Assessment of ASX Clearing and Settlement Facilities 2. Developments
This chapter discusses key developments relevant to the ASX CS facilities that occurred during the 2021/22 assessment period (1 July 2021 to 30 June 2022).[2] These and all other developments relevant to the regulatory priorities set out in the 2021 Assessment are summarised in Appendix A. Appendix B provides background information on the group structure, activity and participation in ASX facilities.
2.1 Governance
The Bank undertook a detailed review of ASX's governance arrangements in the 2020/21 assessment period. The Governance Review put forward 17 recommendations to address gaps in ASX's governance arrangements and better align those arrangements with the expectations set out in the FSS. Some of the key findings from the Governance Review were in the area of: management of intragroup conflicts of interest; objectives and accountability; and oversight of compliance with the FSS, which are discussed below.
As at 30 June, ASX had fully addressed 11 of the recommendations (see Appendix A for a summary of progress). Although ASX has committed to addressing the seven remaining recommendations, progress has been slower than the Bank would expect. In large part this is due to delays in ASX communicating and explaining its response to the Bank. It was only towards the end of the assessment period that ASX demonstrated the expected sense of urgency to progress the remaining recommendations.
The Bank expects ASX to make demonstrable progress in strengthening its governance arrangements over the coming year. Insufficient progress will result in a ratings downgrade on this standard.
2.1.1 Management of intragroup conflicts of interest
The four ASX CS facilities form part of the ASX group of companies.[3] The CS facility subsidiary companies are ultimately controlled by the parent company, ASX Limited, and have several common directors with their parent. While there can be efficiencies in having some functions, roles and responsibilities carried out on a group-wide basis, any such arrangements must uphold the CS facility's capacity to meet its regulatory and other obligations. Furthermore, the arrangements must not compromise or subordinate the CS facility's interests to the interests of the group.
The 2021 Assessment highlighted the potential for each of the ASX CS facilities to have interests that conflict with those of ASX Ltd group and recommended arrangements to support the management of those conflicts for ASX Clear (Futures) and Austraclear. These arrangements were modelled on arrangements already in place for the ASX Clear and ASX Settlement Boards.[4] In response to this recommendation the ASX boards approved changes to the CS Boards Charter in May. Under the new arrangements, the Chair of each CS Board cannot be an ASX Limited director. The revised CS Boards Charter also makes provision for separate meetings of the CS directors who are not also ASX Limited directors and allows for the non-ASX Limited directors of the CS facility boards to form a quorum of each board to address situations in which an intragroup conflict requires ASX Limited directors to recuse themselves.[5]
2.1.2 Objectives and accountability
The Governance Review highlighted the importance of having objectives, strategies and goals specific to the CS facilities, as well as clear lines of responsibility and accountability for achieving those objectives. To achieve this, the Bank recommended that ASX should appoint one or more identifiable executives with overall responsibility for the CS facilities (known as CS Lead Executive(s)) and document clear and direct lines of responsibility and accountability for each of the CS facilities' businesses by way of an accountability map and accountability statements for directors and executives.
CS Lead Executive(s)
The Governance Review identified instances where the CS facilities businesses and obligations may not have received sufficient focus and attention, and a lack of clarity as to which ASX executives are accountable to the CS boards for the operation of the CS facilities' businesses. It recommended that ASX identify one or more executive(s) as being accountable to the relevant CS board for the operation of each CS facility. The CS Lead Executive(s) are expected to have a clear line of accountability to the relevant CS Board and also expected to be a ‘voice’ for the interests, business and obligations of the CS facility within the broader group.
ASX implemented a new operating model in October 2021. Among other things, the new operating model assigns most of the core responsibilities for the operations, technology systems and business development supporting clearing and settlement to Group Executives for Markets, and Securities and Payments. To align with the revised operating model, ASX nominated these two executives as CS Lead Executives.[6] Consistent, with the Bank's recommendation, ASX's Lead CS Executives are responsible for the operation of the CS facilities and the achievement of strategies and objectives determined by the CS Boards. Under the revised CS Boards Charter, the CS Boards are responsible for providing input to the Remuneration Committee on the remuneration arrangements and performance of the CS Lead Executives.
Objectives, strategy and goals
The FSS require CS facilities to have objectives that place a high priority on the safety of the facility, support the stability of the financial system and reflect other relevant public interest considerations. The review recommended that ASX document the objectives, strategies and goals for each CS facility in a way that explicitly incorporates the objectives required by the FSS. Such objectives also assist in ensuring that the business, obligations and systemic importance of the CS facilities are given due attention in the course of group-wide decision-making.
ASX is still in the process of developing the CS facility strategy documentation to address this recommendation. The Bank expects ASX to have the relevant documentation in place by the end of 2022.
Accountability map and accountability statements
In line with CCP Standard 2.2/SSF Standard 2.2, the Bank recommended that ASX should document governance arrangements that set out clear and direct lines of responsibility and accountability for each of the CS facilities' businesses. The Governance Review found that the ASX CS facilities did not have such documented arrangements in place.
In May the ASX Boards approved an accountability map. The accountability map outlines the list of Accountable Persons, the allocation of non-executive director accountabilities and high level executive accountabilities. It also sets out the structure of ASX Boards, ASX Board Committees and Management Committees.
The Governance Review also recommended (consistent with CCP Standard 2.5/SSF Standard 2.5) that ASX clearly specify the roles and responsibilities of directors and of the senior executives referred to in the accountability map. It was recommended that this be done by creating accountability statements specifying the roles and responsibilities of directors and of senior executives, as well as the part of the CS facility's business for which each senior executive is accountable.
ASX has developed a set of accountability statements for ASX directors and executives. The Bank has communicated to ASX that further work is required to ensure these documents set out accountabilities in a clear and comprehensive manner. Over the coming period the Bank will engage further with ASX on changes to these documents to meet the Bank's expectations.
2.1.3 Oversight of compliance with FSS
Ensuring that a corporation is compliant with its legal obligations is a fundamental role of a board of directors.[7] The 2021 Assessment identified instances where the Boards were not aware of compliance issues until these were highlighted by the Bank. The Assessment found the Boards had not taken a sufficiently active role in ensuring that ASX fulfils its regulatory obligations and instilling a compliance culture within the ASX Group.
Having noted ASX's responsibility to come to its own understanding on compliance with regulatory obligations, the Governance Review recommended that the ASX Boards should take a more active role in ensuring compliance of the CS facilities with the FSS. To achieve this, the Bank recommended that the CS Boards require the CS Lead Executives to complete an annual self-assessment of compliance with the FSS. The purpose of the recommendation was to increase the understanding by the ASX executives and directors of the CS facilities' FSS obligations, and to identify any areas of non-compliance at an early stage and bring these to the attention of the CS Boards and the Bank.
The Bank has set a target date of 31 December 2022 for ASX to complete its first self-assessment, which ASX has agreed to meet. This target was set because the Bank considered that ASX's original target date was too far in the future. The Bank was also concerned that this reflected a lack of urgency by the CS Boards and executives in understanding whether the CS facilities are meeting their compliance obligations.
Recommendation: The CS Boards should require the CS Lead Executives to complete a first self-assessment of compliance with the FSS by 31 December 2022. ASX should implement a robust annual self-assessment process that provides the CS Boards with ongoing visibility of the CS facilities' compliance with the FSS by June 2023.
2.1.4 Other changes to governance arrangements
ASX's response to other governance recommendations are summarised in Appendix A. These include the establishment of a Board-level Technology Committee responsible for overseeing the implementation of the ASX Group's technology, data and cyber security strategies, as well as technology project implementation (including CHESS Replacement). ASX has also implemented a change in the administrative reporting line for the General Manager of ASX Internal Audit to the Chief Financial Officer. The Bank will continue to monitor the level of constructive engagement with ASX Internal Audit by management, in light of concerns identified during the Governance Review that there has been resistance to internal audit among parts of the organisation.
2.2 Framework for the comprehensive management of risk
Standard 3 of the FSS requires CS facilities to have a sound framework for managing legal, credit, liquidity, operational and other risks. To achieve this, a CS facility is expected to take an integrated and comprehensive view of its risks.[8] This includes having comprehensive internal processes to help the board and senior management monitor and assess the adequacy and effectiveness of a CS facility's risk management policies, procedures, systems and controls.
During the assessment period ASX internal audit commissioned an external review of its risk management framework. This review found that ASX had documented a comprehensive Enterprise Risk Management Framework (ERMF) and made good progress in the implementation of risk management systems and enhanced risk reporting (introduced as part of ASX's Building Stronger Foundations program). Despite this progress, the operating effectiveness of ASX's risk management framework remains behind the maturity levels of its peers in the Australian financial services industry.
To strengthen ASX's risk culture overall, the review noted the importance of the ASX executive team forming a collective view of risk appetite and risk management, as articulated in the ASX Risk Appetite Statement and ERMF. It also noted the need for the executive team to collectively promote and consistently support the ERMF across the organisation. A stronger risk culture would also be expected to encourage challenge and foster greater psychological safety around speaking up.
Consistent with industry best practice, ASX's arrangements for monitoring, assessing and managing risks are founded on a ‘three lines’ model.[9] The external review highlighted that further work is required to strengthen ASX's implementation of this model, as set out in the ERMF. The review identified that the first line in some business areas did not have sufficient capabilities to fully discharge its role, requiring more extensive support from the second line which undermined the latter's ability to provide independent challenge. In particular ASX should be working to build greater (dedicated) risk capabilities in line 1, which in turn should enable line 2 to act as a more effective source of independent challenge.
ASX has established a plan to respond to the recommendations of the external review by February 2023. The Bank, working closely with ASIC, will monitor ASX's implementation of this plan and the ongoing work to strengthen ASX's risk culture.
Recommendation: ASX should present the Bank with plans to strengthen the operating effectiveness of ASX's three lines model by 31 December 2022.
Area of supervisory focus: The Bank, working closely with ASIC, will engage with ASX on actions to address recommendations from the 2022 external review of ASX's ERMF and to strengthen its risk culture.
2.3 Regulatory reporting
The ASX CS facilities are required under the FSS to provide the Bank with timely information on any material developments relevant to services provided under the CS facility licences and ASX's compliance with the FSS. The 2021 Assessment noted instances where ASX's regulatory reporting had been deficient. This included instances where important information was not brought to the Bank's attention in a timely and transparent manner. The Bank recommended ASX improve the quality controls and systems supporting its reporting requirements.
While ASX has implemented a number of measures intended to uplift its regulatory reporting performance over the past 12 months, there have been examples where ASX has not kept the Bank informed in a timely way. The most significant example was a substantial delay in notifying the Bank and ASIC of the identification of a major risk to the schedule of the CHESS replacement program (see chapter 4). Such a delay in notification is unacceptable and ASX has since made significant improvements to its regulatory engagement to ensure that major CHESS replacement developments are communicated in a timely way. There have also been a number of examples of ASX failing to notify the Bank of updated policy documents in a timely fashion.
The Bank is concerned that there is not a consistent understanding of regulatory reporting, and compliance obligations more broadly, across ASX. The Bank will continue to engage with ASX as it completes its work to improve regulatory reporting systems and controls. This should include enhancements to enterprise compliance training to ensure regulatory reporting obligations are well understood across the organisation.
The Bank expects ASX executives and the CS Boards to encourage a culture that prioritises transparent and timely regulatory engagement, and will discuss how the Bank's cooperation letters with the CS facilities can be updated to reflect these expectations.
Box A: Enhanced FMI Data Reporting Update
The Bank is undertaking a project to improve the quality, scope and timeliness of its data collection on the activities and risks of systemically important CS facilities. These data help the Bank assess how well CS facilities observe the FSS, monitor emerging risks and inform the policy advice given to the Payments System Board (PSB).
During the Assessment period, the project reached its first key milestone with ASX commencing regular reporting through the new delivery system; initial reporting includes data on settlement activity at Austraclear, links with other FMIs, and operational risk and participation details for all four CS facilities.
However, staff turnover at ASX has delayed the transition of the remainder of the data collection, which was expected to be completed before the end of 2022. The Bank has communicated its expectation that ASX monitor and promptly communicate any emerging risks to the timeline, improve its contingency planning arrangements and maintain the appropriate mix of internal and external expertise required to advance the project.
Following a replanning process, the Bank and ASX agreed a revised project timeline, with the revised data collection for ASX CS facilities to be implemented in the first half of 2023. The Bank expects to continue working closely with ASX on the project, and will regularly assess ASX's progress towards its completion.
Recommendation: ASX should complete work under way to review the quality controls and systems it has in place to systematically identify and bring to the Bank's attention information required to be reported to the Bank, and address any gaps identified as part of this review. By June 2023, ASX should implement metrics to monitor the effectiveness of these measures and put processes in place to address gaps. ASX should ensure that these controls are in place for its implementation of the Bank's upgraded FMI data collection.
2.4 Operational risk
2.4.1 CHESS capacity
CHESS is the system used by ASX to facilitate clearing, settlement and other post-trade services for the Australian cash equities market. Following processing delays experienced during high trading volumes in March 2020, the Bank recommended that ASX implement measures to increase the capacity of the current CHESS infrastructure to ensure it remains operationally resilient until the CHESS replacement program is completed. The program of work to expand capacity was completed in June 2021, increasing the business as usual capacity of the system to 10 million trades per day (see Graph 1).
The 2021 Assessment recommended that ASX complete work underway to increase the joint capacity of CHESS and the related ‘CORE’ system. The CORE system supports the submission of trades from the ASX trade platform into CHESS. If the capacity of CORE to process trades is lower than the capacity of CHESS to absorb them then CORE may act as a bottleneck, resulting in processing delays if trading volumes were sufficiently high.
In December 2021 ASX completed upgrades in the capacity of the CORE system, which is now able to support 7.5 million trades per day.[10] At market open on 24 February 2022, there was a very significant volume of trades to process; the upgraded capacities of CHESS and CORE allowed ASX to process these trades, with the maximum backlog of trades in CORE only reaching 11 minutes. By comparison a similar backlog took one hour to clear in March 2020.
2.4.2 Risk management systems
Over the assessment period ASX continued to embed the use of new risk management systems, such as its Enterprise Risk, Internal Audit and Compliance Application (ERICA) and IT Service Management (ITSM) tool. These systems were implemented as part of ASX's Building Stronger Foundations program which commenced in 2018 and was formally closed in 2020. The systems are intended to support more effective measurement, monitoring, reporting and aggregation of operational risk. For example, the ERICA system provides a real time view of risk at both the business unit and enterprise level.
As noted in section 2.3, an external review of ASX's risk management framework was carried out over the assessment period. The review found that good progress has been made in the implementation of these new risk management systems. However, it noted that data quality is key to the success of systems like ERICA. The review recommended further training across ASX to increase awareness of the importance of ERICA data in supporting effective risk-decisions.
2.4.3 Staff resourcing
Staff resourcing has been an ongoing issue for ASX and the wider financial services industry over the assessment period. Filling vacant positions has become increasingly difficult, reflecting a scarcity of people with specialist IT, operational and technical skills in the current tight labour market. This has led to delays and cost implications for projects at ASX.
The delays to the CHESS replacement program outlined in chapter 4 also present staff resourcing challenges. This includes the requirement to maintain the current CHESS system for longer than originally intended, which requires specific skills that are becoming increasingly scarce. In addition, there is a risk that the ongoing delays to the CHESS program result in fatigue among staff. If this risk is not managed it could increase staff turnover, with an associated loss of corporate knowledge affecting not just delivery of the new system but also its ongoing maintenance.
In response to staff resourcing challenges ASX has implemented a number of strategies focused on recruitment and staff retention. ASX have also sought to manage the risks resulting from heightened turnover with measures such as the approval of additional roles, the introduction of project prioritisation processes, and maintaining a list of critical roles to minimise disruption. The management of the heightened operational risk associated with staff resourcing challenges will be an area of supervisory focus over the next assessment period.
Recommendation: The ASX CS facilities should continue to embed the use of new systems and processes supporting change management, incident management and knowledge management, and use these systems to identify, monitor and manage operational risks at an enterprise-wide level. This should include the roll out of additional training to support the data integrity of the new systems. (See Table 6, Appendix A.)
2.4.4 Cyber resilience
During the assessment period, ASX continued to implement enhancements to its cyber security practices in line with actions set out in its Cyber Strategy. This included the implementation of measures to improve internal controls and enhancements to its cyber testing regime. ASX participated in industry forums such as the CPMI-IOSCO industry working group on cyber and actively engaged with Australian government initiatives related to improving cyber resilience.
The CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures provides a set of internationally agreed guidelines for FMIs in the area of cyber risk.[11] Consistent with the expectations set out in the guidelines, ASX continued to evaluate current and emerging technology that could lead to further enhancements in ASX's capabilities to recover its operations safely within two hours following an extreme cyber-attack.
Area of Supervisory Focus: The Bank will monitor the continued enhancement of ASX's cyber resilience via:
- the implementation of actions identified in ASX's Cyber Strategy
- ASX's evaluation of current and emerging technology that could lead to further enhancements to the abilities of ASX to recover from cyber-attacks in a timely manner.
2.5 Financial risk
2.5.1 Access to liquidity facilities
The 2020 Assessment recommended that ASX Clear (Futures) take steps to establish an ability to access liquidity from the Reserve Bank in respect of a defaulting participant's non-cash collateral. During the current assessment period, ASX Clear (Futures) has taken steps towards addressing a legal impediment to accessing liquidity from the Bank via ASX Clearing Corporation (see Appendix B3) using non-cash collateral posted to the CCP. Previously it was only able to use this arrangement in respect of cash collateral.
As at 30 June, ASX had yet to complete work to update ASX Clearing Corporation's RITS membership agreement to reflect the way in which ASXCC uses its ESA as trustee for the CCPs, including to seek liquidity from the Bank. This work is expected to be completed in September.
Recommendation: The ASX CCPs should take all steps possible to ensure that ASXCC enters into an updated RITS membership agreement that is consistent with ASXCC's management of collateral and other assets held as trustee for the CCPs.
2.5.2 Crypto ETFs
In May 2022, ASX Clear commenced clearing of exchange-traded funds referencing underlying bitcoin and ether holdings (Crypto ETFs).
The FSS require that CCPs identify, measure, monitor and manage risks related to their activity, which extend to the clearing of novel products. During the Assessment period, ASX reviewed a range of specific risk management issues affecting Crypto ETFs through its internal governance process, including the approval of a clearability assessment in accordance with ASX's clearability policy for new products. The initial risk settings for these products included a margin rate of 40 per cent for bitcoin ETFs and 50 per cent for ether ETFs, and new stress-test scenarios assuming up to a 100 per cent fall and a 200 per cent increase in prices of the Crypto ETFs. Participants clearing these products are also required to hold sufficient liquid resources (or put in place other controls) to address the liquidity risk associated with a ‘run’ on crypto-ETF holdings by clients in response to some adverse event.
2.6 Cross-border regulatory developments
2.6.1 European Union
In March, the European Securities and Markets Authority (ESMA) recognised both ASX CCPs as ‘Tier 1’ third-country CCPs in line with recent changes to the EU regulation on OTC derivatives, CCPs and trade repositories, known as European Market Infrastructure Regulation (EMIR) 2.2. Tier 1 CCPs are not considered to be systemically important in the EU, so are not subject to the full range of ESMA's supervisory powers that apply to CCPs of potential systemic importance.[12]
Footnotes
Developments between the end of the assessment period and the finalisation of this report on 26 August are noted where relevant. [2]
See Appendix B.1 – ASX group structure and governance. [3]
The existing arrangements had been designed to address conflicts of interest that may arise by virtue of ASX Clear and ASX Settlement offering clearing and settlement services to markets operating in competition to ASX Limited. [4]
The changes do not address one element of the ASX Clear and ASX Settlement arrangements included in Recommendation 9 – the requirement for a majority of directors to be non-ASX Limited directors. The Bank does not consider this element to be necessary in order for ASX to adequately manage the type of intra-group conflicts faced by ASX Clear (Futures) and Austraclear. [5]
The Group Executive, Markets is CS Lead Executive with responsibility for ASX Clear (Futures) and ASX Clear's derivatives business. The Group Executive, Securities and Payments is CS Lead Executive with responsibility for Austraclear, ASX Settlement and ASX Clear (other than aspects covered by the Group Executive, Markets). [6]
This is noted in paragraph 2.3.1 of the FSS guidance, which lists ‘ensuring compliance with all supervisory and oversight requirements’ among the responsibilities of the board of a CS facility. [7]
The Bank conducted a detailed review of ASX's risk management framework against Standard 3 in 2021, recommending that ASX should establish a process to periodically conduct systematic assessments of the range of potential risks other entities may pose to its CS facilities and the risks ASX CS facilities could potentially pose to other entities. See Appendix A for a summary of progress. [8]
The three lines referenced in this approach are: line 1 – risk owners/frontline managers; line 2 – risk control and compliance; and line 3 – risk assurance, typically undertaken by the internal audit function. For further information on the oversight of risk management and the three lines model in FMIs, see Bolt S and D Meredith (2020), ‘Governance of Financial Market Infrastructures’, RBA Bulletin, December. [9]
CHESS also supports clearing of trades executed on the Cboe Australia and National Stock Exchange of Australia markets. ASX targets a higher capacity for CHESS than for CORE, which does not play a role in processing trades from non-ASX markets. [10]
BIS (2016), ‘Guidance on Cyber Resilience for Financial Market Infrastructures’, CPMI Paper No 146, 29 June. [11]
Arrangements for supervisory cooperation between EU and Australian authorities are described in RBA (2022), ‘Memorandum of Understanding between the Bank, ASIC and ESMA’. [12]