Assessment of ASX Clearing and Settlement Facilities – October 2023 3. Developments

3.1 Governance

There were several changes to ASX's executive team during the assessment period. Under the leadership of a new Chief Executive Officer, the Bank has observed improved engagement and an increased commitment to transparency in ASX's dealings with the Bank. The Bank welcomes this development and considers it important that it continues. Progress has also been made in addressing the Bank's previous recommendations relating to the governance of the CS facilities.

ASX's improved transparency has provided the Bank with greater insight into several areas of ASX's governance that require further improvement, a number of which have been long-running concerns. One of these concerns is whether reporting to the boards assists their ability to oversee the management of the key issues raised in this Assessment. The Bank also remains concerned about the effectiveness of ASX's Internal Audit function. Other areas for improvement include the rigor and extent of the CS Lead Executives' ownership of ASX's self-assessment against the FSS, the documentation of clear lines of accountability within ASX, and the effectiveness of stakeholder engagement on the CHESS Replacement Program.

As these are significant and increasingly pressing issues, the Bank has lowered ASX's rating to partly observed in relation to the Governance FSS.

3.1.1 Board oversight

During the assessment period, there have been several issues of concern regarding the effectiveness of Internal Audit, ageing assets and ASX's risk position. Generally, over the course of the assessment period the Bank has not seen sufficient evidence that the boards have been able to provide direction with the required urgency in relation to these key risks. For example, the Bank acknowledges that the board Technology Committee has questioned management about ageing technology assets on a number of occasions during the reporting period. However, in the Bank's view there has been insufficient tangible progress to-date given the nature of the potential risks. The Bank also has ongoing concerns about the effectiveness and quality of reporting to the ASX boards to enable appropriate challenge to take place.

3.1.2 Strategic objectives

Consistent with the Bank's previous recommendations, ASX introduced corporate strategies for each of the CS facilities. As required by the FSS, the strategies explicitly note that each CS facility ‘places a high priority on the safety of the facility and promotes financial stability’, with goals and current areas of focus including resilience, safe operations, robust operational performance and sound risk management. In the coming assessment period, the Bank expects ASX to provide regular reporting to the CS boards on progress against the strategic goals. This reporting has been limited to-date.

3.1.3 Internal Audit

An external review of ASX's Internal Audit function found a low overall level of maturity and several deficiencies in its effectiveness. The review identified a poor relationship between Internal Audit and the executive, which compromises Internal Audit's authority and ability to appropriately fulfil its mandate. Other areas requiring improvement include quality assurance processes, the use of data analytics and succession planning to mitigate key person risks. The Bank also notes the six-month delay in ASX's appointment of a permanent General Manager of Internal Audit (GM IA) after the position became vacant in late 2022. A more junior member of the Internal Audit team acted in the position during this period. ASX has commenced a program of work to address the review findings. The new GM IA commenced shortly after the end of the assessment period.

3.1.4 ASX self-assessment

In the 2021 Assessment, the Bank recommended that ASX's CS boards require the CS Lead Executives to complete an annual self-assessment of compliance with the FSS. ASX's self-assessment identified some gaps in addition to those already identified by the Bank. The Bank considers the self-assessment process to be an important method for ASX to identify potential or emerging risks in a timely way. For this first self-assessment, ASX enlisted a consultancy firm to facilitate the process. In subsequent self-assessments, the Bank expects a greater degree of involvement in the process by the CS Lead Executives as the accountable persons for meeting regulatory obligations.

Overall, the Bank is encouraged by ASX self-identifying several areas requiring improvement. The Bank has considered these self-assessed findings and any remediation efforts undertaken during the assessment period as an input to this year's Assessment.

In considering requirements for future annual self-assessments, the Bank has considered the expectation that ASX conduct, and publish on its website, self-assessments against the PFMI at least every two years.^[3] Given the strong similarities between the Principles for Financial Market Infrastructures (PFMI) and the FSS, the Bank will accept the self-assessment against the PFMI as meeting its self-assessment requirement for that year, with ASX to additionally provide the Bank with ratings against each of the PFMI/FSS and a plan to address any identified compliance gaps.

3.1.5 Accountability framework

ASX continued to progress outstanding recommendations to uplift the documentation of governance arrangements, and management roles and responsibilities. The accountability map and accountability statements for directors and individual executives have been updated to provide further clarity and specifics around accountabilities.

The Bank acknowledges that considerable effort has been invested in the preparation of the accountability framework. It also acknowledges the consequences for ASX executives arising from adverse outcomes over the past year, as set out in the ASX 2023 Remuneration Report. However, the process of holding senior executives to account on a continuing basis would be further assisted by additional refinement to documented governance arrangements. In the Bank's view, the current suite of accountability documentation should be strengthened to articulate desired outcomes and hold ASX senior executives to an appropriate level of accountability commensurate with their senior role in operating critical financial market infrastructure.

3.1.6 Stakeholder management

ASX completed several initiatives to address recommendations relating to stakeholder management. A new Stakeholder Engagement Charter was published in August 2022, and new engagement forums were created to strengthen stakeholder consultation and collaboration. Despite these initiatives, there continue to be significant challenges, especially in relation to the CHESS Replacement Program. Several industry stakeholders have publicly outlined their concerns around stakeholder management, with some also proposing alternative governance models for CHESS replacement, which are intended to facilitate a greater voice for stakeholders in decisions that affect them.

The Bank's Letter of Expectations included several expectations regarding stakeholder engagement on the CHESS Replacement Program, which are restated below as a recommendation. ASIC has also recently led an initiative to establish an industry Advisory Group for strategic matters relating to cash equities clearing and settlement, with an initial focus on CHESS replacement. The Bank strongly supports the establishment of this Advisory Group and expects ASX to support its effective operation. On 30 August, ASIC and the Bank issued a joint letter of expectations regarding ASX's interaction with the Advisory Group.

3.2 Framework for the Comprehensive Management of Risks

ASX has completed a program to uplift the operating effectiveness of its enterprise risk management framework. Nonetheless, the Bank continues to hold concerns about ASX's risk management culture and the length of time ASX has operated at a heightened risk position. These concerns are strengthened by the issues identified in relation to ASX's Internal Audit function. Consistent with these concerns, the Bank has downgraded ASX to partly observed in relation to the Framework for the Comprehensive Management of Risks.

3.2.1 Three lines of accountability

Consistent with industry practice, ASX's arrangements for monitoring, assessing and managing risks are founded on a ‘three lines’ model. During the assessment period, ASX implemented recommendations from a 2022 external review to strengthen its risk culture and the operating effectiveness of the first two lines of accountability. As many of the changes were implemented late in the assessment period, their operational effectiveness will need to be further validated. This will be an area of focus for the Bank, working closely with ASIC, over the coming year.

3.2.2 Risk position

Reporting to the board Audit and Risk Committee indicates that, as at the end of the assessment period, ASX had operated at a heightened risk position for 10 of the past 11 quarters. Some factors contributing to this include the CHESS Replacement Program and a deterioration in the operational risk position (see section 3.3).

The Bank is concerned that ASX has been operating at a heightened level of overall risk level for an extended period. In the Bank's view, there are a range of risks that are not being managed effectively. This is an issue of concern that the Bank views could become serious if not addressed promptly. This is consistent with a rating of partly observed.

The Bank has made several recommendations in relation to key risk areas, particularly in relation to the current CHESS and Operational Risk and will monitor ASX's progress towards lowering its overall risk position.

3.3 Operational Risk

The Bank has maintained the rating of partly observed for ASX's adherence to the Operational Risk FSS. The Bank holds increasing concerns over ASX's ability to manage operational risk. This will be the subject of a special topic in next year's assessment. The Bank expects ASX to promptly take action to remediate its ageing assets to enable the longevity, safety and performance optimisation of assets that support critical financial market infrastructure.

3.3.1 Ageing assets

ASX's renewal of its technology is not keeping up with the ageing of its systems. On a semi-annual basis, ASX completes a system operational risk assessment (SORA) across selected systems and environments on its critical systems list. Over the assessment period, software currency and hardware age were consistently identified as areas of concern in SORA. When software reaches end-of-life, vendor support, updates and security patches may cease to be available, raising security and operational concerns. Aged hardware can also lead to problems with system processing and capacity. Maintaining appropriate controls for such systems is resource intensive.

While ASX has recently developed programs to address some of the problems of ageing assets in ASX Clear and ASX Clear (Futures), they do not include funded and prioritised remediations for all critical systems. The Bank considers ASX's current approach to managing ageing assets to be insufficient to fully ensure resilient, secure and operationally reliable systems. The Bank expects ASX to take steps to ensure that this ongoing risk is better managed in future.

3.3.2 Vendor management and outsourcing

ASX relies significantly on external providers for the operation of the CS facilities. CS facilities remain responsible for the resilience, security and operation of their systems even where they rely on third-party providers for some services.

The development, implementation and consistent application of vendor management and outsourcing policies and processes are important to managing risks arising from reliance on third parties. An Internal Audit review of ASX's vendor management and procurement practices found a low level of awareness and use of the ASX vendor management framework among tested projects. ASX identified in its self-assessment that it does not have an overarching outsourcing policy and has worked on developing such a policy with the assistance of an external consultant. Vendor management was also the subject of several recommendations in the external review of the CHESS Replacement Program (see section 4). The Bank expects ASX to implement these recommendations.

Over the coming assessment period the Bank will also monitor ASX's work to remediate self-identified gaps in its contracts with critical service providers in accordance with the FSS.

3.3.3 Resourcing sufficiency

As an operator of critical financial market infrastructure, ASX has obligations to ensure that key systems are operated securely and reliably. To achieve this, ASX should ensure that it can reliably access appropriate financial, technological and human resources. In recent years, staff resourcing has been an ongoing challenge at ASX, reflecting the scarcity of people with specialist skills in a tight labour market.

This has resulted in project delays and the loss of corporate knowledge. Over the assessment period, ASX has focused on uplifting the skills, knowledge and capabilities of its staff to address resourcing issues; however, further capability uplifts are required. ASX should continue to address the key person risks it has identified in the context of the operation of several critical systems.

3.3.4 Cyber security^[4]

ASX continued to implement its Cyber Strategy, including a further tightening of internal controls and cyber scenario testing. In line with international cyber guidance, ASX continued to consider technologies to support its ability to recover operations safely within two hours following an extreme cyber-attack.

3.4 Margin

3.4.1 ASX Clear

A central counterparty should have the authority and operational capacity to call intraday margin to mitigate the build-up of credit exposures due to large market moves or significant trading activity since the previous margin call.

ASX Clear does not currently have a production standard method to collect intraday margin. In response to an expectation set by the Bank, ASX conducted a feasibility assessment of implementing intraday margin calls for cash market products in the current CHESS.^[5] ASX concluded that a scheduled margin call at 2pm could be practically implemented within the operating hours of settlement systems and would mitigate the build-up of realised credit exposures to participants throughout the day.

ASX should consider introducing any scheduled intraday margin call holistically, taking account of operational synergies in margin calls for derivative products or any additional margin requirements from participants that exceed stress test exposure limits at ASX Clear. Improved intraday margin collection will also reduce the materiality of under-collateralisation from late-in-day price moves.

3.4.2 ASX Clear (Futures)

In mid-2022, volatility in Australian interest rate derivatives was high, resulting in market moves that exceeded initial margin requirements at ASX Clear (Futures). This led to margin coverage rates for over-the-counter (OTC) interest rate derivatives that were slightly below regulatory standards for the period to end-June 2022, and extending into July 2022.^[6] ASX responded by raising margin requirements using a scalar multiplier. ASX is looking more holistically at its approach to margining as part of its review of margin methodologies.

ASX Clear (Futures)'s clearing services are offered continuously from Monday morning to Saturday morning. Given Austraclear is closed during the Night Session, margin calls during this session are settled by participants in US dollars (USD) using commercial settlement banks. Two risks arise from this approach: credit exposures to these commercial settlement banks; and a currency mismatch between the settled margin call and the related exposures.^[7]

During the assessment period, ASX Clear (Futures) investigated the feasibility of an Australian dollar (AUD) margin payment method that could be used for overnight margin payments. ASX found that limitations regarding the management of overnight AUD liquidity requirements by participants, as well as current availability of payment settlement infrastructure would make an AUD overnight solution unlikely to be feasible at this time.

ASX has indicated it will continue the overnight USD margin process in the short term, making improvements where appropriate, while developing a long-term strategy for its overnight margin operations. Relevant considerations for further improvements should include: reducing credit exposures to commercial settlement banks; mitigating currency risks; and the timing of scheduled margin calls and capacity for unscheduled margin calls to best mitigate risks from under-collateralisation of realised exposures. These considerations should be balanced against the operational costs and risk, as well as the impacts on clearing participants.

3.5 Segregation and portability

Segregation of the positions and collateral of a clearing participant's customers (clients) from those of the clearing participant (house) can play an important role in reducing the impact of a participant's default or insolvency on clients and the financial system more broadly.

ASX Clear currently commingles house and client positions for cash market products, meeting the FSS through arrangements that were considered in the 2016 Assessment to provide protections for customers that were materially equivalent to those provided by segregated account structures. During the assessment period, ASX conducted an equivalence assessment. The equivalence assessment considered whether any changes have occurred since 2016 that would affect the material equivalence of ASX's commingled account to segregated account structures. ASX concluded that the material equivalence had not been affected.

ASX also undertook a feasibility assessment of whether the current CHESS could support a segregated account structure. ASX found that it would not be prudent to implement account structure changes in the current CHESS, in part because of concerns about the current CHESS's ability to handle the additional load. The Bank is satisfied that ASX has fulfilled the requirement in the Bank's Letter of Expectations to conduct these assessments. ^[8]

Given the outcomes of these assessments, the Bank is satisfied that further consultation (expectation at paragraph 7.c.) is not required at this time.^[9] Instead, the Bank will consider the outcomes of these assessments as part of a detailed review of ASX's adherence to the Segregation and Portability FSS in the 2024 Assessment. The Bank still considers it important for ASX to incorporate the ability to segregate client and house accounts into CHESS replacement and to consult with industry on this as part of the redesign.

3.6 Regulatory reporting

ASX has undertaken several measures to uplift its regulatory reporting over the assessment period. ASX also put in place metrics to monitor and report on the effectiveness of its regulatory reporting controls. Following these measures, the Bank has observed an improvement in compliance with the regulatory reporting obligations. The Bank has not identified any significant breaches of these obligations during the assessment period.

ASX made significant progress on the provision of data to the Bank under the Bank's FMI Data Reporting project. This project significantly enhances the quality, scope and timeliness of regulatory reporting and data available to the Bank. The final set of reports covered by the FMI Data Reporting project, relating to CHESS data (ASX Clear and ASX Settlement reporting obligations), are expected to go live in late 2023.

In line with the general improvement in regulatory reporting and progress on the FMI Data Reporting project, ASX Clear (Futures) and Austraclear have been upgraded to a rating of observed for Regulatory Reporting.

3.7 Reviews of selected FSS

During the assessment period, the Bank conducted selected reviews into ASX's adherence to the following Standards: Access and Participation Requirements; Central Securities Depositories; and Exchange-of-value. These reviews are undertaken as part of the Bank's supervisory cycle process, where each FSS is assessed over the supervisory cycle period.^[10]

3.7.1 Access and Participation Requirements

Consistent with the FSS, the Bank's review found that ASX's CS facilities have objective participation requirements, which are publicly available. ASX'S CS facilities also carry out monitoring of compliance with participation requirements on an ongoing basis. ASX's four CS facilities were found to be consistent with an observed rating for Access and Participation Requirements.

3.7.2 Central Securities Depositories

The Bank has downgraded Austraclear to broadly observed for the FSS that applies to SSFs that operate a central securities depository (CSD). The Bank has maintained a rating of observed for ASX Settlement. The downgrade of the rating for Austraclear is primarily due to an incident that occurred in June 2023. ASX identified the incident and notified the Bank of a material breach by Austraclear of the CSD FSS.

The breach arose when an issuer of a security series entered and verified an incorrect amount for the series in a deposit request. This resulted in the amount of the series that was deposited and available for settlement (deposit volume) significantly exceeding the face value of the series initially created by Austraclear. The discrepancy remained in the system for almost two months and was not identified through Austraclear's daily reconciliation processes. It was only identified by the issuer when the size of the Austraclear fee charged to the issuer (which is based on the deposit volume) was larger than expected.

The ‘excess’ securities were not traded and there were no broader financial implications resulting from this discrepancy. ASX's investigation concluded that no other securities were affected.

While there were no financial impacts caused by the incident, Austraclear was in breach of the CSD FSS due to a deficiency in its procedures and controls. The FSS requires SSFs to have appropriate rules, procedures and controls in place to safeguard the integrity of securities issues, and the rights of securities issuers and holders. The nature of the breach posed risks to financial system stability, which could have undermined confidence in critical financial markets infrastructure.

Following the end of the assessment period, ASX implemented a number of improvements to its controls to address the issue. ASX has also planned further enhancements within a defined time period. This response is consistent with the rating of broadly observed. The Bank will monitor ASX's ability to implement these enhancements and proactively assess and strengthen the resilience of its controls.

3.7.3 Exchange-of-value Settlement Systems

The FSS requires principal risk to be eliminated for SSFs that settle transactions comprising settlement of two linked obligations (e.g., the delivery of securities against the payment of cash). The Bank has assessed Austraclear's settlement processes and found them to be consistent with a rating of observed.

Footnotes

See RBA (2021), ‘The Reserve Bank's Approach to Supervising and Assessing Clearing and Settlement Facility Licensees’, 25 February. [3]

A more detailed assessment of ASX's cyber resilience has been confidentially communicated to ASX. [4]

The feasibility assessment was in response to expectation at paragraph 7.a. of the Bank's Letter of Expectations for the Current CHESS and CHESS replacement. [5]

The regulatory standards require initial margin to be sufficient to cover 99.5 per cent of movements that might occur during the close-out period for OTC interest rate derivatives and 99 per cent for the remaining products at ASX. [6]

The exposure from the overnight margin call is unwound following the first intraday margin run in AUD the next morning. [7]

The equivalence study and feasibility assessment were in response to the expectation at paragraph 7.b. of the Bank's Letter of Expectations for the Current CHESS and CHESS Replacement. [8]

The requirement for industry consultation regarding account segregation in current CHESS was set out in the expectation at paragraph 7.c. of the Bank's Letter of Expectations for the Current CHESS and CHESS Replacement. ASX received feedback from a cross-section of participants as part of its equivalence and feasibility assessments. [9]

The expectation is this will be a four-year cycle of the FSS, taking into account events at the time. [10]