The experts, especially the legal profession, are still struggling with the question of the extent of liability assumed by depositories under the proposed European UCITS regulations. It is early days and we need to wait for further detail to draw firm conclusions. But there would be huge and undesirable consequences if the view of one of the major law firms, based on the level one wording, were to prevail. Quite simply, that view sees no difference between issuer and investor central securities depository (CSD), no limitation of depository liability for assets in a CSD unless there is loss during a primary market operation and no ability to apply the “beyond reasonable control” concept.
I have to stress that I do not support this view although I am the first to admit that the situation is far from clear. My understanding is, though, that assets held with an investor CSD are treated as if they were at a sub custodian, whilst those held at an issuer CSD will, subject to certain conditions, be treated differently. In reality, as long as the depository has undertaken a sound due diligence of the CSD, as long as the asset in question is issued into that CSD and as long as there was no genuine choice of alternative issuer CSD, the depository has a case to argue. If such a CSD were to fail or assign shortfalls in securities accounts to its users, then I believe the depository would be exempted from the obligation to replace the affected assets. I do stress this is an interpretation of my understanding of the regulatory intent rather than a strict interpretation of the current wording of the directive. And I have been critical in the past of the lack of clarity around the exclusions for depositories, even in AIFMD, especially the refusal to give examples of what could be deemed outside the control of the depository. The obvious issue to consider would be a failure of cyber security at a CSD causing loss of assets.
Let us not underestimate the issue. The reality is we will most likely have an alignment of asset safety conditions across AIFMD and UCITS. Indeed it is also likely that client demand will result in the rules being applied to all funds, as long as they are reasonable.
We have to recognize that, to date, no CSD has incurred a loss that has led to it passing on losses to its users. Mind you, before the recent market crash, nobody had seen default rates on mortgages at anywhere near the level they hit to cause the wipe out of multiple securitized issues and several firms! CSDs are formidable stores of value, holding over seventy trillion dollars of assets. There are no resolution arrangements to handle their default, unlike many other systemically important market players and structures. They often do not have pre-agreed loss sharing rules. Most are lowly capitalized. Few have substantial insurance cover. Some even exclude employee fraud from their own liability.
But, as they, and other parts of the financial markets infrastructure such as payment systems, are mandatory by law or market practise, it has always been assumed that, with the caveats I have already noted, loss is an investor and not an intermediary risk.
If that were to change, there would be a major new game plan. The problem is quantum. Given the scale of assets held in CSDs any criminal or other activity leading to loss of assets could be substantial. If there are tens of trillions of assets in these CSDs, the loss figure could rack up to several billion. Everyone will admit that the likelihood of this occurring is remote. But it is not impossible. And that destructive potential, threatening the viability, or even survival, of the parent banks of the impacted depositories, is the primary reason why more clarity is needed and a clear understanding of the potential consequences of a full liability solution is understood.
If there is full liability, there will be four inevitable reactions. First, some players will exit the market. Second, some players will seek to ring fence depository activities. Third, there will be a radical revision of countries eligible for the impacted funds. And finally there will be a requirement for a major revision of the CSD model.
The exit of some players is likely to have a negative, or perhaps positive if you are sell side, impact on pricing. The ring fencing would be by means of legal ring fencing of the depository, placing it in a standalone subsidiary. That will create an interesting dialogue with the regulators and one would expect some quite tough discussions on the nature and level of capital required. That again would most likely lead to more exits from the market as capital allocated to the depository reduces availability elsewhere. Reducing availability of eligible countries will not necessarily be an emerging market issue. The decision has to be based on financial strength of the CSD and that could be challenging for those operated as a utility rather than a for profit environment. The decision would also reflect a more stringent approach to legal risk with perhaps markets, where the concept of beneficial ownership is unknown in law, being excluded. The decision could also have geopolitical causes, where certain classes of investor, mainly cross border, fear they could be penalized in some countries in any loss event for the benefit of domestic players.
But there would also be a huge demand for the CSD to meet the requirements for more financial muscle. And that is a problem. How many CSD owners are willing to place capital into their CSD when returns on its commoditized services would offer sub optimal rewards? Could the CSDs get insurance to compensate for lack of capital? The reality is that insurance is not guaranteed year on year. Insurers would demand to understand the key risks of the CSD and the structures to prevent fraud, cybercrime and operational failings would need to be strengthened. And the cost would be substantial. Welcome back the $20 trade!
In reality there would need to be a consolidation of CSD services across Europe, most likely to the ICSDs. Again some would welcome that and others would feel it outrageous. The impact outside Europe would be less as other regulators do not appear to be considering anywhere near the current AIFMD level of liability. But non-EU structures would suffer, as would their economies, if cross border capital starts to flow less openly.
Some will say the worst-case picture I paint is totally unreal. I agree it has low likelihood but I do not believe our industry is in the business of accepting wipe out risk for the odd basis point. And, even if actuarially low risk, the existence of remote risk of this quantum will, quite rightly, cause serious concern to risk managers around the world.