Preface

The Commodity Futures Trading Commission (CFTC), the Securities and Exchange Commission (SEC), and the Board of Governors of the Federal Reserve System (the Board) are submitting this report to the Senate Committees on Banking, Housing, and Urban Affairs and Agriculture, Nutrition, and Forestry and the House Committees on Financial Services and Agriculture in fulfillment of Section 813 of Title VIII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 (the Act). Section 813 of the Act requires that the CFTC and the SEC coordinate with the Board to jointly develop risk management supervision programs for clearing entities that have been identified as systemically important by the Financial Stability Oversight Council (the Council). A clearing entity (CE) is either a derivatives clearing organization (DCO) registered with the CFTC under Section 5b of the Commodity Exchange Act (CEA) or a clearing agency (CA) registered with the SEC under Section 17A of the Securities Exchange Act of 1934 (the Exchange Act). Title VIII does not apply to, and the recommendations in this report do not address, DCOs and CAs that have not been designated as systemically important by the Council. Systemically important clearing entities are defined as designated clearing entities (DCEs) by the Act.

Section 813 also requires the CFTC, the SEC, and the Board to make recommendations in four areas: (1) improving consistency in the DCE oversight programs of the SEC and CFTC, (2) promoting robust risk management by DCEs, (3) promoting robust risk management oversight by regulators of DCEs, and (4) improving regulators' ability to monitor the potential effects of DCE risk management on the stability of the financial system of the United States.

Organization of the Report

This report is organized in five sections. Section I provides an executive summary of the main findings and recommendations that the respective agencies plan to implement to address the four areas identified in Section 813. Section II is an introduction to the role of systemically important financial market utilities generally and DCEs specifically in the financial system. Section III of the report provides a high-level overview of DCE risks and risk management. Section IV outlines the generally accepted elements of a sound risk-based supervisory program. Section V discusses the recommendations pursuant to Section 813. The Appendix contains an overview of the current supervisory programs at the CFTC, the SEC, and the Board.

Back to section top

Section I: Executive Summary

DCEs provide multilateral clearing and settlement services and risk management services to their participants covering a wide range of securities and derivatives transactions. DCEs play a vital role in the proper functioning of financial markets and are increasingly important given the mandated central clearing of certain swaps and security-based swaps that is required by the Act. DCEs reduce risk and improve efficiency for their participants and the broader financial system. At the same time, DCEs inherently concentrate and transform risks and, thus, must be well-designed and operated in a manner that supports the stability of the broader financial system.

Congress has provided the CFTC and the SEC with expanded authority to regulate DCOs and CAs in Title VII and Title VIII of the Act and, in the exercise of this authority, the CFTC and the SEC have each recently proposed regulations for such clearing entities that include enhanced risk management standards.¹ Given the importance of risk management standards in promoting robust risk management by DCEs and robust risk management oversight by regulators of DCEs, the CFTC and the SEC are working diligently to review comments on the proposed regulations and to promptly promulgate final regulations in consultation with the Board and other agencies.

In addition, Congress has provided a new cooperative supervisory framework for DCEs in Title VIII of the Act. This framework provides requirements for enhanced risk management, a greater focus on systemic risk both within and across DCEs, an enhanced role for the Board in the supervision of risk management standards for systemically important financial market utilities, and closer consultation among the CFTC, the SEC, and the Board. Through closer consultation, the CFTC, the SEC, and the Board will enhance their ability to look across systemically important financial market utilities in a consistent way to identify and address sources of systemic risk. Consultation will also provide opportunities to leverage the agencies' unique perspectives in order to gain a broader view and understanding of the various risks and risk management techniques at systemically important financial market utilities, as well as common risk issues and interdependencies across these utilities and between these utilities and the broader financial system. The new Title VIII supervisory framework does not replace the existing supervisory programs at each agency. Rather, the new framework builds on each agency's existing supervisory program with an interagency consultative process that should, over time, enhance and reinforce existing supervisory programs through the benefits of shared expertise and information among the CFTC, the SEC, and the Board.

The agencies recommend that they implement the following five actions that are intended to achieve the statutory goals of improving consistency in oversight, promoting robust risk management, promoting robust risk management oversight, and improving regulators' ability to monitor risks pursuant to Section 813 of the Act. The CFTC, the SEC, and the Board believe that the consultation and cooperation described in the recommendations are consistent with the enhanced supervision established in Title VIII, will enable the CFTC, the SEC, and the Board to carry out their responsibilities under Title VIII, and will further the purposes of Title VIII to mitigate systemic risk in the financial system and to promote financial stability. These actions build on the pre-existing working relationships and past joint efforts among the agencies and are designed to help further strengthen and enhance the government's oversight of DCEs.

1. The CFTC and the SEC should work toward finalizing rulemakings establishing enhanced risk management standards for DCOs and CAs, including DCEs, in consultation with the Board and other agencies. The CFTC and the SEC should continue such consultation in connection with future agency rulemakings related to changes in risk management standards for DCEs. The CFTC and the SEC have each recently proposed regulations, including critical risk management standards, governing the clearing and settlement operations of DCOs and CAs, including DCEs. The CFTC and the SEC should work to promptly promulgate final regulations, in consultation with the Board and other agencies, and will consult with the Board and other agencies in connection with future agency rulemakings related to risk management standards for DCEs.
2. The CFTC and the SEC should formalize a process for consulting with the Board regarding proposed material changes to a DCE's rules, procedures, or operations. Section 806(e) of the Act requires the CFTC and the SEC to consult with the Board before taking any action on, or completing their review of, a DCE's proposed changes to rules, procedures, or operations that could materially affect the nature or level of the DCE's risks. Meaningful consultation contributes to an effective assessment of proposed changes through the timely, constructive exchange of comments and views on the proposed changes among appropriate agency staff.
3. The CFTC, the SEC, and the Board should develop and implement an ongoing consultative mechanism that promotes (a) a shared understanding of potential systemic risks, and (b) an exchange of insights on effective supervisory risk management practices and techniques. Although the risk management supervision programs at the CFTC, the SEC, and the Board have a common focus on certain core risks, they necessarily differ in some respects because of unique legal bases for supervision, agency mandates, and types of entities and markets supervised by each agency. These differences may give rise to distinct agency-specific emphases in the supervisory process, approaches to risk assessment, and supervisory tools and procedures. In light of these differences, the agencies believe that the opportunity to share their unique supervisory perspectives on risks and risk management and to learn from each other will be an important mechanism for identifying systemic risks, improving consistency over time in the DCE oversight programs of the CFTC and the SEC, and promoting more effective risk management supervision across DCEs.The ongoing consultative mechanism among the CFTC, the SEC, and the Board should consist of an annual planning and coordination meeting supplemented by ongoing dialogue and periodic meetings as warranted. The purpose of the meeting and ongoing dialogue should be to identify emerging risks, discuss key DCE risk issues that may be examined by each agency, and help inform effective supervisory responses to such risks. Key DCE risk issues should generally be framed in terms of relevant risk management standards. These consultations should also serve as an important mechanism for providing input and context to bilateral consultations between each agency and the Board regarding the scope and methodology of planned examinations (see number 4 below). The agencies believe that this proposed mechanism for interagency coordination, informed by applicable statutory requirements, agency regulations, supervisory guidance, and international standards, should provide greater consistency of supervisory inquiry from which the agencies can promote greater awareness of systemic risk, and help identify areas for enhancing risk management practices at DCEs.
4. The CFTC and the SEC should develop a process for consulting with the Board at least once a year regarding the scope and methodology of their planned examinations of DCEs for which each is the Supervisory Agency and providing the Board with the opportunity to participate on such examinations. The CFTC and the SEC should review and incorporate the risk issues described in Section 807(a) of the Act during their annual examination-planning process. Before completing this process, the CFTC and the SEC should each separately consult, and work collaboratively with, the Board regarding the scope and methodology of DCE examinations that are scheduled for the upcoming examination cycle, consistent with Title VIII, and additionally consult, as needed, during the year. The CFTC and the SEC shall lead examinations within their respective jurisdictions as provided for by Section 807(d) of the Act. Consultations with the Board on the scope and methodology of DCE examinations and participation by the Board on relevant examinations are important elements to enable the Board to carry out its responsibilities under Title VIII. The Board expects to participate on each relevant DCE examination where practicable as allowed under Section 807(d)(2) of the Act.
5. The CFTC, the SEC, and the Board should develop a process for appropriate information sharing related to DCEs. An important component of effective interagency consultation and risk identification is appropriate information sharing among the agencies. Title VIII provides the authority for such information sharing in Section 809 pursuant to which the agencies plan to develop an appropriate process for regular information exchange. The process should cover procedures for sharing, and preserving the confidentiality of, written and oral information such as examination reports, information about material concerns, and other appropriate confidential supervisory information. One possible mechanism for implementing such information sharing may be through a Memorandum of Understanding (MOU) among the CFTC, the SEC, and the Board.

Back to section top

Section II: Introduction

In Title VIII of the Act, Congress finds that the proper functioning of the financial markets is dependent upon safe and efficient arrangements for the clearing and settlement of payments, securities, and other financial transactions.² The entities providing these arrangements are known as financial market utilities (FMUs).³ For all types of financial transactions, FMUs contribute to financial market stability by facilitating post-trade processing and the exchange of funds or other assets from one party to another, and in certain cases providing financial guarantees. Title VIII applies to designatedFMUs (DFMUs), which are FMUs designated by the Council as "systemically important." An FMU is considered "systemically important" if the Council determines that the failure or disruption to the functioning of the FMU "could create, or increase, the risk of significant liquidity or credit problems spreading among financial institutions or markets and thereby threaten the stability of the financial system of the United States." ⁴

DCEs are a subset of DFMUs.⁵ DCEs are commonly classified according to the functions they perform: a central counterpartyis an entity that interposes itself between counterparties to contracts traded in financial markets, becoming the buyer to each seller and seller to each buyer to ensure the performance of open contracts; a central securities depositoryis an entity that holds securities accounts as bookkeeping entries rather than as physical certificates, and provides central safekeeping and other asset services, and in many cases also operates a securities settlement system,which is a set of arrangements that enables transfers of securities, either for payment or free of payment.⁶ In the United States, DCOs supervised by the CFTC function as central counterparties that clear financial and commodity futures contracts, options on futures, and swaps, including interest rate swaps, energy swaps, and equity and credit default swaps based on broad-based indexes. CAs supervised by the SEC function as securities depositories, securities settlement systems, and central counterparties that variously clear and settle trades of securities, including options and security-based swaps.

Description of DCE Operations

DCEs are closed systems that provide services to participants, which are members of the DCE. Participants typically must meet pre-established eligibility criteria in order to obtain clearing privileges at a DCE. Business models for DCEs vary and include entities that are part of publicly traded companies and entities that function as participant-owned utilities. To operate, DCEs establish a common set of rules and procedures governing their participants, provide a technical infrastructure for clearance and settlement, and establish a governing risk management framework. Each DCE is unique, but in general, a DCE clears transactions or trades submitted by participants, calculates whether and how much each participant owes on either a gross or net basis, collects payments from participants that owe money, and pays participants that are owed money. DCEs and their participants collect and pay money through settlement banks, which are typically commercial banks. Settlement banks execute payments via payment systems,which are a type of FMU that facilitate funds transfers among participants. On an average day, the value of transactions cleared and settled by DCEs ranges from billions of dollars to trillions of dollars. On days of market volatility, the value can be significantly higher than the average.

DCE members are active participants in financial markets, such as banks, broker-dealers, and futures commission merchants (FCMs). Banks, broker-dealers, and FCMs use DCEs for proprietary activity and as intermediaries for institutional investors, retail investors, and proprietary trading firms.⁷ These financial institutions become participants in a DCE because clearing and settling a high volume of financial transactions multilaterally through a central counterparty may in many cases allow for greater efficiency and lower costs than settling bilaterally. In addition, DCEs are often able to manage risks for their participants related to the clearing and settling of financial transactions more effectively, and, in some cases, reduce certain risks, such as the risk that a purchaser of a security will not receive the security or that a seller of a security will not receive payment for the security. Finally, certain participants may be legally required to clear and settle through a DCE based on the type of financial product for which they trade or for which they facilitate trades.⁸ Figure 1 depicts where DCEs fit into the U.S. financial system.

Figure 1 shows that DCEs are critical central points in the financial system. A large portion of financial activity originated by retail investors, institutional investors, broker-dealers, FCMs, and banks ultimately flows through one or more DCEs. DCEs have direct links to participants and indirect links to the customers of participants. DCEs are also linked to each other through common participants and, in some cases, by operational processes. These linkages are what make DCEs both a beneficial source for reducing risks and a potential conduit for risks. DCEs play a vital role in fostering the proper functioning of financial markets, but if they are not effectively managed they have the potential to act as transmission channels for financial shocks, particularly on days of market stress. For example, participants that owe money on a given day are required to settle their obligations according to a precise timetable during the day. If a participant defaulted on a payment obligation that it owed to a DCE and the obligation was sufficiently large that the DCE did not have enough liquid resources to cover the defaulting participant's obligations, the DCE would not be able to pay what it owed to other participants. In turn, those participants expecting payments at a certain time might be unable to honor other financial obligations, potentially setting off a systemic cascade of funding shortfalls and possible credit losses.

In recognition of the risks posed by the concentration of clearance and settlement activity at DCEs, Title VIII provides a framework for enhanced regulation and supervision of DCEs by the CFTC, the SEC, and the Board.⁹ Specifically, Title VIII

• allows for the development of risk management standards by the CFTC and the SEC governing the operations of DCEs, as applicable, in consultation with the Council and the Board ¹⁰
• allows the Board to determine whether the existing prudential requirements of the CFTC or the SEC are insufficient to prevent or mitigate significant liquidity, credit, operational, or other risks to the financial markets or to the financial stability of the United States ¹¹
• requires annual examinations of DCEs by the CFTC or the SEC, including consultation with the Board on the scope and methodology of the examination ¹²
• allows for Board participation on examinations of DCEs, which shall be led by the CFTC or the SEC, as applicable ¹³
• provides for prior review and authority to the CFTC or the SEC, in consultation with the Board, to object to changes proposed by a DCE to its rules, procedures, or operations that may materially affect the nature or level of risks ¹⁴
• allows the Board, after consulting the CFTC or the SEC (as the applicable Supervisory Agency) and the Council, to recommend enforcement action against a DCE in certain cases ¹⁵
• provides the Council and the Board authority to obtain information to assess a DCE's safety and soundness and the systemic risk that the DCE's operations pose to the financial system ¹⁶
• allows the CFTC, the SEC, and the Board to share examination reports and other confidential information with each other, and ¹⁷
• requires the CFTC and the SEC to coordinate with the Board to jointly develop risk management supervision programs for DCEs ¹⁸

Overall, the emphasis on enhanced supervision under Title VIII is on risk management, particularly with regard to potential systemic risk, which in practice means understanding the nature of the risks that DCE activities pose to the broader financial system and assessing the resources and capabilities of DCEs to monitor and control such risks.

Back to section top

Section III: DCE Risks and Risk Management

As previously discussed, the centralization of clearance and settlement activities at DCEs allows market participants to reduce costs, increase operational efficiency, and manage risks more effectively. While DCEs can provide many risk management benefits to participants, the concentration of clearance and settlement activity at a DCE has the potential to disrupt the financial system if the DCE does not effectively manage the risks inherent in its clearance and settlement activities. Key risks in the clearance and settlement process include credit risk, market risk, liquidity (funding) risk, operational risk, and legal risk.

DCEs face counterparty (default) credit risk from their participants and from service providers such as banks and securities custodians. For DCEs that are securities settlement systems or securities depositories, credit risk arises, for example, from the potential that a participant will not pay what it owes for securities that it has purchased or will not deliver securities that it has sold. For DCEs that clear and settle derivatives contracts, credit risk arises from the potential that a participant will not meet its margin or settlement obligations or will not pay any other amounts owed to the DCE.¹⁹ Credit risk also arises for DCEs of any type from commercial banks or custodians that the DCE uses to effect money transfers among participants, to hold overnight deposits, or to safekeep collateral.

DCEs that are central counterparties take offsetting positions as substituted counterparty and, therefore, do not ordinarily face market risk except in the event of a participant default. In such an event, this market risk takes two forms. First, the DCE may need to liquidate collateral posted by the defaulting participant. The DCE is therefore exposed to the risk that movement of market prices of the collateral of the defaulting participant could result in the DCE having insufficient financial resources to cover the losses in the defaulting participant's open positions. Second, a DCE is subject to the risk of movement in the market prices of the defaulting participant's open positions in the interval between when the DCE takes control of those positions and when the DCE is able to offset or liquidate those positions.

In addition to credit risk and the aforementioned market risk, DCEs also face liquidity or funding risk. Currently, to complete the settlement process, DCEs rely on incoming payments from participants in net debit positions in order to make payments to participants in net credit positions. If a participant does not have sufficient funds to make an incoming payment immediately when it is due (even though it may be able to pay at some future time), or if a settlement bank is unable to make an incoming payment on behalf of a participant, the DCE faces a funding shortfall. A DCE typically holds additional financial resources to cover potential funding shortfalls such as margin collateral or lines of credit. However, if collateral cannot be liquidated within a short time, or if lines of credit are unavailable, liquidity risk is exacerbated.

A DCE faces two types of non-financial risks - operational and legal - that may disrupt the functioning of the DCE. Operational risk is a broad category that relates to potential losses arising from deficiencies in internal processes, personnel, and information technology. DCEs face operational risk from both internal and external sources, including human error, system failures, security breaches, and natural or man-made disasters.

Legal risk is the risk that the DCE may suffer a loss because the legal system underpinning a DCE's operations does not support its rules and procedures. An example of legal risk is the risk that obligations of the DCE's participants to the DCE or the DCE's rights to collateral are not enforceable. Key aspects of DCE operations in which legal risk is relevant include laws and regulations governing contracts and insolvency, the rights of participants, the enforceability of netting arrangements, and the discharge of obligations and settlement finality. The cross-border activities of a DCE may also present elements of legal risk.

Risk Management at DCEs

In order to manage this array of risks, DCEs employ various risk management frameworks. These frameworks include rules, processes, procedures, and controls. For example, DCEs mitigate credit risk by, among other things, establishing eligibility standards for participants, collecting initial margin collateral from participants to cover exposures, marking open positions to market each day and collecting variation margin, holding a pool of financial resources to cover and mutualize losses from potential defaults, and establishing minimum creditworthiness and capitalization criteria for commercial banks used as settlement agents. DCEs mitigate market risk by marking collateral to market, collecting additional collateral where necessary, and taking appropriate haircuts on the value of collateral. They manage liquidity risk by collecting sufficient margin to cover changes in portfolio values, calculating financial resource needs based on stress testing (taking into account both historical data and hypothetical scenarios), and holding and/or having access to sufficient financial resources to meet funding needs in the event of a participant default.²⁰ DCEs mitigate operational risk by having effective policies, procedures, and internal controls; strong and well-tested business continuity plans; and systematic monitoring processes. Finally, DCEs mitigate legal risk by ensuring that their procedures and policies have a well-founded legal basis in all the jurisdictions in which each DCE operates.

DCEs have several incentives to implement comprehensive risk management programs. First, the ongoing viability of a DCE depends on its reputation and the confidence that market participants have in its clearance and settlement services. Thus, DCEs have an incentive to minimize the likelihood that a participant failure or operational outage would disrupt settlement. Second, many DCEs, including DCEs that mutualize default risks, contribute a portion of their own capital as part of their contingent resources. Thus, DCEs have an economic interest in sound risk management. Third, DCEs in the securities and derivatives markets are self-regulatory organizations (SROs) that enforce applicable rules and requirements under SEC or CFTC oversight. Thus, DCEs have a legal incentive to protect certain public interests in the process of clearing securities or derivatives.

DCEs' incentives for sound risk management, however, may be tempered by cost-reduction or profit-maximizing pressures that are distinct from the public interest goals set forth in governing statutes. In particular, DCEs and their participants may not place the same weight on managing systemic risks arising from the clearance and settlement process. Moreover, DCEs that compete for clearing and settlement business may have an incentive to lower risk standards to obtain or maintain a competitive advantage. In either case, DCE incentives may not be aligned with public policy goals of financial stability.

As will be discussed in the next section, an effective supervisory program serves as a necessary counterbalance to the DCE incentives described above to ensure that a DCE's risk management program comports with applicable statutes and regulations. Supervisory agencies use these programs to evaluate whether DCE policies are adequate to protect against applicable risks and foster financial stability in the markets a DCE serves.

Back to section top

Section IV: Common Elements of Risk-Based Supervision

Today, the CFTC's and the SEC's supervisory programs for clearing entities (CEs) and the Board's supervisory program for FMUs have three primary elements in common: objectives that set forth the purpose of a CE or FMU evaluation, standards against which the CE or FMU is evaluated, and processes and tools for performing an evaluation. Additionally, if, in the course of an evaluation, supervisors find deficiencies, weaknesses, or significant unaddressed risks at a CE or FMU, then supervisors have recourse to a variety of corrective options, including formal enforcement actions.

This section briefly discusses key common elements of the supervisory programs of the CFTC, the SEC, and the Board.²¹ While each agency's program is unique, each uses these key elements. The CFTC and the SEC will use their existing supervisory programs to evaluate DCEs, incorporating information discussed in Section V of this report.

Risk-Focused Supervisory Objectives

A primary objective in supervision is to determine whether a CE or FMU meets the risk management requirements of the supervisor's governing statutes and regulations, both at a point in time and on an ongoing basis. An effective supervisory program enables a supervisor to gain a broader understanding of the risk profile and risk management processes, procedures, and controls of a DCE or FMU (i.e., its risk management framework) in order to fulfill this objective. In addition, the particular risks posed to and by a CE or FMU guide the supervisor in determining the focus of its supervisory program for that CE or FMU.

Back to section top

Risk Management Standards

Supervisory evaluation of a CE's or FMU's risk management framework begins with an assessment of that framework against standards that are established in statutory provisions, regulations, and policies. DCOs regulated by the CFTC must comply with all the applicable provisions of the CEA, including the DCO core principles established in Section 5b of the CEA and relevant CFTC regulations, which require the DCO to maintain adequate and appropriate risk management capabilities. Clearing agencies regulated by the SEC must comply with all applicable provisions of the Exchange Act, including Sections 17, 17A, and 19, and with the relevant rules and regulations adopted by the SEC, which require CAs to have the capacity to facilitate prompt and accurate clearance and settlement. Systemically important FMUs supervised by the Board are expected to meet risk management expectations set forth in its Policy on Payment System Risk, which incorporates recognized international risk management principles and minimum standards.

In addition to existing statutory and regulatory standards, the CFTC, the SEC, and the Board are conducting rulemaking processes designed to promulgate enhanced standards for DCEs and DFMUs consistent with Section 805 of Title VIII of the Act.²² In doing so, the agencies are required to take into consideration relevant international standards and other prudential requirements.²³ International standards established by the Committee on Payment and Settlement Systems (CPSS) and the International Organization of Securities Commissions (IOSCO) provide a basis for management of risks in systemically important systems. The international standards also provide a common risk management framework and a set of minimum risk management principles across national jurisdictions, which allow national authorities to more effectively cooperate and address global systemic risk.²⁴

Back to section top

Supervisory Processes and Tools

Supervisors use a variety of tools to assess a CE's or FMU's condition, develop reasoned conclusions, and induce corrective actions where needed. These may include evaluation at the initial registration or application processes, examinations, ongoing monitoring, cooperation with other domestic and foreign regulators, communication of findings, and agreements on corrective actions.

Supervision generally begins with a CE's or FMU's application for registration, authorization, or charter. At this stage, the supervisor reviews the applicant's proposed risk management framework and determines the applicant's ability to meet requirements of governing statutes and regulations. Once an application is approved, the supervisor performs examinations of the CE's or FMU's operations. In general, examinations consist of a review and evaluation of internal CE and FMU reports and analysis related to risk management and verification by examiners of the information contained in the CE's and FMU's reports and analysis.²⁵ Examinations also typically cover a review of policies, models, processes, procedures, and internal controls to evaluate the effectiveness and adequacy of DCE operations under relevant statutory and regulatory requirements. In addition to examinations, supervisors monitor CE and FMU activities through a review of rules and procedures that are adopted or amended by the CE or FMU. Examinations and rule filing review are supplemented by ongoing monitoring, which could include reviewing products that are accepted for clearance and settlement; reviewing or conducting periodic (such as daily or monthly) testing, including back-testing and stress-testing, to verify the CE's or FMU's measurements of credit, market, and liquidity risks; reviewing internal audit reports; regular discussions between supervisory and CE or FMU staff and management; and information collection and analysis.

At any stage during the supervisory process, supervisors may seek input from experts from functional areas both within a particular Supervisory Agency as well as from relevant domestic and foreign supervisors.

Supervisors communicate examination and monitoring results to the CE or FMU through orders, examination reports, or ad hoc communications. Supervisors typically provide a summary report or letter to the CE or FMU containing recommendations that the CE or FMU is expected to implement in order to strengthen its risk management program. The CE or FMU responds with a written description of the actions that it has taken or plans to take in response to the recommendations.

Finally, supervisors have statutory authority to induce corrective actions or remediation when material weaknesses in risk management or violations of relevant statutes or regulations have been identified. This authority includes enforcement, such as the institution of a civil or administrative action against a CE or FMU leading to the imposition of sanctions such as a civil monetary penalty, a cease and desist order, or suspension or revocation of the CE's or FMU's registration, authorization, or charter.

Back to section top

Section V: Recommendations

The supervisory programs of the CFTC, the SEC, and the Board are conducted in an autonomous manner, with interagency cooperation where entities are supervised by more than one agency.²⁶ With Title VIII, Congress has provided a new cooperative supervisory framework for DCEs, a framework that provides requirements for enhanced risk management, a greater focus on systemic risk both within and across DCEs, an enhanced role for the Board in the supervision of risk management standards for systemically important financial market utilities (DFMUs), and closer consultation among the CFTC, the SEC, and the Board. The legal basis for consultation is described in Section IIof this report and includes statutory authority for sharing examination reports and other confidential supervisory information, Board participation on DCE examinations, and coordinated development of DCE risk management supervision programs.

The primary purpose of closer consultation is to provide the CFTC, the SEC, and the Board an enhanced ability to look across DFMUs in a consistent way to identify and address sources of systemic risk. With consultation, the agencies will have opportunities to leverage their unique perspectives in order to gain a broader view and understanding of the various risks and risk management techniques at DFMUs, as well as common risk issues and interdependencies across DFMUs and between DFMUs and the broader financial system. The new Title VIII supervisory framework does not replace the existing supervisory programs at each agency, and each agency continues to have responsibility for enforcing its respective governing laws, regulations, and policies. Rather, the new framework builds on each agency's existing supervisory program with an interagency consultative process for managing systemic risk that should, over time, enhance and reinforce existing supervisory programs.

The agencies recommend that they take the following five actions that are intended to achieve the statutory goals of improving consistency in oversight, promoting robust risk management, promoting robust risk management oversight, and improving regulators' ability to monitor risks pursuant to Section 813 of Title VIII. These actions build on the pre-existing working relationships and past joint efforts among the agencies, including policy work on the recent CPSS-IOSCO consultative report on principles for financial market infrastructures and recent supervisory collaboration in reviewing the clearing application of New York Portfolio Clearing, LLC, and are designed to help further strengthen and enhance the government's oversight of DCEs.

The CFTC, the SEC, and the Board believe that the consultation and cooperation described in the recommendations are consistent with the enhanced supervision established in Title VIII; will enable the CFTC, the SEC, and the Board to carry out their responsibilities under Title VIII; and will further the purposes of Title VIII to mitigate systemic risk in the financial system and to promote financial stability. In particular, consultations with the Board on the scope and methodology of DCE examinations and participation by the Board on relevant examinations are important elements to enable the Board to carry out its responsibilities under Title VIII, including (1) promoting uniform risk management standards (Section 802(b)(1)) and assessing whether the existing prudential requirements for DCEs are sufficient to prevent or mitigate significant liquidity, credit, operational, or other risks to the financial markets or to the financial stability of the United States (Section 805(a)(2)(B)); (2) assessing potential risks to a Federal Reserve Bank that might provide a DCE with access to an account and/or payment services (Section 806(a)); and (3) assessing potential risks to a Federal Reserve Bank that might provide an advance to a DCE in unusual or exigent circumstances (Section 806(b)). The agencies are cognizant that challenges to the effective implementation of the recommendations may arise; if they do, the agencies are committed to working diligently to address the challenges together. Finally, the CFTC, the SEC, and the Board also recognize that the processes for supervisory coordination outlined below will need to evolve over time as risks, markets, and regulatory frameworks change.

1. The CFTC and the SEC should work towards finalizing rulemakings establishing enhanced risk management standards for DCOs and CAs, including DCEs, in consultation with the Board and other agencies. The CFTC and the SEC should continue such consultation in connection with future agency rulemakings related to changes in risk management standards for DCEs. The CFTC and the SEC have each recently proposed regulations, including critical risk management standards, governing the clearing and settlement operations of DCOs and CAs, including DCEs. These sets of regulations are broadly consistent with each other, and with both established and proposed international standards. The process of developing these proposed regulations included both consultation between the CFTC and the SEC, and consultations with the Board and other agencies represented on the Council. Adopting these regulations could promote both robust risk management by DCEs and robust risk management oversight by their regulators. Accordingly, the CFTC and the SEC should work diligently to review public comments on the proposed regulations, and to work towards promulgating final regulations, in consultation with the Board and other agencies.

   Enhancing risk management oversight under Title VIII is promoted by improving the consistency of risk management standards among the agencies. These goals are fostered by the process of consultation between the agencies. Accordingly, the CFTC and the SEC will consult with the Board and other agencies in connection with their current risk management-related rulemakings as well as in connection with subsequent changes to agency regulations related to risk management standards for DCEs. Consultation should take place sufficiently early in the review process to allow adequate time to analyze the proposed regulatory change and engage in a meaningful exchange of views.
2. The CFTC and the SEC should formalize a process for consulting with the Board regarding proposed material changes to a DCE's rules, procedures, or operations. Section 806(e) of the Act requires the CFTC and the SEC to consult with the Board before taking any action on, or completing their review of, a DCE's proposed changes to its rules, procedures, or operations that could, as defined in the rules of the CFTC or the SEC, respectively, materially affect the nature or level of the DCE's risks. Meaningful consultation contributes to an effective assessment of proposed changes through the constructive exchange of comments and views among appropriate agency staff.²⁷

3. The CFTC, the SEC, and the Board should develop and implement an ongoing consultative mechanism that promotes (a) a shared understanding of potential systemic risks, and (b) an exchange of insights on effective supervisory risk management practices and techniques. The core risks described in Section IIIof this report (credit, market, liquidity, operational, and legal risk) are of interest to, and monitored by, each supervisory agency. Furthermore, many DCEs have functionally similar clearing and settlement processes. For example, certain DCOs and CAs that act as central counterparties use similar risk management practices, such as mutualization of central counterparty risk. Despite these common supervisory interests and common DCE practices, the risk management supervision programs at the CFTC, the SEC, and the Board necessarily differ in some respects because of unique legal bases for supervision, agency mandates, and types of entities supervised by each agency. These differences may give rise to distinct agency-specific emphases in the supervisory process, approaches to risk assessment, and supervisory tools and procedures. In light of these differences, the agencies believe that the opportunity to share their unique supervisory perspectives on risks and risk management with the other agencies and to learn from the other agencies will be an important mechanism for identifying systemic risks, improving consistency over time in the DCE oversight programs of the CFTC and the SEC, and promoting more effective risk management supervision across DCEs.

   For example, the staffs of the CFTC, the SEC, and the Board may identify, in their individual risk assessments, the use of the same commercial banks by multiple DCEs as settlement banks or as providers of back-stop liquidity to the DCEs. As a result of consultation, the three agencies should be more readily able to identify such common DCE dependencies and understand the potential systemic risk posed by reliance on the same commercial banks. The agencies will also be better able to determine if further assessments of the DCEs' risk management procedures to address such dependencies, including the need to test the adequacy of back-up lines on days of market stress, would be critical to mitigating systemic risk. The agencies may also find it useful to share perspectives on, and their various supervisory approaches to assessing, certain common DCE risk management methods. Finally, consultation should help the agencies collectively to identify and assess areas where DCE risk management practices may interact or be subject to a stress event that would affect multiple DCEs. Supervisory and analytical consultation on topics such as these will enhance systemic oversight of DCEs and improve the consistency of such oversight, as envisioned by Title VIII.

   To promote effective consultation along these lines, the agencies should hold an annual coordination and planning meetiecng supplemented by ongoing dialogue and periodic meetings as warranted among the CFTC, the SEC, and the Board. The purpose of the annual meeting and ongoing dialogue should be to identify emerging risks, discuss key DCE risk issues that may be examined by each agency, and help inform effective supervisory responses to such risks.²⁸ Key risk issues should generally be framed in terms of relevant risk management standards. These consultations should also be an important mechanism for providing input and context to bilateral consultations between each agency and the Board regarding the scope and methodology of planned examinations (see number 4 below).

   The agencies believe that this proposed mechanism for interagency coordination, informed by applicable statutory requirements, agency regulations, supervisory guidance, and international standards, should provide greater consistency of supervisory inquiry from which the agencies can promote greater awareness of systemic risk, and help identify areas for enhancing risk management practices at DCEs. As risks and risk management practices evolve, consultation also should facilitate shared learning and analysis across the agencies so that supervisory programs can adapt in response to changing DCE risks.
4. The CFTC and the SEC should develop a process for consulting with the Board at least once a year regarding the scope and methodology of their planned examinations of DCEs for which each is the Supervisory Agency and providing the Board with the opportunity to participate on such examinations. The CFTC and the SEC should review and incorporate the risk issues described in Section 807(a) of the Act during their annual examination planning process. Before completing this process, the CFTC and the SEC should each separately consult, and work collaboratively with, the Board regarding the scope and methodology of DCE examinations that are scheduled for the upcoming examination cycle, consistent with Title VIII, and additionally consult, as needed, during the year. The CFTC and the SEC, as appropriate, shall lead all examinations as provided for by Section 807(d) of the Act. The Board expects that it will participate on every relevant DCE examination where practicable as allowed under Section 807(d)(2) of the Act.

5. The CFTC, the SEC, and the Board should develop a process for appropriate information sharing. An important component of effective interagency consultation and risk identification is appropriate information sharing among the agencies. Title VIII provides the authority for such information sharing in Section 809 pursuant to which the agencies plan to develop an appropriate process for regular information exchange. The process should cover procedures for sharing, and preserving the confidentiality of, written and oral information such as examination reports, information about material concerns, and other appropriate confidential supervisory information. Therefore, each of the agencies will need to determine which reports and information may be appropriate to share, the circumstances under which they might be shared, and any appropriate conditions under which they might be shared, including reasonable assurances of confidentiality as required by Section 809 of the Act. Each agency will designate staff who are authorized to request, receive, notify, or be notified about such information.²⁹ One possible mechanism for implementing such information sharing may be through an MOU among the CFTC, the SEC, and the Board.³⁰

   In addition to the sharing of supervisory information among the agencies, Section 809 of the Act also authorizes the Board and the Council to request reports or data from a DFMU in order to permit the Board to assess the safety and soundness of the utility and the systemic risk that the utility's operations might pose to the financial system. The Board must coordinate with the Supervisory Agency first to determine if the information is available from, or may be obtained by, the Supervisory Agency. The Board will work with the SEC and the CFTC to further define this process. In general, the Board will request additional information when it is necessary to make the assessment described in number 4 above.

Back to section top

Appendix: Overview of Current Supervisory Frameworks for Clearing Entities and Systemically Important Financial Market Utilities

SEC Supervisory Program for Clearing Agencies

Clearing agencies are overseen by the SEC and are subject to registration and operational requirements contained in the Exchange Act.³¹ In particular, Sections 17, 17A, and 19 of the Exchange Act and rules and regulations thereunder set forth requirements applicable to CAs.³² Clearing agencies must be registered with the SEC pursuant to Section 17A of the Exchange Act, unless exempted by the SEC from such registration.³³ A registered CA is a self-regulatory organization (SRO). Pursuant to Section 19 of the Exchange Act, an SRO must file with the SEC any proposed changes to its rules as well as enforce compliance by its participants with its rules. Consistent with Sections 17(a) and (b) and 17A of the Exchange Act, the SEC has the authority to conduct examinations of, and obtain information from, a CA.

Supervisory Objectives

In establishing a system for the regulation of CAs, Congress found that

• the prompt and accurate clearance and settlement of securities transactions, including the transfer of record ownership and the safeguarding of securities and funds related thereto, are necessary for the protection of investors and persons facilitating transactions by, and acting on behalf of, investors
• inefficient procedures for clearance and settlement impose unnecessary costs on investors and persons facilitating transactions by, and acting on behalf of, investors
• new data processing and communications techniques create the opportunity for more efficient, effective, and safe procedures for clearance and settlement
• the linking of all clearance and settlement facilities and the development of uniform standards and procedures for clearance and settlement will reduce unnecessary costs and increase the protection of investors and persons facilitating transactions by, and acting on behalf of, investors ³⁴

As a result, Congress directed the SEC to facilitate the establishment of (1) a national system for the prompt and accurate clearance and settlement of transactions in securities (other than exempt securities) and (2) linked or coordinated facilities for clearance and settlement of transactions in securities, securities options, contracts of sale for future delivery and options thereon, and commodity options.³⁵ In using its authority, the SEC must consider the public interest, the protection of investors, the safeguarding of securities and funds, and the maintenance of fair competition among brokers and dealers, clearing agencies, and transfer agents.³⁶

Back to section top

Supervisory Processes and Tools

Application Review

The SEC's oversight of CAs begins with a CA's application for registration, and continues following registration through a review of rule filings submitted to the SEC, examinations by the SEC, and periodic monitoring of the CA's risk management framework and operations.³⁷ To register with the SEC, a CA must submit a Form CA-1, which includes pertinent information regarding the operations of the CA.³⁸ When a Form CA-1 is filed, the SEC publishes notice of the filing in the Federal Register and then must either (1) grant the registration or (2) institute a proceeding to determine whether such application should be denied.³⁹

Section 17A of the Exchange Act specifically sets forth a list of standards, including those regarding a CA's organization and capacity, and rules that a CA must comply with prior to having its application for registration granted. All registered CAs must comply with the standards in Section 17A, which include, but are not limited to, maintaining rules for promoting the prompt and accurate clearance and settlement of securities transactions; assuring the safeguarding of securities and funds which are in the custody or control of the CA or for which it is responsible; fostering cooperation and coordination with persons engaged in the clearance and settlement of securities transactions; removing impediments to, and perfecting the mechanism of a national system for, the prompt and accurate clearance and settlement of securities transactions; and, in general, protecting investors and the public interest.⁴⁰ A registered CA is also required to provide fair access to clearing and to have the capacity to facilitate the prompt and accurate clearance and settlement of securities transactions and derivative agreements, contracts, and transactions for which it is responsible, as well as to safeguard securities and funds in its custody or control or for which it is responsible.⁴¹

When considering a request for registration, the SEC typically reviews and evaluates the rules, policies, and procedures of the CA for compliance with the Exchange Act. This review includes, as appropriate, an examination of proposed rules and supplementary information on membership standards; representation of CA members in the management and operations of the CA; and a review of information related to margin, financial resources, risk management, default management, liquidity, safeguarding of funds, and operational capacity.⁴²

After registering with the SEC, CAs are required under Section 19(b) of the Exchange Act to file with the SEC copies of any proposed rule or any proposed change in, addition to, or deletion from the CA's rules.⁴³ The SEC reviews all proposed rule changes and publishes them for comment.⁴⁴ Many proposed rule changes are required to be approved by the SEC prior to going into effect; ⁴⁵ however, certain limited types of proposed rule changes may be immediately effective upon filing with the SEC.⁴⁶ When reviewing a proposed rule change, the SEC considers the submissions of the CA and any comments received on the proposed change in making a determination of whether the proposed rule change is consistent with the requirements of the Exchange Act. Section 17A also gives the SEC authority to adopt rules for CAs as necessary or appropriate in the public interest, for the protection of investors, or otherwise in furtherance of the purposes of the Exchange Act, and prohibits a registered CA from engaging in any activity in contravention of these rules and regulations.⁴⁷ This rulemaking authority may be used by the SEC to provide appropriate standards concerning CA activities.

Back to section top

Examinations

The SEC's staff conducts examinations of CAs. As an initial step of the examination, the SEC staff assesses existing and emerging risks to identify areas for review. The review areas may include an examination of corporate governance, internal controls, membership, ongoing member financial surveillance, clearing fund sizing, margin models, risk management systems, capitalization and liquidity, and other critical processes. SEC staff assesses the CA's compliance with applicable statutory and regulatory requirements and the CA's oversight of participant compliance with its rules.

The SEC staff also conducts regular inspections and examinations of CAs' compliance with the SEC's Automation Review Policy statements, which cover the technological infrastructure of trading systems and clearing agencies.⁴⁸ These inspections focus on market systems capacity, vulnerability assessments, business continuity, and new software development, and specifically assess information technology governance, application controls, systems development methodology, information security, business continuity planning, systems capacity planning, computer operations, outsourcing, and internal audit functions of the CA.

After completing an examination, SEC staff compiles an examination report that contains a description of the review, analysis, conclusions, and recommendations. The SEC staffs' examination conclusions are communicated to the CA through an exit interview and through the issuance of a letter to the CA that summarizes the conclusions and recommendations. The SEC staff expects the CAs to respond in writing and address all issues, conclusions, and recommendations identified in the course of the examination. Through its examinations and, where applicable, ongoing monitoring procedures (described below), the SEC staff works closely with the CA to ensure all findings are addressed in a timely manner.

Back to section top

Ongoing Monitoring

The SEC staff participates in a variety of ongoing monitoring reviews focused on governance and risk frameworks and processes. As part of this process, the SEC staff reviews a CA's governance framework, which may include compliance processes; internal audit findings and resolution; board of directors interaction; and risk management framework, including new products/initiative review and approvals, margin methodology, back-testing and stress-testing procedures, risk monitoring practices, model governance practices, and the sizing and allocation of total financial resources.

Back to section top

Enforcement

Through the CA registration and rule filing process, as well as the subsequent monitoring and surveillance of the CA's structure, functions, and operations, the SEC is able to conduct thorough reviews, examinations, and monitoring of CAs to facilitate the establishment of a national system for the prompt and accurate clearance and settlement of securities transactions.

Finally, pursuant to Section 21(a) of the Exchange Act, the SEC may initiate and conduct investigations to determine if there have been violations of the federal securities laws, including those specifically applicable to CAs. Following an investigation, the SEC has the authority to institute civil actions seeking injunctive and other equitable remedies and/or administrative proceedings to, among other things, suspend or revoke registration; impose limitations upon a CA's activities, functions, or operations; or impose other sanctions, such as undertakings.

Back to section top

CFTC Supervisory Program for Derivatives Clearing Organizations

Section 5b of the CEA, 7 U.S.C. 7a-1, requires a DCO to register with the CFTC, and sets forth the Core Principles with which the DCO must comply in order to obtain and maintain its registration.⁴⁹ There are 18 Core Principles. The Core Principles address compliance, financial resources, participant and product eligibility, risk management, settlement procedures, treatment of funds, default rules and procedures, rule enforcement, system safeguards, reporting, recordkeeping, public information, information sharing, antitrust considerations, governance fitness standards, conflicts of interest, composition of governing boards, and legal risk.

Section 5c(c) of the CEA, 7 U.S.C. 7a-2(c), governs the procedures for review and approval of new products, new rules, and rule amendments submitted to the CFTC by a DCO.

Part 39 of the CFTC's Regulations, 17 CFR Part 39, implements Sections 5b and 5c(c) of the CEA by establishing specific requirements for compliance with the Core Principles as well as procedures for registration and for implementing DCO rules and clearing new products. Part 40 of the CFTC's Regulations, 17 CFR Part 40, sets forth additional provisions applicable to a DCO's submission of rule amendments and new products to the CFTC.

Supervisory Objectives

The primary objective of the CFTC supervisory program is to ensure compliance with applicable provisions of the CEA and implementing regulations, and in particular, the Core Principles applicable to DCOs. The CFTC program takes a risk-based approach.

Back to section top

Supervisory Processes and Tools

Application Review

In order to register with the CFTC as a DCO, an organization must submit an application in the form, and containing the information, specified by the CFTC demonstrating that it complies with the Core Principles.⁵⁰ Within 180 days of the submission, the CFTC will approve or deny the application or register the applicant subject to conditions.⁵¹ During that review period, the CFTC should conduct an on-site review of the prospective DCO's facilities, ask a series of questions, and review all documentation received.

Back to section top

Rule Changes

Under the CEA as amended by the Act, a DCO may implement a new rule or rule amendment ten business days after providing to the CFTC a written certification that the new rule or rule amendment complies with the CEA and CFTC regulations.⁵² The CFTC may stay the certification of a new rule or rule amendment for up to 90 days after notifying the DCO that (1) novel or complex issues require additional time to analyze; (2) the DCO has submitted an inadequate explanation of the rule; or (3) the rule is potentially inconsistent with the CEA or the CFTC's regulations. During the stay, the CFTC must provide a public comment period for a minimum of 30 days. If the CFTC has not previously withdrawn the stay, the rule or rule amendment will become effective after the expiration of 90 days, unless the CFTC has determined that the rule or rule amendment is inconsistent with the CEA or CFTC regulations.

A DCO may also request CFTC approval of any new rule or rule amendment either before or after it has become effective.⁵³ The rule or rule amendment will be deemed approved 45 days after receipt of the request by the CFTC, unless the DCO has been notified otherwise. The CFTC may extend the review period for an additional 45 days if it finds that the rule or rule amendment raises novel or complex issues that require additional time for review or that the rule or rule amendment is of major economic significance. The CFTC must approve a new rule or rule amendment unless it finds that the new rule or rule amendment is inconsistent with the CEA or the CFTC's regulations.

The CFTC retains the authority to stay the effectiveness of a rule that has already been implemented pursuant to self-certification procedures during the pendency of a CFTC proceeding for filing a false certification or a CFTC proceeding to itself alter or amend the rule pursuant to Section 8a(7) of the CEA, 7 U.S.C. 12a(7).⁵⁴

Back to section top

Ongoing Monitoring

CFTC risk surveillance staff monitors the risks posed to and by DCOs, clearing members, and market participants, including market risk, liquidity risk, credit risk, and concentration risk. This analysis includes reviews of daily, large trader reporting data obtained from market participants, clearing members, and DCOs, which is accessible at the trader, clearing member, and DCO levels. Relevant margin and financial resources are also included within the analysis.

CFTC staff regularly conducts back-testing to review margin coverage at the product level and follows up with the relevant DCO regarding any exceptional results. Independent stress testing of portfolios is conducted on a daily, weekly, and ad hoc basis. The independent stress tests may lead to individual trader reviews and/or futures commission merchant (FCM) risk reviews to gain a deeper understanding of a trading strategy, risk philosophy, risk controls and mitigants, and financial resources at the trader and/or FCM level. The traders and FCMs that have a higher risk profile are then reviewed during the CFTC's on-site review of a DCO's risk management procedures.

Back to section top

Examinations

The CFTC conducts examinations (under the Act, for DCEs, this will be on an annual basis) and the scheduling and scope-setting for these examinations are risk-based in nature. During the planning phase of an examination, staff considers results of analysis by the CFTC's risk surveillance functions, the previous examination report, the DCO's financial statements, and changes in the DCO's business. Should an issue identified within the prior examination be deemed as material or recurring, a follow-up review on this topic will be included within the current examination. Staff reviews financial statement data received since the last examination for trends or potential concerns. Information obtained either through public news agencies or through private conversations with DCO staff is considered in order to assess potential risk to the DCO. Typical Core Principles targeted on a regular basis within these examinations include those relating to financial resources, risk management, settlement procedures, treatment of funds, default rules and procedures, and system safeguards.

After consideration of the factors described above, an independent, comprehensive, and timely scope of the examination is determined. Typically, a Scope Memo is created along with a Supervisory Plan and Examination Program. These documents ensure all available information is considered, appropriate areas are targeted, and specific review criteria are determined. An Engagement Letter is sent to the DCO with an Initial Document Request List.

CFTC examination teams include risk analysts, DCO analysts, and legal specialists. Teams range from three to four individuals for the smallest DCO, to ten to twelve individuals for the largest DCO. CFTC examinations are cross-functional and include staff from the Division of Clearing and Intermediary Oversight's Clearing Policy Group, Risk Surveillance Group, and DCO Review Group. Joint examinations may be conducted with the SEC when appropriate.

The examination team participates in a series of meetings with the DCO at its facility. CFTC staff communicates extensively with relevant DCO staff, including senior management, and reviews documentation following the guidelines established within the examination Scope Memo. Independent testing of the data produced by the DCO is included within the examination process. When relevant, walk-through testing is conducted for key DCO processes.

Upon completion of the examination, staff drafts a report to the CFTC. This report summarizes general information regarding the DCO, the scope of the current review, key elements of the examination, and the results of the examination, including any issues of concern. In addition, an Exam Report is created and distributed to key individuals, including the DCO's senior management.

Back to section top

Enforcement

Deficiencies noted within the Exam Report are communicated to the DCO prior to the issuance of the report. Various measures are used by the CFTC to assure that the DCO appropriately addresses such issues, including escalating communications within the DCO management and requiring the DCO to demonstrate, in writing, timely correction of such issues. The CFTC has additional means to enforce compliance, including the CFTC's ability to sue the DCO in federal court for civil monetary penalties, ⁵⁵issue a Cease and Desist order, ⁵⁶or suspend or revoke the registration of the DCO.⁵⁷

Back to section top

Federal Reserve Supervisory Program for FMUs

A financial market utility (FMU) that is a state-licensed bank (including trust companies) may apply to the Board to become a member of the Federal Reserve System. Under the Federal Reserve Act, as a condition of membership, state member banks are subject to examinations made at the direction of the Board or the Federal Reserve Bank by examiners selected or approved by the Board.⁵⁸ In addition to FMUs that are state-licensed member banks, the Federal Reserve has supervisory authority over FMUs that are Edge or agreement corporations; uninsured, state-licensed branches and agencies of foreign banks; bank holding companies and their non-depository-institution subsidiaries; and, as of July 21, 2011, savings and loan holding companies and their non-depository-institution subsidiaries. Under the Bank Service Company Act, the Board participates with the other bank regulatory agencies in supervising certain nonbank service companies under the auspices of the Federal Financial Institutions Examination Council.⁵⁹

In addition to its statutory supervisory authority, the Board's Policy on Payment System Risk outlines principles and minimum standards regarding risk management in payment and settlement systems, including those operated by Federal Reserve Banks. The Board is guided by this policy when exercising its authority in supervising FMUs for which it is the primary regulator. Where the Board does not have exclusive authority over systems covered by the policy, it works with other domestic and foreign financial system authorities to promote effective risk management in these systems.

Supervisory Objectives

With regard to FMUs supervised by the Federal Reserve, the primary objective of the supervisory program is to evaluate the safety and soundness of the entity. Safety and soundness is the overall stability, health, and condition of the FMU. An evaluation of safety and soundness is risk-based, with the goal of identifying the inherent risks of an FMU and assessing the FMU's ability to identify, measure, monitor, and control those risks against relevant risk management standards adopted by the Board in its Payment System Risk Policy as well as other risk-based supervisory guidance. The evaluation also includes an assessment of the FMU's internal audit and controls as well as compliance with applicable banking laws and regulations.

Back to section top

Supervisory Processes and Tools

The evaluation of safety and soundness is implemented through an annual supervisory cycle that begins with a formal risk assessment of the institution and includes thorough, risk-focused on-site examinations, effective off-site surveillance, relevant information collection and sharing with other supervisors, and cross-functional analysis with internal experts. These tools and processes are discussed below. The Federal Reserve places particular emphasis on on-site examinations and active dialogue with FMU board and management and maintains a continual presence on-site at the FMU.

The purpose of gathering information using the various tools and processes is to evaluate whether the FMU has a sound risk framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Specific aspects of these risks that are measured include, but are not limited to, the following:

Legal Risk

• a review of the laws and regulations that govern property, contracts, insolvency, banking, secured interests, insolvency, and investor protection in relation to the FMU's activity to ensure that the FMU has a well-founded legal basis for its operations
• an evaluation of whether the rights and interests of participants are clearly articulated in the FMU's policies and the legal underpinnings of FMU operations (e.g., settlement finality, netting, novation, procedures for participant default)

Back to section top

Credit Risk

• an evaluation of FMU monitoring and managing of credit risks from participants and from its settlement processes

• an evaluation of adequacy of financial resources to cover potential losses by

  • assessing the FMU's framework for credit risk management oversight, ensuring the adequacy of participant membership requirements and collateral and margining arrangements
  • assessing the procedures used by the FMU to measure and test its current and potential exposures and ensuring sufficient liquid resources are available to cover those exposures
  • evaluating the governance process used by the FMU to assess the models that it uses to set margin levels and to plan for default scenarios

Back to section top

Liquidity Risk

• an evaluation of whether the FMU is determining total expected and plausible liquidity needs, available resources and arrangements to meet these needs, and testing of the reliability of resources and arrangements by ensuring that the FMU:

  • produces periodic liquidity-needs reports that measure its worst-case liquidity risk needs, including (at least) the assumption of an affiliated family default, no incoming payments for those defaulting members, and extreme price moves
  • describes its needs against its resources, its ability to access cash and committed arrangements to convert noncash assets into cash, and any uncommitted arrangements the FMU relies on for this purpose
  • tests such arrangements and articulates contingency plans in the event one or more arrangements do not work

Back to section top

Operational Risk

• an evaluation of the procedures that the FMU has for identifying operational risk from external and internal sources and the policies, procedures, and controls put in place to mitigate those risks, including:

  • reviewing the FMU's internal controls and internal audit review
  • ensuring that the FMU does periodic systems testing
  • assessing the quality of operations personnel
  • ensuring there are formal change-management procedures, benchmarks for operational reliability, and documentation for operational incidents
  • ensuring sufficient systems-processing capacity
  • assessing the FMU's information security program
  • ensuring the FMU has a business continuity plan that is periodically tested as well as crisis management procedures
  • assessing the continuity of technology links to participants and service providers
  • reviewing the FMU's process for monitoring outsourcing arrangements

Back to section top

Examinations and Control Testing

The scope of examination work and control testing, which are conducted on-site and off-site, are determined by focusing on areas of higher risk. This process identifies the risk areas to be reviewed, as well as fully supporting key supervisory issues to be examined or controls to be tested. The scope of supervisory work to be conducted is vetted by the Board and the Reserve Banks in order to ensure an opportunity for relevant parties to provide insights regarding the risks and controls being evaluated and to ensure consistency in the supervisory approach. The scoping process is formally documented through a scope memorandum and is supplemented with an entry letter to the FMU that serves as the examination document/meeting request.

An examination includes transaction testing and validation to assess risk control processes or validate management's assertions around business activities and related risk mitigation mechanisms. Supervisory findings and/or concerns are communicated on a regular basis to the FMU. Outstanding issues and concerns, as well as any corrective actions, are appropriately tracked and raised with the FMU.

Back to section top

Ongoing Monitoring

Ongoing monitoring takes several forms. One piece consists of validating the FMU's processes for identifying and managing risks related to new product development and changes in business practices and services. Another piece consists of ensuring the FMU is continually identifying and measuring risk, including a mechanism for ensuring regular, ongoing interaction and discussion with the FMU's board of directors, senior business leaders, and risk control leadership. This discussion focuses on both mitigating risks within the firm as well as related financial market systemic risk. The continuous monitoring process also includes regularly reviewing and assessing corporate governance and committee records and documentation, transaction and risk management reports, compliance reports, internal audit reports, and any other reports deemed necessary to critically evaluate the safety and soundness of the FMU and to ensure strong and independent risk management functions are in place.

Back to section top

Information Sharing

The supervisory program includes regular sharing, and responding timely to requests for, supervisory information between the relevant supervisory agencies, including relevant foreign authorities.

Back to section top