The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
Committee on Payment and Settlement Systems Technical Committee of the International Organization of Securities Commissions Principles for financial market infrastructures April 2012 This publication is available on the BIS website (www.bis.org) and the IOSCO website (www.iosco.org). © Bank for International Settlements and International Organization of Securities Commissions 2012. All rights reserved. Brief excerpts may be reproduced or translated provided the source is stated. ISBN 92-9131-108-1 (print) ISBN 92-9197-108-1 (online) Contents Abbreviations ........................................................................................................................... iii Overview of principles and responsibilities ...............................................................................1 1.0. Introduction......................................................................................................................5 Background .....................................................................................................................5 FMIs: definition, organisation, and function .....................................................................7 Public policy objectives: safety and efficiency ...............................................................10 Scope of the principles for FMIs ....................................................................................12 Scope of the responsibilities of central banks, market regulators, and other relevant authorities for financial market infrastructures........................................16 Implementation, use, and assessments of observance of the principles and responsibilities......................................................................................................16 Organisation of the report..............................................................................................17 2.0. Overview of key risks in financial market infrastructures...............................................18 Systemic risk .................................................................................................................18 Legal risk .......................................................................................................................18 Credit risk ......................................................................................................................19 Liquidity risk...................................................................................................................19 General business risk....................................................................................................19 Custody and investment risks .......................................................................................19 Operational risk .............................................................................................................20 3.0. Principles for financial market infrastructures................................................................21 General organisation ..............................................................................................................21 Principle 1: Legal basis .................................................................................................21 Principle 2: Governance ................................................................................................26 Principle 3: Framework for the comprehensive management of risks...........................32 Credit and liquidity risk management......................................................................................36 Principle 4: Credit risk ...................................................................................................36 Principle 5: Collateral ....................................................................................................46 Principle 6: Margin.........................................................................................................50 Principle 7: Liquidity risk................................................................................................57 Settlement...............................................................................................................................64 Principle 8: Settlement finality .......................................................................................64 Principle 9: Money settlements .....................................................................................67 Principle 10: Physical deliveries ....................................................................................70 Central securities depositories and exchange-of-value settlement systems ..........................72 Principle 11: Central securities depositories .................................................................72 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 i Principle 12: Exchange-of-value settlement systems ................................................... 76 Default management.............................................................................................................. 78 Principle 13: Participant-default rules and procedures ................................................. 78 Principle 14: Segregation and portability ...................................................................... 82 General business and operational risk management............................................................. 88 Principle 15: General business risk .............................................................................. 88 Principle 16: Custody and investment risks .................................................................. 92 Principle 17: Operational risk........................................................................................ 94 Access ................................................................................................................................. 101 Principle 18: Access and participation requirements .................................................. 101 Principle 19: Tiered participation arrangements ......................................................... 105 Principle 20: FMI links................................................................................................. 109 Efficiency.............................................................................................................................. 116 Principle 21: Efficiency and effectiveness................................................................... 116 Principle 22: Communication procedures and standards ........................................... 119 Transparency ....................................................................................................................... 121 Principle 23: Disclosure of rules, key procedures, and market data........................... 121 Principle 24: Disclosure of market data by trade repositories..................................... 124 4.0 Responsibilities of central banks, market regulators, and other relevant authorities for financial market infrastructures ............................................................ 126 Responsibility A: Regulation, supervision, and oversight of FMIs .............................. 126 Responsibility B: Regulatory, supervisory, and oversight powers and resources ...... 128 Responsibility C: Disclosure of policies with respect to FMIs ..................................... 130 Responsibility D: Application of the principles for FMIs .............................................. 131 Responsibility E: Cooperation with other authorities .................................................. 133 Annex A: Mapping of CPSIPS, RSSS, and RCCP standards to the principles in this report .......................................................................................................................... 138 Annex B: Mapping of the principles in this report to CPSIPS, RSSS, RCCP, and other guidance ..................................................................................................................... 140 Annex C: Selected RSSS marketwide recommendations ................................................... 141 Annex D: Summary of designs of payment systems, SSSs, and CCPs .............................. 148 Annex E: Matrix of applicability of key considerations to specific types of FMIs.................. 158 Annex F: Oversight expectations applicable to critical service providers ............................ 170 Annex G: Bibliography ......................................................................................................... 172 Annex H: Glossary ............................................................................................................... 174 Annex I: Members of the CPSS-IOSCO review of standards .............................................. 180 ii CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Abbreviations ACH Automated clearing house BCBS Basel Committee on Banking Supervision CCP Central counterparty CGFS Committee on the Global Financial System CPSIPS Core principles for systemically important payment systems CPSS Committee on Payment and Settlement Systems CSD Central securities depository DNS Deferred net settlement DvD Delivery versus delivery DvP Delivery versus payment FMI Financial market infrastructure FSB Financial Stability Board ICSD International central securities depository IOSCO International Organization of Securities Commissions IT Information technology Lamfalussy Report Report of the Committee on Interbank Netting Schemes of the central banks of the Group of Ten countries LEI Legal entity identifier LVPS Large-value payment system OTC Over the counter PS Payment system PvP Payment versus payment RCCP Recommendations for central counterparties Repo Repurchase agreement RSSS Recommendations for securities settlement systems RTGS Real-time gross settlement SSS Securities settlement system TR Trade repository CPSS-IOSCO – Principles for financial market infrastructures – April 2012 iii Overview of principles and responsibilities Principles for financial market infrastructures General organisation Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Credit and liquidity risk management Principle 4: Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a morecomplex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Principle 6: Margin A CCP should cover its credit exposures to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of CPSS-IOSCO – Principles for financial market infrastructures – April 2012 1 confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Settlement Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money. Principle 10: Physical deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Central securities depositories and exchange-of-value settlement systems Principle 11: Central securities depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Principle 12: Exchange-of-value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Default management Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Principle 14: Segregation and portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. 2 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 General business and operational risk management Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Access Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Principle 19: Tiered participation arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Principle 20: FMI links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks. Efficiency Principle 21: Efficiency and effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3 Transparency Principle 23: Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Principle 24: Disclosure of market data by trade repositories A TR should provide timely and accurate data to relevant authorities and the public in line with their respective needs. Responsibilities of central banks, market regulators, and other relevant authorities for financial market infrastructures Responsibility A: Regulation, supervision, and oversight of FMIs FMIs should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority. Responsibility B: Regulatory, supervisory, and oversight powers and resources Central banks, market regulators, and other relevant authorities should have the powers and resources to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs. Responsibility D: Application of the principles for FMIs Central banks, market regulators, and other relevant authorities should adopt the CPSSIOSCO Principles for financial market infrastructures and apply them consistently. Responsibility E: Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs. 4 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 1.0. Introduction 1.1. Financial market infrastructures (FMIs) that facilitate the clearing, settlement, and recording of monetary and other financial transactions can strengthen the markets they serve and play a critical role in fostering financial stability. However, if not properly managed, they can pose significant risks to the financial system and be a potential source of contagion, particularly in periods of market stress. Although FMIs performed well during the recent financial crisis, events highlighted important lessons for effective risk management. These lessons, along with the experience of implementing the existing international standards, led the Committee on Payment and Settlement Systems (CPSS) and the Technical Committee of the International Organization of Securities Commissions (IOSCO) to review and update the standards for FMIs. 1 This review was also conducted in support of the Financial Stability Board (FSB) initiative to strengthen core financial infrastructures and markets. All CPSS and IOSCO members intend to adopt and apply the updated standards to the relevant FMIs in their jurisdictions to the fullest extent possible. 1.2. The standards in this report harmonise and, where appropriate, strengthen the existing international standards for payment systems (PS) that are systemically important, central securities depositories (CSDs), securities settlement systems (SSSs), and central counterparties (CCPs). The revised standards also incorporate additional guidance for overthe-counter (OTC) derivatives CCPs and trade repositories (TRs). In general, these standards are expressed as broad principles in recognition of FMIs’ differing organisations, functions, and designs, and the different ways to achieve a particular result. In some cases, the principles also incorporate a specific minimum requirement (such as in the credit, liquidity, and general business risk principles) to ensure a common base level of risk management across FMIs and countries. In addition to standards for FMIs, the report outlines the general responsibilities of central banks, market regulators, and other relevant authorities for FMIs in implementing these standards. Background 1.3. FMIs play a critical role in the financial system and the broader economy. For the purposes of this report, the term FMI refers to systemically important payment systems, CSDs, SSSs, CCPs, and TRs. 2 These infrastructures facilitate the clearing, settlement, and recording of monetary and other financial transactions, such as payments, securities, and derivatives contracts (including derivatives contracts for commodities). While safe and efficient FMIs contribute to maintaining and promoting financial stability and economic growth, FMIs also concentrate risk. If not properly managed, FMIs can be sources of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. To 1 In this report, the term "standards" is used as a generic term to cover all normative statements such as standards, principles, recommendations, and responsibilities. The use of this term is consistent with the past practice of indicating that the principles and responsibilities set out in this report are, or are expected to be, part of the body of international standards and codes recognised by the Financial Stability Board (formerly called the Financial Stability Forum) and international financial institutions. 2 In some cases, exchanges or other market infrastructures may own or operate entities or functions that perform centralised clearing and settlement processes that are covered by the principles in the report. In general, however, the principles in this report are not addressed to market infrastructures such as trading exchanges, trade execution facilities, or multilateral trade-compression systems; nonetheless, relevant authorities may decide to apply some or all of these principles to types of infrastructures not formally covered by this report. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 5 address these risks, the CPSS and the Technical Committee of IOSCO have established, over the years, international risk-management standards for payment systems that are systemically important, CSDs, SSSs, and CCPs. 1.4. The CPSS, in January 2001, published the Core principles for systemically important payment systems (CPSIPS), which provided 10 principles for the safe and efficient design and operation of systemically important payment systems. These principles drew extensively from the Report of the Committee on Interbank Netting Schemes of the central banks of the Group of Ten countries (also known as the Lamfalussy Report), which was published in November 1990. The CPSIPS were followed by the Recommendations for securities settlement systems (RSSS), which were published jointly by the CPSS and the Technical Committee of IOSCO in November 2001. This report identified 19 recommendations for promoting the safety and efficiency of SSSs. 3 The accompanying Assessment methodology for 'Recommendations for securities settlement systems' was subsequently published in November 2002. 1.5. In November 2004, building upon the recommendations established in the RSSS, the CPSS and the Technical Committee of IOSCO published the Recommendations for central counterparties (RCCP). The RCCP provided 15 recommendations that addressed the major types of risks faced by CCPs. A methodology for assessing a CCP’s observance of each recommendation was included in the report. In January 2009, the CPSS and the Technical Committee of IOSCO established a working group to provide guidance on the application of these recommendations to CCPs that clear OTC derivatives products and to develop a set of considerations for TRs in designing and operating their systems. The reports of this working group, Guidance on the application of 2004 CPSS-IOSCO recommendations for central counterparties to OTC derivatives CCPs and Considerations for trade repositories in OTC derivatives markets, were issued as consultative reports in May 2010. The feedback received from the consultative process on these reports has been incorporated into this report. 1.6. In February 2010, the CPSS and the Technical Committee of IOSCO launched a comprehensive review of the three existing sets of standards for FMIs – the CPSIPS, RSSS, and RCCP – in support of the FSB’s broader efforts to strengthen core financial infrastructures and markets by ensuring that gaps in international standards are identified and addressed. 4 The CPSS and the Technical Committee of IOSCO also identified the review as an opportunity to harmonise and, where appropriate, strengthen the three sets of standards. The lessons from the recent financial crisis, the experience of using the existing international standards, and recent policy and analytical work by the CPSS, the Technical Committee of IOSCO, the Basel Committee on Banking Supervision (BCBS), and others were incorporated into the review. This report, containing a unified set of standards, is the result of that review. The standards in Section 3 of this report replace the CPSIPS, RSSS, and RCCP standards insofar as they are directed specifically to FMIs. Mappings of the new standards to the CPSIPS, RSSS, and RCCP standards are provided in Annexes A and B. 1.7. A full reconsideration of the marketwide recommendations from the RSSS was not undertaken as part of this review. Those recommendations remain in effect. Specifically, RSSS Recommendation 2 on trade confirmation, RSSS Recommendation 3 on settlement cycles, RSSS Recommendation 4 on central counterparties, RSSS Recommendation 5 on 3 The definition of the term “securities settlement system” in the RSSS is the full set of institutional arrangements for confirmation, clearance, and settlement of securities trades and safekeeping of securities. This definition differs from the definition of SSS in this report, which is more narrowly defined (see paragraph 1.12). 4 The CPSIPS, RSSS, and RCCP are currently included in the FSB’s Key Standards for Sound Financial Systems. 6 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 securities lending, RSSS Recommendation 6 on central securities depositories, and RSSS Recommendation 12 on protection of customers’ securities remain in effect. These recommendations are provided in Annex C for reference. In addition to keeping RSSS Recommendations 6 and 12, this report contains focused principles on the risk management of CSDs (see Principle 11) and on the segregation and portability of assets and positions held by a CCP (see Principle 14). The CPSS and Technical Committee of IOSCO may conduct a full review of the marketwide standards in the future. FMIs: definition, organisation, and function 1.8. For the purposes of this report, an FMI is defined as a multilateral system among participating institutions, including the operator of the system, used for the purposes of clearing, settling, or recording payments, securities, derivatives, or other financial transactions. 5 FMIs typically establish a set of common rules and procedures for all participants, a technical infrastructure, and a specialised risk-management framework appropriate to the risks they incur. FMIs provide participants with centralised clearing, settlement, and recording of financial transactions among themselves or between each of them and a central party to allow for greater efficiency and reduced costs and risks. Through the centralisation of specific activities, FMIs also allow participants to manage their risks more efficiently and effectively, and, in some instances, eliminate certain risks. FMIs can also promote increased transparency in particular markets. Some FMIs are critical to helping central banks conduct monetary policy and maintain financial stability. 6 1.9. FMIs can differ significantly in organisation, function, and design. FMIs can be legally organised in a variety of forms, including associations of financial institutions, nonbank clearing corporations, and specialised banking organisations. FMIs may be owned and operated by a central bank or by the private sector. FMIs may also operate as for-profit or not-for-profit entities. Depending on organisational form, FMIs can be subject to different licensing and regulatory schemes within and across jurisdictions. For example, bank and non-bank FMIs are often regulated differently. For the purposes of this report, the definition of an FMI includes five key types of FMIs: payment systems, CSDs, SSSs, CCPs, and TRs. There can be significant variation in design among FMIs with the same function. For example, some FMIs use real-time settlement, while others may use deferred settlement. Some FMIs settle individual transactions while others settle batches of transactions. Annex D provides greater detail on different designs for payment systems, SSSs, and CCPs. 5 The general analytical approach of this report is to consider FMIs as multilateral systems, inclusive of their participants, as stated in the definition of FMI. In market parlance, however, the term FMI may be used to refer only to a legal or functional entity that is set up to carry out centralised, multilateral payment, clearing, settlement, or recording activities and, in some contexts, may exclude the participants that use the system. This difference in terminology or usage may introduce ambiguity at certain points in the report. To address this issue, the report may refer to an FMI and its participants, or to an FMI including its participants, to emphasize the coverage of a principle or other text where this is not clear from the context. The definition of FMIs excludes bilateral relationships between financial institutions and their customers, such as traditional correspondent banking. 6 Typically, the effective implementation of monetary policy depends on the orderly settlement of transactions and the efficient distribution of liquidity. For example, many central banks implement monetary policy by influencing short-term interest rates through the purchase and sale of certain financial instruments, such as government securities or foreign exchange, or through collateralised lending. It is important that FMIs be safe and efficient and allow for the reliable transfer of funds and securities between the central bank, its counterparties, and the other participants in the financial system so that the effect of monetary policy transactions can be spread widely and quickly throughout the economy. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 7 Payment systems 1.10. A payment system is a set of instruments, procedures, and rules for the transfer of funds between or among participants; the system includes the participants and the entity operating the arrangement. Payment systems are typically based on an agreement between or among participants and the operator of the arrangement, and the transfer of funds is effected using an agreed-upon operational infrastructure. A payment system is generally categorised as either a retail payment system or a large-value payment system (LVPS). A retail payment system is a funds transfer system that typically handles a large volume of relatively low-value payments in such forms as cheques, credit transfers, direct debits, and card payment transactions. Retail payment systems may be operated either by the private sector or the public sector, using a multilateral deferred net settlement (DNS) or a real-time gross settlement (RTGS) mechanism. 7 An LVPS is a funds transfer system that typically handles large-value and high-priority payments. In contrast to retail systems, many LVPSs are operated by central banks, using an RTGS or equivalent mechanism. Central securities depositories 1.11. A central securities depository provides securities accounts, central safekeeping services, and asset services, which may include the administration of corporate actions and redemptions, and plays an important role in helping to ensure the integrity of securities issues (that is, ensure that securities are not accidentally or fraudulently created or destroyed or their details changed). A CSD can hold securities either in physical form (but immobilised) or in dematerialised form (that is, they exist only as electronic records). The precise activities of a CSD vary based on jurisdiction and market practices. For example, the activities of a CSD may vary depending on whether it operates in a jurisdiction with a direct or indirect holding arrangement or a combination of both. 8 A CSD may maintain the definitive record of legal ownership for a security; in some cases, however, a separate securities registrar will serve this notary function. 9 In many countries, a CSD also operates a securities settlement system (as defined in paragraph 1.12), but unless otherwise specified, this report adopts a narrower definition of CSD that does not include securities settlement functions. 10 Securities settlement systems 1.12. A securities settlement system enables securities to be transferred and settled by book entry according to a set of predetermined multilateral rules. Such systems allow transfers of securities either free of payment or against payment. When transfer is against payment, many systems provide delivery versus payment (DvP), where delivery of the security occurs if and only if payment occurs. An SSS may be organised to provide additional securities clearing and settlement functions, such as the confirmation of trade and settlement instructions. The definition of an SSS in this report is narrower than the one used in the RSSS, which defined an SSS broadly to include the full set of institutional arrangements for confirmation, clearance, and settlement of securities trades and safekeeping of securities 7 In some countries, these retail payment systems may be systemically important systems. 8 In a direct holding system, each beneficial or direct owner of the security is known to the CSD or the issuer. In some countries, the use of direct holding systems is required by law. Alternatively, an indirect holding system employs a multi-tiered arrangement for the custody and transfer of ownership of securities (or the transfer of similar interests therein) in which investors are identified only at the level of their custodian or intermediary. 9 A securities registrar is an entity that provides the service of preparing and recording accurate, current, and complete securities registers for securities issuers. 10 In market practice, CSDs often perform SSS functions. See paragraph 1.22, which discusses the approach of this report for entities that perform combined functions of more than one type of FMI, as defined in this report. 8 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 across a securities market. For example, the RSSS definition for SSSs included CSDs and CCPs, as well as commercial bank functions involving securities transfers. In this report, CSDs and CCPs are treated as separate types of FMIs. As noted above, in many countries, CSDs also operate an SSS. Central counterparties 1.13. A central counterparty interposes itself between counterparties to contracts traded in one or more financial markets, becoming the buyer to every seller and the seller to every buyer and thereby ensuring the performance of open contracts. 11 A CCP becomes counterparty to trades with market participants through novation, an open-offer system, or through an analogous legally binding arrangement. 12 CCPs have the potential to reduce significantly risks to participants through the multilateral netting of trades and by imposing more-effective risk controls on all participants. For example, CCPs typically require participants to provide collateral (in the form of initial margin and other financial resources) to cover current and potential future exposures. CCPs may also mutualise certain risks through devices such as default funds. As a result of their potential to reduce risks to participants, CCPs also can reduce systemic risk in the markets they serve. The effectiveness of a CCP’s risk controls and the adequacy of its financial resources are critical to achieving these riskreduction benefits. Trade repositories 1.14. A trade repository is an entity that maintains a centralised electronic record (database) of transaction data. 13 TRs have emerged as a new type of FMI and have recently grown in importance, particularly in the OTC derivatives market. By centralising the collection, storage, and dissemination of data, a well-designed TR that operates with effective risk controls can serve an important role in enhancing the transparency of transaction information to relevant authorities and the public, promoting financial stability, and supporting the detection and prevention of market abuse. An important function of a TR is to provide information that supports risk reduction, operational efficiency and effectiveness, and cost savings for both individual entities and the market as a whole. Such entities may include the principals to a trade, their agents, CCPs, and other service providers offering complementary services, including central settlement of payment obligations, electronic novation and affirmation, portfolio compression and reconciliation, and collateral 11 In markets where a CCP does not exist, a guarantee arrangement may provide market participants with some degree of protection against losses from counterparty defaults. Such arrangements typically are organised and managed by the CSD or SSS for a market or by some other market operator. A guarantee typically is viewed as desirable or even necessary where market rules or other features make it practically impossible for market participants to manage their counterparty credit risks bilaterally. Guarantee arrangements vary greatly from simple insurance-based schemes to more-sophisticated structures comparable to a CCP. 12 Through novation, the original contract between the buyer and seller is extinguished and replaced by two new contracts, one between the CCP and the buyer, and the other between the CCP and the seller. In an openoffer system, a CCP is automatically and immediately interposed in a transaction at the moment the buyer and seller agree on the terms. 13 The functions of a TR may, where permitted by applicable law, also be performed by a payment system, CSD, or CCP in addition to its core functions. A TR may also provide or support ancillary services such as the management of trade life-cycle events and downstream trade-processing services based on the records it maintains. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 9 management. 14 Because the data maintained by a TR may be used by a number of stakeholders, the continuous availability, reliability, and accuracy of such data are critical. Box 1 Public policy benefits of trade repositories The primary public policy benefits of a TR, which stem from the centralisation and quality of the data that a TR maintains, are improved market transparency and the provision of this data to relevant authorities and the public in line with their respective information needs. Timely and reliable access to data stored in a TR has the potential to improve significantly the ability of relevant authorities and the public to identify and evaluate the potential risks posed to the broader financial system (see Principle 24 on disclosure of market data by TRs). Relevant authorities, in particular, should have effective and practical access to data stored in a TR, including participant-level data, which such authorities require to carry out their respective regulatory mandates and legal responsibilities. A TR may serve a number of stakeholders that depend on having effective access to TR services, both to submit and retrieve data. In addition to relevant authorities and the public, other stakeholders can include exchanges, electronic trading venues, confirmation or matching platforms, and third-party service providers that use TR data to offer complementary services. It is essential, therefore, for a TR to design its access policies and terms of use in a manner that supports fair and open access to its services and data (see Principle 18 on access and participation requirements). Another important benefit of a TR is its promotion of standardisation through the provision of a common technical platform that requires consistency in data formats and representations. The result is a centralised store of transaction data with greater usefulness and reliability than when the data are dispersed. Central banks, market regulators, and other relevant authorities for TRs have a responsibility to mutually support each other’s access to data in which they have a material interest as part of their regulatory, supervisory, and oversight responsibilities, consistent with the G20 Declaration at the 15 2010 Toronto Summit. As market infrastructures continue to evolve, TRs may develop for a variety of products and asset classes both within and across particular jurisdictions, and cooperation among authorities will become increasingly important (see Responsibility E on cooperation with other authorities). Efforts should be made to remove any legal obstacles or restrictions to enable appropriate, effective, and practical access to data by relevant authorities, provided such authorities are subject to appropriate confidentiality safeguards. Public policy objectives: safety and efficiency 1.15. The main public policy objectives of the CPSS and the Technical Committee of IOSCO in setting forth these principles for FMIs are to enhance safety and efficiency in payment, clearing, settlement, and recording arrangements, and more broadly, to limit 14 For some TRs, participants may agree that an electronic transaction record maintained in the TR provides the official economic details of a legally binding contract. This enables trade details to be used for providing additional services. 15 The Declaration of the G20, 2010 Toronto Summit, annex II, paragraph 25, provides: “We pledged to work in a coordinated manner to accelerate the implementation of over-the-counter (OTC) derivatives regulation and supervision and to increase transparency and standardization. We reaffirm our commitment to trade all standardised OTC derivatives contracts on exchanges or electronic trading platforms, where appropriate, and clear through central counterparties (CCPs) by end-2012 at the latest. OTC derivative contracts should be reported to trade repositories (TRs). We will work toward the establishment of CCPs and TRs in line with global standards and ensure that national regulators and supervisors have access to all relevant information.” The complete declaration is available at http://www.g20.org. 10 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 16 systemic risk and foster transparency and financial stability. Poorly designed and operated FMIs can contribute to and exacerbate systemic crises if the risks of these systems are not adequately managed, and as a result, financial shocks could be passed from one participant or FMI to others. The effects of such a disruption could extend well beyond the FMIs and their participants, threatening the stability of domestic and international financial markets and the broader economy. In contrast, robust FMIs have been shown to be an important source of strength in financial markets, giving market participants the confidence to fulfil their obligations on time, even in periods of market stress. In relation to CCPs, the objectives of safety and efficiency are even more pertinent because national authorities have required or proposed the mandatory use of centralised clearing in an increasing number of financial markets. Achieving the public policy objectives 1.16. Market forces alone will not necessarily achieve fully the public policy objectives of safety and efficiency because FMIs and their participants do not necessarily bear all the risks and costs associated with their payment, clearing, settlement, and recording activities. Moreover, the institutional structure of an FMI may not provide strong incentives or mechanisms for safe and efficient design and operation, fair and open access, or the protection of participant and customer assets. In addition, participants may not consider the full impact of their actions on other participants, such as the potential costs of delaying payments or settlements. Overall, an FMI and its participants may generate significant negative externalities for the entire financial system and real economy if they do not adequately manage their risks. In addition, factors such as economies of scale, barriers to entry, or even legal mandates, may limit competition and confer market power on an FMI, which could lead to lower levels of service, higher prices, or under-investment in riskmanagement systems. Caution is needed, however, as excessive competition between FMIs may lead to a competitive lowering of risk standards. Safety as a public policy objective 1.17. To ensure their safety and promote financial stability more broadly, FMIs should robustly manage their risks. An FMI should first identify and understand the types of risks that arise in or are transmitted by the FMI and then determine the sources of these risks. Once these risks are properly assessed, appropriate and effective mechanisms should be developed to monitor and manage them. These risks, described in Section 2 of the report, include (but are not limited to) legal, credit, liquidity, general business, custody, investment, and operational risks. The principles for FMIs in this report provide guidance to FMIs and authorities on the identification, monitoring, mitigation, and management of the full range of these risks. Efficiency as a public policy objective 1.18. An FMI should be not only safe, but also efficient. Efficiency refers generally to the use of resources by FMIs and their participants in performing their functions. Efficient FMIs contribute to well-functioning financial markets. An FMI that operates inefficiently may distort financial activity and the market structure, affecting not only its participants, but also its 16 These objectives are consistent with the public policy objectives of previous reports by the CPSS and the Technical Committee of IOSCO. Other objectives, which include anti-money laundering, antiterrorist financing, data privacy, promotion of competition policy, and specific types of investor and consumer protections, can play important roles in the design of such systems, but these issues are generally beyond the scope of this and previous reports. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 11 participants’ customers. These distortions may lead to lower aggregate levels of efficiency and safety, as well as increased risks within the broader financial system. In making choices about design and operation, however, FMIs ultimately should not let other considerations take precedence over the establishment of prudent risk-management practices. Scope of the principles for FMIs 1.19. The principles in this report provide guidance for addressing risks and efficiency in FMIs. With a few exceptions, the principles do not prescribe a specific tool or arrangement to achieve their requirements and allow for different means to satisfy a particular principle. Where appropriate, some principles establish a minimum requirement to help contain risks and provide for a level playing field. The principles are designed to be applied holistically because of the significant interaction between principles; principles should be applied as a set and not on a stand-alone basis. Some principles build upon others and some complement each other. 17 In other instances, the principles reference an important, common theme. 18 A few principles, such as those on governance and operational risk, include references to best practices for FMIs, which may evolve and improve over time. FMIs and their authorities should consider such best practices, as appropriate. In addition, authorities have the flexibility to consider imposing higher requirements for FMIs in their jurisdiction either on the basis of specific risks posed by an FMI or as a general policy. General applicability of the principles 1.20. The principles in this report are broadly designed to apply to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs. FMIs that are determined by national authorities to be systemically important are expected to observe these principles. Where they exist, statutory definitions of systemic importance may vary somewhat across jurisdictions, but in general a payment system is systemically important if it has the potential to trigger or transmit systemic disruptions; this includes, among other things, systems that are the sole payment system in a country or the principal system in terms of the aggregate value of payments; systems that mainly handle time-critical, high-value payments; and systems that settle payments used to effect settlement in other systemically important FMIs. 19 The presumption is that all CSDs, SSSs, CCPs, and TRs are systemically important, at least in the jurisdiction where they are located, typically because of their critical roles in the markets they serve. If an authority determines that a CSD, SSS, CCP or TR in its jurisdiction is not systemically important and, therefore, not subject to the principles, the authority should disclose the name of the FMI and a clear and comprehensive rationale for the determination. Conversely, an authority may disclose the criteria used to identify which FMIs are considered as systemically important and may disclose which FMIs it regards as systemically important against these criteria. These principles are designed to apply to domestic, cross-border, and multicurrency FMIs. All FMIs are encouraged to observe these principles. 17 For example, in managing financial risk, FMIs should refer to, among other things, the principles on the framework for the comprehensive management of risks, credit risk, collateral, margin, liquidity risk, money settlements, and exchange-of-value settlement systems. Other relevant principles include legal basis, governance, participant-default rules and procedures, general business risk, custody and investment risks, and operational risk. Failure to apply all of these principles as a set may result in less-than-robust overall risk management by an FMI. 18 For example, the roles of governance and transparency in managing risk and supporting sound public policy are addressed in Principles 2 and 23, respectively. Because of the general importance and relevance of governance and transparency, they are also referred to in several other principles. 19 These criteria for systemic importance mirror those outlined in the CPSIPS. 12 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Specific applicability of principles to different types of FMIs 1.21. Most principles in this report are applicable to all types of FMIs covered by the report. However, a few principles are only relevant to specific types of FMIs (see Table 1 for general applicability of principles to specific types of FMIs and Annex E for applicability of key considerations to specific types of FMIs). For example, because TRs do not face credit or liquidity risks, the principles on credit and liquidity risks are not applicable to them, while Principle 24 on disclosure of market data by TRs applies only to TRs. In addition, where a principle applies in a specific way to a particular type of FMI, the report tries to provide appropriate direction. For example, Principle 4 on credit risk provides specific guidance to payment systems, SSSs, and CCPs. 1.22. The applicability of the principles and key considerations to specific types of FMIs, as shown in Table 1, is based on the functional definitions of each type of FMI, provided in paragraphs 1.10 to 1.14. In certain cases, however, the same legal entity may perform the functions of more than one type of FMI. For example, many CSDs also operate an SSS, and some payment systems perform certain functions similar to a CCP. In other cases, the definition of a particular type of FMI in a particular jurisdiction may differ from the definition of that type of FMI in this report. In all cases, the set of principles applicable to an FMI are those that address the functions performed by the particular entity. 1.23. In general, the principles are applicable to FMIs operated by central banks, as well as those operated by the private sector. Central banks should apply the same standards to their FMIs as those that are applicable to similar private-sector FMIs. However, there are exceptional cases where the principles are applied differently to FMIs operated by central banks due to requirements in relevant law, regulation, or policy. For example, central banks may have separate public policy objectives and responsibilities for monetary and liquidity policies that take precedence. Such exceptional cases are referenced in (a) Principle 2 on governance, (b) Principle 4 on credit risk, (c) Principle 5 on collateral, (d) Principle 15 on general business risk, and (e) Principle 18 on access and participation requirements. In some cases, FMIs operated by central banks may be required by the relevant legislative framework or by a central bank’s public policy objectives to exceed the requirements of one or more principles. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 13 Table 11 General applicability of principles to specific types of FMIs Principle PSs CSDs SSSs CCPs TRs 1. Legal basis ● ● ● ● ● 2. Governance ● ● ● ● ● 3. Framework for the comprehensive management of risks ● ● ● ● ● 4. Credit risk ● ● ● 5. Collateral ● ● ● ● 6. Margin 7. Liquidity risk ● ● ● 8. Settlement finality ● ● ● 9. Money settlements ● ● ● ● ● ● ● ● ● 10. Physical deliveries ● 11. Central securities depositories ● 12. Exchange-of-value settlement systems ● 13. Participant-default rules and procedures ● ● ● 14. Segregation and portability 15. General business risk ● ● ● ● 16. Custody and investment risks ● ● ● ● 17. Operational risk ● ● ● ● ● 18. Access and participation requirements ● ● ● ● ● 19. Tiered participation arrangements ● ● ● ● ● ● ● ● ● 20. FMI links ● 21. Efficiency and effectiveness ● ● ● ● ● 22. Communication procedures and standards ● ● ● ● ● 23. Disclosure of rules, key procedures, and market data ● ● ● ● ● 24. Disclosure of market data by trade repositories ● 1 This table depicts the applicability of the principles to each type of FMI as defined in paragraphs 1.10-1.14. If an FMI performs the functions of more than one type of FMI, all of the principles that address the actual functions performed by the particular FMI will apply in practice. FMI recovery and resolution 1.24. The focus of this report and its principles is on ensuring that FMIs operate as smoothly as possible in normal circumstances and in times of market stress. Nonetheless, it is possible that in certain extreme circumstances, and all preventive measures notwithstanding, an FMI may become non-viable as a going concern or insolvent. Given the systemic importance of the FMIs to which the principles in this report are addressed, the disorderly failure of an FMI would likely lead to systemic disruptions to the institutions and markets supported by the FMI, to any other FMIs to which the failing FMI is linked, and to the financial system more broadly. The negative implications would be particularly severe in situations in which no other FMI could promptly and effectively provide a substitute for the critical operations and services of the failing FMI. 14 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 1.25. In the event that an FMI becomes non-viable as a going concern or insolvent, it is important that appropriate actions be taken that allow (a) the recovery of the FMI so that its critical operations and services may be sustained, or (b) the winding down of the non-viable FMI in an orderly manner, for instance by transferring the FMI’s critical operations and services to an alternate entity. Depending on the specific situation and the powers and tools available to authorities in relevant jurisdictions, these actions may be implemented by the FMI itself, by the relevant authorities, or by a combination of both. The principles in this report identify a number of measures that FMIs should take to prepare for and facilitate the implementation of their own recovery or orderly wind-down plans, if needed. Issues and analysis related to the potential necessity, design, and implementation of additional official resolution regimes for FMIs, including the resolution powers and tools that may be useful for relevant authorities in such regimes, will be the focus of separate CPSS-IOSCO work, which will build, as far as possible, on the previous work by the FSB on effective resolution regimes for financial institutions. 20 Access to FMIs 1.26. Access to an FMI is typically important because of the critical role many FMIs play in the markets they serve. In general, an FMI should establish appropriate access policies that provide fair and open access, while ensuring its own safety and efficiency. Access to CCPs in particular is even more important in light of the 2009 G20 commitment to centrally clear all standardised OTC derivatives by the end of 2012. 21 In its November 2011 report, the Committee on the Global Financial System (CGFS) considered potential implications of alternative access arrangements, such as access through direct participation in global CCPs, tiered participation arrangements, establishment of local CCPs, and links between CCPs. 22 The principles in this current report focus on the identification, monitoring, mitigation, and management of risks posed to the FMI by such arrangements and provides guidance on access and participation requirements (see Principle 18), the management of tiered participation arrangements (see Principle 19), and FMI links (see Principle 20). Tiered participation arrangements 1.27. Tiered participation arrangements occur when some firms (indirect participants) rely on the services provided by other firms (direct participants) to use the FMI’s central payment, clearing, settlement, or recording facilities. Tiered participation arrangements may allow wider access to the services of an FMI. The dependencies and risk exposures (including credit, liquidity, and operational risks) inherent in these tiered arrangements can, however, present risks to the FMI and its smooth functioning, as well as to the participants themselves and the broader financial markets. These risks may be particularly acute for systems with a high degree of tiering. Principle 19 provides guidance on how an FMI should address risks to itself arising from tiered participation arrangements. Additional issues relating to indirect participants are addressed in (a) Principle 1 on legal basis, (b) Principle 2 on governance, (c) Principle 3 on the framework for the comprehensive management of risks, (d) Principle 13 on participant-default rules and procedures, (e) Principle 14 on segregation and portability, (f) Principle 18 on access and participation requirements, and (g) Principle 23 on disclosure of rules, key procedures, and market data. 20 See FSB, Key attributes of effective resolution regimes for financial institutions, October 2011. 21 See The Declaration of the G20, 2009 Pittsburgh Summit, which is available at http://www.g20.org. 22 See CGFS, The macrofinancial implications of alternative configurations for access to central counterparties in OTC derivatives markets, November 2011. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 15 Interdependencies and interoperability 1.28. The different forms of interdependencies, including interoperability, are addressed in this report in various principles, including Principle 20 which explicitly addresses FMI links and their risk management. In addition, interdependencies are covered in (a) Principle 2 on governance, which states that FMIs should consider the interests of the broader markets; (b) Principle 3 on the framework for the comprehensive management of risks, which states that FMIs should consider the relevant risks that they bear from and pose to other entities; (c) Principle 17 on operational risk which states that an FMI should identify, monitor, and manage the risks that other FMIs pose to its operations and the risks its operations pose to other FMIs; (d) Principle 18 on access and participation requirements, which states that FMIs should provide fair and open access, including to other FMIs; (e) Principle 21 on efficiency and effectiveness, which states that FMIs should be designed to meet the needs of their participants; and (f) Principle 22 on communication procedures and standards, which states that FMIs should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards. The combination of these principles should achieve a strong and balanced approach to interoperability. Scope of the responsibilities of central banks, market regulators, and other relevant authorities for financial market infrastructures Section 4 of this report outlines five responsibilities for central banks, market 1.29. regulators, and other relevant authorities for FMIs and provides guidance for consistent and effective regulation, supervision, and oversight of FMIs. Authorities for FMIs should accept and be guided by the responsibilities in this report, consistent with relevant national law. While each individual FMI is responsible for observing these principles, effective regulation, supervision, and oversight are necessary to ensure observance and induce change. Authorities should cooperate with each other both domestically and internationally to strengthen official oversight and supervision and to minimise the potential duplication of effort and reduce the burden on the FMI and the relevant authorities. These responsibilities are consistent with international best practices. Other CPSS and IOSCO guidance to authorities on the regulation, supervision, and oversight of FMIs also may be relevant. Implementation, use, and assessments of observance of the principles and responsibilities 1.30. Relevant authorities should strive to incorporate the principles and the responsibilities in this report in their legal and regulatory framework by the end of 2012. To the fullest extent permissible under national statutory regimes, these authorities should seek to incorporate the principles into their respective activities as soon as possible. FMIs that are subject to the principles are expected to take appropriate and swift action in order to observe the principles. 1.31. FMIs should apply the principles on an ongoing basis in the operation of their business, including when reviewing their own performance, assessing or proposing new services, or proposing changes to risk controls. FMIs should communicate the outcome of their findings as part of their regular dialogue with relevant authorities. FMIs are also expected to complete the CPSS-IOSCO Disclosure framework for financial market infrastructures (see also Principle 23 on disclosure of rules, key procedures, and market data). 1.32. Central banks, market regulators, and other relevant authorities, consistent with their respective responsibilities for regulation, supervision, and oversight of an FMI, are expected to perform their own assessments of the FMI. If an FMI does not fully observe the principles, actions should be taken to promote full observance. The summary of the authorities’ 16 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 assessments should be publicly disclosed, where and to the extent consistent with national law and practice. 1.33. International financial institutions, such as the International Monetary Fund and the World Bank, may also use these principles and responsibilities in promoting the stability of the financial sector when carrying out assessment programmes for FMIs and relevant authorities and in providing technical assistance to particular countries. 1.34. The CPSS-IOSCO Assessment methodology for the principles for FMIs and the responsibilities of authorities provides guidance for assessing and monitoring observance of the principles and responsibilities. This assessment methodology is primarily intended for external assessors at the international level, in particular the international financial institutions. It also provides a baseline for national authorities to assess observance of the principles by the FMIs under their oversight or supervision or to self-assess the way they discharge their own responsibilities as regulators, supervisors, and overseers. National authorities may use this assessment methodology as written or consider it in the development of equally effective methodologies for their national oversight or supervision processes. 1.35. The CPSS-IOSCO Disclosure framework for financial market infrastructures and the CPSS-IOSCO Assessment methodology for the principles for FMIs and the responsibilities of authorities are published separately. Organisation of the report 1.36. This report has four sections. Following this introduction (Section 1), the report provides an overview of the key risks in FMIs (Section 2). The principles for FMIs are then discussed in detail (Section 3) followed by the responsibilities of central banks, market regulators, and other relevant authorities for FMIs (Section 4). For each standard, there is a list of key considerations that further explain the headline standard. An accompanying explanatory note discusses the objective and rationale of the standard and provides guidance on how the standard can be implemented. Where appropriate, annexes provide additional information or guidance. In addition, compendium notes, which provide more detailed notes and additional information on specific topics, are published separately; these notes, however, do not represent additional requirements. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 17 2.0. Overview of key risks in financial market infrastructures 2.1. FMIs are generally sophisticated multilateral systems that handle significant transaction volumes and sizable monetary values. Through the centralisation of certain activities, FMIs allow participants to manage their risks more effectively and efficiently, and, in some instances, reduce or eliminate certain risks. By performing centralised activities, however, FMIs concentrate risks and create interdependencies between and among FMIs and participating institutions. In addition to discussing systemic risk, this section of the report provides an overview of specific key risks faced by FMIs. These include legal, credit, liquidity, general business, custody, investment, and operational risks. Whether an FMI, its participants, or both face a particular form of risk, as well as the degree of risk, will depend on the type of FMI and its design. Systemic risk 2.2. Safe and efficient FMIs mitigate systemic risk. FMIs may themselves face systemic risk, however, because the inability of one or more participants to perform as expected could cause other participants to be unable to meet their obligations when due. In such circumstances, a variety of “knock-on” effects are possible, and an FMI’s inability to complete settlement could have significant adverse effects on the markets it serves and the broader economy. These adverse effects, for example, could arise from unwinding or reversing payments or deliveries; delaying the settlement or close out of guaranteed transactions; or immediately liquidating collateral, margin, or other assets at fire sale prices. If an FMI were to take such steps, its participants could suddenly be faced with significant and unexpected credit and liquidity exposures that might be extremely difficult to manage at the time. This, in turn, might lead to further disruptions in the financial system and undermine public confidence in the safety, soundness, and reliability of the financial infrastructure. 2.3. More broadly, FMIs may be linked to or dependent upon one another, may have common participants, and may serve interconnected institutions and markets. Complex interdependencies may be a normal part of an FMI’s structure or operations. In many cases, interdependencies have facilitated significant improvements in the safety and efficiency of FMIs’ activities and processes. Interdependencies, however, can also present an important source of systemic risk. 23 For example, these interdependencies raise the potential for disruptions to spread quickly and widely across markets. If an FMI depends on the smooth functioning of one or more FMIs for its payment, clearing, settlement, and recording processes, a disruption in one FMI can disrupt other FMIs simultaneously. These interdependencies, consequently, can transmit disruptions beyond a specific FMI and its participants and affect the broader economy. Legal risk 2.4. For the purposes of this report, legal risk is the risk of the unexpected application of a law or regulation, usually resulting in a loss. Legal risk can also arise if the application of relevant laws and regulations is uncertain. For example, legal risk encompasses the risk that a counterparty faces from an unexpected application of a law that renders contracts illegal or unenforceable. Legal risk also includes the risk of loss resulting from a delay in the recovery of financial assets or a freezing of positions resulting from a legal procedure. In cross-border as well as some national contexts, different bodies of law can apply to a single transaction, 23 18 See also CPSS, The interdependencies of payment and settlement systems, June 2008. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 activity, or participant. In such instances, an FMI and its participants may face losses resulting from the unexpected application of a law, or the application of a law different from that specified in a contract, by a court in a relevant jurisdiction. Credit risk 2.5. FMIs and their participants may face various types of credit risk, which is the risk that a counterparty, whether a participant or other entity, will be unable to meet fully its financial obligations when due, or at any time in the future. FMIs and their participants may face replacement-cost risk (often associated with pre-settlement risk) and principal risk (often associated with settlement risk). Replacement-cost risk is the risk of loss of unrealised gains on unsettled transactions with a counterparty (for example, the unsettled transactions of a CCP). The resulting exposure is the cost of replacing the original transaction at current market prices. Principal risk is the risk that a counterparty will lose the full value involved in a transaction, for example, the risk that a seller of a financial asset will irrevocably deliver the asset but not receive payment. Credit risk can also arise from other sources, such as the failure of settlement banks, custodians, or linked FMIs to meet their financial obligations. Liquidity risk 2.6. FMIs and their participants may face liquidity risk, which is the risk that a counterparty, whether a participant or other entity, will have insufficient funds to meet its financial obligations as and when expected, although it may be able to do so in the future. Liquidity risk includes the risk that a seller of an asset will not receive payment when due, and the seller may have to borrow or liquidate assets to complete other payments. It also includes the risk that a buyer of an asset will not receive delivery when due, and the buyer may have to borrow the asset in order to complete its own delivery obligation. Thus, both parties to a financial transaction are potentially exposed to liquidity risk on the settlement date. Liquidity problems have the potential to create systemic problems, particularly if they occur when markets are closed or illiquid or when asset prices are changing rapidly, or if they create concerns about solvency. Liquidity risk can also arise from other sources, such as the failure or the inability of settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs to perform as expected. General business risk 2.7. In addition, FMIs face general business risks, which are the risks related to the administration and operation of an FMI as a business enterprise, excluding those related to the default of a participant or another entity, such as a settlement bank, global custodian, or another FMI. General business risk refers to any potential impairment of the financial condition (as a business concern) of an FMI due to declines in its revenues or growth in its expenses, resulting in expenses exceeding revenues and a loss that must be charged against capital. Such impairment may be a result of adverse reputational effects, poor execution of business strategy, ineffective response to competition, losses in other business lines of the FMI or its parent, or other business factors. Business-related losses also may arise from risks covered by other principles, for example, legal or operational risk. A failure to manage general business risk could result in a disruption of an FMI’s business operations. Custody and investment risks 2.8. FMIs may also face custody and investment risks on the assets that they own and those they hold on behalf of their participants. Custody risk is the risk of loss on assets held in custody in the event of a custodian’s (or sub-custodian’s) insolvency, negligence, fraud, CPSS-IOSCO – Principles for financial market infrastructures – April 2012 19 poor administration, or inadequate recordkeeping. Investment risk is the risk of loss faced by an FMI when it invests its own or its participants’ resources, such as collateral. These risks can be relevant not only to the costs of holding and investing resources but also to the safety and reliability of an FMI’s risk-management systems. The failure of an FMI to properly safeguard its assets could result in credit, liquidity, and reputational problems for the FMI itself. Operational risk 2.9. All FMIs face operational risk, which is the risk that deficiencies in information systems or internal processes, human errors, management failures, or disruptions from external events will result in the reduction, deterioration, or breakdown of services provided by an FMI. These operational failures may lead to consequent delays, losses, liquidity problems, and in some cases systemic risks. Operational deficiencies also can reduce the effectiveness of measures that FMIs may take to manage risk, for example, by impairing their ability to complete settlement, or by hampering their ability to monitor and manage their credit exposures. In the case of TRs, operational deficiencies could limit the usefulness of the transaction data maintained by a TR. Possible operational failures include errors or delays in processing, system outages, insufficient capacity, fraud, and data loss and leakage. Operational risk can stem from both internal and external sources. For example, participants can generate operational risk for FMIs and other participants, which could result in liquidity or operational problems within the broader financial system. Box 2 Risk considerations for trade repositories TRs face risks that, if not controlled effectively, could have a material negative impact on the markets they serve. The primary risk to a TR is operational risk, although other risks may hamper its safe and efficient functioning. As part of its core recordkeeping function, a TR must ensure that the data it maintains is accurate and current in order to serve as a reliable central data source. The continuous availability of data stored in a TR is also essential. Specific operational risks that a TR must manage include risks to data integrity, data security, and business continuity. Because the data recorded by a TR may be used as inputs to the activities of the TR’s participants, relevant authorities, and other parties, including other FMIs and service providers, all trade data collected, stored, and disseminated by a TR should be protected from corruption, loss, leakage, unauthorised access, and other processing risks. In addition, a TR may be part of a network linking various entities (such as CCPs, dealers, custodians, and service providers) and could transmit risk or cause processing delays to such linked entities in the event of an operational disruption. 20 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.0. Principles for financial market infrastructures General organisation The foundation of an FMI’s risk-management framework includes its authority, structure, rights, and responsibilities. The following set of principles provides guidance on (a) the legal basis for the FMI’s activities, (b) the governance structure of the FMI, and (c) the framework for the comprehensive management of risks, to help establish a strong foundation for the risk management of an FMI. Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key considerations 1. The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. 2. An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. 3. An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. 4. An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. 5. An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Explanatory note 3.1.1. A robust legal basis for an FMI’s activities in all relevant jurisdictions is critical to an FMI’s overall soundness. The legal basis defines, or provides the foundation for relevant parties to define, the rights and obligations of the FMI, its participants, and other relevant parties, such as its participants’ customers, custodians, settlement banks, and service providers. Most risk-management mechanisms are based on assumptions about the manner and time at which these rights and obligations arise through the FMI. Therefore, if risk management is to be sound and effective, the enforceability of rights and obligations relating to an FMI and its risk management should be established with a high degree of certainty. If the legal basis for an FMI’s activities and operations is inadequate, uncertain, or opaque, then the FMI, its participants, and their customers may face unintended, uncertain, or unmanageable credit or liquidity risks, which may also create or amplify systemic risks. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 21 Legal basis 3.1.2. The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. 24 The legal basis consists of the legal framework and the FMI’s rules, procedures, and contracts. The legal framework includes general laws and regulations that govern, among other things, property, contracts, insolvency, corporations, securities, banking, secured interests, and liability. In some cases, the legal framework that governs competition and consumer and investor protection may also be relevant. Laws and regulations specific to an FMI’s activities include those governing its authorization and its regulation, supervision, and oversight; rights and interests in financial instruments; settlement finality; netting; immobilisation and dematerialisation of securities; arrangements for DvP, PvP, or DvD; collateral arrangements (including margin arrangements); default procedures; and the resolution of an FMI. An FMI should establish rules, procedures, and contracts that are clear, understandable, and consistent with the legal framework and provide a high degree of legal certainty. An FMI also should consider whether the rights and obligations of the FMI, its participants, and as appropriate, other parties, as set forth in its rules, procedures, and contracts are consistent with relevant industry standards and market protocols. 3.1.3. An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers in a clear and understandable way. One recommended approach to articulating the legal basis for each material aspect of an FMI’s activities is to obtain well-reasoned and independent legal opinions or analyses. A legal opinion or analysis should, to the extent practicable, confirm the enforceability of the FMI’s rules and procedures and must provide reasoned support for its conclusions. An FMI should consider sharing these legal opinions and analyses with its participants in an effort to promote confidence among participants and transparency in the system. In addition, an FMI should seek to ensure that its activities are consistent with the legal basis in all relevant jurisdictions. These jurisdictions could include (a) those where an FMI is conducting business (including through linked FMIs); (b) those where its participants are incorporated, located, or otherwise conducting business for the purposes of participation; (c) those where collateral is located or held; and (d) those indicated in relevant contracts. 3.1.4. A TR’s rules, procedures, and contracts should be clear about the legal status of the transaction records that it stores. Most TRs store transaction data that do not represent legally enforceable trade records. For some TRs, however, participants may agree that the TR’s electronic transaction record provides the official economic details of a legally binding contract, which enables trade details to be used for the calculation of payment obligations and other events that may occur during the life of the transaction. A TR should identify and mitigate any legal risks associated with any such ancillary services that it may provide. Further, the legal basis should also determine the rules and procedures for providing access and disclosing data to participants, relevant authorities, and the public to meet their respective information needs, as well as data protection and confidentiality issues (see also Principle 24 on disclosure of market data by TRs). 24 22 The materiality of an aspect of an FMI´s activity has to be determined in light of this report’s objectives – enhancing safety and efficiency – and underlying principles. Therefore, an aspect of an FMI’s activities is or becomes material if it can be a source of a material risk, especially, but not limited to, credit, liquidity, general business, custody, investment, or operational risks. In addition, parts of the activity that have a significant effect on the FMI’s efficiency may also qualify as material aspects of the activity covered by the principle on legal basis. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Rights and interests 3.1.5. The legal basis should clearly define the rights and interests of an FMI, its participants, and, where relevant, its participants’ customers in the financial instruments, such as cash and securities, or other relevant assets held in custody, directly or indirectly, by the FMI. The legal basis should fully protect both a participant’s assets held in custody by the FMI and, where appropriate, a participant’s customer’s assets held by or through the FMI from the insolvency of relevant parties and other relevant risks. It should also protect these assets when held at a custodian or linked FMI. In particular, consistent with Principle 11 on CSDs and Principle 14 on segregation and portability, the legal basis should protect the assets and positions of a participant’s customers in a CSD and CCP. In addition, the legal basis should provide certainty, where applicable, with respect to an FMI’s interests in, and rights to use and dispose of, collateral; an FMI’s authority to transfer ownership rights or property interests; and an FMI’s rights to make and receive payments, in all cases, notwithstanding the bankruptcy or insolvency of its participants, participants’ customers, or custodian bank. 25 Also, the FMI should structure its operations so that its claims against collateral provided to it by a participant should have priority over all other claims, and the claims of the participant to that same collateral should have priority over the claims of thirdparty creditors. For TRs, the legal basis also should specifically define the rights and interests of participants and other relevant stakeholders with respect to the data stored in the TR’s systems. Settlement finality 3.1.6. There should be a clear legal basis regarding when settlement finality occurs in an FMI in order to define when key financial risks are transferred in the system, including the point at which transactions are irrevocable. Settlement finality is an important building block for risk-management systems (see also Principle 8). An FMI should consider, in particular, the actions that would need to be taken in the event of a participant’s insolvency. A key question is whether transactions of an insolvent participant would be honoured as final, or could be considered void or voidable by liquidators and relevant authorities. In some countries, for example, so-called “zero-hour rules” in insolvency law can have the effect of reversing a payment that appears to have been settled in a payment system. 26 Because this possibility can lead to credit and liquidity risks, zero-hour rules that undermine settlement finality should be eliminated. An FMI also should consider the legal basis for the external settlement mechanisms it uses, such as funds transfer or securities transfer systems. The laws of the relevant jurisdictions should support the provisions of the FMI’s legal agreements with its participants and settlement banks relating to finality. 25 Collateral arrangements may involve either a pledge or a title transfer, including transfer of full ownership. If an FMI accepts a pledge, it should have a high degree of certainty that the pledge has been validly created in the relevant jurisdiction and validly perfected, if necessary. If an FMI relies on a title transfer, including transfer of full ownership, it should have a high degree of certainty that the transfer is validly created in the relevant jurisdiction and will be enforced as agreed and not recharacterised, for example, as an invalid or unperfected pledge or some other unintended category of transaction. An FMI should also have a high degree of certainty that the transfer itself is not voidable as an unlawful preference under insolvency law. See also Principle 5 on collateral, Principle 6 on margin, and Principle 13 on participant-default rules and procedures. 26 In the context of payment systems, “zero-hour rules” make all transactions by a bankrupt participant void from the start (“zero hour”) of the day of the bankruptcy (or similar event). In an RTGS system, for example, the effect could be to reverse payments that have apparently already been settled and were thought to be final. In a DNS system, such a rule could cause the netting of all transactions to be unwound. This could entail a recalculation of all net positions and could cause significant changes to participants’ balances. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 23 Netting arrangements 3.1.7. If an FMI has a netting arrangement, the enforceability of the netting arrangement should have a sound and transparent legal basis. 27 In general, netting offsets obligations between or among participants in the netting arrangement, thereby reducing the number and value of payments or deliveries needed to settle a set of transactions. Netting can reduce potential losses in the event of a participant default and may reduce the probability of a default. 28 Netting arrangements should be designed to be explicitly recognised and supported under the law and enforceable against an FMI and an FMI’s failed participants in bankruptcy. Without such legal underpinnings, net obligations may be challenged in judicial or administrative insolvency proceedings. If these challenges are successful, the FMI and its participants could be liable for gross settlement amounts that could drastically increase obligations because gross obligations could be many multiples of net obligations. 3.1.8. Novation, open offer, and other similar legal devices that enable an FMI to act as a CCP should be founded on a sound legal basis. 29 In novation (and substitution), the original contract between the buyer and seller is discharged and two new contracts are created, one between the CCP and the buyer and the other between the CCP and the seller. The CCP thereby assumes the original parties’ contractual obligations to each other. In an open-offer system, the CCP extends an open offer to act as a counterparty to market participants and thereby is interposed between participants at the time a trade is executed. If all pre-agreed conditions are met, there is never a contractual relationship between the buyer and seller. Where supported by the legal framework, novation, open offer, and other similar legal devices give market participants legal certainty that a CCP is supporting the transaction. Enforceability 3.1.9. The rules, procedures, and contracts related to an FMI’s operation should be enforceable in all relevant jurisdictions. In particular, the legal basis should support the enforceability of the participant-default rules and procedures that an FMI uses to handle a defaulting or insolvent participant, especially any transfers and close-outs of a direct or indirect participant’s assets or positions (see also Principle 13 on participant-default rules and procedures). An FMI should have a high degree of certainty that such actions taken under such rules and procedures will not be voided, reversed, or subject to stays, including with respect to the resolution regimes applicable to its participants. 30 Ambiguity about the enforceability of procedures could delay and possibly prevent an FMI from taking actions to fulfil its obligations to non-defaulting participants or to minimise its potential losses. Insolvency law should support isolating risk and retaining and using collateral and cash payments previously paid into an FMI, notwithstanding a participant default or the commencement of an insolvency proceeding against a participant. 3.1.10. An FMI should establish rules, procedures, and contracts related to its operations that are enforceable when the FMI is implementing its plans for recovery or orderly wind- 27 There are several types of netting arrangements used in the market that may be relevant to an FMI. Some types of arrangements net payments or other contractual obligations resulting from market trades (or both) on an ongoing basis, while others close-out payments or obligations when an event such as insolvency occurs. There are a number of legal structures for these types of netting arrangements. 28 An FMI may bilaterally net its obligations with each participant, facilitate the bilateral netting of obligations between participants, or provide for the multilateral netting of obligations. 29 In some countries, for example, assumption of obligation may be used instead of arrangements to replace the original contract between the buyer and seller with the two new contracts. 30 However, rights triggered only because of entry into resolution or the exercise of resolution powers may be subject to stays. See for example FSB, Key attributes of effective resolution regimes for financial institutions, KA 4.2, 4.3, and Annex IV, paragraph 1.3. 24 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 down. Where relevant, they should adequately address issues and associated risks resulting from (a) cross-border participation and interoperability of FMIs and (b) foreign participants in the case of an FMI which is being wound down. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Ambiguity about the enforceability of procedures that facilitate the implementation of the FMI’s plans for recovery or orderly wind-down, or the resolution of the FMI, could delay and possibly prevent the FMI or the relevant authorities from taking appropriate actions and hence increase the risk of a disruption to its critical services or a disorderly wind-down of the FMI. In the case that an FMI is being wound down or resolved, the legal basis should support decisions or actions concerning termination, close-out netting, the transfer of cash and securities positions of an FMI, or the transfer of all or parts of the rights and obligations provided in a link arrangement to a new entity. Conflict-of-laws issues 3.1.11 Legal risk due to conflict of laws may arise if an FMI is, or reasonably may become, subject to the laws of various other jurisdictions (for example, when it accepts participants established in those jurisdictions, when assets are held in multiple jurisdictions, or when business is conducted in multiple jurisdictions). In such cases, an FMI should identify and analyse potential conflict-of-laws issues and develop rules and procedures to mitigate this risk. For example, the rules governing its activities should clearly indicate the law that is intended to apply to each aspect of an FMI’s operations. The FMI and its participants should be aware of applicable constraints on their abilities to choose the law that will govern the FMI’s activities when there is a difference in the substantive laws of the relevant jurisdictions. For example, such constraints may exist because of jurisdictions’ differing laws on insolvency and irrevocability. A jurisdiction ordinarily does not permit contractual choices of law that would circumvent that jurisdiction’s fundamental public policy. Thus, when uncertainty exists regarding the enforceability of an FMI’s choice of law in relevant jurisdictions, the FMI should obtain reasoned and independent legal opinions and analysis in order to address properly such uncertainty. Mitigating legal risk 3.1.12. In general, there is no substitute for a sound legal basis and full legal certainty. In some practical situations, however, full legal certainty may not be achievable. In this case, the authorities may need to take steps to address the legal framework. Pending this resolution, an FMI should investigate steps to mitigate its legal risk through the selective use of alternative risk-management tools that do not suffer from the legal uncertainty identified. These could include, in appropriate circumstances and if legally enforceable, participant requirements, exposure limits, collateral requirements, and prefunded default arrangements. The use of such tools may limit an FMI’s exposure if its activities are found to be not supported by relevant laws and regulations. If such controls are insufficient or not feasible, an FMI could apply activity limits and, in extreme circumstances, restrict access or not perform the problematic activity until the legal situation is addressed. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 25 Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key considerations 1. An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations. 2. An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. 3. The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. 4. The board should contain suitable members with the appropriate skills and incentives to fulfil its multiple roles. This typically requires the inclusion of nonexecutive board member(s). 5. The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. 6. The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board. 7. The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. Explanatory note 3.2.1. Governance is the set of relationships between an FMI’s owners, board of directors (or equivalent), management, and other relevant parties, including participants, authorities, and other stakeholders (such as participants’ customers, other interdependent FMIs, and the broader market). Governance provides the processes through which an organisation sets its objectives, determines the means for achieving those objectives, and monitors performance against those objectives. Good governance provides the proper incentives for an FMI’s board and management to pursue objectives that are in the interest of its stakeholders and that support relevant public interest considerations. 26 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 FMI objectives 3.2.2. Given the importance of FMIs and the fact that their decisions can have widespread impact, affecting multiple financial institutions, markets, and jurisdictions, it is essential for each FMI to place a high priority on the safety and efficiency of its operations and explicitly support financial stability and other relevant public interests. Supporting the public interest is a broad concept that includes, for example, fostering fair and efficient markets. For example, in certain OTC derivatives markets, industry standards and market protocols have been developed to increase certainty, transparency, and stability in the market. If a CCP in such markets were to diverge from these practices, it could, in some cases, undermine the market’s efforts to develop common processes to help reduce uncertainty. An FMI’s governance arrangements should also include appropriate consideration of the interests of participants, participants’ customers, relevant authorities, and other stakeholders. A TR, for example, should have objectives, policies, and procedures that support the effective and appropriate disclosure of market data to relevant authorities and the public (see Principle 24). For all types of FMIs, governance arrangements should provide for fair and open access (see Principle 18 on access and participation requirements) and for effective implementation of recovery or wind-down plans, or resolution. Governance arrangements 3.2.3. Governance arrangements, which define the structure under which the board and management operate, should be clearly and thoroughly documented. These arrangements should include certain key components such as the (a) role and composition of the board and any board committees, (b) senior management structure, (c) reporting lines between management and the board, (d) ownership structure, (e) internal governance policy, (f) design of risk management and internal controls, (g) procedures for the appointment of board members and senior management, and (h) processes for ensuring performance accountability. Governance arrangements should provide clear and direct lines of responsibility and accountability, particularly between management and the board, and ensure sufficient independence for key functions such as risk management, internal control, and audit. These arrangements should be disclosed to owners, the authorities, participants, and, at a more general level, the public. 3.2.4. No single set of governance arrangements is appropriate for all FMIs and all market jurisdictions. Arrangements may differ significantly because of national law, ownership structure, or organisational form. For example, national law may require an FMI to maintain a two-tier board system in which the supervisory board (all non-executive directors) is separated from the management board (all executive directors). Further, an FMI may be owned by its participants or by another organisation, may be operated as a for-profit or notfor-profit enterprise, or may be organised as a bank or non-bank entity. While specific arrangements vary, this principle is intended to be generally applicable to all ownership and organisational structures. 3.2.5. Depending on its ownership structure and organisational form, an FMI may need to focus particular attention on certain aspects of its governance arrangements. An FMI that is part of a larger organisation, for example, should place particular emphasis on the clarity of its governance arrangements, including in relation to any conflicts of interests and outsourcing issues that may arise because of the parent or other affiliated organisation’s structure. The FMI’s governance arrangements should also be adequate to ensure that decisions of affiliated organisations are not detrimental to the FMI. 31 An FMI that is, or is part 31 If an FMI is wholly owned or controlled by another entity, authorities should also review the governance arrangements of that entity to see that they do not have adverse effects on the FMI’s observance of this principle. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 27 of, a for-profit entity may need to place particular emphasis on managing any conflicts between income generation and safety. For example, a TR should ensure that it effectively identifies and manages conflicts of interests that may arise between its public role as a centralised data repository and its own commercial interests, particularly if it offers services other than recordkeeping. Where relevant, cross-border issues should be appropriately identified, assessed, and dealt with in the governance arrangements, both at the FMI level and at the level(s) of its parent entity(ies). 3.2.6. An FMI may also need to focus particular attention on certain aspects of its riskmanagement arrangements as a result of its ownership structure or organisational form. If an FMI provides services that present a distinct risk profile from, and potentially pose significant additional risks to, its payment, clearing, settlement, or recording function, the FMI needs to manage those additional risks adequately. This may include separating the additional services that the FMI provides from its payment, clearing, settlement, and recording function legally, or taking equivalent action. The ownership structure and organisational form may also need to be considered in the preparation and implementation of the FMI’s recovery or wind-down plans or in assessments of the FMI’s resolvability. 3.2.7. Central bank-operated systems may need to tailor the application of this principle in light of the central bank’s own governance requirements and specific policy mandates. If a central bank is an operator of an FMI, as well as the overseer of private-sector FMIs, it needs to consider how to best address any possible or perceived conflicts of interest that may arise between those functions. Except when explicitly required by law, regulation, or policy mandates, a central bank should avoid using its oversight authority to disadvantage privatesector FMIs relative to an FMI the central bank owns or operates. This can be facilitated by separating the operator and oversight functions into different organisational units within the central bank that are managed by different personnel. Where there is competition with private-sector systems, a central bank should also be careful to protect confidential information about external systems collected in its role as overseer and avoid its misuse. Roles, responsibilities, and composition of the board of directors 3.2.8. An FMI’s board has multiple roles and responsibilities that should be clearly specified. These roles and responsibilities should include (a) establishing clear strategic aims for the entity; (b) ensuring effective monitoring of senior management (including selecting its senior managers, setting their objectives, evaluating their performance, and, where appropriate, removing them); (c) establishing appropriate compensation policies (which should be consistent with best practices and based on long-term achievements, in particular, the safety and efficiency of the FMI); (d) establishing and overseeing the risk-management function and material risk decisions; (e) overseeing internal control functions (including ensuring independence and adequate resources); (f) ensuring compliance with all supervisory and oversight requirements; (g) ensuring consideration of financial stability and other relevant public interests; and (h) providing accountability to the owners, participants, and other relevant stakeholders. 32 3.2.9. Policies and procedures related to the functioning of the board should be clear and documented. These policies include the responsibilities and functioning of board committees. A board would normally be expected to have, among others, a risk committee, an audit committee, and a compensation committee, or equivalents. All such committees should have clearly assigned responsibilities and procedures. 33 Board policies and procedures should 32 See Financial Stability Forum, FSF principles for sound compensation practices, April 2009, for additional guidance in establishing appropriate compensation policies. 33 Such committees would normally be composed mainly of, and, if possible, led by, non-executive or independent directors (see also paragraph 3.2.10). 28 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 include processes to identify, address, and manage potential conflicts of interest of board members. Conflicts of interest include, for example, circumstances in which a board member has material competing business interests with the FMI. Further, policies and procedures should also include regular reviews of the board’s performance and the performance of each individual member, as well as, potentially, periodic independent assessments of performance. 3.2.10. Governance policies related to board composition, appointment, and term should also be clear and documented. The board should be composed of suitable members with an appropriate mix of skills (including strategic and relevant technical skills), experience, and knowledge of the entity (including an understanding of the FMI’s interconnectedness with other parts of the financial system). Members should also have a clear understanding of their roles in corporate governance, be able to devote sufficient time to their roles, ensure that their skills remain up-to-date, and have appropriate incentives to fulfil their roles. Members should be able to exercise objective and independent judgment. Independence from the views of management typically requires the inclusion of non-executive board members, including independent board members, as appropriate. 34 Definitions of an independent board member vary and often are determined by local laws and regulations, but the key characteristic of independence is the ability to exercise objective, independent judgment after fair consideration of all relevant information and views and without undue influence from executives or from inappropriate external parties or interests. 35 The precise definition of independence used by an FMI should be specified and publicly disclosed, and should exclude parties with significant business relationships with the FMI, cross-directorships, or controlling shareholdings, as well as employees of the organisation. Further, an FMI should publicly disclose which board members it regards as independent. An FMI may also need to consider setting a limit on the duration of board members’ terms. Roles and responsibilities of management 3.2.11. An FMI should have clear and direct reporting lines between its management and board in order to promote accountability, and the roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Under board direction, management should ensure that the FMI’s activities are consistent with the objectives, strategy, and risk tolerance of the FMI, as determined by the board. Management should ensure that internal controls and related procedures are appropriately designed and executed in order to promote the FMI’s objectives, and that these procedures include a sufficient level of management oversight. Internal controls and related procedures should be subject to regular review and testing by well-trained and staffed risk-management and internal-audit functions. Additionally, senior management should be actively involved in the risk-control process and should ensure that significant resources are devoted to its risk-management framework. Risk-management governance 3.2.12. Because the board is ultimately responsible for managing an FMI’s risks, it should establish a clear, documented risk-management framework that includes the FMI’s risk- 34 Having non-executive members included on a board, for example, may (depending on local corporate law) help in balancing considerations of safety and efficiency with competitiveness and, where applicable, profitability. 35 An FMI organised in a jurisdiction with national laws on board structure or composition that do not facilitate the use of independent members should use alternative means to enhance its board’s ability to exercise independent judgment, such as advisory or supervisory boards with appropriate members. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 29 tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. The board should regularly monitor the FMI’s risk profile to ensure that it is consistent with the FMI’s business strategy and risk-tolerance policy. In addition, the board should ensure that the FMI has an effective system of controls and oversight, including adequate governance and project management processes, over the models used to quantify, aggregate, and manage the FMI’s risks. Board approval should be required for material decisions that would have a significant impact on the risk profile of the entity, such as the limits for total credit exposure and large individual credit exposures. Other material decisions that may require board approval include the introduction of new products, implementation of new links, use of new crisis-management frameworks, adoption of processes and templates for reporting significant risk exposures, and adoption of processes for considering adherence to relevant market protocols. In the OTC derivatives markets, CCPs are expected to adhere to practices or arrangements that have become established market conventions or to act in a manner that does not conflict with such terms, unless the CCP has reasonable grounds not to do so and that does not conflict with the market’s wider interest. In this regard, where a CCP supports a market and is expected to fully adhere to marketwide protocols and related decisions, the CCP should be involved in the development and establishment of such standards. It is critical that market governance processes fully reflect the role of the CCP in the market. The arrangements adopted by a CCP should be transparent to its participants and regulators. 3.2.13. The board and governance arrangements, generally, should support the use of clear and comprehensive rules and key procedures, including detailed and effective participantdefault rules and procedures (see Principle 13). The board should have procedures in place to support its capacity to act appropriately and immediately if any risks arise that threaten the FMI’s viability as a going concern. The governance arrangements should also provide for effective decision making in a crisis and support any procedures and rules designed to facilitate the recovery or orderly wind-down of the FMI. 3.2.14. In addition, the governance of the risk-management function is particularly important. It is essential that an FMI’s risk-management personnel have sufficient independence, authority, resources, and access to the board to ensure that the operations of the FMI are consistent with the risk-management framework set by the board. The reporting lines for risk management should be clear and separate from those for other operations of the FMI, and there should be an additional direct reporting line to a non-executive director on the board via a chief risk officer (or equivalent). To help the board discharge its risk-related responsibilities, an FMI should consider the case for a risk committee, responsible for advising the board on the FMI’s overall current and future risk tolerance and strategy. A CCP, however, should have such a risk committee or its equivalent. An FMI’s risk committee should be chaired by a sufficiently knowledgeable individual who is independent of the FMI’s executive management and be composed of a majority of members who are non-executive members. The committee should have a clear and public mandate and operating procedures and, where appropriate, have access to external expert advice. 3.2.15. Where an FMI, in accordance with applicable law, maintains a two-tier board system, the roles and responsibilities of the board and senior management will be allocated to the supervisory board and the management board, as appropriate. The reporting lines of the risk and other committees need to reflect this allocation, as well as the legal responsibilities of the management and supervisory boards. Therefore a direct reporting line for the risk-management function may involve members of the management board. In addition, the establishment of a risk committee has to take into account the legally founded responsibility of the management board for managing the risks of the FMI. Model validation 3.2.16. The board should ensure that there is adequate governance surrounding the adoption and use of models, such as for credit, collateral, margining, and liquidity 30 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 risk-management systems. An FMI should validate, on an ongoing basis, the models and their methodologies used to quantify, aggregate, and manage the FMI’s risks. The validation process should be independent of the development, implementation, and operation of the models and their methodologies, and the validation process should be subjected to an independent review of its adequacy and effectiveness. Validation should include (a) an evaluation of the conceptual soundness of (including developmental evidence supporting) the models, (b) an ongoing monitoring process that includes verification of processes and benchmarking, and (c) an analysis of outcomes that includes backtesting. Internal controls and audit 3.2.17. The board is responsible for establishing and overseeing internal controls and audit. An FMI should have sound internal control policies and procedures to help manage its risks. For example, as part of a variety of risk controls, the board should ensure that there are adequate internal controls to protect against the misuse of confidential information. An FMI should also have an effective internal audit function, with sufficient resources and independence from management to provide, among other activities, a rigorous and independent assessment of the effectiveness of an FMI’s risk-management and control processes (see also Principle 3 on the framework for the comprehensive management of risks). The board will typically establish an audit committee to oversee the internal audit function. In addition to reporting to senior management, the audit function should have regular access to the board through an additional reporting line. Stakeholder input 3.2.18. An FMI’s board should consider all relevant stakeholders’ interests, including those of its direct and indirect participants, in making major decisions, including those relating to the system’s design, rules, and overall business strategy. An FMI with cross-border operations, in particular, should ensure that the full range of views across the jurisdictions in which it operates is appropriately considered in the decision-making process. Mechanisms for involving stakeholders in the board’s decision-making process may include stakeholder representation on the board (including direct and indirect participants), user committees, and public consultation processes. As opinions among interested parties are likely to differ, the FMI should have clear processes for identifying and appropriately managing the diversity of stakeholder views and any conflicts of interest between stakeholders and the FMI. Without prejudice to local requirements on confidentiality and disclosure, the FMI should clearly and promptly inform its owners, participants, other users, and, where appropriate, the broader public, of the outcome of major decisions, and consider providing summary explanations for decisions to enhance transparency where it would not endanger candid board debate or commercial confidentiality. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 31 Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key considerations 1. An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. 2. An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. 3. An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate riskmanagement tools to address these risks. 4. An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Explanatory note 3.3.1. An FMI should take an integrated and comprehensive view of its risks, including the risks it bears from and poses to its participants and their customers, as well as the risks it bears from and poses to other entities, such as other FMIs, settlement banks, liquidity providers, and service providers (for example, matching and portfolio compression service providers). An FMI should consider how various risks relate to, and interact with, each other. The FMI should have a sound risk-management framework (including policies, procedures, and systems) that enable it to identify, measure, monitor, and manage effectively the range of risks that arise in or are borne by the FMI. An FMI’s framework should include the identification and management of interdependencies. An FMI should also provide appropriate incentives and the relevant information for its participants and other entities to manage and contain their risks vis-à-vis the FMI. As discussed in Principle 2 on governance, the board of directors plays a critical role in establishing and maintaining a sound risk-management framework. Identification of risks 3.3.2. To establish a sound risk-management framework, an FMI should first identify the range of risks that arise within the FMI and the risks it directly bears from or poses to its participants, its participants’ customers, and other entities. It should identify those risks that could materially affect its ability to perform or to provide services as expected. Typically these include legal, credit, liquidity, and operational risks. An FMI should also consider other relevant and material risks, such as market (or price), concentration, and general business risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks become material. The consequences of these risks may have significant reputational effects on the FMI and may undermine an FMI’s financial soundness as well as the stability of the broader financial markets. In identifying risks, an FMI should take a broad perspective and identify the risks that it bears from other entities, such as other FMIs, settlement banks, liquidity providers, service providers, and any entities that could be materially affected by the FMI’s inability to provide services. For example, the relationship 32 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 between an SSS and an LVPS to achieve DvP settlement can create system-based interdependencies. Comprehensive risk policies, procedures, and controls 3.3.3. An FMI’s board and senior management are ultimately responsible for managing the FMI’s risks (see Principle 2 on governance). The board should determine an appropriate level of aggregate risk tolerance and capacity for the FMI. The board and senior management should establish policies, procedures, and controls that are consistent with the FMI’s risk tolerance and capacity. The FMI’s policies, procedures, and controls serve as the basis for identifying, measuring, monitoring, and managing the FMI’s risks and should cover routine and non-routine events, including the potential inability of a participant, or the FMI itself, to meet its obligations. An FMI’s policies, procedures, and controls should address all relevant risks, including legal, credit, liquidity, general business, and operational risks. These policies, procedures, and controls should be part of a coherent and consistent framework that is reviewed and updated periodically and shared with the relevant authorities. Information and control systems 3.3.4. In addition, an FMI should employ robust information and risk-control systems to provide the FMI with the capacity to obtain timely information necessary to apply riskmanagement policies and procedures. In particular, these systems should allow for the accurate and timely measurement and aggregation of risk exposures across the FMI, the management of individual risk exposures and the interdependencies between them, and the assessment of the impact of various economic and financial shocks that could affect the FMI. Information systems should also enable the FMI to monitor its credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits. 36 3.3.5. Where appropriate, an FMI should also provide its participants and its participants’ customers with the relevant information to manage and contain their credit and liquidity risks. An FMI may consider it beneficial to provide its participants and its participants’ customers with information necessary to monitor their credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits. For example, where the FMI permits participants’ customers to create exposures in the FMI that are borne by the participants, the FMI should provide participants with the capacity to limit such risks. Incentives to manage risks 3.3.6. In establishing risk-management policies, procedures, and systems, an FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. There are several ways in which an FMI may provide incentives. For example, an FMI could apply financial penalties to participants that fail to settle securities in a timely manner or to repay intraday credit by the end of the operating day. Another example is the use of loss-sharing arrangements proportionate to the exposures brought to the FMI. Such approaches can help reduce the moral hazard that may arise from formulas in which losses are shared equally among participants or other formulas where losses are not shared proportionally to risk. 36 These information systems should permit, where practicable, the provision of real time information to enable participants to manage risks. If an FMI does not provide real time information, it should provide clear, full, updated information to participants throughout the day (as frequently as possible) and consider appropriate enhancements to its systems. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 33 Interdependencies 3.3.7. An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, or service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks (see also Principle 20 on FMI links). In particular, an FMI should have effective riskmanagement tools to manage all relevant risks, including the legal, credit, liquidity, general business, and operational risks that it bears from and poses to other entities, in order to limit the effects of disruptions from and to such entities as well as disruptions from and to the broader financial markets. These tools should include business continuity arrangements that allow for rapid recovery and resumption of critical operations and services in the event of operational disruptions (see Principle 17 on operational risk), liquidity risk-management techniques (see Principle 7 on liquidity risk), and recovery or orderly wind-down plans should the FMI become non-viable. 37 Because of the interdependencies between and among systems, an FMI should ensure that its crisis-management arrangements allow for effective coordination among the affected entities, including cases in which its own viability or the viability of an interdependent entity is in question. Recovery and orderly wind-down plans 3.3.8. An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. These scenarios should take into account the various independent and related risks to which the FMI is exposed. Using this analysis (and taking into account any constraints potentially imposed by domestic legislation), the FMI should prepare appropriate plans for its recovery or orderly wind-down. The plan should contain, among other elements, a substantive summary of the key recovery or orderly wind-down strategies, the identification of the FMI’s critical operations and services, and a description of the measures needed to implement the key strategies. An FMI should have the capacity to identify and provide to related entities the information needed to implement the plan on a timely basis during stress scenarios. In addition, these plans should be reviewed and updated regularly. Where applicable, an FMI should provide relevant authorities with the information, including strategy and scenario analysis, needed for purposes of resolution planning. Internal controls 3.3.9. An FMI also should have comprehensive internal processes to help the board and senior management monitor and assess the adequacy and effectiveness of an FMI’s riskmanagement policies, procedures, systems, and controls. While business-line management serves as the first “line of defence,” the adequacy of and adherence to control mechanisms should be assessed regularly through independent compliance programmes and independent audits. 38 A robust internal audit function can provide an independent assessment of the effectiveness of an FMI’s risk-management and control processes. An emphasis on the adequacy of controls by senior management and the board as well as internal audit can also help counterbalance a business-management culture that may favour business interests over establishing and adhering to appropriate controls. In addition, 37 Although TRs are typically not exposed to financial risks from their recordkeeping activities, they may be a part of a network linking various entities that could include CCPs, dealers, custodians, and service providers, and therefore should ensure that they effectively manage and minimise their own risks to reduce the potential for systemic risk to spread to such linked entities. 38 Audits should be performed by qualified and independent individuals who did not participate in the creation of the control mechanisms. At times the FMI may find it necessary to engage a team of external auditors. 34 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 proactive engagement of audit and internal control functions when changes are under consideration can also be beneficial. Specifically, FMIs that involve their internal audit function in pre-implementation reviews will often reduce their need to expend additional resources to retrofit processes and systems with critical controls that had been overlooked during initial design phases and construction efforts. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 35 Credit and liquidity risk management An FMI or its participants may face credit and liquidity risks arising from the FMI’s payment, clearing, and settlement processes. Credit risk is the risk that a counterparty will be unable to meet fully its financial obligations when due or at any time in the future. These counterparties may include the FMI’s participants (see Principle 4 on credit risk), settlement banks (see Principle 9 on money settlements), and custodians (see Principle 16 on custody and investment risks). Liquidity risk is the risk that a counterparty will have insufficient funds to meet its financial obligations when due, but may be able to do so at some time in the future. Although credit and liquidity risks are distinct concepts, there is often significant interaction between these risks. For example, a participant default in an FMI would likely result in the FMI facing both credit and liquidity risk, potentially requiring the FMI to draw on its liquidity resources to meet its immediate obligations. An FMI has a range of risk-management tools to mitigate and manage these risks. The following set of principles on (a) credit risk management, (b) collateral, (c) margin, and (d) liquidity risk management form the core of the standards for financial risk management and financial resources. These principles contain extensive cross references because of the interaction among the four standards. For example, the margin principle builds on the credit risk principle as applied to CCPs. The margin principle is also related to the collateral principle, which establishes the form and attributes of collateral that a CCP should hold. Taken together, these four principles are designed to provide a high degree of confidence that an FMI will continue operating and serve as a source of financial stability even in extreme market conditions. These principles are not applicable to CSDs or TRs to the extent that they do not face credit and liquidity risks. Principle 4: Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Key considerations 1. An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. 2. An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. 3. A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using 36 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS payment system or DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. 4. A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. 5. A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. 6. In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. 7. An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 37 Explanatory note 3.4.1. Credit risk is broadly defined as the risk that a counterparty will be unable to meet fully its financial obligations when due or at any time in the future. The default of a participant (and its affiliates) has the potential to cause severe disruptions to an FMI, its other participants, and the financial markets more broadly. 39 Therefore, an FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes (see also Principle 3 on the framework for the comprehensive management of risks, Principle 9 on money settlements, and Principle 16 on custody and investment risks). Credit exposure may arise in the form of current exposures, potential future exposures, or both. 40 Current exposure, in this context, is defined as the loss that an FMI (or in some cases, its participants) would face immediately if a participant were to default. 41 Potential future exposure is broadly defined as any potential credit exposure that an FMI could face at a future point in time. 42 The type and level of credit exposure faced by an FMI will vary based on its design and the credit risk of the counterparties concerned. 43 Credit risk in payment systems 3.4.2. Sources of credit risk. A payment system may face credit risk from its participants, its payment and settlement processes, or both. This credit risk is driven mainly by current exposures from extending intraday credit to participants. 44 For example, a central bank that operates a payment system and provides intraday credit will face current exposures. A payment system can avoid carrying over current exposures to the next day by requiring its participants to refund any credit extensions before the end of the day. Intraday credit can lead to potential future exposures even when the FMI accepts collateral to secure the credit. A payment system would face potential future exposure if the value of collateral posted by a participant to cover intraday credit were to fall below the amount of credit extended to the participant by the FMI, leaving a residual exposure. 3.4.3. Sources of credit risk in deferred net settlement systems. A payment system that employs a DNS mechanism may face financial exposures arising from its relationship with its participants or its payment and settlement processes. A DNS payment system may explicitly guarantee settlement, whether the guarantee is provided by the FMI itself or its participants. In such systems, the guarantor of the arrangement would face current exposure if a 39 An affiliate is defined as a company that controls, is controlled by, or is under common control with the participant. Control of a company is defined as (a) ownership, control, or holding with power to vote 20 percent or more of a class of voting securities of the company; or (b) consolidation of the company for financial reporting purposes. 40 See also BCBS, The application of Basel II to trading activities and the treatment of double default effects, April 2005, p 4 (joint paper with IOSCO). See also BCBS, International convergence of capital measurement and capital standards, June 2006, annex 4, pp 254-257 (various definitions of transactions and risks; see especially, definitions of “current exposure” and “peak exposure”). 41 Current exposure is technically defined as the larger of zero or the market value (or replacement cost) of a transaction or portfolio of transactions within a netting set with a counterparty that would be lost upon the default of the counterparty. 42 Potential future exposure is technically defined as the maximum exposure estimated to occur at a future point in time at a high level of statistical confidence. Potential future exposure arises from potential fluctuations in the market value of a participant’s open positions between the time they are incurred or reset to the current market price and the time they are liquidated or effectively hedged. 43 44 38 In considering its credit exposure to a central bank, on a case-by-case basis an FMI may take into account the special characteristics of the central bank. Many payment systems do not face credit risk from their participants or payment and settlement processes, although they may face significant liquidity risk. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 participant were not to meet its payment or settlement obligations. Even in a DNS system that does not have an explicit guarantee, participants in the payment system may still face settlement risk vis-à-vis each other. Whether this risk involves credit exposures or liquidity exposures, or a combination of both, will depend on the type and scope of obligations, including any contingent obligations, the participants bear. The type of obligations will, in turn, depend on factors such as the payment system’s design, rules, and legal framework. 3.4.4. Measuring and monitoring credit risk. A payment system should frequently and regularly measure and monitor its credit risks, throughout the day using timely information. A payment system should ensure it has access to adequate information, such as appropriate collateral valuations, to allow it to measure and monitor its current exposures and degree of collateral coverage. In a DNS payment system without a settlement guarantee, the FMI should provide the capacity to its participants to measure and monitor their current exposures to each other in the system or adopt rules that require participants to provide relevant exposure information. Current exposure is relatively straightforward to measure and monitor; however, potential future exposure may require modelling or estimation. In order to monitor its risks associated with current exposure, a payment system should monitor market conditions for developments that could affect these risks, such as collateral values. In order to estimate its potential future exposure and associated risk, a payment system should model possible changes in collateral values and market conditions over an appropriate liquidation period. A payment system, where appropriate, needs to monitor the existence of large exposures to its participants and their customers. Additionally, it should monitor any changes in the creditworthiness of its participants. 3.4.5. Mitigating and managing credit risk. A payment system should mitigate its credit risks to the extent possible. A payment system can, for example, eliminate some of its or its participants’ credit risks associated with the settlement process by employing an RTGS mechanism. In addition, a payment system should limit its current exposures by limiting intraday credit extensions and, where relevant, avoid carrying over these exposures to the next day by requiring participants to refund any credit extensions before the end of the day. 45 Such limits should balance the usefulness of credit to facilitate settlement within the system against the payment system’s credit exposures. 3.4.6. In order to manage the risk from a participant default, a payment system should consider the impact of participant defaults and robust techniques for managing collateral. A payment system should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (equity can be used after deduction of the amount dedicated to cover general business risk) (see Principle 5 on collateral and Principle 15 on general business risk). 46 By requiring collateral to cover the credit exposures, a payment system mitigates, and in some cases eliminates, its current exposure and may provide participants with an incentive to manage credit risks they pose to the payment system or other participants. Further, this collateralisation reduces the need in a DNS payment system to unwind payments should a participant default on its obligations. Collateral or other equivalent financial resources can fluctuate in value, however, so the payment system should establish prudent haircuts to mitigate the resulting potential future exposure. 3.4.7. A DNS payment system that explicitly guarantees settlement, whether the guarantee is from the FMI itself or from its participants, should maintain sufficient financial resources to 45 A central bank often avoids using limits on a participant’s credit because of its role as a monetary authority and liquidity provider. 46 Equity may only be used up to the amount held in sufficiently liquid net assets. Such use of equity should be strictly limited to avoiding disruptions in settlement when collateral is not available in a timely manner. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 39 cover fully all current and potential future exposures using collateral and other equivalent financial resources. A DNS payment system in which there is no settlement guarantee, but where its participants face credit exposures arising from its payment and settlement processes, should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. 47 A higher level of coverage should be considered for a payment system that creates large exposures or that could have a significant systemic impact if more than two participants and their affiliates were to default. Credit risk in SSSs 3.4.8. Sources of credit risk. An SSS may face a number of credit risks from its participants or its settlement processes. An SSS faces counterparty credit risk when it extends intraday or overnight credit to participants. This extension of credit creates current exposures and can lead to potential future exposures, even when the SSS accepts collateral to secure the credit. An SSS would face potential future exposure if the value of collateral posted by a participant to cover this credit might fall below the amount of credit extended to the participant by the SSS, leaving a residual exposure. In addition, an SSS that explicitly guarantees settlement would face current exposures if a participant were not to fund its net debit position or meet its obligations to deliver financial instruments. Further, if an SSS does not use a DvP settlement mechanism, the SSS or its participants face principal risk, which is the risk of loss of securities or payments made to the defaulting participant prior to the detection of the default (see Principle 12 on exchange-of-value settlement systems). 3.4.9. Sources of credit risk in deferred net settlement systems. An SSS may settle securities on a gross basis and funds on a net basis (DvP model 2) or settle both securities and funds on a net basis (DvP model 3). Further, an SSS that uses a DvP model 2 or 3 settlement mechanism may explicitly guarantee settlement, whether the guarantee is by the FMI itself or by its participants. In such systems, this guarantee represents an extension of intraday credit from the guarantor. In an SSS that does not provide an explicit settlement guarantee, participants may face settlement risk vis-à-vis each other if a participant defaults on its obligations. Whether this settlement risk involves credit exposures, liquidity exposures, or a combination of both will depend on the type and scope of the obligations, including any contingent obligations, the participants bear. The type of obligations will, in turn, depend on factors such as the SSS’s design, rules, and legal framework. 3.4.10. Measuring and monitoring credit risk. An SSS should frequently and regularly measure and monitor its credit risks throughout the day using timely information. An SSS should ensure it has access to adequate information, such as appropriate collateral valuations, to allow it to measure and monitor its current exposures and degree of collateral coverage. If credit risk exists between participants, the SSS should provide the capacity to participants to measure and monitor their current exposures to each other in the system or adopt rules that require participants to provide relevant exposure information. Current exposure should be relatively straightforward to measure and monitor; however, potential future exposure may require modelling or estimation. In order to monitor its risks associated with current exposure, an SSS should monitor market conditions for developments that could affect these risks, such as collateral values. In order to estimate its potential future exposure and associated risk, an SSS should model possible changes in collateral values and market conditions over an appropriate liquidation period. An SSS, where appropriate, needs to monitor the existence of large exposures to its participants and their customers. Additionally, it should monitor any changes in the creditworthiness of its participants. 47 40 If the financial exposure faced by the DNS payment system is a liquidity exposure, then Principle 7 would apply. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.4.11. Mitigating and managing credit risk. An SSS should mitigate its credit risks to the extent possible. An SSS should, for example, eliminate its or its participants’ principal risk associated with the settlement process by employing an exchange-of-value settlement system (see Principle 12 on exchange-of-value settlement systems). The use of a system that settles securities and funds on a gross, obligation-by-obligation basis (DvP model 1) would further reduce credit and liquidity exposures among participants and between participants and the SSS. In addition, an SSS should limit its current exposures by limiting intraday credit extensions and, where relevant, overnight credit extensions. 48 Such limits should balance the usefulness of credit to facilitate settlement within the system against the SSS’s credit exposures. 3.4.12. In order to manage the risk from a participant default, an SSS should consider the impact of participant defaults and use robust techniques for managing collateral. An SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (equity can be used after deduction of the amount dedicated to cover general business risk) (see Principle 5 on collateral and Principle 15 on general business risk). 49 By requiring collateral to cover the credit exposures, an SSS mitigates, and in some cases eliminates, its current exposures and may provide participants with an incentive to manage the credit risks they pose to the SSS or other participants. Further, this collateralisation allows an SSS that employs a DvP model 2 or 3 mechanism to avoid unwinding transactions or to mitigate the effect of an unwind should a participant default on its obligations. Collateral and other equivalent financial resources can fluctuate in value, however, so the SSS needs to establish prudent haircuts to mitigate the resulting potential future exposures. 3.4.13. An SSS that uses a DvP model 2 or 3 mechanism and explicitly guarantees settlement, whether the guarantee is from the FMI itself or from its participants, should maintain sufficient financial resources to cover fully, with a high degree of confidence, all current and potential future exposures using collateral and other equivalent financial resources. An SSS that uses a DvP model 2 or 3 mechanism and does not explicitly guarantee settlement, but where its participants face credit exposures arising from its payment, clearing, and settlement processes, should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. 50 A higher level of coverage should be considered for an SSS that has large exposures or that could have a significant systemic impact if more than two participants and their affiliates were to default. Credit risk in CCPs 3.4.14. Sources of credit risk. A CCP typically faces both current and potential future exposures because it typically holds open positions with its participants. Current exposure arises from fluctuations in the market value of open positions between the CCP and its participants. 51 Potential future exposure arises from potential fluctuations in the market value of a defaulting participant’s open positions until the positions are closed out, fully hedged, or 48 A central bank often avoids using limits on a participant’s credit because of its role as a monetary authority and liquidity provider. 49 Equity may only be used up to the amount held in sufficiently liquid net assets. Such use of equity should be strictly limited to avoiding disruptions in settlement when collateral is not available in a timely manner. 50 If the financial exposure faced by the DNS SSS is a liquidity exposure, then principle 7 would apply. 51 For example, for a CCP that pays and collects variation margin (after marking positions to market and then, upon completion of the variation cycle, resetting the value of positions to zero daily), the current exposure is the difference between the current (that is, at the moment) value of open positions and the value of the positions when the CCP last marked them to market for the purpose of collecting variation margin. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 41 transferred by the CCP following an event of default. 52 For example, during the period in which a CCP neutralises or closes out a position following the default of a participant, the market value of the position or asset being cleared may change, which could increase the CCP’s credit exposure, potentially significantly. 53 A CCP can also face potential future exposure due to the potential for collateral (initial margin) to decline significantly in value over the close-out period. 3.4.15. Measuring and monitoring credit risk. A CCP should frequently and regularly measure and monitor its credit risks throughout the day using timely information. A CCP should ensure that it has access to adequate information to allow it to measure and monitor its current and potential future exposures. Current exposure is relatively straightforward to measure and monitor when relevant market prices are readily available. Potential future exposure is typically more challenging to measure and monitor and usually requires modelling and estimation of possible future market price developments and other variables and conditions, as well as specifying an appropriate time horizon for the close out of defaulted positions. In order to estimate the potential future exposures that could result from participant defaults, a CCP should identify risk factors and monitor potential market developments and conditions that could affect the size and likelihood of its losses in the close out of a defaulting participant’s positions. A CCP should monitor the existence of large exposures to its participants and, where appropriate, their customers. Additionally, it should monitor any changes in the creditworthiness of its participants. 3.4.16. Mitigating and managing credit risk. A CCP should mitigate its credit risk to the extent possible. For example, to control the build-up of current exposures, a CCP should require that open positions be marked to market and that each participant pay funds, typically in the form of variation margin, to cover any loss in its positions’ net value at least daily; such a requirement limits the accumulation of current exposures and therefore mitigates potential future exposures. In addition, a CCP should have the authority and operational capacity to make intraday margin calls, both scheduled and unscheduled, from participants. Further, a CCP may choose to place limits on credit exposures in some cases, even if collateralised. Limits on concentrations of positions or additional collateral requirements may also be warranted. 3.4.17. A CCP typically uses a sequence of prefunded financial resources, often referred to as a “waterfall,” to manage its losses caused by participant defaults. The waterfall may include a defaulter’s initial margin, the defaulter’s contribution to a prefunded default arrangement, a specified portion of the CCP’s own funds, and other participants’ contributions to a prefunded default arrangement. 54 Initial margin is used to cover a CCP’s 52 For positions that are marked to market and settled daily, potential future exposure is typically related to the interval between the last daily mark-to-market and the point the position is closed out. That is, potential future exposure includes uncovered current exposure stemming from the price development from the last mark-tomarket to the time of close out, full hedging, or transfer. 53 A CCP may close out a defaulting participant’s positions by entering the market to buy or sell contracts identical but opposite to the net positions held by the defaulting participant at current market prices (see Principle 13 on participant-default rules and procedures). (The CCP may alternatively auction the defaulting participant’s positions to other participants, whether in whole or in parts). During the liquidation period, market prices on the open positions can change, exposing the CCP to additional liquidation costs until the point of close out. To mitigate this risk, a CCP may also temporarily hedge the defaulter’s positions by entering into positions with values that are negatively correlated with the values of the positions held by the defaulting participant. The CCP’s liquidation cost therefore not only includes the uncovered current exposure that would exist at the time of default but also the potential future exposure associated with relevant changes in market prices during the liquidation period. 54 Prefunded default arrangements for loss mutualisation and other pooling-of-resources arrangements involve trade-offs that a CCP should carefully assess and balance. For example, a CCP may be able to protect itself against defaults in extreme conditions more efficiently using pooled resources, as the costs are shared among 42 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 potential future exposures, as well as current exposures not covered by variation margin, to each participant with a high degree of confidence. 55 However, a CCP generally remains exposed to residual risk (or tail risk) if a participant defaults and market conditions concurrently change more drastically than is anticipated in the margin calculations. In such scenarios, a CCP’s losses may exceed the defaulting participant’s posted margin. Although it is not feasible to cover all such tail risks given the unknown scope of potential losses due to price changes, a CCP should maintain additional financial resources, such as additional collateral or a prefunded default arrangement, to cover a portion of the tail risk. 3.4.18. A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources. As discussed more fully in Principle 6 on margin, a CCP should establish initial margin requirements that are commensurate with the risks of each product and portfolio. Initial margin should meet an established single-tailed confidence level of at least 99 percent of the estimated distribution of future exposure. 56 For a CCP that calculates margin at the portfolio level, this standard applies to the distribution of future exposure of each portfolio. For a CCP that calculates margin at more-granular levels, such as at the subportfolio level or product level, the standard must be met for the corresponding distributions of future exposure. 3.4.19. In addition to fully covering its current and potential future exposures, a CCP should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios involving extreme but plausible market conditions. Specifically, a CCP that is involved in activities with a more-complex risk profile (such as clearing financial instruments that are characterised by discrete jump-to-default price changes or that are highly correlated with potential participant defaults) or that is systemically important in multiple jurisdictions, should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. Determinations of whether a CCP is systemically important in multiple jurisdictions should include consideration of, among other factors, (a) the location of the CCP’s participants, (b) the aggregate volume and value of transactions that originate in each jurisdiction in which it operates, (c) the proportion of its total volume and value of transactions that originate in each jurisdiction in which it operates, (d) the range of currencies in which the instruments it clears are cleared or settled, (e) any links it has with FMIs located in other jurisdictions, and (f) the extent to which it clears instruments that are subject to mandatory clearing obligations in multiple jurisdictions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to (see Principle 2 on governance), the amount of total financial resources it maintains. participants. The lower cost provides an incentive to increase the available financial resources so that the CCP is more financially secure. The pooling of resources, however, also increases the interdependencies among participants. The proportion of assets used to absorb a default that is pooled across participants versus the proportion that is segregated, such as margins, should balance the safety and soundness of the CCP against the increased interdependencies among participants in order to minimise systemic risk. 55 Other resources may be used in place of initial margin; however, these resources should be prefunded and of equivalent or stronger quality in comparison to prudently designed margin arrangements. 56 This concept parallels the technical definition of potential future exposure as a risk measure. See footnote 42. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 43 Testing the sufficiency of a CCP’s total financial resources 3.4.20. A CCP should determine the amount and regularly test the sufficiency of its total financial resources through stress testing. A CCP should also conduct reverse stress tests, as appropriate, to test how severe stress conditions would be covered by its total financial resources. Because initial margin is a key component of a CCP’s total financial resources, a CCP should also test the adequacy of its initial margin requirements and model through backtesting and sensitivity analysis, respectively (see Principle 6 for further discussion on testing of the initial margin requirements and model). 3.4.21. Stress testing. A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress-testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. 57 3.4.22. In conducting stress testing, a CCP should consider a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. 58 Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. 59 Extreme but plausible conditions should not be considered a fixed set of conditions, but rather, conditions that evolve. Stress tests should quickly incorporate emerging risks and changes in market assumptions (for example, departures from usual patterns of comovements in prices among the products a CCP clears). 60 A CCP proposing to clear new products should consider movements in prices of any relevant related products. 3.4.23. Reverse stress tests. A CCP should conduct, as appropriate, reverse stress tests aimed at identifying the extreme scenarios and market conditions in which its total financial resources would not provide sufficient coverage of tail risk. Reverse stress tests require a 57 Although a CCP may use the results of stress testing to assess the validity of the stress scenarios, models, and underlying parameters and assumptions, these aspects should not be arbitrarily adjusted to control the adequacy of total financial resources. Stress scenarios, models, and underlying parameters and assumptions should be examined based on historical data of prices of cleared products and participants’ positions and potential developments of these factors under extreme but plausible market conditions in the markets that the CCP serves. See paragraph 3.4.22. 58 The risk-management methods of some CCPs may integrate the management of risk from participant positions with risks from price developments. If this integrated risk-management approach is well implemented, stress scenarios can take into account appropriate combinations in defaulting positions and price changes. 59 See BCBS, Principles for sound stress testing practices and supervision, May 2009. 60 Dependence among exposures as well as between participants and exposures should be considered. If an FMI calculates exposures on a portfolio basis, then the dependence of the instruments within participants’ portfolios needs to be stressed. 44 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 CCP to model hypothetical positions and extreme market conditions that may go beyond what are considered extreme but plausible market conditions in order to help understand margin calculations and the sufficiency of financial resources given the underlying assumptions modelled. Modelling extreme market conditions can help a CCP determine the limits of its current model and resources; however, it requires the CCP to exercise judgment when modelling different markets and products. A CCP should develop hypothetical extreme scenarios and market conditions tailored to the specific risks of the markets and of the products it serves. Reverse stress testing should be considered a helpful management tool but need not, necessarily, drive the CCP’s determination of the appropriate level of financial resources. Use of financial resources 3.4.24. The rules of an FMI should expressly set out the waterfall, including the circumstances in which specific resources of the FMI can be used in a participant default (see Principle 13 on participant-default rules and procedures and Principle 23 on disclosure of rules, key procedures, and market data). For the purposes of this principle, an FMI should not include as “available” to cover credit losses from participant defaults those resources that are needed to cover current operating expenses, potential general business losses, or other losses from other activities in which the FMI is engaged (see Principle 15 on general business risk). In addition, if an FMI serves multiple markets (either in the same jurisdiction or multiple jurisdictions), its ability to use resources supplied by participants in one market to cover losses from a participant default in another market should have a sound legal basis, be clear to all participants, and avoid significant levels of contagion risk between markets and participants. The design of an FMI’s stress tests should take into account the extent to which resources are pooled across markets in scenarios involving one or more participant defaults across several markets. Contingency planning for uncovered credit losses 3.4.25. In certain extreme circumstances, the post-liquidation value of the collateral and other financial resources that secure an FMI’s credit exposures may not be sufficient to cover credit losses resulting from those exposures fully. An FMI should analyse and plan for how it would address any uncovered credit losses. An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. 61 An FMI’s rules and procedures should also indicate its process to replenish any financial resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. 61 For instance, an FMI’s rules and procedures might provide the possibility to allocate uncovered credit losses by writing down potentially unrealised gains by non-defaulting participants and the possibility of calling for additional contributions from participants based on the relative size and risk of their portfolios. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 45 Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key considerations 1. An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. 2. An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. 3. In order to reduce the need for procyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. 4. An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. 5. An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. 6. An FMI should use a collateral management system that is well-designed and operationally flexible. Explanatory note 3.5.1. Collateralising credit exposures protects an FMI and, where relevant, its participants against potential losses in the event of a participant default (see Principle 4 on credit risk). Besides mitigating an FMI’s own credit risk, the use of collateral can provide participants with incentives to manage the risks they pose to the FMI or other participants. An FMI should apply prudent haircuts to the value of the collateral to achieve a high degree of confidence that the liquidation value of the collateral will be greater than or equal to the obligation that the collateral secures in extreme but plausible market conditions. 62 Additionally, an FMI should have the capacity to use the collateral promptly when needed. Acceptable collateral 3.5.2. An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. In the normal course of business, an FMI may be exposed to risk from certain types of collateral that are not considered to have low credit, liquidity, and market risks. However, in some instances, these assets may be acceptable collateral for credit purposes if an appropriate haircut is applied. An FMI must be confident of the collateral’s value in the event of liquidation and of its capacity to use that collateral quickly, especially in stressed market conditions. An FMI that accepts collateral with credit, liquidity, and market risks above minimum levels should demonstrate that it sets and enforces appropriately conservative haircuts and concentration limits. 63 62 The risk-management methods of some FMIs may integrate the management of risk from participant positions with the risk from fluctuations in the value of collateral provided by participants. 63 In general, guarantees are not acceptable collateral. However, in rare circumstances and subject to regulatory approval, a guarantee fully backed by collateral that is realisable on a same-day basis may serve as acceptable collateral. An explicit guarantee from the relevant central bank of issue would constitute acceptable collateral providing it is supported by the legal framework applicable to and the policies of the central bank. 46 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.5.3. Further, an FMI should regularly adjust its requirements for acceptable collateral in accordance with changes in underlying risks. When evaluating types of collateral, an FMI should consider potential delays in accessing the collateral due to the settlement conventions for transfers of the asset. In addition, participants should not be allowed to post their own debt or equity securities, or debt or equity of companies closely linked to them, as collateral. 64 More generally, an FMI should mitigate specific wrong-way risk by limiting the acceptance of collateral that would likely lose value in the event that the participant providing the collateral defaults. 65 The FMI should measure and monitor the correlation between a counterparty’s creditworthiness and the collateral posted and take measures to mitigate the risks, for instance by setting more-conservative haircuts. 3.5.4. If an FMI plans to use assets held as collateral to secure liquidity facilities in the event of a participant default, the FMI will also need to consider, in determining acceptable collateral, what will be acceptable as security to lenders offering liquidity facilities (see Principle 7). Valuing collateral 3.5.5. To have adequate assurance of the collateral’s value in the event of liquidation, an FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. An FMI should, at a minimum, mark its collateral to market daily. Haircuts should reflect the potential for asset values and liquidity to decline over the interval between their last revaluation and the time by which an FMI can reasonably assume that the assets can be liquidated. Haircuts also should incorporate assumptions about collateral value during stressed market conditions and reflect regular stress testing that takes into account extreme price moves, as well as changes in market liquidity for the asset. If market prices do not fairly represent the true value of the assets, an FMI should have the authority to exercise discretion in valuing assets according to predefined and transparent methods. An FMI’s haircut procedures should be independently validated at least annually. 66 Limiting procyclicality 3.5.6. An FMI should appropriately address procyclicality in its collateral arrangements. To the extent practicable and prudent, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions in order to reduce the need for procyclical adjustments. In this context, procyclicality typically refers to changes in risk-management practices that are positively correlated with market, business, or credit cycle fluctuations and that may cause or exacerbate financial instability. 67 While changes in collateral values tend to be procyclical, collateral arrangements can increase procyclicality if haircut levels fall during periods of low market stress and increase during periods of high market stress. For example, in a stressed market, an FMI may require the posting of additional collateral both because of the decline of asset prices and because of an increase 64 Covered bonds issued by a participant or a closely linked company may be accepted as collateral, provided the underlying collateral of these covered bonds would be appropriately segregated by the issuer from its own assets and considered as acceptable under this principle. 65 Specific wrong-way risk is defined as the risk that an exposure to a counterparty is highly likely to increase when the creditworthiness of that counterparty is deteriorating. 66 Validation of the FMI’s haircut procedures should be performed by personnel of sufficient expertise who are independent of the personnel that created and applied the haircut procedures. These expert personnel could be drawn from within the FMI. However, a review by personnel external to the FMI may also be necessary at times. 67 See also CGFS, The role of margin requirements and haircuts in procyclicality, March 2010. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 47 in haircut levels. Such actions could exacerbate market stress and contribute to driving down asset prices further, resulting in additional collateral requirements. This cycle could exert further downward pressure on asset prices. Addressing issues of procyclicality may create additional costs for FMIs and their participants in periods of low market stress because of higher collateral requirements, but result in additional protection and potentially less-costly and less-disruptive adjustments in periods of high market stress. Avoiding concentrations of collateral 3.5.7. An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. High concentrations within holdings can be avoided by establishing concentration limits or imposing concentration charges. Concentration limits restrict participants’ ability to provide certain collateral assets above a specified threshold as established by the FMI. Concentration charges penalise participants for maintaining holdings of certain assets beyond a specified threshold as established by the FMI. Further, concentration limits and charges should be constructed to prevent participants from covering a large share of their collateral requirements with the most risky assets acceptable. Concentration limits and charges should be periodically reviewed by the FMI to determine their adequacy. Cross-border collateral 3.5.8. If an FMI accepts cross-border (or foreign) collateral, it should identify and mitigate any additional risks associated with its use and ensure that it can be used in a timely manner. 68 A cross-border collateral arrangement can provide an efficient liquidity bridge across markets, help relax collateral constraints for some participants, and contribute to the efficiency of some asset markets. These linkages, however, can also create significant interdependencies and risks to FMIs that need to be evaluated and managed by the affected FMIs (see also Principle 17 on operational risk and Principle 20 on FMI links). For example, an FMI should have appropriate legal and operational safeguards to ensure that it can use the cross-border collateral in a timely manner and should identify and address any significant liquidity effects. An FMI also should consider foreign-exchange risk where collateral is denominated in a currency different from that in which the exposure arises, and set haircuts to address the additional risk to a high level of confidence. The FMI should have the capacity to address potential operational challenges of operating across borders, such as differences in time zones or operating hours of foreign CSDs or custodians. Collateral management systems 3.5.9. An FMI should use a well-designed and operationally flexible collateral management system. Such a system should accommodate changes in the ongoing monitoring and management of collateral. Where appropriate, the system should allow for the timely calculation and execution of margin calls, the management of margin call disputes, and the accurate daily reporting of levels of initial and variation margin. Further, a collateral management system should track the extent of reuse of collateral (both cash and non-cash) and the rights of an FMI to the collateral provided to it by its counterparties. An FMI’s collateral management system should also have functionality to accommodate the timely deposit, withdrawal, substitution, and liquidation of collateral. An FMI should allocate sufficient resources to its collateral management system to ensure an appropriate level of operational performance, efficiency, and effectiveness. Senior management should ensure that the FMI’s collateral management function is adequately staffed to ensure smooth 68 48 Cross-border collateral has at least one of the following foreign attributes: (a) the currency of denomination, (b) the jurisdiction in which the assets are located, or (c) the jurisdiction in which the issuer is established. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 operations, especially during times of market stress, and that all activities are tracked and reported, as appropriate, to senior management. 69 Reuse of collateral 3.5.10. Reuse of collateral refers to the FMI’s subsequent use of collateral that has been provided by participants in the normal course of business. This differs from the FMI’s use of collateral in a default scenario during which the defaulter’s collateral, which has become the property of the FMI, can be used to access liquidity facilities or can be liquidated to cover losses (see Principle 13 on participant-default rules and procedures). An FMI should have clear and transparent rules regarding the reuse of collateral (see Principle 23 on disclosure of rules, key procedures, and market data). In particular, the rules should clearly specify when an FMI may reuse its participant collateral and the process for returning that collateral to participants. In general, an FMI should not rely on the reuse of collateral as an instrument for increasing or maintaining its profitability. However, an FMI may invest any cash collateral received from participants on their behalf (see Principle 16 on custody and investment risks). 69 Information included in summary reports should incorporate information on the reuse of collateral and the terms of such reuse, including instrument, credit quality, and maturity. These reports should also track concentration of individual collateral asset classes. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 49 Principle 6: Margin A CCP should cover its credit exposures to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Key considerations 1. A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. 2. A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. 3. A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single-tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more-granular levels, such as at the subportfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for destabilising, procyclical changes. 4. A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and unscheduled, to participants. 5. In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall risk-management systems. 6. A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting and at least monthly, and morefrequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. 7. A CCP should regularly review and validate its margin system. Explanatory note 3.6.1. An effective margining system is a key risk-management tool for a CCP to manage the credit exposures posed by its participants’ open positions (see also Principle 4 on credit 50 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 risk). A CCP should collect margin, which is a deposit of collateral in the form of money, securities, or other financial instruments to assure performance and to mitigate its credit exposures for all products that it clears if a participant defaults (see also Principle 5 on collateral). Margin systems typically differentiate between initial margin and variation margin. 70 Initial margin is typically collected to cover potential changes in the value of each participant’s position (that is, potential future exposure) over the appropriate close-out period in the event the participant defaults. Calculating potential future exposure requires modelling potential price movements and other relevant factors, as well as specifying the target degree of confidence and length of the close-out period. Variation margin is collected and paid out to reflect current exposures resulting from actual changes in market prices. To calculate variation margin, open positions are marked to current market prices and funds are typically collected from (or paid to) a counterparty to settle any losses (or gains) on those positions. Margin requirements 3.6.2. One of the most common risk-management tools used by CCPs to limit their credit exposure is a requirement that each participant provide collateral to protect the CCP against a high percentile of the distribution of future exposure. In this report, such requirements are described as margin requirements. Margining, however, is not the only risk-management tool available to a CCP (see also Principle 4 on credit risk). In the case of some CCPs for cash markets, the CCP may require each participant to provide collateral to cover credit exposures; they may call these requirements margin, or they may hold this collateral in a pool known as a clearing fund. 71 3.6.3. When setting margin requirements, a CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. Product risk characteristics can include, but are not limited to, price volatility and correlation, non-linear price characteristics, jump-to-default risk, market liquidity, possible liquidation procedures (for example, tender by or commission to market-makers), and correlation between price and position such as wrong-way risk. 72 Margin requirements need to account for the complexity of the underlying instruments and the availability of timely, high-quality pricing data. For example, OTC derivatives require more-conservative margin models because of their complexity and the greater uncertainty of the reliability of price quotes. Furthermore, the appropriate close-out period may vary among products and markets depending upon the product’s liquidity, price, and other characteristics. Additionally, a CCP for cash markets (or physically deliverable derivatives products) should take into account the risk of “fails to deliver” of securities (or other relevant instruments) in its margin methodology. In a fails-to-deliver scenario, the CCP should continue to margin positions for which a participant fails to deliver the required security (or other relevant instrument) on the settlement date. Price information 3.6.4. A CCP should have a reliable source of timely price data because such data is critical for a CCP’s margin system to operate accurately and effectively. In most cases, a CCP should rely on market prices from continuous, transparent, and liquid markets. If a CCP acquires pricing data from third-party pricing services, the CCP should continually evaluate the data’s reliability and accuracy. A CCP should also have procedures and sound valuation 70 Variation margin may also be called mark-to-market margin or variation settlement in some jurisdictions. 71 For the purposes of this report, a clearing fund is a prefunded default arrangement. 72 Correlation should not be understood to be limited to linear correlation, but rather to encompass a broad range of co-dependence or co-movement in relevant economic variables. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 51 models for addressing circumstances in which pricing data from markets or third-party sources are not readily available or reliable. A CCP should have its valuation models validated under a variety of market scenarios at least annually by a qualified and independent party to ensure that its model accurately produces appropriate prices, and where appropriate, the CCP should adjust its calculation of initial margin to reflect any identified model risk. 73 A CCP should address all pricing and market liquidity concerns on an ongoing basis in order to conduct daily measurement of its risks. 3.6.5. For some markets, such as OTC markets, prices may not be reliable because of the lack of a continuous liquid market. In contrast to an exchange-traded market, there may not be a steady stream of live transactions from which to determine current market prices. 74 Although independent third-party sources would be preferable, in some cases, participants may be an appropriate source of price data, as long as the CCP has a system that ensures that prices submitted by participants are reliable and accurately reflect the value of cleared products. Moreover, even when quotes are available, bid-ask spreads may be volatile and widen, particularly during times of market stress, thereby constraining the CCP’s ability to measure accurately and promptly its exposure. In cases where price data is not available or reliable, a CCP should analyse historical information about actual trades submitted for clearing and indicative prices, such as bid-ask spreads, as well as the reliability of price data, especially in volatile and stressed markets, to determine appropriate prices. When prices are estimated, the systems and models used for this purpose must be subject to annual validation and testing. Initial margin methodology 3.6.6. A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements that are sufficient to cover its potential future exposures to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single-tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. 75 For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at moregranular levels, such as at the subportfolio level or by product, the requirement must be met for the corresponding distributions of future exposure at a stage prior to margining among subportfolios or products. The method selected by the CCP to estimate its potential future exposure should be capable of measuring and incorporating the effects of price volatility and other relevant product factors and portfolio effects over a close-out period that reflects the market size and dynamics for each product cleared by the CCP. 76 The estimation may account for the CCP’s ability to implement effectively the hedging of future exposure. The method selected by the CCP should take into account correlations across product prices, market liquidity for close out or hedging, and the potential for non-linear risk exposures posed by certain products, including jump-to-default risks. A CCP should have the authority 73 Validation of the FMI’s valuation procedures should be performed by personnel with sufficient expertise who are independent of the personnel that created and use the valuation procedures. These expert personnel could be drawn from within the FMI. However, a review by personnel external to the FMI may also be necessary at times. 74 As of the date of this report’s publication, regulatory requirements regarding trading in OTC markets are continuing to evolve. 75 This concept parallels the technical definition of potential future exposure as a risk measure. See footnote 42. 76 CCPs often calculate exposures for a shorter period, commonly one day, and, when necessary, scale up to cover the liquidation period. A CCP should be cautious when scaling because the standard square-root of time heuristic is not appropriate for prices that are serially correlated or exhibit non-linear dynamics. 52 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 and operational capacity to make intraday initial margin calls, both scheduled and unscheduled, to its participants. 3.6.7. Close-out period. A CCP should select an appropriate close-out period for each product that it clears and document the close-out periods and related analysis for each product type. A CCP should base its determination of the close-out periods for its initial margin model upon historical price and liquidity data, as well as reasonably foreseeable events in a default scenario. The close-out period should account for the impact of a participant’s default on prevailing market conditions. Inferences about the potential impact of a default on the close-out period should be based on historical adverse events in the product cleared, such as significant reductions in trading or other market dislocations. The close-out period should be based on anticipated close-out times in stressed market conditions but may also take into account a CCP’s ability to hedge effectively the defaulter’s portfolio. Further, close-out periods should be set on a product-specific basis because less-liquid products might require significantly longer close-out periods. A CCP should also consider and address position concentrations, which can lengthen close-out timeframes and add to price volatility during close outs. 3.6.8. Sample period for historical data used in the margin model. A CCP should select an appropriate sample period for its margin model to calculate required initial margin for each product that it clears and should document the period and related analysis for each product type. The amount of margin may be very sensitive to the sample period and the margin model. Selection of the period should be carefully examined based on the theoretical properties of the margin model and empirical tests on these properties using historical data. In certain instances, a CCP may need to determine margin levels using a shorter historical period to reflect new or current volatility in the market more effectively. Conversely, a CCP may need to determine margin levels based on a longer historical period in order to reflect past volatility. A CCP should also consider simulated data projections that would capture plausible events outside of the historical data especially for new products without enough history to cover stressed market conditions. 3.6.9. Specific wrong-way risk. A CCP should identify and mitigate any credit exposure that may give rise to specific wrong-way risk. Specific wrong-way risk arises where an exposure to a counterparty is highly likely to increase when the creditworthiness of that counterparty is deteriorating. For example, participants in a CCP clearing credit-default swaps should not be allowed to clear single-name credit-default swaps on their own names or on the names of their legal affiliates. A CCP is expected to review its portfolio regularly in order to identify, monitor, and mitigate promptly any exposures that give rise to specific wrong-way risk. 3.6.10. Limiting procyclicality. A CCP should appropriately address procyclicality in its margin arrangements. In this context, procyclicality typically refers to changes in riskmanagement practices that are positively correlated with market, business, or credit cycle fluctuations and that may cause or exacerbate financial instability. For example, in a period of rising price volatility or credit risk of participants, a CCP may require additional initial margin for a given portfolio beyond the amount required by the current margin model. This could exacerbate market stress and volatility further, resulting in additional margin requirements. These adverse effects may occur without any arbitrary change in riskmanagement practices. To the extent practicable and prudent, a CCP should adopt forwardlooking and relatively stable and conservative margin requirements that are specifically designed to limit the need for destabilising, procyclical changes. To support this objective, a CCP could consider increasing the size of its prefunded default arrangements to limit the need and likelihood of large or unexpected margin calls in times of market stress. 77 These 77 See also CGFS, The role of margin requirements and haircuts in procyclicality, March 2010. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 53 procedures may create additional costs for CCPs and their participants in periods of low market volatility due to higher margin or prefunded default arrangement contributions, but they may also result in additional protection and potentially less costly and less disruptive adjustments in periods of high market volatility. In addition, transparency regarding margin practices when market volatility increases may help mitigate the effects of procyclicality. Nevertheless, it may be impractical and even imprudent for a CCP to establish margin requirements that are independent of significant or cyclical changes in price volatility. Variation margin 3.6.11. A CCP faces the risk that its exposure to its participants can change rapidly as a result of changes in prices, positions, or both. Adverse price movements, as well as participants building larger positions through new trading, can rapidly increase a CCP’s exposures to its participants (although some markets may impose trading limits or position limits that reduce this risk). A CCP can ascertain its current exposure to each participant by marking each participant’s outstanding positions to current market prices. To the extent permitted by a CCP’s rules and supported by law, the CCP should net any gains against any losses and require frequent (at least daily) settlement of gains and losses. This settlement should involve the daily (and, when appropriate, intraday) collection of variation margin from participants whose positions have lost value and can include payments to participants whose positions have gained value. The regular collection of variation margin prevents current exposures from accumulating and mitigates the potential future exposures a CCP might face. A CCP should also have the authority and operational capacity to make intraday variation margin calls and payments, both scheduled and unscheduled, to its participants. A CCP should consider the potential impact of its intraday variation margin collections and payments on the liquidity position of its participants and should have the operational capacity to make intraday variation margin payments. Portfolio margining 3.6.12. In calculating margin requirements, a CCP may allow offsets or reductions in required margin amounts between products for which it is the counterparty if the risk of one product is significantly and reliably correlated with the risk of another product. 78 A CCP should base such offsets on an economically meaningful methodology that reflects the degree of price dependence between the products. Often, price dependence is modelled through correlations, but more complete or robust measures of dependence should be considered, particularly for non-linear products. In any case, the CCP should consider how price dependence can vary with overall market conditions, including in stressed market conditions. Following the application of offsets, the CCP needs to ensure that the margin meets or exceeds the single-tailed confidence level of at least 99 percent with respect to the estimated distribution of the future exposure of the portfolio. If a CCP uses portfolio margining, it should continuously review and test offsets among products. It should test the robustness of its portfolio method on both actual and appropriate hypothetical portfolios. It is especially important to test how correlations perform during periods of actual and simulated market stress to assess whether the correlations break down or otherwise behave erratically. Prudent assumptions informed by these tests should be made about product offsets. Cross-margining 3.6.13. Two or more CCPs may enter into a cross-margining arrangement, which is an agreement among the CCPs to consider positions and supporting collateral at their 78 54 Effects on the value of positions in the two products will also depend on whether these positions are long or short positions. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 respective organisations as a common portfolio for participants that are members of two or more of the organisations (see also Principle 20 on FMI links). The aggregate collateral requirements for positions held in cross-margined accounts may be reduced if the value of the positions held at the separate CCPs move inversely in a significant and reliable fashion. In the event of a participant default under a cross-margining arrangement, participating CCPs may be allowed to use any excess collateral in the cross-margined accounts to cover losses. 3.6.14. CCPs that participate in cross-margining arrangements must share information frequently and ensure that they have appropriate safeguards, such as joint monitoring of positions, margin collections, and price information. Each CCP must thoroughly understand the others’ respective risk-management practices and financial resources. The CCPs should also have harmonised overall risk-management systems and should regularly monitor possible discrepancies in the calculation of their exposures, especially with regard to monitoring how price correlations perform over time. This harmonisation is especially relevant in terms of selecting an initial margin methodology, setting margin parameters, segregating accounts and collateral, and establishing default-management arrangements. All of the precautions with regard to portfolio margining discussed above would apply to crossmargining regimes between or among CCPs. CCPs operating a cross-margining arrangement should also analyse fully the impact of cross-margining on prefunded default arrangements and on the adequacy of overall financial resources. The CCPs must have in place arrangements that are legally robust and operationally viable to govern the crossmargining arrangement. Testing margin coverage 3.6.15. A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting and at least monthly, and more-frequent as appropriate, sensitivity analysis. A CCP also should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In order to validate its margin models and parameters, a CCP should have a backtesting programme that tests its initial margin models against identified targets. Backtesting is an ex-post comparison of observed outcomes with the outputs of the margin models. A CCP should also conduct sensitivity analysis to assess the coverage of the margin methodology under various market conditions using historical data from realised stressed market conditions and hypothetical data for unrealised stressed market conditions. Sensitivity analysis should also be used to determine the impact of varying important model parameters. Sensitivity analysis is an effective tool to explore hidden shortcomings that cannot be discovered through backtesting. The results of both the backtesting and sensitivity analyses should be disclosed to participants. 3.6.16. Backtesting. A CCP should backtest its margin coverage using participant positions from each day in order to evaluate whether there are any exceptions to its initial margin coverage. This assessment of margin coverage should be considered an integral part of the evaluation of the model’s performance. Coverage should be evaluated across products and participants and take into account portfolio effects across asset classes within the CCP. The initial margin model’s actual coverage, along with projected measures of its performance, should meet at least the established single-tailed confidence level of 99 percent with respect to the estimated distribution of future exposure over an appropriate close-out period. 79 In case backtesting indicates that the model did not perform as expected (that is, the model did not identify the appropriate amount of initial margin necessary to achieve the intended 79 This period should be appropriate to capture the risk characteristics of the specific instrument in order to allow the CCP to estimate the magnitude of the price changes expected to occur in the interval between the last margin collection and the time the CCP estimates it will be able to close out the relevant positions. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 55 coverage), a CCP should have clear procedures for recalibrating its margining system, such as by making adjustments to parameters and sampling periods. In addition, a CCP should evaluate the source of backtesting exceedances to determine if a fundamental change to the margin methodology is warranted or if only the recalibration of current parameters is necessary. Backtesting procedures alone are not sufficient to evaluate the effectiveness of models and adequacy of financial resources against forward-looking risks. 3.6.17. Sensitivity analysis. A CCP should test the sensitivity of its margin model coverage using a wide range of parameters and assumptions that reflect possible market conditions in order to understand how the level of margin coverage might be affected by highly stressed market conditions. The FMI should ensure that the range of parameters and assumptions captures a variety of historical and hypothetical conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. The CCP should conduct sensitivity analysis on its margin model coverage at least monthly using the results of these sensitivity tests and conduct a thorough analysis of the potential losses it could suffer. A CCP should evaluate the potential losses in individual participants’ positions and, where appropriate, their customers’ positions. Furthermore, for a CCP clearing credit instruments, parameters reflective of the simultaneous default of both participants and the underlying credit instruments should be considered. Sensitivity analysis should be performed on both actual and simulated positions. Rigorous sensitivity analysis of margin requirements may take on increased importance when markets are illiquid or volatile. This analysis should be conducted more frequently when markets are unusually volatile or less liquid or when the size or concentration of positions held by its participants increases significantly. Validation of the margin methodology 3.6.18. A CCP should regularly review and validate its margin system. A CCP’s margin methodology should be reviewed and validated by a qualified and independent party at least annually, or more frequently if there are material market developments. Any material revisions or adjustments to the methodology or parameters should be subject to appropriate governance processes (see also Principle 2 on governance) and validated prior to implementation. CCPs operating a cross-margining arrangement should also analyse the impact of cross-margining on prefunded default arrangements and evaluate the adequacy of overall financial resources. Also, the margin methodology, including the initial margin models and parameters used by a CCP, should be made as transparent as possible. At a minimum, the basic assumptions of the analytical method selected and the key data inputs should be disclosed to participants. Ideally, a CCP would make details of its margin methodology available to its participants for use in their individual risk-management efforts. Timeliness and possession of margin payments 3.6.19. A CCP should establish and rigorously enforce timelines for margin collections and payments and set appropriate consequences for failure to pay on time. A CCP with participants in a range of time zones may need to adjust its procedures for margining (including the times at which it makes margin calls) to take into account the liquidity of a participant’s local funding market and the operating hours of relevant payment and settlement systems. Margin should be held by the CCP until the exposure has been extinguished; that is, margin should not be returned before settlement is successfully concluded. 56 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect sameday and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key considerations 1. An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. 2. An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. 3. A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. 4. A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. 5. For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. 6. An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI CPSS-IOSCO – Principles for financial market infrastructures – April 2012 57 does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. 7. An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. 8. An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. 9. An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity riskmanagement framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. 10. An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Explanatory note 3.7.1. Liquidity risk arises in an FMI when it, its participants, or other entities cannot settle their payment obligations when due as part of the clearing or settlement process. Depending on the design of an FMI, liquidity risk can arise between the FMI and its participants, between the FMI and other entities (such as its settlement banks, nostro agents, custodian banks, and liquidity providers), or between participants in an FMI (such as in a DNS payment system or SSS). It is particularly important for an FMI to manage carefully its liquidity risk if, as is typical in many systems, the FMI relies on incoming payments from participants or other entities during the settlement process in order to make payments to other participants. If a 58 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 participant or another entity fails to pay the FMI, the FMI may not have sufficient funds to meet its payment obligations to other participants. In such an event, the FMI would need to rely on its own liquidity resources (that is, liquid assets and prearranged funding arrangements) to cover the funds shortfall and complete settlement. An FMI should have a robust framework to manage its liquidity risks from the full range of participants and other entities. In some cases, a participant may play other roles within the FMI, such as a settlement or custodian bank or liquidity provider. These other roles should be considered in determining an FMI’s liquidity needs. Sources of liquidity risk 3.7.2. An FMI should clearly identify its sources of liquidity risk and assess its current and potential future liquidity needs on a daily basis. An FMI can face liquidity risk from the default of a participant. For example, if an FMI extends intraday credit, implicitly or explicitly, to participants, such credit, even when fully collateralised, may create liquidity pressure in the event of a participant default. The FMI might not be able to convert quickly the defaulting participant’s collateral into cash at short notice. If an FMI does not have sufficient cash to meet all of its payment obligations to participants, there will be a settlement failure. An FMI can also face liquidity risk from its settlement banks, nostro agents, custodian banks, and liquidity providers, as well as linked FMIs and service providers, if they fail to perform as expected. Moreover, as noted above, an FMI may face additional risk from entities that have multiple roles within the FMI (for example, a participant that also serves as the FMI’s settlement bank or liquidity provider). These interdependencies and the multiple roles that an entity may serve within an FMI should be taken into account by the FMI. 3.7.3. An FMI that employs a DNS mechanism may create direct liquidity exposures between participants. For example, in a payment system that uses a multilateral net settlement mechanism, participants may face liquidity exposures to each other if one of the participants fails to meet its obligations. Similarly, in an SSS that uses a DvP model 2 or 3 settlement mechanism and does not guarantee settlement, participants may face liquidity exposures to each other if one of the participants fails to meet its obligations. 80 A longstanding concern is that these types of systems may address a potential settlement failure by unwinding transfers involving the defaulting participant. 81 An unwind imposes liquidity pressures (and, potentially, replacement costs) on the non-defaulting participants. If all such transfers must be deleted, and if the unwind occurs at a time when money markets and securities lending markets are illiquid (for example, at or near the end of the day), the remaining participants could be confronted with shortfalls of funds or securities that would be extremely difficult to cover. The potential total liquidity pressure of unwinding could be equal to the gross value of the netted transactions. Measuring and monitoring liquidity risk 3.7.4. An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. In particular, an FMI should understand and assess the value and concentration of its daily settlement and funding flows through its settlement banks, nostro agents, and other intermediaries. An FMI also should be able to monitor on a daily basis the level of liquid assets (such as cash, securities, other assets held in custody, and investments) that it holds. An FMI should be able to determine the value of its available liquid 80 See also Annex D on summary of designs of payment systems, SSSs, and CCPs, and CPSS, Delivery versus payment in securities settlement systems, September 1992. 81 Unwinding involves deleting some or all of the defaulting participant’s provisional funds transfers and, in an SSS, securities transfers and then recalculating the settlement obligations of the other participants. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 59 assets, taking into account the appropriate haircuts on those assets (see Principle 5 on collateral and Principle 6 on margin). In a DNS system, the FMI should provide sufficient information and analytical tools to help its participants measure and monitor their liquidity risks in the FMI. 3.7.5. If an FMI maintains prearranged funding arrangements, the FMI should also identify, measure, and monitor its liquidity risk from the liquidity providers of those arrangements. An FMI should obtain a high degree of confidence through rigorous due diligence that each liquidity provider, whether or not it is a participant in the FMI, would have the capacity to perform as required under the liquidity arrangement and is subject to commensurate regulation, supervision, or oversight of its liquidity risk-management requirements. Where relevant to assessing a liquidity provider's performance reliability with respect to a particular currency, the liquidity provider’s potential access to credit from the relevant central bank may be taken into account. Managing liquidity risk 3.7.6. An FMI should also regularly assess its design and operations to manage liquidity risk in the system. An FMI that employs a DNS mechanism may be able to reduce its or its participants’ liquidity risk by using alternative settlement designs, such as new RTGS designs with liquidity-saving features or a continuous or extremely frequent batch settlement system. In addition, it could reduce the liquidity demands of its participants by providing participants with sufficient information or control systems to help them manage their liquidity needs and risks. Furthermore, an FMI should ensure that it is operationally ready to manage the liquidity risk caused by participants’ or other entities’ financial or operational problems. Among other things, the FMI should have the operational capacity to reroute payments, where feasible, on a timely basis in case of problems with a correspondent bank. 3.7.7. An FMI has other risk-management tools that it can use to manage its or, where relevant, its participants’ liquidity risk. To mitigate and manage liquidity risk stemming from a participant default, an FMI could use, either individually or in combination, exposure limits, collateral requirements, and prefunded default arrangements. To mitigate and manage liquidity risks from the late-day submission of payments or other transactions, an FMI could adopt rules or financial incentives for timely submission. To mitigate and manage liquidity risk stemming from a service provider or a linked FMI, an FMI could use, individually or in combination, selection criteria, concentration or exposure limits, and collateral requirements. For example, an FMI should seek to manage or diversify its settlement flows and liquid resources to avoid excessive intraday or overnight exposure to one entity. This, however, may involve trade-offs between the efficiency of relying on an entity and the risks of being overly dependent on that entity. These tools are often also used by an FMI to manage its credit risk. Maintaining sufficient liquid resources for payment systems and SSSs 3.7.8. An FMI should ensure that it has sufficient liquid resources, as determined by regular and rigorous stress testing, to effect settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios. A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday or multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. In some instances, a payment system or SSS may need to have sufficient liquid resources to effect settlement of payment obligations over multiple days to account for any potential liquidation of collateral that is outlined in the FMI’s participant-default procedures. 60 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Maintaining sufficient liquid resources for CCPs 3.7.9. Similarly, a CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payment obligations, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. The CCP should carefully analyse its liquidity needs, and the analysis is expected to be reviewed by the relevant authorities. In many cases, a CCP may need to maintain sufficient liquid resources to meet payments to settle required margin and other payment obligations over multiple days to account for multiday hedging and close-out activities as directed by the CCP’s participantdefault procedures. Liquid resources for meeting the minimum requirement 3.7.10. For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. However, such access does not eliminate the need for sound risk-management practices and adequate access to private-sector liquidity resources. 82 Other liquid resources 3.7.11. An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. An FMI may consider using such resources within its liquidity risk management framework in advance of, or in addition to, using its qualifying liquid resources. This may be particularly beneficial where liquidity needs exceed qualifying liquid resources, where qualifying liquid resources can be preserved to cover a future default, or where using other liquid resources would cause less liquidity dislocation to the FMI's participants and the financial system as a whole. Even if an FMI does not have access to routine central bank credit, it should take account of what collateral is typically accepted by the relevant central bank of issue, as such assets may be more likely to be liquid in stressed circumstances. In any case, an FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. 82 The authority or authorities with primary responsibility for an FMI will assess the adequacy of an FMI’s liquidity risk-management procedures, considering the views of the central banks of issue in accordance with Responsibility E. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 61 Assessing liquidity providers 3.7.12. If an FMI has prearranged funding arrangements, the FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider's performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. Additionally, an FMI should adequately plan for the renewal of prearranged funding arrangements with liquidity providers in advance of their expiration. Procedures regarding the use of liquid resources 3.7.13. An FMI should have detailed procedures for using its liquid resources to complete settlement during a liquidity shortfall. An FMI’s procedures should clearly document the sequence for using each type of liquid resource (for example, the use of certain assets before prearranged funding arrangements). These procedures may include instructions for accessing cash deposits or overnight investments of cash deposits, executing same-day market transactions, or drawing on prearranged liquidity lines. In addition, an FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider, including by activating and drawing down test amounts from committed credit facilities and by testing operational procedures for conducting same-day repos. Central bank services 83 3.7.14. If an FMI has access to central bank accounts, payment services, securities services, or collateral management services, it should use these services, where practical, to enhance its management of liquidity risk. Cash balances at the central bank of issue, for example, offer the highest liquidity (see Principle 9 on money settlements). Stress testing of liquidity needs and resources 3.7.15. An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. 84 Scenarios should also consider the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. An FMI should also consider any strong inter-linkages or similar exposures between its participants, as well as the multiple roles that participants may play with respect to the risk management of the FMI, and assess the probability of multiple failures and the contagion effect among its participants that such failures may cause. 83 The use of central bank services or credit is subject to the relevant legal framework and the policies and discretion of the relevant central bank. 84 See BCBS, Principles for sound stress testing practices and supervision, May 2009. 62 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.7.16. Reverse stress tests. An FMI should conduct, as appropriate, reverse stress tests aimed at identifying the extreme default scenarios and extreme market conditions for which the FMI’s liquid resources would be insufficient. In other words, these tests identify how severe stress conditions would be covered by the FMI’s liquid resources. An FMI should judge whether it would be prudent to prepare for these severe conditions and various combinations of factors influencing these conditions. Reverse stress tests require an FMI to model extreme market conditions that may go beyond what are considered extreme but plausible market conditions in order to help understand the sufficiency of liquid resources given the underlying assumptions modelled. Modelling extreme market conditions can help an FMI determine the limits of its current model and resources; however, it requires the FMI to exercise judgment when modelling different markets and products. An FMI should develop hypothetical extreme scenarios and market conditions tailored to the specific risks of the markets and of the products it serves. Reverse stress tests should be considered a helpful risk-management tool but they need not, necessarily, drive an FMI’s determination of the appropriate level of liquid resources. 3.7.17. Frequency of stress testing. Liquidity stress testing should be performed on a daily basis using standard and predetermined parameters and assumptions. In addition, on at least a monthly basis, an FMI should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for achieving the FMI’s identified liquidity needs and resources in light of current and evolving market conditions. An FMI should perform stress testing more frequently when markets are unusually volatile, when they are less liquid, or when the size or concentration of positions held by its participants increases significantly. A full validation of an FMI’s liquidity risk-management model should be performed at least annually. Contingency planning for uncovered liquidity shortfalls 3.7.18. In certain extreme circumstances, the liquid resources of an FMI or its participants may not be sufficient to meet the payment obligations of the FMI to its participants or the payment obligations of participants to each other within the FMI. 85 In a stressed environment, for example, normally liquid assets held by an FMI may not be sufficiently liquid to obtain same-day funding, or the liquidation period may be longer than expected. An FMI should establish explicit rules and procedures that enable the FMI to effect same-day, and where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. 3.7.19. If an FMI allocates potentially uncovered liquidity shortfalls to its participants, the FMI should have clear and transparent rules and procedures for the allocation of shortfalls. These procedures could involve a funding arrangement between the FMI and its participants, the mutualisation of shortfalls among participants according to a clear and transparent formula, or the use of liquidity rationing (for example, reductions in payouts to participants). Any allocation rule or procedure must be discussed thoroughly with and communicated clearly to participants, as well as be consistent with participants’ respective regulatory liquidity risk-management requirements. Furthermore, an FMI should consider and validate, through simulations and other techniques and through discussions with each participant, the potential impact on each participant of any such same-day allocation of liquidity risk and each participant’s ability to bear proposed liquidity allocations. 85 These exceptional circumstances could arise from unforeseen operational problems or unanticipated rapid changes in market conditions. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 63 Settlement A key risk that an FMI faces is settlement risk, which is the risk that settlement will not take place as expected. An FMI faces this risk whether settlement of a transaction occurs on the FMI’s books, on the books of another FMI, or on the books of an external party (for example, a central bank or a commercial bank). The following set of principles provides guidance on (a) settlement finality, (b) money settlements, and (c) physical deliveries. Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key considerations 1. An FMI’s rules and procedures should clearly define the point at which settlement is final. 2. An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. 3. An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Explanatory note 3.8.1. An FMI should be designed to provide clear and certain final settlement of payments, transfer instructions, or other obligations. Final settlement is defined as the irrevocable and unconditional transfer of an asset or financial instrument, or the discharge of an obligation by the FMI or its participants in accordance with the terms of the underlying contract. 86 A payment, transfer instruction, or other obligation that an FMI accepts for settlement in accordance with its rules and procedures should be settled with finality on the intended value date. 87 The value date is the day on which the payment, transfer instruction, or other obligation is due and the associated funds and securities are typically available to the receiving participant. 88 Completing final settlement by the end of the value date is important because deferring final settlement to the next-business day can create both credit and liquidity pressures for an FMI’s participants and other stakeholders, and potentially be a source of systemic risk. Where necessary or preferable, an FMI should provide intraday or real-time settlement finality to reduce settlement risk. 3.8.2. Although some FMIs guarantee settlement, this principle does not necessarily require an FMI to provide such a guarantee. Instead, this principle requires FMIs to clearly define the point at which the settlement of a payment, transfer instruction, or other obligation is final, and to complete the settlement process no later than the end of the value date, and 86 Final settlement (or settlement finality) is a legally defined moment. See also Principle 1 on legal basis. 87 The value date of an FMI’s settlement activity might not necessarily coincide with the exact calendar date if the FMI introduces night-time settlement. 88 This principle is not intended to discourage an FMI from offering a facility for entering transaction details in advance of the value date. 64 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 preferably earlier in the value date. Similarly, this principle is not intended to eliminate fails to deliver in securities trades. 89 The occurrence of non-systemic amounts of such failures, although potentially undesirable, should not by itself be interpreted as a failure to satisfy this principle. 90 However, an FMI should take steps to mitigate both the risks and the implications of such failures to deliver securities (see Principle 4 on credit risk, Principle 7 on liquidity risk, and other relevant principles). Final settlement 3.8.3. An FMI’s rules and procedures should clearly define the point at which settlement is final. A clear definition of when settlements are final also greatly assists in a resolution scenario such that the positions of the participant in resolution and other affected parties can be quickly ascertained. 3.8.4. An FMI’s legal framework and rules generally determine finality. The legal basis governing the FMI, including the insolvency law, must acknowledge the discharge of a payment, transfer instruction, or other obligation between the FMI and system participants, or between or among participants, for the transaction to be considered final. An FMI should take reasonable steps to confirm the effectiveness of cross-border recognition and protection of cross-system settlement finality, especially when it is developing plans for recovery or orderly wind-down or providing relevant authorities information relating to its resolvability. Because of the complexity of legal frameworks and system rules, particularly in the context of crossborder settlement where legal frameworks are not harmonised, a well-reasoned legal opinion is generally necessary to establish the point at which finality takes place (see also Principle 1 on legal basis). Same-day settlement 3.8.5. An FMI’s processes should be designed to complete final settlement, at a minimum no later than the end of the value date. This means that any payment, transfer instruction, or other obligation that has been submitted to and accepted by an FMI in accordance with its risk management and other relevant acceptance criteria should be settled on the intended value date. An FMI that is not designed to provide final settlement on the value date (or same-day settlement) would not satisfy this principle, even if the transaction’s settlement date is adjusted back to the value date after settlement. This is because, in most of such arrangements, there is no certainty that final settlement will occur on the value date as expected. Further, deferral of final settlement to the next-business day can entail overnight risk exposures. For example, if an SSS or CCP conducts its money settlements using instruments or arrangements that involve next-day settlement, a participant’s default on its settlement obligations between the initiation and finality of settlement could pose significant credit and liquidity risks to the FMI and its other participants. 91 Intraday settlement 3.8.6. Depending on the type of obligations that an FMI settles, the use of intraday settlement, either in multiple batches or in real time, may be necessary or desirable to reduce 89 These fails typically occur because of miscommunication between the counterparties, operational problems in the delivery of securities, or failure to acquire a specific security associated with the trade by a specific point in time. 90 In certain markets, participants may have adopted the convention of rescheduling delivery until the trade finally settles. 91 In most cases, next-day settlements over weekend periods involve multi-day settlement risk. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 65 settlement risk. 92 As such, some types of FMIs, such as LVPSs and SSSs, should consider adopting RTGS or multiple-batch settlement to complete final settlement intraday. RTGS is the real-time settlement of payments, transfer instructions, or other obligations individually on a transaction-by-transaction basis. Batch settlement is the settlement of groups of payments, transfer instructions, or other obligations together at one or more discrete, often pre-specified times during the processing day. With batch settlement, the time between the acceptance and final settlement of transactions should be kept short. 93 To speed up settlements, an FMI should encourage its participants to submit transactions promptly. To validate the finality of settlement, an FMI also should inform its participants of their final account balances and, where practical, settlement date and time as quickly as possible, preferably in real time. 94 3.8.7. The use of multiple-batch settlement and RTGS involves different trade-offs. Multiple-batch settlement based on a DNS mechanism, for example, may expose participants to settlement risks for the period during which settlement is deferred. These risks, if not sufficiently controlled, could result in the inability of one or more participants to meet their financial obligations. Conversely, while an RTGS system can mitigate or eliminate these settlement risks, it requires participants to have sufficient liquidity to cover all their outgoing payments and can therefore require relatively large amounts of intraday liquidity. This liquidity can come from various sources, including balances at a central bank or commercial bank, incoming payments, and intraday credit. An RTGS system may be able to reduce its liquidity needs by implementing a queuing facility or other liquidity-saving mechanisms. 95 Revocation of unsettled payments, transfer instructions, or other obligations 3.8.8. An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. In general, an FMI should prohibit the unilateral revocation of accepted and unsettled payments, transfer instructions, or other obligations after a certain point or time in the settlement day, so as to avoid creating liquidity risks. In all cases, cutoff times and materiality rules for exceptions should be clearly defined. The rules should make clear that changes to operating hours are exceptional and require individual justifications. For example, an FMI may want to permit extensions for reasons connected with the implementation of monetary policy or widespread financial market disruption. If extensions are allowed for participants with operating problems to complete processing, the rules governing the approval and duration of such extensions should be clear to participants. 92 For example, intraday or real-time finality is sometimes necessary for monetary policy or payments operations, settlement of back-to-back transactions, intraday margin calls by CCPs, or safe and efficient cross-border links between CSDs that perform settlement functions. 93 Transactions, in certain circumstances, may be settled on a gross basis although through multiple batches during the operating day. 94 Nominal value date might not necessarily coincide with local settlement date. 95 See also CPSS, New developments in large value payment systems, May 2005. 66 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money. Key considerations 1. An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. 2. If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. 3. If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. 4. If an FMI conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks. 5. An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Explanatory note 3.9.1. An FMI typically needs to conduct money settlements with or between its participants for a variety of purposes, such as the settlement of individual payment obligations, funding and defunding activities, and the collection and distribution of margin payments. 96 To conduct such money settlements, an FMI can use central bank money or commercial bank money. Central bank money is a liability of a central bank, in this case in the form of deposits held at the central bank, which can be used for settlement purposes. Settlement in central bank money typically involves the discharge of settlement obligations on the books of the central bank of issue. Commercial bank money is a liability of a commercial bank, in the form of deposits held at the commercial bank, which can be used for settlement purposes. Settlement in commercial bank money typically occurs on the books of a commercial bank. In this model, an FMI typically establishes an account with one or more commercial settlement banks and requires each of its participants to establish an account with one of them. In some cases, the FMI itself can serve as the settlement bank. Money settlements are then effected through accounts on the books of the FMI, which may need to be funded and defunded. An FMI may also use a combination of central bank and commercial bank monies to conduct settlements, for example, by using central bank money for funding and defunding activities and using commercial bank money for the settlement of individual payment obligations. 96 It should be noted, however, that the settlement of payment obligations does not always require a transfer of monies; in some cases, an offsetting process can discharge obligations. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 67 Credit and liquidity risk in money settlements 3.9.2. An FMI and its participants may face credit and liquidity risks from money settlements. Credit risk may arise when a settlement bank has the potential to default on its obligations (for example, if the settlement bank becomes insolvent). When an FMI settles on its own books, participants face credit risk from the FMI itself. Liquidity risk may arise in money settlements if, after a payment obligation has been settled, participants or the FMI itself are unable to transfer readily their assets at the settlement bank into other liquid assets, such as claims on a central bank. Central bank money 3.9.3. An FMI should conduct its money settlements using central bank money, where practical and available, to avoid credit and liquidity risks. With the use of central bank money, a payment obligation is typically discharged by providing the FMI or its participants with a direct claim on the central bank, that is, the settlement asset is central bank money. Central banks have the lowest credit risk and are the source of liquidity with regard to their currency of issue. Indeed, one of the fundamental purposes of central banks is to provide a safe and liquid settlement asset. The use of central bank money, however, may not always be practical or available. For example, an FMI or its participants may not have direct access to all relevant central bank accounts and payment services. A multicurrency FMI that has access to all relevant central bank accounts and payment services may find that some central bank payment services do not operate, or provide finality, at the times when it needs to make money settlements. Commercial bank money 3.9.4. If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. An alternative to the use of central bank money is commercial bank money. When settling in commercial bank money, a payment obligation is typically discharged by providing the FMI or its participants with a direct claim on the relevant commercial bank. To conduct settlements in commercial bank money, an FMI and its participants need to establish accounts with at least one commercial bank, and likely hold intraday or overnight balances, or both. The use of commercial bank money to settle payment obligations, however, can create additional credit and liquidity risks for the FMI and its participants. For example, if the commercial bank conducting settlement becomes insolvent, the FMI and its participants may not have immediate access to their settlement funds or ultimately receive the full value of their funds. 3.9.5. If an FMI uses a commercial bank for its money settlements, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement bank. For example, an FMI should limit both the probability of being exposed to a commercial settlement bank’s failure and limit the potential losses and liquidity pressures to which it would be exposed in the event of such a failure. An FMI should establish and monitor adherence to strict criteria for its commercial settlement banks that take into account, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. A commercial settlement bank should be subject to effective banking regulation and supervision. It should also be creditworthy, be well capitalised, and have ample liquidity from the marketplace or the central bank of issue. 3.9.6. In addition, an FMI should take further steps to limit its credit exposures and liquidity pressures by diversifying the risk of a commercial settlement bank failure, where reasonable, through use of multiple commercial settlement banks. In some jurisdictions, however, there may be only one commercial settlement bank that meets appropriate criteria for 68 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 creditworthiness and operational reliability. Additionally, even with multiple commercial settlement banks, the extent to which risk is actually diversified depends upon the distribution or concentration of participants using different commercial settlement banks and the amounts owed by those participants. 97 An FMI should monitor and manage the full range and concentration of exposures to its commercial settlement banks and assess its potential losses and liquidity pressures as well as those of its participants in the event that the commercial settlement bank with the largest share of activity were to fail. Settlement on the books of an FMI 3.9.7. If money settlement does not occur in central bank money and the FMI conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks. In such an arrangement, an FMI offers cash accounts to its participants, and a payment or settlement obligation is discharged by providing an FMI’s participants with a direct claim on the FMI itself. The credit and liquidity risks associated with a claim on an FMI are therefore directly related to the FMI’s overall credit and liquidity risks. One way an FMI could minimise these risks is to limit its activities and operations to clearing and settlement and closely related processes. Further, to settle payment obligations, the FMI could be established as a supervised special-purpose financial institution and limit the provision of cash accounts to only participants. 98 In some cases, an FMI can further mitigate risk by having participants fund and defund their cash accounts at the FMI using central bank money. In such an arrangement, an FMI is able to back the settlements conducted on its own books with balances that it holds in its account at the central bank. Finality of funds transfers between settlement accounts 3.9.8. In settlements involving either central bank or commercial bank money, a critical issue is the timing of the finality of funds transfers. These transfers should be final when effected (see also Principle 1 on legal basis and Principle 8 on settlement finality). To this end, an FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. If an FMI conducts intraday money settlements (for example, to collect intraday margin), the arrangement should provide realtime finality or intraday finality at the times when an FMI wishes to effect money settlement. 97 The concentration of an FMI’s exposure to a commercial settlement bank can be further exacerbated if the commercial settlement bank has multiple roles with respect to the FMI. For example, an FMI may use a particular commercial settlement bank that is also a participant in the FMI for depositing and investing funds, for depositing and transferring securities, and for back-up liquidity resources. See Principle 7 on liquidity risk. 98 Depending on local laws, these special-purpose institutions would generally be required to have banking licenses and be subject to prudential supervision. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 69 Principle 10: Physical deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Key considerations 1. An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. 2. An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. Explanatory note 3.10.1. An FMI may settle transactions using physical delivery, which is the delivery of an asset, such as an instrument or a commodity, in physical form. 99 For example, the settlement of futures contracts cleared by a CCP may allow or require the physical delivery of an underlying financial instrument or commodity. An FMI that provides physical settlement should have rules that clearly state its obligations with respect to the delivery of physical instruments or commodities. 100 In addition, an FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of such physical instruments and commodities. Rules that state the FMI’s obligations 3.10.2. An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. The obligations that an FMI may assume with respect to physical deliveries vary based on the types of assets that the FMI settles. An FMI should clearly state which asset classes it accepts for physical delivery and the procedures surrounding the delivery of each. An FMI also should clearly state whether its obligation is to make or receive physical deliveries or to indemnify participants for losses incurred in the delivery process. Clear rules on physical deliveries enable the FMI and its participants to take the appropriate steps to mitigate the risks posed by such physical deliveries. An FMI should engage with its participants to ensure that they have an understanding of their obligations and the procedures for effecting physical delivery. Risk of storage and delivery 3.10.3. An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. Issues relating to delivery may arise, for example, when a derivatives contract requires physical delivery of an underlying instrument or commodity. An FMI should plan for and manage physical deliveries by establishing definitions for acceptable physical instruments or commodities, the appropriateness of alternative delivery locations or assets, rules for warehouse operations, and the timing of delivery, when relevant. If an FMI is responsible for the warehousing and 99 Examples of physical instruments that may be covered under this principle include securities, commercial paper, and other debt instruments that are issued in paper form. 100 The term “physical delivery” in the credit-default swap market typically refers to the process by which the protection buyer of a credit-default swap contract “delivers” an instrument to the protection seller after a credit event but does not necessarily involve the delivery of an instrument in paper form. This type of “physical delivery” is outside the scope of this principle. Immobilised and dematerialised securities, which represent the normal market practice, are covered in Principle 11 on CSDs. 70 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 transportation of a commodity, it should make arrangements that take into account the commodity’s particular characteristics (for example, storage under specific conditions, such as an appropriate temperature and humidity for perishables). 3.10.4. An FMI should have appropriate processes, procedures, and controls to manage the risks of storing and delivering physical assets, such as the risk of theft, loss, counterfeiting, or deterioration of assets. An FMI’s policies and procedures should ensure that the FMI’s record of physical assets accurately reflects its holdings of assets, for example, by separating duties between handling physical assets and maintaining records. An FMI also should have appropriate employment policies and procedures for personnel that handle physical assets and should include appropriate pre-employment checks and training. In addition, an FMI should consider other measures, such as insurance coverage and random storage facility audits, to mitigate its storage and delivery risks (other than principal risk). Matching participants for delivery and receipt 3.10.5. In some instances, an FMI serving a commodity market can reduce its risks associated with the physical storage and delivery of commodities by matching participants that have delivery obligations with those due to receive the commodities, thereby removing itself from direct involvement in the storage and delivery process. In such instances, the legal obligations for delivery should be clearly expressed in the rules, including default rules, and any related agreements. In particular, an FMI should be clear whether the receiving participant should seek compensation from the FMI or the delivering participant in the event of a loss. Additionally, an FMI holding margin should not release the margin of the matched participants until it confirms that both have fulfilled their respective obligations. An FMI should also monitor its participants’ performance and, to the extent practicable, ensure that its participants have the necessary systems and resources to be able to fulfil their physical delivery obligations. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 71 Central securities depositories and exchange-of-value settlement systems CSDs and exchange-of-value settlement systems have unique risks associated with their function and design. While the nature and scope of activities performed by CSDs vary based on jurisdiction and market practices, CSDs play a critical role in the protection of securities and help ensure the integrity of securities transactions. Similarly, exchange-of-value settlement systems play a critical role in mitigating principle risk by linking the final settlement of one obligation to the final settlement of another. The following two principles provide specific guidance to CSDs and exchange-of-value settlement systems. Principle 11: Central securities depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Key considerations 1. A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains. 2. A CSD should prohibit overdrafts and debit balances in securities accounts. 3. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. 4. A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. 5. A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. 6. A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks. Explanatory note 3.11.1. A CSD is an entity that provides securities accounts and, in many countries, operates an SSS. A CSD also provides central safekeeping and asset services, which may include the administration of corporate actions and redemptions, and plays an important role in helping to ensure the integrity of securities issues. 101 Securities can be held at the CSD 101 Where an entity legally defined as a CSD or an SSS does not hold or facilitate the holding of assets or collateral owned by their participants, the CSD or SSS in general would not be required to have arrangements to manage the safekeeping of such assets or collateral. 72 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 either in physical (but immobilised) form or in dematerialised form (that is, as electronic records). The precise activities of a CSD vary based on its jurisdiction and market practices. A CSD, for example, may be the official securities registrar and maintain the definitive record of legal ownership for a security; however, in some cases, another entity may serve as the official securities registrar. Further, the activities of a CSD may vary depending on whether it operates in a jurisdiction with a direct or indirect holding arrangement or a combination of both. 102 A CSD should have clear and comprehensive rules and procedures to ensure that the securities it holds on behalf of its participants are appropriately accounted for on its books and protected from risks associated with the other services that the CSD may provide. Rules, procedures, and controls to safeguard the integrity of securities issues 3.11.2. The preservation of the rights of issuers and holders of securities is essential for the orderly functioning of a securities market. Therefore, a CSD should employ appropriate rules, procedures, and controls to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of the securities issues that it maintains. A CSD should, in particular, maintain robust accounting practices and perform end-to-end auditing to verify that its records are accurate and provide a complete accounting of its securities issues. If a CSD records the issuance of securities (alone or in conjunction with other entities), it should verify and account for the initial issuance of securities and ensure that newly issued securities are delivered in a timely manner. To further safeguard the integrity of the securities issues, a CSD should conduct periodic and at least daily reconciliation of the totals of securities issues in the CSD for each issuer (or its issuing agent), and ensure that the total number of securities recorded in the CSD for a particular issue is equal to the amount of securities of that issue held on the CSD's books. Reconciliation may require coordination with other entities if the CSD does not (or does not exclusively) record the issuance of the security or is not the official registrar of the security. For instance, if the issuer (or its issuing agent) is the only entity that can verify the total amount of an individual issue, it is important that the CSD and the issuer cooperate closely to ensure that the securities in circulation in a system correspond to the volume issued into that system. If the CSD is not the official securities registrar for the securities issuer, reconciliation with the official securities registrar should be required. Overdrafts and debit balances in securities accounts 3.11.3. A CSD should prohibit overdrafts and debit balances in securities accounts to avoid credit risk and reduce the potential for the creation of securities. If a CSD were to allow overdrafts or a debit balance in a participant’s securities account in order to credit another participant’s securities account, a CSD would effectively be creating securities and would affect the integrity of the securities issue. Immobilisation and dematerialisation 3.11.4. A CSD can maintain securities in physical form or dematerialised form. 103 Securities held in physical form may be transferred via physical delivery or immobilised and transferred 102 In a direct holding system, each beneficial or direct owner of the security is known to the CSD or the issuer. In some countries, the use of direct holding systems is required by law. Alternatively, an indirect holding system employs a multi-tiered arrangement for the custody and transfer of ownership of securities (or the transfer of similar interests therein) in which investors are identified only at the level of their custodian or intermediary. In either system, the shareholder list may be maintained by the issuer, CSD, securities registrar, or transfer agent. 103 Dematerialisation involves the elimination of physical certificates or documents of title that represent ownership of securities so that securities exist only as accounting records. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 73 via book entry. 104 The safekeeping and transferring of securities in physical form, however, creates additional risks and costs, such as the risk of destruction or theft of certificates, increased processing costs, and increased time to clear and settle securities transactions. By immobilising securities and transferring them via book entry, a CSD can improve efficiency through increased automation and reduce the risk of errors and delays in processing. 105 Dematerialising securities also eliminates the risk of destruction or theft of certificates. A CSD should therefore maintain securities in an immobilised or dematerialised form and transfer securities via book entry. 106 To facilitate the immobilisation of all physical securities of a particular issue, a global note representing the whole issue can be issued. In certain cases, however, immobilisation or dematerialisation within a CSD may not be legally possible or practicable. Legal requirements, for example, may limit the possible implementation or extent of immobilisation and dematerialisation. In such cases, a CSD should provide incentives to immobilise or dematerialise securities. 107 Protection of assets 3.11.5. A CSD should protect assets against custody risk, including the risk of loss because of the CSD’s negligence, misuse of assets, fraud, poor administration, inadequate recordkeeping, or failure to protect a participant’s interests in securities or because of the CSD’s insolvency or claims by the CSD’s creditors. A CSD should have rules and procedures consistent with its legal framework and robust internal controls to achieve these objectives. 108 Where appropriate, a CSD should consider insurance or other compensation schemes to protect participants against misappropriation, destruction, and theft of securities. 3.11.6. A CSD should employ a robust system that ensures the segregation of assets belonging to the CSD from the securities belonging to its participants. In addition, the CSD should segregate participants’ securities from those of other participants through the provision of separate accounts. While the title to securities is typically held in a CSD, often the beneficial owner, or the owner depending on the legal framework, of the securities does not participate directly in the system. Rather, the owner establishes relationships with CSD participants (or other intermediaries) that provide safekeeping and administrative services related to the holding and transfer of securities on behalf of customers. Where supported by the legal framework, a CSD also should support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings to another participant. 109 Where relevant, the segregation of accounts typically helps provide appropriate protection against the claims of a CSD’s creditors or the claims of the creditors of a participant in the event of its insolvency. 104 Immobilisation involves concentrating the location of securities in a depository and transferring ownership by book entry. 105 Improved efficiency through book-entry settlement also may support the development of more-liquid securities markets. 106 Book-entry transfers also facilitate the settlement of securities through a DvP mechanism, thereby reducing or eliminating principal risk in settlement (see also Principle 12 on exchange-of-value settlement systems). 107 In addition, the relevant authorities will have a role in providing the necessary framework to support immobilisation or dematerialisation. 108 The relevant authorities will have a role in providing the necessary framework to protect the CSD’s participants’ and their customers’ assets. 109 The customer’s rights and interests to the securities held by the participant or the CSD will depend upon the applicable legal framework. In some jurisdictions, a CSD may be required to maintain records that would facilitate the identification of customer securities regardless of the type of holding system in effect. 74 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Other activities 3.11.7. If a CSD provides services other than central safekeeping and administration of securities, it should identify, measure, monitor, and manage the risks associated with those activities, particularly credit and liquidity risks, consistent with the respective principles in this report. Additional tools may be necessary to address these risks, including the need for the FMI to separate legally the other activities. For example, a CSD that operates an SSS may provide a centralised securities lending facility to help facilitate timely settlement and reduce settlement fails or may otherwise offer services that support the bilateral securities lending market. If the CSD acts as a principal in a securities lending transaction, it should identify, monitor, and manage its risks, including potential credit and liquidity risks, under the conditions set in Principles 4 and 7. For example, the securities lent by the CSD may not be returned when needed because of a counterparty default, operational failure, or legal challenge. The CSD would then need to acquire the lent securities in the market, perhaps at a cost, thus exposing the CSD to credit and liquidity risks. 110 110 See also CPSS, Strengthening repo clearing and settlement arrangements, September 2010. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 75 Principle 12: Exchange-of-value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 1. An FMI that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis and when finality occurs. Explanatory note 3.12.1. The settlement of a financial transaction by an FMI may involve the settlement of two linked obligations, such as the delivery of securities against payment of cash or securities or the delivery of one currency against delivery of another currency. 111 In this context, principal risk may be created when one obligation is settled, but the other obligation is not (for example, the securities are delivered but no cash payment is received). Because this principal risk involves the full value of the transaction, substantial credit losses as well as substantial liquidity pressures may result from the default of a counterparty or, more generally, the failure to complete the settlement of both linked obligations. Further, a settlement default could result in high replacement costs (that is, the unrealised gain on the unsettled contract or the cost of replacing the original contract at market prices that may be changing rapidly during periods of stress). An FMI should eliminate or mitigate these risks through the use of a DvP, DvD, or PvP settlement mechanism. 112 Linking final settlement of obligations 3.12.2. An FMI that is an exchange-of-value settlement system should eliminate principal risk by linking the final settlement of one obligation to the final settlement of the other through an appropriate DvP, DvD, or PvP settlement mechanism (see also Principle 4 on credit risk, Principle 7 on liquidity risk, and Principle 8 on settlement finality). DvP, DvD, and PvP settlement mechanisms eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation occurs. If an FMI effects settlements using a DvP, DvD, or PvP settlement mechanism, it should settle a high percentage of obligations through that mechanism. In the securities market, for example, a DvP settlement mechanism is a mechanism that links a securities transfer and a funds transfer in such a way as to ensure that delivery occurs if and only if the corresponding payment occurs. 113 DvP can and should be achieved for both the primary and secondary 111 In some cases, the settlement of a transaction can be free of payment, for example, for the purposes of pledging collateral and repositioning securities. The settlement of a transaction may also involve more than two linked obligations, for example, for the purposes of some collateral substitutions where there are multiple securities or for premium payments related to securities lending in two currencies. These cases are not inconsistent with this principle. 112 While DvP, DvD, and PvP settlement mechanisms eliminate principal risk, they do not eliminate the risk that the failure of a participant could result in systemic disruptions, including liquidity dislocations. 113 Similarly, a PvP settlement mechanism is a mechanism which ensures that the final transfer of a payment in one currency occurs if and only if the final transfer of a payment in another currency or currencies takes place. A DvD settlement mechanism is a securities settlement mechanism which links two or more securities transfers in such a way as to ensure that delivery of one security occurs if and only if the corresponding delivery of the other security or securities occurs. 76 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 markets. The settlement of two obligations can be achieved in several ways and varies by how trades or obligations are settled, either on a gross basis (trade-by-trade) or on a net basis, and the timing of when finality occurs. Models of gross or net settlement of obligations 3.12.3. The final settlement of two linked obligations can be achieved either on a gross basis or on a net basis. 114 For example, an SSS can settle the transfers of both securities and funds on a gross basis throughout the settlement day. Alternatively, an SSS can settle securities transfers on a gross basis throughout the day but settle funds transfers on a net basis at the end of the day or at certain times during the day. An SSS can also settle both securities and funds transfers on a net basis at the end of the day or at certain times during the day. Regardless of whether an FMI settles on a gross or net basis, the legal, contractual, technical, and risk-management framework should ensure that the settlement of an obligation is final if and only if the settlement of the corresponding obligation is final. Timing of settlement 3.12.4. DvP, DvD, and PvP can be achieved through different timing arrangements. Strictly speaking, DvP, DvD, and PvP do not require a simultaneous settlement of obligations. In some cases, settlement of one obligation could follow the settlement of the other. For example, when an SSS does not itself provide cash accounts for settlement, it may first block the underlying securities in the account of the seller. 115 The SSS may then request a transfer of funds from the buyer to the seller at the settlement bank for funds transfers. The securities are delivered to the buyer or its custodian if and only if the SSS receives confirmation of settlement of the cash leg from the settlement bank. In such DvP arrangements, however, the length of time between the blocking of securities, the settling of cash, and the subsequent release and delivery of the blocked securities should be minimised. 116 Further, blocked securities must not be subject to a claim by a third party (for example, other creditors, tax authorities, or even the SSS itself) because these claims would give rise to principal risk. 114 For a discussion of stylised models of DvP settlement, see CPSS, Delivery versus payment in securities systems, September 1992. 115 In this context, DvP could be achieved through a link between an SSS and a payment system. The SSS settles the securities leg of the transaction while the payment system settles the cash leg. However, in the context of these principles this arrangement is not considered an FMI link, but a DvP system. 116 An SSS that settles securities transactions on a net basis with an end-of-day finality arrangement could meet this requirement by providing a mechanism that allows intraday finality. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 77 Default management An FMI should have appropriate policies and procedures to handle participant defaults. A participant default, if not properly managed, can have serious implications for the FMI, other participants, and the broader financial markets. Further, a CCP needs an appropriate segregation and portability regime to protect customer positions in the event of a participant default or insolvency. The following two principles provide guidance on (a) participant-default rules and procedures for all FMIs and (b) segregation and portability issues for CCPs. Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key considerations 1. An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. 2. An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. 3. An FMI should publicly disclose key aspects of its default rules and procedures. 4. An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. Explanatory note 3.13.1. Participant-default rules and procedures facilitate the continued functioning of an FMI in the event that a participant fails to meet its obligations. These rules and procedures help limit the potential for the effects of a participant’s failure to spread to other participants and undermine the viability of the FMI. Key objectives of default rules and procedures should include (a) ensuring timely completion of settlement, even in extreme but plausible market conditions; (b) minimising losses for the FMI and for non-defaulting participants; (c) limiting disruptions to the market; (d) providing a clear framework for accessing FMI liquidity facilities as needed; and (e) managing and closing out the defaulting participant’s positions and liquidating any applicable collateral in a prudent and orderly manner. In some instances, managing a participant default may involve hedging open positions, funding collateral so that the positions can be closed out over time, or both. An FMI may also decide to auction or allocate open positions to its participants. 117 To the extent consistent with these objectives, an FMI should allow non-defaulting participants to continue to manage their positions as normal. 117 An OTC derivatives CCP may need to consider requiring participants to agree in advance to bid on the defaulting participant’s portfolio and, should the auction fail, accept an allocation of the portfolio. Where used, such procedures should include consideration of the risk profile and portfolio of each receiving participant before allocating positions so as to minimise additional risk for the non-defaulting participants. 78 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Rules and procedures 3.13.2. An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations to non-defaulting participants in the event of a participant default. An FMI should explain clearly in its rules and procedures what circumstances constitute a participant default, addressing both financial and operational defaults. 118 An FMI should describe the method for identifying a default. In particular, an FMI should specify whether a declaration of default is automatic or discretionary, and if discretionary, which person or group shall exercise that discretion. Key aspects to be considered in designing the rules and procedures include (a) the actions that an FMI can take when a default is declared; (b) the extent to which such actions are automatic or discretionary; (c) potential changes to the normal settlement practices, should these changes be necessary in extreme circumstances, to ensure timely settlement; (d) the management of transactions at different stages of processing; (e) the expected treatment of proprietary and customer transactions and accounts; (f) the probable sequencing of actions; (g) the roles, obligations, and responsibilities of the various parties, including non-defaulting participants; and (h) the existence of other mechanisms that may be activated to contain the impact of a default. An FMI should involve its participants, authorities, and other relevant stakeholders in developing its default rules and procedures (see Principle 2 on governance). Use and sequencing of financial resources 3.13.3. An FMI’s default rules and procedures should enable the FMI to take timely action to contain losses and liquidity pressures, before, at, and after the point of participant default (see also Principle 4 on credit risk and Principle 7 on liquidity risk). Specifically, an FMI’s rules and procedures should allow the FMI to use promptly any financial resources that it maintains for covering losses and containing liquidity pressures arising from default, including liquidity facilities. The rules of the FMI should specify the order in which different types of resources will be used. This information enables participants to assess their potential future exposures from using the FMI’s services. Typically, an FMI should first use assets provided by the defaulting participant, such as margin or other collateral, to provide incentives for participants to manage prudently the risks, particularly credit risk, they pose to an FMI. 119 The application of previously provided collateral should not be subject to prevention, stay, or reversal under applicable law and the rules of the FMI. An FMI should also have a credible and explicit plan for replenishing its resources over an appropriate time horizon following a participant default so that it can continue to operate in a safe and sound manner. In particular, the FMI’s rules and procedures should define the obligations of the non-defaulting participants to replenish the financial resources depleted during a default so that the time horizon of such replenishment is anticipated by non-defaulting participants without any disruptive effects. Proprietary and customer positions 3.13.4. A CCP should have rules and procedures to facilitate the prompt close out or transfer of a defaulting participant’s proprietary and customer positions. Typically, the longer these positions remain open on the books of the CCP, the larger the CCP’s potential credit exposures resulting from changes in market prices or other factors will be. A CCP should have the ability to apply the proceeds of liquidation, along with other funds and assets of the 118 An operational default occurs when a participant is not able to meet its obligations due to an operational problem, such as a failure in information technology systems. 119 The defaulting participant’s assets do not include segregated customer collateral; such segregated collateral should not be used to cover losses resulting from a participant default, except in the case of a potential close out of segregated customer positions. See Principle 14 on segregation and portability. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 79 defaulting participant, to meet the defaulting participant’s obligations. It is critical that a CCP has the authority to act promptly to contain its exposure, while having regard for overall market effects, such as sharp declines in market prices. A CCP should have the information, resources, and tools to close out positions promptly. In circumstances where prompt close out is not practicable, a CCP should have the tools to hedge positions as an interim riskmanagement technique. In some cases, a CCP may use seconded personnel from nondefaulting participants to assist in the close-out or hedging process. The CCP’s rules and procedures should clearly state the scope of duties and term of service expected from seconded personnel. In other cases, the CCP may elect to auction positions or portfolios to the market. The CCP’s rules and procedures should clearly state the scope for such action, and any participant obligations with regard to such auctions should be clearly set out. The close out of positions should not be subject to prevention, stay, or reversal under applicable law and the rules of the FMI. Management discretion 3.13.5. An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in the rules. Management should ensure that the FMI has the operational capacity, including sufficient well-trained personnel, to implement its procedures in a timely manner. An FMI’s rules and procedures should outline examples of when management discretion may be appropriate and should include arrangements to minimise any potential conflicts of interests. Management should also have internal plans that clearly delineate the roles and responsibilities for addressing a default and provide training and guidance to its personnel on how the procedures should be implemented. These plans should address documentation, information needs, and coordination when more than one FMI or authority is involved. In addition, timely communication with stakeholders, in particular with relevant authorities, is of critical importance. The FMI, to the extent permitted, should clearly convey to affected stakeholders information that would help them to manage their own risks. The internal plan should be reviewed by management and the relevant board committees at least annually or after any significant changes to the FMI’s arrangements. Public disclosure of key aspects of default rules and procedures 3.13.6. To provide certainty and predictability regarding the measures that an FMI may take in a default event, an FMI should publicly disclose key aspects of its default rules and procedures, including: (a) the circumstances in which action may be taken; (b) who may take those actions; (c) the scope of the actions which may be taken, including the treatment of both proprietary and customer positions, funds, and other assets; (d) the mechanisms to address an FMI’s obligations to non-defaulting participants; and (e) where direct relationships exist with participants’ customers, the mechanisms to help address the defaulting participant’s obligations to its customers. This transparency fosters the orderly handling of defaults, enables participants to understand their obligations to the FMI and to their customers, and gives market participants the information they need to make informed decisions about their activities in the market. An FMI should ensure that its participants and their customers, as well as the public, have appropriate access to the FMI’s default rules and procedures and should promote their understanding of those procedures in order to foster confidence in the market in the event of a participant default. Periodic testing and review of default procedures 3.13.7. An FMI should involve its participants and other stakeholders in the testing and review of its default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. The periodic testing and review of default procedures is important to help the FMI and its participants understand fully the procedures and to identify any lack of clarity in, or discretion allowed by, the rules and 80 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 procedures. Such tests should include all relevant parties, or an appropriate subset, that would likely be involved in the default procedures, such as members of the appropriate board committees, participants, linked or interdependent FMIs, relevant authorities, and any related service providers. This is particularly important where an FMI relies on non-defaulting participants or third parties to assist in the close-out process and where the default procedures have never been tested by an actual default. The results of these tests and reviews should be shared with the FMI’s board of directors, risk committee, and relevant authorities. 3.13.8. Furthermore, part of an FMI’s participant-default testing should include the implementation of the resolution regime for an FMI’s participants, as relevant. An FMI should be able to take all appropriate steps to address the resolution of a participant. Specifically, the FMI, or if applicable a resolution authority, should be able to transfer a defaulting participant’s open positions and customer accounts to a receiver, third party, or bridge financial company. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 81 Principle 14: Segregation and portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. Key considerations 1. A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. 2. A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. 3. A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. 4. A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. Explanatory note 3.14.1. Segregation of customers’ positions and collateral plays an important part in the safe and effective holding and transfer of customers’ positions and collateral, especially in the event of a participant’s default or insolvency. Segregation refers to a method of protecting customer collateral and contractual positions by holding or accounting for them separately. Customer collateral should be segregated from the assets of the participant through which the customers clear. In addition, individual customer collateral may be held separately from the collateral of other customers of the same participant to protect customers from each other’s default. Where offered by the CCP, such positions and collateral should be protected effectively from the concurrent default or insolvency of both a customer and the participant. 3.14.2 Effective segregation arrangements can reduce the impact of a participant’s insolvency on its customers by providing for clear and reliable identification of a participant’s customer’s positions and related collateral. Segregation also protects a customer’s collateral from becoming lost to a participant’s other creditors. In addition, segregation facilitates the transfer of customers’ positions and collateral. Even if no transfers take place, segregation can improve a customer’s ability to identify and recover its collateral (or the value thereof), which, at least to some extent, contributes to retaining customers’ confidence in their clearing participants and may reduce the potential for “counterparty runs” on a deteriorating clearing participant. 3.14.3. Portability refers to the operational aspects of the transfer of contractual positions, funds, or securities from one party to another party. By facilitating transfers from one participant to another, effective portability arrangements lessen the need for closing out positions, including during times of market stress. Portability thus minimises the costs and 82 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 potential market disruption associated with closing out positions and reduces the possible impact on customers’ ability to continue to obtain access to central clearing. 3.14.4. Effective segregation and portability of a participant’s customers’ positions and collateral depend not only on the measures taken by a CCP itself but also on applicable legal frameworks, including those in foreign jurisdictions in the case of remote participants. Effective segregation and portability also depend on measures taken by other parties, for example, where customers post additional collateral to the participant. 120 Legal framework 3.14.5. In order to achieve fully the benefits of segregation and portability, the legal framework applicable to the CCP should support its arrangements to protect and transfer the positions and collateral of a participant’s customers. 121 The legal framework will influence how the segregation and portability arrangements are designed and what benefits can be achieved. The relevant legal framework will vary depending upon many factors, including the participant’s legal form of organisation, the manner in which collateral is provided (for example, security interest, title transfer, or full ownership right), and the types of assets (for example, cash or securities) provided as collateral. Therefore, it is not possible to design a single model appropriate for all CCPs across all jurisdictions. However, a CCP should structure its segregation and portability arrangements (including applicable rules) in a manner that protects the interests of a participant’s customers and achieves a high degree of legal certainty under applicable law. A CCP should also consider potential conflict of laws when designing its arrangements. In particular, the CCP’s rules and procedures that set out its segregation and portability arrangements should avoid any potential conflict with applicable legal or regulatory requirements. Alternate approach for CCPs serving certain cash markets 3.14.6 In certain jurisdictions, cash market CCPs operate in legal regimes that facilitate segregation and portability to achieve protection of customer assets by alternate means that offer the same degree of protection as the approach required by this principle. Features of these regimes are that if a participant fails, (a) the customer positions can be identified timely, (b) customers will be protected by an investor protection scheme designed to move customer accounts from the failed or failing participant to another participant in a timely manner, and (c) customer assets can be restored. 122 In these cases, the CCP and relevant authorities for these particular cash markets should evaluate whether the applicable legal or regulatory framework achieves the same degree of protection and efficiency (see Principle 21 on efficiency and effectiveness) for customers that would otherwise be achieved by segregation and portability arrangements at the CCP level described in Principle 14. 120 Participants may collect excess collateral from their customers, beyond that which is required by and provided to the CCP. This excess collateral may be held by the participant or its custodian and outside of the segregation and portability regime in effect at the CCP. 121 For example, portability arrangements could be undermined if applicable insolvency laws do not protect the transfer of customer positions and collateral from avoidance (“clawback”) by the participant’s insolvency officer. Also, in some jurisdictions, it may not be possible to segregate cash. 122 For example, domestic law subjects participants to explicit and comprehensive financial responsibility or customer protection requirements that obligate participants to make frequent determinations (for example, daily) that they maintain possession and control of all customers’ fully paid and excess margin securities and to segregate their proprietary activities from those of their customers. Under these regimes, pending securities purchases do not belong to the customer; thus, there is no customer trade or position entered into the CCP. As a result, participants provide collateral to the CCP on behalf of their customers regardless of whether they are acting on a principal or agent basis, and the CCP is not able to identify positions or possess the assets of its participants’ customers. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 83 Customer account structures 3.14.7. The segregation and portability principle is particularly relevant for CCPs that clear positions and hold collateral belonging to customers of a participant. This clearing structure allows customers (such as buy-side firms) that are not direct participants of a CCP to obtain access to central clearing where direct access is either not possible (for example, due to an inability to meet membership criteria) or not considered commercially appropriate (for example, due to the cost of establishing and maintaining the infrastructure necessary to perform as a clearing member or contributing to a CCP’s default resources). A CCP should employ an account structure that enables it readily to identify positions belonging to a participant’s customers and to segregate related collateral. Segregation of customer collateral by a CCP can be achieved in different ways, including through individual or omnibus accounts. 3.14.8 The degree of protection achievable for customer collateral will depend on whether customers are protected on an individual or omnibus basis and the way initial margin is collected (gross or net basis) by the CCP. 123 Each of these decisions will have implications for the risks the CCP faces from its participants and, in some cases, their customers. The CCP should understand, monitor, and manage these risks. 124 Similarly, there are advantages and disadvantages to each type of account structure that the CCP should consider when designing its segregation regime. Individual account structure 3.14.9. The individual account structure provides a high degree of protection to the clearing level collateral of customers of participants in a CCP, even in the case where the losses associated with another customer’s default exceed the resources of the participant (see paragraph 3.14.10). Under this approach, each customer’s collateral is held in a separate, segregated individual account at the CCP, and depending on the legal framework applicable to the CCP, a customer’s collateral may only be used to cover losses associated with the default of that customer (that is, customer collateral is protected on an individual basis). This account structure facilitates the clear and reliable identification of a customer’s collateral, which supports full portability of an individual customer’s positions and collateral or, alternatively, can expedite the return of collateral to the customer. Since all collateral maintained in the individual customer’s account is used to margin that customer’s positions only, the CCP should be able to transfer these positions from the customer account of a defaulting participant to that of another participant with sufficient collateral to cover the exposures. The use of individual accounts and the collection of margin on a gross basis provide flexibility in how a customer’s portfolio may be ported to another participant or group of participants. 125 Maintaining individual accounts, however, can be operationally and resource intensive for the CCP in settling transactions and ensuring accurate bookkeeping. This approach could impact the overall efficiency of the CCP’s operations. Finally, effectively achieving the advantages of maintaining individual accounts may depend upon the legal framework applicable to the insolvency of the participant. 123 Collecting margin on a gross basis means that the amount of margin a participant must post to the CCP on behalf of its customers is the sum of the amounts of margin required for each such customer. Collecting margin on a net basis means that the participant may, in calculating the amount of margin it must post to the CCP on behalf of its customers, offset the amounts of margin associated with the portfolios of different customers. 124 See also Principle 19 on tiered participation arrangements. 125 As a practical matter, an individual account structure is inconsistent with net collection of margin, since under such netting, it is impractical for the CCP to allocate the net margin to individual customers. 84 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Omnibus account structure 3.14.10. Another approach would be to use an omnibus account structure where all collateral belonging to all customers of a particular participant is commingled and held in a single account segregated from that of the participant. This approach can be less operationally intensive, can be more efficient when porting positions and collateral for a group of customers of a defaulting participant (where there has been no customer default or where customer collateral is legally protected on an individual basis), and can be structured to protect customers’ collateral from being used to cover a default by the direct participant. 3.14.11. However, depending on the legal framework and the CCP’s rules, omnibus accounts where the customer collateral is protected on an omnibus basis may expose a customer to “fellow-customer risk” – the risk that another customer of the same participant will default and create a loss that exceeds both the amount of available collateral supporting the defaulting customer’s positions and the available resources of the participant. 126 As a result, the remaining commingled collateral of the participant’s non-defaulting customers is exposed to the loss. Fellow-customer risk is of particular concern because customers have limited, if any, ability to monitor or to manage the risk of their fellow customers. 3.14.12. One potential solution is for omnibus account structures to be designed in a manner that operationally commingles collateral related to customer positions while protecting customers legally on an individual basis – that is, protecting them from fellow-customer risk. Such individual protection does require the CCP to maintain accurate books sufficient to promptly ascertain an individual customer’s interest in a portion of the collateral. A failure to do so can lead to delays or even losses in returning margin and other collateral that has been provided to the CCP to individual customers in the event a participant becomes insolvent. 127 3.14.13. The degree to which portability is fostered for a customer whose assets are held in an omnibus account also varies depending on whether the CCP collects margin on a gross or net basis. As with account structure, there are advantages and disadvantages to the alternative ways in which margin may be collected by the CCP that employs an omnibus account structure. Margin calculated on a gross basis to support individual customer portfolios results in less netting efficiency at the participant level; however, it is likely to preclude the possibility of under-margined customer positions when ported. As a result, CCPs can port a participant’s customers’ positions and related margin in bulk or piecemeal. 128 Gross margining enhances the feasibility of portability, which is desirable since porting avoids the transactions costs, including bid-offer spreads associated with terminating and replacing a participant’s customers’ positions. When margin is collected on a gross basis, it is more likely that there will be sufficient collateral in the omnibus account to cover all positions of a participant’s customers. 3.14.14. When margin is collected by the CCP on a net basis but held in an omnibus account structure, there is a risk that full portability cannot be achieved. 129 Since the collateral 126 In some jurisdictions, customers in an omnibus account can include affiliates of the direct participant. 127 Ascertaining each customer’s interest in the omnibus account may require reliance on the participant’s records containing the sub-accounting for individual customers. Under some legal frameworks, the collateral in the omnibus account is distributed to customers proportionately, based on their net customer claims, and participants may be required to provide certain customer information to the CCP. 128 Although portability on a portfolio basis has historically been feasible in the absence of a customer default, it is possible that such portability may not be achievable due to a lack of willing and able transferees. Such lack may occur due to stressed market conditions, the complexity or size of the portfolio, or lack of information on the individual constituents. 129 Collateral exceeding the amount required by the CCP to cover the net positions is often maintained by the participant. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 85 maintained in the omnibus account covers the net positions across all customers of a particular participant, upon a participant default, any excess collateral maintained by the defaulting participant may not be readily available for porting to another participant to collateralise a customer’s positions on a going-forward basis. Moreover, other than a bulk transfer of all customer positions of the defaulting participant, along with the aggregate of the customer collateral held at the CCP and at the participant, any transfer of a customer’s positions to another participant would depend on the ability and willingness of customers to provide additional collateral. Otherwise, porting individual customer portfolios, with their pro rata share of net margin, to multiple transferee clearing members is likely to result in undermargined customer positions. Transferee clearing members are unlikely to accept such positions unless the margin shortfall is remedied by the customer. Factors to consider in choosing the level of protection 3.14.15. In considering whether to offer individual customer collateral protection at the clearing level, the CCP should take into account all relevant circumstances. Such circumstances include applicable insolvency regimes, costs of implementation, and riskmanagement challenges associated with the use of individual customer accounts, as well as the important benefits of individual customer protection. If the CCP determines that individual customer accounts should be offered, then the CCP should endeavour to offer them at reasonable cost and in an unrestrictive manner and encourage direct participants to offer those accounts to their customers at a reasonable cost and in an unrestrictive manner. Transfer of positions and collateral 3.14.16. Efficient and complete portability of a participant’s customers’ positions and related collateral is important in both pre-default and post-default scenarios but is particularly critical when a participant defaults or is undergoing insolvency proceedings. 130 A CCP’s ability to transfer customers’ positions and related collateral in a timely manner may depend on such factors as market conditions, sufficiency of information on the individual constituents, and the complexity or sheer size of the portfolio. A CCP should therefore structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be effectively transferred to one or more other participants, taking into account all relevant circumstances. In order to achieve a high likelihood of portability, a CCP will need to have the ability to identify positions that belong to customers, identify and assert its rights to related collateral held by or through the CCP, transfer positions and related collateral to one or more other participants, identify potential participants to accept the positions, disclose relevant information to such participants so that they can evaluate the counterparty credit and market risk associated with the customers and positions, respectively, and facilitate the CCP’s ability to carry out its default management procedures in an orderly manner. A CCP’s rules and procedures should require participants to facilitate the transfer of a participant’s customers’ positions and collateral upon the customer’s request, subject to any notice or other contractual requirements. The CCP should obtain the consent of the direct participant to which positions and collateral are ported. If there are circumstances where this would not be the case, they should be set out in the CCP’s rules, policies, or procedures. A CCP’s policies and procedures also should provide for the proper handling of positions and collateral of customers of a defaulting participant. 131 130 A customer should also be able to transfer its positions and collateral to another participant in the normal course of business (for example, in the case of a relationship with a new clearing firm or merger of entities), subject to applicable laws and contractual terms. In addition, portability arrangements can also facilitate an orderly wind down of a participant. 131 See also Principle 13 on participant-default rules and procedures. 86 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Disclosure 3.14.17. A CCP should state its segregation and portability arrangements, including the method for determining the value at which customer positions will be transferred, in its rules, policies, and procedures. 132 A CCP’s disclosure should be adequate such that customers can understand how much customer protection is provided, how segregation and portability are achieved, and any risks or uncertainties associated with such arrangements. Disclosure helps customers to assess the related risks and conduct due diligence when entering into transactions that are cleared or settled through a direct participant in the CCP. Customers should have sufficient information about which of its positions and collateral held at or through a CCP are segregated from positions and collateral of the participant and the CCP. Disclosure regarding segregation should include (a) whether the segregated assets are reflected on the books and records at the CCP or unaffiliated third-party custodians that hold assets for the CCP; (b) who holds the customer collateral (for example, CCP or third-party custodian); and (c) under what circumstances customer collateral may be used by the CCP. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. 132 See Principle 23 on disclosure of rules, key procedures, and market data. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 87 General business and operational risk management In addition to the credit, liquidity, and other related risks that it faces from its payment, clearing, and settlement activities, an FMI also faces general business and operational risks. The inability of an FMI to continue as a going concern could have systemic risk implications for its participants and the broader financial markets. The following set of principles provides guidance on managing (a) general business risk, (b) custody and investment risks, and (c) operational risk. Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key considerations 1. An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. 2. An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. 3. An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk-based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. 4. Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. 5. An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Explanatory note 3.15.1. An FMI should have robust management and control systems to identify, monitor, and manage general business risk. General business risk refers to the risks and potential losses arising from an FMI’s administration and operation as a business enterprise that are neither related to participant default nor separately covered by financial resources under the credit or liquidity risk principles. General business risk includes any potential impairment of 88 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 the FMI’s financial position (as a business concern) as a consequence of a decline in its revenues or an increase in its expenses, such that expenses exceed revenues and result in a loss that must be charged against capital. Such impairment can be caused by a variety of business factors, including poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Business-related losses also may arise from risks covered by other principles, for example, legal risk (in the case of legal actions challenging the FMI’s custody arrangements), investment risk affecting the FMI’s resources, and operational risk (in the case of fraud, theft, or loss). 133 In these cases, general business risk may cause an FMI to experience an extraordinary one-time loss as opposed to recurring losses. Identifying business risk 3.15.2. An FMI should identify and assess the sources of business risk and their potential impact on its operations and services, taking into account past loss events and financial projections. An FMI should assess and thoroughly understand its business risk and the potential effect that this risk could have on its cash flows, liquidity, and capital positions. In doing so, an FMI should consider a combination of tools, such as risk management and internal control assessments, scenario analysis, and sensitivity analysis. Internal control assessments should identify key risks and controls and assess the impact and probability of the risks and the effectiveness of the controls. Scenario analysis should examine how specific scenarios would affect the FMI. Sensitivity analysis should test how changes in one risk affect the FMI’s financial standing, for example, conducting the analysis of how the loss of a key customer or service provider might impact the FMI’s existing business activities. In some cases, an FMI may want to consider an independent assessment of specific business risks. 3.15.3. An FMI should clearly understand its general business risk profile so that it is able to assess its ability either (a) to avoid, reduce, or transfer specific business risks or (b) to accept and manage those risks. This requires the ongoing identification of risk-mitigation options that the FMI may use in response to changes in its business environment. When planning an expansion of activity, an FMI should conduct a comprehensive enterprise risk assessment. In particular, when considering any major new product, service, or project, the FMI should project potential revenues and expenses as well as identify and plan how it will cover any additional capital requirements. Further, an FMI may eliminate or mitigate some risks by instituting appropriate internal controls or by obtaining insurance or indemnity from a third party. Measuring and monitoring business risk 3.15.4. Once an FMI has identified and assessed its business risk, it should measure and monitor these risks on an ongoing basis and develop appropriate information systems as part of a robust enterprise risk-management program. Key components of a robust enterprise risk-management program include establishing strong financial and internal control systems so that the FMI can monitor, manage, and control its cash flows and operating expenses and mitigate any business-related losses (see Principle 3 on framework for the comprehensive management of risks). In particular, an FMI should minimise and mitigate the probability of business-related losses and their impact on its operations across a range of adverse business and market conditions, including the scenario that its viability as a going concern is questioned. An FMI should also ensure that it has rigorous and appropriate investment guidelines and monitoring procedures (see Principle 16 on custody and investment risks). 133 See also Principle 1 on legal basis, Principle 16 on custody and investment risks, and Principle 17 on operational risk. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 89 Determining sufficient liquid net assets 3.15.5. An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. 134 Equity allows an FMI to absorb losses on an ongoing basis and should be permanently available for this purpose. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly winddown, as appropriate, of its critical operations and services if such action is taken. 135 Accordingly, an FMI should maintain a viable plan to achieve recovery and orderly winddown and should hold sufficient liquid net assets funded by equity to implement this plan. 136 The appropriate amount of liquid net assets funded by equity will depend on the content of the plan and, specifically, on the size of the FMI, the scope of its activities, the types of actions included in the plan, and the length of time needed to implement them. An FMI should also take into consideration the operational, technological, and legal requirements for participants to establish and move to an alternative arrangement in the event of an orderly wind-down. At a minimum, however, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. 137 3.15.6. In order to estimate the amount of liquid net assets funded by equity that a particular FMI would need, the FMI should regularly analyse and understand how its revenue and operating expenses may change under a variety of adverse business scenarios as well as how it might be affected by extraordinary one-time losses. This analysis should also be performed when a material change to the assumptions underlying the model occurs, either because of changes to the FMI’s business model or because of external changes. An FMI needs to consider not only possible decreases in revenues but also possible increases in operating expenses, as well as the possibility of extraordinary one-time losses, when deciding on the amount of liquid net assets to hold to cover general business risk. 3.15.7. Assets held by an FMI to cover risks or losses other than business risk (for example, the financial resources required under the credit and liquidity risk principles) or to cover losses from other business lines that are unrelated to its activities as an FMI should not be included when accounting for liquid net assets available to cover business risk. 138 However, equity held under international risk-based capital standards should be included where relevant and appropriate to avoid duplicate capital requirements. 3.15.8. Assets held to cover general business risk should be of high quality and sufficiently liquid, such as cash, cash equivalents, or liquid securities, to allow the FMI to meet its current and projected operating expenses under a range of scenarios including in adverse market conditions. To ensure the adequacy of its own resources, an FMI should regularly assess 134 If the FMI’s corporate structure is such that it cannot legally or institutionally raise equity (for example under certain structures of mutual ownership or when the FMI is run by a central bank) or if the FMI is a new start-up and cannot initially raise the required level of equity, it should ensure an equal amount of equivalent loss absorbing financial resources is available. 135 Recovery could include recapitalising, replacing management, merging with another FMI, revising business strategies (including cost or fee structures), or restructuring services provided. 136 For the purposes of this principle, the requirement for liquid net assets funded by equity ensures that the assets held for the purposes of this principle are sufficiently liquid to be available to mitigate any potential business risks in a timely manner, can only be used for business risk purposes, and are funded by equity rather than long term liabilities. 137 Operating expenses may exclude depreciation and amortization expenses for purposes of this calculation. 138 Depending on the rules of the particular FMI and the insolvency law of the jurisdiction in which it is established, the equity of an FMI may ultimately be used if the resources that form the default backing are insufficient to cover the losses generated in the event of a participant default. 90 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 and report its liquid net assets funded by equity relative to its potential business risks to its regulators. Maintaining sufficient equity 3.15.9. An FMI should provide a viable capital plan for maintaining an appropriate level of equity. The capital plan should specify how an FMI would raise new capital if its equity capital were to fall close to or below the amount needed. This plan should be approved by the board of directors (or an appropriate board committee) and updated regularly. An FMI may also need to consult its participants and others during the development of its plan. 3.15.10. In developing a capital plan, an FMI should consider a number of factors, including its ownership structure and any insured business risks. For example, an FMI should determine if and to what extent specific business risks are covered by (a) explicit insurance from a third party or (b) explicit indemnity agreements from a parent, owners, or participants (for example, general loss-allocation provisions and parent guarantees), which would be realisable within the recovery or orderly wind-down time frame. Given the contingent nature of these resources, an FMI should use conservative assumptions when taking them into account for its capital plan. Furthermore, these resources should not be taken into account when assessing the FMI’s capital adequacy. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 91 Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key considerations 1. An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. 2. An FMI should have prompt access to its assets and the assets provided by participants, when required. 3. An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. 4. An FMI’s investment strategy should be consistent with its overall risk-management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Explanatory note 3.16.1. An FMI has the responsibility to safeguard its assets, such as cash and securities, as well as the assets that its participants have provided to the FMI. Custody risk is the risk of loss on assets held in custody in the event of a custodian’s (or subcustodian’s) insolvency, negligence, fraud, poor administration, or inadequate recordkeeping. Assets that are used by an FMI to support its operating funds or capital funds or that have been provided by participants to secure their obligations to the FMI should be held at supervised or regulated entities that have strong processes, systems, and credit profiles, including other FMIs (for example, CSDs). In addition, assets should generally be held in a manner that assures the FMI of prompt access to those assets in the event that the FMI needs to draw on them. Investment risk refers to the risk of loss faced by an FMI when it invests its own or its participants’ assets. Use of custodians 3.16.2. An FMI should mitigate its custody risk by using only supervised and regulated entities with robust accounting practices, safekeeping procedures, and internal controls that fully protect its own and its participants’ assets. It is particularly important that assets held in custody are protected against claims of a custodian’s creditors. The custodian should have a sound legal basis supporting its activities, including the segregation of assets (see also Principle 1 on legal basis and Principle 11 on CSDs). The custodian also should have a strong financial position to be able to sustain losses from operational problems or noncustodial activities. An FMI should confirm that its interest or ownership rights in the assets can be enforced and that it can have prompt access to its assets and the assets provided by participants, when required. Timely availability and access should be ensured even if these securities are held in another time zone or jurisdiction. Furthermore, the FMI should confirm it has prompt access to the assets in the event of a default of a participant. 3.16.3. An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each custodian bank. For example, a financial institution may serve as a custodian bank to an FMI as well as a settlement bank and liquidity provider to the FMI. The custodian bank also might be a participant in the FMI and offer clearing services to other participants. An FMI should carefully consider all of its relationships with a particular custodian bank to ensure that its overall risk exposure to an 92 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 individual custodian remains within acceptable concentration limits. Where feasible, an FMI could consider using multiple custodians for the safekeeping of its assets to diversify its exposure to any single custodian. For example, a CCP may want to use one custodian for its margin assets and another custodian for its prefunded default arrangement. Such a CCP, however, may need to balance the benefits of risk diversification against the benefits of pooling resources at one or a small number of custodians. In any event, an FMI should monitor the concentration of risk exposures to, and financial condition of, its custodian banks on an ongoing basis. Investment strategy 3.16.4. An FMI’s strategy for investing its own and its participants’ assets should be consistent with its overall risk-management strategy and fully disclosed to its participants. When making its investment choices, the FMI should not allow pursuit of profit to compromise its financial soundness and liquidity risk management. Investments should be secured by, or be claims on, high-quality obligors to mitigate the credit risk to which the FMI is exposed. Also, because the value of an FMI’s investments may need to be realised quickly, investments should allow for quick liquidation with little, if any, adverse price effect. For example, an FMI could invest in overnight reverse repo agreements backed by liquid securities with low credit risk. An FMI should carefully consider its overall credit risk exposures to individual obligors, including other relationships with the obligor that create additional exposures such as an obligor that is also a participant or an affiliate of a participant in the FMI. In addition, an FMI should not invest participant assets in the participant’s own securities or those of its affiliates. If an FMI’s own resources can be used to cover losses and liquidity pressures resulting from a participant default, the investment of those resources should not compromise the FMI’s ability to use them when needed. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 93 Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Key considerations 1. An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. 2. An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational riskmanagement framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. 3. An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. 4. An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. 5. An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. 6. An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a widescale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. 7. An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Explanatory note 3.17.1. Operational risk is the risk that deficiencies in information systems, internal processes, and personnel or disruptions from external events will result in the reduction, deterioration, or breakdown of services provided by an FMI. Operational failures can damage an FMI’s reputation or perceived reliability, lead to legal consequences, and result in financial losses incurred by the FMI, participants, and other parties. In certain cases, operational failures can also be a source of systemic risk. An FMI should establish a robust framework to manage its operational risks with appropriate systems, policies, procedures, and controls. As part of an FMI’s operational risk-management framework, the FMI should identify the plausible sources of operational risk; deploy appropriate systems; establish appropriate policies, procedures, and controls; set operational reliability objectives; and develop a business continuity plan. An FMI should take a holistic approach when establishing its operational risk-management framework. 94 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Identifying sources of operational risk 3.17.2. An FMI should actively identify, monitor, and manage the plausible sources of operational risk and establish clear policies and procedures to address them. Operational risk can stem from both internal and external sources. Internal sources of operational risk include inadequate identification or understanding of risks and the controls and procedures needed to limit and manage them, inadequate control of systems and processes, inadequate screening of personnel, and, more generally, inadequate management. External sources of operational risk include the failure of critical service providers or utilities or events affecting a wide metropolitan area such as natural disasters, terrorism, and pandemics. Both internal and external sources of operational risk can lead to a variety of operational failures that include (a) errors or delays in message handling, (b) miscommunication, (c) service degradation or interruption, (d) fraudulent activities by staff, and (e) disclosure of confidential information to unauthorised entities. If an FMI provides services in multiple time zones, it may face increased operational risk due to longer operational hours and less downtime for maintenance. An FMI should identify all potential single points of failure in its operations. 139 Additionally, an FMI should assess the evolving nature of the operational risk it faces on an ongoing basis (for example, pandemics and cyber-attacks), so that it can analyse its potential vulnerabilities and implement appropriate defence mechanisms. 3.17.3. A TR typically serves as a single source of information for a particular market, and it may be the central registry for certain trades. Therefore, a TR’s failure to perform as expected could cause significant disruption. The key risk of a TR is operational. Deficiencies in business continuity management, data integrity, and the safeguarding of data are a particular concern. Inadequate disclosure or faulty delivery of data by a TR to relevant authorities or the public could undermine the primary purpose of the TR. Access to timely and reliable data provides greater insights into the derivatives market and improves the ability of relevant authorities to oversee the markets it serves and its participants. Data recorded by a TR may also be used as inputs by the TR’s participants and potentially by other relevant infrastructures and service providers. Therefore, continuous availability of data stored in a TR is critical.140 Also, a TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Where a TR provides access to another type of FMI, such as a CCP, the linked FMIs may be exposed to additional risks if the interface is not properly designed. FMIs establishing a link to a TR should ensure that the system and communication arrangements between the linked entities are reliable and secure such that the operation of the link does not pose significant reliability and security risks. Operational risk management 3.17.4. An FMI should establish clear policies, procedures, and controls that mitigate and manage its sources of operational risk. Overall, operational risk management is a continuous process encompassing risk assessment, defining an acceptable tolerance for risk, and implementing risk controls. This process results in an FMI accepting, mitigating, or avoiding risks consistent with its operational reliability objectives. An FMI’s governance arrangements are pertinent to its operational risk-management framework (see also Principle 2 on governance). In particular, an FMI’s board should explicitly define the roles and 139 A single point of failure is any point in a system, whether a service, activity, or process, that, if it fails to work correctly, leads to the failure of the entire system. 140 The mitigation of operational risk is particularly important because the information maintained by a TR can support bilateral netting and be used to provide services directly to market participants or other providers (for example, portfolio compression), including other linked FMIs. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 95 responsibilities for addressing operational risk and endorse the FMI’s operational riskmanagement framework. 3.17.5. To ensure the proper functioning of its risk controls, an FMI should have sound internal controls. For example, an FMI should have adequate management controls, such as setting operational standards, measuring and reviewing performance, and correcting deficiencies. There are many relevant international, national, and industry-level standards, guidelines, or recommendations that an FMI may use in designing its operational riskmanagement framework. Conformity with commercial standards can help an FMI reach its operational objectives. For example, commercial standards exist for information security, business continuity, and project management. An FMI should regularly assess the need to integrate the applicable commercial standards into its operational risk-management framework. In addition, an FMI should seek to comply with relevant commercial standards in a manner commensurate with the FMI’s importance and level of interconnectedness. 3.17.6. An FMI’s arrangements with participants, operational policies, and operational procedures should be periodically, and whenever necessary, tested and reviewed, especially after significant changes occur to the system or a major incident occurs. In order to minimise any effects of the testing on operations, tests should be carried out in a “testing environment.” This testing environment should, to the extent possible, replicate the production environment (including the implemented security provisions, in particular, those regarding data confidentiality). Additionally, key elements of an FMI’s operational riskmanagement framework should be audited periodically and whenever necessary. In addition to periodic internal audits, external audits may be necessary, depending on the FMI’s importance and level of interconnectedness. Consistent with the evolving nature of operational risk management, an FMI’s operational objectives should be periodically reviewed to incorporate new technological and business developments. 3.17.7. Because the proper performance of an FMI’s employees is a core aspect of any operational risk-management framework, an FMI should employ sufficient, well-qualified personnel. An FMI’s personnel should be able to operate the system safely and efficiently and consistently follow operational and risk-management procedures during normal and abnormal circumstances. An FMI should implement appropriate human resources policies to hire, train, and retain qualified personnel, thereby mitigating the effects of high rates of personnel turnover or key-person risk. Additionally, an FMI should have appropriate human resources and risk-management policies to address fraud prevention. 3.17.8. The FMI’s operational risk-management framework should include formal changemanagement and project-management processes to mitigate operational risk arising from modifications to operations, policies, procedures, and controls. Change-management processes should provide mechanisms for preparing, approving, tracking, testing, and implementing all changes to the system. Project-management processes, in the form of policies and procedures, should mitigate the risk of any inadvertent effects on an FMI’s current or future activities due to an upgrade, expansion, or alteration to its service offerings, especially for major projects. In particular, these policies and procedures should guide the management, documentation, governance, communication, and testing of projects, regardless of whether projects are outsourced or executed in-house. Operational reliability 3.17.9. An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These objectives serve as benchmarks for an FMI to evaluate its efficiency and effectiveness and evaluate its performance against expectations. These objectives should be designed to promote confidence among the FMI’s participants. Operational reliability objectives should include the FMI’s operational performance objectives and committed service-level targets. Operational performance objectives and service-level targets should define both qualitative and quantitative measures of operational performance and should explicitly state the 96 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 performance standards the FMI is intending to meet. The FMI should monitor and assess regularly whether the system is meeting its established objectives and service-level targets. The system’s performance should be reported regularly to senior management, relevant board committees, participants, and authorities. In addition, an FMI’s operational objectives should be periodically reviewed to incorporate new technological and business developments. Incident management 3.17.10. An FMI should have comprehensive and well-documented procedures in place to record, report, analyse, and resolve all operational incidents. After every significant disruption, an FMI should undertake a “post-incident” review to identify the causes and any required improvement to the normal operations or business continuity arrangements. Such reviews should, where relevant, include the FMI’s participants. Operational capacity 3.17.11. An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives, such as the required processing speed. A TR, in particular, should have scalable capacity adequate to maintain historical data as required. Capacity management requires that the FMI monitor, review, and test (including stress test) the actual capacity and performance of the system on an ongoing basis. The FMI should carefully forecast demand and make appropriate plans to adapt to any plausible change in the volume of business or technical requirements. These plans should be based on a sound, comprehensive methodology so that the required service levels and performance can be achieved and maintained. As part of its capacity planning, an FMI should determine a required level of redundant capacity, taking into account the FMI’s level of importance and interconnectedness, so that if an operational outage occurs, the system is able to resume operations and process all remaining transactions before the end of the day. Physical and information security 3.17.12. An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. In particular, an FMI should have policies effective in assessing and mitigating vulnerabilities in its physical sites from attacks, intrusions, and natural disasters. An FMI also should have sound and robust information security policies, standards, practices, and controls to ensure an appropriate level of confidence and trust in the FMI by all stakeholders. These policies, standards, practices, and controls should include the identification, assessment, and management of security threats and vulnerabilities for the purpose of implementing appropriate safeguards into its systems. Data should be protected from loss and leakage, unauthorised access, and other processing risks, such as negligence, fraud, poor administration, and inadequate recordkeeping. An FMI’s information security objectives and policies should conform to commercially reasonable standards for confidentiality, integrity, authentication, authorisation, nonrepudiation, availability, and auditability (or accountability). Business continuity management 3.17.13. Business continuity management is a key component of an FMI’s operational riskmanagement framework. A business continuity plan should have clearly stated objectives and should include policies and procedures that allow for the rapid recovery and timely resumption of critical operations following a disruption to a service, including in the event of a wide-scale or major disruption. An FMI should explicitly assign responsibility for business continuity planning and devote adequate resources to this planning. The plan should identify and address events that pose a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption, and should focus on the impact on the operation of critical infrastructures and services. An FMI’s business continuity plan should CPSS-IOSCO – Principles for financial market infrastructures – April 2012 97 ensure that the FMI can continue to meet agreed-upon service levels in such events. Both internal and external threats should be considered in the business continuity plan, and the impact of each threat should be identified and assessed. In addition to reactive measures, an FMI’s business continuity plan may need to include measures that prevent disruptions of critical operations. All aspects of the business continuity plan should be clearly and fully documented. 3.17.14. The objectives of an FMI’s business continuity plan should include the system’s recovery time and recovery point. An FMI should aim to be able to resume operations within two hours following disruptive events; however, backup systems ideally should commence processing immediately. The plan should be designed to enable the FMI to complete settlement by the end of the day even in case of extreme circumstances. Depending on their recovery-time objectives and designs, some FMIs may be able to resume operations with some data loss; however, contingency plans for all FMIs should ensure that the status of all transactions at the time of the disruption can be identified with certainty in a timely manner. 3.17.15. An FMI should set up a secondary site with sufficient resources, capabilities, and functionalities and appropriate staffing arrangements that would not be affected by a widescale disruption and would allow the secondary site to take over operations if needed. 141 The secondary site should provide the level of critical services necessary to perform the functions consistent with the recovery time objective and should be located at a geographical distance from the primary site that is sufficient to have a distinct risk profile. 142 Depending on the FMI’s importance and level of interconnectedness, the need and possibilities for a third site could be considered, in particular to provide sufficient confidence that the FMI’s business continuity objectives will be met in all scenarios. An FMI should also consider alternative arrangements (for example, manual paper-based procedures) to allow for the processing of time-critical transactions in extreme circumstances. 3.17.16. An FMI’s business continuity plan should also include clearly defined procedures for crisis and event management. The plan, for example, should address the need for rapid deployment of a multi-skilled crisis and event-management team as well as procedures to consult and inform participants, interdependent FMIs, authorities, and others (such as service providers and, where relevant, the media) quickly. Communication with regulators, supervisors, and overseers is critical in case of a major disruption to an FMI’s operations or a wider market distress that affects the FMI, particularly where relevant authorities might rely on data held by the FMI for crisis management. Depending on the nature of the problem, communication channels with local civil authorities (for physical attacks or natural disasters) or computer experts (for software malfunctions or cyber-attacks) may also need to be activated. If an FMI has global importance or critical linkages to one or more interdependent FMIs, it should set up, test, and review appropriate cross-system or cross-border crisismanagement arrangements. 3.17.17. An FMI’s business continuity plan and its associated arrangements should be subject to periodic review and testing. Tests should address various scenarios that simulate wide-scale disasters and intersite switchovers. An FMI’s employees should be thoroughly trained to execute the business continuity plan and participants, critical service providers, and linked FMIs should be regularly involved in the testing and be provided with a general 141 A particular site may be primary for certain functions and secondary for others. It is not intended that an FMI would be required to have numerous separate secondary sites for each of its essential functions. 142 An FMI should conduct a comparative risk analysis of the secondary site. The secondary site should in principle not be affected by an event that affects the primary site, with the exception of some very specific threats, such as a coordinated attack. Each site should have robust resilience based on the duplication of software and hardware, and the technology in place to replicate data between the various sites should be consistent with the chosen recovery-point objectives. 98 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 summary of the testing results. The FMI should also consider the need to participate in industry-wide tests. An FMI should make appropriate adjustments to its business continuity plans and associated arrangements based on the results of the testing exercises. Interdependencies 3.17.18. An FMI is connected directly and indirectly to its participants, other FMIs, and its service and utility providers. Accordingly, the FMI should identify both direct and indirect effects on its ability to process and settle transactions in the normal course of business and manage risks that stem from an external operational failure of connected entities. These effects include those transmitted through its participants, which may participate in multiple FMIs. In addition, an FMI should also identify, monitor, and manage the risks it faces from and poses to other FMIs (see Principle 20 on FMI links). To the extent possible, interdependent FMIs should coordinate business continuity arrangements. An FMI also should consider the risks associated with its service and utility providers and the operational effect on the FMI if service or utility providers fail to perform as expected. An FMI should provide reliable service, not only for the benefit of its direct participants, but also for all entities that would be affected by its ability to process transactions. 3.17.19. To manage the operational risks associated with its participants, an FMI should consider establishing minimum operational requirements for its participants (see also Principle 18 on access and participation requirements). For example, an FMI may want to define operational and business continuity requirements for participants in accordance with the participant’s role and importance to the system. In some cases, an FMI may want to identify critical participants based on the consideration of transaction volumes and values, services provided to the FMI and other interdependent systems, and, more generally, the potential impact on other participants and the system as a whole in the event of a significant operational problem. Critical participants may need to meet some of the same operational risk-management requirements as the FMI itself. An FMI should have clear and transparent criteria, methodologies, or standards for critical participants to ensure that their operational risks are managed appropriately. 3.17.20. An FMI that relies upon or outsources some of its operations to another FMI or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet the same requirements they would need to meet if they were provided internally. The FMI should have robust arrangements for the selection and substitution of such providers, timely access to all necessary information, and the proper controls and monitoring tools. Some service providers may be critical, such as those that generate environmental interdependencies, because several FMIs or some of their key participants rely upon their services. 143 A contractual relationship should be in place between the FMI and the critical service provider allowing the FMI and relevant authorities to have full access to necessary information. The contract should ensure that the FMI’s approval is mandatory before the critical service provider can itself outsource material elements of the service provided to the FMI, and that in the event of such an arrangement, full access to the necessary information is preserved. Clear lines of communication should be established between the outsourcing FMI and the critical service provider to facilitate the flow of functions and information between parties in both ordinary and exceptional circumstances. 143 Environmental interdependencies result from indirect relationships between two or more systems that arise from broader factors, including a common reliance on a service provider or financial market. Examples include common third-party IT or network providers, common elements of the physical infrastructure (power, water, etc.), common financial markets, or even common risk management procedures. See CPSS, The interdependencies of payment and settlement systems, June 2008. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 99 3.17.21. An FMI that outsources operations to critical service providers should disclose the nature and scope of this dependency to its participants. In addition to these service providers (such as financial messaging providers), an FMI is also typically dependent on the adequate functioning of utilities (such as power and telecommunication companies). As a result, an FMI should identify the risks from its critical service providers and utilities and take appropriate actions to manage these dependencies through appropriate contractual and organisational arrangements. An FMI should inform its relevant authorities about any such dependencies on critical service providers and utilities and take measures to allow these authorities to be informed about the performance of these critical service providers and utilities. To that end, the FMI can contractually provide for direct contacts between the critical service provider and the relevant authority, contractually ensure that the relevant authority can obtain specific reports from the critical service provider, or the FMI may provide full information to the authority. 3.17.22. The relevant authority of the FMI may establish expectations specifically targeted at critical service providers, as presented in Annex F. Adherence to these expectations can be achieved in one of two ways, at the discretion of the authority: (a) the authority monitors adherence to the expectations itself in a direct relationship with the critical service provider or (b) the authority communicates the standards to the FMI, which obtains assurances from its critical service providers that they comply with the expectations. These expectations may also be relevant to an FMI as it reviews its contracts with critical service providers. 100 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Access Fair and open access to an FMI by direct participants, indirect participants, and other FMIs is important because of the critical role many FMIs play in the markets they serve. The following set of principles provides guidance on (a) access and participation requirements, (b) the management of tiered participation arrangements, and (c) the management of FMI links. Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key considerations 1. An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable riskrelated participation requirements. 2. An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. 3. An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Explanatory note 3.18.1. Access refers to the ability to use an FMI’s services and includes the direct use of the FMI’s services by participants, including other market infrastructures (for example, trading platforms) and, where relevant, service providers (for example, matching and portfolio compression service providers). In some cases, this includes the rules governing indirect participation. An FMI should allow for fair and open access to its services. 144 It should control the risks to which it is exposed by its participants by setting reasonable risk-related requirements for participation in its services. An FMI should ensure that its participants and any linked FMIs have the requisite operational capacity, financial resources, legal powers, and risk-management expertise to prevent unacceptable risk exposure for the FMI and other participants. An FMI’s participation requirements should be clearly stated and publicly disclosed so as to eliminate ambiguity and promote transparency. Fair and open access to payment systems, CSDs, SSSs, and CCPs 3.18.2. Fair and open access to FMI services encourages competition among market participants and promotes efficient and low-cost payment, clearing, and settlement. Because an FMI often benefits from economies of scale, there is typically only one FMI, or a small 144 Central banks, however, may exclude certain categories of financial institutions (such as non-deposit-taking institutions) from the FMIs that they operate, such as LVPS, because of legislative constraints or broader policy objectives. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 101 number of FMIs, for a particular market. As a result, participation in an FMI may significantly affect the competitive balance among market participants. In particular, limiting access to an FMI’s services may disadvantage some market participants (and their customers), other FMIs (for example, a CCP that needs access to a CSD), and service providers that do not have access to the FMI’s services. Further, access to one or more FMIs may play an important role in a marketwide plan or policy for the safe and efficient clearing of certain classes of financial instruments and the promotion of efficient financial markets (including the reporting and recording of transaction data). An FMI’s participation requirements should therefore allow for fair and open access, in all relevant jurisdictions, based on reasonable risk-related participation requirements. Moreover, open access may reduce the concentrations of risk that may result from highly tiered arrangements for payment, clearing, and settlement. Fair and open access to TRs 3.18.3. For a TR, ensuring fair and open access may be essential because a wide set of stakeholders may need, or be required by law to have, access to the TR’s data warehousing services, both to store and retrieve data. This may be even more relevant when one TR is serving a particular market and serves multiple jurisdictions. Access is critical for participants reporting trade information to the TR and for platforms that may submit transaction data on behalf of participants, including exchanges, electronic trading venues, and confirmation or matching service providers. In addition, other FMIs or platforms that offer ancillary services may need to obtain trade information from the TR to use as an input to these services. 3.18.4. In addition, a TR should provide terms of use that are commercially reasonable and are designed to support interconnectivity with other FMIs and service providers, where requested, so that competition and innovation in post-trade processing are not impaired as a result of centralising recordkeeping activity. A TR should not engage in anti-competitive practices such as product or service tying, setting overly restrictive terms of use, or anticompetitive price discrimination. A TR also should not develop closed, proprietary interfaces that result in vendor lock-in or barriers to entry with respect to competing service providers that rely on the data maintained by the TR. Risk-related participation requirements 3.18.5. An FMI should always consider the risks that an actual or prospective participant may pose to the FMI and other participants. Accordingly, an FMI should establish risk-related participation requirements adequate to ensure that its participants meet appropriate operational, financial, and legal requirements to allow them to fulfil their obligations to the FMI, including the other participants, on a timely basis. Where participants act for other entities (indirect participants), it may be appropriate for the FMI to impose additional requirements to ensure that the direct participants have the capacity to do so (see also Principle 19 on tiered participation arrangements). Operational requirements may include reasonable criteria relating to the participant’s ability and readiness (for example, its IT capabilities) to use an FMI’s services. Financial requirements may include reasonable riskrelated capital requirements, contributions to prefunded default arrangements, and appropriate indicators of creditworthiness. Legal requirements may include appropriate licences and authorisations to conduct relevant activities as well as legal opinions or other arrangements that demonstrate that possible conflict of laws issues would not impede the ability of an applicant (for example, a foreign entity) to meet its obligations to the FMI. An FMI also may require participants to have appropriate risk-management expertise. If an FMI admits non-regulated entities, it should take into account any additional risks that may arise from their participation and design its participation requirements and risk-management controls accordingly. 102 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.18.6. An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to the FMI’s specific risks, be imposed in a manner commensurate with such risks, and be publicly disclosed. 145 The requirements should be objective and should not unnecessarily discriminate against particular classes of participants or introduce competitive distortions. For example, participation requirements based solely on a participant’s size are typically insufficiently related to risk and deserve careful scrutiny. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. While restrictions on access should generally be based on reasonable risk-related criteria, such restrictions may also be subject to the constraints of local laws and policies of the jurisdiction in which the FMI operates. 146 Requirements should also reflect the risk profile of the activity; an FMI may have different categories of participation based on the type of activity. For example, a participant in the clearing services of a CCP may be subject to a different set of requirements than a participant in the auctioning process of the same CCP. 3.18.7. To help address the balance between open access and risk, an FMI should manage its participant-related risks through the use of risk-management controls, risk-sharing arrangements, and other operational arrangements that have the least-restrictive impact on access and competition that circumstances permit. For example, an FMI can use credit limits or collateral requirements to help it manage its credit exposure to a particular participant. The permitted level of participation may be different for participants maintaining different levels of capital. Where other factors are equal, participants holding greater levels of capital may be permitted less-restrictive risk limits or be able to participate in more functions within the FMI. The effectiveness of such risk-management controls may mitigate the need for an FMI to impose onerous participation requirements that limit access. An FMI could also differentiate its services to provide different levels of access at varying levels of cost and complexity. For example, an FMI may want to limit direct participation to certain types of entities and provide indirect access to others. 147 Participation requirements (and other risk controls) can be tailored to each tier of participants based on the risks each tier poses to the FMI and its participants. Monitoring 3.18.8. An FMI should monitor compliance with its participation requirements on an ongoing basis through the receipt of timely and accurate information. Participants should be obligated to report any developments that may affect their ability to comply with an FMI’s participation requirements. An FMI should have the authority to impose more-stringent restrictions or other risk controls on a participant in situations where the FMI determines the participant poses heightened risk to the FMI. For example, if a participant’s creditworthiness declines, the FMI may require the participant to provide additional collateral or reduce the participant’s credit limit. An FMI should consider additional reporting requirements for non-regulated 145 Efficiency considerations may affect open access. For example, in some instances, factors such as minimum transaction volumes are relevant to operational efficiency. However, considerations based solely on efficiency should not be used to justify participation requirements that in fact act as unjustifiable barriers to entry. 146 For example, certain categories of financial institutions (such as non-deposit-taking institutions) may be excluded from certain FMIs, such as LVPS, because of local banking laws or policies. Conversely, some local laws, such as securities and antitrust laws, may require broader inclusion of classes of participants in certain types of FMIs, such as CCPs. 147 For example, an FMI may accept direct receipt of settlement instructions from indirect participants, which settle on the books of a direct participant. Indirect participants may or may not be explicitly recognised in an FMI’s rules and subject to risk controls. In all cases, an indirect participant has a bilateral agreement with a direct participant. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 103 institutions. An FMI should also have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements of the FMI. 104 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 19: Tiered participation arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Key considerations 1. An FMI should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements. 2. An FMI should identify material dependencies between direct and indirect participants that might affect the FMI. 3. An FMI should identify indirect participants responsible for a significant proportion of transactions processed by the FMI and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the FMI in order to manage the risks arising from these transactions. 4. An FMI should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate. Explanatory note 3.19.1. Tiered participation arrangements occur when some firms (indirect participants) rely on the services provided by other firms (direct participants) to use the FMI’s central payment, clearing, settlement, or recording facilities. 148 3.19.2. The dependencies and risk exposures (including credit, liquidity, and operational risks) inherent in these tiered arrangements can present risks to the FMI and its smooth functioning as well as to the participants themselves and the broader financial markets. 149 For example, if an FMI has few direct participants but many indirect participants with large values or volumes of transactions, it is likely that a large proportion of the transactions processed by the FMI depend on a few direct participants. This will increase the severity of the effect on the FMI of a default of a direct participant or an operational disruption at a direct participant. The credit exposures in tiered relationships can also affect the FMI. If the value of an indirect participant’s transactions is large relative to the direct participant’s capacity to manage the risks, this may increase the direct participant’s default risk. In some cases, for example, CCPs offering indirect clearing will face credit exposures to indirect participants or arising from indirect participants’ positions if a direct participant defaults. There may also be legal or operational risk to the FMI if there is uncertainty about the liability for indirect participant transactions and how these transactions will be handled in the event of a default. 150 148 For the purposes of this principle, an FMI can have two types of relationships that affect tiered participation arrangements. The first type of relationship is with participants in the FMI that are bound by the FMI’s rules and agreements. Such “direct participants” and the management of the risks they present should be fully covered by the rules and agreements of the FMI and are generally dealt with in other principles in this report. The second type of relationship is with entities that are not bound by the rules of the FMI, but whose transactions are cleared, settled, or recorded by or through the FMI. These entities are defined as “indirect participants” in the FMI in this principle. 149 The risk issues will vary depending on the type of FMI. For TRs, only operational risk will be relevant. 150 See Principle 1 on legal basis. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 105 3.19.3. The nature of these risks is such that they are most likely to be material where there are indirect participants whose business through the FMI is a significant proportion of the FMI’s overall business or is large relative to that of the direct participant through which they access the FMI’s services. Normally, the identification, monitoring, and management of risks from tiered participation will therefore be focused on financial institutions that are the immediate customers of direct participants and depend on the direct participant for access to an FMI’s services. 151 In exceptional cases, however, tiered participation arrangements may involve a complex series of financial intermediaries or agents, which may require the FMI to look beyond the direct participant and its immediate customer. 3.19.4. There are limits on the extent to which an FMI can, in practice, observe or influence direct participants’ commercial relationships with their customers. However, an FMI will often have access to information on transactions undertaken on behalf of indirect participants and can set direct participation requirements that may include criteria relating to how direct participants manage relationships with their customers in-so-far as these criteria are relevant for the safe and efficient operation of the FMI. At a minimum, an FMI should identify the types of risk that could arise from tiered participation and should monitor concentrations of such risk. If an FMI or its smooth operation is exposed to material risk from tiered participation arrangements, the FMI should seek to manage and limit such risk. Gathering and assessing information on risks arising from tiered participation arrangements 3.19.5. An FMI may be able to obtain information relating to tiered participation through its own systems or by collecting it from direct participants. An FMI should ensure that its procedures, rules, and agreements with direct participants allow it to gather basic information about indirect participants in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements. This information should enable the FMI, at a minimum, to identify (a) the proportion of activity that direct participants conduct on behalf of indirect participants, (b) direct participants that act on behalf of a material number of indirect participants, (c) indirect participants with significant volumes or values of transactions in the system, and (d) indirect participants whose transaction volumes or values are large relative to those of the direct participants through which they access the FMI. 152 Understanding material dependencies in tiered participation arrangements 3.19.6. An FMI should identify material dependencies between direct and indirect participants that can affect the FMI. Indirect participants will often have some degree of dependency on the direct participant through which they access the FMI. In the case of an FMI with few direct participants but many indirect participants, it is likely that a large proportion of the transactions processed by the FMI would depend on the operational performance of those few direct participants. Disruption to the services provided by the direct participants – whether for operational reasons or because of a participant’s default – could therefore present a risk to the smooth functioning of the system as a whole. The FMI should identify and monitor material dependencies of indirect participants on direct participants so that the FMI has readily available information on which significant indirect participants may be affected by problems at a particular direct participant. 3.19.7. In some cases, issues at an indirect participant could affect the FMI. This is most likely to occur where a large indirect participant accesses an FMI’s facilities through a 151 CCPs that face credit exposures arising from the positions of indirect participants in the event of a direct participant’s default, should identify, monitor, and manage material exposures to non-financial institutions. 152 If satisfying this key consideration requires the collection of sensitive information that may advantage one party over another, the FMI should ensure that the sensitive information is appropriately protected and used only for risk purposes rather than commercial purposes. 106 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 relatively small direct participant. Failure of this significant indirect participant to perform as expected, such as by failing to meet its payment obligations, or stress at the indirect participant, such as that which causes others to delay payments to the indirect participant, may affect the direct participant’s ability to meet its obligations to the FMI. FMIs should therefore identify and monitor the material dependencies of direct participants on indirect participants so that the FMI has readily available information on how the FMI may be affected by problems at an indirect participant, including which direct participants may be affected. Credit and liquidity risks in tiered participation arrangements 3.19.8. Tiered participation arrangements typically create credit and liquidity exposures between direct and indirect participants. The management of these exposures is the responsibility of the participants and, where appropriate, subject to supervision by their regulators. An FMI is not expected to manage the credit and liquidity exposures between direct and indirect participants, although the FMI may have a role in applying credit or position limits in agreement with the direct participant. An FMI should, however, have access to information on concentrations of risk arising from tiered participation arrangements that may affect the FMI, allowing it to identify indirect participants responsible for a significant proportion of the FMI’s transactions or whose transaction volumes or values are large relative to those of the direct participants through which they access the FMI. An FMI should identify and monitor such risk concentrations. 3.19.9. In a CCP, direct participants are responsible for the performance of their customers' financial obligations to the CCP. The CCP may, however, face an exposure to indirect participants (or arising from indirect participants’ positions) if a direct participant defaults, at least until such time as the defaulting participant’s customers’ positions are ported to another participant or closed out. If a participant default would leave the FMI with a potential credit exposure related to an indirect participant’s positions, the FMI should ensure it understands and manages the exposure it would face. For example, the FMI may set participation requirements that require the direct participant, on the FMI’s request, to demonstrate that it is adequately managing relationships with its customers to the extent that they may affect the FMI. An FMI should also consider establishing concentration limits on exposures to indirect participants, where appropriate. Indirect participation and default scenarios 3.19.10. Default scenarios can create uncertainty about whether indirect participants’ transactions have been settled or will be settled and whether any settled transactions will be unwound. Default scenarios can also raise legal and operational risks for the FMI if there is uncertainty about whether the indirect or direct participant is liable for completing the transaction. An FMI should ensure that a default, whether by a direct participant or by an indirect participant, does not affect the finality of indirect participants’ transactions that have been processed and settled by the FMI. An FMI should ensure that its rules and procedures are clear regarding the status of indirect participants’ transactions at each point in the settlement process (including the point at which they become subject to the rules of the system and the point after which the rules of the system no longer apply) and whether such transactions would be settled in the event of an indirect or direct participant default. An FMI should also ensure that it adequately understands its direct participants' processes and procedures for managing an indirect participant’s default. For example, the FMI should know whether the indirect participant’s queued payments can be removed or future-dated transactions rescinded and whether such processes and procedures would expose the FMI to operational, reputational, or other risks. Encouraging direct participation 3.19.11. Direct participation in an FMI usually provides a number of benefits, some of which may not be available to indirect participants, such as real-time gross settlement, exchange- CPSS-IOSCO – Principles for financial market infrastructures – April 2012 107 of-value settlement, or settlement in central bank money. Moreover, indirect participants are vulnerable to the risk that their access to an FMI, their ability to make and receive payments and their ability to undertake and settle other transactions is lost if the direct participant on whom these indirect participants rely defaults or declines to continue their business relationship. If these indirect participants have large values or volumes of business through the FMI, this may affect the smooth functioning of the FMI. For these reasons, where an indirect participant accounts for a large proportion of the transactions processed by an FMI, it may be appropriate to encourage direct participation. For example, an FMI may in some cases establish objective thresholds above which direct participation would normally be encouraged (provided that the firm satisfies the FMI’s access criteria). Setting such thresholds and encouraging direct participation should be based on risk considerations rather than commercial advantage. 153 Regular review of risks in tiered participation arrangements 3.19.12. An FMI should regularly review risks to which it may be exposed as a result of tiered participation arrangements. If material risks exist, the FMI should take mitigating action when appropriate. The results of the review process should be reported to the board of directors and updated periodically and after substantial amendments to an FMI’s rules. 153 See CGFS, The macrofinancial implications of alternative configurations for access to central counterparties in OTC derivatives markets, November, 2011, which notes that overly tiered arrangements can potentially increase systemic risk because of the concentration of credit and operational risk in direct participants. 108 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 20: FMI links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks. Key considerations 1. Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. 2. A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. 3. Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high-quality collateral and be subject to limits. 4. Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. 5. An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. 6. An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. 7. Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. 8. Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfil its obligations to its own participants at any time. 9. A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Explanatory note 3.20.1. A link is a set of contractual and operational arrangements between two or more FMIs that connect the FMIs directly or through an intermediary. An FMI may establish a link with a similar type of FMI for the primary purpose of expanding its services to additional financial instruments, markets, or institutions. 154 For example, a CSD (referred to as an investor CSD) may establish a link to another CSD in which securities are issued or immobilised (referred to as an issuer CSD) to enable a participant in the investor CSD to access the services of the issuer CSD through the participant’s existing relationship with the 154 FMIs in all link arrangements should meet the requirement in key consideration 1 of Principle 18. Open access to other FMIs can be a pre-condition for the establishment of links between FMIs of the same type. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 109 investor CSD. 155 A CCP may establish a link with another CCP to enable a participant in the first CCP to clear trades with a participant in the second CCP through the participant’s existing relationship with the first CCP. An FMI may also establish a link with a different type of FMI. For example, a CCP for securities markets must establish and use a link to a CSD to receive and deliver securities. This principle covers links between CSDs, CCPs, and TRs, as well as CSD-CCP links and links between TRs and other FMIs. 156 If an FMI establishes a link, it should identify, monitor, and manage its links-related risks, including legal, operational, credit, and liquidity risks. 157 Further, an FMI that establishes multiple links should ensure that the risks generated in one link do not affect the soundness of the other links and linked FMIs. Mitigation of such spill-over effects requires the use of effective risk-management controls, including additional financial resources or the harmonisation of risk-management frameworks across linked FMIs. Identifying link-related risks 3.20.2. Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify and assess all potential sources of risk arising from the link arrangement. The type and degree of risk varies according to the design and complexity of the FMIs and the nature of the relationship between them. In a simple case of a vertical link, for example, an FMI may provide basic services to another FMI, such as a CSD that provides securities transfer services to an SSS. Such links typically pose only operational and custody risks. Other links, such as an arrangement in which a CCP provides clearing services to another CCP, may be more complex and may pose additional risk to FMIs, such as credit and liquidity risk. 158 Cross-margining by two or more CCPs may also pose additional risk because the CCPs may rely on each other’s risk-management systems to measure, monitor, and manage credit and liquidity risk (see Principle 6 on margin). In addition, links between different types of FMIs may pose specific risks to one or all of the FMIs in the link arrangement. For example, a CCP may have a link with a CSD that operates an SSS for the delivery of securities and settlement of margins. If the CCP poses risks to the CSD, the CSD should manage those risks. In all cases, link arrangements should be designed such that each FMI is able to observe the other principles in this report. Managing legal risks 3.20.3. A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Crossborder links may present legal risk arising from differences between the laws and contractual rules governing the linked FMIs and their participants, including those relating to rights and interests, collateral arrangements, settlement finality, and netting arrangements (see Principle 1 on legal basis). For example, differences in law and rules governing settlement finality may lead to a scenario where a transfer is regarded as final in one FMI but not final in the linked FMI. In some jurisdictions, differences in laws may create uncertainties regarding 155 The term CSD in this principle generally refers to a CSD that also operates an SSS. The use of this broader definition for CSD in this principle mirrors market convention in the discussion of FMI links. 156 Links to payment systems are not addressed by this principle because these links are addressed in Principle 9 on money settlements. 157 Prior to entering a link arrangement, an FMI should inform its participants of the expected effects on the FMI’s risk profile. See also Principle 23 on disclosure of rules, key procedures, and market data. 158 A link between two or more CCPs may enable participants in a CCP in one market to clear transactions in another market through their existing arrangements. By broadening trading opportunities for market participants, without imposing all of the costs normally associated with establishing clearing relationships, links can deepen the liquidity in the affected markets. A link may also reduce the costs of systems development and operation faced by CCPs because it enables them to share these expenses. 110 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 the enforceability of CCP obligations assumed by novation, open offer, or other similar legal device. Differences in insolvency laws may unintentionally give a participant in one CCP a claim on the assets or other resources of the linked CCP in the event of the first CCP’s default. To limit these uncertainties, the respective rights and obligations of the linked FMIs and, where necessary, their participants should be clearly defined in the link agreement. The terms of the link agreement should also set out, in cross-jurisdictional contexts, an unambiguous choice of law that will govern each aspect of the link. Managing operational risk 3.20.4. Linked FMIs should provide an appropriate level of information about their operations to each other in order for each FMI to perform effective periodic assessments of the operational risk associated with the link. In particular, FMIs should ensure that riskmanagement arrangements and processing capacity are sufficiently scalable and reliable to operate the link safely for both the current and projected peak volumes of activity processed over the link (see Principle 17 on operational risk). Systems and communication arrangements between linked FMIs also should be reliable and secure so that the link does not pose significant operational risk to the linked FMIs. Any reliance by a linked FMI on a critical service provider should be disclosed as appropriate to the other FMI. In addition, a linked FMI should identify, monitor, and manage operational risks due to complexities or inefficiencies associated with differences in time zones, particularly as these affect staff availability. Governance arrangements and change-management processes should ensure that changes in one FMI will not inhibit the smooth functioning of the link, related riskmanagement arrangements, or non-discriminatory access to the link (see Principle 2 on governance and Principle 18 on access and participation requirements). Managing financial risk 3.20.5. FMIs in a link arrangement should effectively measure, monitor, and manage their financial risk, including custody risk, arising from the link arrangement. FMIs should ensure that they and their participants have adequate protection of assets in the event of the insolvency of a linked FMI or a participant default in a linked FMI. Specific guidance on mitigating and managing these risks in CSD-CSD links and CCP-CCP links is provided below. CSD-CSD links 3.20.6. As part of its activities, an investor CSD may choose to establish a link with another CSD. If such a link is improperly designed, the settlement of transactions across the link could subject participants to new or increased risks. In addition to legal and operational risks, linked CSDs and their participants could also face credit and liquidity risks. For example, an operational failure or default in one CSD may cause settlement failures or defaults in a linked CSD and expose participants in the linked CSD, including participants that did not settle transactions across the link, to unexpected liquidity pressures or outright losses. A CSD’s default procedures, for example, could affect a linked CSD through loss-sharing arrangements. Linked CSDs should identify, monitor, and manage the credit and liquidity risks arising from the linked entity. In addition, any credit extensions between CSDs should be covered fully by high-quality collateral and be subject to limits. 159 Further, some practices deserve particularly rigorous attention and controls. In particular, provisional transfers of 159 In exceptional cases, other adequate collateral may be used to secure credit extensions between CSDs subject to the review and assessment by the relevant authorities. See also principle 4 on credit risk, principle 5 on collateral, and principle 7 on liquidity risk. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 111 securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. 3.20.7. An investor CSD should only establish links with an issuer CSD if the link arrangement provides a high level of protection for the rights of the investor CSD’s participants. In particular, the investor CSD should use issuer CSDs that provide adequate protection of assets in the event that the issuer CSD becomes insolvent (see Principle 11 on CSDs). In some cases, securities held by an investor CSD can be subject to attachment by the creditors of the CSD or its participants and, as such, can also be subject to freezing or blocking instructions from local courts or other authorities. Further, if an investor CSD maintains securities in an omnibus account at an issuer CSD and a participant at the investor CSD defaults, the investor CSD should not use the securities belonging to other participants to settle subsequent local deliveries of the defaulting participant. The investor CSD should have adequate measures and procedures to avoid effects on the use of securities belonging to non-defaulting participants in a participant-default scenario. 3.20.8. Furthermore, linked CSDs should have robust reconciliation procedures to ensure that their respective records are accurate and current. Reconciliation is a procedure to verify that the records held by the linked CSDs match for transactions processed across the link. This process is particularly important when three or more CSDs are involved in settling transactions (that is, the securities are held in safekeeping by one CSD or custodian while the seller and the buyer participate in one or more of the linked CSDs) (see also Principle 11 on CSDs). Indirect CSD-CSD links 3.20.9. If an investor CSD uses an intermediary to operate a link with an issuer CSD, the investor CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. In an indirect CSD-CSD link, an investor CSD uses an intermediary (such as a custodian bank) to access the issuer CSD. In such cases, the investor CSD faces the risk that the custodian bank may become insolvent, act negligently, or commit fraud. Although an investor CSD may not face a loss on the value of the securities, the ability of the investor CSD to use its securities might temporarily be impaired. The investor CSD should measure, monitor, and manage on an ongoing basis its custody risk (see also Principle 16 on custody and investment risks) and provide evidence to the relevant authorities that adequate measures have been adopted to mitigate this custody risk. In addition, the investor CSD should ensure that it has adequate legal, contractual, and operational protections to ensure that its assets held in custody are segregated and transferable (see Principle 11 on CSDs). Similarly, an investor CSD should ensure that its settlement banks or cash correspondents can perform as expected. In that context, the investor CSD should have adequate information on the business continuity plans of its intermediary and the issuer CSD to achieve a high degree of confidence that both entities will perform as expected during a disruptive event. CCP-CCP links 3.20.10. A CCP may establish links with one or more other CCPs. Although the details of individual link arrangements among CCPs differ significantly because of the varied designs of CCPs and the markets they serve, there are currently two basic types of CCP links: peerto-peer links and participant links. 3.20.11. In a peer-to-peer link, a CCP maintains special arrangements with another CCP and is not subject to normal participant rules. Typically, however, the CCPs exchange margin and other financial resources on a reciprocal basis. The linked CCPs face current and potential future exposures to each other as a result of the process whereby they each net the trades cleared between their participants so as to create novated (net) positions between the CCPs. Risk management between the CCPs is based on a bilaterally approved framework, which is different from that applied to a normal participant. 112 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.20.12. In a participant link, one CCP (the participant CCP) is a participant in another CCP (the host CCP) and is subject to the host CCP’s normal participant rules. In such cases, the host CCP maintains an account for the participant CCP and would typically require the participant CCP to provide margin, as would be the case for a participant that is not a CCP. A participant CCP should mitigate and manage its risk from the link separately from the risks in its core clearing and settlement activities. For example, if the host CCP defaults, the participant CCP may not have adequate protection because the participant CCP does not hold collateral from the host CCP to mitigate the counterparty risk posed to it by the host CCP. Risk protection in a participant link is one-way, unlike in a peer-to-peer link. The participant CCP that provides margin but does not collect margin from another linked CCP should therefore hold additional financial resources to protect itself against the default of the host CCP. 3.20.13. Both types of links – peer-to-peer and participant links – may present new or increased risks that should be measured, monitored, and managed by the CCPs involved in the link. The most challenging issue with respect to CCP links is the risk management of the financial exposures that potentially arise from the link arrangement. Before entering into a link with another CCP, a CCP should identify and assess the potential spillover effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify and assess the risks of the collective link arrangement. A network of links between CCPs that does not properly acknowledge and address the inherent complexity of multi-CCP links could have significant implications for systemic risk. 3.20.14. Exposures faced by one CCP from a linked CCP should be identified, monitored, and managed with the same rigour as exposures from a CCP’s participants to prevent a default at one CCP from triggering a default at a linked CCP. Such exposures should be covered fully, primarily through the use of margin or other equivalent financial resources. In particular, each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfil its obligations to its own participants at any time (see Principle 6 on margin). Financial resources used to cover inter-CCP current exposures should be prefunded with highly liquid assets that exhibit low credit risk. Best practice is for CCPs to have near real time inter-CCP risk management. However, at a minimum, financial exposures among linked CCPs should be marked to market and covered on a daily basis. CCPs also need to consider and address the risks arising from links in designing their stress tests and calibrating their prefunded default arrangements. Linked CCPs should also take into account the effects that possible contributions to each other’s prefunded default arrangements, exchange of margin, common participants, major differences in their risk-management tools, and other relevant features may have on their risk-management frameworks, especially in relation to the legal, credit, liquidity, and operational risks they face. 3.20.15. Because of the different possible types of link arrangements, different types of CCPs, and differences in the legal and regulatory frameworks in which CCPs may operate, different combinations of risk-management tools may be used by the CCP. When linked CCPs have materially different risk-management frameworks, the risks stemming from the link are more complex. In this case, the linked CCPs should carefully assess the effectiveness of their risk-management models and methodologies, including their default procedures, in order to determine whether and to what extent their inter-CCP riskmanagement frameworks should be harmonised or whether additional risk-mitigation measures would be sufficient to mitigate risks arising from the link. 3.20.16. A CCP (the first CCP) will usually have to provide margin to a linked CCP for open positions. In some cases, the first CCP may not be able to provide margin that it has collected from its participants to the linked CCP because the first CCP’s rules may prohibit the use of its participants’ margin for any purpose other than to cover losses from a default of a participant in the first CCP, or the first CCP’s legal or regulatory requirements may not CPSS-IOSCO – Principles for financial market infrastructures – April 2012 113 permit such reuse of its participants’ collateral. As such, the CCP would need to use alternative financial resources to cover its counterparty risk to the linked CCP, which is normally covered by margin. If a CCP is allowed to reuse its participants’ collateral to meet an inter-CCP margin requirement, such collateral provided by the first CCP must be unencumbered and its use by the linked CCP in the event of the default of the first CCP must not be constrainable by actions taken by the participants of the first CCP. The credit and liquidity risk arising from the reuse of margin should be adequately mitigated by the CCPs. This can be achieved through segregation, protection, and custody of margin exchanged between CCPs in a manner that allows for its swift and timely return to the CCP in case of a decrease in the exposures and that allows for supplemental margin (and, if necessary, supplemental default fund contributions) needed to cover the counterparty risk between the linked CCPs to be charged directly to the participants who use the link service, if applicable. 3.20.17. Linked CCPs should maintain arrangements that are effective in managing the risks arising from the link; such arrangements often involve a separate default fund to cover that risk. In principle, the risk-management measures related to the link should not reduce the resources that a CCP holds to address other risks. The most direct way to achieve this outcome is for CCPs not to participate in each other’s default funds, which may in turn mean that the CCP will need to provide additional margin. However, in arrangements in which CCPs have agreed, consistent with their regulatory framework, to contribute to each other’s default funds, the linked CCPs should assess and mitigate the risks of making such contributions via specific conditions. In particular, funds used by a CCP to contribute to another CCP's default fund must represent prefunded additional financial resources and must not include resources used by the CCP to satisfy its regulatory requirements to hold sufficient capital or participant margin funds (or any other funds, including independent default fund resources) held by the CCP to mitigate the counterparty risk presented by its participants. The contributing CCP should further ensure that any consequent exposure of its own participants to the risk of a participant default in the linked CCP is fully transparent to and understood by its participants. The contributing CCPs may, for example, consider it appropriate to ensure the default fund contribution is made only by those of its participants that use the link, if applicable. Moreover, the resources provided by one CCP to another should be held in such a way that they are ring fenced from other resources provided to that CCP. For example, securities could be held in a separate account at a custodian. Cash would need to be held in segregated accounts to be considered as acceptable collateral in this case. 160 Finally, in case of a participant default in the first CCP, the use of the linked CCP’s contribution to the default fund of the first CCP could be restricted or limited. For example, the linked CCP’s contribution to the default fund could be put at the bottom of the first CCP’s default waterfall. 3.20.18. Link arrangements between CCPs will expose each CCP to sharing in potentially uncovered credit losses if the linked CCP’s default waterfall has been exhausted. For example, a CCP may be exposed to loss mutualisation from defaults of a linked CCP’s participants. This risk will be greater to the extent that the first CCP is unable directly to monitor or control the other CCP’s participants. Such contagion risks can be even more serious in cases where more than two CCPs are linked, directly or indirectly, and a CCP considering such a link should satisfy itself that it can manage such risks adequately. Each CCP should ensure that the consequent exposure of its own participants to a share in these uncovered losses is fully understood and disclosed to its participants. CCPs may consider it appropriate to devise arrangements to avoid sharing in losses that occur in products other than those cleared through the link and to confine any loss sharing to only participants that 160 In some jurisdictions, the legal framework will not protect the segregation of cash on the books of a commercial bank. 114 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 clear products through the link. Depending on how losses would be shared, CCPs may need to increase financial resources to address this risk. 3.20.19. Any default fund contributions or allocation of uncovered losses should be structured to ensure that (a) no linked CCP is treated less favourably than the participants of the other CCP and (b) each CCP’s contribution to the loss sharing arrangements of the other is no more than proportionate to the risk the first CCP poses to the linked CCP. Special considerations for TR links 3.20.20. A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. A TR can establish links with another TR or with another type of FMI. Such links may expose the linked FMIs to additional risks if not properly designed. Besides legal risks, a link to either another TR or to another type of FMI may involve the potential spillover of operational risk. The mitigation of operational risk is particularly important because the information maintained by a TR can support bilateral netting and be used to provide services directly to market participants, service providers (for example, portfolio compression service providers), and other linked FMIs. FMIs establishing a link to a TR should ensure that the system and communication arrangements between the linked entities are reliable and secure such that the operation of the link does not pose significant reliability and security risks. Moreover, given the role that a TR may play at the beginning of the clearing and settlement process for derivatives transactions, a TR should have governance arrangements that ensure the management of the linked entities would not inhibit the smooth functioning of the link, related riskmanagement arrangements, and non-discriminatory access to the link. Therefore, the scalability of IT and related resources may be especially important. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 115 Efficiency Efficiency and safety are important to an FMI in performing its payment, clearing, settlement, and recording functions. The following two principles provide guidance to FMIs on (a) efficiency and effectiveness and (b) communication procedures and standards, which is one traditional aspect of efficiency. Principle 21: Efficiency and effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key considerations 1. An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. 2. An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities. 3. An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Explanatory note 3.21.1. An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves, while also maintaining appropriate standards of safety and security as outlined in the principles in this report. 161 “Efficiency” refers generally to the resources required by the FMI to perform its functions, while “effectiveness” refers to whether the FMI is meeting its intended goals and objectives. An FMI that operates inefficiently or functions ineffectively may distort financial activity and the market structure, increasing not only the financial and other risks of an FMI’s participants, but also the risks of their customers and end users. If an FMI is inefficient, a participant may choose to use an alternate arrangement that poses increased risks to the financial system and the broader economy. The primary responsibility for promoting the efficiency and effectiveness of an FMI belongs to its owners and operators. Efficiency 3.21.2. Efficiency is a broad concept that encompasses what an FMI chooses to do, how it does it, and the resources required. An FMI’s efficiency depends partly on its choice of a clearing and settlement arrangement (for example, gross, net, or hybrid settlement; real time or batch processing; and novation or guarantee scheme); operating structure (for example, links with multiple trading venues or service providers); scope of products cleared, settled, or recorded; and use of technology and procedures (for example, communication procedures and standards). In designing an efficient system, an FMI should also consider the practicality and costs for participants, their customers, and other relevant parties (including other FMIs 161 There may be different ways for an FMI to meet a particular principle, but the objective of a particular principle should not be compromised. 116 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 and service providers). 162 Furthermore, the FMI’s technical arrangements should be sufficiently flexible to respond to changing demand and new technologies. Fundamentally, an FMI should be designed and operated to meet the needs of its participants and the markets it serves. 163 An FMI’s efficiency will ultimately affect the use of the FMI by its participants and their customers as well as these entities’ ability to conduct robust risk management, which may affect the broader efficiency of financial markets. 3.21.3. Efficiency also involves cost control. An FMI should establish mechanisms for the regular review of its efficiency, including its costs and pricing structure. 164 An FMI should control its direct costs, such as those stemming from transaction processing, money settlement, and settlement-entry preparation and execution. An FMI also should consider and control its indirect costs. These include infrastructure, administrative, and other types of costs associated with operating the FMI. Some indirect costs (and risks) may be less apparent. For example, an FMI may need to consider its participants’ liquidity costs, which include the amount of cash or other financial instruments that a participant must provide to the FMI, or other parties, in order to process its transactions, and the opportunity cost of providing such assets. An FMI’s design has a significant impact on the liquidity costs borne by participants, which, in turn, affect the FMI’s costs and risks. Cost considerations, however, should always be balanced against appropriate standards of safety and security as outlined in the principles in this report. 3.21.4. Competition can be an important mechanism for promoting efficiency. Where there is effective competition and participants have meaningful choices among FMIs, such competition may help to ensure that FMIs are efficient. FMIs should ensure, however, that they adhere to appropriate standards of safety and security as outlined in the principles in this report. Both private and central bank operators of FMIs should make use of market disciplines, as appropriate, to promote efficiency in the FMI’s operations. For example, an FMI could use competitive tendering to select service providers. Where competition may be difficult to maintain because of economies of scale or scope, and an FMI therefore enjoys some form of market power over the service it provides, relevant authorities may have a responsibility to review the costs imposed on the FMI’s participants and the markets it serves. Effectiveness 3.21.5. An FMI is effective when it reliably meets its obligations in a timely manner and achieves the public policy goals of safety and efficiency for participants and the markets it serves. In the context of oversight and auditing, an FMI’s effectiveness may also involve meeting service and security requirements. To facilitate assessments of effectiveness, an FMI should have clearly defined goals and objectives that are measureable and achievable. For example, an FMI should set minimum service-level targets (such as the time it takes to process a transaction), risk-management expectations (such as the level of financial resources it should hold), and business priorities (such as the development of new services). 162 For a system to be practical for users, it needs to take into account the structure of the local market and its history and conventions. The system also must reflect the current and prospective costs of the inputs used as well as evolving technologies. Designing a system that appropriately meets the needs of its users will often require an understanding of local practices and technologies. 163 One mechanism an FMI might use to gauge its success in meeting the needs of its participants and the markets it serves are periodic satisfaction surveys of its participants and other relevant institutions in the market. 164 A review of an FMI’s efficiency or cost-effectiveness could include an evaluation of both the productivity of operational processes and the relative benefits of the processing method given the corresponding costs. For example, an efficiency review could include analysing the number of transactions that could be processed in a given period or by measuring the processing cost per transaction. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 117 An FMI should establish mechanisms for the regular review of its effectiveness, such as periodic measurement of its progress against its goals and objectives. 3.21.6. For a TR to be effective, its goals and objectives should include timeliness and accuracy. A TR should promptly record the transaction information it receives from its participants. To ensure the accuracy and timeliness of data, a TR should employ efficient recordkeeping procedures to document changes to recorded transaction information resulting from subsequent post-trade events. Ideally, a TR should set a service-level target to record to its central registry transaction information it receives from participants in real time, and at a minimum, within one business day. A TR should have adequate procedures and timelines for making data available for any downstream processing and should implement quality controls to ensure the accuracy, validity, and integrity of the data it stores and disseminates. In addition, a TR should have effective processes and procedures for the provision of data to relevant authorities (see also Principle 24). 118 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 1. An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Explanatory note 3.22.1. The ability of participants to communicate with an FMI in a timely, reliable, and accurate manner is key to achieving efficient payment, clearing, settlement, and recording. An FMI’s adoption of internationally accepted communication procedures and standards for its core functions can facilitate the elimination of manual intervention in clearing and settlement processing, reduce risks and transaction costs, improve efficiency, and reduce barriers to entry into a market. Therefore, an FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards to ensure effective communication between the FMI and its participants, their customers, and others that connect to the FMI. An FMI is encouraged but not required to use or accommodate internationally accepted communication procedures and standards for purely domestic transactions. Communication procedures 3.22.2. An FMI should use, or at a minimum accommodate, internationally accepted communication procedures to facilitate effective communication between the FMI’s information systems, and those of its participants, their customers, and others that connect to the FMI (such as third-party service providers and other FMIs). Standardised communication procedures (or protocols) provide a common set of rules across systems for exchanging messages. These rules allow for a broad set of systems and institutions in various locations to communicate efficiently and effectively. Reducing the need for intervention and technical complexity when processing transactions can help to reduce the number of errors, avoid information losses, and ultimately reduce the resources needed for data processing by the FMI, its participants, and markets generally. Communication standards 3.22.3. An FMI should use, or at a minimum accommodate, internationally accepted communication standards, such as standardised messaging formats and reference data standards for identifying financial instruments and counterparties. The use of internationally accepted standards for message formats and data representation will generally improve the quality and efficiency of the clearing and settlement of financial transactions. If an FMI does not itself use internationally accepted communication standards, it should typically accommodate systems that translate or convert data from international standards into the domestic equivalent and vice versa. Cross-border considerations 3.22.4. An FMI that conducts payment, clearing, settlement, or recording activities across borders should use internationally accepted communication procedures and standards or, at a minimum, accommodate them. An FMI that, for example, settles a chain of transactions processed through multiple FMIs or provides services to users in multiple jurisdictions should strongly consider using internationally accepted communication procedures and standards to achieve efficient and effective cross-border financial communication. Furthermore, adopting CPSS-IOSCO – Principles for financial market infrastructures – April 2012 119 these communication procedures can facilitate interoperability between the information systems or operating platforms of FMIs in different jurisdictions, which allows market participants to obtain access to multiple FMIs without facing technical hurdles (such as having to implement or support multiple local networks with different characteristics). An FMI that operates across borders also should be able to support and use well-established communication procedures, messaging standards, and reference data standards relating to counterparty identification and securities numbering processes. For example, relevant standards promulgated by the International Organization for Standardization should be carefully considered and adopted by an FMI. If an FMI that operates across borders does not fully adopt international procedures and standards, it can still potentially interoperate with the information systems or operating platforms of other FMIs by developing systems to translate or convert international procedures and standards into the domestic equivalent, and vice versa. Use of internationally accepted procedures and standards by TRs 3.22.5. Communication procedures and standards are particularly important for TRs that serve as a central data source for a variety of stakeholders potentially located in many jurisdictions. A TR should support technologies that are widely accepted in the market, including applicable market standards for reporting and recording trade information. A TR also should apply consistent application interfaces and communication links that enable technical interconnectivity with other FMIs and service providers. A TR should be able to directly exchange trade information not only with market participants but also with other entities such as exchanges, electronic trading venues, confirmation-matching platforms, CCPs, and other service providers. A TR should use industry standards for data representation, including those related to the unique identification of counterparties (such as legal entity identifiers) to facilitate the use and aggregation of data stored in the repository, especially by authorities. 165 165 Legal entity identifiers (LEIs) contribute to the ability of authorities to fulfil the systemic risk mitigation, transparency, and market abuse protection goals established by the G20 commitments related to OTC derivatives and would improve efficiency and transparency in many other areas. See CPSS-IOSCO, Report on OTC derivatives data reporting and aggregation requirements, January 2012. 120 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Transparency Transparency helps ensure that relevant information is provided to an FMI’s participants, authorities, and the public to inform sound decision making and foster confidence. The following two principles provide guidance to (a) all FMIs on the disclosure of rules, key procedures, and market data to enable participants and other interested parties to have a clear understanding of the risks and controls on risks associated with an FMI, as well as fees and other costs incurred by participation in the FMI; and (b) TRs on the disclosure of market data to allow participants, authorities, and the public to make timely assessments of OTC derivatives markets and, if relevant, other markets served by the TR. Principle 23: Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Key considerations 1. An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. 2. An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. 3. An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. 4. An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. 5. An FMI should complete regularly and disclose publicly responses to the CPSSIOSCO Disclosure framework for financial market infrastructures. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Explanatory note 3.23.1. An FMI should provide sufficient information to its participants and prospective participants to enable them to identify clearly and understand fully the risks and responsibilities of participating in the system. To achieve this objective, an FMI should adopt and disclose written rules and procedures that are clear and comprehensive and that include explanatory material written in plain language so that participants can fully understand the system’s design and operations, their rights and obligations, and the risks of participating in the system. An FMI’s rules, procedures, and explanatory material need to be accurate, up-todate, and readily available to all current and prospective participants. Moreover, an FMI should disclose to participants and the public information on its fee schedule, basic operational information, and responses to the CPSS-IOSCO Disclosure framework for financial market infrastructures. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 121 Rules and procedures 3.23.2. An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. An FMI’s rules and procedures are typically the foundation of the FMI and provide the basis for participants’ understanding of the risks they incur by participating in the FMI. As such, relevant rules and procedures should include clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risk they would incur by participating in the FMI. 166 They should clearly outline the respective roles of participants and the FMI as well as the rules and procedures that will be followed in routine operations and non-routine, though foreseeable, events, such as a participant default (see Principle 13 on participant-default rules and procedures). In particular, an FMI should have clear and comprehensive rules and procedures for addressing financial and operational problems within the system. 3.23.3. In addition to disclosing all relevant rules and key procedures, an FMI should have a clear and fully disclosed process for proposing and implementing changes to its rules and procedures and for informing participants and relevant authorities of these changes. Similarly, the rules and procedures should clearly disclose the degree of discretion that an FMI can exercise over key decisions that directly affect the operation of the system, including in crises and emergencies (see also Principle 1 on legal basis and Principle 2 on governance). For example, an FMI’s procedures may provide for discretion regarding the extension of operating hours to accommodate unforeseen market or operational problems. An FMI also should have appropriate procedures to minimise any conflict-of-interest issues that may arise when authorised to exercise its discretion. Participants’ understanding of rules, procedures, and risks 3.23.4. Participants bear primary responsibility for understanding the rules, procedures, and risks of participating in an FMI as well as the risks they may incur when the FMI has links with other FMIs. An FMI, however, should provide all documentation, training, and information necessary to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. New participants should receive training before using the system, and existing participants should receive, as needed, additional periodic training. An FMI should disclose to each individual participant stress test scenarios used, individual results of stress tests, and other data to help each participant understand and manage the potential financial risks stemming from participation in the FMI. 167 Other relevant information that should be disclosed to participants, but typically not to the public, includes key highlights of the FMI’s business continuity arrangements. 168 3.23.5. An FMI is well placed to observe the performance of its participants and should promptly identify those participants whose behaviour demonstrates a lack of understanding of, or compliance with, applicable rules, procedures, and risks of participation. In such cases, an FMI should take steps to rectify any perceived lack of understanding by the participant and take other remedial action necessary to protect the FMI and its participants. This may include notifying senior management within the participant institution. In cases in which the 166 Information should be disclosed to the extent it would not risk prejudicing the security and integrity of the FMI or divulging commercially sensitive information, such as trade secrets or other intellectual property. 167 In disclosing stress-test information, FMIs should avoid revealing information regarding the positions of individual participants. 168 Information on business continuity that can undermine an FMI’s safety and soundness, such as the locations of back-up sites, should not be disclosed to the public. However, this information should be disclosed to the relevant authorities. 122 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 participant’s actions present significant risk or present cause for the participant’s suspension, the FMI should notify the appropriate regulatory, supervisory, and oversight authorities. Fees and other material costs to participants 3.23.6. An FMI should publicly disclose its fees at the level of the individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. In addition, an FMI should disclose information on the system design, as well as technology and communication procedures, that affect the costs of operating the FMI. These disclosures collectively help participants evaluate the total cost of using a particular service, compare these costs to those of alternative arrangements, and select only the services that they wish to use. For example, large-value payment systems typically have higher values and lower volumes than retail payment systems, and, as a result, processing costs can be less important to participants than the costs of providing liquidity to fund payments throughout the day. The FMI’s design will influence not only how much liquidity participants need to hold in order to process payments but also opportunity costs of holding such liquidity. An FMI should provide timely notice to participants and the public of any changes to services and fees. Disclosure framework and other information 3.23.7. An FMI should complete regularly, and disclose publicly, responses to the CPSSIOSCO Disclosure framework for financial market infrastructures. The FMI should provide comprehensive and appropriately detailed disclosures to improve the overall transparency of the FMI, its governance, operations, and risk-management framework. In order for the disclosures to reflect correctly the FMI’s current rules, procedures, and operations, the FMI should update its responses following material changes to the system or its environment. At a minimum, an FMI should review its responses to the CPSS-IOSCO Disclosure framework for financial market infrastructures every two years to ensure continued accuracy and usefulness. 3.23.8. Other relevant information for participants and, more generally, the public could include general information on the FMI’s full range of activities and operations, such as the names of direct participants in the FMI, key times and dates in FMI operations, and its overall risk-management framework (including its margin methodology and assumptions). 169 An FMI also should disclose its financial condition, financial resources to withstand potential losses, timeliness of settlements, and other performance statistics. With respect to data, an FMI should, at a minimum, disclose basic data on transaction volumes and values. 170 Forms of disclosure 3.23.9. An FMI should make the relevant information and data it discloses as set forth in this report readily available through generally accessible media, such as the Internet, in a language commonly used in financial markets in addition to the domestic language(s) of the jurisdiction in which the FMI is located. The data should be accompanied by robust explanatory documentation that enables users to understand and interpret the data correctly. 169 A clear description of the typical lifecycle of the transaction clearing and settlement process under normal circumstances may also be useful for participants and the public. This information would highlight how the FMI processes a transaction, including the timeline of events, the validation and checks to which a transaction is subjected, and the responsibilities of the parties involved. 170 TRs should also disclose data consistent with Principle 24. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 123 Principle 24: Disclosure of market data by trade repositories A TR should provide timely and accurate data to relevant authorities and the public in line with their respective needs. Key considerations 1. A TR should provide data in line with regulatory and industry expectations to relevant authorities and the public, respectively, that is comprehensive and at a level of detail sufficient to enhance market transparency and support other public policy objectives. 2. A TR should have effective processes and procedures to provide data to relevant authorities in a timely and appropriate manner to enable them to meet their respective regulatory mandates and legal responsibilities. 3. A TR should have robust information systems that provide accurate current and historical data. Data should be provided in a timely manner and in a format that permits it to be easily analysed. Explanatory note 3.24.1. TRs may play a fundamental role in providing market transparency and are particularly important in the OTC derivatives markets. From a public policy perspective, the data maintained and generated by the operations of a TR and on behalf of its participants should promote market transparency and foster public policy objectives, subject to relevant laws governing disclosures of information maintained by a TR. Market transparency supports investor protection as well as the exercise of market discipline. Transparency to the broader public helps build greater confidence in, and understanding of, markets and informs and builds support for sound public policies. Authorities may identify other policy objectives specific to an individual TR’s role in supporting market transparency in addition to these core policy objectives. Disclosure of data 3.24.2. A TR should provide data in line with regulatory and industry expectations to relevant authorities and the public, respectively, that is comprehensive and at a level of detail sufficient to enhance market transparency and support other public policy objectives. Accordingly, it is critical that TRs provide effective access to data to relevant authorities and the public. 171 The scope and level of detail of the data that a TR provides will vary depending on the respective information needs of the relevant authorities, the TR’s participants, and the public. At a minimum, a TR should provide aggregate data on open positions and transaction volumes and values and categorised data (for example, aggregated breakdowns of trading counterparties, reference entities, or currency breakdowns of products), as available and appropriate, to the public. Relevant authorities should have access to additional data recorded in a TR, including participant-level data, that is relevant to their respective regulatory mandates and legal responsibilities, which may include market regulation and surveillance, oversight of market infrastructures, prudential supervision, resolution of failed institutions, and systemic risk regulation. 171 See CPSS-IOSCO, Report on OTC derivatives data reporting and aggregation requirements, January 2012, which develops both for market participants reporting to TRs and for TRs reporting to the public: (a) minimum data reporting requirements and standardised formats and (b) the methodology and mechanism for the aggregation of data on a global basis. 124 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Processes and procedures 3.24.3. A TR should have effective processes and procedures to provide data to relevant authorities in a timely and appropriate manner to enable them to meet their respective regulatory mandates and legal responsibilities. For example, a TR should have procedures to facilitate enhanced monitoring, special actions, or official proceedings taken by relevant authorities in relation to data on troubled or failed participants by making relevant information in the TR available in a timely and effective manner. The provision of data from a TR to relevant authorities should be supported from a legal, procedural, operational, and technological perspective. 172 Information systems 3.24.4. To meet the information needs of participants, authorities, and the public, a TR should have robust information systems that provide accurate current and historical data. A TR should collect, store, and provide data to participants, authorities, and the public in a timely manner and in a format that can facilitate prompt analysis. Data should be made available that permits both comparative and historical analysis of the relevant markets. The criticality of a TR’s or its market’s role should be a consideration in the frequency and speed with which data and other information are disclosed. If a TR is one of several providing services to a particular market, the TR should provide basic data and other information in a manner that can be easily analysed and compared to and aggregated with information provided by others serving the market. A TR should consult with relevant authorities in developing and maintaining a reporting framework that facilitates analysis, comparison, and aggregation of data from other TRs. Forms of disclosure 3.24.5. A TR should make the data and other relevant information it discloses as set forth in this report readily available through generally accessible media, such as the Internet, in a language commonly used in financial markets in addition to the domestic language(s) of the jurisdiction in which the TR is located. The data should be accompanied by robust explanatory documentation that enables users to understand and interpret the data correctly. 172 Authorities may need to cooperate in order to ensure timely access to trade data (see key consideration 8 of Responsibility E). CPSS-IOSCO – Principles for financial market infrastructures – April 2012 125 4.0 Responsibilities of central banks, market regulators, and other relevant authorities for financial market infrastructures Responsibility A: Regulation, supervision, and oversight of FMIs FMIs should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority. Key considerations 1. Authorities should clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. 2. FMIs that have been identified using these criteria should be regulated, supervised, and overseen by a central bank, market regulator, or other relevant authority. Explanatory note 4.1.1. FMIs are critical components of domestic and international financial markets and help to maintain and promote financial stability in periods of market stress. FMIs provide a number of services that are vital to a well-functioning financial system, including facilitating the exchange of money for goods, services, and financial assets and providing a safe and efficient means through which authorities can manage systemic risk and central banks can implement monetary policy. By design, FMIs concentrate payment, clearing, and settlement activities and trade data in order to manage risk better and to reduce payment, clearing, settlement, and recording costs and delays. Well-functioning FMIs can vastly improve the efficiency, transparency, and safety of financial systems. However, FMIs often concentrate risk and may even act as a source of systemic risk. Therefore, appropriate regulation, supervision, and oversight is critical to achieving the public policy goals set out in this report. Criteria for regulation, supervision, and oversight 4.1.2. Authorities should clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. The precise framework for making such decisions may vary across jurisdictions. In some countries, for example, there is a statutory framework, while in others, the central bank or other relevant authorities have greater discretion to set the criteria used. A basic criterion, however, is the function of the FMI. Systemically important payment systems, CSDs, SSSs, CCPs, and TRs are typically subject to regulation, supervision, and oversight because of the critical role that they play in the financial system. Criteria that are often considered in determining the need for or degree of regulation, supervision, and oversight for various types of FMIs include (a) the number and value of transactions processed, (b) the number and type of participants, (c) the markets served, (d) the market share controlled, (e) the interconnectedness with other FMIs and other financial institutions, and (f) the available alternatives to using the FMI at short notice. Authorities may also want to designate FMIs as systemically important on the basis of other criteria relevant in their jurisdictions for the purposes of applying the CPSSIOSCO Principles for financial market infrastructures. Responsibilities for regulation, supervision, and oversight 4.1.3. FMIs that have been identified using these criteria should be regulated, supervised, and overseen by a central bank, market regulator, or other relevant authority. The division of powers or responsibilities among authorities for regulating, supervising, and overseeing FMIs may vary depending on the applicable legal and institutional framework and 126 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 the sources of such powers or responsibilities may take different forms. Preferably, legislation will clearly specify which authority or authorities have responsibility. For example, one or more authorities may have regulatory, supervisory, or oversight responsibility for an FMI registered, chartered, licensed, or designated as an entity that falls within a specific legislative mandate. However, in the national context, an FMI also may be overseen by an authority that does not derive responsibility from a specific legislative mandate. 173 Relevant authorities should address any existing gaps in regulation, supervision, and oversight of FMIs (see Responsibility E which addresses cooperation among different authorities, particularly in the international setting). 173 This includes traditional use of moral suasion by central banks. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 127 Responsibility B: Regulatory, supervisory, and oversight powers and resources Central banks, market regulators, and other relevant authorities should have the powers and resources to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Key considerations 1. Authorities should have powers or other authority consistent with their relevant responsibilities, including the ability to obtain timely information and to induce change or enforce corrective action. 2. Authorities should have sufficient resources to fulfil their regulatory, supervisory, and oversight responsibilities. Explanatory note 4.2.1. While the primary responsibility for ensuring an FMI’s safety and efficiency lies with the system’s owners and operator, central banks, market regulators, and other relevant authorities generally share the common objective of ensuring the safety and efficiency of FMIs. However, regulation, supervision, and oversight of an FMI are needed to ensure that the FMI fulfils this responsibility, to address negative externalities that can be associated with the FMI, and to foster financial stability generally. Further, authorities should have the appropriate powers and resources in order to administer their regulatory, supervisory, and oversight responsibilities effectively. An authority’s powers, which may be statutory or nonstatutory, should be consistent with its relevant responsibilities. Powers to obtain information 4.2.2. Authorities should have powers or other authority consistent with their relevant responsibilities to obtain timely information necessary for effective regulation, supervision, and oversight. In particular, authorities should use these powers to access information that enables them to understand and assess (a) an FMI’s various functions, activities, and overall financial condition; (b) the risks borne or created by an FMI and, where appropriate, its participants; (c) an FMI’s impact on its participants and the broader economy; and (d) an FMI’s adherence to relevant regulations and policies. Key sources of information include official system documents and records, regular or ad-hoc reports, internal reports from board meetings and internal auditors, on-site visits and inspections, information on operations outsourced to third parties, and dialogue with an FMI’s board, management, or participants. 174 Authorities should have appropriate legal safeguards to protect all confidential and non-public information obtained from an FMI. Authorities, however, should be able to share relevant confidential or non-public information with other authorities, as appropriate, to minimise gaps and reduce duplication in regulation, supervision, and oversight. Powers to induce change or enforce corrective action 4.2.3. Authorities also should have powers or other authority consistent with their relevant responsibilities to induce change or enforce corrective action in an FMI that is not complying with relevant regulations or policies. Other mechanisms may also be used to effect change, including the use of moral suasion. Discussions with FMIs, their participants, and, in some cases, their participants’ customers play an important part in achieving regulatory, 174 Official system documentation includes the FMI’s rules, procedures, and business continuity plans. Regular or ad hoc reporting includes daily volume and value of transactions reports, operating performance reports, stress test results, and the scenarios and methodology employed in estimating exposures. 128 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 supervisory, and oversight objectives. In many cases, an authority may be able to rely on moral suasion to promote public policy interests for FMIs and their stakeholders. These techniques, however, work best when there are credible regulatory or other remedies available to authorities. Where appropriate and legally permissible, authorities may want to consider publicly disclosing their assessments of certain FMIs as a means to induce change at those FMIs and promote transparency. Sufficient resources 4.2.4. Authorities should have sufficient resources to fulfil their regulatory, supervisory, and oversight responsibilities. Sufficient resources include adequate funding, qualified and experienced personnel, and appropriate ongoing training. In addition, authorities should adopt an organisational structure that uses these resources effectively. It should be clear where the responsibility for regulatory, supervisory, and oversight functions lies within an authority or authorities. These functions may include gathering information on FMIs, assessing the operation and design of FMIs, assessing interdependencies among FMIs, taking action to promote FMIs’ observance of relevant policies and standards, and conducting on-site visits or inspections when necessary. Where relevant, personnel should have the appropriate legal protections to carry out their responsibilities. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 129 Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs. Key considerations 1. Authorities should clearly define their policies with respect to FMIs, which include the authorities’ objectives, roles, and regulations. 2. Authorities should publicly disclose their relevant policies with respect to the regulation, supervision, and oversight of FMIs. Explanatory note 4.3.1. Central banks, market regulators, and other relevant authorities should clearly define their regulatory, supervisory, and oversight policies with respect to FMIs, which include the authorities’ objectives, roles, and regulations. A clear definition of authorities’ objectives provides a basis for consistent policymaking and a benchmark by which authorities can evaluate their effectiveness. Typically, the primary objectives of authorities with respect to FMIs are to promote safety and efficiency. Some authorities may also have additional relevant public policy objectives for the FMIs they regulate, supervise, or oversee. These objectives are usually implemented through specific regulations and other policies, such as risk-management standards or expectations for FMIs. The policies of authorities should be consistent with their legislative framework. In addition, authorities may find it beneficial to consult with the market, key stakeholders, and the broader public regarding their policies. In many countries, these consultations may be required by law. 4.3.2. Authorities should publicly disclose their relevant policies with respect to the regulation, supervision, and oversight of FMIs, as public disclosure promotes consistent policies. Such disclosure typically involves communicating the authorities’ regulatory, supervisory, and oversight standards for FMIs and helps to establish clear expectations and facilitate compliance with those standards. Furthermore, disclosing policies publicly communicates the responsibilities and expectations of authorities to the wider public and thereby promotes the accountability of those authorities. Authorities can publicly disclose their policies in a variety of forms, including plain-language documents, policy statements, and relevant supporting material. Such materials should be readily available. 175 These disclosures, however, do not shift the responsibility of ensuring the safe and efficient operation of FMIs from the FMI to authorities. Authorities should emphasise that primary responsibility for complying with the regulatory, supervisory, and oversight policies rests with the FMIs themselves. 175 For example, an authority can publicly disclose its policies by posting them to a public website. 130 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Responsibility D: Application of the principles for FMIs Central banks, market regulators, and other relevant authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures and apply them consistently. Key considerations 1. Authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures. 2. Authorities should ensure that these principles are, at a minimum, applied to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs. 3. Authorities should apply these principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by the principles. Explanatory note 4.4.1. Central banks, market regulators, and other relevant authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures. The adoption and application of these principles can greatly enhance regulatory, supervisory, and oversight efforts by relevant authorities and support the establishment of important minimum standards for risk management. While the precise means through which the principles are applied will vary from jurisdiction to jurisdiction, all CPSS and IOSCO members are expected to apply the principles to the relevant FMIs in their jurisdictions to the fullest extent allowed by the legal framework in their jurisdiction. 176 The principles draw on the collective experience of many central banks, market regulators, and other relevant authorities and have been subject to public consultation. The use of these principles helps to ensure that FMIs are safe and efficient. Scope of application of principles 4.4.2. Authorities should ensure that these principles are, at a minimum, applied to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs. A payment system is systemically important if it has the potential to trigger or transmit systemic disruptions; this includes, among other things, systems that are the sole payment system in a country or the principal system in terms of the aggregate value of payments, and systems that mainly handle time-critical, high-value payments or settle payments used to effect settlement in other FMIs. The presumption is that all CSDs, SSSs, CCPs, and TRs are systemically important because of their critical roles in the markets they serve. 177 Authorities should disclose which FMIs they do not regard as systemically important and to which they do not intend to apply the principles and provide a comprehensive and clear rationale. Conversely, authorities may disclose which FMIs they regard as systemically important. 178 176 In some cases, specific legislation may be used or needed to set out the precise regulatory framework and rules applicable to FMIs. In other cases, the relevant authorities may not need statutory authority to adopt them, though they may still need to create more detailed policies, rules, or regulations to implement them. 177 In some jurisdictions, national law will dictate the criteria to determine whether an FMI is systemically important. 178 See also key consideration 1 of Responsibility A, which requires authorities to clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 131 Consistent application of principles 4.4.3. Authorities should apply the principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by these principles. Consistent application of these principles is important because different systems may be dependent on each other, in direct competition with each other, or both. The principles also represent common interests which make it easier for different authorities to work cooperatively and enhance the effectiveness and consistency of regulation, supervision, and oversight. This is particularly important because many FMIs operate across multiple jurisdictions. Authorities may apply more demanding requirements if and when they deem it appropriate to do so. Observance of internationally accepted principles 4.4.4. If a systemically important FMI does not observe the applicable principles, relevant authorities should ensure, as far as possible within their responsibilities and powers, that the FMI takes appropriate and timely action to remedy its deficiencies within a timeframe consistent with the type or impact of the risks, concerns, or other issues associated with the identified gaps and shortcomings. Authorities should closely monitor newly formed FMIs and those undergoing significant changes. 179 Where central banks themselves own or operate FMIs or key components of FMIs, they should apply, to the extent applicable, the same international standards to their own systems with the same rigor as other overseen systems. If a central bank is an owner or operator of an FMI as well as the overseer of private-sector FMIs, it needs to consider how best to address any possible conflicts of interest. In particular, it should avoid disadvantaging private-sector FMIs relative to those it owns and operates. 179 In these instances, authorities should engage with the FMI at an early stage to foster public policy goals and identify opportunities to enhance safety and efficiency. 132 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Responsibility E: Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs. Key considerations 1. Relevant authorities should cooperate with each other, both domestically and internationally, to foster efficient and effective communication and consultation in order to support each other in fulfilling their respective mandates with respect to FMIs. Such cooperation needs to be effective in normal circumstances and should be adequately flexible to facilitate effective communication, consultation, or coordination, as appropriate, during periods of market stress, crisis situations, and the potential recovery, wind-down, or resolution of an FMI. 2. If an authority has identified an actual or proposed operation of a cross-border or multicurrency FMI in its jurisdiction, the authority should, as soon as it is practicable, inform other relevant authorities that may have an interest in the FMI’s observance of the CPSS-IOSCO Principles for financial market infrastructures. 3. Cooperation may take a variety of forms. The form, degree of formalization and intensity of cooperation should promote the efficiency and effectiveness of the cooperation, and should be appropriate to the nature and scope of each authority’s responsibility for the supervision or oversight of the FMI and commensurate with the FMI’s systemic importance in the cooperating authorities’ various jurisdictions. Cooperative arrangements should be managed to ensure the efficiency and effectiveness of the cooperation with respect to the number of authorities participating in such arrangements. 4. For an FMI where cooperative arrangements are appropriate, at least one authority should accept responsibility for establishing efficient and effective cooperation among all relevant authorities. In international cooperative arrangements where no other authority accepts this responsibility, the presumption is the authority or authorities with primary responsibility in the FMI’s home jurisdiction should accept this responsibility. 5. At least one authority should ensure that the FMI is periodically assessed against the principles and should, in developing these assessments, consult with other authorities that conduct the supervision or oversight of the FMI and for which the FMI is systemically important. 6. When assessing an FMI’s payment and settlement arrangements and its related liquidity risk-management procedures in any currency for which the FMI’s settlements are systemically important against the principles, the authority or authorities with primary responsibility with respect to the FMI should consider the views of the central banks of issue. If a central bank of issue is required under its responsibilities to conduct its own assessment of these arrangements and procedures, the central bank should consider the views of the authority or authorities with primary responsibility with respect to the FMI. 7. Relevant authorities should provide advance notification, where practicable and otherwise as soon as possible thereafter, regarding pending material regulatory changes and adverse events with respect to the FMI that may significantly affect another authority’s regulatory, supervisory, or oversight interests. 8. Relevant authorities should coordinate to ensure timely access to trade data recorded in a TR. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 133 9. Each authority maintains its discretion to discourage the use of an FMI or the provision of services to such an FMI if, in the authority’s judgment, the FMI is not prudently designed or managed or the principles are not adequately observed. An authority exercising such discretion should provide a clear rationale for the action taken both to the FMI and to the authority or authorities with primary responsibility for the supervision or oversight of the FMI. 10. Cooperative arrangements between authorities in no way prejudice the statutory or legal or other powers of each participating authority, nor do these arrangements constrain in any way an authority’s powers to fulfil its statutory or legislative mandate or its discretion to act in accordance with those powers. Explanatory note 4.5.1. Central banks, market regulators, and other relevant authorities should cooperate with each other, domestically and internationally (that is, on a cross-border basis), in order to support each other in fulfilling their respective regulatory, supervisory, or oversight mandates with respect to FMIs. Relevant authorities should explore, and where appropriate, develop cooperative arrangements that take into consideration (a) their statutory responsibilities, (b) the systemic importance of the FMI to their respective jurisdictions, (c) the FMI’s comprehensive risk profile (including consideration of risks that may arise from interdependent entities), and (d) the FMI’s participants. The objective of such arrangements is to facilitate comprehensive regulation, supervision, and oversight and provide a mechanism whereby the responsibilities of multiple authorities can be fulfilled efficiently and effectively. Authorities are encouraged to cooperate with each other to reduce the probability of gaps in regulation, supervision, and oversight that could arise if they did not coordinate and to minimise the potential duplication of effort and the burden on the FMIs or the cooperating authorities. Relevant authorities should also cooperate with resolution authorities and the supervisors of direct participants, as appropriate and necessary, to enable each to fulfil its respective responsibilities. 4.5.2. Cooperative arrangements need to foster efficient and effective communication and consultation among relevant authorities. Such arrangements need to be effective in normal circumstances and should be adequately flexible to facilitate effective communication, consultation, or coordination, as appropriate, during periods of market stress, crisis situations, and the potential recovery, wind-down, or resolution of an FMI. Inadequate cooperation, especially during times of market stress and crisis situations, can impede significantly the work of relevant authorities. Identification of FMIs and relevant authorities 4.5.3. If an authority has identified an actual or proposed operation of a cross-border or multicurrency FMI in its jurisdiction, the authority should, as soon as it is practicable, inform other relevant authorities that may have an interest in the FMI’s observance of the CPSSIOSCO Principles for financial market infrastructures. To determine whether such notification is appropriate, the authority should consider (to the extent it has such information) the nature and scope of other relevant authorities’ regulatory, supervisory, or oversight responsibilities with respect to the FMI and the FMI’s systemic importance in those authorities’ jurisdictions. Cooperation arrangements 4.5.4. Cooperation may take a variety of forms, including formal arrangements that are organised under memoranda of understanding, protocols, or other documentation as well as 134 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 informal ad hoc arrangements and regular communications. 180 The relevant authorities should agree on the form of cooperative arrangement or such multiple arrangements as they deem most appropriate in light of the FMI’s specific circumstances. Flexibility as to the form of cooperation allows relevant authorities to continue to adapt to a dynamic environment as financial markets and systems evolve. All authorities involved in cooperative arrangements should have the powers and resources needed to carry out their responsibilities under the arrangements. 4.5.5. The appropriate degree of formalisation and the intensity of the cooperation in relation to any given FMI will depend on the relevant authorities’ statutory responsibilities and may also depend on the FMI’s systemic importance to their respective jurisdictions. The degree of formalisation may vary depending on each set of circumstances. For example, using an ad hoc arrangement to address promptly an emerging supervisory issue may be preferable to establishing a more-formal arrangement. Similarly, the intensity of cooperation may vary among arrangements, ranging from information sharing to more-extensive consultation and cooperation arrangements. 181 Information sharing may include the exchange of supervisory and oversight information (both public and non-public); the exchange of perspectives on risk-management controls, safety, and soundness; or plans for the potential recovery, wind-down, or resolution of the FMI. 182 Relevant authorities should seek to achieve a cooperative arrangement that employs an appropriate combination of form and scope to achieve an effective outcome. Cooperative arrangements should be managed to ensure the efficiency and effectiveness of the cooperation with respect to the number of authorities participating in such cooperative arrangements. 4.5.6. For an FMI where cooperative arrangements are appropriate, at least one authority should accept responsibility for establishing efficient and effective cooperation arrangements among all relevant authorities. In international cooperative arrangements where no other authority accepts this responsibility, the presumption is the authority or authorities with primary responsibility in the FMI’s home jurisdiction should accept this responsibility. Cooperation with other authorities should be guided by relevant international principles on cooperative arrangements for the regulation, supervision, and oversight of FMIs, such as the CPSS’s Central bank oversight of payment and settlement systems report and IOSCO’s Principles regarding cross-border supervisory cooperation. This responsibility addresses cooperation among authorities in the application of the principles and is intended to complement, but does not replace or supersede, any relevant guiding documents that exist for CPSS and IOSCO. 4.5.7. The acceptance of responsibility for establishing the cooperation arrangement for an FMI does not in itself confer any rights, supersede any national laws, or prejudice any bilateral or multilateral information sharing arrangements. The duties of an authority with such responsibility would typically include (a) proactively proposing arrangements for cooperation that would best meet the relevant authorities’ objectives, (b) facilitating coordination and cooperation among the authorities, (c) ensuring transparency in the arrangements, (d) acting, where relevant, as a central point for the information exchanged between the FMI and the relevant authorities, and (e) undertaking or coordinating periodic 180 Such arrangements can be either bilateral or multilateral and may be implemented through colleges, regulatory networks, oversight committees, or other cooperative arrangements (for example, statements of intent or official exchanges of letters) or through ad hoc communication. 181 These arrangements may define the roles and responsibilities of the relevant authorities in specific (for example, crisis) scenarios. 182 In the resolution context, relevant authorities also may exchange information regarding the resolvability of a particular FMI. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 135 assessments of the FMI against the principles in consultation with other authorities that have responsibilities with respect to the FMI. 4.5.8. Where several authorities have responsibilities in relation to the same FMI, at least one authority should accept responsibility for ensuring that the FMI is periodically assessed against the principles. Authorities should consult with each other, where practicable, and share assessments to support authorities with primary responsibility for the FMI’s supervision or oversight and for which the FMI is systemically important. Information sharing and open discussion with respect to the principles should help authorities avoid sending the FMI conflicting messages or imposing unnecessarily burdensome requirements on the FMI. Assessments and the related consultation and information sharing should be conducted without prejudice to the relevant authorities’ statutory powers or legal frameworks. Payment and settlement arrangements 4.5.9. An FMI's payment and settlement arrangements and its related liquidity riskmanagement procedures in any currency for which the FMI's settlements are systemically important should be assessed against the principles by the authority or authorities with primary regulation, supervision, or oversight responsibility with respect to the FMI. When conducting these reviews, the authority or authorities should consider the views of the central banks of issue. Central banks of issue may have an interest in an FMI’s payment and settlement arrangements and its related liquidity risk-management procedures because of their roles in implementing monetary policy and maintaining financial stability. Further, if a central bank of issue is required under its responsibilities to conduct its own assessment of these arrangements and procedures, the central bank should consider the views of the authority or authorities with primary responsibility with respect to the FMI. Advance notification 4.5.10. Relevant authorities should provide advance notification, where practicable and otherwise as soon as possible thereafter, regarding pending material regulatory changes and adverse events with respect to the FMI that may significantly affect another authority’s regulatory, supervisory, and oversight interests. In particular, for cross-border or multicurrency FMIs, where other authorities may have an interest in the FMI's observance of the principles, advance notification arrangements should take into account the authorities’ responsibilities with respect to the FMI's potential systemic importance to their jurisdictions. The views of other authorities put forward through consultations should be considered, as appropriate, in connection with regulatory actions taken with respect to the FMI, including when the FMI is in a recovery, wind-down, or resolution scenario. Timely access to trade data 4.5.11. Authorities primarily responsible for the regulation, supervision, and oversight of a TR that maintains data pertaining to other jurisdictions should coordinate with other relevant authorities to ensure timely and effective access to trade data and establish an appropriate data access process that is fair and consistent with the responsibilities of the other relevant authorities, to the extent legally permissible. All relevant authorities should mutually support each other’s access to trade data in which they have a material interest in furtherance of their regulatory, supervisory, and oversight responsibilities, regardless of the particular organizational form or geographic location of a TR. No pre-emption of statutory authority 4.5.12. Each authority maintains its discretion to discourage the use of an FMI located in another jurisdiction or the provision of services to such an FMI if, in the authority’s judgment, the FMI is not prudently designed or managed or the principles are not adequately observed. This would be an option that would only be considered in extreme circumstances, and typically after consultation with the authority or authorities with primary responsibility for the 136 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 supervision or oversight of the FMI. An example of such a circumstance would be if the authority concerned had been unable to secure changes to the FMI’s risk controls which it regarded as necessary given the FMI’s systemic importance in its jurisdiction. An authority exercising such discretion should provide a clear rationale for the action taken both to the FMI and to the authority or authorities with direct responsibility for the supervision or oversight of the FMI. 4.5.13. Cooperative arrangements between authorities in no way prejudice the statutory or legal or other powers of each participating authority, nor do these arrangements constrain in any way an authority’s powers to fulfil its statutory or legislative mandate or its discretion to act in accordance with those powers. International cooperation for enforcement activities regarding persons other than FMIs is not covered by this responsibility. For IOSCO members, international cooperation for enforcement activities is governed by the Multilateral memorandum of understanding for cooperation concerning consultation and cooperation and the exchange of information. 183 183 See IOSCO, Multilateral memorandum of understanding for cooperation concerning consultation and cooperation and the exchange of information, May 2002. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 137 Annex A: Mapping of CPSIPS, RSSS, and RCCP standards to the principles in this report Previous international standards PFMI The table below maps the CPSIPS, RSSS, and RCCP standards to the principles in this report. For example, Core Principle III of the Core Principles for Systemically Important Payment Systems is covered by Principles 3, 4, and 7 in this report. Core principles for systemically important payment systems Core Principle I: Core Principle II: Core Principle III: Core Principle IV: Core Principle V: Core Principle VI: Core Principle VII: Core Principle VIII: Core Principle IX: Core Principle X: Responsibility A: Responsibility B: Responsibility C: Responsibility D: Legal basis Understanding financial risks Management of financial risks Prompt final settlement Settlement in multilateral netting systems Settlement assets Security and operational reliability Efficiency Access criteria Governance Disclosure of objectives, role and major policies Compliance of central bank systems Oversight of non-central bank systems Cooperation with other authorities 1 23 3, 4, 7 8 4, 5, 7 9 17 21 18 2 A, C D B, D E Recommendations for securities settlement systems Recommendation 1: Recommendation 2: Recommendation 3: Recommendation 4: Recommendation 5: Recommendation 6: Recommendation 7: Recommendation 8: Recommendation 9: Recommendation 10: Recommendation 11: Recommendation 12: Legal framework Trade confirmation Settlement cycles Central counterparties (CCPs) Securities lending Central securities depositories (CSDs) Delivery versus payment (DVP) Timing of settlement finality CSD risk controls to address participants’ failure to settle Cash settlement assets Operational reliability Protection of customers’ securities Recommendation 13: Recommendation 14: Recommendation 15: Recommendation 16: Recommendation 17: Recommendation 18: Governance Access Efficiency Communication procedures and standards Transparency Regulation and oversight Recommendation 19: Risks in cross-border links 138 1 Annex C Annex C Annex C Annex C 11 12 8 4, 5, 7 9 17 11, 14, 16, Annex C 2 18 21 22 23 Responsibilities A-E 20 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 PFMI Previous international standards (cont) Recommendations for central counterparties Recommendation 1: Recommendation 2: Recommendation 3: Recommendation 4: Recommendation 5: Recommendation 6: Recommendation 7: Recommendation 8: Recommendation 9: Recommendation 10: Recommendation 11: Recommendation 12: Recommendation 13: Recommendation 14: Recommendation 15: Legal risk Participation requirements Measurement and management of credit exposures Margin requirements Financial resources Default procedures Custody and investment risks Operational risk Money settlements Physical deliveries Risks in links between CCPs Efficiency Governance Transparency Regulation and oversight CPSS-IOSCO – Principles for financial market infrastructures – April 2012 1 18 4 5, 6 4, 5, 6, 7 13 16 17 9 10, 12 20 21 2 23 Responsibilities A-E 139 Annex B: Mapping of the principles in this report to CPSIPS, RSSS, RCCP, and other guidance RSSS RCCP Principles for FMIs CPSIPS The table below illustrates how the principles in this report relate to the CPSIPS, RSSS, and RCCP standards, as well as other guidance. For example, Principle 18 in this report harmonises and builds upon CPSIPS Principle 9, RSSS Recommendation 14, and RCCP Recommendation 2. 1 10 3 1 13 – 1 13 – 3, 5 5 – 3, 5 4 6 – – – – – – – 7 9 – – 8 – 2 9 9 – 9 8 10 – 6, 11, 12 7 – 12 – 12 11 14 – 19 15 16 17 3, 5 4, 5 4, 5 5 – 9 10 – 10 6 – – 7 8 2 – 11 12 – 14 – – – Principles for FMIs Principle 1: Principle 2: Principle 3: Principle 4: Principle 5: Principle 6: Principle 7: Principle 8: Principle 9: Principle 10: Principle 11: Principle 12: Principle 13: Principle 14: Principle 15: Principle 16: Principle 17: Principle 18: Principle 19: Principle 20: Principle 21: Principle 22: Principle 23: Principle 24: Legal basis Governance Framework for the comprehensive management of risks Credit risk Collateral Margin Liquidity risk Settlement finality Money settlements Physical deliveries Central securities depositories Exchange-of-value settlement systems Participant-default rules and procedures Segregation and portability General business risk Custody and investment risks Operational risk Access and participation requirements Tiered participation arrangements FMI links Efficiency and effectiveness Communication procedures and standards Disclosure of rules, key procedures, and market data Disclosure of market data by trade repositories Responsibilities of central banks, market regulators, and other relevant authorities for FMIs Responsibility A: Responsibility B: Responsibility C: Responsibility D: Responsibility E: Regulation, supervision, and oversight of FMIs Regulatory, supervisory and oversight powers and resources Disclosure of objectives and policies Application of the principles for FMIs Cooperation with other authorities A C 18 18 15 15 A B, C D 18 – 18 15 – 15 Note: Additional source documents for the section on responsibilities of central banks, market regulators, and other relevant authorities include: CPSS, Central bank oversight of payment and settlement systems, May 2005, and IOSCO, Principles regarding cross-border supervisory cooperation, May 2010. 140 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Annex C: Selected RSSS marketwide recommendations The RSSS marketwide recommendations on trade confirmation, settlement cycle, CCPs, and securities lending were not part of the CPSS and Technical Committee of IOSCO’s review of standards for FMIs. As a result, these marketwide recommendations remain in effect and are provided below as reference. Recommendation 2: Trade confirmation Confirmation of trades between direct market participants should occur as soon as possible after trade execution, but no later than trade date (T+0). Where confirmation of trades by indirect market participants (such as institutional investors) is required, it should occur as soon as possible after trade execution, preferably on T+0, but no later than T+1. 3.10 The first step in settling a securities trade is to ensure that the buyer and the seller agree on the terms of the transaction, a process referred to as trade confirmation. Often a broker-dealer or member of an exchange (a direct market participant) acts as an intermediary in executing trades on behalf of others (indirect market participants). In such circumstances, trade confirmation often occurs on two separate tracks: confirmation of the terms of the trade between direct participants and confirmation (sometimes termed “affirmation”) of the intended terms between each direct participant and the indirect participant for whom the direct participant is acting. (Generally, indirect market participants for whom confirmations are required include institutional investors and cross-border clients.) On both tracks, agreement of trade details should occur as soon as possible so that errors and discrepancies can be discovered early in the settlement process. Early detection should help to avoid errors in recording trades, which could result in inaccurate books and records, increased and mismanaged market risk and credit risk, and increased costs. While this process is occurring, the back offices of the direct market participants, indirect market participants and custodians that act as agents for the indirect market participants need to prepare settlement instructions, which should be matched prior to the settlement date. Speedy, accurate verification of trades and matching settlement instructions is an essential precondition for avoiding settlement failures, especially when the settlement cycle is relatively short. (See Recommendation 3 regarding the length of settlement cycles.) 3.11 Trade confirmation systems are increasingly becoming automated. Many markets already have in place systems for the automatic comparison of trades between direct market participants. (In many markets, the use of electronic trading systems obviates the need for direct market participants to match the terms of the trade.) Automated matching systems are also being proposed and implemented for trade confirmation between direct market participants and indirect market participants and for the matching of settlement instructions. Automation improves processing times by eliminating the requirement to send information back and forth manually between parties and by avoiding the errors inherent in manual processing. 3.12 At its most sophisticated, automation allows manual intervention to be eliminated from post-trade processing through the implementation of straight through processing (STP), that is, procedures that require trade data to be entered only once and then use those same data for all post-trade requirements related to settlement. Many practitioners believe that market-wide achievement of STP is essential, both for maintaining high settlement rates as volumes increase and for ensuring timely settlement of cross-border trades, particularly if reductions in settlement cycles are to be achieved. STP systems may use a common message format or use a translation facility that either converts different message formats into a common format or translates between different formats. Several initiatives aim to CPSS-IOSCO – Principles for financial market infrastructures – April 2012 141 achieve STP. These initiatives should be encouraged, and direct and indirect market participants should achieve the degree of internal automation necessary to take full advantage of whatever solutions emerge. Recommendation 3: Settlement cycles Rolling settlement should be adopted in all securities markets. Final settlement should occur no later than T+3. The benefits and costs of a settlement cycle shorter than T+3 should be evaluated. 3.13 Under a rolling settlement cycle, trades settle a given number of days after the trade date rather than at the end of an “account period”, thereby limiting the number of outstanding trades and reducing aggregate market exposure. The longer the period from trade execution to settlement, the greater the risk that one of the parties may become insolvent or default on the trade, the larger the number of unsettled trades, and the greater the opportunity for the prices of the securities to move away from the contract prices, thereby increasing the risk that non-defaulting parties will incur a loss when replacing the unsettled contracts. In 1989, the G30 recommended that final settlement of cash transactions should occur on T+3, that is, three business days after the trade date. However, the G30 recognised that “to minimise counterparty risk and market exposure associated with securities transactions; same day settlement is the final goal”. 3.14 This recommendation retains T+3 settlement as a minimum standard. Markets that have not yet achieved a T+3 settlement cycle should identify impediments to achieving T+3 and actively pursue the removal of those impediments. Many markets already are settling at a shorter interval than T+3. For example, many government securities already settle on T+1 or even T+0, and some equity markets are currently considering a T+1 settlement cycle. The standard judged appropriate for a type of security or market will depend upon factors such as transaction volume, price volatility and the extent of cross-border trading in the instrument. Each securities market should evaluate whether a cycle shorter than T+3 is appropriate, given the risk reduction benefits that could be achieved, the costs that would be incurred and the availability of alternative means of limiting pre-settlement risk, such as trade netting through a CCP (see Recommendation 4 below). Depending on these factors, some markets may conclude that different types of securities should have different settlement cycles. 3.15 Reducing the cycle is neither costless nor without certain risks. This is especially true for markets with significant cross-border activity because differences in time zones and national holidays, and the frequent involvement of multiple intermediaries, make timely trade confirmation more difficult. In most markets, a move to T+1 (perhaps even to T+2) would require a substantial reconfiguration of the trade settlement process and an upgrade of existing systems. For markets with a significant share of cross-border trades, substantial system improvements may be essential for shortening settlement cycles. Without such investments, a move to a shorter cycle could generate increased settlement fails, with a higher proportion of participants unable to agree and exchange settlement data or to acquire the necessary resources for settlement in the time available. Consequently, replacement cost risk would not be reduced as much as anticipated and operational risk and liquidity risk could increase. 3.16 Regardless of the settlement cycle, the frequency and duration of settlement failures should be monitored closely. In some markets, the benefits of T+3 settlement are not being fully realised because the rate of settlement on the contractual date falls significantly short of 100%. In such circumstances, the risk implications of the fail rates should be analysed and actions identified that could reduce the rates or mitigate the associated risks. For example, monetary penalties for failing to settle could be imposed contractually or by market authorities; alternatively, failed trades could be marked to market and, if not resolved within a specified timeframe, closed out at market prices. 142 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Recommendation 4: Central counterparties (CCPs) The benefits and costs of a CCP should be evaluated. Where such a mechanism is introduced, the CCP should rigorously control the risks it assumes. 3.17 A central counterparty (CCP) interposes itself between trade counterparties, becoming the buyer to every seller and the seller to every buyer. Thus, from the point of view of market participants the credit risk of the CCP is substituted for the credit risk of the other participants. (In some markets many of the benefits of a CCP are achieved by establishing an entity that indemnifies market participants against losses from counterparty defaults without actually acting as CCP.) If a CCP manages its risks effectively, its probability of default may be less than that of all or most of the market participants. Moreover, a CCP often bilaterally nets its obligations vis-à-vis its participants, which achieves multilateral netting of each participant’s obligations vis-à-vis all of the other participants. This can reduce substantially the potential losses in the event of the default of a participant, both on trades that have not reached settlement (replacement cost exposures) and on trades in the process of settlement (principal exposures). In addition, netting reduces the number and value of deliveries and payments needed to settle a given set of trades, thereby reducing liquidity risks and transaction costs. 3.18 Introduction of a CCP is another tool, in addition to shortening settlement cycles, for reducing counterparty credit risks. It is especially effective for reducing risks vis-à-vis active market participants, who often buy and sell the same security for settlement on the same date. In addition to these risk reduction benefits, the growing demand for CCP arrangements in part reflects the increasing use of anonymous electronic trading systems, where orders are matched according to the rules of the system and participants cannot always manage their credit risks bilaterally through their choice of counterparty. 3.19 Nevertheless, a CCP will not be appropriate in all markets. Establishing a CCP is not without costs. In particular, establishing the kind of robust risk-management system that a CCP must have (see discussion below) generally requires significant initial investments and ongoing expenses. Thus, individual markets should assess carefully the balance of the benefits and costs of a CCP. This balance will depend on factors such as the volume and value of transactions, trading patterns among counterparties, and the opportunity costs associated with settlement liquidity. A growing number of markets have determined that the benefits of implementing a CCP outweigh the costs. 3.20 If a CCP is established, it is important that it have sound risk management because the CCP assumes responsibility for risk management and reallocates risk among its participants through its policies and procedures. As a result, if a CCP does not perform risk management well, the CCP could increase risk to market participants. The ability of the system as a whole to withstand the default of individual participants depends crucially on the risk-management procedures of the CCP and its access to resources to absorb financial losses. The failure of a CCP would almost certainly have serious systemic consequences, especially where multiple markets are served by one CCP. Consequently, a CCP’s ability to monitor and control the credit, liquidity, legal and operational risks it incurs and to absorb losses is essential to the sound functioning of the markets it serves. A CCP must be able to withstand severe shocks, including defaults by one or more of its participants, and its financial support arrangements should be evaluated in this context. Furthermore, there must be a sound and transparent legal basis for the netting arrangements, whether by novation or otherwise. For example, netting must be enforceable against the participants in bankruptcy. Without such legal underpinnings, net obligations may be challenged in judicial or administrative insolvency proceedings. If these challenges are successful, the CCP or the original counterparty may face additional settlement exposure. The CCP must also be operationally sound and must ensure that its participants have the incentive and the ability to manage the risks they assume. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 143 3.21 CCPs adopt a variety of means to control risk. The precise means reflects the market served and the nature of the risks incurred. Access criteria are essential (see [Principle 18, formerly] Recommendation 14 on access). The CCP’s exposures should be collateralised. Most CCPs require members to deposit collateral to cover potential market movements on open positions or unsettled transactions. Positions are also generally marked to market one or more times daily, with the CCP taking additional cash or collateral to cover any changes in the net value of the open positions of participants since the previous valuation and settlement. During volatile periods, CCPs may collect additional collateral to minimise further their exposure. CCPs should also have rules specifying clearly how defaults will be handled and how losses will be shared in the event that a defaulting firm’s collateral fails to cover its exposure. For example, CCPs may require their members to contribute to default clearing funds, typically composed of cash or high-quality, liquid securities and calculated using a formula based on the volume of the participant’s settlement activity. Those funds are often augmented through insurance or other financial support. Liquidity demands are usually met by some combination of clearing fund assets and firmly committed bank credit lines. Rules and procedures for handling defaults should be transparent to enable members and other market participants to assess the risks they assume because of their membership in and use of a CCP. 3.22 CCPs are currently developing global risk-management standards that draw on their common experience and expertise. In February 2001, senior executives of the European Association of Central Counterparty Clearing Houses (EACH) developed risk-management standards for their organisations. Subsequently, CCP-12, a group that includes CCPs from Asia and the Americas as well as Europe, has been working to revise the EACH standards and broaden their acceptance among CCPs. 184 Once CCP-12’s work is finalised, national authorities should consider using it as a starting point when evaluating the risk-management procedures of a CCP. Recommendation 5: Securities lending Securities lending and borrowing (or repurchase agreements and other economically equivalent transactions) should be encouraged as a method for expediting the settlement of securities transactions. Barriers that inhibit the practice of lending securities for this purpose should be removed. 3.23 Mature and liquid securities lending markets (including markets for repurchase agreements and other economically equivalent transactions) generally improve the functioning of securities markets by allowing sellers ready access to securities needed to settle transactions where those securities are not held in inventory, by offering an efficient means of financing securities portfolios, and by supporting participants’ trading strategies. 185 The existence of liquid markets for securities lending reduces the risks of failed settlements because market participants with an obligation to deliver securities that they have failed to receive and do not hold in inventory can borrow these securities and complete delivery. Securities lending markets also enable market participants to cover transactions that have already failed, thereby curing the failure sooner. In cross-border transactions, particularly 184 The CCP-12 is composed of the following entities: (1) the Australian Stock Exchange; (2) the Brazilian Clearing and Depository Corporation; (3) Eurex Clearing; (4) the Chicago Mercantile Exchange; (5) Clearnet; (6) Hong Kong Exchanges and Clearing Limited; (7) the London Clearing House; (8) S D Indeval, SA de C V; (9) Singapore Exchange Limited; (10) The Canadian Depository for Securities Limited; (11) The Depository Trust & Clearing Corporation; (12) The Options Clearing Corporation; and (13) the Tokyo Stock Exchange. 185 For a thorough discussion of securities lending and repo agreements, see Technical Committee of IOSCO and CPSS, Securities lending transactions: market development and implications, 1999; CGFS, Implications of repo markets for central banks, 1999. 144 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 back-to-back transactions, it is often more efficient and cost-effective for a market participant to borrow a security for the delivery than to deal with the risk and costs associated with a settlement failure. 3.24 Liquid securities lending markets are therefore to be encouraged, subject to appropriate limits on their use for purposes prohibited by regulation or law. For example, borrowing to support short sales is illegal in some circumstances in some markets. Even in jurisdictions that restrict securities lending because of other public policy concerns, authorities should consider permitting lending to reduce settlement failures. Impediments to the development and functioning of securities lending markets should, as far as possible, be removed. In many markets, the processing of securities lending transactions involves manually intensive procedures. In the absence of robust and automated procedures, errors and operational risks increase, and it may be difficult to achieve timely settlement of securities lending transactions, which often need to settle on a shorter cycle than regular trades. The scope for improvement in the processing of cross-border borrowing and lending transactions is particularly large. Some CSDs seek to overcome these impediments by providing centralised lending facilities; others offer services intended to support the bilateral lending market. The needs of individual markets will differ, and market participants and CSDs should evaluate the usefulness of the different types of facilities. 3.25 Other impediments might arise from tax or accounting policies, from legal restrictions on lending, from an inadequate legal underpinning for securities lending or from ambiguities about the treatment of such transactions in a bankruptcy. One of the most significant barriers to development may be related to taxation of securities lending transactions. A tax authority’s granting of tax neutrality to the underlying transaction and the elimination of certain transaction taxes have served to increase activity in several jurisdictions. Accounting standards also have an influence on the securities lending market, particularly with respect to whether, and under what conditions, collateral must be reflected on the balance sheet. Authorities in some jurisdictions restrict the types or amounts of securities that may be loaned, the types of counterparties that may lend securities, or the permissible types of collateral. Uncertainty about the legal status of transactions, for example their treatment in insolvency situations, also inhibits development of a securities lending market. The legal and regulatory structure must be clear so that all parties involved understand their rights and obligations. 3.26 While securities lending may be a useful tool, it presents risk to both the borrower and the lender. The securities lent or the collateral may not be returned when needed, because of counterparty default, operational failure or legal challenge, for example. Those securities would then need to be acquired in the market, perhaps at a cost. Counterparties to securities loans should employ appropriate risk-management policies, including conducting credit evaluations, collateralising exposures, marking exposures and collateral to market daily, and employing master legal agreements. Recommendation 6: Central securities depositories (CSDs) Securities should be immobilised or dematerialised and transferred by book entry in CSDs to the greatest extent possible. 3.27 There are several different ways for beneficial owners to hold securities. In some jurisdictions, physical securities circulate and beneficial owners may keep securities in their possession, although beneficial owners typically employ a custodian to hold them to reduce risks and safekeeping costs. The costs and risks associated with owning and trading securities may be reduced considerably through immobilisation of physical securities, which involves concentrating the location of physical securities in a depository (or CSD). To promote immobilisation of all certificates of a particular issue, a jurisdiction could encourage the issuance of a global note, which represents the whole issue. A further step away from circulating physical securities is full dematerialisation of a securities issue. In this approach, CPSS-IOSCO – Principles for financial market infrastructures – April 2012 145 there is no global note issued, as the rights and obligations stem from book entries in an electronic register. 3.28 In addition to differences in physical arrangements for holding securities, there are important differences in the legal arrangements. Holding systems may be categorised generally as direct or indirect (see [Annex D, formerly] Annex 2 [of the RSSS]). Each type of system has advantages and disadvantages and either type of system can be designed in a manner that complies with these Recommendations. In jurisdictions that operate a direct holding system but in which the CSD is not the official registrar of the issuer, a transfer of securities in the CSD should result automatically in the transfer of legal title to the securities in the official register of the issuer. 3.29 The immobilisation or dematerialisation of securities and their transfer by book entry within a CSD significantly reduces the total costs associated with securities settlements and custody. By centralising the operations associated with custody and transfer within a single entity, costs can be reduced through economies of scale. In addition, efficiency gains can be achieved through increased automation, which reduces the errors and delays inherent in manual processing. By reducing costs and improving the speed and efficiency of settlement, book entry settlement also supports the development of securities lending markets, including markets for repurchase agreements and other economically equivalent transactions. These activities, in turn, enhance the liquidity of securities markets and facilitate the use of securities collateral to manage counterparty risks, thereby increasing the efficiency of trading and settlement. Effective governance (see [Principle 2, formerly] Recommendation 13) is necessary, however, to ensure that these benefits are not lost as a result of monopolistic behaviour by the CSD. 3.30 The immobilisation or dematerialisation of securities also reduces or eliminates certain risks, for example destruction or theft of certificates. The transfer of securities by book entry is a precondition for the shortening of the settlement cycle for securities trades, which reduces replacement cost risks. Book entry transfer also facilitates delivery versus payment, thereby eliminating principal risks. 3.31 Thus, for both safety and efficiency reasons, securities should be immobilised or dematerialised in CSDs to the greatest extent possible. In practice, retail investors may not be prepared to give up their certificates. However, it is not necessary to achieve complete immobilisation to realise the benefits of CSDs. It may be sufficient that the most active market participants immobilise their holdings. Less active investors that insist on holding certificates should bear the costs of their decisions. Recommendation 12: Protection of customers’ securities Entities holding securities in custody should employ accounting practices and safekeeping procedures that fully protect customers’ securities. It is essential that customers’ securities be protected against the claims of a custodian’s creditors. 3.60 Custody risk is the risk of a loss on securities held in custody occasioned by a custodian’s (or subcustodian’s) insolvency, negligence, misuse of assets, fraud, poor administration, inadequate record keeping, or failure to protect a customer’s interests in securities (including voting rights and entitlements). 186 Although custodians are predominantly commercial banks, CSDs also hold and administer securities on behalf of their direct participants, and thus present custody risk. (Direct participants in a CSD may hold securities both for their own account and on behalf of customers.) 186 For a thorough discussion of custody issues, see Technical Committee of IOSCO, Client Asset Protection, 1996. 146 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 3.61 A custodian should employ procedures ensuring that all customer assets are appropriately accounted for and kept safe whether it holds them directly or through a subcustodian. Because customer securities must also be protected against the claims of a custodian’s creditors, a customer’s claims against a custodian are typically given priority or are given preferential treatment under insolvency law. (Nonetheless, customer assets could be subject to liens in favour of the custodian if, for example, the customer has pledged them to secure an obligation to the custodian.) One way that a customer can be protected in the event of a custodian’s insolvency is through segregation (identification) of customer securities on the books of the custodian (and of all subcustodians, and ultimately, the CSD). Even when customer securities are segregated from a custodian’s own securities, customers may still be at risk of a loss if the custodian does not hold sufficient securities to satisfy all customer claims or if an individual customer’s securities cannot be readily identified. Thus, entities that hold securities in custody (or maintain records of balances of securities) should reconcile their records regularly to keep them current and accurate. Other ways to safeguard or protect customers against misappropriation and theft include internal controls and insurance or other compensation schemes. 3.62 Ideally, a customer’s securities are immune from claims made by third-party creditors of the custodian. Although the ideal is not realised in all circumstances, when the entities through which securities are held are performing their responsibilities effectively, the likelihood of a successful legal claim made on a customer’s securities by a third-party creditor is minimised. In addition, in the event of a custodian’s or subcustodian’s insolvency, it should be highly improbable that a customer’s securities could be frozen or made unavailable for an extended period of time. If that were to happen, the customer could come under liquidity pressures, suffer price losses or fail to meet its obligations. Segregation is a common device that facilitates the movement of a customer’s positions by a receiver to a solvent custodian, thereby enabling customers to manage their positions and meet their settlement obligations. To bring these results about, it is essential that the legal framework support segregation of customer assets or other arrangements for prioritising claims in bankruptcy that serve to protect customers’ holdings. It is also important for supervisory authorities to enforce effective segregation of customer assets by custodians. 3.63 Cross-border holdings of securities often involve several layers of intermediaries acting as custodians. For example, an institutional investor may hold its securities through a global custodian, which, in turn, holds securities in a subcustodian that is a member of the local CSD. Or a broker-dealer may hold its securities through its home country CSD or an international CSD, which, in turn, holds its securities through a cross-border link with the local CSD or through a local custodian. Mechanisms to protect customer assets may vary depending on the type of securities holding system instituted in a jurisdiction. Beneficial owners of securities should understand the extent of a custodian’s responsibility for securities held through intermediate custodians. 3.64 To prevent unexpected losses, a global custodian should determine whether the legal framework in the jurisdiction of each of its local subcustodians has appropriate mechanisms to protect customer assets. Alternatively, a global custodian should keep its customers apprised of the custody risk arising from holding securities in a particular jurisdiction. Global custodians should also ascertain whether their local subcustodians employ appropriate accounting, safekeeping and segregation procedures for customer securities. Likewise, when home country CSDs and ICSDs establish links to other CSDs, they should ensure that those other CSDs protect customer securities adequately. With complex cross-border arrangements, it is imperative that sound practices and procedures be used by all entities in the chain of custodians so that the interests of beneficial owners are protected from legal actions relating to the insolvency of, or the commission of fraud by, any one of the custodians. Each jurisdiction should take the attributes of its securities holding system into account in judging whether its legal framework includes appropriate mechanisms to protect a custodian’s customer against loss upon the insolvency of, or the commission of fraud by, a custodian. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 147 Annex D: Summary of designs of payment systems, SSSs, and CCPs This annex provides a high-level description of various institutional designs associated with payment systems, securities settlement systems (SSSs), and central counterparties (CCPs). Payment systems A payment system is a set of instruments, procedures, and rules for the transfer of funds between or among participants; the system includes the participants and the entity operating the arrangement. A payment system is typically based on an agreement between or among participants and the operator, and the transfer of funds is effected using an agreed-upon operational infrastructure. A payment system is generally categorised as either a retail payment system or a large-value payment system (LVPS). 187 A retail payment system is a funds transfer system that typically handles a large volume of relatively low-value payments in such forms as cheques, credit transfers, direct debits, and payment card transactions. An LVPS is a funds transfer system that typically handles large-value and high-priority payments. Organisational structures A payment system can take on different organizational forms. A system may include a central entity that acts as the payment system operator (that is, it runs the infrastructure that processes payment obligations, settlement obligations, or both; communicates with participants; and, in some cases, calculates net obligations), as a settlement institution (that is, it debits and credits the balances in settlement accounts on its books), or as both. Further, the settlement institution may act as a type of central counterparty to each payment obligation (henceforth, payment), provide a guarantee of finality or settlement for each payment accepted to the system, or offer no form of settlement guarantee and let any associated risks remain with the participants. Other possible arrangements include an operating entity that is different from the settlement institution and operates some or all of the technical elements of the payment system on behalf of the participants or the settlement institution. In some cases, the operator will operate the system on behalf of a broader industry group, statutory body, or other organization as part of a payment scheme. 188 Still other arrangements may involve multilateral clearing and settlement systems with very limited roles for central entities. Institutional designs Payment systems can be categorised generally into real-time gross settlement (RTGS) systems, deferred (or designated-time) net settlement (DNS) systems, and “hybrid” systems. The key distinctions among these three systems involve the form and timing of settlement. 187 See also, CPSS, New developments in large-value payment systems, May 2005 188 Some countries may have payment schemes for one or more types of payments in which there exists a rulemaking body that sets rules or provides some form of governance applicable to the operator, the participants, or a broader set of parties. 148 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Real-time gross settlement systems RTGS systems settle payments continuously in real time (that is, without deferral) and on a gross basis, typically on a payment-by-payment basis. A payment is accepted by the system once it successfully passes the system’s validity and conditionality checks (such as that the sender has sufficient funds or credit available to send the payment) and is typically unconditional and irrevocable. 189 If the payment cannot be validated, it is generally rejected back to the sender. If the payment is validated but does not pass the conditionality checks, the payment is either queued or rejected back to the sender (although other alternatives may exist in some systems). RTGS systems provide the advantage that payments are settled with finality on a payment-by-payment basis in the course of the day, thus reducing intraday credit and liquidity exposures between participants. A downside of RTGS systems is that they require participants to have sufficient liquidity to cover the principal amount of each payment and can therefore require large amounts of intraday liquidity from participants. Deferred net settlement systems In DNS systems, payments are accumulated and netted throughout the day (or possibly once per day), and settlement of the net amount takes place at the end of the day, if not more frequently intraday. By netting payment values among participants, DNS systems require significantly less liquidity for settlement, as compared to RTGS systems. However, DNS systems may expose participants to credit and liquidity risks for the period during which settlement is deferred. Settlement finality is only achieved at the end of the day (or at designated times during the day) in DNS systems and thus if there is no settlement guarantee, either by the system or its participants, there is no certainty that the payments will be settled until that point in time. If a participant fails to meet its payment obligation when due, some or all processed payments could be unwound, thereby exposing participants to liquidity risk and possibly credit risk depending on the design, rules, and legal framework of the payment system. Hybrid systems and liquidity-saving mechanisms In recent years, distinctions between RTGS and DNS systems have become less clear. Some DNS systems have increased the frequency of intraday final settlement to reduce risks associated with delayed settlement. Many RTGS systems have incorporated liquidity-saving features akin to netting in DNS systems in order to economise on participants’ use of liquidity. A range of system designs with liquidity-saving mechanisms and settlement priority options are sometimes classified as hybrid systems. In general, liquidity-saving mechanisms include frequent netting or offsetting of payments during the course of the operating day. A typical approach is to hold payments in a central queue and to net or offset those payments on a bilateral or multilateral basis at frequent intervals. To the extent that resulting potential net debit positions are fully covered, the payments can be settled immediately. Liquidity-saving mechanisms reduce the amount of liquidity needed relative to traditional RTGS systems by using the potential liquidity from a participant’s incoming payments to settle outgoing payments via netting or offsetting. Liquidity-saving mechanisms also reduce settlement risk relative to DNS systems by providing intraday final settlement after each round of netting. However, systems with these mechanisms may require more liquidity than pure DNS systems, which typically conduct settlement once per day, and may involve greater settlement delays for some payments than pure RTGS systems. 189 Some systems may have a legal or technical sequence of events that differs from this description yet achieves the same purposes. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 149 Other payment system enhancements include the integration of recurrent netting or offsetting with real-time settlement functionality and the addition of prioritisation options for payment processing or settlement. Such functionality allows a participant either to settle a particular payment in real time (or near real time) or to place the payment in a queue for deferred settlement. In many cases, systems have adopted complex algorithms for settling payments. For example, some systems first attempt to settle a payment on a gross basis. If gross settlement is not possible (for example, due to insufficient funds or lack of available credit), the system attempts to bilaterally or multilaterally offset the payment against other pending payments, thereby reducing or eliminating the amount of liquidity required to settle the payment. A number of different optimisation routines can be used to match, offset, or net queued payments, and the complexity of these algorithms varies greatly. Some systems also allow participants to set settlement or processing priorities among different payments or payment types. Payment process Regardless of their design, payment systems typically have four conceptual stages of processing: submission, validation, conditionality, and settlement (see also Box 3). 190 Submission The first stage of the payment process is the submission of a payment to the payment system. A payment can take on a number of forms based on the type of payment being submitted (for example, time-critical versus non time-critical payments; balances of ancillary systems or cash legs of securities transactions for LVPS; or ACH, debit or credit transfers for retail payment systems). Payments may differ based on the direction of funds flows (for example, credit transfers or debit transfers), format, legal status, and medium (for example, in electronic form or physical form). Also, some payments may be submitted as individual payments or as part of a file of payments. Validation Once a payment is submitted, it must pass through the payment system’s validation procedures before it can be accepted for final settlement. The type of validation the payment system performs depends on its specific design, but typically includes verifying that the payment instruction includes certain key data elements. These validation procedures may also include security measures in addition to those employed by the network provider to verify the identity of the sender of the payment as well as to ensure the integrity and nonrepudiation of the payment itself. In the event that the payment system cannot validate a payment, it is usually returned to the sending participant and is not considered eligible for settlement. If the validation is successful, the payment system subjects the payment to conditionality requirements. Conditionality Another key feature of a payment system’s design is the set of conditions that a payment must meet in order for it to be accepted by the system and be settled. In the most straightforward case, after the payment has been validated, the only condition for settlement is whether the sender has sufficient funds available (or access to intraday credit). 191 If the 190 See also CPSS, New developments in large-value payment systems, May 2005. 191 Additional conditions for settlement may be created by limits set either by a participant or by the system. While limits typically restrict credit exposures, a recent feature in some systems providing continuous intraday finality is the introduction of position or sender limits in order to control the outflow of settlement funds. 150 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 payment exceeds the amount of funds available, the payment system may reject the payment. Alternatively, the system may temporarily place the payment in a system queue. The queued payment will be released from the queue at a later stage when all relevant conditions for settlement are satisfied. Even in systems without a queue, other options beside rejection may be possible. For example, in the case that a payment cannot be settled under a sender’s limit, it is possible that the payment may still be settled subject to the sender undergoing a programme of ex-post counselling. Settlement A payment is final at the point in time when it becomes irrevocable and unconditional. This precise moment typically depends on the underlying legal regime and the rules of the payment system itself. In some systems, a payment becomes irrevocable as soon as the system validates it (that is, queued payment orders cannot be revoked by the sender). However, the payment may not provide funds irrevocably and unconditionally to the receiver or the beneficiary until settlement occurs and is final. In other systems, payments remain revocable until settlement takes place and, lastly, in some systems a payment can only be revoked with the receiver’s consent. In general, however, in an RTGS system, a payment becomes final after it is validated by the payment system and has passed the necessary conditionality checks. In a DNS system, a payment is typically considered final upon final settlement at the designated time(s). However, in DNS systems, it is possible for settlement of the net amount to be final, while individual payments are not finally settled or paid. Some DNS systems may also provide an explicit settlement guarantee, either from the operator of the system or from the participants as a group. Such systems would also have financial mechanisms to support such a guarantee. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 151 Box 3 Conceptual stages of payment processing Submission Sender submits payment to the payment system. Validation The payment system validates payment’s key data elements. If the payment passes validation, the system accepts it subject to conditionality. If the payment fails any of the validation checks, it is rejected back to the sender. Conditionality The payment system checks that necessary conditions for settlement are satisfied (such as sufficient funds availability and consistency with any established limits). A payment that fails conditionality checks is either placed back in the queue until the necessary validation checks are passed or is rejected back to sender. Settlement Settlement finality occurs when the account of the receiver within the payment system has been credited and settlement is unconditional and irrevocable. In an RTGS system, final settlement follows immediately after the conditionality tests are passed. In a DNS system, the payment is netted against other payments submitted to the system. Final settlement takes place at a designated time. Time Securities settlement systems An SSS enables securities to be transferred and settled by book entry according to a set of predetermined multilateral rules. 192 An SSS typically allows transfers of securities either free of payment or against payment. When transfer is against payment, the SSS should provide delivery versus payment (DvP). DvP is settlement mechanism that links a securities transfer and a funds transfer in such a way as to ensure that delivery occurs if and only if the corresponding funds transfer occurs. 193 An SSS may be part of a formal organisational structure that includes other FMIs, or it may operate as a completely independent entity with 192 It should be noted that the definition of an SSS in this report is narrower than the one used in the RSSS, which defined an SSS broadly to include the full set of institutional arrangements for confirmation, clearance, and settlement of securities trades, and safekeeping of securities across a securities market. 193 An analogous settlement mechanism of delivery versus delivery (DvD) also exists. A DvD settlement mechanism is a securities settlement mechanism which links two or more securities transfers in such a way as to ensure that delivery of one security occurs if and only if the corresponding delivery(ies) of the other security(ies) occur(s). 152 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 its own governance structure and operating rules. An independent SSS may also provide additional securities clearing and settlement services, such as the confirmation of trades and settlement obligations. An SSS may operate independently of, or as part of, a CSD. Further, an SSS can provide a guarantee of finality or settlement from the system itself or its participants for each transaction accepted by the system, or offer no form of guarantee at all and simply provide the technical operations of an SSS. Institutional designs An SSS can use a number of DvP settlement mechanisms to settle obligations. These mechanisms may involve either the simultaneous settlement of securities and funds or the sequential settlement of securities and funds. In addition, settlement may occur on an obligation-by-obligation (that is, gross) or on a net basis. There are three common models for achieving DvP. 194 The first, DvP model 1, is a system that settles transfers for both securities and funds on a gross basis, with final (irrevocable and unconditional) transfer of securities from the seller to the buyer (delivery) occurring at the same time as final transfer of funds from the buyer to the seller (payment). The second, DvP model 2, is a system that settles securities transfer obligations on a gross basis, with final transfer of securities from the seller to the buyer occurring throughout the processing cycle, but settles funds transfer obligations on a net basis, with final transfer of funds from the buyer to the seller occurring at the end of the processing cycle. Lastly, the third, DvP model 3, is a system that settles transfer obligations for both securities and funds on a net basis, with final transfers of both securities and funds occurring at the end of the processing cycle. Model 1: Gross, simultaneous settlements of securities and funds transfers The essential characteristic of a DvP model 1 system is the simultaneous settlement of individual securities transfers and associated funds transfers. The system typically maintains both securities and funds accounts for participants and makes all transfers by book entry. 195 An “against payment” transfer is settled by debiting the seller’s securities account, crediting the buyer’s securities account, debiting the buyer’s funds account, and crediting the seller’s funds account. 196 All transfers are final at the instant the debits and credits are posted to the securities and funds accounts. Overdrafts (negative balances) on securities accounts are prohibited, but the settlement agent typically provides intraday credit on funds accounts to facilitate settlement, subject to the SSS’s operating rules and risk-management controls. An advantage of model 1 is that transactions become final on an obligation-by-obligation basis during the course of the settlement day, thus reducing credit and liquidity exposures among participants or between a participant and the SSS. A disadvantage of model 1, however, is that it requires participants to cover the principal value of the funds leg of each obligation, thus requiring a potentially large amount of liquidity from participants. To help mitigate this disadvantage, some systems have adopted mechanisms for both securities and funds similar to the liquidity-saving mechanisms used by payment systems. 194 See CPSS, Delivery versus payment in securities settlement systems, September 1992. 195 If funds accounts are held by another entity, a communications link must be established between the operator of the securities transfer system and the entity handling participants’ funds to provide the securities transfer system with real-time information on the completion of funds transfers. 196 The system may also allow participants to make “free of payment”, that is, transfers of securities without a corresponding transfer of funds, or “free of transfers”, that is, transfers of funds without a corresponding transfer of securities. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 153 Model 2: Gross settlements of securities transfers followed by net settlement of funds transfers The essential characteristic of a DvP model 2 system is that securities transfers are settled on a obligation-by-obligation (gross) basis throughout the processing cycle, while funds transfers are settled on a net basis, typically at the end of the processing cycle. The system maintains securities accounts for participants. Funds accounts may be maintained by a separate entity, such as a commercial bank or a central bank. Securities are transferred by book entry. These securities transfers are usually provisional until the corresponding funds settlement becomes final. The corresponding funds transfers are irrevocable but not final. During the processing cycle (or perhaps at the end of the settlement day) the system calculates net balances of funds debits and credits. The net balances are settled at the end of the processing cycle when the net debit positions and net credit positions are posted to the books of the commercial bank or central bank that maintains the funds accounts. Settlement of funds transfers may occur once a day or several times a day. Like model 1 systems, model 2 systems prohibit participants from overdrawing securities accounts but, in some cases, intraday credit is allowed for funds, subject to SSS or participant established limits or risk-management controls. A securities transfer may be rejected if there are insufficient securities available in the seller’s account or the seller fails any other risk-management test. By netting the funds values among participants, a model 2 system requires significantly less liquidity for settlement, as compared to a model 1 system. A disadvantage to model 2, however, is the amount of risk created by the delay in settlement finality, which is only achieved at the end of the settlement day (or at designated times during the day). Model 3: Simultaneous net settlement of securities and funds transfers The essential characteristic of a DvP model 3 system is the simultaneous net settlement of both securities and funds transfer obligations. Settlement may occur once a day or at several times during the day. The system maintains securities accounts for participants. Funds accounts may be maintained by the SSS or a separate entity, such as a commercial bank or a central bank. Securities are transferred by book entry. During a processing cycle (or at the end of the settlement day), net balances of debits and credits to securities and funds accounts are calculated. However, book-entry transfers of securities do not occur until the end of the processing cycle. In the interim, all securities and funds transfers are provisional. At the end of the processing cycle (and possibly also at points during the processing cycle) the system checks whether those participants in a net debit position in securities and funds have sufficient balances to cover their net debits. 197 If a participant has insufficient balances, it may be notified and given an opportunity to obtain the necessary securities or funds. Final transfers of the net securities balances and net funds balances are executed if and only if all participants with net debit positions have sufficient balances of securities and funds. A disadvantage to model 3, however, is the potentially large liquidity exposures created if a participant fails to settle its net funds debit position. In this scenario, some or all of the defaulting participant’s transfers may have to be unwound. Settlement process The process of clearing and settling a securities trade includes three key steps: the confirmation of the settlement obligations; clearance (the calculation of the obligations of the counterparties resulting from the confirmation process); and settlement (the final transfer of securities in exchange for final transfer of funds in order to settle the obligations). An SSS, as 197 In some systems a transfer would not be processed if it would result in a net debit position in a security larger than the participant’s balance in that security. In other systems, however, an inadequate securities balance might not become evident until later in the processing cycle or at the end of the processing cycle. 154 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 strictly defined in this report, is involved in the settlement step of the clearing and settlement process, but many SSSs may be organised to provide additional securities clearing and settlement services, such as trade confirmation, settlement obligation validation, and securities safekeeping and custody. Confirmation of settlement obligations Once a trade is executed, the first step in the clearing and settlement process is to ensure that the counterparties to the trade (the buyer and the seller) agree on the terms, including the securities involved, the amounts to be exchanged, and the settlement date. This process of trade confirmation can take place in a variety of ways and the trading mechanism itself often determines how it occurs. For example, an electronic trading system may automatically produce a confirmed trade between the two counterparties. Other trades may be confirmed by exchanges, CCPs, or other organizations based on data submitted to them by the participants. In over-the-counter (OTC) markets, participants typically confirm the trade bilaterally. Clearance After trades have been confirmed, the next step in the process is clearance, which is the computation of the counterparties’ obligations to make deliveries or payments on the settlement date. Clearance typically occurs in one of two ways, either on a gross basis, in which systems compute obligations for every trade individually, or a net basis. In some markets, a CCP interposes itself between the counterparties to a securities trade, taking on each party’s obligation in relation to the other. A CCP typically reduces credit and liquidity risks for the trade counterparties by netting the underlying trade obligations. Netting arrangements are increasingly common in securities markets with high volumes of trades because properly designed netting algorithms produce significant reductions in gross exposures in such markets. Trade or obligation netting arrangements should be distinguished from settlement or payment netting arrangements, in which underlying obligations are not extinguished but funds or securities transfers are settled on a net basis. Settlement Settlement of a trade involves the final transfer of the securities from the seller to the buyer (delivery) and the final transfer of funds from the buyer to the seller (payment). The processing of transfers by an SSS (and perhaps a payment system) often involves several stages before the transfers are final and the settlement process is complete. The obligation is discharged when the transfer becomes final, that is, an irrevocable and unconditional transfer. Central counterparties A CCP interposes itself between counterparties to contracts traded in one or more financial markets, becoming the buyer to every seller and the seller to every buyer and thereby ensuring the performance of open contracts. A CCP becomes a counterparty to trades with market participants through novation, open-offer, or an analogous legally binding arrangement. A CCP has the potential to reduce its participants’ risks significantly by multilaterally netting trades and imposing more-effective risk controls on all participants. A CCP’s typical risk controls include requiring participants to provide collateral (usually in the form of margin) to cover current and potential future exposures, collecting and paying markto-market losses and gains frequently to reduce current exposure, and requiring participants to share residual risk in the event that one or more participant defaults. A CCP’s riskreduction mechanisms can also reduce systemic risk in the markets it serves depending on the effectiveness of the CCP’s risk controls and the adequacy of its financial resources. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 155 Organisational structures A CCP may be privately or publicly owned and operate on an at-cost or for-profit basis. A CCP may serve one or more markets where trades are conducted on an exchange, over-thecounter, or both and, potentially, operate across multiple jurisdictions. A CCP may be vertically or horizontally integrated. 198 Vertical integration in clearing is characterised by the formation of an integrated group, typically bringing trade and post-trade infrastructure providers under common ownership with other parts of the value chain. Horizontal integration occurs when a CCP expands clearing to more than one type of product or the products traded at more than one trading venue. 199 Institutional designs Institutional designs vary from one CCP to another. These differences may reflect risk characteristics of the instruments that the CCP clears, the characteristics of the participants for which the CCP clears, other external factors, and the design of the CCP’s riskmanagement framework. Factors affecting institutional design A number of factors affect the institutional design of a CCP, including its risk-management framework. Among these are the risk characteristics of the instruments that a CCP clears. For example, some instruments may be complex or have high market volatility, jump-todefault risk, or other hard-to-model sources of risk. Another important factor is the inherent liquidity of the market being served. A less liquid market will lead to, among other things, longer close-out times, increased difficulty in marking-to-market, and increased model risk. Other attributes affecting institutional design are the magnitude of the duration of the exposure between the CCP and its counterparties. Contracts cleared by a CCP can vary in length from as short as one day (such as in some securities markets) to upwards of several decades (such as in the credit-default swap market). Additionally, some contracts are characterised by trading practices that feature long periods between trade date and final settlement (such as in the futures market). Further, the design of a CCP may be influenced by the characteristics of the market participants for which the CCP clears. In some markets, a CCP may permit a diverse set of market participants to access its services. These participants can range from large banks to small non-bank dealers, and possibly buy-side firms. The range market participants may affect the CCP’s risk-management framework, including the amount of financial resources, eligible collateral, and loss-sharing arrangements. Further, the design of a CCP is further influenced by other external requirements, such as regulatory requirements, required levels of funding, and capital costs. A careful analysis of these, and the individual risk appetite of the CCP, will influence decisions towards one design over another. As such, legal and institutional arrangements will also influence the institutional design of a CCP. For example, the laws governing novation, open offer, and similar legal devices may vary by jurisdiction. Form of guarantee An important element of any CCP design is the legal mechanism for the CCP to become the counterparty to its participants’ trades. In most cases, this is either novation or open offer. In novation, the original contract between the buyer and seller is discharged and two new 198 See also CPSS, Market structure developments in the clearing industry: implications for financial stability, September 2010. 199 It should be noted that, in some jurisdictions, a CCP may be classified as either vertically or horizontally integrated; the two are not mutually exclusive. 156 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 contracts are created, one between the CCP and the buyer and the other between the CCP and the seller. The CCP thereby assumes the original parties’ contractual obligations to each other. In an open-offer system, a CCP extends an open offer to act as a counterparty to its participants and is automatically and immediately interposed in a transaction at the moment the buyer and seller agree on the terms, either at the exchange or at the point of agreement over-the-counter. In an open offer system, if all pre-agreed conditions are met, the buyer and seller never have a contractual relationship. In jurisdictions that support them, both novation and open offer give market participants legal certainty that a CCP is obligated to effect settlement. Other legal mechanisms that allow a CCP to guarantee obligations and perform netting also exist such as explicit and legally binding, settlement guarantees. Approaches to loss allocation In the event of a participant default, a CCP will need access to financial resources to perform on its obligations and may need to initiate its loss-allocation procedures. In developing its loss-allocation procedures, a CCP may combine a defaulter-pay approach and a survivorpay approach. Defaulter-pay approach. In employing a defaulter-pay approach, a CCP seeks to cover a large proportion of its losses with the defaulting participant’s financial resources. A CCP seeking to emphasize the use of the defaulter-pay approach would have higher levels of financial resources provided by the defaulter in the default waterfall, thereby making it less likely that losses will need to be allocated to non-defaulting participants through pooling-ofresources arrangements, such as a default fund. In these arrangements, the initial margin provided by non-defaulting participants cannot be used to cover losses. Defaulter-pay approaches typically decrease moral hazard because each participant is responsible for a significant proportion of its own potential losses. The use of defaulter-pay approach has historically been more prevalent in derivatives markets. Survivor-pay approach. In employing a survivor-pay approach, a CCP would cover a residual portion of its losses with non-defaulting participants’ resources through a pooling-ofresources arrangement, such as a default fund. The pooling of resources effectively acts as an insurance arrangement supported by all of the participants. Non-defaulting participants of the CCP will typically bear the risk of losses not covered by the defaulter’s resources. There are a number of ways to allocate such losses among non-defaulting participants at different CCPs and in different jurisdictions. When applying this approach, the CCP should be attentive to the contagion risks created by interdependencies among participants. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 157 PSs CSDs SSSs CCPs TRs Annex E: Matrix of applicability of key considerations to specific types of FMIs Principle 1: Legal basis ● ● ● ● ● 1. The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. ● ● ● ● ● 2. An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. ● ● ● ● ● 3. An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. ● ● ● ● ● 4. An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. ● ● ● ● ● 5. An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. ● ● ● ● ● Principle 2: Governance ● ● ● ● ● 1. An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations. ● ● ● ● ● 2. An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. ● ● ● ● ● 3. The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. ● ● ● ● ● 4. The board should contain suitable members with the appropriate skills and incentives to fulfil its multiple roles. This typically requires the inclusion of non-executive board member(s). ● ● ● ● ● 5. The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. ● ● ● ● ● 6. The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board. ● ● ● ● ● 7. The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. ● ● ● ● ● Key considerations 158 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 PSs CSDs SSSs CCPs TRs Principle 3: Framework for the comprehensive management of risks ● ● ● ● ● 1. An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. ● ● ● ● ● 2. An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. ● ● ● ● ● 3. An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. ● ● ● ● ● 4. An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. ● ● ● ● ● Principle 4: Credit risk ● ● ● 1. An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. ● ● ● 2. An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. ● ● ● 3. A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS payment system or DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. ● ● Key considerations (cont) 4. A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 ● 159 5. A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. ● 6. In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. ● 7. An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. ● ● ● Principle 5: Collateral ● ● ● 1. An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. ● ● ● 2. An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. ● ● ● 3. In order to reduce the need for procyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. ● ● ● 4. An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. ● ● ● 5. An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. ● ● ● 6. An FMI should use a collateral management system that is welldesigned and operationally flexible. ● ● ● 160 TRs CCPs SSSs CSDs PSs Key considerations (cont) CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Principle 6: Margin ● 1. A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. ● 2. A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. ● 3. A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established singletailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more-granular levels, such as at the subportfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for destabilising, procyclical changes. ● 4. A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and unscheduled, to participants. ● 5. In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall riskmanagement systems. ● 6. A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting and at least monthly, and more-frequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. ● 7. A CCP should regularly review and validate its margin system. ● CPSS-IOSCO – Principles for financial market infrastructures – April 2012 TRs CCPs SSSs CSDs PSs Key considerations (cont) 161 CCPs ● ● 1. An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. ● ● ● 2. An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. ● ● ● 3. A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. ● ● ● 4. A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. 5. For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. ● ● ● 6. An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. ● ● ● 162 TRs SSSs CSDs ● PSs Principle 7: Liquidity risk Key considerations (cont) CPSS-IOSCO – Principles for financial market infrastructures – April 2012 CCPs ● ● 8. An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. ● ● ● 9. An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. ● ● ● 10. An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. ● ● ● Principle 8: Settlement finality ● ● ● 1. An FMI’s rules and procedures should clearly define the point at which settlement is final. ● ● ● 2. An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. ● ● ● 3. An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. ● ● ● CPSS-IOSCO – Principles for financial market infrastructures – April 2012 TRs SSSs CSDs ● PSs 7. An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. Key considerations (cont) 163 CCPs ● ● 1. An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. ● ● ● 2. If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. ● ● ● 3. If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. ● ● ● 4. If an FMI conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks. ● ● ● 5. An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. ● ● ● Principle 10: Physical deliveries ● ● ● 1. An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. ● ● ● 2. An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. ● ● ● Principle 11: Central securities depositories ● 1. A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains. ● 2. A CSD should prohibit overdrafts and debit balances in securities accounts. ● 3. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. ● 4. A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. ● 5. A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. ● 6. A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks. ● 164 TRs SSSs CSDs ● PSs Principle 9: Money settlements Key considerations (cont) CPSS-IOSCO – Principles for financial market infrastructures – April 2012 CCPs ● ● 1. An FMI that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis and when finality occurs. ● ● ● Principle 13: Participant-default rules and procedures ● ● ● ● 1. An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. ● ● ● ● 2. An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. ● ● ● ● 3. An FMI should publicly disclose key aspects of its default rules and procedures. ● ● ● ● 4. An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. ● ● ● ● Principle 14: Segregation and portability ● 1. A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. ● 2. A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. ● 3. A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. ● 4. A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. ● TRs SSSs CSDs ● PSs Principle 12: Exchange-of-value settlement systems Key considerations (cont) Principle 15: General business risk ● ● ● ● ● 1. An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. ● ● ● ● ● CPSS-IOSCO – Principles for financial market infrastructures – April 2012 165 PSs CSDs SSSs CCPs TRs 2. An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. ● ● ● ● ● 3. An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international riskbased capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. ● ● ● ● ● 4. Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. ● ● ● ● ● 5. An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. ● ● ● ● ● Principle 16: Custody and investment risks ● ● ● ● 1. An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. ● ● ● ● 2. An FMI should have prompt access to its assets and the assets provided by participants, when required. ● ● ● ● 3. An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. ● ● ● ● 4. An FMI’s investment strategy should be consistent with its overall riskmanagement strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. ● ● ● ● Principle 17: Operational risk ● ● ● ● ● 1. An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. ● ● ● ● ● 2. An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk-management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. ● ● ● ● ● 3. An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. ● ● ● ● ● 4. An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. ● ● ● ● ● 5. An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. ● ● ● ● ● Key considerations (cont) 166 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 PSs CSDs SSSs CCPs TRs 6. An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. ● ● ● ● ● 7. An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. ● ● ● ● ● Principle 18: Access and participation requirements ● ● ● ● ● 1. An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. ● ● ● ● ● 2. An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the leastrestrictive impact on access that circumstances permit. ● ● ● ● ● 3. An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. ● ● ● ● ● Principle 19: Tiered participation arrangements ● ● ● ● ● 1. An FMI should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements. ● ● ● ● ● 2. An FMI should identify material dependencies between direct and indirect participants that might affect the FMI. ● ● ● ● ● 3. An FMI should identify indirect participants responsible for a significant proportion of transactions processed by the FMI and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the FMI in order to manage the risks arising from these transactions. ● ● ● ● ● 4. An FMI should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate. ● ● ● ● ● Principle 20: FMI links ● ● ● ● 1. Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. ● ● ● ● 2. A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. ● ● ● ● Key considerations (cont) CPSS-IOSCO – Principles for financial market infrastructures – April 2012 167 4. Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. ● ● 5. An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. ● ● 6. An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. ● ● 7. Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. ● 8. Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfil its obligations to its own participants at any time. ● TRs SSSs ● CCPs CSDs ● PSs 3. Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high-quality collateral and be subject to limits. Key considerations (cont) ● 9. A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Principle 21: Efficiency and effectiveness ● ● ● ● ● 1. An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. ● ● ● ● ● 2. An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities. ● ● ● ● ● 3. An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. ● ● ● ● ● Principle 22: Communication procedures and standards ● ● ● ● ● 1. An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. ● ● ● ● ● Principle 23: Disclosure of rules, key procedures, and market data ● ● ● ● ● 1. An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. ● ● ● ● ● 2. An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. ● ● ● ● ● 3. An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. ● ● ● ● ● 168 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 PSs CSDs SSSs CCPs TRs 4. An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. ● ● ● ● ● 5. An FMI should complete regularly and disclose publicly responses to the CPSS-IOSCO Disclosure framework for financial market infrastructures. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. ● ● ● ● ● Key considerations (cont) Principle 24: Disclosure of market data by trade repositories ● 1. A TR should provide data in line with regulatory and industry expectations to relevant authorities and the public, respectively, that is comprehensive and at a level of detail sufficient to enhance market transparency and support other public policy objectives. ● 2. A TR should have effective processes and procedures to provide data to relevant authorities in a timely and appropriate manner to enable them to meet their respective regulatory mandates and legal responsibilities. ● 3. A TR should have robust information systems that provide accurate current and historical data. Data should be provided in a timely manner and in a format that permits it to be easily analysed. ● CPSS-IOSCO – Principles for financial market infrastructures – April 2012 169 Annex F: Oversight expectations applicable to critical service providers The operational reliability of an FMI may be dependent on the continuous and adequate functioning of service providers that are critical to an FMI’s operations, such as information technology and messaging providers. A regulator, supervisor, or overseer of an FMI may want to establish expectations for an FMI’s critical service providers in order to support the FMI’s overall safety and efficiency. The expectations should help ensure the operations of a critical service provider are held to the same standards as if the FMI provided the service. The expectations outlined below are specifically targeted at critical service providers and cover risk identification and management, robust information security management, reliability and resilience, effective technology planning, and strong communications with users. These expectations are written at a broad level, allowing critical service providers flexibility in demonstrating that they meet the expectations. 1. Risk identification and management A critical service provider is expected to identify and manage relevant operational and financial risks to its critical services and ensure that its risk-management processes are effective. A critical service provider should have effective processes and systems for identifying and documenting risks, implementing controls to manage risks, and making decisions to accept certain risks. A critical service provider may face risks related to information security, reliability and resilience, and technology planning, as well as legal and regulatory requirements pertaining to its corporate organisation and conduct, relationships with customers, strategic decisions that affect its ability to operate as a going concern, and dependencies on third parties. A critical service provider should reassess its risks, as well as the adequacy of its risk-management framework in addressing the identified risks, on an ongoing basis. The identification and management of risks should be overseen by the critical service provider’s board of directors (board) and assessed by an independent, internal audit function that can communicate clearly its assessments to relevant board members. The board is expected to ensure an independent and professional internal audit function. The internal audit function should be reviewed to ensure it adheres to the principles of a professional organisation that governs audit practice and behaviour (such as the Institute of Internal Auditors) and is able to independently assess inherent risks as well as the design and effectiveness of risk-management processes and internal controls. The internal audit function should also ensure that its assessments are communicated clearly to relevant board members. 2. Information security A critical service provider is expected to implement and maintain appropriate policies and procedures, and devote sufficient resources to ensure the confidentiality and integrity of information and the availability of its critical services in order to fulfil the terms of its relationship with an FMI. A critical service provider should have a robust information security framework that appropriately manages its information security risks. The framework should include sound policies and procedures to protect information from unauthorised disclosure, ensure data integrity, and guarantee the availability of its services. In addition, a critical service provider should have policies and procedures for monitoring its compliance with its information security framework. 170 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 This framework should also include capacity planning policies and change-management practices. For example, a critical service provider that plans to change its operations should assess the implications of such a change on its information security arrangements. 3. Reliability and resilience A critical service provider is expected to implement appropriate policies and procedures, and devote sufficient resources to ensure that its critical services are available, reliable, and resilient. Its business continuity management and disaster recovery plans should therefore support the timely resumption of its critical services in the event of an outage so that the service provided fulfils the terms of its agreement with an FMI. A critical service provider should ensure that it provides reliable and resilient operations to users, whether these operations are provided to an FMI directly or to both an FMI and its participants. A critical service provider should have robust operations that meet or exceed the needs of the FMI. Any operational incidents should be recorded and reported to the FMI and the FMI’s regulator, supervisor, or overseer. Incidents should be analysed promptly by the critical service provider in order to prevent recurrences that could have greater implications. In addition, a critical service provider should have robust business continuity and disaster recovery objectives and plans. These plans should include routine business continuity testing and a review of these test results to assess the risk of a major operational disruption. 4. Technology planning The critical provider is expected to have in place robust methods to plan for the entire lifecycle of the use of technologies and the selection of technological standards. A critical service provider should have effective technology planning that minimises overall operational risk and enhances operational performance. Planning entails a comprehensive information technology strategy that considers the entire lifecycle for the use of technologies and a process for selecting standards when deploying and managing a service. Proposed changes to a critical service provider’s technology should entail a thorough and comprehensive consultation with the FMI and, where relevant, its participants. A critical service provider should regularly review its technology plans, including assessments of its technologies and the processes it uses for implementing change. 5. Communication with users A critical service provider is expected to be transparent to its users and provide them sufficient information to enable users to understand clearly their roles and responsibilities in managing risks related to their use of a critical service provider. A critical service provider should have effective customer communication procedures and processes. In particular, a critical service provider should provide the FMI and, where appropriate, its participants with sufficient information so that users clearly understand their roles and responsibilities, enabling them to manage adequately their risks related to their use of the services provided. Useful information for users typically includes, but is not limited to, information concerning the critical service provider’s management processes, controls, and independent reviews of the effectiveness of these processes and controls. As a part of its communication procedures and processes, a critical service provider should have mechanisms to consult with users and the broader market on any technical changes to its operations that may affect its risk profile, including incidences of absent or non-performing risk controls of services. In addition, a critical service provider should have a crisis communication plan to handle operational disruptions to its services. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 171 Annex G: Bibliography BCBS, The application of Basel II to trading activities and the treatment of double default effects, April 2005. BCBS, International convergence of capital measurement and capital standards, June 2006. BCBS, Principles for sound stress testing practices and supervision, May 2009. BCBS, Sound practices for backtesting counterparty credit risk models - consultative document, April 2010. CGFS, Implications of repo markets for central banks, 1999. CGFS, The macrofinancial implications of alternative configurations for access to central counterparties in OTC derivatives markets, November 2011. CGFS, The role of margin requirements and haircuts in procyclicality, March 2010. CPSS, Central bank oversight of payment and settlement systems, May 2005. CPSS, Core principles for systemically important payment systems, January 2001. CPSS, Delivery versus payment in securities settlement systems, September 1992. CPSS, A glossary of terms used in payments and settlement systems, March 2003. CPSS, The interdependencies of payment and settlement systems, June 2008. CPSS, Market structure developments in the clearing industry: implications for financial stability, September 2010. CPSS, New developments in large value payment systems, May 2005. CPSS, Report of the Committee on Interbank Netting Schemes of the central banks of the Group of Ten countries, November 1990. CPSS, Strengthening repo clearing and settlement arrangements, September 2010. CPSS-IOSCO, Assessment methodology for 'Recommendations for securities settlement systems', November 2002. CPSS-IOSCO, Considerations for trade repositories in OTC derivatives, May 2010. CPSS-IOSCO, Guidance on the application of 2004 CPSS-IOSCO recommendations for central counterparties to OTC derivatives CCPs, May 2010. CPSS-IOSCO, Recommendations for central counterparties, November 2004. CPSS-IOSCO, Recommendations for securities settlement systems, November 2001. CPSS-IOSCO, Report on OTC derivatives data reporting and aggregation requirements, January 2012. CPSS-IOSCO, Securities lending transactions: market development and implications, 1999. European Central Bank and Eurosystem, Glossary of terms related to payment, clearing, and settlement systems, December 2009. Financial Stability Forum, FSF principles for sound compensation practices, April 2009. FSB, Key attributes of effective resolution regimes for financial institutions, October 2011. FSB, Implementing OTC derivatives market reforms, October 2010. IOSCO, Client asset protection, 1996. 172 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 IOSCO, Multilateral memorandum of understanding for cooperation concerning consultation and cooperation and the exchange of information, May 2002. IOSCO, Objectives and principles of securities regulation, October 2003. IOSCO, Principles regarding cross-border supervisory cooperation, May 2010. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 173 Annex H: Glossary For general definitions of terms not found in this glossary, please see CPSS, A glossary of terms used in payments and settlement systems, March 2003, and European Central Bank and Eurosystem, Glossary of terms related to payment, clearing, and settlement systems, December 2009. Term Definition affiliates A company that controls, or is controlled by, or is under common control with the participant. Control of a company is defined as (a) ownership, control, or holding with power to vote 20 percent or more of a class of voting securities of the company; or (b) consolidation of the company for financial reporting purposes. backtesting An ex-post comparison of observed outcomes with expected outcomes derived from the use of margin models. batch settlement The settlement of groups of payments, transfer instructions, or other obligations together at one or more discrete, often pre-specified times during the processing day. beneficial owner A person or entity that is entitled to receive some or all of the rights deriving from ownership of a security or financial instrument (for example, income, voting rights, and power to transfer). book-entry The transfer of securities and other financial assets which does not involve the physical movement of paper documents or certificates (for example, the electronic transfer of securities). business continuity A state of uninterrupted business operations. This term also refers to all of the organisational, technical, and staffing measures used to ensure the continuation of operations following a disruption to a service, including in the event of a wide-scale or major disruption. central bank money A liability of a central bank, in this case in the form of deposits held at the central bank, which can be used for settlement purposes. central counterparty An entity that interposes itself between counterparties to contracts traded in one or more financial markets, becoming the buyer to every seller and the seller to every buyer and thereby ensuring the performance of open contracts. central securities depository An entity that provides securities accounts, central safekeeping services, and asset services, which may include the administration of corporate actions and redemptions, and plays an important role in helping to ensure the integrity of securities issues (that is, ensure that securities are not accidentally or fraudulently created or destroyed or their details changed). choice of law A contractual provision by which parties choose the law that will govern their contract or relationship. Choice of law may also refer to the question of what law should govern in the case of a conflict of laws. 174 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Term Definition clearing The process of transmitting, reconciling, and, in some cases, confirming transactions prior to settlement, potentially including the netting of transactions and the establishment of final positions for settlement. Sometimes this term is also used (imprecisely) to cover settlement. For the clearing of futures and options, this term also refers to the daily balancing of profits and losses and the daily calculation of collateral requirements. clearing fund A prefunded default arrangement that is composed of assets contributed by a CCP’s participants that may be used by the CCP in certain circumstances to cover losses or liquidity pressures resulting from participant defaults. collateral An asset or third-party commitment that is used by a collateral provider to secure an obligation vis-à-vis a collateral taker. commercial bank money A liability of a commercial bank, in the form of deposits held at the commercial bank, which can be used for settlement purposes. confirmation A process whereby the terms of a trade are verified either by directly involved market participants or by a central entity. conflict of laws An inconsistency or difference in the laws of jurisdictions that have a potential interest in a transaction. counterparty A party to a trade. credit risk The risk that a counterparty, whether a participant or other entity, will be unable to meet fully its financial obligations when due, or at any time in the future. cross-margining agreement An agreement among CCPs to consider positions and supporting collateral at their respective organisations as a common portfolio for participants that are members of two or more of the organisations. current exposure The loss that an FMI (or in some cases, its participants) would face immediately if a participant were to default. Current exposure is technically defined as the larger of zero or the market value (or replacement cost) of a transaction or portfolio of transactions within a netting set with a counterparty that would be lost upon the default of the counterparty. custody risk The risk of loss on assets held in custody in the event of a custodian’s (or subcustodian’s) insolvency, negligence, fraud, poor administration, or inadequate recordkeeping. default An event stipulated in an agreement as constituting a default. Generally, such events relate to a failure to complete a transfer of funds or securities in accordance with the terms and rules of the system in question. deferred net settlement A net settlement mechanism which settles on a net basis at the end of a predefined settlement cycle. delivery versus delivery A securities settlement mechanism that links two securities transfers in such a way as to ensure that delivery of one security occurs if and only if the corresponding delivery of the other security occurs. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 175 Term Definition delivery versus payment A securities settlement mechanism that links a securities transfer and a funds transfer in such a way as to ensure that delivery occurs if and only if the corresponding payment occurs. dematerialisation The elimination of physical certificates or documents of title that represent ownership of securities so that securities exist only as accounting records. derivative A financial contract whose value depends on the value of one or more underlying reference assets, rates or indices, on a measure of economic value or on factual events. fellow-customer risk The risk that another customer of the same participant will default and create a loss that exceeds both the amount of available collateral supporting the defaulting customer’s positions and the available resources of the participant. final settlement The irrevocable and unconditional transfer of an asset or financial instrument, or the discharge of an obligation by the FMI or its participants in accordance with the terms of the underlying contract. Final settlement is a legally defined moment. financial market infrastructure A multilateral system among participating institutions, including the operator of the system, used for the purposes of clearing, settling, or recording payments, securities, derivatives, or other financial transactions. general business risk Any potential impairment of the FMI’s financial position (as a business concern) as a consequence of a decline in its revenues or an increase in its expenses, such that expenses exceed revenues and result in a loss that must be charged against capital. governance The set of relationships between an FMI’s owners, board of directors (or equivalent), management, and other relevant parties, including participants, authorities, and other stakeholders (such as participants’ customers, other interdependent FMIs, and the broader market). haircut A risk control measure applied to underlying assets whereby the value of those underlying assets is calculated as the market value of the assets reduced by a certain percentage (the “haircut”). Haircuts are applied by a collateral taker in order to protect itself from losses resulting from declines in the market value of a security in the event that it needs to liquidate that collateral. immobilisation The act of concentrating the location of securities in a depository and transferring ownership by book entry. initial margin Collateral that is collected to cover potential changes in the value of each participant’s position (that is, potential future exposure) over the appropriate close-out period in the event the participant defaults. investment risk The risk of loss faced by an FMI when it invests its own or its participants’ resources, such as collateral. investor CSD A term used in the context of CSD links. An investor CSD – or a third party acting on behalf of the investor CSD – opens an account in another CSD (the issuer CSD) so as to enable the cross-system settlement of securities transactions. 176 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Term Definition issuer CSD A CSD in which securities are issued (or immobilised). The issuer CSD opens accounts allowing investors (in a direct holding system) and intermediaries (including investor CSDs) to hold these securities. large-value payment system A funds transfer system that typically handles large-value and highpriority payments. legal risk The risk of the unexpected application of a law or regulation, usually resulting in a loss. liquidity risk The risk that a counterparty, whether a participant or other entity, will have insufficient funds to meet its financial obligations as and when expected, although it may be able to do so in the future. mark to market The practice of revaluing securities and financial instruments using current market prices. netting The offsetting of obligations between or among participants in the netting arrangement, thereby reducing the number and value of payments or deliveries needed to settle a set of transactions. novation A process through which the original obligation between a buyer and a seller is discharged through the substitution of the CCP as seller to the buyer and buyer to the seller, creating two new contracts. omnibus account An account structure where securities or collateral belonging to some or all customers of a particular participant is commingled and held in a single account segregated from that of the participant. open offer A process through which a CCP extends an “open offer” to act as counterparty to market participants and thereby is interposed between participants at the time a trade is executed. operational risk The risk that deficiencies in information systems or internal processes, human errors, management failures, or disruptions from external events will result in the reduction, deterioration, or breakdown of services provided by an FMI. payment system A set of instruments, procedures, and rules for the transfer of funds between or among participants; the system includes the participants and the entity operating the arrangement. payment versus payment A settlement mechanism that ensures that the final transfer of a payment in one currency occurs if and only if the final transfer of a payment in another currency or currencies takes place. physical delivery The delivery of an asset, such as an instrument or commodity, in physical form. portability The operational aspects of the transfer of contractual positions, funds, or securities from one party to another party. potential future exposure Any potential credit exposure that an FMI could face at a future point in time. Potential future exposure is technically defined as the maximum exposure estimated to occur at a future point in time at a high level of statistical confidence. Potential future exposure arises from potential fluctuations in the market value of a participant’s open positions between the time they are incurred or reset to the current market price, and the time they are liquidated or effectively hedged. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 177 Term Definition principal risk The risk that a counterparty will lose the full value involved in a transaction, for example, the risk that a seller of a financial asset will irrevocably deliver the asset, but not receive payment. procyclicality The changes in risk-management requirements or practices that are positively correlated with business or credit cycle fluctuations and that may cause or exacerbate financial instability. real-time gross settlement The real-time settlement of payments, transfer instructions, or other obligations individually on a transaction-by-transaction basis. reconciliation A procedure to verify that two sets of records issued by two different entities match. replacement cost The unrealised gain on the unsettled contract or the cost of replacing the original contract at market prices that may be changing rapidly during periods of stress. replacementcost risk The risk of loss of unrealised gains on unsettled transactions with a counterparty. The resulting exposure is the cost of replacing the original transaction at current market prices. repurchase agreement (repo) A contract to sell and subsequently repurchase securities at a specified date and price. retail payment system A funds transfer system that typically handles a large volume of relatively low-value payments in such forms as cheques, credit transfers, direct debits, and card payment transactions. securities registrar An entity that provides the service of preparing and recording accurate, current, and complete securities registers for securities issuers. securities settlement system An entity that enables securities to be transferred and settled by book entry according to a set of predetermined multilateral rules. Such systems allow transfers of securities either free of payment or against payment. segregation A method of protecting customer collateral and contractual positions by holding or accounting for them separately from those of the direct participant (such as a carrying firm or broker). settlement risk The general term used to designate the risk that settlement in a funds or securities transfer system will not take place as expected. This risk may comprise both credit and liquidity risk. specific wrongway risk The risk that an exposure to a counterparty is highly likely to increase when the creditworthiness of that counterparty is deteriorating. stress testing The estimation of credit and liquidity exposures that would result from the realisation of extreme price changes. systemic risk The risk that the inability of one or more participants to perform as expected will cause other participants to be unable to meet their obligations when due. trade repository An entity that maintains a centralised electronic record (database) of transaction data. 178 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Term Definition unwind The process used to recalculate obligations in some net settlement systems where transfers between the accounts of participants are provisional until all of them have finally discharged their settlement obligations. If a particular participant fails to settle, some or all of the provisional transfers involving that participant are deleted from the system and the settlement obligations of the remaining participants are recalculated. value date The day on which the payment, transfer instruction, or other obligation is due and the associated funds and securities are typically available to the receiving participant. variation margin Funds that are collected and paid out to reflect current exposures resulting from actual changes in market prices. zero-hour rule A provision in the insolvency law of some countries whereby the transactions conducted by an insolvent institution after midnight on the date the institution is declared insolvent are automatically ineffective by operation of law. CPSS-IOSCO – Principles for financial market infrastructures – April 2012 179 Annex I: Members of the CPSS-IOSCO review of standards This list shows the members of the Steering Group that coordinated the review. Those members who were also part of the Editorial Team that implemented the review and/or who chaired a sub-group looking at a specific review issue have an asterisk next to their name. Steering Group co-chairs Federal Reserve Bank of New York Financial Services Agency, Japan Securities and Exchange Commission, US William C Dudley Masamichi Kono (since August 2011) Kathleen Casey (until July 2011) Editorial Team co-chairs European Central Bank Securities and Exchange Commission, US Daniela Russo* Jeffrey Mooney* Members Reserve Bank of Australia Christopher Kent (since September 2010) Michele Bullock (until August 2010) National Bank of Belgium Johan Pissens* Central Bank of Brazil Daso Maranhão Coimbra (since October 2010) Radjalma Costa (until October 2010) Securities and Exchange Commission of Brazil Marcelo Queiroga Reis Bank of Canada Paul Chilcott (since November 2010)* Carol Ann Northcott (until November 2010) Autorité des marchés financiers, Québec Claude Gatien Ontario Securities Commission Maxime Paré* Superintendencia de Valores y Seguros, Chile Vicente Lazen People's Bank of China Pan Song China Securities Regulatory Commission Fan Yu Shen Bing* European Central Bank Andreas Schönenberger* Karine Themejian* Bank of France Frédéric Hervo* Autorité des marchés financiers, France Sonia Cattarinussi (since November 2011)* Bénédicte Doumayrou (until October 2011)* 180 CPSS-IOSCO – Principles for financial market infrastructures – April 2012 Deutsche Bundesbank Jochen Metzger Roland Neuschwander* Bafin (German Financial Supervisory Authority) Thomas Eufinger Jan Budaeus* Hong Kong Monetary Authority Esmond K Y Lee Securities and Futures Commission, Hong Kong Rico Leung Reserve Bank of India G Padmanabhan Bank of Italy Paolo Marullo Reedtz* Bank of Japan Yutaka Soejima (since June 2011)* Masayuki Mizuno (until June 2011)* Financial Services Agency, Japan Jun Mizuguchi* Kazunari Mochizuki* Jutaro Kaneko* Takashi Nagaoka (until July 2011) Bank of Korea Jeon Beopyong Bank of Mexico David Margolín Schabes Netherlands Bank Ron Berndsen Central Bank of the Russian Federation Nikolay Geronin Saudi Arabian Monetary Agency Ali Al Homidan Monetary Authority of Singapore Andrew Khoo Comisión Nacional del Mercado de Valores, Spain Iñigo de la Lastra Sveriges Riksbank Malin Alpen Swiss National Bank Philipp Haene Swiss Financial Market Supervisory Authority Andreas Bail (since January 2012) Michael Zumbach (from July - December 2011) Tina Müller (until June 2011)* Bank of England Edwin Schooling Latter (since March 2011)* Julian Oliver (from November 2010 until February 2011)* Paul Chilcott (until October 2010)* Financial Services Authority, UK Barry King* Board of Governors of the Federal Reserve System Jeffrey Marquardt* Jennifer Lucier* Paul Wong* Federal Reserve Bank of New York Lawrence Sweet* Commodity Futures Trading Commission, US Ananda Radhakrishnan Robert Wasserman (since March 2011)* Sarah Josephson (until March 2011)* Securities and Exchange Commission, US Alison Duncan* (since October 2010) David Michehl* (until August 2010) CPSS-IOSCO – Principles for financial market infrastructures – April 2012 181 International Monetary Fund Christine Sampic* World Bank Massimo Cirasino* Observers European Commission Patrick Pearson European Securities and Markets Authority Fabrizio Planta Secretariat Bank for International Settlements Daniel Heller* Robert Lindley* International Organization of Securities Commissions Yukako Fujioka (since February 2011)* Werner Bijkerk (until February 2011)* The review also benefited from contributions by Greg Chugg, Louise Carter, Darren Massey (Reserve Bank of Australia), Rogerio Antonio Lucca (Central Bank of Brazil), Suzanne Mercure, Élaine Lanouette (Autorité des marchés financiers, Québec), Sylvia Tyroler (Deutsche Bundesbank), Ryan Ko (Securities and Futures Commission, Hong Kong), Takeshi Mori (Bank of Japan Lau Tze Hon, Loh Pui Hoon, Ken Nagatsuka, Janice Chua (Monetary Authority of Singapore), Miguel Ángel Herrero Alvite (Comisión Nacional del Mercado de Valores, Spain), David Maurer, Thomas Nellen, Robert Oleschak, Andy Sturm (Swiss National Bank), Simon Turek, Ben Mitchell (Financial Services Authority, UK), Travis Nesmith, Mark Magro, Emily Caron, Namirembe Mukasa, Michael Koslow, Jeremy Ward, Kristopher Natoli, Sarah Wright (Board of Governors of the Federal Reserve System), Marsha Takagi, Brian Begalle, Shari Ben-Haim, Kirsten Harlow (Federal Reserve Bank of New York), Marta Chaffee, Joseph Kamnik, Matthew Landon, Katherine Martin, Catherine Moore (US Securities and Exchange Commission) Maria Teresa Chimienti and Mario Guadamillas (World Bank). The Steering Group and Editorial Team co-chairs would also like to give special thanks to Jeffrey Marquardt, Jennifer Lucier, Paul Wong, Mark Magro, Emily Caron, Shari Ben-Haim, Namirembe Mukasa, and Jeremy Ward, who coordinated the drafting of this report. 182 CPSS-IOSCO – Principles for financial market infrastructures – April 2012
@FedFRASER