Best business practices to promote financial stability
Commission on Financial Services and Insurance, 9 November 1999

Introduction
The economic crises in Asia, Russia and Brazil in the recent past have clearly demonstrated that both governments and business have an interest in reducing the turbulence of global financial markets. While governments continue to debate the form that the new global financial architecture should take, business is making its own contribution to improving the resistance of the world financial system to crisis.

The following best practices have been drawn up by the ICC Commission on Financial Services and Insurance to highlight the most effective techniques employed by companies to reduce their vulnerability to financial shocks. Adhering to these best practices also contributes to global financial stability. Many companies have already committed themselves to establish best practices, and have invested the resources to instruct, teach and supervise their staff so that these practices are applied throughout the company.

Although this paper on best practices is mainly addressed to firms in the financial sector, it is important to note that they are relevant for businesses independent of their sector of activity and the location of the parent company. These recommendations therefore serve as a reference for all companies.

If large numbers of firms improve their financial practices and safeguards, the global financial system will be strengthened. Companies have no need to wait for implementing legislation or regulatory authorization to put these pragmatic measures into effect.

The ICC Commission on Financial Services and Insurance is composed of international experts representing the full spectrum of the financial services sector, including providers, brokers and users of financial and insurance products.

Commission members are convinced that transparency is the key to solid company practice and corporate governance. Transparency applies to all of the following best practices.

1. Risk management
Risk management is a firm's first line of defence against financial disruptions. The single most critical element of risk management is good personnel. Risk management, to some, consists simply of a series of computer programmes aimed at evaluating the risk of a particular transaction, portfolio or variety of portfolios. However, these quantitative techniques are based upon historical patterns, which are not always the best predictor of future events, and extreme events in particular. Experienced personnel can refine computer-driven results with knowledge of not only what is probable, but also what is possible.

A firm also needs the proper tools to manage risk by retrieving and analyzing large amounts of data. These tools are expensive. Often, financial institutions have disparate technological systems developed to service individual businesses around the globe. The ability to extract and normalize data from different systems and to align it along multiple dimensions of risk in a uniform, error-free format is one of the greatest challenges for any risk management operation.

Firms need to have controls and disciplines that protect them from the worst consequences of failures in operational risk. This extends not just to transaction controls but to legal and reputational risks which can have a far greater effect than any pecuniary losses a firm incurs.

Most importantly, risk management extends beyond the risk management department. Every person involved in the transaction - from the trader and salesperson to the operations clerk and documentation staffer - must be a risk manager. Only through senior management's commitment can this goal be achieved. The same discipline holds true for major end-users, who often engage in financial market activities at a level of complexity and scope rivaling those of dealers.

For small and medium sized enterprises (SMEs), risk management may involve a less complex and a more limited spectrum of issues than those facing a large-scale operation. Tens of thousands of SMEs worldwide obtain credit management services and protect their capital invested in accounts receivable - whether in the context of domestic or cross-border trade - against the risk of non-payment by purchasing credit insurance.

Good company practices include:

• Validating all computer models. This is important as significant risk arises from derivatives trading and other activities involving prices that depend upon computer models. It includes checking consistency with a third party's analysis of various assumptions reflected in a model and with assumptions made in other models used by the firm. Validation should also include ensuring that assumptions in models are consistent with the strategic views of the firm and its senior management.
• Creating a risk management structure that is independent of a firm's core business. Ideally, this independent department should report directly to the firm's chairman or chief executive officer.
• Conducting periodic reviews performed by internal and external auditors to assure another layer of independent control.

2. Long-term commitment and responsible behaviour
Statistics of financial flows during the Asian financial crisis show that behaviour of investors varied according to whether their investments were long- or short-term. Despite a sudden surge in withdrawals of commercial bank credit, long-term foreign direct investment continued to grow.

Financial flows to Asia Pacific, 1996-98 (in US$ billion)

Source: Institute of International Finance, April 1999

Lenders also have a responsibility towards their shareholders and depositors and must be aware that sudden changes in credit policy, even when financing short-term credit risk, can in themselves create risk. This is especially true when changes are introduced by several banks at the same time. Ways of increasing transparency in lenders' behaviour and limiting such changes as far as possible should therefore be investigated.

3. Credit procedures
Credit risk is clearly a component of risk management that should be constantly monitored and controlled. Market risk seeks to measure the risk associated with market movements, while credit risk seeks to measure the ability of counterparties to make due payments of interest and principal on debts irrespective of such market movements.

Good company practices include:

• Implementing credit procedures that require the credit department to become involved at the early stages of a transaction and formally sign off on credit transactions to the extent that particular transactions are not subject to pre-existing approved credit limits.
• Carrying out regular evaluations of counterparties to ensure that credit decisions are based on up-to-date analysis.
• Aggregating total credit exposure. Since most major financial market participants maintain a global presence, an effective credit department needs to aggregate exposures to counterparties regardless of where the business is conducted.
• Aggregating exposures by sector (industrial, geographical, etc) to ensure that there are no undue concentrations of risk either within the firm or in relation to the firm's balance sheet.
• Instituting credit systems to distinguish between exposures that can be legally netted (i.e., set off) against a firm's liabilities due to a counterparty, and those that cannot.
• Flagging exposures that exceed certain limits, both in financial amounts and in frequency.
• Ensuring that, if the credit department is not satisfied with margins, collateral quality or counterparty behavior, positions may be appropriately liquidated or other action may be taken.

4. Sales practices
Allegations of sales practice shortcomings arise in virtually every dispute that ripens into litigation. Sales practice problems involve not only oral misrepresentations, but also defective marketing materials. Proper sales practices become especially critical when new or complex products are introduced to counterparties or when transactions are negotiated over a long period. Although different sales practice rules apply to different financial instruments, they can be reduced to the principle of treating customers and counterparties fairly. The importance of transparency in this context cannot be stressed enough. Given that sales practices are not subject to comprehensive black and white standards, it can be difficult to police the relationship between a financial institution and its counterparty. Often, when a trade loses money, non-dealer counterparties claim the dealer, as the advisor or fiduciary, should bear the loss.

Good company practices include:

• Defining clearly the obligations of the buyer and seller when entering a transaction. This avoids legal uncertainty arising from issues such as the risks that each party is undertaking.
• Training salespeople in proper sales practice. Salespeople should have a general knowledge of all products in addition to their specialized knowledge of a particular product, especially leveraged or derivatives trades.

5. Credit information availability
A dependable and accurate flow of data is vital for understanding and managing risk. Knowledge can be the antidote to confusion and fear, and confusion and fear are often the driving forces behind perceived credit risks and volatility in the market.

Regrettably, in the global financial market there is a lack of uniformity in the type and availability of information used as the basis of credit determinations. When a firm or financial institution deals with a hedge fund, for example, imporant aspects of the risks of the hedge fund's portfolio may remain obscured. By contrast, rating agencies provide a degree of consistency for rated institutions although there is always a danger that the ratings may not be entirely accurate or current.

Good company practices include:

• Developing a voluntary consensus on the type of information that should be made generally available from any institution conducting business in financial markets. Senior officials from various financial sectors, including end-users, should agree upon the appropriate level of detail without divulging proprietary information. Such information ultimately would act as a natural regulator of the amount of credit extended. This consensus would create a template for a voluntary disclosure mechanism.

6. Documentation practices
If transactions are not properly documented and key terms are not incorporated in the documentation, lengthy and expensive lawsuits may arise. During periods of market stress, every aspect of a transaction will be scrutinized and often non-payment will be based on controllable factors, such as documentation and sales practices, as opposed to non-controllable market and credit deterioration. An effective docu mentation policy should include elements of a credit approval process so that credit decisions are incorporated into documents.

Good company practices include:

• Ensuring that the person signing the document from both the firm and the counterparty have signing authority. Counterparties sometimes claim that losing trades are ultra vires and, therefore, that no contract or obligation to pay exists.
• Developing a documentation deficiency list, with time deadlines, that identifies counterparties without documents. This allows firms to take aggressive follow-up action, including a mandatory cessation of new business with deficient counterparties.
• Establishing a documentation policy with more stringent standards for entities when a risk-based analysis reveals a greater likelihood of an adverse market or credit event, due to market, geographical, product-type, or other relevant factors. The greater the likelihood of such an event, the greater the need to require signed documents before any trade is executed.

7. Role of internal audit, external audit and compliance
The compliance department is typically considered the enforcer of the rules of regulatory and self-regulatory bodies. Broadening the mandate of a compliance department and that of internal and external audit could have the beneficial corollary effect of responding to criticism that voluntary guidelines are not enforced. Enlightened surveillance tools, inspired by perceptions of risk rather than based solely upon requirements of regulators, could trigger independent reviews of adherence to voluntary guidelines when risk measures reach predetermined thresholds. Because these guidelines are designed to save money and maintain reputations, firms themselves have the best motivation to ensure that they are followed.

Good company practices include:

• Establishing a committee of senior employees or board members (from both operational and control functions) to ensure that these best practices are implemented in an integrated fashion. Representation on this committee by senior executives of a firm demonstrates that the project is important and that the mission of adopting and enforcing best practices is a high priority. This committee would not be the "risk committee"; rather it would be a committee that ensures that the best practices are properly implemented in a coordinated and consistent manner.
• Undergoing occasional internal and external audit to ensure that internal mechanisms are operating correctly.

8. Financial accounting standards and practices
The quality and integrity of corporate financial statements - the assurance that they provide a complete and accurate picture of company operations - are critical to financial stability. Investors rely on this information to make decisions; in its absence, they may overreact to unexpected corporate performance, causing panic in the marketplace and possible serious damage to the firm's interests.

For this reason, it is essential that companies employ high-quality accounting standards and practices in preparing financial statements an d assuring their accuracy. The ultimate objective is a single set of high-quality international accounting standards such as promoted by the Fédération des Experts Comptables Européens, widely accepted international standards for auditing, and a solid independent professional ethic to back them up. Global business urges the profession, through its international organizations, to develop these standards as soon as possible, and asks governments to support this effort by accepting these standards for compliance with national regulatory requirements.

Good company practices include:

• Employing the highest quality accounting standards available in compiling financial statements to comply with national regulatory requirements and with international standards as far as possible.
• Using external auditors that are truly independent and exercise appropriate skeptical judgment. External auditors should report to the shareholders and board of directors.
• Establishing effective systems of internal control. These should be reviewed periodically for effectiveness and adjustment.
• Establishing and supporting a truly independent audit committee of the board of directors to oversee internal accounting activities and deal with the external auditors. The audit committee should report to the company's chief executive officer.
• Encouraging the firm's national professional bodies to improve standards and strengthen the credentials and experience of accredited professionals in agreement with international standards.
• Assuring that accountability and responsibility start at the top and permeate down through the management ranks.
• Operating information technology systems which are capable of organizing, analyzing and presenting the data needed to implement these best practices.

9. Corporate governance
Increasingly, the quality of a firm's corporate governance is recognized as an important factor in both its ability to attract equity capital and its overall corporate performance. An understanding of a company's management structure and objectives can reassure investors in times of financial turmoil, thereby encouraging stable capital flows.

ICC commends the extremely valuable work that has been done by the OECD's Business Sector Advisory Group on Corporate Governance and the efforts to build on that work through the drafting of OECD corporate governance guidelines.

The OECD's Principles of Corporate Governance recommend that a firm's corporate governance framework should:

• Protect shareholders' rights.
• Recognize the rights of stakeholders as established by law and encourage active cooperation between the corporation and stakeholders in creating wealth, jobs, and the sustainability of a financially sound enterprise.
• Ensure the equitable treatment of all shareholders, including minority and foreign sharehold ers. All shareholders should have the opportunity to obtain effective redress for violation of their rights.
• Disclose timely and accurate information on the corporation's activities, including the financial situation, performance, ownership and governance of the company.
• Ensure the strategic guidance of the company, the effective monitoring of management by the board, and the board's accountability to the company and shareholders.

10. Anti-corruption
One of the principal effects of corruption is to misallocate economic resources, and particularly to divert investment into unsound projects. Other harmful effects of corruption include the distortion of competition. There is an increasing need to combat corruption in parallel with the liberalization of global exchange of products and services. When financial services transactions are influenced by corrupt practices on a wide scale, there is a clear threat to the health and stability of the global financial system.

ICC business leaders began working on this problem in 1975. The efforts resulted in the pioneering "1977 ICC Rules of Conduct to Combat Extortion and Bribery" (the updated 1999 version of which can be found on the ICC website www.iccwbo.org). The ICC Rules were intended to be a method of self-regulation by international business and have been used increasingly by companies to establish their own codes of conduct. Voluntary acceptance of the ICC Rules by businesses not only promotes high standards of integrity in business transactions, whether between enterprises and public bodies or between enterprises themselves, but also forms a valuable defensive protection against extortion.

ICC has always maintained that the fight against corruption requires close cooperation between governments and the private sector. Consequently, ICC gave its firm support both to the 1994 OECD Recommendation and to the 1997 OECD Convention which binds countries to enact legislation which criminally punishes the bribing of foreign public officials. At international level, ICC has joined forces with the World Bank, OECD, the UN and other key organizations to combat this blight on the international trading system.

While recognizing the need for government action, firms should themselves:(1)

• draw up company rules - applicable to foreign subsidiaries as well as to the parent company - consistent with the ICC Rules of Conduct which prohibit the taking as well as the paying of bribes;
• give top management and the company's governing body responsibility for devising systems for implementing the rules;
• put in place an effective compliance programme containing measures for education, training, and appropriate disciplinary measures if the rules are violated;
• apply sanctions against violators fairly, consistently, and without bias;
• establish clear procedures and limits for employees with regard to so-called "facilitating payments", as well as gifts or entertainment expenses;
• establish specific compensation gui delines to ensure that an agent's compensation is not excessive in relation to the services he renders;
• require agents to sign a written agreement containing, among other items, a commitment not to pay bribes; and
• maintain an accounting policy with explicit prohibitions against off-the-books or false entries.

Document 113/54 Rev.2
9 November 1999

FOOTNOTE
(1) Recommendations drawn from: FIGHTING BRIBERY: A CORPORATE PRACTICES MANUAL. ICC Publishing, April 1999