Default and non-default risks should be on the radar for CCPs

IT is often said that regulators spend too much time looking in the rear-view mirror instead of focusing on the road in front of them, that is, addressing new and emerging risks. I would agree with that - but only to the extent that we do glance behind once in a while, to remind ourselves that during the Global Financial Crisis (GFC) of 2008, Lehman Brothers' cleared derivative portfolio was in the trillions, yet it took mere weeks for the Central Counter Parties (CCPs) to close out the position.

A CCP eliminates counterparty risk for participants in the financial market by assuming the role of seller to the buying Clearing Member and the role of buyer to the selling Clearing Member. In doing so, the CCP assumes most of the credit risks of the seller and the buyer.

The successful resolution by most CCPs during the Lehman crisis illustrates two things: First, that CCPs were relatively well-prepared for a default by their clearing member; in other words, they are prepared for what is seen as CCPs' main vector of risk. Second, that CCPs play a key role in stabilising the financial markets in a systemic event.

It therefore becomes imperative for focus to be put on managing non-default risks to ensure that a CCP is up and ready when needed, and to address new default risks that may have developed since the crisis. Non-default risks include operational and cyber risks, as well as the risks arising from the increasing interdependencies between CCPs and their bank clearing members.

While outsourcing may bring cost and other benefits, operational risk may increase as CCPs become more dependent on third-party service providers. Regulators have recognised this, and while some are unable to directly regulate the service providers, they require CCPs to risk-manage their outsourcing arrangements. This may include performing comprehensive due diligence on the service providers' business reputation, financial strength, internal controls and corporate governance. While the terms of the service contract have to be agreed to by both the CCP and the service provider, regulators can give CCPs more bargaining power by mandating that the contract include terms such as requiring the service provider to notify the CCP of adverse events, and to allow the CCPs the right to audit and inspect.

Regulators have also increasingly recognised the risks posed by cyber breaches, and responded by requiring CCPs to enhance the security of their systems and networks. Cyber insurance could be a useful risk mitigating tool once the ground rules are ironed out. Regulators will, in the meantime, be monitoring, for example, the case of Mondelez International (the maker of Oreo cookies and Ritz crackers) to see whether Zurich Insurance is able to rely on the "war exclusion" clause to resist the snack foods company's claim for damages from the state-backed NotPetya cyberattack in 2017. Other protocols to be ironed out include the extent to which an insurer should have a say, if ever, in whether to pay up in response to a ransomware attack.

CENTRAL CLEARING INTERDEPENDENCIES

Central clearing interdependencies arise when the bank clearing members of a CCP also provide the CCP with other financial services such as custody of margin collateral, the CCP's own cash, liquidity lines and settlement services. CCPs can mitigate these risks by capping their exposure to each bank. Often, a high degree of concentration and interconnectedness in central clearing means that CCPs have to allocate their exposures to a small pool of banks, and the sizing of the allocation becomes significant. Regulators are increasingly recognising this risk and may require CCPs to show how they are sizing the cap through a holistic assessment of factors such as the credit rating of the bank, its net shareholders' funds and high-quality liquid assets.

It was recognised right from the start of the post-Lehman regulatory reform process that, by encouraging more standardised derivatives to be cleared after the crisis, we are introducing increased exposures into the CCP system. Wherever market liquidity is uncertain, jump events and correlation breaks coupled with the high slippage costs of liquidating an illiquid portfolio, can eat through a defaulting member's margin collateral and a default fund alarmingly quickly. While this might arguably be the kind of tail risk that can be caught only by margin models with a 100 per cent level of confidence (which would be way too expensive), there are still lessons for both regulators and CCPs about lessening the impact. This ranges from raising standards for clearing membership, increasing a CCP's own skin in the game contribution to the default fund (which should, however, be at the CCP's own discretion, given the potential here for moral hazard), and margin add-ons to take into account slippage costs.

It is true that regulators are often accused, like generals, of fighting the last war, but it has been 10 years since the GFC. The new risks that have since emerged are entering regulators' agendas as it becomes clear that, in order to ensure that CCPs remain resilient, it is equally important to manage both non-default as well as default risks.