The Bank of England’s approach to financial market infrastructure supervision

Our FMI supervisory approach sets out how we fulfil our role of supervising FMIs in practice.
Published on 19 November 2024

Foreword by the Deputy Governor, Financial Stability

The Bank’s mission is to ‘promote the good of the people of the United Kingdom by maintaining monetary and financial stability’ and Parliament has given the Bank a statutory objective to protect and enhance the stability of the financial system of the UK. It is for these reasons that we supervise UK financial market infrastructure (FMI).

The FMI firms (FMIs) that the Bank supervises are crucial to the smooth operation of the UK financial system and the broader economy. The services that they provide are used every day to enable financial institutions and their customers to make the payments that are critical to supporting economic activity, and to manage their risks more efficiently and effectively. The UK is a leading global financial centre and UK FMIs play a critical role internationally as well as in the UK. The way the Bank regulates and supervises FMIs plays an important part in delivering financial stability – by ensuring that the FMIs’ risk management and resilience frameworks enable them to carry out these essential functions in normal times and during times of stress.

The new statutory regulatory framework for UK FMI – the Financial Services and Markets Act 2023 (FSMA 2023) – represents a significant milestone in the Bank’s regulatory regime. It grants us a wide-ranging rule-making power in relation to central counterparties (CCPs) and central securities depositories (CSDs) in order to deliver our primary objective of financial stability. The FSMA framework also introduces a secondary objective to facilitate innovation in the provision of CCP and CSD services subject to advancing the primary financial stability objective. Consistent with these new powers, the requirement establishes robust safeguards – including a new statutory FMI Committee – to ensure that we apply our new powers in a transparent and accountable manner. The framework will allow us to ensure that regulation for CCPs and CSDs is responsive, remains consistent with the highest international standards, evolves in response to current events and, crucially, supports our supervisory approach.

While the focus of this publication is on supervision rather than policymaking, this will happen against a backdrop of changes to our approach to policymaking in response to this reform, including enhanced accountability arrangements to Parliament and how we will deliver the new secondary innovation objective given to the Bank under FSMA 2023.

The Bank’s approach to supervision continues to be underpinned by four core principles: our supervisors rely on judgement in taking decisions; we assess firms not just against current risks, but also against those that could plausibly arise further ahead; we focus on those issues and firms that are likely to pose the greatest risk to our objectives; and we apply proportionality to ensure that our interventions do not go beyond what is necessary in order to achieve our objectives.

In light of experience, and the new powers and responsibilities set out in FSMA 2023, we have aimed to make our approach more risk-based and flexible, updated our potential impact and risk assessment frameworks so that they can better accommodate the risks we now face, made greater use of horizontal supervisory work to assess the risks posed across sectors, and continued to embed the use of horizon scanning to identify areas of potential vulnerability.

In recent years market volatility and banking sector stresses in the UK and internationally have also underlined the importance of having resilient FMIs that support financial stability both in the UK and abroad. As such, we continue to work closely with relevant international authorities to facilitate effective supervision and policymaking by exchanging information and minimising duplication.

Overall, this publication is intended to provide an articulation of what we think effective supervision looks like, and how we intend to deliver it. The financial services sector and the context within which we supervise are constantly changing, and we will continue to evolve our approach in response to this. Therefore, this publication will likely evolve over the next decade. However, we are confident that the essential ingredients will endure. Continuing to deliver strong, effective supervision of FMIs will be critical to supporting financial stability and safe innovation, now and in the future.

Sarah Breeden

November 2024

Introduction

The Bank of England is responsible for supervising certain financial market infrastructure in the UK.

 

This publication sets out the Bank of England’s (the Bank’s) approach to the supervision of financial market infrastructure and specified service providers (referred to interchangeably in this publication as FMI/s or firm/s). This publication serves two purposes. First, it enables regulated FMIs, firms considering undertaking regulated activity, the wider financial system and stakeholders in the UK and other countries to understand the Bank’s supervisory approach. Second, it aids the Bank’s accountability to the public and Parliament by describing what the Bank seeks to achieve and how it intends to achieve it. It sits alongside the Bank’s requirements and expectations as published in the Bank’s policy publications as well as the rules, standards and codes of practice that FMIs are subject to.

This publication replaces the document ‘The Bank of England’s approach to the supervision of financial market infrastructures’ which was published in April 2013 and ‘The Bank of England’s supervision of service providers to recognised payment systems’ as set out in Annex 1 to ‘The Bank of England’s supervision of financial market infrastructures – Annual Report (For the period 23 February 2017 – 20 February 2018)’ published in February 2018.

This publication acts as a standing reference which the Bank intends to update as necessary to ensure it remains current. It may be revised and reissued in response to significant legislative and other developments that result in changes to our approach.

1: The Bank’s objectives and legislative framework

The Bank supervises a range of FMIs as part of its objective to protect and enhance the stability of the financial system of the United Kingdom. There are different statutory regimes for different types of FMIs.

FMIs and the stability of the UK financial system

FMIs are crucial to financial stability. They provide critical services that allow individuals, businesses and financial institutions to transact with each other. Disruptions to these services can have consequences that affect the entire financial system. As such, the Bank’s supervision of FMIs is aimed at ensuring that FMIs are prepared for, and resilient to, the wide range of risks that they could face, so that they are able to absorb rather than amplify shocks and able to continue to serve UK households and businesses.

The Bank supervises three broad categories of FMIs: central counterparties (CCPs), central securities depositories (CSDs) and recognised payment system operators (RPSOs). In addition, the Bank supervises some service providers to RPSOs. These firms are collectively referred to as FMIs in this publication. The firms all provide different services to support the financial system: CCPs act as a central counterparty for financial market transactions, CSDs ensure the transfer of securities and payments after trading, and RPSOs and their service providers enable vital funds to be transferred between businesses and individuals on a daily basis. In the UK, CCPs clear trillions of pounds worth of notional outstanding of financial contracts, CSDs settle around £800 billion of securities transactions per day, and RPSOs and their service providers facilitate payments of over £400 billion daily.footnote [1]

The primary purpose of CCPs is to manage counterparty credit risk. Counterparty credit risk is the risk that one party to a contract ‘defaults’ and cannot meet its obligations under the contract. This can lead to a loss for the counterparty on the other side of the contract. If those losses are severe enough, they may cause the affected party financial distress which, in turn, can have a knock-on effect for its creditors. CCPs manage counterparty credit risk in the financial system by placing themselves between the buyer and seller of an original contract. If a member defaults, the surviving members are exposed to the CCP, rather than directly to the defaulter. To ensure those obligations can be fulfilled, CCPs have centralised and predictable default management and loss allocation mechanisms, which provide the market with greater certainty that significant counterparty credit losses will not spread. CCPs also increase efficiency and confidence in the market by enabling netting of transactions across multiple participants and through standardised margin practices, and by doing so support the economy including in times of stress. CCPs therefore play a critical role in managing potential contagion and sources of systemic risk.footnote [2] As a consequence of clearing trades centrally, as well as the financial requirements that CCPs place on their members, CCPs are themselves crucial nodal points in the financial network and are highly interconnected to other financial institutions. For this reason, it is important for CCPs to manage properly both risks to themselves and risks that their activities may pose to the markets they serve.

CSDs provide legal certainty to market participants by keeping accurate records of ownership of securities. They enable securities to be transferred and settled according to a set of predetermined multilateral rules. Through efficient sequencing of settlement obligations, CSDs can minimise the intraday borrowing needs of settlement members, releasing cash into the broader financial system, which can be reinvested or used to support activity in the real economy. Importantly, CSDs also provide settlement finality in securities transactions, giving legal certainty over payments and security transfer orders even if an instructing party becomes insolvent or if there is another form of disruption to a transfer. This supports the stability and efficiency both of the CSD itself and the broader financial system. As a result, disruption at a CSD could directly impact participants’ ability to manage liquidity and settlement risk (the risk that one party to a transaction fails to deliver the agreed asset or funds), which could in turn have knock-on impacts on other financial market participants and market liquidity more broadly.

Payment systems are entities that facilitate funds to be transferred between businesses, between individuals, and between businesses and individuals. Similar to CSDs, payment systems are vital to mitigating settlement risk and also provide settlement finality in monetary transactions. Those payment systems that could significantly impact the UK financial system or economy are formally ‘recognised’ by HM Treasury (HMT) as RPSOs in light of their systemic importance.footnote [3] Given how interwoven these RPSOs are into the UK economy (and in some cases, globally), they have the potential to threaten the stability of, or confidence in, the UK financial system if their operations were to be disrupted for financial or operational reasons. A significant disruption at a RPSO would have considerable impacts for individuals and businesses, for example not receiving salaries or being unable to make mortgage payments. If there was no practicable substitute in the near term, this disruption could become a channel of contagion, affecting participants within that system or financial markets more broadly.

The Bank also supervises certain service providers to recognised payment systems that are specified by HMT (SSPs), where the recognised payment system has outsourced critical parts of its operations to the service provider and the ability of the recognised payment system to deliver its responsibilities depends on the functioning of the service provider. This is separate to, and distinct from, the Bank, Prudential Regulation Authority (PRA) and Financial Conduct Authority’s (FCA) responsibility for supervising certain critical third parties which does not fall within the remit of this publication; more information on the critical third party regime is set out in Box D.

Since FMIs centralise risk and provide the primary mechanisms that enable financial transactions to happen, their resilience is critical to the safe, stable, and correct functioning of financial markets. Significant disruption or operational outages at an FMI could be a major cause of financial instability to the ecosystem in which they operate, and possibly more widely, given their centrality to the financial system and the wider economy. An FMI’s failure to manage financial resilience could make them act as amplifiers in spreading contagion as transactions would not be able to be cleared or settled which would directly impact the credit and liquidity positions of participants within their ecosystem and more widely. Due to the centralised nature of FMIs and the liquidity and cost benefits to users of operating at scale, there are currently only a few CCPs, CSDs and RPSOs, with limited alternative providers or substitutability. This means that the economic costs of financial failure or severe operational outages could be very high. FMIs therefore operate in a highly regulated environment to ensure their resilience. FMI regulation and supervision aim to make FMIs extremely resilient, predictable, and able to recover effectively from incidents should they occur, or to mitigate the broader risks to financial stability where they cannot recover. Our regulatory framework safeguards the financial and operational resilience of FMIs so that they can achieve their role of reducing risks to financial stability rather than transmitting or amplifying them, especially in times of stress.

While the Bank recognises that it may not be possible to avoid all instances of FMI failure or service disruption, the Bank aims to be able to manage any disruption that presents a threat to financial stability. This includes enhancing the Bank’s preparedness to support recovery, resolution, or other firm-specific or market-wide actions that may need to be taken to mitigate the financial stability risks of disruption at an FMI.

Some FMIs that provide critical services in the UK are based in the UK, while some provide services from outside the UK. Similarly, some FMIs based in the UK also provide critical services to other countries. The Bank recognises the importance of taking a consistent and international approach to supervising FMIs, both where the Bank is the ‘home authority’ for FMIs systemically important in other countries and as a ‘host authority’ for non-UK FMIs providing critical services in the UK. In both cases, the Bank seeks close co-operation with international regulators and aims to rely on the supervision of a home authority where possible for non-UK FMIs.

The Bank’s primary objective

The Bank has statutory responsibilities in relation to FMIs as part of its objective to protect and enhance the stability of the financial system of the United Kingdom.

The Bank seeks to ensure that the CCPs, CSDs and RPSOs it regulates reduce systemic risk by:

  1. avoiding disruption to the vital payment, settlement, and clearing services they provide to the financial system and to the real economy;
  2. avoiding actions that have an adverse impact on the safety and soundness of their members, subject to preserving the resilience of the FMI; and
  3. contributing to identifying and mitigating risks in the end-to-end process of making payments, clearing and settling securities transactions, and clearing derivatives trades. For the purposes of this publication, the Bank considers this to be the FMI’s ecosystem and expects FMIs to seek to manage their ecosystems in line with the Bank’s financial stability objectives.

Where necessary to achieve (1), the Bank additionally regulates certain other firms regarding the critical services they provide to RPSOs.

The Bank’s secondary objective

FSMA 2023footnote [4] introduced a secondary objective for the Bank in its FMI functionsfootnote [5] in relation to CSDs and CCPs. Pursuant to this new objective, in exercising its FMI functions, the Bank must, as far as reasonably possible, facilitate innovation in the provision of CCP and CSD services with a view to increasing the quality, efficiency, economy of FMI services. This is a secondary objective, meaning that it is subject to the Bank advancing its primary objective to protect and enhance the stability of the financial system of the UK.

The Bank’s secondary objective does not apply when making individual supervisory decisions for a firm. However, it does apply when determining the general principles under which it performs particular functions, including its supervisory approach. For example, one of the core principles of the Bank’s approach to supervision is proportionality, which means that the intensity of our supervisory activity varies depending on the risks posed by each firm. This approach supports innovation, by ensuring we take a proportionate approach to assessing and engaging in supervisory activity with new firms or technologies (see Box K).

The Bank expects and encourages FMIs to innovate and believes that innovation can actively support financial stability. The Bank’s role is to facilitate innovation and to apply a proportionate regulatory regime to FMIs that is outcome focused and technology neutral, making space for the Bank’s financial stability objective to be achieved in different ways.

Working on innovation is not new to the Bank, and as a general principle the Bank seeks to ensure that, even where new technologies or processes are used, the same risk results in the same regulatory outcome. In other words, where FMIs using new technologies pose similar risks as other FMIs, they should be subject to equivalent regulatory standards and oversight to achieve similar outcomes. The Bank is learning from its existing innovative FMI initiatives, including the creation of the Digital Securities Sandbox with the Financial Conduct Authority which allows innovations to be tested in a safe environment before scaling, and is one way to have a proportionate regime that reflects the different levels of risk posed (see Box L).

The Bank provides updates on how it is embedding the secondary innovation objective in its annual report on the supervision of FMIs.

Have regards

There are some principles which the Bank must ‘have regard’ to when exercising certain FMI functions in relation to an FMI entity. Similar to the secondary objective on innovation, have regards do not apply when making supervisory decisions regarding individual FMIs but do apply to the Bank’s supervisory approach.

As noted above, the Bank is required to act in a way that advances its primary and, subject to that, secondary objectives. When advancing those objectives, it must have regard to various principles but may decide in each case how much weight to give to each of them, provided it does consider all of them. Have regards do not take precedence over the Bank’s primary and secondary objectives.

The legislative framework

The Bank has legal powers to supervise FMIs, including with respect to their safety and resilience to risks, both financial and operational, which could lead to financial instability. This supervision takes place within the context of wider FMI-related policymaking which contributes to developing the regulatory framework and clear supervisory expectations for FMIs.

The Bank regulates FMIs in accordance with a statutory framework which includes the Banking Act 2009 (BA09), the Financial Services and Markets Act 2000 (FSMA 2000), and retained EU law, such as the European Market Infrastructures Regulation (EMIR) and Central Securities Depositories Regulation (CSDR). FMIs may also be designated to obtain protection from certain insolvency challenges under the Settlement Finality Regulations (see Section 2).

In 2012, the Bank of England adopted the ‘Principles for Financial Market Infrastructures’ (PFMI) that were developed by the Committee on Payment and Settlement Systems (CPSS) – now called the Committee on Payments and Market Infrastructures (CPMI) – and the International Organization of Securities Commissions (IOSCO).footnote [6] The Bank’s supervisory approach is based on, and consistent with, these Principles. The PFMI are international standards for addressing risks and efficiency in FMIs and outline general responsibilities of relevant authorities. The PFMI capture a number of areas, including governance financial risk management and operational risk management.

Fundamental rules (under consultation)

Alongside this publication, the Bank has published a consultation on Fundamental rules for FMIs. The proposed rules, once finalised and adopted subsequent to the consultation, are intended to apply to UK CCPs, UK CSDs, UK RPSOs, and UK SSPs that the Bank supervises and will be a set of high-level requirements on FMIs covering the full range of the regulatory framework.

The intention of the proposed rules is to support financial stability, through addressing any potential underlaps in the regulatory framework, as well as enhanced supervisory effectiveness, through transparent and clear regulatory outcomes that the Bank seeks to achieve. It is also intended that, once finalised and adopted, the rules will support the secondary innovation objective through supporting firms’ understanding of the regulatory framework in which they operate. This will support FMIs’ ability to consider how they might innovate within the regulatory framework in order to achieve better outcomes and greater resilience within the system.

Box A: Changes to the Bank’s approach to FMI policymaking through FSMA 2023

Amendments to FSMA 2000 through FSMA 2023 have given the Bank greater powers in its role as the UK’s regulator for CCPs and CSDs, matched by new accountability obligations.

These new powers include a rule-making power for CCPs and CSDs, enabling the Bank to replace retained EU law (including UK EMIR and UK CSDR) with its own rules, operating within a framework established by government and Parliament.

The Bank has been given a new secondary objective to facilitate innovation when carrying out its FMI functions, subject to the primary financial stability objective being advanced, with the aim of improving the quality, efficiency and economy of FMI services (see The Bank’s secondary objective in Section 1).

New accountability mechanisms for the Bank include the creation of a new Financial Market Infrastructure Committee (FMIC); an obligation for the Bank to report on how it engages with interested stakeholders other than CCPs and CSDs themselves; and mandating the publication of a cost benefit analysis framework in certain circumstances.

FSMA 2023 also contains a number of significant measures relevant to the Bank’s regulatory and supervisory powers, including the power to issue requirements to recognised UK CCPs and CSDs and systemic non-UK CCPs. This power will allow the Bank to require such entities to take, or refrain from taking, a specified action (see Using powers in the course of supervision in Section 4), on which the Bank published a policy statement in May 2024.

The Bank is in the process of developing and consulting on how it will implement various aspects of these new powers and accountability mechanisms.

Box B: The Bank’s supervision of service providers to recognised payment systems

What is a service provider?

The ability of a recognised payment system to deliver its responsibilities may depend on the functioning of service providers to which it has outsourced critical parts of its operations. Service providers deliver functions which are essential to the operation of a recognised payment system such as information technology, telecommunications, or messaging services.

Why does the Bank supervise specified service providers?

HMT extended the Banking Act 2009 (BA09) under s206A, allowing BA09 to be applied to service providers to recognised payment systems. In order for this to occur, HMT must specify a service provider in the recognition order of the payment system to which it relates. This action brings a service provider into the Bank’s direct supervision, making it a specified service provider (SSP). Although the Bank also has expectations of how RPSOs should manage their relationships with SSPs, additional powers over certain SSPs are considered necessary to enable the Bank to effectively deliver its mandate. In these cases, the Bank’s ability to supervise SSPs supports the Bank’s objective of protecting and enhancing financial stability.

The regulatory expectations of an RPSO are not changed if one or more of its service providers is specified. Similarly, a service provider that is specified should not change how it interacts with the RPSO that has outsourced to it as a result of it being specified. The role of the Bank and RPSOs in overseeing risk from service providers is different, yet complementary.

The Bank’s supervision of SSPs

S188 of BA09 gives power to the Bank to publish principles to which SSPs must have regard. The Bank requires SSPs to have regard to Annex F of the PFMI (Oversight expectations applicable to critical service providers). The expectations set out in Annex F should ensure that the operations of an SSP are held to the same standards as if the RPSO itself provided the service. The expectations are written at a broad level to allow SSPs flexibility in demonstrating their compliance. SSPs have responsibility for satisfying the expectations as set out in Annex F. The Bank expects SSPs to complete a self-assessment against the Annex F expectations annually, and to provide this to the Bank.

The expectations outlined in Annex F are specifically targeted at SSPs and cover:

  • risk identification and management;
  • robust information security management;
  • reliability and resilience;
  • effective technology planning; and
  • strong communication with users.

The Bank’s supervision of SSPs focuses on elements of the SSP that relate to the RPSO it serves. However, the Bank supervises any area of an SSP’s business that could have a material impact on critical services provided to the RPSO. This includes, for example, elements of an SSP’s governance and overall risk management frameworks and other business areas if they could materially impact the services provided to the RPSO.

As a result, there are some differences in the Bank’s assessment of SSPs under its supervisory approach compared to other FMIs. In particular, the Bank's expectation with regard to how an SSP manages risks to the broader ecosystem is narrower than FMIs. The Bank expects SSPs to manage risks that their services might present to the system and participants in the system. However, the Bank does not expect SSPs to be responsible for identifying and mitigating risks to the end-to-end flow of payments more broadly. This would risk duplicating the role of the RPSO which is responsible for maintaining the rules and frameworks under which their participants operate within the system.

Box C: The Bank’s supervision of CHAPS

The Bank’s FMI supervisory area acts as an independent supervisor of the Bank’s operation of CHAPS, the UK’s high-value payment system. The Bank’s supervisory area holds the Bank’s operation of the CHAPS system to the same standards as external RPSOs. This includes applying the PFMI (adapted as recommended by CPMI-IOSCO for central bank FMIs)footnote [7] and seeking the same outcomes on matters such as management and governance, risk management and operational resilience. This supervision is undertaken on a non-statutory basis.

In order to ensure the effective supervisory oversight and operational delivery of CHAPS within the same institution, the Bank has designed a model which emphasises transparency and independence between the areas of the Bank responsible for the operation and supervision of the CHAPS system. For example, the Bank has put in place measures to ring-fence specialist resources for both functions. Importantly, the FMIC makes the key supervisory decisions with regard to CHAPS, in the same way that it does for other FMIs, which helps to ensure that independent supervisory judgements are reached.

While CHAPS is not an RPSO, all references to RPSOs in this publication can be used as a guide to understand the Bank’s supervision of CHAPS.

Box D: Critical third party regime

Using powers contained in FSMA 2023, HMT may designate as a critical third party (CTP), a third party that provides services to one or more authorised persons, relevant service providers and/or FMIs.footnote [8] A third party may only be designated if, in the opinion of HMT, a failure in, or disruption to, its services (whether individually or, where more than one service is provided, taken together) would pose a risk to the stability of, or confidence in, the UK financial system. HMT must consult the Bank and FCA before designating a third party as a CTP. HMT generally expects to make designations of CTPs on the basis of recommendations from the Bank, the PRA and the FCA.

Irrespective of the CTP regime, FMIs and other regulated firms remain responsible and accountable for managing risks to their resilience arising from their arrangements with third parties, including those designated as CTPs.footnote [9]

Some of the key features of the CTP regime are:

  • CTPs must meet a set of high-level fundamental rules, which collectively reflect the regulators’ objective of managing risks to the stability of, or confidence in, the UK financial system posed by CTPs.
  • CTPs are subject to eight operational risk and resilience requirements that apply to CTPs’ systemic third party services to firms and FMIs, and cover areas such as governance, supply chain risk management, technology and cyber resilience, change management and incident management.
  • CTPs must meet a range of information-gathering and regular testing requirements, including the submission of an annual self-assessment, and regular scenario testing. The regulators also have the power to commission Skilled Person reviews. CTPs are also required to notify regulators and CTPs’ FMI and regulated firm customers of certain incidents.

The oversight of CTPs will be provided by the regulators as set out in the oversight approach document. The approach to CTP oversight shares several of the same key principles as the supervisory approach for FMIs: judgement-based and evidence led, forward looking, proportionate, and focused on key risks.

2: High-level principles for advancing the Bank’s objectives

To advance the Bank’s objectives, the Bank’s supervisory approach follows four key principles. They are: i) judgement based; ii) forward looking; iii) focused on key risks; and iv) proportionate.

Judgement-based

The Bank’s approach relies significantly on judgement. Supervisors reach judgements on the risks that an FMI is running as it undertakes its business, the risks to the ecosystem, the risks that it poses to our objectives, and how to address any problems or shortcomings.

The Bank’s supervisory judgements are based on evidence and analysis. It is, however, inherent in a forward-looking system that, at times, the Bank's supervisory judgement will be different to that of an FMI. Indeed, given the Bank’s financial stability objective, the Bank’s risk appetite may differ from that of the FMI, and so the Bank may require an FMI to take action to reduce financial stability risks which differs to the actions that the FMI might take of its own accord. Furthermore, there will be occasions when events will show that the Bank’s supervisory judgement did not produce the desired outcomes. To minimise such occurrences, the Bank’s strategies and judgements are subject to regular review by those independent from supervising the firm in question, and major judgements and decisions involve the Bank’s most experienced and senior staff and directors. This includes processes such as the Annual Risk Reviews (ARR)footnote [10] (see Setting supervisory strategies in Section 4)

The Bank engages with the boards and senior management of firms in forming its judgements, using this dialogue both to ensure that supervisors take account of all relevant information, and to clearly communicate the rationale for them. Firms should not, however, approach their relationship with supervisors as a negotiation.

Forward looking

The Bank’s approach is forward looking. The Bank assesses FMIs not just against current risks, but also against those that could plausibly arise further ahead for the firm and the ecosystem in which it operates. And where the Bank judges it necessary to intervene to mitigate risks, it seeks to do so at an early stage. To support this, firms should be open and straightforward in their dealings with supervisors, taking the initiative to raise issues of possible concern at an early stage. Supervisors will respond proportionately. In this way, trust can be fostered on both sides.

Focused on key risks

The Bank focuses its supervision on those issues and those FMIs that, in the Bank’s judgement, pose the greatest risk to the stability of the UK financial system. Consistent with the Bank’s objectives, the Bank aims to concentrate on material issues when engaging with firms. As outlined further in Section 3, the Bank’s assessment of the risk that any FMI poses will take into account both the gross risk derived by their relative scale, complexity and business model, and any mitigating factors and controls that have been put in place.

All FMIs will be subject to a set of baseline supervisory processes and activities, the frequency and depth of which are proportionate to the potential impact of a firm on financial stability. Where an FMI is out of tolerance against risk elements in our risk framework, supervisors may undertake additional supervisory activity and/or will require the FMI to take remedial action.

Proportionate

Consistent with the focus on the greatest risks set out above, the Bank seeks to ensure that the frequency and intensity of its supervision is proportionate to the risk that a FMI poses to the Bank’s objectives. This takes into account the scale and complexity of the FMIs that are being supervised and the ecosystems in which they operate.

Other elements which support our approach to supervision

Data-related capability

The Bank uses data that it collects directly from FMIs and elsewhere as an important input to ensure that supervisory actions and decisions are informed by the best available data, analysis and intelligence in order to support the Bank’s broader financial stability objective.

The Bank aims to achieve four broad outcomes in its collection and use of data: (i) to utilise data and analysis to support the supervisory approach; (ii) to be able to identify system-wide risks and facilitate effective crisis management responses; (iii) to proactively monitor data to spot trends and identify risks to firms, their participants and their wider ecosystem and; (iv) to make relevant data available to other parts of the Bank to support broader initiatives (see Box E).

To do this, the Bank needs to increase the value of the data it collects by closing data gaps, sharing data effectively with relevant partiesfootnote [11] and by enabling safe and effective innovation, including artificial intelligence. The Bank is expanding its technical capability to make the best use of the data it collects and is continuing to work alongside international counterparts on the harmonisation of data standards.

International co-operation

Some FMIs may operate across borders for various reasons such as to support global markets, efficiency or to enhance risk management through netting exposures across jurisdictions. The Bank supervises certain UK FMIs and some non-UK FMIs that provide services to the UK or have UK participants. Additionally, around half of the UK FMIs supervised by the Bank are also systemically important in other countries. This means that international co-operation is central to the Bank’s approach to supervising FMIs.

International co-operation is a fundamental component of the Bank’s supervisory approach, reflecting the cross-border nature of FMIs. Cross-border infrastructure can support financial stability, for example by allowing financial market participants to benefit from global pools of liquidity and to hedge their risk in the broadest possible markets. Maintaining the resilience of cross-border financial infrastructure requires deep co-operation that gives regulators in both ‘home’ and ‘host’ jurisdictions assurance that cross-border infrastructure will be secure and reliable both in ‘business as usual’ and during times of stress. Where FMIs are licensed in multiple jurisdictions, the Bank recognises the importance of working in close co-operation with counterpart regulators to avoid overlap and to improve outcomes. It is equally crucial that supervisory co-operation does not become counterproductive as a result of conflicting, overlapping or confusing directions for firms, particularly in a crisis.

In its international co-operation, the Bank seeks to model the guidance within ‘Responsibility E’ of the PFMI that sets out how to co-operate effectively with other authorities in order to support each other in fulfilling respective mandates with respect to FMIs.

The international co-operation agreements that the Bank has established facilitate deep supervisory co-operation, ensuring clear and stable reciprocal arrangements for supervising cross-border FMIs. The Bank was the first supervisor to establish supervisory colleges for CCPs and an international card scheme. The Bank has also established crisis management groups (CMGs) for CCPs which provide a framework for authorities to plan crisis management measures (including orderly resolution) for CCPs that are judged to be systemically important in more than one jurisdiction. Our international co-operation is supported by Memoranda of Understanding (MoUs) that the Bank has with a wide range of authorities in other jurisdictions which aim to facilitate information sharing, joint reviews and best practice to allow authorities to deliver their mandates while reducing the burden on supervised firms.

Sections 3 and 4 provide more details on the Bank’s approach to supervising UK FMIs, including how the Bank engages with non-UK authorities that have an interest in a UK FMI. Section 5 sets out the Bank’s approach to supervising FMIs that are not domiciled in the UK but have operations in the UK or have UK participants. The Bank’s aim in both approaches is to protect and enhance the financial stability of the UK while having regard to the potential impact of the Bank’s actions on other countries in which the FMIs provide services.footnote [12]

The Bank has additionally continued to be a substantial contributor to a broad range of international FMI policy workstreams designed to make FMIs more resilient and less likely to amplify risks during episodes of volatility.

Settlement Finality Regulations

The Bank is also responsible for designating systemsfootnote [13] for the purposes of the Financial Markets and Insolvency (Settlement Finality) Regulations 1999 (as amended) (SFRs). The SFRs seek to reduce the risks associated with participation in these systems by minimising the disruption caused by insolvency proceedings brought against a participant in such a system. They do this by protecting the system rules on the irrevocability of instructions for settlement and payments against challenge by insolvency practitioners.

System operators of both UK and non-UK CCPs, CSDs and payment systems can apply for settlement finality designation under the SFRs; and in determining whether to make a designation order, the Bank will have regard to systemic risks.

Following designation, the system operator must provide the Bank with certain information or notify it of certain changes as set out in the SFRs.footnote [14] This is to satisfy the Bank that the requirements for designation continue to be met and to verify that in such manner as the Bank may specify. The Bank uses its power under the SFRs to require designated systems to provide an annual attestation that the SFRs’ requirements are met. System operators are also required to notify the Bank of changes to the system’s:

  • default arrangements;
  • rules relating to matters dealt with the SFRs; and
  • participants (for UK law systems) or the system’s UK participants (for non-UK law systems).

Supervised FMIs that operate a recognised or designated payment system may use the same Bank point of contact for their notification obligations under the SFRs as for supervisory matters.

Box E: Engagement with other Bank of England functions

The Bank of England’s supervision of FMIs is informed by, and connected to, the Bank’s other functions, including its work on market intelligence, supervision of banks, financial sector resilience and resolution. The Bank’s supervisors engage with these areas, collaborate effectively, and facilitate the flow of information between these functions where sharing would be useful in light of the Bank’s responsibilities. All parts of the Bank will protect the confidentiality of commercially sensitive or supervisory information in accordance with legislative requirements and relevant agreements with third parties. This informs what controls are applied if and when relevant information is shared between parts of the Bank.

Financial Policy Committee (FPC)

FMI supervisors work closely with the Bank’s FPC, which has statutory responsibility for contributing to the reduction of financial stability risks to the financial system as a whole. The FPC may also make recommendations within the Bank in relation to the supervision of CCPs, CSDs or RPSOs as part of its role in reducing risks to the UK financial system.

Prudential Regulation Authority (PRA)

FMI supervisors work closely with the PRA, which has statutory responsibility to promote the safety and soundness of regulated deposit-takers, insurance companies and designated investment firms. There is a frequent two-way flow of information and exchange of views between FMI supervisors and the PRA; providing firm-specific information to assist supervisors in their respective supervision of individual firms and their ecosystem. More detail about the PRA’s approach to supervision can be found in The Prudential Regulation Authority’s approach to banking supervision.

The Bank as the UK’s Resolution Authority

The Bank is the UK’s Resolution Authority and operates within a distinct statutory framework that gives it legal powers to resolve banks and certain firms in order to meet specified objectives. The relevant functions within the Bank (including FMI supervision and Resolution) will co-ordinate to ensure that the most proportionate and appropriate power is used to achieve their respective objectives. There are regimes in place to help manage the financial failure of relevant FMI, including the CCP resolution regime, and the FMI Special Administration Regime. These regimes are designed to allow for FMIs’ critical functions to continue where they fail financially, and, through maintaining continuity of critical functions, promote confidence in the UK financial system.

FMI supervisors work closely with the Bank’s Resolution Directorate, which has the statutory responsibility for managing bank, building society, and CCP failure, to ensure that should an FMI fail, there is effective co-ordination and information sharing to achieve the Bank’s statutory resolution objectives. The Bank has established arrangements for decision-making to maintain structural separation and operational independence of resolution and supervision functions.

Payments Directorate

Payments Directorate is responsible for operating the Real Time Gross Settlement (RTGS) service and CHAPS, the UK’s high-value payment system. The Bank’s FMI supervisory area acts as an independent supervisor of the Bank’s operation of CHAPS, as set out in Box C. FMI supervisors also work in partnership with Payments Directorate where there are topics which span both of our interests such as payments innovation or new (potentially systemic) FMIs.

Box F: Working with other UK authorities

Co-ordination with other UK authorities is essential to achieving the Bank’s objectives and central to the Bank’s supervisory approach.

Clearing and settlement

FMI supervisors co-ordinate with the Financial Conduct Authority (FCA) markets area in the supervision of clearing and settlement FMIs.

The Bank has a statutory duty to co-ordinate with the FCA certain matters related to FMIs under FSMA, including certain policymaking and supervision matters. An MoU between the Bank (including the PRA) and the FCA describes how the authorities fulfil this duty to co-ordinate in a way that supports each authority’s ability to advance its own objectives.

The FCA is the regulator of organised financial markets including Recognised Investment Exchanges and other trading platforms, and the conduct of participants in relation to the financial instruments and derivative contracts traded both on those markets and in over-the-counter financial markets.

Payment systems

The Payment Systems Regulator (PSR) is the independent regulator for UK payment systems and is responsible for the regulation of payment systems designated by HMT, and the participants in these designated systems. The Bank co-operates with the PSR regarding the supervision of recognised payment system operators. The PSR’s objectives are: to ensure that payment systems are operated and developed in a way that considers and promotes the interests of all the businesses and consumers that use them; to promote effective competition in the markets for payment systems and services; and to promote the development of and innovation in payment systems.

The Bank has a statutory duty to co-ordinate with the PSR under the Financial Services (Banking Reform) Act 2013. An MoU between the Bank (including the PRA), the FCA and PSR describes how the authorities fulfil this duty to co-ordinate in a way that supports each authority’s ability to advance its own objectives.

Other UK bodies

The Bank works with other UK regulators and other UK government agencies, either to pursue the Bank’s objectives or to assist them in theirs. The Bank’s general approach to these arrangements and the relationships they underpin is focused on: enabling all parties to focus on their own objectives; the substantive issues of the potential co-ordination; avoiding where possible a detailed, prescriptive approach, to ensure that judgement and flexibility are not lost; and provisions for regular review of the MoUs to ensure they remain current. For example, FMI supervisors may seek support from the National Cyber Security Centre to help enhance the resilience of some FMIs.

3: Identifying risks to the Bank’s objectives

Aligned to the principle of proportionality, the intensity of the Bank’s supervisory activity varies depending on the risks posed by each firm. In order to identify and assess these risks, the Bank uses a standardised risk assessment framework. This framework enables supervisors to focus on the biggest risks to financial stability and provides a common approach to reaching supervisory judgements.

The Bank’s risk model for supervising FMIs

The Bank takes a structured approach when forming judgements. To do this, the Bank uses a risk model (Figure 1). The model consists of individual elements which assess the risk posed by FMIs to the Bank’s financial stability objectives, assessing gross risk and mitigating factors. The starting point is to assess the ‘gross risk’ (risk inherent to the FMI’s business) by assessing the potential impact an FMI has on the stability of the UK financial system, the external context that the FMI is exposed to, and its business model. This is then overlaid by assessing ‘mitigating factors’ ie how effectively these risks are mitigated by the FMI.

Figure 1: FMI risk model

Potential systemic impact

Supervisors begin any FMI’s risk assessment with the potential systemic impact assessment in which supervisors assess the significance of an FMI to the stability of the UK financial system. This ‘potential systemic impact’ reflects an FMI’s potential to adversely affect the stability of the financial system by failing, coming under operational or financial stress, or because of the way in which it carries out its business. The potential systemic impact does not include an assessment of the likelihood of such an event occurring, as this is considered in the next phase of the risk model.

The FMI potential systemic impact categories are described as follows:

  • Category 1 – most significant systems which have the capacity to cause very significant disruption to the financial system by failing or by the manner in which they carry out their business.
  • Category 2 – significant systems which have the capacity to cause some disruption to the financial system by failing or by the manner in which they carry out their business.
  • Category 3 – systems which have the capacity to cause, at most, minor disruption to the financial system by failing or by the manner in which they carry out their business.

Following the potential systemic impact score calculation, supervisors consider a series of further risk elements under gross risk and mitigating factors to assess the likelihood of an event disrupting the financial system occurring.

Risk model elements: Gross risks

External context

External context encompasses factors outside the control of the firm that have the potential to pose a risk to the firm and the firm’s ecosystem, including risks arising from the political and/or macroeconomic environment. Supervisors’ assessment therefore includes consideration of system-wide risks, such as general economic and market conditions or the political and physical environment, and sectoral risks such as operational risks arising from concentration of outsourcing within a sector or changes in regulatory requirements.

Supervisors draw on work by other areas of the Bank, including the views of the FPC on the macroprudential environment. Supervisors also consider actions by other regulators that might materially affect the systemic risk posed by an FMI.

Business risk

Business risk focuses on the FMI’s business model, strategy, the complexity and inherent risk of the market that it serves, and its operating model (including its group structure). The analysis includes an assessment of where and how an FMI generates income, its financial performance against its plan, and the risks it takes and whether this remains within its own risk appetite. Changes to the FMI’s business model, including major change projects or plans for new business lines, form part of the assessment.

Supervisors also consider the FMI’s relationship with its parent or group, including any group companies on which it depends, as well as the structure and dynamics of its ecosystem. Box G gives further detail on the Bank’s supervision of FMIs that form part of groups.

Risk model elements: Mitigating factors

Management and governance

Management and governance covers the effectiveness of the FMI’s Board and senior management in managing the firm prudently, consistent with regulatory requirements, expectations and the Bank’s financial stability objective. The management and governance of an FMI is critical to its safe and effective operation. The Board of an FMI sets its overall strategy and is ultimately responsible for it meeting its regulatory requirements and managing its risks effectively. For CCPs, CSDs and RPSOs, this includes responsibility for consideration of systemic risks. The Bank places a strong emphasis on ensuring that FMIs’ Boards are appropriately structured and have the right skills to carry out these roles effectively, including holding the executive to account.

Supervisors do this through assessment of the composition, design and effectiveness of the firm’s Board, and whether the firm’s senior management are competent, fit and proper, and set an appropriate risk culture. Supervisors do not have any ‘right culture’ in mind when making assessments; rather, supervisors focus on whether internal decisions and practices are challenged, and whether action is taken to address risks on a timely basis. FMIs should demonstrate that incentives and reward policies and practices for senior executives do not create pressure to prioritise revenues, market share and profit over systemic risk management objectives.

Supervisors assess key individuals at a firm on an ongoing basis through engagement with firms or specific governance reviews (see Baseline supervisory activity in Section 4) and through the Bank’s review of significant change process when firms make new appointments (see Box I).

Risk management and controls

Risk management and controls encompasses a firm’s oversight and control of its risks. This includes both setting and articulating an appropriate risk appetite and ensuring that appropriate systems and controls are maintained to manage risk at an operational level within the established risk appetite.

Firms should have robust frameworks for risk management, including for financial and operational risks. A robust risk management framework will allow firms to effectively identify, measure, monitor, manage and report risks. Competent and, where appropriate, independent control functions should oversee these frameworks. Boards should ensure they receive adequate and timely information on key risks and deviations from the firm’s agreed risk appetite to enable them to monitor and challenge executive management.

When assessing risk management and controls, supervisors assess both the risk management of the FMI itself and how the FMI fulfils its role in ensuring effective risk management in the markets they serve. For example, for CCPs, CSDs and RPSOs supervisors consider how the standards the FMIs place on their participants and members improve both the robustness of the FMI and the system more widely. Supervisors also expect these FMIs to monitor the positions and customers of its members as part of its risk management.

Operational resilience

Operational resilience considers the ability of an FMI to prevent, detect, respond to, recover and learn from operational disruptions. The Bank expects FMIs to observe high standards in the management of operational risks.

The Bank’s focus on operational resilience is on the delivery of the important business services that an FMI’s members or participants, and the wider economy rely, upon. As part of this, the Bank expects FMIs to develop impact tolerances that acknowledge that disruptive events will happen. FMIs need to be able to remain within their set impact tolerances for a wide range of extreme but plausible scenarios. Where the impact tolerance cannot be met for an important business service under extreme but plausible scenarios, the Bank expects the FMI to have defined remedial actions or investments to ensure impact tolerances can be met in future.

In order to reach judgements on an FMI’s operational resilience, supervisors consider a number of areas, including but not limited to: change management; outsourcing and third party management; cyber resilience; incident management; and business continuity and disaster recovery.

The Bank has published expectations and requirements for FMI outsourcing and third party management, including intragroup and cloud outsourcing. This sets expectations in governance and record keeping, pre-outsourcing, outsourcing agreements, data security, audit rights, sub-outsourcing, and business continuity and exit plans. In line with the Bank’s proportionate approach, these expectations vary depending on the FMI’s size and activity.

Cyber resilience is an important aspect of a firm’s wider operational resilience. This includes firms’ governance arrangements, understanding of cyber risks, and incident response and recovery capabilities. CBESTfootnote [15] is a framework to deliver controlled, bespoke, intelligence-led cyber security tests, and it plays an important part in the assessment of cyber resilience. In 2015, the FPC recommended that firms at the core of the UK financial system complete CBEST tests and adopt individual cyber resilience action plans. The Bank works in consultation with international regulatory bodies to align supervision of cyber resilience frameworks where possible to maintain consistency in supervision across relevant jurisdictions.

Firms’ operational resilience is the responsibility of their boards. The Bank expects them to have clear lines of accountability for their operational resilience and to be responsible for the internal operations and technology of the firm. The Board should ensure there is sufficient challenge to the executive and that it has access to people within the business with appropriate technical skills.

Financial resilience

Financial resilience is an assessment of both the firm’s own financial resources and, for FMIs other than SSPs, whether the FMI appropriately manages financial risks within its ecosystem, subject to preserving the resilience of the FMI.

The nature of the financial risks an FMI faces will depend on the type of FMI and the activities it undertakes, and the Bank’s assessment of financial resilience will vary accordingly. For example, CCPs have a specific function of allocating default losses to other participants and so financial resilience for CCPs includes ensuring they have appropriate models and procedures in place to ensure they hold appropriate financial resources (eg hold sufficient collateral) to carry out this function. Similarly, supervisors assess whether RPSOs have appropriate resources and procedures to minimise any financial risks that may arise from the services they provide to their participants. For example, depending on the RPSO’s approach to mitigating settlement risk, a RPSO may guarantee settlement of the transactions it processes and thereby take on credit risk. As part of its financial resilience assessment, the Bank considers how FMIs are measuring, monitoring, managing and reporting such risks.

In order to reach judgements on a FMI’s financial resilience, supervisors consider a number of areas, including but not limited to: capital; liquidity; and financial recovery. Where relevant, financial resilience also considers, among others: initial margin and default fund; firm’s stress testing; collateral; and investment management. CCPs are also subject to the Bank’s supervisory stress test (see Box H). Supervisors will consider how a firm’s approach to these areas impact both the financial resilience of the firm and of the ecosystem.

Supervisors consider a firm’s financial resilience as a whole, acknowledging FMIs can ensure financial resilience through different approaches and that there may be trade-offs between ensuring the financial strength of the FMI and its ecosystem. The Bank also expects FMIs to demonstrate that they are managing risks through the cycle without introducing excessive procyclicality. Whatever its approach, an FMI must be able to demonstrate sufficient financial resilience in a wide range of severe but plausible stresses, both market wide and firm specific.

As with operational resilience, an FMI’s financial resilience is the responsibility of its Board. Supervisors evaluate whether FMIs have clear lines of accountability for their financial resilience. In assessing firms’ Boards, supervisors consider whether there is sufficient challenge to the executive and whether the Board has access to people within the business with appropriate technical skills.

Preparedness for disruption

As set out above, the Bank assesses all FMIs to seek to ensure that they are operationally and financially resilient to continue to provide their important business services under a range of adverse scenarios. This is, though, not expected to avoid all instances of FMI failure or service disruption. Given the systemic importance of FMIs, the Bank also considers it important to prepare to mitigate any financial stability impacts in an eventuality that an FMI is not able to continue to provide their important business services.

The final risk element in the risk model (preparedness for disruption (PfD)) therefore assesses the extent to which the FMI has taken appropriate actions to support the Bank in being adequately prepared to mitigate impacts on financial stability in the event of the FMI being unable to recover from a financial or operational failure. This risk element is not intended to assess the probability or impact of such a disruption but will consider the firms’ preparedness to enable the Bank to mitigate the impact of the disruption should it occur.

The objective is not to avoid all instances of FMI failure or service disruption, but to ensure the Bank is prepared to minimise any impact to financial stability by taking appropriate firm-specific or market-wide action in the event of disruption to important business services provided by an FMI. This recognises that the systemic nature of FMIs can result in disruption at one firm having a much broader ecosystem-wide impact which may require additional market-wide intervention by the relevant authorities in order to mitigate risks to financial stability. This does not negate the responsibility of individual FMIs to consider and actively manage risks to the broader ecosystems themselves.footnote [16]

As mentioned, the Bank primarily seeks to ensure FMI’s resilience to financial failure through the requirements it places on firms to manage and mitigate financial risks to the firm. However, these safeguards are not fail-safe. Therefore, there are statutory regimes in place to enable the Bank, in co-ordination with other authorities such as the FCA and HMT, to act and manage the financial failure of the relevant FMI, including the CCP Resolution Regime, and the FMI Special administration regime. These regimes are designed to allow for FMIs’ critical functions to continue where a firm fails or is at risk of failing, and through maintaining continuity of critical functions,footnote [17] promote confidence in the UK financial system. The Bank’s ability to implement these regimes effectively depends on firms being sufficiently prepared to support the Bank in taking these actions.

The same concept of preparing to mitigate disruption, and in particular potential impacts on broader financial stability, is also relevant to operational disruptions. This builds on the recognition within the Bank’s operational resilience policy that, although successful implementation of the policy requirements should minimise instances of disruption, it could still occur in some scenarios.footnote [18] In these instances, given the systemic importance of FMIs to the broader financial system, the Bank should be prepared to respond to mitigate risks to financial stability should they occur. As with financial resilience, the Bank’s ability to achieve this objective may depend on firms being sufficiently prepared to support the Bank in taking appropriate actions. The Bank considers this to be in line with effective risk management and the consideration of financial stability risks in FMI decision-making, as set out in Explanatory Note 3.2.2 of the PFMI.footnote [19]

In practice, this may be achieved through firm-specific or market-wide actions implemented in conjunction with other authorities or through direct intervention by the Bank, depending on the specific critical function that has failed. The Bank will work closely with firms and may consult on further policy and/or guidance over the coming years setting out its expectations of firms and further details on our approach to assessing firms against the PfD risk element within the risk model. This includes updating future iterations of this publication as needed.

Assessing firms using the risk model

Supervisors assess and rate each risk element against the Bank’s risk tolerance. The rating (outlined in Figure 2) is forward looking over 12 months, based on information available to supervisors.

Figure 2: Scoring FMIs against the Bank’s risk tolerance

This figure is explained in the surrounding text.

Proactive intervention framework (PIF)

The Bank’s supervision aims to reduce both the probability of risks crystallising, and the impact that this could have. The PIF is intended to capture the probability of risks outside of the Bank’s risk tolerance crystallising over the next 12 months. Together with the potential impact (the FMI categorisation), these metrics determine the intensity of supervision. Therefore, FMIs which have the highest potential impact and the highest probability of risks crystallising would receive the most intensive supervision, and the FMIs which have lower impact and with lower probability of risks crystallising would be supervised less intensively.

Supervisors consider an FMI’s PIF when drawing up its supervisory strategy. Supervisors’ judgement about an FMI’s position within the PIF is periodically updated and is informed by the supervisory activities outlined above under ‘Risk model elements’. However, it may be revisited more frequently in response to material developments which may, or have the potential to, negatively affect the firm or disrupt financial stability.

Judgements about an FMI’s PIF are derived from those elements of the supervisory assessment framework that reflect the risks faced by an FMI and its ability to manage them, namely, external context, business risk, management and governance, risk management and controls, financial resilience and operational resilience. The PIF is not sensitive to a firm’s potential systemic impact or preparedness for disruption score.

There are five PIF stages, each denoting a different likelihood of disruption to financial stability, and every firm sits in a particular stage at a given point in time (Figure 3). When an FMI moves to a higher PIF stage (ie if the firm’s risk has increased), supervisors will consider and deploy an appropriate set of supervisory actions (see Using powers in the course of supervision in Section 4).

The Bank considers it important for markets and counterparties to make their own judgements on the viability of an FMI. The Bank will not therefore routinely disclose to the market, or to FMIs themselves, its PIF judgement, not least given the possible risk that such disclosures could act to destabilise in times of stress.

Figure 3: Stages in the proactive intervention framework

This figure is explained in the surrounding text.

Box G: Bank supervision of FMIs that form part of groups

Some FMIs supervised by the Bank form part of groups that include other FMIs, other regulated financial institutions or indeed non-regulated firms. These groups may be entirely UK-incorporated or may contain firms in other jurisdictions. In contrast to the model for banking, EU and international requirements for FMIs do not currently require consolidated group supervision. The FMI regulatory regime is based on whether an individual FMI entity satisfies the standards and regulations applicable to its particular activities.

The Bank will, however, want to understand how the institutions that it supervises relate to the rest of any group of which they form part, how group objectives affect the Bank-supervised institutions, the risks the rest of the group might bring to the Bank-supervised institution, and vice versa. In particular, the Bank will consider interdependencies between group entities in relation to finances, operations, risks, risk management and governance. The Bank’s aim is to ensure that critical UK FMIs are not at risk of contagion from risks in other parts of the group and that UK FMIs can meet all applicable regulatory requirements on a standalone basis.

The Bank will, therefore, look to establish effective dialogue with the supervisors of other parts of groups of which UK-incorporated FMIs form part. In some cases, there are already formal arrangements for liaising with relevant supervisors. The Bank maintains contact with parent companies’ senior executives to ensure a clear understanding of risks to UK entities from other parts of a group, and vice versa.

A number of UK CCPs form part of groups which also include recognised investment exchanges supervised by the FCA In respect of such groups, the Bank co-operates closely with the FCA under an MoU. In some cases, the Bank may have some supervisory powers over the holding companies of CCPs or CSDs supervised by the Bank (see Using powers in the course of supervision in Section 4).

4: Supervisory activity

This section describes how the Bank supervises UK FMIs in practice, including the tools and legal and enforcement powers available. In line with the Bank’s key principles, this engagement will be proportionate to the size and potential impact to financial stability of any given FMI and focused on the key risks to financial stability.

 

As set out in Section 2, the Bank’s supervisory approach follows four key principles – they are: i) judgement based; ii) forward looking; iii) focused on the greatest risks, and iv) proportionate. In line with these principles, supervisors utilise a broad range of tools to gather quantitative and qualitative data which inform supervisory judgements.

Intensity of supervision

Supervisors have to undertake baseline activities for all FMIs, regardless of PIF score (Figure 3) or risk element scores (Figure 2). The baseline activities constitute the minimum work supervisors undertake on all firms and no additional proactive work is undertaken if a firm is assessed to be ‘within risk tolerance’ through the risk scoring framework. This approach ensures that supervisors focus supervisory resources where there is judged to be greater risk to the Bank’s supervisory objectives. Baseline supervisory activities vary depending on the category and type of FMI in order to remain proportionate.

Where an individual risk element or the overall FMI is assessed as ‘out of tolerance’, supervisors undertake additional work to ensure that FMIs have carried out the necessary risk mitigation activities to bring the risk back into tolerance. Supervisory judgement will determine where additional supervisory work is needed, proportionate to the risks posed by the firm and linked to the risk elements that are out of tolerance.

In addition to baseline and risk mitigation activities, supervisors will also need to respond to regulatory transactions and notifications of significant changes, which are driven by the FMIs. These may generate additional supervisory activity, for example in relation to the appointments of key individuals.

Baseline supervisory activity

The baseline for supervisory activity is set by the FMIC, the Bank’s statutory decision-making Committee responsible for the most important decisions on FMIs (see Box J), and any significant changes are approved by it. In line with the Bank’s principle that supervision must be judgement based, supervisors can deviate from baseline supervisory activity subject to appropriate governance.

The baseline for supervision sets the amount of work supervisors should do for an FMI that is ‘within tolerance’ and requires supervisors to undertake activities such as meetings with key personnel and reviews of key risk areas on a minimum schedule. However, outside these set cycles, supervisors retain some flexibility to determine where baseline supervisory activity should be focused. Baseline supervisory activity is not intended to cover all risk areas on a defined schedule, but aims to provide enough coverage, alongside other supervisory work, to enable supervisors to assess FMIs against the risk elements in the supervisory framework and to identify key risks for each FMI.

The types of supervisory activities that constitute the baseline for supervision are set out below. The number and frequency of these activities varies according to the FMI’s potential systemic impact assessment (see Potential systemic impact in Section 3). Category 1 firms will have the highest number of supervisory activities and a greater number of areas that need to be covered at a set frequency. Category 3 firms will have much lower number of baseline supervisory activities.

Firm meetings

Central to the Bank’s supervisory approach is meeting with FMIs and engaging across all levels of seniority within the firm. At a senior level, Board members and directors should expect regular meetings with supervisors, either in groups or on an individual basis. In line with the principle of proportionality, this engagement will be focused on material risks that the firm has the potential to pose to financial stability and will be proportionate to the potential impact that any given firm could have on financial stability. Supervisors will also meet with a supervised firm’s external auditors.

As part of baseline supervision, close and continuous (C&C) engagement with FMIs’ senior management is maintained through a defined schedule of core meetings. The schedule for these meeting is defined by the firm’s category but can be adjusted (subject to appropriate governance) depending on an FMI’s unique circumstances (eg a major change programme or a firm’s governance structure). These scheduled C&C meetings are in addition to ad-hoc meetings that supervisors may have at firms’ or supervisors’ instigation to cover topics that may arise such as deterioration in a key risk, market developments or business updates. Table A shows an example schedule of minimum engagement with a typical Category 1 RPSO.

Table A: Example schedule of close and continuous meetings with a typical Category 1 RPSO

Role

Frequency

Chair of the Board

Biannually

Chair of Audit Committee

Annually

Chair of Risk Committee

Annually

Senior Independent Director

Annually

CEO

Biannually

Head of Risk/CRO

Biannually

Head of Audit

Biannually

External Financial Auditor

Biennially

Review of management information (MI), regular reporting and data

Proportionate to their size and potential impact, the Bank requests FMIs to submit data,footnote [20] of appropriate quality, which supervisors review to inform judgements about the risks that each FMI may pose to the Bank’s objectives. For instance, supervisors review CCP transaction data periodically to identify any material changes. Supervisors also gather information through MI from Board packs or disclosures made by FMIs and this information can inform which risk areas supervisors focus on during meetings with FMI senior management.

Risk reviews

Risk reviews are an important part of the Bank’s baseline supervisory activity and can be undertaken for any area of the risk model. Reviews can include ‘deep dives’ into certain areas at a specific firm or be thematic across a number of firms. Baseline supervisory activity sets out the number of reviews that should be undertaken per year and also minimum cycles for reviewing certain key risk areas. Supervisors have discretion over which other areas are reviewed outside these minimum cycles.

Risk reviews are especially important in the areas of financial resilience and operational resilience, given the breadth of risk topics they encompass and their ability to affect the resilience of FMIs. For example, for Category 1 CCPs, financial risk topics deemed to present the highest risk (such as initial margin models) are regularly reviewed as part of a cycle. Supervisors then have discretion over which other areas of financial resilience to review in detail outside these minimum cycles. Similarly for operational resilience, the Bank has identified a number of key areas (such as cyber resilience) that must be reviewed within a minimum timeframe depending on firm category, with additional capacity allocated for other reviews.

Supervisors may often involve the Bank’s risk specialists and other technical staff in their assessments. Supervisors may also place reliance on FMIs’ own risk, compliance, and internal audit functions and/or or third party reviews such as external board effectiveness reviews where supervisors feel that they can rely on their effectiveness.

PFMI self-assessment

In addition, the Bank expects FMIs to undertake self-assessments of their adherence to the PFMI (SSPs are required to provide a self-assessment against Annex F of the PFMI only). Supervisors then review these self-assessments to evaluate any issues identified by the FMI and to assess whether the FMI’s self-assessment corresponds to supervisors’ own judgement of the FMI. This self-assessment is an important test of FMIs’ ability and willingness to demonstrate their understanding of, and commitment to, risk objectives. For example, a self-assessment which paints an overly optimistic picture of an FMI against risk standards, or takes too narrow a view, may indicate that inadequate priority is being given to those standards, weaknesses in risk management, or potential misunderstanding of those standards by the management and Board. The Bank expect firms to complete an in-depth bottom-up assessment against the PFMI every two years and an interim top-down review in the year in between. The Bank also expects firms to alert supervisors to any material changes that occur between such reviews.

Table B sets out an example schedule of baseline activity with a typical Category 1 CCP.

Table B: Example schedule of baseline activity with a typical Category 1 CCP

Activity

Example baseline activity for a Category 1 CCP

Firm meetings

Close and continuous meeting schedule

Review of management information (MI), regular reporting and data

Review data quarterly

Review management and board MI

Management and governance reviews

One every three years

Operational resilience reviews

Two per year

Financial resilience reviews

Two per year

Supervisory stress testing

PFMI self-assessment by the FMI

Annual: in-depth and top-down in alternate years

Regulatory approvals

Firms are required to seek approval from the Bank for certain statutory authorisations required under the relevant regulation. For example, CCPs must inform the Bank of an extension of services and activities, and request approval for interoperability arrangements and for model changes. FMIs that are designated under Settlement Finality Regulations must give the Bank written notice of any proposal to amend, revoke or add to its default arrangements. Timeframes for statutory authorisations are generally set out in the relevant regulation. These examples are non-exhaustive, and firms should refer to the applicable regulations for the full set of regulatory approvals required.

Bank reviews of significant changes

The Bank also undertakes reviews of significant changes proposed by an FMI in order to evaluate whether relevant requirements of applicable regulations and/or the PFMI continue to be met and to ensure the FMI has adequately considered and mitigated potential risks to financial stability. The Bank expects an FMI to inform the Bank whenever it is proposing a significant change to its business that could materially alter its business model, organisational structure or risk profile. The Bank will then review this change. Supervised FMIs will already be familiar with this process, which is sometimes referred to as a ‘non-objection’ process. If the Bank has concerns that the change could result in risks to financial stability or impact the FMI’s ability to meet relevant requirements it would consider whether to use its supervisory powers (this is covered in more detail later in this section, under Using powers in the course of supervision).

Examples of the types of changes which the Bank expects FMIs to notify it about include:

  • certain senior appointments (see Box I);
  • new product and model changes (see Box I);
  • material changes in the ownership, structure or governance of the FMI;footnote [21]
  • material changes to the risk appetite or operating model;
  • material changes to rulebook, including where these relate to interactions with, and/or requirements on, participants;footnote [22]
  • material changes to the recovery or wind-down plan;
  • changes to the capital structure, including payment of a dividend/changes to dividend policy (see Box I);
  • outsourcing/in-housing of critical functions; and
  • significant system and IT changes.

This is a non-exhaustive list. FMIs are responsible for identifying when they should notify the Bank of changes or seek regulatory approval to a change. The Bank expects firms to have in place a clear process for determining whether they need to apply for Bank approval to a change and/or notify the Bank of any changes (including an appropriately senior level of approval). Firms should seek advice from their supervisors at the Bank if they are unsure whether the Bank will undertake a review of a particular change. Box I details some specific examples of the review process for significant changes.

The Bank’s review does not replace the responsibilities of the FMI’s Board and senior management and FMIs should ensure all proposals have been through adequate governance before being notified to the Bank.

Setting supervisory strategies

There are regular internal stocktake meetings (Annual Risk Reviews (ARRs)) for all FMIs that the Bank supervises to discuss supervisors’ assessment of each FMI, based on the output of supervisory activity and risk assessments throughout the previous 12 months. This is used to inform the supervisory strategy and propose remedial actions for the FMI where necessary. There is senior level involvement in these meetings so that major judgements are made by the Bank’s senior and most experienced staff. These formal assessments are also subject to rigorous review by those not directly involved in day-to-day supervision, including risk specialists, independent advisors and relevant staff from other areas of the Bank and other relevant authorities (eg the FCA or PSR). Depending on the potential impact category of the firm, the assessment may also be reviewed by the FMIC.

For higher PIF firms, supervisors will have more frequent and more senior checkpoints in order to monitor and provide appropriate challenge to the supervisory mitigation efforts and overall strategy.

Following each ARR, the Bank sends an individually tailored letter to the relevant FMI’s Board clearly outlining the key risks that are of greatest concern and any action that the Bank requires the FMI to take to bring them within the Bank’s risk appetite. There is a clear and direct link between the risks that the Bank identifies and the actions that the Bank expects from FMIs as a consequence.

The Bank focuses on the most material issues identified and supervisory interventions are clearly and directly linked to reducing risks to the Bank’s primary objective. Supervisors often communicate to a firm’s Board when and how they intend to verify whether any remedial actions taken to address the key risks have been completed appropriately. Supervisors actively engage with the FMI’s Board and its sub-committees, where applicable, and its non-executive directors on progress made in addressing the most significant risks identified.

To date, the Bank’s post-ARR communications have often referred to the actions that the Bank expects FMIs to take as ‘priorities’. Going forward, the Bank’s post-ARR communications will refer to the most significant risks identified for each FMI as ‘key risks’. Wherever the Bank has identified a key risk at a firm, it will expect the firm to mitigate those risks.

FMIs may sometimes disagree with the Bank’s judgements. Supervisors will, in general, discuss any issues that they have identified with the relevant FMI, and carefully consider representations made by the firm, not least to ensure that the Bank’s decisions are made on the basis of all the relevant evidence. However, FMIs should not approach their relationship with supervisors as a negotiation.

International supervisory colleges

The Bank participates in global supervisory colleges either as a home or host supervisor, where relevant. The Bank organises and chairs supervisory colleges for those UK FMIs that operate at scale internationally to ensure appropriate arrangements are in place for cross-border supervisory co-ordination. To be fully effective, colleges must operate in a manner that enables supervisors to be open and transparent with each other and to address difficult issues. The Bank seeks to adopt this approach when it hosts colleges and expects other authorities to participate on the same basis.

The Bank also organises CMGs to provide a framework for authorities to plan crisis management measures (including orderly resolution) for UK CCPs that are judged to be systemically important in more than one jurisdiction.

Using powers in the course of supervision

To assist with the Bank’s risk assessment, and in order to advance the Bank’s primary objective, the Bank may choose to use its statutory powers where appropriate.

The Bank has information gathering powers and powers to commission reports or reviews by Skilled Persons on specific areas of interest.footnote [23] Skilled Person reviews may be commissioned where the Bank judges them to be necessary or useful, for example to identify or evaluate risks. The Bank may enter into a contract with a Skilled Person directly, following a transparent and consistent approach to selecting and appointing them, or may require the regulated firm to contract with the Skilled Person. The Bank is always regarded as the end user of a Skilled Person report regardless of the appointment approach taken.

The Bank has additional powers which it can use in the course of its supervision. These include powers by which the Bank can direct a CCP to take, or refrain from taking, specified action where it is necessary for financial stability or when there is a breach or likely breach of a relevant legal requirement.footnote [24] The Bank also has powers to impose a requirement on CCPs and CSDs where it is desirable for financial stability.footnote [25] footnote [26] This can be done either upon application by an FMI or imposed on the Bank’s own initiative. The Bank can also direct a RPSO or SSP of a RPSO to take or refrain from taking specified action or set standards to be met in the operation of the system.footnote [27]

While the Bank expects firms to co-operate in resolving supervisory areas of concern, the Bank will not hesitate to use formal powers where it considers them to be an appropriate means of achieving the desired supervisory outcome.

Enforcement

Where an FMI fails to comply with relevant requirements or rules imposed by the Bank, or otherwise commits a compliance failure, the Bank can take enforcement action as set out in the Bank’s approach to enforcement document.footnote [28] The Bank has a range of enforcement powers, including public censure, financial penalties and, ultimately, revoking recognition or authorisation. The Bank may also consider, in certain circumstances, taking action against individuals employed by a supervised FMI. The Bank’s approach to enforcement supports and supplements its regulatory and supervisory tools by ensuring there are credible mechanisms for holding FMIs and, where relevant, individuals to account where they do not meet our requirements and expectations. It also provides a wider deterrent effect for the regulated community as a whole.

In practice, not every breach of a rule or requirement will result in enforcement action. The appropriateness of the Bank using its enforcement tools will be measured against a number of considerations including, but not limited to:

  • the anticipated benefits to financial stability;
  • the alternative courses of action available to the Bank; and
  • the proportionality of opening an investigation, given the level of resources it may require and the level of intrusion and cost to the subject.

The Bank’s policy on the imposition and amount of financial penalties is set out in its approach to enforcement. This includes a range of factors the Bank may take into account when considering whether to impose a financial penalty and in deciding the amount of the penalty. The Bank will consider the facts and circumstances of each case and the policy sets out non-exhaustive considerations that may be relevant including the impact or potential impact on financial stability of the breach, the previous disciplinary and/or supervisory record of the FMI or parent company, and their conduct after the breach was committed.

Box H: Supervisory stress testing of UK CCPs

As part of the Bank’s supervision of UK CCPs, the Bank conducts regular supervisory stress tests (SSTs) designed to assess CCP resilience to a severe market stress and the default of major clearing members. This is not a pass-fail exercise but is used to support and inform the supervision and regulation of UK CCPs.

The objective of these stress tests is to test the resilience of individual CCPs, explore their interactions with the wider financial system and to promote transparency and public confidence in the clearing system. The Bank’s SST complements CCPs’ own stress testing and enables the Bank to examine a wider range of possible risks, including more extreme scenarios and default of alternative groups of clearing members.

The scope of the SST will vary across tests, based on the risk landscape and other planned supervisory activities. It will cover some combination of credit stress testing – which assesses the adequacy of CCPs’ financial resources in a severe stress – and liquidity stress testing, which tests CCPs’ ability to service liquidity needs. And the Bank also considers the impact on CCPs’ members, clients, and the wider financial system.

The SST is based around a hypothetical market stress scenario, developed and calibrated to achieve the objectives of the test (for example, calibrated to be equivalent in severity to the historic worst case). This is complemented by ‘multiplier scenarios’ as part of reverse stress testing, which explores the sensitivity of results to increasingly severe assumptions.

The Bank is continuing to develop its approach to stress testing, including the use of desk-based stress-testing models that allow the Bank to test resilience to a wider set of decorrelated scenarios.

Box I: Examples of the review process for significant changes

Assessment of senior appointments

The Bank expects to be notified where FMIs propose certain senior appointments in order to evaluate whether relevant requirements of the relevant legislation are being met. The Bank will assess prospective appointees to these roles for competence and suitability including, where the Bank considers it appropriate, conducting an assessment interview.

These roles include Chair of the Board, Senior Independent Director, Chair of the Board Audit Committee, Chair of the Board Risk Committee, Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Chief Technology Officer, Chief (Information) Security Officer, Chief Risk Officer and Head of Internal Audit.

CCP new product and model changes

The Bank requests that CCPs pre-notify supervisors before introducing a new product or changing its risk models, using a template provided by the Bank. Supervisors refer to the set of forthcoming changes as the ‘pipeline’.

The introduction of new products and changes to models have the potential to affect how CCPs measure and distribute risk. As such, all changes (including those which do not trigger Articles 15 or 49 of UK EMIR) are notified to the Bank to determine whether they will be subject to a review, via the submission of a pre-application disclosure document (PADD). Assessing changes before they are implemented enables the Bank to maintain ongoing assurance that UK CCPs are meeting relevant requirements of applicable regulations and have adequately considered and mitigated any potential risks to financial stability.

The decision of whether to review a change depends on its complexity and materiality. Minor variations on existing products, for instance, are not reviewed following notification. For changes deemed material, such as those introducing novel risks to a CCP, the level of detail of the resulting review is proportionate to the degree of materiality. Supervisors assess planned changes both for compliance with the relevant regulation and for their potential impact on CCPs’ resilience and financial stability more broadly. If the Bank has no objection to the proposed change, supervisors communicate this to the CCP.

Where a change triggers Article 15 or Article 49 of UK EMIR, then the full approval process set out in regulation is followed. The Bank must communicate its decision to the CCP within the timelines in UK EMIR (ie within six months for Article 15 and 90 working days for Article 49).

Payment of a dividend/changes to dividend policy

Some FMIs may seek to distribute profits to their shareholders through payment of dividends. Distributing profits to shareholders reduces the FMI’s available capital and liquidity, and the Bank therefore requires prior notification of the proposal so as to review the payment of dividends.

Where an FMI’s capital approach has been reviewed

If supervisors have previously reviewed the FMI’s capital approach, including its risk appetite and the firm’s dividend policy, the Bank will not undertake a review of each dividend payment. However, the Bank still expects the FMI to notify its supervisors of its intended dividend payment and confirm it is consistent with both policies. While supervisors do not review the individual proposed dividend payments in this case, they may look at payments retrospectively eg if assessing the firm’s capital management.

Where an FMI’s capital approach has not been reviewed

If supervisors have not reviewed an FMI’s capital approach, including its risk appetite and dividend policy, the Bank would review each instance of dividend payment individually.

Box J: Governance and decision-making

Strong governance is key for the challenge and review of decision-making and activities. The Bank’s governance model is designed to ensure that the highest impact decisions are made by the most senior committees. The key decision-making committee for FMIs is the Financial Market Infrastructure Committee (FMIC).footnote [29] The Bank also has internal committees that draw on staff from across the Bank for less material decisions. The FMIC is made up of Bank of England staff and independent members appointed by the Bank. The FCA and PSR also attend relevant committee meetings to ensure effective co-ordination among the authorities on cross-cutting issues.

The FMIC members are:

  • the Governor of the Bank
  • the Deputy Governor for Financial Stability
  • the Executive Director for FMI
  • three Bank members who have been appointed by the Bank
  • at least three independent members who have been appointed by the Bank

The FMIC is involved in key supervisory decisions. For example, the Committee is responsible for approving the Bank’s overall supervisory approach, as well as approving the supervisory strategy for Category 1 FMIs following the ARR.

In line with the Bank’s overall commitment to transparency, key information on FMIC members can be found on the Bank’s website.

Box K: Approach to new firms

New FMIs are emerging in response to innovation

The FMI landscape in the UK is changing. New firms are emerging in response to innovation in the financial sector, and these could fall within the Bank’s supervisory remit. In particular, new firms are exploring the provision of services to new markets such as crypto and other digital assets. New firms are also exploring technologies loosely grouped under the broad heading of ‘tokenisation’ – such as distributed ledger technology (DLT) and the potential for atomic settlement and programmability. These have the potential to offer greater efficiency and functionality and new firms are keen to explore their use in post-trade processes or payments.

The Bank’s remit varies across FMI types – not all new FMIs are supervised by the Bank at launch

All CCPs and CSDs are authorised and supervised by the Bank. However, only systemic payment systems recognised by HMT, and SSPs to those payment systems, fall under the Bank’s remit. This includes systemic payment systems using digital settlement assets (such as stablecoins) and related service providers to those payment systems, which were added to the Bank’s remit under FSMA 2023. HMT, after consultation with the Bank and the PSR, may recognise a payment system based on various criteria set out in legislation.footnote [30] As part of its consideration of these factors, including the transactions the system is likely to process in the future, it may recognise a payment system as systemic at launch.

Applying the Bank’s risk-based, proportionate and tailored supervision of FMIs to new FMIs

In its supervision of FMIs, the Bank takes a judgement-based, forward-looking, risk-based and proportionate approach. This means the Bank focuses its supervisory efforts based on a forward-looking assessment of where risks to financial stability are greatest, and its approach is tailored to each firm, considering each firm on a case-by-case basis. This approach to supervision also applies to new FMIs that enter the Bank’s remit.

The different FMIs under the Bank’s remit are subject to different legislative and regulatory regimes – with their own criteria and processes for coming into the Bank’s remit, and regulatory requirements once they are within the Bank’s remit. As such, the paragraphs below set out the Bank’s approach to new FMIs for each type of FMI, taking these factors into account.

CCPs and CSDs

Authorisation of new CCPs and CSDs

As above, all CCPs and CSDs are authorised and supervised by the Bank. Under UK EMIR/CSDR and other relevant legislation, to authorise a CCP or a CSD, the Bank must be fully satisfied that the firm meets all the requirements set out in legislation. The processes and timeframes surrounding authorisation of CCPs and CSDs are also set out in UK EMIR and UK CSDR respectively.

The Bank encourages prospective CCP and CSD applicants to engage with the Bank at an early stage for advice on the practical aspects of the application. In particular, the Bank encourages prospective CCPs and CSDs to submit draft application materials to the Bank ahead of submitting a formal application for authorisation. This would enable prospective CCPs and CSDs to gain a better understanding of the legislative requirements and the Bank’s expectations, and engage with the Bank prior to submitting a formal application.

Once the Bank is fully satisfied that the firm meets all the legislative requirements, the Bank may authorise the firm for the activities it intends to conduct.

Post-authorisation supervision of new CCPs and CSDs

Following authorisation, the Bank supervises the firm, taking a risk-based and proportionate approach, as set out in Sections 3 and 4. This means that the Bank first categorises the firm based on its potential systemic impact, and then considers a series of further risk elements and mitigating factors to assess the likelihood of an event disrupting the financial system occurring. Taking these into consideration, the Bank then sets its supervisory strategy and workplan for the firm.

Payment systems

Recognition of new payment systems

As above, only systemic payment systems recognised by HMT, and SSPs to those payment systems, fall under the Bank’s remit. HMT is responsible for deciding which payment systems are recognised as systemically important, and the criteria to assess whether a payment system is systemic is set out in Part 5 of BA09. Under BA09, in considering whether to recognise a payment system, HMT must have regard to:

  • the number and value of the transactions that the system presently processes or is likely to process in the future;
  • the nature of the transactions that the system process;
  • whether those transactions of their equivalent could be handled by other systems;
  • the relationship between the system and other systems; and
  • whether the system is used by the Bank in the course of its role as a monetary authority.

After considering these factors, HMT may recognise a payment system as being systemically important if it is satisfied that any deficiencies in the design of a system, or any disruption of the system’s operation, would be likely to threaten the stability of, or confidence in, the UK financial system, or could have serious consequences for business or other interests throughout the UK. HMT may also recognise a payment system as ‘systemic at launch’.

The role of the Bank in the recognition of payment systems is to provide HMT with a recommendation comprising its assessment of the payment system against the recognition criteria set out in BA09.

Post-recognition supervision of new payment systems

If HMT decides to recognise a payment system as systemically important or systemic at launch, it comes into the Bank’s supervisory remit and the Bank supervises the firm. For new payment systems under the Bank’s remit, the Bank categorises the firm based on its potential systemic impact, and then considers a series of further risk elements and mitigating factors to assess the likelihood of an event disrupting the financial system occurring (as set out in Section 3). Taking these into consideration, the Bank then sets its supervisory strategy and workplan for the firm (Section 4).

Box L: Digital Securities Sandbox

In September 2024, the Bank and the FCA opened the Digital Securities Sandbox (DSS) for applications. The DSS is a regulated live environment that has been created to explore how developing technologies could be used by firms to undertake notary, maintenance and settlement activities for financial securities either alone, or together with the operation of a trading venue. For example, the DSS will facilitate the issuance, trading and settlement of digital securities in the UK on distributed, programmable ledgers.

The DSS is operated jointly by the Bank and the FCA with three main aims of facilitating innovation, protecting financial stability and protecting market integrity. In order to do this, the DSS uses:

  1. Limits: These innovative technologies are untested in important financial markets at significant scale in the UK and globally. Consequently, live activity in the DSS will be subject to specific limits that have been carefully calibrated based on market analysis for the different asset types in scope of the DSS.
  2. Modified and flexible legal regime: A modified legal regime, including a flexible set of rules introduced by the Bank, will be in place for the duration of the DSS. This allows the Bank and the FCA to remove legal obstacles and barriers that prevent the use of developing technologies and to adapt those in light of the activities in the Sandbox.
  3. Glidepath design: The DSS has been designed so that participants can scale their business with access to higher limits as they demonstrate their compliance with the regulatory requirements. At the end of the DSS, the intention is that interested participants will have the opportunity to transition to a new permanent regime if the technology is successfully adopted.

Firms operating within the DSS are supervised under a modified supervisory approach. This approach is grounded in the same high-level principles as set out in this supervisory approach publication. In particular, regulators have sought to ensure that supervision in the DSS is proportionate to the risks posed by firms to the regulators’ objectives.

More information on the DSS can be found at Digital Securities Sandbox (DSS).

5: Approach to non-UK FMIs

The Bank is responsible for supervising or overseeing a diverse range of FMIs. This includes both systemic and non-systemic non-UK FMIs that provide services to the UK or have UK participants. This section sets out the areas where the Bank tailors its supervisory approach to non-UK FMIs to ensure a proportionate approach.

 

FMIs often operate across borders. This is a desirable feature that can provide benefits to participants and financial stability benefits. However, it also means risks can be imported across borders and have the potential to disrupt the financial stability of the UK and vice versa.

The Bank’s guiding principle in developing its approach to non-UK FMIs is that of ‘safe openness’, ie ensuring the UK financial system remains safe without sacrificing the global financial stability benefits of open, cross-border FMI.

The Bank’s approach to supervising non-UK FMIs is consistent with international standardsfootnote [31] and the Bank’s commitment to international co-operation. It is underpinned by a desire to co-operate with the non-UK FMI’s home regulator and the concept of deference, where the Bank will defer to the respective home supervisory authorities wherever it is appropriate to do so. This is aligned with the Bank’s preference for strong and effective cross-border supervisory co-operation, avoiding ‘too many hands on the steering wheel’.

General approach to supervision and oversight of non-UK FMIs

The Bank follows the same general approach to all non-UK FMIs, although this approach is implemented via different frameworks because of the different regulatory regimes in place for different FMIs. In order to place reliance on a home regulator, the FMI’s home jurisdiction regulatory and supervisory framework must deliver broadly similar outcomes to that of the UK, and the Bank must be satisfied that there are sufficient co-operation arrangements in place and engagement to rely on the home authority.

The level of co-operation and information sharing the Bank expects from the home authority will depend on our assessment of the systemic importance of the non-UK FMI to UK financial stability. The higher the UK activity or risks posed to the UK, the higher expectation the Bank has for the depth of co-operation and information sharing. This is an ongoing assessment to ensure the level of co-operation and information sharing with the home authority remains appropriate and proportionate.

Where the Bank concludes that the co-operation and information sharing arrangements are sufficient for the Bank to defer to the firm’s home authority, the Bank advances its objectives primarily through engagement with the home authority. This may include structured and regular engagement with the home authority to exchange views and information, and participation in multilateral fora or reviews led by the home authority to gain comfort on how supervision is delivered.

Where the Bank concludes that co-operation and information sharing arrangements are not sufficient, the Bank will seek to apply enhanced arrangements, including where appropriate, imposing requirements on the non-UK FMI, although the Bank would still seek to collaborate with the home authority where possible.

The Bank maintains a proportionate approach to overseeing any non-systemic non-UK FMIs under its supervisory remit, again placing the greatest possible reliance on home regulators. This oversight may involve collecting periodic data to verify the Bank’s assessment that the non-UK FMI is non-systemic and/or ensuring any recognition criteria are met.

Non-UK CCPs

For non-UK CCPs, the assessment of whether the CCP is systemic for UK financial stability and the extent to which the Bank places reliance on the home authority is currently implemented though UK EMIR, in particular the ‘tiering’ framework.

Non-UK CSDs

For non-UK CSDs, an assessment of the CSD’s systemic importance to UK financial stability results in the CSD being placed into one of two groups. This determines the level of monitoring and/or supervisory activity anticipated to be undertaken by the Bank, which will primarily depend on the risk the Bank considers the non-UK CSD poses to UK financial stability:

  • Incoming CSD Group A – incoming CSDs deemed to pose material risks to UK financial stability.
  • Incoming CSD Group B – incoming CSDs deemed to pose low risks to UK financial stability.

The Bank’s process for allocating non-UK CSDs to these groups will be based on an assessment against a range of qualitative and quantitative factors relating to the materiality of the risks the CSD poses to UK financial stability, including but not limited to:

  1. The value of the transactions settled by the CSD that are linked to the UK (measuring UK-related settlement flows through the CSD).
  2. The value of securities held by the CSD on behalf of UK-based participants and issuers (measuring the stock of UK-related securities held in the CSD).
  3. The proportion of the CSD’s total business that is linked to the UK.

Under this framework, the Bank expects that non-UK CSDs primarily serving their respective national securities markets will be allocated to Group B; and non-UK CSDs primarily serving international securities markets (such as the ‘eurobond’ market) will be allocated to Group A.

The Bank will seek to apply deference via agreeing appropriate co-operation agreements with home authorities depending on the CSD group in line with the general approach to non-UK FMIs described above.

Non-UK payment systems

The Bank supervises payment systems recognised under BA09 as systemic in the UK, and there is no distinction in the legal regime between UK and non-UK firms. For payment systems based outside of the UK, the Bank applies the same high-level approach to deference set out above. The Bank seeks to agree and apply firm-specific deference arrangements with home supervisors, where possible, to deliver an equivalent outcome.

Settlement finality designation for non-UK law systems

In line with the Bank’s approach to co-operation with overseas authorities, for non-UK law systems, the Bank will have regard to home state regulation where it is satisfied that there are equivalent requirements. If the Bank identifies any areas of concern, it will, in the first instance, engage with the relevant home state regulator (where one exists) to resolve any issues.footnote [32]

Box M: Transitional regimes

CCP temporary recognition regime

The temporary recognition regime (TRR) enables eligible non-UK CCPs to provide clearing services and activities in the UK until 31 December 2025, so long as they continue to be eligible for the TRR. The duration of the TRR is extendable by HMT in increments of up to 12 months. A 12-month extension, to 31 December 2026, has been laid before Parliament.

CCP run-off regime

The Bank also operates a run-off regime where non-UK CCPs which were eligible for, but did not enter, the TRR – or non-UK CCPs which enter the TRR but subsequently exit the regime without permanent recognition – are automatically eligible to continue to provide those clearing services and activities that they were permitted to carry out immediately before entering the run-off regime. The run-off regime provides time for UK firms to wind down relevant contracts and business with non-UK CCPs in an orderly manner. CCPs that have entered the run-off regime are unable to enter (or re-enter) the TRR and will need to apply for recognition under the standard process if they wish to provide clearing services and activities in the UK.

Transitional regime for non-UK CSDs

Under the transitional regime, eligible non-UK CSDs are able to continue to provide CSD services in the UK until HMT makes an equivalence decision for the jurisdiction in which the CSD is established under Article 25(9) of the UK CSDR. Following such an equivalence decision, the CSD must submit an application for recognition to the Bank within six months in order to continue to provide CSD services in the UK.

There is a list of non-UK CSDs that have notified the Bank of their intention to provide CSD services in the UK under the transitional regime on the Bank’s website. This list is subject to change if non-UK CSDs no longer meet the eligibility criteria or withdraw their notification.

  1. The Bank of England’s supervision of financial market infrastructures Annual Report: 16 December 2022–15 December 2023. The £400 billion figure for RPSOs comprises average daily figures for CHAPS, Bacs, Faster Payments, Link, Mastercard Europe and Visa Europe. Note that CHAPS is not a RPSO but is supervised to equivalent standards by the Bank (see Box C).

  2. Bank of England Quarterly Bulletin 2013 Q2.

  3. HMT's recognition criteria (s185 of Banking Act 2009) is whether any deficiencies in the design of the system, or any disruption of its operation, would be likely to: (a) threaten the stability of, or confidence in, the UK financial system; or (b) have serious consequences for business or other interests throughout the United Kingdom.

  4. This section has now been consolidated into s30D(2) of the Bank of England Act 1998.

  5. Pursuant to s30D of the Bank of England Act 1998, the Bank’s FMI functions are its function of making rules under FSMA 2000, making technical standards, preparing and issuing codes under FSMA 2000, and determining general policy and principles by reference to which it performs particular functions under FSMA 2000.

  6. In 2012, the Bank also adopted the PFMI as a published set of principles to which recognised payment systems operators are to ‘have regard’, pursuant to s188 of BA09.

  7. Application of the Principles for financial market infrastructures to central bank FMIs.

  8. As defined in s312L(8) of FSMA 2023.

  9. FMI outsourcing and third party risk management policy statement.

  10. The ARR is an internal oversight process, held every 12 months, through which Bank management monitors and challenges supervisors’ progress and proposals for the supervisory strategy and work-plan for a firm, to mitigate identified key risks to the Bank’s objectives.

  11. Any data the Bank shares is pursuant to our relevant statutory gateways.

  12. In particular, having regards to the effects generally that the exercise of FMI functions will or may have on the financial stability of countries or territories (other than the United Kingdom) in which the FMI entities are established or provide services.

  13. Other than recognised investment exchanges.

  14. There are different requirements for the UK law and non-UK law systems. See Approach to the monitoring of third country systems designated under the SFR for more information on the Bank’s approach. For any questions, please email SFD-enquiries@bankofengland.co.uk.

  15. CBEST stands for Critical National Infrastructure Banking Supervision and Evaluation Testing. It is a framework specially designed for assessing and evaluating cyber security defences in the financial sector.

  16. In line with the Bank’s existing expectations on managing risks to the broader ecosystems, and noting the Bank’s narrower expectations with respect to SSPs.

  17. Critical function refers to the actual activity deemed significant to financial stability eg central clearing.

  18. Joint covering document, Operational resilience: Impact tolerances for important business services.

  19. Explanatory Note 3.2.2 of the PFMI: Given the importance of FMIs and the fact that their decisions can have widespread impact, affecting multiple financial institutions, markets, and jurisdictions, it is essential for each FMI to place a high priority on the safety and efficiency of its operations and explicitly support financial stability and other relevant public interests.

  20. The Bank has the power to request information from supervised firms to deliver our objectives, under s165 and paragraph 11 of Schedule 17A FSMA 2000 for recognised clearing houses (RCHs), CCPs and CSDs; and s204 of BA09 for recognised payment systems and service providers. The Bank may or may not use its formal powers to request data from firms.

  21. For CCPs, those required to be notified to the Bank under Article 31 of UK EMIR are formal regulatory approvals, For CSD those required to be notified to the Bank under Article 27 of UK CSDR are regulatory approvals.

  22. For CCPs, those activities that a CCP cannot outsource without the Bank’s approval under Article 35 of UK EMIR are regulatory approvals.

  23. s165, s166 and s166A of FSMA 2000 (applied to the Bank through paragraphs 11, 12 and 12A of Schedule 17A FSMA for RCHs, CCPs and CSDs) and s204 and s195 of BA09 for RPSOs and SSPs.

  24. s296 and s296A of FSMA 2000.

  25. s55L(3) and s55L(5) of FSMA as incorporated by paragraph 9B(1) and (7) of Schedule 17A FSMA.

  26. This power also is exercisable when the relevant FMI entity: (a) has failed, or is likely to fail, to satisfy the recognition requirements; or (b) has failed to comply with any other obligation imposed on it by or under FSMA 2000.

  27. s91 of BA09.

  28. As stated in The Bank of England's approach to enforcement: statements of policy and procedure, the Bank will apply the relevant penalty policy that was in place at the time of a breach (where a breach spans two policies, two penalty calculations will be considered). The previous penalty policy no longer applies.

  29. Pursuant to s30F of the Bank of England Act 1998.

  30. s185(2) of BA09.

  31. Such as the G20 St. Petersburg declaration, IOSCO Good Practices, PFMI Responsibility E.

  32. For more information see the Bank’s Approach to the monitoring of third country systems designated under the SFR and Guidance on applications for settlement finality designation for non-UK law systems operated by private operators.

Historic versions of our approach documents

We previously set out our approach to FMI supervision across two publications: