The global financial crisis has prompted network management groups to review procedures for monitoring risk across their sub-custody networks and for ensuring that assets held with sub-custodians and infrastructure entities are well protected.
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
Sub custodian Risk Monitoring: analysing shifts in the industy practise
1. Sub-custodian risk
Sub-custodian
Risk Monitoring:
analysing shifts in
industry practice
The global financial crisis has prompted network management
groups to review procedures for monitoring risk across their
sub-custody networks and for ensuring that assets held with
sub-custodians and infrastructure entities are well protected.
Bob Currie reports
Financial Services Research Q4 2010
In the wake of the global financial crisis, Tier 1 and 2 banks Indeed, under FSA regulations in the UK, broker-dealers
and brokers have been reviewing their procedures for mon- and global custodians running their own network have pre-
itoring risk across sub-custodian networks, CSDs and cash viously faced no explicit requirement to conduct regular on-
correspondents. Derek Duggan, Director of Data Services site monitoring for their sub-custodians. Network managers
at ratings, information and institutional advisory specialist would ask their sub-custodians to complete risk question-
Thomas Murray, notes that in the past some global net- naires, in many cases supplementing this with additional
work management groups have relied heavily in their sub- information acquired by conference call, and commonly this
custodian risk monitoring on input from industry surveys, would satisfy their internal compliance requirement. Little,
passive web conferencing or sub-custodian relationship outside the largest groups, was done at all to look at the
and sales visits to complete their due diligence – and such local market infrastructure organisations, including CSDs. It
an approach has obvious weaknesses. However, banks and is evident, notes Duggan, that some network groups were
brokers now wish to verify this information themselves and not conducting regular on-site due diligence, particularly
36
are taking necessary steps to do so. for the smaller, low-volume markets within their networks.
2. Sub-custodian risk
Some broker-dealers had little in place technology to establish an efficient rolling
for monitoring the performance of their six-monthly review process.”
sub-custodian and for identifying points of
risk. As a consequence, it was questionable Some of these inadequacies became clearly
whether this level of passive monitoring apparent in the tumultuous days of Sept-
provided the robustness and resiliency to Oct 2008. Shepherd contends that in days
protect client assets adequately. following the Lehman Brothers bankruptcy,
risk managers were approaching the
European regulatory initiatives are now network team asking for a complete list
forcing change. Both the Alternative Invest- of the counterparts that they are dealing
ment Fund Manager (AIFM) Directive and with across their global networks – and, in
Derek Duggan, the pending UCITS V Directives currently some instances it might take days or even
Director of Data Services,
require the global custodian to take re- weeks to assemble such a list (see further
Thomas Murray
sponsibility for their sub-custodians. This, in S. Shepherd, Building on Stable Tech-
notes Duggan, is a very sensitive issue in nology, FSR Q2 2010, pp 68-9). “For the
the industry. Some global custodians have Head of Network Management, it should
responded by expanding their own self be possible to draw upon an appropriate
clearing arrangements, reducing depend- technology package in order to pull down
ency on a network and keeping the risk a complete and up-to-date list within
on their own balance sheet. There has also minutes, providing as much detail as the
been pressure in this direction from asset risk management division, its credit team
owners, which are demanding greater or its senior management might require,”
transparency from their global custodians he says. “But many organisations at the
regarding potential risks to their assets at current time are not remotely close to that
market level. This level of risk disclosure reality. They may be able to go to a paper-
is something that the US Securities and based file and pull down lists that they
Exchange Commission, under its Rule have prepared some time previously. But
17f-7 to the Investment Company Act, they have limited ability to gain a real-time
have required for mutual funds for nearly a consolidated view on key information: how
decade. large is our current exposure to X and Y
counterpart? How much did we pay sub-
For Simon Shepherd, Chief Executive of custodian Z last month and how does this
MYRIAD Group Technologies – provider of breakdown across the suite of services that
technology and analytics to assist network they provide to us?”
managers in monitoring performance
across their supplier relationships – the Publicly, notes Shepherd, some network
global financial crisis drove home to some management teams might declare that the
network management groups the need for level of protection afforded to client assets
urgent review of their internal procedures. is as robust as it possibly could be. But
He makes the point, somewhat forcibly, he adds a caveat that this protection is as
that sub-custodian risk monitoring is often robust as it could be when employing out-
Financial Services Research Q4 2010
disjointed, ad hoc in nature, and lacking in moded, paper-based procedures that are
quality. Because the process does not utilise highly labour-intensive. “If you work with
available technology, this has often re- seven sub-custodians who are part of the
mained a manual, labour-intensive process same group, but you call and spell them 25
that consumes too much time and is not different ways, including the parent, how
conducted with necessary frequency. “It is comprehensive is your risk-reporting going
possible to identify a dozen or more institu- to be?”, he inquires.
tions across our industry that review their
sub-custodian networks in their entirety no Review process
more than once every three years,” he com- However, it is evident that Shepherd’s criti-
ments. “In many cases, these organisations cisms are targeted at selected institutions
recognise that they should be reviewing that have been slow to prepare for crisis
their entire network every six months. But and slow to react in its wake. At the other
37
they do not have the manpower or the end of the best practice spectrum, there
3. Sub-custodian risk
are also banks and brokers that have taken has in place with sub-custodians. This has
early and comprehensive steps to ensure included an appraisal of documentation,
that they have robust procedures in place including service level agreements and any
and to remedy any weaknesses that may parental guarantees that a bank may offer
become apparent. across its branch network. The objective is
to ensure that levels of protection afforded
Managing Director of JPMorgan Network to client assets are as high as they can be
Management, Elizabeth Fortier, indicates – and also to remove the possibility that
that JPMorgan has conducted a detailed standards of service delivery may slip during
review of its existing protocols in the wake periods of financial trauma.
of the global financial crisis – and has been
encouraged by how well its procedures for Beyond the above, Fortier outlines two
sub-custodian selection and monitoring important developments that JPMorgan
stood up during this period of economic network management has made to its sub-
upheaval. custodian appointment process. The first
is to appoint “back-up” sub-custodians in
Subsequently, JPMorgan has maintained selected markets across its network. “We
broad continuity with these established have established accounts with a second
Little, outside the largest groups, was done at all to look at the local market infrastructure
organisations, including CSDs. It is evident that some network groups were not conducting regular
on-site due diligence, particularly for the smaller, low-volume markets within their networks. Some
broker-dealers had little in place for monitoring the performance of their sub-custodian and for
identifying points of risk. As a consequence, it was questionable whether this level of passive
monitoring provided the robustness and resiliency to protect client assets adequately.
procedures – but has also made selective sub-custodian in a number of locations,
adjustments to internal policies in order providing contingency provision that will
to strengthen its ability to respond as an help us to react quickly should we identify a
organisation to potential risks. Specifically, potential threat in any of these locations,”
it has introduced amendments to internal she says. Looking back 10 years, JPMorgan
communication protocols to ensure that it had dual agents in a number of markets as
can coordinate a prompt and formalised it managed the Y2K problem and transition
response across key divisions within the to the euro. This provided a back-up plan,
organisation. The goal is to ensure that key should any of its sub-custodians experience
Financial Services Research Q4 2010
personnel have access to necessary infor- difficulties during these project migrations.
mation, their responsibilities are clearly de- However, this is the first instance since that
fined, and that appropriate data is in place time when JPMorgan has taken a decision
to support prompt decision making during to appoint a back-up sub-custodian as a
times of financial stress. “These relatively contingency measure.
small adjustments to our internal proce-
dures can make a big difference in enabling Second, JPMorgan is assessing the poten-
key staff to determine the appropriate tial benefit of employing direct custody
course of action and execute quickly under arrangements in more markets globally.
crisis conditions,” says Fortier. JPMorgan Worldwide Securities Services
recently established a sub-custody opera-
Also, JPMorgan network management tion in Ireland to complement the custody
has conducted a comprehensive review and clearing presence that the bank already
38
of the contractual arrangements that it has in India, Russia, Taiwan, Australia and
4. Sub-custodian risk
New Zealand, the UK and the US. With this Through this model, Clearstream has
development, JPMorgan network manage- created a set of tools designed to offer
ment has the option of utilising a group maximum protection to beneficial owners
sub-custodian as a means to control risk regarding the safety of their assets at
more effectively across its sub-custodian market level. “This is not to imply that we
network. Strategically, the bank will aim to disintermediate our banking clients
continue to explore avenues for business and to reach out directly to institutional in-
expansion and this will include potential vestors as our future customers,” says Gem.
opportunities to establish on the ground “However, we do wish to offer a robust
custody and clearing coverage in more and flexible set of service options to this in-
markets worldwide. vestor community – and we recognise that
in some instances a pension fund might feel
Clearstream’s Head of Network Manage- most comfortable in, for example, lending
ment and Executive Board Member Mark securities for asset optimisation purposes
Gem reports that, within his organisation, through Clearstream as an ICSD rather than
Elizabeth Fortier, change has also been incremental rather via its commercial bank custodian.”
Managing Director,
JPMorgan Network Management than representing an all-embracing over-
haul of network management practice and FSR asked Mark Gem whether he feels the
supporting operations. In many cases, he account operator model has been accorded
suggests, network managers across the greater credibility on the back of develop-
industry have taken all reasonable meas- ments in financial markets in recent times.
ures to ensure that client assets are well “Yes we do,” he responds. “We do not
protected across their global networks. claim that the account operator model
However, the global financial crisis has provides better protection for client assets
highlighted a number of areas where in instances of insolvency. We are not
approaches to risk management may be certain that it does. But what the account
changing. operator model does offer is the means to
For the Head of Network Management, it should be possible to draw upon an appropriate technology
package in order to pull down a complete and up-to-date list within minutes, providing as much
detail as the risk management division, its credit team or its senior management might require. But
many organisations at the current time are not remotely close to that reality. They may be able to go
to a paper-based file and pull down lists that they have prepared some time previously. But they have
limited ability to gain a real-time consolidated view on key information ... Financial Services Research Q4 2010
One such area is continuity planning. manage continuity in the event of a default
Clearstream’s approach to ensuring conti- at the agent bank. This provides us with
nuity, he explains, has been to seek direct a higher level of control over our account
access to the financial infrastructure wher- information and the possibility that we can
ever possible. In line with this objective, it get alternative operational arrangements
has employed an operated account model up and running at short notice should our
whenever practical, enabling Clearstream agent bank fall into difficulties.”
to establish direct access to the CSD, and
when possible the payment system, even For Gem, another implication of the global
in instances where, from an operational financial crisis is that it has instilled a
perspective, it still requires intermediation greater appreciation across the industry of
39
from a local sub-custodian. the potential value of central bank money
5. Sub-custodian risk
settlement. One of the benefits extended raised the number of staff employed in its
by the launch of LuxCSD – the initiative central risk management division and it has
of Clearstream and Banque Centrale broadened the range of expertise within
de Luxembourg to establish a CSD for this function. In network management,
Luxembourg and to provide domestic ac- BBH has appointed a dedicated chief risk
cess for the Luxembourg community to the officer and compliance officer, along with
TARGET2-Securities (T2S) infrastructure a number of risk analysts that will support
– will be its ability to settle international their activities. This CRO for the network
securities in euro central bank money ahead management function will report directly to
of the release of T2S. “Situated on top of the Head of Risk for BBH. “The intention is
the CeBM settlement options provided by to ensure that we are fully compliant with
Clearstream CSDs, we have the capacity to our own internal policies and procedures
provide a consolidated custody value-added and that these are properly aligned with
service layer, including position manage- external regulatory commitments that we
ment,” he says. “This offers the flexibility must adhere to as a firm,” says Rand.
that customers require to meet their settle-
ment and asset servicing needs both prior Alongside this, BBH has taken a decision to
to the release of TARGET2-Securities and increase from four to five the number of lo-
after implementation of the T2S platform.” cations in which it has network management
staff represented throughout the world.
Continuous communication With network managers situated in Boston,
In efforts to draw lessons from the global Hong Kong, London, Luxembourg and Mark Gem,
Head of Network Management
financial crisis, Brown Brothers Harriman Tokyo, this enables BBH to remain close to and Executive Board Member,
(BBH) has conducted a comprehensive the source of its business, namely the asset Clearstream
appraisal of operational procedures and owners, and also to be as near as possible
JPMorgan is assessing the potential benefit of employing direct custody arrangements in more
markets globally. JPMorgan Worldwide Securities Services recently established a sub-custody
operation in Ireland to complement the custody and clearing presence that the bank already has
in India, Russia, Taiwan, Australia and New Zealand, the UK and the US. With this development,
JPMorgan network management has the option of utilising a group sub-custodian as a means to
control risk more effectively across its sub-custodian network.
risk controls which spanned more than 12 to the sub-custodian banks employed across
months and which continues on an ongoing its global network. Consequently, BBH has
Financial Services Research Q4 2010
basis. Andrew Rand, BBH’s Global Head of network management officers located in
Network Management, tells FSR that BBH each time zone that can respond at any early
has long been risk averse as a company, a point to any risk concerns or operational is-
factor closely linked to its partnership struc- sues that might develop at market level.
ture, and it has set the bar high in terms of
risk management standards, including its The focus of this strategy, notes Rand, is to
monitoring of risk at sub-custodian level. maintain a culture of continuous communi-
On the basis of this detailed procedural re- cation between BBH, its sub-custodians and
view, BBH has elected to supplement its risk its beneficial owner customers. From a sub-
management capability in several areas. custodian monitoring standpoint, BBH net-
work management has a rolling quarterly
One important response has been to review process in place through which each
increase the number of staff dedicated to of its sub-custodians is expected to keep
40
risk and compliance. At bank level, BBH has BBH fully updated on their financial status
6. Sub-custodian risk
and to communicate any significant changes on-site visits, notes Rand, is the ability to talk
that may be taking place in their service directly to key personnel within the regula-
environment. “As part of this strategy, we tory authorities and financial infrastructure.
maintain a schedule of on-site visits, as well These discussions help BBH staff to build
as videoconferencing, telephone calls and a clear picture regarding how pending
web-based reporting, that will ensure timely changes at market level are destined to
information flow from each of our agent impact the foreign investor.
banks,” he says.
Continuous risk assessment
Expanding on this point, Rand volunteers Richard Barker, Senior Manager Network
that in the network management world Services, Network Management at RBC
there tends to be a glamorised perception Dexia Investor Services, tells FSR that his
of due diligence which involves a network organisation has introduced a series of
We do not claim that the account operator model provides better protection for client assets in
instances of insolvency. We are not certain that it does. But what the account operator model does
offer is the means to manage continuity in the event of a default at the agent bank. This provides
us with a higher level of control over our account information and the possibility that we can get
alternative operational arrangements up and running at short notice should our agent bank fall into
difficulties.
manager stepping onto an aeroplane and adjustments to its risk monitoring strategy in
crossing continents to conduct on-site visits response to the financial trauma witnessed
with each agent several times per year. globally over the past three years. Approxi-
However, this may not be an accurate repre- mately two years ago, it established a Net-
sentation of what good practice involves. “In work Management Working Group, chaired
our mind, due diligence is something that by Tim Wood, Head of Network Manage-
happens every day,” he says. “When we do ment. This committee meets every second
conduct on-site due diligence, much of our week and is attended by representatives
analysis is a verification of the due diligence from eight different divisions within the bank
that we have been conducting, on a daily whose responsibilities overlap with network
basis, throughout the year. We have a wide management, including operations, client
range of tools available to us at our desks service, sales and relationship management,
that enable us to conduct frequent and credit, legal, compliance and risk. This com-
detailed risk assessment. When preparing mittee has a duty of care around transpar-
video-conferencing and conference calls with ency and good governance for the organi-
Financial Services Research Q4 2010
our local agents, we prepare these evalua- sation – and all key decisions affecting the
tions with the same rigour as we do when future strategy of the network management
travelling to market to conduct an on-site team are evaluated by this central decision-
review. This will include an extensive review making body. RBC Dexia Investor Services
of service level agreements, any pressing has also introduced a sub-custodian risk
legal and compliance issues, and ongoing report, which is produced weekly and tracks
changes at market level that may impact our and records 26 different sets of metrics and
ability to process transactions or to safekeep data highlighting various warning trigger
client assets.” More generally, BBH maintains points. This serves to provide advance notice
close contact with a sub-custodian’s senior that a sub-custodian may no longer meet
management in order to retain clear under- RBC Dexia’s minimum appointment criteria.
standing of their strategic thinking and the
direction in which they are taking the com- In September 2009, RBC Dexia took a
41
pany. Much of the value gained from making decision to review the geographical struc-
7. Sub-custodian risk
ture and organisational coverage of its From a sub-custodian standpoint, Colin
network management department. It now Brooks, Global Head of Sub-Custody and
has network staff situated in four centres Clearing at HSBC Securities Services, has
of excellence globally, located in Toronto, witnessed an enhanced focus on sub-
London, Luxembourg and Singapore. This ar- custodian risk monitoring in many guises.
rangement provides global network support “This is apparent when we receive a
for RBC Dexia’s business 24 hours per day, due diligence visit, or we are required to
ensuring that network staff remain close to complete a due diligence questionnaire or
sub-custodians, to local market infrastructure an RFP,” he says. “In each case, we have
and to clients. This allows the network man- noted a rise in the level of detail required
agement team to react promptly to any risk by these risk assessments. Our clients are
concerns that may develop at market level. seeking additional detail around how we
reconcile trade and holdings information
Overarching these provisions, RBC Dexia with clearing houses and depositories. They
network management department has a are seeking detailed information regarding
methodology in place that it has labelled our financial stability; and the business
Continuous Risk Assessment (CRA). “The continuity planning arrangements that we
key word in this title is continuous,” explains have in place. And, they are requesting
Richard Barker. “Sub-custodian risk moni- comprehensive information regarding how
toring is something that we do on a regular assets are held in the local market, how title
and ongoing basis.” The CRA model is is transferred and whether they will retain
applied across the 88 markets in which RBC access to those assets if a sub-custodian or
Dexia supports and safeguards client assets infrastructure entity passes into insolvency.”
In our mind, due diligence is something that happens every day. When we do conduct on-site due
diligence, much of our analysis is a verification of the due diligence that we have been conducting,
on a daily basis, throughout the year.
and across approximately 130 sub-custodian Not only has the depth of questioning in-
relationships. “The CRA model is undertaken creased within these risk reviews, but HSBC
in many ways, including remote and on site has noted greater intensity in the follow
due diligence,” he adds. “One of the cardinal up process. “In times past, often it was the
rules around which our asset protection case that we would receive a due diligence
methodology is built is that it is obligatory questionnaire or RFP, we would respond to
for all providers to accept and agree with the those questions, and typically this would sat-
CRA process.” The CRA model has six main isfy the requirements of the risk evaluation,”
segments – namely legal, sub-custodian re- says Brooks. “Now, the depth of analysis
lationships, market information, operations, and follow up has moved to a higher level.
Financial Services Research Q4 2010
financial and risk management – and under- Clients are analysing our responses more
lying these six headline categories there are carefully and they will come back to us for
approximately 30 different risk criteria that detailed follow up driven by questions from
are monitored on a continuing basis. the broad range of experts represented on
the organisation’s risk committee.”
In line with this methodology, RBC Dexia
has taken the decision to expand its surveil- Broker-dealer customers have long been
lance and to eventually bring all cash rela- rigorous in compiling a real-time view of the
tionships and prime brokerage relationships exposure that they have to their counter-
under the CRA model. As a result, these parts. This will include prompt and compre-
business relationships will be monitored on hensive reporting relating to failed trades
an ongoing basis according to the same and unmatched positions – thereby enabling
risk assessment methodology applied for its them to maintain an accurate picture of
42
securities services and funds businesses. their cash positions on an intra-day basis.
8. Sub-custodian risk
HSBC has been able to support this demand audit, legal, risk and compliance and the
through providing sophisticated cash fore- bank’s senior management. Hence, a
casting for this client segment. very large number of people within the
organisation are dependent on the data
More broadly, Colin Brooks observes that emanating from the network management
global custodian and global broker-dealer group in order to structure their risk evalua-
customers are conducting more regular tions and to drive strategic decision making.
due diligence visits to locations in which
they employ HSBC as sub-custodian. This Shepherd contends that it is only when the
increase in the frequency of site visits over bank can deliver a prompt and accurate list
the past 12 months may reflect the fact that of its global counterparts, and a full list of
many clients put due diligence visits on hold the accounts that it has with each of those
during the financial crisis, when a tight cap counterparts, that compliance or credit are
was placed on travel budgets and staffing able to ask the correct questions and to
pressures limited the time that network quantify the risks to which the bank is ex-
management staff could spend away from posed. In turn, the compliance division will
the office. However, this is also indicative require that each one of these relationships,
of a more rigorous risk assessment process, extending right down to account level, is
whereby we are now starting to see more properly documented. For a large global
frequent and detailed on-site inspections. institution, this is a major assignment. For
some financial entities, it may take months
Supporting technology and to collate the full list of documentation, Colin Brooks,
Global Head of Sub-Custody
data management and the corresponding audit trail, that the and Clearing, HSBC Securities
To facilitate their risk monitoring commit- compliance division will require to support Services
ments, MYRIAD’s Simon Shepherd observes this process.
that one of the largest global custodians in
the market is looking to adopt MYRIAD’s FSR asked Clearstream’s Mark Gem whether
workflow technology in order to support a his organisation had restructured its tech-
rolling sub-custodian review process. This nology and data management in order to
technology will enable the organisation streamline how it pulls information from
largely to dispense with service level agree- providers in its sub-custody network and
ments. Using Web-based technology, the ensures that key personnel have prompt
sub-custodian will report changes via the access to this data. “The answer is no,”
Web portal each time there is a material de- responds Gem, “but the reasons for this
velopment that will impact the service that it are interesting.” In early 2007, Clearstream
offers to the global custodian – whether this took a decision to conduct a comprehensive
be the appointment of a new relationship review of its risk procedures. It conducted
manager, a movement in market deadline or scenario analysis across a range of different
a change in operational practice at the CSD, situations, asking the question ‘what would
clearing house or payments system. we do if X or Y happened’? “Having initi-
ated this process, we recognised quickly
Financial Services Research Q4 2010
The implications of this debate around that if we took a given counterparty in a
sub-custodian risk monitoring extend well given scenario analysis, it was often difficult
beyond the network management group. in advance to predict how many different
Within any global investment bank or types of exposure we would have to this
global custodian, the need for real-time risk counterpart at any time,” comments Gem.
monitoring across the sub-custodian net- “Potentially, the entity might fulfil 25 or
work will be shared by a number of other 30 distinct roles through which it had a
divisions within the bank. In explaining this relationship with Clearstream: it might be
scenario, Shepherd draws an analogy with a direct counterparty or a counterparty to
a pebble being thrown into a still pond. one of our customers; it may be a securities
The first ripple spreading outwards repre- issuer; it might be a depositary bank or a
sents the network management team. The cash correspondent; it might be an account
second ripple embraces the full operations operator; and so on. Thus, in understanding
44
staff. The third ripple will include treasury, this complexity, and the multi-layered
9. Sub-custodian risk
relationship we may have with any specific gether during a crisis scenario and how staff
counterpart, we recognised that the human will access necessary information,” observes
dimension is crucially important.” Gem. “But it is not advisable to consume
considerable time and resource attempting
On the basis of this analysis, Clearstream to predict exactly what will go wrong. It
concluded that it would difficult to install a was unfeasible, for example, that a risk
single system or technology package that committee would have predicted accurately
would meet all of the organisation’s needs, many of the challenges presented by 9/11.”
capturing the full range of exposures that
Clearstream might have to another finan- JPMorgan’s Elizabeth Fortier reports
cial institution. “We are confident in the similarly that her organisation has made
technology that we have in place to support some minor enhancements to its internal
our risk management personnel,” says systems in order to strengthen its ability to
Gem. “All staff in this area are able to call pull key risk information together quickly.
up a real-time profile of our risk exposures The network management group supports
Not only has the depth of questioning increased within risk reviews, we have noted greater intensity
in the follow up process. In times past, often it was the case that we would receive a due diligence
questionnaire or RFP, we would respond to those questions, and typically this would satisfy the
requirements of the risk evaluation. Now, the depth of analysis and follow up has moved to a higher
level.
within minutes and we have conducted rig- the activities of a range of business lines
orous stress tests to ensure this is the case. within JPMorgan and, for this reason, it is
But there is no integrated solution available important to collate key risk information
on the market that would allow us, at a promptly, to identify areas where risk is
keystroke, to call up all necessary risk data concentrated, and to share this informa-
in a single consolidated report, tailored to tion with other teams within the bank that
the specific risk situation in which we find contribute to the risk monitoring process
ourselves.” (for instance, credit, operations, legal and
compliance, treasury). Inevitably, credit risk
Instead, notes Gem, the key to robust and monitoring is an important consideration in
responsive risk management is to establish the current financial climate, for example,
very short lines of command within the with JPMorgan’s credit team monitoring risk
Financial Services Research Q4 2010
organisation and to support this with fast across financial counterparts and service
access to information. With this in mind, partners on an intraday basis.
Clearstream established a Credit Crisis
Committee which allows decision-makers BBH’s Andrew Rand reinforces the point
within the organisation to sit together with that in the current financial climate, credit
those that have access to the data. risk assessment is paramount. Conse-
quently, the bank directs close attention
In conducting this review of its risk proce- to the financial results and credit position
dures, Clearstream’s thinking was heavily of each of its sub-custodian partners and
influenced by a fundamental lesson that it service counterparts. For sub-custodians,
drew from 9/11 – namely, that we should BBH is committed to conducting at least
never try to decide in advance what kind of two formal reviews every year, although
crisis we are likely to have. “It is important Rand suggests that in practice its evalua-
45
as a team to plan how we will work to- tions are much more frequent.
10. Sub-custodian risk
In line with this commitment, BBH sched- Scheduling on-site visits
ules a weekly management meeting – Within its CRA framework, RBC Dexia
attended by each of the firm’s partners categorises markets into major, intermediate
and often by the Head of Network Man- and minor, depending on the level of assets
agement – which will discuss the bank’s under custody held on behalf of clients
exposure to specific counterparties and the in those markets. This framework will, in
credit status of these counterparties. Any turn, determine the frequency with which it
concerns over how any counterpart is using conducts on-site service reviews in these lo-
its credit facilities will be brought to the cations. Richard Barker explains that for the
attention of this weekly meeting. Addition- minor markets, RBC Dexia has now stepped
ally, BBH circulates a twice-weekly coun- up the frequency of on-site visits to at least
terparty risk newsletter that will highlight once every two years. This marks an increase
significant changes in the credit quality in the frequency of site visits when com- Andrew Rand,
Global Head of Network
of any of its counterparts, ensuring that pared with its standard practice before the Management, Brown Brothers
staff are informed at an early point of any global financial crisis. “Historically, we might Harriman
notable concerns. have conducted site visits once every three
to five years for the smallest markets in our
RBC Dexia network management has network,” he says. “For the major markets
introduced selective changes to its tech- in our network, we will typically conduct an
nology and data management to comple- on-site visit at least once every 12 months.”
ment the changes that it has made to its
regional model (see pp 41-2). Specifically, it JPMorgan’s Elizabeth Fortier indicates that
has introduced a package called SharePoint when scheduling on-site visits to sub-
in each of its global locations, providing custodians, the frequency of these visits will
a facility through which information can typically be determined by the pace at which
be shared accurately and on a timely basis market practice is changing in a location and
between network managers and opera- the level of potential risk identified to clients’
tions staff based in these different offices. assets. “It is not necessarily the case that we
Also, it has introduced enhancements to its visit most frequently the markets in which
global market information product in order we have highest transaction volumes and as-
to strengthen the quality of market infor- sets under custody,” comments Fortier. “For
mation that it distributes to clients. A senior a large, established market in which there
member of the network management have been few substantive changes and our
department is responsible for co-ordinating service needs are being met effectively, we
market newsflashes and for ensuring that may push this market to an 18 month cycle
RBC Dexia clients are fully updated about for on-site visits. In contrast, in a smaller
breaking developments at market level. market where a series of important changes
are taking place, we may wish to visit this lo-
Further, RBC Dexia has refined and cation much more frequently.” For example,
upgraded the performance scorecard JPMorgan network management staff have
technology that it employs within the made a series of visits to markets in sub-
Financial Services Research Q4 2010
network management department. This Saharan Africa over the past 12 months
is a quarterly scorecard review that the net- – even though AUC in these markets is
work team has operated for many years. relatively low in global terms – owing to the
All sub-custodians are scored against all high level of market reforms that are taking
sections of agreed service level standards, place in those locations.
including the standard and frequency of
market information received from them, Having conducted a detailed review of its
on a quarterly basis. This process, which risk monitoring procedures over the past two
forms a major part of the CRA, allows the years, JPMorgan network management has
network management group to evaluate made few specific changes to the content of
the performance of its sub-custodians market review questionnaires. In cases where
against the agreed SLS and in comparison it has made adjustments, typically this has in-
with the rest of the sub-custodian network volved steps to tighten legal documentation
46
(see box, p 47). or the content of an SLA. “We have been
11. Sub-custodian risk
Reinforcing a Continuous Risk Assessment approach
Richard Barker, Senior Manager Network Services, Network Management, RBC Dexia Investor
Services, tells FSR that RBC Dexia network management has introduced selective changes to
its technology and data management in order to complement the changes that it has made to
its CRA methodology
Specifically, it has introduced a ment department to react rapidly, provided by external surveys. “Thus,
package called SharePoint in each of should there be a deterioration in the if network management staff notice
its global locations, providing a facility financial status of any sub-custodian a deterioration in performance from a
through which information can be or counterpart. sub- custodian, we can compare with
shared accurately and on a timely external reference points to identify
basis between network managers Performance scorecard whether this trend is in line with
and operations staff based in these In parallel with this development, RBC observations from other sources,”
different offices. RBC Dexia also uses Dexia has refined and upgraded the says Barker.
intranet to support this transfer of performance scorecard technology
information between key staff within that it employs within the network Typically, the key results of this
the organisation. management department. This is a performance scorecard process may
quarterly scorecard review that the be summarised on a single A4 sheet
Also, RBC Dexia has introduced en- network team has operated for many and utilised by network staff as a
hancements to its global market infor- years. All sub-custodians are scored starting point when they conduct due
mation product in order to strengthen against all sections of agreed service diligence at market level.
the quality of market information level standards, including the standard
that it distributes to clients. A senior and frequency of market information “To ensure timely input to this con-
member of the network manage- received from them, on a quarterly tinuous risk evaluation process we
ment department is responsible for basis. This process, which forms a require our sub-custodian partners,
co-ordinating market newsflashes and major part of the CRA, allows the net- as part of their SLS and legal agree-
for ensuring that RBC Dexia clients are work management group to evaluate ment, to share with us key informa-
fully updated about breaking develop- the performance of its sub-custodians tion that may impact our service
ments at market level. Alongside this, against the agreed SLS and in compar- and legal relationship,” adds Barker.
the bank has introduced Risks Uncov- ison with the rest of the sub-custodian “Under the remote CRA model, and
ered, a product that highlights the key network. “Performance results are in particular the comprehensive an-
risks in each market globally in which provided to our sub-custodians with nual attestation process, we request
RBC Dexia is active, according to its an indication of where they fall below annual validation and confirmation
sub-custodians. This information is or exceed requirements,” says Barker. on a number of areas including legal,
available to clients through the bank’s “We conduct a service review with credit, insurance, local law changes
Global Market Information web portal. any sub-custodian that does not meet etc. Furthermore we also request
our expected service level, designed from our sub-custodians completion
To reinforce its capacity to monitor to provide relevant feedback and put of questionnaires and assessments
the financial status of sub-custodian a plan in place to ensure that these which relate to BCP assessments, pro-
Financial Services Research Q4 2010
partners and counterparts, the areas are improved prior to the next cedures to be followed in the instance
network management department quarter’s performance review.” of bankruptcy of a sub-custodian or
has established relationships with a key infrastructure entity, and so on.”
number of external data vendors that RBC Dexia network management has In total, RBC Dexia network manage-
specialise in providing credit alerts now extended this exercise to cover ment circulates to sub-custodians
and CDS ratings. Richard Barker notes RBC Dexia’s international wealth man- approximately 490 documents which
that, by doing so, the objective is agement business, which is handled they must complete and return,
not to compete with the high-quality out of the Channel Islands, along thereby providing a full list of current
credit information assembled by RBC with a number of business lines that documentation, and corresponding
Dexia’s central credit evaluation team. report in to the Luxembourg office. audit trail, required internally by the
Rather, the intention is to ensure One additional step that it has taken network management, credit, legal
access to timely and customised data is to align the quarterly scorecard and compliance teams, and externally
that will enable the network manage- reviews with some of the results by financial supervisors.
47
12. Sub-custodian risk
rigorous in reviewing this documentation by financial regulators before they take firm
across our sub-custodian network from our decisions regarding their business and opera-
smallest to our largest markets,” says Fortier. tional strategies,” says Duggan. Many groups
are not waiting and are being forced by their
As part of its Sub-custodian Monitoring Boards to beef up their network manage-
service (see box p 49). Thomas Murray has ment activities and the quality of informa-
made a commitment to conduct on-site tion available to their clients. Some global
visits on a rolling 30-month programme for intermediaries have appointed Thomas
all significant markets in which its banking Murray to support their sub- custodian risk
and broking clients support significant trans- monitoring because they wish to be at the
action volumes or assets under custody. leading edge of industry standards, ensuring
Derek Duggan notes that this is complemen- that they support their risk evaluation with
tary to a bank/brokers’ network team and quality data input and a robust method-
can, for some network management teams, ology. Others may wait until they better feel
provide an attractive option: limited travel the direction and push from their financial
We are being asked to take on more and more risk, but we are being compensated less and less.
This is an untenable situation, even in the medium-term. In turn, those sub-custodian banks that
currently offer a parental guarantee may be inclined to reconsider whether they will do so in the
future. Under Basel III, banks are required to put up higher levels of capital against the risks that
they bear in their business activities - and, given the potential impact on their balance sheets, some
have questioned their ability to offer a parental guarantee in times ahead.
budget and the opportunity costs of having regulator before seeking assistance from an
staff away from the office may constrain external specialist. “Whatever the outcome
their ability to conduct on-site reviews be- of future regulations,” he observes, “cus-
yond the largest markets in their network. todians and brokers need to demonstrate
adequately to the asset owners that they are
Duggan believes it likely that the larger taking pro-active steps to ensure the safety
Tier 1 banks may continue to do much of their clients’ assets through a rigorous
of this risk assessment internally. Other programme of monitoring.”
network teams will continue to review the
larger markets themselves. However they A transparent view for
may seek to draw on Thomas Murray’s asset owners
services to provide on-site assessment for In the aftermath of the Madoff scandal,
Financial Services Research Q4 2010
lower-volume markets in their networks. the Lehman Brothers bankruptcy and other
For brokers and smaller banks, it may shock events that have beset the industry
make business sense to outsource a major over the past 2-3 years, many network
share of their data collection and network management teams have observed nothing
monitoring to an external specialist such as short of a tsunami of queries from clients
Thomas Murray, thereby allowing in house regarding the security of their assets and
network managers to concentrate on higher the procedures in place to safeguard this.
value elements of the agent bank relation- These questions feature more prominently
ship and operational issues. than ever before in the RFP process. BBH’s
Andrew Rand reports, for example, that his
“We feel that we are at a tipping point for network management team now spends
the industry, whereby banks and brokers substantially more time in responding to
will await clarification around the future due queries from asset owners than it did two
48
diligence obligations that will be required years ago. Dedicated staff within this team
13. Sub-custodian risk
are committed to reacting to client queries, inquiring about the methodology that RBC
updating clients on changes in the market Dexia employs in its CRA procedures and in
and explaining to them how that will attempting to understand potential risks to
impact their risk profile and their invest- their assets held in safe custody. “Through
ment strategy. “On balance, the questions our colleagues in Sales and Relationship
that are being advanced by asset owner Management, we note a lot of additional
customers are now more sophisticated than questions from asset owners relating to how
they have been in the past,” says Rand. assets are held in the local market, whether
“In terms of sub-custodian risk issues and in omnibus or segregated account structures,
market risk issues, they are taking a deeper etc,” says Barker. “We also note greater
dive than they did two or three years ago.” interest in the financial status and credit
This relates to the stability of specific finan- worthiness of our sub-custodian partners.”
cial institutions and infrastructure entities. In response, RBC Dexia has introduced a
It also pertains to specific risks at market range of avenues through which it is making
level, including concerns around sovereign this information transparent to its beneficial
risk observed in recent months in (for in- owner customers: for example, through the
stance) Greece, Ireland, Portugal and Spain. Risk Uncovered bulletin; through news up-
dates posted via its Global Market Informa-
RBC Dexia’s Richard Barker voices a similar tion portal; or through the CRA manual that
sentiment, noting that clients have become provides an in-depth explanation of its risk
more inquisitive since the financial trauma in assessment procedures.
Thomas Murray Sub-custodian Monitoring
Having been the sole provider of CSDs’ risk ratings for 10 years, FSR asked Derek Duggan,
Thomas Murray’s Director of Data Services, to comment on how Thomas Murray has refined
its sub-custodian monitoring procedures in line with the regulatory and commercial
pressures brought about post Madoff
Most obviously, he responds, Thomas by specific reporting requirements im- ratings for a universe of more than
Murray has increased the range posed by the local financial regulator, 170 sub-custody providers world-
of variables addressed through its by queries raised by an asset owner, wide. This is in addition to its existing
sub-custodian monitoring process, or by a request for additional informa- 145 CSD risk rating assessments.
extending its questionnaires from ap- tion from the client’s internal credit, These are rated on an AAA to C
proximately 200 questions in the past legal or treasury team. scale. Thomas Murray developed
to more than 400 questions now. As these risk assessments initially as be-
a result, it now provides a more com- Though, in times past, this level of spoke proprietary reports that would
prehensive risk assessment in a wide detail might be required when a be commissioned by individual clients.
range of areas – including the way sub-custodian responded to an RFP, Thomas Murray now shares the anal-
that assets are held in market and the this was rarely expected in periodic ysis with each relevant sub-custodian
degree to which these assets will be sub-custodian monitoring. However, – employing an approach comparable
Financial Services Research Q4 2010
accessible in instance (for example) of following the Madoff fraud banks to that employed for Thomas Mur-
the insolvency of a sub-custodian or owe a greater duty of care to the ray’s CSD risk ratings – such that the
infrastructure entity. protection of their clients’ assets and sub-custodian has full transparency
so a greater responsibility has now regarding how it has been rated and
In addition to the broad risk issues al- been placed on global custodians and areas in which it can improve.
ready addressed by Thomas Murray in broker-dealers to identify all points of
its risk questionnaires, its clients have risk and to inform financial supervi- In turn, these reports can be used by
opportunity to add their own specific sors how they are working with their the banking and broking clients as
questions prior to these being circu- local agents to mitigate these risks. part of the sub-custodian risk assess-
lated via Thomas Murray’s internet ment data that they must provide to
RFP platform (SupplierSelect for Finan- Sub-custodian Risk Ratings financial regulators and which they
cial Services). These supplementary On the basis of this process, Thomas may also wish to share with asset
questions may be driven, for example, Murray provides sub-custodian risk owners.
49
14. Sub-custodian risk
Indeed, whereas in the past a beneficial global network during 2010. This included
owner customer might seek simple reassur- markets in the West African Economic
ance that its global custodian had robust and Monetary Union, the Palestinian
due diligence procedures in place, now Autonomous Area, Uganda, and Trinidad
many are asking for detailed information and Tobago. This interest is destined to
regarding the risk monitoring procedures continue into 2011 and the network man-
employed and the protection afforded to agement team are reviewing opportunities
their client assets in different financial cir- to open new markets in coming months in
cumstances. This interest, notes JPMorgan’s Africa, the Middle East and the Caribbean.
Elizabeth Fortier, is not restricted to the
largest asset owners but extends across HSBC’s Colin Brooks notes that some asset
a broad constituency of investors. For ex- owners have, for many years, taken a close
ample, a mutual fund may need to provide interest in how their assets are protected
detailed information on its custody ar- at market level. A number of the largest
rangements to its fund board. “In almost institutional investors may, in rare circum-
all markets that we support worldwide, our stances, accompany their global custodian
institutional investor clients are questioning on a due diligence visit; and, more fre-
us on a day-to-day basis about safe custody quently, they may join their global custodian
arrangements,” she says. “And this is in a conference call with a sub- custodian or
reinforced by enhanced regulatory scrutiny infrastructure entity. But in most instances
from financial supervisors, which are giving an asset owner will rely on the expertise
In conducting a review of our risk procedures, our thinking was heavily influenced by a fundamental
lesson that we drew from 9/11 - namely, that we should never try to decide in advance what kind of
crisis we are likely to have.
detailed attention to how assets are held in and information network of its global
the local market and the degree to which custodian to report on developments at
these are ring fenced, such that they can market level that may affect the protection
be recovered in instance of insolvency of a given to client assets. In turn, this is often a
sub-custodian or infrastructure entity.” preferred option from the global custodian’s
standpoint. It may be cumbersome, from
The bulk of questions received by JPMorgan an administrative viewpoint, to have each
network management from investor asset owner joining due diligence visits and
customers falls broadly into two main teleconferencing directly.
categories. Asset owners are requesting
greater detail regarding the level of protec- Significantly, Brooks notes that in a few
Financial Services Research Q4 2010
tion afforded to assets held in custody with instances asset owners have approached
JPMorgan. And, secondly, a specialist group HSBC directly with an interest in estab-
of investors is keen to talk to JPMorgan lishing a direct custody relationship with
about the bank’s capacity to support invest- HSBC as sub-custodian. “Though we have
ment opportunities in frontier markets. not solicited these enquiries ourselves – we
“This reveals an interesting contrast across do not actively market to our clients’clients
our investor base,” says Fortier. “Though – this is a reflection of the greater interest
many institutional investors are looking that some asset owners are taking in moni-
to limit risk, we have an active group of toring and managing custody risk across
frontier market investors that are pushing their global investments,” he says.
strongly to invest in new market oppor-
tunities worldwide.” In response to this Regulatory push
demand, JPMorgan network manage- We have noted that, in the wake of the
50
ment opened 10 new markets across its global financial crisis, regulators in many
15. Sub-custodian risk
jurisdictions are demanding that risk moni- tions in order to protect the domestic securi-
toring across sub-custodian networks and ties infrastructure against perceived threats
cash correspondents is reinforced and that posed by the cross-border investment activi-
risk reviews are conducted more frequently. ties of foreign institutional investors. One
In the United States, for example, Foreign example is the Irrevocable Payment Commit-
Bank Account Reporting (FBAR) legisla- ment that the Reserve Bank of India has in-
tion demands that financial organisations troduced during 2010 – whereby custodians
report to the regulator full details of all active in the Indian market will need to ask
foreign bank accounts that they maintain their clients to pre-fund trades prior to set-
with all business counterparts globally. tlement or else book the credit exposure for
MYRIAD’s Simon Shepherd observes that settlements committed on behalf of clients.
for some large global banks and brokers, The intention is to help insulate the do-
this creates a major compliance obligation mestic market from cross-border problems.
and one that they are struggling to fulfil
using their existing labour-intensive pro- The European Commission’s proposal for an
cedures. “The response in many instances Alternative Investment Fund Management
was to have staff attempting to collate this Directive has raised questions about the
information manually,” says Shepherd. For future responsibilities to be borne by fund
a global investment bank, custodian or depositories and the associated liabilities
asset management house, this represents they may bear. Though there is wide ac-
a time- consuming operation – creating ad- ceptance that fund custodians should take
ministrative delays such that the nature and appropriate measures to protect client
magnitude of the risk may have changed assets that are held in direct safekeeping,
substantially between when a report is or with sub-custodians that they have ap-
called for and when it is delivered. pointed, custodian banks have voiced con-
cerns that this directive increasingly requires
In this context, Shepherd believes that the them to stand as insurer of their clients’
automated and systematic approach that assets, requiring the bank to compensate
MYRIAD can bring to this process repre- the customer for potential losses that are
sents an important step forward. “There largely beyond its control and in no way are
is no doubt that a number of firms are the result of direct negligence by the bank
poorly set up currently to monitor and itself. On a positive note, through concerted
manage sub-custodian risk,” he says. “But activity with industry peers, including lob-
by automating these procedures through bying efforts on the part of the Associa-
use of appropriate technology, these risks tion of Global Custodians (AGC), custodian
and inefficiencies can be eliminated rela- banks have been able to push collectively
tively simply. Interestingly it is the less well for positive changes to this AIFM directive.
organised teams who are often the most
resistant to change. The better organised More broadly, global custodians have aired
teams understand and want to stay ahead concerns about the higher levels of risk that
of the game.” are being thrust in their direction at a time
Financial Services Research Q4 2010
when there is still unprecedented down-
HSBC’s Colin Brooks notes that, in general ward pressure on the fees that they receive
terms, regulators are demanding greater from asset owner customers. “We are
transparency around asset ownership – being asked to take on more and more risk,
which may, over time, translate into a push but we are being compensated less and
from omnibus towards segregated account less,” states BBH’s Rand. “This is an unten-
structures. Beyond this, financial supervi- able situation, even in the medium-term.”
sors are also working through the implica- In turn, those sub-custodian banks that
tions of any potential threat to financial currently offer a parental guarantee may be
infrastructure or insolvency on the part of a inclined to reconsider whether they will do
financial institution. so in the future. Under Basel III, banks are
required to put up higher levels of capital
In some jurisdictions, we have seen the against the risks that they bear in their
51
financial authorities introduce new regula- business activities – and, given the potential
16. Sub-custodian risk
impact on their balance sheets, some have tional arrangements through which assets
questioned their ability to offer a parental placed as collateral with a prime broker
guarantee in times ahead. are re-hypothecated. A second was the
due diligence procedures applied by feeder
So too, concerns have been raised regarding fund structures that invested into Madoff
the implications of the April 2008 Paris funds. However, beyond these specific
Court of Appeal decision which bound fund cases – none of which had a direct link to
custodians to full and immediate restitution Clearstream’s core activities – Gem suggests
to clients of assets frozen in the Lehman ad- we can be encouraged by the stability of the
ministration process. EU member states have core securities processing infrastructure and
adopted a variety of ways of integrating into by the generally high levels of protection
national law provisions – relating to UCITS afforded to client assets held in safekeeping.
and alternative investment funds – guiding “Looking ahead, it seems likely that re-hy-
the liability that a fund custodian bears pothecation is here to stay but that market
when assets are held with a sub-custodian practice, steered in part by the European
within its custody network or by a “third- Market Infrastructure Regulation and by
party custodian” such as a prime broker. Basel III, will require that this operates in
a substantially different way,” he says. “In
Commenting on this issue, Clearstream’s particular, we are likely to see more trans-
Mark Gem notes that the restitution parent cost analysis and reporting obliga-
obligation applied to fund custodians by tions surrounding the re-use of collateralised
the French courts in the wake of Lehman assets than we have done in the past.”
Brothers’ insolvency is undoubtedly a con-
cern. However, there is a well established In highlighting deficiencies in the sub-
body of legislation that governs securi- custodian risk evaluation procedures applied
ties transactions in Europe, including the by global custodian and investment banking
Geneva Convention and the Securities Law customers, MYRIAD’s Simon Shepherd
Directive. This is clear in specifying that the believes it will be interesting to revisit these
restitution commitment born by custodians concerns in five or ten years’ time in order
is a significant, but ultimately limited, ob- to review how far network management
ligation. The overarching principle applied groups have been able to eliminate inef-
in this European legislation, notes Gem, is ficiencies through adoption of suitable tech-
that custodians will be required to restore nology and data management. Currently,
assets to clients in instances where they this remains a hugely under-resourced area
have been negligent; but where they can of the banking world. In the investment
demonstrate sound procedures for selecting banking arena, for example, the front office
sub-custodians and monitoring risk to client continues to consume a major share of bank
assets over time, the custodian is unlikely expenditure. Middle and back office tend to
to be required to compensate a client for be allocated a limited share of budget in rel-
losses that the custodian cannot directly ative terms, despite their key role in shaping
control. Thus, the Paris court decision, how assets are traded, settled and held in
Financial Services Research Q4 2010
which requires the restitution of assets on custody. In this context, Shepherd believes,
an absolute basis, appears to be out of line some network management groups are
with the tenor of the Securities Law Direc- simply not managing risk in as efficient and
tive and the Geneva Convention. transparent a way as they maintain. Some
are relying on multiple databases to compile
Amid all the turmoil generated by the recent key information – and poor interfacing be-
financial crisis, Gem believes it encouraging tween these databases dictates that key risk
for the securities industry that its financial information cannot be compiled promptly
infrastructure, and wider arrangements for during times of crisis. Though network
providing custody of clients’ assets, did not management groups typically maintain that
falter. It cannot be denied that a number they are fully in control of risk mitigation,
of alarm bells were sounded in neigh- privately there needs to be more realistic
bouring rooms. One area of concern, as appraisal of these shortcomings and the
52
we have noted, was the legal and opera- steps necessary to remedy them.