Bulletin – December 2020 Finance Governance of Financial Market Infrastructures


Good governance is critical to delivering effective risk management outcomes. Several high-profile reports have underscored this point in recent years, finding governance issues to be at the heart of poor compliance and risk management outcomes in the financial industry. Given the key role that financial market infrastructures (FMIs) play in supporting efficient and stable markets, the RBA has a strong interest in promoting good governance within these entities. This article explores aspects of FMI governance and how governance arrangements can help promote the safe and effective delivery of FMI services.



FMIs provide a broad range of services that underpin well-functioning financial markets. These services include the timely clearing and settlement of obligations between counterparties, assisting institutions in the management of risks and helping to coordinate actions in the event of a market participant's default. FMIs typically process large volumes of transactions and have strong interconnections with banks and other financial institutions, helping to bring networks of counterparties together.

FMIs are often considered systemically important in the markets in which they operate. This means the distress or failure of an FMI could impose material losses on the real economy. An ineffective or inefficient FMI can introduce risk into the financial system directly – by increasing the probability that it will fail, or indirectly – by discouraging participants from using its services in favour of alternative, riskier arrangements (CPMI-IOSCO 2012).

The financial system is in a constant state of change. All FMIs, but particularly those considered systemically important, play an important role in supporting that change and safely facilitating innovation in the markets they serve. This includes addressing the technological imperative to constantly review and innovate their systems and processes, so that FMIs remain well-placed to deliver efficient, effective and reliable services over time.

While there are different types of FMIs, the ones most often deemed to be systemically important are clearing and settlement (CS) facilities and high-value payment systems. CS facilities are systems that clear and settle transactions in securities such as bonds and equities and in derivative instruments such as options and futures. In Australia there are two types of CS facility – central counterparties (CCPs) and securities settlement facilities.[1] High-value payment systems are the systems used to settle wholesale interbank payments, the very large payment obligations between banks and other financial institutions.


Governance refers to the accountability framework and arrangements used to direct and control an organisation. It encompasses how an organisation determines its objectives, implements strategies to achieve those objectives and monitors and reacts to the outcomes. Governance frameworks set out the relationships between an organisation's owners, board of directors (or equivalent), management and other relevant parties. For an FMI ‘other relevant parties’ can include the FMI's direct participants, its participants' customers, other interdependent FMIs, regulatory authorities (given their responsibility to protect the public interest) and the broader market.

Robust governance arrangements that have been well implemented in practice will help to set appropriate norms, culture and incentives in an organisation. They also provide a solid foundation for management of risk and innovation. Several high-profile reports have underscored the importance of governance in recent years. For example, governance issues featured prominently in the findings of Australia's 2019 Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, with the commission's final report noting ‘deficiencies of culture, governance and risk management within entities’ (Hayne 2019, p 12). Similarly, a 2018 report by the Australian Prudential Regulation Authority (APRA) highlighted the impact of shortcomings in governance, culture and accountability frameworks at the Commonwealth Bank of Australia (CBA) (APRA 2018). More recently, ineffective assurance and oversight processes contributed to compliance issues at Westpac, resulting in significant penalties (AUSTRAC 2020).[2]

Regulatory framework

The legal and regulatory requirements relating to FMI governance are determined by the relevant jurisdiction's legislative and regulatory frameworks. In Australia, the Australian Securities and Investments Commission (ASIC) and the RBA have separate but complementary responsibilities for the supervision of CS facilities. ASIC also has a range of responsibilities for the regulation of all Australian companies in areas such as corporate governance. Each agency adopts a regulatory approach that is focused on its distinct sphere of responsibility. The agencies also cooperate closely with each other and other members of the Council of Financial Regulators.

Consistent with the RBA's mandate to promote financial stability, the RBA has a role in overseeing and supervising the types of FMIs noted above; CS facilities and high-value payment systems. In relation to oversight of CS facilities, the RBA has established regulatory standards.[3] These standards are based on a set of core principles for FMIs that have been widely adopted by international financial authorities – the Principles for Financial Market Infrastructures (PFMI) (CPMI-IOSCO 2012).[4] Due to its systemic importance, Australia's high-value payments system is expected to observe the PFMI and is assessed accordingly.[5] When assessing the compliance of an FMI's governance arrangements against the relevant standards, the RBA also considers broader concepts of good practice, such as international guidelines, the work of other regulators, relevant private sector benchmarks and industry best practice.

FMIs can operate within a broad range of ownership and organisational structures, sometimes reflecting jurisdictional legal requirements. These range from government-owned infrastructures to commercial entities operating within larger corporate groups. In the context of governance, each form of ownership will have specific benefits and challenges, although the expected outcomes in terms of governance and compliance remain consistent across FMIs, regardless of ownership structure. The PFMI explicitly recognise these various challenges, noting that FMIs may need to focus particular attention on certain aspects of their governance depending on their organisational arrangements.[6]

While this paper discusses the principles underlying the RBA's regulatory standards, it does not revise any existing regulatory expectations, principles, standards or guidance already in effect, and it does not impose any new requirements.

Establishing a framework

All organisations face challenges ensuring that their governance frameworks are, and remain, fit for purpose. The critical role that FMIs play in supporting well-functioning markets increases both the complexity and importance of this challenge, particularly in situations where the FMI has a public interest obligation in relation to minimising systemic risk. The following discussion explores some of the complexities involved in FMI governance and ways these can be addressed in order to promote good governance outcomes.

Structure and responsibilities

A key function of a governance framework is to articulate, and clearly differentiate, the roles and responsibilities across the organisation, including those of the board (or equivalent body) and board committees. While the board is responsible for strategic direction and governance of an organisation (and remains accountable for general oversight of the entity), day-to-day operations and decision-making are carried out by executive management consistent with parameters set by the board. Particularly when an FMI is larger or more complex, it is neither practicable nor appropriate for the board to make every decision, or directly oversee all aspects of the FMI's operations. However, the board remains ultimately accountable and is expected to exercise active stewardship in its oversight of the FMI (ASIC 2019).

An effective governance framework will clearly set out any arrangements for delegation of authority. Where an FMI operates within a broader ownership group, the governance framework will need to address the relationship between the board of the FMI and other boards in the ownership group.[7] It should also clarify how and when feedback from external stakeholders will be taken into account in decision-making.

Board composition

The structure and composition (including size) of an FMI's board should be tailored to the scale and complexity of the FMI's activities so that the board is best placed to effectively fulfil its roles and responsibilities. Effective boards bring together a balance of skills, experience and knowledge. A good balance of these attributes will better equip the board to approach its decision-making and oversight responsibilities with a level of constructive challenge and inclusive debate.[8]

Reflecting the role it plays, the optimal balance of skills, experience and knowledge for an FMI's board will include the relevant strategic and technical knowledge required to understand and challenge management across a range of issues. This is particularly relevant in the area of risk management, where boards have a responsibility to assess, and ensure processes are in place to identify, emerging risks. All FMIs also face the challenge of managing infrastructure renewal and technological change in a rapidly evolving environment. Addressing these challenges in a way that prioritises stability and minimises risk requires board members who are well-equipped to understand, question and challenge the solutions put forward.

In order to scrutinise and challenge management effectively, it is important that a well-functioning board is able to step back and independently assess the information that comes to it. The PFMI note that independence from the views of management usually requires having non-executive members on the board, including independent board members, as appropriate. While requirements for non-executive and independent board members may be of benefit, they do not diminish the obligations that apply to all directors (including executive directors) in discharging their duties, including in regard to exercising objective and independent judgement.

Board independence can erode over long periods of tenure, for example as a result of continued interaction with long-standing executives (O'Connell 2017). In discussing board independence, the PFMI note that boards may need to consider establishing maximum limits on how long a member can serve.

As noted, it is not unusual for an FMI to be operating within a broader ownership group. In these situations, the FMI's board may include representation from the parent entity, or there may be board members common to the FMI's board and the boards of other group entities. It is important that FMI board members understand their duties as a director and their role in the corporate governance framework, and exercise independent judgement in the interests of the FMI. These interests would include meeting any legal obligations of the FMI in the relevant jurisdiction.

To provide a direct input into the decision-making process, some FMIs include representation from certain stakeholder groups on their boards, such as participant representatives. There are also examples in some jurisdictions of requirements for board positions (voting or non-voting) to be reserved for representatives of the public interest, such as regulatory authorities (Russo et al 2004). However, it is more common for FMIs to facilitate stakeholder input into the decision-making process through other channels (see ‘Stakeholder engagement’ below).


Typically, an FMI's governance framework will mandate a number of board committees to allow subgroups of board members to consider key issues in greater detail.[9] Effective board committees can facilitate greater discussion and challenge on complex or technical topics. For example, an FMI governance framework will generally include a risk committee with responsibility for overseeing risk management and advising the board on the FMI's overall risk tolerance and strategy, reflecting the importance of ensuring that the risks borne by FMIs are managed safely, effectively and in a way that promotes financial system stability.

In addition to board committees, a governance framework will set out processes to delegate authorities and responsibilities from the FMI board to management. Effective delegations are clear and have well-understood lines of accountability, with the roles and responsibilities of the board clearly delineated from the role of management. As noted in APRA's inquiry into the CBA, ‘One of the challenges facing all Boards is ensuring strong oversight of senior management whilst still preserving an appropriate separation from managerial responsibilities’ (APRA 2018, p 14).

Any delegation of authority, whether from the board to board committees or to management, should be transparent and well documented. Formalising and documenting roles, responsibilities and reporting lines can help reduce the risk that the board may not have sufficient oversight of certain aspects of the FMI's activities, or be fully cognisant of the risks it faces, and will help ensure separation of responsibilities (see ‘Oversight of risk management’ below). Regular reviews of documented responsibilities, accountabilities and delegations can also help mitigate the risk of processes becoming overly dependent on experts or key personnel.

Objectives and strategies

The objectives and strategies of an FMI should be clear, cohesive and well understood. A lack of clear objectives or strategies is likely to result in inconsistent interpretation across different managers in the organisation. Similarly, an entity's objectives will be undermined if the incentives faced by board members and management are not appropriately aligned with those objectives.

The FMI's board is ultimately responsible for setting the FMI's objectives and strategies. Discharging this responsibility requires a clear framework for delegation of decision-making that sets out the ultimate accountability for decisions and the board's role in overseeing and reviewing management's implementation of the strategies. The board is also responsible for ensuring its objectives and strategies are well understood by management, across the FMI and by the FMI's stakeholders more broadly.

Ensuring an FMI's objectives and strategies appropriately balance the interests of its ownership, the interests of its stakeholders, and its financial stability obligations to the public in the jurisdictions in which it operates can be a complex task. This can be particularly challenging given that the highly interconnected and often cross-border nature of FMIs can result in them being systemically important in several markets and/or jurisdictions at once (Russo et al 2004). In practice, achieving a balance that appropriately reflects stakeholder and financial stability interests will mean that the objectives and strategies of an FMI place a high priority on promoting the safety and effectiveness of the FMI's operations (CPMI-IOSCO 2012).

Stakeholder engagement

The central role of FMIs in the financial system means that their decisions can have a significant impact on their participants and the broader market. This underlines the importance of an FMI's governance framework facilitating meaningful and timely engagement with all relevant stakeholders (CPMI-IOSCO 2012). As noted above, depending on the type of FMI, relevant stakeholders may include (but are not limited to) direct participants, participants' customers, other interdependent FMIs, regulatory authorities and the broader market. Members of this broad stakeholder group may also include entities that compete with the FMI or (more commonly) with the FMI's related entities.

There can be strong interdependencies between FMIs and their key stakeholders, particularly their participants. Participants can bring risk to an FMI, for example, the risk that the participant might default on its obligations to the FMI. Participants can also bear risk through mutualisation, meaning a participant can bear some of the risk brought to the FMI by other participants. One situation where this can take place is when CCPs collect resources from all of their participants to hold in a ‘default fund’ that could potentially be used if an individual participant were to fail. CCPs can also have arrangements in place to call additional contributions from participants (other than the one that failed) if the default fund and other prefunded resources are not sufficient to cover the losses from a default.

An FMI's engagement with stakeholders must therefore be a two-way process: transparency and disclosure from FMIs is important to provide stakeholders with the information required to properly assess the risks they face from participating in the FMI; and timely and meaningful feedback from stakeholders can improve the ability of the FMI to integrate and balance the interests of all relevant stakeholders in corporate decision-making.[10] Box 1 considers some of the mechanisms available for achieving this.

Box 1: Consultation practices of CS facilities

Depending on the nature of the markets they serve, CS facilities can have participants that range from major global investment banks to small local brokerage firms. The issues CS facilities consult on also vary substantially, examples include seeking feedback on participants' and clients' business needs, upgrading technology, launching new products and services, or providing technical updates on evolving risk management practices. It is good practice for a CS facility to establish, and make use of, consultation mechanisms tailored to the requirements of the various audiences and issues in question. Common practices for achieving this can include:

  • establishing participant committees, user groups and other advisory committees. This mechanism can be particularly effective for periodically engaging groups of stakeholders on a distinct theme. Examples include stakeholder committees to solicit feedback on new products, changes to risk management practices, or upgrades to user interfaces.
  • leveraging business-as-usual interactions. CS facilities often make use of regular business interactions to solicit feedback, either formally or informally. In some instances, these engagements may be facilitated through the use of designated relationship managers.
  • undertaking public consultations. This process is well suited for gathering feedback from a broad range of parties. For example, a significant strategic change that could affect the functioning or structure of a major product market has the potential to affect a broad number of market participants. Undertaking a public consultation on this issue could help the CS facility understand the direct, and indirect, implications of the proposed change.
  • scheduling ad hoc bilateral engagements with specific stakeholders. This channel can be particularly useful when there are concerns around the confidentiality of the information being disclosed.

No matter which mechanism for stakeholder engagement is employed, it is important that the engagement takes place early enough for the FMI to consider the feedback in its decision-making process and isn't treated as (or perceived to be) an afterthought or a ‘tick the box’ exercise. To mitigate this risk or perception, the FMI needs processes in place to gather and report feedback to relevant executives, committees and the board in a way that is reliable, accurate and timely.

Implementing the framework

Establishing a framework that sets out appropriate policies and procedures is a pre-requisite for good governance, but the objectives of governance will be met only if policies and procedures are implemented well in practice. In this section, we discuss three areas that contribute to the overall effectiveness of FMI governance: board-level decision-making, management of conflicts of interest and oversight of an FMI's risk management function.

Effective decision-making

If a board is to provide meaningful challenge to management, it needs access to reports and information that are thorough, accurate, clear and balanced. In practice, the effectiveness of information reported to the board is likely to reflect a number of factors, including: the quality of communication between the board and management; the judgement of senior management; the effectiveness of an FMI's reporting and accountability frameworks; and the resourcing of related functions.

The importance of thorough and accurate reporting was highlighted in APRA's inquiry into the CBA, which found that ‘gaps in reporting and metrics hampered the effectiveness of the Board and its Committees’ (APRA 2018, p 14). While the material provided to a board needs to include all relevant information, ideally it will also highlight the key issues for board consideration. This was recognised in ASIC's review of board and officer oversight of non-financial risk at Australia's largest financial services companies, which found evidence that material issues were sometimes buried within excessively long reports to boards (ASIC 2019, pp 27–30).

There can also be a risk that material presented to a board lacks balance. For example, APRA's inquiry into the CBA highlighted issues of overly ‘optimistic senior leadership’ with a ‘propensity for positive and assuring messaging’ (APRA 2018, pp 14–15). An FMI board's responsibility to challenge management includes satisfying itself that recommendations from management are not overly optimistic and adequately consider the full range of potential risks.

As noted above, effective boards bring together members with an appropriate balance of skills, experience and knowledge. For an FMI to fully benefit from the range of skills, experience and knowledge on a board, there needs to be a constructive culture that encourages input and challenge from all members. This issue was noted in APRA's inquiry into the CBA, which considered the risks of ‘filtering of information through a single Director’ and impediments to utilising ‘the collective experience of Directors’ fully (APRA 2018, p 17). In this regard, an important function of the chair of an FMI's board is to foster an inclusive culture that promotes constructive challenge by all members of the board. Board members should also have an ability to influence the agenda as appropriate.

To ensure effective decision-making over time, it is important that there are processes in place to review, develop and maintain the effectiveness of the board. Typically, this is achieved through board and director effectiveness reviews, succession planning and programs for continuous learning. To promote accountability, boards can periodically arrange for internal audit to review the adequacy of information provided to support board-level decisions. Reviews can also be undertaken to assess whether there is evidence that individual directors are making a positive contribution to decisions taken by the board.

The outcomes of these reviews can highlight whether management is making appropriate use of the board's guidance and expertise and whether the board is engaging with issues in an effective manner. For example, a review might consider whether management is bringing a meaningful set of options to the board or whether the options being put to the board tend to be limited to those favoured by senior management (in particular the chief executive).

Conflicts of interest

Conflicts of interest can occur in situations where the interests of board members, executives or other staff are misaligned or incompatible with the objectives and strategies of the FMI. In Australia, FMIs and their directors have statutory obligations to have arrangements in place to identify, address and manage any possible or perceived conflicts of interest. While an obvious example of a conflict of interest would be a situation where a board member has a material competing business interest with the FMI, an FMI's governance framework also needs to have processes in place to identify and mitigate other types of conflicts, some of which are outlined below.

Intragroup conflicts

As noted, FMIs often operate within a larger corporate group. For example, it is not uncommon to integrate trading (exchange) and post-trade (CS facility) infrastructure within the same group. This structure can bring operational and cost efficiencies. It can also have risk management benefits for the FMI, such as increased knowledge and data flows between an exchange and a CS facility, which may enhance the CS facility's ability to manage and understand its risk exposures (Committee on Payment and Settlement Systems 2010).[11] However, the PFMI emphasise the need for an FMI that is part of a larger corporate group to consider the potential for conflicts of interest that may arise as a result of the ownership structure.[12]

Under the PFMI, an FMI is expected to have appropriate controls, procedures and oversight in place to ensure that decisions taken in accordance with the FMI's objectives (including its obligations to manage risk on behalf of its stakeholders and in a way that promotes financial stability) are not compromised by any competing interests, including the financial interests of the parent group. Management of intragroup conflicts can be more complex in situations where the FMI's board includes representatives from the parent group, or there are board members that sit on multiple boards within the group. It can be also be challenging for the board of the parent entity to balance the objectives of the different entities across the group appropriately, particularly where they need to take an FMI's financial stability obligations into consideration.

In this regard, international regulators have considered hypothetical scenarios where a CCP could face pressure from its parent group to weaken its risk management standards in order to generate additional trading and clearing business (Committee on Payment and Settlement Systems 2010).[13] Another challenging scenario could be a situation where a CS facility becomes financially unviable, and a conflict emerges between the CS facility's public interest obligation to maintain access to its services and the desire of the parent group to minimise losses, including by curtailing access or ceasing to provide services.

Reporting lines

Conflicts of interest can emerge in situations where an FMI's reporting lines act as a disincentive for staff to fulfil their responsibilities. For example, a key function of internal audit is to provide an independent assessment of the FMI's risk management processes and internal controls. This can include reporting on the ability of executives to operationalise effective risk management processes and controls in their areas of responsibility. There is the potential for conflicts of interest to arise if internal audit's reporting lines or compensation outcomes run through, or are solely determined by, those executives. To avoid this outcome, the PFMI indicate that internal audit should have sufficient resources and independence to fulfil its function, including by ensuring that the audit function has direct access to the board through a separate reporting line.[14]


Conflicts of interest can also arise when incentives in executive compensation policies are not consistent with promoting the long-term interests of the FMI. Highlighting this point, the Financial Stability Board (FSB) found that links between short-term profits and employee bonuses at financial institutions in the lead-up to the global financial crisis contributed to excessive risk-taking and insufficient regard being paid to the long-term health of the organisation (Financial Stability Forum 2009). More recent reports have also identified strong links between compensation practices and poor regulatory, compliance and conduct outcomes among Australian financial institutions (Hayne 2019).

Reflecting these considerations, the PFMI note that an FMI's compensation policies should be consistent with best practices and based on the FMI's long-term achievements – in particular in the areas of safety and efficiency. This aligns with the FSB's Principles for Sound Compensation Practices, which note that there should be appropriate consistency between compensation pay-out schedules and the time horizons over which relevant risks could materialise (Financial Stability Forum 2009).[15] To further incentivise appropriate risk management behaviour, boards can include risk management and compliance items within key performance indicators (KPIs) so that promoting good risk and compliance practices will affect remuneration outcomes for senior staff.

Oversight of risk management

Unlike many other organisations, FMIs often manage risk not just on their own behalf but also on behalf of their external stakeholders and the broader financial system. This makes it particularly important for FMIs to have strong risk management processes.[16] FMIs may also need to strike an appropriate balance between reducing risk and promoting participation. Achieving the appropriate balance requires an effective framework and good judgement — Box 2 below considers one example where this is the case.

Many organisations utilise the ‘Three Lines Model’ to help organise their structures and processes related to governance and risk management (The Institute of Internal Auditors 2020).[17] This model can help to clarify roles and responsibilities within the organisation, promote a culture of risk ownership among frontline managers and facilitate consistent communication within the business.

While implementation of this model will vary across organisations, it generally has the following structure:

  • First line roles are those that are most directly involved in the provision of products or services to the clients of the organisation. This generally includes management and certain related support functions. In addition to their designated business function, the first line is also responsible for establishing and maintaining appropriate risk management structures and processes; ensuring compliance with legal, regulatory and ethical expectations; and maintaining communication with the governing body.
  • Second line roles are those that provide assistance with managing risk, and may be blended with, or separated from, the first line. They can include enterprise risk management roles, or other more specialised roles focused on compliance, internal controls, IT security, sustainability or quality assurance, among others. These roles can provide support, monitoring and challenge to the first line. However, under the model, responsibility for managing risk should remain with the first line.
  • Third line roles are often held by internal audit. These roles are responsible for providing independent and objective assurance on the adequacy and effectiveness of the entity's governance and risk management.

Although the board and board committees are not included in the three lines, their responsibility for setting the objectives and risk appetite of the organisation is pivotal as they oversee the operations of the three lines and ensure the model is operating within the risk parameters established by the board. The board has a key role in fostering a culture of accountability and ethical behaviour at the top of the organisation and overseeing work to ensure that this culture is embraced throughout the entity. The board and board committees (typically the risk, audit and remuneration committees) also play an important role in ensuring that: the roles and responsibilities of the different lines are clearly defined and documented; there is appropriate coordination and communication between each line; and incentives are appropriately aligned with the organisation's risk strategy.

The Three Lines Model is widely used by FMIs, although there can be some additional complexity that needs to be taken into account in its implementation. For example, where the core business of an FMI is risk management (e.g. for a CCP), there is a greater risk of ambiguity between first and second line roles. This is because operational managers and risk areas can both have responsibilities associated with identifying, implementing and evaluating risk processes.

To mitigate the risk of ambiguity between the lines it is particularly important for FMIs to clearly define, document and ensure broad understanding of how the model is intended to operate, which internal roles are associated with each line and where accountabilities lie. To further mitigate this risk, an FMI may choose to increase oversight from the third line or the board. This can include, for example, requiring the escalation of issues earlier than might otherwise be the case.

Box 2: CCP clearing risk management

Certain FMIs face specific risk management and governance challenges stemming from the roles they play in the financial system. For example, CCPs accept a unique level of counterparty risk when they insert themselves between the original buyers and sellers of financial contracts and guarantee that the obligations of each side will be met. In doing so, CCPs can increase confidence among market participants that their transactions will be honoured, even in the event that the original counterparty to the trade or contract were to fail. This can in turn help increase activity in the market, reduce monitoring costs for participants, and reduce risk in the system as a whole. It is important for these entities to strike the appropriate balance between reducing risk and promoting participation.

One example of this challenge relates to the total resources the CCP holds in case of default. In implementing their risk management frameworks, CCPs usually pool their own capital with resources collected from participants to protect themselves from possible losses in the event of a participant default. If the CCP faces relatively complex risks or is considered systemically important in multiple jurisdictions, the PFMI indicate that these total resources should be sufficient to cover the default of the CCP's two participants (including their affiliates) that could potentially cause the largest losses for the CCP in extreme but plausible market conditions.

There is some subjectivity in interpreting which market conditions fit the definition of ‘extreme but plausible’, and therefore in determining the total resources a CCP must hold. If the market conditions considered by the CCP are too severe (increasing the resources to be collected from participants), the costs for participants will be higher, reducing incentives to use the CCP and potentially increasing risk in the system as a whole. However, if the scenarios considered are not severe enough, the CCP could face uncovered exposures in a default event, exposing both itself and the broader market to the risk that it could fail.

Given the importance of the resourcing decision, and the board's ultimate accountability for it, particular attention must be paid to the governance arrangements used to determine which scenarios the CCP determines to be ‘extreme but plausible’. For example, these arrangements can stipulate how and when the board engages on the issue, how related decisions are documented (e.g. in the board's risk appetite statement), and how the board will be kept abreast of developments and risk exposures arising from its chosen settings. Given the cost and risk implications for participants and other stakeholders, the CCP's governance arrangements should also consider how stakeholders can provide input into – and remain informed of – relevant decisions.


Good governance is critical to delivering effective risk management outcomes and ensuring that FMIs remain well-placed to deliver efficient, effective and reliable services over time. Several high-profile reports have underscored this point in recent years, finding governance issues to be at the heart of poor compliance and risk management outcomes in the finance industry.

Given the key role that FMIs play in supporting a stable and effective financial system, the RBA has a strong interest in promoting good governance in the FMIs it oversees. An effective FMI governance framework will allow the interests of all owners and users, as well as other stakeholders (including those representing the public interest), to be given appropriate consideration in the decision-making process. It is also important that the governance framework adopted by an FMI is able to mitigate possible conflicts of interest, including those that could arise from the ownership or organisational structure under which the FMI operates.


The authors are from Payments Policy Department and would like to thank Suchita Mathur and colleagues in the RBA's Payments Policy Department for valuable comments during the preparation of this article. [*]

Previous Bulletin articles outline the role of CCPs in the financial system and the different risks they face (Manning and Hughes 2015) (Hancock, Hughes and Mathur 2016). [1]

A 2018 review of ASX's technology governance and operational risk standards undertaken by ASIC and the RBA also highlighted the importance of governance, concluding that improvements in ASX Group's technology governance and operational risk management capabilities were required for ASX to fully meet regulatory expectations (ASIC 2018) (RBA 2018). [2]

The RBA's Financial Stability Standards for CS facilities can be accessed here: https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/standards/ [3]

For further information on how the PFMI apply in Australia see https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/principles/implementation-of-principles.html [4]

For further information on the RBA's oversight of systemically important payment systems, see https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/high-value-payments/policy-statement-on-supervision-and-oversight-of-systemically-important-ps.html [5]

For example, the PFMI note that ‘An FMI that is, or is part of, a for-profit entity may need to place particular emphasis on managing any conflicts between income generation and safety’ (CPMI-IOSCO 2012, p 27). [6]

For example, FMIs often establish board and committee charters setting out the respective roles, responsibilities and authorities of each entity within the group. [7]

To mitigate key person risk and help ensure the board's composition continues to meet its needs over time, governance frameworks often include succession planning policies and processes for periodic self-assessments to identify any emerging skill sets that may be required as the FMI's business and operating environment evolves. [8]

Concepts of independence, skill and expertise are relevant in determining the most appropriate composition of board committees. [9]

An FMI's minimum requirements for transparency and public disclosures of these arrangements are often set via regulation. For example, there are a range of quantitative and qualitative disclosures required as part of most regulatory frameworks. [10]

Other possible benefits for the CS facility, noted by the Committee on Payments and Settlement Systems, include improved operational risk management outcomes from integrating operational processes between entities within the group, lower costs of establishing an operational link between trade and post-trade infrastructure, an enhanced capacity to introduce new or niche products and secure access to the stream of trades it can clear and settle. [11]

Other FMI ownership structures can also give rise to specific conflicts of interest that need to be managed. In this regard the PFMI note that central bank-owned FMIs may need to address possible or perceived conflicts associated with being both an FMI operator and overseer, for example by separating the operator and oversight functions into different organisational units. [12]

Possible examples of relaxing risk management standards could include weakening participation criteria to allow less credit-worthy participants to make use of a CCP's services or decreasing the amount of default resources collected from participants to lower the cost of using the CCP's clearing services. [13]

Establishing a dual reporting line from the chief audit executive to both senior management and the board is also consistent with international standards published by the Institute of Internal Auditors (IIA 2016). [14]

Additional guidance on managing conflicts of interest in setting executives' variable pay and promoting consistency between these arrangements and the long-term interests of the company, in particular during the COVID-19 pandemic, can be found in ASIC Information Sheet 245 (ASIC 2020). [15]

Key risks for FMIs cited in the PFMIs include legal, credit, liquidity, general business, custody, investment, and operational risks. [16]

The ‘Three Lines Model’ is an updated version of the ‘Three Lines of Defence Model’. [17]


AICD (Australian Institute of Company Directors) (2017), ‘Role of the Board’ Resources - Director Tools. Available at <https://aicd.companydirectors.com.au/resources/director-tools/practical-tools-for-directors/governance-relations/role-of-the-board>.

APRA (Australian Prudential Regulation Authority) (2018), ‘Prudential Inquiry into the Commonwealth Bank of Australia (CBA)’, Final Report, 30 April. Available at <https://www.apra.gov.au/sites/default/files/CBA-Prudential-Inquiry_Final-Report_30042018.pdf>.

ASIC (Australian Securities & Investments Commission) (2018), ‘Review of ASX Group's technology governance and operational risk management standards’, Report 592, September. Available at <https://download.asic.gov.au/media/4865584/rep592-published-12-september-2018.pdf>.

ASIC (2019), ‘Corporate Governance Taskforce’, Director and Officer Oversight of Non-financial Risk Report, 2 October. Available at <https://download.asic.gov.au/media/5290879/rep631-published-2-10-2019.pdf>.

ASIC (2020), ‘Board oversight of executive variable pay decisions during the COVID-19 pandemic’, Information Sheet 245, 12 June. Available at <https://asic.gov.au/regulatory-resources/corporate-governance/executive-remuneration/board-oversight-of-executive-variable-pay-decisions-during-the-covid-19-pandemic/#active>.

AUSTRAC (Australian Transaction Reports and Analysis Centre) (2020), ‘AUSTRAC and Westpac agree to proposed $1.3bn penalty’, 24 September. Available at <https://www.austrac.gov.au/news-and-media/media-release/austrac-and-westpac-agree-penalty>.

CPSS (Committee on Payment and Settlement Systems) (2010), ‘Market structure developments in the clearing industry: implications for financial stability’, Report of the Working Group on Post-trade Services, November. Available at <https://www.bis.org/cpmi/publ/d92.pdf>.

CPMI-IOSCO (Committee on Payments and Market Infrastructure, formerly known as CPSS, and the Technical Committee of the International Organization of Securities Commissions) (2012), Principles for Financial Market Infrastructures, Bank for International Settlements, Basel.

CPMI-IOSCO (2016), Guidance on cyber resilience for financial market infrastructures, Bank for International Settlements, Basel.

CPMI-IOSCO (2017), Resilience of central counterparties: Further guidance on the PFMI, Bank for International Settlements, Basel.

Financial Stability Forum (2009), ‘FSF Principles for Sound Compensation Practices’, 2 April. Available at <https://www.fsb.org/wp-content/uploads/r_0904b.pdf>.

Hancock J, D Hughes and S Mathur (2016), ‘Sources of Financial Risk for Central Counterparties’, RBA Bulletin, September, pp 69–76.

Hayne KM (2019), ‘Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry’, Final Report, Volume 1, 1 February. Available at <https://www.royalcommission.gov.au/sites/default/files/2019-02/fsrc-volume-1-final-report.pdf>.

Lee R (2011), Running the World's Markets - The Governance of Financial Infrastructure, Princeton University Press, Princeton.

Manning M and D Hughes (2015), ‘CCPs and Banks: Different Risks, Different Regulations’, RBA Bulletin, December, pp 67–80.

O'Connell A (2017), ‘A fresh pair of eyes’, Australian Institute of Corporate Directors site, 18 April. Available at <https://aicd.companydirectors.com.au/advocacy/governance-leadership-centre/practice-of-governance/a-fresh-pair-of-eyes>.

RBA (2018), 'Assessment of the ASX CS Facilities', September, pp 24–29.

RBA (2019), ‘The Reserve Bank's Approach to Supervising and Assessing Clearing and Settlement Facility Licensees’, June.

Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (2019), ‘Final Report Volume 1’, Royal Commission. Available at <https://www.royalcommission.gov.au/sites/default/files/2019-02/fsrc-volume-1-final-report.pdf>.

Russo D, T Hart, MC Malaguti and C Papathanassiou (2004), ‘Governance of Securities, Clearing and Settlement Systems’, ECB Occasional Paper Series 21.

IIA (The Institute of Internal Auditors) (2013), ‘The Three Lines of Defense in Effective Risk Management and Control’, IIA Position Paper, January. Available at <https://na.theiia.org/standards-guidance/Public%20Documents/PP%20The%20Three%20Lines%20of%20Defense%20in%20Effective%20Risk%20Management%20and%20Control.pdf>.

IIA (2016), 'International Standards for the Professional Practice of Internal Auditing', October. Available at <https://iia.org.au/sf_docs/default-source/quality/ippf-standards-2017.pdf?sfvrsn=2>.

IIA (2020), ‘The IIA's Three Lines Model’, An update of the Three Lines of Defense, 20 July. Available at <https://global.theiia.org/about/about-internal-auditing/Public%20Documents/Three-Lines-Model-Updated.pdf>.