Assessment of ASX Clearing and Settlement Facilities – September 2019 Appendix C2. Financial Stability Standards for Securities Settlement Facilities
Standard 3: Framework for the comprehensive management of risks
A securities settlement facility should have a sound risk management framework for comprehensively managing legal, credit, liquidity, operational and other risks.
ASX Settlement | Austraclear |
Observed | Observed |
3.1 A securities settlement facility should have risk management policies, procedures and systems that enable it to identify, measure, monitor and manage the range of risks that arise in or are borne by the securities settlement facility. This risk management framework should be subject to periodic review.
Identification of risk
ASX's high-level framework for risk management is described in its Enterprise Risk Management Policy. Specific risks are identified and assessed based on their likelihood and potential impact. The risk categories considered are: reputational, counterparty, strategic, financial, operational, technology, and regulatory and legal risks.
Comprehensive risk policies, procedures and controls
ASX's Enterprise Risk Management Policy has been developed with reference to the international standard ISO 31000 Risk Management – Principles and Guidelines.[12] The policy is reviewed by the Audit and Risk Committee every two years, with the most recent review taking place in November 2018. As part of this review, ASX updated its Enterprise Risk Management policy to reflect an increase in the number of risk categories from two to seven, and the adoption of a more granular five-point scale for assessing the likelihood and impact of risks. ASX has also separated out its updated Risk Appetite Statement (RAS) into a standalone document owned by the ASX Limited Board (see SSF Standard 2.6). At a high level, the ASX Enterprise Risk Management Policy outlines: the overall risk environment in the ASX Group; the objectives of risk management policies; the process by which risks are identified and assessed; the controls in place to detect and mitigate risks; and how risks are monitored and communicated. The Enterprise Risk Management Policy takes into account the risk tolerances established by ASX's RAS: ASX's tolerance for financial, operational, technology, counterparty, reputational, and regulatory and legal risks is ‘very low’; ASX's tolerance for strategic risks is ‘medium’.
ASX uses key risk indicators to measure levels of risk in the organisation and categorise risk levels according to a ‘red-amber-green’ scale.
The Enterprise Risk Management Policy also sets out how specific risk responsibilities across the ASX Group are assigned, including to the ASX Limited Board of Directors, the Audit and Risk Committee, the CS Boards, the Risk Committee, the General Managers of Enterprise Risk and Enterprise Compliance, and managers of individual functions. Managers of relevant functions are responsible for identifying and monitoring risks relevant to their function's activities, as well as for designing and implementing risk management controls to manage identified risks. As part of the risk profiling and assessment process, management assesses the appropriateness and operational effectiveness of these controls twice a year; these assessments are reviewed by the Risk Committee.
ASX's Settlement Risk Policy Framework sets out a comprehensive set of settlement-related risk policies to support the risk management approach of ASX's SSFs. These policies govern more detailed internal standards, which in turn govern specific procedures for the management of settlement-related risks and the broader operations of the SSFs. The structure of policies, standards and procedures reflects the requirements of the FSS.
A number of boards and internal committees oversee settlement risk management policy, including:
- The CS Boards. Each CS facility has a board (see SSF Standard 2.3 and ‘ASX Group Structure’ in Appendix B.1), which shares members with the other ASX CS facilities. The Settlement Boards have oversight of the Settlement Risk Policy Framework, and are responsible for any significant amendments. Policies and designated key standards under the framework are also governed by the Settlement Boards.
- Risk Committee. The Risk Committee is constituted to ensure the adequacy and appropriateness of the risk management frameworks, policies, processes and activities of the ASX Group. This includes overseeing the implementation and adequacy of the Enterprise Risk Management Policy, and reviewing and approving key risk management policies, standards and procedures. It is chaired by the CRO and comprises the CEO, Deputy CEO, Chief Financial Officer (CFO), COO and Group General Counsel and Company Secretary. The Risk Committee meets at least on a quarterly basis.
- Regulatory Committee. The Regulatory Committee is chaired by the ASX Group General Counsel and Company Secretary and is made up of the CEO, Deputy CEO, Chief Compliance Officer, COO and CRO. The committee manages the processes associated with the development and execution of policy in relation to the operation and conduct of the ASX CS facilities, and ASX's licences, markets and other operations. It also oversees regulatory and legal management processes across ASX, amongst other responsibilities. The Regulatory Committee meets on a quarterly basis.
- Participant Incident Response Group (PIRG). PIRG is responsible for coordinating ASX's response to a settlement participant incident, and provides input into policy determinations and settings as necessary in response to such incidents. The PIRG is chaired by the Executive General Manager, Operations, and is made up of senior staff from the operational, risk management, compliance and legal functions. Meetings of PIRG are convened as required to address an actual or potential participant incident.
- Post Trade Working Group (PTWG). PTWG is responsible for facilitating discussion on ASX's post-trade operations, technology, risk and compliance, and new products and services of relevance to these areas, and for sharing feedback received from participants. Management committees may delegate matters to the PTWG for further consideration. The PTWG is chaired by Post-trade Operations, and is made up of staff from Clearing Risk Policy, Clearing Risk Quantification and Development, business development, application support, compliance and legal functions. The PTWG meets on a monthly basis or more frequently as required.
Information and control systems
Since ASX Settlement and Austraclear do not assume credit or liquidity risk as principal (see SSF Standards 4 and 6), they do not require information and control systems to monitor these risks.
ASX Settlement nevertheless employs information systems that provide participants with information regarding their money and securities settlement obligations. This information assists participants in managing their funding and delivery obligations and risks (see SSF Standard 6.2). By contrast, Austraclear's use of DvP Model 1 settlement avoids the creation of credit exposures during the settlement process and limits the direct liquidity impact of a participant default on non-defaulting participants (see SSF Standard 10.2). Accordingly, there are no relevant participant settlement and funding flows for Austraclear to measure and monitor (see SSF Standard 6.2).
Internal controls
ASX's documented risk management policies and standards specify requirements for periodic formal review, although more frequent reviews may occur depending on changes to technology, business drivers or legal requirements. Reviews are conducted by specific working groups and committees as required. Settlement risk policies and standards are reviewed on an annual basis by CRPM and the Risk Committee; material changes to settlement risk policies and standards are approved by the CS Boards. Under the Enterprise Risk Management Policy, ASX updates its risk profile every six months at a functional level, identifying relevant risks and setting out planned actions to respond to those risks.
Risk management arrangements are also subject to periodic review by Internal Audit. Such audits aim to provide assurance that the risk management framework continues to be effective. Risk management arrangements may also be subject to review by external experts from time to time.
3.2 A securities settlement facility should ensure that financial and other obligations imposed on participants under its risk management framework are proportional to the scale and nature of individual participants' activities.
ASX Settlement and Austraclear do not place financial obligations on their participants under their respective risk management frameworks. The ASX SSFs are not participants or guarantors to any transaction submitted for settlement through them and are not directly exposed to credit or liquidity risk. ASX Settlement's DvP Model 3 settlement process and Austraclear's DvP Model 1 settlement process do not expose participants to settlement risk (see SSF Standard 10.2). At ASX Settlement, fees levied on participants that fail to meet their securities delivery obligations are proportional to the value of the failed obligations. At Austraclear, transactions that are submitted but not settled successfully on the day are removed from the settlement queue at close of business without penalty. Operational and other participation requirements placed on participants are discussed under SSF Standards 14.6 and 15.2.
3.3 A securities settlement facility should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the securities settlement facility.
ASX Settlement and Austraclear may apply sanctions to, or place additional requirements on, participants that fail to comply with their Operating Rules or Regulations. Participants may ultimately be required to seek alternative settlement arrangements.
3.4 A securities settlement facility should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies, and develop appropriate risk management tools to address these risks.
ASX Settlement and Austraclear review the material risks that they bear from and pose to other entities in the context of their ongoing review of enterprise risks (such as the six-monthly update of risk profiles; see SSF Standard 3.1), and their processes for identifying risks associated with new activities. In the case of new products and services, ASX undertakes risk assessments when undertaking an expansion of its activities or in the event of material changes to its business. Risk assessments are built into ASX's project management framework (see SSF Standards 12.1 and 14.4).
The interdependency between ASX Settlement and ASX Clear for the settlement of novated transactions is managed within the context of ASX Group's broader risk management framework (see SSF Standard 17).
The interdependencies between Austraclear and each of ASX Clear and ASX Clear (Futures) for the settlement of margin and other payment obligations are managed within the context of ASX Group's broader risk management framework (see SSF Standard 17).
3.5 A securities settlement facility should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. A securities settlement facility should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, a securities settlement facility should also provide relevant authorities with the information needed for purposes of resolution planning.
ASX Settlement and Austraclear have established a recovery plan that identifies scenarios that could threaten the ASX SSFs' ongoing provision of critical services, describes events that would trigger the activation of the recovery plan, and sets out how ASX would respond to such scenarios. It also describes the suite of tools available to the SSFs in recovery and details the governance arrangements both for the use of these tools and for review of the recovery planning framework. This includes arrangements for the use of capital set aside to cover general business risks at the SSFs (see SSF Standard 12). ASX has integrated the testing and review of the recovery plan into its broader framework for testing and review of risk and default management policies and processes.
Footnote
ISO is an international standard-setting body and ISO 31000 is considered to be relevant guidance for enterprise risk management. The ISO 31000 standard has been reproduced by Standards Australia and Standards New Zealand as AS/NZS 31000 [12]