Skip Header

Federal Deposit
Insurance Corporation

Each depositor insured to at least $250,000 per insured bank

Home > Regulation & Examinations > Bank Examinations >Trust Examination Manual

Trust Examination Manual

Section 2 - Operations, Controls and Auditing

Table of Contents

The operations section of a trust department provides support to the administrative arm in much the same way as the operations division of a bank supports its other functions. As such, it is the focal point for all actions affecting customer accounts and the department itself. To be effective it must provide management with accurate and reliable systems for documentation, accounting and control. While the sophistication of the operational systems employed is likely to vary with the size and complexity of the department, the underlying principles involved are universal.

The trust function must have adequate facilities and equipment, as well as a sufficient number of knowledgeable, trained and experienced staff, to accomplish its tasks. Documentation substantiating appointments and actions taken throughout the life of an account must be obtained, maintained and preserved. Record keeping systems must provide a detailed picture of all funds and other assets under the control of the fiduciary from an account's inception to its closing. Procedures must be developed to process work in a uniform and orderly manner and a practical system of checks and balances must be developed to ensure the integrity of the work performed.

This section of the Manual is organized into the following parts:

A.  Trust accounting

B.  Property ownership

C.  Principal and income

D.  Carrying values

E.  Accounting records

     1.  General Ledger

     2.  Asset Control Accounts

     3.  Subsidiary Asset Controls

     4.  Subsidiary Liability Controls

F.  Trust records

     1.  Administrative File

         a.  Legal File

         b.  Digest or Synopsis

         c.  Correspondence File

         d.  Investment Review File

         e.  Securities Transaction File

         f.  Tax File

     2.  Tickler System

     3.  Other Records

         a.  Securities Transaction Register

         b.  Vault Control Log

         c.  Broker Statements

G.  Account documentation

     1.  Evidence of Appointment

     2.  Supporting Documentation

         a.  Trust Committee Minutes

         b.  Approvals

         c.  Indemnification

         d.  Accountings and Customers' Statements

         e.  Account Reviews

         f.  Receipt and Release

         g.  Other Documents

H.  Internal Controls

     1.  Segregation of Duties

     2.  Vacation Policy

     3.  Reconcilements

     4.  Other Elements of Control

     5.  Fraudulent Acts

I.  Nominees

J.  Use of broker-dealers for securities safekeeping/securities investor protection corporation (SIPC)

K.  Free riding and daylight overdrafts

L.  Facilities

M.  Information Technology

N.  Business Continuity Planning

O.  Self-directed IRA'S and keogh accounts

     1.  Direct Arrangements

     2.  Arrangements with Third Parties

P.  Custodial holdings of government securities: compliance with government securities act of 1986

     1.  Background

     2.  Applicability

         a.  To broker-dealer activities

         b.  To government securities repurchase transactions

         c.  To custodial holdings of government securities for customers:

Q.  Shareholder Communications Act of 1985

     1.  Background and Requirements

     2.  Applicability to Trust Accounts

R.  State escheat laws

S.  Audit and accounting issues

     1.  Audit Objectives

     2.  Audit Program

     3.  Audit Activities

     4.  Evaluation of the Audit Function

     5.  Statement on Accounting Standards (SAS #70)

     6.  FAS 87

A. Trust accounting

While general accounting principles apply to trust recordkeeping, significant differences exist between the accounting systems employed by the trust department and the commercial department.  Trust departments are called upon to serve in various capacities. Aside from personal and employee benefit trusts, the department may serve as corporate trustee for bond issues or as a paying or escrow agent.  Since each account must be treated as an individual entity, the accounting system adopted will be required to reflect individualized statements of holdings (or accountability), as well as aggregate controls for the department. The specialization required by this type of system, and the legal ramifications involved in handling fiduciary matters, necessitate the adoption of a completely separate set of books and records.

The fundamental principle behind general accounting theory is expressed in the equation:

Assets = Liabilities + Capital

This principle does not apply to trust accounting, since the fiduciary does not account for its own assets, but for the property of others. As such, the fundamental principle behind trust accounting is expressed as follows:

Assets = Accountability (or Liabilities)

In this equation, assets such as securities, deposits, or real property are liabilities for which the department is accountable, or liable, to others. Expressed differently, the assets of trust accounts are also the liabilities of the fiduciary. Normally, the only accounts holding cash or assets not owed to fiduciary customers are "house accounts," which may include undistributed profits and suspense items.

Note that the Call Report Instructions and Glossary describing accounting standards and practices, and generally accepted accounting principles, do not apply to trust accounting. 

B. Property Ownership

The laws governing the ownership of property differ from state to state. Therefore,  examiners need some basic knowledge of the property laws applicable within individual states. Trusts, in some form, are permissible in all states. A trust occurs when the ownership of property is separated as to title and equity. A trustee retains title to trust property (corpus or principal), but has no beneficial or equitable interest in the property. A trust cannot exist when the legal owner, or party holding title, also holds the only beneficial interest in the property. Nevertheless, a fiduciary does not necessarily have to hold title to property, such as in a guardianship. Beneficiaries are divided into two classes: those holding a current interest in the property of a trust, and those holding a remainder (or future) interest. Since the first class of beneficiaries is entitled to the current return generated from the property, while the latter is entitled to the future value of the property at some specified future time, trustees must maintain separate records to account for, and distinguish between, income and principal.

In an agency capacity, ownership and, in general, title to the assets, does not pass to the fiduciary, but remains with the principal. The trust department's obligation is to act as the principal's agent and follow the instructions stipulated in an agency agreement.

C. Principal and Income Allocations

The trustee is under a duty to deal impartially (remain neutral) with beneficiaries, when there are at least two beneficiaries.  This rule applies when the beneficiaries' interests are concurrent or successive.  In personal fiduciary accounts, it is common for one set of beneficiaries to be entitled to the income ("income beneficiaries"), while a second set of beneficiaries is entitled to the principal ("remaindermen"). These classes of beneficiaries often have different, sometimes opposing, needs and interests. While serving both classes of beneficiaries can often prove difficult, the trustee must balance objectives and investments, so that one class of beneficiary is not favored over the other.

While account agreements may outline permissible investment products,  the documents may not indicate treatment for allocations between principal and income.  For those circumstances where principal and income are not defined, default allocations have been established under the Uniform Principal and Income Act, with most states adopting the 1931 and the 1962 Revised Uniform Principal and Income Act.  The Act was again revised in 1997 to incorporate and be consistent with the concept of Prudent Investor Act (modern portfolio theory and total return) and allow for investment products not previously developed.  A copy of the Act and commentary are provided in Appendix C Uniform Principal and Income Act of 1997.  Nearly all states have adopted the Act in some form; however, examiners are reminded that states may modify "uniform" Acts during the legislative process.  According to the National Conference of Commissioners on Uniform State Laws, the primary difference is the ability to delegate investment decisions.  Consequently, the law of any state may depart in small or large measure from the "uniform" Act presented in this manual.  The text of these and other uniform acts is also available at the Internet site of the National Conference of Commissioners of Uniform State Laws,

Although distinguishing between "principal" and "income" appears relatively straightforward, there are many situations where it is much more complicated. The following list summarizes allocations for various issues:

  • Discount Obligations - The entire increase in value of these obligations is principal when the trustee receives the proceeds from the disposition, unless the obligation, when acquired, has a maturity of less than one year. 

  • Capital Gains - Capital gain dividend does not include any net short-term capital gain, and cash received by a trust because of a net short-term capital gain is considered to be income.

  • Reinvested Dividends - If a trustee elects or continues a course of action to reinvest dividends in shares of stock of a distributing corporation or fund, the new shares would be principal.  However, if the trustee makes a decision, for example, to make an investment without incurring brokerage fees, the trustee should transfer cash from principal to income in an amount equal to the reinvested dividends.

  • Mineral rights -  90 percent of oil and gas receipts are considered principal, while the remaining 10 percent are income.

  • Timber, Christmas trees, and Plywood for Commercial Sale or Use - If the timber cut and removed does not exceed the growth rate of timber during the accounting periods in which a beneficiary has a mandatory income interest, then net receipts are allocated to income. Any amount removed in excess of the growth rate is considered principal.  If the net receipts are from the lease of timberland or from a contract to cut timber from land owned by a trust, then net receipts may be allocated between income or principal.  In determining net receipts to be allocated, a trustee should deduct and transfer to principal a reasonable amount for depletion.  

  • Liquidating assets, such as leaseholds, patents, copyrights, and royalty rights -  Property subject to depletion was revised to allocate 90 percent of the amounts received to principal and the remainder to income.

  • Decedent's estate or terminating income interest - An income beneficiary's estate will be entitled only to the net income actually received by a trust prior to the beneficiary's death and not the accrued income.  

  • Derivatives (such as interest rate swaps) and Options (not embedded) - If the department does not maintain separate accounting records for these transactions, then the trustee shall allocate to principal, receipts from and disbursements made in connection with such transactions.  A gain or loss that occurs because the trustee marks securities to market or to another value during an accounting period is not a transaction in a derivative financial instrument that is income or principal under the Act.  Only cash receipts and disbursements are included.  Options include an option to purchase real estate owned by the trustee and a put option purchased by a trustee to guard against a drop in value of marketable stock that must be liquidated to pay estate taxes.  The practice of selling call options on securities owned by the trust, if the terms of the option require delivery of securities, is also included in this definition.  However, this does not apply if the consideration received or given for an option is something other than cash or property, such as cross-options granted in a buy-sell agreement between owners of an entity. 

  • Asset-backed securities, including real estate mortgages, credit card receivables, and Auto Loans - If a trust receives a payment, the trustee shall allocate to income the portion of the payment which the payer identifies as being from interest and the balance to principal.  If a trust receives one or more payments in exchange for the trust's entire interest in an asset-backed security in one accounting period (defined as a calendar year or can be a 12-month period if selected by a fiduciary), the trustee shall allocate the payments to principal.  If a payment is one in a series of payments that will result in the liquidation of the trust's interest in the security over more than one accounting period, the trustee shall allocate 10 percent of the payments to income, and 90 percent to principal.  An example of the final point is a busted PAC tranche, where the class protection has been eliminated.

  • Inflation-indexed bonds - Any increase in principal due to inflation after issuance is principal upon redemption, if the bond matures more than one year after the trustee acquires it; if it matures within one year, all of the increase is considered income. 

  • Deferred compensation, annuities, and similar payments - If no part of a payment is characterized as interest, dividend, or equivalent, and all or part of the payment is required to be made, the trustee should allocate to income 10 percent of the part that is required to be made during the accounting period and the balance to principal.  Payment is defined to include a payment made in money or property from the payer's general assets or from a separate fund created by the payer, including a private or commercial annuity, an IRA, and a pension, profit-sharing, stock-bonus, or stock-ownership plan.  If no part of the payment is required to be made or the payment received is the entire amount to which the trust is entitled, the trustee shall allocate the entire payment to principal.  A payment is not "required to be made" is defined as to the extent that it is made because the trustee exercises a right of withdrawal.  To obtain an estate tax marital deduction for a trust, the trustee should allocate more to income to obtain the deduction. 

  • Disbursements from income are based on recurring items that are not specifically tied "To an" asset.  For example, trustees' fees can be charged against either principal or income or both, while title insurance and real estate taxes must be assessed against principal. 

  • Generation-skipping transfer taxes are payable from principal.

  • Disbursements made for environmental matters -  Includes reclamation, environmental assessments, remedy and removal of environmental contamination, monitoring of remedial activities and the release of substances, preventing future release of substances, collecting amounts from persons liable or potentially liable, penalties imposed by law or regulation, and defending claims based on environmental matters.  All environmental expenses are payable from principal, based on the assumption that the expenses will be extraordinary in nature.  However, if the trustee is carrying on a business that uses or sells toxic substances, and cleanup costs would be a normal cost of doing business, then the expenses could be allocated to income. 

  • Income tax obligations resulting from the ownership of Subchapter s corporation stock and interests in partnerships - Income from a partnership is based on actual distributions from the partnership, in the same manner as corporate distributions.  Distributions from corporations and partnerships that exceed 20 percent of the entity's gross assets will be principal whether or not intended by the entity to be a partial liquidation.

  • Income tax obligations are allocated based on the source.  If the tax is based on receipts allocated to income, the tax is paid from income.  If the tax is based on receipts allocated to principal, then the tax is paid from principal. 

  • The power to make adjustments between principal and income to correct inequities caused by tax elections or peculiarities in the way the fiduciary income tax rules apply.  This allows fiduciaries to make adjustments as necessary to re-allocate principal and income to make taxes equitable, based on prior tax elections.  For example, individuals may elect to have taxes paid annually or at maturity on the income from savings bonds, although the income is not distributed, but added back to principal.  In this situation, if the tax election was to pay taxes annually, the income beneficiary may be responsible for income tax on cash flows that the principal beneficiary may enjoy in the future.  

When dealing with principal and income, however, examiners should be aware that the distinction between principal and income is not important for personal agency and employee benefit trusts.  As previously stated, the trustee is under a duty to deal impartially with beneficiaries, when there are at least two beneficiaries. For agency or employee benefit accounts, there is one class of beneficiaries.   

D. Carrying Values

Unlike commercial bank accounting, where assets and liabilities are carried at cost or book value, there is no generally accepted system for assigning carrying values to assets held by trust institutions. The examiner may find that the assignment of carrying values will vary not only from institution to institution, but also from one account to another within the same trust department. This makes a meaningful analysis of trust department statements of condition difficult, if not impossible, without knowing which valuation methods are used to prepare the statements. One or several of the following methods are generally used as asset carrying values in any given institution:

  • Book or cost of the asset;
  • Tax cost or date of death valuation when acquired from a decedent's estate;
  • Par value, the face value of property; or
  • Nominal value, assigning a nominal value to each item or interest of ownership in an asset, or miscellaneous items such as insurance policies and indentures.  Stocks may also be carried at a nominal value for the number of shares held, particularly in custody or safekeeping accounts. 

For Call Report, Schedule T purposes, trust assets should be reported at market value, where asset values can be determined by a market or trading, or by other sources, such as appraisals.  Nominal values are permitted as described above. 

E. Accounting Records

As mentioned earlier, the level of sophistication of trust departments varies from institution to institution. Records will also vary since, in addition to the differences relating to the size and character of the accounts administered, trust accounting systems are not standardized. However, the reporting requirements imposed on fiduciaries and the concepts involved remain the same. Therefore, the overall framework of each accounting system consists of the following:

E.1. General Ledger
The general ledger will comprise all control accounts of the department. It includes both customer and internal accounts used by the department to facilitate its operation. Many automated systems have subsidiary control records but do not have the traditional "general ledger". The examiner must exercise judgment in determining the sufficiency of the records encountered.

E.2. Asset Control Accounts
These accounts should reflect the total holdings of the major asset categories, such as stocks, bonds, or deposits.

E.3. Subsidiary Asset Controls
These accounts will reflect the total investments in specific issues of stocks, bonds, etc.

E.4. Subsidiary Liability Controls
These records will reflect the total of cash and investment holdings of each type of account administered. This category should be further subdivided to allow for transactions to be posted to individual accounts. The cash ledger should detail income and principal cash, and reflect transactions in chronological sequence. The investment ledger should reflect each asset held by a trust account. Purchases, sales, stock dividends and splits should be recorded in chronological order. The examiner must bear in mind that some indentures provide for the reinvestment of income cash, and that it is common practice to invest "income" until it is distributed. In these situations, it will be necessary to maintain separate ledgers to account for those assets consisting of "invested income".

F. Trust Records

In addition to maintaining a reliable system of accounting, a trust department needs other records to administer accounts in a timely and cost-effective manner. The design and control of these support records can mean the difference between a smoothly functioning department and one that may have to search through unorganized records when an administrative action needs to be taken. Moreover, departments with detailed and accurate records are less likely to be adversely affected by personnel turnover, errors in judgment, or contingent liabilities.

While some smaller, noncomplex trust departments may continue to maintain trust records manually, most institutions now maintain trust records electronically.  Electronic recordkeeping systems are acceptable, provided that the institution has implemented adequate internal controls and procedures to ensure the integrity of trust department records. Two important records are the Administrative File and the Tickler System.

F.1. Administrative File
The administrative file consists of interrelated records, which, as a whole, represent the history of an account. The records of the administrative file may be contained in a single file or in several files within the department. These records consist of:

F.1.a. Legal File
Contains copies of all legal documents relevant to the account, including the document creating the account, such as a will, a trust agreement, or a court order.

F.1.b. Digest or Synopsis
Synoptic records provide a concise summary of the principal duties and provisions of the legal documents governing the account, and may also provide other important information, such as beneficiaries, remaindermen, remittance instructions, and reporting requirements. Synoptic records are especially valuable to trust department management and administrative officers.  This document may be a paper document maintained in the account file or in an electronic format.

F.1.c. Correspondence File
Contains all correspondence related to the account.

F.1.d. Investment Review File
Contains asset reviews, which enable management to evaluate investment performance.

F.1.e. Securities Transaction File
Contains broker confirmations and other data related to changes in securities holdings during the life of the account.

F.1.f. Tax File
Contains tax-related documents and copies of tax returns filed for the account.

F.2. Tickler System
 A tickler system is a chronologically arranged system of records, which reminds department employees to collect income, distribute funds, calculate trust fees, etc.  A tickler system can be maintained in electronic or paper format.  Though simple in design and concept, the effective use of tickler systems can be critical for account administration. 

F.3. Other Records
Other records which affect the operation of a department to a significant degree and which an examiner will find useful in the examination process are:

F.3.a. Securities Transaction Register
This record should list in chronological order all the securities transactions effected by the department. This record will most likely be in electronic format.  The preparation and content of this document, as well as other records pertaining to securities transactions, are subject to Part 344 of the Corporation's Rules and Regulations.

F.3.b. Vault Control Log
This log is used to record the dates and identities of individuals who access the department's vault. Records should also be maintained indicating the items accessed and the reasons therefore.

F.3.c. Broker Statements
The statements reflect all transactions effected for the department by brokers. These statements should be reviewed carefully by the staff and reconciled to broker confirmations and the Securities Transaction Register.

G. Account Documentation

Documentation is as important as the administration itself, as fiduciaries must account for their actions to others. Challenges to account administration, resulting in complaints or litigation, may occur years after a particular transaction has occurred. The failure to maintain documentation that adequately supports the actions taken, including the rationale for such actions, may result in court-imposed surcharges or negotiated loss settlements. Examiners will encounter two basic types of documentation: documents evidencing the fiduciary's appointment and the creation of the account, and documents supporting the actions taken by the fiduciary during the term of the account.

G.1. Evidence of Appointment
In general, a fiduciary should refrain from taking any action until it receives proper evidence of appointment and an original or authenticated copy of the instrument creating the account. Valid evidences of appointment depend upon the type of appointment. In the most basic appointment, such as a personal agency, the department need only execute an agreement with its customer. The same is true for a living trust. In accounts operating under court jurisdiction, such as estates, trusts under will, and court-appointed guardianships, the fiduciary will need to obtain a court order of appointment in addition to the instrument creating the account. In estates where the executor has been named in the will, the court appointment is called Letters Testamentary. In estates where named executors cannot or do not accept the appointment, a court will appoint an administrator for the estate under Letters of Administration. Letters of Administration are also used to appoint an administrator where no valid will exists or where the will does not nominate an executor. Trustees named in a will serve under Letters of Trusteeship. Guardians serving under court appointment are issued Letters of Guardianship. In corporate appointments, the fiduciary should obtain a resolution for appointment, as well as a copy of the instrument it will be serving under. In accepting appointments to serve as successor to a prior trustee or executor, the fiduciary should obtain:

  • Copies of the original court appointments (if applicable),
  • An authenticated copy of the instrument it will serve under,
  • An accounting of the estate, trust, or agency from inception to its appointment, and
  • Any other documents substantiating its appointment, or indemnifying it against the actions of others.

G.2. Supporting Documentation
During the term of an appointment, numerous actions may be taken to serve the needs of the account and its beneficiaries. At times these actions involve nothing more than processing an address change for an income beneficiary. Others may involve actions having serious consequences for the account, such as principal invasions or selling assets at a capital loss. A fiduciary must be able to support its actions by demonstrating it had the necessary legal authority and that it exercised sound judgment. The fiduciary's legal authority will be found in common law, statutory law, and the underlying indenture. The rationale for its actions may be more difficult to demonstrate; therefore, it is essential that the fiduciary be able to justify its actions, which requires adequate documentation. The types of documentation the fiduciary should maintain are:

G.2.a. Trust Committee Minutes
Deliberation and action over matters affecting the account.

G.2.b. Approvals
Written approvals of discretionary actions are sometimes required by indentures and, at other times, are merely prudent. Written approvals should always be sought from co-fiduciaries. When extraordinary actions affect individuals having a future interest in an account, the fiduciary should seek written approvals from all remaindermen.

G.2.c. Indemnification
Certain discretionary actions may involve controversial matters, such as purchasing own-bank or parent securities or performing duties not specified in trust indentures, but requested by others, such as co-fiduciaries or remaindermen. These actions require more formalized written approvals in the form of agreements or court rulings indemnifying the fiduciary against loss.

G.2.d. Accountings and Customers' Statements
These are required for court-appointed accounts, but may be prepared for other types of accounts. Essentially, the listing or statements reflect all account transactions occurring during a specific period of time. Either the court having jurisdiction, all interested parties, or both should approve accountings. 

Customer statements should be provided in compliance with the governing agreement or at least annually.  Most trust departments provide at least quarterly statements.

G.2.e. Account Reviews
Periodic reviews performed by the trust committee.

G.2.f. Receipt and Release
This is a formal document acknowledging the receipt of cash or assets. It is given by the recipient to the fiduciary, and releases the fiduciary from any further obligation with respect to a bequest or other distribution.  This section applies to the physical transfer of assets and not to book-entry transfers.

G.2.g. Other Documents
There are numerous documents a fiduciary will obtain during the administration of an account. These might include property appraisals, lease agreements, broker confirmations, receipts for contracted work, or investment research. Each has its own significance, and depending on the nature of the appointment, may serve to support and indemnify fiduciary actions.

H. Internal Controls

H.1. Segregation of Duties
One of the most fundamental methods of internal control is the segregation of duties. One individual should not be capable of initiating, authorizing, executing, and subsequently reviewing a transaction for appropriateness. In a trust department, this concept begins by segregating administrative from operational functions and continues by segregating duties within the operating system itself.

Many FDIC-supervised trust departments are relatively small in size and the segregation of duties is often not economically practical. In these cases, an institution should develop compensating controls. One compensating control easily employed by smaller institutions is the requirement that a second person be involved in executing a transaction. This can be implemented by having a second individual approve a transaction in writing. But it is effective only if the second person reviews the supporting documentation and understands the transaction being approved.

Management is responsible for assessing the specific requirements of the department and adopting an overall system of policies and procedures. Examiners should evaluate the adequacy of these policies and procedures, and determine compliance therewith.

H.2. Vacation Policy
Supervisory agencies and auditors have long recommended the practice whereby personnel are required to be continuously absent from their jobs or duties for a given amount of time and their duties assumed by another employee. During such an absence, the possibility of detecting irregularities is much greater, as the employee who is absent is unable to effectively control the situation. The FDIC has encouraged an uninterrupted absence of at least two weeks. However, compensating controls, such as the rotation of personnel among different jobs and duties, can constitute an acceptable alternative to a policy requiring a continuous two week absence.

H.3. Reconcilements
The reconcilement of deposit accounts, suspense accounts, and securities depository statements should be performed regularly by individuals who are independent of these functions, i.e. individuals who do not initiate, authorize or post such transactions to the recordkeeping system.  It is acceptable to have personnel in the commercial department reconcile he aforementioned trust accounts to maintain the separation of duties. 

H.4. Other Elements of Control
The organizational structure of a trust department is another component of overall control. Management must define functional lines of responsibility and establish an organizational framework along those lines. Work should flow in a logical manner.  The organizational structure should take into account the need for checks and balances, as well as the need for an efficient, practical system. Control systems should be reviewed regularly and updated as necessary.

Examiners should consider the extent to which the Board and management have provided for the following:

  • Adequate staffing to provide for efficient and timely processing and appropriate separation of duties;
  • Compensating controls where limited staff precludes separation of duties;
  • Clearly defined responsibilities, duties, and lines of authority;
  • Prompt reporting and correction of internal control deficiencies;
  • Adoption of a comprehensive operations manual, which is updated to reflect changes as needed.

Examiners should assess the effectiveness of the department's internal control practices in protecting and controlling trust assets.  Controls may include the following:

  • Trust assets are required to be separated from the assets owned by the institution;
  • More than one employee should be present when assets are received;
  • Written confirmations signed by beneficiaries or accountholders should be maintained for all items distributed;
  • Assets held in the vault should be under dual control and verified periodically;
  • The value of worthless assets should be determined and those assets maintained on the department's books at nominal value;
  • Hold and return mail procedures should be established;
  • Appropriate controls should be maintained over unissued checks (or pre-printed check paper), including the use of sequentially numbered documents;
  • Signature controls should be established for the disbursement of trust funds.

Examiners should consider the extent to which the department's recordkeeping systems provide for accurate and reliable recordkeeping and reporting:

  • Maintain records in sufficient detail to properly reflect all trust department activities;
  • Report the assets of each trust account separately from the assets of other accounts;
  • Account separately for principal and income according to the governing agreement, or if the document is silent, the state principal and income act;
  • Process trust department transactions in a timely and accurate manner.  This should include processing for securities income and maturity through automated systems; securities pricing and rating services; mutual fund and cash sweep transactions, and, corporate actions that affect securities holdings.

Other Internal Routine and Control Issues:

  • Reconciliation of statements from securities depositories, brokerage accounts, internal accounts (suspense and own-bank), deposits at other institutions, mutual funds, and cash management services should be performed by a person independent of those preparing or authorizing entries or disbursements;
  • Audit trails for all accounting transactions should be maintained;
  • The effectiveness of internal controls should be assessed to ensure compliance with applicable laws and regulations;
  • Vault control procedures should be established and include recording access to the vault and transferring of assets to/from the vault;
  • All assets should be verified periodically;
  • Daily proof of transactions (balancing and closing routines) should be performed;
  • Administrators should review and sign transaction journals ;
  • Management should provide for internal and/or external audits;
  • Accounting records should be maintained on a current basis;
  • Dual signatures should be required for checks above a specified amount;
  • Documentation should be required for asset changes, cash distributions, and/or large overdrafts;
  • Pre-numbered checks, in either manual or electronic format, should be used in sequential order;
  • Records should be proofed by individuals not authorized to post them;
  • Account reviews should be performed by individuals other than the administrator assigned to them;
  • Investigation and resolution of stale accounting items and out-of-proof conditions should be made in a timely manner;
  • Prompt investigation and reporting of suspicious transactions and activities, including the filing of suspicious activity reports, should be made;
  • Separate control over checks returned undelivered should be established;
  • Procedures for the reissuance of returned checks should be established;
  • An adequate record retention policy should be established.

Examiners should realize that an effective system of internal controls designed to establish dual control, separation of duties, and the rotation of employees may be costly. Many trust departments are unprofitable measured by any standard, and trust officers may resist implementation of expensive control measures. Examiners need to exercise judgment in assessing a department's control systems. One or more basic points may have deficiencies, but the system may be strengthened by bolstering others. Often this is accomplished by reliance upon a strong audit, whether by an internal or external auditor.

H.5. Fraudulent Acts  
While the discovery of fraudulent acts is not the primary objective of a trust examination, the examiner should be alert to a culture that permits such acts.  The Board and senior management should establish a corporate culture that encourages ethical behavior, and that belief should be reflected in their own practices, as well as in the corporate policies and procedures.  However, fraudulent acts occur, when there is a perception that management does not practice what it preaches or when management is unconcerned with deterrence.   The Board and management can change this perception by appointing a member of senior management to oversee a fraud prevention program and that officer being accessible to and having open, two-way communication with staff.  One of the most common methods of fraud detection is other employees telling a member of management of activities witnessed. 

However, deterrents are the major factor in fraud prevention.  strong internal controls and monitoring compliance with those controls is a major deterrent to fraud.  Therefore, management should establish procedures for testing compliance with the department's policies and procedures, in addition to implementing a reasonably designed audit program.   Employees are less likely to attempt to defraud an entity, when deterrents are visible to the employee.   

The following are areas that are particularly susceptible to manipulation and abuse:

  • Failure to record the receipt of assets when accounts are opened.  The unwitnessed assembling of assets, particularly those of a decedent's estate, is a dangerous practice. In such cases, the detection of theft may be impossible since no record of a missing asset exists.
  • Unauthorized and forged withdrawals of cash and securities from accounts. The absence of effective dual control makes such actions easy for the manipulator. One method is to transfer assets to an account under an embezzler's control. Once the assets are in this account, the individual is free to sell the assets for personal gain, use them in market speculation, or pledge them for personal loans.
  • Diversion of stale outstanding checks, inactive trust deposits, and assets of dormant trust accounts for personal gain. A combination of independent and timely reconcilement procedures, together with the periodic tracing of transactions from initiation to conclusion can greatly reduce the likelihood of such diversions.
  • Conversion of payments received on securities believed to be worthless. A trust department's policy guidelines on worthless securities should include procedures to be followed when determining an asset's worth. Requirements that all assets deemed worthless be reported to the trust auditor or an appropriate committee prior to being written off and the carrying of worthless assets at a nominal value either in the respective accounts or in controlled suspense accounts decrease the susceptibility to manipulation. This also supports a continuous audit trail of the asset from start to finish.
  • Diversion of income on assets received in either irregular amounts or at irregular intervals. Such income is usually derived from royalties, oil wells, and the like. Income from all investments should be internally controlled and audited, with added attention given to those situations where investments fail to produce income. In this connection, several defalcations have occurred by the diversion of payments of interest and principal on debt obligations previously in default.
  • Falsification of expenses and misapplication of trust commissions and fees. Expenses and recurring fees present possibilities for manipulation. The adopted policy should require that expenses be accompanied by appropriate documentation. The trust administrator should not have control or access to expense checks. Similarly, adequate internal safeguards should exist to assure the crediting of trust commissions and fees to the appropriate income accounts.
  • Manipulation of payments received on rental properties, real estate, and real estate mortgages. The administration of these trust properties frequently involves handling cash payments received in the department by personal deposit or through the mails. Unless strong internal controls are in effect, defalcations through overlapping or withholding of payments could occur.
  • Improper use of suspense accounts. Frequently, trust department suspense accounts are not governed by good internal control procedures, and unauthorized settlements or disbursements may easily occur.
  • Improper securities trading practices:
  • Placing personal trades through bank accounts, thereby obtaining the advantage of the bank's volume discounts on commissions;
  • Purchasing or selling an issue of securities prior to executing bank or trust account trades which could be expected to change the price of the security, thereby obtaining a personal price advantage ("front-running");
  • Purchasing and selling the same securities issue on the same day, with the trader pocketing any price increases and assigning transactions to trust accounts in the event of any price decreases; and
  • Buying or selling based on nonpublic material inside information, which might affect the price of securities, thereby enabling the trader to benefit personally from the transaction.
  • Misuse of corporate bonds, notes, and stock certificates in the bank's possession as corporate trustee or agent under indenture. Inventories of unissued securities not under effective control could be stolen and used as collateral for loans. Securities remitted for payment or transfer not properly controlled could be used for the same purpose.

I. Nominees

Most trust departments register securities in a "nominee" name. Nominee registration simplifies the transfer of stocks and bonds, and facilitates the collection of dividends and interest. When a securities issuer pays interest or declares a dividend, the bank receives a single dividend or interest payment in the nominee name in which the security is registered. The department subsequently credits the accounts holding the particular security, typically using an automated report called a "dividend map." Without the use of nominee registration, separate dividend or interest payments would be received for each account holding the security.

Nearly all states provide by statute that securities may be registered in nominee form. Most governing trust instruments also authorize the use of nominee registrations. "Nominees" are legal partnerships comprising designated officers and/or employees of the bank. The bank's board of directors should approve the execution of the partnership agreement and, in most jurisdictions, register the partnership with the state.

Examiners should determine that the bank's nominee partnership agreements are reviewed periodically to ensure they are current, and include only current authorized officers and/or employees in the partnership agreement.


J. Use of Broker-Dealers For Securities Safekeeping/Securities Investor Protection Corporation (SIPC)

Financial institution letter FIL-38-2002 was issued on April 25, 2002, and discusses credit risks arising from securities held at broker-dealers and Securities Investor Protection Corporation ( SIPC ) coverage.  A copy of the financial institution letter may be found in Appendix C. SIPC covers most types of securities, such as stock, bonds, and mutual funds.  However SIPC does not protect against declines in market value.  Also, SIPC does not provide protection for investment contracts that are not registered with the SEC.

Another coverage problem may occur when investors place cash or securities in the possession of non-SIPC members.   The trust department may do business with a company that doesn't actually execute buy and sell orders, but instead uses another firm, known as a clearing firm, to process trades.  Therefore, trust management should make sure that the brokerage firm and its clearing firm are both members of the SIPC.   

In general, during a liquidation of a broker-dealer, SIPC will request the court to appoint a trustee which will (1) return property that is registered in a specific customer name, (2) pay those customers their pro rata share of "customer property", and (3) provide customers (other than banks and broker-dealers for their own accounts) SIPC advances up to the $500,000 limit. Customers not subject to SIPC protection, such as banks, will receive a pro rata distribution of "customer property."  Therefore, banks and trust departments must be able to differentiate between bank-owned and bank customer-owned accounts and securities.  Furthermore, trust department management should exercise due diligence when selecting broker-dealers and establishing a custodial relationship.  Thereafter, relationships with broker-dealers selected should be periodically reviewed.

K. Free Riding and Daylight Overdrafts

"Free riding" occurs when customers buy and sell securities, usually on the same day, in amounts greatly exceeding the amount allowed under margin collateral requirements.  The purchaser intends to pay for the purchased securities with proceeds from the sale of the same securities.  The concept is similar to a check kiting scheme.  Since funds are not made available by the purchaser prior to the purchase, it is a means whereby a bank, typically through its trust department, may suffer losses. The Securities and Exchange Commission has investigated and brought enforcement against a number of firms or individuals for securities free riding.

Free riding often begins when a custodial account is opened with a trust department. The customer also establishes brokerage accounts through which the customer directs securities trades. The customer then advises the broker-dealer that payment for such trades will be made through the custodial account.

The customer attempts to profit from short-term changes in market prices of securities, without placing significant personal funds at risk. Free-riders, anticipating a near-term price increase, frequently place a buy order for securities with the intention of paying for the securities with the proceeds from the sale of the same securities.

Banks permitting such transactions without requiring adequate margin collateral face significant risks when customer accounts do not contain sufficient funds to cover purchase orders or enough securities to complete sell orders. These risks include: (1) enforcement actions for violation of the Federal Reserve Board's Regulation U (12 CFR 221) margin lending standards, or for aiding and abetting violations of Regulation X (12 CFR 224), or Regulation T (12 CFR 220); and (2) losses caused by the need to complete failed customer trades.

The Federal Reserve has also taken the position that intraday or "daylight overdrafts" relating to the purchase or sale of margin stock is considered an extension of credit subject to Regulation U. Violations of Regulation U may therefore be cited in situations where intraday overdrafts occur due to the purchase or sale of margin stock.

Policies and procedures for accepting custodial accounts and for clearing securities transactions should include measures to prevent free riding. Such policies and procedures should:

  • Set standards for the acceptance of new custodial accounts, including customer background and credit information.
  • Determine whether the new customer intends to use the account to obtain bank credit for transactions as if it were a margin account at a broker-dealer, and if so, ensure that a FR U-1 form is completed for compliance with Regulation U.
  • Require identification of broker-dealers sending securities to, and receiving funds from, customer accounts, and establish systems to track accounts involving numerous broker-dealers;
  • Disaffirm customer trades where acceptance would result in a violation of Regulation U; and
  • Determine that each account has sufficient funds to cover any trade or, if margin credit is extended, that collateral requirements are met.

Financial Institutions Letter FIL 76-93, dated November 4, 1993,  provided material on this subject, and may be found in Appendix C.  Also, the Federal Reserve Board issued a supervisory letter discussing the Federal Reserve's margin lending requirements as they apply to free riding (SR 93-13, dated March 16, 1993).

L. Facilities

A trust department must have sufficient space and the necessary equipment to accomplish its duties. It is desirable that the department be able to conduct its activities in a segregated, or at least clearly delineated, work space. The size and complexity of the assets under management and the department's prospects for future growth form much of the basis for determining premises and equipment needs. In reviewing this factor, examiners should consider the department's work flow, the appropriateness of safeguards over records, the presence of negotiable assets and the ability to maintain effective internal controls and segregation of duties.

M.  Information Technology

Most trust departments use automated trust accounting systems, with processing performed either in-house or provided by a third-party servicer.  A review of Information Technology should be performed by the Information Technology (IT) examiner, who will determine the risk profile type and procedures to be performed by completing the Technology Profile Script.  The IT examiner will review the agreements and disaster recovery program for content at each IT examination.  Therefore, communication between the trust and IT examiners is essential for coordinating the examination process and avoiding the duplication of work.  Significant deficiencies would normally be fully presented in the IT examination report, with less detailed comments in the trust examination report.

However, the IT examination may not be performed during the same examination cycle as the trust examination.  Also, banks which have trust subsidiaries may not have IT examinations of those subsidiaries.  In either circumstance, the trust examiner should review the prior IT examination report for comments pertaining to trust technology, if available.  Once onsite, the trust examiner should confirm that appropriate routine and controls are in place.   The following are examples of appropriate routine and controls in an automated environment: 

  • System access should be password restricted and passwords should be changed frequently.
  • Passwords should be set to a reasonable minimum number of characters, symbols, and numbers.  However, words, proper names, or social security numbers should not be used as passwords.
  • Access to records should be limited by the employees' position or duties. 
  • Automated records should be reconciled and any exceptions should be cleared in a timely manner.
  • Suspense accounts should be monitored closely and the individual who reconciles and monitors suspense accounts and other automated records should not be the same person who enters the data. 
  • Exception reports should be reviewed by trust management.
  • The GLBA workprogram should be completed for the trust department. 

Trust examiners should be aware that Section 7(c)(2) of the Bank Service Corporation Act and FDIC Section 304.3(d) require that the FDIC Regional Office be notified of the existence of the servicing arrangement within 30 days of the contract or start of service (Form 6120/06: Notification of Performance of Bank Service, may be used).  It may be possible for banks to submit this information over FDICconnect webpage.

Trust examiners should recommend that management obtain and review a copy of the third party servicer's independent audit, known as the Statement of Auditing Standards  #70, or SAS 70This report should be reviewed by the trust, technology, and/or audit committees prior to entering into a servicing contract and periodically thereafter. 

Electronic Banking

Electronic banking applications have increased in the trust area, although the level and sophistication of these applications vary widely.  Informational websites which advertise trust and other bank services are the most basic.  Transactional applications, which allow customers to make changes to 401(k) plans and obtain current portfolio valuations, are much more complex.   While this aspect should be incorporated into the IT examination, trust examiners need to be aware of electronic banking applications and their potential risks.   Primary examination guidance and information may be found in the FFIEC IT Examination Handbook and Electronic Banking Workprogram.  

The trust examiner should notify the IT examiner when e-banking applications are more than basic.  The following is an overview of strategic planning and goals, administrative controls, and information security program  assessments.

The Board and senior management are responsible for developing the institution's e-banking business strategy, which should include the following:

  • The rationale and strategy for offering e-banking services, including informational, transactional, or e-commerce support;
  • A cost-benefit analysis, risk assessment, and due diligence process for evaluating e-banking processing alternatives, including third party providers;
  • Goals and expectations that management can use to measure the e-banking strategy's effectiveness; and,
  • Accountability for the development and maintenance of risk management policies and controls to manage e-banking risks and for the audit of e-banking activities.  

The Board and senior management must provide effective oversight of third-party vendors providing e-banking services and support.  Effective oversight requires that institutions ensure the following practices are in place:

  • Effective due diligence in the selection of new service providers that considers financial condition, experience, expertise, technological compatibility, and customer satisfaction.
  • Written contracts with specific provisions protecting the privacy and security of an institution's data, the institution's ownership of data, the right to audit security and controls, and the ability to monitor the quality of service, limit the institution's potential liability for acts of the service provider, and terminate the contract;
  • Appropriate processes to monitor vendor's ongoing performance, service quality, security controls, financial condition, and contract compliance; and
  • Monitoring reports and expectations including incidence response and notification.

The Board and senior management should ensure that the information security program addresses these challenges and takes the appropriate actions:

  • Ensure compliance with the "Guidelines Establishing Standards for Safeguarding Customer Information" pursuant to section 501(b) of the Gramm-Leach-Bliley Act of 1999 (GLBA).
  • Ensure the institution has the appropriate security expertise for its e-banking platform.
  • Implement security controls sufficient to manage the unique security risks confronting the institution.  Control considerations should include the following:
  • On-going awareness of attack sources, scenarios, and techniques;
  • Up-to-date equipment inventories and network maps;
  • Rapid identification and mitigation of vulnerabilities;
  • Network access controls over external connections
  • Hardened systems with unnecessary or vulnerable services or files disabled or removed;
  • Use of intrusion detection tools and intrusion response procedures;
  • Physical security of all e-banking computer equipment and media; and
  • Baseline security settings and usage policies for employees accessing the e-banking system or communicating with customers.
  • Use verification procedures sufficient to adequately identify the individual asking to conduct business with the institution.
  • Use authentication methods sufficient to verify individuals are authorized to use the institution's systems based on the sensitivity of the data or connected  systems.
  • Develop policies for notifying customers in the event of a security breach effecting their confidential information.
  • Monitor and independently test the effectiveness of the institutions security program.

N.  Business Continuity Planning

As part of the Information Technology examination process, the entire bank, not just the Information Technology of the Commercial Department, should be reviewed.  However, trust examiners need to be aware of the general concepts of business continuity planning. 

Business continuity planning, also referred to as contingency planning, encompasses various aspects of the continuation of the trust business.  In general, the planning process should incorporate establishing strategies for alternate facilities, employee work space, office equipment, files, etc.    The goal is provide at least a minimal level of service to maintain business operations and retain customers.  Therefore, the Board and senior management should establish policies, procedures, and responsibilities for the entire institution's continuity planning.   The written plan should address administrative procedures, recovery items, list of contacts and locations for each aspect of the trust department's business profile.  However, management should address the following:

  • Backing up all software and data files not covered by the IT Department.
  • Maintaining adequate supply of pre-printed forms and checks off-site
  • Providing for duplicate corporate and notary seals to be stored at a secure, off-site location
  • A plan to contact customers individually requires a list, which should include customer names, addresses, and phone numbers.  
  • A plan to contact customers via electronic means will require email addresses or use of the bank's website.

Disaster recovery is a subset of business continuity planning and is primarily concerned with recovering critical data and item processing, and communication networks.  The three general types of disasters are the following:

  • Natural - Weather-related, earthquakes, volcanic, wildfires
  • Technical - Hardware or software failures or crashes, explosions, hazardous material spills, fire, nuclear power plant accidents, loss of electricity for extended periods of time
  • Civil - Bomb threats, strikes, riots, criminal acts, sabotage, terrorism,

O. Self-Directed IRA'S and KEOGH Accounts

O.1. Directed Arrangements
Section 333.101(b) of the FDIC Rules and Regulations permits banks to offer self-directed IRA and Keogh accounts to customers without first obtaining FDIC consent to exercise trust powers. Although banks are permitted to offer these products without consent, the bank is considered as trustee of the accounts, whether or not the bank serves as custodian or trustee.  The administration of IRA's and Keogh accounts must comply with the requirements of the Internal Revenue Code and applicable state laws.  

When self-directed accounts are offered and booked as trust accounts, the accounts and related practices should be reviewed during trust examinations.  Regional Director Memorandum 98-058, issued June 23, 1998,  outlines trust accounts subject to the Interagency Statement of Policy on Nondeposit Investment Products.  Those types of accounts and applicable sections are summarized as:
  • Self-Directed IRA and KEOGH Plans - Three minimum disclosures from the Interagency Statement apply.
  • Agency accounts where the customer has sole investment discretion - Interagency Statement applies in its entirety.

The three minimum disclosures are the following:  (a) Not insured by the FDIC; (b) Not a deposit or other obligation of, or guaranteed by, the depository institution, and (c) Subject to investment risks, including possible loss of the principal amount invested. 

If the accounts are not trust accounts, then practices should be reviewed as part of the Nondeposit Products review segment of the compliance examination.  Examination responsibility is discussed in an Regional Director Memorandum 01-035 dated September 5, 2001.  The memorandum can be located on the Intranet.  Additional information and guidance are provided in the examination procedures for Nondeposit Products.

The following is a summary review of examination concerns in this area:

  • Account Documentation - The bank must have sufficient documentation to adequately identify and support each account.
  • Assets and Asset Valuations -  Appropriate methodology to determine the market value of assets held in IRA and Keogh accounts should be used.  The valuation of unique and specialized assets such as the securities of closely held businesses, mineral interests and limited partnerships is difficult and often requires special expertise.  The assets of self-directed IRA and Keogh accounts should be segregated from the bank's own assets, whether kept in the bank's vault or at a correspondent bank.
  • Accounting Records - These should be separate from the bank's own records, to properly reflect which assets belong to the bank's customers.
  • Investment Advice - Investment advice must not be given to self-directed accounts.
  • Illegal Investments - Although the customer directs the investments in a self-directed account, the bank has a duty (whether it is acting as trustee or custodian) to refuse to accept illegal directions, either as to the type of asset held or as to a prohibited transactions.  For example, investments in Subchapter S Corporations are prohibited, as are investments in art, rugs, antiques, metals, gems, stamps, coins, or other items of tangible personal property specified by the IRS.  (Note that certain coins, such as the American Gold and Silver Eagles, are permissible IRA investments.) While detailed analysis of each transaction is not required, the bank does have a duty to refuse to execute illegal transactions.  Section 408(h) of the Internal Revenue Code treats custodians of these accounts as trustees for tax purposes. Consequently, the bank may incur liability for illegal acts within these accounts, even though the accounts are self-directed.  
  • Recordkeeping - All investment transactions for these types of accounts are subject to Part 344 of the FDIC Rules and Regulations.  
  • Audits/Independent Review - An audit or independent review should be performed for this activity. Coverage should include, at a minimum, a proof of records, verification of assets, reconciliation of any deposit and suspense accounts, a review of the adequacy of internal controls, and compliance with law.  
  • Insurance - The blanket bond insurance carrier should be notified.  
  • Assets and Asset Valuations -  Appropriate methodology to determine the market value of assets held in IRA and Keogh accounts should be used.  The valuation of unique and specialized assets such as the securities of closely held businesses, mineral interests and limited partnerships is difficult and often requires special expertise.  The assets of self-directed IRA and Keogh accounts should be segregated from the bank's own assets, whether kept in the bank's vault or at a correspondent bank.

O.2. Arrangements with Third Parties
The popularity of self-directed IRA and Keogh accounts has prompted nonbank financial service providers to offer these types of accounts.   The bank may act as agent between the nonbank financial service provider and customers.  When the bank or trust department acts as agent only (the account is not accounted for as a trust account or a commercial department account), these accounts will be reviewed by Compliance Examiners, who will assess compliance  with the Interagency Statement of Policy governing the sale of Nondeposit Investment Products.

P. Custodial Holdings of Government Securities: Compliance With Government Securities Act of 1986

P.1. Background
As a result of several highly publicized failures of government securities brokers and dealers and other improper practices, Congress passed the Government Securities Act of 1986 (GSA). The stated purpose of the GSA and its implementing Treasury regulations is to enhance the protection of investors in government securities by establishing and enforcing appropriate financial responsibility and custodial standards. The GSA applies to (a) a bank which is a government securities broker or dealer, (b) any bank which retains custody of securities that are the subject of repurchase transactions with its customers (hold-in-custody repurchase transactions) and (c) any bank which holds government securities for its customer. A customer, by definition, includes the counterparty to a hold-in-custody repurchase transaction, but does not include a broker or dealer that is registered as, or that has filed notice of, its status as a government securities broker or dealer (§ 450.2(b)).

P.2. Applicability
On September 5, 2001, a Regional Director Memorandum was issued to transfer supervisory responsibility from DOS to DCA for Nondeposit Products, including insurance, retail sales of NDP, and Government Securities Act of 1986.  Review of the applicability of and adherence to the Government Securities Act (GSA) should generally occur during compliance examinations.  The primary exception to this transfer concerning GSA involves custodial holdings of government securities in a trust department.  That specific activity should be reviewed during trust examinations. 

Procedures for conducting such examinations are contained in Regional Director Memorandum 89-030, dated February 27, 1989. Treasury regulations implementing the GSA are contained under the Miscellaneous Statutes tab of the Prentice Hall service. In addition, several staff interpretations by the Department of Treasury are included in the Miscellaneous Statute tab of the FDIC Rules and Regulations. 

P.2.a. With respect to broker-dealer activities
If the bank engages in broker-dealer activities related to government securities, a separate examination report for such activities is required.  Pursuant to GSA Section 401.3(a)(2), the financial institution must conduct at least 500 government securities transactions, or does not have an arrangement with a registered dealer to effect transactions in order to be subject to this section.  

P.2.b. With respect to government securities repurchase transactions
Government Securities are defined to include securities which are issued or guaranteed by corporations in which the United States has a direct or indirect interest and which are designated by the Secretary of Treasury for exemption as necessary or appropriate in the public interest or for the protection of investors.  The following is a list of securities that are considered to be government securities:

Commodity Credit Corporation

Export-Import Bank

Farm Credit Services including banks for cooperatives, intermediate credit banks, and land banks

Federal Home Loan Banks and Federal Home Loan Bank Board

Federal Home Loan Mortgage Corp.

Federal National Mortgage Association

Tennessee Valley Authority

U. S. Postal Service

Student Loan Marketing Association

Federal Housing Administration

General Services Administration

Government National Mortgage Association

Maritime Administration

Washington Metropolitan Area Transit Authority

Note:  In general, if the title has the word "development" or "development bank,"  it is not considered a government security for this act.

  • Where the bank is the seller of the securities, i.e., borrower of funds, and a trust account within the trust department of the same bank is the purchaser of the securities, counterparty, or creditor, a review of compliance with the GSA should generally occur at the trust examination. In such situations, the buying of repurchase agreements from the commercial side of the bank for trust accounts will generally be regarded as a conflict of interest (refer also to Section 3, Asset Administration). Where employee benefit plan monies are invested in own-bank repurchase agreements, Prohibited Transaction Exemption (PTE) 81-8 applies. PTEs are located in the Appendix E.
  • Where an account administered by the trust department is the seller of the security (i.e., borrower of funds), trust examiners should review the administration as with any other account. In particular, the circumstances leading to the transaction and the borrowing (liability of the trust account to repurchase the security) should be evaluated. If the counterparty is the commercial department, consideration should be given as to whether a conflict of interest is present. However, where the repurchase agreement is between a trust account (i.e., the bank in its fiduciary capacity) and an unrelated non-bank counterparty, there is no need to review compliance with the GSA and implementing regulations since Section 403.5(d) pertains only to repurchase agreements between financial institutions (not financial institutions as fiduciaries) and counterparties.

P.2.c. With regard to custodial holdings of government securities for customers:

  • A complete exemption from the GSA Section 450 is provided for government securities held for customers by nonmember banks in a fiduciary capacity. Fiduciary capacity, as defined in Section 450.2(d), includes: trustee, executor, administrator, registrar, transfer agent, guardian, assignee, receiver, managing agent, and any other similar capacity involving the sole or shared exercise of discretion by a depository institution having fiduciary powers that is supervised by a Federal or State financial institution regulatory agency. This would normally exempt all activities traditionally conducted in a trust department.
  • Where the bank is holding government securities for its customers (a typical custodial arrangement) the activity is usually conducted in conjunction with commercial bank customer services outside the trust department. However, in some instances this activity may be organized within the trust department. If so, trust examiners should ensure that the provisions of the GSA are followed. Examiners need to distinguish between the fiduciary capacities described above, custodial arrangements involving only the safekeeping of securities, and the performance of purely ministerial acts as directed by the principal, but where no sole or shared exercise of discretion exists. An exemption from Section 450 may also be available when customer securities are held in a custodial capacity, if the nonmember bank adopts policies and procedures that include all FDIC requirements applicable to government securities held in a fiduciary capacity. These are enumerated in the Regional Director Memorandum dated February 27, 1989, on the GSA, and set forth as follows:
  • The nonmember bank adopts policies and procedures that apply all the requirements of the FDIC that are applicable to government securities held in a fiduciary capacity (listed in the following section) to its custodial holdings, and
  • These custodial holdings are subject to examination by the FDIC for compliance with FDIC fiduciary requirements. (All insured nonmember banks would meet this requirement.)

FDIC Fiduciary Requirements

  • State law regarding government securities held in a fiduciary capacity must be followed.
  • Government securities held in a fiduciary capacity must be segregated from the bank's securities. Where customer securities are held by a correspondent bank or outside depository, such securities must be segregated in a separate (separately identifiable) safekeeping account.
  • No liens, pledges, or any charges may be placed against government securities held in a fiduciary capacity unless permitted by written fiduciary contract or agreement. Customer government securities may not be sold under agreement to repurchase, or loaned to any party, unless specifically permitted by a written agreement that is signed by the customer. No sales under repurchase agreement or lending may be permitted unless customers are adequately compensated monetarily, under written agreement, nor shall they be permitted unless the securities are adequately collateralized, preferably with securities of equal quality, marketability, maturity, and interest rate. Customer security interests in the collateral shall be perfected and held by the bank or an independent third party.
  • Records must clearly describe the fiduciary capacity of the trustee and agreement with the customer.
  • Records must clearly describe the government securities, the customer's interests, all movements of securities, and all transactions such as interest payments.
  • A safekeeping receipt or confirmation must be provided to the customer.
  • Adequate internal controls, such as separation of duties, rotation of duties, dual control or joint custody, must be in place.
  • Adequate controls against external crime must be in place.
  • An independent audit of assets and procedures must be conducted yearly. In addition, safekeeping accounts shall be reconciled by the bank at least monthly. Reconcilements shall be in written form and available for review by Corporation examiners.
  • The fiduciary capacity must be adequately supervised.

Custodial Requirements

If a nonmember bank holds customer government securities in a custodial capacity, and it does not qualify for the Section 450 exemption described above, then the bank must comply with certain requirements (largely paralleling the exemption provisions) set forth in the regulation. Examiners should refer to the above-mentioned Regional Director memorandum and the Department of Treasury regulations for these requirements.

Q. Shareholder Communications Act of 1985

Q.1. Background and Requirements
The Shareholders Communications Act of 1985 applies to all entities exercising fiduciary powers. This includes trust departments holding securities in nominee name or otherwise on behalf of beneficial owners. The Act is implemented primarily by SEC Rule 14b-2. Essentially, the Rule stipulates that banks must comply with certain requirements to facilitate business communications between issuers of registered securities ("registrants") and the holders of those securities ("beneficial owners"). The requirements address:

  • Responding to inquiries for lists of "beneficial owners,"
  • Providing "beneficial owners" with proxy materials (or requesting voting instructions), and
  • Providing "beneficial owners" with annual reports.

A beneficial owner is any person who has, or shares the power to vote pursuant to an agreement or otherwise, or directs the voting of, a security. [SEC Rule 14b-2(a)(2)]

While SEC Rule 14b-2 is the primary focus of this material, the Rule makes numerous cross references to other SEC regulations. SEC Rules 14a-1 and 14c-1 define relevant terms. Rules also designate when and how materials are to be provided by the securities issuer (SEC Rule 14a-13) and by broker-dealers (SEC Rule 14b-1). SEC Rule 14c-7 defines how materials are to be provided to investors. The text of these rules appears in Appendix D.

Q.2. Applicability to Trust Accounts
In general, all personal, employee benefit, and corporate trusts which have investments in registered stock are affected by these requirements.

  • The requirements apply to all trust accounts opened December 29, 1986 or later.
  • The requirements do not apply to any trust account opened on or before December 28, 1986 if either: (a) the bank has a written affirmative request from "beneficial owners" that information not be disclosed, or (b) the bank has made a "good faith effort" [as defined by SEC Rule 14b-2(b)(5)] to obtain from beneficial owners their consent to disclose such information.

R. State Escheat Laws

Escheat is defined as a reversion of property to the state in consequence of the lack of any individual qualified to inherit the property. For trust departments, the issue will generally arise concerning funds on deposit to pay unclaimed dividends, bond coupons not presented for payment, bonds not presented for payment and certain suspense accounts. Escheatment laws primarily involve deposits. However, banks acting as bond trustees, securities transfer agents, and paying agents must comply with state abandoned property laws for: (1) checks and securities certificates which are undeliverable, and (2) book-entry accounts for which the owner cannot be located. Escheat laws vary from one state to another. They will normally be found in state statutes under titles such as "unclaimed property" or "abandoned property". In some instances, one state may claim its escheat laws apply to dormant funds also claimed by another state.

The trust operations area should have procedures in place to ensure compliance with escheat laws. Examiners should familiarize themselves with applicable state escheat laws and be alert during examinations to stale items and other instances where escheat laws might be applicable. Relevant aspects of the escheat process are also discussed in Section 5 (Employee Benefit Accounts), and Section 6 (Corporate Trust Accounts).

S. Audits and Accounting Issues

The FDIC Statement of Principles of Trust Department Management requires an audit of fiduciary activities (by internal or external auditors or a combination of the two) at least annually.  The external audit function consists of agreed-upon procedures; therefore, an audit opinion is not rendered.  Audit findings, including actions taken as a result of the audit, should be reported to the Audit Committee or the Board, and to the Trust Committee, recorded in the appropriate minutes.

The Statement allows institutions to conduct a continuous audit process on an activity-by-activity basis, at "intervals commensurate with the risk associated with that activity."  Audit intervals must be appropriate and should be reassessed regularly to ensure appropriateness, given the current risk and volume of trust department activity.

Note:  Trust department audits are not subject to Sarbanes-Oxley Act of 2002.

Note:  Part 363 of FDIC's Rules and Regulations, Annual Independent Audits and Reporting Requirements, does not apply to trust departments.  While portions of the pronouncement apply to bank auditing programs, the actual requirements apply only to the financial condition and related records, and not to off-book activities such as trust departments. 

S.1. Audit Objectives
The objectives of trust audits are to determine the extent to which:

  • Assets transferred to the department are properly recorded and controlled.
  • Records are sufficient to permit an accurate accounting.
  • Internal control procedures are adequate.
  • Duties of the department, whether established by law or contract, are properly executed in a timely manner. Included among these responsibilities are investing trust assets, collecting income and principal, paying expenses, filing tax returns in the appropriate location, and distributing income and principal.
  • Proper fees have been collected and recorded in a timely fashion.

S.2. Audit Program
The most effective audit programs consist of full-time, continuous internal audit procedures, combined with agreed-upon procedures performed annually by an external auditor.  Where both are used, the internal auditor tends to focus on control elements and recordkeeping. This allows the external auditor to evaluate fiduciary risk factors and perform sufficient testing to determine compliance with applicable laws, regulations, agreements, and internal policies.  The trust department's size and complexity influence the extent to which the audit program has both internal and external components, as does State statutory requirements.

Every institution should develop a written audit program approved by the audit committee or Board. The audit program should be commensurate with the size and complexity of trust department activities. It should consider (a) the experience level of those required to implement it and (b) the frequency with which audit procedures are conducted. Vague references to the conduct of various phases of the audit should be avoided in favor of a step-by-step approach. In addition, management should be encouraged to consider coordinating or integrating internal audit procedures with those of external auditors. Careful planning can result in both better audits and increased efficiency.

In those departments where a continuous audit approach is used, different portions of the department may be under audit year round. Various areas or functions within the department are usually reviewed individually in separate audit activities. A continuous audit should cover all areas of the trust department within a three to five year time frame. Certain risk-based approaches to the continuous audit technique result in variable audit frequencies for particular activities - more frequently for higher risk areas, less often for functions of reduced risk. Management should be able to justify the assessment that particular areas present little risk to the department. Reports for the various phases, or functional components, of a continuous audit should be presented to the audit committee or Board of Directors in a timely manner.

S.3. Audit Activities
In reviewing the audit program, the examiner should find the following minimum functions being performed:

  • Review of trust committee minutes
  • Balance and proof of subsidiary ledgers to general controls
  • Asset confirmations
  • Spot-check and tracing of transactions for accuracy and validity
  • Verification of commission and fee calculations
  • Assessment of compliance with applicable regulations and the Statement of Principles of Trust Department Management
  • Evaluation of internal routine and controls, and
  • An administrative review of selected accounts comprising the following:
  • Trust agreements and court orders

  • Administrative actions (in compliance with above)

  • Income receipts and distributions

  • Principal invasions (including approvals) and trust department authority to invade

  • Asset composition and conformity with indenture, beneficiary needs, and account investment objectives

  • Consultation with, and approvals by, co-fiduciaries.

S.4. Evaluation of the Audit Function
The examiner's review of the audit process for the trust department should determine whether:

  • All major activities are subject to audit,

  • The scope of audit procedures is sufficient,

  • Personnel involved in the audit function are sufficient in number and trust expertise to perform the prescribed duties,

  • Audit personnel are sufficiently independent, both from operational responsibilities and management influences, to objectively execute their oversight role, and,

  • Audit findings are accurately, completely, and promptly reported to management, from which appropriate response and follow-up action is required.

Audits of trust departments conducted by bank holding companies should be evaluated on their own merits and should be regarded as internal audits.  Such audits can constitute an acceptable audit program, when the scope is suitable and the quality is satisfactory.

One source of audit information is the AICPA Audit and Accounting Guide, Banks and Savings Institutions, 1996. Chapter 17 of the book covers trust activities.

S.5. Statement on Accounting Standards
Statement on Auditing Standards Number 70 (SAS #70)


SAS #70, issued by the Auditing Standards Board, became effective after March 31, 1993, and provides guidance on the factors an independent auditor should consider when auditing the financial statements of an entity that uses a service organization.  Such organizations may include data service centers, trust departments, and custodians, which provide services for the department.  The statement also provides guidance for independent auditors who issue reports on the processing of transactions by a service organization for use by other auditors. 

SAS #70 also includes provisions of SAS #55, as amended by SAS #78, both concerning internal control, and SAS #94.  The latter concerns the effect of Information Technology on the auditor's consideration of internal control in a financial statement audit. 


The audit may be conducted by either an auditor for the user organization (such as a trust department hiring an auditor) or by a service auditor for the benefit of the user auditors (an auditor hired by the servicer on behalf of the trust department(s) .)  In the latter instance, the service auditor may perform procedures agreed-upon by the user organization and its auditor, or a group of user organizations and their auditors, and by the service organization and its auditor. 

The service auditor's work should be performed in accordance with the general standards and with the relevant field work and reporting standards.  Although the service auditor should be independent from the service organization, it is not necessary for the service auditor to be independent from each user organization.  Furthermore, as the report may be intended for several different user auditors, a user auditor should determine that specific tests of controls in the service auditor's report are relevant to the user organization's financial statements. 

When planning the audit, the auditor should obtain a sufficient understanding of the entity's internal controls.  As part of that planning, knowledge about the design of relevant policies, procedures, and records should be used to:

  • Identify the types of potential misstatements
  • Consider factors that affect the risk of material misstatement
  • Design substantive tests

For the service auditor to express an opinion on whether the policies and procedures were suitably designed to achieve the specified control objectives, it is necessary that:

  • The service organization identify and appropriately describe such control objectives and the relevant policies and procedures.
  • The service auditor consider the linkage of the policies and procedures to the stated control objectives.
  • The service auditor obtain sufficient evidence to reach an opinion.

The control objectives may be designated by the service organization or by outside parties such as regulatory authorities, a user group, or others.  When the control objectives are not established by outside parties, the service auditor should be satisfied that the control objectives, as set forth by the service organization, are reasonable in the circumstances and consistent with the service organization's contractual obligations.

Types of Reports

The results of the audit will be included in a written report.  The type of report may be agreed to by the service and user organizations, to permit a type of report that will be most suitable for the user organizations' needs.  There are two general types of reports that may be issued:

  • Reports on policies and procedures placed in operation ---

A service auditor's report on a service organization's description of the policies and procedures that may be relevant to a user organization's internal control structure, on whether such policies and procedures were suitably designed to achieve specified control objectives, and on whether they had been in place in as of a specific date. 

This type of report may be useful in providing a user auditor with an understanding of the policies and procedures necessary to plan the audit and to design effective tests of controls and substantive tests at the user organization, but not intended to provide the user auditor with a basis for reducing his assessments of control risk below the maximum.

  • Reports on policies and procedures placed in operation and tests of operating effectiveness ---

A service auditor's report on a service organization's description of the policies and procedures that may be relevant to a user organization's internal control structure, on whether such policies and procedures were suitably designed to achieve specified control objectives, on whether they had been placed in operation as of a specific date, and on whether the policies and procedures that were tested were operating with sufficient effectiveness to provide reasonable, but not absolute, assurance that the related control objectives were achieved during the period specified. 

This report may be useful in providing the user auditor with an understanding of the policies and procedures necessary to plan the audit and may also provide the user auditor with a basis for reducing his assessments of control risk below the maximum. 


Content of Service Auditor's Report

The service auditor's report should state whether the policies and procedures were suitably designed to achieve the specified control objectives.  The report should not state whether they were suitably designed to achieve objectives beyond the specifically identified control objectives. 

A service auditor's report expressing an opinion on a description of policies and procedures placed in operation at a service organization should contain the following:

  • A specific reference to the applications, services, products, or other aspects of the service organization covered.
  • A description of the scope and nature of the service auditor's procedures.
  • Identification of the party specifying the control objectives.
  • An indication that the purpose of the service auditor's engagement was to obtain reasonable assurance about whether (1) the service organization's description presents fairly, in all material respects, the aspects of the service organization's policies and procedures that may be relevant to a user organization's internal control structure, (2) the policies and procedures were suitably designed to achieve specified control objectives, and (3) such policies and procedures had been placed in operation as of a specific date.
  • A disclaimer of opinion on the operating effectiveness of the policies and procedures.
  • The service auditor's opinion on whether the description presents fairly, in all material respects, the relevant aspects of the service organization's policies and procedure that had been placed in operation as of a specific date and whether, in the service auditor's opinion, the policies and procedures were suitably designed to provide reasonable assurance that the specified control objectives would be achieved if those policies and procedures were complied with satisfactorily.
  • A statement of the inherent limitations of the potential effectiveness of policies and procedures at the service organization and of the risk of projecting to future periods any evaluation of the description.
  • Identification of the parties for whom the report is intended.

S.6. FAS 87
FAS 87 discusses employer's accounting for defined benefit pensions and became effective for fiscal years beginning after December 15, 1986.  This statement does not affect the assets or liabilities reported in the trust department, but in the commercial department.  As a result, safety and soundness examiners may ask questions of the trust examiner concerning this statement.  In very general terms, FAS 87 requires the use of one standardized method for measuring annual pension expenses and requires spreading the income effect over the employees' remaining service periods, with some exceptions.  In addition, the employer must record a liability equal to the excess of the accumulated benefit obligation over plan asses for each plan that has such an excess.  If questions concerning this statement arise, contact your accounting subject matter expert or regional office accountant.


    Last Updated 04/12/2022

Skip Footer back to content