Trust and Asset Management Activities
21.01 Among other engagements, auditors may be engaged to (a) report on trust company financial statements, particularly of common or collective funds, (b) report on internal control over financial reporting in the institution's trust department, or (c) perform procedures agreed to by management or regulators or extended audit services to supplement the institution’s internal audit efforts.1,2,3
21.02 Trust and asset management activities include fiduciary services provided to customers. One type of fiduciary service involves acting as a trustee. Trust activities of an institution may be an integral part of the institution's services; however, because of strict laws4 governing fiduciary responsibilities, institutions conduct trust activities independently through
- a. a separate department or division of the institution;
- b. a separately chartered trust company; and
- c. a contractual arrangement with the trust department or a trust company of another depository institution.
21.03 The organizational structures of institutions' trust departments or of trust companies vary greatly depending upon factors such as the scope of trust activities, the complexity of trust services offered, management's preference, and the historical development of the entity. Trust organizations vary from small operations with one person devoted to trust activities on a part-time basis to large organizations with a variety of specialized staff such as tax attorneys, employee benefit specialists, and investment specialists.
21.04 Trusts can be broadly categorized as personal, corporate, or employee benefit.
21.05 This chapter deals primarily with how trust services and activities affect audits of the financial statements of financial institutions. However, it is important that auditors be fully aware of any regulatory expectations that may exist in the area of trust departments and design any engagements arising from those expectations in an appropriate manner.
21.06 Regulatory focus on the adequacy of auditing of trust operations of financial institutions has increased in recent years. The proliferation of trust charters in bank holding companies has led the bank and savings institution regulators to more closely assess the adequacy of secondary monitoring provided by audit functions. In cases where internal audit departments do not exist or lack the expertise necessary to audit the complexities of financial institutions or trust operations, or both, the regulators are looking often to independent auditors to supplement the existing resources. In their respective rules on audits of fiduciary activities for both federal savings associations (Title 12 U.S. Code of Federal Regulations [CFR] Part 150.440) and national banks (12 CFR 9.9), the Office of the Comptroller of the Currency (OCC) requires that management arrange for a suitable audit of trust operations through the efforts of external or internal auditors, or both, on an annual basis or as part of a continuous audit process. Trusts maintaining state charters would be required to follow rules issued by the individual states.
21.07 The audit requirements of the OCC are largely related to operating and compliance controls that may not be tested in the audit of financial statements of a financial institution. In addition, the depth of testing of financial reporting controls will likely be greater than in a financial statement audit. Accordingly, the testing in these areas should be the subject of separate engagements under standards for attestation engagements or consulting standards as they relate to extended audit services.
21.08 Personal trust accounts may be established for individuals or other entities such as foundations, college endowments, and not-for-profit organizations. A brief description of the primary kinds of personal trusts follows:
- a. Testamentary trusts are created under a will. Administrative responsibility begins when assets are transferred from the estate to the trust. Almost all testamentary trusts are irrevocable.
- b. Voluntary trusts (inter vivos), also referred to as living trusts, are established by individuals during their lifetimes. This type of trust is often established with powers of revocation or amendment. Furthermore, it has been increasingly common for the grantor of the trust to retain the power to control or participate in deciding on investments resulting in a self-directed trust.
- c. Court trusts are trusts in which the trustee is accountable to a court. Court trusts generally include decedents' estates (under which the courts appoint administrator institutions to settle the estates of persons who either died without leaving wills or who nominated the institutions as executors in their wills), guardianships, and some testamentary trusts.
- d. Agency agreements provide for the care of other parties' securities and properties. Safekeeping and custodianship agreements are two of the more common types.
- e. Property management agreements provide for the management of property, for example, real estate or securities investments, by the trustee institution. The institution, as agent, has managerial duties and responsibilities appropriate to the kind of property being managed. (Such agreements also may exist for employee benefit trusts.)
21.09 Closely held business management responsibilities may arise through the normal course of events when an institution serves as trustee of a personal trust (or employee benefit trust) that holds ownership of the enterprise, through involvement in winding down the affairs of an estate, or through a specialized property management agreement.
21.10 A brief description of the primary kinds of corporate trust activities follows:
- a. As transfer agent, the trust department or trust company transfers registered (in contrast to bearer) securities from one owner to another and maintains the records of ownership.
- b. As registrar, the trust department or trust company maintains for corporations control over the number of shares issued and outstanding.
- c. As joint registrar transfer agent, the trust department or trust company acts jointly as registrar and transfer agent for the same issue.
- d. As paying agent, the trust department or trust company distributes interest or dividend payments or redeems bonds and bond coupons of corporations and political subdivisions within the terms of an agency agreement.
- e. When an institution is a trustee under indenture, the trust department or trust company acts as an agent designated by a municipality, corporation, or other entity to administer specified cash receipt or payment functions. The trust department or trust company performs the duties specified in the agreement, which might include holding collateral; issuing bond instruments; maintaining required records, accounts and documentation; monitoring for default; ensuring legal compliance; and effecting the payment of principal and interest.
Employee Benefit Trusts
21.11 In most cases, the assets of an employee benefit plan must be held in trust with the trustee named in the trust instrument or benefit plan. The trustee manages and controls the assets of an employee benefit plan, although actual investment decisions might be turned over to an investment committee or investment manager. Trustees of employee benefit plans are, in most cases, fiduciaries. The fiduciary’s responsibility is to manage the assets of the employee benefit plan so that those assets are used exclusively to provide benefits for employees and beneficiaries and to defray administrative costs of the plan. The fiduciary is charged with using the care and skill in managing the plan that a prudent man would in similar circumstances. The fiduciary must diversify the investments of the plan to minimize the risk of large losses. Finally, the fiduciary must discharge its duties in accordance with the documents and instruments governing the employee benefit plan and the Employee Retirement Income Security Act of 1974 (ERISA), the federal law dealing with employee benefit plans. A brief description of the primary kinds of employee benefit trusts follows:
- a. Pension or profit sharing trusts provide for a trustee institution to manage trust funds established for the benefit of eligible company officers or employees or for members of a union, professional organization, or association. Such trusts are established by comprehensive written plans in which the trustees' powers are limited and their duties are well defined. These trusts may exist in connection with a variety of types of benefit plans, including defined benefit plans, defined contribution plans, individual retirement accounts, and health and welfare plans.
- b. Master trusts are special trust devices used to bring together various employee benefit trusts of a plan sponsor for ease of administration. For instance, an employer may have similar benefit plans for different subsidiaries, divisions, or classes of employees. Rather than maintain separate employee benefit trusts for each plan, all of the plans, subject to restrictions of ERISA, may pool the trust assets in a single master trust and maintain separate subaccounts for each plan to preserve accountability. A master trust may also be structured to establish separate pools of trust assets managed by different investment advisers selected by the plan sponsor.
Common or Collective Trust Funds
21.12 A common or collective trust fund is a bank-administered trust that holds commingled individual trust accounts (that is, personal or employee benefit trusts). The account assets are pooled to achieve greater diversification of investment, stability of income, or other investment objectives. They are similar to a mutual fund but are not regulated by the SEC and are not required to be registered with the SEC under an exclusion from the Investment Company Act of 1940. They are instead required to follow OCC regulations at 12 CFR 9. Under OCC regulations, there are two types of funds: (a) common trust funds,5 which are maintained exclusively for the collective investment of accounts for which the institution serves as trustee, executor, administrator, conservator, and guardian, and (b) collective trust funds or commingled pension trust funds, which consist solely of assets of retirement, pension, profit sharing, stock bonus, or other trusts that are exempt from federal income taxes.
21.13 Some institutions are also involved with mutual funds. Their involvement may range from corporate trust activities, which are generally administrative in nature, to investment advisory activities, or may simply involve custodial activities. Some institutions sell funds sponsored by an independent fund group. Others may use their name on a fund sponsored by an affiliate. Readers may refer to the FDIC’s nondeposit investment products exam procedures as a resource for evaluating these transactions.
21.14 The federal banking agencies use the Uniform Interagency Trust Rating System (UITRS) as a tool to evaluate the soundness of fiduciary activities of financial institutions on a uniform basis and to identify those institutions requiring special supervisory attention. The UITRS was revised in 1998 to place more emphasis on risk management and more closely align the ratings definitions language and tone with those of the capital adequacy, asset quality, management, earnings, and liquidity ratings definitions.
21.15 Although a trust department or trust entity may have responsibility for the custody of trust assets, they are not assets of the institution and, therefore, should not be included in the institution's financial statements according to FASB ASC 942-605-25-3. However, cash accounts of individual trusts are often deposited with the institution in demand and time deposit accounts, and revenues and expenses related to fees for trust activities are recognized in the institution's income. Trust department income should be presented on the accrual basis.6
21.16 Financial institutions often make financial statement disclosures describing the nature of the trust activities and are required to apply the provisions of FASB ASC 450, Contingencies, to any contingencies that may exist related to trust activities.
21.17 The primary objectives of financial statement audit procedures applied in the trust operations area are to obtain sufficient appropriate evidence that
- a. the institution has properly described and disclosed contingent liabilities associated with trust activities in the financial statements, and
- b. fee income resulting from trust activities is recognized properly in the institution's financial statements.
21.18 In accordance with AU-C section 315, Understanding the Entity and Its Environment and Assessing the Risks of Material Misstatement (AICPA, Professional Standards), the objective of the auditor is to identify and assess the risks of material misstatement, whether due to fraud or error, at the financial statement and relevant assertion levels through understanding the entity and its environment, including the entity’s internal control, thereby providing a basis for designing and implementing responses to the assessed risks of material misstatement (see chapter 5, “Audit Considerations and Certain Financial Reporting Matters,” of this guide for additional information). The following is a list of factors related to trust services and activities that could influence the risks of material misstatement:
- a. The organization of the trust department and the degree of separation from the commercial banking departments (for example, the role of legal counsel in trust account administration and the vulnerability to disclosure of insider information)
- b. The nature of comments on trust operations indicated in supervisory agency or internal audit reports
- c. The extent and nature of insurance coverage
- d. The type and frequency of lawsuits, if any, brought against the institution and arising from trust operations
- e. The nature, complexity, and reliability of data processing systems
- f. The nature and extent of lending of securities from trust accounts
The significance of an institution's exposure to liability (including liability related to the reporting of tax information) is a function of (a) the relative significance of the trust assets administered, (b) whether the institution has discretionary investment authority, (c) the complexity of transactions entered into by the trust, (d) the number of trusts administered, and (e) the effectiveness of administration of the trust. It is important for auditors not to underestimate the importance of an institution’s trust department. Auditors might also consider the complexity of the assets owned and the investment mandate.
Internal Control Over Financial Reporting and Possible Tests of Controls
21.19 AU-C section 315 addresses the auditor’s responsibility to identify and assess the risks of material misstatement in the financial statements through understanding the entity and its environment, including the entity’s internal control. Paragraphs .13–.14 of AU-C section 315 state that the auditor should obtain an understanding of internal control relevant to the audit and, in doing so, should evaluate the design of those controls and determine whether they have been implemented by performing procedures in addition to inquiry of the entity’s personnel. (See chapter 5 of this guide for further discussion of the components of internal control.) To provide a basis for designing and performing further audit procedures, paragraph .26 of AU-C section 315 states that the auditor should identify and assess the risks of material misstatement at the financial statement level and at the relevant assertion level related to classes of transactions, account balances, and disclosures.
21.20 Accounting systems for trust departments generally use sophisticated electronic data processing systems. The accounting records of a trust department generally reflects the department's asset holdings and liabilities to trust customers, the status of each trust account, and all transactions relating to each trust account. Records providing detailed information for each trust account generally should include the following:
- Principal (corpus) control account
- Principal cash account
- Income cash account
- Investment records for each asset owned, such as stocks, bonds, notes and mortgages, savings and time accounts, real property, and sundry assets
- Liability record for each principal trust liability
- Investment income
21.21 The auditor may need to evaluate trust departments' and trust companies' overall internal control over financial reporting, including, but not limited to, the following controls:
- Individual account and departmental transactions (activity control) and suspense items are reconciled and recorded in a complete, accurate, and timely manner. Appropriate supervisory personnel routinely review and approve reconciliations.
- Written policies, procedures, and controls exist for securities lending activities, including review of the borrower's creditworthiness, a formal lending agreement, and minimum collateral requirements.
- Written policies and procedures exist for collateral maintenance and reinvestment.
- Periodic reconciliations of the trust funds on deposit with the institution or its custodian are performed by an employee having no check signing authority or access to unissued checks and related records. Appropriate supervisory personnel routinely review and approve reconciliations.
- Measures have been taken to safeguard trust assets by dual control.
- Accurate files of documents creating trusts and authorizing transactions are maintained. A review of document files for completeness is performed by an independent individual.
- Vault deposits and withdrawals are reconciled with accounting records to promptly reflect the purchase and sale of trust assets. Appropriate supervisory personnel routinely review and approve reconciliations.
- Reconciliation of agency accounts (for example, dividends, coupons, bond redemptions, and holdings or principal balance) is performed regularly by an employee having no access to unissued checks or participation in the disbursement function.
- Periodic physical inspection of assets or confirmation of trust assets is conducted by an independent person.
- There is frequent reporting and written approval of uninvested cash balances and overdrafts.
- Procedures exist to ensure compliance with income and other tax filing and remittance requirements.
- Reviews are conducted to make sure all duties required by the governing trust instruments or agency contracts (legal compliance) are performed.
- Trust fees are posted to the general ledger by persons who do not have conflicting duties from detailed records produced by the trust system.
- Trust fee income is periodically reviewed for accuracy by appropriate personnel with no conflicting duties.
- Management or independent employees perform an analytical review of trust fee income. Differences are investigated timely.
Financial Reporting Controls of the Trust
21.22 Additional controls that the auditor may wish to consider for engagements not limited to the audit of financial statements (for example, directors' exams, engagements under AT-C section 320, Reporting on an Examination of Controls at a Service Organization Relevant to User Entities’ Internal Control Over Financial Reporting [AICPA, Professional Standards], and agreed upon procedures or other extended audit services) include the following:
- Authorization and review procedures are in place to ensure that assets accepted into a trust conform to provisions of the trust and applicable laws and regulations.
- The physical and administrative security (physical control) of assets for which the trust department has responsibility is segregated from transaction authorization and recordkeeping.
- Trust assets are segregated from the institution's assets and are periodically inspected by people outside the trust department or trust company.
- Trust assets are registered in the name of the institution as fiduciary or in the name of the nominee.
- Proper approval is obtained from cofiduciaries (or investment power holders in self-directed trusts) for investment changes, disbursements, and so forth.
- Approval of the individual purchase and sale of all trust investments is performed by the trust or investment committee or its designees. It is important that for assets where the trustee has discretionary (investment powers) authority, investment restrictions imposed by the client are being adhered to. Paragraph .19 of AU-C section 315 states that the auditor should obtain an understanding of the information system, including the related business processes relevant to financial reporting.
- Procedures exist to ensure proper classification of trust assets, both by trust title and by nature of asset, daily posting of journals containing detailed descriptions of principal and income transactions, and establishment of control accounts for various asset classifications, including principal and income cash.
- Procedures exist to safeguard unissued supplies of stocks and bonds by dual control.
- Periodic mailings, at least quarterly, are made of account statements of activity to an external party designated by the client.
- Policies and procedures exist related to identification and resolution of failed trades and the contractual settlement of trades posted to trust accounts.
- Complete legal files are maintained.
- Based on the nature of trust contracts, accurate tax reporting is performed.
Substantive Tests Related to Financial Statement Audits
21.23 Testing of trust department revenues and expenses. Although a substantial amount of activity may be conducted and reported on within the trust department, items typically reflected in the institution's financial statements are income from trust or agency services and trust operation expenses. Those areas may be tested independently or may be integrated, as appropriate, with other tests of trust operations.
21.24 Contingent liabilities. The auditor designs audit procedures to determine whether any contingent liabilities should be recognized or disclosed in the institution's financial statements. Acceptance of certain assets, such as real estate with environmental contamination that subjects the trustee to environmental liabilities and ineligible investments in employee benefit trusts subject to ERISA, may result in substantial liabilities for both the trust and trustee. If the institution is providing guarantees to beneficiaries or others associated with the trusts, procedures may need to be performed to determine if the institution has complied with the requirements of FASB ASC 460, Guarantees or FASB ASC 815, Derivatives and Hedging, if the guarantee meets the definition of a derivative. Further, the auditor considers determining the extent to which an institution has engaged in off-balance-sheet activities that create commitments or contingencies, including innovative transactions involving securities and loans (such as transfers with recourse or put options), that could affect the financial statements, including disclosures in the notes. Inquiries of management relating to such activities might be formalized in the representation letter normally obtained at year-end. The auditor also considers reviewing the institution's documentation to determine whether particular transactions are sales or financing arrangements.
Substantive Procedures Related to the Trust
21.25 Additional substantive procedures that the auditor may wish to consider for engagements not limited to the audit of financial statements (for example, directors' exams, engagements under AT-C section 320 and agreed upon procedures or other extended audit services) are included in the following paragraphs.
21.26 Examination of a trust department's activity includes tests of systems and procedures that are common to the management of all or most individual trusts or agency accounts and tests of the activity in selected representative individual trust accounts in each area of trust department service (for example, personal, corporate, and employee benefit).
21.27 Testing of trust activities' common procedures. The procedures followed for the numerous types of trusts and agency activities involve many common or similar functions. Tests of the department's conduct of those activities may be on the department as a whole rather than on individual trusts. Functions that may be tested by the department include, but are not limited to, the following:
- Opening of new accounts
- Receipt and processing of the initial assets that constitute an account
- Processing of purchases, sales, and exchanges of principal assets
- Receipt and payment of cash or other assets
- Collateralization of trust assets held in deposit accounts at the institution, affiliate, or outside custodian, where contractually required
- Execution of specified trust or agency activities
- Determination of fees and charging of fees to accounts
- Processing of trust assets in and out of the trust vault
- Closing of accounts
21.28 Testing of account activity. Depending on the circumstances, paragraph .A46 of AU-C section 330, Performing Audit Procedures in Response to Assessed Risks and Evaluating the Audit Evidence Obtained (AICPA, Professional Standards), states that the auditor may determine the following:
- Performing only substantive analytical procedures will be sufficient to reduce audit risk to an acceptably low level, such as, for example, when the auditor’s assessment of risk is supported by audit evidence from tests of controls.
- Only tests of details are appropriate.
- A combination of substantive analytical procedures and tests of details are most responsive to the assessed risks.
The auditor’s determination as to the substantive procedures that are most responsive to the planned level of detection risk is affected by whether the auditor has obtained audit evidence about the operating effectiveness of controls.
21.29 The tests may cover asset validation, asset valuation, and account administration. For asset validation, a sample of accounts may be selected, trial balances of assets obtained, and the physical existence of assets for which the trust is responsible determined on a test basis. For account administration, a sample of trust accounts may be selected for testing of individual transactions. If appropriate, certain of those transactions may be incorporated in testing of common procedures in the trust department. The auditor may coordinate the selection of accounts for testing asset validation and account administration. The auditor might perform the following procedures for the selected accounts:
- a. Read the governing instrument and note the significant provisions.
- b. Review activity during the period being audited for compliance with the governing trust instrument and applicable laws and regulations.
- c. Review the assets held for compliance with the provisions of the governing trust instrument.
- d. Examine brokers' advices or other documentary evidence supporting the purchase and sale of investments.
- e. For real estate accepted or acquired, determine that appropriate measures are taken to identify potential environmental liability and to properly document the evaluation.
- f. Ascertain that real estate holdings are insured and are inspected on a periodic basis and that appraisals are performed or otherwise obtained as required by the governing trust instrument and applicable laws and regulations.
- g. Obtain reasonable assurance that income from trust assets has been received and credited to the account.
- h. Obtain reasonable assurance that necessary payments have been made.
- i. Test computation and collection of fees.
- j. Determine whether the account has been reviewed by the investment committee as required by the supervisory authorities or by local regulations.
- k. Test the amounts of uninvested cash to determine whether amounts maintained and time held are not unreasonable.
- l. Review any overdrafts and obtain reasonable assurance that they have a valid business purpose and are covered by appropriate borrowings to avoid violations of laws and regulations.
- m. Independently test market values used in valuing investments.
- n. Review the “soft dollar” charges allocated to funds for appropriateness.
- o. Determine whether required tax returns have been filed in accordance with IRC regulations.
- p. Review the adequacy of trust reporting of co-trustees and beneficiaries.
- q. Confirm individual trust account assets, liabilities, and activity with co-trustees and beneficiaries.
- r. Test valuation procedures.
Audits of Unit Investment Trusts
21.30 The AICPA Audit and Accounting Guide Investment Companies provides guidance on the auditing of financial statements of investment companies and unit investment trusts.