In its response to the CPMI-IOSCO consultative report on cyber guidance for financial market infrastructures, the World Forum of CSDs makes recommendations in the following areas:
- The WFC welcomes the Guidance as it makes steps forward in raising awareness on the various aspects of cyber resilience. However, any measures taken in the Guidance should be proportional in order to accurately reflect the risk profile of CSDs.
- Governance: While respecting the crucial difference between a strategy and a framework document, the WFC believes it makes sense to allow CSDs to streamline their policy and use a single document as an outline for their cyber resilience policy.
- Identification: The WFC would like for CSDs to be able to list their critical functions in terms of priority classes rather than separate critical business functions and information assets.
- Protection: Regulators should be aware that CSDs will not always be in a position to impose their own cyber resilience standards to other entities, especially since FMIs’ standards are particularly strict due to their role as central infrastructures. Furthermore, if possible, a CSD should be able to rely on existing assessments of critical service providers (CSPs), such as independent assurance reports, to demonstrate compliance with the Guidance.
- Detection: Although fully respecting the importance of actively detecting threats to cyber resilience, regulators should be conscious of the fact that not all CSDs are able to commit the financial and human resources required to carry out zero-day exploits for example.
- Response and recovery: The 2-hour recovery time objectives should be aimed for in the form of a benchmark, but not made a legal requirement. CSDs will seek to resume their operations as soon as is possible assuring the integrity of data rather than the immediate resumption of operations is a greater priority.
For more details, read the full response to the CPMI-IOSCO consultative report on cyber guidance for financial market infrastructures.
In its response to the CPSS IOSCO consultative report on the recovery of financial market infrastructures, the World Forum of CSDs makes 6 key recommendations to global regulators:
- CSDs should have sufficient discretion and flexibility to choose the most appropriate recovery tools and their sequence: Indeed, CSDs are different from CCPs in that they typically do not have a “default waterfall”, and in case of a major crisis, it is important that recovery of a CSD is not hampered by a rigid sequence that might not be appropriate to the particular situation.
- The report should clarify which tools apply to which type of infrastructure: While some recovery tools covered in the report will never be applicable in the case of CSDs, others are likely to apply to most CSDs. Others might only be relevant for a few CSDs, such as those operating under a banking license. To facilitate implementation, the WFC suggests that CPSS and IOSCO add a summary table specifying which tools may (but do not always have to) be used by each type of infrastructure.
- The report should recognize that loss sharing will in many cases not be applicable to CSDs: Most CSDs are not exposed to material credit risk in relation to their participants and their viability should thus not be affected by the default of a participant. Loss allocation will thus often not be appropriate and could actually create inappropriate incentives in the case of CSDs. Indeed, the requirement for participants to share in the losses caused by the default of another participant could lead these participants to reconsider their relationship with the CSD, potentially resulting in the usage of less regulated entities which are not subject to loss allocation for services similar to those provided by CSDs.
- The distinction between recovery and resolution could be clarified.
- CSDs should communicate transparently to their participants, but the full recovery plan should not be a public document.
- CSD recovery plans should consider the impact of recovery on third parties, taking into account limitations on access to information on third parties: CSDs often do not have the tools (legally or operationally) to identify and gather information on indirect participants, and thus do not usually have sufficient information to assess the potential impact of recovery measures beyond direct participants. Such limitations should be taken into account.
Read the full WFC response to CPSS IOSCO
The World Forum of Central Securities Depositories has ratified its Terms of Reference at their meeting in Dubai. This document aims at charting the way forward for regional cooperation in the CSD industry.
According to the Terms of Reference, the objective of the WFC is to provide a forum for the five regional CSD associations to exchange information, discuss issues of common interest and increase their influence and engagement on cross-regional and global developments, as well as providing a common voice on issues relevant to the various associations and their members.
At its meeting in Dubai, the WFC Board also confirmed that its next conference of the World’s Central Securities Depositories (WFC 2015) will be held in Cancun, Mexico from 19 – 22 May, 2015. Indeval, the national depository of Mexico in conjunction with ACSDA, will host this, the 13th edition of this biennial event.
Full press release
WFC Terms of Reference
The World Forum of CSDs issued a joint response to the CPSS-IOSCO consultation on the recovery and resolution of financial market infrastructures. The two main recommendations of the WFC to global regulators are:
to emphasise CSD recovery measures, given that the likelihood of a CSD running out of capital is extremely low thanks to their low risk profile;
to draft a single set of standards for CSD recovery and resolution, and clarify the extent to which the FSB Key Attributes will be applicable to CSDs.
Full text of the WFC response
The assessment methodology (AM) and disclosure framework (DF) proposed by CPSS and IOSCO to assess compliance with the new global Principles for financial market infrastructures have two different purposes, being addressed to regulators and to infrastructures respectively. However, the WFC wonders whether the different formats being proposed (questions in the case of the AM, headings with narrative descriptions in the DF) will not create additional complexity and duplication1 when complying with the FMI Principles. In particular we fear that the narrative format being proposed in the new DF will not enhance transparency when compared with the former disclosure framework as it relies entirely on “free text” responses which will make consistency, and therefore comparisons between infrastructures, quite difficult.
In fact, we believe that a more efficient and transparent solution for FMI disclosures can be achieved by using the AM as a basis for FMI self-assessments, and then possibly removing some AM questions if the related responses include confidential information which should not be made publicly available.
Read the full WFC response
The WFC welcomes the public consultation on the “Principles for Financial Market Infrastructures” published in March 2011 by the Committee for Payment and Settlement Systems (CPSS) and the Technical Committee of the International Organization of Securities Commissions (IOSCO).
We make four recommendations to global regulators prior to the finalisation of the Principles:
- The relevance of each principle among the different types of infrastructures should be better defined (for example, differences between CSDs and CCPs);
- The Assessment Methodology should also be subject to public consultation;
- Annex C should be reintegrated in the FMI principles to provide more clarity;
- The Principles should recognise that there are important limitations preventing CSDs to monitor all externalities;
- Finally, the new CPSS-IOSCO Principles should become a true global standard.
Read the full paper