Financial Market Utilities: Is the System Safer?

It has been two and a half years since the Financial Stability Oversight Council (FSOC) designated select financial market utilities (FMUs) as “systemically important.” These entities’ respective primary supervisory agencies have since increased scrutiny of these organizations’ operations and issued rules to enhance their resilience.

As a result, systemically important FMUs (SIFMUs) have been challenged by a significant increase in regulatory on-site presence, data requests, and overall supervisory expectations. Further, they are now subject to heightened and often entirely new regulatory requirements. Given the breadth and evolving nature of these requirements, regulators have prioritized compliance with requirements deemed most critical to the safety and soundness of financial markets. These include certain areas within corporate governance and risk management such as liquidity risk management, participant default management, and recovery and wind-down planning.

Of the three supervisory agencies charged with regulating SIFMUs—the Federal Reserve Board (FRB), the Securities and Exchange Commission (SEC), and the Commodity Futures Trading Commission (CFTC)—the FRB has thus far had the most impactful role. Although the FRB is the primary regulator of only two of the eight designated SIFMUs, it has been authorized by the Dodd-Frank Act to also supervise the other six SIFMUs indirectly as their backup regulator.

This backup role has been exercised through the FRB’s participation in select annual examinations, continuous monitoring meetings, off-site risk assessments, information sharing between supervisory authorities, and interagency exam scoping meetings. Therefore, although specific regulatory requirements have somewhat differed between SIFMUs based on their primary regulator, all SIFMUs’ governance and risk management practices are being heavily influenced by the FRB. In this regard, our market observations indicate that a number of SIFMUs still need considerable infrastructure changes, process enhancements, and more skilled resources to meet the FRB’s expectations.

This post provides (a) background information on the regulatory framework for SIFMUs, (b) our observations of the practical impact these regulations are having on SIFMUs, and (c) our view on what SIFMUs should be doing now.

Background

SIFMUs are critical entities supporting capital markets’ operations through the transfer, clearing, or settlement of payments and securities between trading counterparties. Due to this vital role, in times of market stress, SIFMUs may contribute to and amplify market instability. Although they remained largely stable during the financial crisis, regulators believe that significant risk is concentrated in these entities, and potential market disruptions could occur if the risks are not managed. Consequently, regulators are focused on ensuring that SIFMUs’ risk managers continue to assess and maintain an appropriate level of controls and sufficient financial resources (i.e., capital and liquidity) [1] to mitigate their potential systemic risks.

In 2012 the Committee on Payment and Market Infrastructures and the Board for International Organization of Securities Commissions (CPMI/IOSCO) jointly issued Principles for Financial Market Infrastructures (PFMIs). [2] The PFMIs aim to enhance the safety and efficiency of FMUs, reduce systemic risk, and foster transparency and financial stability. To that end, the PFMIs prescribe minimum standards and key considerations for governance and risk management (including recovery and wind-down planning) for these entities.

In the US, the PFMIs have been applied to FSOC-designated SIFMUs [3] through rulemakings by their three supervisory agencies: the FRB (finalized), [4] the CFTC (finalized), and the SEC (proposed). All three agencies’ rules emphasize the need for effective governance and risk management processes including participant default management, financial resource adequacy, liquidity stress testing, and recovery and wind-down planning.

Impact of systemically important designation

Since designation, SIFMUs have experienced significant changes in their regulatory relationships including more formal processes, heavier on-site examiner presence, and increased interaction between regulators and the board, senior management, risk managers, and internal audit. In addition, regulators have carried out more “surgically precise” examinations focusing on particularly high risk areas (e.g., default and liquidity risk management).

Regulators continue to push SIFMUs, based on their continued examination of SIFMUs’ business activities, in the following three major areas: governance, risk management, and recovery and wind-down planning (which is a critical subset of risk management). These are each discussed below.

Governance

Consistent with the supervisory treatment of systemically important financial institutions (SIFIs) by bank regulators, all three agencies require that a SIFMU’s senior management and board have the appropriate skills and experience to discharge their responsibilities. Senior management is required to ensure that the SIFMU’s activities and risks are managed under the direction of the board and consistently with board-approved policies, strategy, and risk appetite/tolerance. The board in turn is required to hold senior management accountable for discharging its duties, to exercise independent judgment, and to avoid conflicts of interest.

Given the importance of governance as an overarching factor that spans across all other areas of SIFMU activities, regulators expect SIFMUs to substantially comply with all of the final rules’ requirements around governance. Accordingly, regulators are in practice closely scrutinizing SIFMUs’ governance frameworks, including how senior management is challenged, held accountable, and incentivized.

Oversight by the SIFMU board has received particular scrutiny including an assessment of controls to facilitate effective board review of risk identification and to enable reporting that promotes directors’ understanding of issues. To assist in this area, regulators have identified directors’ education (both at the time of on-boarding and throughout their terms) and the board’s performance evaluations (of itself and of individual directors) as critical.

Regulators also expect SIFMU boards to be independent from management, so some directors must not be executives of the SIFMU. But perhaps more importantly, independence from the SIFMU’s owners (or members) has attracted regulatory attention given the inherent potential for conflicts of interest where SIFMU members also have an ownership stake in the SIFMU (and sit on the SIFMU’s board). Therefore, SIFMUs are expected to have directors who are not affiliated with the SIFMU’s owner(s), to bring an independent view to the governance process. This has created challenges to Board oversight including forcing Boards to make decisions which are in the best interest of the SIFMU but may have negative implications to its owners.

Risk management

The three agencies’ regulations require SIFMUs to have a chief risk officer and a comprehensive risk management framework, which is comprised of written policies and procedures for managing key risks. Specifically, the risk framework must include processes to (a) regularly measure and limit credit risk exposures, (b) establish margin requirements and test models that calculate margin, (c) set, maintain, and stress test minimum capital and liquidity levels, and (d) assess and monitor clearing members’ and others’ risk management practices.

SIFMUs that are central counterparties are additionally required to maintain sufficiently liquid resources [5] to withstand a wide range of stress scenarios, [6] including default by one or more clearing members. These firms must also conduct daily liquidity stress tests (using their own predetermined parameters and assumptions for the scenarios), and analyze the validity of their stress scenarios and their underlying assumptions on at least a monthly basis. [7] Finally, central counterparty SIFMUs must establish clear procedures to report the results of daily liquidity stress tests to senior management and to make necessary adjustments to their stock of liquid resources based on test results.

Within these requirements, regulators have been emphasizing the following five areas:

• Risk management policies, procedures, reporting, and escalation requirements (both within legal entities and enterprise-wide), especially liquidity risk management, operational risk controls, and model risk governance. [8]
• Margin requirements and real-time monitoring processes.
• SIFMU’s understanding and monitoring of the risk management practices of key participants, including members, counterparties, settlement banks, and liquidity-providers.
• Participant default policies, procedures, and testing.
• Clearing and settlement procedures.

SIFMUs’ liquidity risk management has particularly been a subject of heightened regulatory focus around liquidity stress scenario development and testing. Firms have faced challenges in this area, largely due to lack of detailed supervisory guidance. For example, regulators have made clear that they expect SIFMUs to develop scenarios that are sufficiently adverse, without providing guidance on scenario elements and the expected level of adversity.

SIFMUs are also expected to establish and maintain robust operational risk controls to ensure operations reliability, and to have business contingency plans for the timely completion of regular trade processing and settlement. Both the FRB and CFTC expect SIFMUs to recover and resume clearing and settlement operations no later than two hours following a disruptive event. The SEC is directionally consistent with the other agencies but is somewhat more flexible; the SEC expects SIFMUs to have systems that are “reasonably designed” to resume critical operations within two hours following a wide-scale disruption.

Finally, regulators are also closely scrutinizing SIFMUs’ risk model governance processes, including model development and validation, and model performance monitoring.

Our observations suggest that evaluating a SIFMU’s risk management framework against these expectations often prompts enhancements to risk culture, risk management practices and tools, and risk management fundamentals (e.g., talent, policies and procedures, and reporting systems).

Recovery and wind-down planning

As a critical component of overall risk management, the agencies’ rules require SIFMUs to prepare both a recovery and a wind-down plan, to maintain sufficient liquidity to implement the plans, and to be prepared to raise additional financial resources should the SIFMU’s resources fall below the amount deemed necessary for recovery or wind-down. In addition, the rules require that recovery and wind-down plans include provisions to address potential uncovered credit losses, liquidity shortfalls, and general business risk.

While recovery and wind-down planning requirements are generally consistent among the agencies, the compliance timeline varies by supervisor. Whereas CFTC-supervised SIFMUs were required to prepare their recovery and wind down plans by year-end 2013, [9] the FRB has mandated a December 31, 2015 compliance date, and the SEC has yet to finalize its relevant regulation. While approaches to this exercise continue to evolve at the agencies, SIFMUs should be working on developing and refining their recovery and wind-down plans, approaches, and tools, given the acute regulatory focus on SIFMUs’ potential for systemic risk transmission in case of failure.

The focus of global regulators on recovery and wind-down planning shines a light on the intrinsic tension between maintaining systemic financial stability and the goals of individual market participants, including both SIFMUs and SIFIs. SIFMUs and their regulators want SIFMUs to retain maximum discretion in using risk management tools to protect the firm and its non-failing members from the impact of a failing member SIFI (e.g., by limiting the failing SIFI’s access to the SIFMU’s services). At the same time, US regulators have indicated that it is difficult for them to envision the orderly resolution of a failing SIFI if the SIFI loses access to key FMUs in times of severe stress. Since the FRB, SEC, and CFTC oversee both SIFIs (or their subsidiaries) and SIFMUs an equitable solution to this conundrum is theoretically possible but has not yet been put forward. The agencies’ rules have also taken different approaches to liquidity management as it relates to SIFMUs’ recovery and wind-down. Specifically, CFTC-regulated SIFMUs must maintain sufficient liquid resources to cover operating costs for a period of at least one year, calculated on a rolling basis. The FRB and SEC on the other hand require SIFMUs to hold sufficient liquid resources equal to the greater of the cost to implement their recovery or wind-down plans, or six months of current operating expenses.

Practical regulatory expectations around recovery and wind-down planning have not been clear so far, so SIFMUs continue to seek more clarity from their respective regulators regarding their expectations. Therefore, although the majority of the eight SIFMUs have already developed their first recovery and wind-down plans, the plans remain as works in progress pending more detailed regulatory guidance. In many instances SIFMUs have leveraged regulatory guidance for SIFIs as a starting point for their plans, although this approach may not fully consider the unique risks of SIFMUs. Plans developed based on this approach may be further improved using existing global standards around SIFMU recovery and wind-down, [10] which we expect to provide the basis for any future US regulatory guidance.

We expect recovery and wind-down planning challenges to only intensify going forward, particularly as supervisors gain a better understanding of the interdependencies between SIFIs and SIFMUs and demand more specificity in recovery and wind-down plans. [11]

What should SIFMUs be doing?

To meet the regulatory expectations described in this brief, SIFMUs that are currently designated (and those firms under consideration for designation) should consider the following ten-point “to do list” as a baseline:

• 1. Assess current governance structures, roles, and responsibilities to determine if they provide the adequate level of oversight, effective challenge, accountability, transparency, and independence.
• 2. Ensure the board and senior management are aware of current and evolving regulatory requirements and their implications on the business model, strategies, and risk management approaches, and provide training where appropriate to facilitate understanding.
• 3. Develop comprehensive risk management processes (policies, procedures, controls, and risk reporting and escalation requirements) to ensure accurate and reliable holistic risk exposure information, documentation, and recordkeeping/retention.
• 4. Focus on strengthening risk model development and model validation practices, and collateral management processes.
• 5. Enhance risk exposure reporting to ensure key participant information is monitored and reviewed, escalated, documented, and appropriately acted upon by senior management.
• 6. Consider potential credit and liquidity stress events and have reliable plans in place to ensure the firm can meet its settlement obligations without causing instability in financial mark
• 7. Regularly conduct end-to-end testing of default management processes with market participants (i.e., other SIFMUs and SIFMU participants) and incorporate lessons learned where appropriate.
• 8. Evaluate and mitigate material risks that the firm poses to other entities, such as other FMUs, settlement banks, liquidity providers, or service providers as a result of interdependencies.
• 9. Understand and manage material risks to the FMU posed by firms that are not members of the FMU but utilize its services (e., payment, clearing, and settlement) through their contracts with member firms.
• 10. Prepare and continue to enhance recovery and wind-down plans, even in the absence of more regulatory clarity to ensure the plans are actionable, transparent, and free from impediments.

Endnotes:

[1] While SIFMUs are required to maintain sufficient financial resources, this requirement is not directly comparable to liquidity and capital requirements for other financial institutions. Unlike banks that must maintain a relatively significant level of capital and liquid resources on an on- going basis, SIFMUs must generally have policies and procedures in place to raise necessary financial resources in case of occurrence of a range of events, including default by one or more clearing members in extreme market conditions, and when executing recovery or wind-down plans. These obligations however may change in the future, as indicated by recent comments by industry participants and US supervisory authorities, to require SIFMUs to maintain more financial resources at the firm.
(go back)

[2] “Financial Market Infrastructures” is the term used by CPMI/IOSCO, which for purposes of this brief is interchangeable with “Financial Market Utilities,” the term used by US regulators.
(go back)

[3] See PwC’s Regulatory brief: More Scrutiny for Financial Market Utilities (May 2013). On July 18, 2012, the FSOC designated eight FMUs as systemically important under Title VIII of the Dodd-Frank Act: The Clearing House Payments Company (operator of the Clearing House Interbank Payments System (CHIPS)); CLS Bank International (CLS); Chicago Mercantile Exchange (CME); The Depository Trust Company (DTC); Fixed Income Clearing Corporation (FICC); ICE Clear Credit (ICE); National Securities Clearing Corporation (NSCC); and The Options Clearing Corporation (OCC).
(go back)

[4] See PwC’s First take: SIFMU risk management standards (October 31, 2014).
(go back)

[5] Qualifying liquid resources include cash, committed lines of credit, committed FX swaps, committed repurchase agreements, and highly marketable collateral.
(go back)

[6] Stress scenario assumptions vary based on a SIFMU’s risk profile. For example, SIFMUs with a more complex risk profile or those that are designated as systemically important in multiple jurisdictions are expected to maintain sufficient liquid resources to withstand default by the two (rather than one) clearing members and their affiliates creating the largest combined loss for the SIFMU.
(go back)

[7] More frequent analysis is necessary under certain circumstances, such as when the products cleared or markets served experience high volatility or become less liquid, or when the size or concentration of positions held by the SIFMU’s members increases significantly.
(go back)

[8] Where applicable, given the SIFMU’s exposures and business activities, the regulators also expect SIFMUs to monitor and manage custody and investment risk, and assess settlement bank and liquidity provider credit and liquidity risks.
(go back)

[9] The CFTC rule provided for an optional one-year extension of the deadline to year-end 2014.
(go back)

[10] See, e.g., FSB’s Key Attributes of Effective Resolution Regimes for Financial Institutions (October 2014); and CPMI/IOSCO’s Recovery of Financial Market Infrastructures (October 2014).
(go back)

[11] We expect further complications in recovery and wind-down planning as large banks that are SIFMU participants revise their resolution plans pursuant to regulatory feedback from the FRB and FDIC. See PwC’s First take: Resolution plan guidance to largest firms (August 2014). For example, as banks discuss revisions to their FMU playbooks with FMUs (i.e., policies and procedures that govern the banks’ relationship with central counterparties during resolution), FMUs may in turn revise their recovery and wind-down plans to reflect changes in the banks’ playbooks.
(go back)