In a new white paper, SWIFT has outlined a plan for industry-wide adoption of a standardized assessment and disclosure framework for so-called critical service providers (CSPs) to financial market infrastructures (FMIs) such as trade repositories, central counterparty clearing houses (CCPs), central securities depositories (CSDs), securities settlement systems and payment systems.
In a report issued earlier this year by the Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commissions (CPSS-IOSCO), the industry group identified 24 principles for market infrastructures covering topics such as organization, credit and liquidity risk management, settlement, central securities depositories (CSD) and exchange-of-value settlement systems, default management, general business and operational risk management, access, efficiency and transparency. Members of the CPSS-IOSCO group are aiming to comply with the standards by the end of this year.
The CPSS-IOSCO report called on CSPs to be held to the same standard as if the FMI were performing the operation itself, according to the SWIFT white paper. CPSS-IOSCO listed its Expectations for CSPs as risk identification and management, information security, reliability and resilience, technology planning and communication with users.
However, says SWIFT, CPSS-IOSCO did not establish a framework by which CSPs would be assessed for compliance with the expectations.
While many FMIs already have bespoke assurance arrangements with their CSPs, the publication of the CPSS-IOSCO guidance now creates a regulatory obligation for all FMIs across the globe to actively seek confirmation that their CSPs have implemented robust processes that withstand scrutiny in all areas covered by the Expectations, according to the SWIFT report.
In turn, SWIFT has called for an assurance framework to be established to demonstrate compliance with the expectations on the part of CSPs, as well as the establishment of independent auditors to validate conformance with them.
SWIFT says this would support FMIs in demonstrating compliance with the CPSS-IOSCO principles in a cost-efficient and streamlined way.
In absence of specific guidance on how FMIs should go about gaining the comfort required of their CSPs, the paper argues there is a risk that the process of establishing their fitness becomes inefficient and ineffective, with CSPs responding to large numbers of non-standardized surveys and FMIs failing to gain comparative, transparent information about their CSPs approaches to operational risk management, SWIFT said in a statement.
By utilizing an industry-wide methodology for CSP compliance, using the International Standard on Assurance Engagements (ISAE) 3000 standard in audits performed by independent auditors, the industry could streamline the way it approaches the practice and reduce the costs of disparate compliance practices, SWIFT suggests.
The SWIFT white paper may be accessed here (PDF).
(CG)