There are definite cases of paranoia in certain risk discussions when it comes to CSD risk. Many moons ago, Ray Parodi of Citibank and I produced a risk assessment of CSDs for ISSA. The work was never widely published, as the combined forces of CSD managements around the globe castigated us for even associating the word “risk” with such inviolate infrastructures as themselves.
Times have changed, and CSD risk assessment (which must be distinguished from ICSD risk assessment) is now welcomed by some, tolerated by many and rejected only by a few. The EU CSD regulations identified the fact that investment is global and some of their moves, especially in respect of settlement date harmonization or common practices, will be valuable for market efficiency. But the key risks of a CSD remain, as we identified in our much-critiqued ISSA study in the 1990s, a failure in the recordkeeping of the CSD, legal and regulatory issues or, especially, a failure in the delivery versus payment process.
Failures in recordkeeping can arise through a dispute with a participant on the assets held at the CSD. Reconciliation protocols should limit the likely quantum of any risk, while clarity around record dates reduces the likelihood of corporate event-related errors. However, the risks for CSDs in this area are increasing as regulation and buy-side risk management requirements are leading to a move for more designated accounts. Quite simply, as the number of accounts operated by a CSD increase, the risk of error at the CSD increases. CSD documentation needs to be brutal in requiring daily reconciliation of each account between CSD and user, and there needs to be a positive confirmation process, supported by legislation, that such reconciliation is final and irreversible. Otherwise, the market dependence on the CSD notary function could be challenged, and, irrespective of rulebook wordings, CSDs could be at risk in the event of a dispute between their users and their clients.
The ISSA work on the legal and regulatory requirements for CSDs in the 1990s focused more on their rulebooks. There was clear concern at the opacity of loss-sharing arrangements. The worst case was in a Far Eastern market, which decreed that losses would be allocated to users at the CSD board directors’ discretion. That, in turn, led many participants to ring fence their CSD liability by placing their memberships in lowly capitalized subsidiaries. Today, legal risk is primarily related to the internationalization of investment flows and also the admittance of remote members to some CSDs. Quite simply, irrespective of the structure adopted domestically by the CSDs, they are at risk from extraterritorial challenge—although, paradoxically, their low capital bases do offer them some protection given the preference of plaintiffs to seek out “deep pockets.” However, in an ever-more-litigious world, their major risk is perhaps less financial than structural. The question is whether a ruling in another country could result in a freeze on the CSD’s activities across accounts or lines of securities in their books and whether this would be retroactive to the point of any such ruling in the relevant remote jurisdiction. In such a case, the ruling could cast doubt on transactions already settled, the legal status of holdings and thus any subsequent settlement undertaken.
The DvP process is one that has concerned ISSA and other commentators for many years. When we looked at the first G30 recommendations at ISSA, we adopted the concept of irrevocable, simultaneous and final movement of stock and cash. The T2S proposal at least gives us this structure, although, to be fair, it gives us it, by volume, in markets that had already adopted such a process. But, globally, DvP is a complex subject. It often fails to meet the requirements of the ISSA recommendations. DVP is often used to define two distinct processes that are expected to occur within a single day and said to operate in markets where separate unwinding of the transaction is tolerated. The solution is not a universal rush to central bank money for all securities transactions, as the market could not accomplish this unless central banks changed their policies and accepted, at the minimum, commercial debt as collateral with relatively modest haircuts. But markets have to, at the minimum, move to finality and simultaneity of exchange in commercial bank money and over the relevant securities accounts.
There is a growing fourth and fifth pillar in the risk model of CSDs. Over and above the dependability of the CSD notary function, the legal and regulatory structure and the DvP process, the modern day brings us related services’ operational risk and contagion risk.
The EU, with TARGET2-Securities (T2S), is promoting expansion of the different CSD product ranges. Given that T2S emasculates CSDs with its outsourcing requirement for settlement, this is unsurprising. But moving CSDs up the value chain is no simple task. They lack expertise in areas of asset servicing, cross-border settlement and even data management. And as non-banks, they have funding challenges unless they operate on a pre-funded and post receipt payment basis.
Market M&A activity may have collapsed under the pressure of economic nationalism in many target countries, but the current fragmented CSD environment is as unsustainable as the sub-custodian one. There are two risks arising. The first is financial, as can be evidenced by the impairment charges taken by many of the over-generous acquirers of CSDs in the past. The second is more worrying, and that is contagion risk where a CSD is part of a multi-purpose vehicle. If ever there was a case where firewalls had better be fireproof and the fiduciary structure of the CSD undoubted, it is in such organizations.
The risk of a CSD failure remains low, but it is growing. The trouble is, as events of the current decade have shown, 99.9% certainty does not mean one can assume that it will take a millennium for the risk to materialize. The markets should take note, but on a reasoned basis, and not through commercial self-interest.