Wipfli LLP - CPAs and Consultants
Affiliates Contact Us Careers Events About Wipfli
 
subscribe
Rate Content

 
View all Financial Institutions articles

Is Your Trust Department Fulfilling its Fiduciary Responsibilities?
March 01, 2008

by Sharon Johnson

Are you in compliance?

Has your financial institution been granted fiduciary powers, and does it exercise the fiduciary powers it has been granted? If you answered yes, your trust department is subject to an annual audit.

An annual audit of significant fiduciary activities is required by all banking regulators, including the OCC, OTS, FDIC, and the Federal Reserve. The banking oversight department of most states requires either the examination via statute or adoption of the requirements of the FDIC or Federal Reserve.

The institution's board of directors is responsible for ensuring the audit is completed and should be documenting the results in its minutes. The audit can be conducted by either a qualified, independent internal audit department or external audit firm who reports directly to the board.

What should be included?

While the applicable regulations in general require a suitable audit of significant fiduciary activities, there is no definition as to what is considered "suitable" or "significant."

The scope and coverage not only should be based on regulation and industry best practices but ideally should take into account an assessment of the risks associated with the fiduciary activities. For most organizations, a formal risk assessment may provide the best information for establishing scope and coverage in the audit of fiduciary activities.

The audit committee should be directly involved in determining that the audit program is sufficient for the fiduciary activities of the institution. The decision must be based on a variety of factors, including (but not limited to) regulatory requirements and trends, a formal risk assessment, prior examination results, as well as auditor guidance. 

The scope of each organization's annual audit may vary based on this information but, at a minimum, should include an evaluation of the overall control environment, a verification of assets, and a test of account administration.

What else could be subject to an audit?

In addition to the annual fiduciary activities audit, other related areas may be subject to a separate audit.  Additional activities to be considered for audit coverage include:

  • Collective investment funds. An annual audit is required for all colleative investment funds established under 12 CFR 9.18. In addition, a financial report must be prepared based on the audit results.

  • Transfer Agent activities. An annual audit is required for registered transfer agents.The audit should be designed to be applicable to the activities the transfer agent is involved with. While an annual audit is considered a requirement for registered transfer agents, transfer agents that qualify for exempt status under SEC Regulation 17 Ad-4 or institutions regulated by the FDIC, Federal Reserve, or OCC should consider the completion of adequate audit procedures as well.

  • Information technology (IT). A regular evaluation of policies, procedures, controls, oversight, and compliance with regulations, regulatory guidelines, and best practices related to IT in the trust area should be performed.

  • Service organization audits. When the institution performs certain fiduciary activities for other entities, an examination of the adequacy of the internal controls and internal control environment may be necessary. These are commonly referred to as SAS 70 audits.

  • Bank Secrecy Act (BSA). Trust departments must comply with the same BSA legislation as the rest of the institution, including Anti-Money Laundering, USA PATRIOT Act, and Office of Foreign Asset Control legislation. These procedures are required to be independently tested on an annual basis.

How do you get the most from your audit?

The scope and coverage of a fiduciary activities audit could change each year, depending on changes in regulations, applicable statutes, industry best practices, or overall risks, as well as internal changes.

It is important that your auditor stays current with changes that directly impact fiduciary activities. Continuous communication with the auditor is also key to ensuring such things as new processes and procedures, business lines, service arrangements, or accounting system conversions are disclosed.

A fiduciary activities audit should not be viewed as a necessary evil; rather, an annual audit should be a tool to provide improvements in the activities of the trust department.

The annual audit should assist in identifying control weaknesses, compliance risks, as well as inefficiencies. Control weaknesses put at risk not only the trust customers' assets but also the department's and institution's reputation. Identifying compliance shortfalls can provide the department with the ability to correct the deficiencies in time for the next regulatory examination, and identifying inefficiencies can assist with profit improvement and personnel constraints.