Annual Report - CoBank

As a condition of the merger with AgBank, effectiveJanuary 1, 2012, the FCA requires CoBank to maintain aminimum days liquidity of 130 (40 days greater than the90 day regulatory minimum). Additionally, throughDecember 31, 2014, if days liquidity were to fall below 150for five consecutive days, the Bank must notify the FCA andsubmit to them a written plan to restore and maintain the 150days level.Our liquidity plan covers certain contingencies in theevent our access to normal funding mechanisms is disrupted.We purchase only high credit quality investments to ensureour investment portfolio is readily marketable and available toserve as a source of contingent funding. Our investmentportfolio may also be used as collateral to borrow funds tocover maturing liabilities. Pursuant to FCA regulations, nonagencymortgage- and asset-backed securities that are nolonger rated triple-A by at least one major rating agency mustbe excluded from our liquidity reserve. In addition, suchsecurities must be disposed of within six months of beingdowngraded unless approval to continue to hold thesesecurities is obtained from the FCA. Approximately$192.7 million of our non-agency investment securities havebeen downgraded to ratings below triple-A and are no longerincluded in our liquidity reserve as of December 31, 2011.With the exception of three securities pending approval, theFCA has granted us approval to continue to hold all suchsecurities. We continue to closely monitor market and creditconditions affecting all of our investment securities.We have identified certain portions of our loan portfoliothat we believe could be sold or participated in the event ouraccess to normal funding mechanisms is disrupted. Theseloans serve as an additional source of contingent funding. Wealso maintain uncommitted lines of credit with variousfinancial institutions that could provide liquidity duringunanticipated short-term disruptions in funding. However, it isuncertain whether we would be able to sell or participate loansor fully utilize uncommitted lines of credit in the event of asystemic funding disruption.Operational Risk ManagementOperational risk is inherent in all business activities andthe management of such risk is important to the achievementof our objectives. Operational risk represents the risk of lossresulting from conducting our operations, including theexecution of unauthorized transactions by employees; errorsrelating to loan documentation, transaction processing andtechnology; the inability to perfect liens on collateral;breaches of internal control systems; and the risk of fraud byemployees or persons outside the Bank. This risk of loss alsoincludes potential legal actions that could arise as a result ofoperational deficiencies, noncompliance with regulatorystandards, employee misconduct or adverse businessdecisions. In the event of a breakdown in the internal controlsystem, improper access to or operation of systems orimproper employee actions, the Bank could incur financialloss or face regulatory action.We utilize a risk management framework, well-controlledbusiness policies and processes and employee training tomanage operational risk. Under this framework, businesssegments have direct and primary responsibility andaccountability for identifying, controlling and monitoringoperational risk. Business managers maintain controls with theobjective of providing proper transaction authorization andexecution, proper system operations, safeguarding of assetsfrom misuse or theft and ensuring the reliability of financialand other data. Employees receive regular training on businessethics, fraud identification and prevention, compliance withlaws and regulations, and information security. We alsomitigate operational risk through the use of insurancecoverages.Business continuity and disaster recovery planning is alsoimportant to effectively manage our operational risks. Eachcritical business unit, as well as our Information TechnologyDivision, is required to develop, maintain and test such plansat least annually to ensure that continuity and recoveryactivities, if needed, could sustain critical functions includingsystems and information supporting customers and businessoperations. While we believe that we have designed effectivebusiness continuity policies and procedures, there is noabsolute assurance that business disruption or operationallosses would not occur in the event of a disaster.Our Risk Management Group is responsible for, amongother matters, coordinating the completion of ongoing riskassessments and ensuring that operational risk management isintegrated into business decision-making activities. Inaddition, this group, in coordination with the Audit Committeeof the Board of Directors, determines the scope and level ofreview performed by the internal audit function. Our internalaudit function validates the system of internal controls throughrisk-based, regular and ongoing audit procedures, and reportson the effectiveness of internal controls to executivemanagement and the Audit Committee of the Board ofDirectors.To enhance our governance and internal controls, weapply policies and procedures that mirror the materialprovisions of the Sarbanes-Oxley Act of 2002, includingsection 404, Management Assessment of Internal Controls.CoBank 2011 Annual Report53