A 101 Guide
Introduction
Section 1: Treasury policy fundamentals
Section 2: Assessing risks and determining risk appetite
Section 3: Drafting the policy and finessing its content
Section 4: Implementing the treasury policy
Section 5: Example treasury policy chapter
Key takeaways
- Treasury policy frames the treasury mandate, defining how the treasury
- function operates and interacts with other parts of the organisation.
- It can be leveraged as an internal marketing document, educating stakeholders, which will improve the quality of treasury processes and collaboration across the organisation.
- Arguably, the drafting of a treasury policy is the easy part. The upfront effort creating agreement on the organisation’s risk appetite (i.e. understanding which treasury risks have to be managed, and within what boundaries) is a necessary, more difficult first step.
- Investment in codifying the organisation’s risk appetite in the treasury policy will have a positive pay-off when organising the treasury function. The risk appetite and treasury policy frame treasury processes and reporting, and therefore the level of investment (i.e. effort and budget for projects and operations) in people, technology, and processes, as well as the relevance of collaboration across core business operations and finance departments.
Introduction from the Author
Treasury policy is the executive mandate to the treasurer, as custodian of financial risk. Clearly stating the aims of treasury – and covering core components such as hedging strategy – it should deliver more predictable outcomes and buy-in from other stakeholders. This in-depth yet accessible guide explains how to get it right.
When engaging with new clients, the first document I will ask for is the treasury policy because this gives me an understanding of what treasury is expected to achieve and what it cares about.
Unfortunately, it is often an effort for treasury to even locate this document. Also when presented, it frequently comes with an apologetic note about being outdated, with revisions long overdue. Sometimes I receive treasury policies that are clearly copied from another organisation, as a ‘find/replace’ action had not found all references to the source organisation, with document properties sometimes still including the names of individuals at the source organisation.
My first enquiries typically zoom in on hedge policy details. Why is a hedge limit at a certain level and not x% higher or lower? Does the inaccuracy of the exposure forecast justify the stated hedge requirements? Some treasurers seem to have difficulties explaining these policy details, declaring them simply to be ’industry standard’.
In order for me to gain a better understanding of the timing of hedges, I ask about the gap between the moment an exposure is created by the underlying business, and when these exposures get hedged. Typically, treasurers are well aware of this discrepancy without being able to put a fair number on it. More often than not, they believe that complexity of core business processes makes extracting more accurate exposure information unfeasible.
This anecdotal experience suggests that treasury policies are not necessarily the ‘North Star’ for treasury practices that they are supposed to be. The effort put into an outdated policy that is not used as a reference document is wasted. It is also a missed opportunity for communicating to internal and external stakeholders:
- The impact of financial risks on business sustainability
- The relevance, role, and responsibility of treasury in managing the impact of financial risks
- The relevance, role, and responsibility of stakeholders in supporting treasury achieving its objective to manage financial risks
I wrote this guide with the intention to help you create a fit-for-purpose treasury policy and implement the necessary processes to ensure compliance.
Section 1: Treasury policy fundamentals
Characteristics of a fit-for-purpose treasury policy
A treasury policy delegates to the treasurer the responsibility for managing the impact of financial risks on the organisation’s performance and instructs on how to manage exposures to these risks. Putting it slightly differently; a treasury policy defines the objective, scope, and mandate of the treasury function. (See fig. 1)
FIG 1: Treasury policy derived from overall organisation’s strategy
Source: Bas Rebel
At a high-level, a treasury policy discusses:
- Why: to what end treasury risk exposures have to be managed
- What treasury risk exposures have to be managed
- How treasury risk exposures are supposed to be managed
- Who is responsible for what. Distribution of roles and responsibility for managing these exposures must be clear
The policy must combine a treasury vision statement with a governance framework for all treasury processes. The vision statement defines the objective and scope of treasury (the why and what) and the governance framework describes the mandate to treasury (the how and who).
A fit-for-purpose treasury policy should be in the ‘Goldilocks’ zone, where it is neither too generic nor too specific, but ‘just right’. If too generic, it does not provide enough guidance, which may cause confusion, indecisiveness and unnecessary involvement of executives in validating mundane treasury decisions. At the same time, it may give extensive freedom to individuals to prioritise focus, creating issues that could well result in human-dependent errors, and potentially even erratic impacts on financial statements.
Conversely, when a treasury policy is too specific and restrictive, executives are dragged into daily treasury decisions. This not only consumes the CFO’s time unnecessarily, it also slows down treasury processes, and requires additional effort from treasury for escalating issues and decisions. Furthermore, too rigid and specific a policy makes it more difficult for treasury to respond swiftly to adverse market conditions.
Section 2: Assessing risks and determining risk appetite
Six classical risk categories
A treasury policy is primarily a risk management document. The risks treasury is typically managing are twofold:
- Five categories of financial markets risks, such as liquidity, credit and exchange risk (see Box 1 on the next page)
- One container category of treasury process-related operational risks (also Box 1)
BOX 1: Six classic categories of financial risks managed by treasury
Treasury manages six different categories of financial risk:
- Liquidity risk is the risk that the organisation or one of its affiliates does not have sufficient cash in its bank account to settle its obligations when due. This margin call risk necessitates securing sufficient funds via cash flow generated and funding strategies as well as those related to the logistics of day-to-day cash management. You need to make sure that cash resources are available in the right account at the required moment.
- Currency exchange risk is the risk that the value of a (future) cash flow or balance sheet item in foreign currency changes over time as a result of foreign exchange (FX) rate fluctuation.
- Interest rate risk is the risk that the value of balance sheet items and the interest income and expenses fluctuate as a result of changes in interest rates (IR) and yield curves.
- Commodity price risk is the risk that the cost of processed commodities relevant to the business processes change over time and impact the profitability of the organisation. There are several different categories of commodities including:
- Credit risk is the risk that the value of balance sheet items or the cash flow for settlement thereof changes over time due to a change in the credit rating of the counterparty.
- Treasury operational risk is a container category for a diverse set of business risks, and includes risk topics including proxy settings, the four-eyes principle, counterparty risk, bank wallet distribution, bank communication, and cyber-security, information access restrictions.
The rates and prices that are the source of the first four risk categories are typically agreed on public exchanges and/or online platforms as formal and informal extensions of the exchanges. Sometimes prices and rate are agreed bilaterally over the counter (OTC).
Unlike the markets for currencies and interest rates many commodities, such as energy, are also defined by physical characteristics like specifications, grade, availability constraints and physical location. These physical characteristics limit the opportunity for arbitrage and can be the root cause for volatility. When harvests fail, crop market supply stagnates and prices most certainly increase. Also, Brent crude oil has a different composition from West Texas Intermediate crude, whereas oil pumped in Alberta, Canada, will trade in Houston at a discount because it includes a compensation for the inevitable transportation cost.
In addition to the above six classic categories, treasurers may also be responsible for managing other risks such as insurances, pension plans and tax exposures. These exposures are closely related to the core treasury processes, and their management requires similar input, knowledge, and skills.
A fit-for-purpose treasury policy also provides guidance when unusual circumstances require unorthodox responses. The litmus test for any treasury policy is during shock events when ‘war stories’ are born. Shock events can be of a global nature. These include:
- When terrorists crash planes into buildings and markets are suspended for a prolonged period (9/11, September 2001)
- When markets crash and prices become unrealistic due to high imbalance between supply and demand (such as the global financial crisis after the fall of Lehman Brothers, September 2008)
- At the start of a pandemic (Covid-19, March 2020) or major war (Russia’s invasion of Ukraine, February 2022), markets become highly volatile due to general apprehension and uncertainty about the future of businesses; affecting global supply chains and causing greater market volatility
- When bank failure freezes cash balances or reduces credit head room (Silicon Valley Bank failure, March 2023)
Shock events do not have to be global in nature, however, and could also be organisation-specific, such as:
- A major warehouse burns down
- A key business partner goes bankrupt
These events may seem unique and might never occur again in the same way. Still, we can be sure that shock events of disproportionate magnitude will happen again. It is during these ‘black swan’ events, when regular treasury processes break down and time is in short supply, that clarity about purpose and direction is needed in order for alternative solutions to be approved and executed.
Irrespective of its robustness, a treasury policy has to be reviewed periodically and, if necessary, updated. This is because business operations – the actual financial risks as well as the perceived financial risks – can and do change over time. A complete policy overhaul may be required when a merger, major acquisition or divestiture has changed the underlying business profile significantly.
A well-written treasury policy can be more than a technical and administrative document, and its audience is wider than the CFO, external auditor, and treasury staff alone. It could include the business continuity planning function, for example, and also improve the credentials of the treasury function and be instrumental in securing:
- Collaboration on treasury processes across the organisation and in particular between treasury and its internal business partners such as local finance staff, shared services and IT
- Budget, resources, and priority for treasury projects
In order for internal business partners to understand their roles and responsibilities, and how the treasury process relates to activities under their control, the treasury policy can be leveraged towards educating internal business partners about financial risks and exposure management. For this reason, it also makes sense that the policy is written in plain language, and published internally for all treasury business partners to find and read.
BOX 2: The value of financial risk management
Hedging exposures reduces the variability of probable outcomes. It does not alter the value of the sum of all possible outcomes. In other words, at best, risk management reduces the standard deviation of the value of possible outcomes closer to the average value of all possible outcomes (excluding hedge cost).
A sceptic might argue that financial risk management is just a game of probabilities that only adds (hedging) cost to the organisation.
Some economic schools argue that hedging is the responsibility of shareholders and not that of the organisation. Shareholders might have different perspectives and risk appetites. An organisation’s hedge positions might interfere with these and could add unnecessary cost at the expense of the net results.
However, it may be vital for an organisation to bring the bandwidth of the probable financial result closer to the expected financial result for any or all of the following reasons:
- Some of the probable outcomes may trigger bankruptcy or default on loan position
- Bringing the actual financial results closer to the forecasted results may raise confidence in the organisation’s business strategy potentially resulting in a:
Treasury vision and risk appetite
The vision statement paragraph in the treasury policy frames the scope and mission of treasury (the what and why of treasury). It describes the raison d’être of treasury, and is both point of departure and guiding principle for all treasury activity.
The mission of treasury should be to support the organisation’s strategy, and define the contribution treasury is expected to make in achieving the company’s aims. The scope of treasury defines the boundaries of the treasury responsibilities, and helps identify dependencies, overlap, handshake points (as well as gaps) with related business activities that are governed by other policies.
Key points for developing or reviewing treasury vision are set out in Fig. 2 on the next page. These are:
- A proper understanding of the financial risks threatening the organisation’s performance
- An adequate analysis of how the organisation is exposed to these financial risks
- A realistic estimate of the financial impact when one or more of these threats materialise
- Agreement on the organisation’s risk appetite
FIG 2: Creating a vision for treasury
Source: Bas Rebel
Risk appetite can be defined as the maximum (residual) exposure that an organisation is able or willing to accept on the basis of risk/return trade-offs for one or more desired or expected outcomes.[1] At the extreme end, risk appetite is bound by the residual exposure that would push the organisation into distress or trigger bankruptcy when the risk materialises. In more practical terms, the appetite for treasury risk is typically bound by:
- Bank covenants related to major funding
- The executive board’s level of knowledge about hedging techniques
- The executive board’s level of comfort with open exposures
Agreement on risk appetite provides clarity and will be the high-level marching order for organising treasury activities. Explicit agreement creates the foundation for consistency regarding how treasury exposures are managed, reduces the need for second-guessing, and speeds up the decision-making when time is of the essence.
At present, there is no best practice as to how to quantify treasury risk impact or how to create consensus on treasury risk appetite. There are currently no standard tools, methods or measures. Large multinational organisations have experimented with asset and liability management (ALM) and other risk models used by FIs, albeit with limited success. Value at Risk (VaR) and Cash Flow at Risk (CFaR) models have their limitations outside the financial sector because they are based on the assumption that by liquidating or hedging a position one can eliminate the risk impact.
However, selling a plant or changing a product mix takes much longer than liquidating a portfolio of bonds. And hedging is not always possible, because even when derivative instruments are available, they do not necessarily match the duration and characteristics of the exposed business, and can easily become prohibitively expensive. Still, it does help to borrow selectively from risk management practices at FIs.
Teaming up with the enterprise risk management (ERM) office within the organisation does make sense. In recent years ERM (see Box 3) has become a business field in its own right, and has introduced standardised methods and terminology that may very well resonate better with an internal audience and stakeholders outside treasury.
BOX 3: Treasury policy and enterprise risk management
Financial risks are by no means unique or the only risks facing an organisation. In past decades, enterprise risk management (ERM) has become a discipline in its own right, with methodology, approaches and vocabulary codified within standards such as ISO 31000. Across the globe there are associations, including the Global Risk Management Institute (GRMI), that propagate ERM standards and principles.
ERM distinguishes four types of risk, as described in Fig. 3. Whereas most of the risks managed by treasury fall squarely in the financial risk quadrant, treasury is not the sole occupier of that quadrant. For instance, property values are also market risks, and typically not the responsibility of treasury. Furthermore, treasury is often responsible for managing risks in one of the other quadrants. Some examples include the following:
- Cash flow exposures are highly dependent on economical and societal factors that drive supply and demand. These factors are categorised in the strategic quadrant
- Treasury is responsible for risk factors such as cyber-security, key controls, and fraud that are categorised in the operational risk quadrant
- When treasury is responsible for the insurance portfolio or an insurance captive, it will be involved in managing the impact of risks categorised in the hazard quadrant
FIG 3: Treasury and the ERM risk quadrants
Source: GRMI
Defining risk scenarios
The first step in formalising an organisation’s risk appetite is the definition of risk scenarios. In the context of creating a treasury policy, the focus is on the six classic treasury risk categories, such as credit, liquidity or exchange risk (see Box 1 on page 6 of this guide). Other business risk categories, such as physical hazards and strategic risks, are expected to be covered by other policy documents, and their cash flow implications will be incorporated in the next step.
Risk scenarios should include all risk factors that have material impact on the organisation’s performance. However, for the sake of transparency and governance, it makes sense considering all treasury risks, and documenting the considerations as to why a specific risk factor is deemed to have no or negligible impact on the organisation’s performance. This information can be useful at a future date when circumstances and perspectives may be different.
The impact of a specific risk factor depends on the organisation’s business footprint. For instance, a small local German bakery might possibly ignore commodity and currency risk, even though its purchase prices for flour, sugar and energy are all determined on global commodity markets in USD. The reason being that local competitors are similarly exposed to these markets, and the demand for bread is rather price inelastic. On the other end of the spectrum, a global player in capital goods – say a machinery manufacturer – operating out of Germany most certainly will have to pay close attention to the EUR/USD exchange rate and steel prices, especially when its main competitor is a US-based firm.
A specific risk might impact the organsation’s performance in different ways at the same time. For instance, the aforementioned German global player will have a labour-cost advantage compared to its US competitor when the euro weakens against USD. At the same time – and assuming steel and energy prices in USD continue at the same level – the cost of goods sold for the German company will increase, whereas the gross margin of the US competitor won’t be impacted.
Enterprise-wide risk scenarios have multiple dimensions, of which treasury risk is but one. That is, the treasury operational risk category is quite similar in nature to hazards, operational risks and R&D risks as managed by other business owners. These risks, together with strategic risks, typically impact growth prospects and business costs and their related cash flows directly. Other treasury risk categories such as commodity prices are different, impacting financial performance and the businesses’ cash flows and balance sheet positions.
Given the multitude of dimensions, it is tempting to use sliding scales for the different risk dimensions. While sliding scales are useful for understanding dependencies, correlations and impact itself, for the purpose of formalising the organisational risk appetite it is more useful to define a fixed set of parameters for the following three scenarios:
- Base case
- Best case
- Worst case
When there are clear indications that the probability of the impact of all risks combined is not normally distributed, it makes sense to define additional scenarios.
For the base-case scenario, each risk factor is set to its most probable level, whereas for the best and worst case, each ought to be set to a more, or even the most, extreme level. However, when risk factors are negatively correlated it makes sense to reflect this in the definition of the scenarios. For instance, if energy price fluctuation and a change in GDP are both identified as risk factors, and analysis demonstrates a negative correlation, then an amplifying effect is evident, and the worst case deteriorates still further for those reliant on energy. Conversely, if you’re an oil company and the price goes up, it’s to your benefit, and there will still be buyers in an economic downturn even if volumes overall fall. Context matters.
The parameters for financial market risks included in the base-case scenario can be taken from forward and forward-forward rates/prices and zero coupon yield curves, as these incorporate the market expectation for rates and prices at future dates.
Best- and worst-case scenarios for financial market risks can be created by adding volatility information to the base-case scenario for financial market risks. See Fig. 4 below.
FIG 4: Sample reporting 3M EURIBOR rate scenario
Source: Bloomberg/ABN AMRO
Modelling treasury exposures
Financial market risk scenarios are only half of the input necessary for calculating the impact on financial performance. Treasury also requires an understanding of the business that is exposed to financial market risks. The relevant business exposures are all future cash flows, the P&L and balance sheet.
Typically, these projections are a key deliverable of the financial planning and analysis (FP&A) department, and are already included in management reporting. Unfortunately, FP&A models do not necessarily incorporate all information required for a complete sensitivity analysis. FP&A reports typically have to be enriched with:
- Best/worst-case cash flow and balance sheet implications of ERM risk scenarios other than treasury risks
- Intercompany cash flows (both operational and financial)
- Breakdown of cash flow and balance sheet exposures by local (fiscal) entities
- Breakdown of cash flow and balance sheet exposures by currency
- Interest conditions on external and intercompany borrowing and lending positions
- Extrapolation of the forecast horizon
Notwithstanding its shortfalls, it makes sense to leverage the investment already made in the FP&A forecast as much as possible, if only because it is widely recognised as the internal consensus on the organisation’s business outlook. Furthermore, the underlying data model, and much of its functional engine, overlap with the treasury requirements. Reusing these avoids unnecessary investment and maintenance. Additionally, building the treasury exposure sensitivity assessment on top of the FP&A reporting also provides a framework for periodic treasury risk reporting going forward.
Without elaborating on common pitfalls and issues related to the modelling exposures and reporting of risk sensitivities, suffice it to say that the results will be a trade-off between additional effort and complexity on the one hand, and the accuracy and insight the model may provide on the other. The credibility of the model is defined by its ability to replicate reality when fed historic conditions.
When working on the treasury exposure model, it also makes sense to team up with the tax department, as tax colleagues have very similar financial exposure requirements for their global and local tax and transfer pricing assessments.
Assessing risk sensitivity
With risk scenarios agreed, and treasury exposures modelled, the next step is assessing the organisation’s sensitivity to risk. The risk sensitivity assessment has two dimensions:
- Understanding raw business exposure sensitivity to (treasury) risk
- Exploring the necessity of, and options for, managing the exposures and hedging
A realistic assessment of the organisational sensitivity to the different treasury risks is key to understanding the materiality of the impact. At the same time, it will be the backdrop for discussions regarding risk appetite and hedge requirements.
The sensitivity assessment reporting would need to include a breakdown of where, and to what extent, risk scenarios impact the financial performance of the organisation. Such breakdowns could be completed by adding a scenario discrepancy line for each line in the cash flow, and P&L forecasts and balance sheet projections when compared to the base-case scenario.
The impact of the different scenarios could also be summarised by visualising the evolution of KPIs, such as debt/equity, interest coverage and debt capacity, given the different scenarios (see also Fig. 5). As risk management is an elusive topic for some, such visual reporting provides insight into the impact of risk itself, and also creates focus on the benefit, instead of the cost, of managing and hedging exposures.
FIG 5: Sample interest rate coverage sensitivity reporting
Source: Bloomberg/ABN AMRO
Given the fact that the impact of risk scenarios on the value of cash flows, interest rate (IR) cost and, for example, allocation of taxable results, is dynamic and cumulative, the analysis model requires a line for solving discrepancies. This would be either the line for liquidity or borrowing position on the balance sheet or a combination of both. Furthermore, it would be helpful to be able to stress test the results for specific elements in business risk scenarios by being able to adjust the parameterisation of risk factors.
Agreeing on risk appetite
With a proper treasury risk sensitivity assessment available, it is now time to discuss and decide on an organisation’s risk appetite. You will need to agree on:
- The maximum open exposure that management accepts, including its impact on the organisational performance
- How risk exposures have to be managed, and what hedge strategies and instruments are permitted
Typically, this phase in the process of writing the treasury policy consists of a series of discussions with executive management and the board of directors. The focus will first be on explaining the mechanisms by which treasury risks could impact performance, as well as the likelihood and magnitude of such performance impacts. Excluding existing and potential hedging at this point creates a focus on business exposure and the relevance of different treasury risks. It can increase awareness that some risks are more threatening than anticipated or put the concern about others at rest.
Presenting the potential impact of risk on raw exposures certainly triggers discussion about the variations an organisation is able and willing to absorb. It also triggers debate about the need to track and monitor risks going forward. The result of this discussion can be that some risks are not material or probable enough to be concerned about, whereas others will have to be reduced significantly because they are a threat to the sustainability of the business. The conclusions of this discussion become the foundation for the treasury mandate to monitor, manage, and report treasury exposures, and they form the basis for the risk management chapters within the treasury policy.
For the sake of transparency and future reference, it would make sense to document this conversation. Sharing the conclusions in the policy chapter regarding treasury vision and risk appetite might advance discussions with stakeholders because it provides rationale and urgency for treasury requests and collaboration. It can be useful for future reference to also document risks and exposures that have been put out of scope. Business circumstances and characteristics, as well as management perceptions, might change over time.
BOX 4: Risk vs exposure vs impact
Risk and exposures are often used interchangeably, but they are distinct. The risk factor is the external force that threatens an object or business, whereas the exposure is the object or business that is threatened by a risk. The objective of the risk management process is to manage the impact of the risk factor on the exposed object or business.
In the context of the treasury process, an organisation’s loan portfolio is exposed to the risk factor of interest rate (IR) volatility and so treasury is mandated with managing the impact that the IR change may have on the future cost of funding. See Section 5 of this guide for an example chapter from a treasury policy aimed at tackling interest rate risks.
Section 3: Drafting the policy and finessing its content
Main body of treasury policy document
Once the organisational risk appetite is established, the scope of the treasury defined, and the mandate formulated, drafting the policy is a relatively straightforward process.
Ease-of-use would dictate a logical structure of content and guidelines, and many organisations do have templates to use. A treasury policy typically has at least three dimensions:
- Content: the risks and exposures that have to be managed
- Process guidelines: instructions as to how to process and report the management of risks and exposures
- Governance and compliance guidelines: covering how to oversee, update and run the policy
There is no golden rule about which dimension the policy can best be structured along. Provided all dimensions are consistently covered, then a good outcome will result.
Content pillar
The content of a typical policy can be split along the lines of the six treasury risk categories (see Box 1 on page 6). The policy document should include at least the following topics for each of the risk categories:
- How the organisation and its sub divisions are exposed to the specific risk
- How exposures are supposed to be detected, calculated, and reported
- The maximum risk appetite in terms of risk limits
- The methods and instruments permitted for hedging treasury risks
- The KPIs related to monitoring and managing treasury risks
Process guidelines pillar
The process guidelines drive how the treasury processes should be organised, and who across the organisation is responsible for the (sub) processes or expected to contribute across all departments. This part of the policy document describes what executive management and the board expects from the treasury process, and mandates the treasurer to organise and implement it. This dimension is like the procedural template element. It should include at least the following elements:
- High-level process map. The treasury function is much wider than the corporate treasury department alone and treasury processes are deeply intertwined with other business procedures. For example, effective treasury risk management demands up-to-date information regarding projected sales and production plans as these drive future cash flow and balance sheet exposures. Treasury relies on sales, fulfilment management, and finance teams across the organisation for this information. A high-level process map enables the reader to identify handshake points and information exchange requirements between the processes carried out by treasury and the other business departments.
- RACI matrix. Using the responsible, accountable, consulted, and informed (RACI) matrix identifies at a functional level the involvement and responsibility of each stakeholder in treasury processes and delineates the management of the treasury risk.
- Reporting and KPIs. While the responsibility for treasury risk management is delegated to the treasurer, executive management retains overall responsibility and oversight. Therefore, the treasury policy will have included requirements that become the framework for periodic treasury reporting. It outlines the frequency at which risk-related KPIs have to be reported and identifies the report recipients.
Governance and compliance pillar
The governance and compliance dimension of any treasury policy governs:
- The maintenance of the document
- The outline of how to manage treasury issues and situations that are not (or not entirely) covered by the policy
It should consider the following elements:
- Change control and updates. As the organisation itself, as well as the risk appetite, may evolve over time, the treasury policy will need to be reviewed and updated as required. Board sign-off on any policy review and updates is necessary. The policy must include how and when the review and update process should be organised.
This is perhaps stating the obvious, but using functional titles within the policy instead of names of individuals is recommended. This eliminates the need to update the document when people join or leave the organisation. - Escalations and delegation. The treasury policy delegates responsibility to the treasurer, and defines at a high level how and within what boundaries the power is delegated. However, every so often treasury may be confronted with situations and issues that are not covered by the treasury policy or for which the policy does not provide clarity as to how to proceed. In order to address such situations and issues, the policy should include a procedure on how to escalate and resolve treasury risk management situations that are not fully covered by the treasury policy.
This procedure should include at least:
Typically, escalation is more likely during extraordinary circumstances such as an economic crisis or distress, when time is in short supply. Outlining a ‘quick guide’ to be included when escalating an issue for resolution not only assures sufficient decision support upfront, but it also facilitates compliance and auditing of decisions afterwards.
It also makes sense to include a requirement that treasury performs a self-assessment of all escalations periodically and reports on them. If an escalation is not a once-in-a-lifetime issue, and the board agrees with the conclusion that it may happen again, a plan is required to update the policy document.
In order to keep the organisation and policy agile, minor changes to the policy and some escalations to the CFO or a board committee could be delegated. In the case of delegation, and for transparency’s sake, it makes sense for the board to be informed of all changes and escalations within a specified time period.
- Management of user access profiles and proxy settings. Treasury processes involve sensitive business and financial information involving low-volume but high-value transactions. Access to treasury data and approval of treasury transactions has to be restricted. For listed companies, it is important that information access and transaction approval is regulated in line with external guidelines. The governance section in the policy, therefore, should make reference to internal and external guidelines and control. It should delineate:
- What user profiles can be set up i.e. by defining user profiles or listing minimum criteria for the definition thereof
- The identification of process steps that require approval, including conditions that must be met before approval can be given for system integration (eliminating the required approval in the case of automation)
- Delegate authority for approving:
Appendices to the policy
The use of appendices in which schedules and detailed overviews are maintained greatly enhances the flexibility of the treasury policy. When, for instance, the body text of the policy outlines the criteria for accepting a counterparty, the list of counterparties and their limits can be included as an appendix. The CFO could then approve the appendix and inform the board periodically. This approach reduces the need to update the treasury policy, and the time that has to be spent by board members on treasury issues.
There could be separate appendices for:
- Treasury organisation
- Preferred banking partners
- Permitted hedge instruments
- Permitted counterparties including counterparty limits
- Treasury IT landscape
- User access
- Proxy settings
BOX 5: Typical content of a treasury policy document
Version control
Includes mentioning the owner and history of the document, current version number and processes for (periodic) reviewing and updating of the document.
Scope and objective
Includes the treasury mandate, which takes in policy objectives, policy scope, and distribution of responsibilities. It should also include explicit out-of-scope items in the case of emergencies. There should also be risk-specific sections based on a standard paragraph structure including:
- Risk description
- Inflection points (how is the organisation exposed to this risk)
- Key objective of managing this exposure
- RACI matrix (identifying persons or functions that are responsible, accountable, consulted, and informed)
- Reporting requirements (including reporting frequency, report beneficiaries, and KPIs to be tracked)
Appendices
These could include:
- Risk appetite
- Derivative instruments permitted
- Approved limits
Reference documents
The treasury policy could reference related policy documents, such as those approved for IT, transfer pricing, authorisations and user access.
Section 4: Implementing the treasury policy
Formulating the treasury policy is never an end in itself, but rather a means to frame the management of treasury risk and exposures. Treasury processes have to be aligned to the policy, ensuring that information is reported with the appropriate level of detail, and as per the agreed KPIs and frequency. This sets the tone for how:
- The treasury function will have to be organised
- The treasurer is supposed to manage the treasury processes
- Treasury reporting on the responsibilities that are delegated
- Data has to be retrieved from processes
The last bullet in particular will drive the IT requirements and the use of applications.
In other words, the treasury policy is a high-level list of treasury requirements and, to a large extent, defines the target operating model for the treasury function.
See Fig. 6 below.
FIG 6: The treasury policy’s place within the Treasury Target Operating Model (T-TOM)
Source: Bas Rebel
A treasurer has to translate the treasury policy requirements into a destination architecture for treasury, including all processes, technology, and personnel necessary for being in control. For instance, if the policy states that central treasury is responsible for all cash, the cash manager will need access to, and possibly control over, the bank account structure, processes, and cash management systems that enable centralised cash management.
Fig. 7, below, illustrates how a destination architecture can be developed on the back of the treasury policy. KPIs and other reporting requirements (frequency, audience, control) within the treasury policy define the reporting requirements for which the treasury function will need to supply all necessary input data. Consequently, the treasury report requirements drive how the treasury has to organise the treasury process and IT requirements. The treasury processes and IT drive the investment in people and systems, as well as the necessary collaboration with other parts of the organisation.
FIG 7: Relationship between treasury strategy, processes, technology and reporting
Source: Bas Rebel
When the desired future state of treasury is drafted, the next step would be to understand what processes and systems have to be changed to reach it. A fit/gap analysis needs to assess which processes and systems can and can’t be leveraged. The fit/gap analysis scopes the effort and roadmap to implement the destination architecture for treasury.
A similar fit/gap analysis should be carried out on the collective and individual skill set of treasury staff. The outcome will be relevant input for career development and recruitment.
Last but not least, the fit/gap analysis provides input for budgeting treasury operations and prioritising treasury projects and allocating IT resources. Denying the necessary budget and priority for operations and projects implicitly means that treasury does not have the tools and resources necessary for managing treasury risks according to its mandate. You may need to back your policy up with investment.
A treasury policy document can and should be more than a list of limits and permitted instruments that is skimmed once and then pushed to the bottom of a drawer. When an upfront exposure analysis has created a consensus on the risk appetite, treasury will be able to use the policy document for educating internal stakeholders about its mandate and priorities. At the same time, it can be a reference document not only when managing exposures but also when securing the budget and resources necessary to define and mitigate risks adequately.
Section 5: Example Treasury Policy Chapter on Interest Rate Risks[2]
Introduction
<ORGANISATION> is exposed to interest rate risk primarily as a result of raging inflation i.e. the effect of IR movements on the market-value of balance sheet items needs to be considered. Corporate treasury’s mandate is to ensure that <ORGANISATION> is aware of its exposure to interest rate movements, and is positioned to take the necessary steps to manage these risks. Corporate treasury may use debt issuance or financial derivatives to achieve the desired risk profile and/or mitigate this risk.
Objective
The objective of interest rate management is to:
- Protect <ORGANISATION> financial position from adverse movements in IR, which will increase interest expense
- Balance its IR exposure by targeting a fixed/floating ratio of its total debt to lower volatility and increase predictability of net interest expense
Responsibilities
Guidelines and parameters
IR hedging instruments have to be approved by the risk committee and should meet the following conditions:
- All departments and individuals involved in executing and monitoring the instrument understand the mechanics and effects of it, in accordance with the extent to which they are involved with the hedging instrument. This must include but is not limited to the accounting at initiation, month-end and termination
- A company’s financial and reporting systems must be capable of recording, monitoring, and accounting for the instrument at initiation, month-end and termination
The list of approved hedging instruments must be accessible via an Appendix.
Overview of activities
Controls
Segregation of duties
Key treasury functions must be segregated to reduce the likelihood of errors and/or financial loss. Corporate treasury will assign the individuals or groups responsible for the following functions.
From a control perspective, key treasury functions must be adequately segregated to prevent possible fraud, operational errors, misappropriation of funds, unauthorised deals, concealment of trades and profit/loss manipulation. As a general rule, personnel involved in risk monitoring should be segregated from risk taking (i.e. executing transactions).
- Trade execution: staff authorised to execute transactions should not be in a position to settle, account for, or value the trades. Neither should they be allowed to mark-to-market the positions or conduct account reconciliation activities
- Trade confirmation: staff assigned to conduct confirmations should have knowledge of the trading limits and approved tools and strategy but should not be authorised to execute trades. This group is also responsible for maintaining and/or recording any changes to bank accounts or changes in bank settlement instructions
- Settlement of trades: staff handling cash settlement should be familiar with the accounts used for FX settlements and instructions for each counterparty but should not be authorised to execute trades, increase limits, or change the accounts/bank settlement instructions. These individuals will have access to required systems and will be able to retrieve reports detailing settlement amounts.
- Mark-to-market/reporting: staff responsible for valuation or the reporting of results should not be able to execute, confirm or settle trades.
Competitive bids
A competitive bidding process for external hedges is required and has to be documented.
Interest rate risk
Risk management will ensure all hedges are within the appropriate limits defined by the policy.
Regulatory reporting
Back office will ensure all regulatory reporting, such as EMIR reporting, has been filed for the required transactions.
Report generation
The reports described in Section [X] of <ORGANISATION> policy should be distributed to others in the firm based on the frequency prescribed in the treasury policy.
Monitoring and reporting
Corporate treasury, risk management, and accounting have primary responsibility for developing and distributing all IR risk management-related reports. These reports will be tailored for each level of management based on the degree of information and detail necessary to communicate the programme results.
The following reports will be maintained and distributed in relation to interest rate risk management.
Monitoring and reporting
Notes
- Based on M. W. Elliot (red), Risk Management Principles and Practices 3rd edition, GRMI, page 6-16. GRMI’s definition is slightly different though: “total exposure that an organisation wishes to undertake on the basis of risk/return trade-offs for one or more desired and expected outcomes.”
- This sample is entirely fictitious and for the purpose of illustrating how the different dimensions as described in this article can be combined and covered.