It is an honor to join you at the Risk USA 2017 Conference. Thank you for inviting me. As always, the views I will express today are my own. They are not necessarily those of the Federal Reserve Bank of New York or the Federal Reserve System.1
I will focus my remarks today on how regulators, supervisors, and market participants, collectively, can come together to address systemic risks. I’m not talking about the risks you manage within your own firm on a day-to-day basis, I’m talking about the risks that we share across the industry, risks that are amplified because of the complexity and interconnectedness of the industry. These risks should be just as important to you as your more typical credit, market, and liquidity risks. Using examples, I hope to illustrate how we reach a better outcome when we are willing to collaborate on identifying, acknowledging, and addressing risks that are beyond our four walls—risks that are systemic in nature and have the potential to negatively impact individual firms, as well as the broader financial sector.
To illustrate my point, I will use three examples of systemic risks that are in various stages of resolution and the collaboration process. All, you will find, are multi-year, multi-party, and incredibly complex.
I will start with the T+2 initiative to shorten the standard settlement cycle for most U.S. equity trades from three business days after the trade date, known as T+3, to two business days after the trade date, known as T+2. The idea gained momentum after the 2008 global financial crisis as a way for firms to limit the risk associated with a counterparty default. The shorter settlement cycle reduces credit, market and liquidity risk, and as a result, reduces systemic risk for U.S. market participants. Simply put, there is less time for events to disrupt the settlement of securities transactions when they occur faster. It has been said nothing good happens between trade date and settlement date. According to the analysis Boston Consulting Group did for the industry, moving to T+2 settlement produces a net savings of $195 million annually that could be realized through better operational efficiency and direct cost reductions related to NSCC margin charges and liquidity requirements. The change took effect just last month. It was the culmination of a lot of work from various parties—many represented in this room.
The effort began in earnest in early 2012 when Depository Trust Clearing Corporation (DTCC) published a paper showing its preliminary analysis of shortening the settlement cycle for U.S. equity trades from T+3 to T+2, or even T+1. DTCC was seeking further input from the industry to serve as the basis for a more comprehensive cost-benefit analysis to explore the case for making this change. In December 2013, the Securities Industry and Financial Markets Association (SIFMA) studied the feasibility of moving to T+2. In February of the following year Investment Company Institute (ICI) endorsed the idea, and then in April, SIFMA too supported the move to T+2. A lot of talk was going on at that time to build consensus, but not a lot of action, yet.
In October 2014 the Industry Steering Committee and Working Group was formed to drive the implementation of T+2. The proposed implementation timeline was recommended after thorough input from more than 600 industry participants across 12 market segments2. By June of 2015, the industry made a formal announcement to move to T+2 and by October, the Securities and Exchange Commission’s (SEC) Chair, Mary Jo White, publicly supported the move to a two-day settlement cycle.3
From the beginning, the Federal Reserve Bank of New York has been working integrally with SIFMA and our colleagues at the SEC to help move the industry to pursue this change. All banking and securities markets regulators have been involved, including the Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC),Financial Industry Regulatory Authority (FINRA), and New York Stock Exchange (NYSE), just to name a few. Supervisors monitored various firms’ progress in meeting these objectives by having several outreach meetings over the past two years. Several agencies needed to make some rule changes to facilitate this move, and in March 2017 the SEC finalized its rule changes to, “establish a standard settlement timeframe of two days for U.S. equity, corporate and municipal bond, and unit investment trust (UIT) trades.” This provided regulatory certainty to promote a coordinated and effective industry transition to T+2 in September.
As a result of this multi-year, highly coordinated effort, we have modernized the U.S. equity market and have eliminated the need for margin to be collected against the millions of trades for a third day. In fact, some estimate that the margin collection by NSCC is approximately 15%-20% lower with T+2 settlement than with T+3 settlement.
My second example, which is still ongoing and a work in progress, again takes us back to 2007, when the financial crisis highlighted significant weaknesses in the over-the-counter or OTC derivative markets. These weaknesses include the build-up of large counterparty exposures between market participants that were not appropriately risk-managed; operational weaknesses resulting from a lack of standardization and automation; and limited transparency of the levels of activity and overall size of counterparty credit exposures leading to a loss of confidence in the market.
These weaknesses led to several key reforms aimed at reducing systemic risk in the OTC derivative markets, as outlined by the G20 leaders. Beginning in 2009 the G20 called for data reporting, electronic trading, and clearing of standardized transactions through central counterparties (or CCPs). In order to achieve full, consistent implementation of the reforms as outlined by the G20, coordination was necessary across dealers, end-users and regulators given the complexity and scope of the effort.
Let me begin with the role of the regulators. The G20 recognized that the reforms should also include margin for all OTC derivative transactions. Given that there were not consistent or widespread practices associated with initial margin, the G20 asked the supervisors and markets regulators to work together to develop standards for margin for non-cleared trades. Following the completion of the principles, regulators needed to work together on a national level to finalize related rules and regulations and globally to ensure consistent implementation timing.
Now let me turn to industry collaboration. Many would agree that the implementation of the margin rules for the market participants is the most complex of the OTC derivatives reforms because it significantly changes each financial institution’s front-to-back office infrastructure, has significant external dependencies and affects all asset classes. I will spend some time on the “significant external dependencies” as these were the most critical for coordination, both for market participants themselves as well as with authorities.
First of all, as I noted earlier, the derivatives trades subject to these new rules are bilateral, and governed by a set of legal documents which need to be updated in order to reflect the new rules. In addition, new models to calculate the required amount of margin are needed and must be approved by regulators prior to their use. Finally, external infrastructure, including third-party custodians, are critical to ensure that the collateral would be segregated, as required under the rules.
So you are probably beginning to see the extent to which coordination has been needed and continues as implementation moves forward. For the legal documentation, market participants worked together through the International Swaps and Derivatives Association (ISDA) to develop a standard template for the collateral support agreements. Also, the dealers used ISDA as they collaborated to develop an industry model for initial margin. Working together to develop the model allowed the dealers to be able to more consistently calculate the initial margin requirements so that they wouldn’t have disputes associated with every margin call. This model was discussed on an ongoing basis with U.S. regulators, which was particularly instrumental when it came time for the regulators to approve the use of it—they could then focus their time on the firm specific implementation.
Regulators were actively engaged in dialogue with the firms as they worked through these efforts, as well as ongoing coordination amongst themselves, particularly on the model approvals. The nature and extent of the coordination necessary to achieve the exchange of initial and variation margin for non-cleared trades sometimes caused slow decision making either with regard to interpretations of the rules, or signed legal agreements. However without the involvement of all of the parties, the end-result would not have been possible. One of the key lessons was that external dependencies were often the source of the key sticking points that led to missed deadlines as it is difficult to predict perfectly the actions of one’s counterparty, vendor or service provider. That, however, should not be cause to cease coordination which would have certainly led to a demonstrably negative outcome in this case. What did happen, was that market participants acknowledged these uncertainties and worked together to set collective deadlines and earlier deadlines. That meant that this year, when Phase Two went live just last month, firms were ready and trading continued seamlessly.
As a result of the extensive work undertaken by regulators and market participants, it is estimated that among the largest dealers there is now more than $90 billion of margin held in segregated accounts. Broadly, the system is less leveraged and the margin held protects individual participants against potential systemic effects and risk transmission in the case of an unanticipated market shock.
I discussed one completed effort (T+2) and one that has two completed phases (OTC reforms). Now I want to talk about a potential systemic risk that is still in the early days in terms of coordinated efforts to eliminate or mitigate the issue on an industry-wide basis. It is the area I believe is most in need of our collective attention and collaborative initiatives: cybersecurity. As evidenced in the news over the past few years, and particularly recently, the cyber risk landscape is increasingly complex and continuously evolving. Threat actors, such as cyber criminals and a handful of nation states, have clearly targeted the banking and financial services sector, and are increasing the sophistication of their tools and methods at a breakneck speed. Cybersecurity risks, more so than other risks, extend beyond the confines of each of our organizations. The threats are global, and the impact of attacks can quickly cascade across systems and institutions.
While the high degree of interconnectedness of our systems and processes creates a set of distinct risks, I argue that it also lends itself well to collaborative efforts to address these cybersecurity risks.
Consortiums such as FS-ISAC (Financial Services Information Sharing and Analysis Center), a private sector originated organization created in 1999, illustrate the value of collaborative efforts to combat cybersecurity risks. Examples include “Sheltered Harbor,” a data recovery mechanism, and FSARC (Financial Systemic Analysis & Resilience Center) that are currently working on the recovery of wholesale payment activity in the event of a significant data breach.
The public sector work in this area has proven to be similarly effective and illustrative of the value of collaboration in addressing cybersecurity risks. The FBIIC (Financial & Banking Information Infrastructure Committee) which is chaired by Treasury and includes U.S. financial regulators was formed after the events of 9/11. It is charged with ensuring that there is sufficient protection for our most critical infrastructures and works on solutions with our intelligence agencies to provide the sector with the most up-to-date information on cybersecurity threats.
As evidenced by the increasing frequency of high profile breaches across the financial services industry, we need to accept that, despite our best efforts to prevent attacks from succeeding, it is unlikely we will be entirely successful in doing so. Improving the resiliency and ability to recover our core and critical systems from a cyber event is now of paramount importance. Cyber breaches bring unique challenges such as determining the integrity of affected systems, and the potential for breaches to cascade as attackers leverage the high degree of interconnectedness within the financial services sector. Going forward, topics such as resiliency and resumption will necessitate our collective focus and collaboration. The previously mentioned Sheltered Harbor initiative is a good step in the right direction and shows that the industry acknowledges the need for these efforts to address the challenges of resiliency and resumption from a cyber-attack against core financial systems. In addition, the table-top exercises many of your firms participate in throughout the year are another example where working together can have beneficial outcomes.
As an industry, we need to continue to actively support these collaborative initiatives while seeking to foster new ones, as necessary, to address the evolving threat landscape. Industry-wide response and recovery to a cybersecurity incident is an area of particular concern, and one that requires more comprehensive planning, discussion, and of course, collaboration. Typically supervisors, regulators and firms have collaborated to remove or manage risk across the system and ‘response and recovery’ to a cybersecurity incident seems to fit that mold well.
Regulators can do more to better harmonize cybersecurity regulations and frameworks and work is well underway as a result. This will streamline and help clarify regulatory expectations and allow the industry to concentrate more resources on addressing cybersecurity risks. However, harmonizing regulations should not be taken to mean expectations will be lowered.
Given the threats facing our industry and the types of cyber-attacks we have all seen in the news, now is the time for increased vigilance and attention on key topics that we have not yet fully addressed, such as risks due to interconnectedness, endpoint security, and most importantly cybersecurity incident response and recovery of critical systems and functions.
All three of these topics (T+2, margin rules, and cybersecurity) can only be addressed via a collaborative approach. There is a lot more work to be done here.
In my last few minutes, I want to leave you with some thoughts and a challenge.
First, there are no quick fixes or one-size fits all solutions. Each of the risks we face are complex in their own way and require a commitment to spending the time needed to understand the risk and impact, explore options, and then work together on building and implementing solutions that are in the best interest of all of us—our firms, the financial system, and the real economy.
Second, I only mentioned three systemic risks that benefited, or can benefit, from collaborative efforts, but there are many more. I want us all to remember that when we address one risk, we can’t put our pencils down and congratulate ourselves on a success. We have to be constantly aware, constantly vigilant, constantly searching for the next systemic risk.
So, my challenge to you is to continue to work together to identify instances where we need to address shared risks – in other words, where can we do more to make the financial system more resilient by removing or mitigating systemic risks that arise from financial markets? Question the status quo and look beyond the current state to identify future risks that can benefit from greater collaboration.
I look forward to hearing your questions and reactions.