This is an era of unprecedented challenges and opportunities for companies in the energy industry. Record high oil prices, a significant increase in cross border trading, heightened awareness to comply with Sarbanes-Oxley, and the emphasis on the need to improve the speed and timeliness of reporting are just some of the business issues that risk managers, compliance officers and finance groups are agonizing over these days.
Today, companies are evaluating new procedures for helping IT deliver (and ensure) tighter audit and compliance methodologies to protect the integrity of key business assets – applications and data. There is an increased emphasis on process controls and information transfer to ensure consistency, accuracy and auditability.
Manual processes have their place in trading systems but have notable limitations. Deal tickets, confirms, contracts and invoices are typically labor intensive because they rely on paper documents and physical flows of information. Every new trade introduced to the process is a fresh event which must flow through these physical channels for successful completion. Lapses are inevitable even at the best run trading companies. A
single incorrectly entered trade can have great consequences. In theory, every manually entered trade exposes the company to the risk of human error. As trade volumes continue to increase so does the likelihood of a grave error. Fixing processing errors
after the trade by unwinding positions that went wrong can be time consuming and very costly.
How can an organization involved in energy trading improve the transparency of its trades and enable better monitoring of progress and status? Here are several areas to consider:
• Adoption of a straight-through-processing system (STP)
• Traceability of transactions and versioning
• Segregation of duties and role-based access
• Security through access control
• Assessment of Compliance
STP is about effective risk management, at the client and institutional levels. Trade problems develop when incorrect data is introduced in the post trade scenario, as a result of human error or process inefficiencies. This clearly is one aspect of a trading operation that can be managed and controlled by using an appropriate technology framework. The adoption of an STP system contributes towards improved business efficiencies and
streamlined operations. The benefits accruing to companies that have adopted STP technology include the following:
• Reduced settlement cycle: Achieving seamless integration will be an enabler for shorter settlement cycles to assist with both domestic and cross border trades.
• Reduced counterparty risk: Once a trade has been executed, there is an element of uncertainty between all parties on the status of the trade. STP helps reduce such counterparty risks.
• Reduced operational risk: Automating the process from
execution through to settlement reduces manual processes and provides a more timely and accurate position assessment and report.
Today companies are embedding many sustainable key
performance indicators. However, far too few are monitoring and evaluating the effectiveness of the processes that lie behind them. In order for energy trading companies to meet the reporting challenges in place today and in the future, they need to construct a coordinated and consistent approach underpinned by standardized and repeatable processes. Under-investment in enterprise wide trading and risk management reporting systems will continue to mean that accurate and reliable data will be difficult to extract leading to an over-reliance on spreadsheets and manually keyed data.
Internal workflow enables companies to manage transactions within an auditable control framework. Management must be able to assess how that workflow can withstand scrutiny, which requires a framework with a clearly traceable path of transaction entries, changes, and deletions. Transaction correctness can be ensured if the path of any single transaction or aggregation of transactions can be revealed in detail. Best practices mean securely implementing WWWWH logging – who, what, when, where, how- for every step of the transaction.
Typical reasons for changes to a transaction might be that the trade was entered improperly, or additional information added, or terms modified. A trader needs to send his 50,000 barrels to a delivery port instead of pickup at a load port. Logging the WWWWH aspects of the changes made allows complete traceability throughout the history of a transaction. Another way for STP software to enhance traceability and accountability is through versioning controls, a way to easily dial back through every step of the transaction. Flipping back through the transaction history of a trade should lay the information out in WWWWH fashion. Compliance officers should evaluate STP trading software with these requirements in mind.
There is a complementary benefit from solid logging of transaction recording: best practices in roles and procedures once implemented can be monitored with ease. If any transaction can be queried as to who did what, by when, and for whom, the role of a particular duty –say, entering agreed upon modifications in terms- can be formally designated. In other words, trading software offering completely documented transactions and versioning can be leveraged to drill down and institutionalize the roles of the various players in the transaction. An anomaly on a report can immediately be traced back to the employee who failed to update a price, event or enter a transaction. Silo practices between departments should be sought out, questioned and eliminated since consistency and best practice are the objectives. Processes should be documented and wherever possible automated.
The COBIT framework mentioned by Sarbanes-Oxley is
Control Objectives for Information and related Technology, a roadmap of best practices and a respected guideline. Role designation of the type above offers Compliance Officers a way to assess adherence to COBIT security principles of segregation of duties and RBAC – Role-based Access Control. Security in trading software relies on the standard information technology
mechanisms of access control, privileges, and logging.
RBAC also adheres to the principle of segregation of duties. The ability to enter, change, or review a trade must not be in the hands of just one individual. Tying these separate abilities/roles to different groups ensures that no one person can author a trade from beginning to end. When assessing for sound transaction recording processes, management should look for role-based access controls that conform to the principle of "least privilege." If traders are not responsible for entering changes, they should not be allowed change privileges; only the parties responsible for entering changes should have those privileges. Management must be subject to the same standards. The ability to read a report should not imply the ability to change the data. Constraining that privilege adheres to the COBIT principle of segregation of duties. In the case of an enterprise wide trading system, design which removes permissions from senior management is a hard sell. It is fundamental to remember that the reasons for process controls are the benefits of reduced risk, efficiency and auditability.
Compliance assessment begins with documented procedures. Interactions between people and systems, people and people and even systems and systems are often poorly documented, are hard to follow and almost impossible to audit. Process automation has to accommodate human decision-making, as well as management review and control. Compliance assessment begins with documented procedures. All the process controls discussed above require careful planning in setup and documentation, and frequent reassessment of their effectiveness. Once these controls are in place, many benefits will be realized in terms of consistency, accountability, and accurate reporting. While it is true that assessing the auditability of trade process controls may result in expensive changes, it is also true that bringing process controls in line will result in reduced risk and profitable synergies.
Corporate rhetoric will always focus on achieving goals,
targets and key performance indicators because these missions influence executive compensation and shareholder value. Energy trading companies need to consider ways in which they can better integrate and automate processes, and improve control in order to cope with an increasingly complex and regulated reporting environment. Trading and risk management systems are vital since every manual process presents a risk of variation, inefficiency and lack of control. Trading and Risk Management systems should be easy to use, but hard to bypass; provide tight control of processes but allow them to be continuously improved; and pervade the company but allow for trades to be
conducted quickly and efficiently.
To request more information about TradeCapture and how we can provide value to your business, please contact TradeCapture at +1-203-327-7000 or send an email to info@tradecapture.com.
Andy Ettinger, CISSP infrastructure manager at TradeCapture Inc.
Steve Oppenheimer, chief marketing offi cer at TradeCapture Inc.