Everything we do in our day to day work encompasses many elements of both risk awareness and risk mitigation. At CACEIS, this translates into a robust risk culture and a focus on strong risk management processes. It’s a key priority for us across all elements of our business, including custody.
In the context of risk, the FCA has a clear regulatory objective: To protect customers and to ensure the integrity of the UK financial system. It’s here that the FCA expects firms to have identified, monitored tracked and mitigated the risks to which they have identified.
I’m based in the UK and in my role as CASS Oversight Officer and the Risk Officer, I have responsibility to the business and the FCA. I have to ensure that all risks are identified for both the products and services that are provided to all our clients. This means compliance with the client asset sourcebook, ensuring the firm as a whole has sufficient systems and controls in place to identify risks to client assets that we are responsible for.
This includes identifying risks right across the value chain, including:
- Account opening
- Internal books and records
- Internal reconciliations (settled rather than transactional)
- External reconciliations (from sub custodians, CSD, ICSD providers)
- Registration of assets/legal title when safekeeping with a sub custodian/CSD/ICSD
From a pure risk perspective, I’m responsible for liquidity risk, credit risk, market risk and operational risk. Each has its own distinct requirements and measurement criteria.
When looking at Operational risks, these can be broken down in to distinct sections.
- People, processes and technology
- External events affecting us
- Internal and external fraud
- Legal and compliance risks
Operational risk arises from the loss, failure, negligence or errors. In order to minimise these risks, training, processes and procedures are put in place, together with information such as key risk indicators (KRI) and key performance indicators (KPI), alongside the ongoing evaluation of controls.
The regulatory perspective on risk
Custodians are in a unique position within the financial services industry – they are regulated by both the FCA and the PRA (Prudential Regulatory Authority). Both UK regulators have moved their focus from compliance to more of a risk-based approach in supervising firms. They have moved even further towards this approach in the last two years, especially after Covid.
The regulators are very much focused on assessing risk management and control frameworks and so are we. We have a responsibility to ensure that our products and services are fit for purpose and that the risks are also identified and communicated to the clients. This means we have to closely assess and identify the main risks and impacts to a client and demonstrate how have we captured those. We also need to evidence how we mitigating these risks.
Operational risk and resilience
From a custody perspective, we provide another line of defence in the UK by reviewing operational risk and resilience of the overall firm’s custody operations. This is translated into the Client Assets sourcebook known as CASS.
I ensure that we have operational processes and procedures in place to identify key risks within the entire Custody chain. Examples of these processes include:
- Ensuring Custody accounts are opened correctly and accounts named and designated appropriately.
- Ensure the relevant due diligence checks are carried out on sub custodians prior to placing custody assets with them. This includes reviewing market and concentration risk.
- Have in place adequate monitoring processes in place for reviewing and monitoring the effectiveness of the sub custodians/CSD/ICSD controls.
- Equivalent client asset protection rules in place within that jurisdiction and that in case of the third party’s insolvency, the assets of the client are recognised and protected.
- Receive in from third parties transactional and positional reconciliations to ensure the books of the third party reflect the correct balances from our internal books and records.
- Complete a monthly internal system evaluation on our own systems and processes from custody.
Risk matters and evolves
Risk is a focal point for US , the regulators and our clients . The landscape has changed considerably over the last five years and risk is firmly on the radar for us all. The industry is also evolving quickly and regulators are now taking big leaps into areas such as ESG and Climate Risk.
More recently, the PRA has focused on expectations around its supervision of climate related financial risk across banks. The PRA stipulated that Boards and executives should by now be able to demonstrate that they understand how their firm is integrating climate considerations into their business strategies, planning and governance structures. The PRA goes on to summarise that ‘firms should have embedded an appropriate understanding of climate risk within their risk management framework, alongside an engagement strategy with counterparties in how they are managing climate risk’.
The risks faced by asset servicing banks will continue to grow and evolve over the next five years and the requirements of ESG and Climate risk will become a new norm for custodians that will be embedded into our everyday function. More importantly, the PRA anticipates that firms will gain a greater level of clarity on the materiality of the climate-related risks that are likely to impact their balance sheets. This is a critical step for custodians, where financial resilience and consistent balance sheet strength are key given the important role they play in the safekeeping of assets.
Managing risk at all levels for a custodian continues to remain a critical area of focus and it’s an area that I feel very passionately about.
Chris Christofi, Head of Risk and CASS Oversight Officer, CACEIS UK
Chair of the Client Asset Oversight committee (CAOC)