Assessment of ASX Clearing and Settlement Facilities C2. Financial Stability Standards for Securities Settlement Facilities

Standard 3: Framework for the comprehensive management of risks

A securities settlement facility should have a sound risk management framework for comprehensively managing legal, credit, liquidity, operational and other risks.

ASX Settlement Austraclear
Observed Observed

3.1 A securities settlement facility should have risk management policies, procedures and systems that enable it to identify, measure, monitor and manage the range of risks that arise in or are borne by the securities settlement facility. This risk management framework should be subject to periodic review.

Identification of risk

ASX's high-level framework for risk management is described in its Enterprise Risk Management Policy. Specific risks are identified and assessed on how likely it is the risk event will occur within the next 12 months and the potential impact. Reputational and participant impacts are considered along with the financial, operational and regulatory impacts of risks.

Comprehensive risk policies, procedures and controls

ASX's Enterprise Risk Management Policy has been developed with reference to the international standard ISO 31000 Risk Management – Principles and Guidelines.[12] At a high level, the ASX Enterprise Risk Management Policy outlines: the overall risk environment in the ASX Group; the objectives of risk management policies; the process by which risks are identified and assessed; the controls in place to detect and mitigate risks; and how risks are monitored and communicated. ASX's stated tolerance for financial, operational, legal and regulatory risks is ‘very low’.

ASX uses key risk indicators to measure levels of risk in the organisation and categorise risk levels according to a scale: satisfactory; below or at target risk tolerance, action required to further control the level of risk; above target residual risk but within risk tolerance; or unsatisfactory, exceeding ASX's risk tolerance.

The Enterprise Risk Management Policy also sets out how specific risk responsibilities across the ASX Group, including to the ASX Limited Board of Directors, the Audit and Risk Committee, the Risk Committee, the General Manager, Enterprise Risk and managers of individual functions are assigned. Managers of relevant functions are responsible for identifying and monitoring risks relevant to their function's activities, as well as for designing and implementing risk management controls to manage identified risks. As part of the risk profiling and assessment process, management assesses the appropriateness and operational effectiveness of these controls twice a year; these assessments are reviewed by the Risk Committee.

ASX's Settlement Risk Policy Framework sets out a comprehensive set of settlement-related risk policies to support the risk management approach of ASX's SSFs. These policies govern more detailed internal standards, which in turn govern specific procedures for the management of settlement-related risks. The structure of policies, standards and procedures reflects the requirements of the FSS.

A number of boards and internal committees oversee settlement risk management policy, including:

  • The CS Boards. Each CS facility has a board (see SSF Standard 2.3 and ‘ASX Group Structure’ in Appendix B.1), which shares members with the other ASX CS facilities. The Settlement Boards have oversight of the Settlement Risk Policy Framework, and are responsible for any significant amendments. Policies and designated key standards under the framework are also governed by the Settlement Boards.
  • Risk Committee. The Risk Committee is constituted to ensure the adequacy and appropriateness of the risk management frameworks, policies, processes and activities of the ASX Group. This includes overseeing the implementation and adequacy of the Enterprise Risk Management Policy and reviewing and approving key risk management policies, standards and procedures. It is chaired by the CRO and comprises the CEO, Deputy CEO, Chief Financial Officer (CFO), COO and Group General Counsel and Company Secretary. The Risk Committee meets at a minimum on a quarterly basis.
  • Regulatory Committee. The Regulatory Committee is chaired by the ASX Group General Counsel and Company Secretary and is made up of the CEO, Deputy CEO, Chief Compliance Officer, COO and CRO. The committee manages the processes associated with the development and execution of policy in relation to the operation and conduct of the ASX CS facilities, and ASX's licences, markets and other operations. It also oversees regulatory and legal management processes across ASX, amongst other responsibilities. The Regulatory Committee meets on a quarterly basis.
  • Participant Incident Response Group (PIRG). PIRG is responsible for coordinating ASX's response to a settlement participant incident, and provides input into policy determinations and settings as necessary in response to such incidents. The PIRG is chaired by the Executive General Manager, Operations, and is made up of senior staff from the operational, risk management, compliance and legal functions. Meetings of PIRG are convened as required to address an actual or potential participant incident.

Information and control systems

Since ASX Settlement and Austraclear do not assume credit or liquidity risk as principal (see SSF Standards 4 and 6), they do not require information and control systems to monitor these risks.

ASX Settlement nevertheless employs information systems that provide participants with information regarding their money and securities settlement obligations. This information assists participants in managing their funding and delivery obligations and risks (see SSF Standard 6.2). By contrast, Austraclear's use of DvP Model 1 settlement avoids the creation of credit exposures during the settlement process and limits the direct liquidity impact of a participant default on non-defaulting participants (see SSF Standard 10.2). Accordingly, there are no relevant participant settlement and funding flows for Austraclear to measure and monitor (see SSF Standard 6.2).

Internal controls

ASX's documented risk management policies and standards specify requirements for periodic formal review, although more frequent reviews may occur depending on changes to technology, business drivers or legal requirements. Reviews are conducted by specific working groups and committees as required. The Risk Committee approves enterprise-wide policies and standards. Under the Enterprise Risk Management Policy, ASX updates its risk profile every six months at a functional level, identifying relevant risks and setting out planned actions to respond to those risks.

Risk management arrangements are also subject to periodic review by Internal Audit. Such audits aim to provide assurance that the risk management framework continues to be effective. Risk management arrangements may also be subject to review by external experts from time to time.

The Enterprise Risk Management Policy is reviewed by the Audit and Risk Committee on a two-year cycle, with the most recent review taking place in February 2016. In late 2017, ASX commenced a three-year plan to refresh its enterprise risk management approach (see section 2.3.2).

3.2 A securities settlement facility should ensure that financial and other obligations imposed on participants under its risk management framework are proportional to the scale and nature of individual participants' activities.

ASX Settlement and Austraclear do not place financial obligations on their participants under their respective risk management frameworks. The ASX SSFs are not participants or guarantors to any transaction submitted for settlement through them and are not directly exposed to credit or liquidity risk. ASX Settlement's DvP Model 3 settlement process and Austraclear's DvP Model 1 settlement process do not expose participants to settlement risk (see SSF Standard 10.2). At ASX Settlement, fees levied on participants that fail to meet their securities delivery obligations are proportional to the value of the failed obligations. At Austraclear, transactions that are not settled successfully on the day that they are submitted are removed from the settlement queue at close of business without penalty. Operational and other participation requirements placed on participants are discussed under SSF Standards 14.6 and 15.2.

3.3 A securities settlement facility should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the securities settlement facility.

ASX Settlement and Austraclear may apply sanctions to, or place additional requirements on, participants that fail to comply with their Operating Rules or Regulations. Participants may ultimately be required to seek alternative settlement arrangements.

3.4 A securities settlement facility should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies, and develop appropriate risk management tools to address these risks.

ASX Settlement and Austraclear review the material risks that they bear from and pose to other entities in the context of their ongoing review of enterprise risks (such as the six-monthly update of risk profiles; see SSF Standard 3.1), and their processes for identifying risks associated with new activities. In the case of new products and services, ASX undertakes risk assessments when undertaking an expansion of its activities or in the event of material changes to its business. Risk assessments are built into ASX's project management framework (see SSF Standards 12.1 and 14.4).

The interdependency between ASX Settlement and ASX Clear for the settlement of novated transactions is managed within the context of ASX Group's broader risk management framework (see SSF Standard 17).

The interdependencies between Austraclear and each of ASX Clear and ASX Clear (Futures) for the settlement of margin and other payment obligations are managed within the context of ASX Group's broader risk management framework (see SSF Standard 17).

3.5 A securities settlement facility should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. A securities settlement facility should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, a securities settlement facility should also provide relevant authorities with the information needed for purposes of resolution planning.

ASX Settlement and Austraclear have established a recovery plan that identifies scenarios that could threaten the ASX SSFs' ongoing provision of critical services, describes events that would trigger the activation of the recovery plan, and sets out how ASX would respond to such scenarios. It also describes the suite of tools available to the SSFs in recovery and details the governance arrangements both for the use of these tools and for review of the recovery planning framework. ASX has integrated the testing and review of the recovery plan into its broader framework for testing and review of risk and default management policies and processes.

Footnote

ISO is an international standard-setting body and ISO 31000 is considered to be relevant guidance for enterprise risk management. The ISO 31000 standard has been reproduced by Standards Australia and Standards New Zealand as AS/NZS 31000. [12]