Global Financial Market Infrastructures Face Heightened Regulatory Scrutiny on Operational Risk Management

Regulators are intensifying their scrutiny of the operational risk management practices of the world’s largest exchanges and clearing houses, with a particular focus on financial market infrastructures (FMIs), according to an article by Risk.net. The third round of Risk.net’s Op Risk Benchmarking service, which previously assessed op risk management at banks, now includes data from FMIs. The findings reveal a push for enhancements in monitoring, reporting, disclosures, stress tests, and, in some cases, additional on-site inspections.

For FMIs, information security emerges as a top concern, with regulatory interest in risk management growing over the past year. This heightened scrutiny is attributed to the significant shift of global derivatives markets to on-exchange trading and central clearing, making central counterparties (CCPs) pivotal in managing default risk and providing ancillary functions crucial to market functioning.

The benchmarking data indicates that regulatory scrutiny often translates into action, with firms being requested to take specific measures. In areas like information security and resilience risk, firms report increased regulatory focus, leading to requests for actions such as mapping dependencies, implementing new tools, and enhancing disclosures and reporting.

The regulatory landscape for FMIs is evolving rapidly, with new rules in the US, UK, and Europe. For instance, the UK’s operational resilience regime mandates impact tolerances and timed return-to-operations targets. The EU’s Digital Operational Resilience Act designates many FMIs as critical third-party suppliers. In the US, the Securities and Exchange Commission is reinforcing its Regulation Systems Compliance and Integrity framework.

Risk.net’s benchmarking data also reveals significant variability in the frameworks FMIs use to measure their top risks, with challenges in applying traditional risk aggregation and reporting frameworks to diverse businesses. The FMIs argue that regulatory exposure differs across their various businesses, making it akin to aggregating the regulatory exposure of entities in disparate sectors.