Financial Stability Standards for Securities Settlement Facilities – December 2012 Standard 3: Framework for the Comprehensive Management of Risks

Guidance

A securities settlement facility should take an integrated and comprehensive view of its risks, including the risks it bears from and poses to its participants and their customers, as well as the risks it bears from and poses to other entities, such as other FMIs, money settlement agents, liquidity providers and service providers. A securities settlement facility should consider how various risks relate to, and interact with, each other. The securities settlement facility should have a sound risk management framework (including policies, procedures and systems) that enable it to identify, measure, monitor and manage effectively the range of risks that arise in or are borne by the securities settlement facility. A securities settlement facility's framework should include the identification and management of interdependencies. A securities settlement facility should also provide appropriate incentives and the relevant information for its participants and other entities to manage and contain their risks vis-à-vis the securities settlement facility. As set out in SSF Standard 2 on governance, the board of directors plays a critical role in establishing and maintaining a sound risk management framework.

Identification of risks

3.1.1 To establish a sound risk management framework, a securities settlement facility should first identify the range of risks that arise within the securities settlement facility and the risks it directly bears from or poses to its participants, its participants' customers and other entities. It should identify those risks that could materially affect its ability to perform or to provide services as expected. Typically these include legal and operational risks, and in some cases may include credit and liquidity risks. A securities settlement facility should also consider other relevant and material risks, such as market (or price), concentration and general business risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks become material. The consequences of these risks may have significant reputational effects on the securities settlement facility and may undermine the securities settlement facility's financial soundness as well as the stability of the broader financial markets. In identifying risks, a securities settlement facility should take a broad perspective and identify the risks that it bears from other entities, such as other FMIs, money settlement agents, liquidity providers, service providers and any entities that could be materially affected by the securities settlement facility's inability to provide services. For example, the relationship between a securities settlement facility and a large-value payment system to achieve DvP settlement can create system-based interdependencies.

Comprehensive risk policies, procedures and controls

3.1.2 A securities settlement facility's board and senior management are ultimately responsible for managing the securities settlement facility's risks (see SSF Standard 2 on governance). The board should determine an appropriate level of aggregate risk tolerance and capacity for the securities settlement facility. The board and senior management should establish policies, procedures and controls that are consistent with the securities settlement facility's risk tolerance and capacity. The securities settlement facility's policies, procedures and controls serve as the basis for identifying, measuring, monitoring and managing the securities settlement facility's risks and should cover routine and non-routine events, including the potential inability of a participant, or the securities settlement facility itself, to meet its obligations. A securities settlement facility's policies, procedures and controls should address all relevant risks, including legal, credit, liquidity, general business and operational risks. These policies, procedures and controls should be part of a coherent and consistent framework that is reviewed and updated periodically, and shared with the Reserve Bank and other relevant authorities.

Information and control systems

3.1.3 In addition, a securities settlement facility should employ robust information and risk control systems to provide the securities settlement facility with the capacity to obtain timely information necessary to apply risk management policies and procedures. In particular, these systems should allow for the accurate and timely measurement and aggregation of risk exposures across the securities settlement facility, the management of individual risk exposures and the interdependencies between them, and the assessment of the impact of various economic and financial shocks that could affect the securities settlement facility. Where relevant, information systems should also enable the securities settlement facility to monitor credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits.

3.1.4 Where appropriate, a securities settlement facility should also provide its participants and its participants' customers with the relevant information to manage and contain their credit and liquidity risks.^[9] A securities settlement facility may consider it beneficial to provide its participants and its participants' customers with information necessary to monitor their credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits.

Internal controls

3.1.5 A securities settlement facility also should have comprehensive internal processes to help the board and senior management monitor and assess the adequacy and effectiveness of a securities settlement facility's risk management policies, procedures, systems and controls. While business line management serves as the first ‘line of defence’, the adequacy of and adherence to control mechanisms should be assessed regularly through independent compliance programs and independent external reviews.^[10] A robust internal audit function can provide an independent assessment of the effectiveness of a securities settlement facility's risk management and control processes. An emphasis on the adequacy of controls by senior management and the board as well as internal audit can also help counterbalance a business management culture that may favour business interests over establishing and adhering to appropriate controls. In addition, proactive engagement of audit and internal control functions when changes are under consideration can also be beneficial. Specifically, securities settlement facilities that involve their internal audit function in pre-implementation reviews will often reduce their need to expend additional resources to retrofit processes and systems with critical controls that had been overlooked during initial design phases and construction efforts.

3.2.1 A securities settlement facility should ensure that it has sufficient risk controls and other arrangements in place to comply with the SSF Standards, and address any other systemic risk implications of its activities. In accordance with a securities settlement facility's risk management framework, these arrangements may place financial and other obligations on participants, such as ex-ante agreed arrangements for the provision of liquid resources and allocations of uncovered losses or liquidity shortfalls (see SSF Standard 4 on credit risk, SSF Standard 6 on liquidity risk and SSF Standard 11 on participant default rules and procedures), or minimum operational requirements (see SSF Standard 14 on operational risk). Such obligations should be proportional to the nature and magnitude of the risk that individual participants' activities pose to the safety of the securities settlement facility. In general, obligations placed on a participant with limited or conservative activities should differ from those placed on a participant with extensive or risky activities. For the purposes of this Standard, financial obligations do not include minimum capital requirements for participants, which are dealt with under SSF Standard 15 on access and participation requirements.

3.3.1 In establishing risk management policies, procedures and systems, a securities settlement facility should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the securities settlement facility. There are several ways in which a securities settlement facility may provide incentives. For example, a securities settlement facility could apply financial penalties to participants that fail to settle securities in a timely manner. Provision of incentives can help reduce the moral hazard that may arise from formulas in which losses are shared equally among participants or other formulas where losses are not shared proportionally to risk.

3.4.1 A securities settlement facility should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies and develop appropriate risk management tools to address these risks (see also SSF Standard 17 on FMI links). In particular, a securities settlement facility should have effective risk management tools to manage all relevant risks, including the legal, general business and operational risks that it bears from and poses to other entities, in order to limit the effects of disruptions from and to such entities as well as disruptions from and to the broader financial markets. These tools should include business continuity arrangements that allow for rapid recovery and resumption of critical operations and services in the event of operational disruptions (see SSF Standard 14 on operational risk), liquidity risk management techniques (see SSF Standard 6 on liquidity risk), and recovery or orderly wind-down plans should the securities settlement facility become non-viable. Because of the interdependencies between and among systems, a securities settlement facility should ensure that its crisis management arrangements allow for effective coordination among the affected entities, including cases in which its own viability or the viability of an interdependent entity is in question.

3.5.1 A securities settlement facility should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. These scenarios should take into account the various independent and related risks to which the securities settlement facility is exposed. Using this analysis (and taking into account any constraints potentially imposed by domestic legislation), the securities settlement facility should prepare appropriate plans for its recovery or orderly wind-down. The plans should contain, among other elements, a substantive summary of the key recovery or orderly wind-down strategies, the identification of the securities settlement facility's critical operations and services, and a description of the measures needed to implement the key strategies. A securities settlement facility should have the capacity to identify and provide to related entities the information needed to implement its plans on a timely basis during stress scenarios. In addition, these plans should be reviewed and updated regularly. Where applicable, a securities settlement facility should provide relevant resolution authorities with the information, including strategy and scenario analysis, needed for purposes of resolution planning.