Financial Stability Standards for Central Counterparties Standard 3: Framework for the Comprehensive Management of Risks
Note: The headline standard and numbered ‘sub’-standards determined under section 827D(1) of the Corporations Act 2001 have been formatted in bold text while the guidance to these standards has been formatted as plain text. For more information see the Introduction for Standards and Introduction for Guidance. Although the Reserve Bank has taken due care in compiling this page, the published version of the Standards and Guidance should be used in the case of any differences between the two.
A central counterparty should have a sound risk management framework for comprehensively managing legal, credit, liquidity, operational and other risks.
Guidance
A central counterparty should take an integrated and comprehensive view of its risks, including the risks it bears from and poses to its participants and their customers, as well as the risks it bears from and poses to other entities, such as other FMIs, money settlement agents, liquidity providers and service providers (for example, matching and portfolio compression service providers). A central counterparty should consider how various risks relate to, and interact with, each other. The central counterparty should have a sound risk management framework (including policies, procedures and systems) that enable it to identify, measure, monitor and manage effectively the range of risks that arise in or are borne by the central counterparty. A central counterparty's framework should include the identification and management of interdependencies. A central counterparty should also provide appropriate incentives and the relevant information for its participants and other entities to manage and contain their risks vis-à-vis the central counterparty. As set out in CCP Standard 2 on governance, the board of directors plays a critical role in establishing and maintaining a sound risk management framework.
3.1 A central counterparty should have risk management policies, procedures and systems that enable it to identify, measure, monitor and manage the range of risks that arise in or are borne by the central counterparty. This risk management framework should be subject to periodic review.
Identification of risks
3.1.1 To establish a sound risk management framework, a central counterparty should first identify the range of risks that arise within the central counterparty and the risks it directly bears from or poses to its participants, its participants' customers and other entities. It should identify those risks that could materially affect its ability to perform or to provide services as expected. Typically these include legal, credit, liquidity and operational risks. A central counterparty should also consider other relevant and material risks, such as market (or price), concentration and general business risks, as well as risks that do not appear to be significant in isolation, but when combined with other risks become material. The consequences of these risks may have significant reputational effects on the central counterparty and may undermine the central counterparty's financial soundness as well as the stability of the broader financial markets. In identifying risks, a central counterparty should take a broad perspective and identify the risks that it bears from other entities, such as other FMIs, money settlement agents, liquidity providers, service providers and any entities that could be materially affected by the central counterparty's inability to provide services.
Comprehensive risk policies, procedures and controls
3.1.2 A central counterparty's board and senior management are ultimately responsible for managing the central counterparty's risks (see CCP Standard 2 on governance). The board should determine an appropriate level of aggregate risk tolerance and capacity for the central counterparty. The board and senior management should establish policies, procedures and controls that are consistent with the central counterparty's risk tolerance and capacity. The central counterparty's policies, procedures and controls serve as the basis for identifying, measuring, monitoring and managing the central counterparty's risks and should cover routine and non-routine events, including the potential inability of a participant, or the central counterparty itself, to meet its obligations. A central counterparty's policies, procedures and controls should address all relevant risks, including legal, credit, liquidity, general business and operational risks. These policies, procedures and controls should be part of a coherent and consistent framework that is reviewed and updated periodically, and shared with the Reserve Bank and other relevant authorities.
Information and control systems
3.1.3 In addition, a central counterparty should employ robust information and risk control systems to provide the central counterparty with the capacity to obtain timely information necessary to apply risk management policies and procedures. In particular, these systems should allow for the accurate and timely measurement and aggregation of risk exposures across the central counterparty, the management of individual risk exposures and the interdependencies between them, and the assessment of the impact of various economic and financial shocks that could affect the central counterparty. Information systems should also enable the central counterparty to monitor its credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits.
3.1.4 Where appropriate, a central counterparty should also provide its participants and its participants' customers with the relevant information to manage and contain their credit and liquidity risks.[1] A central counterparty may consider it beneficial to provide its participants and its participants' customers with information necessary to monitor their credit and liquidity exposures, overall credit and liquidity limits, and the relationship between these exposures and limits. Where the central counterparty permits participants' customers to create exposures in the central counterparty that are borne by the participants, the central counterparty should provide participants with the capacity to limit such risks and the central counterparty should ensure that any large exposures are appropriately monitored and managed.
Internal controls
3.1.5 A central counterparty also should have comprehensive internal processes to help the board and senior management monitor and assess the adequacy and effectiveness of a central counterparty's risk management policies, procedures, systems and controls. While business line management serves as the first ‘line of defence’, the adequacy of and adherence to control mechanisms should be assessed regularly through independent compliance programs and independent external reviews.[2] A robust internal audit function can provide an independent assessment of the effectiveness of a central counterparty's risk management and control processes. An emphasis on the adequacy of controls by senior management and the board as well as internal audit can also help counterbalance a business management culture that may favour business interests over establishing and adhering to appropriate controls. In addition, proactive engagement of audit and internal control functions when changes are under consideration can also be beneficial. Specifically, central counterparties that involve their internal audit function in pre-implementation reviews will often reduce their need to expend additional resources to retrofit processes and systems with critical controls that had been overlooked during initial design phases and construction efforts.
3.2 A central counterparty should ensure that financial and other obligations imposed on participants under its risk management framework are proportional to the scale and nature of individual participants' activities.
3.2.1 A central counterparty should ensure that it has sufficient risk controls and other arrangements in place to comply with the CCP Standards, and address any other systemic risk implications of its activities. In accordance with a central counterparty's risk management framework, these arrangements may place financial and other obligations on participants, such as margin, contributions to prefunded default arrangements, ex-ante agreed arrangements for the provision of liquid resources and allocations of uncovered losses or liquidity shortfalls (see CCP Standard 4 on credit risk, CCP Standard 7 on liquidity risk and CCP Standard 12 on participant default rules and procedures), or minimum operational requirements (see CCP Standard 16 on operational risk). Such obligations should be proportional to the nature and magnitude of the risk that individual participants' activities pose to the safety of the central counterparty. In general, obligations placed on a participant with limited or conservative activities should differ from those placed on a participant with extensive or risky activities. For the purposes of this Standard, financial obligations do not include minimum capital requirements for participants, which are dealt with under CCP Standard 17 on access and participation requirements.
3.3 A central counterparty should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the central counterparty.
3.3.1 In establishing risk management policies, procedures and systems, a central counterparty should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the central counterparty. There are several ways in which a central counterparty may provide incentives. One example is the use of loss-sharing arrangements proportional to the exposures brought to the central counterparty. Provision of incentives can help reduce the moral hazard that may arise from formulas in which losses are shared equally among participants or other formulas where losses are not shared proportionally to risk.
3.4 A central counterparty should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies, and develop appropriate risk management tools to address these risks.
3.4.1 A central counterparty should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies and develop appropriate risk management tools to address these risks (see also CCP Standard 19 on FMI links). In particular, a central counterparty should have effective risk management tools to manage all relevant risks, including the legal, credit, liquidity, general business and operational risks that it bears from and poses to other entities, in order to limit the effects of disruptions from and to such entities as well as disruptions from and to the broader financial markets. These tools should include business continuity arrangements that allow for rapid recovery and resumption of critical operations and services in the event of operational disruptions (see CCP Standard 16 on operational risk), liquidity risk management techniques (see CCP Standard 7 on liquidity risk), and recovery or orderly wind-down plans should the central counterparty become non-viable. Because of the interdependencies between and among systems, a central counterparty should ensure that its crisis management arrangements allow for effective coordination among the affected entities, including cases in which its own viability or the viability of an interdependent entity is in question.
3.5 A central counterparty should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. A central counterparty should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, a central counterparty should also provide relevant authorities with the information needed for purposes of resolution planning.
3.5.1 A central counterparty should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. These scenarios should take into account the various independent and related risks to which the central counterparty is exposed. Using this analysis (and taking into account any constraints potentially imposed by domestic legislation), the central counterparty should prepare appropriate plans for its recovery or orderly wind-down. The plans should contain, among other elements, a substantive summary of the key recovery or orderly wind-down strategies, the identification of the central counterparty's critical operations and services, and a description of the measures needed to implement the key strategies. A central counterparty should have the capacity to identify and provide to related entities the information needed to implement its plans on a timely basis during stress scenarios. In addition, these plans should be reviewed and updated regularly. Where applicable, a central counterparty should provide relevant resolution authorities with the information, including strategy and scenario analysis, needed for purposes of resolution planning.
Footnotes
A central counterparty should ensure that its information systems have the capacity to provide this information on a timely basis. [1]
Internal audits should be performed by qualified and independent individuals who did not participate in the creation of the control mechanisms. The central counterparty should also subject aspects of its risk management processes to external independent review (see CCP Standard 2 on governance). [2]