It is often said that regulators spend too much time looking in the rear-view mirror instead of at the road in front of them when addressing new and emerging risks. I would agree only to the extent that we glance behind once in a while, to remind ourselves that during the Global Financial Crisis of 2008, Lehman Brothers’ cleared derivative portfolio was in the trillions, yet it took mere weeks for the CCPs to close out the position. Except for just one minor case1, all CCPs utilised only the collateral deposited without touching the default fund.
This illustrates two things: first that CCPs were relatively well prepared for a clearing member default; in other words, well prepared for what is acknowledged as CCPs’ main vector of risk. Second, that CCPs play an important role in stabilising the financial markets during a systemic event.
It, therefore, becomes imperative for focus to be put on managing non-default risks to ensure that a CCP is up and ready when needed, and to address any new default risks that may have developed since the crisis.
Non-default risks include operational and cyber risks, as well as the risks arising from the increasing interdependencies between CCPs and their bank clearing members.
While outsourcing may bring cost and other benefits, operational risk may increase as CCPs become more dependent on third-party service providers. Regulators have recognised this and while some are unable to directly regulate the service providers, they require CCPs to risk manage their outsourcing arrangements. This may include performing comprehensive due diligence on the service providers’ business reputation, financial strength, internal controls and corporate governance. While the terms of the service contract have to be agreed to by both the CCP and the service provider, regulators can give CCPs more bargaining power by mandating the contract to include terms such as requiring the service provider to notify the CCP of any adverse event, and to allow the CCPs the right to audit and inspect.
Regulators have also increasingly recognised the risks posed by cyber breaches and responded by requiring CCPs to enhance the security of their systems and networks. Cyber insurance could be a useful risk mitigating tool once the ground rules are ironed out. Regulators will, in the meantime, be closely monitoring cases such as Mondelez International – maker of Oreo cookies and Ritz crackers - to see if Zurich Insurance is able to rely on the ‘war exclusion’ clause to resist the snack foods company’s claim for damages from the state-backed NotPetya cyberattack in 2017. Other protocols that need to be ironed out include the extent to which an insurer should have a say, if ever, in whether to pay up in response to a ransomware attack.
Central clearing interdependencies arise when the bank clearing members of a CCP also provide the CCP with other financial services such as custody of margin collateral, the CCP’s own cash, liquidity lines and settlement services. CCPs can mitigate these risks by capping their exposure to each bank. In many cases, a high degree of concentration and interconnectedness in central clearing means that CCPs have to allocate their exposures to a small pool of banks, and the sizing of the allocation becomes significant. Regulators are increasingly cognisant of this risk and may require CCPs to demonstrate how they are sizing the cap through a holistic assessment of factors such as the credit rating of the bank, its net shareholders’ funds, and high-quality liquid assets.
It was recognised right from the start of the post-Lehman regulatory reform process that, by encouraging more and more standardised derivatives to be cleared after the crisis, we are introducing increased exposures into the CCP system. Wherever market liquidity is uncertain, jump events and correlation breaks coupled with the high slippage costs of liquidating an illiquid portfolio, can eat through a defaulting member’s margin collateral and a default fund alarmingly quickly. While this might be arguably the kind of tail risk that can be caught only by margin models with a 100% level of confidence (which would be way too expensive), there are still lessons for both regulators and CCPs about lessening the impact. This ranges from raising standards for clearing membership, increasing a CCP’s own skin in the game contribution to the default fund (which should, however, be at the CCP’s own discretion, given the potential here for moral hazard), and margin add-ons to take into account slippage costs.
While it is true that regulators are often accused, like generals, of fighting the last war, it has been 10 years since the GFC. The new risks that have since emerged are making their way onto regulators’ agendas as it becomes clear that in order to ensure that CCPs remain resilient, it is equally important to manage both non-default as well as default risks.
1. The exception was HK Securities Clearing Corp (HKSCC) which made a loss to the CCP of approx. USD 20 mn, including cost and expenses. HKSCC announced it would claim this from LEH’s estate. Source Norman, P., 2011. "The Risk Controllers: Central Counterparty Clearing in Globalised Financial Markets"