The Vexatious Issue of Custodian Liability

AIFMD has proved even more of a headache than many supposed. Just as the industry thought they had come to grips with their obligations as a result of any CSD delinquency, the regulators have muddied the water.

AIFMD has proved even more of a headache than many supposed. Just as the industry thought they had come to grips with their obligations as a result of any CSD delinquency, the regulators have muddied the water. The European Commission has stated that the provision of custody is not part of the services exempted from the delegation criteria, as it seeks to explain the true meaning of the opaquely worded Article 21(11) of the AIFMD. The exemption is critical, as those functions it encompasses are off risk for custodians.

But the explanation given to date is far from clear; and clarity is needed. There is a view in London that the latest explanation means that assets held at the appropriate issuer CSD are exempted but that those held in an investor CSD are not. But there are contrary views ranging from a belief that all functions of a Securities Settlement System are covered to an opinion that the delegation exemption is limited to settlement and does not cover custody at all. The problem is the definition of custody in the latest Commission statement. If it relates to services beyond the standard settlement and notary function of a CSD, the Commission’s comments appear logical. If, though, it covers the notary function, the consequences are serious.

However, the delegation or non-delegation argument has also overshadowed one that I believe is apposite; that is the exemption from liability of events that are outside of the control of the custodian. In effect I would suggest that, in cases where an instrument has to be held, as a legal or practical requirement, in a CSD, there cannot be liability. If there is choice of CSD in a country and only one of the CSDs was delinquent, it is possible that liability could arise. If one uses an investor CSD, there would be choice, and so liability could arise. If an instrument can be held in physical form, rather than at a CSD, and that did not impact its transferability or its trade-ability, there could be an argument that there is choice, and thus potential liability.

The ambiguity around Article 21(11) and the lack of clarity around best practice and the concept of control needs to be clarified. The risk of CSD failure is definitely low. The risk of a loss arising due to an incident impacting a CSD is higher, especially in the era of computer fraud, and the lack of detail around resolution of such an event at many CSDs is a concern. The trouble is the scale of the potential liability, and, above all, the capital needed to cover such a risk. There are several tens of trillions of dollars of assets held in custody worldwide and even the most modest of risk weightings could undermine the whole industry. Regulators either feel that usage of a CSD is a risk that should be assigned to pockets of capital in the financial sector as CSDs have only modest capital backing, or they should be unequivocal in their definition of the liabilities to be assumed. If the regulators feel there is a risk, then we need a risk capital guideline. After all, each basis point of risk weighting would require capital of around $5 billion across the industry. In other words, assuming a highly conservative 10% ROE, the market would need to charge another half billion dollars per annum on ad valorem flows to compensate.

It is also debatable whether the industry has access to anywhere near such a huge share of capital. With the exception of certain specialized U.S. firms, custody is usually a small percentage of a universal-style bank’s business. As such it would need to compete for capital and, at the current fee levels as well as a potential capital hit, it is likely that it would be far from the front of the queue.

So how can the problem be overcome? I have already mentioned the need to clarify the limitation on liability where usage of a CSD is mandatory or de facto mandatory. There is also a need to clarify the role of the custodian or administrator in investment selection. If the custodian or administrator is to be responsible for the safety of assets without limitation and, as in almost all jurisdictions, the use of a CSD is mandatory, the custodian or administrator will need to have a veto over investment management country selection. Yet regulation does not allow them to manage investments and overrule country selection of the investment manager. Logically, the custodian or administrator could decline to service a fund in specific markets but, if their views and such rights, which may change with time, are not reflected in the fund prospectus, I would suggest the administrator, especially, could be deemed by investors to be in breach of their fiduciary duties in the event of seeking to influence country selection.

So, assuming logic prevails and the administrator is not deemed to be a surrogate investment manager for the purposes of country selection, what due diligence should they need to undertake and what information would be needed by the investment manager to ensure they make the appropriate informed decisions? In practice, there are several issues to be considered. There is the level of capital and insurance support and its scope, but, by comparison to commercial vendors, it is low at CSDs in almost all cases. There is the operational integrity of the CSD, but generally external audit reports or the product of internal audit are closely guarded secrets. There is the effectiveness of firewalls against hacking, but information on this, quite rightly, is hard to come by. There is the contagion risk through links to others, whether CSDs or commercial agents, which some (although I would beg to differ) argue falls within the scope of the delegation exemption. And, where CSDs operate as banks, there is redeployment risk, timing risk and hedge management risk. There may be structural risk where there is commingling of low-risk functions such as the classical securities settlement function and CCP risk or even the less appreciated risk of many of the new risk mitigation vehicles such as SEFs or Trade Repositories.
I have long argued for the need for regulatory clarity so that we can better manage risk. In the case of AIFMD, and the draft UCITS V papers, unfortunately that clarity appears to be currently missing.