Financial Stability Standards for Central Counterparties Standard 16: Operational Risk
Note: The headline standard and numbered ‘sub’-standards determined under section 827D(1) of the Corporations Act 2001 have been formatted in bold text while the guidance to these standards has been formatted as plain text. For more information see the Introduction for Standards and Introduction for Guidance. Although the Reserve Bank has taken due care in compiling this page, the published version of the Standards and Guidance should be used in the case of any differences between the two.
A central counterparty should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the central counterparty's obligations, including in the event of a wide-scale or major disruption.
Guidance
Operational risk is the risk that deficiencies in information systems, internal processes and personnel, or disruptions from external events, will result in the reduction, deterioration or breakdown of services provided by a central counterparty. Operational failures can damage a central counterparty's reputation or perceived reliability, lead to legal consequences, and result in financial losses incurred by the central counterparty, participants and other parties. In certain cases, operational failures can also be a source of systemic risk. A central counterparty should: establish a robust framework to manage its operational risks, which should identify the plausible sources of operational risk; deploy appropriate systems; establish appropriate policies, procedures and controls; set operational reliability objectives; and develop a business continuity plan. A central counterparty should take a holistic approach when establishing its operational risk management framework.
Identifying and managing operational risk
16.1 A central counterparty should establish a robust operational risk management framework with appropriate systems, policies, procedures and controls to identify, monitor and manage operational risks.
16.1.1 A central counterparty should actively identify, monitor and manage the plausible sources of operational risk and establish clear policies and procedures to address them. Operational risk can stem from both internal and external sources. Internal sources of operational risk include inadequate identification or understanding of risks and the controls and procedures needed to limit and manage them, inadequate control of systems and processes, inadequate screening of personnel, and, more generally, inadequate management. External sources of operational risk include the failure of critical service providers or utilities or events affecting a wide metropolitan area such as natural disasters, terrorism and pandemics. Both internal and external sources of operational risk can lead to a variety of operational failures that include: errors or delays in message handling; miscommunication; service degradation or interruption; fraudulent activities by staff; and disclosure of confidential information to unauthorised entities. If a central counterparty provides services in multiple time zones, it may face increased operational risk due to longer operational hours and less downtime for maintenance. A central counterparty should identify all potential single points of failure in its operations.[1] Additionally, a central counterparty should assess the evolving nature of the operational risk it faces on an ongoing basis (for example, pandemics and cyber-attacks), so that it can analyse its potential vulnerabilities and implement appropriate defence mechanisms.
16.2 A central counterparty's board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the central counterparty's operational risk management framework. Systems, operational policies, procedures and controls should be reviewed, audited and tested periodically and after significant changes.
16.2.1 A central counterparty should establish clear policies, procedures and controls that mitigate and manage its sources of operational risk. Overall, operational risk management is a continuous process encompassing risk assessment, defining an acceptable tolerance for risk and implementing risk controls. This process results in a central counterparty accepting, mitigating or avoiding risks consistent with its operational reliability objectives. A central counterparty's governance arrangements are pertinent to its operational risk management framework (see also CCP Standard 2 on governance). In particular, a central counterparty's board should explicitly define the roles and responsibilities for addressing operational risk and endorse the central counterparty's operational risk management framework.
16.2.2 To ensure the proper functioning of its risk controls, a central counterparty should have sound internal controls. For example, a central counterparty should have adequate management processes for setting operational standards, measuring and reviewing performance, and correcting deficiencies. A central counterparty may draw on relevant international, national and industry level standards, guidelines or recommendations in designing its operational risk management framework. Conformity with commercial standards can help a central counterparty meet its operational objectives. For example, commercial standards exist for information security, business continuity and project management. A central counterparty should regularly assess the need to integrate the applicable commercial standards into its operational risk management framework. In addition, a central counterparty should seek to comply with relevant commercial standards in a manner commensurate with the central counterparty's importance and level of interconnectedness.
16.2.3 A central counterparty's arrangements with participants, operational policies and operational procedures should be periodically, and whenever necessary, tested and reviewed, especially after significant changes occur to the system or a major incident occurs. In order to minimise any effects of the testing on operations, tests should be carried out in a ‘testing environment’. This testing environment should, to the extent possible, replicate the production environment (including the implemented security provisions, in particular, those regarding data confidentiality). Additionally, key elements of a central counterparty's operational risk management framework should be audited periodically and whenever necessary. In addition to periodic internal audits, external independent reviews may be necessary, depending on the central counterparty's importance and level of interconnectedness. Consistent with the evolving nature of operational risk management, a central counterparty's operational objectives should be periodically reviewed to incorporate new technological and business developments.
16.2.4 The central counterparty's operational risk management framework should include formal change management and project management processes to mitigate operational risk arising from modifications to operations, policies, procedures and controls. Change management processes should provide mechanisms for preparing, approving, tracking, testing and implementing all changes to the system. Project management processes, in the form of policies and procedures, should mitigate the risk of any inadvertent effects on a central counterparty's current or future activities due to an upgrade, expansion or alteration to its service offerings, especially for major projects. In particular, these policies and procedures should guide the management, documentation, governance, communication and testing of projects, regardless of whether projects are outsourced or executed internally.
16.3 A central counterparty should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These policies include, but are not limited to, having: exacting targets for system availability; scalable capacity adequate to handle increasing stress volumes; and comprehensive physical and information security policies that address all potential vulnerabilities and threats.
Operational reliability
16.3.1 A central counterparty should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These objectives serve as benchmarks for a central counterparty to evaluate its efficiency and effectiveness and evaluate its performance against expectations. These objectives should be designed to promote confidence among the central counterparty's participants. Operational reliability objectives should include the central counterparty's operational performance objectives and committed service level targets. Operational performance objectives and service level targets should define both qualitative and quantitative measures of operational performance and should explicitly state the performance standards the central counterparty is intending to meet. The central counterparty should monitor and assess regularly whether the system is meeting its established objectives and service level targets. The system's performance should be reported regularly to senior management, relevant board committees, participants, the Reserve Bank and other relevant authorities. In addition, a central counterparty's operational objectives should be periodically reviewed to incorporate new technological and business developments.
System availability
16.3.2 A central counterparty should set explicit and exacting benchmarks for the availability of key systems, commensurate with the criticality of the services it provides. Measures of system availability should be reported regularly to senior management, relevant board committees, participants, the Reserve Bank and other relevant authorities. A central counterparty should have procedures to investigate a failure to meet system availability benchmarks, including external review where appropriate, and should implement any recommended changes to operations on a timely basis.
Operational capacity
16.3.3 A central counterparty should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service level objectives, such as the required processing speed. Capacity management requires that the central counterparty monitor, review and test (including stress test) the actual capacity and performance of the system on an ongoing basis. The central counterparty should carefully forecast demand and make appropriate plans to adapt to any plausible change in the volume of business or technical requirements. These plans should be based on a sound, comprehensive methodology so that the required service levels and performance can be achieved and maintained. As part of its capacity planning, a central counterparty should determine a required level of redundant capacity, taking into account the central counterparty's level of importance and interconnectedness, so that if an operational outage occurs, the system is able to resume operations and process all remaining transactions before the end of the day (see CCP Standard 16.7).
Physical and information security
16.3.4 A central counterparty should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. In particular, a central counterparty should have policies effective in assessing and mitigating vulnerabilities in its physical sites from attacks, intrusions and natural disasters. A central counterparty also should have sound and robust information security policies, standards, practices and controls to ensure an appropriate level of confidence and trust in the central counterparty by all stakeholders. These policies, standards, practices and controls should include the identification, assessment, mitigation and management of current and potential future security threats and vulnerabilities for the purpose of implementing appropriate safeguards into its systems. These safeguards should both defend against the intrusion of external threats and limit the vulnerability of systems to threats that breach perimeter safeguards. System security should be subject to regular review and testing, and systems should be periodically updated as appropriate. Data should be protected from loss and leakage, unauthorised access, and other processing risks, such as negligence, fraud, poor administration and inadequate recordkeeping. A central counterparty's information security objectives and policies should conform to commercially reasonable standards for confidentiality, integrity, authentication, authorisation, non-repudiation, availability and auditability (or accountability).
16.4 A central counterparty should ensure that it can reliably access and utilise well-trained and competent personnel, as well as technical and other resources. These arrangements should be designed to ensure that all key systems are operated securely and reliably in all circumstances, including where a related body becomes subject to external administration.
Access to resources
16.4.1 Because the proper performance of a central counterparty's employees is a core aspect of any operational risk management framework, a central counterparty should be able to access and utilise sufficient well-qualified personnel. These personnel should be able to operate the system safely and consistently follow operational and risk management procedures during normal and abnormal circumstances. A central counterparty should implement appropriate human resources policies to hire, train and retain qualified personnel, thereby mitigating the effects of high rates of personnel turnover or key person risk. Additionally, a central counterparty should have appropriate human resources and risk management policies to address fraud prevention. Where appropriate, a central counterparty should also have reliable access to technical expertise and other resources external to the central counterparty as necessary to ensure the security and reliability of key systems.
Resources shared with a related body
16.4.2 In some cases a central counterparty may utilise personnel and other resources that are employed or owned by a related body. Agreements between a central counterparty and any related bodies governing such arrangements should ensure, to the extent permissible by law, that the central counterparty can continue to access key resources in all circumstances, including in the event of the related body's insolvency or external administration.
16.5 A central counterparty should identify, monitor and manage the risks that key participants, other FMIs and service and utility providers might pose to its operations. A central counterparty should inform the Reserve Bank of any critical dependencies on utilities or service providers. In addition, a central counterparty should identify, monitor and manage the risks its operations might pose to its participants and other FMIs. Where a central counterparty operates in multiple jurisdictions, managing these risks may require it to provide adequate operational support to participants during the market hours of each relevant jurisdiction.
16.5.1 A central counterparty is connected directly and indirectly to its participants, other FMIs, and its service and utility providers. Accordingly, the central counterparty should identify both direct and indirect effects on its ability to process and settle transactions in the normal course of business and manage risks that would stem from the external operational failure of a connected entity. Such effects may include those transmitted through its participants, which may participate in multiple FMIs. Likewise, a central counterparty should identify, monitor and manage the risks it poses to its participants and that it faces from and poses to other FMIs (see CCP Standard 19 on FMI links). To the extent possible, a central counterparty should coordinate business continuity arrangements with interdependent FMIs. A central counterparty also should consider the risks associated with its service and utility providers and the operational effect on the central counterparty if a service or utility provider failed to perform as expected. A central counterparty should provide reliable service, not only for the benefit of its direct participants, but also for all entities that would be affected by its ability to process transactions.
Dependencies on service providers
16.5.2 A central counterparty should have a formal policy that sets out the process for entering into, maintaining and exiting key outsourcing or service provision arrangements. Before an outsourcing or service provision arrangement is established, senior management should identify the business, operational and other risks involved and ensure that these risks can be adequately monitored and controlled by the facility, and that the Reserve Bank and other relevant authorities are able to access sufficient information and effectively perform crisis management actions (see CCP Standards 16.9, 16.10 and 16.11). The board should approve the establishment of any outsourcing or service provision arrangement for a key business activity and be informed on a regular basis of the performance of the service provider.
16.5.3 A central counterparty that outsources operations to or is otherwise dependent on critical service providers should also disclose the nature and scope of this dependency to its participants. In addition to these service providers (such as financial messaging providers), a central counterparty is also typically dependent on the adequate functioning of utilities (such as power and telecommunication companies). As a result, a central counterparty should identify the risks from its critical service providers and utilities and take appropriate actions to manage these dependencies through appropriate contractual and organisational arrangements. A central counterparty should inform the Reserve Bank of any critical dependencies on utilities or service providers and ensure that both it and the Reserve Bank are able to access sufficient information on the performance of these utilities or service providers. To that end, the central counterparty may contractually provide for direct contacts between the critical service provider and the Reserve Bank, or contractually ensure that the Reserve Bank is able to obtain specific reports from the critical service provider. Alternatively, the central counterparty may provide the Reserve Bank with relevant information that it receives from the critical service provider.
16.5.4 A central counterparty's contractual arrangements with critical service providers should also ensure that the central counterparty's approval is mandatory before a critical service provider can itself outsource material elements of the service provided to the central counterparty, and that in the event of such an arrangement, full access to necessary information is preserved. Clear lines of communication should be established between the dependent central counterparty and the critical service provider to facilitate the flow of information between parties in both ordinary and exceptional circumstances (see CCP Standard 16.9). Additional controls may be required where outsourcing or service provision arrangements involve critical functions of the central counterparty or where relevant to crisis management (see CCP Standards 16.10 and 16.11).
16.5.5 Where a central counterparty operates in multiple jurisdictions, managing the risks that it poses to its participants may require it to provide adequate operational support to participants during the market hours of each relevant jurisdiction. In particular, where it has material Australian-based participation, the central counterparty should provide an appropriate degree of operational support to its Australian-based participants during Australian market hours. The degree of operational support should be sufficient to allow participants to resolve operational issues on a timely basis during Australian market hours (or within a reasonable extension of these hours, where necessary).
16.6 A participant of a central counterparty should have complementary operational and business continuity arrangements that are appropriate to the nature and size of the business undertaken by that participant. The central counterparty's rules and procedures should clearly specify operational requirements for participants.
16.6.1 To manage the operational risks associated with its participants, a central counterparty should establish minimum operational requirements for its participants (see also CCP Standard 17 on access and participation requirements). A central counterparty should define operational and business continuity requirements for participants in accordance with the participant's role and importance to the system, taking into consideration the nature and scale of the business undertaken by each participant. These requirements should complement the central counterparty's own operational and business continuity arrangements. Rules and procedures should clearly and fairly specify the requirements of participants in this regard. In some cases, a central counterparty may wish to identify critical participants based on consideration of transaction volumes and values, services provided to the central counterparty and other interdependent systems, and, more generally, the potential impact on other participants and the system as a whole in the event of a significant operational problem. Critical participants may need to meet some of the same operational risk management requirements as the central counterparty itself. A central counterparty should have clear and transparent criteria, methodologies or standards for critical participants to ensure that their operational risks are managed appropriately.
Business continuity arrangements
16.7 A central counterparty should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within two hours following disruptive events. Business continuity arrangements should provide appropriate redundancy of critical systems and appropriate mitigants for data loss. The business continuity plan should be designed to enable the central counterparty to facilitate settlement by the end of the day of the disruption, even in case of extreme circumstances. The central counterparty should regularly test these arrangements.
Business continuity management
16.7.1 Business continuity management is a key component of a central counterparty's operational risk management framework. A business continuity plan should have clearly stated objectives and should include policies and procedures that allow for the rapid recovery and timely resumption of critical operations following a disruption to a service, including in the event of a wide-scale or major disruption. A central counterparty should explicitly assign responsibility for business continuity planning and devote adequate resources to this planning. The plan should identify and address events that pose a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption, and should focus on the impact on the operation of critical infrastructures and services. A central counterparty's business continuity plan should ensure that the central counterparty can continue to meet agreed upon service levels in such events. Both internal and external threats should be considered in the business continuity plan, and the impact of each threat should be identified and assessed. In addition to reactive measures, a central counterparty's business continuity plan may need to include measures that prevent disruptions of critical operations. All aspects of the business continuity plan should be clearly and fully documented and details of relevant procedures made available to participants.
16.7.2 The objectives of a central counterparty's business continuity plan should include the system's recovery time and recovery point. A central counterparty should aim to be able to resume operations within two hours following disruptive events; however, backup systems ideally should commence processing immediately. This may imply maintenance of dual redundancy for critical systems at its primary site. The plan should be designed to enable the central counterparty to facilitate settlement by the end of the day even in case of extreme circumstances. Systems, including backup and data recovery procedures, should be designed to resume operations with a high degree of confidence that data will not be lost. This should include regular, and ideally real-time, replication of data across primary and secondary sites, and robust and timely procedures to recover data and transactions submitted in the interval between the last data replication and successful failover to a secondary site. Should data loss nevertheless occur, contingency plans for all central counterparties should ensure that the status of all transactions at the time of the disruption can be identified with certainty in a timely manner.
16.7.3 A central counterparty should set up a secondary site with sufficient resources, capabilities, and functionalities and appropriate staffing arrangements that would not be affected by a wide-scale disruption and would allow the secondary site to take over operations if needed.[2] The secondary site should provide the level of critical services necessary to perform the functions consistent with the recovery time objective and should be located at a sufficient geographical distance from the primary site that it has a distinct risk profile.[3] Depending on the central counterparty's importance and level of interconnectedness, the need and possibilities for a third site could be considered, in particular to provide sufficient confidence that the central counterparty's business continuity objectives will be met in all scenarios. A central counterparty should also consider alternative arrangements (for example, manual paper-based procedures) to allow for the processing of time-critical transactions in extreme circumstances. Both primary and secondary (and any additional) sites should have sufficient capacity to process volumes that are at least double projected stress volumes. This redundant capacity should be sufficient to ensure that each site is able to operate continuously and independently even in extreme circumstances.
16.7.4 A central counterparty's business continuity plan should also include clearly defined procedures for crisis and event management. The plan, for example, should address the need for rapid deployment of a multiskilled crisis and event management team as well as procedures to consult and inform participants, interdependent FMIs, the Reserve Bank and other relevant authorities, and others (such as service providers and, where relevant, the media) on a timely basis. Communication with the Reserve Bank and other relevant authorities is critical in case of a major disruption to a central counterparty's operations or wider market distress that affects the central counterparty, particularly where data held by the central counterparty may be critical for crisis management. Depending on the nature of the problem, communication channels with local civil authorities (for physical attacks or natural disasters) or computer experts (for software malfunctions or cyber-attacks) may also need to be activated. If a central counterparty has global importance or critical linkages to one or more interdependent FMIs, it should set up, test and review appropriate cross-system or cross-border crisis management arrangements.
16.7.5 A central counterparty's business continuity plan and its associated arrangements should be subject to periodic review and testing. Tests should address various scenarios that simulate wide-scale disasters and inter-site switchovers. A central counterparty's employees should be thoroughly trained to execute the business continuity plan, and participants, critical service providers and linked FMIs should be regularly involved in the testing and be provided with a general summary of the testing results. The degree of participant involvement in the testing should be appropriate to the nature and size of the business undertaken by individual participants (see CCP Standard 16.8). The central counterparty should also consider the need to participate in industry-wide tests. A central counterparty should make appropriate adjustments to its business continuity plans and associated arrangements based on the results of the testing exercises.
Incident management
16.7.6 A central counterparty should have comprehensive and well-documented procedures in place to record, report, analyse and resolve all operational incidents. After every significant disruption, a central counterparty should undertake a ‘post-incident’ review to identify the causes and any required improvement to the normal operations or business continuity arrangements. Such reviews should, where relevant, include the central counterparty's participants. The details of the incident and conclusions of the review should be provided to the Reserve Bank on a timely basis (see CCP Standard 21.1(h)).
16.8 A central counterparty should consider making contingency testing compulsory for the largest participants to ensure they are operationally reliable and have in place tested contingency arrangements to deal with a range of operational stress scenarios that may include impaired access to the central counterparty.
16.8.1 An operational disruption to the largest participants of a central counterparty may pose significant risks to the central counterparty's own operational performance, either directly or through interdependencies with other participants or FMIs. A central counterparty should therefore consider requiring its largest participants to perform contingency tests for their own operations with a particular focus on reliability of access to the central counterparty, and to participate in the central counterparty's own contingency testing. Where interdependencies between the central counterparty and its largest participants are significant, there will be a strong case for these participants to be involved in the central counterparty's contingency tests. Large participants' contingency tests should address the operational reliability of the participants and should cover a range of stress scenarios, including impaired access to the central counterparty.
Outsourcing and other dependencies
16.9 A central counterparty that relies upon, outsources some of its operations to, or has other dependencies with a related body, another FMI or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet the resilience, security and operational performance requirements of these CCP Standards and equivalent requirements of any other jurisdictions in which it operates.
16.9.1 A central counterparty that relies upon, outsources some of its operations to, or has other dependencies with a related body, another FMI, or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet relevant resilience, security and operational requirements of the CCP Standards and equivalent requirements of any other jurisdiction in which it operates. Requirements placed on such service providers should be proportional to the nature of the services that they provide. Further, even when systems and processes are outsourced or provided externally, the central counterparty remains responsible for those systems and processes. The central counterparty should have robust arrangements for the selection and substitution of such providers, timely access to all necessary information, and appropriate controls and monitoring tools (see CCP Standard 16.5).
16.9.2 Where a central counterparty outsources or is otherwise dependent on a provider of a critical function – a function that is integral to the safe and effective provision of its core services as a central counterparty – a greater degree of scrutiny of arrangements may be appropriate. In scrutinising service providers in accordance with this Standard, a central counterparty that outsources or relies upon external providers of critical functions should, consistent with the expectations set out in Annex F to the Principles, ensure that each provider of these critical services:
- identifies and manages relevant operational and financial risks to its critical services and ensures that its risk management processes are effective
- implements and maintains appropriate policies and procedures, and devotes sufficient resources to ensure the confidentiality and integrity of information and the availability of its critical services in order to fulfil the terms of its relationship with the central counterparty
- implements appropriate policies and procedures to ensure that its critical services are available, reliable and resilient. Its business continuity management and disaster recovery plans should therefore support the timely resumption of its critical services in the event of an outage so that the service provided fulfils the terms of its agreement with the central counterparty
- has in place robust methods to plan for the entire lifecycle of the use of its technologies and the selection of technological standards
- provides users, including the central counterparty and, where appropriate, its participants, with sufficient information to enable them to understand clearly their roles and responsibilities in managing risks related to their use of a critical service provider.
Where a critical service provider is a regulated entity, it may be more likely to achieve these criteria. However, the central counterparty must still form its own judgement as to whether the criteria have been met. The central counterparty should inform the Reserve Bank of the arrangements it has in place to ensure that critical service providers meet these requirements (see CCP Standard 16.10).
16.10 All of a central counterparty's outsourcing or critical service provision arrangements should provide rights of access to the Reserve Bank to obtain sufficient information regarding the service provider's operation of any critical functions provided. A central counterparty should consult with the Reserve Bank prior to entering into an outsourcing or service provision arrangement for critical functions.
16.10.1 All of a central counterparty's outsourcing or critical service provision arrangements should incorporate contractual rights of access for the Reserve Bank, allowing the Reserve Bank to seek information directly from the service provider in order to assess its operational performance and reliability with regard to any critical functions provided (see CCP Standard 16.5). Notwithstanding any assessment that the Reserve Bank may make regarding such service providers, a central counterparty should independently monitor the adherence of outsourcing or critical service providers to the resilience, security and operational performance requirements of the CCP Standards and other relevant standards (see CCP Standard 16.9).
16.10.2 Prior to entering into an outsourcing or service provision arrangement for a critical function, a central counterparty should consult with the Reserve Bank (see also CCP Standard 21 on regulatory reporting). As part of this consultation process, the central counterparty should provide the Reserve Bank with details of the arrangement, including provisions that satisfy the requirements of CCP Standards such as 16.5, 16.9, 16.10 and 16.11, and any other provisions necessary to comply with the operational requirements under the CCP Standards.
16.11 A central counterparty should organise its operations, including any outsourcing or critical service provision arrangements, in such a way as to ensure continuity of service in a crisis and to facilitate effective crisis management actions by the Reserve Bank or other relevant authorities. These arrangements should be commensurate with the nature and scale of the central counterparty's operations.
16.11.1 A central counterparty should ensure that its operations, including any outsourcing or critical service provision arrangements, are organised in such a way that it is able to provide continuous and reliable service in a crisis, and that the Reserve Bank or other relevant authorities are able to take effective action to manage or resolve a crisis. A central counterparty may need to consider contractual arrangements with outsourcing providers or other service providers that contain explicit provisions safeguarding continuity of service in crisis scenarios, including financial distress to the central counterparty.
16.11.2 A systemically important central counterparty should have robust arrangements to ensure continuity of service and facilitate effective crisis management actions by the Reserve Bank or other relevant authorities.[4] A systemically important central counterparty that also has a strong connection to the Australian real economy and financial system should also organise its operations so as to facilitate resolution actions taken by the Reserve Bank or other relevant authorities. This may require that the central counterparty directly operate critical functions, or, for outsourced or externally provided functions and to the extent supported by law, provide for contractual rights of access to any appointed statutory manager in a resolution scenario. These rights of access would need to survive termination of the outsourcing or service provision agreement. In determining whether a systemically important central counterparty has a strong connection to the Australian real economy and financial system, the following factors are likely to be relevant:
- whether the central counterparty offers services in a domestic or international market
- the mix of domestic and international participants in the central counterparty
- the potential for disruption to the central counterparty to affect the real economy
- whether the market serviced by the central counterparty is retail or wholesale
- whether the central counterparty clears a domestic securities market
- links that the central counterparty has with other Australian FMIs.
Footnotes
A single point of failure is any point in a system, whether a service, activity or process, which, if it failed to work correctly, would lead to the failure of the entire system. [1]
A particular site may be primary for certain functions and secondary for others. It is not intended that a central counterparty would be required to have numerous separate secondary sites for each of its essential functions. [2]
A central counterparty should conduct a comparative risk analysis of the secondary site. The secondary site should in principle not be affected by an event that affects the primary site, with the exception of some very specific threats, such as a coordinated attack. Each site should have robust resilience based on the duplication of software and hardware, and the technology in place to replicate data between the various sites should be consistent with the chosen recovery point objectives. [3]
See guidance to CCP Standard 7.7 for factors the Reserve Bank will consider in assessing the systemic importance of a central counterparty. [4]