BIS issues recommendations for managing securities settlement:
"The Bank for International Settlements (BIS) has released recommendations for managing operational risk for central counterparties (CCPs). The guidance, published in the form of a consultation paper, addresses issues crucial to ensuring reliability, including system security, business continuity, and outsourcing for securities settlement.
The consultation paper and its emphasis on operational risks are part of a global effort to enhance the resilience of wholesale banking services, such as payments, clearance and settlement. The 9/11 attacks hastened development of programmes to improve infrastructure resilience. However, in this consultation paper, as in similar papers published in the past year, banking leaders are increasingly pointing to significant risks resulting from automating business functions. Automation, they conclude, may result in operational failures even without malicious activity.
The consultation paper recommends specific risk management and mitigation precautions. Portions of the securities settlement process are heavily dependent on electronic communications. As a result, many of the paper's recommendations focus on information security risks, including failure to set governance expectations, identify sources of risk, and establish adequate controls.
Infrastructure operators should address each of the following to manage operational risks to CCPs:
1. Systems and transactions security: operators should secure all key systems and ensure that they are sufficiently reliable, scalable, and able to handle large volumes of transactions. Achieving information assurance requires infrastructure operators to identify sources of cyber-related risk and establish sound internal controls. The consultation paper proposes not only sufficient forensic capabilities, but also subjecting key systems to 'periodic independent audit and external audits.'
2. Business continuity: operators should have robust business continuity plans that are supported by senior management. The consultation paper indirectly supports the two-hour time standard recognised by the Federal Reserve Board of Governors and other Federal regulators for critical infrastructure assets. Specifically, the BIS recommends establishing minimum 'recovery of operations and data' requirements, which 'should occur in a manner and time period that enables a CCP to meet its obligations on time.' In addition to regularly reviewing and testing plans, the recommendations require companies to adequately fund business continuity objectives.
3. Outsourcing assessment: CCPs can inadvertently increase their operational risk by transferring critical functions to third parties. The consultation paper states that operators should ensure that outsourced operations meet the same standards as if they were provided directly.
The Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commissions collaborated in finalizing the paper, Recommendations for Central Counterparties. The Authors are seeking comment by June 9th, 2004.
What is a Central Counterparty?
Central counterparties function within derivatives and securities exchanges, acting essentially as a 'buyer to every seller, and a seller to every buyer.' The CCP guarantees that if one party to a transaction defaults, the transaction can still be completed. This effectively eliminates a substantial source of risk. In this way, CCPs have greatly improved the functioning of financial markets such as the New York Stock Exchange and the NASDAQ Stock Market. However, global banking leaders have become increasingly concerned with new risks associated with central counterparty functions. These include automation, reliance on information technology, and infrastructure resilience. The consultation focuses on these infrastructure risks and proposes management and mitigation activities that institutions should undertake."