Sound Risk Management Practices for Private Banking Activities
July 11, 1997
Circular No. 10962

To the Chief Executive Officers of All State Member Banks, Bank Holding Companies, Edge Corporations, and Branches and Agencies of Foreign Banks in the Second Federal Reserve District:

Private banking activities, which involve among other things, personalized services such as money management, financial advice, and investment services for high net worth clients, have become an increasingly important aspect of the operations of some large, internationally active banking organizations. The Federal Reserve has traditionally reviewed private banking activities in connection with regular on-site examinations. As you may know, in 1996 and 1997 this Bank undertook a comprehensive review of private banking activities at approximately 40 domestic and foreign banking organizations in the Second District in order to enhance the Federal Reserve's understanding about private banking operations. Examiners focused principally on assessing each institution's ability to recognize and manage the potential reputational and legal risks that may be associated with inadequate knowledge and understanding of its clients' personal and business backgrounds, sources of wealth, and uses of private banking accounts. In carrying out the reviews, examiners considered the parameters of an appropriate control infrastructure that is suited to support the effective management of these risks.

The reviews indicated that there are certain essential elements associated with sound private banking activities, and these elements are described in a paper entitled "Guidance on Sound Risk Management Practices Governing Private Banking Activities."

The sound practices paper provides guidance regarding the basic controls necessary to minimize reputational and legal risk and to deter illicit activities, such as money laundering. The essential elements associated with sound private banking activities are, in brief outline, as follows:

  • Management Oversight. Senior management's oversight of private banking activities and the creation of an appropriate corporate culture are crucial elements of a sound risk management and control environment. Goals and objectives must be set at high levels, and senior management must be proactive in overseeing compliance with corporate policies and procedures.
  • Policies and Procedures. All well-run private banks have written "Know Your Customer" policies and procedures, consistent with guidance provided by the Federal Reserve over the past several years, that require banking organizations to obtain identification and basic information on their clients, describe the clients' source of wealth and lines of business, request references, handle referrals, and identify red flags and suspicous transactions. They also have adequate written credit policies and procedures that address, among other things, money laundering-related issues, such as lending secured by cash collateral.
  • Risk Management Practices and Monitoring Systems. Sound private banking operations stress the importance of the aquisition and retention of documentation relating to their clients, as well as due diligence regarding obtaining follow-up information where needed to corroborate information provided by a customer or his or her representative. Inherent in sound private banking operations is the retention of beneficial owner information in the United States for accounts opened by financial advisors or through the use of off-shore facilities. Adequate management information systems capable of, among other things, monitoring all aspects of an organization's private banking business are also stressed. These include systems that provide management with timely information necessary to analyze and effectively manage the private banking business and systems that enable management to monitor accounts for suspicious transactions and to report any such instances to law enforcement authorities and banking regulators as required by the regulators' suspicious activity reporting regulations.
  • Segregation of Duties, Compliance, and Audit. Because private banking activities are generally conducted through relationship managers, banking organizations need to have an effective system of oversight by senior officials and by board committees, as well as guidelines pertaining to the segregation of duties to prevent the unauthorized waiver of documentation requirements, poorly documented referrals, and overlooked suspicious activities. Likewise, strong compliance and internal audit programs are essential to ensure the integrity of the risk managemant and internal control environment established by senior management and the board of directors.

In the event you have any questions regarding the sound practices paper, please contact Nancy Bercovici, Senior Vice President, Federal Reserve Bank of New York, or Richard A. Small, Special Counsel, Division of Banking Supervision and Regulation, Board of Governors of the Federal Reserve System, at (202) 452-5235.