FRBSF: BS&R - Investment of Fiduciary Assets; Revised Interagency IT Rating(04/08/1999)

The Federal Reserve Bank of San Francisco

Home |

District Circular Letters

District Circular Letters Index

April 8, 1999

BANKING SUPERVISION AND REGULATION:

INVESTMENT OF FIDUCIARY ASSETS IN MUTUAL FUNDS

UNIFORM RATING SYSTEM FOR INFORMATION TECHNOLOGY

To State Member Banks, Bank
Holding Companies, Edge Act Corporations,
U.S. Branches and Agencies of Foreign Banks,
and Others Concerned
in the Twelfth Federal Reserve District

Guidance Regarding Investment of Fiduciary Assets in Mutual Funds and Conflicts of Interest

Increasingly, banks and trust institutions are encountering various direct or indirect financial incentives to place trust assets with particular mutual funds. These incentives range from payments structured as reimbursements for services or for transferring business to an unaffiliated fund family, to the financial benefits arising from the use of mutual funds that are managed by the institution or an affiliate. The primary supervisory concern is that an institution may fail to act in the best interest of beneficiaries if it stands to benefit independently from a particular investment. As a result, an institution may expose itself to an increased risk of legal action by account beneficiaries, as well as to potential violations of law or regulation. The Federal Reserve has issued the enclosed supervisory guidance (SR 99-7 [SPE]) to help institutions minimize these risks and to help ensure that their activities meet fiduciary standards.

Institutions should ensure that they exercise and document an appropriate level of due diligence before entering into any compensation arrangements with mutual fund providers or placing fiduciary assets in their proprietary mutual funds. The enclosed supervisory guidance discusses the type of measures that should be included in this process, including a reasoned legal opinion addressing the activity, appropriate policies and procedures, and documented analysis and ongoing review of investment decisions.

Revised Interagency Rating System for Information Technology

On January 13, 1999, the Federal Financial Institutions Examination Council (FFIEC) adopted a revised Uniform Rating System for Information Technology (URSIT).¹ A copy of the revised system is enclosed, as published in the Federal Register on January 20, 1999 (64 FR 3109). The revised URSIT, which became effective April 1, 1999, is to be used in information technology examinations of all banks and data processing service providers commencing after that date.

The banking agencies originally adopted the URSIT on the recommendation of the FFIEC in 1978. Over the years, the URSIT has proven to be an effective internal supervisory tool for evaluating the condition of an institution's or service provider's information technology function. Changes in information technology, as well as in the banking agencies' supervisory policies and procedures, prompted a review and revision of the 1978 rating system. In June 1998, a proposed revision to the URSIT was issued for public comment and distributed to examiners for field-testing. The final revised URSIT, which supersedes SR Letter 78-507, incorporates the comments received on the proposal and from the field testing. The revisions include

additional language to conform the URSIT to the Uniform Financial Institution Rating System;²
clarification of the component ratings and a reformat of the descriptions for the ratings;³
two new component categories, "Development and Acquisition" and "Support and Delivery," which replace "Systems and Programming" and "Operations";
an emphasis on the quality of risk management processes in each of the rating components; and
a requirement that examiners explicitly identify the risk types that are considered in assigning component ratings.

We have also enclosed a guide adapted from the Information Systems Audit and Control Foundation COBIT Implementation Tool Set. The guide identifies technology concerns and their relationship to specific rating factors, and provides a risk analysis baseline for the identification of critical areas in a risk-focused examination methodology.

For Additional Information

SR 99-7 (SPE) and the revised Uniform Rating System for Information Technology (listed as SR 99-8 [SUP]) are also available on the Board's web site, at http://www.federalreserve.gov/boarddocs/SRLETTERS, as are all other referenced SR letters. For additional information regarding these matters, please contact our Banking Supervision and Regulation Department, at (415) 974-2998 [for the Guidance Regarding Investment of Fiduciary Assets in Mutual Funds and Conflicts of Interest], and (415) 974-2947 [for the revised URSIT].

FEDERAL RESERVE BANK OF SAN FRANCISCO

¹ The revisions to the URSIT were developed by the staffs of the Federal Reserve, the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision.
² Refer to SR Letter 96-38, "Uniform Financial Institution Rating System (UFIRS)."
³ Refer to SR Letter 96-26, "Provision of Individual Components of Supervisory Rating Systems to Management and Boards of Directors."