledgeable and capable staff, particularly in leadership roles. Therefore, the Board of Directors typically takes great care in designating a qualified and competent trust officer to direct and administer the activities of the trust department. In assessing competence, examiners should evaluate the qualifications of management relative to the duties assigned. To be effective, administrative duties of the trust officer include at a minimum, the following:

• Represent the institution in all fiduciary matters;
• Oversee administration of trust department accounts;
• Report all matters requiring attention to the Board or its designated trust committee;
• Execute the policies and instructions of the directors and the Board and its designated trust committee;
• Maintain adequate records such as entries, settlement sheets, and follow-up systems; and
• Maintain adequate documentation to ensure all assets are properly safeguarded.

The trust officer/trust department manager may have limited knowledge of fiduciary matters, yet possess the managerial skills necessary to effectively guide the affairs of a particular trust department. In such cases, the examiner should emphasize the assessment of fiduciary expertise at middle management levels. The examiner should evaluate the managerial skills of the trust officer/trust department manager in consideration of the following areas:

• Planning – Ability to establish a predetermined course of action. This includes setting short-term and long-term objectives and establishing policies, procedures, and programs to reach these objectives.
• Organizing – Capacity to, along with the directorate, establish an organizational structure designed to achieve the department's goals. Examiners should analyze the grouping of theseactivities, the delegations of authority to perform these activities, and the coordination among groups in the organizational structure.
• Staffing – Capability to ensure that a sufficient number of qualified employees are employed. This involves effectively recruiting, training, and retaining employees.
• Directing – Ability to provide ongoing guidance and supervision of trust personnel to achieve the trust department's stated objectives.
• Controlling – Capacity to review, evaluate, and regulate the work in progress to ensure the activities meet established plans.

The examiner should analyze the type and depths of training offered to all trust personnel and evaluate the adequacy of the training program. Training might include in-house development programs, on-the- job training, on-line courses, banking schools and seminars, training facilities of larger banks, and tuition aid programs.

The examiner should consider expertise available from sources outside the bank. Management may compensate for "in-house" weaknesses in such areas as investments, tax law, or accounting by employing outside professional services if permitted under state law. The examiner should determine whether management understands and can effectively evaluate the information and recommendations made by these services, since the trust department retains ultimate responsibility for the actions of these third parties. Before contracting with an outside servicer, prudent risk management warrants a due diligence review of the counterparty and the contract. Refer to Section 10 – Other Trust Matters of this Manual for additional information on due diligence reviews and managing third-party risks.

The competence of management should be questioned if serious shortcomings or criticisms exist. When deficiencies are of short duration, middle management may often be responsible. However, senior management must be held responsible for any long-standing or widespread deficiencies. When applicable, examiners are to describe management deficiencies and make appropriate supervisory recommendations in the report of examination.

2. Assessment Factors

Examiners are to assess the following factors when evaluating the competence and expertise of management, such as:

• Experience - What is the experience level of trust department management and does this experience correspond to the individual duties and responsibilities assigned?
• Training - What kind of professional training, such as classes and seminars, has management personnel received and has the training been effective?
• Education - What is the level of academic achievement (college degrees, designations, and/or certificates) within the department and the relationship to managerial positions?
• Character - Is the personality, disposition, and reputation of trust department management consistent with the requirements imposed by their individual duties and responsibilities? Are there any other influences or factors that could cause a person's integrity, reliability, or ethics to be suspect?

In small trust departments, it is important to determine whether management is well versed in all facets of the fiduciary services offered by the department to effectively supervise trust activities. In moderate or larger departments, middle-level personnel may specialize as investment officers, account administrators, operations officers, taxation specialists, or new business development officers, among others. Each department employee should have a level of competence commensurate with their position and the size, complexity, and risk profile of the department's activity.

3. Personnel, Staffing Levels, and Authority Lines

As noted previously, a well-run trust department relies upon knowledgeable and experienced personnel. Therefore, an effective risk management tool includes a personnel organization plan that provides for continuity and includes procedures for recruiting, training, and evaluating personnel. Additionally, a well-developed plan is necessary to ensure staffing levels are available to handle the volume of work. Further, communication of clearly defined lines of authority, duties, and responsibilities to all personnel promotes the efficient, productive, and orderly execution of the department's functions. Lines of authority can be structured on a legal entity, business line, or functional basis. Reviewing lines of authority allows the examiner to assess the department's ability to identify, communicate, and manage risks. An organizational chart is helpful as a starting point. An effective organizational structure promotes an orderly flow of the trust department's daily work and is sufficiently flexible to accommodate peak workloads without sacrificing efficiency or accuracy.

4. Personnel Policy

Examiners should also evaluate the department’s personnel policies, as they are an important tool for the bank to manage potential risks in a trust department. An effective personnel policy considers the size of the trust department staff, qualifications of personnel, organizational structure, employee ethics, salary administration, and employee benefits. A code of ethical standards, as part of personnel policies, is critical to establishing boundaries and expectations in a trust department and usually covers such matters as: acceptance of gratuities, gifts, favors, and bequests; acceptance of loans from fiduciaries, beneficiaries, customers, or agents; disposition of fees earned by employees for personal services rendered in the performance of fiduciary duties; acceptance of benefits for serving as co-fiduciary; exertion of influence on fiduciary customers for personal gain; and maintenance of confidentiality of the fiduciary relationships.

5. Management Succession

The retention of qualified employees is essential in discharging fiduciary obligations. Therefore, examiners are to review for undue reliance on one individual or few key individuals, and determine the adequacy of any mitigating strategies. Appropriate planning by the Board and senior trust management helps minimize disruption should there be an unexpected departure of a key individual(s).

6. Dominant Officials or Policymakers

Trust departments can be subject to dominant officials or policymakers similar to other departments within a bank. A dominant official or policymaker is defined as an individual, family, shareholder, or group of persons with close business dealings or otherwise acting together, that exert material influence over virtually all decisions involving the bank’s policies and operations. The definition of a dominant official, as provided in this section, is not intended to capture individuals who merely occupy multiple positions, particularly in small departments, if they do not exert material influence over virtually all decisions involving the departments polices and operations. Examiners should carefully consider the risks associated with trust departments controlled by an official that dominates virtually all decisions involving policies and operations. While the presence of a dominant official should not be automatically viewed negatively or as a supervisory concern in and of itself, a dominant official coupled with other ineffective risk management practices are of concern and require enhanced supervision. Examiners should refer to the RMS Manual of Examination Policies, Section 4.1 - Management, for additional information regarding the identification of dominant officials or policymakers along with appropriate Report of Examination treatment.

A Board approved risk management program is critical to identify and control fiduciary risk. An effective risk management program guards against liability that can result from lawsuits or poor administrative practices, and identifies those areas where there is increased potential for exposure. Strong internal controls, sound policies and practices, and appropriate management information systems provide the framework for an effective risk management program. The sophistication of effective risk management programs is commensurate with the size of the department and the complexity of the products and services offered. Appropriate risk tolerance levels that are clear and monitored by both senior management and the Board of Directors help avoid undue levels of risk. Effective risk management programs are also continuously reviewed and revised to ensure current and anticipated business risks are captured. When assessing the effectiveness of the risk management program, examiners are to consider whether the program adequately:

• Establishes the level of risk that management is willing to assume. Examiner emphasis should be placed on reviewing the planning process, policies related to the process, and underwriting standards of accounts and new products.
• Identifies the various risks associated with the institution's key trust-related products and services, as well as its operating environment. This includes an analysis of methods employed in determining fiduciary insurance coverage, loss reserves, and the impact of fiduciary risk on capital adequacy. Litigation concerns should also be analyzed.
• Implements adequate controls and monitoring systems. This includes assessing the system of checks and balances, trust system user access controls, audit coverage, the compliance management system, and the overall scope and reliability of existing management information systems.
• Supervises operations and the implementation of procedures when new accounts are obtained. Guidelines typically provide information for day-to-day management of fiduciary activities, operating systems, and internal controls.

Trust activities expose the bank to many of the same risks encountered in commercial bank operations. Operating, strategic, legal, compliance, credit, settlement, market, liquidity, and reputational risks are found in varying degrees within many departments. While some risks may directly affect the department and the bank, others may be inherent in the products purchased or held in client accounts. Ultimately, if management is unable to identify and/or properly manage these risks, it increases the potential complaints, lawsuits, and other consequences.

1. Management Information Systems

Sound management information systems (MIS) and reporting helps ensure that directors and senior executives are fully apprised of the nature, breadth, and condition of risks posed by the fiduciary services for which they are responsible. Informal reporting channels may be appropriate for small, non- complex activities where officers are directly involved in routine operations. More detailed or formal reports are typically needed for larger departments or those with multiple product offerings or levels of authority.

The content, format, and frequency of MIS reporting will vary depending on the type of services offered and the volume of activity. Reports may be tailored to the functions of a committee, a business line, or any other form that meets the needs of the Board and senior management. Commonly used trust MIS reports may include, but are not limited to:

• New and closed accounts;
• Exceptions from established policies, procedures, and risk limits;
• Accounts presenting administrative difficulties;
• Accounts involving complaints;
• Accounts associated with threatened or pending litigation;
• Significant discretionary actions;
• Activities experiencing sustained or significant losses;
• Investment strategies and performance, including proprietary products;
• Exposures to counterparties;
• Performance of new products, business opportunities, and marketing;
• Profitability and comparison to strategic goals;
• Conflicts of interest;
• Audit and regulatory reports, along with correction status;
• Exception based reports for assets out of acceptable allocation variances
• Emerging risks; and
• Corporate trust issues in default.

When information concerning active or large-scale activities is summarized, examiners should assess whether there is sufficient clarity to discern trends, issues, and potential risk exposure, and confirm that detailed information is available to senior officers and directors at their request. Further, the assessment should consider whether MIS reports are meaningful, timely, and accurate.

2. Watch Lists

A written watch list of accounts and assets meriting special attention provides a measure of control that can assist management in limiting contingent liability and mitigating loss. Effective, watch lists are comprehensive, well documented, and periodically reviewed by the trust committee. They also document management actions, including decisions made, contacts with interested parties, and legal discussions. The level of detail provided by the watch list and the depth of the follow-up procedures will vary with the size and complexity of the trust department. However, at a minimum, an effective watch list:

• Identifies trust accounts, groups of trust accounts, or assets that warrant the special attention of management; and
• Provides a summary of each account or asset identified, indicating the reason(s) why the particular account or asset merits special attention, and to the extent feasible, quantifying the amount of risk.

Accounts or assets that involve pending or threatened litigation, customer complaints, waived fees, criticisms by regulatory authorities at prior examinations, large overdrafts, material devaluation or dissipation, delinquency, default or bankruptcy, or other situations may warrant inclusion on the department's watch list.

Watch lists also serve as a valuable reference point for examiners, who can compare the findings of their own account review with the accounts identified by management as warranting special attention. This should assist examiners in assessing the adequacy of the risk management program.

1. New Account Reviews

Prompt review of new accounts for which the trust department has investment responsibility helps to confirm the adequacy of account documentation, ensure disclosure acknowledgement, establish appropriate ticklers, and verify the receipt of (or process to convey) assets. An initial review is also helpful to validate that the investment program established is consistent with the needs and objectives of the account and that the synoptic record is complete and accurate. As defined in Section 2 - Operations, Controls and Auditing of this Manual, a synoptic record provides a concise summary of the principal duties and provisions of the legal documents governing the account, and may also provide other important information, such as beneficiaries, remaindermen, remittance instructions, and reporting requirements Departments typically complete the review within 60-90 days of opening to allow staff sufficient time to perform these tasks.

2. Scope of Annual Account Reviews

Reviewing accounts on an ongoing basis offers one of the strongest risk management controls over fiduciary activities. The most effective processes are based upon policies and procedures that clearly establish standards for the scope and documentation of account reviews along with exception reporting and tracking. The scope of the account review primarily depends on the department's fiduciary responsibilities and the type of account under review. An account review generally covers the administration of the account (administrative review) and the suitability of the account's assets (investment review). Prudent departments that provide services to third parties, or who obtain services from third parties, typically ensure that all affected accounts are reviewed by the appropriate party as outlined in the written agreements. The scope of an account review is dependent upon the nature of fiduciary responsibilities and type of account, as outlined below.

• Collective Investment Funds (CIFs) – CIFs administered by state-chartered, non-member banks may be subject to the administrative and investment requirements of OCC regulation 12 CFR 9.18. The review of CIFs will, therefore, typically include administrative and investment reviews. The administrative review helps determine whether the operation of each CIF complies with applicable laws, and regulations (e.g. OCC Regulation 9, SEC regulations, ERISA and DOL regulations, the Internal Revenue Code and IRS regulations, etc.), and whether risk management practices are prudent. The investment review validates that investments are consistent with the stated investment purpose of each fund. Performance measurement for each CIF is also typically included in the annual review. Refer to Manual Section 7 - Compliance - Pooled Investment Vehicles, subsection B.6 OCC Regulation 9.18 Requirements for more information.
• Discretionary Personal and Employee Benefit Accounts - In personal and employee benefit accounts where the institution has investment discretion, an account review generally consists of an administrative and investment review. The administrative review will differ according to the type and purpose of a given account.
• Nondiscretionary Personal Accounts - The nondiscretionary account review primarily focuses on the appropriateness of account administration, which will differ according to the type and purpose of a given account. There may be no requirement or responsibility to review investments, but as in all nondiscretionary accounts, a corporate fiduciary may be held accountable for the actions of a co-fiduciary due to the bank's professional corporate status.
• Nondiscretionary ERISA Employee Benefit Accounts - Review of self-directed employee benefit accounts is normally limited to coverage of administrative matters. These will differ according to the type of responsibilities (such as participant record keeping or participant loan programs) administered by the bank. In these accounts, a cursory review of the investments is also in order to identify and avoid flagrant violation of the insider and prohibited transaction provisions of ERISA. Trustees directed by named fiduciaries may still have liability if they do not determine whether directions are proper, meaning that they are in accordance with the plan, and not contrary to ERISA and/or applicable regulations; for more information, see ERISA Section 403(a)(1) and DOL’s current Field Assistance Bulletins (including DOL Field Assistance Bulletin 2004-03). A corporate fiduciary is held to a higher standard because of its perceived knowledge and expertise in fiduciary matters.
• Nondiscretionary non-ERISA Employee Benefit Accounts - These accounts are generally sponsored by church organizations or state, county, or municipal governments and their agencies. Only the administrative reviews, as covered above for nondiscretionary ERISA employee benefit accounts, and cursory reviews of investments are generally performed.
• Self-Directed IRAs and Keoghs - Self-directed IRA and Keogh accounts are considered trust accounts under Internal Revenue Code Section 408(h). Therefore, examiners should determine whether an administrative review is performed and that proper controls are in place to limit liability. For a discussion of the proper controls, refer to Manual Section 2 - Operations, Controls and Auditing, subsection O. Self-Directed IRAs and Keoghs.
• Custodial Accounts - Although custodial accounts are not always considered fiduciary accounts (the classification depends on state law), prudent risk management would ensure that administrative reviews are normally performed on all custodial accounts. This also applies to custodial accounts for ERISA employee benefit plans. Management has the responsibility of ensuring that custodial relationships are being administered in accordance with signed agreements.
• Discretionary Corporate Bond Trusteeships - Bond indentures for corporate and municipal debt issues (such as bonds, debentures, or corporate notes) usually delineate how available funds are to be invested. Nonetheless, the bank may have discretion in selecting the actual investments. In such cases, prudence dictates that investments held for the account should be reviewed, as well as the administration of the account.
• Nondiscretionary Corporate Bond Trusteeships and Agencies - These accounts generally involve corporate and municipal debt issues, securities transfer agencies, and paying agencies. Since there are either no assets on hand or the bank has no discretion over their investment, only administrative reviews are typically conducted.
3. Frequency and Authority Level of Account Reviews

Like all other risks that banks encounter, the Board of Directors is ultimately responsible for overseeing the management of fiduciary risk through establishment of sound policies and processes; regular account reviews are a critical process to help manage that risk. Reviewing accounts at least annually allows for timely identification and correction of deficiencies in administration or investment practices. Further, prudently written departmental policies clearly outline the frequency and authority level of account reviews. The Board can establish an organizational structure of its choice, including the delegation of account reviews to subcommittees. Reviews completed by disinterested competent account officers also offer a strong risk management technique to identify fiduciary risks as it incorporates an independent view of individual account administration.

Certain accounts may warrant a more frequent review or a review at a higher level in the organization than other accounts due to potential risk. For example, those accounts where the department has investment discretion are generally reviewed more frequently than accounts where no investment discretion is exercised. Other accounts that typically warrant more frequent and senior-level reviews may include accounts that: possess unique or unusual characteristics or circumstances; involve substantive complaints from grantors or beneficiaries; involve substantive or repeated criticism by regulatory authorities; involve pending litigation; or contain instruments with complex structures. Those accounts that employ risk hedging tools such as derivatives and those with high-risk investments also warrant more stringent review.

In turn, accounts of a certain size or complexity may be collectively reviewed, at the judgment of the Board. Collective review procedures would normally be performed on the smallest and least complex of trust department accounts. However, collective reviews might also include some larger, self-directed IRA or 401(k) employee benefit plans. In addition, de minimis accounts may qualify for "non-review" if Board-approved procedures establish criteria for including or excluding these accounts from the non- review category. When encountered, examiners should assess whether a department’s collective and de minimis review procedures are reasonable.

Account reviews conducted by a committee often prove effective since such a structure benefits from group experience and knowledge. On occasion, a Board may allow accounts where the department does not have investment discretion, other than those discussed previously as deserving a higher level of review, to be reviewed by a disinterested competent account officer, who is not responsible for the account's administration.

Examiners should strongly encourage management to adopt appropriate account review procedures and should criticize in the Report of Examination failure to review accounts in accordance with departmental policies and sound risk management principles.

4. Content of Account Reviews

A comprehensive account review includes an administrative and an investment review. Management may choose to address both aspects in one review or in two separate reviews. Both methods are suitable as long as each review, by itself, is complete in nature. Whether performed separately or together, comprehensive reviews consider the governing instruments, applicable laws and regulations, fiduciary responsibilities, needs of the beneficiaries, investment objectives, and the presence of unique or hard-to-value assets.

No listing can appropriately denote every item that should be considered in an account review since the reviews vary based on the department's fiduciary responsibilities, type of account, assets held, and other circumstances. Nonetheless, the general areas noted below are illustrative of the areas that typically receive coverage in either an administrative or investment account review.

Administrative Review

An administrative review may include, but is not limited to, the following items:

• Governing instrument (trust agreement, Will, plan document, indenture, etc.) - Is a copy on file?
• Synoptic record - Is the record complete, accurate, current, and reliable?
• Tickler system - Is the system up-to-date and accurate?
• Cash transactions - Are remittances, disbursements, and overdrafts posted correctly to income and principal? Is there any evidence of unusual cash flow activity, such as free riding (refer to Manual Section 2 Operations, Controls and Auditing subsection K. Free Riding and Daylight Overdrafts)? Is there any suspicion of money laundering? If so, has management filed, or considered filing, a Suspicious Activity Report per FDIC Part 353 – Suspicious Activity Reports.
• Securities transactions - Were appropriate approvals and authorizations obtained for non- discretionary and discretionary transactions? As applicable, were confirmations sent within the prescribed time frames? Did the confirmations or account statements contain the appropriate disclosure documentation? Refer to FDIC Part 344 – Recordkeeping and Confirmation Requirements for Securities Transactions for further information.
• Own-bank and affiliate obligations - Are purchases properly supported and authorized?
• Accountings and statements - Are they accurate, timely, and provided to appropriate parties?
• Hold mail/returned items - Are holding mail instructions valid? Have returned items been properly addressed?
• Commissions and fees - Are they accurate, consistent with the established fee schedule, and being collected? Have any exceptions been appropriately approved?
• Co-fiduciary approvals/denials - Are approvals/denials documented?
• Committee approvals/denials - Are approvals/denials documented?
• Internal policies and procedures - Is the account in compliance?
• Complaints - Are complaints by grantors, beneficiaries, plan administrators, or others reviewed? Have previous complaints been resolved?
• Criticisms - Is corrective action being taken with regard to criticisms noted by internal and/or external auditors and regulatory authorities?
• Litigation - For any accounts currently involved in pending litigation, is appropriate documentation in file or retained elsewhere, and are any associated status reports or summaries up to date and accurate?

Examiners should be flexible in assessing the adequacy of the administrative review process. An evaluation of an institution's administrative review process should focus on the effectiveness of the process, rather than the manner in which the review process is conducted. While a formal review approach (one in which those performing the administrative review meet formally at specific intervals to review the administration of some or all accounts) may work well in small- and medium-sized trust departments, such an approach may be both impractical and inefficient in large departments that administer thousands of accounts. Such institutions may adopt administrative review methods that employ a "due diligence" approach to account review. In lieu of a "sit down and checklist" methodology, the "due diligence" approach uses a combination of internal audits, tickler systems, checks and balances, and other procedures to verify that, over the course of the year, all accounts are properly administered. Examiners should not automatically criticize the absence of formal account review sessions, but instead should evaluate the effectiveness of the "due diligence" process in providing an appropriate test of account administrative processes. Like any account review system, a well-designed and valuable "due diligence" process will promptly identify administrative deficiencies and promote the timely correction of identified weaknesses. This includes reporting results of the administrative review process periodically to the Board, or a Board committee, and senior management.

Investment Review

An investment review is an evaluation of an account’s assets and objectives at a point in time. An effective review process supports a trust department’s ability to meet its fiduciary responsibilities and to properly administer customers’ accounts. An effective process has the following characteristics:

• Provides for reviews performed by an independent person or committee.
• Verifies whether account investment objectives are appropriate in light of the needs of the beneficiaries, and that investments support those objectives.
• Provides for an assessment of an entire portfolio, including unique assets, in light of tax considerations, risk tolerance, and liquidity needs.
• Considers any asset allocation imbalances or lack of diversification.
• Identifies and tracks exceptions until resolution.
• Measures investment performance to established benchmarks and investment objectives and establishes a process for handling outliers.
• Verifies whether an appropriate valuation process is used to value individual assets.

When the trust department has discretion over the account's assets, there is increased risk to the department if assets are handled improperly. Therefore, examiners will review the investment review documentation to verify that at a minimum, information considered includes:

• Investment powers authorized by the trust instrument and/or governing law;
• Investment objective of the account (income, growth, etc.);
• Listing of account assets, reflecting cost and market values;
• Projected yields on individual assets;
• Projected income of the overall account; and
• Amount of principal and income cash on hand.

An investment review may include, but is not limited to, the following items:

• Investment objectives - Are they current and consistent with the objectives of the account? Are assets held consistent with the chosen investment objectives and/or asset allocation models?
• Diversification of discretionary investments - Is the account properly diversified consistent with either the Prudent Man Rule⁴ or Prudent Investor Act,⁵ as applicable?
• Concentrations - Are there any undue concentrations, either within a type of security, industry, or specific obligation?
• Own-bank or affiliate obligations - Is the purchase appropriate, yield adequate, and authorization documented?
• Investments in companies related to, or loans made to, bank insiders - Are there any conflict of interest or self-dealing concerns? Have the investments been approved by the Board of Directors or an appropriate committee?
• Approved hold, buy, and sell lists - Is the account in compliance?
• Maturity of assets - Are there excess funds invested in short-term (lower yielding) investments? Is there adequate liquidity?
• Asset valuations - Are assets, including unique assets such as real estate, limited partnerships, closely held businesses, real estate syndications, and derivatives, valued accurately?
• Insurance coverage - Is it adequate?
• Environmental risk factors - Are there any environmental risk concerns, and if so, are they being properly addressed?
• Complaints - Are complaints by grantors, beneficiaries, plan administrators, or others reviewed? Have previous complaints been resolved?
• Criticisms - Is corrective action being taken in regard to criticisms noted by internal and external auditors, and regulatory authorities?

All of the items listed above may not necessarily be included in every trust department's account review program. Therefore, examiners must exercise discretion in assessing the adequacy of account reviews. An assessment should be made after giving consideration to the department's overall account review program, fiduciary responsibilities, committee minutes, file documentation, account officer expertise, and account sampling. Some trust departments may believe that completion of an investment review alone is sufficient for discretionary accounts. Examiners should remind management that fulfilling account administrative duties (i.e., timely mailing of customer statements, income distributions, and fee calculations) is also a fiduciary responsibility that should be reviewed to reduce exposure to liability.

Failure to address weaknesses identified during an investment review could expose the bank to future litigation, compliance, and reputation risk. Examiners will also assess the effectiveness of management supervision and follow-up, including exception tracking systems. An effective tracking system typically provides, at a minimum, notification to management of items needing attention, identification of reviews that are past due, realistic timeframes for implementing corrective action, and the ongoing status of those efforts. Since oversight and approval of exceptions by Board or management committees is an important control over the review process. Examiners will verify whether an effective process to escalate deficiencies or exceptions has been established, including whether, exception waivers are made within clearly defined parameters.

If the account review program is materially deficient, the Report of Examination should contain criticisms of management. The examiner-in-charge should obtain management's response and plan for corrective action.

5. Automated and Manual Account Review Processes

The process used by trust departments to review trust accounts has evolved over time. Historically, trust departments have used manual processes for administrative and investment reviews. However, to increase efficiencies, many departments are relying more on automated review systems purchased from vendors or developed in-house. The functionality and sophistication of automated systems vary, but most allow for a more efficient process to identify exceptions in account administration or investments. Some banks use a hybrid process that encompasses features of manual and automated reviews.

Manual Systems

A manual system involves a more direct approach to account reviews. On accounts in which the trust department exercises investment discretion, administration and investment management are typically reviewed simultaneously. This can promote communication among administrators and portfolio managers. Additionally, manual reviews may allow a more detailed focus on complex accounts, those with unique assets, or those that reflect higher risk. However, manual systems can be time consuming and labor intensive, particularly when a department manages a large number of discretionary accounts. As the number of reviews grow, so may the risk that administrators dedicate less attention to individual reviews or that reviews may no longer be completed timely. Additionally, the quality of reviews also depends heavily upon the expertise of the individual completing the review.

Automated Systems

Automated reviews can also be useful during the account review process, particularly on lower-risk accounts such as those invested solely in mutual funds on an approved list or in model portfolios. An automated system can easily identify accounts, often as frequently as daily, with investments that may not conform to investment objectives or approved allocations that may result in concentrations, or may contain conflicts of interest. However, while automated systems can improve efficiency, they can also contain risks that need to be managed. A wholly automated process is often dependent upon a limited number of parameters to identify exceptions. An automated system may also encourage reviewers and administrators to focus solely on exceptions and may not adequately address changes in beneficiary needs that have occurred. While identification, reporting, and ongoing monitoring of exceptions may be easier, an automated review system does not replace sound portfolio management or committee oversight.

6. Records of Account Reviews

Maintaining documentation of account reviews provides evidence of the review process in the event complaints are lodged against the trust department or if litigation issues arise; therefore, the examiner is to assess whether the trust department can satisfactorily demonstrate that account reviews are accomplished according to departmental policy. Appropriate documentation retention policies help ensure that adequate documentation is maintained of each review. Normally, two types of records of account reviews are maintained: one at the reviewing authority level (i.e., trust committee, subcommittee, or disinterested account officer), and the other at the trust account level.

1. Reviewing Authority Level

The purpose of a record at this level is to document that the institution has conducted proper reviews of its trust department accounts. An appropriate record is typically maintained at the reviewing authority level (committee or disinterested account officer) substantiating that a review was conducted. A thorough record lists individual accounts reviewed and provides details of any decisions made concerning the accounts. Examiners should review management's methodology for conducting reviews and determine whether adequate exception reporting has been implemented and is being monitored.

Summary reports of these reviews are typically submitted to the next highest committee (or subcommittee) level for review and ratification. While copies of the actual review documents or material(s) on which the review was conducted do not need to be routinely provided to the next highestcommittee, examiners should determine whether such documentation is available to committee members for review.

2. Account Level

The purpose of a record at this level is to document the fact that the individual trust account received an appropriate review. A record of the review normally appears in the individual account file, as it is one of management's fiduciary duties to keep clear and accurate accounts. The actual review documents or materials on which the review was based are kept at this level. Any noted exceptions to the governing instrument or department policies are also generally retained in the file along with sufficient documentation outlining corrective action. Objections, complaints, and lawsuits over trust accounts often occur years after a transaction occurs. The information provided in this record can be an important defense in explaining the rationale for actions taken in prior years. For this reason, account review information is usually more easily assembled from this source than from information recorded in committee minutes.

⁴ Prudent Man Rule was based on Massachusetts common law written in 1830 and revised in 1959. It stated that a trust fiduciary was required to invest+ individual trust assets as a ”prudent man” would invest his own assets, with the following in mind: the need of beneficiaries; the need to preserve the estate; the need for income.

⁵ Prudent Investor Act is an update to the prudent man standards intended to reflect the changes that occurred in investment practice since the late 1960s. Specifically, it reflects modern portfolio theory and total return approach to exercise fiduciary investment discretion, as compared to prudent individual investments. It fostered the use of diversification in investment portfolios.

Directors are not typically actively involved in day-to-day trust operations. However, a central principle of risk management includes the communication of clear guidance regarding acceptable risk exposure levels, and appropriate policies, procedures, and practices. Senior management is responsible for developing and implementing policies, procedures, and practices that translate the Board's goals, objectives, and risk limits into prudent operating standards. Compliance with written policies and procedures is also a fundamental element of a sound risk management program. When properly monitored and enforced by directors, well-developed policies, procedures, and controls promote operating efficiency, compliance with laws, regulations, and fiduciary principles, and minimize losses.

In smaller departments, policies may be relatively brief, yet adequately serve the needs of the department given the services offered and the nature of accounts administered. In larger departments, however, or in those administering more complex accounts, policies will likely be more detailed. Nonetheless, the FDIC recommends that all policies be written and periodically reviewed and revised to ensure that they remain adequate for the bank's fiduciary activities. Depending upon the scope and complexity of fiduciary operations, trust department policies will typically address the areas listed below:

• Investment Policy
• Overdraft and Cash Balance Requirements
• Guidelines for Account Administration
• Fee Concessions
• Conflicts of Interest and Self-Dealing Policies
• Securities Trading
• Operations and Controls Guidelines
• Business Development Guidelines
• Selection and Retention of Legal Counsel
• Policy Exception Reporting and Approval Guidelines
• Broker and Investment Advisor Selection
• Incentive Compensation
• SEC/FRB Regulation R/GLBA Broker Exception Rules
• Business Continuity Planning and Testing

In addition to trust specific policies, many banks incorporate fiduciary activities within broader bank policies. As appropriate, examiners should review all policies that are applicable to the trust function or that cover trust employees. Detailed below are some of the more common bank policies that may cover fiduciary activities:

• Ethics / Code of Conduct including an Anti-Bribery Policy
• Personnel
• Bank Secrecy Act / Anti-Money Laundering
• Customer Due Diligence
• Digital Banking
• Privacy / Information Security
• Electronic Funds Transfer
• Third Party and Vendor Management
• Accounting / Audit

Other trust policies may include, but are not necessarily limited to, brokerage placement; acceptance of accounts; acceptance of co-fiduciary appointments and division of compensation with co-fiduciaries; operations and administration; account reviews; loans to trust accounts; and proxy voting.

1. Incentive Compensation Arrangements and Policies

Incentive compensation arrangements often seek to serve several important objectives. For example, they may be used to attract skilled fiduciary staff, induce better department-wide and employee performance, promote employee retention, provide retirement security to employees, or allow compensation expenses to vary with performance goals. However, poorly structured arrangements have the ability to expose a trust department to material amounts of risk. Such arrangements could pose a threat to a financial institution’s safety and soundness by rewarding employees for increasing revenue or short-term profit without adequate recognition of the risks the employees’ activities pose to the organization. Regardless of the size of a trust department or financial institution, designing and implementing compensation arrangements that properly offer incentives for executive and non- executive trust department employees to pursue an organization’s long-term well-being and that do not encourage imprudent risk-taking is a complex task. Well-constructed incentive compensation arrangements and policies address the following principles:

• Balanced Risk-Taking Incentives - The amounts paid to a trust department employee appropriately take into account the risks (including compliance risks), as well as the financial benefits, from an employee’s activities and the impact of those activities on an organization’s safety and soundness.
• Compatibility with Effective Controls and Risk-Management - A trust department’s risk management processes and internal controls reinforce and support the development and maintenance of balanced incentive compensation arrangements. Strong controls governing the process for designing, implementing, and monitoring incentive compensation arrangements help prevent damage from occurring. Such controls also produce documentation that facilitates an audit of the effectiveness of a department’s processes.
• Strong Corporate Governance - Continuously active oversight by the Board of Directors helps maintain a safe incentive compensation arrangement. Effective boards, among other activities, approve the arrangements for all employees, particularly senior executives; approve and document any material exceptions or adjustments; monitor the performance and regularly review the design and function of arrangements; and regularly receive data and analysis from management or other sources sufficient to assess whether the overall design and performance of the arrangement is consistent with safety and soundness.

Examiners are to review compensation arrangements in the context of the Interagency Guidelines Establishing Standards for Safety and Soundness, Appendix A to Part 364 of the FDIC’s Rules and Regulations.

It is a common practice for management to grant fee discounts to fiduciary clients. Such discounts are usually offered as either fee concessions or compensating balance arrangements. To avoid unwarranted or excessive fee concessions, an effective trust department policy clearly describes to whom and for what purpose discounts will be allowed, the types of services that may be involved, and the method by which the trust department may be compensated by the bank for such discounts.

Some banks also offer fee concessions to bank insiders and employees as part of an employee benefit program. If the practice is to charge reduced fees to directors, officers, employees, shareholders, or their interests, the FDIC recommends that the practice be in writing and approved by the Board. Fee concessions for insiders are not generally a significant risk management concern but can result in increased financial, reputational, and operational risk if not well managed. While not requirements, a well-designed and prudent insider fee concession program helps ensure:

• The program is consistent with marketing and profitability objectives;
• The trust department will operate at a profit after the fee concessions are granted;
• The fee concessions are granted under a uniform and nondiscriminatory policy to all directors, officers, and employees of the bank; and
• The fee concession policy is approved by the Board of Directors.

Affiliate Accounts and Fees

ERISA and DOL ERISA Regulation 2550.408b-2(e)(3), establish limitations on fees that may be assessed by the trust department against affiliated employee benefit accounts. Pursuant to ERISA, trust departments may be reimbursed only for direct costs associated with the employee benefit accounts and are limited to the extent that direct costs vary and are passed through to the account in the form of fees. See DOL Advisory Opinion to Bank Plan 79-49 – Payment of Fiduciary Fee to Bank Sponsor of Plan for additional discussion.

Section 23B of the Federal Reserve Act prohibits the preferential waiver of fees for the benefit of an affiliate (and to the detriment of the bank/trust department). Section 23B targets fees that are negotiated or based on a fee schedule since such fees generate income or profit for the trust department. When these scheduled fees are reduced or waived for affiliated accounts, employee benefit or otherwise, an apparent violation of Section 23B may occur.

Note that ERISA establishes limits that trust departments may charge employee benefit accounts while Section 23B limits preferential treatment to affiliates. If a given trust department is assessing fees to employee benefit accounts in accordance with the ERISA schedule, Section 23B will likely not apply as there is no preferential treatment to the employee benefit account, even if affiliated, since the trust department is following applicable law. However, when fees assessed are actually less than direct costs associated with the servicing of an affiliated employee benefit account, an apparent violation of Section 23B may exist; examiners encountering this situation should discuss the specifics with the Regional Office.

Open dialogue with trust department management is critical to successful risk-focused, forward-looking supervision. FDIC experience has shown that supervision efforts are more effective when communication between FDIC staff and institution management at every stage of an examination is open, transparent and consistent. Clear communication and coordination with trust department management fosters an effective flow of information between the FDIC and the department and helps ensure examiners understand management’s views of the trust department’s business model, risk profile and complexity. Clear communication and coordination also ensure that regulatory findings and recommendations are well understood by management.

The examiner-in-charge (EIC) should determine a mutually convenient schedule to meet with trust department management for discussions during the examination. The EIC should advise institution management that there is no need to wait for a scheduled meeting to ask questions or to seek further clarification of items already discussed. As part of the scheduled discussions, examiners should ensure management remains abreast of the examination progress by providing updates and soliciting feedback regarding any initial findings. Such interactions present management with the opportunity to ask questions, provide additional information, and request clarification. When significant findings regarding noted weaknesses are discussed, examiners should clearly convey each issue that is a cause for concern and explain the risks to the trust department and the institution’s operations or financial performance if the issue is not addressed in a timely manner.

Some of the items to discuss with management include:

• Policies
• Organizational structure
• Operations and automated systems
• Marketing strategies New products and services
• Key personnel changes
• Investment strategies
• SEC/ Federal Reserve Board Regulation R and GLBA broker exception rules

At the conclusion of the examination, the EIC should meet with the trust department manager and another senior level bank manager to discuss the examination findings. In addition to presenting the findings and supervisory recommendations, the EIC should obtain management's response and commitment to address any supervisory recommendations. The EIC should not present recommendations or criticisms in the Report of Examination that have not first been presented to management.

Although review of trust committee minutes and supplemental reports should indicate the degree of involvement and interest of committee members in their assigned duties and responsibilities, it may not provide sufficient basis for analyzing committee effectiveness. Therefore, examiners may consider attending committee meetings held during the examination, not only to observe, but also to share examination findings and present supervisory recommendations to the committee. The examiner may use this opportunity to discuss committee members' collective views on the department, its direction and potential.

At or near the conclusion of the examination, a meeting with the Board of Directors, trust committee, or other Board committee should be held either in accordance with the proposed examination composite rating (see below), or if not required, when requested by the Board (or board committee) and management. When the examiner concludes that a meeting with a Board committee rather than the full Board is appropriate, the examiner’s selection of the committee must be based on the group's actual responsibilities and functions rather than its title. In all cases, the committee chosen should include an acceptable representation of Board members who are not full time officers. Additionally, the committee chosen should be influential as to policy, meet regularly, and report to the entire Board.

The purpose of such Board or committee meetings is to acquaint directors and/or committee members with the examiner’s assessment of the condition of the trust department, present the proposed supervisory recommendations for correcting deficiencies or weaknesses, and seek the members’ commitment to correct the deficiencies. This meeting is generally included as part of the Safety and Soundness Examination Board meeting. The examiner will note in the Report of Examination with whom the findings of the examination were discussed, the corrective commitments provided, and any other relevant topics discussed.

1. Disclosure of Ratings

At the conclusion of the examination, the examiner is to disclose to senior management and/or the Board of Directors, the proposed Uniform Interagency Trust Rating System (UITRS) component and composite ratings. Disclosure of the proposed component and composite ratings encourages a more complete and open discussion of examination findings and recommendations, and therefore provides management with useful information to assist in making risk management procedures more effective. Examiners should clearly explain that the ratings are tentative and subject to final approval by the Regional Director.

2. Departments Assigned or Likely to be Assigned a Composite "1" or "2" Rating

If the trust department is assigned or likely to be assigned a composite "1" or "2" rating under the UITRS, The EIC will meet with the Board or a Board committee during or subsequent to the examination when 36 months or more have elapsed since the last such meeting.

3. Departments Assigned or Likely to be Assigned a Composite "3" Rating

If the trust department is assigned or likely to be assigned a composite "3" rating under the UITRS, the EIC should meet with the Board of Directors or an appropriate committee during or subsequent to the examination. Regional Office representation is at the discretion of the Regional Director. Additional meetings or other contacts with the Board of Directors or appropriate Board committee may be scheduled at the discretion of the Regional Director or designee. If the trust and safety and soundness examinations are concurrent, the meetings should be held jointly. There should be close coordination between the examiners-in-charge of the safety and soundness and trust examinations.

4. Departments Assigned or Likely to be Assigned a Composite "4" or "5" Rating

If the trust department is assigned or likely to be assigned a composite "4" or "5" rating under the UITRS, the EIC should meet with the Board of Directors (with the required quorum in attendance) during or subsequent to the examination. In such instances, the Regional Office should be informed so that the Regional Director or a designee can attend the meeting if necessary. Consultation with the Regional Office should take place during the examination to ensure full understanding and vetting of identified deficiencies. If the trust and safety and soundness examinations are concurrent, the meetings should be held jointly. There should be close coordination between the examiners-in-charge of the safety and soundness and trust examinations.

Description

This rating reflects the capability of the Board of Directors and management, in their respective roles, to identify measure, monitor and control the risks of an institution's fiduciary activities. It also reflects their ability to ensure that the institution's fiduciary activities are conducted in a safe and sound manner, and in compliance with applicable laws and regulations. Directors should provide clear guidance regarding acceptable risk exposure levels and ensure that appropriate policies, procedures and practices are established and followed. Senior fiduciary management is responsible for developing and implementing policies, procedures and practices that translate the board's objectives and risk limits into prudent operating standards.

Depending on the nature and scope of an institution's fiduciary activities, management practices may need to address some or all of the following risks: reputation, operating or transaction, strategic, compliance, legal, credit, market, liquidity and other risks. Sound management practices are demonstrated by: active oversight by the board of directors and management; competent personnel; adequate policies, processes, and controls that consider the size and complexity of the institution's fiduciary activities; and effective risk monitoring and management information systems. This rating reflects the capability of the board and management, in their respective roles, to identify, measure, monitor and control the risks of an institution’s fiduciary activities.

Factors Evaluated

The management rating is based upon an assessment of the capability and performance of management and the board of directors, including, but not limited to, the following evaluation factors:

• The level and quality of oversight and support of fiduciary activities by the board of directors and management, including committee structure and adequate documentation of committee actions.
• The ability of the board of directors and management, in their respective roles, to plan for, and respond to, risks that may arise from changing business conditions or the introduction of new activities or products.
• The adequacy of, and conformance with, appropriate internal policies, practices and controls addressing the operations and risks of significant fiduciary activities.
• The accuracy, timeliness, and effectiveness of management information and risk monitoring systems appropriate for the institution's size, complexity, and fiduciary risk profile.
• The overall level of compliance with laws, regulations, and sound fiduciary principles.
• Responsiveness to recommendations from auditors and regulatory authorities.
• Strategic planning for fiduciary products and services.
• The level of experience and competence of fiduciary management and staff, including issues relating to turnover and succession planning.
• The adequacy of insurance coverage.
• The availability of competent legal counsel.
• The extent and nature of pending litigation associated with fiduciary activities, and its potential impact on earnings, capital, and the institution's reputation.
• The process for identifying and responding to fiduciary customer complaints.

Ratings

A rating of 1 indicates strong performance by management and the board of directors and strong risk management practices relative to the size, complexity and risk profile of the institution's fiduciary activities. All significant risks are consistently and effectively identified, measured, monitored, and controlled. Management and the board are proactive, and have demonstrated the ability to promptly and successfully address existing and potential problems and risks.

A rating of 2 indicates satisfactory management and board performance and risk management practices relative to the size, complexity and risk profile of the institution's fiduciary activities. Moderate weaknesses may exist, but are not material to the sound administration of fiduciary activities, and are being addressed. In general, significant risks and problems are effectively identified, measured, monitored, and controlled.

A rating of 3 indicates management and board performance that needs improvement or risk management practices that are less than satisfactory given the nature of the institution's fiduciary activities. The capabilities of management or the board of directors may be insufficient for the size, complexity, and risk profile of the institution's fiduciary activities. Problems and significant risks may be inadequately identified, measured, monitored, or controlled.

A rating of 4 indicates deficient management and board performance or risk management practices that are inadequate considering the size, complexity, and risk profile of the institution's fiduciary activities. The level of problems and risk exposure is excessive. Problems and significant risks are inadequately identified, measured, monitored, or controlled and require immediate action by the board and management to protect the assets of account beneficiaries and to prevent erosion of public confidence in the institution. Replacing or strengthening management or the board may be necessary.

A rating of 5 indicates critically deficient management and board performance or risk management practices. Management and the board of directors have not demonstrated the ability to correct problems and implement appropriate risk management practices. Problems and significant risks are inadequately identified, measured, monitored, or controlled and now threaten the continued viability of the institution or its administration of fiduciary activities, and pose a threat to the safety of the assets of account beneficiaries. Replacing or strengthening management or the board of directors is necessary.