CFSA Study Guide PDF

Certified Financial Services Auditor
Examination
CFSA
Study Guide
Albert J. Marcella Jr., Ph.D., CFSA, COAP, CSP, CQA, CDP, CISA
William J. Sampias, CFSA, CISA
James K. Kincaid, CFSA
2
Reviewers and Contributors
The authors wish to acknowledge the Institute of Internal Auditors, the Information Systems
Audit and Control Association, the National Association of Certified Financial Services
Auditors, and the American Institute of Certified Public Accountants for permission to quote
extensively from Standards for the Professional Practice of Internal Auditing, Statements on
Auditing Standards, Control Objectives for Information and related Technology, and Codes of
Professional Ethics, and other publications. The willingness of these professional bodies to permit
use of these materials contributed greatly to the development of this study guide series.
Additionally, the following individuals were instrumental in providing evaluation, constructive

feedback and suggestions for improvement, to these professionals we are also indebted to:
Michael I. Balbirnie, Senior Vice President, First Union Corp

Robert J. McNichols, Director of Internal Audit, Penn National Insurance
Bruce Monahan, Vice President/Director of Internal Audit, GRE Insurance Group
Dedication
Special thanks go to our families, spouses, parents, and children, whose continuing support, love,
and patience has been a source of strength and motivation.
With heartfelt thanks,
AJM
WJS
JKK
2
3
About the Authors
Albert J. Marcella, Jr. Ph.D., CFSA, COAP, CQA, CSP, CDP, CISA, is an Associate Professor
of Management in the School of Business and Technology, Department of Management, at Webster
University, in Saint Louis, MO. Dr. Marcella remains the president of Business Automation
Consultants, an information technology and management-consulting firm. He has contributed
numerous articles to audit related publications and has authored and co-authored 15 audit related
texts.
Dr. Marcella, holds a Ph.D. in Management with emphasis in Information Technology from Walden
University in Minneapolis, a Masters of Business Administration in Finance, from The University
of New Haven in Connecticut, and a Bachelor of Science degree in Business Administration with a
dual major in Management Information Systems and Management from Bryant College in Rhode
Island.
William J. Sampias, CFSA, CISA, has been involved in the auditing profession for the last decade
with a primary emphasis on audits of information systems. Mr. Sampias has published several
works in the areas of disaster contingency planning, end-user computing, fraud, effective
communications, and security awareness. Mr. Sampias is currently Director of an Information
Systems Audit group. He holds an MBA from the University of Illinois at Springfield.
James K. Kincaid, CFSA, has over 15 years experience conducting and managing audits to assess
the effectiveness of government programs and operations. Prior to entering the government
auditing field, Mr. Kincaid worked in the insurance industry. He is the co-author of several books,
articles, and training courses on topics such as fraud auditing, business ethics, writing skills, and
computers. In addition to auditing, Mr. Kincaid has served as an adjunct instructor at Lincoln Land
Community College. He has also taught many audit training courses and spoken at several audit
conferences. He holds a Master of Arts degree in English and an MBA from the University of
Illinois at Springfield.
.
3
4
Please contact the following to obtain additional information on obtaining copies of this
Study Guide:
The Institute of Internal Auditors

C.S. 1616
Alpharetta GA 30009-1616
+1-877-867-4957 (toll free in the U.S. and Canada)
or +1-770-442-8633 ext. 275
email: iiapubs@pbd.com
online: www.theiia.org
Copyright 2000. All rights reserved. No part of this work may be used or reproduced in any
manner whatsoever, including but not limited to electronic medium, without express written
permission from The IIA.
4
5
CFSA Study Guide

Table of Contents
Preface
Special Notice
Core Competencies for Financial Services Auditors
Recommended Review Materials
Internet Resources
Preparing to Pass the CFSA Examination
Core Competency Number One: Auditing

Unit 1 - Audit Standards
A. Institute of Internal Auditors (IIA) Standards
B. Introduction to IIA Standards
C. Text of the IIA Standards
D. AICPA Statements on Auditing Standards
Overview of SAS 65
Overview of SAS 70
E. CFSA Code of Professional Ethics
Unit 2 - Internal Audit Organization
A. Audit Charter
B. Reporting Responsibility
C. Audit Committee
Unit 3 - Internal Control
A. IIA Standards for Internal Control
B. Summary of AICPA Standards for Internal Control
C. Elements and Types of Internal Control
D. Evaluation of the System of Internal Control
E. Internal Control Integrated Framework (COSO)
F. Control Self Assessment
Unit 4 - Audit Process
I. Audit Planning
A. IIA Standards for Audit Planning
B. AICPA Standards for Planning Audits that Involve Computers
II. Audit Programs
A. IIA Standards for Writing Audit Programs
B. Functions of Audit Programs
C. Contents of Audit Programs
III. Audit Workpapers
5
6
A. IIA Standards for Workpapers

B. Purposes of Workpapers
C. Basic Workpaper Guidelines
D. Types of Information Typically Contained in Workpapers
E. The Role of Workpapers in Audit Supervision
IV. Audit Evidence
A. IIA Standards for Audit Evidence
B. Use of Evidence to Support Audit Findings
C Types of Evidence
D. Unsupported Allegations
E. Adequacy of Audit Evidence
V. Review and Evaluation of Findings
A. IIA Standards for Review and Evaluation of Findings
B. Additional Guidelines for the review and Evaluation of Findings
VI. Audit Reports
A. IIA Standards for Audit Reports
B. Additional Guidelines for Audit Reports
VII. Permanent Files
A. IIA Standards for Permanent Files
B. Types of Information Typically Contained in Permanent Files
Unit 5 - Audit Techniques
I. Risk Assessment
A. IIA Standards for Risk Assessment
B. AICPA Standards for Audit Risk
C. Overview of SAS 47
D. Overview of SAS 82
E. Types of Audit Risk
F. Methodology for Evaluating Audit Risk
G. Documentation of Risk Assessment
II. Analytical Review
A. IIA Standards for Analytical Reviews
B. AICPA Procedures for Analytical Procedures
C. Benefits of Analytical Reviews
D. Types of Analytical Reviews
III. Statistical Sampling
A. AICPA Standards for Audit Sampling
B. Basic Steps for Developing a Statistical Sample
C. Variables Affecting Sample Size
D. Variables Sampling
E. Attribute Sampling
IV. Flowcharting
A. Flowcharting
B. Narratives
C Questionnaires
V. Confirmations
A. AICPA Standards on Confirmations
6
7
B. Common Ways Auditors Use Confirmations

VI. Compliance and Substantive Testing
A. Compliance Testing
B. Substantive Testing
Unit 6 - Information Systems Auditing
A. Internal Control Development
B. Input/Processing/Output Controls
C. Segregation of Duties
D. Separation of Processing and Development
E. Reconciliation of Input to Output
F. Control of Data Files
G. Authorization of Transactions
H. Physical and Data Security Access Controls
I. End-User Computing - Including Microcomputers
J. Business Risk Planning
K. Audit Tools
L. Automated Administrative Procedures
Core Competency Number Two: Banking Industry

Unit 1 – Financial Statement Applications
I. Assets
A. Cash and Due From Banks
B. Federal Funds Sold and Securities Purchased Under Resale
C. Interest Bearing Accounts
D. Trading Securities
E. Securities Available for Resale
F. Loans
G. Allowance for Loan Losses
H. Premises and Equipment
I. Customer Acceptance (Letters of Credit)
E. Intangible Assets
F. Other Assets
II. Liabilities and Shareholders’ Equity
A. Deposits
B. Securities Sold Under Repurchase Agreements and Federal Funds Purchased
C. Other Borrowed Funds
D. Long-Term Debt
E. Preferred/Common Stock
F. Retained Earings
G. Treasury Stock
III. Other Services/Operations
A. Payroll/Employee Benefits
B. Automated Clearing House and Wire Transfer
C. Branch Operations
D. Trust
7
8
E. Investment Products
F. Asset/Liability Management
G. Use of Derivatives
H. Statement of Cash Flows
IV. Money and Banking
A. Role of Money and Banking
B. Bond and Stock Markets
C. Effect of Interest Rate Movements
D. Monetary Management Theories
Unit 2 – Laws/Regulations and Regulatory Environment
A. Overview of the Regulatory Environment
B. Laws and Regulations
Core Competency Number Three: Insurance Industry

Unit 1 – Applications/Processes
A. Marketing, Sales, and Distribution
B. Underwriting
C. Reinsurance
D. Acturial
E. Claims
F. Financial Reporting
G. Compliance
H. Investment Operations
I. Risk Management
J. Premium Audit
H. Administration
Unit 2 – Laws and Regulations
A. The McCarran Ferguson Act
B. State Insurance Commissions
C. The National Association of Insurance Commissioners (NAIC)
D. The Securities and Exchange Commission
E. Employment Retirement Income Security Act (ERISA)
F. State Model Laws
Unit 3 – Products
A. Life, Pension, and Annuity
B. Property and Casualty Products
Core Competency Number Four: Securities Industry

Unit 1 – Financial Markets
A. Overview
B. The Stock Exchanges
D. Over-The-Counter Market
E. Options Market
Unit 2 – Equities, Debt Securities, Options, New Issues
A. Common Stock
B. Preferred Stock
8
9
C. Warrants
D. Debt Securities
E. Options
Unit 3 – Mutual Funds
A. Basic Concepts
B. Income Mutual Funds
C. Stock Funds
D. Growth Mutual Funds
E. Balanced Funds
F. Specialized Funds
Unit 4 – Investment Trusts
A. Unit Investment Trusts (UIT’s)
B. Real Estate Investment Trusts (REIT’s)
Unit 5- Regulations
A. Securities Act of 1933
B. Securities Exchange Act of 1934
C. Investment Company Act and Advisors Act of 1940
D. National Association of Securities Dealers Rules
E. Municipal Securities Rule Making Board
F. Margin Lending
Appendix A- Questions, Comments or Corrections Concerning the CFSA Study Guide
Appendix B- Study Question Answers
9
10
Preface
The purpose of this Study Guide is to help you prepare to pass the Certified Financial Services
Auditor (CFSA) Examination. The Guide provides a general overview of the topics that will be
covered in the exam. However, it is critical that you perform additional study in areas where
your experience or background dictates the need for additional review. A list of resource
materials is included to provide additional resources to supplement your study.
Please feel free to submit your questions, comments, or corrections concerning the Guide to the
authors. The last page of the book has been designed to facilitate your notation of corrections
and comments. We appreciate any feedback, as it will help us improve future editions of the
Guide.
Good luck on the CFSA Exam.
10
11
SPECIAL NOTICE
The IIA assumed management of the CFSA during a merger with the
National Association of Financial Services Auditors (NAFSA) in June
2002. The CFSA designation was launched a few years ago by NAFSA,
who offered it as a four-part examination, twice annually. The IIA is
modifying the exam slightly by offering it in a one-part format, similar
to other IIA specialty examinations.
The CFSA demonstrates competency in financial-services audit
practices and methodologies. The 150-question pilot will test candidates’
knowledge on financial services auditing, banking, insurance, and
securities.
THE IIA WILL OFFER A PILOT OF THE REVISED CERTIFIED
FINANCIAL SERVICES AUDITOR (CFSA) exam on November 21,
2002 at IIA examination sites throughout the United States. This guide is
intended for use as study material for the November 2002 CFSA pilot
exam.
For more information, visit Certifications on The IIA web site.
11
12
Core Competencies for Financial Services Auditors

The Core Competencies for Financial Services Auditors, in the fields of Audit, the Banking
industry, the Insurance industry and the Securities Industry are used as a basis for construction of
the Certified Financial Services Auditor's examination. The Core Competencies are included
below.
This Study Guide is designed around the core competencies listed in the following section. Each
of the items listed below is addressed in the CFSA Study Guide.
• Auditing
• Brokerage
• Financial Institutions
• Insurance
I. Auditing
A. Audit Standards
1. IIA Standards
a. Independence
b. Professional Proficiency
c. Scope of Work
d. Performance of Audit Work
e. Management of the Internal Audit Department
2. AICPA Statements on Auditing Standards (SAS's) (emphasis on #65 & #70)
3. CFSA Code of Ethics
B. Internal Audit Organization
1. Audit Charter
2. Reporting Responsibility
3. Audit Committee
C. Internal Control
1. Elements and Types

2. Evaluation of the System of Internal Control
3. Internal Control Integrated Framework (COSO)
4. Control Self Assessment
12
13
D. Audit Process
1. Audit Planning
2. Audit Programs
3. Audit Workpapers
4. Audit Evidence
5. Review and Evaluation of Findings
6. Audit Reports
7. Audit Workpapers
8. Permanent Files
E. Audit Techniques
1. Risk Assessment
2. Analytical Review
3. Statistical Sampling
4. Flowcharting, Narratives and Questionnaires
5. Confirmations
6. Compliance and Substantive Testing
F. Information Systems Auditing (LANs, WANs, Mainframes, Microcomputers)
1. Internal Control Development

2. Input/Processing/Output Controls
3. Segregation of Duties
4. Separation of Processing and Development
5. Reconciliation of Input to Output
6. Control of Data Files
7. Authorization of Transactions
8. Physical and Data Security Access Control
9. End-User Computing - Including Microcomputers
10. Business Risk Planning
11. Audit Tools
a. Computer Assisted Auditing Techniques
b. Automated Administrative Processes
13
14
II. Banking Industry (Commercial Banks, Savings Banks, Credit Unions, Trust Companies,
Finance Companies, Credit Card Companies, Leasing Companies, Mortgage Bankers)
A. Financial Statement Application

1. Assets
a. Cash and Due from Banks
b. Federal Funds Sold and Securities Purchased under Resale Agreements
c. Interest Bearing Accounts
d. Trading Securities
e. Securities Available for Sale
f. Loans Held for Sale
g. Loans
I. Commercial
II. Residential
III. Consumer
IV. Leases
V. Credit Card
VI. International
h. Allowance for Loan Losses
i. Premises and Equipment
j. Customer Acceptances (Letters of Credit)
k. Intangible Assets
l. Other Real Estate Owned
m. Other Assets
2. Liabilities and Shareholders Equity

a. Deposits
I. Non Interest Bearing
II. Interest Bearing
III. Savings
IV. Time
b. Securities Sold under Repurchase Agreements
c. Federal Funds Purchased
d. Other Borrowed Funds
e. Long Term Debt
f. Preferred/Common Stock
g. Retained Earnings
h. Treasury Stock
14
15
3. Other Services/Operations
a. Payroll/Employee Benefits
b. ACH/Wire Transfer
c. Branch Operations
d. Trust
I. Personal
II. Corporate
III. Employee Benefit
IV. Transfer/Registrar
e. Investment Products
f. Asset/Liability Management
g. Use of Derivatives
h. Statement of Cash Flows
4. Money & Banking

a. Role of Money and Banking
b. Bond and Stock Markets
c. Effect of Interest Rate Movements
d. Monetary Management Theories
B. Laws/Regulations and Regulatory Environment
1. Overview of the Regulatory Environment

a. Federal Reserve System
b. Office of the Comptroller of the Currency
c. FDIC
d. State Regulatory Systems
e. NCUA
2. Laws and Regulations

Reg A - Borrowing by Depository Institutions
Reg B - Equal Credit Opportunity Act
Reg C - Home Mortgage Disclosure Act
Reg D - Reserve Requirements
Reg E - Electronic Funds Transfer Act
Reg J - Collection of Checks and other Items
Reg K - Edge Act
Reg L - Depository Institution Man. Interlocks Act
Reg M - Consumer Leasing
Reg O - Loans to Executive Officers
Reg P/Reg 21- Bank Protection Act
Reg Q - Interest on Deposits
Reg U - Credit by Banks for Purchase of Margin Stocks
Reg Y - Bank Holding Company Act
Reg Z - Truth in Lending (open end, closed end, credit cards, home
equity, right of rescission, restitution)
15
16
Reg BB - Community Reinvestment Act

Reg CC - Availability of Funds and Collection of Checks
Reg DD - Truth in Savings
Reg 34 - Real Estate Lending and Appraisals
Bank Bribery Act
Bank Secrecy Act
Fair Credit Reporting Act
Fair Debt Collection Practices Act
Fair Housing Act
Financial Institution Reform, Recovery and Enforcement Act (FIRREA)
FDIC Bank Improvement Act of 1991
Foreign Corrupt Practices Act
National Flood Insurance Program
OFAC
Real Estate Settlement Procedures Act
Right to Financial Privacy Act
Tax Identification Reporting (TIN Compliance)
Transactions with Affiliates - FRB Sections 23 A&B
Trust - 12 CFR Part 9
III. Insurance Industry
A. Applications/processes
1. Marketing, Sales and Distribution
2. Underwriting
3. Reinsurance
4. Actuarial
5. Claims
6. Financial Reporting
7. Compliance
8. Investment Operations
9. Risk Management
10. Premium Audit
11. Administration

1. The McCarran Ferguson Act
2. State Insurance Commissions
3. The NAIC
4. The Securities and Exchange Commission
5. ERISA
6. State Model Laws
16
17
C. Products
1. Life, Pension and Annuity
a. Individual Insurance
I. Whole Life
II. Term Life
III. Universal Life
IV. Endowments
b. Group Insurance
I. Life
II. Accident and Health
III. Accidental Death and Dismemberment
IV. Disability
V. Dental
VI. HMO's
VII. Managed Care
VIII. Utilization Management
IX. Preferred Provider Organizations
X. Administrative Service Only
c. Pensions
I. Qualified Plans
II. Tax Favored Individual Retirement Plans
III. Qualification Rules
IV. Plan Discrimination
V. Savings Plans
VI. Vesting
VII. Fiduciaries
VIII. Prohibited Transactions
IX. Annuity
X. Fixed Annuities
XI. Variable Annuities
d. Reinsurance
2. Property and Casualty Products

a. Workers Compensation
b. General Liability
c. Automobile
d. Homeowners
e. Umbrella Coverage
f. Financial Guarantees
g. Other
17
18
IV. Securities Industry (Broker Dealers, Full Service/Discount Brokers, Investment Bankers)
A. Financial Markets
1. Overview
a. Brokers and Dealers
b. Types of markets
c. Types of orders
d. New issues
e. Clearing and Settlement process
2. The Stock Exchanges

a. How the exchanges function
b. Listing and delisting rules
c. The consolidated tape
d. Specific rules relating to the NYSE
e. Regional stock exchanges
3. Over-The-Counter (OTC) Market

a. How the OTC functions
b. Listing and delisting rules
c. OTC rules
4. Options markets
a. How the option markets function
B. Equities, Debt Securities, Options, New Issues
1. Common Stock
a. Terms and definitions
b. Rights of common shareholders
2. Preferred Stock
b. Preferred stock prices and features
3. Warrants
4. Debt Securities
a. Corporate debt
b. U.S. Government debt
c. Municipal debt
d. Money market debt
e. Eurodollar debt
f. Effect of Interest Rates on Bond prices
g. Bond ratings
18
19
5. Options
a. Equity options
b. Index options
c. Interest Rate and Foreign Currency Options
d. Options Clearing Corp rules
e. Financial Listings
C. Mutual Funds
1. Income Mutual Funds
2. Stock Funds
3. Growth Mutual Funds
4. Balanced Funds
5. Specialized Funds
D. Annuities
1. Unit Investment Trusts (UIT's)
a. Fixed Annuities
b. Variable Annuities
2. Real Estate Investment Trusts (REIT's)
E. Regulations
1. Securities and Exchange Acts of 1933/1934
2. Investment Company Act and Advisors Act of 1940
3. National Association of Securities Dealers Rules
a. Registered Representative rules
b. Conduct of Customer Account rules
c. Trading and Market rules
d. Communications with the Public
4. Municipal Securities Rule Making Board

a. Registered Representative rules
b. Conduct of Customer Account rules
c. Trading and Market rules
d. Advertising and other rules
5. Margin Lending
19
20
Certified Financial Services Auditor Program Recommended

Review Materials
Audit
Standards for the Professional Practice of Internal Auditing
Institute of Internal Auditors
247 Maitland Avenue
Altamonte Springs, FL 32701-4201
Phone # (407) 937-1100
www.theiia.org/
COSO
Internal Control - Integrated Framework
AICPA
Harborside Financial Center
201 Plaza Three
Jersey City, NJ 07311-3881
(800) 862-4272
Brokerage
Introduction to Brokerage Operations Department
Procedures New York Institute of Finance
ISBN 0-13-478975-X
(212) 859-5000
Audits of Investment Companies

AICPA P. O. Box 9264
Church Street Station
New York, NY 10256-9264
(800) 862-4272
Financial Institutions
AICPA Audit & Accounting Guide for Banks and Savings Institutions
AICPA
Kenneth J. Namjestnik
Trust Audit Manual
Bank Administration Institute
Rolling Meadows, IL 60008-4097
(800) 323-8552
20
21
The Price Waterhouse Compliance Series

IRWIN Professional Publishing
Chicago 1996
IS Audit
Control Objectives for Information and Related Technology (Cobit), 1996
Information Systems Audit and Control Association and Foundation
http://www.isaca.org/cobit.htm
or
Systems Auditablity and Control
Institute of Internal Auditors
http://www.theiia.org/tech/sacrep.htm
Insurance
Kenneth Huggins & Robert D. Land,
Operations of Life and Health Insurance Companies
2nd Edition (LOMA - Life Management Institute, March 1996)
c/o PBD, Inc.
PO Box 930108
Atlanta, Georgia 31193
(770) 442-8631
Harriett E. Jones & Dani L. Long,

Principles of Insurance, Life, Health & Annuities
(LOMA - Life Management Institute, 1996)
c/o PBD, Inc.
PO Box 930108
Atlanta, Georgia 31193
(770) 442-8631
Barry D. Smith & Erica Wiening

How Insurance Works
2nd Edition 1994
Insurance Institute of America
720 Providence Road
Malvern, PA 19355- 0716
(800) 644-2101
21
22
Internet Resources
National Association of Financial Services Auditors (NAFSA)

www.nafsa.com/
The Institute of Internal Auditors (IIA)

www.theiia.org/
Information Systems Audit and Control Association (ISACA)

www.isaca.org/
IT Audit Forum
www.itaudit.org/
Information Infrastructure Task Force

www.iitf.nist.gov/
American Institute of Certified Public Accountants (AICPA)

www.aicpa.org/index.htm
Association of Certified Fraud Auditors

www.cfenet.com
Auditnet
www.auditnet.org
Federal Reserve System

www.federalreserve.gov/general.htm
Office of the Comptroller of the Currency

www.occ.treas.gov
Federal Deposit Insurance Corporation

www.fdic.gov
Code of Federal Regulations

www.access.gpo.gov
Bankinfo.com
www.bankinfo.com
22
23
Preparing to Pass the CFSA Examination
1. Begin preparing well in advance of the test date.
2. Secure the proper study materials. A list of supplemental books and materials is provided
in this study guide.
3. Find a suitable place to study.
4. Familiarize yourself with the exam site and surrounding facilities.
5. Relax and get plenty of sleep the night before the test.
6. Arrive at the exam site in plenty of time before the test begins.
7. Dress comfortably.
Test Taking Tips
1. Read the entire question slowly and carefully before attempting to answer it.
2. Answer the questions in which you are certain of the answer first, then go back and spend
the remainder of the available time working on the other questions.
3. Budget your time.
4. Read answer choices carefully.
5. Answer all questions. The number of correct answers determines your final score on the
CFSA examination. Therefore, there is no penalty for providing a wrong answer. So
guessing is better than not answering a question at all
23
24
VOLUME I
AUDITING
24
25
CORE COMPETENCY NUMBER ONE: AUDITING

A general definition of auditing is the systematic process of objectively obtaining and evaluating
evidence regarding assertions about economic actions and events to ascertain the degree of
correspondence between those assertions and established criteria and communicating the results
to interested users. i
UNIT 1: AUDIT STANDARDS
Audit standards help define the role and responsibilities of auditors to internal and external
entities. Standards establish the basic principles and guidance to assist auditors in the
performance of their duties. The principles establish the framework to promote the credibility of
the auditor’s work product.
A. Institute of Internal Auditors (IIA) Standards
Established in 1941, The IIA serves more than 60,000 members in internal auditing, governance
and internal control, Information Technology (IT) audit, education, and security from more than
100 countries. The world's leader in certification, education, research, and technological
guidance for the profession, The Institute serves as the profession's watchdog and resource on
significant auditing issues around the globe.
Presenting important conferences and seminars for professional development, producing leading-
edge educational products, certifying qualified auditing professionals, providing quality
assurance reviews and benchmarking, and conducting valuable research projects through The IIA
Research Foundation are just a few of The Institute's many activities.
The IIA also provides internal auditing practitioners, executive management, boards of directors
and audit committees with standards, guidance, and information on internal auditing best
practices.
The Institute is a dynamic international organization that meets the needs of a worldwide body of
internal auditors. The history of internal auditing has been synonymous with that of The IIA and
its motto, "Progress Through Sharing." ii
B. Introduction to IIA Standards

As this study guide was being developed, the IIA standards were in the process of being
modified. Since all of the Standards have not been updated, most of the information in this Unit
pertains to Standards that existed prior to changes made in June 1999 and beyond.
New 1999 Definition of Internal Auditing
25
26
The Professional Practices Framework (PPF) and Definition of Internal Auditing were approved
by The IIA's Board of Directors in June 1999. In general, a framework provides a structural
blueprint of how a body of knowledge and guidance fits together. As a coherent system, it
facilitates consistent development, interpretation, and application of concepts, methodologies,
and techniques useful to a discipline or profession. Specifically, the overall purpose of the PPF is
to organize the full range of existing and developing practice guidance in a manner that is readily
accessible on a timely basis to internal auditors. By encompassing current internal auditing
practice as well as leading future expansion, the PPF is intended to assist practitioners in being
responsive to the expanding market for high quality internal auditing services.
The Professional Practices Framework consists of the following components:
Definition of Internal Auditing:

Internal auditing is an independent, objective assurance and consulting activity
designed to add value and improve an organization's operations. It helps an
organization accomplish its objectives by bringing a systematic, disciplined approach
to evaluate and improve the effectiveness of risk management, control, and
governance processes
The IIA is also proposing changes to other standards.
An exposure draft of revision of the Code of Ethics was available for public comment from
October 1, 1999 through January 15, 2000.
An exposure draft of revision of the Attribute and Performance Standards was available for
public comment from December 1, 1999 through February 29, 2000.
Information on the new standards was taken from the IIA web site, go to:
http://www.theiia.org/standard/standard.htm for more information.
Introduction to IIA Standards (prior to June 1999) iii

Internal auditing is an independent appraisal function established within an organization to
examine and evaluate its activities as a service to the organization. The objective of internal
auditing is to assist members of the organization in the effective discharge of their
responsibilities. To this end, internal auditing furnishes them with analyses, appraisals,
recommendations, counsel, and information concerning the activities reviewed. The audit
objective includes promoting effective control at reasonable cost.
The members of the organization assisted by internal auditing include those in management and
the board. Internal auditors owe a responsibility to both, providing them with information about
the adequacy and effectiveness of the organization’s system of internal control and the quality of
performance. The information furnished to each may differ in format and detail, depending upon
the requirements and requests of management and the board.
The internal auditing department is an integral part of the organization and functions under the
policies established by senior management and the board. The statement of purpose, authority,
and responsibility (charter) for the internal auditing department, approved by senior management
26
27
and accepted by the board, should be consistent with these Standards for the Professional
Practice of Internal Auditing.
The charter should make clear the purposes of the internal auditing department, specify the
unrestricted scope of its work, and declare that auditors are to have no authority or responsibility
for the activities they audit.
Throughout the world internal auditing is performed in diverse environments and within
organizations that vary in purpose, size, and structure. In addition, the laws and customs within
various countries differ from one another. These differences may affect the practice of internal
auditing in each environment. The implementation of these Standards, therefore, will be
governed by the environment in which the internal auditing department carries out its assigned
responsibilities. Compliance with the concepts enunciated by the Standards is essential before
the responsibilities of internal auditors can be met. As stated in the Code of Ethics, Members of
The Institute of Internal Auditors and Certified Internal Auditors shall adopt suitable means to
comply with the Standards.
Independence, as used in the Standards, requires clarification. Internal auditors should be

independent of the activities they audit. Such independence permits internal auditors to perform
their work freely and objectively. Without independence, the desired results of internal auditing
cannot be realized.
In establishing the Standards, the following matters were considered:
1. Boards of directors are being held accountable for the adequacy and effectiveness of
their organizations’ systems of internal control and quality of performance.
2. Members of management are relying upon internal auditing as a means of supplying

objective analyses, appraisals, recommendations, counsel, and information on the
organization’s controls and performance.
3. External auditors are using the results of internal audits to complement their own work
where the internal auditors have provided suitable evidence of independence and
adequate, professional audit work.
In the light of such matters, the purposes of the Standards are to:
1. Impart an understanding of the role and responsibilities of internal auditing to all levels
of management, boards of directors, public bodies, external auditors, and related
professional organizations.
2. Establish the basis for the guidance and measurement of internal auditing performance.
3. Improve the practice of internal auditing.
The Standards differentiate among the varied responsibilities of the organization, the internal
auditing department, the director of internal auditing, and internal auditors.
27
28
The Standards encompass:
Section 100: The independence of the internal auditing department from the activities
audited and the objectivity of internal auditors.
Section 200: The proficiency of internal auditors and the professional care they should
exercise.
Section 300: The scope of internal auditing work.
Section 400: The performance of internal auditing assignments.
Section 500: The management of the internal auditing department.
C. Text of the IIA Standards
The complete text of sections 100 and 200, and parts of section 500, are printed below. Sections
300 and 400 and the remainder of section 500 are printed later in this discussion of auditing.
100 INDEPENDENCE
INTERNAL AUDITORS SHOULD BE INDEPENDENT OF THE ACTIVITIES THEY AUDIT.
01. Internal auditors are independent when they can carry out their work freely and objectively.
Independence permits internal auditors to render the impartial and unbiased judgments essential to the
proper conduct of audits. It is achieved through organizational status and objectivity.
110 Organizational Status
The organizational status of the internal auditing department should be sufficient to permit the accomplishment of its
audit responsibilities.
01.Internal auditors should have the support of senior management and of the board so that they can gain
the cooperation of auditees and perform their work free from interference.
1. The director of the internal auditing department should be responsible to an individual in the
organization with sufficient authority to promote independence and to ensure broad audit
coverage, adequate consideration of audit reports, and appropriate action on audit
recommendations.
2. The director should have direct communication with the board. Regular communication with
the board helps assure independence and provides a means for the board and the director to keep
each other informed on matters of mutual interest.
a. Direct communication occurs when the director regularly attends and participates in
those meetings of the board which relate to its oversight responsibilities for auditing,
financial reporting, organizational governance and control. The director’s attendance at
these meetings and the presentation of written and/or oral reports provides for an
exchange of information concerning the plans and activities of the internal auditing
department. The director of internal auditing should meet privately with the board at
least annually.
28
29
3. Independence is enhanced when the board concurs in the appointment or removal of the director
of the internal auditing department.
4. The purpose, authority, and responsibility of the internal auditing department should be defined
in a formal written document (charter). The director should seek approval of the charter by senior
management as well as acceptance by the board. The charter should (a) establish the department’s
position within the organization; (b) authorize access to records, personnel, and physical properties
relevant to the performance of audits; and (c) define the scope of internal auditing activities.
a. The director of internal auditing should periodically assess whether the purpose,
authority, and responsibility, as defined in the charter, continue to be adequate to
enable the internal auditing department to accomplish its objectives. The result of
this periodic assessment should be communicated to senior management and the
board.
5. The director of internal auditing should submit annually to senior management for approval
and to the board for its information a summary of the department’s audit work schedule,
staffing plan, and financial budget. The director should also submit all significant interim
changes for approval and information. Audit work schedules, staffing plans, and financial
budgets should inform senior management and the board of the scope of internal auditing
work and of any limitations placed on that scope.
a. The approved audit work schedule, staffing plan, and financial budget, along with all
significant interim changes, should contain sufficient information to enable the board to
ascertain whether the internal auditing department’s objectives and plans support those of
the organization and the board. This information should be communicated, preferably in
writing.
b. A scope limitation is a restriction placed upon the internal auditing department that
precludes the department from accomplishing its objectives and plans. Among other
things, a scope limitation may restrict the:
• Scope defined in the charter.
• Department’s access to records, personnel, and physical properties relevant
to the performance of audits.
• Approved audit work schedule.
• Performance of necessary auditing procedures.
• Approved staffing plan and financial budget.
c. A scope limitation along with its potential effect should be communicated, preferably
in writing, to the board.
d. The director of internal auditing should consider whether it is appropriate to inform the
board regarding scope limitations which were previously communicated to and accepted
by the board. This may be necessary particularly when there have been organization,
board, senior management, or other changes.
6. The director of internal auditing should submit activity reports to senior management and to
the board annually or more frequently as necessary. Activity reports should highlight
significant audit findings and recommendations and should inform senior management and
the board of any significant deviations from approved audit work schedules, staffing plans,
and financial budgets, and the reasons for them.
a. Activity reports should be communicated, preferably in writing.
29
30
b. Significant audit findings are those conditions which, in the judgment of the director of
internal auditing, could adversely affect the organization. Significant audit findings may
include conditions dealing with irregularities, illegal acts, errors, inefficiency, waste,
ineffectiveness, conflicts of interest, and control weaknesses. After reviewing such
findings with senior management, the director of internal auditing should communicate
significant audit findings to the board, whether or not they have been satisfactorily
resolved.
c. Management’s responsibility is to make decisions on the appropriate action to be taken

regarding significant audit findings. Senior management may decide to assume the risk
of not correcting the reported condition because of cost or other considerations. The
board should be informed of senior management’s decision on all significant audit
findings.
d. The director of internal auditing should consider whether it is appropriate to inform the
board regarding previously reported, significant audit findings in those instances when
senior management and the board assumed the risk of not correcting the reported
condition. This may be necessary, particularly when there have been organization, board,
senior management, or other changes.
e. The reasons for significant deviations from approved audit work schedules, staffing
plans, and financial budgets that may require explanation include:
• Organization and management changes.

• Economic conditions.
• Legal and regulatory requirements.
• Internal auditing staff changes.
• Management requests.
• Expansion or reduction of audit scope as determined by the director of
internal auditing.
120 Objectivity
Internal auditors should be objective in performing audits.
01. Objectivity is an independent mental attitude which internal auditors should maintain in performing
audits. Internal auditors are not to subordinate their judgment on audit matters to that of others.
02. Objectivity requires internal auditors to perform audits in such a manner that they have an honest belief
in their work product and that no significant quality compromises are made. Internal auditors are not to be
placed in situations in which they feel unable to make objective professional judgments.
1. Staff assignments should be made so that potential and actual conflicts of interest and bias are
avoided. The director should periodically obtain from the internal auditing staff information
concerning potential conflicts of interest and bias.
2. Internal auditors should report to the director any situations in which a conflict of interest or
bias is present or may reasonably be inferred. The director should then reassign such auditors.
3. Staff assignments of internal auditors should be rotated periodically whenever it is practicable

to do so.
4. Internal auditors should not assume operating responsibilities. But if on occasion senior
management directs internal auditors to perform nonaudit work, it should be understood that they
are not functioning as internal auditors. Moreover, objectivity is presumed to be impaired when
30
31
internal auditors audit any activity for which they had authority or responsibility. This impairment
should be considered when reporting audit results.
5. Persons transferred to or temporarily engaged by the internal auditing department should not be
assigned to audit those activities they previously performed until a reasonable period of time has
elapsed. Such assignments are presumed to impair objectivity and should be considered when
supervising the audit work and reporting audit results.
6. The results of internal auditing work should be reviewed before the related audit report is
released to provide reasonable assurance that the work was performed objectively.
03 The internal auditor’s objectivity is not adversely affected when the auditor recommends standards of
control for systems or reviews procedures before they are implemented. Designing, installing, and
operating systems are not audit functions. Also, the drafting of procedures for systems is not an audit
function. Performing such activities is presumed to impair audit objectivity.
200 PROFESSIONAL PROFICIENCY
INTERNAL AUDITS SHOULD BE PERFORMED WITH PROFICIENCY AND DUE PROFESSIONAL

CARE.
01. Professional proficiency is the responsibility of the director of internal auditing and each internal
auditor. The director should ensure that persons assigned to each audit collectively possess the necessary
knowledge, skills, and disciplines to conduct the audit properly.
The Internal Auditing Department
210 Staffing
The director of internal auditing should ensure that the technical proficiency and educational background of internal
auditors are appropriate for the audits to be performed.
01. The director of internal auditing should establish suitable criteria of education and experience for filling
internal auditing positions, giving due consideration to scope of work and level of responsibility.
02. Reasonable assurance should be obtained as to each prospective auditor’s qualifications and
proficiency.
220 Knowledge, Skills, and Disciplines
The internal auditing department should possess or should obtain the knowledge, skills, and disciplines needed to
carry out its audit responsibilities.
01. The internal auditing staff should collectively possess the knowledge and skills essential to the practice
of the profession within the organization. These attributes include proficiency in applying internal auditing
standards, procedures, and techniques.
02. The internal auditing department should have employees or use outside service providers who are
qualified in disciplines such as accounting, auditing, economics, finance, statistics, information technology,
engineering, taxation, law, environmental affairs, and such other areas as needed to meet the department’s
audit responsibilities. Each member of the department, however, need not be qualified in all disciplines.
1. An outside service provider is a person or firm, independent of the organization, who has
special knowledge, skill, and experience in a particular discipline. Outside service providers
include, among others, actuaries, accountants, appraisers, environmental specialists, fraud
31
32
investigators, lawyers, engineers, geologists, security specialists, statisticians, information

technology specialists, the organization’s external auditors, and other auditing organizations. An
outside service provider may be engaged by the board, senior management, or the director of
internal auditing.
2. Outside service providers may be used by the internal auditing department in connection with,
among other things:
a. Auditing activities where a specialized skill and knowledge are required such as
information technology, statistics, taxes, language translations, or to achieve the
objectives in the audit work schedule.
b. Valuations of assets such as land and buildings, works of art, precious gems,
investments, and complex financial instruments.
c. Determination of quantities or physical condition of certain assets such as mineral and

petroleum reserves.
d. Measuring the work completed and to be completed on contracts in progress.
e. Fraud and security investigations.
f. Determination of amounts by using specialized methods such as actuarial

determinations of employee benefit obligations.
g. Interpretation of legal, technical, and regulatory requirements.
h. Evaluating the internal auditing department’s quality assurance program in accordance

with Section 560 of the Standards.
i. Mergers and acquisitions.
3. When the director of internal auditing intends to use and rely on the work of an outside service
provider, the director should assess the competency, independence, and objectivity of the outside
service provider as it relates to the particular assignment to be performed. This assessment should
also be made when the outside service provider is selected by senior management or the board,
and the director intends to use and rely on the outside service provider’s work. When the selection
is made by others and the assessment determines that the director should not use and rely on the
work of an outside service provider, then the results of the assessment should be communicated to
senior management or the board, as appropriate.
4. The director of internal auditing should determine that the outside service provider possesses
the necessary knowledge, skills, and ability to perform the assignment. When assessing
competency, the director should consider the following:
a. Professional certification, license, or other recognition of the outside service provider’s

competency in their particular discipline.
b. Membership of the outside service provider in an appropriate professional organization

and adherence to that organization’s code of ethics.
c. The reputation of the outside service provider. This may include contacting others
familiar with the outside service provider’s work.
d. The outside service provider’s experience in the type of work being considered.
32
33
e. The extent of education and training received by the outside service provider in
disciplines that pertain to the particular assignment.
f. The outside service provider’s knowledge and experience in the industry in which the
organization operates.
5. The director of internal auditing should assess the relationship of the outside service provider to
the organization and to the internal auditing department to ensure that independence and
objectivity are maintained throughout the assignment. In performing the assessment, the director
of internal auditing should determine that there are no financial, organizational, or personal
relationships that will prevent the outside service provider from rendering impartial and unbiased
judgments and opinions when performing or reporting on the assignment.
6. In assessing the independence and objectivity of the outside service provider, the director of
internal auditing should consider:
a. The financial interest the provider may have in the organization.
b. The personal or professional affiliation the provider may have to the board, senior
management, or others within the organization.
c. The relationship the provider may have had with the organization or the activities
being reviewed.
d. The extent of other ongoing services the provider may be performing for the
organization.
e. Compensation or other incentives that the provider may have.
7. If the outside service provider is also the organization’s external auditor and the nature of the
assignment is extended audit services, the director should ascertain that work performed does not
impair the external auditor’s independence. Extended audit services refers to those services
beyond the requirements of auditing standards generally accepted by external auditors. If the
organization’s external auditors act or appear to act as members of senior management,
management, or as employees of the organization, then their independence may be impaired.
Additionally, external auditors may provide the organization with other services such as tax and
consulting. Independence, however, should be assessed in relation to the full range of services
provided to the organization.
8. The director of internal auditing should obtain sufficient information regarding the scope of the
outside service provider’s work. This is necessary in order to ascertain that the scope of work is
adequate for the purposes of the internal auditing department.
9. The director of internal auditing should review with the outside service provider:
a. Objectives and scope of work.
b. Specific matters expected to be covered in the report to be rendered, if applicable.
c. Access to relevant records, personnel, and physical properties.
d. Information regarding assumptions and procedures to be employed.
e. Ownership and custody of audit workpapers, if applicable.
f. Confidentiality and restrictions on information obtained during the assignment.
33
34
It may be preferable to have these and other matters documented in an engagement letter or contract.
10. Where the outside service provider performs internal auditing activities, the director of internal
auditing should specify and ensure that the work complies with the Standards for the Professional
Practice of Internal Auditing.
11. In reviewing the work of an outside service provider, the director of internal auditing should
evaluate the adequacy of work performed. This evaluation should include sufficiency of
information obtained to afford a reasonable basis for the conclusions reached and the resolution of
significant exceptions or other unusual matters.
12. When the director of internal auditing issues an audit report, and an outside service provider
was used, the director may, as appropriate, refer to such services provided.
13. The outside service provider should be informed or, if appropriate, concurrence should be
obtained, prior to making such reference in the report.
230 Supervision
The director of internal auditing should ensure that internal audits are properly supervised.
01. The director of internal auditing is responsible for ensuring that appropriate audit supervision is
provided. Supervision is a process which begins with planning and continues throughout the examination,
evaluation, report, and follow-up phases of the audit assignment.
02. Supervision includes:
1. Ensuring that the auditors assigned possess the requisite knowledge and skills.
2. Providing appropriate instructions during the planning of the audit and approving the audit
program.
3. Seeing that the approved audit program is carried out unless changes are both justified and
authorized.
4. Determining that audit workpapers adequately support the audit findings, conclusions, and
reports.
5. Ensuring that audit reports are accurate, objective, clear, concise, constructive, and timely.
6. Ensuring that audit objectives are met.
7. Providing opportunities for developing internal auditors’ knowledge and skills.
03. Appropriate evidence of supervision should be documented and retained.
04. The extent of supervision required will depend on the proficiency and experience of internal auditors
and the complexity of the audit assignment. Appropriately experienced internal auditors may be utilized to
review the work of other internal auditors.
05. All internal auditing assignments, whether performed by or for the internal auditing department, remain
the responsibility of its director. The director is responsible for all significant professional judgments made
in the planning, examination, evaluation, report, and follow-up phases of the audit assignment. The director
should adopt suitable means to ensure that this responsibility is met. Suitable means include policies and
procedures designed to:
34
35
1. Minimize the risk that professional judgments may be made by internal auditors, or others
performing work for the internal auditing department, that are inconsistent with the professional
judgment of the director such that a significant adverse effect on the audit assignment could result.
2 Resolve differences in professional judgment between the director and internal auditing staff
members over significant issues relating to the audit assignment. Such means may include: (a)
discussion of pertinent facts; (b) further inquiry and/or research; and (c) documentation and
disposition of the differing viewpoints in the audit workpapers. In instances of a difference in
professional judgment over an ethical issue, suitable means may include referral of the issue to
those individuals in the organization having responsibility over ethical matters.
06. Supervision extends to staff training and development, employee performance evaluation, time and
expense control, and similar administrative areas.
240 Compliance with Standards of Conduct
Internal auditors should comply with professional standards of conduct.
01. The Code of Ethics of The Institute of Internal Auditors sets forth standards of conduct and provides a
basis for enforcement. The Code calls for high standards of honesty, objectivity, diligence, and loyalty to
which internal auditors should conform.
250 Knowledge, Skills, and Disciplines
Internal auditors should possess the knowledge, skills, and disciplines essential to the performance of internal audits.
01. Each internal auditor should possess certain knowledge and skills as follows:
1. Proficiency in applying internal auditing standards, procedures, and techniques is required in

performing internal audits. Proficiency means the ability to apply knowledge to situations likely
to be encountered and to deal with them without extensive recourse to technical research and
assistance.
2. Proficiency in accounting principles and techniques is required of auditors who work

extensively with financial records and reports.
3. An understanding of management principles is required to recognize and evaluate the

materiality and significance of deviations from good business practice. An understanding means
the ability to apply broad knowledge to situations likely to be encountered, to recognize significant
deviations, and to be able to carry out the research necessary to arrive at reasonable solutions.
4. An appreciation is required of the fundamentals of such subjects as accounting, economics,

commercial law, taxation, finance, quantitative methods, and information technology. An
appreciation means the ability to recognize the existence of problems or potential problems and to
determine the further research to be undertaken or the assistance to be obtained.
260 Human Relations and Communications
Internal auditors should be skilled in dealing with people and in communicating effectively.
01. Internal auditors should understand human relations and maintain satisfactory relationships with
auditees.
35
36
02. Internal auditors should be skilled in oral and written communications so that they can clearly and
effectively convey such matters as audit objectives, evaluations, conclusions, and recommendations.
270 Continuing Education
Internal auditors should maintain their technical competence through continuing education.
01. Internal auditors are responsible for continuing their education in order to maintain their proficiency.
They should keep informed about improvements and current developments in internal auditing standards,
procedures, and techniques. Continuing education may be obtained through membership and participation
in professional societies; attendance at conferences, seminars, college courses, and in-house training
programs; and participation in research projects.
280 Due Professional Care
Internal auditors should exercise due professional care in performing internal audits.
01. Due professional care calls for the application of the care and skill expected of a reasonably prudent and
competent internal auditor in the same or similar circumstances. Professional care should, therefore, be
appropriate to the complexities of the audit being performed. In exercising due professional care, internal
auditors should be alert to the possibility of intentional wrongdoing, errors and omissions, inefficiency,
waste, ineffectiveness, and conflicts of interest. They should also be alert to those conditions and activities
where irregularities are most likely to occur. In addition, they should identify inadequate controls and
recommend improvements to promote compliance with acceptable procedures and practices.
1. Fraud encompasses an array of irregularities and illegal acts characterized by intentional

deception. It can be perpetrated for the benefit of or to the detriment of the organization and by
persons outside as well as inside the organization.
2. Fraud designed to benefit the organization generally produces such benefit by exploiting an
unfair or dishonest advantage that also may deceive an outside party. Perpetrators of such frauds
usually benefit indirectly, since personal benefit usually accrues when the organization is aided by
the act. Some examples are:
a. Sale or assignment of fictitious or misrepresented assets.
b. Improper payments such as illegal political contributions, bribes, kickbacks, and

payoffs to government officials, intermediaries of government officials, customers, or
suppliers.
c. Intentional, improper representation or valuation of transactions, assets, liabilities, or

income.
d. Intentional, improper transfer pricing (e.g., valuation of goods exchanged between

related organizations). By purposely structuring pricing techniques improperly,
management can improve the operating results of an organization involved in the
transaction to the detriment of the other organization.
e. Intentional, improper related-party transactions in which one party receives some

benefit not obtainable in an arm’s-length transaction.
f. Intentional failure to record or disclose significant information to improve the financial

picture of the organization to outside parties.
g. Prohibited business activities such as those which violate government statutes, rules,
regulations, or contracts.
36
37
h. Tax fraud.
3. Fraud perpetrated to the detriment of the organization generally is for the direct or indirect
benefit of an employee, outside individual, or another organization. Some examples are:
a. Acceptance of bribes or kickbacks.
b. Diversion to an employee or outsider of a potentially profitable transaction that would

normally generate profits for the organization.
c. Embezzlement, as typified by the misappropriation of money or property, and

falsification of financial records to cover up the act, thus making detection difficult.
d. Intentional concealment or misrepresentation of events or data.
e. Claims submitted for services or goods not actually provided to the organization.
4. Deterrence of fraud consists of those actions taken to discourage the perpetration of fraud and
limit the exposure if fraud does occur. The principal mechanism for deterring fraud is control.
Primary responsibility for establishing and maintaining control rests with management.
5. Internal auditors are responsible for assisting in the deterrence of fraud by examining and
evaluating the adequacy and the effectiveness of the system of internal control, commensurate
with the extent of the potential exposure/risk in the various segments of the organization’s
operations. In carrying out this responsibility, internal auditors should, for example, determine
whether:
a. The organizational environment fosters control consciousness.
b. Realistic organizational goals and objectives are set.
c. Written policies (e.g., code of conduct) exist that describe prohibited activities and the
action required whenever violations are discovered.
d. Appropriate authorization policies for transactions are established and maintained.
e. Policies, practices, procedures, reports, and other mechanisms are developed to

monitor activities and safeguard assets, particularly in high-risk areas.
f. Communication channels provide management with adequate and reliable information.
g. Recommendations need to be made for the establishment or enhancement of cost-

effective controls to help deter fraud.
02. Due care implies reasonable care and competence, not infallibility or extraordinary performance. Due
care requires the auditor to conduct examinations and verifications to a reasonable extent, but does not
require detailed audits of all transactions. Accordingly, internal auditors cannot give absolute assurance
that noncompliance or irregularities do not exist. Nevertheless, the possibility of material irregularities or
noncompliance should be considered whenever an internal auditor undertakes an internal auditing
assignment.
1. Detection of fraud consists of identifying indicators of fraud sufficient to warrant

recommending an investigation. These indicators may arise as a result of controls established by
management, tests conducted by auditors, and other sources both within and outside the
organization.
37
38
2. In conducting audit assignments, the internal auditor’s responsibilities for detecting fraud are to:
a. Have sufficient knowledge of fraud to be able to identify indicators that fraud may
have been committed. This knowledge includes the need to know the characteristics of
fraud, the techniques used to commit fraud, and the types of frauds associated with the
activities audited.
b. Be alert to opportunities, such as control weaknesses, that could allow fraud. If

significant control weaknesses are detected, additional tests conducted by internal
auditors should include tests directed toward identification of other indicators of fraud.
Some examples of indicators are unauthorized transactions, override of controls,
unexplained pricing exceptions, and unusually large product losses. Internal auditors
should recognize that the presence of more than one indicator at any one time increases
the probability that fraud may have occurred.
c. Evaluate the indicators that fraud may have been committed and decide whether any
further action is necessary or whether an investigation should be recommended.
d. Notify the appropriate authorities within the organization if a determination is made that
there are sufficient indicators of the commission of a fraud to recommend an
investigation.
3. Internal auditors are not expected to have knowledge equivalent to that of a person whose
primary responsibility is detecting and investigating fraud. Also, audit procedures alone, even
when carried out with due professional care, do not guarantee that fraud will be detected.
03. When an internal auditor suspects wrongdoing, the appropriate authorities within the organization
should be informed. The internal auditor may recommend whatever investigation is considered necessary
in the circumstances. Thereafter, the auditor should follow up to see that the internal auditing department’s
responsibilities have been met.
1. Investigation of fraud consists of performing extended procedures necessary to determine

whether fraud, as suggested by the indicators, has occurred. It includes gathering sufficient
information about the specific details of a discovered fraud. Internal auditors, lawyers,
investigators, security personnel, and other specialists from inside or outside the organization are
the parties that usually conduct or participate in fraud investigations.
2. When conducting fraud investigations, internal auditors should:
a. Assess the probable level and the extent of complicity in the fraud within the
organization. This can be critical to ensuring that the internal auditor avoids providing
information to or obtaining misleading information from persons who may be involved.
b. Determine the knowledge, skills, and disciplines needed to effectively carry out the
investigation. An assessment of the qualifications and the skills of internal auditors and
of the specialists available to participate in the investigation should be performed to
ensure that it is conducted by individuals having the appropriate type and level of
technical expertise. This should include assurances on such matters as professional
certifications, licenses, reputation, and that there is no relationship to those being
investigated or to any of the employees or management of the organization.
c. Design procedures to follow in attempting to identify the perpetrators, extent of the

fraud, techniques used, and cause of the fraud.
38
39
d. Coordinate activities with management personnel, legal counsel, and other specialists
as appropriate throughout the course of the investigation.
e. Be cognizant of the rights of alleged perpetrators and personnel within the scope of the
investigation and the reputation of the organization itself.
3. Once a fraud investigation is concluded, internal auditors should assess the facts known in order
to:
a. Determine if controls need to be implemented or strengthened to reduce future

vulnerability.
b. Design audit tests to help disclose the existence of similar frauds in the future.
c. Help meet the internal auditor’s responsibility to maintain sufficient knowledge of

fraud and thereby be able to identify future indicators of fraud.
4. Reporting of fraud consists of the various oral or written, interim or final communications to
management regarding the status and results of fraud investigations.
5. A preliminary or final report may be desirable at the conclusion of the detection phase. The
report should include the internal auditor’s conclusion as to whether sufficient information exists
to conduct an investigation. It should also summarize findings that serve as the basis for such
decision.
6. Section 430 of the Standards provides interpretations applicable to internal audit reports issued
as a result of fraud investigations. Additional interpretive guidelines on reporting of fraud are as
follows:
a. When the incidence of significant fraud has been established to a reasonable certainty,
senior management and the board should be notified immediately.
b. The results of a fraud investigation may indicate that fraud has had a previously
undiscovered significant adverse effect on the financial position and results of operations
of an organization for one or more years on which financial statements have already been
issued. Internal auditors should inform senior management and the board of such a
discovery.
c. A written report should be issued at the conclusion of the investigation phase. It

should include all findings, conclusions, recommendations, and corrective action taken.
d. A draft of the proposed report on fraud should be submitted to legal counsel for
review. In those cases in which the internal auditor wants to invoke client privilege,
consideration should be given to addressing the report to legal counsel.
04 Exercising due professional care means using reasonable audit skill and judgment in performing the
audit. To this end, the internal auditor should consider:
1. The extent of audit work needed to achieve audit objectives.
2. The relative materiality or significance of matters to which audit procedures are applied.
3. The adequacy and effectiveness of internal controls.
4. The cost of auditing in relation to potential benefits.
39
40
05 Due professional care includes evaluating established operating standards and determining whether
those standards are acceptable and are being met. When such standards are vague, authoritative
interpretations should be sought. If internal auditors are required to interpret or select operating standards,
they should seek agreement with auditees as to the standards needed to measure operating performance.
300 SCOPE OF WORK
THE SCOPE OF INTERNAL AUDITING SHOULD ENCOMPASS THE EXAMINATION AND

EVALUATION OF THE ADEQUACY AND EFFECTIVENESS OF THE ORGANIZATION’S SYSTEM
OF INTERNAL CONTROL AND THE QUALITY OF PERFORMANCE IN CARRYING OUT ASSIGNED
RESPONSIBILITIES.
Note: The full text of this section is printed in Unit 3 of Volume 1.
400 PERFORMANCE OF AUDIT WORK
AUDIT WORK SHOULD INCLUDE PLANNING THE AUDIT, EXAMINING AND EVALUATING
INFORMATION, COMMUNICATING RESULTS, AND FOLLOWING UP.
Note: The full text of this section is printed in Unit 4 of Volume 1.
500 MANAGEMENT OF THE INTERNAL AUDITING DEPARTMENT
THE DIRECTOR OF INTERNAL AUDITING SHOULD PROPERLY MANAGE THE INTERNAL

AUDITING DEPARTMENT.
01. The director of internal auditing is responsible for properly managing the department so that:
1. Audit work fulfills the general purposes and responsibilities approved by senior management
and accepted by the board.
2. Resources of the internal auditing department are efficiently and effectively employed.
3. Audit work conforms to the Standards for the Professional Practice of Internal Auditing.
Note: The full text of Sections 510 and 520 are printed in Units 2 and 4respectively, of
Volume 1.
530 Policies and Procedures
The director of internal auditing should provide written policies and procedures to guide the audit staff.
01. The form and content of written policies and procedures should be appropriate to the size and structure
of the internal auditing department and the complexity of its work. Formal administrative and technical
audit manuals may not be needed by all internal auditing departments. A small internal auditing
department may be managed informally. Its audit staff may be directed and controlled through daily, close
supervision and written memoranda. In a large internal auditing department, more formal and
40
41
comprehensive policies and procedures are essential to guide the audit staff in the consistent compliance
with the department’s standards of performance.
540 Personnel Management and Development
The director of internal auditing should establish a program for selecting and developing the human resources of the
internal auditing department.
01. The program should provide for:
1. Developing written job descriptions for each level of the audit staff.
2. Selecting qualified and competent individuals.
3. Training and providing continuing educational opportunities for each internal auditor.
4. Appraising each internal auditor’s performance at least annually.
5. Providing counsel to internal auditors on their performance and professional development.
550 External Auditors
The director of internal auditing should coordinate internal and external audit efforts.
01. Internal and external auditing work should be coordinated to ensure adequate audit coverage and to
minimize duplicate efforts.
1. The scope of internal auditing work encompasses both financial and operational objectives and
activities. The scope of internal auditing work is covered by Section 300 of the Standards. On the
other hand, the external auditors’ ordinary examination is designed to obtain sufficient evidential
matter to support an opinion on the overall fairness of the annual financial statements. The scope
of the work of external auditors is determined by their professional standards, and they are
responsible for judging the adequacy of procedures performed and evidence obtained for purposes
of expressing their opinion on the annual financial statements.
2. Oversight of the work of external auditors, including coordination with the internal auditing
department, is generally the responsibility of the board. Actual coordination should be the
responsibility of the director of internal auditing. The director of internal auditing will require the
support of the board to achieve effective coordination of audit work.
3. In coordinating the work of internal auditors with the work of external auditors, the director of
internal auditing should ensure that work to be performed by internal auditors in fulfillment of
Section 300 of the Standards does not duplicate the work of external auditors which can be relied
on for purposes of internal auditing coverage. To the extent that professional and organizational
reporting responsibilities allow, internal auditors should conduct examinations in a manner that
allows for maximum audit coordination and efficiency.
4. The director of internal auditing may agree to perform work for external auditors in connection
with their annual audit of the financial statements. Work performed by internal auditors to assist
external auditors in fulfilling their responsibility is subject to all relevant provisions of the
Standards for the Professional Practice of Internal Auditing.
5. The director of internal auditing should make regular evaluations of the coordination between
internal and external auditors. Such evaluations may also include assessments of the overall
efficiency and effectiveness of internal and external auditing activities, including aggregate audit
cost.
41
42
6. In exercising its oversight role, the board may request the director of internal auditing to assess
the performance of external auditors. Such assessments should ordinarily be made in the context
of the director of internal auditing’s role of coordinating internal and external auditing activities,
and should extend to other performance matters only at the specific request of senior management
or the board.
7. Assessments of the performance of external auditors should be based on sufficient information

to support the conclusions reached. Assessments of the external auditors’ performance with
respect to the coordination of internal and external auditing activities should reflect the criteria
described in Section 550.02 of the Standards.
8. Assessments of the performance of external auditors extending to matters beyond coordination

with the internal auditors may address such additional factors as:
a. Professional knowledge and experience.
b. Knowledge of the organization’s industry.
c. Independence.
d. Availability of specialized services.
e. Anticipation of and responsiveness to the needs of the organization.
f. Reasonable continuity of key engagement personnel.
g. Maintenance of appropriate working relationships.
h. Achievement of contract commitments.
i. Delivery of overall value to the organization.
9. The director of internal auditing should communicate the results of evaluations of coordination
between internal and external auditors to senior management and the board along with, as
appropriate, any relevant comments about the performance of external auditors.
10. External auditors may be required by their professional standards to ensure that certain
matters are communicated to the board. The director of internal auditing should communicate
with external auditors regarding these matters so as to have an understanding of the issues. These
matters may include:
a. Significant control weaknesses.
b. Errors and irregularities.
c. Illegal acts.
d. Management judgments and accounting estimates.
e. Significant audit adjustments.
f. Disagreements with management.
g. Difficulties encountered in performing the audit.
42
43
02. Coordination of audit efforts involves:
1. Periodic meetings to discuss matters of mutual interest.
a. Planned audit activities of internal and external auditors should be discussed to assure
that audit coverage is coordinated and duplicate efforts are minimized. Sufficient
meetings should be scheduled during the audit process to assure coordination of audit
work and efficient and timely completion of audit activities, and to determine whether
findings from work performed to date require that the scope of planned work be adjusted.
2. Access to each other’s audit programs and workpapers.
a. Access to the external auditors’ programs and workpapers may be important in order
for internal auditors to be satisfied as to the propriety for internal audit purposes of
relying on the external auditors’ work. Such access carries with it the responsibility for
internal auditors to respect the confidentiality of those programs and workpapers.
Similarly, access to the internal auditors’ programs and workpapers should be given to
external auditors in order for external auditors to be satisfied as to the propriety, for
external audit purposes, of relying on the internal auditors’ work.
3. Exchange of audit reports and management letters.
a. Internal audit reports, management’s responses to those reports, and subsequent

internal auditing department follow-up reviews should be made available to external
auditors. These reports assist external auditors in determining and adjusting the scope of
work.
b. Internal auditors need access to the external auditors’ management letters. Matters
discussed in management letters assist internal auditors in planning the areas to
emphasize in future internal audit work. After review of management letters and
initiation of any needed corrective action by appropriate members of management and the
board, the director of internal auditing should ensure that appropriate follow-up and
corrective action have been taken.
4. Common understanding of audit techniques, methods, and terminology.
a. The director of internal auditing should understand the scope of work planned by
external auditors and should be satisfied that the external auditors’ planned work, in
conjunction with the internal auditors’ planned work, satisfies the requirements of
Section 300 of the Standards. Such satisfaction requires an understanding of the level of
materiality used by external auditors for planning and the nature and extent of the
external auditors’ planned procedures.
b. The director of internal auditing should ensure that the external auditors’ techniques,
methods, and terminology are sufficiently understood by internal auditors to enable the
director of internal auditing to (a) coordinate internal and external auditing work; (b)
evaluate, for purposes of reliance, the external auditors’ work; and (c) ensure that internal
auditors who are to perform work to fulfill the external auditors’ objectives can
communicate effectively with external auditors.
c. The director of internal auditing should provide sufficient information to enable

external auditors to understand the internal auditors’ techniques, methods, and
terminology to facilitate reliance by external auditors on work performed using such
techniques, methods, and terminology.
43
44
a. It may be more efficient for internal and external auditors to use similar
techniques, methods, and terminology to effectively coordinate their work and to
rely on the work of one another.
560 Quality Assurance
The director of internal auditing should establish and maintain a quality assurance program to evaluate the
operations of the internal auditing department.
01. The purpose of this program is to provide reasonable assurance that internal auditing work conforms
with the Standards for the Professional Practice of Internal Auditing, the internal auditing department’s
charter, and other applicable standards. A quality assurance program should include the following
elements:
— Supervision.
— Internal reviews.
— External reviews.
1. The reasonable assurance mentioned in this guideline serves the needs of several constituencies
in addition to that of the director of internal auditing. These may include senior management,
external auditors, the board, and regulatory agencies, each of whom may have reasons to rely upon
the performance of the internal auditing department.
2. Conformity with applicable standards is more than simply complying with established policies
and procedures. It includes performance of the internal auditing department at a high level of
efficiency and effectiveness. Quality assurance is essential to achieving such performance, as well
as to maintaining the internal auditing department’s credibility with those it serves.
3. A key criterion against which an internal auditing department should be measured is its charter.
Consideration of the department’s charter should also include an assessment of the charter in terms
of the elements specified in Section 110 of the Standards.
4. The following are examples of other applicable standards and potential measurement criteria
that should be considered in evaluating the performance of the internal auditing department:
a. The Code of Ethics.
b. The internal auditing department’s objectives, policies, and procedures.
c. The organization’s policies and procedures that apply to the internal auditing
department.
d. Laws, regulations, and government or industry standards which specify auditing and
reporting requirements.
e. Methods for identifying auditable activities, assessing risk, and determining frequency
and scope of audits.
f. Audit planning documents, particularly those submitted to senior management and the
board.
g. The plan of organization, statements of job requirements, position descriptions, and

professional development plans of the internal auditing department.
44
45
02. Supervision of the work of internal auditors should be carried out to assure conformance with internal
auditing standards, departmental policies, and audit programs.
1. Adequate supervision is the most fundamental element of a quality assurance program. As

such, it provides a foundation upon which internal and external reviews can subsequently be built.
2. The nature and responsibility for supervision are set forth in Section 230 of the Standards, and
related guidelines.
03. Internal reviews should be performed periodically by members of the internal auditing staff to appraise
the quality of the audit work performed. These reviews should be performed in the same manner as any
other internal audit.
1. Formal internal reviews are periodic self-assessments of the internal auditing department.
These reviews generally are performed by a team or an individual selected by the director of
internal auditing. Larger departments may have a person designated as manager of quality
assurance or with a similar title and responsibilities.
2. Internal quality assurance reviews primarily serve the needs of the director of internal auditing,
but can also provide senior management and the board with an assessment of the internal auditing
department. These reviews should be structured so as to indicate the degree of compliance with the
Standards for the Professional Practice of Internal Auditing, level of audit effectiveness, and
extent of compliance with the organization and departmental policies and standards. The review
should also provide recommendations for improvement.
3. An internal review program, particularly in smaller internal auditing departments, will require
adaptations that take into consideration the structure of the department and degree of involvement
of the director in individual audits.
4. When formal internal reviews are not appropriate to the internal auditing department’s needs,
or to supplement such reviews, the following methods can provide elements of internal review
coverage:
a. Reviews by the director of internal auditing, audit managers, or supervisors of a sample

of audits (and areas of audit administration) where the work was performed under the
direction of other managers or supervisors. As an ongoing process this can provide
training, exchange of ideas, and greater uniformity, as well as assurance to the director of
internal auditing.
b. Feedback from auditees (in addition to that from personal contact) through the use of
questionnaires or surveys, either routinely after each audit or periodically for selected
audits. This process will elicit management’s perception of the internal auditing
department and may also result in suggestions to make it more effective and responsive to
management’s needs.
5. The director of internal auditing should initiate and monitor the internal review process. In
selecting and instructing the team for an internal review, the director of internal auditing should
ensure that the team is qualified and as independent as practicable.
6. The director should receive a written report of the results of each internal review and ensure
that appropriate action is taken. Although the purpose of internal reviews is to assess the
effectiveness of the internal auditing department for internal purposes, it may be appropriate for
the director to share the results with persons outside the department, such as senior management,
the board, and external auditors. Internal reviews can also be useful as part of the self-assessment
process in preparation for an external review.
45
46
04. External reviews of the internal auditing department should be performed to appraise the quality of the
department’s operations. These reviews should be performed by qualified persons who are independent of
the organization and who do not have either a real or an apparent conflict of interest. Such reviews should
be conducted at least once every three years. On completion of the review, a formal, written report should
be issued. The report should express an opinion as to the department’s compliance with the Standards for
the Professional Practice of Internal Auditing and, as appropriate, should include recommendations for
improvement.
1. External reviews can have considerable value to the director and other members of the internal
auditing department. Another important purpose of external reviews is to provide independent
assurance of quality to senior management, the board, and others such as external auditors who
rely on the work of the internal auditing department.
2. The director of internal auditing should discuss with senior management and the board the
nature of an external review in the context of the overall quality assurance program and should
involve them in the selection of an external reviewer.
3. External reviews should be performed by qualified individuals who are independent of the
organization and who do not have either a real or an apparent conflict of interest. Qualified
individuals are persons with the technical proficiency and educational background appropriate for
the audit activities to be reviewed and could include internal auditors from outside the
organization or outside service providers. Independent of the organization means not a part of, or
under the control of, the organization to which the internal auditing department belongs. In the
selection of an external reviewer, consideration should be given to a possible real or apparent
conflict of interest which the reviewer may have due to present or past relationships with the
organization or its internal auditing department.
4. Organizations of external auditors in various countries have specified certain limited review
procedures that they should consider in evaluating and using the work of the internal auditing
department. These relate primarily to quality of work and degree of independence from auditees.
These limited review procedures by external auditors usually relate only to their audit of an
organization’s financial statements and generally would not constitute an external review.
5. Upon completion of an external review, the review team should issue a formal report
containing an opinion as to the department’s compliance with the Standards. The report should
also address compliance with the department’s charter and other applicable standards and include
appropriate recommendations for improvement. The report should be addressed to the person or
organization who requested the review. The director of internal auditing should prepare a written
action plan in response to the significant comments and recommendations contained in the report
of external review. Appropriate follow-up is also the director’s responsibility.
6. External reviews should be conducted at least once every three years. However, there may be
circumstances that justify a different interval. These circumstances include: (a) significant review
and monitoring by the board; (b) in-depth reviews by external auditors or others; and (c) the
relative stability of the internal auditing department’s charter, organization, staff, and catalog of
auditable activities. The nature, scope, degree of independence, and overall results of the internal
review program should also be considered in determining the external review interval.
7. External review is an important element of the program for achieving quality assurance.
However, if resources are limited, or for other reasons previously noted, the internal auditing
department may be currently unable to obtain an external review. In these circumstances, more
emphasis should be placed on supervision, periodic internal reviews, and other quality assurance
methods that are available to the department. It is the responsibility of the director of internal
auditing to annually assess the conditions which restrict an external review. Another interim
method is the use of qualified internal groups to conduct a review (e.g., former audit managers in
the employ of the organization, other audit directors in a decentralized audit organization, or
46
47
internal management advisory personnel). However, such a review should not be expected to
achieve all of the objectives of an external review.
D. AICPA STATEMENTS ON AUDITING STANDARDS (SAS)
Independent auditors occasionally receive assistance or information from outside sources when
conducting an audit. Two AICPA standards relate to the independent auditor’s consideration of
work by outside entities. SAS 65 describes the auditor’s consideration of the internal audit
function in an audit of financial statements, and SAS 70, which describes the consideration of
reports on the processing of transactions by service organizations. These two statements are
summarized below.
1. Summary of SAS 65 “The Auditor’s Consideration of the Internal Audit Function in an

Audit of Financial Statements.”
a. SAS 65 provides the auditor with guidance on considering the work of internal
auditors and on using internal auditors to provide assistance to the auditor in an audit
performed in accordance with generally accepted auditing standards.
b. When obtaining an understanding of internal control, the auditor should obtain an

understanding of the internal audit function sufficient to identify those internal audit
activities that are relevant to planning the audit.
c. The auditor ordinarily should make inquiries of appropriate management and internal
audit personnel about the internal auditors’:
1. Organizational status within the entity.
2. Application of professional standards.
3. Audit plan, including the nature, timing, and extent of the audit work.
4. Access to records and whether there are limitations on the scope of their
activities.
d. The auditor may find the results of the following procedures helpful in assessing the
relevancy of internal audit activities:
1. Considering knowledge from prior-year audits.
2. Reviewing how the internal auditors allocate their audit resources to financial
or operating areas in response to their risk assessment process.
3. Reading internal audit reports to obtain detailed information about the scope
of internal audit activities.
47
48
e. When assessing the internal auditors’ competence, the auditor should obtain or update
information from prior years about such factors as:
1. Educational level and professional experience of internal auditors.
2. Professional certification and continuing education.
3. Audit policies, programs, and procedures.
4. Practices regarding assignment of internal auditors.
5. Supervision and review of internal auditors’ activities.
6. Quality of workpaper documentation, reports, and recommendations.
7. Evaluation of internal auditors’ performance.
f. When assessing the internal auditors’ objectivity, the auditor should obtain or update
information from prior years about such factors as:
1. The organizational status of the internal auditor responsible for the internal
audit function, including:
• Whether the internal auditor reports to an officer of sufficient status to

ensure broad coverage and adequate consideration of, and action on,
the findings and recommendations of the internal auditors.
• Whether the internal auditor has direct access and reports regularly to
the board of directors, the audit committee, or the owner-manager.
• Whether the board of directors, the audit committee, or the owner-

manager oversees employment decisions related to the internal auditor.
2. Policies to maintain internal auditors’ objectivity about the areas audited,

including:
• Policies prohibiting internal auditors’ from auditing areas where

relatives are employed in important or audit-sensitive areas.
• Policies prohibiting internal auditors from auditing areas where they

were recently assigned or are scheduled to be assigned on completion
of responsibilities in the internal audit function.
g. Even though the internal auditors’ work may affect the auditor’s procedures, the
auditor should perform procedures to obtain sufficient and competent evidential
matter to support the auditor’s report.
48
49
h. If the work of the internal auditors is expected to have an effect on the auditor’s
procedures, it may be efficient for the auditor and the internal auditors to coordinate
their work by:
1. Holding periodic meetings.
2. Scheduling audit work.
3. Providing access to internal auditors’ workpapers.
4. Reviewing audit reports.
5. Discussing possible accounting and auditing issues.
i. The auditor should perform procedures to evaluate the quality and effectiveness of the
internal auditors’ work. In developing the evaluation procedures, the auditor should
consider such factors as whether the internal auditors’:
1. Scope of work is appropriate to meet the objectives.
2. Audit programs are adequate.
3. Workpapers adequately document work performed, including evidence of

supervision and review.
4. Conclusions are appropriate in the circumstances.
5. Reports are consistent with the results of the work performed.
2. Summary of SAS 70 “Reports on the Processing of Transactions by Service

Organizations.”
a. This section provides guidance on the factors an independent auditor should consider
when auditing the financial statement of an entity that uses a service organization to
process certain transactions.
b. Service organizations typically provide services such as executing transactions and

maintaining the related accountability, or recording transactions and processing
related data. Examples of service organizations include bank trust departments that
invest and hold assets for employee benefit plans or for others, mortgage bankers that
service mortgages for others, and electronic data processing service centers that
process transactions and related data for others.
c. When a user organization uses a service organization, transactions that affect the user
organization’s financial statements are subjected to controls that are, at least in part,
49
50
physically and operationally separate from the user organization. The relationship of
the controls of the service organization to those of the user organization depends
primarily on the nature of the services provided by the service organization.
d. If an entity uses a service organization, certain controls and records of the service
organization may be relevant to the user organization’s ability to record, process,
summarize, and report financial data consistent with the assertions embodied in the
entity’s financial statements. In determining the significance of these controls and
records to planning the audit, the user should consider such factors as:
1. The significance of the financial statement assertions that are affected by the
controls of the service organization.
2. The inherent risk associated with the assertions affected by the controls of the
service organization.
3. The nature of the services provided by the service organization and whether
they are highly standardized and used extensively by many user organizations
or unique and used only by a few.
4. The extent to which the user organization’s controls interact with the controls
of the service organization.
5. The user organization’s controls that are applied to the transactions affected
by the service organization’s activities.
6. The terms of the contract between the user organization and the service
organization (for example, their respective responsibilities and the extent of
the service organization’s discretion to initiate transactions).
7. The service organizations capabilities, including its record of performance,

insurance coverage, and financial stability.
8. The user auditor’s prior experience with the service organization.
9. The extent of auditable data in the user organization’s possession.
10. The existence of specific regulatory requirements that may dictate the
application of audit procedures beyond those required to comply with
generally accepted auditing standards.
e. After obtaining an understanding of internal controls, the user auditor assesses control
risk for the assertions embodied in the account balances and classes of transactions,
including those that are affected by the activities of the service organization.
50
51
f. The user organization may establish effective controls over the service organization’s
activities that may be tested and that may enable the user auditor to reduce the
assessed level of control risk below the maximum for some or all of the related
assertions.
g. The user auditor’s assessments of control risk regarding assertions about account
balances or classes of transactions are based on the combined evidence provided by
the service auditor’s report and the user auditor’s own procedures.
h. The user auditor should not make reference to the report of the service auditor as a
basis, in part, for his or her own opinion on the user organization’s financial
statements. The service auditor’s report is used in the audit, but the service auditor is
not responsible for examining any portion of the financial statements as of any
specific date or for any specified period. Thus, there cannot be a division of
responsibility for the audit of the financial statements.
E. CFSA Code of Professional Ethics
To promote professionalism and integrity among its member, the CFSA like most professional
organizations has defined a code of professional ethics.
Article One
A Certified Financial Services Auditor shall at all times demonstrate a commitment to
professionalism in the performance of his or her duties.
Article Two
A Certified Financial Services Auditor shall at all times exhibit the highest levels of honesty,
integrity and objectivity in the performance of his or her duties and responsibilities.
Article Three
A Certified Financial Services Auditor shall not knowingly engage in any illegal or fraudulent
act.
Article Four
A Certified Financial Services Auditor will neither use information obtained during an audit for
personal gain nor allow anyone else to use such information for personal gain.
Article Five
A Certified Financial Services Auditor will use the designation of CFSA with pride and
professionalism and will continue to strive to enhance his or her proficiency and value to the
profession.
51
52
Article Six
A Certified Financial Services Auditor shall not engage in any activity deemed to be in conflict
with the interests of the Association or which would compromise personal objectivity.
52
53
UNIT 2: INTERNAL AUDIT ORGANIZATION
As management encountered increasing difficulty in monitoring operations and activities,

internal audit departments became a necessary function. At the inception of internal auditing, the
focus was on the safeguarding of assets and fraud detection. As policies, regulations, and laws
increased, compliance auditing became an internal audit responsibility. There are three key
components of effective internal audit organizations. They are:
A. Audit Charter
C. Audit Committee
A. Audit Charter
IIA Standard 510 Purpose, Authority, and Responsibility
The director of internal auditing should have a statement of purpose, authority, and responsibility for
the internal auditing department.
01. The director of internal auditing is responsible for seeking the approval of senior
management and the acceptance by the board of a formal written document (charter) for the
internal auditing department.
1. An audit charter is generally an official policy statement that establishes an internal audit
function as an independent appraisal activity to examine and evaluate the operations of the
organization. The charter establishes the general authority and responsibility of the internal
audit department to conduct audits.
2. Audit charters typically provide detailed information on the objectives of the internal audit
department. An audit charter may contain a statement such as:
The primary objective of an internal audit function is to assist management achieve its
objectives through advice on risk management and internal control practices. Internal control
is a management process designed to provide reasonable assurance regarding the
achievement of the following objectives:
• Assessing the reliability and integrity of information;

• Assessing compliance with policy, plans, procedures, laws and regulations;
• Appraising the safeguarding of assets;
• Assessing economical, effective, and efficient use of resources;
• Assessing the accomplishment of established objectives and goals for an
operation or program;
53
54
• Appraising the adequacy, integrity, security, reliability, and usefulness of

management information systems;
• Helping to generate an awareness of risk management and effective control
techniques with a commitment to using them throughout the organization;
• Cooperating in providing a range of professional internal consulting services to
management.
As indicated in the Unit 1, section, B. Introduction to IIA Standards, a new Definition of

Internal Auditing was approved by The IIA's Board of Directors in June 1999.
New Definition of Internal Auditing

Internal auditing is an independent, objective assurance and consulting activity designed
to add value and improve an organization's operations. It helps an organization
accomplish its objectives by bringing a systematic, disciplined approach to evaluate and
improve the effectiveness of risk management, control, and governance processes
3. Internal audit scope includes all activities of the organization and its controlled entities.
Management is responsible for determining acceptable levels of risk and to ensure adequate
internal control systems are in place. Internal audit will help define, design, and monitor
internal control systems to ensure that objectives are achieved.
1. The charter usually establishes the independence of the internal audit department and the
reporting requirements. The internal auditor usually reports to an audit committee (see
following section) and/or an executive level manager. Internal audit must have the ability to
bypass executive management and bring issues directly to the audit committee and/or board
of directors if warranted.
2. Charters often provide for the internal audit department to have unrestricted access to all
organization activities, records, property, and personnel. To remain independent, internal
audit departments should not have authority over, nor direct responsibility for, any of the
activities they review. In addition, it must be made clear that internal auditors perform
advisory functions only, and in no way relieve line department personnel of operating
responsibilities assigned to them.
3. The charter may require the development of an annual audit plan. The internal audit plan is
prepared in consultation with management and the Audit Committee and approved by the
Committee each year. The plan is usually based on a risk assessment and will be the guide
for audit activity throughout the year.
54
55
C. Audit Committee iv
1. An audit committee's primary purpose is to protect the interests of the shareholders and
directors. The audit committee may assist the board of directors in fulfilling its oversight
responsibility over the financial reporting process and the internal control structure and
maintain communication on these matters among the board of directors, management, the
independent auditors, and internal auditors.
2. Some examples of audit committee's duties are:
• Oversee the company's internal control structure over financial reporting

• Review the work of the internal audit department
• Recommend the independent auditors
• Review the plan for the annual audit with the independent auditors
• Review the results of the audit with the independent auditors
• Review the annual report
• Review the process of assessing the risk of fraudulent financial reporting
• Monitor procedures for compliance with government regulations
• Communicate with corporate counsel and assess the effect of litigation on the
financial statements
3. Audit committee members should have broad knowledge and experience in financial matters,
rather than in-depth knowledge in one area, and must be independent of the company's
management in substance as well as appearance.
4. Audit committees are involved in a broad range of corporate concerns, some of which are
extensions of the committee's traditional role. Although the audit committee's duties and
responsibilities generally reflect the company's specific needs and characteristics, external
entities are continually placing greater demands on the audit committee.
5. An increasing number of companies have been forming audit committees because of the
requirements of regulatory bodies and because boards of directors are recognizing that audit
committees play a key role in corporate accountability and governance.
In February 1999, the Blue Ribbon Committee on Improving the Effectiveness of Corporate
Audit Committees (Blue Ribbon Committee) issued its Report and Recommendations with
respect to audit committee composition and practices. Also, in a collaborative effort, the
Securities and Exchange Commission, the securities exchanges and the Auditing Standards
Board adopted rules in response to the Blue Ribbon Committee’s recommendations.
The central message of the Blue Ribbon Committee’s report and the intent of the new rules is
that audit committees need to be diligent in their oversight of the financial reporting process.
To achieve this objective, audit committees need to work closely with management, internal
auditors, and independent auditors to promote accurate, high-quality, and timely disclosure of
financial and other information to the board, the public markets, and shareholders.
55
56
The rule changes from the NYSE and NASD (the latter of which apply to both NASDAQ
and Amex listed companies) amend their audit committee requirements in order to strengthen
the independence and qualifications of the audit committee. Companies need to assess
whether their audit committees comply with the new composition and qualifications
requirements. In making their assessment, companies should keep in mind that the new
securities exchange rules also require written affirmation (NYSE) or certification (NASD)
regarding the independence and qualifications of audit committee members. Further, new
SEC rules require annual proxy statement disclosures regarding audit committee member
independence. These disclosure requirements are further discussed in the section titled
“Disclosure by Audit Committees”.
Following are the new NYSE rules regarding the attributes of the audit committee:
Composition/Expertise Requirement of Audit Committee Members.
(a) Each audit committee shall consist of at least three directors, all of whom have no
relationship to the company that may interfere with the exercise of their independence
from management and the company ("Independent");
(b) Each member of the audit committee shall be financially literate, as such qualification
is interpreted by the company's Board of Directors in its business judgment, or must
become financially literate within a reasonable period of time after his or her appointment
to the audit committee; and
(c) At least one member of the audit committee must have accounting or related financial
management expertise, as the Board of Directors interprets such qualification in its
business judgment.
Independence Requirement of Audit Committee Members. In addition to the definition of

Independent provided above, the following restrictions shall apply to every audit
committee member:
(a) Employees. A director who is an employee (including non-employee executive

officers) of the company or any of its affiliates may not serve on the audit committee
until three years following the termination of his or her employment. In the event the
employment relationship is with a former parent or predecessor of the company, the
director could serve on the audit committee after three years following the
termination of the relationship between the company and the former parent or
predecessor.
(b) Business Relationship. A director (i) who is a partner, controlling shareholder, or

executive officer of an organization that has a business relationship with the company, or
(ii) who has a direct business relationship with the company (e.g., a consultant) may
serve on the audit committee only if the company's Board of Directors determines in its
business judgment that the relationship does not interfere with the director's exercise of
independent judgment. In making a determination regarding the independence of a
director pursuant to this paragraph, the Board of Directors should consider, among other
56
57
things, the materiality of the relationship to the company, to the director, and, if
applicable, to the organization with which the director is affiliated.
"Business relationships" can include commercial, industrial, banking, consulting, legal,

accounting and other relationships. A director can have this relationship directly with the
company, or the director can be a partner, officer or employee of an organization that has
such a relationship. The director may serve on the audit committee without the above-
referenced Board of Directors' determination after three years following the termination
of, as applicable, either (1) the relationship between the organization with which the
director is affiliated and the company, (2) the relationship between the director and his or
her partnership status, shareholder interest or executive officer position, or (3) the direct
business relationship between the director and the company.
3
(c) Cross Compensation Committee Link. A director who is employed as an executive of
another corporation where any of the company's executives serves on that corporation's
compensation committee may not serve on the audit committee.
(d) Immediate Family. A director who is an Immediate Family member of an individual

who is an executive officer of the company or any of its affiliates cannot serve on the
audit committee until three years following the termination of such employment
relationship.
Independence Exception. One director who is no longer an employee or who is an

Immediate Family member of a former executive officer of the company or its affiliates,
but is not considered independent pursuant to these provisions due to the three-year
restriction period, may be appointed, under exceptional and limited circumstances, to the
audit committee if the company's board of directors determines in its business judgment
that membership on the committee by the individual is required by the best interests of
the corporation and its shareholders, and the company discloses, in the next annual proxy
statement subsequent to such determination, the nature of the relationship and the reasons
for that determination.
Initial Public Offering. Companies listing in conjunction with their initial public offering
(including spin-offs and carve outs) will be required to have two qualified audit
committee members in place within three months of listing and a third qualified member
in place within twelve months of listing.
"Immediate Family" includes a person's spouse, parents, children, siblings, mothers-in-

law and fathers-in-law, sons and daughters-in-law, brothers and sisters-in-law, and
anyone (other than employees) who shares such person's home.
"Affiliate" includes a subsidiary, sibling company, predecessor, parent company, or

former parent company.
"Officer" shall have the meaning specified in Rule 16a-1(f) under the Securities
Exchange Act of 1934, or any successor rule. Rule 16a-1(f) states, “The term ‘officer’
57
58
shall mean an issuer's president, principal financial officer, principal accounting officer
(or, if there is no such accounting officer, the controller), any vice-president of the issuer
in charge of a principal business unit, division or function (such as sales, administration
or finance), any other officer who performs a policy-making function, or any other person
who performs similar policy-making functions for the issuer. Officers of the issuer's
parent(s) or subsidiaries shall be deemed officers of the issuer if they perform such
policy-making functions for the issuer. In addition, when the issuer is a limited
partnership, officers or employees of the general partner(s) who perform policy-making
functions for the limited partnership are deemed officers of the limited partnership. When
the issuer is a trust, officers or employees of the trustee(s) who perform policy-making
functions for the trust are deemed officers of the trust.”
Following are the new NASD rules regarding the attributes of the audit committee:
Audit Committee Composition. Each issuer must have, and certify that it has and will
continue to have, an audit committee of at least three members, comprised solely of
independent directors, each of whom is able to read and understand fundamental financial
statements, including a company's balance sheet, income statement, and cash flow
statement or will become able to do so within a reasonable period of time after his or her
appointment to the audit committee. Additionally, each issuer must certify that it has,
and will continue to have, at least one member of the audit committee that has past
employment experience in finance or accounting, requisite professional certification in
accounting, or any other comparable experience or background which results in the
individual's financial sophistication, including being or having been a chief executive
officer, chief financial officer or other senior officer with financial oversight
responsibilities.
“Independent director” means a person other than an officer or employee of the company
or its subsidiaries or any other individual having a relationship which, in the opinion of
the company's board of directors, would interfere with the exercise of independent
judgment in carrying out the responsibilities of a director. The following persons shall not
be considered independent:
(a) a director who is employed by the corporation or any of its affiliates for the current
year or any of the past three years;
(b) a director who accepts any compensation from the corporation or any of its affiliates
in excess of $60,000 during the previous fiscal year, other than compensation for board
service, benefits under a tax-qualified retirement plan, or non-discretionary
compensation;
(c) a director who is a member of the immediate family of an individual who is, or has
been in any of the past three years, employed by the corporation or any of its affiliates as
an executive officer. Immediate family includes a person's spouse, parents, children,
siblings, mother-in-law, father-in-law, brother-in-law, sister-in-law, son-in-law, daughter-
in-law, and anyone who resides in such person's home;
58
59
(d) a director who is a partner in, or a controlling shareholder or an executive officer of,
any for-profit business organization to which the corporation made, or from which the
corporation received, payments (other than those arising solely from investments in the
corporation's securities) that exceed 5% of the corporation's or business organization's
consolidated gross revenues for that year, or $200,000, whichever is more, in any of the
past three years; and
(e) a director who is employed as an executive of another entity where any of the
company's executives serve on that entity's compensation committee.
Independence Exception. One director who is not independent as defined above, and is
not a current employee or an immediate family member of such employee, may be
appointed to the audit committee, if the board, under exceptional and limited
circumstances, determines that membership on the committee by the individual is
required by the best interests of the corporation and its shareholders, and the board
discloses, in the next annual proxy statement subsequent to such determination, the nature
of the relationship and the reasons for that determination.
Exception for Small Business Filers – The new composition (three members) and
qualification (financially literate) requirements do not apply to issuers that file reports
under SEC Regulation S-B. Such issuers must establish and maintain an audit committee
of at least two members, a majority of the members of which shall be independent
directors (as defined above).
For more information on these new rules go to:
Background information and the text of the New York Stock Exchange and National
Association of Securities Dealers final audit committee-related rules may be found at the
following Worldwide Web address: http://www.sec.gov/rules/sroindx.htm
Background information and the text of the Securities and Exchange Commission’s final
audit committee-related rules may be found at the following Worldwide Web address:
http://www.sec.gov/rules/finrindx.htm
Statement on Auditing Standards No 90, Audit Committee Communications, which amends

Statement on Auditing Standards No. 61, Communication with Audit Committees, and
Statement on Auditing Standards No. 71, Interim Financial Information may be found at:
http://www.aicpa.org
The information relating to the Blue Ribbon Committee was taken from a document
developed by Ernst & Young titled, Audit Committees, Implementing the New Rules.
59
60
UNIT 3: INTERNAL CONTROL
Internal control encompasses the processes designed to provide reasonable assurances regarding
the achievement of organizational objectives.
A. IIA Standards for Internal Control
Specific guidance for audit planning internal audits is given in IIA Standard 300. The following
is the complete text of IIA Standard 300:
300 SCOPE OF WORK
THE SCOPE OF INTERNAL AUDITING SHOULD ENCOMPASS THE EXAMINATION AND

EVALUATION OF THE ADEQUACY AND EFFECTIVENESS OF THE ORGANIZATION’S SYSTEM
OF INTERNAL CONTROL AND THE QUALITY OF PERFORMANCE IN CARRYING OUT ASSIGNED
RESPONSIBILITIES.
01. The scope of internal auditing work, as specified in this standard, encompasses what audit work should
be performed. It is recognized, however, that senior management and the board provide general direction
as to the scope of work and the activities to be audited.
02. The purpose of the review for adequacy of the system of internal control is to ascertain whether the
system established provides reasonable assurance that the organization’s objectives and goals will be met
efficiently and economically.
1. Objectives are the broadest statements of what the organization chooses to accomplish. The
establishment of objectives precedes the selection of goals and the design, implementation, and
maintenance of systems whose purpose is to meet the organization’s objectives and goals.
2. Goals are specific objectives of specific systems and may be otherwise referred to as operating
or program objectives or goals, operating standards, performance levels, targets, or expected
results. Goals should be identified for each system. They should be clearly defined, measurable,
attainable, and consistent with established broader objectives; and they should explicitly recognize
the risks associated with not achieving those objectives.
3. A system (process, operation, function, or activity) is an arrangement, a set, or a collection of

concepts, parts, activities, and/or people that are connected or interrelated to achieve objectives
and goals. (This definition applies to both manual and automated systems.) A system may also be
a collection of subsystems operating together for a common objective or goal.
4. Adequate control is present if management has planned and organized (designed) in a manner
which provides reasonable assurance that the organization’s objectives and goals will be achieved
efficiently and economically. The system design process begins with the establishment of
objectives and goals. This is followed by connecting or interrelating concepts, parts, activities,
and/or people in such a manner as to operate together to achieve the established objectives and
goals. If system design is properly performed, planned activities should be executed as designed
and expected results should be attained.
60
61
5. Reasonable assurance is provided when cost-effective actions are taken to restrict deviations to
a tolerable level. This implies, for example, that material errors and improper or illegal acts will
be prevented or detected and corrected within a timely period by employees in the normal course
of performing their assigned duties. The cost-benefit relationship is considered by management
during the design of systems. The potential loss associated with any exposure or risk is weighed
against the cost to control it.
6. Efficient performance accomplishes objectives and goals in an accurate and timely fashion with
minimal use of resources.
7. Economical performance accomplishes objectives and goals at a cost commensurate with the
risk. The term efficient incorporates the concept of economical performance.
03. The purpose of the review for effectiveness of the system of internal control is to ascertain whether the
system is functioning as intended.
1. Effective control is present when management directs systems in such a manner as to provide
reasonable assurance that the organization’s objectives and goals will be achieved.
2. Directing involves, in addition to accomplishing objectives and planned activities, authorizing

and monitoring performance, periodically comparing actual with planned performance, and
documenting these activities to provide additional assurance that systems operate as planned.
a. Authorizing includes initiating or granting permission to perform activities or

transactions. Authorization implies that the authorizing authority has verified and
validated that the activity or transaction conforms with established policies and
procedures.
b. Monitoring encompasses supervising, observing, and testing activities and

appropriately reporting to responsible individuals. Monitoring provides an ongoing
verification of progress toward achievement of objectives and goals.
c. Periodic comparison of actual to planned performance enhances the likelihood that

activities occur as planned.
d. Documenting provides evidence of the exercise of authority and responsibility;

compliance with policies, procedures, and standards of performance; supervising,
observing, and testing activities; and verification of planned performance.
04. The purpose of the review for quality of performance is to ascertain whether the organization’s
objectives and goals have been achieved.
05. The primary objectives of internal control are to ensure:
1. The reliability and integrity of information.
2. Compliance with policies, plans, procedures, laws, regulations, and contracts.
3. The safeguarding of assets.
4. The economical and efficient use of resources.
5. The accomplishment of established objectives and goals for operations or programs.
06. A control is any action taken by management to enhance the likelihood that established objectives and
goals will be achieved. Management plans, organizes, and directs the performance of sufficient actions to
61
62
provide reasonable assurance that objectives and goals will be achieved. Thus, control is the result of
proper planning, organizing, and directing by management.
1. Controls may be preventive (to deter undesirable events from occurring), detective (to detect
and correct undesirable events which have occurred), or directive (to cause or encourage a
desirable event to occur).
2. All variants of the term control (administrative control, internal accounting control, internal
control, management control, operational control, output control, preventive control, etc.) can be
incorporated within the generic term. These variants differ primarily in terms of the objectives to
be achieved. Since these variants are useful in describing specific control applications,
participants in the control process should be familiar with the terms as well as their applications.
However, the methodology followed by internal auditors in evaluating such controls is consistent
for all of the variants.
3. The variant internal control came into general use to distinguish controls within an organization
from those existing externally to the organization (such as laws). Since internal auditors operate
within an organization and, among other responsibilities, evaluate management’s response to
external stimuli (such as laws), no such distinction between internal and external controls is
necessary. Also, from the organization’s viewpoint, internal controls are all activities which
attempt to ensure the accomplishment of the organization’s objectives and goals. Internal control
is considered synonymous with control within the organization.
4. The overall system of control is conceptual in nature. It is the integrated collection of

controlled systems used by an organization to achieve its objectives and goals.
07. Management plans, organizes, and directs in such a fashion as to provide reasonable assurance that
established objectives and goals will be achieved.
1. Planning and organizing involve the establishment of objectives and goals and the use of such
tools as organization charts, flowcharts, procedures, records, and reports to establish the flow of
data and the responsibilities of individuals for performing activities, establishing information
trails, and setting standards of performance.
2. Directing involves certain activities to provide additional assurance that systems operate as
planned. These activities include authorizing and monitoring performance, periodically comparing
actual with planned performance, and appropriately documenting these activities.
3. Management ensures that its objectives and goals remain appropriate and that its systems
remain current. Therefore, management periodically reviews its objectives and goals and modifies
its systems to accommodate changes in internal and external conditions.
4. Management establishes and maintains an environment that fosters control.
08. Internal auditors examine and evaluate the planning, organizing, and directing processes to determine
whether reasonable assurance exists that objectives and goals will be achieved. Such evaluations, in the
aggregate, provide information to appraise the overall system of internal control.
1. All systems, processes, operations, functions, and activities within the organization are subject
to the internal auditors’ evaluations.
2. Such evaluations should encompass whether reasonable assurance exists that:
a. Objectives and goals have been established.
62
63
b. Authorizing, monitoring, and periodic comparison activities have been planned,

performed, and documented as necessary to attain objectives and goals.
c. Planned results have been achieved (objectives and goals have been accomplished).
3. Internal auditors perform evaluations at specific points in time but should be alert to actual or
potential changes in conditions which affect the ability to provide assurance from a forward-
looking perspective. In those cases, internal auditors should address the risk that performance may
deteriorate.
310 Reliability and Integrity of Information
Internal auditors should review the reliability and integrity of financial and operating information
and the means used to identify, measure, classify, and report such information.
01. Information systems provide data for decision making, control, and compliance with external
requirements. Therefore, internal auditors should examine information systems and, as appropriate,
ascertain whether:
1. Financial and operating records and reports contain accurate, reliable, timely, complete, and
useful information.
2. Controls over record keeping and reporting are adequate and effective.
320 Compliance with Policies, Plans, Procedures, Laws, Regulations, and Contracts
Internal auditors should review the systems established to ensure compliance with those policies,
plans, procedures, laws, regulations, and contracts which could have a significant impact on
operations and reports, and should determine whether the organization is in compliance.
01. Management is responsible for establishing the systems designed to ensure compliance with such
requirements as policies, plans, procedures, applicable laws and regulations, and contracts. Internal
auditors are responsible for determining whether the systems are adequate and effective and whether the
activities audited are complying with the appropriate requirements.
1. The term compliance refers to the ability to reasonably ensure conformity and adherence to
organization policies, plans, procedures, laws, regulations, and contracts.
2. The term compliance requirement refers to conditions established by management for the
organization. The term also refers to conditions which may be imposed on the organization by
law or regulation, or agreed to by contractual arrangement. These conditions affect the manner in
which an organization’s operations are conducted and objectives are achieved. Compliance
requirements include those established, imposed, or agreed to for the purpose of safeguarding
organization assets including prevention and/or detection of unauthorized acquisition, use, or
disposition of resources.
3. Management is responsible for having knowledge of compliance requirements of all laws,

regulations, and contracts applicable to the organization which are significant to achieving internal
control objectives set forth in Section 300.05 of the Standards.
4. Management is responsible for designing and implementing policies, plans, and procedures,
including those intended to comply with laws, regulations, and contracts.
a. The policies, plans, and procedures designed and implemented by management should
be sufficient to reasonably ensure prevention and/or detection of noncompliance with
applicable laws, regulations, and contracts that are significant to achieving internal
63
64
control objectives. Significant noncompliance with laws, regulations, or contracts may

constitute illegal acts, as described in Section 280 of the Standards. Significant
noncompliance can also occur with respect to policies, plans, and procedures in which no
law or regulation is involved.
b. Management is responsible for determining whether noncompliance brought to its

attention by internal auditors, or by discovery, may violate laws, regulations, or
contractual agreements, and/or constitute illegal acts. In addition, management is
responsible for initiating such corrective actions necessary to achieve compliance. This
may require reporting by management to the board and appropriate legal, funding, and/or
regulatory authorities.
5. In determining audit objectives, internal auditors should make inquiry regarding specific
compliance requirements that are significant to internal control objectives. Internal auditors should
consider inquiring about significant compliance requirements with:
a. Organization management having financial, operational, and oversight responsibilities.
b. Internal or external legal counsel.
c. Funding or contracting organizations.
d. Governmental or other regulatory authorities.
e. External auditors.
6. Internal auditors are responsible for establishing objectives that include planning and
performing a scope of work which provides a reasonable basis for reporting on the extent of
organization compliance with policies, plans, procedures, laws, regulations, and contracts that are
significant to internal control objectives.
7. Internal auditors may perform additional procedures which provide insight with respect to
compliance with laws, regulations, and contracts. Such performance may provide insight as to the
existence and impact of exposure to significant instances of noncompliance.
8. Internal auditors should promptly inform senior management and the board of all relevant facts
when information gathered from the performance of internal auditing procedures indicates the
existence of significant noncompliance or an unreasonable exposure to significant instances of
noncompliance.
330 Safeguarding of Assets
Internal auditors should review the means of safeguarding assets and, as appropriate, verify the
existence of such assets.
01. Internal auditors should review the means used to safeguard assets from various types of losses such as
those resulting from theft, fire, improper or illegal activities, and exposure to elements.
02. Internal auditors, when verifying the existence of assets, should use appropriate audit procedures.
340 Economical and Efficient Use of Resources
Internal auditors should appraise the economy and efficiency with which resources are employed.
01. Management is responsible for setting operating standards to measure an activity’s economical and
efficient use of resources. Internal auditors are responsible for determining whether:
64
65
1. Operating standards have been established for measuring economy and efficiency.
2. Established operating standards are understood and are being met.
3. Deviations from operating standards are identified, analyzed, and communicated to those
responsible for corrective action.
4. Corrective action has been taken.
02. Audits related to the economical and efficient use of resources should identify such conditions as:
1. Underutilized facilities.
2. Nonproductive work.
3. Procedures which are not cost justified.
4. Overstaffing or understaffing.
350 Accomplishment of Established Objectives and Goals for Operations or Programs
Internal auditors should review operations or programs to ascertain whether results are consistent
with established objectives and goals and whether the operations or programs are being carried out as planned.
01. Management is responsible for establishing operating or program objectives and goals, developing and
implementing control procedures, and accomplishing desired operating or program results. Internal
auditors should ascertain whether such objectives and goals conform with those of the organization and
whether they are being met.
1. The term operations refers to the recurring activities of an organization directed toward
producing a product or rendering a service. Such activities may include, but are not limited to,
marketing, sales, production, purchasing, human resources, finance and accounting, and
governmental assistance. An operation’s results may be measured against established objectives
and goals which may include budgets, time or production schedules, and/or operating plans.
2. The term programs refers to special purpose activities of an organization. Such activities
include, but are not limited to, the raising of capital, sale of a facility, fund-raising campaigns, new
product or service introduction campaigns, capital expenditures, and special purpose government
grants. Special purpose activities may be short-term or long-term, spanning several years. When a
program is completed, it generally ceases to exist. Program results may be measured against
established program objectives and goals.
3. Management is responsible for establishing criteria to determine if objectives and goals have
been accomplished.
4. Internal auditors should ascertain whether criteria have been established. If so, internal auditors
should use such criteria for evaluation if they are considered adequate.
5. If management has not established criteria, or if the established criteria, in the internal auditors’
opinion, are less than adequate, internal auditors should report such conditions to the appropriate
levels of management. Additionally, internal auditors may recommend appropriate courses of
action depending on the circumstances.
6. Internal auditors may recommend alternative sources of criteria to management, such as:
65
66
a. Acceptable industry standards.
b. Standards developed by professions or associations.
c. Standards in law and government regulations.
7. If adequate criteria are not established by management, internal auditors may still formulate
criteria they believe to be adequate in order to perform an audit, form an opinion, and issue a
report on the accomplishment of established objectives and goals.
8. The internal auditors’ evaluation of the accomplishment of established objectives and goals
may be carried out with respect to an entire operation or program or only a portion of it. Audit
objectives may include determining whether:
a. The objectives and goals established by management for a proposed, new, or existing
operation or program are adequate and have been effectively articulated and
communicated.
b. The operation or program achieves its desired level of interim or final results.
c. The factors which inhibit satisfactory performance are identified, evaluated, and
controlled in an appropriate manner.
d. Management has considered alternatives for directing an operation or program which

may yield more effective and efficient results.
e. An operation or program complements, duplicates, overlaps, or conflicts with other

operations or programs.
f. Controls for measuring and reporting the accomplishment of objectives and goals are
established and are adequate.
g. An operation or program is in compliance with policies, plans, procedures, laws, and

regulations.
9. Internal auditors should communicate the audit results to the appropriate levels of management.
The report should state the criteria established by management and employed by internal auditors
and disclose the nonexistence or inadequacy of any needed criteria. If internal auditors formulated
criteria by which to measure the accomplishment of objectives and goals, the report should clearly
state that internal auditors formulated the criteria and then present the audit results.
02. Internal auditors can provide assistance to managers who are developing objectives, goals, and systems
by determining whether the underlying assumptions are appropriate; whether accurate, current, and relevant
information is being used; and whether suitable controls have been incorporated into the operations or
programs.
B. Summary of AICPA Standards for Internal Controls
1. SAS 55 and 78 (AU Section 319.06) define internal control as the process effected by an
entity’s board of directors, management, and other personnel designed to provide reasonable
assurance regarding the achievement of objectives in the following categories:
66
67
a. Operational controls - relating to the effective and efficient use of the entity’s
resources.
b. Financial reporting controls - relating to the preparation of reliable published

financial statements.
c. Compliance controls - relating to the entity’s compliance with applicable laws and
regulations.
C. Elements and Types of Internal Control
1. SAS 55 and 78 (AU Section 319.32) identify five internal control components:
a. Control Environment forms the foundation for the other internal control components.
The control environment is often a function of the “organizational culture” and is
usually only as strong as the ethics and attitudes of those in charge of implementing
internal controls. Organizations that foster an ethical environment and promote
compliance with internal controls, especially through top management, have a solid
foundation.
These organizations often have effective personnel policies and a “code of conduct.”
A strong training program is also a key ingredient. For example, some retail
organizations have found that training programs to identify instances of fraud and
theft and the associated penalties have reduced the instances of fraud and theft in
sales and cashier positions.
Internal auditing can also have a positive impact as it assists in preventing and
detecting invalid transactions and statements. Internal audit also reviews compliance
with accepted policies, procedures, and practices to ensure that basic internal controls
(such as segregation of duties) are present.
b. Risk Assessment is the process of assessing the inherent risks associated with
achieving business goals. The effective management of business risk can help
increase the profitability of an organization. For risk management controls to be
implemented, operating objectives must be instituted and be reasonably obtainable.
The risks associated with operating objectives include the business climate,
competitors, technology, customer requirements, and legislation.
There are also risk associated with compliance with laws and regulations. These are
often more difficult to implement since compliance may actually negatively impact
financial goals in the short term. For example, noncompliance with environmental
regulations may seem cost-effective in the current quarter; however, the fines and
associated negative publicity could have severe long term consequences.
67
68
Internal audit routinely reviews compliance risk and also should be reviewing
business risk. The efforts to control both risk types will enhance the short- and long-
term profitability and viability of an organization.
c. Information and communication is critical to ensuring the effectiveness of an internal

control system. Management needs to receive the necessary reports and information
to determine if organizational objectives are being met. Often these reports are
generated from an information system and should be sufficiently detailed to
management to carry out their responsibilities.
In today’s environment, information systems has become analogous to computer

system. Therefore, the controls associated with the integrity and security of computer
systems have a direct impact on the validity of information. The basic controls
include:
• Input - controls over the entry of information from source documents. In

today’s environment, a paper-based source document may not be available
due to real time data entry; therefore, the edit checks and other input controls
are critical. Edit checks are defined as the programmed edits that permit or
prevent the input of invalid data. For example, a Social Security Number
must be 9 characters and numeric. More complex edit checks include ranges
(maximum monthly salary of $15,000, for example) or other logical
groupings.
• processing - controls over the actual processing of the information. The

programming that manipulates, categorizes, or summarizes the data (financial
transactions, for example). These controls ensure that valid data will be
processed and produce expected and valid results.
• output - controls the dissemination of the information either in hard copy or

electronic format. Reports must be readable and understandable and those
that contain sensitive information must be adequately safeguarded.
Communication of internal requirements is a key concern for external auditors

because the internal control structure has an impact on the financial statements and
associated audit opinion. Employees must be aware of and implement the accepted
control procedures. Awareness can be communicated through formal policies and
procedures and through the requirements outlined in job descriptions. Training
programs are also an excellent means to ensure employees understand their
responsibility.
d. Control activities are the policies and procedures that assist management in ensuring
that objectives are carried out. They also help ensure that necessary actions are taken
to assess the risks associated with the achievement of management’s objectives.
68
69
Control activities are designed to prevent and detect errors in financial transactions
and to promote accurate financial statements. Although there are numerous separate
and distinct control activities, some of the more common ones include:
• segregation of duties - ensures that accounting staff and payment staff (those
that have access to financial assets) do not have access to the records or assets
controlled by the other group. Segregation of duties would prevent one
person from misappropriating assets and the concealing the crime by making
false entries into accounting records.
• documentation, review, and approval of transactions - all financial

transactions should be documented and have a sufficient audit trail. In
addition, all transactions should be reviewed and approved by someone other
than the person entering the transaction.
• pre-numbered documents - help ensure that financial documents cannot be

taken and used inappropriately without detection. Frequent verification and
reconciliation of the pre-numbered forms must be conducted.
• computer controls - such as online edit checks (that test validity of data for
reasonableness, limits, etc.) to ensure that data meets basic parameters. In
addition controls over systems development, including controlling changes to
programs, must be in place.
• frequent review of activities - to ensure that policies and procedures are being
followed. These would also include reviews of inventory, accounting records,
transaction logs, etc. In many instances these reviews may be performed
internal audit staff; however, spot checks are often performed by supervisory
staff in specific areas.
• controlled adjustment and error processing - to ensure that adjustments are

recorded, reviewed, and approved prior to being incorporated into the
financial statements. This includes the review and re-processing of data that
had errors in the initial entry of the data.
The control activities listed above are some of the basic processes and procedures that
help establish the framework for an effective system of internal control over financial
activities.
e. Monitoring is the process of reviewing internal controls to ensure that they are
effective. Even the best system of internal controls must be continually reviewed to
ensure that the activities are being followed and continue to meet organizational
needs. Beyond routine activities of monitoring (such as comparing budget to actual
performance) more extensive evaluations of the internal control system should be
conducted. Internal auditors generally perform these in-depth evaluations of internal
control systems. Some of the routine monitoring activities may include:
69
70
• monthly bank reconciliations
• cash register audit to verify that cash and cash register tapes are reconciled
• periodic inventory of assets (cash, equipment, product inventory, etc.)
• review of accounts payable for appropriateness
• follow-up on customer inquiries regarding exceptions to billing statements.
D. Evaluation of the System of Internal Control
1. Since the internal control environment has a significant impact on the integrity of
transactions and, subsequently, the financial statements, the internal control environment
must be evaluated. This includes reviewing the internal control system to determine the
probability of material misstatements or the potential for fraud. Therefore, to effectively plan
for an audit, an understanding of the internal control system must be obtained.
2. Auditors need to review the system of internal control to:
a. determine whether the necessary controls to prevent misstatement and fraud have
been developed.
b. determine whether the necessary controls to prevent misstatement and fraud have
been implemented.
c. identify that weaknesses exist in the internal control environment.
d. report significant weaknesses to the auditee.
e. design tests to reflect the weaknesses identified in the internal control environment.
3. There are four steps in evaluating internal controls:
a. Identify the control points that exist in the system. For example, segregation of the
accounts payable, disbursement, and accounting functions would be a control point.
This segregation would prevent a fraudulent payment transaction unless collusion was
involved. In some instances, the accepted or expected control may not exist;
however, a compensating control may exist. In the previous example, if the functions
were not segregated but an independent person reviewed and approved all payments,
an auditor may determine that a sufficient compensating control exists.
b. Document an understanding of the control environment. Sufficient documentation

can come in a variety of forms, including:
70
71
1. memorandums - documents that outline the control environment, control

points, and weaknesses in a narrative format.
2. questionnaires - a document that follows a prescribed format where specific

questions are asked and answers are placed directly on the form. This
approach works best when it is supplemented with a memorandum.
3. checklists - a document that is similar to a questionnaire that contains less

narrative and more yes/no questions. In most instances, a checklist does not
provide sufficient documentation unless accompanied with a memorandum.
4. flowchart - a document that outlines in visual and narrative format the

processes and control points within the process. A flowchart is an excellent
way to document the control environment in an understandable format.
c. Assess the level of control risk. This assessment will determine the necessary level of
substantive testing. Control risk can range from minimum (effective controls exist) to
maximum (limited controls exist). If control risk is maximum, extensive substantive
testing will be necessary to determine the validity of transactions and data. If
minimum is selected, the need for substantive tests is greatly reduced. The level of
control risk can be modified during testing if test results indicate that a change is
warranted. In some cases, auditors may assess control risk at maximum (even though
the internal control system appears strong) to increase the testing levels to verify the
integrity of transactions and data. In any case, any decisions relating to the
assessment of control risk must be thoroughly documented.
d. Communicate reportable conditions to management. The AICPA (AU Section

325.02) defines reportable condition as:
Matters coming to the attention of auditor’s attention, that in his/her judgment,

should be communicated to the audit committee because they represent significant
deficiencies in the design or operation of the internal control (system), which could
adversely affect the organization’s ability to record, process, summarize, and report
financial data consistent with the assertions of management in the financial
statements.
Some examples of reportable conditions include:
a. lack of appropriate segregation of duties
b. evidence of fraudulent activities by employees or management
c. failure to correct reportable conditions identified in prior engagements
d. failure to safeguard assets from loss, damage or misappropriation
71
72
e. evidence of system flaws that fail to provide complete and accurate

information.
Reportable conditions are often called material weaknesses and are reported to
management in a formal letter. It should be noted that auditors are not required to
search for and/or identify reportable conditions; however, if they are identified, they
must be reported to management.
E. Internal Control Integrated Framework (COSO)
1. The Committee on Sponsoring Organizations (COSO) was a private-sector initiative started

in the 1980s to address the problem of fraudulent financial reporting. In the 1970s there were
a number of scandals that called into question the integrity of corporate financial reporting.
For example, some corporations made significant payments to foreign entities to secure
contracts and business opportunities. However, the payments were not properly recorded or
disclosed in financial reports. These scandals led to the enactment of the Foreign Corrupt
Practices Act of 1977.
2. Problems continued to persist in the 1980s and the private sector was wary of additional
government intervention, so five organizations banded together to form COSO: the American
Institute of CPAs, the American Accounting Association, the Financial Executives Institute,
the Institute of Internal Auditors, and the Institute of Management Accountants.
3. COSO’s mission was to improve the quality of financial reporting through a focus on
corporate governance, internal controls, and ethical standards.
4. The initial project was the Treadway Commission Report, issued in October 1987. The
Treadway Commission Report called for an adequate system of internal control. The report
also recommended a public management report describing management’s responsibility for a
company’s financial statements and internal controls, and an assessment of the internal
control system. The Treadway Commission developed an internal control framework called
the Internal Control – Integrated Framework. The Framework defines internal control
broadly and does not limit internal controls to accounting controls over financial reporting.
While financial reporting is an important responsibility of the audit committee, there are
other very important aspects of the business relating to resource protection, operational
efficiency and economy, and compliance with rules, regulations, and policies that are also
important. The Framework promotes the concept that effective internal control is
management’s responsibility and requires the participation of all persons within an
organization if it is to be effective.
5. COSO defines internal control, describes its components, and provides criteria against which
control systems can be evaluated. It offers guidance for public reporting on internal control
and provides materials that management, auditors, and others can use to evaluate an internal
control system.
6. Two major goals of COSO were to:
72
73
a. establish a common definition of internal control
b. provide a standard against which organizations can assess their control systems
7. COSO has a similar definition of internal control as the AICPA and defines internal control
as: a process, effected by an entity's board of directors, management, and other personnel,
designed to provide reasonable assurance regarding the achievement of objectives in the
following categories:
a. effectiveness and efficiency of operations
b. reliability of financial reporting
c. compliance with applicable laws and regulations
8. COSO emphasizes that the internal control system is a tool of, but not a substitute for,
management and that controls should be built into, rather than built onto, operating activities.
Although the report defines internal control as a process, it recommends evaluating the
effectiveness of internal control as of a point in time.
9. COSO also addresses the limitations of an internal control system and the roles and
responsibilities of the parties that affect a system. Limitations include faulty human
judgment, misunderstanding of instructions, errors, management override, collusion, and
cost/benefit considerations.
For additional information on COSO, access this web site:

http://www.aicpa.org/news/p032699b.htm
F. Control Self Assessment
1. To ensure that internal controls exist and are operating properly, every organization should
make a self-assessment of its control system. The self-assessment may be made in specific
areas deemed to be of high risk by senior management rather than across the board.
2. An objective of the initial self assessment is to provide insight into how to proceed with a
more in-depth evaluation of the internal control system.
3. The concept of self assessment is included in COSO and many other documents that provide
guidance on internal control activities.
4. Self assessment places responsibility on the organization and individuals responsible for key
areas (sales, payroll, manufacturing, accounting, etc.) to develop procedures to adequately
control their functions. If responsibility for controls is clearly delineated to key staff, the
internal control system is far more likely to be effective. As a result, internal and external
73
74
auditors can place more reliance on the internal control system, and, more importantly, the
likelihood of inaccurate financial reporting is greatly diminished.
74
75
UNIT 4: AUDIT PROCESS
The audit process encompasses all of the aspects of an audit from the inception through the
development of the final product. Audit standards have been developed to guide the process and
promote an objective and quality product.
I. AUDIT PLANNING
All audit work should be adequately planned. Generally, audit planning involves gathering
background information about the audit area, defining the audit’s scope and objectives, and
preparing an audit program.
A. IIA Standards for Audit Planning
Specific guidance for audit planning internal audits is given in IIA Standard 400-410 and 520.
The following is the complete text of IIA Standard 400-410 and 520:
400 PERFORMANCE OF AUDIT WORK
AUDIT WORK SHOULD INCLUDE PLANNING THE AUDIT, EXAMINING AND EVALUATING
INFORMATION, COMMUNICATING RESULTS, AND FOLLOWING UP.
01. The internal auditor is responsible for planning and conducting the audit assignment, subject to
supervisory review and approval.
410 Planning the Audit
Internal auditors should plan each audit.
.01 Planning should be documented and should include:
.1 Establishing audit objectives and scope of work.
a. Audit objectives are broad statements developed by internal auditors and define intended
audit accomplishments. Audit procedures are the means to attain audit objectives. Audit
objectives and procedures, taken together, define the scope of the internal auditor’s work.
b. Audit objectives and procedures should address the risks associated with the activity under
audit. The term risk is the probability that an event or action may adversely affect the activity
under audit. The guidelines contained in Sections 520.04.1 - .14 of the Standards should be
used by internal auditors to assess risk for individual audit assignments.
c. The purpose of the risk assessment during the planning phase of the audit is to identify
significant areas of the auditable activity.
.2 Obtaining background information about the activities to be audited.
75
76
a. A review of background information should be performed to determine the impact on the

audit. Such items include:
• Objectives and goals.
• Policies, plans, procedures, laws, regulations, and contracts which could have a
significant impact on operations and reports.
• Organizational information, e.g., number and names of employees, key employees,

job descriptions, and details about recent changes in the organization, including
major system changes.
• Budget information, operating results, and financial data of the activity to be audited.
• Prior audit workpapers.
• Results of other audits, including the work of external auditors, completed or in

process.
• Correspondence files to determine potential significant audit issues.
• Authoritative and technical literature appropriate to the activity.
b. Other requirements of the audit, such as the audit period covered and estimated completion
dates, should be determined. The final audit report format should be considered, since proper
planning at this stage facilitates writing the final audit report.
.3 Determining the resources necessary to perform the audit.
a. The number and experience level of the internal auditing staff required should be based on an
evaluation of the nature and complexity of the audit assignment, time constraints, and
available resources.
b. Knowledge, skills, and disciplines of the internal auditing staff should be considered in
selecting internal auditors for the audit assignment.
c. Training needs of internal auditors should be considered, since each audit assignment serves
as a basis for meeting developmental needs of the internal auditing department.
d. Consideration of the use of external resources in instances where additional knowledge,

skills, and disciplines are needed.
.4 Communicating with all who need to know about the audit.
a. Meetings should be held with management responsible for the activity being examined.
Topics of discussion may include:
• Planned audit objectives and scope of work.
• The timing of audit work.
• Internal auditors assigned to the audit.
76
77
• The process of communicating throughout the audit, including the methods, time
frames, and individuals who will be responsible.
• Business conditions and operations of the activity being audited, including recent
changes in management or major systems.
• Concerns or any requests of management.
• Matters of particular interest or concern to the internal auditor.
• Description of the internal auditing department’s reporting procedures and follow-up

process.
b. A summary of matters discussed at meetings and any conclusions reached should be

prepared, distributed to individuals, as appropriate, and retained in the audit workpapers.
.5 Performing, as appropriate, a survey to become familiar with the activities, risks, and controls to
identify areas for audit emphasis, and to invite auditee comments and suggestions.
a. A survey is a process for gathering information, without detailed verification, on the activity
being examined. The main purposes are to:
• Understand the activity under review.
• Identify significant areas warranting special emphasis.
• Obtain information for use in performing the audit.
• Determine whether further auditing is necessary.
b. A survey permits an informed approach to planning and carrying out audit work, and is an
effective tool for applying the internal auditing department’s resources where they can be
used most effectively.
c. The focus of a survey will vary depending upon the nature of the audit.
d. The scope of work and the time requirements of a survey will vary. Contributing factors
include the internal auditor’s training and experience, knowledge of the activity being
examined, the type of audit being performed, and whether the survey is part of a recurring or
follow-up assignment. Time requirements will also be influenced by the size and complexity
of the activity being examined, and by the geographical dispersion of the activity.
e. A survey may involve use of the following procedures:
• Discussions with the auditee.
• Interviews with individuals affected by the activity, e.g., users of the activity’s
output.
• On-site observations.
• Review of management reports and studies.
• Analytical auditing procedures.
77
78
• Flowcharting.
• Functional "walk-through" (tests of specific work activities from beginning to end).
• Documenting key control activities.
f. A summary of results should be prepared at the conclusion of the survey. The summary
should identify:
• Significant audit issues and reasons for pursuing them in more depth.
• Pertinent information developed during the survey.
• Audit objectives, audit procedures, and special approaches such as computer-assisted

audit techniques.
• Potential critical control points, control deficiencies, and/or excess controls.
• Preliminary estimates of time and resource requirements.
• Revised dates for reporting phases and completing the audit.
• When applicable, reasons for not continuing the audit.
520 Planning
The director of internal auditing should establish plans to carry out the responsibilities of the internal auditing
department.
01. These plans should be consistent with the internal auditing department’s charter and with the goals of
the organization.
02. The planning process involves establishing:
1. Goals.
2. Audit work schedules.
3. Staffing plans and financial budgets.
4. Activity reports.
03. The goals of the internal auditing department should be capable of being accomplished within specified
operating plans and budgets and, to the extent possible, should be measurable. They should be
accompanied by measurement criteria and targeted dates of accomplishment.
04. Audit work schedules should include (a) what activities are to be audited; (b) when they will be
audited; and (c) the estimated time required, taking into account the scope of the audit work planned and
the nature and extent of audit work performed by others. Matters to be considered in establishing audit
work schedule priorities should include (a) the date and results of the last audit; (b) financial exposure; (c)
potential loss and risk; (d) requests by management; (e) major changes in operations, programs, systems,
and controls; (f) opportunities to achieve operating benefits; and (g) changes to and capabilities of the audit
staff. The work schedules should be sufficiently flexible to cover unanticipated demands on the internal
auditing department.
78
79
Note: The full text of Sections 520.04.1 – 520.04.14 are printed in Unit 5
05. Staffing plans and financial budgets, including the number of auditors and the knowledge, skills, and
disciplines required to perform their work, should be determined from audit work schedules, administrative
activities, education and training requirements, and audit research and development efforts.
06. Activity reports should be submitted periodically to senior management and to the board. These
reports should compare (a) performance with the department’s goals and audit work schedules and (b)
expenditures with financial budgets. They should explain the reason for major variances and indicate any
action taken or needed.
B. AICPA Standards for Planning Audits that Involve Computers
SAS 22 (AU Section 311) provides additional guidance when planning an audit that involves
computer-generated information or the use of computer-assisted audit techniques. This
statement suggests that auditors should consider matters such as:
1. The extent to which the computer is used in each significant accounting application.
2. The complexity of the entity’s computer operations, including the use of an outside
service center.
3. The organizational structure of the computer processing activities.
4. The availability of data. Documents that are used to enter information into the computer
for processing, certain computer files, and other evidential matter that may be required
by the auditor may exist only for a short period or only in the computer-readable form.
In some computer systems, input documents may not exist at all because information is
directly entered into the system. An entity’s data retention policies may require the
auditor to request retention of some information for review or to perform audit
procedures at a time when the information is available. In addition, certain information
generated by the computer for management’s internal purposes may be useful in
performing substantive tests.
5. The use of computer-assisted audit techniques to increase the efficiency of performing

audit procedures. Using computer-assisted audit techniques may also provide the
auditor with an opportunity to apply certain procedures to an entire population of
accounts or transactions. In addition, in some accounting systems, it may be difficult or
impossible for the auditor to analyze certain data or test specific control procedures
without computer assistance.
79
80
II. AUDIT PROGRAMS
Audit programs are designed to document the audit objectives decided upon during the planning
phase of the audit. In addition, the audit program documents the methods and procedures
assigned auditors will use to achieve the audit objectives.
A. IIA Standards for Writing the Audit Program
Specific guidance for audit planning internal audits is given in IIA Standard 410.6-410.8. The
following is the complete text of IIA Standard 410.6-410.8:
410.6 Writing the audit program.
a. Audit programs should:
• Document the internal auditor’s procedures for collecting, analyzing, interpreting, and
documenting information during the audit.
• State the objectives of the audit.
• Set forth the scope and degree of testing required to achieve the audit objectives in each phase
of the audit.
• Identify technical aspects, risks, processes, and transactions which should be examined.
• State the nature and extent of testing required.
• Be prepared prior to the commencement of audit work and modified, as appropriate, during the
course of the audit.
410.7 Determining how, when, and to whom audit results will be communicated.
a. The director of internal auditing is responsible for determining how, when, and to whom audit results
will be communicated. This determination should be documented and communicated to management,
to the extent deemed practical, during the planning phase of the audit. Subsequent changes which
affect the timing or reporting of audit results should also be communicated to management, if
appropriate.
410.8 Obtaining approval of the audit work plan.
a. Audit work plans should be approved in writing by the director of internal auditing or designee prior to
the commencement of audit work.
b. Adjustments to audit work plans should be approved in a timely manner. Initially, approval may be
obtained orally, if factors preclude obtaining written approval prior to commencing audit work.
B. Functions of Audit Programs
80
81
1. Audit programs document the agreed upon objectives and overall strategy for the audit. The
extent of the audit program will vary depending on the size and complexity of the area
audited.
2. Audit programs provide a written record of the audit objectives, scope, and methodology, and
the auditors’ reasons for these decisions.
3. Audit programs provide an opportunity to determine whether sufficient staff and resources
are available to adequately satisfy the audit objectives.
4. Audit programs should be flexible enough to incorporate necessary changes as the audit
progresses.
C. Contents of Audit Programs
The extent and type of information included in an audit program will vary depending on the
nature of the assignment and the assigned auditors’ knowledge of and experience with the audit
area. However, audit programs may include the following:
1. background information about the audit area
2. discussion of relevant legal issues
3. a list of relevant past audit findings
4. the names and numbers of key auditee contacts
5. specific audit tasks for auditors to carry out the audit objectives
6. a timeline for completing the various audit phases and the final report
7. a listing of staff assigned to the audit and their qualifications
III. AUDIT WORKPAPERS
Workpapers are the basic medium on which audit evidence is recorded and stored. Therefore,
workpapers represent a record of the work performed and the conclusions reached during the
audit. Workpapers may be prepared manually or by computer. The specific form and content of
workpapers will vary according to the complexity and nature of individual audits.
A. IIA Standards for Workpapers
Specific guidance for audit planning internal audits is given in IIA Standard 420.5. The
following is the complete text of IIA Standard 420.5:
81
82
420.5 Workpapers that document the audit should be prepared by the auditor and reviewed by management of the
internal auditing department. These papers should record the information obtained and the analyses made and
should support the bases for the findings and recommendations to be reported.
a. Audit workpapers generally serve to:
• Provide the principal support for the internal audit report.
• Aid in the planning, performance, and review of audits.
• Document whether the audit objectives were achieved.
• Facilitate third-party reviews.
• Provide a basis for evaluating the internal auditing department’s quality assurance
• program.
• Provide support in circumstances such as insurance claims, fraud cases, and lawsuits.
• Aid in the professional development of the internal auditing staff.
• Demonstrate the internal auditing department’s compliance with the Standards for
the Professional Practice of Internal Auditing.
b. The organization, design, and content of audit workpapers will depend on the nature of the
audit. Audit workpapers should, however, document the following aspects of the audit
process:
• Planning.
• The examination and evaluation of the adequacy and effectiveness of the system of
internal control.
• The auditing procedures performed, the information obtained, and the conclusions
reached.
• Review.
• Reporting.
• Follow-up.
c. Audit workpapers should be complete and include support for audit conclusions reached.
d. Among other things, audit workpapers may include:
• Planning documents and audit programs.
• Control questionnaires, flowcharts, checklists, and narratives.
• Notes and memoranda resulting from interviews.
• Organizational data, such as organization charts and job descriptions.
• Copies of important contracts and agreements.
82
83
• Information about operating and financial policies.
• Results of control evaluations.
• Letters of confirmation and representation.
• Analysis and tests of transactions, processes, and account balances.
• Results of analytical auditing procedures.
• The audit report and management’s responses.
• Audit correspondence if it documents audit conclusions reached.
e. Audit workpapers may be in the form of paper, tapes, disks, diskettes, films, or other media.
If audit workpapers are in the form of media other than paper, consideration should be given
to generating backup copies.
f. If internal auditors are reporting on financial information, the audit workpapers should
document whether the accounting records agree or reconcile with such financial information.
g. Some audit workpapers may be categorized as permanent or carry-forward audit files. These
files generally contain information of continuing importance.
h. The director of internal auditing should establish policies for the types of audit working-
paper files maintained, stationery used, indexing and other related matters. Standardized
audit workpapers such as questionnaires and audit programs may improve the efficiency of
an audit and facilitate the delegation of audit work.
i. The following are typical audit working-paper preparation techniques:
• Each audit workpaper should contain a heading. The heading usually consists of the
name of the organization or activity being examined, a title or description of the
contents or purpose of the workpaper, and the date or period covered by the audit.
• Each audit workpaper should be signed (or initialed) and dated by the internal
auditor.
• Each audit workpaper should contain an index or reference number.
• Audit verification symbols (tick marks) should be explained.
• Sources of data should be clearly identified.
j. All audit workpapers should be reviewed to ensure that they properly support the audit report
and that all necessary auditing procedures have been performed. Evidence of supervisory
review should be documented in the audit workpapers. The director of internal auditing has
overall responsibility for review but may designate appropriately experienced members of
the internal auditing department to perform the review.
k. Evidence of supervisory review should consist of the reviewer initialing and dating each
workpaper after it is reviewed.
83
84
l. Other review techniques that provide evidence of supervisory review include completing an
audit working-paper review checklist and/or preparing a memorandum specifying the nature,
extent, and results of the review.
m. Reviewers may make a written record (review notes) of questions arising from the review
process. When clearing review notes, care should be taken to ensure that the workpapers
provide adequate evidence that questions raised during the review have been resolved.
Acceptable alternatives with respect to disposition of review notes are as

follows:
— Retain the review notes as a record of the questions raised by the reviewer and the
steps taken in their resolution.
— Discard the review notes after the questions raised have been resolved and the
appropriate audit workpapers have been amended to provide the additional information
requested.
n. Audit workpapers are the property of the organization.
o. Audit working-paper files should generally remain under the control of the internal auditing
department and should be accessible only to authorized personnel.
p. Management and other members of the organization may request access to audit working
papers. Such access may be necessary to substantiate or explain audit findings or to utilize
audit documentation for other business purposes. These requests for access should be subject
to the approval of the director of internal auditing.
q. It is common practice for internal and external auditors to grant access to each other’s audit
workpapers. Access to audit workpapers by external auditors should be subject to the
approval of the director of internal auditing.
r. There are circumstances where requests for access to audit workpapers and reports are made
by parties outside the organization other than external auditors. Prior to releasing such
documentation, the director of internal auditing should obtain the approval of senior
management and/or legal counsel, as appropriate.
s. The director of internal auditing should develop retention requirements for audit working
papers. These retention requirements should be consistent with the organization’s guidelines
and any pertinent legal or other requirements.
B. Purposes of Workpapers
Workpapers are:
1. A record of the purpose and scope of the audit
2. Documentation of work performed during the audit
3. Support for the information, conclusions, and recommendations contained in the audit
report
84
85
4. A tool for monitoring progress during the audit by showing what work has been
completed and what work remains
5. A source for determining additional areas that may require testing
6. A means of collecting and organizing data into manageable components
7. Support for discussions with management about the organization’s operations and
controls
8. A source of information that aids continuity when audit staff changes
9. A data source for future reference
10. A basis for management to evaluate the auditor’s technical ability and proficiency
11. Documentation to facilitate external reviews by providing evidence that auditors

complied with audit standards when conducting the audit
C. Basic Workpaper Guidelines
1. The auditor preparing the workpaper should be primarily responsible for its format,
content, and accuracy. Subsequent reviews by others should not relieve the initial
preparer of this responsibility.
2. Workpapers should be complete and accurate. They should leave a clear, concise, and
adequate record that fully documents the audit procedures followed, who performed the
audit work, and who reviewed the work. Workpapers should be so clearly prepared that
it would be possible, even years later, to allow a third party to reconstruct the tests and
analyses that have been performed.
3. Workpapers should be legible and neat in order to facilitate prompt and thorough
supervisory review.
4. Workpapers should be relevant and orderly, rather than just represent a collection of
random information.
5. Workpapers may contain the following information:
a. Name of the auditee and/or the specific area being audited
b. Subject of the workpaper
c. Date or period covered
d. Source of the information
85
86
e. Purpose of the workpaper
f. Signature or initials of the preparer
g. Date prepared
h. Evidence of supervisory review
i. Index or reference number
j. Cross indexes to audit program or other workpapers
6. Use footnotes or other identifying explanations to annotate workpapers as necessary for a

clear understanding of the work performed.
D. Type of Information Typically Contained in the Workpapers
The workpapers should contain everything that is pertinent to the work being performed and to
understanding how the work was planned and carried out, including:
1. Audit programs
2. Correspondence
3. Interview write-ups
4. Memoranda
5. Policies and procedures
6. Legal Information
7. Sampling plans
8. Flow charts
9. Questionnaires
10. Previous audits, responses, and results of follow-up
11. Supporting data
12. Results of tests
13. Observations
86
87
E. The Role of Workpapers in Audit Supervision
1. Workpapers assist audit supervisors in monitoring and controlling audits (e.g., establishing
quality control, organizing staff assignments, and determining compliance with audit
standards).
2. Workpapers provide a record of audit information for use in planning and carrying out
subsequent audit assignment.
3. Workpapers provide a basis for auditor evaluations.
IV. AUDIT EVIDENCE
Auditors accumulate evidence during fieldwork to fulfill the audit objectives and to support audit
findings. Evidence is gathered by using analytical auditing procedures.
A. IIA Standards for Audit Evidence
Specific guidance for audit evidence is given in IIA Standards 420.2 - 420.4. The following is
the complete text of these IIA Standards:
420.2 Information should be sufficient, competent, relevant, and useful to provide a sound basis for
audit findings and recommendations.
a. Sufficient information is factual, adequate, and convincing so that a prudent, informed person
would reach the same conclusions as the auditor.
b. Competent information is reliable and the best attainable through the use of appropriate audit
techniques.
c. Relevant information supports audit findings and recommendations and is consistent with the
objectives for the audit.
d. Useful information helps the organization meet its goals.
.3 Audit procedures, including the testing and sampling techniques employed, should be selected in
advance, where practicable, and expanded or altered if circumstances warrant.
.4 The process of collecting, analyzing, interpreting, and documenting information should be

supervised to provide reasonable assurance that the auditor’s objectivity is maintained and that
audit goals are met.
B. Use of Evidence to Support Audit Findings
87
88
Evidence can be classified in three broad categories according to its value in supporting a
conclusion:
1. Primary or Direct Evidence supports a finding with the greatest degree of certainty.
Generally, only evidence which is considered “proof of fact” would be included in this
category. Such evidence does not require an inference or presumption on the part of the
auditor in coming to a conclusion. A signed contract, for example, is generally
considered direct evidence of the terms of a contract. However, if there is doubt as to
the authenticity of the signatures, the evidence may be downgraded to secondary.
2. Secondary of Indirect Evidence provides less certainty in supporting a finding or

conclusion. Typical examples of secondary evidence include interviews and internally
prepared documents. However, the specific use the evidence and the importance of the
finding determine whether such evidence is considered primary or secondary.
3. Corroborative Evidence is additional evidence in support of primary or secondary

evidence. This type of evidence cannot support a finding or conclusion by itself.
C. Types of Evidence
There are four categories of evidence: documentary evidence, analytical evidence, testimonial
evidence, and physical evidence.
1. Documentary Evidence is usually the most reliable type of evidence. Documentation

such as letters, contracts, ledgers, invoices, and canceled checks are generally very
reliable and objective sources of evidence. However, in cases where the validity of the
documentation is in doubt, corroborative evidence should be obtained.
2. Analytical Evidence is evidence compiled by the auditor from other types of evidence.
Analytical evidence includes calculations, comparisons, and interpretations made by the
auditor. The quality of analytical evidence depends on the quality of the data used and
the quality of the analysis performed. Therefore, auditors relying on analytical evidence
should fully document the analytical procedure used.
3. Testimonial Evidence consists of information obtained from individuals through oral or

written statements. Testimonial evidence includes interviews, surveys, and
questionnaires. Interview information critical to the audit should be corroborated when
possible by examining records or other information. The value of testimonial evidence
depends on the validity of the information source. Auditors should ask themselves
whether their source of information is free from bias and whether the individual is in a
position to be truly knowledgeable about the topic in question.
4. Physical Evidence is gathered by the auditor through direct inspection or observation of

people, property, or events. Such evidence may be documented in the form of
memoranda, photographs, maps, or samples. Inspection or observation is used for:
88
89
a. Documenting procedures and workflows
b. Inventory counts, estimating transaction volumes, and other condition

measurements
c. Testing compliance with statutes, administrative rules, policies, and procedures.
The use of observation has some potential limitations for the following reasons:
a. Individuals may behave differently while under observation.
b. The case or incident observed may be an aberration and not typical of standard
practice.
c. Observations are subject to interpretation and may be refuted.
Auditors must exercise judgment when using observation as an audit tool. If possible,
observations should be corroborated with other evidence.
D. Unsupported Allegations
Auditors may occasionally receive unsupported allegations about personnel or programs under
review. The following guidelines address this issue:
1. Unsupported allegations are not evidence.
2. Auditors should use judgment in deciding whether or not to follow-up on unsupported

allegations by asking:
a. Is the allegation related to the audit?

b. Is the allegation serious?
c. Is the source of the information reliable?
d. Is the source of the information in a position to know what they are talking
about?
3. Unsupported allegations must be corroborated with additional evidence before a finding

can be developed.
E. Adequacy of Audit Evidence
Evidence must be relevant, sufficient, and competent in order to adequately support an audit
finding. Auditors must judge for themselves whether their evidence meets these criteria.
1. Relevant Evidence is evidence that has a logical relationship to the issue.
89
90
2. Sufficient Evidence exists when there is enough factual and convincing information to
support a finding.
3. Competent Evidence exists when the information is valid and reliable. The following
general rules apply to competency:
a. Evidence from an independent source is generally more competent than a non-

independent source.
b. The stronger the auditees’ control systems, the more competent the evidence.
c. Evidence obtained through physical examination, observation, computation, and

inspection is more competent than evidence obtained indirectly (e.g., through
interviews).
d. Original documents are more competent than copies.
V. REVIEW AND EVALUATION OF FINDINGS
Audit supervisors are responsible for reviewing findings developed through the audit process.
All findings included in audit reports must be supported by information contained in the
workpapers.
A. IIA Standards for Review and Evaluation of Findings
Specific guidance for communicating results is given in IIA Standard 430.04.5 through 430.05.
The following is the complete text of IIA Standard 430.04.5 through 430.05:
430.04.5 Results may include findings, conclusions (opinions), and recommendations.
.6 Findings are pertinent statements of fact. Those findings which are necessary to support or
prevent misunderstanding of the internal auditor’s conclusions and recommendations should be
included in the final audit report. Less significant information or findings may be communicated
orally or through informal correspondence.
.7 Audit findings emerge by a process of comparing what should be with what is. Whether or not
there is a difference, the internal auditor has a foundation on which to build the report. When
conditions meet the criteria, acknowledgment in the audit report of satisfactory performance may
be appropriate. Findings should be based on the following attributes:
a. Criteria: The standards, measures, or expectations used in making an evaluation and/or

verification (what should exist).
b. Condition: The factual evidence which the internal auditor found in the course of the
examination (what does exist).
c. Cause: The reason for the difference between the expected and actual conditions (why the
difference exists).
90
91
d. Effect: The risk or exposure the auditee organization and/or others encounter because the
condition is not the same as the criteria (the impact of the difference). In determining the
degree of risk or exposure, internal auditors should consider the effect their audit findings
may have on the organization’s financial statements.
e. Reported findings may also include recommendations, auditee accomplishments, and

supportive information if not included elsewhere.
.8 Conclusions (opinions) are the internal auditor’s evaluations of the effects of the findings on the
activities reviewed. They usually put the findings in perspective based upon their overall
implications. Audit conclusions, if included in the audit report, should be clearly identified as
such. Conclusions may encompass the entire scope of an audit or specific aspects. They may
cover, but are not limited to, whether operating or program objectives and goals conform with
those of the organization, whether the organization’s objectives and goals are being met, and
whether the activity under review is functioning as intended.
.05 Reports may include recommendations for potential improvements and acknowledge satisfactory
performance and corrective action.
.1 Recommendations are based on the internal auditor’s findings and conclusions. They call for
action to correct existing conditions or improve operations. Recommendations may suggest
approaches to correcting or enhancing performance as a guide for management in achieving
desired results. Recommendations may be general or specific. For example, under some
circumstances, it may be desirable to recommend a general course of action and specific
suggestions for implementation. In other circumstances, it may be appropriate only to suggest
further investigation or study.
.2 Auditee accomplishments, in terms of improvements since the last audit or the establishment of a
well-controlled operation, may be included in the audit report. This information may be
necessary to fairly represent the existing conditions and to provide a proper perspective and
appropriate balance to the audit report.
B. Additional Guidelines for the Review and Evaluation of Findings
1. There are five elements of a finding:
a. Condition (what is happening now or what has happened in the past)
b. Criteria (the standard of what should exist)
c. Cause (why condition does not agree with criteria)
d. Effect (so what?)
e. Recommendations (suggestions to correct the existing condition and to prevent it

from recurring)
2. All of the elements of a finding should be present when possible. If an element is missing,
the supervisor must determine whether it is the result of deficient audit work or inadequate
presentation.
91
92
3. Recommendations should address specific actions to correct the problem and should not
merely reiterate the condition statements.
4. Audit criteria should be reasonable and relate to management objectives.
5. Effect statements should not be overstated or understated.
VI. AUDIT REPORTS
The audit report describes the results of the audit process. Reports should be prepared with due
professional care because they represent the primary form of communication with management
regarding the state of the organization’s control systems.
A. IIA Standards for Audit Reports
Specific guidance for communicating results is given in IIA Standard 430.01 through 430.04.4.
The following is the complete text of IIA Standard 430.01 through 430.04.4:
430 Communicating Results
Internal auditors should report the results of their audit work.
.01 A signed, written report should be issued after the audit examination is completed. Interim reports
may be written or oral and may be transmitted formally or informally.
.1 Interim reports may be used to communicate information which requires immediate attention, to
communicate a change in audit scope for the activity under review, or to keep management
informed of audit progress when audits extend over a long period. The use of interim reports
does not diminish or eliminate the need for a final report.
.2 Summary reports highlighting audit results may be appropriate for levels of management above
the auditee. They may be issued separately from or in conjunction with the final report.
.3 The term signed means that the authorized internal auditor’s name should be manually signed in
the report. Alternatively, the signature may appear on a cover letter. The internal auditor
authorized to sign the report should be designated by the director of internal auditing.
.4 If audit reports are distributed by electronic means, a signed version of the report should be kept
on file in the internal auditing department.
.02 Internal auditors should discuss conclusions and recommendations at appropriate levels of
management before issuing final written reports.
.1 Discussion of conclusions and recommendations is usually accomplished during the course of the
audit and/or at post-audit meetings (exit interviews). Another technique is the review of draft
audit reports by management of the auditee. These discussions and reviews help ensure that
there have been no misunderstandings or misinterpretations of fact by providing the opportunity
for the auditee to clarify specific items and to express views of the findings, conclusions, and
recommendations.
92
93
.2 Although the level of participants in the discussions and reviews may vary by organization and by
the nature of the report, they will generally include those individuals who are knowledgeable of
detailed operations and those who can authorize the implementation of corrective action.
.03 Reports should be objective, clear, concise, constructive, and timely.
.1 Objective reports are factual, unbiased, and free from distortion. Findings, conclusions, and
recommendations should be included without prejudice.
a. If it is determined that a final audit report contains an error, the director of internal auditing
should consider the need to issue an amended report which identifies the information being
corrected. The amended audit report should be distributed to all individuals who received the
audit report being corrected.
b. An error is defined as an unintentional misstatement or omission of significant information in a

final audit report.
.2 Clear reports are easily understood and logical. Clarity can be improved by avoiding unnecessary
technical language and providing sufficient supportive information.
.3 Concise reports are to the point and avoid unnecessary detail. They express thoughts completely
in the fewest possible words.
.4 Constructive reports are those which, as a result of their content and tone, help the auditee and the
organization and lead to improvements where needed.
.5 Timely reports are those which are issued without undue delay and enable prompt effective
action.
.04 Reports should present the purpose, scope, and results of the audit; and, where appropriate, reports
should contain an expression of the auditor’s opinion.
.1 Although the format and content of the audit reports may vary by organization or type of audit,
they should contain, at a minimum, the purpose, scope, and results of the audit.
.2 Audit reports may include background information and summaries. Background information may
identify the organizational units and activities reviewed and provide relevant explanatory
information. They may also include the status of findings, conclusions, and recommendations
from prior reports. There may also be an indication of whether the report covers a scheduled
audit or the response to a request. Summaries, if included, should be balanced representations of
the audit report content.
.3 Purpose statements should describe the audit objectives and may, where necessary, inform the
reader why the audit was conducted and what it was expected to achieve.
.4 Scope statements should identify the audited activities and include, where appropriate, supportive
information such as time period audited. Related activities not audited should be identified if
necessary to delineate the boundaries of the audit. The nature and extent of auditing performed
also should be described.
B. Additional Guidelines for Audit Reports
1. Audit reports should be objective.
93
94
2. Audit reports must be factual. All questions of fact should be discussed and resolved
with the auditee prior to issuing the report.
3. Findings must be adequately supported. Burden of proof for findings rests with the
auditor, not the auditee.
4. The tone of the report should be constructive. Focus should be more on emphasizing
needed improvements, rather than on criticizing past deficiencies.
5. Executive summaries are typically one-page attachments to the report that briefly
describe what was audited, the auditor’s conclusions and significant findings, and action
taken by the auditee on the findings.
6. The purpose of a written report is to communicate the results of the audit and to facilitate
corrective action.
7. A description of the scope of the audit and the methodologies used helps readers
understand the purpose of the audit and judge the quality of the work performed.
8. The scope and methodology section may include a description of criteria, sampling plans,
and significant assumptions.
9. In some cases, it may be necessary to include a statement of objectives or issue areas that
were not pursued during the audit.
VII. PERMANENT FILES
Permanent files contain information of continuing interest and relevance to a particular audit.
Auditors assigned to a project should review information in the permanent file before beginning
the audit. Also, the permanent file records should be updated on a regular basis.
A. IIA Standards for Permanent Files
Specific guidance for communicating results is given in IIA Standard 420.01.1.g. The following
is the complete text of IIA Standard 420.01.1.g :
420.01.1 g. Some audit workpapers may be categorized as permanent or carry-forward audit files. These
files generally contain information of continuing importance.
B. Types of Information Typically Contained in Permanent Files
1. Background and history information
2. Organizational charts
94
95
3. Mission statements
4. Articles of incorporation
5. Bylaws
6. Charter
7. Outstanding bond indenture agreements
8. Contracts
9. Process flowcharts
10. Prior audits
11. Annual Reports
95
96
UNIT 5: AUDIT TECHNIQUES
Audit techniques encompasses the generally accepted methods for the performance of audits in
accordance with audit standards.
I. RISK ASSESSMENT
Risk assessment is a way of identifying potential effects and their significance
A. IIA Standards for Risk Assessment
Specific guidance for communicating results is given in IIA Standard 520.04.1-14. The
following is the complete text of IIA Standard 520.04.1-14:
520.04.1 The risk assessment process includes identification of auditable activities, identification of
relevant risk factors, and an assessment of their relative significance.
.2 The term risk is the probability that an event or action may adversely affect the organization.
.3 The effects of risk can involve:
a. An erroneous decision from using incorrect, untimely, incomplete, or otherwise unreliable

information.
b. Erroneous record keeping, inappropriate accounting, fraudulent financial reporting, financial

loss and exposure.
c. Failure to adequately safeguard assets.
d. Customer dissatisfaction, negative publicity, and damage to the organization’s reputation.
e. Failure to adhere to organizational policies, plans, and procedures, or not complying with
relevant laws and regulations.
f. Acquiring resources uneconomically or using them inefficiently or ineffectively.
g. Failure to accomplish established objectives and goals for operations or programs.
.4 The first phase of the risk assessment process is to identify and catalog the auditable activities.
.5 Auditable activities consist of those subjects, units, or systems which are capable of being defined
and evaluated. Auditable activities may include:
a. Policies, procedures, and practices.
b. Cost centers, profit centers, and investment centers.
96
97
c. General ledger account balances.
d. Information systems (manual and computerized).
e. Major contracts and programs.
f. Organizational units such as product or service lines.
g. Functions such as information technology, purchasing, marketing, production, finance,

accounting, and human resources.
h. Transaction systems for activities such as sales, collection, purchasing, disbursement,

inventory and cost accounting, production, treasury, payroll, and capital assets.
i. Financial statements.
j. Laws and regulations.
.6 Risk factors are the criteria used to identify the relative significance of, and likelihood that,
conditions and/or events may occur that could adversely affect the organization.
.7 The number of risk factors utilized should be limited, but sufficient to provide the director of
internal auditing with confidence that the risk assessment is comprehensive.
.8 Risk factors may include:
a. Ethical climate and pressure on management to meet objectives.
b. Competence, adequacy, and integrity of personnel.
c. Asset size, liquidity, or transaction volume.
d. Financial and economic conditions.
e. Competitive conditions.
f. Complexity or volatility of activities.
g. Impact of customers, suppliers, and government regulations.
h. Degree of computerized information systems.
i. Geographical dispersion of operations.
j. Adequacy and effectiveness of the system of internal control.
k. Organizational, operational, technological, or economic changes.
l. Management judgments and accounting estimates.
m. Acceptance of audit findings and corrective action taken.
n. Date and results of previous audits.
97
98
.9 The director of internal auditing may decide to weigh the risk factors to signify their relative
significance. The weighing of risk factors reflects the director’s judgment about the relative
impact a factor may have on selecting an activity for audit.
.10 Risk assessment is a systematic process for assessing and integrating professional judgments
about probable adverse conditions and/or events. The risk assessment process should provide a
means of organizing and integrating professional judgments for development of the audit work
schedule. The director of internal auditing should generally assign higher audit priorities to
activities with higher risks.
.11 The director should incorporate information from a variety of sources into the risk assessment
process. Such sources include, but are not limited to: discussions with the board and various
members of management; discussions among management and staff of the internal auditing
department; discussions with external auditors; consideration of applicable laws and regulations;
analyses of financial and operating data; review of prior audits; and industry or economic trends.
.12 The risk assessment process should lead the director of internal auditing to establish audit work
schedule priorities. The director may adjust the planned audit work schedule after considering
other information such as coordination with external auditors and requests by management and
the board.
.13 There should be a periodic assessment of the effect of any major changes in the catalog of
auditable activities or related risk factors which have occurred since the audit work schedule was
prepared. Such an assessment will assist the director of internal auditing in making appropriate
adjustments to audit priorities and the work schedule.
.14 The risk assessment process should be conducted annually. However, because conditions change,
audit priorities determined through the risk assessment process may be reviewed and updated
throughout the year.
B. AICPA Standards for Audit Risk
SAS 47 (AU Section 312) and SAS 82 (AU Section 316) provides additional guidance when
considering risk factors in an audit. SAS 47 discusses audit risk and materiality in conducting an
audit, and SAS 82 addresses the consideration of fraud in a financial statement audit. These
statements are discusses below.
C. Overview of SAS 47 “Audit Risk and Materiality in Conducting an Audit”
1. The auditor is concerned with matters that could be material to the financial statements. The
auditor has no responsibility to plan and perform the audit to obtain reasonable assurance that
misstatements, whether caused by errors or fraud, that are not material to the financial
statements are detected.
2. The term errors refers to unintentional misstatements or omissions of amounts or disclosures

in financial statements.
3. The primary factor that distinguishes fraud from error is whether the underlying action that
results in the misstatement in financial statements is intentional or unintentional.
98
99
4. When fraud is detected, the auditor should consider the implications for the integrity of
management or employees and the possible effect on other aspects of the audit.
5. The auditor’s consideration of materiality is a matter of professional judgment and is

influenced by his or her perception of the needs of a reasonable person who will rely on the
financial statements.
D. Overview of SAS 82 “Fraud in a Financial Statement Audit”
1. As part of the risk assessment, the auditor should inquire of management (a) to obtain
management’s understanding regarding the risk of fraud in the entity and (b) to determine
whether they have knowledge of fraud that has been perpetuated on or within the entity.
2. The auditor should use professional judgment when assessing the significance and relevance
of fraud risk factors and determining the appropriate audit responses.
3. Risk factors that relate to misstatements arising from fraudulent financial reporting may be
grouped in the following three categories:
a. Management’s characteristics and influence over the control environment. These

pertain to management’s abilities, pressures, style, and attitude relating to internal
control and the financial reporting process.
b. Industry conditions. These involve the economic and regulatory environment in

which the entity operates.
c. Operating characteristics and financial stability. These pertain to the nature and
complexity of the entity and its transactions, the entity’s financial condition, and its
profitability.
4. Risk factors that relate to misstatements arising from misappropriation of assest may be
grouped into two categories:
a. Susceptibility of assets to misappropriation. These pertain to the nature of an entity’s

assets and the degree to which they are subject to theft.
b. Controls. These involve the lack of controls designed to prevent or detect

misappropriations of assets.
E. Types of Audit Risk
1. Inherent risk is the susceptibility to material misstatement or material noncompliance

assuming there are not related internal control structure policies or procedures.
99
100
2. Control risk is the risk that material misstatement or material noncompliance could occur and
not be detected on a timely basis by the entity’s internal control structure policies and
procedures.
3. Detection risk is the risk that audit procedures will not detect material misstatement or
material noncompliance when it exists.
F. Methodology for Evaluating Risk
1. Preliminary risk analysis includes obtaining knowledge and understanding of the procedures
and methods prescribed in the system and assessing the extent to which the prescribed
procedures and methods are capable of satisfying the auditee’s control objectives.
2. Specific risk analysis includes limited control testing to ascertain the extent to which a risk
exists that the prescribed procedures and methods are not in use or are not operating as
planned.
3. Substantive control testing includes the performance of detailed control tests, focusing on
those control objectives and control techniques which are the most significant and have the
greatest potential for fraud, waste, and abuse.
G. Documentation of Risk Assessment
The auditor should document in the workpapers evidence that the risk assessment was
performed. The document should include:
1. The risk factors identified.
2. The auditor’s response to the risk factors identified.
II. ANALYTICAL REVIEWS
Analytical reviews, often referred to as reasonableness tests, are procedures to determine the
reasonableness of data. Analytical reviews can be used to determine the reasonableness of
financial information or to assess operational results.
A. IIA Standards for Analytical Reviews
Specific guidance for analytical reviews is given in IIA Standard 420.01. The following is the
complete text of IIA Standard 420.01:
420 Examining and Evaluating Information
100
101
Internal auditors should collect, analyze, interpret, and document information to support audit results.
.01 The process of examining and evaluating information is as follows:
.1 Information should be collected on all matters related to the audit objectives and scope of work.
a. Internal auditors use analytical auditing procedures when examining and evaluating
information.
b. Analytical auditing procedures are performed by studying and comparing relationships

among both financial and nonfinancial information.
c. The application of analytical auditing procedures is based on the premise that, in the absence
of known conditions to the contrary, relationships among information may reasonably be
expected to exist and continue. Examples of contrary conditions include unusual or
nonrecurring transactions or events; accounting, organizational, operational, environmental,
and technological changes; inefficiencies; ineffectiveness; errors; irregularities, or illegal
acts.
d. Analytical auditing procedures provide internal auditors with an efficient and effective means
of making an assessment of information collected in an audit. The assessment results from
comparing such information with expectations identified or developed by the internal auditor.
e. Analytical auditing procedures are useful in identifying, among other things:
— Differences that are not expected.
— The absence of differences when they are expected.
— Potential errors.
— Potential irregularities or illegal acts.
— Other unusual or nonrecurring transactions or events.
f. Analytical auditing procedures may include:
— Comparison of current period information with similar information for prior periods.
— Comparison of current period information with budgets or forecasts.
— Study of relationships of financial information with the appropriate nonfinancial

information (for example, recorded payroll expense compared to changes in average
number of employees).
— Study of relationships among elements of information (for example, fluctuation in

recorded interest expense compared to changes in related debt balances).
— Comparison of information with similar information for other organizational units.
— Comparison of information with similar information for the industry in which the
g. Analytical auditing procedures may be performed using monetary amounts, physical

quantities, ratios, or percentages.
101
102
h. Specific analytical auditing procedures include, but are not limited to, ratio, trend, and
regression analysis, reasonableness tests, period-to-period comparisons, comparisons with
budgets, forecasts, and external economic information.
i. Analytical auditing procedures assist internal auditors in identifying conditions which may
require subsequent auditing procedures. Internal auditors should use analytical auditing
procedures in planning the audit in accordance with the guidelines contained in Section 410
of the Standards.
j. Analytical auditing procedures should also be used during the audit to examine and evaluate
information to support audit results. Internal auditors should consider the following factors in
determining the extent to which analytical auditing procedures should be used:
— The significance of the area being examined.
— The adequacy of the system of internal control.
— The availability and reliability of financial and nonfinancial information.
— The precision with which the results of analytical auditing procedures can be predicted.
— The availability and comparability of information regarding the industry in which the
— The extent to which other auditing procedures provide support for audit results.
After evaluating the aforementioned factors, internal auditors should consider and use additional
auditing procedures, as necessary, to achieve the audit objective.
k. When analytical auditing procedures identify unexpected results or relationships, internal

auditors should examine and evaluate such results or relationships.
l. The examination and evaluation of unexpected results or relationships from applying

analytical auditing procedures should include inquiries of management and the application of
other auditing procedures until internal auditors are satisfied that the results or relationships
are sufficiently explained.
m. Unexplained results or relationships from applying analytical auditing procedures may be

indicative of a significant condition such as a potential error, irregularity, or illegal act.
n. Results or relationships from applying analytical auditing procedures that are not sufficiently
explained should be communicated to the appropriate levels of management. Internal
auditors may recommend appropriate courses of action, depending on the circumstances.
B. AICPA Standards for Analytical Procedures
SAS 56 (AU Section 329) provides guidance regarding the use of analytical procedures. The
major points of SAS 56 are summarized as follows:
1. Analytical procedures consist of evaluations of financial information made by a study of

plausible relationships among both financial and nonfinancial data.
102
103
2. Analytical procedures range from simple comparisons to the use of complex models
involving many relationships and elements of data.
3. A basic premise underlying the application of analytical procedures is that plausible

relationships among data may reasonably be expected to exist and continue in the
absence of known conditions to the contrary. Particular conditions that can cause
variations in these relationships include, for example, specific unusual transactions or
events, accounting changes, business changes, random fluctuations, or misstatements.
4. Analytical procedures are used for the following purposes:
a. To assist the auditor in planning the nature, timing, and extent of other auditing
procedures.
b. As a substantive test to obtain evidential matter about particular assertions related

to account balances or classes of transactions.
c. As an overall review of the financial information in the final review state of the
audit.
5. Analytical procedures involve comparisons of recorded amounts, or ratios developed

from recorded amounts, to expectations developed by the auditor. The auditor develops
such expectations by identifying and using plausible relationships that are reasonably
expected to exist based on the auditor’s understanding of the client and of the industry in
which the client operates. Following are examples of sources of information for
developing expectations:
a. Financial information for comparable prior period(s) giving consideration to

known changes.
b. Anticipated results—for example, budgets or forecasts, including extrapolations

from interim or annual data.
c. Relationships among elements of financial information within the period.
d. Information regarding the industry in which the client operates—for example,

gross margin information.
e. Relationships of financial information with relevant nonfinancial information.
6. The expected effectiveness and efficiency of an analytical procedure in identifying

potential misstatements depends on, among other things:
a. The nature of the assertion.
b. The plausibility and predictability of the relationship.
103
104
c. The availability and reliability of the data used to develop the expectation.
d. The precision of the expectation.
7. It is important for the auditor to understand the reasons that make relationships plausible
because data sometimes appear to be related when they are not, which could lead the
auditor to erroneous conclusions.
8. The reliability of the data used to develop the expectations should be appropriate for the
desired level of assurance from the analytical procedures.
9. The following factors influence the auditor’s consideration of the reliability of data for
purposes of achieving audit objectives:
a. Whether the data was obtained from independent sources outside the entity or
from sources within the entity.
b. Whether sources within the entity were independent of those individuals

responsible for the amount being audited.
c. Whether the data was developed under a reliable system of controls.
d. Whether the data was subjected to audit testing in the current or prior year.
e. Whether the expectations were developed using data from a variety of sources.
C. Benefits of Analytical Reviews
1. Useful in planning audits and defining scope.
2. Often less costly and less time consuming than other substantive tests.
3. Aids in the selection of entities to audit.
4. Directs attention to potential problem areas.
5. Provides information for analyzing risk.
D. Types of Analytical Reviews
1. Trend analysis is used to compare current account balances with the account balances for the
prior year(s).
104
105
2. Ratio analysis is used to compare current ratios with ratios for the prior year(s) or with an
industry average.
3. Regression analysis is used to show relationships between two or more variables.
III. STATISTICAL SAMPLING
The cost associated with a complete review of all records or transactions is often prohibitive. In
these cases, sampling is necessary. The proper use of statistical sampling helps ensure the
accuracy and reliability of the sample results.
There are two general approaches to audit sampling: non-statistical and statistical. This section
generally focuses on techniques and approaches for performing a statistical sample.
A. AICPA Standards for Audit Sampling
SAS 39 (AU Sections 350) provides guidance regarding the use of audit sampling. The major
points of these Statements that are relevant to this section are as follows:
1. Audit sampling is the application of an audit procedure to less than 100 percent of the
items within an account balance or class of transactions for the purpose of evaluating
some characteristic of the balance or class.
2. Sampling risk arises from the possibility that, when a test of controls or a substantive test
is restricted to a sample, the auditor’s conclusions may be different from the conclusions
that would be reached if the test were applied in the same way to all items in the account
balance or class of transactions. The auditor is concerned with four aspects of sampling
risk:
a. The risk of incorrect acceptance is the risk that the sample supports the
conclusion that the recorded account balance is not materially misstated when it is
materially misstated.
b. The risk of incorrect rejection is the risk that the sample supports the conclusion
that the recorded account balance is materially misstated when it is not materially
misstated.
c. The risk of assessing control risk too low is the risk that the assessed level of
control risk based on the sample is less than the true operating effectiveness of the
control.
d. The risk of assessing control risk too high is the risk that the assessed level of
control risk based on the sample is greater than the true operating effectiveness of
the control.
105
106
3. Non-sampling risk includes all the aspects of audit risk that are not due to sampling.
4. When planning a sample for a substantive test of details, the auditor uses judgment to
determine which items, if any, in an account balance or class of transactions should be
individually examined and which items, if any, should be subject to sampling. Auditors
should examine those items for which, in their judgment, acceptance of some sampling
risk is not justified.
5. The auditor may be able to reduce the required sample size by separating items subject to
sampling into relatively homogeneous groups on the basis of some characteristic related
to the specific audit objective.
6. Sample items should be selected in such a way that the sample can be expected to
represent the population. Therefore, all items in the population should have an
opportunity to be selected.
7. When planning a particular audit sample for a test of controls, the auditor should
consider:
a. The relationship of the sample to the objective of the test of controls.
b. The maximum rate of deviations from prescribed controls that would support the
assessed level of control risk.
c. The auditor’s allowable risk of assessing control risk too low.
d. Characteristics of the population (i.e., the items comprising the account balance or
class of transactions of interest).
8. Statistical sampling helps the auditor:
a. To design an efficient sample.
b. To measure the sufficiency of the evidential matter obtained.
c. To evaluate the sample results.
9. By using statistical sampling techniques, the auditor can quantify sampling risk to assist
in limiting it to an acceptable level.
B. Basic Steps For Developing a Statistical Sample
1. Determine the objectives of the test.
2. Define the population (e.g., number of transactions during the audit period).
106
107
3. Assess sampling risk and determine an acceptable level (e.g., 5% or 10%).
4. If appropriate, stratify the sample. Stratifying a sample involves assigning similar items into
subgroups. A sample is then selected from one or more subgroups as necessary to meet audit
objectives.
5. Determine the sample size. This can be done by using printed or electronic tables or
formulas.
6. Select a sampling methodology, such as:
a. Random sampling, which involves using a random number generator to select items
to be tested.
b. Systematic sampling, which involves taking a random start and then every nth item.
c. Cluster or block sampling, which involves randomly selecting groups of items to

sample.
7. Take the sample.
8. Review the items selected.
9. Document the results of the tests.
C. Variables Affecting Sample Size
1. Population size. Generally, larger populations require a larger sample.
2. Acceptable level of risk. Smaller amounts of acceptable risk require larger samples.
3. Population variability. Larger variability in the population (measured by the standard

deviation for variables sampling or the expected deviation rate for attribute sampling)
requires a larger sample.
4. Acceptable level of misstatement or deviation. The smaller the acceptable misstatement

amount (in variables sampling) or the smaller acceptable deviation rate (in attribute
sampling), the larger the required sample.
D. Variables Sampling
107
108
A variables sampling plan is most commonly used to test whether recorded account balances are
fairly stated. The auditor uses variables sampling to reach conclusions about a population in
terms of a dollar amount. Common types of variables sampling are described below:
1. Difference estimation. The auditor determines differences between the recorded and
audited values for items in the sample, divides the net sample difference by the sample
size, and then multiplies the result by the population size. The difference is then added
(if there is a net understatement) or subtracted (if there is an net overstatement) to yield
an estimated audited value.
2. Ratio estimation. The auditor estimates the population misstatement by multiplying the
recorded value of the population by the ratio of the total audit value of the sample items
to their total recorded value.
3. Mean-per-unit estimation. The auditor estimates the average audited value for each
population item from the average in the sample and then calculates the estimated audited
value for the account by multiplying the average audited value and the population size.
E. Attributes Sampling
Attribute sampling concerns binary (e.g., yes/no) propositions. Attributes sampling is commonly
used to test the rate of deviation (or rate of occurrence) in a population. Common types of
attributes sampling are described below.
1. Sequential (stop or go) sampling. The auditor performs the sampling plan in stages.
Following each stage, the auditor decides whether or not to go to the next stage.
2. Discovery sampling. When the expected rate of deviation is very low (near zero), the
auditor tries find at least one deviation in the sample.
IV. FLOWCHARTING, NARRATIVES, AND QUESTIONNAIRES
The three primary methods auditors use to document an entity’s internal controls are flowcharts,
narratives, and questionnaires. The auditor may decide to use one or more of these methods to
document a system. Each method is described below.
A. Flowcharting
A flowchart is a visual representation of how a process works. Interrelated symbols are used to
diagram the flow of events or data through a system. Flowcharts can provide a good initial
overview of an entire system.
Flowcharting Symbols
108
109
There are 6 basic symbols commonly used in flowcharting of assembly language programs:
Terminal, Process, Input/Output, Decision, Connector and Predefined Process. This is not a
complete list of all the possible flowcharting symbols, it is a list of commonly used symbols.
Symbol Name Function
Process Indicates any type of internal operation

inside the Processor or Memory
Input/Output Used for any Input / Output operation

Outside the Processor.
Decision Used to ask a question that can be answered

in a binary format (Yes/No, True/False)
109
110
Off-page Connector Allows the flowchart to be carried forward to

subsequent pages, while preserving a link back to
an original point of reference. Upper frame
reserved for the sending page, bottom frame points
to the destination page.
On-page Connector Allows for the continuos flow of logic to be

described, on the same page, without intersecting
lines or a reverse flow.
Predefined Process Used to invoke a subroutine or an interrupt

program.
Terminal Indicates the starting or ending of the

program, process, or interrupt program.
General Rules for flowcharting
1. All boxes of the flowchart are connected with Arrows. (Not lines)
2. Flowchart symbols have an entry point on the top of the symbol with no other entry points.
3. The exit point for all flowchart symbols is on the bottom except for the Decision symbol. The
Decision symbol has two exit points; these can be on the sides or the bottom and one side.
4. Generally a flowchart will flow from top to bottom. However, an upward flow can be shown
as long as it does not exceed 3 symbols.
5. Connectors are used to connect breaks in the flowchart. Examples are:
• From one page to another page.
• From the bottom of the page to the top of the same page.
• An upward flow of more then 3 symbols
6. Subroutines and Interrupt programs have their own and independent flowcharts.
7. All flow charts start with a Terminal or Predefined Process (for interrupt programs or
subroutines) symbol.
8. All flowcharts end with a terminal or a continuous loop.
110
111
B. Narratives
A narrative is a written description of a phase or a particular phase of a system. A written

narrative is most useful when describing relatively simple systems, simply because a complex,
lengthy written description of a system is often difficult to understand.
C. Questionnaires
An internal control questionnaire is designed to indicate control deficiencies. The internal

control questionnaire for a particular audit area is typically filled-out at the beginning of the
audit. Any potential deficiencies or weaknesses noted in the questionnaires indicate areas that
should be focused on during fieldwork testing.
V. CONFIRMATIONS
A confirmation is a letter or affidavit from an independent third party that confirms the existence
and valuation of some account balance.
A. AICPA Standards on Confirmations
SAS 67 (AU Section 330) provides guidance on the use of confirmations. The key points of this
Statement are:
1. The confirmation process includes:
a. Selecting items for which confirmations are to be requested.
b. Designing the confirmation request.
c. Communicating the confirmation request to the appropriate third party.
d. Obtaining the response from the third party.
e. Evaluating the information, or lack thereof, provided by the third party about the
audit objectives, including the reliability of that information.
2. Because confirmations provide evidence, confirmations are particularly useful in

instances when inherent and control risk are determined to be high.
3. When obtaining evidence for assertions not adequately addressed by confirmations,

auditors should consider other audit procedures to complement confirmation procedures
or to be used instead of confirmation procedures.
111
112
4. The auditor should exercise an appropriate level of professional skepticism when

designing the confirmation request, performing the confirmation procedures, and
evaluating the results of the confirmation procedures.
5. There are two types of confirmation requests: positive confirmations (the positive form)
and negative confirmations (the negative form).
6. Some positive forms request respondents to indicate whether they agree with the
information stated on the request. Other positive forms, referred to as blank forms, do not
state the amount (or other information) on the confirmation request, but request the
recipient to fill in the balance or furnish other information. Blank forms generally
produce a higher degree of assurance, but they often result in a lower response rate.
Positive forms provide audit evidence only when responses are received from the
recipients; nonresponses do not provide audit evidence about the financial statement
assertions being addressed.
7. Negative forms request recipients to respond only if they disagree with the information
stated on the request. Negative confirmation requests may be used to reduce audit risk to
an acceptable level when:
a. The combined assessed level of inherent risk and control risk is low.
b. A large number of small balances in involved.
c. The auditor has no reason to believe that the recipients of the requests are unlikely
to give them consideration.
8. To restrict the risks associated with facsimile responses, the auditor should consider
taking certain precautions, such as verifying the source and content of the facsimile in a
telephone call to the purported sender. In addition, the auditor should consider asking the
purported sender to mail the original confirmation directly to the auditor.
9. When using confirmation requests other than the negative form, the auditor should
generally follow up with a second and sometimes a third request to those parties from
whom replies have not been received.
10. When evaluating the results of confirmation procedures, the auditor should consider:
a. The reliability of the confirmations and alternative procedures.
b. The nature of any exceptions, including the implications, both quantitative and
qualitative, of those exceptions.
c. The evidence provided by other procedures.
d. Whether additional evidence is needed.
112
113
11. It is generally presumed that evidence obtained from third parties will provide the auditor
with higher-quality audit evidence than is typically available from within the entity.
Thus, it is presumed that the auditor will request the confirmation of accounts receivable
during an audit unless one of the following is true:
a. Accounts receivable are immaterial to the financial statements.
b. The use of confirmations would be ineffective.
c. The audit risk is acceptably low.
B. Common Ways Auditors Use Confirmations
1. Confirm receivables balances. Auditors can determine the existence and valuation of an
account by asking the customer in writing whether a recorded receivable is in the entity’s
account payable.
2. Confirm cash balances at banks and other depositories.
3. Confirm off-premises inventory.
4. Confirm securities and other negotiable instruments held by independent custodians.
5. Confirm bonds directly with trustees.
6. Confirm loans and notes payable directly with creditors.
VI. COMPLIANCE AND SUBSTANTIVE TESTING
A. Compliance Testing
Compliance testing is designed to determine whether an entity has complied with applicable
laws, regulations, policies, and procedures. The auditor is to determine whether any instances of
noncompliance may have a material effect on the financial statements.
B. Substantive Testing
Substantive tests provide evidence about monetary misstatements. The extent of substantive
testing depends on the acceptable level of detection risk. Some key points regarding substantive
testing include:
1. The purpose of substantive testing is to hold detection risk to an acceptable level.

Detection risk is the risk that the auditor’s procedures will not detect an error.
113
114
2. The objectives of substantive tests of sales, receivables, and cash balances are to
determine that the account balances exist, are accurate and complete, and are properly
presented and disclosed.
3. Specific substantive tests include:
a. verifying the mathematical accuracy of accounts

b. confirming receivables balances
c. determining whether receivables are collectable
d. confirming cash balances
e. confirming payables
f. testing cutoff (e.g., verifying that purchases and payables were recorded in the
appropriate period)
g. determining whether unrecorded liabilities exist
h. verifying prepaid expenses (e.g., reviewing insurance policies to confirm
coverage)
i. verifying payroll preparation and distribution
j. counting physical inventory
k. verifying the accuracy of recorded fixed assets
l. confirming or physically inspecting securities
m. confirming bonds, loans, and notes payable
n. examining bond indentures and other long-term indebtedness agreements
o. verifying shareholders’ equity balances
114
115
UNIT 6: INFORMATION SYSTEMS AUDITING
I. Information Systems Auditing
In today’s environment most information is produced through the use of computer systems. The
use of information systems permeates all aspects of an organization from electronic mail to the
generation of annual reports. As a result, information systems controls have become a critical
control point.
Until recently, there were limited audit standards for information systems auditors. The
Information Systems Audit and Control Association developed Control Objectives for
Information and related Technology (COBIT) in 1996 to provide auditors with information
systems guidelines.
Below are some excerpts from the COBIT Executive Summary v
It is management's responsibility to safeguard all the assets of the enterprise. For many
organizations, information and the technology that supports it represent the
organization's most valuable assets.
Organizations must satisfy for their information, as for all assets, the requirements for
quality, fiduciary reporting and security. Management must balance the use of available
resources including people, facilities, technology, application systems and data. To
discharge this responsibility, as well as to achieve its expectations, management must
establish an adequate system of internal control. Such a system or framework must
support the business processes and must be clear on how each individual control activity
impacts the resources and satisfies the requirements. Control which includes policies,
organizational structures, practices and procedures is management's responsibility. A
Control Objective is a statement of the desired result or purpose to be achieved by
implementing specific control procedures within an IT activity.
IT Resources need to be managed by a set of naturally grouped IT processes to provide

the information that the enterprise needs to achieve its objectives.
COBIT has a set of 32 high-level Control Objectives, one for each of the IT Processes,
grouped into four domains: planning & organization, acquisition & implementation,
delivery & support, and monitoring.
Impact on IT resources is highlighted in the CobiT Framework together with the business
requirements for effectiveness, efficiency, confidentiality, integrity, availability,
compliance and reliability that need to be satisfied. Additionally, the Framework gives
definitions for the business requirements that are distilled from higher level objectives for
115
116
quality, security and fiduciary reporting as they relate to Information Technology. The
management of the enterprise needs a framework of generally applicable and accepted IT
security and control practices to benchmark their existing and planned IT environment.
The main objective of the CobiT project is to enable the development of clear policy and
good practice for IT control throughout industry, worldwide. It is CobiT's goal to provide
these control objectives, within the defined framework, and obtain endorsement from the
commercial, governmental and professional world-at-large.
Note: COBIT is included in the recommended reading materials.
There are two broad categories of information system controls, general and application controls.
General controls are those that apply to all computer activities. They generally apply to the
entire computer operation and include physical and logical security controls that apply
organization wide. Application controls apply to a specific application and are unique to that
particular application. For example, the physical security controls would be the same for all
applications, but the specific edit checks built into an application are unique to that application.
An effective security program emphasizes both general and application controls. Some specific
general and application control areas are:

H. Physical and Data Security Access Control
I. End-User Computing – Including Microcomputers
K. Audit Tools
1) Computer Assisted Audit Techniques
2) Automated Administrative Processes
As outlined in the Executive Summary of COBIT, information and by association, information

processing have become a very valuable asset for many organizations. As a result, internal
controls must be developed to safeguard the asset. However, since information is not a tangible
asset, it has been more difficult for many organizations to understand the value of information
and, subsequently, to effectively control it. Although organizations are beginning to understand
the value of information, the controls to protect information continue to lag behind.
As indicated by the development of COBIT and the internal controls that will be discussed in this
unit, information systems controls are gaining importance in progressive organizations.
116
117
Input/processing/output controls are associated with a specific application and are referred to as
application controls. Application controls relate to specific tasks performed by a computer
system. An example of an application is a payroll system which would automatically calculate
pay rates and generate warrants. Programmed edits such as the verification of employment
status and salary limits are considered application controls. There are three specific categories of
application controls:
• Input controls help ensure that data received for processing have been properly
authorized and converted, and is complete and accurate. Input controls also relate to the
rejection, correction, and resubmission of data that was originally incorrect.
• Processing controls help ensure that the processing has been performed as intended.
They also ensure that all transactions are processed as authorized, no authorized
transactions are omitted, an that no unauthorized transactions were added.
• Output controls help ensure that reports (hard copy or online) or other output such as
warrants or invoices are accurate and are received or available to only authorized staff.
Segregation of duties is a general control area and is critical in the information systems arena.
Segregation of duties is a basic control principle that prohibits the performance of duties that
may permit someone to commit and conceal inappropriate activities. For example, it would be a
significant control weakness for one person to perform data entry functions and receive and
review the output. Some examples of information system duties that should be segregated are
listed below.
• Computer operators are responsible for the actual processing of data and operate the
equipment and respond to messages to permit final processing. Computer operators
should not have any programming duties and should be prohibited from accessing
documentation not required to perform their job function.
• Librarians are the keeper of documentation, programs, and data. Librarians should be
prohibited from performing any operations or programming functions. Some people
advocate that librarians have limited access to equipment and have little or no
programming skills.
117
118
The most important areas to segregate are the processing and development functions. As
discussed above, computer operators (processing function) must be clearly segregated from
programming activities. The opposite is also true: programmers should be prohibited from
entering the computer room where the consoles reside. In addition, programmers must be
prohibited from accessing or invoking any processing commands. For example, operators often
respond to requests on the console to permit programmer access to restricted libraries, but the
operator should deny access unless an approved request is on file.
The increased reliance on computer output without verification increases the need for additional
controls. The lack of effective controls over the programming function can permit unauthorized
changes to made with minimal chance of detection. A programmer who has access to processing
functions will have the capability to bypass controls to make and conceal unauthorized changes.
In a manual system, reconciliation of input to output is a normal and routine process.

Accountants and internal auditors routinely perform reconciliation procedures in manual
environment. For example, many of us manually reconcile our check register to our checking
account statement on a monthly basis. However, in a computerized environment, the source
document (processed check or check register information) may not exist. This makes manual
reconciliation of input to output virtually impossible. In addition, the number of transactions in
some systems makes it time- and cost-prohibitive to perform a manual reconciliation. As
auditors adapt to the computerized environment, they are “auditing through the computer” rather
than “auditing around the computer.” Auditing around the computer has been the standard in the
audit community. This approach required the auditor to perform a manual reconciliation of
computer output to the source documents. Basically little or no reliance was placed on the
integrity of the computer system and the audit techniques were similar to those used in the pre-
computer period. Auditing through the computer is becoming the accepted practice in the audit
community. This approach requires the auditor to review the general and application controls
that affect a computer system and verify the integrity and accuracy of the computer system. The
auditor only needs to perform limited reconciliation of input to output to provide an acceptable
comfort level with the integrity of the output.
Control of data files or access controls is the use of techniques to prevent improper access, use,
or manipulation of data files and programs. The primary logical security control in use today is
the use of an ID and password. Each authorized user is provided with an ID that provides access
to programs and data files based on job requirements. The password is a secret code known only
by the user and changed periodically ensure its confidentiality. For example, a payroll clerk for
the administration division may have an ID - PAY22 - which provides read and update to access
to administration employees payroll records but prohibits access to all other payroll records and
accounting data. The user PAY22 is required to have a password that is at least six characters in
length and requires the use of a number in at least two of the six characters.
118
119
The use of passwords has been an effective security tool; however, as more critical and
confidential information is placed on computers, additional security measures have been
developed. Two examples of these include:
• Encryption uses an algorithm to manipulate plain text and render it unreadable. Any user
with the proper key can decrypt the information into readable text. This approach works
well when transferring confidential or proprietary information over an unsecured
network. Encryption can also be an effective control when storing confidential or
proprietary information on computers.
• Biometrics uses something unique about an individual such as fingerprints, voice

patterns, retina patterns, or hand geometry to distinguish users. Under this approach,
users will have their fingerprint or other characteristics scanned into the security system
and access will be permitted only after comparing the scanned information to the current
information. For example, a user would place his or her index finger in a reader and this
information would be compared to the stored information to permit or deny access.
Although biometrics provides excellent security, there are several issues associated with
it use. There is the possibility of a false-positive reading, thereby permitting an
unauthorized access. This situation is relatively rare and biometrics provide much greater
security than passwords. A bigger issue is a false-negative reading, where an authorized
user is denied access. This can be due to changes in the individual or a faulty reading by
the device. In either case, there is a high level of frustration for a denied user. There is
also some resistance in the user community due to the perception that biometric devices
are personally intrusive.
Authorization of transactions is actually a subset of the information outlined in the previous

section. The same techniques are used; however, access is permitted or denied at a transaction
rather than data file level. For example, in some instances update access to data may be
permitted for all authorized users, with no distinction between users. However, in most cases an
additional level of security is required and that is where transaction level security comes into
play. Extending the sample above, read access (data can be read but not modified) may be
acceptable for all users, but only 10% of the users need to perform selected transactions.
Additionally, particularly sensitive transactions may be limited to 1% of the users.
An effective way to employ transaction security is to place users in common groups, where
people who perform the same function have the same access capability. This simplifies the
administration of security. See the example below:
Payroll system
• Group 1 - general user - no access to the system or transactions
• Group 2 - payroll administrators - read only access to the system
119
120
• Group 3 - payroll clerks - update transaction permitted for select fields, no access to
update transactions for any monetary fields.
• Group 4 - master payroll clerks - update transaction permitted for all fields.
Under this approach, individuals are placed in groups and permitted or denied access based on
the security parameters in the group. This approach will work with password and biometric
based security systems.
H. Physical and Data Security Access Control
Physical security is the security over access to the building and sensitive areas. We are all aware
of the physical security controls associated with banks. Most computer facilities have detailed
physical security controls and they generally include:
• Access security most facilities restrict physical access to authorized personnel. In many
cases guards and/or card-key systems are used to prevent unauthorized access. Card-key
systems prevent or allow access to the main facility and can also further restrict access to
sensitive areas within the facility.
• Fire prevention and detection since the information stored within a facility is extremely
valuable, extensive fire prevention and detection are employed.
• Disaster contingency planning information processing is the lifeblood of many

organizations, as a result, alternate processing plans must be developed and tested. For
example, major credit card companies have detailed an extensive contingency plans that
permit a seamless transfer of processing capability from an inoperable site to an alternate
site. Most other organizations have less extensive plans and have a backup site available
that will permit them to continue operations in a 24-hour period. In any event, data must
be backed up and stored off-site for a disaster contingency plan to be effective.
Although physical security is still very important, its importance has diminished with the
widespread connectivity provided by networks. Prior to microcomputers and networks (local
and international (Internet)), physical access to a specific terminal was often required to perform
sensitive transactions. In today’s environment, physical boundaries no longer exist, so logical
security controls such as those in the two previous sections provide the primary security control.
I. End-User Computing – Including Microcomputers
End-user computing is the phenomenon that occurred after the introduction and acceptance of
microcomputers. The historic computing environment consisted of a data center (computer
facility), mainframe computer, and attached terminals. Everything from purchase, maintenance,
support, application development, and security was controlled by data center staff. This
centralized process promoted the establishment of accepted and consistent development and
security standards. As the need for additional computer resources increased, users were often
120
121
unable to have their computer needs satisfied by central data center staff. Microcomputers and
local area networks provided users with the ability to satisfy their computing needs by procuring
or developing their own systems. As this approach grew in popularity it was dubbed end-user
computing. End-user computing proliferated in the late 1980s and early 1990s. It provided users
with the ability to develop or procure systems that met their unique needs. However, some of the
basic control concepts from the centralized environment were not transferred to the end-user
computing environment. Some end-user computing issues include:
• Technical expertise most end-users do not have a programming or computer science

background and lack some of the basic knowledge to develop effective long term
solutions.
• Compatibility issues end-users were interested in meeting their individual needs and did
not look at systems from an organizational perspective. For example, separate divisions
often purchased incompatible hardware and software that prevented the transfer or
sharing of data within the organization.
• Security issues since security was not centrally controlled, end-users decided what level
of security was appropriate. In many cases, security was an after-thought and
confidential and proprietary data was not always controlled properly.
• Backup and contingency planning issues although end-users relied on their systems to
meet their objectives, basic control concepts such as backing-up data and storing it off-
site were not adhered to.
• Development issues end-users often developed systems without using accepted

development techniques. Accepted control concepts such as developing adequate
documentation of the system and programming were not adhered to. This made it
difficult to modify the application. In addition, adequate testing to determine that the
system processed correctly were not conducted; thus, in some cases, system calculations
were wrong.
End-user computing brought power to the users; however, it significantly increased the risk of
data loss, unauthorized access, and incorrect processing results.
There are inherent risks associated with any business. The basic business risks are routinely
reviewed by senior management. The basic risks involve financing, investment, supply,
marketing, and production. In addition to the basic risks there are many other internal and
external risks that impact businesses.
Some of these risks include:
121
122
• Information systems risks are risks that occur from the electronic transfer and storage of
key business information. Computer systems, computer failures can significantly disrupt
business operations. Similar to natural disasters, preparations must be made to reduce the
impact of computer failures on operations. For example, some companies that rely on
computer systems to perform their primary business functions (such as credit card
companies) have redundant computer and telecommunications systems that permit a
seamless transition in case of a failure in one of the systems.
• External risks are risks associated with dealings with external parties. These include
dealings with creditors, investors, employees, shareholders, customers, competitors, and
regulators. Although an individual business may not be able to control these risk areas,
they must analyze these risk areas and take action as appropriate.
• Legislative risks are risks associated with changes with law and policy that impact a
business. These include changes to tax law, safety or environmental regulations, and new
statutory limitations.
• Disaster risks are risks that occur from natural disaster such as earthquakes, fires, or
hurricanes. Although unpredictable, preparations to reduce the potential negative
consequences from a disasters must be made. Time and again, businesses that did not
adequately prepare for disasters have been unable recover the effects of disaster and been
forces out of business.
As outlined in previous sections, risks must be continually analyzed and addressed. Information
systems risks will continue to be a major concern as more organizations rely on these systems to
perform primary business functions.
K. Audit Tools
As computers became integral to the performance of primary business functions, auditors needed
to develop new audit techniques and tools. Auditors had a choice to either audit “around the
computer” or “through the computer.” Initially auditors audited around the computer and
focused their efforts on the input and output from the system, not the processing. This approach
assumes that the processing is accurate if the inputs and outputs are correct. As more and more
primary business functions were computerized auditors wanted additional assurances on the
integrity of processing logic. As a result, audit tools were developed to permit auditors to
efficiently audit through the computer. Under this approach, the program logic and edit checks
are reviewed and verified. In some instances, test data is run through the system to check for
processing accuracy, the enforcement of edit checks, and output accuracy.
Some specific methods or tools for auditing include:
• Integrated Test Facility (ITF) - under this approach, a fictitious entity is created and
processed along with live data. For example, in a payroll system a fictitious employee
122
123
would be created and processed along with the normal payroll processing. The pre-
determined results would be compared to the actual results.
• Systems Control Audit Review File (SCARF) - under this approach, an embedded audit
module collects data for subsequent review and analysis. Like the ITF approach, SCARF
information is collected using the live data and system.
Computer Assisted Audit Techniques (CAATs) has become a common term in the information
systems audit profession. The audit community learned the value of computerization to enhance
the quality and timeliness of audits. Some general CAATs include:
• Data Analysis Software - software that assists the auditor in analyzing data and selecting
samples. Historically auditors selected a sample (often a judgmental sample or a random
sample) and tested the sample transactions to verify the integrity of the internal controls.
Although sampling provides effective audit results, data analysis software provides
auditors with the capability to test all transactions. For example, software can be used to
find financial variances (such as a limit in the $ amount of a transaction) by identifying
all transactions that exceeded the threshold.
• Security Review Software - software that assists the auditor by performing online
analysis of security software and operating system parameters. Auditors frequently
review global security standards such as password length and change interval.
Historically, auditors would review the global system parameters and a sample of users
and try to identify those that had less restrictive parameters. Security review software
provides auditors with the capability to identify any user that has less restrictive
parameters. For example, all users with a password of less than 6 characters could be
identified.
As indicated above, computer assisted techniques will continue to evolve into routine audit
techniques. Computerization provides core business units with increased ability to perform
effectively, and the same is true for auditors.
L. Automated Administrative Processes
Routine administrative processes such as payroll had a detailed internal control structure to
prevent inappropriate transactions and access. However, as more and more of these
administrative processes became computerized, the historical internal controls were no longer
valid or effective. As a result, new internal control systems (as discussed previously) are
required to effectively protect assets in the information age.
123
124
STUDY QUESTIONS FOR VOLUME 1: AUDITING
1. According to the Standards for the Professional Practice of Internal Auditing,

independence in the internal auditor is achieved through
A. management directive.
B. impartiality and fairness.
C. organizational status and objectivity.
D. personnel management and development.
2. According the CFSA Code of Professional Ethics, a CFSA

A. will use the CFSA designation with pride and professionalism.
B. strives to provide a value-added service to the organization.
C. is responsible for providing a professional evaluation of the system of internal
control.
D. is obligated to report illegal or fraudulent activities to the appropriate authorities.
3. Which of the following is an Audit Committee most likely to review and approve?
A. Audit director's salary.
B. Audit department's annual budget.
C. Annual audit plan.
D. Annual financial statements.
4.Which of the following would be most likely to be considered inadequate segregation of

duties?
A. Maintaining custody of signed checks prior to mailing and preparing expense
account subsidiary ledgers.
B. Collecting payments on accounts and reconciling accounts receivable records.
C. Approving changes to employee records and processing general ledger transactions
D. Preparing customer statements and collecting payments on accounts.
5. Which of the following objectives would be most likely to be classified as operational

auditing?
A. Evaluating the adequacy and effectiveness of the system of internal control.
B. Reviewing the reliability and integrity of financial and operating information.
C. Identifying opportunities for improvement in performance of key functions.
D. Examining the means of safeguarding assets.
124
125
6. The primary purpose of an internal audit is to

A. appraise the organization's internal control system.
B. attest to the accuracy of the organization's financial statements.
C. evaluate the organization's financial accounting system and those activities having a
material effect on the financial statements.
D. evaluate the organization's compliance with regulatory requirements.
7. Which of the following best describes analytical review procedures?

A. Compliance tests to review the system of internal control.
B. Compliance tests to evaluate the reasonableness of financial information.
C. Substantive tests to review the system of internal control.
D. Substantive tests to evaluate the reasonableness of financial information.
8. The relationship between substantive tests and internal control is

A. direct.
B. inverse.
C. parallel.
D. complementary.
9. Which of the following are control considerations for batch systems?

A. Program change control, segregation of duties, and interim input reconciliations.
B. Segregation of duties, interim input reconciliations, and interactive transaction
authorization.
C. Program change control, segregation of duties, and interactive data input
telecommunication controls.
D. Program change control, interim input reconciliations, and interactive transaction
authorization.
10. Which of the following are true concerning data files?

I. Failure to detect or prevent file version errors and update or posting errors are
caused by inadequate input controls.
II. Processing controls are intended to detect or prevent program bugs such as
mathematical errors and decision tree errors.
III. Input controls include flagging duplicate transactions and validating special fields.
IV. One objective of output controls is to ensure the integrity of stored data until it is
deleted, modified, or merged with other data.
A. I and IV only
B. I, II, and III only
C. II, III, and IV only
D. I, II, III, and IV
125
126
VOLUME II
BANKING
126
127
CORE COMPETENCY NUMBER TWO:

BANKING INDUSTRY
This study guide covers a wide range of issues relating to commercial banks, savings banks,
credit unions, trust companies, finance companies, credit card companies, leasing companies,
and mortgage bankers. The guide is divided into two units. Unit 1 discusses financial statement
applications. Unit 2 describes laws and regulations affecting the banking industry.
UNIT 1: FINANCIAL STATEMENT APPLICATIONS
This unit covers the common financial statement applications in the banking industry. The unit
addresses issues related to assets, liabilities, shareholders’ equity, and other services/operations
such as wire transfers, branch operations, and trusts. In addition, this unit highlights other
important money and banking issues.
I. ASSETS
Assets are one major element of the financial statements. Something has asset value if it can
contribute directly or indirectly to an entity’s cash flow. In other words, assets are future
economic benefits controlled by an entity. Assets may be tangible or intangible.
Current assets typically include those assets an entity expects to convert into cash or be sold
within one year. Current assets include cash, receivables, and short-term investments. Non-
current assets include long-term investments, property and equipment, and intangible assets.
This section describes various categories of assets and their relationship to the financial
statements.
A. Cash and Due From Banks
1. “Due from” bank balances are bank assets on deposit in other banks. Due from bank
balances are used to ensure liquid reserves, to facilitate the transfer of funds, and to use as
compensation for correspondent banking services.
127
128
2. There are four categories of cash and cash due from banks:
• Cash items are other items easily liquidated such as maturing coupons, returned
checks, and unposted debits. Cash items also include many other types of
instruments that are considered cash equivalents.
• Cash on hand refers to funds in the bank, either at teller windows, in the vault, in
Automated Teller Machines (ATMs), and at satellite locations.
• Clearings and exchanges are checks drawn on other banks.
• Due from bank accounts are correspondent banks that are used to collect checks.
Checks are sent to the due from bank. The due from bank either credits the due to
bank’s account or pays the due to bank directly with a bank draft.
3. Cash and due from other bank accounts that are listed as a caption on the balance sheet
should include all currency and coin, cash being collected, and account balances with other
banks (except material interest-bearing accounts, which should be disclosed separately).
B. Federal Funds Sold and Securities Purchased Under Resale
1. Federal funds are deposit balances held at Federal Reserve banks. These banks buy and sell
federal funds to temporally redistribute total bank reserves. Sales are good for one day only.
The federal funds are returned to the selling bank on the following business day.
2. Federal funds transactions may take the form of an unsecured loan where a bank sells funds
one day and is repaid the next business day. Federal funds may also be sold through
collateralized transactions where a purchasing bank puts securities in a custody account until
the funds are repaid to the seller.
3. Repurchase agreements (repos) and resell agreements (also known as reverse repurchase
agreements or reverse repos) govern instances when a bank invests excess funds by buying
securities from another bank or securities dealer. On a specified date (usually the next day),
the borrowing bank agrees to repurchase the securities at the same price plus interest from
the seller. Thus, banks borrow under repurchase agreements and lend under resell
agreements.
4. Federal funds transactions do not involve an actual transfer of funds. The Federal Reserve
credits the borrower’s reserve balance and charges the lender’s reserve balance. Each bank
then makes the necessary charge to federal funds sold or purchased.
5. Banks should classify any federal funds transaction that matures in more than one business
day as a loan.
128
129
C. Interest Bearing Accounts
1. The types of accounts that bear interest include savings accounts, negotiable orders of
withdrawal (NOW) accounts, and certificates of deposit. These interest bearing accounts are
known as time deposits.
2. Traditionally, banks manually posted time deposit transactions on ledger sheets. Bank tellers
also recorded the transaction in the customer’s passbook. Today, most banks use computer-
generated ledger sheets to record transaction activity and account balances.
3. The financial statements should disclose savings account liabilities and certificates of deposit
of $100,000 or more. Any material NOW account should also be disclosed.
D. Trading Securities
1. Trading securities are securities that a bank intends to sell within a short period, usually less
than one month.
2. Commercial banks can underwrite and initiate securities transactions. How banks record
securities transactions on their financial statements depends on whether the securities are
purchased for trading purposes or for inclusion in the bank’s own investment account.
Management should approve whether purchased securities belong in the trading account or
the investment account. The decision on how to record the securities in the financial
statement should be immediate. It is not advisable to record purchased securities in a
suspense account and then later decide whether the securities are for trading or investment.
3. Banks generally record securities transactions as of the trade date. However, it is acceptable
to record the transactions as of the settlement date if the difference between the settlement
date and trade date is not materially different. Settlement date accounting requires the bank
to record both the purchase and sale of the securities and the income statement effects of the
transactions.
4. Banks should account for securities held for resale as follows:
• Marketable securities should be accounted for at current market value.
• Securities and other investments with no ready market should be accounted for at fair
value as determined by management, with costs disclosed.
• Increases or decreases in unrealized appreciation or depreciation should be included

in the income statement.
5. Banks should account for trading securities at market value. Any changes in cost should be
regarded as an unrealized gain or loss within net income. The total unrealized gain or loss is
the difference between the total cost of the securities and their total fair value. Also, banks
129
130
should use market value to transfer securities from a trading account to an investment
account, with any resulting gain or loss regarded as trading income; in this scenario, the
securities should be recorded in the investment account as a new acquisition. In cases where
banks transfer investment account securities to a trading account, a write-down from cost to
estimated market value should be charged to investment security losses at the time of the
transfer. The bank should not recognize the gain from the write-up of cost to estimated
market value until final disposition of the securities, since the securities were not designated
as part of the trading account at the original acquisition date. Such gains, when recognized,
should be reported as investment security gains.
6. Banks can record interest earned on trading securities as either interest income or trading
income. However, the recommended method is to report interest income separately from
trading income if the amount is material. Also, it may be necessary to include a note to the
financial statements that discloses the major categories of securities in the trading portfolio.
E. Securities Available for Resale
1. Banks hold some securities with the intent of selling them in the future. Any securities
intended for sale in the next year or operating cycle are classified as current assets on the
balance sheet. Otherwise, they are classified as long-term assets in the investments portion
of the balance sheet.
2. Securities available for resale should be reported at fair value. When this type of security has
an unrealized gain or loss, it is not reported on the income statement. Rather, it is reported as
a separate component of stockholders’ equity. Also, for securities available for resale,
unrealized gains or losses are carried forward to future periods and adjusted based on the
current fair value.
F. Loans
1. State and federal regulations restrict the amount banks may loan to an individual borrower,
set limits on specific types of loans, and define the conditions governing loans to directors,
executive officers, and principal shareholders.
2. Bank loans can generally be classified in several ways:
• Time loans are made for a specific time period.
• Demand loans have no fixed maturity date and are payable on demand of the lender.
• Line-of-credit arrangements allow the borrower to borrow up to a maximum limit for

a specific period. A revolving credit agreement, commonly used for consumer credit
cards, is a typical line-of-credit arrangement.
130
131
• Installment loans require periodic principal and interest payments. A real estate
mortgage loan is an example of an installment loan.
Each type of loan typically has a separate general ledger control account that should be
supported by subsidiary records. Depending on the type of subsidiary records used, single or
multiple records may be needed to record loan information such as escrow balances or
monthly payment amounts. Many banks use ancillary ledgers to post all borrowers’ liability
transactions.
3. Interest on time, demand, and real estate loans usually accumulates daily or monthly.
Interest income on loans is normally credited to operating income.
4. When a loan becomes delinquent or when collection seems unlikely, banks often suspend
accrual of interest. If principal is paid on a loan after it has been placed on non-accrual
status, the bank must determine whether it should record the payment as a reduction of the
loan principal amount or as interest income.
5. Accrued interest receivable is either included in other assets or stated separately. Unearned
discounts, allowances for loan losses, and unamortized loan origination fees should be
deducted from the loan balances. However, if there are other unamortized loan fees that are
material, they should be presented as other liabilities.
6. Banks often make loans to officers, directors, employees, and principal shareholders.
Disclosure of these related-party transactions is required if they are material to the loan
portfolio or in relation to total stockholders’ equity.
7. Customer overdrafts should be recorded as loans on the financial statements.
8. There types of loans include the following:
a. Commercial loans are typically made for business purposes to sole proprietors,
partnerships, and corporations. A commercial loan may be secured or unsecured. A
loan is secured when the bank holds a lien against pledged collateral. Commercial
loans may be written as short-term time loans, demand loans, or term loans. Some
types of commercial loans include:
• Short-term working capital loans generally finance the production needs of

manufacturing companies until finished goods are sold.
• Asset-based financing involves loans that are secured by the borrower’s

current assets (receivables or inventories).
• Seasonal loans provide funds to businesses to carry them through off-season

periods of the year.
131
132
• Term loans are extended-maturity loans that allow businesses to acquire

capital assets. Because of the extended maturity dates, term loans have a
greater risk of loss. For this reason, term loans are usually secured, may
require amortization, and may contain other restrictive covenants.
• Agricultural loans are common in rural areas and offer alternative financing to
farmers who must often wait years before new operations begin turning a
profit.
• Floor-plan financing allows businesses that sell durable goods such as

automobiles to finance inventories. As the business sells goods, the loan
advance against those goods is repaid.
b. Residential loans are usually secured by mortgages, deeds of trust, land contracts, or
other types of real estate liens. Interest rates for residential mortgage loans may be
fixed or variable. Repayment of principal may be set up for full amortization,
negative amortization, or partial amortization with a balloon payment at a specified
date. Lending institutions may require some borrowers to purchase credit life
insurance to reduce the institution’s credit risk.
The Federal Housing Administration (FHA) insures the real estate loans of borrowers
who qualify for the program. Borrowers whose loans are insured by the FHA pay an
annual insurance premium based on their loan balance. The Department of Veterans
Affairs (VA) partially guarantees the loans of military veterans. VA loans feature
little or no down payment and prohibit mortgage brokers’ commissions. Both the VA
and FHA are required to establish lending policies that cover portfolio diversification
standards, underwriting standards, loan administration policies, and other
documentation and reporting requirements. Also, both agencies require an appraisal
by a certified or licensed real estate appraiser for transactions valued at $250,000 or
more.
c. Consumer loans cover personal use items such as automobiles, appliances, vacations,
educational expenses, and home repairs or updates. These loans are generally for
smaller amounts and are repaid each month over the loan period. Two primary types
of consumer loans are:
• Installment loans allow the consumer to repay a loan over a set period. The
loan is generally secured by the item being purchased. Automobile loans are a
common type of installment loan.
• Credit cards allow customers to make purchases up to a set dollar limit. Most
credit cards are unsecured, but some secured card programs are available for
customers that are a high credit risk. Many cards carry an annual fee and
charge interest on balances unpaid after a specified period.
132
133
d. Leases allow a customer to use an institution’s property for a specified period. Most
lease agreements give the lessee the option of purchasing the property at fair market
value after the lease period ends. The total amount of lease payments receivable plus
the estimated residual value, less unearned income and loss allowances, may be
shown as loans on the balance sheet or in a separate caption.
e. International loans include loans made to foreign governments and banks. A

commercial or consumer loan made by the foreign branch of a large bank is also
considered an international loan. These types of loans are subject to cross-border
risk, which is the risk that the borrowing entity’s exchange reserves will not be
sufficient to meet its repayment obligations. International loans are also known as
foreign loans or cross-border loans.
G. Allowance for Loan Losses
1. All banks assume some loans will not be repaid. Banks are required to estimate the amount
of losses they expect from their loan portfolio. Bank management sets the reserve at a given
point based on factors such as the number and type of loans made, the quality of the loans
made, the number of problem loans, historical loss experience, collateral value on non-
performing loans, guarantor’s financial strength, and the general state of the economy. If
more funds than expected are needed to cover loan losses in a given period, the reserve must
be increased and the difference is charged to operating expenses.
2. In most case, uncollectable loans should be written off and charged against the reserve for
possible loan losses. However, banks with assets under $25 million with a reserve account
should charge uncollectable loans directly to operating expenses.
H. Premises and Equipment
1. Banks own fixed assets, such as buildings, land, and equipment, for use in business
operations. However, regulations set limits on the amount of fixed assets a bank may own.
A bank’s holdings of real estate must not exceed a stated percentage of the bank’s capital and
surplus, unless approved by regulatory authorities.
2. Banks generally may not own rental property unless they are going to use the property for
banking operations in the near future. A national bank must sell any real estate within five
years of acquisition if it is not used for banking purposes. A bank should record real estate
not used for banking purposes on its balance sheet as “other real estate owned.” The amount
of the real estate should be listed as the lower of the annual value or the bank’s investment.
A bank’s real estate holdings must be appraised each year, unless the investment is under
$25,000 or is 5% or less of the bank’s equity capital.
3. Banks should use fair value to record assets acquired through foreclosure. However, the fair
value amount should not exceed the amount at which the investment was recorded. If the
133
134
recorded investment amount exceeds the fair value of the real estate, then the bank should
record a loss. Fair value is the amount a seller can expect to receive in a normal sale between
a willing seller and willing buyer. Fair value is often synonymous with market value.
4. Banks should use Generally Accepted Accounting Principles (GAAP) to capitalize and
depreciate their fixed assets. Premises and equipment acquired after June 30, 1967, should
be stated at cost less accumulated depreciation or amortization. The account for any fixed
asset still in use that has not been capitalized according to GAAP should be reinstated along
with the accumulated depreciation. Supervisory agencies may deem it necessary to approve
this entry because it could be considered a write-up of assets.
5. The cost of a fixed asset should include all acquisition and construction costs (e.g.,
transportation costs, installation costs, excavation costs, and architects’ fees).
I. Customer Acceptances (Letters of Credit)
1. Letters of credit state that a bank will guarantee payment on the drafts or bills of exchange of
a person or entity. Any accepted draft or bill of exchange under one of these agreements
represents a liability to the bank. Banks should classify any draft or Bill of Exchange they
hold as a loan.
2. Letters of credit are usually valid for a period not exceeding six months, and they may be
revocable or irrevocable. Only the customer can revoke an irrevocable letter of credit.
However, a bank can revoke or modify a revocable letter of credit without the customer’s
consent.
3. Letters of credit can be used as a form of payment. However, they are often used to prevent
default.
4. The issuing bank has three banking days to honor a demand for payment subject to a letter of
credit.
J. Intangible Assets
1. Intangible assets do not physically exist. Rather, they are the ideas, expertise, capacities, and
privileges that belong to an entity.
2. Common types of intangible assets are:
• Copyrights prevent others from violating an entity’s proprietary rights to writings,

designs, or processes. Research and development costs associated with copyrights
are treated as expenses. Legal expenses necessary to defend a copyright may be
capitalized. Amortization of a copyright usually is done in five years or less.
134
135
• Patents give owners exclusive rights to unique products or processes. The U.S.
government issues patents for a 17-year period. Patents may be purchased or
developed individually. Purchased patents are recorded at cost and developed patents
are recorded at cost minus any costs for research and development.
• Franchises allow a franchisee to provide a company’s products or services. Franchise

fees paid in advance are capitalized and amortized over the useful life of this
intangible asset.
• Trademarks are symbols that allow the public to easily recognize a product or
company name. Trademark development costs, except for associated research and
development, are capitalized. Amortization of a trademark must be completed in less
than 40 years.
• Goodwill is the establishment of a reputation and the perception among stakeholders

and customers regarding quality of service.
• Leases allow one party to use another party’s property for a fee. Lease payments paid
in advance are capitalized in the leasehold account. A leasehold improvements
account is set up to record any improvements made by the lessee. Leaseholds are
amortized over the life of the lease. Leasehold improvements are amortized over the
remaining life of the lease or over the useful life of the improvement, whichever is
less.
3. Intangible assets are initially recorded at cost. Most entities calculate depreciation using the
straight-line method.
K. Other Assets
1. Some of the accounts grouped under other assets include:
• Accounts receivable
• Accrued interest receivable
• Accrued interest receivable
• Customers’ acceptance liability (described in an earlier section)
• Other real estate owned by the bank (described in the Premises and Equipment
section)
• Unconsolidated investments in subsidiaries
• Suspense accounts
135
136
• Prepaid expenses and deferred charges
2. When these other asset categories are material, they may be presented in the balance sheet.
II. LIABILITIES AND SHAREHOLDERS EQUITY
Liabilities and equity are other important elements of the financial statements. Liabilities are
probable future sacrifices of economic benefits due to present obligations or conditions. Equity
is the amount of assets that remain after liabilities are subtracted from assets. This section
discusses major types of liabilities and equity in the banking industry.
A. Deposits
1. Non-interest-bearing accounts typically include checking accounts and escrow accounts,

although some types of checking accounts, such as negotiable orders of withdrawal (NOW)
accounts, usually accrue interest. Checking accounts and NOW accounts are known as types
of demand deposit accounts. A demand deposit account allows customers to safely and
easily transfer money through the use of checks, automated teller machines (ATMs),
electronic funds transfers (EFTs), or point-of-sale (POS) terminals. Demand deposit
accounts are federally insured. Owners of demand deposit accounts receive regular
statements from their bank showing a record of deposits and payments during the previous
period.
Banks record any check they write as a liability. Banks also record a liability when they
certify a customer’s check. In both cases the cash account is reduced only after the check is
paid. Issued or certified items are listed in a check register and removed from the file after
they are paid.
2. Savings accounts are a common type of interest-bearing account. Savings accounts are also
known as time deposit accounts. Examples of savings accounts include passbook accounts,
statement accounts, and money market accounts. Traditionally, passbook accounts required
the customer to present a passbook when a transaction was made. The teller then would
record the transaction in the passbook. The increased use of electronic banking has made
passbooks nearly obsolete. Most banks now use ledger cards or computer-generated
statements to account for activity on time deposit accounts.
The Federal Deposit Insurance Corporation (FDIC) insures funds held in all types of savings
accounts. Savings accounts have no stated maturity date.
3. Other types of time deposits accounts include certificates of deposit, individual retirement
accounts, and Keogh accounts. These types of accounts bear interest for a fixed period of
time.
136
137
Certificate of deposit (CDs) are sold with a specific maturity and rate of interest. Bearer CDs
are payable to the owner, and registered CDs are payable to a specified person or entity.
Negotiable CDs are short-term instruments generally purchased by companies and pension
funds in large denominations. Negotiable CDs over $100,000 are regarded as money market
instruments and are free from interest ceilings. Non-negotiable CDs are usually sold in
smaller denominations. There is a penalty payable if the holder of a non-negotiable CD
redeems the certificate prior to the maturity date.
Individual retirement accounts (IRAs) and Keogh accounts are generally maintained as CDs.
However, these accounts usually have long maturity dates because they are established as
tax-deferred savings plans.
4. Posting of time deposit transactions usually occurs on the day the transaction occurs or the
next day. During the posting process, banks may reject some transactions because they lack
proper endorsements or are subject to stop payment orders. A bank may also reject a
transaction if it would create an overdraft; these items are referred to holdover items or
throwouts).
B. Securities Sold Under Repurchase Agreements and Federal Funds Purchased
1. The federal funds market refers to transactions banks make for short-term financing
purposes. Specifically, banks use interbank transactions to redistribute their financial
resources on a short-term basis. Banks make unsecured loans to other banks by selling
federal funds one day and being repaid for them the next day. Banks make collateralized
transactions by placing U.S. government securities it purchases in a custody account until the
seller makes repayment.
2. In a “securities sold under repurchase agreement” transaction, a bank sells U.S. government
securities one day and repurchases them for the same price plus interest on the next day.
Under this type of arrangement, the purchasing banks is said to entered into a “securities
purchased under reverse repurchase agreement” transaction.
3. Federal funds transactions do not involve a physical transfer of funds. The Federal Reserve
facilitates these transactions by making the appropriate credits or charges to the reserve
accounts of the banks involved. The banks then make the appropriate credits or charges to
their federal funds purchased or sold accounts.
4. Any federal funds transactions exceeding one business day should be treated as a loan.
C. Other Borrowed Funds
1. Other types of borrowed funds include:
• Short-Term Borrowing – e.g., commercial paper, lines of credit, and unsecured notes.
137
138
• Debentures – unsecured debt securities issued by banks.
• Discounting or Advancing through Counts with a Federal Reserve Bank –

Discounting involves the Federal Reserve rediscounting with recourse the bank’s
eligible loans. Advancing occurs when member bank executes a promissory note
using government securities as collateral; the term “discount” refers to the interest
charged in these transactions.
• Treasury Tax and Loan Note Option Accounts – deposits held at a Federal Reserve
bank that are subject to withdrawals and are supported by an open-ended, interest-
bearing note.
• Mortgages Payable – refers to indebtedness incurred to finance bank expansion

programs.
2. Borrowings from the Federal Reserve are grouped with promissory notes and reported on the
balance sheet as other borrowed funds. Debentures, subordinated notes, and mortgages
payable are often included in separate liability categories on the balance sheet.
D. Long-Term Debt
1. Common types of long-term debt include notes payable and bonds payable. Notes are debt
instruments issued to a single investor. Bonds are debt instruments issued to multiple
investors. Both notes and bonds have written agreements that describe the principal and
interest payable.
2. Long-term debt instruments are sold at discount when the market rate exceeds the stated
interest rate. An instrument is sold at a premium when the stated rate exceeds the market
rate. An instrument is sold at face value when the market rate and stated rate are equal.
3. The “discount on bonds payable” account is debited when a bond sells at discount. The
“premium on bonds payable” account is credited with a bonds sells at a premium. The
discount or premium is amortized over the life of the bond.
4. Bond issuance costs, such as costs for underwriting fees, printing, and advertising, should be
charged to a prepaid expense account.
5. Volume IV of this CFSA Study Guide is devoted to issues and concepts related to the
securities industry, including long-term debt instruments.
E. Preferred/Common Stock
138
139
1. Preferred stock and common stock make up a part of a bank’s total capital. However,
regulations limit the amount of equity a bank may have in relation to the bank’s size and
asset mix.
2. When only one class of stock is issued it is classified as common stock. When two classes of
stock exist they are classified as common and preferred.
3. Banks can account for stock dividends in two ways:
• by transferring from retained earnings to capital stock an amount equal to the par
value of the additional shares being issued
• by transferring from retained earnings to a category of permanent capitalization an

amount equal to the fair value of the additional shares issued
4. Stock dividends are recorded at the fair market value of the stock on the date the dividend
was declared.
5. Volume IV of this CFSA Study Guide is devoted to issues and concepts related to the
securities industry, including preferred and common stock.
F. Retained Earnings
1. Retained earnings are the accumulated revenues and expenses of a bank. Therefore, this
account increases or decreases based on fluctuations in earnings and dividend distributions.
2. Net losses reduce retained earnings and net income increases retained earnings. Prior period
adjustments to correct financial statement errors from a previous period can either increase or
decrease retained earnings. The payment of dividends serves to decrease retained earnings.
G. Treasury Stock
1. The term treasury stock refers to outstanding stock that a corporation reacquires or
repurchases. Corporations can use treasury stock to prevent against takeover by other
companies or to facilitate the takeover of another company. Outstanding stock is also
reacquired to meet the needs of employee stock option plans.
2. Treasury stock reduces shareholders’ equity and is deducted from the contributed capital and
earned capital lines on the balance sheet.
3. Reacquiring outstanding shares increases a corporation’s earnings per share by reducing the
number of shares outstanding.
4. Dividends are not paid on treasury stock.
139
140
5. Treasury stock can be recorded at cost or at the stated (or par) value.
III. OTHER SERVICES/OPERATIONS
This section discusses some other bank services and operations. These include payroll/employee
benefits, automated clearinghouses and wire transfers, branch operations, trusts, investment
products, asset/liability management, derivatives, and statement of cash flows. Proper
management of these services and operations is necessary to reduce the risk of a negative effect
on the financial statements.
A. Payroll/Employee Benefits
1. Salaries are one of the largest operating expenses in many banks. Losses can occur if a bank
does not have adequate controls over this function.
2. The largest risks banks face in this function are making salary payments to employees no
longer on the payroll; paying employees for unearned overtime, sick time, or vacation time;
entering improper or unauthorized salary increases into the system; and miscalculating Social
Security or income tax deductions. Additional risks include failing to monitor employee
benefit providers and compliance with federal regulations.
B. Automated Clearing House and Wire Transfer
1. The Automated Clearing House (ACH) is method banks use to move money electronically.
The ACH receives, records, and facilitates debit and credit transactions between banks.
2. Some of the transactions the ACH facilitates include direct payroll deposits, government
payments, pension payments, dividends, direct debits, corporate cash disbursements, and
corporate payments.
3. Wire transfer systems are another method of electronic funds transfer. Transferring funds by
wire is immediate and irrevocable.
4. FedWire and CHIPS provide the majority of wire transfer services in the U.S. The Federal
Reserve operates FedWire. CHIPS is operated by the New York Clearing House for use by
banks in the New York area.
5. The following terms are associated with the Wire Transfer Function:1
• Correspondent Banks – Financial institutions that maintain account relationships with

each other.
140
141
• Credit Party – The party to be paid by the receiving financial institution.
• Draw Down – An instruction to reduce the balance of the sender’s account serviced
by the receiver with a payment to the sender’s account at another financial institution.
• Execution Date – The day on which the sending bank may properly issue a payment
order in execution of the originator’s orders. The execution date may be determined
by the originator, but cannot be earlier than the day the order is received and, unless
otherwise determined, is the day the order is received.
• Federal (Fed) Funds – United States dollars on deposit at a Federal Reserve Bank.
Fed funds are commonly used to refer to the transfer (sale/purchase) of excess
balances between financial institutions for a stated period of time.
• Intermediary Bank – A financial institution to which funds are transferred for further
credit to the beneficiary’s bank.
• Immediate Funds – Funds available immediately.
• Initiator – The originator or an agent of the originator of the transfer instructions.
• Methods of Initiation – The transfer instructions can be transmitted by various means,

including electronic initiation systems, orally (e.g., in person or by phone), and
writing (e.g., hand or mail delivery or fax).
• Payment Order – An instruction of an originator to a sending bank, transmitted orally,

electronically, or in writing, to pay or to cause another bank to pay, a fixed or
determinable amount of money to a beneficiary.
• PUPID (Pay Upon Proper Identification) Wire – A PUPID is an incoming wire

transfer with instruction to pay the beneficiary upon presentment of proper
identification. The beneficiary usually does not maintain a checking or savings
account with the paying financial institution.
• Receiving Bank – The financial institution receiving funds from the sender on behalf
of the beneficiary.
• Remitter – A general term meaning the source of funds in a payment order.
• Repetitive Transfer – A transaction for which all information has been established on
the funds transfer system and assigned a unique identifier to be accessed and
transferred upon the customer’s request. The dollar amount and date are the only
variables in the transfer.
141
142
• Same Day Funds – Funds available for transfer today subject to settlement of the
transaction through the payment mechanism used.
• Sending Bank – The financial institution that inputs the transaction into a funds
transfer system or message service such as FedWire.
• SWIFT (Society for Worldwide Interbank Financial Telecommunications) – A

private international telecommunications network for transmitting and routing
financial messages. SWIFT carries messages only and does not provide settlement.
• Test Key – A code between the sender and the receiver used in a message to validate
the source and/or amount, date, etc.
• Transit Routing Number – A financial institution’s identifier with the Federal Reserve
Bank.
• Value Date – Date upon which funds are to be available to the receiving bank.
C. Branch Operations
1. Each state has established its own regulations regarding branch banking. Note: some banks
operate under a national charter and are regulated by the Office of the Comptroller of the
Currency. Therefore, state regulations may not apply to these banks.
2. The Interstate Act of 1994 allows interstate branch banking through the merger of banks in
the same state owned by the same holding company. However, states retain the authority to
disregard the Interstate Act and prohibit branch banking.
3. A de novo branch bank is a new branch not resulting from a merger. The Interstate Act
permits states to adopt legislation allowing de novo branches on the condition that the state
must also permit de novo branches of banks headquartered in other states.
4. The Federal Reserve Board governs the foreign activities of U.S. banks. Board approval is
required before a foreign bank subsidiary can establish an initial branch in its first two
countries outside its own country. Banks must also advise the Board regarding plans to
establish additional branches in that country. Foreign branches of member banks may
engage in the same banking activities allowed the member bank under U.S. banking law and
its charter.
D. Trust
1. Trust departments administer trusts, estates, pension accounts, profit sharing accounts, and
custodian accounts. The Board of Directors has fiduciary responsibility for any trust funds
142
143
the bank holds. The Board or its designees must accept in writing all trust funds held. The
assets of any trust account accepted must be reviewed at least once every 15 months.
2. All bank employees participating in trust operations must be bonded.
3. Funds held in trust accounts are not assets of the bank. Therefore, records relating to trust
accounts must be segregated from other bank accounts. Banks must keep trust account
records for three years after their fiduciary relationship ends.
4. Funds a bank holds in trust cannot be reinvested in the bank’s own securities. Banks may
transfer funds from one trust account to another unless prohibited by a trust agreement or
unless it is unfair to either account.
5. Banks provide the following personal trust services for individuals:
• Estate Settlement – Banks serve as executors or administrators of estates. Courts can

also appoint a bank to serve as administrator cum testamento annexo (c.t.a.) for
persons that specify no executor in a their will or whose named executor is unable or
unwilling to serve. As administrator of an estate, the bank’s major duties are to
assemble, control, and inventory the deceased person’s assets; arrange to pay
applicable costs, taxes, and claims; and distribute the net remaining estate according
to the terms of the will.
• Trust Development – The bank may be specified as trustee under a “trust by

agreement” arrangement. “Trust by declaration” occurs when the bank makes a
contract with a third party agree to be trustee for someone else’s property. “Trusts
under will” occur when a will names the bank as a trustee of property for another
party named in the will. “Charitable trusts” are established by will or agreement for
religious, educational, or community improvement purposes. “Trusts by court order”
occur when the courts appoint the bank as trustee for a designated person.
• Serve as Guardians of Estates – Courts may direct a bank to hold and manage the
assets of a minor until he or she is of legal age. Banks may also be appointed to serve
as guardians of assets for adults who are deemed incompetent or unable to manage
their money.
• Serve as Co-Fiduciary – Some wills specify that more than one responsible party
share the trustee responsibilities of an estate. The named parties are referred to as co-
fiduciaries.
• Serve as Agent – A bank serves as agent when the bank takes possession of a piece of
property but the owner retains the title. Agency accounts at a bank include when the
bank serves as custodian of property, escrow agent, investment advisory agent, or
safekeeping agent. A bank also serves as agent when it executes any authorized
powers of attorney.
143
144
6. A bank’s corporate trust department handles the functions related to stocks and bonds.
Corporations, government entities, and other organizations use banks as trustees to handle the
issuance, redemption, transfer, and recordkeeping functions associated with a stock or bond
issue. A trust agreement or “indenture” specifies the bank’s responsibilities. Additional
duties of corporate trust departments include:
• Stock Transfer Agent – The transfer agent may issue stock certificates to increase
shares outstanding or reissue new certificates when ownership changes.
• Bond Registrar – The bond registrar is responsible for registering bonds at issue.
• Stock Registrar – The stock registrar checks new issues and transfers to prevent
overissuance.
• Dividend Reinvestment Agent – The dividend reinvestment agent receives a

stockholder’s dividends and purchases additional shares on the stockholder’s behalf.
7. A bank may serve as the administrator, trustee, co-trustee, agent, custodian, or depository for
a company’s employee benefit and retirement plans. Types of retirement plans that banks
may administer include:
• Pension Plans – These plans provide retirement income for employees. Pension plans
that an employer establishes for retired or disabled employees, regardless of whether
an employee contributes, are known as “defined benefit plans.” The Pension Benefit
Guarantee Corporation (PBGC) insures this type of plan, so employees assume no
investment risk for any portion they contribute. On the other hand, the PBGC does
not insure “defined contribution plans,” which are plans funded either at a fixed rate
(often based on a percentage of an eligible employee’s salary) or at the discretion of
company’s directors. Defined contribution plans include profit-sharing plans and
stock bonus plans.
• Self-Employed Retirement Trusts – Banks may serve as trustee or custodian for

pension and profit sharing plans that self-employed individuals establish for
themselves and their employees. These types of trusts are referred to as Keogh plans.
• Individual Retirement Accounts (IRAs) – Banks may administer IRA accounts in

accordance with individual agreements with customers. Individuals do not have to
pay taxes on deferred income, and any additional contributions are tax deductible
until withdrawals begin, which must occur between the ages of 59½ and 70½.
8. Banks may serve as a “transfer agent” to perform services such as recording stock ownership
changes, maintaining accurate records, paying dividends, handling stock subscriptions and
exchanges, and mailing notices and proxies to stockholders.
Transfer agents must verify that certificates are unaltered and properly endorsed, witnessed,
and dated. Banks must establish standards for accepting signatures. A bank must also ensure
144
145
that certificates include the certificate number and date issued, the number of shares of stock
or the principal dollar amount of debt issued, the names and addresses of the registered
owners, and the cancellation date.
9. Banks also serve as “registrar” for stock and bond issues. The registrar accounts for all
shares issued, certificates outstanding, and certificates cancelled. The role of the registrar is
to ensure that transfer agent does not issue too many shares. The registrar’s duties include
ensuring that old certificates are properly cancelled and that new certificates are properly
issued in the correct numerical sequence.
E. Investment Products
1. Investment products are either short-term or long-term. In general, short-term investments

include savings accounts, certificates of deposit, Treasury bills, and marketable stocks and
bonds. Short-term investments qualify as current assets if they are marketable and easily
liquidated. Otherwise, investments are considered long-term and are classified as non-
current assets.
2. The balance sheet should show marketable equity securities at either the lower of aggregate
cost or aggregate market value. Investment securities should be shown at cost, with
adjustments for premium amortization and discount accretion. Marketable debt securities are
carried at cost.
3. The Comptroller of the Currency restricts the types of security investments that national
banks can make. For this purpose, securities are divided into five types:
• Type I Securities – This category of security is backed by the full faith and credit of
the U.S. government. These securities are also known as “bank-eligible securities”
because banks can invest in them without restriction.
• Type II Securities – This category of security includes obligations of the World Bank,
Inter-American Development Bank, Inter-American Investment Corporation, African
Development Bank, and Tennessee Valley Authority. State obligations issued for
housing, university, or dormitory purposes are also considered Type II securities.
Banks are allowed to purchase no more than 10 percent of their capital and surplus
from one source of Type II security.
• Type III Securities – These are investment securities that do not fall under one of the
other four types of securities. Banks are allowed to purchase no more than 10 percent
of their capital and surplus from one source of Type III security.
• Type IV Securities – These are securities composed of interests in a pool of loans.

Examples of Type IV securities include certain residential and commercial mortgage-
related securities. Banks are allowed to purchase no more than 25 percent of their
capital and surplus from one source of Type IV security.
145
146
• Type V Securities – These are marketable investment grade securities that are not
Type IV. Banks are allowed to purchase no more than 25 percent of their capital and
surplus from one source of Type V security.
F. Asset/Liability Management
1. Asset/liability management (ALM) is a short- and long-term planning tool designed to

maximize earnings. ALM tries to create optimal risk/reward decisions and focuses on
creating prices that achieve a desired spread.
2. A sound ALM policy must manage four types of risks:
• Credit Risk – Loans are more profitable than most investments, but loans are also
riskier.
• Liquidity Risk – Banks must maintain some liquid assets, but not too much because
liquid assets typically draw little or no interest.
• Interest-Rate Risk – Earnings and capital can fluctuate due to changes in interest
rates.
• Capital Risk – Banks must maintain adequate capital levels. However, retaining too
much capital can reduce the bank’s growth potential.
3. Banks should develop policies related to ALM, including specific guidelines regarding
risk/reward tradeoffs. In developing these policies bank officials review historical financial
reports, ratio reports, the balance sheet, the income statement, liquidity reports, and other
available information.
L. Use of Derivatives
1. A derivative is a financial contract whose value depends on the value of other assets. Types
of derivatives include:
• Swaps – A swap occurs when two parties exchange streams of payments for a set
period of time. For example, an interest-rate swap occurs when one party trades a
variable interest rate for a fixed rate, or vice versa.
• Options – An option gives a party the right to buy or sell a financial instrument at a
fixed price up to a set amount during a specified period.
• Futures Contracts – A futures contract specifies an amount of a commodity or

financial instrument to be delivered at a specified future date.
146
147
• Forward Contracts – A forward contract is similar to a futures contract, except there

is no exchange acting as intermediary, no daily settlement, and no margin.
2. The SEC requires certain disclosures for entities that use derivatives. These required
disclosures include:
• If derivatives are material, the notes to the financial statements should include a
descriptions of the types of derivatives used and a discussion of the method used to
account for derivatives.
• Outside of the financial statements, entities should provide quantitative and

qualitative information about derivatives for investors. The information should be
separated into two categories: derivatives used for trading and derivatives used for
other purposes. The information should address the extent derivatives are exposed to
market risk and the methods the entity uses to manage the market risk.
3. Derivatives can be effective, low-cost tools for managing exposure to risks, although some
banks may experience losses due to interest rate changes, commodity price changes, or other
fluctuations. In order to manage risks, banks should have adequate oversight by senior
management and the board of directors, as well as a comprehensive policies and procedures
governing the use of derivatives.
M. Statement of Cash Flows
1. A statement of cash flows reports the cash receipts, cash payments, and the net change in
cash resulting from the activities of a bank during a given period. The statement reconciles
beginning and ending cash balances.
2. The term “cash” refers both to cash and cash equivalents. Cash equivalents are short-term
investments that are readily convertible to cash. Because these are short-term investments,
they are relatively insensitive to interest rate changes. Examples of cash equivalents include
Treasury bills, money market funds, and commercial paper.
3. The statement of cash flows reports on the operating activities, investing activities, and
financing activities of the bank. The operating section appears first, followed by the sections
on investing activities and financing activities.
4. The function of the statement of cash flows is to show the bank’s ability to generate future
cash flows and to meet its financial obligations.
147
148
IV. MONEY AND BANKING
This section provides a brief introduction to the concepts of money and banking and how money
relates to the banking industry.
A. Role of Money and Banking
1. Broadly defined, money is anything of value that can function as a medium of exchange.
The money supply in the U.S. typically refers to paper money, coins, and funds in checking
accounts. “Near-monies” are highly liquid assets such as savings accounts and U.S.
government bonds. A bank can lend money up to a specified amount based on the size of its
excess reserves.
2. Money has value in relation to its purchasing power. Therefore, if prices rise, the value of
money falls. If prices fall, the value of money increases.
B. Bond and Stock Markets
1. The financial markets help keep the economy function by giving individuals and businesses
the opportunity to transfer and borrow money.
2. Money can be transferred directly between individuals or companies, such as occurs when a
company sells its stocks or directly to the public. Banks can increase the money supply and
stimulate the economy through the funds its invests and loans.
3. There are two types of financial asset markets. “Primary markets” deal in new issues of
securities, and “secondary markets” trade in shares outstanding, mortgages, and loans.
4. The two types of stock markets in the U.S. are the formal security exchanges (e.g., the New
York Stock Exchange) and the “over-the-counter” market.
5. Volume IV of this Study Guide addresses the subject of financial markets in more detail.
C. Effect of Interest Rate Movements
1. Interest is the amount paid to borrow funds. Thus, the interest rate influences the cost of
money.
2. The riskier the loan, the higher the interest rate. Because short-term loans are less risky, their
interest rates are usually lower than long-term rates.
3. High inflation causes interest rates to rise. The “real interest rate” refers to the stated rate
adjusted for inflation.
148
149
4. Interest rates rise when the U.S. government borrows or prints money. Interest rates also
increase as the federal deficit increases. High interest rates in foreign countries also
contribute to high interest rates in the U.S.
D. Monetary Management Theories
1. Based on the theory that lower interest rates encourage investment, the Federal Reserve can
control the money supply and credit availability in the U.S. in the following ways:
• Change the Discount Rate – The discount rate is the rate the Federal Reserve charges
member banks to borrow funds. Decreasing the discount rate stimulates borrowing
among member banks (which then lend more to customers). Therefore, if the Federal
Reserve wished to decrease the money supply to try to reduce inflationary pressures,
it would increase the discount rate to discourage borrowing.
• Buy or Sell Securities on the Open Market – The Federal Reserve buys government
securities to increase the reserves of member banks and sells government securities to
decrease in member banks’ reserves.
• Moral Suasion – The Federal Reserve issues oral or written statements to encourage
banks to increase or decrease their lending activities.
• Change Legal Reserve Requirements – Increasing legal reserve requirements

decreases the amount of money that a bank has available to lend. Thus, increasing
the legal reserve requirements decreases the money supply, and vice versa.
2. The Federal Reserve’s monetary policies described above are designed to influence
investment spending. Lower interest rates serve to stimulate investment activities.
149
150
UNIT 2: LAWS/REGULATIONS AND REGULATORY ENVIRONMENT
The banking industry is heavily regulated, and compliance with the intent of banking laws and
regulations helps the system function effectively and protects the interests of consumers and
shareholders. There are thousands of laws and regulations that affect banking, and this unit will
provide a snapshot of a small sample of these regulations. To facilitate the review of current
laws and regulations, excerpts from the actual text of some laws and regulations has been
included. In addition, web sites to provide current and detailed information have been included
throughout this unit.
The sections for this unit are:

The banking industry is regulated by the entities listed below. Legislation has been enacted to
serve the interests of consumers and the entities involved in commercial banking activities.
Although, there are multiple competing interests that vie for changes to banking laws to
accommodate their interests, the overall banking system functions well. The primary regulatory
entities for banking include:
• Federal Reserve System

• Office of the Comptroller of the Currency
• Federal Deposit Insurance Corporation (FDIC)
• State Regulatory Systems
• National Credit Union Administration (NCUA)
1. Federal Reserve System – The Federal Reserve, the central bank of the United States, was
founded by Congress in 1913 to provide the nation with a safer, more flexible, and more
stable monetary and financial system. Today the Federal Reserve's duties fall into four
general areas: (1) conducting the nation's monetary policy; (2) supervising and regulating
banking institutions and protecting the credit rights of consumers; (3) maintaining the
stability of the financial system; and (4) providing certain financial services to the U.S.
government, the public, financial institutions, and foreign official institutions.
Appointments to the Board - The seven members of the Board of Governors are appointed
by the President and confirmed by the Senate to serve 14-year terms of office. Members may
serve only one full term, but a member who has been appointed to complete an unexpired
150
151
term may be reappointed to a full term. The President designates, and the Senate confirms,
two members of the Board to be Chairman and Vice Chairman, for four-year terms.
Representation - Only one member of the Board may be selected from any one of the twelve
Federal Reserve Districts. In making appointments, the President is directed by law to select
a "fair representation of the financial, agricultural, industrial, and commercial interests and
geographical divisions of the country." These aspects of selection are intended to ensure
representation of regional interests and the interests of various sectors of the public.
Responsibilities - The primary responsibility of the Board members is the formulation of

monetary policy. The seven Board members constitute a majority of the 12-member Federal
Open Market Committee (FOMC), the group that makes the key decisions affecting the cost
and availability of money and credit in the economy. The other five members of the FOMC
are Reserve Bank presidents, one of whom is the president of the Federal Reserve Bank of
New York. The other Bank presidents serve one-year terms on a rotating basis. By statute the
FOMC determines its own organization, and by tradition it elects the Chairman of the Board
of Governors as its Chairman and the President of the New York Bank as its Vice Chairman.
The Board sets reserve requirements and shares the responsibility with the Reserve Banks for
discount rate policy. These two functions plus open market operations constitute the
monetary policy tools of the Federal Reserve System.
In addition to monetary policy responsibilities, the Federal Reserve Board has supervisory
and regulatory responsibilities over banks that are members of the System, bank holding
companies, international banking facilities in the United States, Edge Act and agreement
corporations, foreign activities of member banks, and the U.S. activities of foreign-owned
banks. The Board also sets margin requirements which limit the use of credit for purchasing
or carrying securities. In addition, the Board plays a key role in assuring the smooth
functioning and continued development of the nation's vast payments system. Another area
of Board responsibility is the development and administration of regulations that implement
major federal laws governing consumer credit such as the Truth in Lending Act, the Equal
Credit Opportunity Act, the Home Mortgage Disclosure Act and the Truth in Savings Act.
Meetings - The Board usually meets several times a week. Meetings are conducted in
compliance with the Government in the Sunshine Act, and many meetings are open to the
public. If the Board has convened to consider confidential financial information, however,
the sessions are closed to public observation.
Contacts within Government - As they carry out their duties, members of the Board routinely
confer with officials of other government agencies, representatives of banking industry
groups, officials of the central banks of other countries, members of Congress and
academicians. For example, they meet frequently with Treasury officials and the Council of
Economic Advisers to help evaluate the economic climate and to discuss objectives for the
nation's economy. Governors also discuss the international monetary system with central
bankers of other countries and are in close contact with the heads of the U.S. agencies that
make foreign loans and conduct foreign financial transactions.
151
152
(The information above was taken from the Federal Reserve System Web site on November
6, 1999 - http://www.federalreserve.gov/general.htm)
Banks must purchase the stock of bank in its district to be a member of the Federal Reserve.
Regulation I outlines the amount of stock that must be purchased by an individual bank. The
amount is generally a percentage of the bank’s capital and surplus.
National banks are obligated to be members of the FRS. Although membership is not
required for state chartered banks, many are members of the FRS. Members of the FRS are
required to maintain a certain percentage of cash-reserves in their vault or in non-interesting
bearing accounts at FRS bank.
Some advantages of being a member of the Federal Reserve System include:
• Ability to borrow funds from the Federal Reserve at a discount rate.

• This is called the member’s rate.
• Right to store securities at Reserve banks at no charge.
• Ability to request current information on banking issues.
• Ability to use the FRS check clearing system.
• Ability to use the FRS automated clearing house.
• Ability to use FRS regional check processing centers.
2. Office of the Comptroller of the Currency – The Office of the Comptroller of the Currency
(OCC) charters, regulates, and supervises all national banks. It also supervises the federal
branches and agencies of foreign banks. Headquartered in Washington, D.C., the OCC has
six district offices plus an office in London to supervise the international activities of national
banks.
The OCC was established in 1863 as a bureau of the U.S. Department of the Treasury. The
OCC is headed by the Comptroller, who is appointed by the President, with the advice and
consent of the Senate, for a five-year term. The Comptroller also serves as a director of the
Federal Deposit Insurance Corporation (FDIC) and a director of the Neighborhood
Reinvestment Corporation.
The OCC’s nationwide staff of examiners conducts on-site reviews of national banks and
provides sustained supervision of bank operations. The agency issues rules, legal
interpretations, and corporate decisions concerning banking, bank investments, bank
community development activities, and other aspects of bank operations.
National bank examiners supervise domestic and international activities of national banks
and perform corporate analyses. Examiners analyze a bank’s loan and investment portfolios,
funds management, capital, earnings, liquidity, sensitivity to market risk, and compliance
with consumer banking laws, including the Community Reinvestment Act. They review the
152
153
bank’s internal controls, internal and external audit, and compliance with law. They also
evaluate bank management’s ability to identify and control risk.
In regulating national banks, the OCC has the power to:
• Examine the banks.

• Approve or deny applications for new charters, branches, capital, or other changes in
corporate or banking structure.
• Take supervisory actions against banks that do not comply with laws and regulations
or that otherwise engage in unsound banking practices. The agency can remove
officers and directors, negotiate agreements to change banking practices, and issue
cease and desist orders as well as civil money penalties.
• Issue rules and regulations governing bank investments, lending, and other practices.
The OCC’s Objectives - The OCC’s activities are predicated on four objectives that support
the OCC’s mission to ensure a stable and competitive national banking system. The four
objectives are:
• To ensure the safety and soundness of the national banking system.

• To foster competition by allowing banks to offer new products and services.
• To improve the efficiency and effectiveness of OCC supervision, including reducing
regulatory burden.
• To ensure fair and equal access to financial services for all Americans.
History - In the National Currency Act of 1863, the administration of the new national
banking system was vested in the newly created OCC and its chief administrator, the
Comptroller of the Currency.
The law was completely rewritten and re-enacted as the National Bank Act. That act
authorized the Comptroller of the Currency to hire a staff of national bank examiners to
supervise and periodically examine national banks. The act also gave the Comptroller
authority to regulate lending and investment activities of national banks.
One of the reasons Congress created a banking system that issued national currency was to
finance the Civil War. Although national banks no longer issue currency, they continue to
play a prominent role in the nation’s economic life. Today, the OCC regulates and supervises
more than 2,600 national banks that hold about 58 percent of the total assets of all U.S.
commercial banks.
OCC Funding - The OCC does not receive any appropriations from Congress. Instead, its
operations are funded primarily by assessments on national banks. National banks pay for
their examinations, and they pay for the OCC’s processing of their corporate applications.
The OCC also receives revenue from its investment income, primarily from U.S. Treasury
securities.
153
154
FDIC Insurance - The FDIC insures the deposits in all national banks. An individual is
limited to $100,000 in insurance coverage at each bank (including all branches).
The OCC’s primary function is the supervision and examination of national banks. The OCC
has a role in coordinating banking examinations among different federal regulatory agencies.
The OCC also issues banking bulletins and circulars to inform the banking community of
regulations. Below is a list of banking circulars:
Date Title
11/07/93 - Risk Management of Financial Derivatives
09/03/93 - Free Riding In Custody Accounts
06/16/93 - Civil Money Penalties
05/25/93 - EFT Switches and Network Services
05/21/93 - Civil Money Penalty for Delinquent/Inaccurate Call
02/25/93 - Prompt Corrective Action
01/05/93 - FFIEC Statement: Large Funds Transfer for Money Laundering
12/03/92 - National Bank Fair Lending Efforts
07/14/92 - EDP Service Contracts
03/05/92 - Stock Appraisals
02/27/92 - External Fraud
05/14/93 - External Fraud - Central Bank (Denver) Certificates
07/30/91 - Troubled Loan Workouts and Loans to Borrowers
09/12/90 - Application of Securities Laws to Common Trust Funds
02/07/90 - Suspicious Transactions
10/27/93 - Suspicious Transactions - Depository Trust
10/27/93 - Suspicious Transactions - Pethahiah
09/07/89 - Push Down Policy
05/10/89 - International Payments Systems Risk
02/03/89 - Acceptance of Financial Benefits by Bank Trust Depts.
05/31/88 - Information Security
01/25/88 - End-User Computing
11/21/86 - Investment In Investment Co's Composed of Bank Eligible
10/31/86 - Sweep Fees
09/11/86 - Securities Denominated In Foreign Currencies
06/18/86 - Collateral Evaluation and Classification of Energy Loans
07/26/85 - OCC Staff No-Objection Positions
05/22/85 - Accounting for Loan Swaps
05/23/85 - Loan Production Offices
05/07/85 - Premiums on U.S. Government Guaranteed Loans
05/07/85 - Securities Lending
154
155
01/18/85 - Financial Information on Data Processing Servicers

03/07/84 - Issuance of "Due Bills" to Customers Purchasing Securities
08/02/84 - Purchases of Loans In Whole or In Part-Participations
06/11/82 - Federal Home Loan Mortgage Corporation (FHLMC) Swap Program
04/09/82 - Charges by a Federal Reserve Bank Against a NB
09/25/80 - Service Charges on Dormant Accounts Abandoned Property Law
04/26/91 - Uniform Class. of Assets & Appraisal of Securities
10/18/76 - Exception to Lending Limits for OPIC Insured Standby Letters of
Credit Issued by National Banks
11/03/81 - Coin and Bullion
12/28/83 - Sale of Commemorative Coins
07/01/76 - Bank Holding Company Affiliates
01/14/70 - NB’s May Make Investments In Partnerships In Which the Housing
Partnership is a Partner
01/14/70 - National Banks May Make Investments In National Housing
Partnership - II
01/14/70 - Purchase of Shares In the Common Stock
Standards for Developing Regulations

On January 21, 1997, the Office of the Comptroller of the Currency issued OCC Bulletin 97-
8, adopting standards for developing regulations that apply to all the rules that the agency
issues. Those standards are based on the standards that the OCC used in the comprehensive
revision of its regulations under its Regulation Review Program.
Regulations are risk-focused if they effectively target the areas of bank activity that present
the greatest risk to safety and soundness, the payments system, or the long-term vitality of
the national banking system, and when they address areas where either banks or the OCC
have clearly established statutory responsibilities. In assessing how to regulate a particular
activity and the need for regulation in that area, the OCC will, when appropriate, consider
how nonbanks performing comparable functions are regulated and then assess the potential
for alternative regulatory approaches to be applied to the regulation of national banks.
Regulations are results-oriented if they focus on the achievement of key regulatory or

supervisory objectives rather than mandating compliance with detailed steps leading up to
those objectives. In developing regulations, the OCC takes into account changes in banking
organizations' structures and the impact of technology on how banks deliver products and
services. The OCC seeks to identify regulatory and supervisory goals that will remain valid
even as banking structures change and the means by which banks operate and serve their
customers evolve. In this way, the OCC ensures that its rules set the standards for the
effective supervision of national banks without stifling banks' ability to undertake innovation
or accommodate change.
The OCC eliminates regulatory requirements that are not necessary to ensure the safety and
soundness of national banks, to support consumers' access to financial services, or to
accomplish other aspects of the OCC's statutory mission.
155
156
To minimize the burden that results from requirements that are necessary for effective
supervision, the OCC uses a differential regulatory approach when appropriate to the issue
under review. Differential regulation means that requirements are not imposed on a "one-
size-fits-all" basis, but are, instead, tailored to the condition or characteristics of different
categories of national banks. For example, risk levels are often dependent upon differences in
banks' capital levels, CAMEL ratings, size, or other objective factors. Moreover, some
regulatory requirements impose disproportionately greater burdens on small banks.
Therefore, the OCC may vary regulatory requirements according to these differences.
Similarly, reporting or recordkeeping requirements may differ depending on a bank's size or
risk levels.
In some instances, national banks must apply to or consult with the OCC before expanding
their lines of business or undertaking certain activities. The OCC's regulations establish
application criteria and procedures that allow maximum flexibility for the strongest banks
and closer scrutiny and controls for banks with demonstrated weaknesses. The OCC's
regulations provide for processes that are predictable, so that banks know what is necessary
in order to request OCC approval; orderly, so that banks can plan appropriately; and
reasonably prompt, so that banks do not lose competitive opportunities as a result of
unnecessary regulatory delay.
National banks operate in a competitive environment in which providers of financial services

are subject to different regulatory schemes administered by different federal and state
agencies. When possible, the OCC consults and coordinates with the other federal banking
agencies (the Board of Governors of the Federal Reserve System, the Federal Deposit
Insurance Corporation, and the Office of Thrift Supervision) and with other financial services
regulators to achieve consistency in the way national banks and their competitors are
regulated in the conduct of the same or similar activities.
Regulatory burden and cost result if bankers must always seek the advice of experts in order
to understand the requirements that apply to them. The OCC writes regulations in a clear,
plain style and structures regulations to enhance their clarity.
In drafting its regulations, the OCC uses the approach best suited to the subject of the rule.
Some regulations may appropriately prescribe a bright-line standard, which provides the
greatest certainty to banks about the limits of acceptable conduct. Other regulations may
contain more general standards that offer banks greater flexibility but reserve more discretion
to the OCC. Often, a combination of approaches is best. In each case, the OCC balances
banks' need for a predictable response from the regulator against the goal of providing
maximum flexibility to bank management consistent with principles of safety and soundness
and other statutory requirements.
The OCC facilitates participation in its rulemakings by banks and members of the public by
allowing time for thoughtful comment. Absent unusual circumstances, the OCC allows a
comment period of not less than 60 days. The OCC accepts comments in a variety of formats,
including by facsimile transmission and electronic mail. The OCC uses sparingly the
156
157
discretion it has under applicable laws to dispense with prior notice and opportunity for
comment.
Consistent with applicable statutory requirements, the OCC times the effective dates of its
regulations to allow an adequate period for national banks to adjust their data systems and
business planning processes to accommodate change. The OCC uses sparingly the discretion
is has under applicable laws to accelerate the effective dates of regulations.
National banks operate in a rapidly changing business environment in which the

effectiveness or utility of today's regulations may be eroded by tomorrow's developments in
products, services, or technology. The OCC is committed to keeping its regulations current.
The OCC encourages national banks, members of the public, and its own staff to provide
feedback on how its regulations are working.
The OCC uses a variety of mechanisms to obtain feedback either directly or indirectly. These
mechanisms may include: a new initiative to assess the effectiveness of regulations in
meeting articulated policy goals; participation by the Comptroller and senior members of the
agency's staff in outreach or focus group meetings with bankers and public interest groups;
meetings with representatives of individual banks or with members of trade, professional, or
public interest groups; intra-agency updates and feedback via meetings and electronic mail;
and solicitation of comment on a continuing basis via the Internet.
(The information above was taken from the Office of the Comptroller of the Currency Web
site on November 6, 1999 - http://www.occ.treas.gov)
3. Federal Deposit Insurance Corporation (FDIC) - The FDIC's mission is to maintain the
stability of and public confidence in the nation's financial system. To achieve this goal, the
FDIC has insured deposits and promoted safe and sound banking practices since 1933. The
FDIC sign, posted in insured financial institutions across the country, has become a symbol
of confidence. This publication describes why and how the FDIC fulfills its mission. You
also will learn where to turn for more information at the FDIC.
Introduction - The Great Depression of the late 1920s and early 1930s caused financial chaos
in America. More than 9,000 banks closed between the stock market crash of October 1929
and March of 1933, when President Franklin Delano Roosevelt took office. For all practical
purposes, the nation's banking system had shut down completely even before President
Roosevelt, less than 48 hours after his inauguration, declared a "banking holiday" suspending
all banking activities until stability could be restored. Among the actions taken by Congress
to bring order to the system was the creation of the FDIC in June 1933. The intent was to
provide a federal government guarantee of deposits so that customers' funds, within certain
limits, would be safe and available to them on demand. Since the start of FDIC insurance on
January 1, 1934, not one depositor has lost a cent of insured funds as a result of a failure.
Mission - The heart of the FDIC's mission is to maintain stability and public confidence in
the nation's financial system.
157
158
Today the FDIC:
• Insures deposits up to $100,000 in virtually all United States banks and savings
associations (also called savings and loan associations or S&Ls).
• Arranges a resolution for each failing institution, one that is the least-costly to the
insurance fund and, when possible, the least disruptive for customers.
• Promotes the safety and soundness of insured depository institutions and the U.S.
financial system by identifying, monitoring and addressing risks to the deposit
insurance funds. The FDIC also is the primary federal regulator of about 6,000 state-
chartered "nonmember" banks (commercial and savings banks that are not members
of the Federal Reserve System).
Structure & Funding - An independent agency of the federal government, the FDIC is
managed by a five-member board of directors appointed by the President and confirmed by
the Senate. The FDIC is subject to audits by the General Accounting Office and oversight by
Congress.
The FDIC administers two federal deposit insurance funds, the Bank Insurance Fund (BIF)
and the Savings Association Insurance Fund (SAIF). Deposits in most commercial banks and
many savings banks are insured by the BIF. In 1989, Congress created the SAIF to succeed
the Federal Savings and Loan Insurance Corporation (FSLIC) to insure deposits to specified
amounts at savings associations and many savings banks. The FDIC was assigned
responsibility for managing the SAIF. Both the BIF and SAIF deposit insurance programs
are backed by the full faith and credit of the U.S. government.
The FDIC receives no congressional appropriations to carry out its mission as a deposit
insurer and banking regulator. The money for these purposes comes from deposit insurance
premiums paid by banks and savings associations and from earnings on investments in U.S.
Treasury securities. The FDIC separately manages the FSLIC Resolution Fund (FRF), which
was created by Congress in 1989 in response to the thrift industry crisis of the 1980s. The
FRF, which is funded by congressional appropriations, is responsible for wrapping up the
obligations of the former FSLIC and the former Resolution Trust Corporation (RTC).
Insurance Coverage - When federal deposit insurance became effective in 1934, coverage
was limited to $2,500 per depositor. Over time, coverage has increased. On March 31, 1980,
coverage was raised to its current $100,000 limit. Savings, checking and other deposit
accounts, when combined, are generally insured up to $100,000 per depositor in each
financial institution insured by the FDIC. Deposits held in different ownership categories,
such as single or joint accounts, may be separately insured. Also, separate $100,000 coverage
is generally provided for retirement accounts such as individual retirement accounts (IRAs)
and Keoghs.
158
159
Federal deposit insurance coverage is limited to deposits, and does not include securities,
mutual funds or similar types of investments that may be offered for sale at FDIC-insured
banks and savings and loan associations.
When a federally insured bank or S&L fails to protect insured depositors, the FDIC responds
immediately. Institutions generally are closed by their chartering authority the state
regulator, the Office of the Comptroller of the Currency, or the Office of Thrift Supervision.
The FDIC's job involves paying depositors up to the $100,000 insurance limit and recovering
as much money as possible from the failed institution's assets (primarily loans, real estate and
securities).
The FDIC has several options for resolving failed institutions, but by law it must use the
least-costly approach in each case. The option generally used is called a "purchase-and-
assumption agreement," where the FDIC arranges with an existing or newly chartered
institution to assume either the insured deposits or all of the deposits (insured and uninsured)
of the failed institution, along with all or some of the loans and other assets. Customers of the
failed institution automatically become customers of the assuming institution. By
maintaining banking services at most or all of the failed institution's offices, the purchase-
and-assumption approach is less disruptive to the community than other options available to
the FDIC. The assuming institution also usually pays a premium to the FDIC, which helps
reduce the agency's costs of handling the failed institution. In rare instances, when the FDIC
is unable to arrange for an assuming institution, payments are made directly to insured
depositors. No matter which option the
FDIC uses, funds within the $100,000 insurance limit are always fully protected.
The FDIC uses recoveries from a failed institution's assets for two main purposes: (1) to
replenish the insurance fund that protected the failed institution's depositors, and (2) to
minimize the losses suffered by parties who are not protected by the insurance fund, such as
uninsured depositors (those over the $100,000 insurance limit). The FDIC attempts to return
the assets of the failed institution to the private sector as quickly as possible, and most of the
assets are sold to healthy institutions soon after the troubled institution is closed. It may be
necessary for the FDIC to retain and manage some of the less-desirable assets. Proceeds from
asset sales are used to reimburse the insurance funds and to pay uninsured depositors, to the
extent possible. General creditors are paid to the extent possible only after all depositors are
paid in full. Shareholders of the failed institution receive any residual value, although there
usually is none.
Supervision - The FDIC is the primary federal regulator of state nonmember banks and, for
insurance purposes, is the back-up supervisor over the remaining federally insured banks and
savings associations.
Examinations are the foundation of the FDIC's efforts to ensure the safety and soundness of
institutions. They are used to determine the condition of an institution and to check for
compliance with laws and regulations. The FDIC's process for examining and supervising
institutions includes on-site examinations and off-site analyses of reports filed by institutions.
159
160
As part of its examination, the FDIC looks for poor risk-management or excessive risk-taking
by an institution, and seeks early remedies.
In the 1980s and early 1990s, the nation faced a financial crisis not paralleled since the Great
Depression. Approximately 2,900 banks and savings institutions failed between 1980 and
1993. But by the mid-1990s, the health of the banking and thrift industries was dramatically
improved. Banks and S&Ls were earning record profits, translating into rapidly declining
numbers of failures and problem institutions.
In recent years, the FDIC has developed a number of initiatives aimed at identifying and
addressing emerging risks to the banking industry and the insurance funds. The FDIC
identifies and monitors such risks to the funds by drawing on a number of sources of
information, including FDIC examiners and financial analysts, as well as other bank
regulatory agencies, other government sources of economic statistics, and analyses and data
from the private sector. The FDIC also aims to reduce the regulatory burden on banks where
regulations no longer reduce the risk to the deposit insurance funds or protect consumers.
In addition, the FDIC examines state nonmember banks to ensure their compliance with
equal credit and other consumer protection laws. Two examples are the Community
Reinvestment Act (CRA) and the Truth in Lending Act. The CRA encourages banks and
thrifts to help meet the credit needs of their communities. The Truth in Lending Act requires
accurate disclosures of interest rates and finance charges so that loan applicants can
comparison-shop for mortgages or consumer loans.
By statute, the FDIC issues regulations governing banks' and savings associations'
procedures and performance, and conducts several kinds of banking examinations.
Examinations - The FDIC, in conjunction with other federal and state regulatory agencies,
examines financial institutions to ensure they are conducting business in compliance with
consumer protection rules and in a way that minimizes risk to their customers and to the
deposit insurance funds.
Community Reinvestment Act - In 1977, Congress enacted the Community Reinvestment

Act (CRA) to encourage federally insured banks and thrifts to meet the credit needs of their
entire community, including low-and moderate-income residents.
Compliance - The FDIC performs compliance examinations to determine whether the

institutions it supervises meet the requirements of various consumer protection, fair lending
and related regulations. Guidance for officers and employees of banks and savings
institutions to assist them in meeting these responsibilities.
Information Systems & E-banking - Examination procedures that address banks' and savings
institutions' use of electronic data processing systems and online banking (sometimes called
E-banking).
160
161
Safety & Soundness - A safety and soundness examination is what most people think of
when they hear "bank examination." These periodic, on-premise FDIC examinations help
assess an institution's financial condition, policies and procedures, and adherence to certain
laws and regulations. Safety and soundness examinations are a vital tool in protecting the
financial integrity of the deposit insurance funds and promoting public confidence in the
banking system and individual banks.
Trust - Banks and savings institutions may be granted trust (fiduciary) powers under the
jurisdiction of Federal Financial Institutions Examination Council (FFIEC) regulatory
agencies. The FDIC examines the trust operations of FDIC-regulated financial institutions.
Laws & Regulation - The FDIC was created by the Banking Act of 1933 and continues to be
governed by a variety of laws enacted by Congress. The FDIC, in collaboration with other
Federal Financial Institutions Examination Council (FFIEC) regulatory agencies, writes and
enforces regulations that govern the way banks and savings institutions do business.
Examiner Training Program - Descriptions of training programs for federal and state
examiners, conducted by the Federal Financial Institutions Examination Council (FFIEC), an
interagency body empowered to "prescribe uniform principles and standards for the federal
examination of financial institutions."
The FDIC promotes compliance with fair lending, Community Reinvestment Act, and other
consumer protection laws and regulations. It also works with lenders, organizations and the
general public to revitalize and educate communities.
Consumer Affairs Program and Publications - The FDIC's consumer outreach programs and
publications address the concerns of depositors and other customers of banks and savings
associations.
Community Affairs Program - The Community Affairs Program assists consumer and
community groups, government officials, financial institutions, examiners and other
interested groups and individuals in understanding and participating in the Community
Reinvestment Act.
In its capacity as court-appointed receiver, the FDIC liquidates a variety of assets including
loans and real estate.
(The information above was taken from the Federal Deposit Insurance Corporation Web site
on November 6, 1999 - http://www.fdic.gov/)
4. State Regulatory Systems - States have also enacted laws and regulations to govern banking
activities. Generally, national banking laws and regulations supersede the laws and
regulations in individual states. Additionally, specific banking laws and regulations differ
from state to state, as a result, very little emphasis is placed on banking regulations in
individual states.
161
162
An example, of a regulatory agency in a State is the Illinois Office of Banks and Real Estate,
Bureau of Banks and Trust Companies. The Web site for the Illinois Bureau of Banks and
Trust Companies states:
“The mission of the Bureau of Banks and Trust Companies is to charter or authorize and
supervise state-chartered commercial banks, foreign bank offices, electronic funds transfer
systems, corporate fiduciaries, and their information systems in order to assure the safety and
soundness of such institutions in compliance with applicable laws and regulations for the
benefit of the public. The Bureau’s mission also includes registering check printers and non-
financial institution deployers of Automated Teller Machines and licensing pawnbrokers that
operate in Illinois.”
(The information above was taken from the State of Illinois, Office of Banks and Real Estate
Web site on December 31, 1999 - http://www.obre.state.il.us/)
5. National Credit Union Administration (NCUA) is an independent federal agency that

supervises and insures 6,707 federal credit unions and insures 4,134 state-chartered credit
unions. It is entirely funded by credit unions and receives no tax dollars.
NCUA is an independent financial regulatory agency of the federal government, responsible

for chartering, supervising, examining, and insuring federal credit unions. NCUA also
insures state credit unions which apply and qualify for insurance.
A credit union is a member-owned, non-profit financial cooperative organized to promote

thrift among its members and to make loans to its members from accumulated savings.
Unlike banks and other financial institutions, a credit union is chartered according to a
specific “field of membership.” The field is made up of people who have a “common bond”
of occupation, residence, or association. Anyone who falls within a credit union’s field of
membership may join.
Credit unions range in size from the very small to large and complex world-wide operations.
Credit unions are good, solid, well-operated, and well-managed financial institutions. Credit
unions are the fastest growing of all financial institutions and are
rated highest in customer satisfaction.
Credit unions believe in “serving the underserved.” In addition to serving employees of large
corporations, they have expanded their memberships to low-income communities, distressed
areas and rural neighborhoods. The following section is an excerpt of text of the National
credit Union Administration Act.
TITLE 12--BANKS AND BANKING

CHAPTER VII--NATIONAL CREDIT UNION ADMINISTRATION
Sec. 700.1 Definitions
(a) Act means the Federal Credit Union Act (73 Stat. 628, 84 Stat. 944, 12 U.S.C. 1751
through 1790).
162
163
(b) Administration means the National Credit Union Administration.

(c) Board means the Board of the National Credit Union Administration.
(d) Credit Union means a credit union chartered under the Federal Credit Union Act or, as
the context permits, under the laws of any State.
(e) Regional Director means the representative of the Administration in the designated
geographical area in which the office of the Federal credit union is located.
(f) Regional Office means the office of the Administration located in the designated
geographical areas in which the office of the Federal credit union is located.
(g) State means a State of the United States, the District of Columbia, any of the several
Territories and possessions of the United States, the Panama Canal Zone, and the
Commonwealth of Puerto Rico.
(h) Remaining maturity is the time period from the date of the required reserve transfer to
the stated date of maturity of the instrument.
(i) For the purpose of establishing the reserves required by section 116 of the Federal
Credit Union Act, all assets except the following shall be considered risk assets:
(1) Cash on hand.
(2) Deposits and/or shares in federally or state-insured banks, savings and loan
associations, and credit unions that have a remaining maturity of 5 years or less.
(3) Assets that have a remaining maturity of 5 years or less and are insured by, fully
guaranteed as to principal and interest by, or due from the U.S. Government, its agencies, the
Federal National Mortgage Association. Federal Home Loan Mortgage Corporation, or the
Government National Mortgage Association. Collateralized mortgage obligations that are
comprised of government guaranteed mortgage loans shall be included in this asset category.
(4) Loans to other credit unions that have a remaining maturity of 5 years or less.
(5) Student loans insured under the provisions of title IV, Part B of the Higher Education
Act of 1965 (20 U.S.C. 1071, et seq.) or similar state insurance programs that have a
remaining maturity of 5 years or less.
(6) Loans that have a remaining maturity of 5 years or less and are fully insured or
guaranteed by the Federal or a state government or any agency of either.
(7) Shares or deposits in a corporate credit union that have a remaining maturity of 5 years
or less, other than Membership Capital Share Deposit accounts as defined in part 704.
(i) Is operated primarily for the purpose of serving other credit unions;
(ii) Is designated by the National Credit Union Administration as a corporate credit union;
and
(iii) Limits natural person members to the minimum required by state or federal law to
charter and operate the credit union.
(8) Common trust investments, including mutual funds, which deal exclusively in
investments authorized by the Federal Credit Union Act that are either carried at the lower
cost or market, or are marked to market value monthly.
(9) Prepaid expenses.
(10) Accrued interest on non-risk investments.
(11) Loans fully secured by a pledge of shares in the lending Federal credit union, equal to
and maintained to at least the amount of the loan outstanding.
(12) Loans which are purchased from liquidating credit unions and guaranteed by the
National Credit Union Administration.
163
164
(13) National Credit Union Share Insurance Fund Guaranty Accounts established with the
authorization of the National Credit Union Administration under the authority of section
208(a)(1) of the Federal Credit Union Act.
(14) Investments in shares of the National Credit Union Administration Central Liquidity
Facility.
(15) Assets included in numbered items 2, 3, 4, 5, 6, and 7 with maturities greater than 5
years are exempt from risk assets if the asset is being carried on the credit union's records at
the lower of cost or market, or are being marked to market value monthly.
(16) Assets included in numbered items 2, 3, 4, 5, 6, and 7, with remaining maturities
greater than 5 years are exempt from risk assets provided they meet the following criteria,
irrespective of whether or not the asset is being carried on the credit union's records at the
lower of cost or market, or are being marked to market value monthly.
(17) Fixed Assets as defined in Sec. 701.36(b).
(18) Deposit in the National Credit Union Share Insurance Fund representing a federally
insured credit union's capitalization account balance of one percent of insured shares.
(j)(1) Insolvency. A credit union will be determined to be insolvent when the total amount
of its shares exceeds the present cash value of its assets after providing for liabilities unless:
(i) It is determined by the Board that the facts that caused the deficient share-asset ratio no
longer exist; and
(ii) The likelihood of further depreciation of the share-asset ratio is not probable; and
(iii) The return of the share-asset ratio to its normal limits within a reasonable time for the
credit union concerned is probable; and
(iv) The probability of a further potential loss to the insurance fund is negligible.
(2) For purposes of this section, the following definitions are used:
(i) Cash value of assets. Recorded value will be considered the cash value of any asset
account providing accepted accounting principles and practices are followed and the
provisions of law, regulation, and bylaws are met.
(ii) Liabilities. Recorded liabilities which are due and payable, excluding shares of
members and non-members, are considered liabilities.
(k) For purposes of determining the amount required to be transferred to regular reserves
under sections 116 and 201(b)(6) of the Federal Credit Union Act, gross income means the
total of the operating income accounts reduced by the following.
(1) Dividends received on shares in the National Credit Union Administration Central
Liquidity Facility;
(2) Dividends received by credit unions on special share accounts held in Agent members
of the Central Liquidity Facility authorized by Sec. 725.7 of this chapter; and
(3) Interest received by an Agent member of the Central Liquidity Facility to the extent of
interest paid to the Facility by the Agent member. In the case of an Agent member of the
Central Liquidity Facility that is a group of central credit unions--
(i) Interest received by the Agent group representative, as defined in Sec. 725.1(b) of this
chapter, to the extent of interest paid to the Facility by the Agent group representative; and
(ii) Interest received by each central credit union in the Agent group (other than the Agent
group representative) to the extent of interest paid by each such central credit union to the
Agent group representative on Agent group representative loans, as defined in Sec. 725.1(b)
of this chapter. Non-operating gains and losses are not included in gross income.
[36 FR 23794, Dec. 15, 1971; 37 FR 329, Jan. 11, 1972, as amended at 37
164
165
FR 10342, May 20, 1972; 45 FR 47121, July 14, 1980; 54 FR 48234, Nov.
22, 1989; 54 FR 52015, Dec. 20, 1989; 55 FR 1794, Jan. 19, 1990; 57 FR
47985, Oct. 21, 1992; 58 FR 40042, July 27, 1993]
(The information above was taken from the Code of Federal Regulations Web site on
December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv6_98.html#700)
Legislation has been enacted to serve the interests of consumers and the entities involved in
commercial banking activities. Some of the laws and regulations that govern banking are listed
below.
• Reg A - Borrowing by Depository Institutions

• Reg B - Equal Credit Opportunity Act
• Reg C - Home Mortgage Disclosure Act
• Reg D - Reserve Requirements
• Reg E - Electronic Funds Transfer Act
• Reg J - Collection of Checks and other Items
• Reg K - Edge Act
• Reg L - Depository Institution Man. Interlocks Act
• Reg M - Consumer Leasing
• Reg O - Loans to Executive Officers
• Reg P/Reg 21- Bank Protection Act
• Reg Q - Interest on Deposits
• Reg U - Credit by Banks for Purchase of Margin Stocks
• Reg Y - Bank Holding Company Act
• Reg Z - Truth in Lending (open end, closed end, credit cards, home equity,
• right of rescission, restitution)
• Reg BB - Community Reinvestment Act
• Reg CC - Availability of Funds and Collection of Checks
• Reg DD - Truth in Savings
• Reg 34 - Real Estate Lending and Appraisals
• Bank Bribery Act
• Bank Secrecy Act
• Fair Credit Reporting Act
• Fair Debt Collection Practices Act
• Fair Housing Act
• Financial Institution Reform, Recovery and Enforcement Act (FIRREA)
• FDIC Bank Improvement Act of 1991
• Foreign Corrupt Practices Act
• National Flood Insurance Program
• OFAC
• Real Estate Settlement Procedures Act
165
166
• Right to Financial Privacy Act

• Tax Identification Reporting (TIN Compliance)
• Transactions with Affiliates - FRB Sections 23 A&B
• Trust - 12 CFR Part 9
Following will be a brief discussion of each of these regulations. In most cases, the actual text of
the legislation will be included to supplement the brief summary. In some cases, portions of the
legislation have been bolded by the authors to highlight key information.
1. Regulation A – Borrowing by Depository Institutions - governs borrowing at the Federal

Reserve discount window. Banks or other depository institutions may participate in the
following lending programs:
• An adjustment credit is available to help institutions meet short-term obligations

when the normal source of funds is not available.
• An extended credit is available to help institutions meet long-term needs.
• An emergency credit is available to help non-depository institutions to obtain credit to
limit adverse impact on the economy. Entities such as corporations, partnerships, and
individuals can obtain emergency credit.
The following section is an excerpt of text of Regulation A

CHAPTER II--FEDERAL RESERVE SYSTEM
Sec. 201.1 Authority, scope and purpose
(a) Authority and scope. This part is issued under the authority of sections 10A, 10B, 13,
13A, and 19 of the FRA (12 U.S.C. 347a, 347b, 343 et seq., 347c, 348 et seq., 374, 374a, and
461), other provisions of the FRA, and section 7(b) of the International Banking Act of 1978
(12 U.S.C. 347d) and relates to extensions of credit by Federal Reserve Banks to depository
institutions and others.
(b) Purpose. This part establishes rules under which Federal Reserve Banks may extend
credit to depository institutions and others. Extending credit to depository institutions to
accommodate commerce, industry, and agriculture is a principal function of Federal Reserve
Banks. While open market operations are the primary means of affecting the overall supply
of reserves, the lending function of the Federal Reserve Banks is an effective method of
supplying reserves to meet the particular credit needs of individual depository institutions.
The lending functions of the Federal Reserve System are conducted with due regard to the
basic objectives of monetary policy and the maintenance of a sound and orderly financial
system.
[58 FR 68512, Dec. 28, 1993]
(The information above was taken from the Code of federal Regulations Web site on
December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfrv2.html)
166
167
2. Regulation B – Equal Credit Opportunity Act - promotes the availability of credit to all
credit-worthy applicants. Creditors are prohibited from discriminating on non-financial
factors such as race, color, religion, national origin, sex, marital status, or age. Additionally,
banks are required to provide applicants with a notice of action regarding the loan application
and collect monitoring information regarding an applicant’s race, color, religion, national
origin, sex, marital status, and age. The following section is an excerpt of text of Regulation
B.

Sec. 202.1 Authority, scope and purpose.
(a) Authority and scope. This regulation is issued by the Board of Governors of the
Federal Reserve System pursuant to title VII (Equal Credit Opportunity Act) of the
Consumer Credit Protection Act, as amended (15 U.S.C. 1601 et seq.). Except as otherwise
provided herein, the regulation applies to all persons who are creditors, as defined in Sec.
202.2(1). Information collection requirements contained in this regulation have been
approved by the Office of Management and Budget under the provisions of 44 U.S.C. 3501
et seq. and have been assigned
OMB control number 7100-0201.
(b) Purpose. The purpose of this regulation is to promote the availability of credit to all
creditworthy applicants without regard to race, color, religion, national origin, sex, marital
status, or age (provided the applicant has the capacity to contract); to the fact that all or part
of the applicant's income derives from a public assistance program; or to the fact that the
applicant has in good faith exercised any right under the Consumer Credit Protection Act.
The regulation prohibits creditor practices that discriminate on the basis of any of these
factors. The regulation also requires creditors to notify applicants of action taken on their
applications; to report credit history in the names of both spouses on an account; to retain
records of credit applications; to collect information about the applicant's race and other
personal characteristics in applications for certain dwelling-related loans; and to provide
applicants with copies of appraisal reports used in connection with credit transactions.
[Reg. B, 50 FR 48026, Nov. 20, 1985, as amended at 58 FR 65661, Dec. 16,

1993]
3. Regulation C – Home Mortgage Disclosure Act - provide the public with loan data that can
be used to:
• To help determine whether financial institutions are serving the housing needs of their
communities;
• To assist public officials in distributing public-sector investments so as to attract
private investment to areas where it is needed; and
167
168
• To assist in identifying possible discriminatory lending patterns and enforcing

antidiscrimination statutes.
The following section is an excerpt of text of Regulation C.

Sec. 203.1 Authority, purpose, and scope.
(a) Authority. This regulation is issued by the Board of Governors of the Federal Reserve
System (``Board'') pursuant to the Home Mortgage Disclosure Act (12 U.S.C. 2801 et seq.),
as amended. The information-collection requirements have been approved by the U.S. Office
of Management and Budget under 44 U.S.C. 3501 et seq. and have been assigned OMB
Numbers 1557-0159, 3064-0046, 1550-0021, and 7100-0247 for institutions reporting data to
the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation,
the Office of Thrift Supervision, and the Federal Reserve System, respectively; numbers for
the National Credit Union Administration and the Department of Housing and Urban
Development are pending.
(b) Purpose. (1) This regulation implements the Home Mortgage Disclosure Act, which is
intended to provide the public with loan data that can be used:
(i) To help determine whether financial institutions are serving the housing needs of their
communities;
(ii) To assist public officials in distributing public-sector investments so as to attract
private investment to areas where it is needed; and
(iii) To assist in identifying possible discriminatory lending patterns and enforcing
antidiscrimination statutes.
(2) Neither the act nor this regulation is intended to encourage unsound lending practices
or the allocation of credit.
(c) Scope. This regulation applies to certain financial institutions, including banks, saving
associations, credit unions, and other mortgage lending institutions, as defined in Sec.
203.2(e). It requires an institution to report data to its supervisory agency about home
purchase and home improvement loans it originates or purchases, or for which it receives
applications; and to disclose certain data to the public.
(d) Loan aggregation and central data depositories. Using the loan data made available by
financial institutions, the Federal Financial Institutions Examination Council will prepare
disclosure statements and will produce various reports for individual institutions for each
metropolitan statistical area (MSA), showing lending patterns by location, age of housing
stock, income level, sex, and racial characteristics. The disclosure statements and reports will
be available to the public at central data depositories located in each MSA. A listing of
central data depositories can be obtained from the Federal Financial Institutions Examination
Council, Washington, DC 20006.
[Reg. C, 54 FR 51362, Dec. 15, 1989, as amended at 63 FR 52142, Sept.

30, 1998]
168
169
4. Regulation D – Reserve Requirements - relates to reserves that depository institutions are

required to maintain for the purpose of facilitating the implementation of monetary policy by
the Federal Reserve System. Depository institutions must maintain reserves in the form of
vault cash or have an adequate balance at a Federal Reserve or corresponding bank. The
following section is an excerpt of text of Regulation D.

Sec. 204.1 Authority, purpose and scope.
(a) Authority. This part is issued under the authority of section 19 (12 U.S.C. 461 et seq.)
and other provisions of the Federal Reserve Act and of section 7 of the International Banking
Act of 1978 (12 U.S.C. 3105).
(b) Purpose. This part relates to reserves that depository institutions are required to
maintain for the purpose of facilitating the implementation of monetary policy by the Federal
Reserve System.
(c) Scope. (1) The following depository institutions are required to
maintain reserves in accordance with this part:
(i) Any insured bank as defined in section 3 of the Federal Deposit Insurance Act (12
U.S.C. 1813(h)) or any bank that is eligible to apply to become an insured bank under section
5 of such Act (12 U.S.C. 1815);
(ii) Any savings bank or mutual savings bank as defined in section 3 of the Federal
Deposit Insurance Act (12 U.S.C. 1813(f), (g));
(iii) Any insured credit union as defined in section 101 of the Federal Credit Union Act (12
U.S.C. 1752(7)) or any credit union that is eligible to apply to become an insured credit
union under section 201 of such Act (12 U.S.C. 1781);
(iv) Any member as defined in section 2 of the Federal Home Loan Bank Act (12 U.S.C.
1422(4)); and
(v) Any insured institution as defined in section 401 of the National Housing Act (12
U.S.C. 1724(a)) or any institution which is eligible to apply to become an insured institution
under section 403 of such Act (12 U.S.C. 1726).
(2) Except as may be otherwise provided by the Board, a foreign bank's branch or agency
located in the United States is required to comply with the provisions of this part in the same
manner and to the same extent as if the branch or agency were a member bank, if its parent
foreign bank (i) has total worldwide consolidated bank assets in excess of $1 billion; or (ii) is
controlled by a foreign company or by a group of foreign companies that own or control
foreign banks that in the aggregate have total worldwide consolidated bank assets in excess
of $1 billion. In addition, any other foreign bank's branch located in the United States that is
eligible to apply to become an insured bank under section 5 of the Federal Deposit Insurance
Act (12 U.S.C. 1815) is required to maintain reserves in accordance with this part as a
nonmember depository institution.
169
170
(3) Except as may be otherwise provided by the Board, an Edge Corporation (12 U.S.C.
611 et seq.) or an Agreement Corporation (12 U.S.C. 601 et seq.) is required to comply with
the provisions of this part in the same manner and to the same extent as a member bank.
(4) This part does not apply to any financial institution that (i) is organized solely to do
business with other financial institutions; (ii) is owned primarily by the financial institutions
with which it does business; and (iii) does not do business with the general public.
(5) The provisions of this part do not apply to any deposit that is payable only at an office
located outside the United States.
[45 FR 56018, Aug. 22, 1980]
5. Regulation E – Electronic Funds Transfer Act – purpose is to protect consumers engaging

in electronic funds transfers. It became a law in 1978 and establishes the basic rights,
liabilities, and responsibilities of consumers and banks involved in electronic funds transfers.
The following section is an excerpt of text of Regulation E.

Sec. 205.1 Authority and purpose
(a) Authority. The regulation in this part, known as Regulation E, is issued by the Board of
Governors of the Federal Reserve System pursuant to the Electronic Fund Transfer Act (15
U.S.C. 1693 et seq.). The information-collection requirements have been approved by the
Office of Management and Budget under 44 U.S.C. 3501 et seq. and have been assigned
OMB No. 7100-0200.
(b) Purpose. This part carries out the purposes of the Electronic Fund Transfer Act, which
establishes the basic rights, liabilities, and responsibilities of consumers who use electronic
fund transfer services and of financial institutions that offer these services. The primary
objective of the act and this part is the protection of individual consumers engaging in
electronic fund transfers.
6. Regulation J – Collection of Checks and Other Items – purpose is to provide rules for
collecting and returning items and settling balances. The following section is an excerpt of
text of Regulation J.

170
171
The Board of Governors of the Federal Reserve System (Board) has issued this subpart
pursuant to the Federal Reserve Act, sections 11 (i) and (j) (12 U.S.C. 248 (i) and (j)), section
13 (12 U.S.C. 342), section 16 (12 U.S.C. 248(o) and 360), and section 19(f) (12 U.S.C.
464); the Expedited Funds Availability Act (12 U.S.C. 4001 et seq.); and other laws. This
subpart governs the collection of checks and other cash and noncash items and the handling
of returned checks by Federal Reserve Banks. Its purpose is to provide rules for collecting
and returning items and settling balances.
[53 FR 21984, June 13, 1988, as amended at Reg. J, 59 FR 22965, May 4, 1994]
Sec. 210.3 General provisions.
(a) General. Each Reserve Bank shall receive and handle items in accordance with this
subpart, and shall issue operating circulars governing the details of its handling of items and
other matters deemed appropriate by the Reserve Bank. The circulars may, among other
things, classify cash items and noncash items, require separate sorts and letters, provide
different closing times for the receipt of different classes or types of items, provide for
instructions by an Administrative Reserve Bank to other Reserve Banks, set forth terms of
services, and establish procedures for adjustments on a Reserve Bank's books, including
amounts, waiver of expenses, and payment of interest by as-of adjustment.
(b) Binding effect. This subpart, together with subpart C of part 229 and the operating
circulars of the Reserve Banks, are binding on all parties interested in an item handled by any
Reserve Bank.
(c) Government items. As depositaries and fiscal agents of the United States, Reserve
Banks handle certain items payable by the United States or certain Federal agencies as cash
or noncash items. To the extent provided by regulations issued by, and arrangements made
with, the United States Treasury Department and other Government departments and
agencies, the handling of such items is governed by this subpart. The Reserve Banks shall
include in their operating circulars such information regarding these regulations and
arrangements as the Reserve Banks deem appropriate.
(d) Government senders. Except as otherwise provided by statutes of the United States, or
regulations issued or arrangements made thereunder, this subpart and the operating circulars
of the Reserve Banks apply to the following when acting as a sender: a department, agency,
instrumentality, independent establishment, or office of the United States, or a wholly owned
or controlled Government corporation, that maintains or uses an account with a Reserve
Bank.
(e) Foreign items. A Reserve Bank also may receive and handle certain items payable
outside a Federal Reserve District, as provided in its operating circulars. The handling of
such items in a state is governed by this subpart, and the handling of such items outside a
state is governed by the local law.
(f) Relation to other law. The provisions of this subpart supersede any inconsistent
provisions of the Uniform Commercial Code, of any other state law, or of part 229 of this
title, but only to the extent of the inconsistency.
[45 FR 68634, Oct. 16, 1980, as amended at 51 FR 21744, June 16, 1986; 53 FR 21984,
June 13, 1988; Reg. J, 59 FR 22965, May 4, 1994; 62 FR 48171, Sept. 15, 1997]
171
172
7. Regulation K – Edge Act – purpose is to provide rules governing the international and
foreign activities of U.S. banking organizations, including procedures for establishing foreign
branches and Edge corporations to engage in international banking and for investments in
foreign organizations. The Edge Act was first enacted in 1919 and Regulation K was
promulgated in 1979. The following section is an excerpt of text of Regulation K.

(a) Authority. This subpart is issued by the Board of Governors of the Federal Reserve
System (``Board'') under the authority of the Federal Reserve Act (``FRA'') (12 U.S.C. 221 et
seq.); the Bank Holding Company Act of 1956 (``BHC Act'') (12 U.S.C. 1841 et seq.); and
the International Banking Act of 1978 (`ÌBA'') (12 U.S.C. 3101 et seq.). Requirements for
the collection of information contained in this regulation have been approved by the Office of
Management and Budget under the provision of 44 U.S.C. 3501, et seq. and have been
assigned OMB numbers 7100-0107; 7100-0109; 7100-0110; 7100-0069; 7100-0086; and
7100-0073.
(b) Purpose. This subpart sets out rules governing the international and foreign
activities of U.S. banking organizations, including procedures for establishing foreign
branches and Edge corporations to engage in international banking and for investments
in foreign organizations.
(c) Scope. This subpart applies to:
(1) Corporations organized under section 25(a) of the FRA (12 U.S.C. 611-631), `Èdge
corporations'';
(2) Corporations having an agreement or undertaking with the Board under section 25 of
the FRA (12 U.S.C. 601-604a), `Àgreement corporations'';
(3) Member banks with respect to their foreign branches and investments in foreign banks
under section 25 of the FRA (12 U.S.C. 601-604a);\1\ and \1\ Section 25 of the FRA, which
refers to national banking associations, also applies to state member banks of the Federal
Reserve System by virtue of section 9 of the FRA (12 U.S.C. 321).
(4) Bank holding companies with respect to the exemption from the nonbanking
prohibitions of the BHC Act afforded by section 4(c)(13) of the BHC Act (12 U.S.C.
1843(c)(13)).
[56 FR 19565, Apr. 29, 1991, unless otherwise noted.]
8. Regulation L – Interlocks Act – was designed to foster competition in the banking industry
by limiting the sharing of banking personnel. For example, a management official can’t
172
173
serve in a management capacity of two institutions in the same community. The following
section is an excerpt of text of Regulation L.
SEC. 202. As used in this title--

(1) the term "depository institution" means a commercial bank, a savings bank, a trust
company, a savings and loan association, a building and loan association, a homestead
association, a cooperative bank, an industrial bank, or a credit union;
(2) the term "depository holding company" means a bank holding company as defined in
section 2(a) of the Bank Holding Company Act of 1956, a company which would be a bank
holding company as defined in section 2(a) of the Bank Holding Company Act of 1956 but
for the exemption contained in section 2(a)(5)(F) thereof, or a savings and loan holding
company as defined in section 408(a)(1)(D) of the National Housing Act;
(3) the characterization of any corporation (including depository institutions and
depository holding companies), as an "affiliate of," or as "affiliated" with any other
corporation means that--
(A) one of the corporations is a depository holding company and the other is a subsidiary
thereof, or both corporations are subsidiaries of the same depository holding company, as the
term "subsidiary" is defined in either section 2(d) of the Bank Holding Company Act of 1956
in the case of a bank holding company or section 408(a)(1)(H) of the National Housing Act
in the case of a savings and loan holding company; or
(B) more than 25 percent of the voting stock of one corporation is beneficially owned in
the aggregate by one or more persons who also beneficially own in the aggregate more than
25 percent of the voting stock of the other corporation; or
(C) one of the corporations is a trust company all of the stock of which, except for
directors qualifying shares, was owned by one or more mutual savings banks on the date of
enactment of this Act, and the other corporation is a mutual savings bank; or {{10-31-94
p.8592}}
(D) one of the corporations is a bank, insured by the Federal Deposit Insurance
Corporation and chartered under State law, and is a bankers' bank, described in Paragraph
Seventh of section 5136 of the Revised Statutes; or
(E) one of the corporations is a bank, chartered under State law and insured by the
Federal Deposit Insurance Corporation, the voting securities of which are held only by
persons who are officers of other banks, as permitted by State law, and which bank is
primarily engaged in providing banking services for other banks and not for the public:
Provided, however, That in no case shall the voting securities of such corporation be held by
such officers of other banks in excess of 6 per centum of the paid-in capital and 6 per centum
of the surplus of such a bank.
(4) the term "management official" means an employee or officer with management
functions, a director (including an advisory or honorary director, except in the case of a
depository institution with total assets of less than $100,000,000), a trustee of a business
organization under the control of trustees, or any person who has a representative or nominee
serving in any such capacity: Provided, That if a corporator, trustee, director, or other officer
of a State-chartered savings bank or cooperative bank is specifically authorized under the
laws of the State in which said institution is located to serve as a trustee, director, or other
officer of a State-chartered trust company which does not make real estate mortgage loans
and does not accept savings deposits from natural persons, then, for the purposes of this title,
173
174
such corporator, trustee, director, or other officer shall not be deemed to be a management
official of such trust company: And provided further, That if a management official of a
State-chartered trust company which does not make real estate mortgages loans and does not
accept savings deposits from natural persons is specifically authorized under the laws of the
State in which said institution is located to serve as a corporator, trustee, director, or other
officer of a State-chartered savings bank or cooperative bank, then, for the purposes of this
title, such management official shall not
be deemed to be a management official of any such savings bank or cooperative bank; and
(5) the term "office" used with reference to a depository institution means either a
principal office or a branch.
[Codified to 12 U.S.C. 3201]
[Source: Section 202 of title II of the Act of November 10, 1978 (Pub. L. No. 95--630; 92
Stat. 3672), effective March 10, 1979, as amended by sections 2, 3, and 5(b)(1) of the Act of
November 10, 1988, (Pub. L. No. 100--650; 102 Stat. 3819 and 3820), effective November
10, 1988; section 322(c)(2) of title III of the Act of September 23, 1994 (Pub. L. No. 103--
325; 108 Stat. 2227), effective September 23, 1994]
SEC. 203. A management official of a depository institution or a depository holding

company may not serve as a management official of any other depository institution or
depository holding company not affiliated therewith if an office of one of the institutions or
any depository institution that is an affiliate of such institutions is located within either--
(1) the same primary metropolitan statistical area, the same metropolitan statistical area,
or the same consolidated metropolitan statistical area that is not comprised of designated
primary metropolitan statistical areas as defined by the Office of Management and Budget,
except in the case of depository institutions with less than $20,000,000 in assets in which
case the provision of paragraph (2) shall apply, as that in which an office of the other
institution or any depository institution that is an affiliate of such other institution is located,
or
(2) the same city, town, or village as that in which an office of the other institution or any
depository institution that is an affiliate of such other institution is located, or in any city,
town, or village contiguous or adjacent thereto.
Stat. 3673), effective March 10, 1979, as amended by section 701(c) of title VII of the Act of
November 30, 1983 (Pub. L. No. 98--181; 97 Stat. 1267), effective November 30, 1983] {{4-
30-97 p.8593}}
SEC. 204. If a depository institution or a depository holding company has total assets
exceeding $2,500,000,000, a management official of such institution or any affiliate thereof
may not serve as a management official of any other nonaffiliated depository institution or
depository holding company having total assets exceeding $1,500,000,000 or as a
management official of any affiliate of such other institution. In order to allow for inflation or
174
175
market changes, the appropriate Federal depository institutions regulatory agencies may, by
regulation, adjust, as necessary, the amount of total assets required for depository institutions
or depository holding companies under this section.
Stat. 3673), effective March 10, 1979; as amended by section 2210(a) of title II of the Act of
September 30, 1996 (Pub. L. No. 104--208; 110 Stat. 3009--409), effective September 30,
1996]
SEC. 205. The prohibitions contained in sections 203 and 204 shall not apply in the case of
any one or more of the following or subsidiary thereof:
(1) A depository institution or depository holding company which has been placed
formally in liquidation, or which is in the hands of a receiver, conservator, or other official
exercising a similar function.
(2) A corporation operating under section 25 or 25(a) of the Federal Reserve Act.
(3) A credit union being served by a management official of another credit union.
(4) A depository institution or depository holding company which does not do business
within any State of the United States, the District of Columbia, any territory of the United
States, Puerto Rico, Guam, American Samoa, or the Virgin Islands except as an incident to
its activities outside the United States.
(5) A State-chartered savings and loan guaranty corporation.
(6) A Federal Home Loan Bank or any other bank organized specifically to serve
depository institutions.
(7) A depository institution or a depository holding company which--
(A) is closed or is in danger of closing, as determined by the appropriate Federal
depository institutions regulatory agency in accordance with regulations prescribed by such
agency; and
(B) is acquired by another depository institution or depository holding company,
during the 5-year period beginning on the date of the acquisition of the depository institution
or depository holding company described in subparagraph (A).
(8)(A) A diversified savings and loan holding company (as defined in section 408(a)(1)(F)
of the National Housing Act) with respect to the service of a director of such company who is
also a director of any nonaffiliated depository institution or depository holding company
(including a savings and loan holding company) if--
(i) notice of the proposed dual service is given by such diversified savings and loan
holding company to--
(I) the appropriate Federal depository institutions regulatory agency for such
company; and
(II) the appropriate Federal depository institutions regulatory agency for the
nonaffiliated depository institution or depository holding company of which such person is
also a director, not less than 60 days before such dual service is proposed to begin; and
(ii) the proposed dual service is not disapproved by any such appropriate Federal
depository institutions regulatory agency before the end of such 60-day period.
175
176
(B) Any appropriate Federal depository institutions regulatory agency may disapprove,
under subparagraph (A)(ii), a notice of proposed dual service by any individual if such
agency finds that-- {{4-30-97 p.8594}}
(i) the dual service cannot be structured or limited so as to preclude the dual service's
resulting in a monopoly or substantial lessening of competition in financial services in any
part of the United States;
(ii) the dual service would lead to substantial conflicts of interest or unsafe or unsound
practices; or
(iii) the diversified savings and loan holding company has neglected, failed, or refused
to furnish all the information required by such agency.
(C) Any appropriate Federal depository institutions regulatory agency may, at any time
after the end of the 60-day period referred to in subparagraph (A), require that any dual
service by any individual which was not disapproved by such agency during such period be
terminated if a change in circumstances occurs with respect to any depository institution or
depository holding company of which such individual is a director that would have provided
a basis for disapproval of the dual service during such period.
(9) Any savings association (as defined in section 10(a)(1)(A) of the Home Owners' Loan
Act or any savings and loan holding company (as defined in section 10(a)(1)(D) of such Act)
which has issued stock in connection with a qualified stock issuance pursuant to section
10(q) of such Act, except that this paragraph shall apply only with respect to service as a
single management official of such savings association or holding company, or any
subsidiary of such savings association or holding company, by a single management official
of the savings and loan holding company which purchased the stock issued in connection
with such qualified stock issuance, and shall apply only when the Director of the Office of
Thrift Supervision has determined that such service is consistent with the purposes of this
Act and the Home Owners' Loan Act.
Stat. 3673), effective March 10, 1979, as amended by section 425(d) of title IV of the Act of
October 15, 1982 (Pub. L. No. 97--320; 96 Stat. 1524), effective October 15, 1982; sections 4
and 5(a) of the Act of November 10, 1988 (Pub. L. No. 100--650; 102 Stat. 3819), effective
November 10, 1988; section 604(a) of title VI of the Act of August 9, 1989 (Pub. L. No. 101-
-73; 103 Stat. 410), effective August 9, 1989]
(The information above was taken from the Federal Deposit Insurance Corporations Web site
on December 31, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) Use this
generic site
9. Regulation M – Consumer Leasing – Implements the consumer leasing provisions of the

Truth in Lending Act. The purpose of this part is:
• To ensure that lessees of personal property receive meaningful disclosures that enable
them to compare lease terms with other leases and, where appropriate, with credit
transactions;
• To limit the amount of balloon payments in consumer lease transactions; and
176
177
• To provide for the accurate disclosure of lease terms in advertising.
The following section is an excerpt of text of Regulation M.

Sec. 213.1 Authority, scope, purpose, and enforcement.
(a) Authority. The regulation in this part, known as Regulation M, is issued by the Board
of Governors of the Federal Reserve System to implement the consumer leasing provisions
of the Truth in Lending Act, which is Title I of the Consumer Credit Protection Act, as
amended (15 U.S.C. 1601 et seq.). Information collection requirements contained in this
regulation have been approved by the Office of Management and Budget under the
provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB control number 7100-
0202.
(b) Scope and purpose. This part applies to all persons that are lessors of personal property
under consumer leases as those terms are defined in Sec. 213.2(e)(1) and (h). The purpose of
this part is:
(1) To ensure that lessees of personal property receive meaningful disclosures that enable
them to compare lease terms with other leases and, where appropriate, with credit
transactions;
(2) To limit the amount of balloon payments in consumer lease transactions; and
(3) To provide for the accurate disclosure of lease terms in advertising.
(c) Enforcement and liability. Section 108 of the act contains the administrative
enforcement provisions. Sections 112, 130, 131, and 185 of the act contain the liability
provisions for failing to comply with the requirements of the act and this part.
[Reg. M, 61 FR 52258, Oct. 7, 1996, as amended at 62 FR 15367, Apr. 1, 1997]
December 21, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx/12cfr213_99.html)
10. Regulation O – Loans to Executive Officer – purpose is to govern any extension of credit
by a member bank to an executive officer, director, or principal shareholder of the member
bank, a bank holding company of which the member bank is a subsidiary, and any other
subsidiary of that bank holding company. It was created to control insider lending where an
officer would receive preferential treatment and favorable loan terms. The purpose is to limit
the opportunity for preferential treatment to “insiders.” The following section is an excerpt
of text of Regulation O.

(a) Authority. This subpart is issued pursuant to sections 11(i), 22(g), and 22(h) of the
Federal Reserve Act (12 U.S.C. 248(i), 375a, and 375b), 12 U.S.C. 1817(k), and section 306
177
178
of the Federal Deposit Insurance Corporation Improvement Act of 1991 (Pub. L. 102-242,
105 Stat. 2236 (1991)).
(b) Purpose and scope. This subpart A governs any extension of credit by a member bank
to an executive officer, director, or principal shareholder of: The member bank; a bank
holding company of which the member bank is a subsidiary; and any other subsidiary of that
bank holding company. It also applies to any extension of credit by a member bank to: A
company controlled by such a person; and a political or campaign committee that benefits or
is controlled by such a person. This subpart A also implements the reporting requirements of
12 U.S.C. 375a concerning extensions of credit by a member bank to its executive officers
and of 12 U.S.C. 1817(k) concerning extensions of credit by a member bank to its executive
officers or principal shareholders, or the related interests of such persons.
[Reg. O, 59 FR 8837, Feb. 24, 1994, unless otherwise noted.]
11. Regulation P – Bank Protection Act – purpose is to provide security measures for banks
and other financial institutions, and to provide for the appointment of the Federal Savings
and Loan Insurance Corporation as receiver. There are two primary reasons for this act.
First, it established minimum standards of security devices to prevent burglaries, robberies,
and larcenies at banks. Second, it promoted the design of procedures assists banks in the
identification and apprehension of persons who commit illegal acts. In addition it made
banks accountable for their enforcement actions and forced banks to maintain appropriate
documentation to demonstrate compliance to regulatory agencies. Note: As of October 1,
1998 the provisions of Regulation P have been incorporated into Regulation H. The
following section is an excerpt of text of Regulation P.
BANK PROTECTION ACT OF 1968
To provide security measures for banks and other financial institutions, and to provide for the
appointment of the Federal Savings and Loan Insurance Corporation as receiver. Be it
enacted by the Senate and House of Representatives of the United States of America in
Congress assembled, That this Act may be cited as the "Bank Protection Act of 1968".
[Codified to 12 U.S.C. 1881 note]
[Source: Section 1 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 294), effective
July 7, 1968]
SEC. 2. As used in this Act the term "Federal supervisory agency" means--
(1) The Comptroller of the Currency with respect to national banks and district banks,
(2) The Board of Governors of the Federal Reserve System with respect to Federal
Reserve banks and State banks which are members of the Federal Reserve System,
178
179
(3) The Federal Deposit Insurance Corporation with respect to State banks which are not
members of the Federal Reserve System but the deposits of which are insured by the Federal
Deposit Insurance Corporation and State savings associations, and
(4) The Director of the Office of Thrift Supervision with respect to Federal savings.
[Source: Section 2 of the Act of July 7, 1968 (Pub. L. No. 90--389; 82 Stat. 294) effective
July 7, 1968; as amended by section 744(h) of title VII of the Act of August 9, 1989 (Pub. L.
No. 101--73; 103 Stat. 439), effective August 9, 1989]
SEC. 3. (a) Within six months from the date of this Act, each Federal supervisory agency
shall promulgate rules establishing minimum standards with which each bank or savings and
loan association must comply with respect to the installation, maintenance, and operation of
security devices and procedures, reasonable in cost, to discourage robberies, burglaries, and
larcenies and to assist in the identification and apprehension of persons who commit such
acts.
(b) The rules shall establish the time limits within which banks and savings and loan
associations shall comply with the standards.
July 7, 1968; as amended by section 911(a) of title IX of the Act of August 9, 1989 (Pub. L.
No. 101--73; 103 Stat. 478), effective August 9, 1989]
SEC. 4. The Federal supervisory agencies shall consult with

(1) insurers furnishing insurance protection against losses resulting from robberies,
burglaries, and larcenies committed against financial institutions referred to in section 2, and
(2) State agencies having supervisory or regulatory responsibilities with respect to such
insurers to determine the feasibility and desirability of premium rate differentials based on
the installation, maintenance, and operation of security devices and procedures. The Federal
supervisory agencies shall report to the Congress the results of their consultations pursuant to
this section not later than two years after the date of enactment of this Act.
July 7, 1968]
{{8-30-96 p.8074}}
SEC. 5. A bank or savings and loan association which violates a rule promulgated pursuant
to this Act shall be subject to a civil penalty which shall not exceed $100 for each day of the
violation.
179
180
July 7, 1968]
§ 326.2 Designation of security officer.
Upon the issuance of federal deposit insurance, the board of directors of each insured
nonmember bank{2}
{2 The term "board of directors" includes the managing official of an insured branch of a
foreign bank for purposes of 12 CFR 326.0--326.4.}
shall designate a security officer who shall have the authority, subject to the approval of the
board of directors, to develop, within a reasonable time, but no later than 180 days, and to
administer a written security program for each banking office.
[Codified to 12 C.F.R. § 326.2]
[Section 326.2 amended at 53 Fed. Reg. 17917, May 19, 1988; 56 Fed. Reg. 13581, April 3,
1991, effective May 3, 1991]
§ 326.3 Security program.
(a) Contents of security program. The security program shall:

(1) Establish procedures for opening and closing for business and for the safekeeping of
all
currency, negotiable securities, and similar valuables at all times;
(2) Establish procedures that will assist in identifying persons committing crimes against
the bank and that will preserve evidence that may aid in their identification and prosecution;
such procedures may include, but are not limited to:
(i) Retaining a record of any robbery, burglary, or larceny committed against the bank;
(ii) Maintaining a camera that records activity in the banking office; and
(iii) Using identification devices, such as prerecorded serial-numbered bills, or chemical
and electronic devices;
(3) Provide for initial and periodic training of officers and employees in their
responsibilities under the security program and in proper employee conduct during and after
a robbery, burglar or larceny; and
(4) Provide for selecting, testing, operating and maintaining appropriate security devices,
as
specified in paragraph (b) of this section.
(b) Security devices. Each insured nonmember bank shall have, at a minimum, the
following
security devices:
(1) A means of protecting cash or other liquid assets, such as a vault, safe, or other secure
space;
180
181
(2) A lighting system for illuminating, during the hours of darkness, the area around the
vault, if the vault is visible from outside the banking office;
(3) An alarm system or other appropriate device for promptly notifying the nearest
responsible law enforcement officers of an attempted or perpetrated robbery or burglary;
(4) Tamper-resistant locks on exterior doors and exterior windows that may be opened;
and
(5) Such other devices as the security officer determines to be appropriate, taking into
consideration:
(i) The incidence of crimes against financial institutions in the area;
(ii) The amount of currency or other valuables exposed to robbery, burglary, and
larceny;
(iii) The distance of the banking office from the nearest responsible law enforcement
officers;
(iv) The cost of the security devices;
(v) Other security measures in effect at the banking office; and
(vi) The physical characteristics of the structure of the banking office and its
surroundings.
{{4-30-98 p.2265}}
[Section 326.3 amended at 56 Fed. Reg. 13581, April 3, 1991, effective May 3, 1991]
§ 326.4 Reports.
The security officer for each insured nonmember bank shall report at least annually to the
bank's board of directors on the implementation, administration, and effectiveness of the
security program.
[Section 326.4 amended at 53 Fed. Reg. 17917, May 19, 1988; 56 Fed. Reg. 13582, April 3,
1991, effective May 3, 1991]
on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.)
12. Regulation Q – Interest on Deposits - prohibits the payment of interest on demand deposits
by member banks and other depository institutions. It also set guidelines regarding
advertisements of interest rates and stresses the importance of accuracy of advertisements.
The regulations require banks to utilize “truth in advertising”; thus, a bank is expected to
provide all advertised services and rates. The following section is an excerpt of text of
Regulation Q.

181
182
(a) Authority. This part is issued under the authority of section 19 of the Federal Reserve
Act (12 U.S.C. 371a, 461, 505), section 7 of the International Banking Act of 1978 (12
U.S.C. 3105), section 11 of the Federal Reserve Act (12 U.S.C. 248), and section 8 of the
Federal Deposit Insurance Act (12 U.S.C. 1818), unless otherwise noted.
(b) Purpose. This part prohibits the payment of interest on demand deposits by member
banks and other depository institutions within the scope of this part.
(c) Scope. (1) This regulation applies to state chartered banks that are members of the
Federal Reserve under section 9 of the Federal Reserve Act (12 U.S.C. 321, et seq.) and to all
national banks. The regulation also applies to any Federal branch or agency of a foreign bank
and to a State uninsured branch or agency of a foreign bank in the same manner and to the
same extent as if the branch or agency were a member bank, except as may be otherwise
provided by the Board, if:
(i) Its parent foreign bank has total worldwide consolidated bank assets in excess of $1
billion;
(ii) Its parent foreign bank is controlled by a foreign company which owns or controls
foreign banks that in the aggregate have total worldwide consolidated bank assets in excess
of $1 billion; or
(iii) Its parent foreign bank is controlled by a group of foreign companies that own or
control foreign banks that in the aggregate have total worldwide consolidated bank assets in
excess of $1 billion.
(2) For deposits held by a member bank or a foreign bank, this regulation does not apply to
‘any deposit that is payable only at an office located outside of the United States'' (i.e., the
States of the United States and the District of Columbia) as defined in Sec. 204.2(t) of the
Board's Regulation D-- Reserve Requirements of Depository Institutions (12 CFR 20.4).
[Reg. Q, 51 FR 9637, Mar. 20, 1986, as amended at 57 FR 43336, Sept. 21,

1992]
Sec. 217.2 Definitions.

For purposes of this part, the following definitions apply unless
otherwise specified;
(a) Demand deposit means any deposit that is considered to be a demand deposit under
Sec. 204.2(b) of the Board's Regulation D--Reserve Requirements of Depository Institutions
(12 CFR part 204).
(b) Deposit means any liability of a member bank that is considered to be a deposit under
Sec. 204.2(a) of the Board's Regulation D--Reserve Requirements of Depository Institutions
(12 CFR part 204).
(c) Foreign bank means any bank that is considered to be a foreign bank under Sec.
204.2(o) of the Board's Regulation D--Reserve Requirements of Depository Institutions (12
CFR part 204).
(d) Interest means any payment to or for the account of any depositor as compensation for
the use of funds constituting a deposit. A member bank's absorption of expenses incident to
providing a normal banking function or its forbearance from charging a fee in connection
with such a service is not considered a payment of interest.
Sec. 217.3 Interest on demand deposits.
182
183
No member bank of the Federal Reserve System shall, directly or indirectly, by any device
whatsoever, pay any interest on any demand deposit.\1\
\1\ A member bank may continue to pay interest on a time deposit for
not more than ten calendar days; (1) Where the member bank has provided in the time
deposit contract that, if the deposit or any portion thereof is withdrawn not more than ten
calendar days after a maturity date (one business day for `ÌBF time deposits'' as defined in
Sec. 204.8(a)(2) of Regulation D), interest will continue to be paid for such period; or (2) for
a period between a maturity date and the date of renewal of the deposit, provided that such
certificate is renewed within ten calendar days after maturity.
Sec. 217.101 Premiums on deposits.

(a) Section 19(i) of the Federal Reserve Act and Sec. 217.3 of Regulation Q prohibits a
member bank from paying interest on a demand deposit. Premiums, whether in the form of
merchandise, credit, or cash, given by a member bank to a depositor will be regarded as an
advertising or promotional expense rather than a payment of interest if:
(1) The premium is given to a depositor only at the time of the opening of a new account
or an addition to an existing account;
(2) No more than two premiums per account are given within a 12-month period; and
(3) The value of the premium or, in the case, of articles of merchandise, the total cost
(including taxes, shipping, warehousing, packaging, and handling costs) does not exceed $10
for deposits of less than $5,000 or $20 for deposits of $5,000 or more. The costs of premiums
may not be averaged. The member bank should retain sufficient supporting documentation
showing that the total cost of a premium, including shipping, warehousing, packaging, and
handling costs, does not exceed the applicable $10/$20 limitations and that no portion of the
total cost of any premium has been attributed to development, advertising, promotional, or
other expenses. A member bank is not permitted directly or indirectly to solicit or promote
deposits from customers on the basis that the funds will be divided into more than one
account by the institution for the purpose of providing more than two premiums per deposit
within a 12-month period.
(b) Notwithstanding paragraph (a) of this section, any premium that is not, directly or
indirectly, related to or dependent on the balance in a demand deposit account and the
duration of the account balance shall not be considered the payment of interest on a demand
deposit account and shall not be subject to the limitations in paragraph (a) of this section.
[52 FR 47698, Dec. 16, 1987. Redesignated at 57 FR 43336, Sept. 21,

1992; 62 FR 26737, May 15, 1997]
13. Regulation U – Interest on Deposits - imposes credit restrictions upon persons other than
brokers or dealers (hereinafter lenders) that extend credit for the purpose of buying or
carrying margin stock if the credit is secured directly or indirectly by margin stock. Lenders
183
184
may not extend more than the maximum loan value of the collateral securing such credit.
The following section is an excerpt of text of Regulation U.

(a) Authority. Regulation U (this part) is issued by the Board of Governors of the Federal
Reserve System (the Board) pursuant to the Securities Exchange Act of 1934 (the Act) (15
U.S.C. 78a et seq.).
(b) Purpose and scope. (1) This part imposes credit restrictions upon persons other than
brokers or dealers (hereinafter lenders) that extend credit for the purpose of buying or
carrying margin stock if the credit is secured directly or indirectly by margin stock. Lenders
include ``banks'' (as defined in Sec. 221.2) and other persons who are required to register
with the Board under Sec. 221.3(b). Lenders may not extend more than the maximum loan
value of the collateral securing such credit, as set by the Board in Sec. 221.7 (the
Supplement).
(2) This part does not apply to clearing agencies regulated by the Securities and Exchange
Commission or the Commodity Futures Trading Commission that accept deposits of margin
stock in connection with:
(i) The issuance of, or guarantee of, or the clearance of transactions in, any security
(including options on any security, certificate of deposit, securities index or foreign
currency); or
(ii) The guarantee of contracts for the purchase or sale of a commodity for future delivery
or options on such contracts.
(3) This part does not apply to credit extended to an exempted borrower.
(c) Availability of forms. The forms referenced in this part are available from the Federal
Reserve Banks.
Sec. 221.3 General requirements.
(a) Extending, maintaining, and arranging credit--(1) Extending credit. No bank shall
extend any purpose credit, secured directly or indirectly by margin stock, in an amount that
exceeds the maximum loan value of the collateral securing the credit. The maximum loan
value of margin stock (set forth in Sec. 221.8 of this part) is assigned by the Board in terms
of a percentage of the current market value of the margin stock. All other collateral has good
faith loan value, as defined in
Sec. 221.2(f) of this part.
(2) Maintaining credit. A bank may continue to maintain any credit
initially extended in compliance with this part, regardless of:
(i) Reduction in the customer's equity resulting from change in market prices;
(ii) Change in the maximum loan value prescribed by this part; or
(iii) Change in the status of the security (from nonmargin to margin) securing an existing
purpose credit.
184
185
(3) Arranging credit. No bank may arrange for the extension or maintenance of any
purpose credit, except upon the same terms and conditions under which the bank itself may
extend or maintain purpose credit under this part.
(b) Purpose statement. Except for credit extended under paragraph (c) of this section,
whenever a bank extends credit secured directly or indirectly by any margin stock, in an
amount exceeding $100,000, the bank shall require its customer to execute Form FR U-1
(OMB No. 7100-0115), which shall be signed and accepted by a duly authorized officer of
the bank acting in good faith.
(c) Purpose statement for revolving-credit or multiple-draw agreements. (1) If a bank
extends credit, secured directly or indirectly by any margin stock, in an amount exceeding
$100,000, under a revolving-credit or other multiple-draw agreement, Form FR U-1 can
either be executed each time a disbursement is made under the agreement, or at the time the
credit arrangement is originally established.
(2) If a purpose statement executed at the time the credit arrangement is initially made
indicates that the purpose is to purchase or carry margin stock, the credit will be deemed in
compliance with this part if the maximum loan value of the collateral at least equals the
aggregate amount of funds actually disbursed. For any purpose credit disbursed under the
agreement, the bank shall obtain and attach to the executed Form FR U-1 a current list of
collateral which adequately
supports all credit extended under the agreement.
(d) Single credit rule. (1) All purpose credit extended to a customer shall be treated as a
single credit, and all the collateral securing such credit shall be considered in determining
whether or not the credit complies with this part.
(2) A bank that has extended purpose credit secured by margin stock may not subsequently
extend unsecured purpose credit to the same customer unless the combined credit does not
exceed the maximum loan value of the collateral securing the prior credit.
(3) If a bank extended unsecured purpose credit to a customer prior to the extension of
purpose credit secured by margin stock, the credits shall be combined and treated as a single
credit solely for the purposes of the withdrawal and substitution provision of paragraph (f) of
this section.
(4) If a bank extends purpose credit secured by any margin stock and non-purpose credit to
the same customer, the bank shall treat the credits as two separate loans and may not rely
upon the required collateral securing the purpose credit for the nonpurpose credit.
(e) Mixed collateral loans. A purpose credit secured in part by margin stock, and in part by
other collateral shall be treated as two separate loans, one secured by margin stock and one
by all other collateral. A bank may use a single credit agreement, if it maintains records
identifying each portion of the credit and its collateral.
(f) Withdrawals and substitutions. (1) A bank may permit any withdrawal or substitution
of cash or collateral by the customer if the withdrawal or substitution would not:
(i) Cause the credit to exceed the maximum loan value of the collateral; or
(ii) Increase the amount by which the credit exceeds the maximum loan value of the
collateral.
(2) For purposes of this section, the maximum loan value of the collateral on the day of the
withdrawal or substitution shall be used.
(g) Exchange offers. To enable a customer to participate in a reorganization,
recapitalization or exchange offer that is made to holders of an issue of margin stock, a bank
185
186
may permit substitution of the securities received. A nonmargin, nonexempted security

acquired in exchange for a margin stock shall be treated as if it is margin stock for a period of
60 days following the exchange.
(h) Renewals and extensions of maturity. A renewal or extension of maturity of a credit
need not be considered a new extension of credit if the amount of the credit is increased only
by the addition of interest, service charges, or taxes with respect to the credit.
(i) Transfers of credit. (1) A transfer of a credit between customers or banks or between a
bank and a lender subject to part 207 of this chapter shall not be considered a new extension
of credit if:
(i) The original credit was extended by a bank in compliance with this part or by a lender
subject to part 207 of this chapter in a manner that would have complied with this part;
(ii) The transfer is not made to evade this part or part 207 of this chapter;
(iii) The amount of credit is not increased; and
(iv) The collateral for the credit is not changed.
(2) Any transfer between customers at the same bank shall be accompanied by a statement
by the transferor customer describing the circumstances giving rise to the transfer and shall
be accepted and signed by an officer of the bank acting in good faith. The bank shall keep
such statement with its records of the transferee account.
(3) When a transfer is made between banks or between a bank and a lender subject to part
207 of this chapter, the transferee shall obtain a copy of the Form FR U-1 or Form FR G-3
originally filed with the transferor and retain the copy with its records of the transferee
account. If no form was originally filed with the transferor, the transferee may accept in good
faith a statement from the transferor
describing the purpose of the loan and the collateral securing it.
(j) Action for bank's protection. Nothing in this part shall require a bank to waive or forego
any lien or prevent a bank from taking any action it deems necessary in good faith for its
protection.
(k) Mistakes in good faith. A mistake in good faith in connection with the extension of
maintenance of credit shall not be a violation of this part.
(l) Lack of notice of NMS security designation. Failure to treat an NMS security as a
margin stock in connection with an extension of credit shall not be deemed a violation of this
part if the designation is made between quarterly publications of the Board's List of OTC
Margin Stocks and the bank does not have actual notice of the designation.
[Reg. U, 48 FR 35076, Aug. 3, 1983, as amended at 49 FR 35758, Sept. 12,

1984; 52 FR 35683, Sept. 23, 1987; 56 FR 46111, Sept. 10, 1991; 56 FR
66120, Dec. 20, 1991]
Sec. 221.8 Supplement, maximum loan value of margin stock and other collateral.
(a) Maximum loan value of margin stock. The maximum loan value of any margin stock
expect options is fifty per cent of its current market value.
(b) Maximum loan value of nonmargin stock and all other collateral. The maximum loan
value of nonmargin stock and all other collateral except puts, calls, or combinations thereof is
their good faith loan value.
186
187
(c) Maximum loan value of options. Except for purposes of Sec. 221.5(c)(10) of this part,
puts, calls, and combinations thereof have no loan value.
December 4, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv3_98.html)
14. Regulation Y – Bank Holding Company Act - purpose is to:

• Regulate the acquisition of control of banks by companies and individuals;
• Define and regulate the nonbanking activities in which bank holding companies and
foreign banking organizations with United States operations may engage; and
• Set forth the procedures for securing approval for these transactions and activities
The Bank Holding Company act of 1956 was designed to control interstate banking activities
by requiring that the State being expanded into specifically allowed the formation of an
interstate bank. The following section is an excerpt of text of Regulation Y.

(a) Authority. This part <SUP>1</SUP> (Regulation Y) is issued by the Board of

Governors of the Federal Reserve System (Board) under section 5(b) of the Bank Holding
Company Act of 1956, as amended (12 U.S.C. 1844(b)) (BHC Act); sections 8 and 13(a) of
the International Banking Act of 1978 (12 U.S.C. 3106 and 3108); section 7(j)(13) of the
Federal Deposit Insurance Act, as amended by the Change in Bank Control Act of 1978 (12
U.S.C. 1817(j)(13)) (Bank Control Act); section 8(b) of the Federal Deposit Insurance Act
(12 U.S.C. 1818(b)); section 914 of the Financial Institutions Reform, Recovery and
Enforcement Act of 1989 (12 U.S.C. 1831i); section 106 of the Bank Holding Company Act
Amendments of 1970 (12 U.S.C. 1972); and the International Lending Supervision Act of
1983 (Pub. L. 98-181, title IX). The BHC Act is
codified at 12 U.S.C. 1841, et seq. \1\ Code of Federal Regulations, title 12, chapter II, part
225.
(b) Purpose. The principal purposes of this part are to:
(1) Regulate the acquisition of control of banks by companies and
individuals;
(2) Define and regulate the nonbanking activities in which bank holding companies and
foreign banking organizations with United States operations may engage; and
(3) Set forth the procedures for securing approval for these transactions and activities.
(c) Scope--(1) Subpart A contains general provisions and definitions of terms used in this
regulation.
(2) Subpart B governs acquisitions of bank or bank holding company securities and assets
by bank holding companies or by any company that will become a bank holding company as
a result of the acquisition.
(3) Subpart C defines and regulates the nonbanking activities in which bank holding
companies and foreign banking organizations may engage directly or through a subsidiary.
The Board's Regulation K governs certain nonbanking activities conducted by foreign
187
188
banking organizations and certain foreign activities conducted by bank holding companies
(12 CFR part 211, International Banking Operations).
(4) Subpart D specifies situations in which a company is presumed to control voting
securities or to have the power to exercise a controlling influence over the management or
policies of a bank or other company; sets forth the procedures for making a control
determination; and provides rules governing the effectiveness of divestitures by bank holding
companies.
(5) Subpart E governs changes in bank control resulting from the acquisition by
individuals or companies (other than bank holding companies) of voting securities of a bank
holding company or state member bank of the Federal Reserve System.
(6) Subpart F specifies the limitations that govern companies that control so-called
nonbank banks and the activities of nonbank banks.
(7) Subpart G prescribes minimum standards that apply to the performance of real estate
appraisals and identifies transactions that require state certified appraisers.
(8) Subpart H identifies the circumstances when written notice must
be provided to the Board prior to the appointment of a director or senior officer of a bank
holding company and establishes procedures for obtaining the required Board approval.
(9) Appendix A to the regulation contains the Board's Risk-Based Capital Adequacy
Guidelines for bank holding companies.
(10) Appendix B contains the Board's Capital Adequacy Guidelines for measuring leverage
for bank holding companies and state member banks.
(11) Appendix C contains the Board's policy statement governing small bank holding
companies.
(12) Appendix D contains the Board's Capital Adequacy Guidelines for measuring tier 1
leverage for bank holding companies.
(13) Appendix E contains the Board's Capital Adequacy Guidelines for
measuring market risk of bank holding companies.
[Reg. Y, 62 FR 9319, Feb. 28, 1997, unless otherwise noted.]
15. Regulation Z – Truth in Lending - purpose is to promote the informed use of consumer
credit by requiring disclosures about its terms and cost. The regulation gives consumers the
right to cancel certain credit transactions that involve a lien on a consumer's principal
dwelling, regulates certain credit card practices, and provides a means for fair and timely
resolution of credit billing disputes. The following section is an excerpt of text of Regulation
Z.
Sec. 226.1 Authority, purpose, coverage, organization, enforcement and liability.
(a) Authority. This regulation, known as Regulation Z, is issued by the Board of

Governors of the Federal Reserve System to implement the Federal Truth in Lending Act,
which is contained in title I of the Consumer Credit Protection Act, as amended (15 U.S.C.
188
189
1601 et seq.). This regulation also implements title XII, section 1204 of the Competitive
Equality Banking Act of 1987 (Pub. L. 100-86, 101 Stat. 552). Information-collection
requirements contained in this regulation have been approved by the Office of Management
and Budget under the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB
number 7100-0199.
(b) The purpose of this regulation is to promote the informed use of consumer credit by
requiring disclosures about its terms and cost. The regulation gives consumers the right to
cancel certain credit transactions that involve a lien on a consumer's principal dwelling,
regulates certain credit card practices, and provides a means for fair and timely resolution of
credit billing disputes. The regulation does not govern charges for consumer credit. The
regulation requires a maximum interest rate to be stated in variable-rate contracts secured by
the consumer's dwelling. It also imposes limitations on home equity plans that are subject to
the requirements of Sec. 226.5b and mortgages that are subject to the requirements of Sec.
226.32.
(c) Coverage. (1) In general, this regulation applies to each individual or business that
offers or extends credit when four conditions are met: (i) The credit is offered or extended to
consumers; (ii) the offering or extension of credit is done regularly;
(iii) the credit is subject to a finance charge or is payable by a written agreement in more than
4 installments; and (iv) the credit is primarily for personal, family, or household purposes.
(2) If a credit card is involved, however, certain provisions apply even if the credit is not
subject to a finance charge, or is not payable by a written agreement in more than 4
installments, or if the credit card is to be used for business purposes.
(3) In addition, certain requirements of Sec. 226.5b apply to persons who are not creditors
but who provide applications for home equity plans to consumers.
(d) Organization. The regulation is divided into subparts and appendices as follows:
(1) Subpart A contains general information. It sets forth: (i) The authority, purpose,
coverage, and organization of the regulation; (ii) the definitions of basic terms; (iii) the
transactions that are exempt from coverage; and (iv) the method of determining the finance
charge.
(2) Subpart B contains the rules for open-end credit. It requires that initial disclosures and
periodic statements be provided, as well as additional disclosures for credit and charge card
applications and solicitations and for home equity plans subject to the requirements of Secs.
226.5a and 226.5b, respectively.
(3) Subpart C relates to closed-end credit. It contains rules on disclosures, treatment of
credit balances, annual percentage rate calculations, rescission requirements, and advertising.
(4) Subpart D contains rules on oral disclosures, Spanish language disclosure in Puerto
Rico, record retention, effect on state laws, state exemptions, and rate limitations.
(5) Subpart E relates to mortgage transactions covered by Sec. 226.32 and reverse
mortgage transactions. It contains rules on disclosures, fees, and total annual loan cost rates.
(6) Several appendices contain information such as the procedures for determinations
about state laws, state exemptions and issuance of staff interpretations, special rules for
certain kinds of credit plans, a list of enforcement agencies, and the rules for computing
annual percentage rates in closed-end credit transactions and total annual loan cost rates for
reverse mortgage transactions.
(e) Enforcement and liability. Section 108 of the act contains the administrative
enforcement provisions. Sections 112, 113, 130, 131, and 134 contain provisions relating to
189
190
liability for failure to comply with the requirements of the act and the regulation. Section
1204(c) of title XII of the Competitive Equality Banking Act of 1987, Pub. L. 100-86, 101
Stat. 552, incorporates by reference administrative enforcement and civil liability provisions
of sections 108 and 130 of the act.
[Reg. Z, 46 FR 20892, Apr. 7, 1981, as amended at 52 FR 43181, Nov. 9, 1987; 54 FR

13865, Apr. 6, 1989; 54 FR 24686, June 9, 1989; 60 FR 15471, Mar. 24, 1995]
16. Regulation BB – Community Reinvestment Act - purpose is to assess an institution's

record of helping to meet the credit needs of the local communities in which the institution is
chartered, consistent with the safe and sound operation of the institution, and to take this
record into account in the agency's evaluation of an application for a deposit facility by the
institution. The following section is an excerpt of text of Regulation BB.

Sec. 228.11 Authority, purposes, and scope.
(a) Authority. The Board of Governors of the Federal Reserve System (the Board) issues
this part to implement the Community Reinvestment Act (12 U.S.C. 2901 et seq.) (CRA).
The regulations comprising this part are issued under the authority of the CRA and under the
provisions of the United States Code authorizing the Board:
(1) To conduct examinations of State-chartered banks that are members of the Federal
Reserve System (12 U.S.C. 325);
(2) To conduct examinations of bank holding companies and their subsidiaries (12 U.S.C.
1844); and
(3) To consider applications for:
(i) Domestic branches by State member banks (12 U.S.C. 321);
(ii) Mergers in which the resulting bank would be a State member bank (12 U.S.C.
1828(c));
(iii) Formations of, acquisitions of banks by, and mergers of, bank holding companies (12
U.S.C. 1842); and
(iv) The acquisition of savings associations by bank holding companies (12 U.S.C. 1843).
(b) Purposes. In enacting the CRA, the Congress required each appropriate Federal
financial supervisory agency to assess an institution's record of helping to meet the credit
needs of the local communities in which the institution is chartered, consistent with the safe
and sound operation of the institution, and to take this record into account in the agency's
evaluation of an application for a deposit facility by the institution. This part is intended to
carry out the purposes of the CRA by:
(1) Establishing the framework and criteria by which the Board assesses a bank's record of
helping to meet the credit needs of its entire community, including low- and moderate-
income neighborhoods, consistent with the safe and sound operation of the bank; and
190
191
(2) Providing that the Board takes that record into account in considering certain
applications.
(c) Scope--(1) General. This part applies to all banks except as provided in paragraph
(c)(3) of this section. (2) Foreign bank acquisitions. This part also applies to an uninsured
State branch (other than a limited branch) of a foreign bank that results from an acquisition
described in section 5(a)(8) of the International Banking Act of 1978 (12 U.S.C. 3103(a)(8)).
The terms
``State branch'' and ``foreign bank'' have the same meanings as in section 1(b) of the
International Banking Act of 1978 (12 U.S.C. 3101 et seq.); the term `ùninsured State
branch'' means a State branch the deposits of which are not insured by the Federal Deposit
Insurance
Corporation; the term ``limited branch'' means a State branch that accepts only deposits that
are permissible for a corporation organized under section 25A of the Federal Reserve Act (12
U.S.C. 611 et seq.).
(3) Certain special purpose banks. This part does not apply to special purpose banks that
do not perform commercial or retail banking services by granting credit to the public in the
ordinary course of business, other than as incident to their specialized operations. These
banks include banker's banks, as defined in 12 U.S.C. 24 (Seventh), and banks that engage
only in one or more of the following activities: providing cash management controlled
disbursement services or serving as correspondent banks, trust companies, or clearing agents.
[Reg. Y, 62 FR 9319, Feb. 28, 1997, unless otherwise noted.]
17. Regulation CC – Availability of Funds and Collections of Checks - purpose is to assess

an institution's record of helping to meet the credit needs of the local communities in which
the institution is chartered, consistent with the safe and sound operation of the institution, and
to take this record into account in the agency's evaluation of an application for a deposit
facility by the institution. The following section is an excerpt of text of Regulation CC.

Sec. 229.1 Authority and purpose; organization.
(a) Authority and purpose. This part (Regulation CC; 12 CFR part 229) is issued by the
Board of Governors of the Federal Reserve System (Board) to implement the Expedited
Funds Availability Act (Act) (title VI of Pub. L. 100-86, 101 Stat. 552, 635), as amended by
section 1001 of the Cranston-Gonzalez National Affordable Housing Act of 1990 (Pub. L.
101-625, 104 Stat. 4079, 4424) and sections 212(h), 225, and 227 of the Federal Deposit
Insurance Corporation Improvement Act of 1991 (Pub. L. 102-242, 105 Stat. 2236, 2303,
2307).
(b) Organization. This part is divided into subparts and appendices as follows--
(1) Subpart A contains general information. It sets forth--
(i) The authority, purpose, and organization;
191
192
(ii) Definition of terms; and

(iii) Authority for administrative enforcement of this part's provisions.
(2) Subpart B of this part contains rules regarding the duty of banks to make funds
deposited into accounts available for withdrawal, including availability schedules. Subpart B
of this part also contains rules regarding exceptions to the schedules, disclosure of funds
availability policies, payment of interest, liability of banks for failure to comply with Subpart
B of this part, and other matters.
(3) Subpart C of this part contains rules to expedite the collection and return of checks by
banks. These rules cover the direct return of checks, the manner in which the paying bank
and returning banks must return checks to the depositary bank, notification of nonpayment by
the paying bank, indorsement and presentment of checks, same-day settlement for certain
checks, the liability of banks for failure to comply with subpart C of this part, and other
matters.
[53 FR 19433, May 27, 1988, as amended at 57 FR 36598, Aug. 14, 1992; 57
FR 46972, Oct. 14, 1992; Reg. CC, 60 FR 51670, Oct. 3, 1995]
18. Regulation DD – Truth in Savings - purpose is to enable consumers to make informed

decisions about accounts at depository institutions. This part requires depository institutions
to provide disclosures so that consumers can make meaningful comparisons among
depository institutions. The following section is an excerpt of text of Regulation DD.

Sec. 230.1 Authority, purpose, coverage, and effect on state laws.
(a) Authority. This part, known as Regulation DD, is issued by the Board of Governors of
the Federal Reserve System to implement the Truth in Savings Act of 1991 (the act),
contained in the Federal Deposit Insurance Corporation Improvement Act of 1991 (12 U.S.C.
4301 et seq., Pub. L. 102-242, 105 Stat. 2236). Information collection requirements
contained in this part have been approved by the Office of Management and Budget under
the provisions of 44 U.S.C. 3501 et seq. and have been assigned OMB No. 7100-0255.
(b) Purpose. The purpose of this part is to enable consumers to make informed decisions
about accounts at depository institutions. This part requires depository institutions to provide
disclosures so that consumers can make meaningful comparisons among depository
institutions.
(c) Coverage. This part applies to depository institutions except for credit unions. In
addition, the advertising rules in Sec. 230.8 of this part apply to any person who advertises
an account offered by a depository institution, including deposit brokers.
(d) Effect on state laws. State law requirements that are inconsistent with the requirements
of the act and this part are preempted to the extent of the inconsistency. Additional
information on inconsistent state laws and the procedures for requesting a preemption
determination from the Board are set forth in appendix C of this part.
192
193
19. Regulation 34 – Real Estate Lending and Appraisals - purpose is to set forth standards
for real estate-related lending and associated activities by national banks. The following
section is an excerpt of text of Regulation 34.

CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE
TREASURY
Sec. 34.1 Purpose and scope.

(a) Purpose. The purpose of this part is to set forth standards for real estate-related lending
and associated activities by national banks. (b) Scope. This part applies to national banks
and their operating subsidiaries as provided in 12 CFR 5.34. For the purposes of 12 U.S.C.
371 and subparts A and B of this part, loans secured by liens on interests in real estate
include loans made upon the security of condominiums, leaseholds, cooperatives, forest
tracts, land sales contracts, and construction project loans. Construction project loans are not
subject to subparts A and B of this part, however, if they have a maturity not exceeding 60
months and are made to finance the construction of either:
(1) A building where there is a valid and binding agreement entered into by a financially
responsible lender or other party to advance the full amount of the bank's loan upon
completion of the building; or
(2) A residential or farm building.
Sec. 34.2 Definitions.

(a) Due-on-sale clause means any clause that gives the lender or any assignee or transferee
of the lender the power to declare the entire debt payable if all or part of the legal or
equitable title or an equivalent contractual interest in the property securing the loan is
transferred to another person, whether by deed, contract, or otherwise.
(b) State means any State of the United States of America, the District of Columbia, Puerto
Rico, the Virgin Islands, the Northern Mariana Islands, American Samoa, and Guam.
(c) State law limitations means any State statute, regulation, or order of any State agency,
or judicial decision interpreting State law.
Sec. 34.3 General rule.

A national bank may make, arrange, purchase, or sell loans or extensions of credit, or
interests therein, that are secured by liens on, or interests in, real estate, subject to terms,
conditions, and limitations prescribed by the Comptroller of the Currency by regulation or
order.
[61 FR 11300, Mar. 20, 1996, unless otherwise noted.]
193
194
December 5, 1999 - http://www.access.gpo.gov/cgi-bin/cfrassemble.cgi?title=199812
20. Bank Bribery Act - purpose is to govern the activities of financial institution employees
regarding the receipt of anything in value in return for favorable loan procurements. The
following section is an excerpt of text of the Bank Bribery Act.
§ 215. Receipt of commissions or gifts for procuring loans.{*}

(a) Whoever--
(1) corruptly gives, offers, or promises anything of value to any person, with intent to
influence or reward an officer, director, employee, agent, or attorney of a financial institution
in connection with any business or transaction of such institution; or
(2) as an officer, director, employee, agent, or attorney of a financial institution, corruptly
solicits or demands for the benefit of any person, or corruptly accepts or agrees to accept,
anything of value from any person, intending to be influenced or rewarded in connection
with any business or transaction of such institution; shall be fined under this title or three
times the value of the thing given, offered, promised, solicited, demanded, accepted, or
agreed to be accepted, whichever is greater, or imprisoned not more than 30 years, or both,
but if the value of the thing given, offered, promised, solicited, demanded, accepted, or
agreed to be accepted does not exceed $1,000, shall be fined under this title or imprisoned
not more than one year, or both.
(b) [Revoked]
(c) This section shall not apply to bona fide salary, wages, fees, or other compensation
paid, or expenses paid or reimbursed, in the usual course of business.
(d) Federal agencies with responsibility for regulating a financial institution shall jointly
establish such guidelines as are appropriate to assist an officer, director, employee, agent, or
attorney of a financial institution to comply with this section. Such agencies shall make such
guidelines available to the public.
{* The Act of August 4, 1986 (Pub. L. No. 99--370; 100 Stat. 779), which amends section
215, may be cited as the "Bank Bribery Amendments Act of 1985."}
on December 21, 1999 - http://www.fdic.gov/regulations/laws/rules/8000-7.html#8284
21. Bank Secrecy Act - was passed in 1970 to require banks to document and file certain
transaction reports for possible use in criminal, tax, or regulatory proceedings. The purpose
was to provide an audit trail of banking transactions to reduce the potential for money
laundering activities by those involved in illegal activities. The regulations emphasize the
development and implementation of “know your customer” policies and procedures by
banks. Compliance with the Act is extremely important as civil and criminal penalties can be
imposed including the termination of banking licenses.
194
195
Each bank is required to develop and provide for the continued administration of a program
reasonably designed to assure and monitor compliance with the recordkeeping and reporting
requirements. The following section is an excerpt of text of the Bank Secrecy Act.

CHAPTER I--COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE
TREASURY
Sec. 21 (a)(1) The Congress finds that adequate records maintained by insured depository
institutions have a high degree of usefulness in criminal, tax, and regulatory investigations
and proceedings. The Congress further finds that microfilm or other reproductions and other
records made by banks of checks, as well as records kept by banks of the identity of persons
maintaining or authorized to act with respect to accounts therein, have been of particular
value in this respect.
(2) It is the purpose of this section to require the maintenance of appropriate types of
records by insured depository institutions in the United States where such records have a high
degree of usefulness in criminal, tax, or regulatory investigations or proceedings.
Subpart C--Procedures for Monitoring Bank Secrecy Act Compliance
Sec. 21.21 Bank Secrecy Act compliance.

(a) Purpose. This subpart is issued to assure that all national banks establish and maintain
procedures reasonably designed to assure and monitor their compliance with the
requirements of subchapter II of chapter 53 of title 31, United States Code, and the
implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR
part 103.
(b) Compliance procedures. On or before April 27, 1987, each bank shall develop and
provide for the continued administration of a program reasonably designed to assure and
monitor compliance with the recordkeeping and reporting requirements set forth in
subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations
promulgated thereunder by the Department of Treasury at 31 CFR part 103. The compliance
program shall be reduced to writing, approved by the board of directors and noted in the
minutes.
(c) Contents of compliance program. The compliance program shall, at
a minimum:
(1) Provide for a system of internal controls to assure ongoing compliance;
(2) Provide for independent testing for compliance to be conducted by bank personnel or
by an outside party;
(3) Designate an individual or individuals responsible for coordinating and monitoring
day-to-day compliance; and
(4) Provide training for appropriate personnel.
(Approved by the Office of Management and Budget under control number 1557-0180)
[52 FR 2859, Jan. 27, 1987]
195
196
The following information details some requirement outlined in the Code of Federal
Regulations.
(b) At one time. For purposes of Sec. 103.23 of this part, a person who transports, mails,
ships or receives; is about to or attempts to transport, mail or ship; or causes the
transportation, mailing, shipment or receipt of monetary instruments, is deemed
to do so `àt one time'' if:
(1) That person either alone, in conjunction with or on behalf of others;

(2) Transports, mails, ships or receives in any manner; is about to transport, mail or ship
in any manner; or causes the transportation, mailing, shipment or receipt in any manner of;
(3) Monetary instruments;
(4) Into the United States or out of the United States;
(5) Totaling more than $10,000;
(6)(i) On one calendar day or (ii) if for the purpose of evading the reporting requirements
of Sec. 103.23, on one or more days.
103.22 Reports of transactions in currency.
(a) General. This section sets forth the rules for the reporting by financial institutions of
transactions in currency. The reporting obligations themselves are stated in paragraph (b) of
this section. The reporting rules relating to aggregation are stated in
paragraph (c) of this section. Rules permitting banks to exempt certain transactions from the
reporting obligations appear in paragraph (d) of this section.
(b) Filing obligations—(1) Financial institutions other than casinos. Each financial institution
other than a casino shall file a report of each deposit, withdrawal, exchange of currency or
other payment or transfer, by, through, or to such financial institution which involves a
transaction in currency of more than $10,000, except as otherwise provided in this section. In
the case of the Postal Service, the obligation contained in the preceding sentence shall not
apply to payments or transfers made solely in connection with the purchase of postage or
philatelic products.
(2) Casinos. Each casino shall file a report of each transaction in currency, involving either
cash in or cash out, of more than $10,000.
(i) Transactions in currency involving cash in include, but are not limited to:
(A) Purchases of chips, tokens, and plaques;
(B) Front money deposits;
(C) Safekeeping deposits;
(D) Payments on any form of credit, including markers and counter checks;
(E) Bets of currency;
(F) Currency received by a casino for transmittal of funds through wire transfer for a
customer;
196
197
(G) Purchases of a casino’s check; and

(H) Exchanges of currency for currency, including foreign currency.
(ii) Transactions in currency involving cash out include, but are not limited to:
(A) Redemptions of chips, tokens, and plaques;
(B) Front money withdrawals;
(C) Safekeeping withdrawals;
(D) Advances on any form of credit, including markers and counter checks;
(E) Payments on bets, including slot jackpots;
(F) Payments by a casino to a customer based on receipt of funds through wire transfer for
credit to a customer;
(G) Cashing of checks or other negotiable instruments; and
(I) Reimbursements for customers’ travel and entertainment expenses by the casino.
(c) Aggregation—(1) Multiple branches. A financial institution includes all of its domestic
branch offices, and any recordkeeping facility, wherever located, that contains records
relating to the transactions of the institution’s domestic offices,
for purposes of this section’s reporting requirements.
(2) Multiple transactions—general. In the case of financial institutions other than casinos, for
purposes of this section, multiple currency transactions shall be treated as a single transaction
if the financial institution has knowledge that they are by or
on behalf of any person and result in either cash in or cash out totaling more than $10,000
during any one business day (or in the case of the Postal Service, any one day). Deposits
made at night or over a weekend or holiday shall be treated as if
received on the next business day following the deposit.
(3) Multiple transactions—casinos. In the case of a casino, multiple currency transactions

shall be treated as a single transaction if the casino has knowledge that they are by or on
behalf of any person and result in either cash in or cash out
totaling more than $10,000 during any gaming day. For purposes of this paragraph (c)(3), a
casino shall be deemed to have the knowledge described in the preceding sentence, if: any
sole proprietor, partner, officer, director, or employee of the casino,
acting within the scope of his or her employment, has knowledge that such multiple currency
transactions have occurred, including knowledge from examining the books, records, logs,
information retained on magnetic disk, tape or other machine-readable media, or in any
manual system, and similar documents and information, which the casino maintains pursuant
to any law or regulation or within the ordinary course of its business, and which contain
information that such multiple currency transactions have occurred.
(d) Transactions of exempt persons— (1) General. No bank is required to file a report
otherwise required by paragraph (b) of this section with respect to any transaction in currency
between an exempt person and such bank, or, to the extent provided
in paragraph (d)(6)(vi) of this section, between such exempt person and other banks affiliated
with such bank. In addition, a non-bank financial institution is not required to file a report
otherwise required by paragraph (b) of this section with respect to a
197
198
transaction in currency between the institution and a commercial bank. (A limitation on the
exemption described in this paragraph (d)(1) is set forth in paragraph (d)(7) of this section.)
(The information above was taken from the Code of Federal Regulations Web site on
December 5, 1999 - http://www.access.gpo.gov/nara/cfr/waisidx_98/12cfrv6_98.html#700
22. Fair Credit Reporting Act - purpose is to ensure fair and accurate credit reporting to
ensure public confidence and to provide for fair and private evaluation of credit worthiness.
The following section is an excerpt of text of the Fair Credit Reporting Act.
§ 601. Short title
This title may be cited as the Fair Credit Reporting Act.
[Source: Section 601 of title VI of the Act of May 29, 1968 (Pub. L. No. 90-321), as added
by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91-508; 84 Stat. 1128),
effective April 25, 1971]
§ 602. Findings and purpose

(a) The Congress makes the following findings:
(1) The banking system is dependent upon fair and accurate credit reporting. Inaccurate
credit reports directly impair the efficiency of the banking system, and unfair credit reporting
methods undermine the public confidence which is essential to the continued functioning of
the banking system.
(2) An elaborate mechanism has been developed for investigating and evaluating the
credit worthiness, credit standing, credit capacity, character, and general reputation of
consumers.
(3) Consumer reporting agencies have assumed a vital role in assembling and evaluating
consumer credit and other information on consumers.
(4) There is a need to insure that consumer reporting agencies exercise their grave
responsibilities with fairness, impartiality, and a respect for the consumer's right to privacy.
(b) It is the purpose of this title to require that consumer reporting agencies adopt
reasonable procedures for meeting the needs of commerce for consumer credit, personnel,
insurance, and other information in a manner which is fair and equitable to the consumer,
with regard to the confidentiality, accuracy, relevancy, and proper utilization of such
information in accordance with the requirements of this title.
[Source: Section 602 of title VI of the Act of May 29, 1968 (Pub. L. No. 90-321), as added
by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91-508; 84 Stat. 1128),
effective April 25, 1971]
§ 603. Definitions and rules of construction
198
199
(a) Definitions and rules of construction set forth in this section are applicable for the
purposes of this title.
(b) The term "person" means any individual, partnership, corporation, trust, estate,
cooperative, association, government or governmental subdivision or agency, or other entity.
(c) The term "consumer" means an individual.
(d) CONSUMER REPORT.-- {{4-30-99 p.6602}}
(1) IN GENERAL.--The term "consumer report" means any written, oral, or other
communication of any information by a consumer reporting agency bearing on a consumer's
credit worthiness, credit standing, credit capacity, character, general reputation, personal
characteristics, or mode of living which is used or expected to be used or collected in whole
or in part for the purpose of serving as a factor in establishing the consumer's eligibility for--
(A) credit or insurance to be used primarily for personal, family, or household purposes;
(B) employment purposes; or
(C) any other purpose authorized under section 604.
(2) EXCLUSIONS.--The term "consumer report" does not include--
(A) any--
(i) report containing information solely as to transactions or experiences between the
consumer and the person making the report;
(ii) communication of that information among persons related by common ownership
or affiliated by corporate control; or
(iii) communication of other information among persons related by common ownership
or affiliated by corporate control, if it is clearly and conspicuously disclosed to the consumer
that the information may be communicated among such persons and the consumer is given
the opportunity, before the time that the information is initially communicated, to direct that
such information not be
communicated among such persons;
(B) any authorization or approval of a specific extension of credit directly or indirectly
by the issuer of a credit card or similar device;
(C) any report in which a person who has been requested by a third party to make a
specific extension of credit directly or indirectly to a consumer conveys his or her decision
with respect to such request, if the third party advises the consumer of the name and address
of the person to whom the request was made, and such person makes the disclosures to the
consumer required under section 615; or
(e) The term "investigative consumer report" means a consumer report or portion thereof
in which information on a consumer's character, general reputation, personal characteristics,
or mode of living is obtained through personal interviews with neighbors, friends, or
associates of the consumer reported on or with others with whom he is acquainted or who
may have knowledge concerning any such items of information. However, such information
shall not include specific factual information on a consumer's credit record obtained directly
from a creditor of the consumer or from a consumer reporting agency when such information
was obtained directly from a creditor of the consumer or from the consumer.
(f) The term "consumer reporting agency" means any person which, for monetary fees,
dues, or on a cooperative nonprofit basis, regularly engages in whole or in part in the practice
of assembling or evaluating consumer credit information or other information on consumers
199
200
for the purpose of furnishing consumer reports to third parties, and which uses any means or
facility of interstate commerce for the purpose of preparing or furnishing consumer reports.
(g) The term "file", when used in connection with information on any consumer, means all
of the information on that consumer recorded and retained by a consumer reporting agency
regardless of how the information is stored.
(h) The term "employment purposes" when used in connection with a consumer report
means a report used for the purpose of evaluating a consumer for employment, promotion,
reassignment or retention as an employee.
(i) The term "medical information" means information or records obtained, with the
consent of the individual to whom it relates, from licensed physicians or medical
practitioners, hospitals, clinics, or other medical or medically related facilities.
(k) ADVERSE ACTION.--
(1) ACTIONS INCLUDED.--The term "adverse action"--
{{4-30-99 p.6603}}
(A) has the same meaning as in section 701(d)(6) of the Equal Credit Opportunity Act;
and
(B) means--
(i) a denial or cancellation of, an increase in any charge for, or a reduction or other
adverse or unfavorable change in the terms of coverage or amount of, any insurance, existing
or applied for, in connection with the underwriting of insurance;
(ii) a denial of employment or any other decision for employment purposes that
adversely affects any current or prospective employee;
(iii) a denial or cancellation of, an increase in any charge for, or any other adverse or
unfavorable change in the terms of, any license or benefit described in section 604(a)(3)(D);
and
(iv) an action taken or determination that is--
(I) made in connection with an application that was made by, or a transaction that was
initiated by, any consumer, or in connection with a review of an account under section
604(a)(3)(F)(ii); and
(II) adverse to the interests of the consumer.
(2) APPLICABLE FINDINGS, DECISIONS, COMMENTARY AND ORDERS.--For
purposes of any determination of whether an action is an adverse action under paragraph
(1)(A), all appropriate final findings, decisions, commentary, and orders issued under section
701(d)(6) of the Equal Credit Opportunity Act by the Board of Governors of the Federal
Reserve System or any court shall apply.
(l) FIRM OFFER OF CREDIT OR INSURANCE.--The term "firm offer of credit or
insurance" means any offer of credit or insurance to a consumer that will be honored if the
consumer is determined, based on information in a consumer report on the consumer, to meet
the specific criteria used to select the consumer for the offer, except that the offer may be
further conditioned on one or more of the following:
(1) The consumer being determined, based on information in the consumer's application
for the credit or insurance, to meet specific criteria bearing on credit worthiness or
insurability, as applicable, that are established--
(A) before selection of the consumer for the offer; and
(B) for the purpose of determining whether to extend credit or insurance pursuant to the
offer.
200
201
(2) Verification--
(A) that the consumer continues to meet the specific criteria used to select the consumer
for the offer, by using information in a consumer report on the consumer, information in the
consumer's application for the credit or insurance, or other information bearing on the credit
worthiness or insurability of the consumer; or
(B) of the information in the consumer's application for the credit or insurance, to
determine that the consumer meets the specific criteria bearing on credit worthiness or
insurability.
(3) The consumer furnishing any collateral that is a requirement for the extension of the
credit or insurance that was--
(A) established before selection of the consumer for the offer of credit or insurance; and
(B) disclosed to the consumer in the offer of credit or insurance.
(m) CREDIT OR INSURANCE TRANSACTION THAT IS NOT INITIATED BY THE
CONSUMER.--The term "credit or insurance transaction that is not initiated by the
consumer" does not include the use of a consumer report by a person with which the
consumer has an account or insurance policy, for purposes of--
(1) reviewing the account or insurance policy; or
(2) collecting the account.
(n) STATE.--The term "State" means any State, the Commonwealth of Puerto Rico, the
District of Columbia, and any territory or possession of the United States.
(o) EXCLUDED COMMUNICATIONS.--A communication described in this subsection
if it is a communication-- {{4-30-99 p.6604}}
(1) that, but for subsection (d)(2)(D), would be an investigative consumer report;
(2) that is made to a prospective employer for the purpose of--
(A) procuring an employee for the employer; or
(B) procuring an opportunity for a natural person to work for the employer;
(3) that is made by a person who regularly performs such procurement;
(4) that is not used by any person for any purpose other than a purpose described in
subparagraph (A) or (B) of paragraph (2); and
(5) with respect to which--
(A) the consumer who is the subject of the communication--
(i) consents orally or in writing to the nature and scope of the communication, before
the collection of any information for the purpose of making the communication;
(ii) consents orally or in writing to the making of the communication to a prospective
employer, before the making of the communication; and
(iii) in the case of consent under clause (i) or (ii) given orally, is provided written
confirmation of that consent by the person making the communication, not later than 3
business days after the receipt of the consent by that person;
(B) the person who makes the communication does not, for the purpose of making the
communication, make any inquiry that if made by a prospective employer of the consumer
who is the subject of the communication would violate any applicable Federal or State equal
employment opportunity law or regulation; and
(C) the person who makes the communication--
(i) discloses in writing to the consumer who is the subject of the communication, not
later than 5 business days after receiving any request from the consumer for such disclosure,
the nature and substance of all information in the consumer's file at the time of the request,
201
202
except that the sources of any information that is acquired solely for use in making the
communication and is actually used for no other purpose, need not be disclosed other than
under appropriate discovery procedures in any court of competent jurisdiction in which an
action is brought; and
(ii) notifies the consumer who is the subject of the communication, in writing, of the
consumer's right to request the information described in clause (i).
(p) CONSUMER REPORTING AGENCY THAT COMPILES AND MAINTAINS
FILES ON CONSUMERS ON A NATIONWIDE BASIS.--The term "consumer reporting
agency that compiles and maintains files on consumers on a nationwide basis" means a
consumer reporting agency that regularly engages in the practice of assembling or evaluating,
and maintaining, for the purpose of furnishing consumer reports to third parties bearing on a
consumer's credit worthiness, credit standing, or credit capacity, each of the following
regarding consumers residing nationwide:
(1) Public record information.
(2) Credit account information from persons who furnish that information regularly and
in the ordinary course of business.
[Codified to 15 U.S.C. 1681a]
[Source: Section 603 of title VI of the Act of May 29, 1968 (Pub. L. No. 90–321), as added
by section 601 of title VI of the Act of October 26, 1970 (Pub. L. No. 91–508; 84 Stat. 1128),
effective April 25, 1971; section 2402 of title II of the Act of September 30, 1996 (Pub. L.
No. 104–208, 110 Stat. 3009–426–430), effective September 30, 1997; section 6(1)–(3) of
the Act of November 2, 1998 (Pub. L. No. 105–347; 112 Stat. 3211), effective September 30,
1997]
§ 604. Permissible purposes of reports
(a) IN GENERAL.--Subject to subsection (c), any consumer reporting agency may furnish
a consumer report under the following circumstances and no other:
(1) In response to the order of a court having jurisdiction to issue such an order, or a
subpoena issued in connection with proceedings before a Federal grand jury.
(2) In accordance with the written instructions of the consumer to whom it relates.
on December 23, 1999 - http://www.fdic.gov/regulations/laws/rules/10000-3.html.) Use this
generic site
23. Fair Debt Collection Practices Act - purpose is to eliminate abusive debt collection
practices by debt collectors, to insure that those debt collectors who refrain from using
abusive debt collection practices are not competitively disadvantaged, and to promote
consistent State action to protect consumers against debt collection abuses
The following section is an excerpt of text of the Fair Debt Collection Practices Act.
202
203
§ 801. Short title

This title may be cited as the "Fair Debt Collection Practices Act".
[Source: Section 801 of title VIII of the Act of May 29, 1968 (Pub. L. No. 90--321), as
added by the Act of September 20, 1977 (Pub. L. No. 95--109; 91 Stat. 874), effective
March 20, 1978]
§ 802. Findings and purpose

(a) There is abundant evidence of the use of abusive, deceptive, and unfair debt collection
practices by many debt collectors. Abusive debt collection practices contribute to the
number of personal bankruptcies, to marital instability, to the loss of jobs, and to invasions
of individual privacy.
(b) Existing laws and procedures for redressing these injuries are inadequate to protect
consumers.
(c) Means other than misrepresentation or other abusive debt collection practices are
available for the effective collection of debts.
(d) Abusive debt collection practices are carried on to a substantial extent in interstate
commerce and through means and instrumentalities of such commerce. Even where abusive
debt collection practices are purely intrastate in character, they nevertheless directly affect
interstate commerce. {{8-29-86 p.6617}}
(e) It is the purpose of this title to eliminate abusive debt collection practices by debt
collectors, to insure that those debt collectors who refrain from using abusive debt collection
practices are not competitively disadvantaged, and to promote consistent State action to
protect consumers against debt collection abuses.
24. Fair Housing Act - purpose is to reduce discrimination in housing procurement. It is

unlawful to:
• refuse to sell or rent after the making of a bona fide offer, or to refuse to negotiate for
the sale or rental of, or otherwise make unavailable or deny, a dwelling to any person
because of race, color, religion, sex, familial status, or national origin.
• (b) To discriminate against any person in the terms, conditions, or privileges of sale
or rental of a dwelling, or in the provision of services or facilities in connection
therewith, because of race, color, religion, sex, familial status, or national origin.
The following section is an excerpt of text of the Fair Housing Act.
DISCRIMINATION IN THE SALE OR RENTAL OF HOUSING AND OTHER

PROHIBITED PRACTICES
203
204
SEC. 804. As made applicable by section 803 and except as exempted by sections 803(b)
and 807, it shall be unlawful--
(a) to refuse to sell or rent after the making of a bona fide offer, or to refuse to negotiate for
the sale or rental of, or otherwise make unavailable or deny, a dwelling to any person
(b) To discriminate against any person in the terms, conditions, or privileges of sale or
rental of a dwelling, or in the provision of services or facilities in connection therewith,
(c) To make, print, or publish, or cause to be made, printed, or published any notice,
statement, or advertisement, with respect to the sale or rental of a dwelling that indicates any
preference, limitation, or discrimination based on race, color, religion, sex, handicap,
familial status, or national origin, or an intention to make any such preference, limitation, or
discrimination.
(d) To represent to any person because of race, color, religion, sex, handicap, familial
status, or national origin that any dwelling is not available for inspection, sale, or rental
when such dwelling is in fact so available.
(e) For profit, to induce or attempt to induce any person to sell or rent any dwelling by
representations regarding the entry or prospective entry into the neighborhood of a person or
persons of a particular race, color, religion, sex, handicap, familial status, or national origin.
{{10-31-88 p.8204}}
(f)(1) To discriminate in the sale or rental, or to otherwise make unavailable or deny, a
dwelling to any buyer or renter because of a handicap of--
(A) that buyer or renter;
(B) a person residing in or intending to reside in that dwelling after it is so sold, rented,
or made available; or
(C) any person associated with that buyer or renter.
(2) To discriminate against any person in the terms, conditions, or privileges of sale or
rental of a dwelling, or in the provision of services or facilities in connection with such
dwelling, because of a handicap of--
(A) that person; or
(B) a person residing in or intending to reside in that dwelling after it is so sold, rented,
or made available; or
(C) any person associated with that person.
(3) For purposes of this subsection, discrimination includes--
(A) a refusal to permit, at the expense of the handicapped person, reasonable
modifications of existing premises occupied or to be occupied by such person if such
modifications may be necessary to afford such person full enjoyment of the premises;
(B) a refusal to make reasonable accommodations in rules, policies, practices, or
services, when such accommodations may be necessary to afford such person equal
opportunity to use and enjoy a dwelling; or
(C) in connection with the design and construction of covered multifamily dwellings for
first occupancy after the date that is 30 months after the date of enactment of the Fair
Housing Amendments Act of 1988, a failure to design and construct those dwellings in such
a manner that--
(i) the public use and common use portions of such dwellings are readily accessible to
and usable by handicapped persons;
204
205
(ii) all the doors designed to allow passage into and within all premises within such
dwellings are sufficiently wide to allow passage by handicapped persons in wheelchairs; and
(iii) all premises within such dwellings contain the following features of adaptive
design:
(I) an accessible route into and through the dwelling;
(II) light switches, electrical outlets, thermostats, and other environmental controls in
accessible locations;
(III) reinforcements in bathroom walls to allow later installation of grab bars; and
(IV) usable kitchens and bathrooms such that an individual in a wheelchair can
maneuver about the space.
(4) Compliance with the appropriate requirements of the American National Standard for
buildings and facilities providing accessibility and usability for physically handicapped
people (commonly cited as "ANSI A117.1") suffices to satisfy the requirements of paragraph
(3)(C)(iii).
(5)(A) If a State or unit of general local government has incorporated into its laws the
requirements set forth in paragraph (3)(C), compliance with such laws shall be deemed to
satisfy the requirements of that paragraph.
(B) A State or unit of general local government may review and approve newly
constructed covered multifamily dwellings for the purpose of making determinations as to
whether the design and construction requirements of paragraph (3)(C) are met.
(C) The Secretary shall encourage, but may not require, States and units of local
government to include in their existing procedures for the review and approval of newly
constructed covered multifamily dwellings, determinations as to whether the design and
construction of such dwellings are consistent with paragraph (3)(C), and shall provide
technical assistance to States and units of local government and other persons to implement
the requirements of paragraph (3)(C). {{10-31-88 p.8205}}
(D) Nothing in this title shall be construed to require the Secretary to review or approve
the plans, designs or construction of all covered multifamily dwellings, to determine whether
the design and construction of such dwellings are consistent with the requirements of
paragraph 3(C).
(6)(A) Nothing in paragraph (5) shall be construed to affect the authority and
responsibility of the Secretary or a State or local public agency certified pursuant to section
810(f)(3) of this Act to receive and process complaints or otherwise engage in enforcement
activities under this title.
(B) Determinations by a State or a unit of general local government under paragraphs (5)
(A) and (B) shall not be conclusive in enforcement proceedings under this title.
(7) As used in this subsection, the term "covered multifamily dwellings" means--
(A) buildings consisting of 4 or more units if such buildings have one or more elevators;
and
(B) ground floor units in other buildings consisting of 4 or more units.
(8) Nothing in this title shall be construed to invalidate or limit any law of a State or
political subdivision of a State, or other jurisdiction in which this title shall be effective, that
requires dwellings to be designed and constructed in a manner that affords handicapped
persons greater access than is required by this title.
205
206
(9) Nothing in this subsection requires that a dwelling be made available to an individual
whose tenancy would constitute a direct threat to the health or safety of other individuals or
whose tenancy would result in substantial physical damage to the property of others.
SEC. 805. (a) IN GENERAL.--It shall be unlawful for any person or other entity whose
business includes engaging in residential real estate-related transactions to discriminate
against any person in making available such a transaction, or in the terms or conditions of
such a transaction, because of race, color, religion, sex, handicap, familial status, or national
origin.
(b) DEFINITION.--As used in this section, the term "residential real estate-related
transaction" means any of the following:
(1) The making or purchasing of loans or providing other financial assistance--
(A) for purchasing, constructing, improving, repairing, or maintaining a dwelling; or
(B) secured by residential real estate.
(2) The selling, brokering, or appraising of residential real property.
(c) APPRAISAL EXEMPTION.--Nothing in this title prohibits a person engaged in the
business of furnishing appraisals of real property to take into consideration factors other than
race, color, religion, national origin, sex, handicap, or familial status.
25. Financial Institution Reform, Recovery and Enforcement Act (FIRREA) - purpose is to
reform, recapitalize, and consolidate the Federal deposit insurance system, to enhance the
regulatory and enforcement powers of Federal financial institutions regulatory agencies. The
following section is an excerpt of text of the Financial Institution Reform, Recovery and
Enforcement Act.
FINANCIAL INSTITUTIONS REFORM, RECOVERY AND ENFORCEMENT

ACT OF 1989
To reform, recapitalize, and consolidate the Federal deposit insurance system, to enhance the
regulatory and enforcement powers of Federal financial institutions regulatory agencies, and
for other purposes.
SEC. 1103. FUNCTIONS OF APPRAISAL SUBCOMMITTEE.

(a) IN GENERAL.--The Appraisal Subcommittee shall--
(1) monitor the requirements established by States for the certification and licensing
of individuals who are qualified to perform appraisals in connection with federally related
transactions, including a code of professional responsibility;
206
207
(2) monitor the requirements established by the Federal financial institutions

regulatory agencies and the Resolution Trust Corporation with respect to--
(A) appraisal standards for federally related transactions under their jurisdiction, and
(B) determinations as to which federally related transactions under their jurisdiction require
the services of a State certified appraiser and which require the services of a State licensed
appraiser;
(3) maintain a national registry of State certified and licensed appraisers who are
eligible to perform appraisals in federally related transactions; and
(4) transmit an annual report to the Congress not later than January 31 of each year
which describes the manner in which each function assigned to the Appraisal Subcommittee
has been carried out during the preceding year.
(b) MONITORING AND REVIEWING FOUNDATION.--The Appraisal Subcommittee
shall monitor and review the practices, procedures, activities, and organizational structure of
the Appraisal Foundation.
26. FDIC Improvement Act of 1991 - purpose is to require the least-cost resolution of insured
depository institutions, to improve supervision and examinations, to provide additional
resources to the Bank Insurance Fund
The following section is an excerpt of text of the FDIC Improvement Act of 1991.
FEDERAL DEPOSIT INSURANCE

CORPORATION IMPROVEMENT ACT OF 1991
To require the least-cost resolution of insured depository institutions, to improve supervision

and examinations, to provide additional resources to the Bank Insurance Fund, and for other
purposes. Be it enacted by the Senate and House of Representatives of the United States of
America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the "Federal Deposit Insurance Corporation Improvement Act of
1991".
[Source: Section 1 of the Act of December 19, 1991 (Pub. L. No. 102--242; 105 Stat. 2236),
effective December 19, 1991]
TITLE I--SAFETY AND SOUNDNESS
Subtitle B--Supervisory Reforms
207
208
SEC. 111. IMPROVED EXAMINATIONS.

(c) TRANSITION RULE.--Notwithstanding section 10(d) of the Federal Deposit Insurance
Act (as added by subsection (a)), during the period beginning on the date of enactment of this
Act and ending on December 31, 1993, a full-scope, on-site examination of an insured
depository institution is not required more often than once during every 18-month period,
unless--
(1) the institution, when most recently examined, was found to be in a less than
satisfactory condition; or
(2) 1 or more persons acquired control of the institution.
[Source: Section 111(c) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
105 Stat. 2241), effective December 19, 1991]
(d) EXAMINATION IMPROVEMENT PROGRAM.--

(1) IN GENERAL.--The appropriate Federal banking agencies, acting through the Federal
Financial Institutions Examination Council, shall each establish a comparable examination
improvement program that meets the requirements of paragraph (2).
(2) REQUIREMENTS.--An examination improvement program meets the requirements
of this paragraph if, under the program, the agency is required--
(A) to periodically review the organization and training of the staff of the agency who
are responsible for conducting examinations of insured depository institutions and to make
such improvements as the agency determines to be appropriate to ensure frequent, objective,
and thorough examinations of such institutions; and
(B) to increase the number of examiners, supervisors, and other individuals employed by
the agency in connection with conducting or supervising examinations of insured depository
institutions to the extent necessary to ensure frequent, objective, and thorough examinations
of such institutions.
{2-28-92 p.8550}
[Source: Section 111(d) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
Subtitle C--Accounting Reforms
SEC. 122. SMALL BUSINESS AND SMALL FARM LOAN INFORMATION.

(a) IN GENERAL.--Before the end of the 180-day period beginning on the date of the
enactment of this Act, the appropriate Federal banking agency shall prescribe regulations
requiring insured depository institutions to annually submit information on small businesses
and small farm lending in their reports of condition.
208
209
[Source: Section 122(a) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
(b) CREDIT AVAILABILITY.--The regulations prescribed under subsection (a) shall

require insured depository institutions to submit such information as the agency may need to
assess the availability of credit to small businesses and small farms.
[Source: Section 122(b) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
(d) CONTENTS.--The information required under subsection (a) may include information
regarding the following:
(1) The total number and aggregate dollar amount of commercial loans and commercial
mortgage loans to small businesses.
(2) Charge-offs, interest, and interest fee income on commercial loans and commercial
mortgage loans to small businesses.
(3) Agricultural loans to small farms.
[Source: Section 122(d) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
Subtitle E--Least-Cost Resolution
SEC. 143. EARLY RESOLUTION.

(a) IN GENERAL.--It is the sense of the Congress that the Federal banking agencies should
facilitate early resolution of troubled insured depository institutions whenever feasible if
early resolution would have the least possible long-term cost to the deposit insurance fund,
consistent with the least-cost and prompt corrective action provisions of the Federal Deposit
Insurance Act.
[Source: Section 143(a) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
{{2-28-92 p.8550.01}}
(b) GENERAL PRINCIPLES.--In encouraging the Federal banking agencies to pursue

early resolution strategies, the Congress contemplates that any resolution transaction under
section 13(c) of that Act would observe the following general principles:
209
210
(1) COMPETITIVE NEGOTIATION.--The transaction should be negotiated

competitively, taking into account the value of expediting the process.
(2) RESULTING INSTITUTION ADEQUATELY CAPITALIZED.--Any insured
depository institution created or assisted in the transaction (hereafter the "resulting
institution") and any institution acquiring the troubled institution should meet all applicable
minimum capital standards.
(3) SUBSTANTIAL PRIVATE INVESTMENT.--The transaction should involve
substantial private investment.
(4) CONCESSIONS.--Preexisting owners and debtholders of any troubled institution or
its holding company should make substantial concessions.
(5) QUALIFIED MANAGEMENT.--Directors and senior management of the resulting
institution should be qualified to perform their duties, and should not include individuals
substantially responsible for the troubled institution's problems.
(6) FDIC'S PARTICIPATION.--The transaction should give the Federal Deposit
Insurance Corporation an opportunity to participate in the success of the resulting institution.
(7) STRUCTURE OF TRANSACTION.--The transaction should, insofar as practical, be
structured so that--
(A) the Federal Deposit Insurance Corporation--
(i) does not acquire a significant proportion of the troubled institution's problem assets;
(ii) succeeds to the interests of the troubled institution's preexisting owners and
debtholders in proportion to the assistance the Corporation provides; and
(iii) limits the Corporation's assistance in term and amount; and
(B) new investors share risk with the Corporation.
[Source: Section 143(b) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
(c) REPORT.--Two years after the date of enactment of this Act, the Federal Deposit
Insurance Corporation shall submit a report to Congress analyzing the effect of early
resolution on the deposit insurance funds.
[Source: Section 143(c) of title I of the Act of December 19, 1991 (Pub. L. No. 102--242;
TITLE II--REGULATORY IMPROVEMENT
Subtitle A--Regulation of Foreign Banks
SEC. 201. SHORT TITLE.

This subtitle may be cited as the "Foreign Bank Supervision Enhancement Act of 1991".
210
211
[Source: Section 201 of title II of the Act of December 19, 1991 (Pub. L. No. 102--242; 105
Stat. 2286), effective December 19, 1991]
27. Foreign Corrupt Practices Act - The Foreign Corrupt Practices Act was added to the
Securities and Exchange of 1934 in 1977. The primary purpose is to prevent the
misrepresentation of accounting and business records to permit financial gains through
questionable or illegal payments. Detailed record requirements are imposed to prevent the
bribery of foreign officials for financial gain. The Act includes civil and criminal penalties
and applies to the person giving the bribe rather than the recipient of the bribe. The
following section is an excerpt of text of the Foreign Corrupt Practices Act.
Foreign corrupt practices by domestic concerns. Section 104 of title I of the Act of
December 19, 1977 (Pub. L. No. 95--213; 91 Stat. 1496), effective December 19, 1977, reads
as follows:
PROHIBITED FOREIGN TRADEPRACTICES BY DOMESTIC CONCERNS
SEC. 104. (a) PROHIBITION.--It shall be unlawful for any domestic concern, other than
an issuer which is subject to section 30A of the Securities Exchange Act of 1934, or any
officer, director, employee, or agent of such domestic concern or any stockholder thereof
acting on behalf of such domestic concern, to make use of the mails or any means or
instrumentality of interstate commerce corruptly in furtherance of an offer, payment, promise
to pay, or authorization of the payment of any money, or offer, gift, promise to give, or
authorization of the giving of anything of value to--
(1) any foreign official for purposes of--
(A)(i) influencing any act or decision of such foreign official in his official capacity, (ii)
inducing such foreign official to do or omit to do any act in violation of the lawful duty of
such official, or (iii) securing any improper advantage; or
(B) inducing such foreign official to use his influence with a foreign government or
instrumentality thereof to affect or influence any act or decision of such government or
instrumentality, in order to assist such domestic concern in obtaining or retaining business for
or with, or directing business to, any person;
(2) any foreign political party or official thereof or any candidate for foreign political
office for purposes of--
(A)(i) influencing any act or decision of such party, official, or candidate in its or his
official capacity, (ii) inducing such party, official, or candidate to do or omit to {{2-26-99
p.9263}}do an act in violation of the lawful duty of such party, official, or candidate, or (iii)
securing any improper advantage; or
(B) inducing such party, official, or candidate to use its or his influence with a foreign
government or instrumentality thereof to affect or influence any act or decision of such
government or instrumentality, in order to assist such domestic concern in obtaining or
retaining business for or with, or directing business to, any person; or
211
212
(3) any person, while knowing that all or a portion of such money or thing of value will
be offered, given, or promised, directly or indirectly, to any foreign official, to any foreign
political party or official thereof, or to any candidate for foreign political office, for purposes
of--
(A)(i) influencing any act or decision of such foreign official, political party, party
official, or candidate in his or its official capacity, (ii) inducing such foreign official, political
party, party official, or candidate to do or omit to do any act in violation of the lawful duty of
such foreign official, political party, party official, or candidate, or (iii) securing any
improper advantage; or
(B) inducing such foreign official, political party, party official, or candidate to use his
or its influence with a foreign government or instrumentality thereof to affect or influence
any act or decision of such government or instrumentality, in order to assist such domestic
concern in obtaining or retaining business for or with, or directing business to, any person.
(b) EXCEPTION FOR ROUTINE GOVERNMENTAL ACTION.--Subsections (a) and (i)
shall not apply to any facilitating or expediting payment to a foreign official, political party,
or party official the purpose of which is to expedite or to secure the performance of a routine
governmental action by a foreign official, political party, or party official.
(c) AFFIRMATIVE DEFENSES.--It shall be an affirmative defense to actions under
subsections
(a) and (i) that--
(1) the payment, gift, offer, or promise of anything of value that was made, was lawful
under the written laws and regulations of the foreign official's, political party's, party
official's, or candidate's country; or
(2) the payment, gift, offer, or promise of anything of value that was made, was a
reasonable and bona fide expenditure, such as travel and lodging expenses, incurred by or on
behalf of a foreign official, party, party official, or candidate and was directly related to--
(A) the promotion, demonstration, or explanation of products or services; or
(B) the execution or performance of a contract with a foreign government or agency
thereof.
(d) INJUNCTIVE RELIEF.--(1) When it appears to the Attorney General that any
domestic concern to which this section applies, or officer, director, employee, agent, or
stockholder thereof, is engaged, or about to engage, in any act or practice constituting a
violation of subsections (a) and (i) of this section, the Attorney General may, in his
discretion, bring a civil action in an appropriate district court of the United States to enjoin
such act or practice, and upon a proper showing, a permanent injunction or a temporary
restraining order shall be granted without bond.
(2) For the purpose of any civil investigation which, in the opinion of the Attorney
General, is necessary and proper to enforce this section, the Attorney General or his designee
are empowered to administer oaths and affirmations, subpoena witnesses, take evidence, and
require the production of any books, papers, or other documents which the Attorney General
deems relevant or material to such investigation. The attendance of witnesses and the
production of documentary evidence may be required from any place in the United States, or
any territory, possession, or commonwealth of the United States, at any designated place of
hearing.
(3) In case of contumacy by, or refusal to obey a subpoena issued to, any person, the
Attorney General may invoke the aid of any court of the United States within the jurisdiction
212
213
of which such investigation or proceeding is carried on, or where such person resides or
carries on business, in requiring the attendance and testimony of witnesses and the
production of books, papers, or other documents. Any such court may issue an order
requiring such person to appear before the Attorney General or his designee, there to produce
{{2-26-99 p.9264}}records, if so ordered, or to give testimony touching the matter under
investigation. Any failure to obey such order of the court may be punished by such court as a
contempt thereof. All process in any such case may be served in the judicial district in which
such person resides or may be found. The Attorney General may make such rules relating to
civil investigations as may be necessary or appropriate to implement the provisions of this
subsection.
(e) GUIDELINES BY THE ATTORNEY GENERAL.--Not later than 6 months after the
date of the enactment of the Foreign Corrupt Practices Act Amendments of 1988, the
Attorney General, after consultation with the Securities and Exchange Commission, the
Secretary Commerce, the United States Trade Representative, the Secretary of State, and the
Secretary of the Treasury, and after obtaining the views of all interested persons through
public notice and comment procedures, shall determine to what extent compliance with this
section would be enhanced and the business
community would be assisted by further clarification of the preceding provisions of this
section and may, based on such determination and to the extent necessary and appropriate,
issue--
(1) guidelines describing specific types of conduct, associated with common types of
export sales arrangements and business contracts, which for purposes of the Department of
Justice's present enforcement policy, the Attorney General determines would be in
conformance with the preceding provisions of this section; and
(2) general precautionary procedures which domestic concerns may use on a voluntary
basis to conform their conduct to the Department of Justice's present enforcement policy
regarding the preceding provisions of this section.
The Attorney General shall issue the guidelines and procedures referred to in the preceding
sentence in accordance with the provisions of subchapter II of chapter 5 of title 5, United
States Code, and those guidelines and procedures shall be subject to the provisions of chapter
7 of that title.
(f) OPINIONS OF THE ATTORNEY GENERAL.--(1) The Attorney General, after
consultation with appropriate departments and agencies of the United States and after
obtaining the views of all interested persons through public notice and comment procedures,
shall establish a procedure to provide responses to specific inquiries by domestic concerns
concerning conformance of their conduct with the Department of Justice's present
enforcement policy regarding the preceding provisions of this section. The Attorney General
shall, within 30 days after receiving such a request,
issue an opinion in response to that request. The opinion shall state whether or not certain
specified prospective conduct would, for purposes of the Department of Justice's present
enforcement policy, violate the preceding provisions of this section. Additional requests for
opinions may be filed with the Attorney General regarding other specified prospective
conduct that is beyond the scope of conduct specified in previous requests. In any action
brought under the applicable provisions of this section, there shall be a rebuttable
presumption that conduct, which is specified in a request by a domestic concern and for
which the Attorney General has issued an opinion that such conduct is in conformity with the
213
214
Department of Justice's present enforcement policy, is in compliance with the preceding

provisions of this section. Such a presumption may be rebutted by a preponderance of the
evidence. In considering the presumption for purposes of this paragraph, a court shall weigh
all relevant factors, including but not limited to whether the information submitted to the
Attorney General was accurate and complete and whether it was within the scope of the
conduct specified in any request received by the Attorney General. The Attorney General
shall establish the procedure required by this paragraph in accordance with the provisions of
subchapter II of chapter 5 of title 5, United States Code, and that procedure shall be subject
to the provisions of chapter 7 of that title.
(2) Any document or other material which is provided to, received by, or prepared in the
Department of Justice or any other department or agency of the United States in connection
with a request by a domestic concern under the procedure established under paragraph (1),
shall be exempt from disclosure under section 552 of title 5, United States Code, and shall
not, except with the consent of the domestic concern, {{2-26-99 p.9265}}be made publicly
available, regardless of whether the Attorney General responds to such a request or the
domestic concern withdraws such
request before receiving a response.
(3) Any domestic concern who has made a request to the Attorney General under
paragraph (1) may withdraw such request prior to the time the Attorney General issues an
opinion in response to such request. Any request so withdrawn shall have no force or effect.
(4) The Attorney General shall, to the maximum extent practicable, provide timely
guidance concerning the Department of Justice's present enforcement policy with respect to
the preceding provisions of this section to potential exporters and small businesses that are
unable to obtain specialized counsel on issues pertaining to such provisions. Such guidance
shall be limited to responses to requests under paragraph (1) concerning conformity of
specified prospective conduct with the Department of Justice's present enforcement policy
regarding the preceding provisions of this section and general explanations of compliance
responsibilities and of potential liabilities under the preceding provisions of this section.
(g) PENALTIES.--(1)(A) Any domestic concern that is not a natural person and that
violates subsections (a) and (i) of this section shall be fined not more than $2,000,000.
(B) Any domestic concern that violates subsection (a) shall be subject to a civil penalty
of not more than $10,000 imposed in an action brought by the Attorney General.
(2)(A) Any natural person that is an officer, director, employee, or agent of a domestic
concern, or stockholder acting on behalf of such domestic concern, who willfully violates
subsection (a) shall be fined not more than $100,000, or imprisoned not more than 5 years, or
both.
(B) Any employee or agent of a domestic concern who is a United States citizen,
national, or resident or is otherwise subject to the jurisdiction of the United States (other than
an officer, director, or stockholder acting on behalf of such domestic concern), and who
willfully violates subsection (a), shall be fined not more than $100,000, or imprisoned not
more than 5 years, or both.
(C) Any officer, director, employee, or agent of a domestic concern, or stockholder
acting on behalf of such domestic concern, who violates subsection (a) shall be subject to a
civil penalty of not more than $10,000 imposed in an action brought by the Attorney General.
214
215
(3) Whenever a fine is imposed under paragraph (2) upon any officer, director, employee,
agent, or stockholder of a domestic concern, such fine may not be paid, directly or indirectly,
by such domestic concern.
(h) DEFINITIONS.--For purposes of this section:
(1) The term "domestic concern" means--
(A) any individual who is a citizen, national, or resident of the United States; and
(B) any corporation, partnership, association, joint-stock company, business trust,
unincorporated organization, or sole proprietorship which has its principal place of business
in the United States, or which is organized under the laws of a State of the United States or a
territory, possession, or commonwealth of the United States.
(2)(A) The term "foreign official" means any officer or employee of a foreign
government or any department, agency, or instrumentality thereof, or of a public
international organization, or any person acting in an official capacity for or on behalf of any
such government or department, agency, or instrumentality, or for or on behalf of any such
public international organization.
(B) For purposes of subparagraph (A), the term "public international organization"
means--
(i) an organization that is designated by Executive order pursuant to section 1 of the
International Organizations Immunities Act (22 U.S.C. 288); or
(ii) any other international organization that is designated by the President by Executive
order for the purposes of this section, effective as of the date of publication of such order in
the Federal Register.
(3)(A) A person's state of mind is "knowing" with respect to conduct, a circumstance, or
a result if--
(i) such person is aware that such person is engaging in such conduct, that such
circumstance exists, or that such {{2-26-99 p.9266}}result is substantially certain to occur;
or
(ii) such person has a firm belief that such circumstance exists or that such result is
substantially certain to occur.
(B) When knowledge of the existence of a particular circumstance is required for an
offense, such knowledge is established if a person is aware of a high probability of the
existence of such circumstance, unless the person actually believes that such circumstance
does not exist.
(4)(A) The term "routine governmental action" means only an action which is ordinarily
and commonly performed by a foreign official in--
(i) obtaining permits, licenses, or other official documents to qualify a person to do
business in a foreign country;
(ii) processing governmental papers, such as visas and work orders;
(iii) providing police protection, mail pick-up and delivery, or scheduling inspections
associated with contract performance or inspections related to transit of goods across
country;
(iv) providing phone service, power and water supply, loading and unloading cargo, or
protecting perishable products or commodities from deterioration; or
(v) actions of a similar nature.
(B) The term "routine governmental action" does not include any decision by a foreign
official whether, or on what terms, to award new business to or to continue business with a
215
216
particular party, or any action taken by a foreign official involved in the decision-making
process to encourage a decision to award new business to or continue business with a
particular party.
(5) The term "interstate commerce" means trade, commerce, transportation, or
communication among the several States, or between any foreign country and any State or
between any State and any place or ship outside thereof, and such term includes the intrastate
use of--
(A) a telephone or other interstate means of communication, or
(B) any other interstate instrumentality.
(g) ALTERNATIVE JURISDICTION.--
(1) It shall also be unlawful for any issuer organized under the laws of the United States,
or a State, territory, possession, or commonwealth of the United States or a political
subdivision thereof and which has a class of securities registered pursuant to section 12 of
this title or which is required to file reports under section 15(d) of this title, or for any United
States person that is an officer, director, employee, or agent of such issuer or a stockholder
thereof acting on behalf of such issuer, to corruptly do any act outside the United States in
furtherance of an offer, payment, promise to pay,
or authorization of the payment of any money, or offer, gift, promise to give, or
authorization of the giving of anything of value to any of the persons or entities set forth in
paragraphs (1), (2), and (3) of subsection (a) of this section for the purposes set forth therein,
irrespective of whether such issuer or such officer, director, employee, agent, or stockholder
makes use of the mails or any means or
instrumentality of interstate commerce in furtherance of such offer, gift, payment, promise,
or authorization.
(2) As used in this subsection, the term "United States person" means a national of the
United States (as defined in section 101 of the Immigration and Nationality Act (8 U.S.C.
1101)) or any corporation, partnership, association, joint-stock company, business trust,
unincorporated organization, or sole proprietorship organized under the laws of the United
States or any State, territory, possession, or commonwealth of the United States, or any
political subdivision thereof.
[Codified to 15 U.S.C. 78dd–2]
[Source: Section 104 of title I of the Act of December 19, 1977 (Pub. L. No. 95–213; 91
Stat. 1496), effective December 19, 1977; as amended by section 5003(c) of title V of the
Act of August 23, 1988 (Pub. L. No. 100–418; 102 Stat. 1419–1424), effective August 23,
1988; section 330005 of title XXXIII of the Act of September 13, 1994 (Pub. L. No. 103–
322; 108 Stat. 2142), effective September 13, 1994; sections 3(a)–3(e) of the Act of
November 10, 1998 (Pub. L. No. 105–366; 112 Stat. 3304 and 3305), effective November
10, 1998]
28. National Flood Insurance Program - Congress found that (1) from time to time flood
disasters have created personal hardships and economic distress which have required
unforeseen disaster relief measures and have placed an increasing burden on the Nation's
216
217
resources; (2) despite the installation of preventive and protective works and the adoption of
other public programs designed to reduce losses caused by flood damage, these methods have
not been sufficient to protect adequately against growing exposure to future flood losses; (3)
as a matter of national policy, a reasonable method of sharing the risk of flood losses is
through a program of flood insurance which can complement and encourage preventive and
protective measures; and (4) if such a program is initiated and carried out gradually, it can be
expanded as knowledge is gained and experience is appraised, thus eventually making flood
insurance coverage available on reasonable terms and conditions to persons who have need
for such protection.
Text above is from http://www4.law.cornell.edu/uscode/42/4001.html on January 2, 2000.
The following section is an excerpt of text of the National Flood Insurance Program.
TITLE XIII--NATIONAL FLOOD INSURANCE
SHORT TITLE
Sec. 1301. This title may be cited as the "National Flood Insurance Act of 1968".
[Source: Section 1301 of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448; 82
Stat. 570), effective August 1, 1968]
NATURE AND LIMITATION OF INSURANCE COVERAGE
SEC. 1306
(b) REGULATIONS RESPECTING AMOUNT OF COVERAGE.--In addition to any
other terms and conditions under subsection (a) of this section, such regulations shall provide
that--
(1) any flood insurance coverage based on chargeable premium rates under section 4015
of this title which are less than the estimated premium rates under section 4014(a)(1) of this
title shall not exceed--
(A) in the case of residential properties--
(i) $35,000 aggregate liability for any single-family dwelling, and $100,000 for any
residential structure containing more than one dwelling unit,
(ii) $10,000 aggregate liability per dwelling unit for any contents related to such unit,
and
(iii) in the States of Alaska and Hawaii, and in the Virgin Islands and Guam, the limits
provided in clause (i) of this sentence shall be: $50,000 aggregate liability for any single-
family dwelling, and $150,000 for any residential structure containing more than one
dwelling unit;
(B) in the case of business properties which are owned or leased and operated by small
business concerns, an aggregate liability with respect to any single structure, including any
contents thereof related to premises of small business occupants (as that term is defined by
217
218
the Director), which shall be equal to (i) $100,000 plus (ii) $100,000 multiplied by the
number of such occupants and shall be allocated among such occupants (or among the
occupant or occupants and the owner) under regulations prescribed by the Director; except
that the aggregate liability for the structure itself may in no case exceed $100,000; and
(C) in the case of church properties and any other properties which may become eligible
for flood insurance under section 1305--
(i) $100,000 aggregate liability for any single structure, and
(ii) $100,000 aggregate liability per unit for any contents related to such unit; and
(2) in the case of any residential property for which the risk premium rate is determined in
accordance with the provisions of section 4014(a)(1) of this title, additional flood insurance
in excess of the limits specified in clause (i) of subparagraph (A) of paragraph (1) shall be
made available to every insured upon renewal and every applicant for insurance so as to
enable such insured or applicant to receive coverage up to a total amount (including such
limits specified in paragraph (1)(A)(i)) of $250,000;
(3) in the case of any residential property for which the risk premium rate is determined in
accordance with the provisions of section 4014(a)(1) of this title, additional flood insurance
in excess of the limits specified in clause (ii) of subparagraph (A) of paragraph (1) shall be
made available to every insured upon renewal and every applicant for insurance so as to
enable any such insured or applicant to receive coverage up to a total amount (including such
limits specified in paragraph (1)(A)(ii)) of $100,000; {{10-31-94 p.8656}}
(4) in the case of any nonresidential property, including churches, for which the risk
premium rate is determined in accordance with the provisions of section 1307(a)(1),
additional flood insurance in excess of the limits specified in subparagraphs (B) and (C) of
paragraph (1) shall be made available to every insured upon renewal and every applicant for
insurance, in respect to any single structure, up to a total amount (including such limit
specified in subparagraph (B) or (C) of paragraph (1), as applicable) of $500,000 for each
structure and $500,000 for any contents related to each structure; and
(5) any flood insurance coverage which may be made available in excess of the limits
specified in subparagraph (A), (B), or (C) of paragraph (1), shall be based only on chargeable
premium rates under section 4015 of this title which are not less than the estimated premium
rates under section 4014(a)(1) of this title, and the amount of such excess coverage shall not
in any case exceed an amount equal to the applicable limit so specified (or allocated) under
paragraph (1)(C), (2), (3), or (4), as applicable;
[Codified to 42 U.S.C. 4013b]
Source: Section 1306(b) of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448; 82
Stat. 575), effective August 1, 1968; amended by section 2(c)(2) of the Act of December 22,
1971 (Pub. L. No. 92--213; 85 Stat. 775), effective December 22, 1971; section 101 of Title I
of the Act of December 31, 1973 (Pub. L. No. 93--234; 87 Stat. 977), effective December 31,
1973; section 704(a) of title VII of the Act of October 12, 1977 (Pub. L. No. 95--128; 91
Stat. 1145), effective October 12, 1977; section 451(d)(1) of title IV of the Act of November
30, 1983 (Pub. L. No. 98--181; 97 Stat. 1229), effective November 30, 1983; section 527 of
title V of the Act of September 23, 1994 (Pub. L. No. 103-325; 108 Stat. 2263), effective
September 23, 1994]
218
219
NOTICE REQUIREMENTS
SEC. 1364. (a) NOTIFICATION OF SPECIAL FLOOD HAZARDS.--

(1) REGULATED LENDING INSTITUTIONS.--Each Federal entity for lending
regulation (after consultation and coordination with the Financial Institutions Examination
Council) shall by regulation require regulated lending institutions, as a condition of making,
increasing, extending, or renewing any loan secured by improved real estate or a mobile
home that the regulated lending institution determines is located or is to be located in an area
that has been identified by the Director under this title or the Flood Disaster Protection Act of
1973 as an area having special flood hazards, to notify the purchaser or lessee (or obtain
satisfactory assurances that the seller or lessor has notified the purchaser or lessee) and the
servicer of the loan of such special flood hazards, in writing, a reasonable period in advance
of the signing of the purchase agreement, lease, or other documents involved in the
transaction. The regulations shall also require that the regulated lending institution retain a
record of the receipt of the notices by the purchaser or lessee and the servicer.
(2) FEDERAL AGENCY LENDERS.--Each Federal agency lender shall by regulation
require notification in the manner provided under paragraph (1) with respect to any loan that
is made by the Federal agency lender and secured by improved real estate or a mobile home
located or to be located in an area that has been identified by the Director under this title or
the Flood Disaster Protection Act of 1973 as an area having special flood hazards. Any
regulations issued under this paragraph shall be consistent with and substantially identical to
the regulations issued under paragraph (1).
(3) CONTENTS OF NOTICE.--Written notification required under this subsection shall
include--
(A) a warning, in a form to be established by the Director, stating that the building on the
improved real estate securing the loan is located, or the mobile home securing the loan is or
is to be located, in an area having special flood hazards; {{10-31-94 p.8657}}
(B) a description of the flood insurance purchase requirements under section 102(b) of
the Flood Disaster Protection Act of 1973;
(C) a statement that flood insurance coverage may be purchased under the national flood
insurance program and is also available from private insurers; and
(D) any other information that the Director considers necessary to carry out the purposes
of the national flood insurance program.
(b) NOTIFICATION OF CHANGE OF SERVICER.--
(1) LENDING INSTITUTIONS.--Each Federal entity for lending regulation (after
consultation and coordination with the Financial Institutions Examination Council) shall by
regulation require regulated lending institutions, in connection with the making, increasing,
extending, renewing, selling, or transferring any loan described in subsection (a)(1), to notify
the Director (or the designee of the Director) in writing during the term of the loan of the
servicer of the loan. Such institutions shall also notify the Director (or such designee) of any
change in the servicer of the loan, not later than 60 days after the effective date of such
change. The regulations under this subsection shall provide that upon any change in the
servicing of a loan, the duty to provide notification under this subsection shall transfer to the
transferee servicer of the loan.
(2) FEDERAL AGENCY LENDERS.--Each Federal agency lender shall by regulation
provide for notification in the manner provided under paragraph (1) with respect to any loan
219
220
described in subsection (a)(1) that is made by the Federal agency lender. Any regulations
issued under this paragraph shall be consistent with and substantially identical to the
regulations issued under paragraph
(1) of this subsection.
(c) NOTIFICATION OF EXPIRATION OF INSURANCE.--The Director (or the designee
of the Director) shall, not less than 45 days before the expiration of any contract for flood
insurance under this title, issue notice of such expiration by first class mail to the owner of
the property covered by the contract, the servicer of any loan secured by the property covered
by the contract, and (if known to the Director) the owner of the loan.
[Codified to 42 U.S.C. 4104a]
[Source: Section 1364 of title XIII of the Act of August 1, 1968 (Pub. L. No. 90--448),
effective August 1, 1968; as added by section 816(a) of title VIII of the Act of August 22,
1974 (Pub. L. No. 93-383; 88 Stat. 739), effective August 22, 1974; amended by section
451(d)(1) of the Act of November 30, 1983 (Pub. L. No. 98--181; 97 Stat. 1229), effective
November 30, 1983; section 527 of title V of the Act of September 23, 1994 (Pub. L. No.
103--325; 108 Stat. 2263), effective September 23, 1994]
29. OFAC - The Office of Foreign Assets Control of the U.S. Department of the Treasury
administers and enforces economic and trade sanctions against targeted foreign countries,
terrorism sponsoring organizations and international narcotics traffickers based on U.S.
foreign policy and national security goals. OFAC acts under Presidential wartime and
national emergency powers, as well as authority granted by specific legislation, to impose
controls on transactions and freeze foreign assets under U.S. jurisdiction. Many of the
sanctions are based on United Nations and other international mandates, are multilateral in
scope, and involve close cooperation with allied governments. (This information was taken
from the U.S Treasury Web site on December 31, 1999 -
http://www.ustreas.gov/ofac/index.html.)
30. Real Estate Settlement Procedures Act - purpose is to ensure that consumers are provided
with timely, detailed, and accurate information regarding settlement costs. It also protects
consumers against abusive practices such as charging unnecessarily high closing costs. The
following section is an excerpt of text of the Real Estate Settlement Procedures Act.
REAL ESTATE SETTLEMENT PROCEDURES ACT OF 1974{*}
An Act to further the national housing goal of encouraging homeownership by regulating

certain lending practices and closing and settlement procedures in federally related mortgage
transactions to the end that unnecessary costs and difficulties of purchasing housing are
minimized, and for other purposes.
220
221
{* Delegation of Authority: Effective March 22, 1976, the Assistant Secretary for Consumer
Affairs and Regulatory Functions is authorized to exercise the power and authority of the
Secretary of Housing and Urban Development with respect to the administration of the Real
Estate Settlement Procedures Act of 1974. (41 Fed. Reg. 12917, March 29, 1976).}
SHORT TITLE
SECTION 1. This Act may be cited as the "Real Estate Settlement Procedures Act of
1974".
[Source: Section 1 of the Act of December 22, 1974 (Pub. L. No. 93-533; 88 Stat. 1724),
effective June 20, 1975]
FINDINGS AND PURPOSE
SEC. 2. (a) The Congress finds that significant reforms in the real estate settlement process
are needed to insure that consumers throughout the Nation are provided with greater and
more timely information on the nature and costs of the settlement process and are protected
from unnecessarily high settlement charges caused by certain abusive practices that have
developed in some areas of the country. The Congress also finds that it has been over two
years since the Secretary of Housing and Urban Development and the Administrator of
Veterans' Affairs submitted their joint report to the Congress on "Mortgage Settlement Costs"
and that the time has come for the recommendations for Federal legislative action made in
that report to be implemented. (b) It is the purpose of this Act to effect certain changes in
the settlement process for residential real estate that will result--
(1) in more effective advance disclosure to home buyers and sellers of settlement costs;
(2) in the elimination of kickbacks or referral fees that tend to increase unnecessarily the
costs of certain settlement services;
(3) in a reduction in the amounts home buyers are required to place in escrow accounts
established to insure the payment of real estate taxes and insurance; and
(4) in significant reform and modernization of local recordkeeping of land title
information.
effective June 20, 1975]
DEFINITIONS
SEC. 3. For purposes of this Act--

(1) the term "federally related mortgage loan" includes any loan (other than temporary
financing such as a construction loan) which-- {{4-30-97 p.8856}}
221
222
(A) is secured by a first or subordinate lien on residential real property (including

individual units of condominiums and cooperatives) designed principally for the occupancy
of from one to four families, including any such secured loan, the proceeds of which are used
to prepay or pay off an existing loan secured by the same property; and
(B)(i) is made in whole or in part by any lender the deposits or accounts of which are
insured by any agency of the Federal Government, or is made in whole or in part by any
lender which is regulated by any agency of the Federal Government; or
(ii) is made in whole or in part, or insured, guaranteed, supplemented, or assisted in any
way, by the Secretary or any other officer or agency of the Federal Government or under or
in connection with a housing or urban development program administered by the Secretary or
a housing or related program administered by any other such officer or agency; or
(iii) is intended to be sold by the originating lender to the Federal National Mortgage
Association, the Government National Mortgage Association, the Federal Home Loan
Mortgage Corporation, or a financial institution from which it is to be purchased by the
Federal Home Loan Mortgage Corporation; or
(iv) is made in whole or in part by any "creditor", as defined in section 103(f) of the
Consumer Credit Protection Act (15 U.S.C. 1602(f)), who makes or invests in residential real
estate loans aggregating more than $1,000,000 per year, except that for the purpose of this
Act, the term "creditor" does not include any agency or instrumentality of any State;
(2) the term "thing of value" includes any payment, advance, funds, loan, service, or other
consideration;
(3) the term "settlement services" includes any service provided in connection with a real
estate settlement including, but not limited to, the following: title searches, title
examinations, the provision of title certificates, title insurance, services rendered by an
attorney, the preparation of documents, property surveys, the rendering of credit reports or
appraisals, pest and fungus inspections, services rendered by a real estate agent or broker the
origination of a federally related mortgage loan (including, but not limited to, the taking of
loan applications, loan processing, and the underwriting
and funding of loans), and the handling of the processing, and closing or settlement;
(4) the term "title company" means any institution which is qualified to issue title
insurance, directly or through its agents, and also refers to any duly authorized agent of a title
company;
(5) the term "person" includes individuals, corporations, associations, partnerships, and
trusts;
(6) the term "Secretary" means the Secretary of Housing and Urban Development;
(7) the term "affiliated business arrangement" means an arrangement in which (A) a
person who is in a position to refer business incident to or a part of a real estate settlement
service involving a federally related mortgage loan, or an associate of such person, has either
an affiliate relationship with or a direct or beneficial ownership interest of more than 1
percent in a provider of settlement services; and (B) either of such persons directly or
indirectly refers such business to that provider or
affirmatively influences the selection of that provider; and
(8) the term "associate" means one who has one or more of the following relationships
with a person in a position to refer settlement business: (A) a spouse, parent, or child of such
person; (B) a corporation or business entity that controls, is controlled by, or is under
common control with such person; (C) an employer, officer, director, partner, franchisor, or
222
223
franchisee of such person; or (D) anyone who has an agreement, arrangement, or

understanding, with such person, the purpose or substantial effect of which is to enable the
person in a position to refer settlement business to benefit financially from the referrals of
such business.
[Codified to 12 U.S.C. 2602] {{4-30-97 p.8857}}

effective June 20, 1975, as amended by section 2 of the Act of January 2, 1976 (Pub. L. No.
94-205; 89 Stat. 1157), effective January 2, 1976; section 461(a) of title IV of the Act of
November 30, 1983 (Pub. L. No. 98-181; 97 Stat. 1230), effective January 1, 1984; section
908(a) and (b) of title IX of the Act of October 28, 1992 (Pub. L. No. 102--550; 106 Stat.
3873) effective October 28, 1992; section 2103(c)(1) of title II of the Act of September 30,
1996 (Pub. L. No. 104--208; 110 Stat. 3009--400), effective September 30, 1996]
31. Right to Financial Privacy Act - purpose is to outline and regulate the circumstances
under which a financial institution is permitted to provide customer information to
government institutions. For the most part, a customer must be informed of the request,
usually via a certification from the requesting agency. In some instances, such as a court or
grand jury subpoena, notice or certification to the customer is not required. The following
section is an excerpt of text of the Right to Financial Privacy Act.
TITLE XI--RIGHT TO FINANCIAL PRIVACY
SEC. 1100. This title may be cited as the "Right to Financial Privacy Act of 1978".
[Source: Section 1100 of title XI of the Act of November 10, 1978 (Pub L. No. 95--630; 92
Stat. 3697), effective March 10, 1979]
DEFINITIONS
SEC. 1101. For the purpose of this title, the term--

(1) "financial institution" means any office of a bank, savings bank, card issuer as defined
in section 103 of the Consumers Credit Protection Act (15 U.S.C. 1602(n)), industrial loan
company, trust company, savings association, building and loan, or homestead association
(including cooperative banks), credit union, or consumer finance institution, located in any
State or territory of the United States, the District of Columbia, Puerto Rico, Guam,
American Samoa, or the Virgin Islands;
(2) "financial record" means an original of, a copy of, or information known to have been
derived from, any record held by a financial institution pertaining to a customer's relationship
with the financial institution;
223
224
(3) "Government authority" means any agency or department of the United States, or any
officer, employee, or agent thereof; {{10-31-94 p.8598.02}}
(4) "person" means an individual or a partnership of five or fewer individuals;
(5) "customer" means any person or authorized representative of that person who utilized
or is utilizing any service of a financial institution, or for whom a financial institution is
acting or has acted as a fiduciary, in relation to an account mantained in the person's name;
(6) "holding company" means--
(A) any bank holding company (as defined in section 2 of the Bank Holding Company
Act of 1956);
(B) any company described in section 4(f)(1) of the Bank Holding Company Act of
1956; and
(C) any savings and loan holding company (as defined in the Home Owners' Loan Act);
(7) "supervisory agency" means with respect to any particular financial institution,
holding company, or any subsidiary of a financial institution or holding company, any of the
following which has statutory authority to examine the financial condition, business
operations, or records or transactions of that institution, holding company, or subsidiary--
(A) the Federal Deposit Insurance Corporation;
(B) the Director, Office of Thrift Supervision;
(C) the National Credit Union Administration;
(D) the Board of Governors of the Federal Reserve System;
(E) the Comptroller of the Currency;
(F) the Securities and Exchange Commission;
(G) the Secretary of the Treasury, with respect to the Bank Secrecy Act and the Currency
and Foreign Transactions Reporting Act (Public Law 91--508, title I and II); or
(H) any State banking or securities department or agency; and
(8) "law enforcement inquiry" means a lawful investigation or official proceeding
inquiring into a violation of, or failure to comply with, any criminal or civil statute or any
regulation, rule, or order issued pursuant thereto.
[Source: Section 1101 of title XI of the Act of November 10, 1978 (Pub. L. No. 95--630; 92
Stat. 3697), effective March 10, 1979; as amended by sections 744(b) of title VII and 941 of
title IX of the Act of August 9, 1989 (Pub. L. No. 101--73; 103 Stat. 438 and 496,
respectively), effective August 9, 1989; section 2596(c) of title XXV of the Act of November
29, 1990 (Pub. L. No. 101--647; 104 Stat. 4908), effective November 29, 1990]
CONFIDENTIALITY OF RECORDS--GOVERNMENT AUTHORITIES
SEC. 1102. Except as provided by section 1103(c) or (d), 1113, or 1114, no Government
authority may have access to or obtain copies of, or the information contained in the financial
records of any customer from a financial institution unless the financial records are
reasonably described and--
(1) such customer has authorized such disclosure in accordance with section 1104;
(2) such financial records are disclosed in response to an administrative subpena or
summons which meets the requirements of section 1105;
224
225
(3) such financial records are disclosed in response to a search warrant which meets the
requirements of section 1106;
(4) such financial records are disclosed in response to a judicial subpena which meets the
requirements of section 1107; or
(5) such financial records are disclosed in response to a formal written request which
meets the requirements of section 1108.
Stat. 3697), effective March 10, 1979]
{{10-31-94 p.8598.03}}
CONFIDENTIALITY OF RECORDS--FINANCIAL INSTITUTIONS
SEC. 1103. (a) No financial institution, or officer, employees, or agent of a financial

institution, may provide to any Government authority access to or copies of, or the
information contained in, the financial records of any customer except in accordance with the
provisions of this title.
(b) A financial institution shall not release the financial records of a customer until the
Government authority seeking such records certifies in writing to the financial institution that
it has complied with the applicable provisions of this title.
(c) Nothing in this title shall preclude any financial institution, or any officer, employee, or
agent of a financial institution, from notifying a Government authority that such institution,
or officer, employee, or agent has information which may be relevant to a possible violation
of any statute or regulation. Such information may include only the name or other
identifying information concerning any
individual, corporation, or account involved in and the nature of any suspected illegal
activity. Such information may be disclosed notwithstanding any constitution, law, or
regulation of any State or political subdivision thereof to the contrary. Any financial
institution, or officer, employee, or agent thereof, making a disclosure of information
pursuant to this subsection, shall not be liable to the customer under any law or regulation of
the United States or any constitution, law, or regulation of any State or political subdivision
thereof, for such disclosure or for any failure to notify the customer of such disclosure.
(d)(1) Nothing in this title shall preclude a financial institution, as an incident to perfecting
a security interest, proving a claim in bankruptcy, or otherwise collecting on a debt owing
either to the financial institution itself or in its role as a fiduciary, from providing copies of
any financial record to any court or Government authority.
(2) Nothing in this title shall preclude a financial institution, as an incident to processing
an application for assistance to a customer in the form of a Government loan, loan guaranty,
or loan insurance agreement, or as an incident to processing a default on, or administering, a
Government guaranteed or insured loan, from initiating contact with an appropriate
Government authority for the purpose of providing any financial record necessary to permit
such authority to carry out its responsibilities under a loan, loan guaranty, or loan insurance
agreement.
225
226
Stat. 3698), effective March 10, 1979; as amended by section 1353(a) of subtitle H of title I
of the Act of October 27, 1986 (Pub. L. No. 99--570; 100 Stat. 3207--21), effective October
27, 1986; and section 6186(a) of title VI of the Act of November 18, 1988 (Pub. L. No. 100--
690; 102 Stat. 4357), effective November 18, 1988]
CUSTOMER AUTHORIZATIONS
SEC. 1104. (a) A customer may authorize disclosure under section 1102(1) if he furnishes
to the financial institution and to the Government authority seeking to obtain such disclosure
a signed and dated statement which--
(1) authorizes such disclosure for a period not in excess of three months;
(2) states that the customer may revoke such authorization at any time before the financial
records are disclosed;
(3) identifies the financial records which are authorized to be disclosed;
(4) specifies the purposes for which, and the Government authority to which, such records
may be disclosed; and
(5) states the customer's rights under this title.
(b) No such authorization shall be required as a condition of doing business with any
financial institution.
(c) The customer has the right, unless the Government authority obtains a court order as
provided in section 1109, to obtain a copy of the record which the financial institution shall
keep of all instances in which the customer's record is disclosed to a Government {{10-15-90
p.8599}} authority pursuant to this section, including the identity of the Government
authority to which such disclosure is made.
[Source: Section 1104 of title XI of the Act of November 10, 1978 (Pub. L. No. 95-630; 92
Stat. 3698), effective March 10, 1979; section 1104(d) repealed by the Act of March 7, 1979
(Pub. L. No. 96-3; 93 Stat. 5)]
32. Tax Identification Reporting (TIN Compliance) - purpose is to ensure that an adequate
audit trail exists to reduce money laundering activities from illegal enterprises. The TIN
reporting compliance is a part of the Bank Secrecy Act (see section 21 above). The
following section is an excerpt of text of the Tax Identification Reporting section of the Bank
Secrecy Act.
Sec. 103.28 Identification required.

Before concluding any transaction with respect to which a report is required under Sec.
103.22, a financial institution shall verify and record the name and address of the individual
presenting a transaction, as well as record the identity, account number, and the social
security or taxpayer identification number, if any, of any person or entity on whose behalf
226
227
such transaction is to be effected. Verification of the identity of an individual who indicates

that he or she is an alien or is not a resident of the United States must be made by passport,
alien identification card, or other official document evidencing nationality or residence (e.g.,
a Provincial driver's license with indication of home address). Verification of identity in any
other case shall be made by examination of a document, other than a bank signature card, that
is normally acceptable within the banking community as a means of identification when
cashing checks for nondepositors (e.g., a drivers license or credit card). A bank signature
card may be relied upon only if it was issued after documents establishing the identity of the
individual were examined and notation of the specific information was made on the signature
card. In each instance, the specific identifying information (i.e., the account number of the
credit card, the driver's license number, etc.) used in verifying the identity of the customer
shall be recorded on the report, and the mere notation of ``known customer'' or ``bank
signature card on file'' on the report is prohibited.
http://www.bankinfo.com/Regs-aag/bsa1.html#10328
33. Transactions with Affiliates – FRB Sections 23 A&B - purpose of Section A is to protect
banks from abuses in financial transactions with companies with which the bank is affiliated.
Section A applies to all federally insured banks. Section B outlines specific restrictions and
prohibitions related to transactions with affliates.
34. Trust – 12 CFR Part 9 - The Office of the Comptroller of the Currency (OCC) is
amending its rules governing national banks' fiduciary activities by issuing an interpretive
ruling to clarify the types of investment advisory activities that come within the scope of
these rules. This action will assist banks in determining the extent to which their investment
advisory activities are subject to the OCC's fiduciary rules.
1996 Revision of 12CFR Part 9
On December 30, 1996, the OCC issued a final rule revising 12CFR part 9, effective January
29, 1997 (61 FR 68543). Among other changes, the final rule revised the terms that specify
the types of activities governed by part 9. In particular, the final rule replaced the former
regulation's terms ``fiduciary'' and ``managing agent'' with the term ``fiduciary capacity,''
found at Sec.9.2(e). Under the revised part 9, if a national bank acts in a fiduciary capacity
while engaging in an activity, then part 9 governs that activity. One of the fiduciary
capacities set forth in Sec.9.2(e) is `ìnvestment adviser, if the bank receives a fee for its
investment advice.'' The concept of investment adviser for a fee is new to part 9, and the
OCC's addition of this term to the list of fiduciary capacities raised questions from the
banking industry about what activities entail providing investment advice for a fee.
(The information above was taken from the Office of the Comptroller of the Currency Web
site on January 12, 2000 - http://www.occ.treas.gov/ftp/regs/part9fr.txt)
227
228
BIBLIOGRAPHY
1. Cannon Financial Institute, Inc., Internal Audit II, University of North Carolina-Charlotte,
1999.
228
229
STUDY QUESTIONS FOR VOLUME 2: BANKING INDUSTRY
1. During an audit of Common Trust Funds, which of the following conditions is most
likely to be cause for concern?
A. The public accounting firm certifying your bank’s financial statements also
performs an independent audit of the fund.
B. An outside counselor is providing advice to the fund for a fee.
C. A fee is charged for the internal audit of the plan.
D. The fund valuation is only being performed on a quarterly basis.
2. If a corporation has a liability sensitive gap in a rising interest rate environment, which
of the following would be considered an appropriate hedging strategy to prevent a
decrease in net interest income?
A. Do nothing.
B. Purchase an interest rate floor.
C. Enter into an interest swap to receive fixed and pay floating rate payments.
D. Enter into an interest rate swap to receive floating and pay fixed rate payments.
3. The Bank Secrecy Act uses the term “structure” or “structuring” to refer to
A. balancing cash in with cash out for a specific account or group of accounts to
avoid reporting requirements.
B. granting exemptions to qualified businesses based on their demonstrated normal
levels of cash business.
C. providing two or more layers of review for compliance with reporting
requirements.
D. conducting currency transactions in a manner to avoid reporting requirements.
4. Which of the following is most susceptible to credit risk?
A. OREO
B. Commercial loans
C. Deposit accounts
D. Investment portfolio
229
230
5. In a lease agreement that transfers the risks and rewards from the lessor to the lessee,
how should the lease be treated?
A. As a sale of the lessor and a purchase by the lessee

B. As a lease by the lessor and a purchase by the lessee
C. As a sale by the lessor and a lease by the lessee
D. As a lease by the lessor and a lease by the lessee
6. In which of the following situations would the OCC require, for regulatory financial
reporting purposes, that securities sold under a repurchase agreement (repo) be
recorded as sales (or purchases)?
I. The repo matures at the same time as the underlying security.

II. The market value of underlying securities is greater than 100% of the principal of
the repo.
III. The repo has a maturity date that exceeds 50% of the remaining maturity of the
underlying security on the date the repo is entered into.
IV. The underlying securities are physically transferred between the parties to the
repo on the start and maturity dates of the transaction.
A. I and III only

B. I and IV only
C. II and IV only
D. II, III and IV only
7. The money supply (M1) includes
A. currency only.
B. currency and checking accounts only.
C. currency, checking accounts, and non-checking savings deposits.
D. currency, checking accounts, and money market mutual funds.
230
231
8. Which of the following are members of the Federal Financial Institutions Examination
Council (FFIEC)?
I. Federal Reserve Bank

II. Securities and Exchange Commission
III. Office of the Comptroller of the Currency
IV. National Credit Union Administration
A. I, II and III only.

B. I, II and IV only.
C. I, III and IV only.
D. II, III and IV only.
9. During a review of dormant savings accounts, which of the following procedures would
you be most likely to consider a concern?
A. Positive confirmations are sent just prior to accounts going dormant.

B. The activity date used to determine dormancy is updated by internal debit memos.
C. Accounts are automatically coded dormant status after two years with no activity.
D. Signature cards for dormant accounts are segregated and placed under dual
control.
10. Mortgage servicing rights derive their value from which of the following?
I. servicing fee income

II. payment “float”
III. prepayment charges
IV. late payment charges
A. III and IV only

B. I, II and III only
C. I, II and IV only
D. I, II, III and IV
231
232
VOLUME III
INSURANCE
232
233
CORE COMPETENCY NUMBER THREE:

INSURANCE INDUSTRY
UNIT 1: APPLICATIONS/PROCESSES
This unit covers the common applications and processes associated with the operation and
management of insurance companies. These applications and processes include marketing, sales,
and distribution; underwriting; reinsurance; actuarial; claims; financial reporting; compliance;
investment operations; risk management; premium audit; and administration.
A. Marketing, Sales, and Distribution Systems
1. Marketing is the process of identifying customers and developing products and processes to
meet their needs. Sales is the process of agents addressing potential customers and writing
applications for new policies.
2. An insurance company is considered authorized or admitted if it holds a valid certificate of

authority from the insurance department in the state in which it does business. An
unauthorized or non-admitted insurance company does not qualify for a certificate of
authority.
3. Agents are insurance company representatives with the authority to sell the company’s
products. Agents must be licensed in the state in which they do business. Most agents
conduct business through authorized companies. Captive agents, also known as exclusive
agents, represent one company exclusively. Independent agents represent more than one
company. Captive agents who work out of a field office are known as a company’s field
force. However, some agents, known as detached agents, work out of a private office or
their home.
4. Insurance brokers work for insureds rather than for a specific company. The function of an
insurance broker is to choose the best coverage available to meet a client’s needs.
5. The following are examples of illegal sales practices:
a. Misrepresentation occurs when agents make false or misleading statements in an

attempt to encourage an individual to buy a policy. Agents are also forbidden from
guaranteeing policy dividends.
233
234
b. Twisting occurs when an agent purposefully misguides an individual into canceling

one policy and purchasing a new one.
c. Rebating occurs when an agent agrees to give an individual a share of the commission
as an incentive to buy a policy.
6. A distribution system is the network of individuals and organizations that perform the
marketing activities required to convey the insurer’s products to its customers. There are two
commonly used distribution systems in the insurance industry:
a. Personal selling distribution systems market products by using sales representatives

to make face-to-face presentations with prospective clients. Sales representatives
working in personal selling distribution systems are paid by commission or salary or a
combination of both. A major type of personal selling distribution system is the
agency-building distribution system. Two common agency-building distribution
systems include ordinary and multiple-line:
1. The ordinary agency system (also known as the career agency system) uses
agents usually working out of a company’s branch offices to sell policies.
2. The multiple-line (or all-lines) agency system uses agents who sell the
policies of a group of affiliated companies.
b. Direct response distribution systems use telemarketing, direct mailings, and other
advertisements to solicit potential customers. Clients purchase policies and file
claims directly with the company rather than through a sales representative.
B. Underwriting
1. Underwriters evaluate insurance applications and determine the degree of risk they present to
the insurer. The function of the underwriter is to determine acceptable risks and to calculate
appropriate premiums.
2. In attempting to assess acceptable risks, underwriters review information about the proposed
insured that is contained on the insurance application prepared by the insurance agent
(sometimes also referred to as a field underwriter). A health insurance application, for
example, should contain specific information about the proposed insured’s medical history,
including specific diagnoses, treatments, and medications.
3. Underwriters may conduct physical inspections to ascertain hazards affecting property and
casualty applications.
4. Underwriters may obtain information about an applicant’s finances or background by

reviewing consumer credit reports.
234
235
5. Many insurance companies improve the efficiency of the underwriting process by using jet
screening, which uses trained personnel to quickly approve applications that clearly meet
acceptable criteria, or computer screening, which uses computer programs to screen
applications.
6. Underwriters assign applicants to a risk class. Common risk classes include standard,
preferred, nonsmoker, substandard, and uninsurable. However, each insurer has its own risk
classes and acceptable levels of risk. Rates are often developed by assessing the loss history
for a particular class. Underwriters also use judgment to assess appropriate premium levels.
7. Auditors can judge the quality of the underwriting function by reviewing loss and expense
ratios. A loss ratio is calculated by dividing losses by total premiums earned. Loss ratios
can be calculated by account, by line of insurance, by agency or agency, or for all business
written by an insurer. An expense ratio is calculated by dividing an insurer’s total written
operating expenses by total premiums. The insurer breaks even when the combined loss and
expense ratio is 100%, excluding investment income. An underwriting loss is experienced
when the combined ratio exceeds 100%, and an underwriting gain occurs when the combined
ratio is less than 100%.
C. Reinsurance
1. Reinsurance occurs when an insurance company buys insurance from another company. The
reason a company buys reinsurance is to cover part of all of the risk it has undertaken.
Insurance companies typically reinsure their policies either because an applicant wants a
larger death benefit or presents a greater risk than the insurer can safely assume.
2. The company reinsuring its risks is the ceding company, or direct writing company. The
company accepting the risk is the reinsurer or assuming company. The reinsurance contract
is called the reinsurance treaty. An automatic reinsurance treaty allows the reinsurer to
provide reinsurance automatically for all amounts in excess of the ceding company’s
retention limit up to a specified amount, known as the automatic binding limit. A facultative
reinsurance treaty allows to reinsurer to make an underwriting decision for each risk sent by
the ceding company.
3. The ceding company often sets a retention limit, which is the maximum amount of insurance
that a company will carry at its own risk. Any amount exceeding the retention limit is
reinsured. The reinsurer also sets a retention limit, and the excess beyond that limit is ceded
to another reinsurer. This process is called retrocession. The company that accepts the risk
of another reinsurer is the retrocessionaire.
4. There are two major types of reinsurance plans: proportional and non-proportional. In a
proportional reinsurance plan, the reinsurance treaty specifies the proportions of risk that the
ceding company and the reinsurer will bear. In a non-proportional reinsurance plan, the
reinsurance treaty does not specify the proportions of risk carried by each company.
235
236
Individual insurance typically uses proportional reinsurance plans, and group insurance
typically uses non-proportional reinsurance plans.
5. There are three types of proportional reinsurance:
a. Under yearly renewable term (YRT) plans, also known as risk premium reinsurance
(RPR) plans, the ceding company purchases yearly renewable term insurance from
the reinsurer in the amount being reinsured.
b. Under a coinsurance plan, the ceding company pays the reinsurer part of the premium
paid by the insured and the reinsurer in turn agrees to pay the ceding company part of
the death benefit when a claim is filed.
c. Under a modified coinsurance (modco) plan, the provisions are similar to a

coinsurance plan, except that the ceding company holds the reserves for the entire
policy.
6. There are two types of non-proportional reinsurance plans:
a. Under a stop-loss reinsurance plan, also known as an excess-loss plan, the reinsurer
agrees to pay a percentage of all claims paid by the ceding company that exceed a
specified amount in a certain period.
b. Under a catastrophic reinsurance plan, the reinsurer agrees to pay losses in excess of
the plan deductible when more than a specified minimum number of claims result
from a single accidental occurrence, such as a hurricane or earthquake. The
reinsurer’s liability is limited to a maximum amount per catastrophe.
D. Actuarial
1. Actuaries apply mathematical and statistical principles to calculate and predict death rates,
illness rates, injury rates, insurance rates, expected loss ratios, expenses, and other statistical
projections.
2. Actuaries also conduct research on short- and long-term trends in interest rates, policy lapses,
and policy loans. They are also responsible for calculating the value of the company’s
reserve liabilities.
E. Claims
1. The claims function is concerned with ensuring that claims are paid promptly and correctly to
the claimant (e.g., the insured or its beneficiaries).
236
237
2. Claim specialists (commonly referred to as claim examiners or claim analysts) consider

information related to the approval or denial of a claim. Claim specialists should be trained
to recognize instances of insurance fraud or improper claims.
3. The insured is generally responsible for notifying the insurer in writing when a loss occurs.
Most policies outline the proper procedures for filing a claim. There may be time limits
regarding when a claim can be filed.
4. Depending on the type of claim, the insured may be required to file a signed proof of loss
statement. Insurers may also require additional evidence, such as a death certificate or a
physician’s statement, before approving a claim. Some property insurance policies may
require the insured to have an appraisal of the property before a claim is paid.
5. Arbitration is often used to settle claims when the insured or insurer cannot agree on the
amount of loss.
6. The claims department considers the following questions when reviewing claims:
a. Did a loss occur?
b. Was the loss covered by the policy?
c. Was the policy in force when the loss occurred?
d. Was the insured covered by the policy?
e. How much is payable to the insured or beneficiaries?
f. Who are the beneficiaries?
7. Questionable claims may be subject to a claim investigation. The purpose of a claim

investigation is to gather additional information related to the claim. Insurance companies
decide on a case-by-case basis whether an investigation is necessary. Risk factors that may
signal a need for an investigation include the amount of the claim, the nature of the loss, the
presence of conflicting information, and the length of time the policy was in force.
8. For life insurance policies, when no clear beneficiary can be determined, the insurance
company may file a bill of interpleader with a court. The interpleader allows the company to
pay the policy proceeds to the court, and then the court decides how to settle the claim.
9. Health insurance claims may be subject to the following provisions:
a. Exclusions: Expenses that the policy does not cover. These may range from
cosmetic surgery to self-inflicted injuries.
237
238
b. Waiting Periods: A prescribed amount of time after the policy is issued before
medical expenses are covered.
c. Pre-existing Conditions: Injuries or medical conditions that are excluded from

coverage because they occurred before the policy was issued.
d. Deductibles: An amount the insured must pay before any medical expenses are
covered.
e. Co-payments: The percentage of expense that the insured must pay. For example,
many policies require the insured to pay 20 percent of covered expenses, plus any
deductible amount. The insurance company agrees to pay the remaining amount for
covered expenses.
f. Coordination of Benefits Clause: Prevents the insured from receiving more than 100
percent of medical expenses incurred in cases where the insured has more than one
medical policy. The coordination of benefits clause designates a primary provider.
After the primary provider pays its share of the claim, the insured may file a claim for
the remaining amount with the insurers on the other policies.
10. Occasionally, independent agents will fail to inform the insurance company that a customer
requests specific coverage. This scenario would result in a customer incorrectly believing
that they are covered for a specific occurrence. If such a loss occurs, the insurance company
will deny the claim. However, most companies will still reimburse the customer and charge
the amount to the agency’s errors and omissions policy.
F. Financial Reporting
1. Financial reports help the insurance company monitor its financial position and plan its
operations. Industry analysts, brokerage houses, and private investors use financial
information to evaluate a company’s performance relative to other companies in the industry.
Insurance regulators and the National Association of Insurance Commissioners (NAIC) also
use financial information to analyze a company’s financial position.
2. Types of financial reports and analyses used in the insurance industry include:
a. Audited financial statements
b. Stockholder reports
c. Comparison of financial results in two or more financial periods
d. Comparison of one company’s financial results to another company
e. Comparison of sales to sales goals
238
239
f. Comparison of actual expenses to budgeted expenses
g. Comparison of claims paid to projected claim expenses
3. Budgets are a plan for allocating financial resources during a specific period. The purpose of
budgeting is to assist management in planning the company’s operations. There are several
types of budgets:
a. Cash receipts and disbursements budgets are used to monitor cash flow.
b. Capitol expenditure budgets are used to allocate funds for major purchases.
c. Revenue budgets project income for the coming year. Insurance industry revenue
consists primarily of premium receipts and investment income.
d. Expense budgets project the company’s possible expenses from items such as claims,
policy dividends, policy loans, sales expenses, and administrative expenses.
4. In order to reduce the risk of insolvency, insurance companies must adhere to capital and
surplus requirements. These limits are set by states to define the insurer’s capacity or limit
on the amount of business that the company may own. Without these limits, insurers might
assume an amount of risk beyond their capacity to pay claims.
.
G. Compliance
1. The legal department is assigned the responsibility of ensuring that the company’s operations
comply with applicable laws and insurance regulations. Insurance companies typically have
legal responsibilities to insureds, beneficiaries, stockholders, employees, and regulative
agents.
2. Individual state governments have the primary responsibility for regulating the insurance
industry. Each state has its own insurance laws governing financial stability, insurance
products, and general business conduct. State insurance laws are known collectively as
insurance law.
3. The courts regard insurance policies as legal contracts. The legal department assists in
resolving contract disputes related to insurance policies. There are four elements that
constitute a legal, binding contract:
a. Agreement: A valid contract involves one party making an offer and the other party
accepting that offer. The contract is not considered valid if fraud, undue influence, or
duress are used in securing the agreement of another party.
239
240
b. Consideration: A valid contract involves each party giving something of value. This
exchange of value, or consideration, may take the form of money, action, or promise.
For insurance contracts, the insured’s consideration is the payment of premiums and a
promise to fulfill the conditions of the contract, and the insurer’s consideration is the
promise to pay after a loss occurs.
c. Competent Parties: A valid contract must involve legally competent parties. Types
of parties typically considered not legally competent to enter into contracts include
minors, people with mental impairments, and people under the influence of alcohol or
drugs. An adult parent or guardian is usually required to sign a minor’s insurance
application in order to avoid any legal confusion.
d. Legal Purpose: A valid contract must have a legal purpose, and every insured must
have a valid insurable interest. For example, insurers cannot issue polices to cover
intentional or criminal actions.
4. The legal department is responsible for these other duties:
a. Reviewing policy drafts to ensure they comply with applicable laws and regulations
b. Assisting the claims department in resolving settlement disputes
c. Drafting agreements that outline the relationship and responsibilities of the company
and its agents
d. Applying securities laws that govern the company’s sale and purchase of stocks and
bonds
e. Applying real property laws that govern the company’s investments in real estate
f. Applying employment laws that govern employee rights and collective bargaining
agreements
g. Interpreting tax laws that apply to employee benefits and settlement payments
h. Applying corporate laws to proposed mergers and takeovers
i. Initiating or responding to litigation
H. Investment Operations
1. Most commercial insurance companies are owned by stockholders and are known as stock
companies. Some life, health, or property/casualty companies are set up as mutual
companies that are owned by policyholders. These insurance companies invest billions of
dollars of corporate assets each year. Proper management of these investments is of prime
240
241
importance to policyholders and stockholders. The performance of these investments can

also affect the premium prices that a company charges for its insurance products.
2. Many insurance companies employ an asset manager to manage all of the company’s assets,
including its investment portfolio. The investment portfolio is the aggregate name for the
company’s investments in stocks, bonds, mortgages, and real estate. Instead of hiring an
asset manager to manage all assets, some companies use a portfolio manager to focus only
on the assets in the investment portfolio.
3. The need for a company to produce high investment returns is mitigated by the need to
minimize the risk of financial loss. Consequently, the board of directors of an insurance
company typically appoints members to serve on an investment committee or finance
committee. The purpose of the investment committee is to develop general investment
policies for the company. Company executives or influential stockholders may also serve on
the investment committee as outside directors.
4. Specific functions of the investment committee may include setting:
a. Investment objectives, including desired rates of return
b. Acceptable risk levels for investments to help ensure the safety of assets
c. Specific types of approved and forbidden investments
d. Dollar levels that investment personnel can approve at various levels of authority
I. Risk Management
1. The concept of insurance is based on the fact that there is risk that the thing being insured
will be lost, destroyed, damaged, injured, or adversely affected in some other way. Insurance
is a method of transferring, for a fee, the financial responsibility for the risk to another party.
2. Transferring risk through insurance is not the only method of reducing risk. Risk can be
avoided by removing the exposure through change (such as changing a behavior or removing
a hazard). Risk can also be reduced (such as by implementing additional controls).
Companies and individuals may also choose to retain a portion of the risk through the use of
deductibles or co-payments.
3. Insurance companies assist individuals in managing personal risk through risk pooling. Risk
pooling is based on fact that the probability of any one type of loss occurring for a given
individual is small. Therefore, insurers can insure a large number of people against a given
peril, based on the knowledge that only a small percentage of those insured will ever file a
claim for that particular peril. For example, of the many people who buy earthquake
insurance, only a small percentage will suffer earthquake damage to their property.
However, earthquake insurance will cost more in high-risk areas.
241
242
4. Underwriters and actuaries help insurance companies assess risks. These functions are
discussed elsewhere in this CFSA Study Guide.
J. Premium Audit
1. Premium auditing focuses on the billing and collection processes. Specifically,

auditors/accountants should determine that the premium billings are timely and accurate, and
that collections are properly recorded in accounting statements and on policyholders’ records.
2. Insurance companies collect premiums in a variety of ways. Traditionally, policyholders

receive premium notices and pay one premium at a time by mail. Insurance companies now
often use a preauthorized payment system or a lock-box system to collect premiums. Under a
preauthorized payment system, policyholders authorize the insurance company to withdraw
premiums from their savings or checking accounts. The premium withdraw under a
preauthorized payment system is often done via an electronic funds transfer (EFT) system.
Under a lock-box system, payments are sent to a post office box accessible by the bank. The
bank collects the checks for the insurance company and deposits them directly into the
company’s account.
3. Group insurance billing plans can be self-administered or insurer-administered. Under a self-

administered billing plan, the policyholder performs most of the administrative functions,
such as keeping the group’s records and processing required paperwork. The insurance
company performs these functions, as well as calculating and mailing monthly premium
statements to the policyholder, under an insurer-administered billing plan.
K. Administration
1. The customer service department is responsible for the day-to-day administration of

insurance policies. The functions of the customer service department may include providing
general assistance to customers, making changes requested by policyholders, calculating and
processing policy loans and dividends, and sending premium notices and collecting
payments.
2. Specific policy changes that policyholders can request include:
a. Conversion privilege. Members under group policies often have the right to convert
to individual coverage. The customer service department is often charged with
administering the conversion and adjusting premiums if necessary.
b. Supplementary Benefit Riders. When a policyholder’s coverage is specifically

expanded or limited, a rider is issued to describe the change. The rider becomes part
of the insurance contract. The customer service department is often charged with
evaluating requests for supplementary benefits riders. Factors considered include
242
243
type and amount of coverage currently in force, type and amount of extra coverage
requested, risk factors associated with the policyholder, and length of time since the
policy was issued.
c. Reissues. Policies are occasionally reissued for various reasons. For example, a
policy would be reissued if the original policy contained an error or omission.
Policies may also be reissued in order to reduce the death benefit amount or to change
insureds. Insured changes usually occur when a key person insured by an
organization terminates employment; insurance companies often reissue these
policies under the name of the new key person. Responsibility for reissuing policies
often rests with the customer service department.
3. The customer service department must ensure that several factors are met when considering
the reinstatement of lapsed policies:
a. The policyholder must submit a written request within a specified time period,
usually no more than five years after the policy lapsed.
b. The policyholder must repay all unpaid premiums, including any interested charges
assessed by the insurance company.
c. Any loans against the policy must be repaid or restored.
d. The policyholder must show evidence of insurability.
4. When a policyholder initiates the replacement of an old life insurance policy with a new life
insurance policy, the customer service department must determine the policy’s final cash
value by adding any accumulated dividends and subtracting any loan amounts payable.
243
244
UNIT 2: LAWS AND REGULATIONS
The insurance industry is regulated by state governments, the federal government, and non-
governmental entities. The major regulations and regulatory entities affecting the insurance
industry are described below.
A. The McCarran-Ferguson Act (Public Law 15)
1. The McCarran-Ferguson Act was passed in 1945.
2. The Act allowed states to retain the right to regulate the insurance industry.
3. The Act allowed the federal government to assume regulation of the insurance industry if
Congress feels that state regulation is inadequate or does not serve the public interest.
B. State Insurance Commissions
1. Because the states regulate the insurance industry, each state must have an insurance
commission.
2. Each state’s insurance commission holds legal authority over insurance company operations.
3. Each state’s insurance commission is directed by a state insurance commissioner,

superintendent, or director.
4. The responsibilities of state insurance commissions include:
a. Make the state’s insurance rules and regulations
b. Authorize companies to operate in the state thorough the issuance of licenses and
certificates of authority
c. Issue licenses to insurance agents
d. Hold hearings and suspend or revoke licenses or certificates of authority
e. Review insurance companies’ financial statements
f. Verify that policy forms meet all requirements and contain all provisions and
disclosures
244
245
g. Ensure insurance company compliance with reserve requirements and investment

guidelines
h. Receive and follow-up on consumer complaints
C. The National Association of Insurance Commissioners (NAIC)
1. The NAIC is a non-governmental organization comprised of the various state insurance

commissioners, superintendents, or directors.
2. A major function of the NAIC is to encourage uniformity among state insurance departments
through the development of model bills and regulations. However, the NAIC has no direct
regulatory authority.
3. The NAIC Financial Regulation Standards (adopted September 1989) recommend minimum
levels of resources and authority necessary for effective solvency regulation.
4. The NAIC Financial Regulation Standards and Accreditation Program (adopted June 1990)
set up a system of peer review among state insurance commissions.
5. The NAIC created a zone system to streamline the financial examination of companies
operating in more than one state. The NAIC divided the United States into four zones
(western, midwestern, northeastern, southeastern). Each zone has a pool of examiners
supplied by the each state’s insurance commission within the zone. The following guidelines
apply to insurance company examinations:
a. The examiner-in-charge must be from the company’s home state.
b. Examiners from other states in the zone may also participate in the examination.
c. A zone examiner may be assigned from any zone in which a company receives as
much as $1 million premiums or more than 20 percent of its total premiums.
d. Insurance companies are usually examined once every three to five years.
e. A written report of the examination must be issued.
f. The home-state commissioner is responsible for resolving any disagreements that

arise between the examiners and the company regarding the content of the final
report.
g. The final report of the examination is a matter of public record.
245
246
D. The Securities and Exchange Commission (SEC)
1. The SEC has regulatory authority over investment products. Investment-based life insurance
products or variable insurance products include annuities, variable life insurance, and
variable universal life insurance. These products, which are also known as non-guaranteed
products, are considered speculative because the cash value or benefit level can change
relative to the performance of the insurer’s investments.
2. Insurers that sell investment-based insurance products must comply with federal laws that
govern securities.
3. Agents selling investment-based insurance products must be certified by the SEC, be

licensed as a broker/dealer with the National Association of Securities Dealers (NASD), an be
licensed as a state insurance agent.
E. Employment Retirement Income Security Act (ERISA)
1. ERISA is a federal law that governs welfare benefit plans and employer-sponsored retirement
plans.
2. ERISA defines a welfare benefit plan as any plan an employer establishes to provide certain
benefits to plan participants and their beneficiaries. ERISA requires that welfare benefit
plans have a written plan document that describes the benefits of the plan, how the plan will
be funded, and how the plan will be amended if necessary. The written plan must also name
the fiduciary responsible for managing the benefit plan. A fiduciary can be held personally
liable for any losses that result from a failure to follow guidelines set in ERISA.
Welfare Benefit Plans are subject to ERISA if they offer any of the following benefits:
a. Medical, surgical, or hospital care benefits
b. Sickness, accident, disability, death, or unemployment benefits
c. Vacation benefits
d. Day-care benefits
e. Scholarship funds
f. Prepaid legal services
g. Apprenticeship or training programs
h. Certain benefits, which includes severance benefits and housing benefits, described in
the Labor Management Relations Act
246
247
ERISA requires that a summary plan description be provided to each plan participant and to
the Department of Labor. Each plan participant and the Department of Labor must also be
informed of any significant changes to the plan. ERISA also requires that plan administrator
file the plan’s annual report with the Internal Revenue Service.
3. ERISA contains standards that all retirement plans must meet. Major requirements of
ERISA include:
a. Qualified retirement plans are prohibited from discriminating in favor of highly paid
employees.
b. A participant’s right to receive benefits must vest within a specified period after the
participant becomes eligible to join the plan. Participants are vested when they can
receive partial of full benefits even if they terminate employment prior to retirement.
c. Fiduciaries must ensure the safety of the plan’s assets.
F. State Model Laws
1. The National Association of Insurance Commissioners (NAIC) develops model laws to

encourage uniformity among states.
2. As the NAIC has no regulatory authority, states may adopt the model laws as written or they
may modify them to meet their specific situation.
3. Examples of NAIC model laws include:
a. Uniform Individual Accident and Sickness Policy Provision Law (Individual Health
Insurance Model Law), which is designed to regulate individual health insurance
policy provisions
b. Group Health Insurance Definition and Group Health Insurance Standard Provisions
Model Act (Group Health Insurance Model Act), which defines eligibility for group
health insurance and outlines specific policy provisions
c. Group Life Insurance Model Act, which provides guidelines for regulating group life
insurance programs
d. Model Health Maintenance Organization (HMO) Act, which lists requirements for
qualifying as an HMO
e. Model Claims Settlement Act, which lists unethical practices for claims personnel
247
248
f. Group Health Insurance Mandatory Conversion Privilege Model Act, which allows
insureds under group health policies to convert to an individual health insurance
policy if either their employment or the group contract terminates
g. Model Newborn Children Bill, which requires policies covering dependent children to
also extend coverage to newborn children of the insured.
h. Group Coordination of Benefits Regulations and Guidelines, which establishes

uniform overinsurance provisions to allow for expedited payment of claims and
conflict resolution when the insured has duplicate coverage by more than one insurer
248
249
UNIT 3: PRODUCTS
This unit is divided into two sections. The sections cover the two basic categories of insurance
products: (1) life, pension, and annuity and (2) property and casualty.
LIFE, PENSION, AND ANNUITY PRODUCTS
I. INDIVIDUAL INSURANCE
Some people do not qualify for group insurance policies. These individuals must purchase
individual insurance policies. In an individual insurance policy, the contract between the insurer
and the insured describes applicable coverages, exclusions, and benefits that are specific to the
individual policy. This section looks at four types of individual insurance: whole life, term life,
universal life, and endowments.
A. Whole Life Insurance
1. Whole life insurance offers lifetime coverage at a level premium rate that does not increase
as the insured ages. Whole life policies accrue a cash value that the insurer must surrender to
the policyholder if the policy does not remain in force until the policyholder’s death. The
actual cash value payable to the policyholder in this circumstance would be less any
surrender charges or policy loan repayments outstanding. The cash value usually does not
equal the face amount of the policy until the policyholder reaches the age at the end of the
mortality table used to calculate the premiums for the policy, usually age 99 or 100. At that
time, the insurance company usually pays the policyholder the full face amount of the policy,
even if the policyholder is still living.
2. Whole life policies are classified as continuous premium policies (or straight life policies),
limited payment policies, or single premium policies. Premiums are payable under
continuous premium policies until the death of the insured. Because premiums are payable
for a longer period, each premium payment is lower than for limited payment policies.
Premiums for limited payment policies are payable for a stated period (for example, 20 years
from the policy’s inception or until the insured reaches a certain age) or until the death of the
insured, whichever comes first. Single premium policies require only one premium payment.
3. Modified premium whole life policies have premium payments that change during the life of
the policy. Typically, premium payments increase at specified intervals (for example, every
five years) during the life of the policy. This allows young policyholders to purchase a
higher level of coverage than they may otherwise be able to afford.
249
250
4. Joint whole life policies (or first-to-die policies) insure two lives under one policy. Death
benefits are paid to the surviving insured. The surviving insured usually has the option of
purchasing an individual whole life policy of the same face amount without providing
evidence of insurability.
5. Last survivor life insurance policies (or second-to-die policies) pay benefits only after both
insureds covered by the policy have died. Married couples typically use this type of policy to
pay estate taxes after they die.
B. Term Life Insurance
1. Term life policies provide a death benefit when the insured dies during a specified period.
The term of this type of policy is usually not less than one year, but may be up to 40 years or
more. Term life provides only temporary protection because coverage ends at the end of the
term of coverage stated in the policy.
2. Level term life insurance policies provide the same level of death benefit throughout the term
of the policy. The premium for a level term policy usually stays the same throughout term of
coverage.
3. Decreasing term life insurance policies provide decreasing policy benefits over the term of
coverage. The policy’s death benefit begins at a set value and gradually decreases to a level
stated in the policy. For example, a $50,000 five-year policy might decrease to $40,000 in
benefits payable the second year, to $30,000 the third year, to $20,000 the fourth year, and to
$10,000 in the final year. At the end of the fifth year, the policy expires. Premiums for
decreasing term policies usually remain level throughout the term of coverage.
4. Increasing term life insurance policies provide an increasing amount of death benefit
throughout the life of the policy. Premiums for increasing term life policies usually increase
during the term of coverage.
5. Term policies often contain provisions that allow the policyholder to keep life insurance
coverage after the policy expires. Renewable term insurance policies contain a renewal
provision that allows the policyholder to renew the term policy at the end of the term.
However, the premium rate increases when the policy is renewed. Convertible term life
insurance policies contain a conversion privilege that allows the policyholder to convert the
term policy to permanent coverage without providing evidence of insurability. Therefore, an
increase in the premium for the permanent coverage cannot be based on level of the insured’s
health, even if the insured has serious health problems. Some insurers reduce their risk by
not permitting conversions after a specific age, such as 55. When term policies are converted
under an attained age conversion, the renewal premium is based on the insured’s age at the
time of conversion. On the other hand, original age conversions base the premium for
permanent coverage on the insured’s age at the time the original term policy was purchased.
250
251
C. Universal Life Insurance
1. Universal life insurance is a form of permanent life insurance that has flexible premiums,
flexible face amounts, and separate pricing for the three major pricing categories:
a. Mortality charges based on the insurer’s risk classification
b. Interest rate paid on the cash value
c. Expenses associated with administering the policy
2. Purchasers of universal life policies specify the policy’s face amount and whether the death
benefit will be level or vary as the policy’s cash value changes. Under level death benefit
policies the death benefit payable equals the policy’s face amount. Under variable level
death benefit policies the death benefit is equal to the policy’s face amount plus any
accumulated cash value.
3. Within limits, universal life policyholders can choose how much to pay for initial and
subsequent premiums. Insurance companies set maximum payment amounts to maintain the
policy’s status as a contract, as well as minimum initial payment amounts. However, the
policy will remain in force, even if no premiums are paid, as long as the cash value is large
enough to pay the periodic charges assessed by the insurer.
4. Universal life insurance policies accumulate cash values that are tax deferred.
D. Endowment Insurance
1. Endowment insurance provides a specified benefit amount in either of the following cases:
a. If the insured survives to the maturity date of the policy
b. If the insured dies before the maturity date of the policy is reached
Policy maturity dates may be set either when the insured reaches a certain age (e.g., age 65)
or after a stated period of time has elapsed (e.g., 20 years) from the date the policy is issued.
2. Endowment policies are similar to permanent life insurance policies in that premiums are
usually level throughout the term of the policy and the policies build cash values. However,
an endowment policy builds cash value more rapidly than a comparable whole life policy.
This is because the reserve and cash value of an endowment policy usually equals the
policy’s face amount on the policy’s maturity date, which is typically for a much shorter
period than for a whole life policy. Whole life policies do not accrue a reserve and cash
value equal to the face amount until the insured reaches the age at the end of the mortality
table used to calculate the policy’s premium (usually age 99 or 100).
251
252
II. GROUP INSURANCE
Insurance that employers provide to employees through an employee benefit plan is known as
group insurance. This section covers the many types of group insurance including life
insurance, accident and health, accidental death and dismemberment, disability, and dental. Also
covered are the different ways to administer group insurance including health maintenance
organizations, managed care, utilization management, preferred provider organizations, and
administrative service only.
All members of a group insurance plan (group insureds) are covered under a single contract,
known as a master group insurance contract. The employer or entity purchasing the group
insurance is known as the group policyholder. In a noncontributory plan, group insureds do not
pay any premium for the coverage. In a contributory plan, group insureds pay a premium in
order to receive coverage under the plan, typically through a payroll deduction.
A. Life Insurance
1. The provisions of group life insurance policies are similar to those found in individual life
insurance policies. For example, group life policies usually include provisions for eligibility
requirements and termination clauses.
2. Group policies usually contain a benefit schedule that is used to determine the amount of life
insurance for group insureds and their dependents covered under the plan. The coverage
amounts may be determined by a formula, such as a multiple of the employee’s salary, or it
may be set in the policy (e.g., X amount for all group insureds or X amount for all group
insureds in a specific job classification). A group policy cannot describe coverage amounts
for specific individuals.
3. Under all types of group life insurance policies, except creditor group life insurance policies,
each group insured can name a beneficiary who will receive the benefits payable when the
insured dies. The group insured also has the right to change the named beneficiary.
4. The National Association of Insurance Commissioners (NAIC) Model Act requires that
group life policies have a conversion privilege that allows a group insured whose group
coverage terminates to convert to an individual life insurance policy without providing
evidence of insurability. The amount of individual coverage the individual can purchase may
be limited to the amount of insurance held under the group policy. Insurance companies
must charge the standard premium rate that any individual of the insured’s sex and age would
normally pay for the type of policy being issued.
5. The NAIC Model Act requires that group insureds covered under a policy for at least five
years be given the right to convert to individual coverage if the group policy terminates.
Insureds are allowed a 31-day conversion period to purchase the individual insurance without
providing evidence of insurability. The maximum amount of individual insurance the
insured can purchase is the lesser of either $10,000 or the amount of coverage previously
held under the terminated plan minus the amount of group coverage for which the insured
becomes eligible for within 31 days of the policy termination.
252
253
6. If the insured dies during the 31-day conversion period before being issued an individual
policy, the NAIC Model Act requires that the insurer pay the insured’s beneficiaries the
largest amount the insurer would have issued as an individual policy to the group insured.
7. If an incorrect premium amount is paid because a group insured misstated his or her age, the
insurer will retroactively adjust the premium amount to reflect the insureds correct age.
8. Most group insurance policies are yearly renewable term (YRT) insurance plans. These
policies do not require insureds to provide evidence of insurability when the policy is
renewed each year. Also, YRT policies do not build cash values.
B. Accident and Health
1. A group heath insurance policy is a contract between an insurance company and the
employer or other group purchasing the policy. Employees or other individuals receive
specific benefits covered in the policy, but they are not issued individual policies. Optional
dependent coverage is usually available through group policies for an additional fee.
2. Group policies typically include a pre-existing condition provision that excludes coverage for
conditions that the individual received treatment for during specified period (often three
months) prior to the effective date of coverage. Some policies include exceptions to the pre-
existing condition provision which allow for coverage if the individual was not treated for the
condition for a specified period (e.g., for 3 consecutive months) or if the individual has been
covered under the group plan for a specified period (e.g., 12 months). Most policies also
waive the pre-existing condition provision if the group switches carriers and the member was
covered under the previous group policy.
3. Most group health policies contain a coordination of benefits (COB) provision to prevent
individuals covered under more than one plan from receiving benefits greater than the
expense incurred. The COB provision defines the group plan that will serve as a primary
provider and the one that will be the secondary provider. The primary provider is usually the
one that covers the individual as an employee rather than as a dependent. After the primary
provider pays all claims payable, the individual can submit any unpaid bills to the secondary
provider.
4. Most group health policies contain a conversion provision that allows an individual leaving
the group to purchase individual insurance without providing evidence of insurability. An
exception to the conversion provision applies to individuals who are changing jobs and are
being covered under another group policy. In these cases, purchasing individual insurance in
addition to the new group policy coverage may result in the individual being overinsured.
5. Most group disability income policies contain a physical examination provision that requires
a doctor to examine a claimant before a claim is paid. The insurer may also require the
claimant to undergo periodic examinations to verify that the disability still exists. The
insurer bears the cost of these examinations.
253
254
6. The cost of a group health insurance plan depends on the type of business in which the
members work, the ages of the group members, and the number of males and females in the
group.
C. Accidental Death and Dismemberment
1. Accidental death and dismemberment policies pay stated benefit amounts if the insured dies
as the result of an accident or if the insured loses limbs or eyesight.
2. Accidental death and dismemberment policies are usually low in cost.
3. Some accidental death and dismemberment policies only cover accidents that occur while an
employee is traveling on the job.
D. Disability Income
1. Disability income insurance is designed to provide income replacement for individuals who
become unable to work because of an illness or accidental injury. Short-term group
disability income coverage provides benefits for less than one year. Long-term group
disability coverage allows insureds to receive benefits for more than one year. Disability
income policies usually provide an incentive for the insured to return to work by providing
insureds less income than they received before they became disabled. The actual amount
payable is typically based on a percentage of the insureds pre-disability earnings or flat rate
determined when the policy is purchased.
2. In order to receive benefits, the insured must meet the total disability requirement specified
in the policy (although some disability income policies pay for partial disabilities). Most
policies initially define total disability as the inability of the insured to perform the duties of
his or her regular occupation. However, after a specified period following the incident that
caused the disability, insureds may be considered disabled only if they cannot work in any
occupation that they are reasonably fitted for by education, training, or experience.
Disability income payments made through group policies usually cease when the insured
returns to work in any gainful occupation.
3. Presumptive disability provisions allow the insured to be considered totally disabled if

certain conditions arise. Presumptive disability conditions typically include permanent
blindness, speech loss, or hearing loss. Insureds disabled in these ways receive full benefits
even if they resume employment in their former occupation.
4. Many disability income policies include a waiting period. The waiting period is a specified
time that must pass after a person becomes disabled before the insurance company begins
making benefit payments. The purpose of waiting periods is to reduce the need to pay for
disabilities that last only for a short period.
254
255
5. Disability income policies typically do not cover injuries that are intentionally self-inflicted
or those that are caused by active participation in a war or riot.
E. Dental
1. Most dental insurance is provided through group policies. Very few individual dental
policies are written.
2. Group dental policies emphasize preventative care such as examinations and x-rays. Most
group dental policies provide full coverage for examinations and preventative treatments, but
deductibles or co-payments generally apply to specific corrective procedures.
F. Health Maintenance Organizations (HMOs)
1. HMOs are governed by the HMO Act of 1973. An HMO is both an insurer and a provider of
health care services. In other words, HMOs serve two functions:
a. To pay insured’s medical expenses
b. To provide a medical network (e.g., doctors and hospitals) for medical care to plan
insureds, commonly known as HMO subscribers
Subscribers must receive their medical care from within their HMO’s network of providers.
2. HMOs pay for preventative care as well as medical treatments. Providers within the HMO
network are typically reimbursed a set fee for each service they provide, although some
physicians receive a salary. Additionally, HMOs often require subscribers to pay a co-
payment for some services.
3. Subscribers are usually required to select a primary care physician. The primary care
physician serves as the subscriber’s personal physician and refers the subscriber to any
specialists that are needed.
4. Open panel HMOs allow any qualified physician or provider to provide services to the HMO
members. Closed panel HMOs require physicians to belong to the group under contract with
the HMO before providing services to members.
G. Managed Care
1. Managed care is defined as an integrated method of financing and delivering health care.
HMOs contain many characteristics of managed care plans.
2. Managed care plans require insureds to receive care only from physicians or providers that
participate in the managed care network.
255
256
3. Managed care plans have fee arrangements that encourage providers to deliver the most cost-
effective care possible. In other words, patients’ overuse of medical services is discouraged
under managed care plans.
H. Utilization Management
1. Insurance companies and managed care plans use utilization management to ensure that
services provided to patients are appropriate and cost effective. The specific process of
reviewing a patient’s care is called a utilization review.
2. Utilization reviews begin with a preadmission certification. Except in cases of emergency,

insureds must have approval from their insurance company or care plan before being
admitted to a hospital. In emergency situations, insureds must make notification within 48
hours of admission or face reduced or lost benefits.
3. Utilization reviewers monitor the appropriateness of care while a patient is hospitalized. This
is known as a concurrent review.
4. After a patient is released, a retrospective review takes place. This review is designed to
catch billing errors and to identify excessive costs.
I. Preferred Provider Organizations (PPOs)
1. Preferred Provider Organizations are another form of managed care. PPOs are similar to
HMOs in that they contract with health care providers to deliver medical services.
2. Traditional PPOs offer coverage to subscribers who use out-of-network providers.

However, traditional PPOs typically reimburse at a lower rate when the subscriber uses an
out-of-network provider.
3. Increasingly common are gatekeeper PPOs, which require subscribers to choose a primary
care physician from within the PPOs network. Gatekeeper PPOs reimburse at a higher rate if
subscribers coordinate their care through their primary care physician.
4. Traditional PPOs pay providers on a fee-for-service basis. Gatekeeper PPOs pay providers a
flat amount, usually paid monthly, for each subscriber the provider serves (called a capitation
rate).
J. Administrative Service Only (ASO)
1. Some employers allow outside parties to administer their group insurance plans.
Administrative service only contracts allow an insurer or other third party administrator to
assume the administrative responsibilities of a group benefit plan.
2. Fees paid for administrative service only contracts are not subject to state premium taxes.
256
257
III. PENSIONS
Employers establish pension plans to provide employees with a monthly income benefit when
they retire. Many pension plans are funded at least in part by employee contributions. Most
pension plans are qualified pension plans. Individuals can also establish their own retirement
plans through products such as the individual retirement account (IRA).
A. Qualified Plans (tax implications, savings plans, qualification rules, nondiscrimination

requirements, vesting, fiduciaries, prohibited transactions)
1. Federal income tax laws provide tax benefits to employers that provide retirement plans to
their employees. Employees who contribute to qualified pension plans do not pay tax on the
contributions until the funds are withdrawn from the plan. Any retirement plan that is legally
authorized to receive these tax benefits is known as a qualified plan. The Internal Revenue
Service approves qualified plans entitled to receive favorable tax treatment.
2. Qualified plans that are funded at least in part by employee contributions are known as thrift
and savings plans. There is usually a limit on the amount that employees can contribute to
their retirement plans each period. Limits are usually set as a percentage of the employee’s
salary or at a specific amount or percentage based on the employer’s contributions.
3. A common tax-favored employee retirement plan is known as the 401(k) plan. Employee
contributions to 401(k) plans are not included as part of the employee’s gross taxable
income. However, funds are taxed when the employee withdraws them from the plan.
4. Individual retirement accounts (IRAs) are another type of retirement plan that receives
favorable treatment under federal income tax laws. Keogh plans are individual retirement
accounts that are specifically for self-employed persons. Individuals may establish their IRA
and Keogh accounts through insurance companies. The principle and interest in an IRA or
Keogh fund are not taxed until the funds are withdrawn.
5. The Employee Retirement Income Security Act (ERISA) regulates retirement plans in the
United States.
6. Qualified retirement plans have a nondiscrimination requirement that prohibits plan

administrators from discriminating in favor of highly paid employees.
7. Plan administrators must establish a minimum time in which an employee must be employed
before being vested in the plan. Vested employees are entitled to receive benefits even if they
terminate employment before retiring.
8. Individuals who administer qualified plans are considered to be fiduciaries or persons who
holds positions of trust. ERISA requires that fiduciaries act in the best interest of the plan.
Fiduciaries may be held criminally liable for any losses that occur because they did not
adequately perform their fiduciary duties.
257
258
9. ERISA imposes restrictions on certain investment transactions involving the assets of a

qualified plan. A primary goal of these restrictions is to ensure the safety of participants’
investments. An insurance company or a designated trustee is typically responsible for
investing the assets of qualified plans.
B. Annuities
1. An annuity is a series of periodic payments. The purchaser of the annuity (known as the
annuitant) typically pays a single premium (i.e., single-premium annuity) to the issuer, who
invests these funds for a stated period and at a stated interest rate (known as the accumulation
period). When the maturity date of the annuity arrives, the insurer begins making a series of
payments to the annuitant over a stated period (known as the payout period). Annuities are
considered to be the opposite of life insurance because annuities protect against the risk of
outliving one’s resources, whereas life insurance is a method for accumulating an estate.
2. The actual amounts of annuity payments are based on:
a. the amount of money invested
b. the interest rate
c. the length of time the principle has been invested
d. the number of annuity payments to be made
If the annuitant dies before payments begin, the insurer pays the annuity’s cash value to the
annuitant’s beneficiaries.
3. Annuities contain a withdrawal provision that allows the annuitant to withdraw a percentage
of the annuity’s accumulated value each year. There is usually a withdrawal charge only if
the annuitant withdraws more than the maximum withdrawal amount stated in the contract.
4. An annuitant can surrender the annuity in exchange for its cash surrender value, which
equals the accumulated value of the annuity minus any applicable surrender charges.
Surrender charges usually apply only if the annuity has not been in force for a minimum
period of time.
5. The payout period varies for each type of annuity. A life annuity provides benefits for at
least the life of the annuitant but perhaps for an additional period. A temporary life annuity
pays benefits for a specified period or until the annuitant dies, whichever comes first. An
annuity certain provides benefits for a stated period of time, regardless of whether the
annuitant lives or dies.
6. Single-life annuities cover a single individual. Joint and survivor annuities provide a series
of payments for two or more individuals until the last one dies.
258
259
7. Fixed annuities guarantee a minimum monthly benefit based on the size of the annuity.
Variable annuities pay a monthly benefit amount that changes as the investments (e.g.,
securities) purchased with the annuity’s funds rise and fall. Variable annuities are considered
to be securities contracts and are thus regulated by the federal Securities and Exchange
Commission (SEC).
IV. PROPERTY AND CASUALTY PRODUCTS
Property and casualty insurance policies protect individuals and businesses from financial loss.
Workers compensation policies protect an employer from financial loss resulting from an
employee’s injury on the job. General liability policies provide additional liability coverage for
businesses. Individuals are protected by automobile and homeowner policies. Umbrella policies
provide the most extensive liability coverage for individuals and businesses.
A. Workers Compensation
1. Workers compensation is a type of insurance that employers provide for employees.

Workers compensation pays:
a. Medical expenses for employees who are injured or who contract an occupational
disease through work
b. Disability income and rehabilitation benefits for employees who become disabled
through work
c. Death benefits for survivors of employees who die because of an occupational injury
of disease
2. Each state has its own workers compensation laws. In most states, the majority of employees
receive workers compensation coverage, except for employees who work for very small
companies.
3. Employers pay the entire premium for workers compensation coverage. Premium amounts
are based on the class rating for the type of business being covered. There are several
hundred class ratings used to calculate workers compensation rates. The classifications
reflect the risk associated with each type of occupation. A company’s premium can also vary
based on the number of claims during a given period. This process of adjusting rates either
up or down is known as an experience modification.
4. Injured employees must file claims with the agency that administers workers
compensation in their state. The employer must also be notified.
5. Employees of the federal government receive workers compensation under the Federal
Employees’ Compensation Act.
259
260
B. General Liability
1. General liability insurance covers the major liability exposures of a business. These
potential liabilities include lawsuits from public use of an organization’s facilities or
products.
2. General liability insurance does not cover liabilities that a business incurs through the use of
its automobiles. Therefore, businesses must buy separate automobile coverage for its rolling
fleet.
3. General liability also does not cover damage to property not owned by the business, even if
that property is left in the care of the business.
4. Products liability coverage covers damages caused by products sold by a business.
5. Completed products liability coverage covers damages that result from work (such as repair
work) done by a business.
6. Medical payments liability coverage covers injuries to the public that occur on the premises
of a business.
C. Automobile
1. Personal automobile policies typically provide the following types of coverage:
a. Liability coverage pays benefits to parties the insured injures in an automobile

accident. The liability section also covers property damage. Coverage usually
applies to autos mentioned in the policy’s declaration, as well as autos temporally
used by the insured (such as rental cars or a borrowed car). The insured’s car is also
covered when other people drive it. Personal auto policies typically do not cover
autos used for regular business purposes. Business auto policies are used to extend
coverage to a company’s rolling fleet.
b. Medical coverage pays benefits to all passengers in a vehicle involved in an accident,

not only the insured, even if the insured was not legally responsible. Benefits are
usually limited, with the dollar amount of the limit set according to the premium paid.
c. Auto coverage pays benefits in cases where the auto is stolen, damaged, or destroyed.
Collision insurance provides coverage when the auto strikes another vehicle or
object. Other than collision insurance or comprehensive coverage covers incidents
other than collision. These incidents may include theft, fire and hail damage, or
broken glass.
d. Uninsured motorist coverage pays damages incurred by the insured and the insured’s
passengers when injured in an auto accident caused by a motorist without liability
insurance. This coverage also covers accidents caused by hit-and-run drivers.
260
261
2. Auto policies do not cover damage that is intentionally inflicted. Coverage is also excluded
for individuals who use the car without believing they were authorized to do so.
3. In cases when an accident occurs in another state with higher liability limits, most auto
policies will protect the insured by raising the level of benefits payable to the higher level.
D. Homeowners
1. Homeowner policies combine property and casualty coverage into the same policy (known as
multi-line policies).
2. Homeowner policies provide four major types of property coverage:
a. Dwelling—covers the house and attached structures, such as an attached garage or

carport.
b. Other buildings or structures—covers unattached structures such as a tool shed, a

swimming pool, or a fence.
c. Personal property—covers the contents of the house and other items, such as patio
furniture. Automobiles are not covered as personal property under a homeowner
policy. Limits are usually set on jewelry, furs, fine art and other items likely to be
stolen. Homeowners have the option of buying additional coverage on valuable
personal items.
d. Loss of use—provides additional living expenses when the home is unlivable so

homeowners can continue to live comfortably. While the home is being made
livable, the homeowner policy will pay for items such as rented rooms at a hotel,
restaurant meals, and laundry expenses.
3. Homeowner policies provide two major types of liability coverage:
a. Personal liability—covers claims for bodily injury or property damage caused by the
insured. For example, the policy would cover an incident where someone is injured
by tripping on a crack in the sidewalk in front of the insured’s home.
b. Medical payments—provides a low level of medical payment to help avoid legal

action between the insured and the injured party, regardless of whether on not the
insured is legally liable for the incident. For example, if the insured’s dog bit a
neighbor, the policy would cover the cost of the emergency room visit (usually up to
about $1,000) without the need to establish fault.
4. Broad form policies provide coverage for loss due to causes such as fire, lightening, wind,
hail, explosion, riot, vandalism, theft, and volcanic eruption. Common exclusions from
homeowner policies include intentional acts, negligence, flood, earthquake, and war.
261
262
E. Umbrella Coverage
1. Personal umbrella policies are designed to provide coverage if losses exceed the limits of
a basic homeowner or automobile policy. The liability limit for an umbrella policy is
usually high—often $1 million or more. A small deductible, known as a self-insured
retention, may apply.
2. Commercial umbrella policies are similar to personal umbrella policies. However, the
self-insured retention is usually higher for a commercial umbrella policy—often $10,000
or more.
262
263
STUDY QUESTIONS FOR VOLUME 3

INSURANCE INDUSTRY
1. The “combined ratio” of an insurance company is the ratio from combining which of
the following?
I. The “loss ratio”

II. The “other underwriting expense ratio”
III. The “expense ratio”
IV. The “IBNR”
A. I and II only
B. I and III only
C. III and IV only
D. I, II, III, and IV
2. A plan participant’s right to receive partial or full benefits under a private retirement
plan even if the participant terminates employment prior to retirement is referred to as
A. contributing
B. accumulating
C. vesting
D. non-revocation
3. Which of the following are duties of Insurance Commissioners in regulating insurers?
I. Rule of the constitutionality of insurance laws

II. Determine if an insurer meets the requirements to obtain a license
III. Render decisions on the meaning of policy terms
IV. Conduct financial investigations of insurers operating in the state
A. I and II only
B. I and III only
C. II and IV only
D. I, II, III, and
263
264
4. You are auditing the claim handling of your branch office. You note that one of the
claims is for lost revenue due to a windstorm damaging the building. The claim file
states that the insured requested coverage for this type of loss. However, the
independent agent failed to request the coverage through an oversight. Which action is
required to appropriately handle the claim?
A. The claim should be denied since coverage was never present, and the claim should be placed
against the agency’s Errors and Omissions policy for reimbursement of the claimant.
B. The claim should be accepted and paid up to the policy limits since the insured meant to
create coverage for business interruption. Due premiums for the coverage can be charged
retrospectively.
C. The claim should be denied since repaying for business interruption and lost revenues would
financially enrich the insured, which is against one of the principles of insurance.
D. The claim should be paid and the insured indemnified since the insured requested the
coverage. Since the producer was acting as an “agent” of the carrier, they commute their
liability.
5. Which of the following accounts would NOT be found on a life insurance company’s
statutory financial statements?
A. Nonadmitted assets
B. Nonledger assets
C. Deferred acquisition costs
D. Policy loans
6. Recent activities in the marketplace have caused your company to comply with requests
from 50% of your policyholders to cancel their policies. The company complies and
refunds them amounts due. Your audit of this should ensure these refunds were
charged against what account?
A. Incurred but not reported (IBNR)

B. Unearned premium reserve
C. Goodwill
D. Allocation for uncollectible accounts
264
265
7. Which two of the following characteristics apply to universal life insurance policies?
I. To provide the insured with a number of investment options

II. To provide the insured with a minimum guaranteed cash value
III. To provide a cash value fund that accumulates tax deferred
IV. To provide flexibility of both premium and death benefits
A. I and IV
B. II and III
C. III and IV
D. I and III
8. Which of the following are NOT common funding vehicles used by insurers to invest
retirement plan assets as they are accumulated?
A. Group deferred annuities

B. Deposit administration contracts
C. Separate account contracts
D. Keogh plans
9. A manufacturer wants to protect the company from financial loss resulting from third
party lawsuits. The manufacturer has learned of several recent jury awards over $7
million for product defects. The manufacturer currently has only $5 million in this type
of coverage. The manufacturer has also learned that several automobile claims have
been recently awarded against other company’s cars in accidents over $1 million. The
manufacturer has only $5 million in coverage for automobile insurance. These events
have damaged his competition and the manufacturer wants to protect his company
further than the current policy allows. What insurance coverage product will the
manufacturer likely buy?
A. A personal injury protection (PIP) policy to protect others from personal injury.
B. An umbrella policy to place a protective umbrella over existing coverage.
C. A surplus lines policy to protect against claims in surplus of the policy limits.
D. A floater policy to float coverages where needed.
10. The two most common types of commercial insurance companies are
A. sole proprietor and stock

B. equity and debt
C. stock and mutual
D. partnership and corporation
265
266
VOLUME IV
SECURITIES
266
267
CORE COMPETENCY NUMBER FOUR: SECURITIES

INDUSTRY
UNIT 1: FINANCIAL MARKETS
In order to understand the trading of negotiable securities, it is necessary to understand the

financial markets. The items covered in this section are:
A. Overview
B. The Stock Exchanges
C. Over-The-Counter (OTC) Market
D. Options Market
A. Overview
Negotiable securities trade in specific markets. These markets, as well as specifics about the
particular markets, are covered in the following section:
1. Brokers and Dealers - Although they perform similar functions, brokers and dealers
actually perform a separate and distinct function. The securities market must be liquid to
function. That means that orders to buy and sell must be processed (filled) at all times; this is
called “making a market.” Dealers are expected to maintain an inventory of each security in
which they make a market. Therefore, dealers are expected to have specific securities to sell
if a customer wishes to buy them, and conversely, to buy these securities if a customer
wishes to sell.
Dealers make their money through the “spread” - which is the difference between the “Ask”
and “Bid” prices. The Ask price is the price at which the dealer will sell a security. The Bid
price is the price at which the dealer will buy a security. The Bid price is always lower than
the Ask price. For example, a dealer may market Stock A in the following fashion: Bid (10)
and Ask (10.5). Thus, the spread or dealer profit is 0.5 point for each share bought and sold.
On stock exchanges, dealer firms are generally called specialist firms and have the sole (are
the only ones who may sell) market for specific stocks on an exchange. The specialists deal
with retail members or “brokers” of an exchange. Brokers are the middle person between
dealers and the public. A public customer places an order with a broker and the broker
executes the trade with a dealer. The broker receives a commission for the transaction from
the public customer.
267
268
Dealers and brokers must be independent from each other. Additionally, dealers are
prohibited from dealing directly with the public, except in the Over-The-Counter (OTC)
market where a firm may perform either function, but cannot perform both on the same
transaction. These firms are referred to as Broker/Dealer firms in the Over-The-Counter
Market. The OTC market will be discussed later in this Unit.
2. Types of Markets - Negotiable securities are traded in specific markets, primarily the
primary and secondary markets.
The Primary Market is the market where new issues are sold. A new issue is a previously
unissued security that is being sold to the public for the first time. Most new issues are
traded in the OTC market, since the stock exchanges have more rigorous listing
requirements. Transactions on the primary market are performed by an underwriter (the
investment banking firm that is backing the transaction). After a security has been properly
registered and priced in the primary market, it may be traded on the secondary market.
The Secondary Market is the market that promotes the trading (buying and selling) of issued
securities. There are several component markets that comprise the secondary market. They
are:
• First market - where listed securities are traded on the floor of a stock exchange. The
largest first market is the New York Stock Exchange (NYSE).
• Second market - is the trading of securities that are not listed on an exchange, i.e.,
(OTC). The secondary market actually has a greater trade volume than the exchanges
and trades a greater number of companies. The OTC market is controlled by the
National Association of Security Dealers (NASD). The market is generally called
NASDAQ, which stands for NASD Automated Quotations.
• Third market - is the trading of listed securities (first market) which generally takes
place outside of exchange trading hours. Third market companies stay open 24 hours
a day and can perform trades of listed stocks even though the stock exchange is
closed.
• Fourth market - is the direct trading of securities between institutions without a
broker. This reduces the commissions paid to brokers by institutional investors (i.e.,
pension systems, mutual funds or insurance companies).
3. Types of Orders - an order is the mechanism that is used by a registered representative of a

broker to execute the trade for a public customer. An order ticket is used by a broker to
convey the information to exchange floor traders (specialists) or OTC traders. Information
that is included on an order ticket includes:
• Customer name and account number

• Date submitted
• Buy or Sell indication
• Order size (number of shares)
• Name and symbol of security being bought or sold
• Price information (specific pricing information discussed below)
268
269
• Duration of the order (unless specified all orders not executed are canceled at the end
of the day)
There are four basic types of orders:
Market orders are orders that are to be filled (executed) immediately at the current market
price. There is no price specified on a market order. Market orders do not carry over to the
next day.
Limit orders specify a price at which a security should be bought or sold. In most cases,
limit orders will either be a buy or a sell limit order. A buy limit order would specify a target
price for a security. To illustrate this, assuming that stock A’s current market price is $20, a
buy limit order for $18 is an order that will only be executed if the price drops to $18. A sell
limit order is similar to a buy order except the public customer is hoping the market price
rises. To illustrate this, assume stock A’s current market price is $20, a sell limit order for
$22 is an order that will only be executed if the price rises to $22. Note - in many instances
limit orders are submitted as “good till canceled” (GTC) to stop the order from being
canceled at the end of the day.
Stop orders are orders at specific prices that are used to limit losses on long and short
positions. A sell stop order will not be executed until the market price reaches a specific
target. To illustrate this, let’s assume a sell stop order was placed on stock A at a price of
$20. Once a trade is made at $20 the sell order is triggered and is executed as a market order
(thus, the actual price could be higher or lower). Sell stop orders are used to limit losses on
long positions (the public customer actually owns the stock) in falling markets; therefore,
they are placed below current market levels. Similarly, a buy stop order will not be executed
until the market price reaches a specific target and the trade is triggered the same as a sell
stop order. Buy stop orders are used to limit losses on short positions (the public customer
sold stock that they do not own and must deliver (buy the stock they sold) by a specified
date) in rising markets; therefore, they are placed above current market levels.
Stop limit orders are similar to stop orders except that the order does not become a market
order and must be filled at the limit price or better. To illustrate this, assume a sell stop limit
order was placed on stock A with a stop of $20 and a limit of $18. Once a trade is made at
$20 the sell order is triggered and is turned into a limit order that will only be executed if the
market price is $18 or higher.
4. New Issues - are used by corporations when they need to raise capital for long-term needs.
In these cases, corporations often issue new securities. Although corporations can sell their
own securities to investors, they usually work through an investment banking firm.
Investment banking firms act as an intermediary between the corporation seeking capital and
the individual or institutional investors.
Investment bankers often underwrite (buy the securities and resell them) the new issue. The
dollar amounts of these transactions are very high and the investment banking business is
269
270
extremely risky. Due to the high risk, commercial banks are prohibited from entering into
the investment banking arena.
Before a new issue can be sold, the security must be registered with the Securities Exchange
Commission (SEC). This provides for full disclosure about the company and new issue to
prospective investors. The SEC has a minimum of 20 days (called a cooling off period) from
registration to perform a review. While the SEC is performing its review, a preliminary
prospectus (red herring) may be issued to provide information to potential investors. This
prospectus contains information similar to the SEC registration document. Although a price
may not be set in either the registration document or the red herring, an expected price range
may be indicated .
The security also must be registered in each state in which it will be sold, in accordance with
the laws of that state.
At the end of the cooling off period a meeting is held between the investment banking firm
and the responsible officers of the corporation to establish the public offering price of the
issue.
An amendment to the registration statement, setting the price must be messengered to the
SEC. The following day the issue is effective and may be sold. The investment banking firm
announces the new issue to the press. This is called a tombstone announcement. All buyers
must receive a final prospectus prior to buying a new issue.
Depending on the market demand for an issue, the investment banking firm may need to
stabilize the issue by buying back shares at a price below the initial public offering. On the
other hand, there are some securities that sell for a premium on the secondary market
immediately after initial issue. This is the result of the demand for the new issue exceeding
the supply. In the late 1990s, a number of internet-based companies fell into this category
and the price on the secondary market rose substantially.
There are generally two types of offerings:
Primary offering - called the initial public offering or IPO. The IPO is the first time that
shares of a company are offered publicly. Proceeds from primary offerings generally go
directly to the issuer.
Secondary offering - when the investment banking firm distributes securities (often large
blocks) held by individual owners.
5. Clearing and Settlement Process - is the process of delivering to the buyer and paying the
seller for securities.
The securities must be delivered in “good” form to clear the deal. There are multiple
requirements and conditions regarding good delivery. For example, a registered security
must be “assigned” or properly endorsed on the back of the certificate exactly as indicated on
270
271
front of the certificate. If certificates are held by a brokerage firm (in which the holder has
signed the power of transfer to a brokerage firm) the certificate can be transferred without a
signature.
The settlement date for stock, municipal bond and corporate bonds is three business days
after the transaction date. This is called the regular way transaction. Other settlement dates
are:
• Cash - a same day settlement, usually before 2:30 pm EST.
• U.S. Government securities - a next business day settlement.
• Seller’s and Buyer’s option - in both of these cases the settlement date is extended
beyond 3 days at the request of seller or buyer.
• When, As, and If Issued (WAII) - the settlement is postponed until 3 days after
certificates are issued. This is associated with a new issue and the certificates are not
available on the transaction date. If the new issue is canceled, then the original trade
is canceled.
B. The Stock Exchanges *
A stock exchange is the location where buyers and sellers trade securities. The largest and most
widely known stock exchange is the New York Stock Exchange (NYSE). Other stock exchanges
include:
• The American Stock Exchange
• Midwest Stock Exchange
• Pacific Stock Exchange
• Philadelphia Stock Exchange
• Boston Stock Exchange
All of these exchanges function in a similar manner and listed securities must be traded in the
physical boundaries of the exchange floor. It should be noted that the NYSE handles over half of
all securities transactions.
* To simplify discussions of exchanges most of the examples will be related to the NYSE;
however, it should be noted that regional stock exchanges function in a similar manner.
1. How the exchanges function - Although exchanges are not involved in the market, they do
have an enforcement role to ensure that trades conform to laws and regulations. An
exchange board of directors sets policy, enforces rules, determines which stocks will be
listed, and handles memberships. The board is comprised of an equal number of members
(see below) and the general public. The board also includes an elected full-time chairman.
• Memberships on the NYSE are limited to 1,366 seats. These memberships are open
only to individuals; corporations and partnerships may not hold seats. Seats are sold
to any qualified person and prices range from thousands to millions of dollars.
Although brokerage firms are not permitted to hold a seat, they may conduct business
if a partner in the firm holds a seat. Categories of memberships are:
271
272
• Commission house brokers - the members generally execute customer orders for a fee
or commission. They may also execute trades for their own account.
• Floor brokers - these members generally execute orders for other brokers
when they are too busy.
• Bond members - these members deal exclusively in bonds.
• Market Maker or Specialist - these members stay in a particular floor location
and are involved only in trades in which they specialize.
• Registered trader - these members usually executes trades only for their own
account.
2. Listing and delisting rules - to be listed on a stock exchange a company must meet specific
requirements that are designated by the exchange. Only listed stocks can be bought and sold
at the exchange. For example, the NYSE has some general and specific requirements (the
requirements periodically change). The requirements for listing on the NYSE include:
• A minimum market value

• A minimum number of outstanding shares
• A minimum number of shareholders
• A minimum threshold for corporate earnings
• Financial condition of the corporation
• Future prospects of the corporation
• Corporation must permit full voting rights to common shareholders
• Corporation must provide relevant information to investors on a timely basis
• The NYSE Board also determines if there is sufficient national interest in the
corporation
Delisting can occur if the corporation falls below the minimum listing requirements
described above. Additionally, a corporation can be delisted if they disallow common stock
voting rights, file for bankruptcy, or fail to disclose financial statements.
A corporation may request an exchange to delist them. To delist a corporation on the NYSE,
two-thirds of the common stockholders must vote to delist, holders of no more than 10% of
the outstanding shares may object, and a majority of the corporation’s board of directors
must agree to the delisting.
3. The consolidated tape - stock transactions are shown on a tape within seconds of a
transaction. The information on the tape is submitted by the selling broker and includes the
number of shares and price. There are three tape networks:
• Network A - covers all stocks listed on the NYSE and includes all trades of the listed
stocks (including regional exchange transactions and third and fourth market
transactions)
• Network B - covers American Exchange (AMEX) transactions and trades from
regional exchanges of stocks listed on the AMEX or NYSE.
272
273
• Consolidated quotation services - provides quotes on exchange listed securities traded

in the OTC market.
The tape contains the following abbreviations and symbols:

• Ticker symbol or abbreviation for the stock is listed at the top of the line (for example
International Business machine is listed as IBM).
• Trades are listed in multiples of 100’s and followed by an 's', with the exception of
trade volume over 10,000, which is listed at the exact amount.
• Share price is listed in the dollar amount with the minimum value being one sixteenth
of a dollar.
• Preferred stocks are identified with a Pr.
• If a stock opening is delayed, the tape would have ‘OPD’ or ‘OPENING DELAYED’
next to that particular stock.
• If trading is halted, the tape would have ‘TRADING HALTED’ next to that particular
stock.
• Trades that are reported late are listed with ‘SLD’.
Some basic examples of tape information follow:
IBM
11s110 (1,100 shares of IBM at $110)
SLD 9s108 (900 shares of IBM at $108 sometime earlier)
5sPr/150 (500 preferred shares of IBM at $150)
4. Specific rules relating to the NYSE – beyond the listing and delisting rules discussed in
section 2, the NYSE has trading rules to ensure that the market functions effectively and that
members and brokers do not have an unfair advantage over the public. A list of some of the
NYSE trading rules follow:
• Prohibition of prearranged trades (rule 78) – prearranged trades to sell securities with
an offer to buy back at a stated price is prohibited.
• Prohibition of crossing orders within a firm (rule 76) – a member firm holding a sell
order and a buy order from two customers is prohibited from making the trade
“within the firm.” The firm must first send the trade to the exchange floor and if the
order is not taken, then the firm may complete the trade within the firm.
• Trading limitations based on market volatility (rules 80A and 80B) – after the market
crash in October, 1987, the NYSE instituted these rules to decrease market volatility.
Rule 80A reduces computerized institutional orders by routing them to a specialist for
approval. This rule is invoked if the Dow Jones Industrial Average (DJIA) moves by
50 points or more or if the Standard and Poor’s 500 Index moves by 12 points or
more. Rule 80B halts trading for all stocks for 1 hour if the DJIA declines by 250
points. If after trading reopens on that day and the DJIA decreases another 150
points, trading is halted for 2 hours.
273
274
• Customer orders must receive priority over firm orders (rule 92) – a customer’s order
must receive priority over an order for the firm’s trading account for anyone
associated with the firm.
• Trade records retained for 3 years (rule 410) – records of trade orders transmitted to
the floor must be retained for 3 years with 2 years worth of these trades readily
accessible.
• Firms are prohibited from the following activities (rule 435) –
• Trading an account too frequently or trading an excessive amount in
proportion to the account
• Participating in any customer manipulation
• Circulating rumors to influence market price
• Changing the price of a transaction before the settlement date
5. Regional Stock Exchanges - A stock exchange is the location where buyers and sellers trade
securities. Some of the regional stock exchanges and their Internet web sites as of (August
1999) are listed below:
• The American Stock Exchange (http://www.amex.com/)
• Pacific Stock Exchange (http://www.pacificex.com/)
• Philadelphia Stock Exchange (http://www.phlx.com/index.stm)
• Boston Stock Exchange (http://www.bostonstock.com/)
These exchanges perform the same function as the NYSE, but deal in smaller volumes.
C. Over-The-Counter (OTC) Market
As outlined in section I.A., the OTC market is generally called the second market (note it is also
sometimes called the third market). The term Over-The Counter's', with the exception of trade
volume over 10,000, which is listed at the exact amount is used to describe securities trading that
does not take place on the floor of an exchange. There is no centralized location and individual
firms “make a market” in a specific set of securities. All securities not listed on an exchange are
traded on the OTC market; however, any stock may be traded OTC.
1. How the OTC functions – Unlike exchanges where prices are determined by bidding
conducted on the floor, OTC prices are negotiated. For example, someone who wants to buy
a security will make a bid (set a price at which they will buy a security) and someone wishing
to sell will ask (set a price at which they will sell a security) for a price. The difference
between the bid and ask is the spread. Some of the particulars of the OTC include:
• OTC transactions are governed by National Association of Securities Dealers
(NASD).
• Smaller and newer companies tend to trade on the OTC (since they generally can’t
meet the exchange listing requirements).
• All types of issues are traded OTC. For example, listed and unlisted securities, bank
and insurance company shares, government securities, mutual fund shares,
government bonds and corporate bonds are all traded in the OTC market.
274
275
• A market maker (dealer) makes money through the spread (or markup) rather than
through a commission.
• Brokers act as an agent for a buyer or seller and make money through commissions.
• Dealers may also be brokers; however, they can not act a dealer and broker on the
same transaction (i.e., earn a markup and charge a commission).
• Brokers must send written confirmations to the customer (for retail customers,
confirmations must be sent on the settlement date).
NADAQ includes 3 levels of quotes.

• Level 1 – for retail customers and includes the highest bid and lowest offer for a
security.
• Level 2 – provides a listing of all market makers and their current bid and offers.
• Level 3 – for the use of market makers and permits the entry of their current quotes.
2. Listing and delisting and other OTC rules – Although not nearly as stringent as the listing
requirement for an exchange, there are specific requirement for NASDAQ listing. The
requirement for listing a security on NASDAQ include:
• Registration under the Securities Act of 1934 or the Investment Company Act of
1940.
• A minimum of 10,000 publicly held shares.
• A minimum of 300 stockholders.
• A minimum price of $5.00 per share.
• A minimum of $1 million to $2 million in capital and surplus.
• A minimum of two market makers for domestic companies and three for foreign
companies.
Market makers on NASDAQ also have specific rules that they must follow. These
requirements include:
• Maintain business hours of at least 8:30am to 4:30pm (Eastern Standard Time).
• Require net capital position of at least $2,500 on each issue.
• Report trades within 90 seconds of execution.
• Require quotes for each issue.
• Require daily and monthly reporting regarding trading volume.
D. Options Market
The options market provides an opportunity to enter into a contract to buy or sell securities for a
set price until a specified date. The individual who buys a contract is not required to finalize the
trade, but has the option to do so. If the buyer exercises the option, the securities must be sold or
bought at the specified price.
1. How the options market functions – To understand the options market, some basic terms
must be defined.
• Long – A term used to describe the position of the holder (buyer) of the contract.
275
276
• Short – A term used to describe the position of the writer (seller) of the contract.
• Premium – the fee paid to the writer of an option by the holder. The premium is paid
whether or not the option is exercised.
• Expiration date – the month (date) in which the option expires.
• Strike or exercise price – the specified price included in the contract.
• Call option – the holder of the option has the option (right) to buy securities from the
writer for a specified price.
• Put option – the holder of the option has the option (right) to sell securities to the
writer for a specified price.
To help explain options, two example are listed below:
• Example 1 – (Call Option) - Customer X buys an option for the month of January to
buy 100 shares of stock Z at $40 per share for a premium of $300. If stock Z falls
below $40, then customer X will let the option expire and lose the $300 premium. If
stock Z rises to $50 then customer X may decide to exercise the option. In this case,
customer X buys the stock for $4,000 ($40 x 100) and then sells it for $5,000 ($50 x
100). Customer X would realize a profit of $700 ($5,000 – $4,000 - $300 = $700).
• Example 2 – (Put Option) - Customer X buys an option for the month of January to
sell 100 shares of stock Z at $40 per share for a premium of $300. If stock Z rises
above $40, then customer X will let the option expire and lose the $300 premium. If
stock Z falls to $32 then customer X may decide to exercise the option. In this case,
customer X sells the stock for $4,000 ($40 x 100) and buys it for the sale $3,200 ($32
x 100). Customer X would realize a profit of $500 ($4,000 – $3,200 - $300 = $500).
One way to analyze options is through a break-even analysis* for the holder and writer. The
holder of a call has a break-even point when the stock price equals the strike price plus the
premium paid. Using example 1 outlined above, the break-even price is $43 [($40X100
shares) + 300= $4300/100 shares = $43/share]. The holder of a put has a break-even point
when the stock price equals the strike price minus the premium received. The holder of the
put in example 2 has a break-even price of [($40X100 shares) - 300= $3700/100 shares =
$37/share].
The writer of a call has the same break-even point when writing an uncovered call (the writer
will buy the stock at the time of the transaction). If the call is covered (the stock has already
been purchased) then the break-even analysis is a little more complex. Using example 1
outlined above and adding the writer’s original purchase price $38, the break-even price is
[($38x100 shares) - 300= $3500/100 shares = $35/share]. The writer of a put has a
breakeven point when the stock price = strike price – premium received. In example 2 the
writer has a break-even price of $37 [($40x100 shares) - 300= $3700/100 shares =
$37/share].
* Note: For simplicity, brokerage fees are omitted from the break-even analysis.
276
277
UNIT 2: EQUITIES, DEBT SECURITIES, OPTIONS, NEW ISSUES
Negotiable securities traded in the primary and secondary market can be divided into five basic
categories. They are:
A. Common Stock
B. Preferred Stock
C. Warrants
D. Debt Securities
E. Options
A. Common Stock
Common stock is the term used to identify a unit (share) of ownership in a corporation.
Corporations are legal entities that are chartered under the laws of the state in which they are
incorporated. Common stock is the means for an individual or group to have ownership in a
corporation with limited liability.
1. Terms and definitions – To understand the common stock principles, some basic terms must
be defined:
• Authorized stock – the number of shares permitted to be issued. A limit on the

number of shares is usually listed in the articles of incorporation.
• Issued stock – the number of shares sold to investors. Note: issued stock may not
exceed the number of authorized shares.
• Unissued stock – the number of shares that have not been sold. The number of
unissued shares can be determined by subtracting the number of issued shares from
the number of authorized shares. Corporations often hold in reserve some shares
(unissued) for future use.
• Outstanding stock – the number of shares currently held by the public.
• Treasury stock – the number of issued shares that have been acquired by the
corporation. Treasury stock does not have voting or dividend rights. Note: the
number of shares of treasury stock plus the number of outstanding shares should
equal the number of issued shares.
• Par value – a value that is printed on the stock certificate. It is usually a low number
and does not have a relationship to the actual value of the stock.
• Book value – a value determined by taking the net worth of the corporation divided
by the number of outstanding shares. Note: treasury stock is not generally included in
this calculation.
• Market value – the current price of a share in the market.
To assist investors, some additional terms have been developed to classify stocks. This helps
investors determine if a particular stock meets their financial objectives. For example, a 30-
277
278
year-old investor may be fairly risk tolerant and interested in a growth stock that may
appreciate over time, while a 65-year-old investor may be less tolerant for risk and interested
in an income producing stock that is less volatile. Some classification terms include:
• Growth stocks – corporations that are in a growth mode and are projected to grow
rapidly. These corporations generally reinvest earnings rather than pay dividends.
Investors are hoping for long term capital appreciation (the market price significantly
increases).
• Income stocks – corporations in established industries where the market price is less
volatile and a large portion of earnings is paid in dividends. Stocks in the utilities
industry are generally considered income stocks.
• Blue chip stocks – corporations that are well-established and have a historical record
of strong performance and earnings. These stocks can have excellent growth and
income potential.
• Speculative stocks – relatively new corporations that have poor earnings records but
have the possibility for capital gains. These stocks are extremely risky as many such
companies will not prosper; however, the prospect for astonishing returns makes them
a viable investment for risk takers. Stocks in startup Internet companies are generally
speculative.
• Cyclical stocks – corporations that historically have returns that mirror the economy.
• Defensive stocks – corporations that are historically unaffected by the economy and
business cycles.
2. Rights of common shareholders – stockholders are the owners of a corporation, and as such
have certain rights of ownership. As outlined below, although all stockholders have the same
rights, there is correlation between the number of shares held and rights. Stockholder or
shareholder rights include:
• Voting rights – most corporations have an annual meeting where stockholders have
the opportunity to vote on important issues. These issues include:
• Election of the board of directors (the officers of the corporation).
• Changes to the corporate charter.
• Reorganizations.
• Mergers and acquisitions.
• Recapitalization (to exchange stock, preferred stock, or a bond to another type
of security).
The most common issues voted on are the election of the board of directors and
proposed changes to the charter. Although voting procedures vary, there is a
relationship between the number of shares held and votes. For example, an individual
with 100 shares generally has 100 votes and likewise a person with 100,000 shares
has 100,000 votes. As a result, individuals who hold large blocks of shares are more
likely to be board members.
• Proxy rights – most shareholders, particularly those with modest holdings are unable
to travel to and attend annual meetings. As a result, all corporations are required to
278
279
send all shareholders a proxy, which is effectively a power of attorney. A proxy can
allow the holder of the proxy to vote the shares on behalf of the shareholder. This
process is often used during a hostile takeover where an external group tries to take
control of a corporation by replacing the current directors with their own. A
shareholder can allow the proxyholder to vote the shares as he or she wishes or
provide specific voting instructions. A common practice permits the shareholder to
return a proxy card with specific voting directions.
• Pre-emptive rights – although these rights do not always exist, if they do shareholders
are entitled to buy any new issue of stock in proportion to their holdings. If a person
owns 5% of a corporation, then he or she would have the right to buy 5% of newly
issued shares.
• Inspection rights – shareholders have the right to inspect certain records such as
accounting records, shareholder meeting minutes, annual meeting minutes, and lists
of all shareholders.
• Liquidation rights – if a corporation is dissolved, shareholders have the rights to any
assets remaining after liabilities, bondholders, and preferred stockholders are paid.
Shareholders also have the right to receive declared dividends. Besides the potential for
capital appreciation, investors also have the potential to receive dividend income. They are
several types of dividends:
• Cash dividends – cash payments declared as a particular dollar amount for each share
owned. Dividends are often paid quarterly; however, they are also paid semi-
annually and annually. For example, a dividend of $1.00 per share would pay $500 to
a shareholder with 500 shares of stock.
• Stock dividends – rather than giving cash to investors, corporations may provide
shareholders with additional shares of stock. A stock dividend is usually declared as
a percentage. For example, a 5% stock dividend for the shareholder with 500 shares
would provide the investor with 25 additional shares of stock.
• Stock splits – if a corporation wants to reduce the price of a share of its stock, it may
authorize a stock split. For example, an investor with 500 shares of stock selling at
$50 per share would have 1,000 shares at $25 per share after a 2 for 1 stock split. As
noted in the example, at the time of the split, the investor’s net share value remains
the same.
B. Preferred Stock
Preferred stock is similar to common stock in that it represents ownership in a corporation.

However, preferred stock is in many ways more similar to a bond than to common stock. As
outlined below, preferred stockholders generally receive a fixed dividend rate and preferred
stock generally has par value of $100.
1. Terms and definitions – To understand the preferred stock principles, some basic terms
must be defined:
279
280
• Preferred stock – has ownership rights and usually has par value of $100 per share.
Dividends are generally a fixed percentage or dollar amount. As outlined below,
preferred stockholders have specific rights.
• Cumulative preferred stock – since the dividend rate is fixed, if dividends are not
declared by the board of directors in a given period, preferred stockholders
accumulate payment rates and must be paid in full before any dividends are paid to
common stockholders.
• Non-cumulative preferred stock – If dividends are not declared, preferred
stockholders lose their dividend rights for that period.
• Participating preferred stock – additional dividends are paid to preferred stockholders
(above the fixed percentage) if dividends declared to common stockholders exceed a
pre-determined threshold.
• Convertible preferred stock – the shares of preferred stock can be exchanged for
common stock at a pre-determined rate. The price of convertible preferred stock
tends to mirror the price changes associated with the common stock.
• Callable preferred stock – the corporation reserves the right to purchase the stock
from the shareholder at a pre-determined price.
It should be noted that these types of preferred stock can be combined. For example, a
corporation could sell convertible, cumulative preferred stock. In addition, a corporation can
sell multiple classes of preferred stock.
2. Preferred stock prices and features – As outlined in the previous section, preferred stock
has some specific features. These features impact the price of preferred stock. Preferred
stock generally costs more than common stock because of the additional rights preferred
stockholders receive. In addition to the features listed above, preferred stockholders will be
paid prior to common stockholders in the event of a liquidation or bankruptcy. In general,
preferred stockholders are not granted preemptive rights.
C. Warrants
Warrants are similar to options as they provide the holder with the right to purchase a share of
common stock at a fixed price (called the exercise price). Although generally attached to bonds
or preferred stock, warrants can also be attached to other securities, such as speculative stock.
Warrants allow holders to buy more stock as its value appreciates.
1. Terms and definitions – To understand warrants, some basic terms must be defined:
• Warrants are generally attached to a bond or preferred stock and carry the right to
purchase common stock at a fixed price.
• Detached warrants can be traded and have their own value based on the current
market and exercise prices. If a warrant is not detachable it has no individual market
value.
• Warrants typically expire after a number of years.
280
281
• When exercised, a warrant is relinquished in return for shares of common stock at the
exercise price.
D. Debt Securities
Debt securities are another major category of investment securities. To most people debt
securities are synonymous with bonds. Bonds are long-term, fixed interest debt obligations.
Debt securities differ from equity securities in that the investor in debt securities becomes a
creditor of the company; the investor in equity securities becomes a part owner of the company.
1. Terms and definitions – To understand debt securities, some basic terms must be defined:
• Bond – contract between the issuer and investor that provides the issuer with
immediate capital in return for a promise to pay back a given amount at given date
and to pay interest at a stated rate throughout the life of the bond.
• Coupon bonds – have actual coupons attached to them that must be “clipped” and
sent to the paying agent for interest payments. Coupon bonds are generally clipped
twice a year. These bonds must be kept in a safe place since the certificate and
coupon are the only proof of ownership.
• Bearer bonds – similar to coupon bonds in that ownership is based on possession.
Bearer bonds have not been issued for the last couple of decades; however, those
previously issued, however, will continue to exist until they reach maturity.
• Registered bonds – are registered in the owner’s name on the issuer’s records.
Interest payments are sent directly to the owner. If a registered bond is sold, the seller
must endorse the certificate and send it to a transfer agent who cancels the old
certificate and issues a new one. The transfer is completed when the new holder is
listed on the bond issuer’s records.
• Book-entry bonds – no certificate is issued and computer based records of ownership
are retained. This is currently the most common form of bond since it reduces costs.
• Callable bonds – are bonds that have “call provisions” that give the issuer the option
of calling (redeeming) the bond before the maturity date. The call provisions outline
the possible date of the call and the price. Issuers usually call bonds when interest
rates significantly decrease or to change the bond maturity date.
• Putable bonds – similar to callable bonds except the owner has the right to redeem a
bond before the bond maturity date.
• Bond pricing - similar to stocks, bonds have a par value (normally $1,000) and a
market value that fluctuates based on market conditions. The price of previously
issued bonds has an inverse relationship to market interest rate changes. Bond prices
fall as interest rates rise, and bond prices rise as interest rates fall.
• Bond yields – there are three different ways to determine the return (yield) on a bond.
• Nominal yield – the rate of return stated on the bond. This is also called the
coupon rate. For example, a $1,000 par value bond with a nominal yield of
10% would return $100 per year.
• Current yield – since bond prices fluctuate based on market conditions, the
current yield is based on the current price of the bond. For example, a bond
281
282
currently priced at $1,250 with a 10% nominal yield of $100 would have a
current yield of 8%. The same bond priced at $800 would have a current yield
of 12.5%.
• Yield to maturity – the return on the bond if it is held to maturity. If at
maturity a bond were selling for par ($1,000), then the yield to maturity would
equal the nominal yield. However, if at maturity a bond were selling for less
than par value, the investor would also receive the difference. An investor
would lose the difference on a bond selling for over par value. The exact
computation of yield to maturity is complex and is usually left to bond tables.
• Bond quotations – bonds are generally quoted on yield to maturity to make it easier to
compare bonds with the same maturity date.
2. Corporate debt – Corporations issue debt (bonds) to obtain capital for long term use.
Bondholders are considered creditors and unlike equity investors are not owners and have no
voice or votes in management decisions. Bondholders do have some specific rights such as
the corporation’s obligation to pay interest. For example, interest on bonds must be paid
before any stock dividends are paid. In addition, bondholders’ claims receive priority over
stockholders’ if corporate assets are liquidated.
Some basic terms and definitions for corporate bonds include:
• Bond certificate – shows the name of the issuing firm, face value of the bond, interest
rate, interest payment dates, maturity date, special features, and the paying agent
(either the corporation or a trustee).
• Trust indenture – a contract that supplements the bond contract that is required by the
Trust Indenture Act of 1939. The contract sets forth the terms between the
corporation and the bondholders and is designed to protect bondholder’s rights. A
trustee (most often a commercial bank) is generally appointed to ensure that the
obligations defined in the agreement are carried out. A copy of the trust indenture
must be filed with the SEC.
• Secured bonds – bonds that are backed by “real” assets. These include:
• 1st mortgage bonds – give bondholders claim against real property. This is the
most secure type of corporate bond since it is has priority for claims on assets.
• 2nd mortgage bonds – are also backed by real property but are second in
priority for claims on assets.
• Collateral trust bonds – are backed by marketable securities held by a trustee.
These are often stocks and/or bonds of corporations other than the bond
issuer.
• Unsecured bonds – bonds that are not backed by assets and provide no claim on
assets for bondholders. These include:
• Debentures – backed by the “good faith and credit” of the issuing corporation.
These bonds are inferior to secured bonds; however, they are honored before a
stockholder’s claim on assets.
• Subordinated debenture - similar to debentures except they are honored after
debentures on asset claims.
282
283
3. U.S. Government debt – The U.S. government is the largest borrower in the world and has a
variety of debt instruments. These government obligations or issues are the safest form of
debt security (there has never been a default). The “full faith and credit of the government”
back these issues. Some terms and definitions include:
• Negotiable securities – are traded continuously, very liquid, safe, and may have tax
advantages. In general these government obligations are exempt from state and local
taxes. Some specific types include:
• Treasury bills – (T-bills) - are short-term instruments that are sold at a
discount at auctions. Auctions are held weekly for 3 and 6-month issues and
monthly for 12-month issues. The auction winner is the bidder offering the
highest dollar price, which is in effect the lowest interest rate for the issue.
For tax purposes the difference in price is considered interest income rather
than a capital gain.
• Treasury notes – are instruments with maturities from 2 to 10 years with
amounts from $1,000 to $100,000. They are redeemable at maturity and pay
interest twice a year. They are also sold at auction; however, the interest rate
is fixed and bids are either at a premium or discount from par.
• Treasury bonds – are instruments with maturities of 30 years for new issues
(10 to 30 year issues were allowed in the past). The amounts range from
$1,000 to $1,000,000 and are sold at auction in a manner similar to that for
treasury notes.
• Treasury receipts (Strips) – were created in the 1980s. The interest payments
on Treasury bonds were removed (stripped) from the bonds. The coupons
(interest payment) from bonds with the same maturity date were then sold
independently by the U.S. Treasury. The groups of bonds are often called
“strips” and trade as a zero coupon bond.
• Non-negotiable securities – are not transferable and can be redeemed only by the
purchaser. Since they are not transferable, securities firms generally do not sell them;
however, they are a very common investment among individual investors. Two types
of U.S. savings bonds are classified as non-negotiable securities:
• Series EE bonds – are registered bonds that are sold at a 50% discount of the
face value. These bonds are available in denominations from $50 to $10,000.
Maturity varies depending on the interest rate and can be redeemed anytime
after being held for 6 months. For tax purposes, gains are treated as ordinary
income and can be deferred until redemption for tax purposes.
• Series HH bonds – are registered bonds that are sold at par value with semi-
annual interest payments. EE bonds must be used to purchase HH bonds
which mature in 20 years with an effective interest rate of 7.5%. They must
be purchased at U.S. treasury offices or federal reserve banks.
4. Municipal debt – These government obligations or issues are issued by state and local
governments, US Territories, and any public agency or political subdivisions that are not
federal (such as school districts, cities and airport authorities). Municipal debt is considered
283
284
the second safest form of debt security after U.S. government obligations. However, the
safety of an issue depends on the financial condition of the entity backing it. Most
municipal bonds are issued to raise funds for infrastructure improvements and although
default is rare, it can happen. Interest is generally paid semi-annually and the most attractive
feature is the exemption from federal tax requirements. Investors that are concerned about
tax issues generally hold these issues. Some type of municipal bonds include:
• General obligation bonds – are backed by the full faith and credit and taxing power of
the issuer. General obligation bonds are generally used to finance non-revenue-
producing projects. An unlimited tax general obligation bond is backed by the
issuer’s unlimited taxing power and is considered a safe investment. A limited bond
is backed by an issuer that has a taxing limit and is considered a riskier investment;
as a result it will usually have a higher yield.
• Revenue bonds – are the most common type of municipal bonds and are backed by
projected revenue streams from the infrastructure built by the bond. These revenues
can be in the form of rental or user fees for facilities or even tolls for road
improvements. Revenue bonds generally have higher yields than general obligation
bonds and are intended to be self-supporting.
• Special tax bonds – are repayable from the proceeds from a special tax. Special tax
bonds are also often used to fund infrastructure projects. If these bonds are backed by
the full faith and credit of the issuer, then they are then considered general obligation
bonds. Some examples of special taxes are taxes on liquor and cigarettes or special
assessments for a group affected by an improvement.
• Double barreled bonds – are bonds that are backed by two sources of revenue. For
example, a special tax bond that is also backed by the full faith and credit of the issuer
is a double barrel bond.
• Moral obligation bonds – are bonds that are backed by the projected revenue from a
project. If sufficient revenue is not generated, then the issuer is morally (but not
legally) obligated to repay the bonds.
5. Money market debt – Short-term debt obligations (of less than 1 year) that are considered
secure constitute money market instruments. These include treasury bills, treasury notes,
certificates of deposit, and bonds that mature in less than 1 year. These are highly liquid
instruments and a common investment form is a money market fund. Some terms and
definitions include:
• Repurchase agreements – occur when a security is sold with an agreement to buy it

back. The repurchase date is usually very short term, often 1 day. Dealers sell a
portion of their securities (minimum amount is $1 million) to entities with cash
reserves and agree to buy them back for the principal plus interest (interest for a day
is calculated on a 360 day year). If the market price of the instrument rises more than
the interest paid, the dealer realizes a profit and conversely if the interest paid is more
than the rise in the instrument price, the dealer suffers a loss.
• Federal Reserve requirements – The Federal Reserve requires banks to hold a portion
of its funds in reserve. As a result, banks may need to borrow funds in the short term
to comply with this requirement. Banks in need often enter into “overnight”
284
285
borrowing with other banks or the Federal Reserve itself. Interest is calculated on a
360-day year and this daily rate is often called the “federal funds rate.” The federal
funds rate varies significantly depending on the demand for funds.
• Commercial paper – are instruments issued by very credit worthy corporations and
are in effect an unsecured promissory note. These instruments are issued at a
discount of the face value and have become a substitute for bank borrowing for
qualified corporations. Mutual fund companies, insurance companies, and banks
often buy these instruments. The minimum amount is $100,000; interest is calculated
on a 360-day year, with maturity up to 270 days.
• Negotiable certificates of deposit – are tradable certificates issued by commercial
banks in exchange for time deposits. The maturity date is generally 1 year; however,
maturity can be as short as 7 days. The minimum amount is $100,000 and interest is
calculated on a 360 day year.
• Money market fund – a mutual fund that invests in short term liquid securities.
Interest is often calculated daily and reinvested in the investor’s account at a specified
interval. These accounts are very liquid and often provide limited check writing
capability as a means to redeem shares.
6. Eurodollar debt – is a dollar deposited in a bank outside of the United States. The interest
rate is the interbank interest that is generally slightly higher than the rate of treasury bills.
The higher interest rate compensates for the increased risk associated with depositing funds
in a foreign bank.
7. Effect of interest rates on bond prices – as interest rates change, the price of an issued bond
also changes. The change in prices has an inverse relationship to changes in interest rates (if
one rises, the other falls). If new bond issues are paying a higher interest rate than existing
bonds, investors will not purchase existing bonds unless the bond is discounted (sold at a
lower price) to align itself with the current interest rate. The discounted bond is in effect
being sold with the same total return as the new issue. The opposite is true if a new issue has
a lower interest rate than an existing issue. In this case, the existing bond can be sold at a
premium (sold at a higher price).
• If interest rates rise – existing bond prices fall

• If interest rates fall – existing bond prices rise
8. Bond ratings – most corporate bonds have a rating from an independent firm. These
ratings provide investors with information regarding the risk of default on the bond issue.
Standard & Poor’s (S&P) and Moody’s are the best-known independent rating firms. The
higher rated bonds (S&P - AAA, AA, A, and BBB and Moody’s – Aaa, Aa, A, Baa) are
considered investment grade bonds. These bonds are less risky and as result have a lower
yield. Lower rated bonds (S&P - BB and below and Moody’s BA and below) are considered
speculative (junk bonds). These bonds are more risky and have a higher yield to attract
investors.
285
286
E. Options
The options market provides an opportunity to enter into a contract to buy or sell securities for a
set price until a specified date. The individual who buys a contract is not required to finalize the
trade, but has the option to do so. If the buyer exercises the option, the securities must be sold or
bought at the specified price.
1. Equity options – for detailed information on equity options, please go to unit 1, section D.
2. Index options – are based on stock indexes (which are weighted averages of groups of
stocks). Investor may trade index options for broad indexes like the S&P 500 or more narrow
indexes such as stocks in a single field such as health care. Index options provide the
opportunity to mitigate risk through diversification. If investors believe health care stocks
will rise but are unsure which particular stocks will rise, they might buy a call on an index of
health care stocks. The value of an index option is typically $100 times the value of the
index. If the health care index is 185.2, then the value of one option contract is $18, 520.
Unlike a stock option, both ends of the option (both the buyer and seller) settle in cash.
Settlement occurs the day after the option is exercised, and the price is based on the closing
price on the transaction day. If the health care index above closed on the date exercised at
186.4, the holder would receive $120 from the seller.
3. Interest rate options – are used to speculate on direction of interest rates. The trading of
these contracts is limited. The futures market is the main trading market for securities based
on interest rate movements.
4. Foreign currency options – are used to exchange currencies at specified exchange rates.
The interbank market involves currency exchanges among commercial banks. This market
operates 24 hours a day, is self-regulated, and is dominated by major banks and corporations.
The Philadelphia Stock Exchange trades currency options. Foreign currency options are
traded in fixed contract sizes. Some of the common currencies traded are Deutsche marks,
British pounds, European Currency units, Canadian dollars, Swiss francs and Japanese yen.
Trading of options on the U.S. dollar in the United States is prohibited.
5. Option Clearing Corp. rules – Options are traded on the following exchanges:
• Chicago Board Options Exchange
• American Stock Exchange
• Pacific Stock Exchange
• Philadelphia Stock Exchange
• New York Stock Exchange
Option contracts traded on the exchanges are standardized under rules set by the Options
Clearing Corporation (O.C.C.), which is a subsidiary of the CBOE. The O.C.C. issues all
option contracts, guarantees the contracts, and acts as a clearing house for all trades.
Options are not traded on all securities, only those of larger market capitalization (NYSE
listed issues). The O.C.C. Contract specifications include:
• Contract size
286
287
• Strike price intervals

• Premium increments
• Expiration Date
• Actual Maximum Contract Life
• Trading Hours
• Trading cut-off
• Exercise cut-off
The O.C.C. also has a set of rules by which customers and registered representatives must
abide. Along with detailed rules for settlement, maintenance of records and position limits,
the registered representative must give to the customer an Options Disclosure document that
explains basic option strategies, their risks and uses.
6. Financial listings –Options are quoted daily in the newspapers. The listing provides the
name of the underlying stock and its closing price that day, the strike price of the option, the
closing prices (premiums) of the 3 call and 3 put contracts trading closest to expiration.
Listings can be divided into two categories:
• Option Class – Contracts of one type on an underlying issue (e.g., all calls on IBM
constitute a class).
• Option Series – Contracts of the same class with the same strike price and expiration
(e.g., all calls on IBM with September expiration and 90 premiums constitute a
series). Note: any contract followed by an “r” indicates an option that is not traded.
287
288
UNIT 3: MUTUAL FUNDS
Mutual funds are securities issued by investment companies whose primary purpose is to invest
in securities of other entities. These companies sell shares to shareholders and then invest those
funds in a portfolio of securities. A shareholder then owns a portion of the securities portfolio.
The value of an investment company is based on the worth of its shares, and the value rises and
falls based on the value of the securities. Mutual funds provide investment diversification (even
for a small investor) and professional management.
The following topics will be outlined in this Unit.
A. Basic Concepts
C. Stock Funds
E. Balanced Funds
F. Specialized Funds
A. Basic Concepts
Basic Concepts – To understand mutual fund principles, some basic concepts must be
addressed:
• Advantages to mutual funds:

• Funds are managed by a full-time professional.
• Investments can be made in dollar amounts since shares can be purchased in
fractional amount.
• Capability to diversify investment holdings with less money invested.
• Securities are maintained by the fund company.
• Fund shares can often be used as collateral for loans.
• Reinvestment options often exist, where the investor can automatically
purchase additional shares with dividend or capital gain distributions.
• Some fund companies also provide investors with the option to exchange
shares into different fund types.
• Bid and Ask prices - mutual funds are often quoted as bid and ask.
• Bid - the price at which the fund will redeem its shares (Net Asset Value).
• Ask - the price at which the fund will sell its shares (Public Offering Price).
• Net Asset Value (NAV) - is the value of a fund share that is calculated at the close of
business each day and is based on the prices of the securities held in the fund.
288
289
• Public Offering Price (POP) – Net Asset Value of a fund adjusted for front-end sales
charges.
• Prospectus - is the document that provides a general overview and description of the
fund. The intent is to provide a potential investor with enough information to make a
sound financial decision. The SEC has suggested that the following information be
placed in a prospectus:
• General description of the fund
• Condensed financial information (including annual rate of return and fees)
• Portfolio turnover rate
• Key management personnel
• Synopsis of the investment objectives and restraints
• How to purchase and redeem shares
• Pending legal proceedings
• Operating fees and costs - are the fees paid to fund managers, commissions paid to
brokers for stock trades, and fees for legal, accounting, and advertising services.
These fees are clearly outlined in the prospectus for a mutual fund and are included in
the rate of return calculation for a fund.
• Load and No Load Funds - are the two broad categories of fund types.
• No Load funds generally do not have sales charges; therefore, the bid and ask
prices are normally the same.
• Load funds have a sales charge, which accounts for the difference between the
bid and ask price. Sales charges are imposed only when fund shares are sold
to an investor (Commonly referred to Class A shares). These funds are
purchased with the aid of a broker/dealer.
• Redemption fee - some funds charge a redemption fee. Funds that charge
redemption fees, which are generally 1% or less, are referred to as Class C
Shares. These funds are also purchased with the aid of a broker/dealer.
• Contingent Deferred Sales Charges – some funds charge a sales charge at time
of redemption, which decreases on a yearly basis. These funds are referred to
as Class B shares. These funds are also purchased with the aid of a
broker/dealer.
Income mutual funds are funds that invest primarily in income producing securities. The
primary objective of an income fund is to produce a steady stream of income for the investor
rather than an appreciation in the value of shares. A mutual fund that invested primarily in utility
companies and bonds would be an example of an income mutual fund. Bond and preferred stock
funds are also examples of income funds.
289
290
C. Stock Funds
Stock mutual funds are funds that invest primarily in stocks. Unlike a balanced or income fund,
a stock fund invests primarily in equities. A mutual fund that invested primarily in fortune 500
companies would be an example of a stock fund.
Growth mutual funds are funds that invest primarily in companies that have excellent potential
for growth. The primary objective of a growth fund is to have an appreciation in the value of
shares. A growth fund has increased risk because funds are invested in companies and fields
where there is “speculation” that the company will grow. For example, mutual funds that
invested in high-tech companies such as Intel, Microsoft, and Netscape have reaped the benefits
of the tremendous growth in these companies. At the same time, many high-tech companies
failed, and as a result, the funds suffered losses. An advantage of a growth fund for an investor
is the research capability of the fund manager and firm, and the capability for the fund manager
to invest in multiple companies with growth potential (in other words, diversify).
E. Balanced Funds
Balanced mutual funds invest in a mix of bonds, common, and preferred stock. In general the
stock holdings tend to be more conservative to reduce the fluctuation in the price. A primary
objective of these funds is to preserve capital (hopefully with a modest increase) and produce a
moderate income.
F. Specialized (Sector) Funds
Specialized (Sector) mutual funds are funds that invest primarily in a particular industry (e.g.,
technology), related industry (e.g., energy companies), or geographical area (companies based in
Europe). The primary objective of a specialized fund is to focus on a particular market and to
diversify investments in companies within that market. For example, high-tech mutual funds
performed very well in the mid-1990s.
290
291
UNIT 4: INVESTMENT TRUSTS
This section discusses two types of investment trusts:
A. Unit Investment Trust (UIT)

B. Real Estate Investment Trust (REIT)
A. Unit Investment Trust (UIT)
Unit investment trusts are a common type of investment company. They differ from the
investment companies that offer mutual funds. A UIT issues “shares of beneficial interest” or
“units” (compared to shares issued by a mutual fund investment company). The unit represents
an undivided interest in a portfolio of securities. The units are redeemable with the trust sponsor
at their Net Asset Value.
There are two types of Unit Investment Trusts. They are:

• Fixed UIT
• Participating UIT
Fixed UIT – In a fixed UIT, the sponsor elects a fixed portfolio (usually bonds) and places the
portfolio in a trust. Units of this portfolio are then sold to investors. Once the portfolio is
selected, generally no buying or selling of securities takes place in that portfolio. Investors
receive current income from the paying agent either monthly, quarterly or semi-annually. As the
investments within the trust mature or are called, payments that represent a return of capital are
made to investors. When all of the investments have matured, the trust self-liquidates.
Participating UIT – In a participating UIT, the trust buys shares of a management company.
After the shares are purchased, they are placed in the trust until the unit is redeemed. These
shares are used to fund annuity contracts issued by insurance companies (variable annuities).
An annuity is classified as either a deferred annuity or an immediate annuity. A deferred annuity

allows the owner to elect to defer annuity payments for a period in excess of one year. An
immediate annuity provides an income stream beginning within one year of purchase.
1. Fixed Annutities – The fixed annuity can serve either as a deferred or immediate annuity.
The owner invests in the annuity contract. In the case of a deferred annuity, the insurance
company guarantees the investor a specified interest rate for a specified period. In the case
of an immediate annuity, the insurance company guarantees a specified dollar amount for a
specified period. In a fixed annuity, the insurance company assumes the risk of the portfolio.
2. Variable Annutities – The variable annuity can also serve as either an accumulation vehicle
or income-generating vehicle. In the case of the variable annuity, the owner allocates the
291
292
investment among a variety of investment options. The annuity’s return varies directly with
the performance of the investment options. In the case of an income-producing vehicle, the
owner elects to receive payments on either a fixed or variable basis. In a variable annuity,
the investor assumes the risk of the portfolio. The insurance company makes no guarantee of
performance.
All annuities are tax deferred investment vehicles. Income tax is triggered when dollars are
distributed from the contract. The amounts received are treated as distributions of interest
first (taxable) and recovery of cost second (non-taxable return of investment).
Both fixed and variable annuities offer several payment options at the time when income is
desired. These are:
• Life annuity – payments continue for the life of the annuitant. When the annuitant
dies, the payments stop. This option usually results in the highest payment to the
investor.
• Life annuity with period certain – payments continue for the life of the annuitant, but
if that person dies early, then the payments continue for a specified minimum period,
for example 10-year period certain. This option usually results in a lower payment
amount than the life annuity.
• Joint and last survivor annuity – if the annuitant dies, payments continue for the life
of another person (usually the spouse). This payment option is less, since the annuity
covers the lifespan of two individuals.
• Unit refund life annuity – If the annuitant dies before receiving the full investment
value from the annuity, the estate of the annuitant receives a refund of the remaining
value.
B. Real Estate Investment Trusts (REIT’s)
Real Estate Investment Trusts (REIT’s) invest in real estate, short-term construction loans and
mortgages. Shares of beneficial interest in REIT’s are either listed on exchanges or trade OTC.
Investors can always sell shares to another investor.
• Equity REIT – Invest mainly in properties.

• Mortgage REIT – Invest mainly in mortgages and construction loans.
REIT’s are normally taxed under Subchapter M of the IRS Code. The Trust does not pay tax, all
distributions flow to the shareholder, who must report the income on a personal tax return.
292
293
UNIT 5: REGULATIONS
To help ensure that investors receive equitable treatment from companies and investors,
regulations have been developed by federal and state governments, and governing bodies for
brokers.
The following topics will be outlined in this Unit.

C. Investment Company Act and Advisors Act of 1940
D. National Association of Securities Dealers Rules
E. Municipal Securities Rule Making Board
F. Margin Lending
The Securities Act of 1933 was the first legislation designed to regulate the sale of securities and
associated activities. The Act was designed to ensure that potential investors receive accurate
and complete information. The primary purpose of the Act is to require full and fair public
disclosure of important elements in stock issues and to prevent fraud. The Act is administered
and enforced by the Securities and Exchange Commission (SEC).
Some Requirements of the Act follow.
1. Registration Requirements – applies to all new securities sold through interstate commerce
and requires registration with the SEC. Registration is accomplished by filing a S-1
statement and a prospectus. The prospectus is an abbreviated version of the registration.
There are severe penalties associated with false or misleading information on S-1 statement,
including criminal and civil penalties. The S-1 statement includes the following:
• Information on corporate officers and directors
• nature of the business
• financial information for the last 3 years
• description of the how the proceeds from the issue will be used
• amount of corporate holdings for all officers and directors and a list of all owners
holding more than 10% of the securities
• legal opinion
• description of any legal actions pending against the company
• articles of incorporation
• fees for the underwriter of the issue.
1. SEC Review process – before issues can be sold to the public, the SEC must review the
registration. The SEC has 20 days (called the cooling off period) to review the materials;
293
294
however, the period is often longer than 20 days as the SEC may request additional
information from the issuer. Note: the SEC may lengthen or shorten the cooling off period.
The SEC has the power to issue the following:
• Deficiency letters - letters that ask the issuer for more information or specific
amendments to the registration. Once the new information is received the SEC has
additional time to review the information.
• Stop orders - if the SEC believes that the registration statement contains false or
misleading information or that pertinent information has been omitted, it can suspend
the process with a stop order.
• Effective date - after the SEC is satisfied, the effective date is established and sales
may begin. The SEC never actually approves an issue or judges the quality of the
issue, its primary objective is to review the statements for completeness.
2. Preliminary Prospectus - while the SEC review is in progress, the issuer can circulate a
preliminary prospectus to determine the interest in the issue. The preliminary prospectus
must include the following:
• statement that the registration is filed but not effective
• statement that information is subject to change
• statement that it is not an offer to buy or a solicitation to sell
• red ink to distinguish it from a final prospectus. Preliminary prospectuses are often
called “red herrings”.
3. Exempt Securities - The Act specifically exempts certain securities from the registration
requirements: These include:
• Securities issues by the U.S. Government or agencies.
• Obligations issued by state or other political subdivisions.
• Commercial paper that matures in less than 270 days.
• Instruments that are covered by the Interstate Commerce Act (railroads and airlines
for example).
• Non-profit groups.
• Fixed annuity contracts and insurance policies.
• Issues of $1.5 million or less (Regulation A small scale offerings that do not exceed
$5 million for a 12-month period and must be filed with the SEC at least 10 days
prior to the issue).
• Intrastate issues (Rule 147) - securities are sold only to residents of the state where
the issuer resides.
• Private placements (regulation D) - securities that are sold to selected investors and
are not sold to the public.
The Securities Exchange Act of 1934 was enacted to help prevent unfair trade practices on
previously issued securities. In other words, the 1934 Act regulated trading in secondary
markets while the 1933 Act regulated new issues. The 1934 Act created the Securities and
Exchange Commission (SEC).
294
295
SEC – is the enforcing authority for the securities industry and is comprised of commissioners.
The commissioners are appointed by the President and approved by the Senate. They serve 5-
year terms and are prohibited from any business or stock activity during their term. The SEC
establishes rules to regulate the securities industry.
Some specific requirements of the Act include.
Registration Requirements – National securities exchanges must register with the SEC, agree
to abide by the law, and provide information regarding internal rules and regulations.
Individuals who are firm members and are engaged in securities transactions and interstate
commerce must also register with the SEC. There are some exceptions to the registration
requirements, such as small local exchanges and brokers that do not do business with the public.
It should also be noted that all securities must be registered with the SEC.
Credit Regulations – Members of exchanges or broker/dealers are prohibited from borrowing

on any listed security, except through a Federal Reserve bank. In addition, they are prohibited
from having a total debt that is in excess of 15 times their net capital. It should be noted that
these regulations do not apply to exempt securities such as federal government obligations.
Manipulation and Deception – Fraud and/or the manipulation of securities’ prices is prohibited
by SEC regulations. It is unlawful to generate false trading activities to give the impression that
an issue is being actively traded or to provide misleading information to generate sales. Other
activities that are prohibited include short sales (preventing an investor from continually driving
the price down by selling short only to eventually buy the securities back at reduced prices) and
solicitations (soliciting purchases on an exchange).
Insider Rules – Insiders are not allowed to profit from their information by trading a stock
before that information is public. Insiders must file a personal statement with the SEC and must
report all personal security transactions in their corporation no later than 10 days after the end of
the calendar month in which they occur. Insiders are generally barred form short-selling.
Insiders include the officers or directors of a corporation, anyone with 10% or more of the
shares, and anyone who has information on the corporation not available to the public.
Proxies – Regulations state that companies that solicit proxies from shareholders must provide
detailed and accurate information regarding proposals to shareholders. A copy of this
information must also be submitted to the SEC.
If a firm is trying to acquire another company (a proxy contest), then all participants in the proxy
contest must register with the SEC. There are possible criminal penalties for those who fail to
register.
295
296
C. Investment Company Act of 1940
The Investment Company Act (ICA) of 1940 was instituted to ensure that investors are fully
informed and are treated fairly. All firms that are bound to abide by this Act, are also subject to
SEC regulations. The Act specifically defines 3 types of investment companies.
• Unit investment trust company - are companies which issue securities that represent
an interest in a specified security. The shares are redeemable and the holdings can be
a mutual fund portfolio.
• Face amount certificate company - are companies that promise to pay an amount at a
future date in return for periodic payments from the investor. The payment amount is
the face value at maturity or a surrender value if it is redeemed prior to maturity.
• Management company - are investment companies that do not fit either one of the
categories listed above.
Some of the requirements of the ICA are:
• Sponsors must invest at least $100,000 prior to offering an investment to the public.
• Changes to investment objectives or policies require a majority vote of the
shareholders.
• Fund managers can not exceed 60% of the Board. In other words, at least 40% of the
Board must be outsiders.
• A contract that specifies the management fees must be developed and the fees should
be reasonable and based on performance.
• Board members must be elected by shareholders.
D. National Association of Securities Dealers (NASD) Rules
Note also see Unit 1, Section C for related information.
The NASD was established as part of the 1934 Act with the primary objective of regulating the
over-the-counter (OTC) market. Broker/dealers involved with interstate commerce or
transactions with national exchanges must register with the NASD. Some specific regulations
under this portion of the Act include:
• Recommendations for a particular security to a customer by a broker/dealer must be

determined to be reasonable and suitable for the customer.
• Supervision of all employees of a firm is required. Written procedures to promote
adequate supervision must be developed and reviews of customer accounts,
transactions, correspondence, and customer complaints must be conducted.
• Account documentation must be maintained for all customers. This includes
developing a consistent method to open a new account and to maintain current and
accurate records of customer accounts. In addition, all customer complaints must be
maintained.
296
297
In general all broker/dealers must maintain detailed records to ensure that investors are protected.
This includes maintaining accounting records and having a review by an independent accountant.
Summary accounting information must be distributed to customers annually and the SEC has the
right to examine these records at any time.
1. Registered Representative Rules – NASD considers any person who solicits or conducts
business in securities to be a registered representative. NASD has established some specific
rules for registered representatives. The rules include:
• All correspondence and all transactions must be reviewed and approved by the firm
and maintained for 3 years.
• Disciplinary actions regarding employees must be reported to NASD.
• Registered representatives are prohibited from giving gifts to anyone (related to their
broker activities) in excess of $100 per year.
• Disputes between registered representatives and firms must be resolved through an
independent binding arbitration process. If agreed to by a customer, customer
disputes can also be settled by binding arbitration.
• Firms must maintain fidelity bond coverage on all employees to protect against losses
due to theft or misappropriation of securities.
• Registered representatives that leave the business for two years, lose their licenses,
and must retake all required examinations.
• Continuing education requirements are imposed on all registered representatives to
ensure that satisfactory knowledge is maintained. Firms are required to develop a
training program for their employees.
2. Conduct of Customer Account Rules - Were designed to provide a consistent and

documented process to maintain customer records. In effect to protect customers from
unsubstantiated or undocumented losses. The rules include:
• The financial goals and current financial situation must be assessed in order to make
suitable investment recommendations. All new accounts must be approved by a
principal in a firm.
• If a customer formally assigns power of attorney privileges to a representative, then
all discretionary transactions must be approved by a principal in a firm.
• Registered representatives are prohibited from guaranteeing a customer’s account
against loss or from sharing in the losses or gains in an account.
• Registered representatives are prohibited from charging customers for investment
advice.
• Private transactions conducted outside the firm are prohibited.
• If a firm’s stock is publicly traded, employees of the firm may not recommend nor
solicit purchases of the firm’s stock. However, unsolicited purchases are acceptable.
• High risk (“penny stocks” selling for less than $5 that are not listed on an exchange or
NASDAQ) stocks may not be sold to investors until the customer’s financial position
and market knowledge have been reviewed. In addition, the customer must sign a
statement regarding the suitability of the investment prior to the actual transaction.
Registered representatives are also prohibited from:
297
298
• excessively trading a customers account

• recommending purchases that are not suitable based on the customer’s
financial capacity
• engaging in fraudulent activities such as trading without authorization or
misappropriating funds
• soliciting the purchase of stock before the dividend date to promote the receipt
of dividends
• trading in mutual fund shares (the registered representative may not make an
inventory of mutual fund shares and act as a market maker for the company).
3. Trading and Market Rules – NASD also designed these rules to protect consumers and to
provide a consistent and equitable method to sell and purchase securities. Some of the rules
include:
• Trades can not be executed by a broker/dealer unless they have reasonable assurance
that the customer will pay (for a purchase) or deliver (for a sale) within 3 business
days of the transaction.
• Trades must be executed under favorable pricing conditions for the customer. In
other words, the member must obtain the most favorable pricing for the customer.
• All quotes and trade reports must be factual. Deceptive quotes are prohibited and
members must honor all quotes (can’t back-away).
• Commissions and mark-ups must be fair and reasonable. Five percent has been set as
a guideline; however, it should be noted that this is not a rule. However, the 5%
guideline does not apply to mutual funds (8 ½% maximum sales charge rule), limited
partnerships (10% maximum sales charge rule), new issues sold under a prospectus,
exempt securities and trades made on an exchange floor.
• Payments of any kind to influence the market price of a security are prohibited. This
includes payments to influence newspaper articles or investment services.
• Payments designed to influence initial public offering price are also prohibited.
• Manipulative or deceptive practices are prohibited.
• Improper use of customer funds and securities is prohibited. This includes lending
margin securities without a signed loan consent
4. Communications with the Public – The NASD rules for communicating with the public are
very similar to those used by the New York Stock Exchange. As with the NYSE, NASD
wants to ensure that information disseminated to the public is fair and accurate, and does not
mislead the public.
Note also see Unit 1, Section B.4 for related information on the NYSE.
Some specific rules in this area include;
• Advertising and sales literature must be approved prior to its use by a principal and
the documentation must be retained for 3 years. In a firm’s first year of operation this
literature must be submitted to the NASD 10 days prior to its use. The NASD also
right to perform periodic checks of compliance. Advertising materials are defined as
298
299
materials for the mass market, which includes mediums such as TV, newspapers, and
periodicals. Sales literature includes form letters, seminars, research reports, and
similar items.
• General standards for communication state that communications must be truthful and
in good taste. They also must not mislead, make unwarranted claims, or promise
specific results.
• Recommendations must be based in fact and the market price of the security must be
included. In addition, if the firm has a relationship with the stock such as ownership
or any other interest, such a relationship must be disclosed.
• Past performance statistics must be for at least a 12-month period. In addition, these
materials must contain the statement that past performance does not indicate that
future results must be made.
• Statements regarding investing advantages for a particular security must also include
the corresponding risks.
• If compensated testimonials are used, it must be disclosed.
• All reports must be clearly dated and reasonably current (generally within the last 6
months).
If a customer files a complaint against a firm or employee, the NASD Code of procedures
is used. The Code outlines the process for handling a grievance. There are multiple steps
in the process and the length of the process depends upon the customer’s and firm’s
satisfaction with the remedy.
The first step is the filing of the complaint (on a standard complaint form) to a NASD
district office. The complaint is then forwarded to the District Business Conduct
Committee (DBCC) which forwards the complaint to the firm. The firm must respond in
writing to the DBCC and a copy of the response is sent to the customer. The DBCC then
determines if a violation has occurred and what actions, if any, are appropriate.
Depending upon the satisfaction of the remedy, the customer or firm may ask for a
hearing and subsequently go through an appeal process if any of the remedies are not
deemed acceptable.
Situations which are determined to be minor, generally results in the firm admitting guilt
and the imposition of censure or a fine with a maximum of $2,500.
E. Municipal Securities Rule Making Board (MSRB)
The MSRB was created in 1975 to develop rules and regulations to govern the municipal
securities market. Prior to the Board’s creation, the municipal securities market was unregulated.
The MSRB is comprised of a 15-member board that creates regulations that apply to banks,
brokers, and dealers engaged in municipal activities. It should be noted that the MSRB does not
regulate municipal issuers, only the market participants. Although the MSRB promulgates
regulations, it relies on other agencies to enforce its rules. These include the Federal Reserve
Board, FDIC, SEC, and NASD among others.
299
300
1. Registered Representative Rules – MSRB Rule G-2 requires that all parties effecting a
municipal transaction must be qualified. Qualified is generally determined by the passing of
an appropriate examination. Some example of individuals and examinations are:
• Municipal securities principal - any person engaged in management supervision, or

direction of municipal sales activities (underwriting, advising, communications,
trading, processing, etc. of municipal securities). Such a person must have
successfully passed the Series #53 (municipal securities principal) exam. Every firm
must have at least one principal.
• Municipal securities financial and operations principal - any person engaged in
(preparing or approving financial reports, supervision of accountants, supervision of
individuals that process, clear, or store municipal securities, etc.). Such a person must
have successfully passed the Series #27 (municipal securities financial and
operations principal) exam.
• Municipal securities representative - any person who is not a principal, whose
functions are not solely clerical, and who are engaged in (underwriting, advising,
communications, trading, researching, etc. of municipal securities). Such a person
must have successfully passed the Series #52 (municipal securities representative)
exam or the Series #7 (general securities representative) exam.
• There is a 90-day apprentice period for new municipal securities
representatives during which time they must pass the Series #52 or #7 exam.
During this time, they are not authorized to transact municipal business or
receive commissions on municipal transactions. However, they may be
salaried employees during this period.
• Representatives may not solicit orders, new accounts, or new customers
without passing the appropriate exam.
• If an exam is failed, it may not be taken again for 30 days. If an exam is failed 3
times, it may not be taken again for a period of 6 months. Also, if you leave the
business for 2 years you must retake the exam(s).
• Firms or representatives may be disqualified if they willfully mislead the public, are
convicted of “money” related crimes, or been expelled by other organizations such as
the SEC, etc.
• New accounts must be promptly reviewed by a principal.
• Municipal broker/dealers are required to deal fairly with all persons and can not
engage in any deceptive or misleading practices.
• Municipal broker/dealers cannot give a gift greater than $100 to anyone (other than
its employees) in the municipal securities business.
• A copy of the MSRB manual must be maintained in each office and available to
customer’s upon request.
2. Conduct of Customer Account Rules – The MSRB has established rules (similar to those
discussed previously) to protect the customer. The MSRB requires that you assess the
financial background, tax status, investment objectives, etc. in order to make effective
recommendations. As mentioned previously, all new accounts must be approved in writing
by a principal. Some specific provisions include:
300
301
• Account information must include the name, address, age, SSN, occupation, and type
of account (note: margin accounts must be authorized in writing). The form must be
signed by the representative and a principal.
• All recommendations to customers must be based upon a knowledge of the customer
and must be suitable for the customer. If a customer refuses to disclose financial
information, a recommendation can not be made.
• If a customer requests an unsuitable trade, it can be made if the representative informs
the customer of the unsuitability and the customers still directs that the trade be
executed.
• Discretionary accounts (those where the representative has the authority to make
trades on behalf of the customer without specific transaction approval) must be
authorized in writing. All discretionary transactions must be reviewed by a principal
by the end of the day of the transaction.
• Municipal broker/dealers are prohibited from guaranteeing a customer’s account
against loss.
• Municipal broker/dealers are prohibited from sharing in the gain or loss of a
customer’s account.
• Municipal broker/dealers must disclose any relationships associated with a
transaction in writing to a customer.
• Financial advisors to a municipality who assist in the structuring of a new offer, and
who want to be the underwriter, must resign from the advisor relationship and notify
the municipality in writing that a conflict of interest exists and disclose the expected
financial remuneration from the issue.
• Customer complaints must be handled through a structured process and resolution
must be approved by a principal. Also records of complaints must be retained for 6
years.
3. Trading and Market Rules – The MSRB has established rules (they are similar to the new
issue rules discussed in Unit 1, Section A.4) to govern the municipal market. Some of the
rules include:
• All quotes must be “bona fide” whether they are written or oral. Although, it should
be noted that the quotes are subject to change and to prior purchase or sale by another
party.
• All quotes must represent the broker/dealer’s best judgement of the fair market value
of the securities. The quotes do not have to be the exact fair market value, but a
reasonable judgement based upon relevant factors such as possible market
movements and the firm’s inventory of the securities.
• Firms can quote securities that it does not own if it can deliver the security. Such
quotes are prohibited if the firm has knowledge that the security is not available.
• Quotes can be in the form of bids wanted (BW), offers wanted (OW), nominal quotes,
and subject quotes. Nominal quotes are informational quotes that indicate that the
firm is not willing to trade at those prices. Subject quotes are ones that are subject to
some condition. This condition is often that the price is subject to change before the
trade occurs.
301
302
• Broker/dealers are prohibited from reporting information on a trade unless it is known

that a trade occurred at that price. False reports are considered to be a deceptive
practice.
• Prices charged for municipal bond trades must be fair and reasonable. This applies to
both principal and agency trades.
• If transactions are submitted through a syndicate (a group of dealers), the
broker/dealer must disclose whether the securities are for their own account, a related
account (one controlled by the dealer) or an accumulation account established by an
investment trust. Syndicate transactions must be filled in a specific order that has
been determined by the manager. Normal priority order is:
1) Pre-sale orders – orders taken by the syndicate prior to the date the
underwriter was selected (usually applies to underwriting that was subject to a
competitive bid).
2) Group net-orders – orders taken during an established time period after the bid
has been won by a syndicate.
3) Designated net-orders – orders where a designated member of the syndicate
may receive extra profit to complete the sale of an issue.
4) Member takedown orders – any orders after all designated net-orders have
been completed.
• The identity of customers for group net-orders must be disclosed to the manager to
prevent one customer from purchasing too much of an issue.
4. Advertising and Other Rules – The MSRB has established rules to control the
dissemination of materials to the public. The basic definition of advertising is material
designed for dissemination to the public through public media or promotional literature. This
includes almost anything that is disseminated to the public such as notices, circulars,
brochures, form letters, reprints, and market letters. It should be noted that internal memos
or communications are excluded from this rule since they are not intended to be publicly
distributed. Some of the rules include:
• Summaries or abstracts of official statement and offering circulars are included under
these rules. Since these documents do not contain all of the information included in
the official document, and may not be complete and accurate, they are considered
advertisements. It should be noted that the complete official statement or offering
circular is not considered an advertisement.
• Any advertisement may not contain false or misleading information.
• New issues may be advertised and the initial yield offering may be included in the
advertisement as long as the date of the initial sale is included in the advertisement.
However, the yields listed must have been in effect at the time of the publication. In
addition, the new issue bonds must actually be available (not completely pre-sold) to
be advertised.
• Secondary bond market advertising has the following rules:
• If the advertisement shows yields or bond prices the information must be
accurate as of the date of the advertisement.
• If a percentage rate is shown, the ad must state whether it is a nominal rate or
yield and whether it is a pre- or post-tax yield.
302
303
• If current yield is included in the advertisement, the yield to maturity or yield

to call must also be included.
• Dealers can advertise bonds which they don’t have in inventory if the
material states: subject to availability, the dealer will attempt to acquire the
bonds if requested, and the advertisement states that bonds are subject to
change in yield and price.
• If bonds are advertised as tax-free, it must be tax-free or all tax-related issues must be
disclosed.
• All advertisements must be approved by a principal in the firm.
• Brokers are not permitted to accept any additional compensation for the sale of the
bonds other than those disclosed in the prospectus.
• Computerized Uniform Securities Identification Program (CUSIP) - numbers are
assigned to all new issues and must be included in all sales confirmations.
• Municipal dealers are prohibited from engaging in the municipal securities business
for 2 years after a contribution is made to an elected official. This includes
contributions from PACs controlled dealers. However, it should be noted that gifts of
$250 or less are permitted.
• Municipal securities transactions claims or disputes must be resolved through
arbitration.
F. Margin Lending
Margin accounts are accounts where the broker/dealer extends credit to the customer and only a
percentage of the purchase price is actually paid. The advantage to a customer is the ability to
leverage their money, in effect buy additional securities with less cash. Some definitions
associated with margin accounts are:
• Margin – the percentage of the sale price the customer must deposit. The margin
percentage varies depending upon changes in federal regulations. It is usually
between 40 and 60%. The margin amount is currently 50%, which means that a
customer pays $.50 for every $1 of security purchased.
• Hypothecation – the practice of pledging securities as collateral.
• Rehypothecation – the practice of a broker pledging a customers securities with a
bank or other loan source.
• Loan Value – the percentage of the security’s market value that the firm lends to the
customer. If the margin requirement is 50% then the loan value is 50%.
The Federal Reserve Board has set regulations for margin accounts.
• Regulation U – limits the amount can be borrowed by brokers who use any customer
securities as collateral.
• Regulation G – limits the amount a non-bank lender can lend to brokers who use
customer securities (rehypothecate) as collateral.
• Regulation T – limits the amounts brokers can lend to customers on various types of
securities.
303
304
There are special characteristics associated with margin accounts. Since they involve credit it
was determined that special requirements were needed.
• New margin accounts must have a signed margin agreement in addition to the usual
new account information. The margin agreement should state that all transactions are
subject to pertinent laws and regulations. The customer must also agree to:
• Allow the brokerage firm to pledge or repledge securities for broker loans
• The accrual of interest charges on debt balances in their account
• Permission to sell held securities with or without notifying the customer if
equity is not adequate
• Some individuals who work for exchanges (and their spouses) may require special
approval from their employer before a margin account can be opened. Also a
registered representative may not open a margin account without branch manager
approval.
• Only listed securities (those listed on national exchanges) and or securities listed on
an OTC margin list (which is updated regularly) may be traded on margin per
regulation T.
• Certain securities are exempted from regulation T margin requirements. These
include federal government debt issues, state or municipal government issues, and
other issues from taxing entities. Since these issues are exempt, firms can assign a
higher loan value to them.
Other terms and definitions associated with margins are:

• Long market value – is the customer’s gross cost and includes any charges and
commission and is the amount used to calculate the margin requirement.
• Debit balance – is amount of the loan to the customer from the firm.
• Equity – the customer’s net worth in their account. To calculate the equity, subtract
the debit balance from the long market value.
• Restricted accounts – if the equity balance declines in an account due to a decline in
the market price of security and the current equity position falls below margin
requirements, the account is classified as restricted. Restricted accounts are subject to
specific rules; however, no specific action on the account (i.e. increase the equity
balance) is required per Regulation T. If additional securities are purchased, only the
new purchases are subject to the original margin requirement.
• Industry requirements - NASD and NYSE have established some margin requirements
(voluntarily) that are more strict than Regulation T. For example, mew margin accounts have
a $2,000 minimum value of an account that is added to the margin amount; thus, the actual
margin amount is usually greater than 50%. In addition, NASD and NYSE have rules that
require at least 25% equity in a long account.
• Maintenance calls - if the equity position in an account falls below the 25% threshold, the
customer is required to place cash or securities in their account within 48 hours or be subject
to the sale of shares from their account.
• Special memorandum account - if the market price of securities rises and the equity balance
exceeds the margin requirement, the excess amount may be used to purchase additional
securities on margin. Although no funds actually change hands, an additional line of credit is
established for the customer.
304
305
STUDY QUESTIONS FOR VOLUME 4

SECURITIUES INDUSTRY
1. The New York Stock Exchange is an example of a(n)
A. Primary Market.
B. Secondary Market.
C. Tertiary Market.
D. Over the Counter Market.
2. To get immediate execution WITHOUT restrictions or limits, an order should be

placed as a(n)
A. fill or kill (FOK) order.
B. good till canceled order.
C. all or none (AON) order.
D. market order.
3. Treasury stock
A. is outstanding stock repurchased by the company.
B. has voting rights.
C. receives dividends.
D. is authorized but unissued.
4. A revenue bond might be backed by which of the following?

A. Fines
B. Real estate taxes
C. Sales taxes
D. Lease rental payment.
5. Which two of the following option strategies would be profitable in a declining

market?
I. Long call
II. Long put
III. Short call
IV. Short put
A. I and III
B. I and IV
C. II and III
D. II and IV
6. An individual soliciting the sale of a closed-end corporate bond fund to a customer

in the secondary market would need to be registered as:
A. Series 1 Post-IPO Securities Representative.
B. Series 6 Investment Company/Variable Contract Representative.
C. Series 7 General Securities Registered Representative.
305
306
D. Series 52 Municipal Securities Representative.
7. Which of the following is a futures contract?

A. Individually negotiated contract to purchase or sell specified financial instruments on
a future date at a specified price.
B. Standardized contract to purchase or sell specified financial instruments on a future
date at a specified price.
C. Individually negotiated contract between two parties in which the buyer, in return for
a fee, receives cash payments from the seller at a future date if the specified interest
rate exceeds the strike price.
D. Standardized contract between two parties in which the buyer, in return for a fee,
receives cash payments from the seller at a future date if the specified interest rate
exceeds the strike price.
8. The primary authority regulating the issuance of industrial revenue bonds is the
A. SEC.
B. MSRB.
C. NASD.
D. IRS
9. XYZ Company stock has 2 million shares outstanding at $15 par value. XYZ
declares a 3 for 2 split. What is the new par value and the number of shares
outstanding?
A. $15 par value and 1.5 million shares
B. $10 par value and 3 million shares outstanding
C. $7.50 par value and 2.5 million shares outstanding
D. no change
10. The Securities Investors Protection Corporation was formed to protect:

A. investors from abusive trading practices of brokers.
B. investor’s cash and securities if the broker fails and is liquidated.
C. investors from fraudulent financial statements issued by brokers.
D. investor’s margin accounts in the custody of brokers.
306
307
Appendix A
Questions, Comments, or Corrections Concerning the

CFSA Study Guide
Please forward comments, suggestions, and corrections to: NAFSA,
P.O. Box 48357, Athens, GA 30604
(706) 353-3898 or acaple@cannonfinancial.com
# Page # Comment
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
307
308
12.
13.
14.
15.
16.
17.
18.
19.
20.
INFORMATION
Name: ___________________________________________________ Date: ______________________
Company: _______________________________________________________________________________
Address: _________________________________________________________________________________
City, State, Zip:

___________________________________________________________________________
Phone: (_____)_____________ Fax: (_____)________________ E-mail: ____________________________
308
309
Appendix B
Study Question Answers – Volume 1
1. C. Organizational status and objectivity.
2. A. Will use the CFSA designation with pride and professionalism.
3. C. Annual audit plan.
4. B. Collecting payments on accounts and reconciling accounts receivable records.
5. C. Identifying opportunities for improvement in performance of key functions.
6. A. Appraise the organization's internal control system.
7. D. Substantive tests to evaluate the reasonableness of financial information.
8. B. Inverse.
9. A. Program change control, segregation of duties, and interim input reconciliations.
10. C. II, III, and IV only.
309
310
1. C. A fee is charged for the internal audit of the plan.
2. D. Enter into an interest rate swap to receive floating and pay fixed rate payments.
3. D. Conducting currency transactions in a manner to avoid reporting requirements.
4. B. Commercial loans.
5. A. As a sale of the lessor and a purchase by the lessee.
6. A. I and III only.
7. B. Currency and checking accounts only.
8. C. I, III and IV only.
9. B. The activity date used to determine dormancy is updated by internal debit memos.
10. D. I, II, III and IV.
310
311
1. B. I and III only
2. C. Vesting
3. C. II and IV only
4. A. The claim should be denied since coverage was never present, and the claim should be
placed against the agency’s Errors and Omissions policy for reimbursement of the claimant.
5. C. Deferred acquisition costs.
6. B. Unearned premium reserve.
7. C. III and IV
8. D. Keogh plans
9. B. An umbrella policy to place a protective umbrella over existing coverage.
10. C. Stock and mutual funds.
311
312
1. B. The NYSE trades in secondary securities, that is, non newly-issued securities which are
usually offered by an underwriting syndicate.
2. D. Market orders are executed immediately at the best available market price if the stock is
trading, without restrictions or limits.
3. A.
4. D. The others back general obligation bonds.
5. C. Calls decline in a declining market, and puts increase in value in a declining market.
Shorting calls allows the seller to buy the calls back at a lower price. Being long puts allows
the holder to sell at a higher price as the value of the put increases.
6. C. The sale of closed-end investment company shares are treated like a general security.
The sale of general securities must be sold by a general securities registered representative
(Series 7), Regulations NASD Rules.
7. B. See AICPA Brokers and Dealers in Securities, May 2000, pgs. 13 and 14.
8. B. The Municipal Securities Rulemaking Board is the primary regulator of IRB’s and all
Municipal Securities.
9. B. There is no change in the total amount of capitalization. A 3 for 2 stock split simply
means that there will be 1.5 times as many shares outstanding at 2/3 of the value as prior to
the split. In this case that equates to choice B.
10. B. AICPA Brokers and Dealers in Securities, May 2000 - pg. 10.
i
Committee on Basic Auditing Concepts, A statement of basic Auditing Concepts, Sarasota FL: American
Accounting Association, 1973, p.2.
ii
Information on IIA taken from their web site -- http://www.theiia.org/aboutiia/about.htm – on May 14, 1999.
iii
Information on IIA taken from their web site -- http://www.theiia.org/aboutiia/about.htm – on May 14, 1999
iv
Some information was derived from, Handbook For Audit Committee Members, Copyright 1996 Grant Thornton
LLP, http://www.gt.com/gtonline/assuranc/handtoc.html
v
COBIT - Governance, Control, and Audit for Information and related Technology, Information Systems Audit and
Control Foundation, April 1998, 2nd edition
312

CFSA Study Guide PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

CFSA Study Guide PDF

Uploaded by

Copyright:

Available Formats

Certified Financial Services Auditor

Reviewers and Contributors

Additionally, the following individuals were instrumental in providing evaluation, constructive

Michael I. Balbirnie, Senior Vice President, First Union Corp

With heartfelt thanks,

About the Authors

The Institute of Internal Auditors

CFSA Study Guide

Core Competencies for Financial Services Auditors

Recommended Review Materials

Preparing to Pass the CFSA Examination

Core Competency Number One: Auditing

A. IIA Standards for Workpapers

B. Common Ways Auditors Use Confirmations

Core Competency Number Two: Banking Industry

Core Competency Number Three: Insurance Industry

Core Competency Number Four: Securities Industry

Appendix A- Questions, Comments or Corrections Concerning the CFSA Study Guide

Appendix B- Study Question Answers

Good luck on the CFSA Exam.

Core Competencies for Financial Services Auditors

B. Internal Audit Organization

1. Elements and Types

F. Information Systems Auditing (LANs, WANs, Mainframes, Microcomputers)

1. Internal Control Development

A. Financial Statement Application

2. Liabilities and Shareholders Equity

4. Money & Banking

B. Laws/Regulations and Regulatory Environment

1. Overview of the Regulatory Environment

2. Laws and Regulations

Reg BB - Community Reinvestment Act

III. Insurance Industry

B. Laws and Regulations

2. Property and Casualty Products

2. The Stock Exchanges

3. Over-The-Counter (OTC) Market

B. Equities, Debt Securities, Options, New Issues

2. Real Estate Investment Trusts (REIT's)

4. Municipal Securities Rule Making Board

Certified Financial Services Auditor Program Recommended

Audits of Investment Companies

The Price Waterhouse Compliance Series

Harriett E. Jones & Dani L. Long,

Barry D. Smith & Erica Wiening

National Association of Financial Services Auditors (NAFSA)

The Institute of Internal Auditors (IIA)

Information Systems Audit and Control Association (ISACA)

Information Infrastructure Task Force

American Institute of Certified Public Accountants (AICPA)

Association of Certified Fraud Auditors

Federal Reserve System

Office of the Comptroller of the Currency

Federal Deposit Insurance Corporation

Code of Federal Regulations

Preparing to Pass the CFSA Examination

1. Begin preparing well in advance of the test date.

3. Find a suitable place to study.

4. Familiarize yourself with the exam site and surrounding facilities.

Test Taking Tips

3. Budget your time.

4. Read answer choices carefully.

CORE COMPETENCY NUMBER ONE: AUDITING