Corporates large and small can benefit from a standardised approach to setting a treasury policy. In this article, a treasury policy is defined as a company’s response to a financial risk such as FX, interest rate, commodity, counterparty, liquidity or funding risk. The risk response is set out in a ‘treasury policy document’, which should include details on the cause and potential impact of the risk, the company’s ‘risk appetite’ for that risk, the response (for example, hedging the risk using derivatives), the controls to manage the risk and the system of risk reporting.

Let's look at some general guidance on producing treasury policies based on relevant advice in current international risk management standards. There is also an example checklist that could be used when creating a treasury policy document. The process described is general, so can be applied to companies of all types and sizes.


  1. Use existing risk management frameworks and systems in the company, including risk terminology, risk measures (for example, Value At Risk – VaR) and policy templates (if they exist), to ensure policies are produced on a consistent basis across the company.
  2. Take into account the company business profile, financial position, corporate strategy and economic environment to identify the key risks, identify potential offsetting risks (‘natural hedges’), set the risk appetite and set the risk response.
  3. A company’s risk appetite is the amount and type of risk a company is willing to take to meet its objectives. It is a key component of a treasury policy document and depends upon a number of factors, including the risk capacity of the company (how much risk the company can bear), shareholders’ and management’s attitude to risk, and the economic and competitive environment.
  4. Adopt a standard risk management process for each risk, for example: identify, analyse (likelihood and size of risk), evaluate (compare risk exposure with risk appetite), respond, control, report and monitor.
  5. Assign ownership and accountability for the management of each treasury risk and associated treasury policy.
  6. Review the risk management process at least annually or when there are major changes in the company profile, corporate strategy or economic environment. Additionally, there should be a process to identify ‘emerging risks’, which may not be an immediate threat, but could be more significant in future, for example, climate change and automation.


The following table provides a checklist for producing a treasury policy document. Although the components set out in the table are likely to be included in most treasury policy documents, the actual contents, structure and form of the policy documents will vary from company to company depending on the type of company and its risk management framework.

Policy name

For example:

FX risk policy, interes rate risk policy, liquididty policy, target credit rating

Policy objective What is the policy trying to achieve?  
Risk description (a) What is the risk and how does it arise? IDENTIFY
Risk exposure

What is the amoutn of exposure before and after risk mitigation? This can be expressed as the likelihood and size of potential loss or gain. The risk measure will vary by type of risk. For example, FX exposures based on credit ratings. Additionally, are there any offsetting risks ('natural hedges') in the company that could reduce risk exposure?

Risk appetite What is the amount of this risk that the company is willing to take to meet its objectives? The risk exposure should not exceed pre-agreed risk appetite EVALUATE
Risk response (the policy)

The risk response should align with the policy objective. For example, eliminate FX transaction risk due to foreign currency receivables.

There are four options for the risk response: 
1. Avoid 
   (eg: don't enter a market, although this may not be practical)
2. Transfer
   (eg: by insurance or to the customer / supplier)
3. Reduce
   (eg: using controls)
4. Accept 
   (eg: if not material)

Note: risks may arise from the risk response, for example, using insurance will introduce counterparty risk.


Risk owner Which individual / department is responsible for managing the risk? Include when the treasurer should report back to the board / FD in the company, and list authority limits (if not specified elsewhere) RESPOND
Risk triggers The risk triggers (if set) for each risk should be determined and approved. Risk triggers are warning signs that the risk exposire is approaching risk appetite and action may be needed. An action plan should be in place in case the actual risk exposure becomes greater than the risk trigger or risk appetite limits. There should be a reporting system for escalating the breaches to senior management with recommendations to manage the risk exposure, such as reducing the underlying risk or mitigating the exposure. CONTROL
Key risk controls Risk controls used to manage the risk should be described. A mixture of controls should be used: preventative, detective and corrective. List autorised instruments and, if necessary, hedging strategies (if not specified elsewhere). List authorised counterpaties with risk limits (if not specified elsewhere). CONTROL 
Key risk indicators (KRIs) Select KRIs that measure the risk exposure, related hedges (if relevant), risk triggers and risk appetite. REPORT AND MONITOR
Reporting The system for reporting KRIs and the performance of the associated controls should be established so that senior management can monitor and control the key risks in a company. REPORT AND MONITOR
Assurance A system for ensuring that treasury policies are implemented as agreed should be in place, for example, independant regular review of the policy, and design and operating effectiveness of controls. REPORT AND MONITOR
Update of policy The process for updating the policy should be set out, including the frequency  of update and approval process. MONITOR


(a) There are various definitions of risk and they usually include some reference to the impact of uncertainty. The international standard, ISO 31000:2018 Risk management, defines risk as “the effect of uncertainty on objectives”:

  • An effect is a deviation from the expected and can be positive or negative;
  • For a company, objectives may include a return on equity target, minimum profit level or minimum cash flow; and
  • Examples of uncertainty include potential changes in market rates, regulation or credit quality of counterparties.


Author: Gurdip Dhami, Treasury consultant

Source: The Treasurer magazine