Sub custodian Risk Monitoring: analysing shifts in the industy practise

36

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

In the wake of the global financial crisis, Tier 1 and 2 banks and brokers have been reviewing their procedures for mon-itoring risk across sub-custodian networks, CSDs and cash correspondents. Derek Duggan, Director of Data Services at ratings, information and institutional advisory specialist Thomas Murray, notes that in the past some global net-work management groups have relied heavily in their sub-custodian risk monitoring on input from industry surveys, passive web conferencing or sub-custodian relationship and sales visits to complete their due diligence – and such an approach has obvious weaknesses. However, banks and brokers now wish to verify this information themselves and are taking necessary steps to do so.

Indeed, under FSA regulations in the UK, broker-dealers and global custodians running their own network have pre-viously faced no explicit requirement to conduct regular on-site monitoring for their sub-custodians. Network managers would ask their sub-custodians to complete risk question-naires, in many cases supplementing this with additional information acquired by conference call, and commonly this would satisfy their internal compliance requirement. Little, outside the largest groups, was done at all to look at the local market infrastructure organisations, including CSDs. It is evident, notes Duggan, that some network groups were not conducting regular on-site due diligence, particularly for the smaller, low-volume markets within their networks.

Sub-custodian Risk Monitoring:

analysing shifts in industry practice

The global financial crisis has prompted network management groups to review procedures for monitoring risk across their sub-custody networks and for ensuring that assets held with sub-custodians and infrastructure entities are well protected. Bob Currie reports

Financial Services Research Q

4 2010 3

7Sub-custodian risk

Some broker-dealers had little in place for monitoring the performance of their sub-custodian and for identifying points of risk. As a consequence, it was questionable whether this level of passive monitoring provided the robustness and resiliency to protect client assets adequately. European regulatory initiatives are now forcing change. Both the Alternative Invest-ment Fund Manager (AIFM) Directive and the pending UCITS V Directives currently require the global custodian to take re-sponsibility for their sub-custodians. This, notes Duggan, is a very sensitive issue in the industry. Some global custodians have responded by expanding their own self clearing arrangements, reducing depend-ency on a network and keeping the risk on their own balance sheet. There has also been pressure in this direction from asset owners, which are demanding greater transparency from their global custodians regarding potential risks to their assets at market level. This level of risk disclosure is something that the US Securities and Exchange Commission, under its Rule 17f-7 to the Investment Company Act, have required for mutual funds for nearly a decade.

For Simon Shepherd, Chief Executive of MYRIAD Group Technologies – provider of technology and analytics to assist network managers in monitoring performance across their supplier relationships – the global financial crisis drove home to some network management groups the need for urgent review of their internal procedures. He makes the point, somewhat forcibly, that sub-custodian risk monitoring is often disjointed, ad hoc in nature, and lacking in quality. Because the process does not utilise available technology, this has often re-mained a manual, labour-intensive process that consumes too much time and is not conducted with necessary frequency. “It is possible to identify a dozen or more institu-tions across our industry that review their sub-custodian networks in their entirety no more than once every three years,” he com-ments. “In many cases, these organisations recognise that they should be reviewing their entire network every six months. But they do not have the manpower or the

technology to establish an efficient rolling six-monthly review process.”

Some of these inadequacies became clearly apparent in the tumultuous days of Sept-Oct 2008. Shepherd contends that in days following the Lehman Brothers bankruptcy, risk managers were approaching the network team asking for a complete list of the counterparts that they are dealing with across their global networks – and, in some instances it might take days or even weeks to assemble such a list (see further in S. Shepherd, Building on Stable Tech-nology, FSR Q2 2010, pp 68-9). “For the Head of Network Management, it should be possible to draw upon an appropriate technology package in order to pull down a complete and up-to-date list within minutes, providing as much detail as the risk management division, its credit team or its senior management might require,” he says. “But many organisations at the current time are not remotely close to that reality. They may be able to go to a paper-based file and pull down lists that they have prepared some time previously. But they have limited ability to gain a real-time consolidated view on key information: how large is our current exposure to X and Y counterpart? How much did we pay sub-custodian Z last month and how does this breakdown across the suite of services that they provide to us?”

Publicly, notes Shepherd, some network management teams might declare that the level of protection afforded to client assets is as robust as it possibly could be. But he adds a caveat that this protection is as robust as it could be when employing out-moded, paper-based procedures that are highly labour-intensive. “If you work with seven sub-custodians who are part of the same group, but you call and spell them 25 different ways, including the parent, how comprehensive is your risk-reporting going to be?”, he inquires.

Review processHowever, it is evident that Shepherd’s criti-cisms are targeted at selected institutions that have been slow to prepare for crisis and slow to react in its wake. At the other end of the best practice spectrum, there

Derek Duggan,Director of Data Services, Thomas Murray

38

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

are also banks and brokers that have taken early and comprehensive steps to ensure that they have robust procedures in place and to remedy any weaknesses that may become apparent.

Managing Director of JPMorgan Network Management, Elizabeth Fortier, indicates that JPMorgan has conducted a detailed review of its existing protocols in the wake of the global financial crisis – and has been encouraged by how well its procedures for sub-custodian selection and monitoring stood up during this period of economic upheaval.

Subsequently, JPMorgan has maintained broad continuity with these established

procedures – but has also made selective adjustments to internal policies in order to strengthen its ability to respond as an organisation to potential risks. Specifically, it has introduced amendments to internal communication protocols to ensure that it can coordinate a prompt and formalised response across key divisions within the organisation. The goal is to ensure that key personnel have access to necessary infor-mation, their responsibilities are clearly de-fined, and that appropriate data is in place to support prompt decision making during times of financial stress. “These relatively small adjustments to our internal proce-dures can make a big difference in enabling key staff to determine the appropriate course of action and execute quickly under crisis conditions,” says Fortier.

Also, JPMorgan network management has conducted a comprehensive review of the contractual arrangements that it

has in place with sub-custodians. This has included an appraisal of documentation, including service level agreements and any parental guarantees that a bank may offer across its branch network. The objective is to ensure that levels of protection afforded to client assets are as high as they can be – and also to remove the possibility that standards of service delivery may slip during periods of financial trauma.

Beyond the above, Fortier outlines two important developments that JPMorgan network management has made to its sub-custodian appointment process. The first is to appoint “back-up” sub-custodians in selected markets across its network. “We have established accounts with a second

sub-custodian in a number of locations, providing contingency provision that will help us to react quickly should we identify a potential threat in any of these locations,” she says. Looking back 10 years, JPMorgan had dual agents in a number of markets as it managed the Y2K problem and transition to the euro. This provided a back-up plan, should any of its sub-custodians experience difficulties during these project migrations. However, this is the first instance since that time when JPMorgan has taken a decision to appoint a back-up sub-custodian as a contingency measure.

Second, JPMorgan is assessing the poten-tial benefit of employing direct custody arrangements in more markets globally. JPMorgan Worldwide Securities Services recently established a sub-custody opera-tion in Ireland to complement the custody and clearing presence that the bank already has in India, Russia, Taiwan, Australia and

Little, outside the largest groups, was done at all to look at the local market infrastructure

organisations, including CSDs. It is evident that some network groups were not conducting regular

on-site due diligence, particularly for the smaller, low-volume markets within their networks. Some

broker-dealers had little in place for monitoring the performance of their sub-custodian and for

identifying points of risk. As a consequence, it was questionable whether this level of passive

monitoring provided the robustness and resiliency to protect client assets adequately.


4 2010 3

9Sub-custodian risk

New Zealand, the UK and the US. With this development, JPMorgan network manage-ment has the option of utilising a group sub-custodian as a means to control risk more effectively across its sub-custodian network. Strategically, the bank will continue to explore avenues for business expansion and this will include potential opportunities to establish on the ground custody and clearing coverage in more markets worldwide.

Clearstream’s Head of Network Manage-ment and Executive Board Member Mark Gem reports that, within his organisation, change has also been incremental rather than representing an all-embracing over-haul of network management practice and supporting operations. In many cases, he suggests, network managers across the industry have taken all reasonable meas-ures to ensure that client assets are well protected across their global networks. However, the global financial crisis has highlighted a number of areas where approaches to risk management may be changing.

One such area is continuity planning. Clearstream’s approach to ensuring conti-nuity, he explains, has been to seek direct access to the financial infrastructure wher-ever possible. In line with this objective, it has employed an operated account model whenever practical, enabling Clearstream to establish direct access to the CSD, and when possible the payment system, even in instances where, from an operational perspective, it still requires intermediation from a local sub-custodian.

Through this model, Clearstream has created a set of tools designed to offer maximum protection to beneficial owners regarding the safety of their assets at market level. “This is not to imply that we aim to disintermediate our banking clients and to reach out directly to institutional in-vestors as our future customers,” says Gem. “However, we do wish to offer a robust and flexible set of service options to this in-vestor community – and we recognise that in some instances a pension fund might feel most comfortable in, for example, lending securities for asset optimisation purposes through Clearstream as an ICSD rather than via its commercial bank custodian.”

FSR asked Mark Gem whether he feels the account operator model has been accorded greater credibility on the back of develop-ments in financial markets in recent times. “Yes we do,” he responds. “We do not claim that the account operator model provides better protection for client assets in instances of insolvency. We are not certain that it does. But what the account operator model does offer is the means to

manage continuity in the event of a default at the agent bank. This provides us with a higher level of control over our account information and the possibility that we can get alternative operational arrangements up and running at short notice should our agent bank fall into difficulties.”

For Gem, another implication of the global financial crisis is that it has instilled a greater appreciation across the industry of the potential value of central bank money

For the Head of Network Management, it should be possible to draw upon an appropriate technology

package in order to pull down a complete and up-to-date list within minutes, providing as much

detail as the risk management division, its credit team or its senior management might require. But

many organisations at the current time are not remotely close to that reality. They may be able to go

to a paper-based file and pull down lists that they have prepared some time previously. But they have

limited ability to gain a real-time consolidated view on key information ...

Elizabeth Fortier,Managing Director, JPMorgan Network Management

40

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

settlement. One of the benefits extended by the launch of LuxCSD – the initiative of Clearstream and Banque Centrale de Luxembourg to establish a CSD for Luxembourg and to provide domestic ac-cess for the Luxembourg community to the TARGET2-Securities (T2S) infrastructure – will be its ability to settle international securities in euro central bank money ahead of the release of T2S. “Situated on top of the CeBM settlement options provided by Clearstream CSDs, we have the capacity to provide a consolidated custody value-added service layer, including position manage-ment,” he says. “This offers the flexibility that customers require to meet their settle-ment and asset servicing needs both prior to the release of TARGET2-Securities and after implementation of the T2S platform.”

Continuous communicationIn efforts to draw lessons from the global financial crisis, Brown Brothers Harriman (BBH) has conducted a comprehensive appraisal of operational procedures and

risk controls which spanned more than 12 months and which continues on an ongoing basis. Andrew Rand, BBH’s Global Head of Network Management, tells FSR that BBH has long been risk averse as a company, a factor closely linked to its partnership struc-ture, and it has set the bar high in terms of risk management standards, including its monitoring of risk at sub-custodian level. On the basis of this detailed procedural re-view, BBH has elected to supplement its risk management capability in several areas.

One important response has been to increase the number of staff dedicated to risk and compliance. At bank level, BBH has

raised the number of staff employed in its central risk management division and it has broadened the range of expertise within this function. In network management, BBH has appointed a dedicated chief risk officer and compliance officer, along with a number of risk analysts that will support their activities. This CRO for the network management function will report directly to the Head of Risk for BBH. “The intention is to ensure that we are fully compliant with our own internal policies and procedures and that these are properly aligned with external regulatory commitments that we must adhere to as a firm,” says Rand.

Alongside this, BBH has taken a decision to increase from four to five the number of lo-cations in which it has network management staff represented throughout the world. With network managers situated in Boston, Hong Kong, London, Luxembourg and Tokyo, this enables BBH to remain close to the source of its business, namely the asset owners, and also to be as near as possible

to the sub-custodian banks employed across its global network. Consequently, BBH has network management officers located in each time zone that can respond at any early point to any risk concerns or operational is-sues that might develop at market level.

The focus of this strategy, notes Rand, is to maintain a culture of continuous communi-cation between BBH, its sub-custodians and its beneficial owner customers. From a sub-custodian monitoring standpoint, BBH net-work management has a rolling quarterly review process in place through which each of its sub-custodians is expected to keep BBH fully updated on their financial status

JPMorgan is assessing the potential benefit of employing direct custody arrangements in more

markets globally. JPMorgan Worldwide Securities Services recently established a sub-custody

operation in Ireland to complement the custody and clearing presence that the bank already has

in India, Russia, Taiwan, Australia and New Zealand, the UK and the US. With this development,

JPMorgan network management has the option of utilising a group sub-custodian as a means to

control risk more effectively across its sub-custodian network.

Mark Gem,Head of Network Management and Executive Board Member, Clearstream


4 2010 4

1Sub-custodian risk

and to communicate any significant changes that may be taking place in their service environment. “As part of this strategy, we maintain a schedule of on-site visits, as well as videoconferencing, telephone calls and web-based reporting, that will ensure timely information flow from each of our agent banks,” he says.

Expanding on this point, Rand volunteers that in the network management world there tends to be a glamorised perception of due diligence which involves a network

manager stepping onto an aeroplane and crossing continents to conduct on-site visits with each agent several times per year. However, this may not be an accurate repre-sentation of what good practice involves. “In our mind, due diligence is something that happens every day,” he says. “When we do conduct on-site due diligence, much of our analysis is a verification of the due diligence that we have been conducting, on a daily basis, throughout the year. We have a wide range of tools available to us at our desks that enable us to conduct frequent and detailed risk assessment. When preparing video-conferencing and conference calls with our local agents, we prepare these evalua-tions with the same rigour as we do when travelling to market to conduct an on-site review. This will include an extensive review of service level agreements, any pressing legal and compliance issues, and ongoing changes at market level that may impact our ability to process transactions or to safekeep client assets.” More generally, BBH maintains close contact with a sub-custodian’s senior management in order to retain clear under-standing of their strategic thinking and the direction in which they are taking the com-pany. Much of the value gained from making

on-site visits, notes Rand, is the ability to talk directly to key personnel within the regula-tory authorities and financial infrastructure. These discussions help BBH staff to build a clear picture regarding how pending changes at market level are destined to impact the foreign investor.

Continuous risk assessmentRichard Barker, Senior Manager Network Services, Network Management at RBC Dexia Investor Services, tells FSR that his organisation has introduced a series of

adjustments to its risk monitoring strategy in response to the financial trauma witnessed globally over the past three years. Approxi-mately two years ago, it established a Net-work Management Working Group, chaired by Tim Wood, Head of Network Manage-ment. This committee meets every second week and is attended by representatives from eight different divisions within the bank whose responsibilities overlap with network management, including operations, client service, sales and relationship management, credit, legal, compliance and risk. This com-mittee has a duty of care around transpar-ency and good governance for the organi-sation – and all key decisions affecting the future strategy of the network management team are evaluated by this central decision-making body. RBC Dexia Investor Services has also introduced a sub-custodian risk report, which is produced weekly and tracks and records 26 different sets of metrics and data highlighting various warning trigger points. This serves to provide advance notice that a sub-custodian may no longer meet RBC Dexia’s minimum appointment criteria.

In September 2009, RBC Dexia took a decision to review the geographical struc-

We do not claim that the account operator model provides better protection for client assets in

instances of insolvency. We are not certain that it does. But what the account operator model does

offer is the means to manage continuity in the event of a default at the agent bank. This provides

us with a higher level of control over our account information and the possibility that we can get

alternative operational arrangements up and running at short notice should our agent bank fall into

difficulties.

42

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

ture and organisational coverage of its network management department. It now has network staff situated in four centres of excellence globally, located in Toronto, London, Luxembourg and Singapore. This ar-rangement provides global network support for RBC Dexia’s business 24 hours per day, ensuring that network staff remain close to sub-custodians, to local market infrastructure and to clients. This allows the network man-agement team to react promptly to any risk concerns that may develop at market level.

Overarching these provisions, RBC Dexia network management department has a methodology in place that it has labelled Continuous Risk Assessment (CRA). “The key word in this title is continuous,” explains Richard Barker. “Sub-custodian risk moni-toring is something that we do on a regular and ongoing basis.” The CRA model is applied across the 88 markets in which RBC Dexia supports and safeguards client assets

and across approximately 130 sub-custodian relationships. “The CRA model is undertaken in many ways, including remote and on site due diligence,” he adds. “One of the cardinal rules around which our asset protection methodology is built is that it is obligatory for all providers to accept and agree with the CRA process.” The CRA model has six main segments – namely legal, sub-custodian re-lationships, market information, operations, fi nancial and risk management – and under-lying these six headline categories there are approximately 30 different risk criteria that are monitored on a continuing basis.

In line with this methodology, RBC Dexia has taken the decision to expand its surveil-lance and to eventually bring all cash rela-tionships and prime brokerage relationships under the CRA model. As a result, these business relationships will be monitored on an ongoing basis according to the same risk assessment methodology applied for its securities services and funds businesses.

From a sub-custodian standpoint, Colin Brooks, Global Head of Sub-Custody and Clearing at HSBC Securities Services, has witnessed an enhanced focus on sub- custodian risk monitoring in many guises. “This is apparent when we receive a due diligence visit, or we are required to complete a due diligence questionnaire or an RFP,” he says. “In each case, we have noted a rise in the level of detail required by these risk assessments. Our clients are seeking additional detail around how we reconcile trade and holdings information with clearing houses and depositories. They are seeking detailed information regarding our fi nancial stability; and the business continuity planning arrangements that we have in place. And, they are requesting comprehensive information regarding how assets are held in the local market, how title is transferred and whether they will retain access to those assets if a sub-custodian or infrastructure entity passes into insolvency.”

Not only has the depth of questioning in-creased within these risk reviews, but HSBC has noted greater intensity in the follow up process. “In times past, often it was the case that we would receive a due diligence questionnaire or RFP, we would respond to those questions, and typically this would sat-isfy the requirements of the risk evaluation,” says Brooks. “Now, the depth of analysis and follow up has moved to a higher level. Clients are analysing our responses more carefully and they will come back to us for detailed follow up driven by questions from the broad range of experts represented on the organisation’s risk committee.”

Broker-dealer customers have long been rigorous in compiling a real-time view of the exposure that they have to their counter-parts. This will include prompt and compre-hensive reporting relating to failed trades and unmatched positions – thereby enabling them to maintain an accurate picture of their cash positions on an intra-day basis.

In our mind, due diligence is something that happens every day. When we do conduct on-site due

diligence, much of our analysis is a verification of the due diligence that we have been conducting,

on a daily basis, throughout the year.

44

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

Colin Brooks,Global Head of Sub-Custody and Clearing, HSBC Securities Services

HSBC has been able to support this demand through providing sophisticated cash fore-casting for this client segment.

More broadly, Colin Brooks observes that global custodian and global broker-dealer customers are conducting more regular due diligence visits to locations in which they employ HSBC as sub-custodian. This increase in the frequency of site visits over the past 12 months may reflect the fact that many clients put due diligence visits on hold during the financial crisis, when a tight cap was placed on travel budgets and staffing pressures limited the time that network management staff could spend away from the office. However, this is also indicative of a more rigorous risk assessment process, whereby we are now starting to see more frequent and detailed on-site inspections.

Supporting technology and data managementTo facilitate their risk monitoring commit-ments, MYRIAD’s Simon Shepherd observes that one of the largest global custodians in the market is looking to adopt MYRIAD’s workflow technology in order to support a rolling sub-custodian review process. This technology will enable the organisation largely to dispense with service level agree-ments. Using Web-based technology, the sub-custodian will report changes via the Web portal each time there is a material de-velopment that will impact the service that it offers to the global custodian – whether this be the appointment of a new relationship manager, a movement in market deadline or a change in operational practice at the CSD, clearing house or payments system.

The implications of this debate around sub-custodian risk monitoring extend well beyond the network management group. Within any global investment bank or global custodian, the need for real-time risk monitoring across the sub-custodian net-work will be shared by a number of other divisions within the bank. In explaining this scenario, Shepherd draws an analogy with a pebble being thrown into a still pond. The first ripple spreading outwards repre-sents the network management team. The second ripple embraces the full operations staff. The third ripple will include treasury,

audit, legal, risk and compliance and the bank’s senior management. Hence, a very large number of people within the organisation are dependent on the data emanating from the network management group in order to structure their risk evalua-tions and to drive strategic decision making.

Shepherd contends that it is only when the bank can deliver a prompt and accurate list of its global counterparts, and a full list of the accounts that it has with each of those counterparts, that compliance or credit are able to ask the correct questions and to quantify the risks to which the bank is ex-posed. In turn, the compliance division will require that each one of these relationships, extending right down to account level, is properly documented. For a large global institution, this is a major assignment. For some financial entities, it may take months to collate the full list of documentation, and the corresponding audit trail, that the compliance division will require to support this process.

FSR asked Clearstream’s Mark Gem whether his organisation had restructured its tech-nology and data management in order to streamline how it pulls information from providers in its sub-custody network and ensures that key personnel have prompt access to this data. “The answer is no,” responds Gem, “but the reasons for this are interesting.” In early 2007, Clearstream took a decision to conduct a comprehensive review of its risk procedures. It conducted scenario analysis across a range of different situations, asking the question ‘what would we do if X or Y happened’? “Having initi-ated this process, we recognised quickly that if we took a given counterparty in a given scenario analysis, it was often difficult in advance to predict how many different types of exposure we would have to this counterpart at any time,” comments Gem. “Potentially, the entity might fulfil 25 or 30 distinct roles through which it had a relationship with Clearstream: it might be a direct counterparty or a counterparty to one of our customers; it may be a securities issuer; it might be a depositary bank or a cash correspondent; it might be an account operator; and so on. Thus, in understanding this complexity, and the multi-layered


4 2010 4

5Sub-custodian risk

relationship we may have with any specific counterpart, we recognised that the human dimension is crucially important.”

On the basis of this analysis, Clearstream concluded that it would difficult to install a single system or technology package that would meet all of the organisation’s needs, capturing the full range of exposures that Clearstream might have to another finan-cial institution. “We are confident in the technology that we have in place to support our risk management personnel,” says Gem. “All staff in this area are able to call up a real-time profile of our risk exposures

within minutes and we have conducted rig-orous stress tests to ensure this is the case. But there is no integrated solution available on the market that would allow us, at a keystroke, to call up all necessary risk data in a single consolidated report, tailored to the specific risk situation in which we find ourselves.”

Instead, notes Gem, the key to robust and responsive risk management is to establish very short lines of command within the organisation and to support this with fast access to information. With this in mind, Clearstream established a Credit Crisis Committee which allows decision-makers within the organisation to sit together with those that have access to the data.

In conducting this review of its risk proce-dures, Clearstream’s thinking was heavily influenced by a fundamental lesson that it drew from 9/11 – namely, that we should never try to decide in advance what kind of crisis we are likely to have. “It is important as a team to plan how we will work to-

gether during a crisis scenario and how staff will access necessary information,” observes Gem. “But it is not advisable to consume considerable time and resource attempting to predict exactly what will go wrong. It was unfeasible, for example, that a risk committee would have predicted accurately many of the challenges presented by 9/11.”

JPMorgan’s Elizabeth Fortier reports similarly that her organisation has made some minor enhancements to its internal systems in order to strengthen its ability to pull key risk information together quickly. The network management group supports

the activities of a range of business lines within JPMorgan and, for this reason, it is important to collate key risk information promptly, to identify areas where risk is concentrated, and to share this informa-tion with other teams within the bank that contribute to the risk monitoring process (for instance, credit, operations, legal and compliance, treasury). Inevitably, credit risk monitoring is an important consideration in the current financial climate, for example, with JPMorgan’s credit team monitoring risk across financial counterparts and service partners on an intraday basis.

BBH’s Andrew Rand reinforces the point that in the current financial climate, credit risk assessment is paramount. Conse-quently, the bank directs close attention to the financial results and credit position of each of its sub-custodian partners and service counterparts. For sub-custodians, BBH is committed to conducting at least two formal reviews every year, although Rand suggests that in practice its evalua-tions are much more frequent.

Not only has the depth of questioning increased within risk reviews, we have noted greater intensity

in the follow up process. In times past, often it was the case that we would receive a due diligence

questionnaire or RFP, we would respond to those questions, and typically this would satisfy the

requirements of the risk evaluation. Now, the depth of analysis and follow up has moved to a higher

level.

46

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

In line with this commitment, BBH sched-ules a weekly management meeting – attended by each of the firm’s partners and often by the Head of Network Man-agement – which will discuss the bank’s exposure to specific counterparties and the credit status of these counterparties. Any concerns over how any counterpart is using its credit facilities will be brought to the attention of this weekly meeting. Addition-ally, BBH circulates a twice-weekly coun-terparty risk newsletter that will highlight significant changes in the credit quality of any of its counterparts, ensuring that staff are informed at an early point of any notable concerns.

RBC Dexia network management has introduced selective changes to its tech-nology and data management to comple-ment the changes that it has made to its regional model (see pp 41-2). Specifically, it has introduced a package called SharePoint in each of its global locations, providing a facility through which information can be shared accurately and on a timely basis between network managers and opera-tions staff based in these different offices. Also, it has introduced enhancements to its global market information product in order to strengthen the quality of market infor-mation that it distributes to clients. A senior member of the network management department is responsible for co-ordinating market newsflashes and for ensuring that RBC Dexia clients are fully updated about breaking developments at market level.

Further, RBC Dexia has refined and upgraded the performance scorecard technology that it employs within the network management department. This is a quarterly scorecard review that the net-work team has operated for many years. All sub-custodians are scored against all sections of agreed service level standards, including the standard and frequency of market information received from them, on a quarterly basis. This process, which forms a major part of the CRA, allows the network management group to evaluate the performance of its sub-custodians against the agreed SLS and in comparison with the rest of the sub-custodian network (see box, p 47).

Scheduling on-site visitsWithin its CRA framework, RBC Dexia categorises markets into major, intermediate and minor, depending on the level of assets under custody held on behalf of clients in those markets. This framework will, in turn, determine the frequency with which it conducts on-site service reviews in these lo-cations. Richard Barker explains that for the minor markets, RBC Dexia has now stepped up the frequency of on-site visits to at least once every two years. This marks an increase in the frequency of site visits when com-pared with its standard practice before the global financial crisis. “Historically, we might have conducted site visits once every three to five years for the smallest markets in our network,” he says. “For the major markets in our network, we will typically conduct an on-site visit at least once every 12 months.”

JPMorgan’s Elizabeth Fortier indicates that when scheduling on-site visits to sub-custodians, the frequency of these visits will typically be determined by the pace at which market practice is changing in a location and the level of potential risk identified to clients’ assets. “It is not necessarily the case that we visit most frequently the markets in which we have highest transaction volumes and as-sets under custody,” comments Fortier. “For a large, established market in which there have been few substantive changes and our service needs are being met effectively, we may push this market to an 18 month cycle for on-site visits. In contrast, in a smaller market where a series of important changes are taking place, we may wish to visit this lo-cation much more frequently.” For example, JPMorgan network management staff have made a series of visits to markets in sub- Saharan Africa over the past 12 months – even though AUC in these markets is relatively low in global terms – owing to the high level of market reforms that are taking place in those locations.

Having conducted a detailed review of its risk monitoring procedures over the past two years, JPMorgan network management has made few specific changes to the content of market review questionnaires. In cases where it has made adjustments, typically this has in-volved steps to tighten legal documentation or the content of an SLA. “We have been

Andrew Rand,Global Head of Network Management, Brown Brothers Harriman


4 2010 47

Sub-custodian risk

Specifically, it has introduced a package called SharePoint in each of its global locations, providing a facility through which information can be shared accurately and on a timely basis between network managers and operations staff based in these different offices. RBC Dexia also uses intranet to support this transfer of information between key staff within the organisation.

Also, RBC Dexia has introduced en-hancements to its global market infor-mation product in order to strengthen the quality of market information that it distributes to clients. A senior member of the network manage-ment department is responsible for co-ordinating market newsflashes and for ensuring that RBC Dexia clients are fully updated about breaking develop-ments at market level. Alongside this, the bank has introduced Risks Uncov-ered, a product that highlights the key risks in each market globally in which RBC Dexia is active, according to its sub-custodians. This information is available to clients through the bank’s Global Market Information web portal.

To reinforce its capacity to monitor the financial status of sub-custodian partners and counterparts, the network management department has established relationships with a number of external data vendors that specialise in providing credit alerts and CDS ratings. Richard Barker notes that, by doing so, the objective is not to compete with the high-quality credit information assembled by RBC Dexia’s central credit evaluation team. Rather, the intention is to ensure access to timely and customised data that will enable the network manage-

ment department to react rapidly, should there be a deterioration in the financial status of any sub-custodian or counterpart.

Performance scorecardIn parallel with this development, RBC Dexia has refined and upgraded the performance scorecard technology that it employs within the network management department. This is a quarterly scorecard review that the network team has operated for many years. All sub-custodians are scored against all sections of agreed service level standards, including the standard and frequency of market information received from them, on a quarterly basis. This process, which forms a major part of the CRA, allows the net-work management group to evaluate the performance of its sub-custodians against the agreed SLS and in compar-ison with the rest of the sub- custodian network. “Performance results are provided to our sub- custodians with an indication of where they fall below or exceed requirements,” says Barker. “We conduct a service review with any sub-custodian that does not meet our expected service level, designed to provide relevant feedback and put a plan in place to ensure that these areas are improved prior to the next quarter’s performance review.”

RBC Dexia network management has now extended this exercise to cover RBC Dexia’s international wealth man-agement business, which is handled out of the Channel Islands, along with a number of business lines that report in to the Luxembourg office. One additional step that it has taken is to align the quarterly scorecard reviews with some of the results

provided by external surveys. “Thus, if network management staff notice a deterioration in performance from a sub- custodian, we can compare with external reference points to identify whether this trend is in line with observations from other sources,” says Barker.

Typically, the key results of this performance scorecard process may be summarised on a single A4 sheet and utilised by network staff as a starting point when they conduct due diligence at market level.

“To ensure timely input to this con-tinuous risk evaluation process we require our sub-custodian partners, as part of their SLS and legal agree-ment, to share with us key informa-tion that may impact our service and legal relationship,” adds Barker. “Under the remote CRA model, and in particular the comprehensive an-nual attestation process, we request annual validation and confirmation on a number of areas including legal, credit, insurance, local law changes etc. Furthermore we also request from our sub-custodians completion of questionnaires and assessments which relate to BCP assessments, pro-cedures to be followed in the instance of bankruptcy of a sub-custodian or key infrastructure entity, and so on.” In total, RBC Dexia network manage-ment circulates to sub-custodians approximately 490 documents which they must complete and return, thereby providing a full list of current documentation, and corresponding audit trail, required internally by the network management, credit, legal and compliance teams, and externally by financial supervisors.

Reinforcing a Continuous Risk Assessment approachRichard Barker, Senior Manager Network Services, Network Management, RBC Dexia Investor Services, tells FSR that RBC Dexia network management has introduced selective changes to its technology and data management in order to complement the changes that it has made to its CRA methodology

48

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

rigorous in reviewing this documentation across our sub-custodian network from our smallest to our largest markets,” says Fortier.

As part of its Sub-custodian Monitoring service (see box p 49). Thomas Murray has made a commitment to conduct on-site visits on a rolling 30-month programme for all significant markets in which its banking and broking clients support significant trans-action volumes or assets under custody. Derek Duggan notes that this is complemen-tary to a bank/brokers’ network team and can, for some network management teams, provide an attractive option: limited travel

budget and the opportunity costs of having staff away from the office may constrain their ability to conduct on-site reviews be-yond the largest markets in their network.

Duggan believes it likely that the larger Tier 1 banks may continue to do much of this risk assessment internally. Other network teams will continue to review the larger markets themselves. However they may seek to draw on Thomas Murray’s services to provide on-site assessment for lower-volume markets in their networks. For brokers and smaller banks, it may make business sense to outsource a major share of their data collection and network monitoring to an external specialist such as Thomas Murray, thereby allowing in house network managers to concentrate on higher value elements of the agent bank relation-ship and operational issues.

“We feel that we are at a tipping point for the industry, whereby banks and brokers will await clarification around the future due diligence obligations that will be required

by financial regulators before they take firm decisions regarding their business and opera-tional strategies,” says Duggan. Many groups are not waiting and are being forced by their Boards to beef up their network manage-ment activities and the quality of informa-tion available to their clients. Some global intermediaries have appointed Thomas Murray to support their sub- custodian risk monitoring because they wish to be at the leading edge of industry standards, ensuring that they support their risk evaluation with quality data input and a robust method-ology. Others may wait until they better feel the direction and push from their financial

regulator before seeking assistance from an external specialist. “Whatever the outcome of future regulations,” he observes, “cus-todians and brokers need to demonstrate adequately to the asset owners that they are taking pro-active steps to ensure the safety of their clients’ assets through a rigorous programme of monitoring.”

A transparent view for asset ownersIn the aftermath of the Madoff scandal, the Lehman Brothers bankruptcy and other shock events that have beset the industry over the past 2-3 years, many network management teams have observed nothing short of a tsunami of queries from clients regarding the security of their assets and the procedures in place to safeguard this. These questions feature more prominently than ever before in the RFP process. BBH’s Andrew Rand reports, for example, that his network management team now spends substantially more time in responding to queries from asset owners than it did two years ago. Dedicated staff within this team

We are being asked to take on more and more risk, but we are being compensated less and less.

This is an untenable situation, even in the medium-term. In turn, those sub-custodian banks that

currently offer a parental guarantee may be inclined to reconsider whether they will do so in the

future. Under Basel III, banks are required to put up higher levels of capital against the risks that

they bear in their business activities - and, given the potential impact on their balance sheets, some

have questioned their ability to offer a parental guarantee in times ahead.


4 2010 4

9Sub-custodian risk

Most obviously, he responds, Thomas Murray has increased the range of variables addressed through its sub-custodian monitoring process, extending its questionnaires from ap-proximately 200 questions in the past to more than 400 questions now. As a result, it now provides a more com-prehensive risk assessment in a wide range of areas – including the way that assets are held in market and the degree to which these assets will be accessible in instance (for example) of the insolvency of a sub-custodian or infrastructure entity.

In addition to the broad risk issues al-ready addressed by Thomas Murray in its risk questionnaires, its clients have opportunity to add their own specific questions prior to these being circu-lated via Thomas Murray’s internet RFP platform (SupplierSelect for Finan-cial Services). These supplementary questions may be driven, for example,

by specific reporting requirements im-posed by the local financial regulator, by queries raised by an asset owner, or by a request for additional informa-tion from the client’s internal credit, legal or treasury team.

Though, in times past, this level of detail might be required when a sub-custodian responded to an RFP, this was rarely expected in periodic sub-custodian monitoring. However, following the Madoff fraud banks owe a greater duty of care to the protection of their clients’ assets and so a greater responsibility has now been placed on global custodians and broker-dealers to identify all points of risk and to inform financial supervi-sors how they are working with their local agents to mitigate these risks.

Sub-custodian Risk RatingsOn the basis of this process, Thomas Murray provides sub-custodian risk

ratings for a universe of more than 170 sub-custody providers world-wide. This is in addition to its existing 145 CSD risk rating assessments. These are rated on an AAA to C scale. Thomas Murray developed these risk assessments initially as be-spoke proprietary reports that would be commissioned by individual clients. Thomas Murray now shares the anal-ysis with each relevant sub-custodian – employing an approach comparable to that employed for Thomas Mur-ray’s CSD risk ratings – such that the sub-custodian has full transparency regarding how it has been rated and areas in which it can improve.

In turn, these reports can be used by the banking and broking clients as part of the sub-custodian risk assess-ment data that they must provide to financial regulators and which they may also wish to share with asset owners.

are committed to reacting to client queries, updating clients on changes in the market and explaining to them how that will impact their risk profile and their invest-ment strategy. “On balance, the questions that are being advanced by asset owner customers are now more sophisticated than they have been in the past,” says Rand. “In terms of sub-custodian risk issues and market risk issues, they are taking a deeper dive than they did two or three years ago.” This relates to the stability of specific finan-cial institutions and infrastructure entities. It also pertains to specific risks at market level, including concerns around sovereign risk observed in recent months in (for in-stance) Greece, Ireland, Portugal and Spain.

RBC Dexia’s Richard Barker voices a similar sentiment, noting that clients have become more inquisitive since the financial trauma in

inquiring about the methodology that RBC Dexia employs in its CRA procedures and in attempting to understand potential risks to their assets held in safe custody. “Through our colleagues in Sales and Relationship Management, we note a lot of additional questions from asset owners relating to how assets are held in the local market, whether in omnibus or segregated account structures, etc,” says Barker. “We also note greater interest in the financial status and credit worthiness of our sub-custodian partners.” In response, RBC Dexia has introduced a range of avenues through which it is making this information transparent to its beneficial owner customers: for example, through the Risk Uncovered bulletin; through news up-dates posted via its Global Market Informa-tion portal; or through the CRA manual that provides an in-depth explanation of its risk assessment procedures.

Thomas Murray Sub-custodian MonitoringHaving been the sole provider of CSDs’ risk ratings for 10 years, FSR asked Derek Duggan, Thomas Murray’s Director of Data Services, to comment on how Thomas Murray has refined its sub-custodian monitoring procedures in line with the regulatory and commercial pressures brought about post Madoff

50

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

Indeed, whereas in the past a beneficial owner customer might seek simple reassur-ance that its global custodian had robust due diligence procedures in place, now many are asking for detailed information regarding the risk monitoring procedures employed and the protection afforded to their client assets in different financial cir-cumstances. This interest, notes JPMorgan’s Elizabeth Fortier, is not restricted to the largest asset owners but extends across a broad constituency of investors. For ex-ample, a mutual fund may need to provide detailed information on its custody ar-rangements to its fund board. “In almost all markets that we support worldwide, our institutional investor clients are questioning us on a day-to-day basis about safe custody arrangements,” she says. “And this is reinforced by enhanced regulatory scrutiny from financial supervisors, which are giving

detailed attention to how assets are held in the local market and the degree to which these are ring fenced, such that they can be recovered in instance of insolvency of a sub-custodian or infrastructure entity.”

The bulk of questions received by JPMorgan network management from investor customers falls broadly into two main categories. Asset owners are requesting greater detail regarding the level of protec-tion afforded to assets held in custody with JPMorgan. And, secondly, a specialist group of investors is keen to talk to JPMorgan about the bank’s capacity to support invest-ment opportunities in frontier markets. “This reveals an interesting contrast across our investor base,” says Fortier. “Though many institutional investors are looking to limit risk, we have an active group of frontier market investors that are pushing strongly to invest in new market oppor-tunities worldwide.” In response to this demand, JPMorgan network manage-ment opened 10 new markets across its

global network during 2010. This included markets in the West African Economic and Monetary Union, the Palestinian Autonomous Area, Uganda, and Trinidad and Tobago. This interest is destined to continue into 2011 and the network man-agement team are reviewing opportunities to open new markets in coming months in Africa, the Middle East and the Caribbean.

HSBC’s Colin Brooks notes that some asset owners have, for many years, taken a close interest in how their assets are protected at market level. A number of the largest institutional investors may, in rare circum-stances, accompany their global custodian on a due diligence visit; and, more fre-quently, they may join their global custodian in a conference call with a sub- custodian or infrastructure entity. But in most instances an asset owner will rely on the expertise

and information network of its global custodian to report on developments at market level that may affect the protection given to client assets. In turn, this is often a preferred option from the global custodian’s standpoint. It may be cumbersome, from an administrative viewpoint, to have each asset owner joining due diligence visits and teleconferencing directly.

Significantly, Brooks notes that in a few instances asset owners have approached HSBC directly with an interest in estab-lishing a direct custody relationship with HSBC as sub-custodian. “Though we have not solicited these enquiries ourselves – we do not actively market to our clients’clients – this is a reflection of the greater interest that some asset owners are taking in moni-toring and managing custody risk across their global investments,” he says.

Regulatory pushWe have noted that, in the wake of the global financial crisis, regulators in many

In conducting a review of our risk procedures, our thinking was heavily influenced by a fundamental

lesson that we drew from 9/11 - namely, that we should never try to decide in advance what kind of

crisis we are likely to have.


4 2010 51

Sub-custodian risk

jurisdictions are demanding that risk moni-toring across sub-custodian networks and cash correspondents is reinforced and that risk reviews are conducted more frequently. In the United States, for example, Foreign Bank Account Reporting (FBAR) legisla-tion demands that financial organisations report to the regulator full details of all foreign bank accounts that they maintain with all business counterparts globally. MYRIAD’s Simon Shepherd observes that for some large global banks and brokers, this creates a major compliance obligation and one that they are struggling to fulfil using their existing labour-intensive pro-cedures. “The response in many instances was to have staff attempting to collate this information manually,” says Shepherd. For a global investment bank, custodian or asset management house, this represents a time- consuming operation – creating ad-ministrative delays such that the nature and magnitude of the risk may have changed substantially between when a report is called for and when it is delivered.

In this context, Shepherd believes that the automated and systematic approach that MYRIAD can bring to this process repre-sents an important step forward. “There is no doubt that a number of firms are poorly set up currently to monitor and manage sub-custodian risk,” he says. “But by automating these procedures through use of appropriate technology, these risks and inefficiencies can be eliminated rela-tively simply. Interestingly it is the less well organised teams who are often the most resistant to change. The better organised teams understand and want to stay ahead of the game.”

HSBC’s Colin Brooks notes that, in general terms, regulators are demanding greater transparency around asset ownership – which may, over time, translate into a push from omnibus towards segregated account structures. Beyond this, financial supervi-sors are also working through the implica-tions of any potential threat to financial infrastructure or insolvency on the part of a financial institution.

In some jurisdictions, we have seen the financial authorities introduce new regula-

tions in order to protect the domestic securi-ties infrastructure against perceived threats posed by the cross-border investment activi-ties of foreign institutional investors. One example is the Irrevocable Payment Commit-ment that the Reserve Bank of India has in-troduced during 2010 – whereby custodians active in the Indian market will need to ask their clients to pre-fund trades prior to set-tlement or else book the credit exposure for settlements committed on behalf of clients. The intention is to help insulate the do-mestic market from cross-border problems.

The European Commission’s proposal for an Alternative Investment Fund Management Directive has raised questions about the future responsibilities to be borne by fund depositories and the associated liabilities they may bear. Though there is wide ac-ceptance that fund custodians should take appropriate measures to protect client assets that are held in direct safekeeping, or with sub-custodians that they have ap-pointed, custodian banks have voiced con-cerns that this directive increasingly requires them to stand as insurer of their clients’ assets, requiring the bank to compensate the customer for potential losses that are largely beyond its control and in no way are the result of direct negligence by the bank itself. On a positive note, through concerted activity with industry peers, including lob-bying efforts on the part of the Associa-tion of Global Custodians (AGC), custodian banks have been able to push collectively for positive changes to this AIFM directive.

More broadly, global custodians have aired concerns about the higher levels of risk that are being thrust in their direction at a time when there is still unprecedented down-ward pressure on the fees that they receive from asset owner customers. “We are being asked to take on more and more risk, but we are being compensated less and less,” states BBH’s Rand. “This is an unten-able situation, even in the medium-term.” In turn, those sub-custodian banks that currently offer a parental guarantee may be inclined to reconsider whether they will do so in the future. Under Basel III, banks are required to put up higher levels of capital against the risks that they bear in their business activities – and, given the potential

52

Fi

nanc

ial S

ervi

ces

Rese

arch

Q4

2010

Sub-custodian risk

impact on their balance sheets, some have questioned their ability to offer a parental guarantee in times ahead.

So too, concerns have been raised regarding the implications of the April 2008 Paris Court of Appeal decision which bound fund custodians to full and immediate restitution to clients of assets frozen in the Lehman ad-ministration process. EU member states have adopted a variety of ways of integrating into national law provisions – relating to UCITS and alternative investment funds – guiding the liability that a fund custodian bears when assets are held with a sub-custodian within its custody network or by a “third-party custodian” such as a prime broker.

Commenting on this issue, Clearstream’s Mark Gem notes that the restitution obligation applied to fund custodians by the French courts in the wake of Lehman Brothers’ insolvency is undoubtedly a con-cern. However, there is a well established body of legislation that governs securi-ties transactions in Europe, including the Geneva Convention and the Securities Law Directive. This is clear in specifying that the restitution commitment born by custodians is a significant, but ultimately limited, ob-ligation. The overarching principle applied in this European legislation, notes Gem, is that custodians will be required to restore assets to clients in instances where they have been negligent; but where they can demonstrate sound procedures for selecting sub-custodians and monitoring risk to client assets over time, the custodian is unlikely to be required to compensate a client for losses that the custodian cannot directly control. Thus, the Paris court decision, which requires the restitution of assets on an absolute basis, appears to be out of line with the tenor of the Securities Law Direc-tive and the Geneva Convention.

Amid all the turmoil generated by the recent financial crisis, Gem believes it encouraging for the securities industry that its financial infrastructure, and wider arrangements for providing custody of clients’ assets, did not falter. It cannot be denied that a number of alarm bells were sounded in neigh-bouring rooms. One area of concern, as we have noted, was the legal and opera-

tional arrangements through which assets placed as collateral with a prime broker are re- hypothecated. A second was the due diligence procedures applied by feeder fund structures that invested into Madoff funds. However, beyond these specific cases – none of which had a direct link to Clearstream’s core activities – Gem suggests we can be encouraged by the stability of the core securities processing infrastructure and by the generally high levels of protection afforded to client assets held in safekeeping. “Looking ahead, it seems likely that re-hy-pothecation is here to stay but that market practice, steered in part by the European Market Infrastructure Regulation and by Basel III, will require that this operates in a substantially different way,” he says. “In particular, we are likely to see more trans-parent cost analysis and reporting obliga-tions surrounding the re-use of collateralised assets than we have done in the past.”

In highlighting deficiencies in the sub-custodian risk evaluation procedures applied by global custodian and investment banking customers, MYRIAD’s Simon Shepherd believes it will be interesting to revisit these concerns in five or ten years’ time in order to review how far network management groups have been able to eliminate inef-ficiencies through adoption of suitable tech-nology and data management. Currently, this remains a hugely under-resourced area of the banking world. In the investment banking arena, for example, the front office continues to consume a major share of bank expenditure. Middle and back office tend to be allocated a limited share of budget in rel-ative terms, despite their key role in shaping how assets are traded, settled and held in custody. In this context, Shepherd believes, some network management groups are simply not managing risk in as efficient and transparent a way as they maintain. Some are relying on multiple databases to compile key information – and poor interfacing be-tween these databases dictates that key risk information cannot be compiled promptly during times of crisis. Though network management groups typically maintain that they are fully in control of risk mitigation, privately there needs to be more realistic appraisal of these shortcomings and the steps necessary to remedy them.

Sub custodian Risk Monitoring: analysing shifts in the industy practise

Economy & Finance

Transcript of Sub custodian Risk Monitoring: analysing shifts in the industy practise