The Bank of England (the Bank) has published its Fundamental Rules for Financial Market Infrastructures (FMIs). FMIs play a critical role in managing risk and allowing payments to be made safely. These rules set out the outcomes that the Bank expects from FMIs, including with regard to their financial resources, operational resilience and the actions they should take to understand and manage the risk they may pose to the stability of the financial system. They are intended to increase the transparency and effectiveness of the Bank’s role in supervising FMIs, supporting UK financial stability and the UK economy more broadly.
Introduction
This supervisory statement (SS) is relevant to all financial market infrastructures (FMI) incorporated in the UK, and regulated by the Bank of England (the Bank). This includes central securities depositories (CSDs), central counterparties (CCPs), recognised payment system operators (RPSOs) and specified service providers (SSPs) to RPSOs.
The purpose of this supervisory statement is to set out how the Bank expects FMIs to comply with the Fundamental Rules. This SS should be read in conjunction with the relevant legal instruments for each FMI type and does not replace those instruments.
The aim of the Fundamental Rules is to provide a clear and transparent articulation of the outcomes that the Bank requires of FMIs, so that it is easier for firms and the public to understand what the Bank is seeking to achieve through its regulation.
FMIs are regulated under a number of different regulatory frameworks which provide the basis for the requirements each FMI type must comply with. These underlying regulatory frameworks continue to apply, and it is intended that the Fundamental Rules are consistent with and will complement those existing frameworks. The Bank will signpost on its website links to all the relevant materials.
While this SS is intended to provide guidance as to how the Bank expects FMIs to meet their regulatory obligations with regards to all Fundamental Rules, some guidance complements existing guidance. This is due to some Fundamental Rules covering more established areas of existing regulation, where there is existing guidance. For other Fundamental Rules, we have provided more detailed guidance.
The Bank acknowledges that some rules cover similar themes and there may be overlap between some of the rules. The guidance in this supervisory statement highlights, in places, where there are links between Fundamental Rules.
When interpreting the Fundamental Rules, the Bank expects FMIs to take a holistic view of the regulatory frameworks in which they operate, including the Principles for Financial Market Infrastructure (PFMIs) as well as the requirements in the Fundamental Rules. In all cases, FMIs should engage with their supervisors if they are unclear on how to interpret a rule.
The Fundamental Rules will apply to CCPs and CSDs across all regulated and unregulated activities. In practice the application of these rules in this way will be in so far as those activities are relevant for the Bank to advance its financial stability objective.footnote [1] This ensures that any activity whether regulated or unregulated will be in scope of the Fundamental Rules in instances where there is a financial stability implication. The Fundamental Rules will apply to all of an FMI’s activities whether in the UK or another jurisdiction, reflecting the global nature of the services that FMIs provide.
Fundamental Rules 3, 4, 5, 6, 8, 9, 10 and (in so far as it relates to disclosing to the Bank) 7, will apply to CCP/CSD group activities. For these rules the activities of the wider group can have a relevant bearing on a CCP/CSD’s ability to comply with the Fundamental Rule. An example of this is in respect of Fundamental Rule 9 (operational resilience). The activities of the group that an FMI is part of can have a material impact on the ability of an FMI to ensure it complies with this Fundamental Rule. For instance, an operational disruption to a group entity of the FMI could have an impact on the ability of the FMI to deliver its important business services and manage its risks. This risk may be especially relevant in circumstances where the FMI shares operations or outsourcing arrangements with the group. Therefore, in determining whether an FMI is compliant with this Fundamental Rule the Bank would take into account whether group entities of the FMI are also ensuring that they maintain sufficient operational resilience.
This restriction does not apply to Fundamental Rule 1 (Integrity) and 2 (Due Skill, Care and Diligence) as the ability for a CCP/CSD to behave with integrity, due skill, care and diligence is internal to the CCP or CSD, meaning that there is less scope for the group to influence the regulated FMI to comply with this rule.
The rules will apply to RPSOs and SSPs in line with the scope of the code of practice power as set out in section 189 of the Banking Act 2009. The scope of the application of codes of practice to payment systems is different in its legal basis from the general rule making power the Bank has over CCPs and CSDs, whereby the application of the codes of practice relates to the system operated by the RPSO and services provided by SSPs. The Fundamental Rules will apply extraterritorially to RPSOs and SSPs whether services and activities are provided in the UK or in another jurisdiction, reflecting the global nature of the services FMIs provide. In line with the scope of the code of practice power the Fundamental Rules will not apply to group activities of RPSOs and SSPs.
Guidance for the Fundamental Rules
Fundamental Rule 1 – An FMI must conduct its business with integrity
The purpose of this rule is to ensure that an FMI behaves in a way that is clear, transparent and honest during the course of its everyday business and decision making. As part of this, the Bank expects that FMIs will be clear and transparent in their approach to information sharing with participants, including through providing sufficient information to enable their participants to have an accurate understanding of the risks they incur through participation in the FMI. This is consistent with Principle 23 of the Principles for Financial Market Infrastructures (PFMI) which establishes that FMIs should provide sufficient information to their participants to enable them to have an accurate understanding of the risks that they incur. However, in line with PFMI 23, participants bear primary responsibility for understanding the rules, procedures, and risks of participating in an FMI as well as the risks they may incur when the FMI has links with other FMIs.footnote [2]
Everyday use of the term ‘integrity’ will be applied by the Bank.
Fundamental Rule 2 – An FMI must conduct its business with due skill, care and diligence
The Bank expects that FMIs are well-run, with decisions being appropriately informed and well executed. An FMI must discharge the obligations required by the Fundamental Rule during the course of its everyday business and when making decisions, including strategic decisions. The Bank also expects FMIs to have regard to this rule when making decisions that affect its internal governance and operations.
Everyday use of the terms ‘skill’, ‘care’ and ‘diligence’ will be applied by the Bank.
What is considered as sufficient to meet the Bank’s expectations will depend on all the relevant circumstances, including the nature of the FMI, its counterparties and the business it undertakes.
Fundamental Rule 3 – An FMI must act in a prudent manner
Compliance with this rule means that FMIs will demonstrate sound judgement and exercise caution when making and executing decisions that involve risk. This is both relevant to potential risks to the FMI’s own operations and the FMI’s role in managing risks to the financial system. This rule is linked to Fundamental Rule 10, which covers an FMI’s consideration of its impact on the broader financial system.
This rule complements Fundamental Rule 2, in exercising due skill, care and diligence. Whilst both Fundamental Rule 2 and 3 are applicable to internal and external decisions and functions, Fundamental Rule 3 has a focus on prudence which manifests in appropriate caution and foresight in relation to risk.
Fundamental Rule 4 – An FMI must maintain sufficient financial resources
This rule aims to ensure that FMIs’ financial resources (including capital, and for CCPs margin contributions and default funds) are sufficient to ensure FMIs are financially resilient, particularly in times of stress. Where relevant, an FMI in a group will need to consider its financial resources by taking into account demands from the consolidated level of the group.
An FMI has sufficient financial resources when it can survive extreme but plausible shocks without the disorderly propagation of losses across its members or participants and without causing any risk to the financial resilience of the FMI or the financial system. ‘Sufficient’ should also be taken to mean that FMIs should be able to meet the requirements set out in the underlying regulatory regimes for FMIs, noting that sufficient financial resources may vary depending on the FMI and its business. It does not impose an additional requirement for any FMI beyond that which is already required by applicable rules, legislation and expectations that have been communicated to FMIs by the Bank. It is noted that following a clearing member default event a CCPs’ financial resources may be depleted and that it should seek to replenish them as quickly as is practicable.
When interpreting compliance with this rule, FMIs should refer to the requirements set out in the underlying regulatory frameworks and international standards. For RPSOs and SSPs, the intention of this rule is to formalise the expectations already established through the PFMIs and during the course of supervisory engagements.
Fundamental Rule 5 – An FMI must have effective risk strategies and risk management systems
In complying with this rule, the Bank expects FMIs to have risk management policies, procedures, and systems that enable it to identify, assess and manage the range of risks that are inherent to their business and that are borne by the FMI. It should identify those risks that could materially affect its ability to perform or to provide their important business services.
The risk management systems should comprehensively consider the management of legal, credit, liquidity, operational, market and other general business risks. In doing this, the FMI is expected to take a comprehensive view of all risks and ensure there are robust structures for managing and reporting on these risks and should have a clear articulation of the FMI’s risk appetite.
Given the highly interconnected nature of FMIs, the risk management frameworks should consider the risks the FMIs poses to its participants and to other entities, including having a comprehensive view of the interdependencies between the FMI and other entities. This rule is linked to Fundamental Rule 10, where FMIs are required to consider their impact on broader financial stability.
Fundamental Rule 6 – An FMI must organise and control its affairs responsibly and effectively
This rule requires firms to have appropriate internal governance arrangements to ensure the FMI is run in a safe and effective way. This includes ensuring that the management and senior decision makers in an FMI are fit and proper for their roles with clear responsibilities set out for management, including the board and relevant committees.
An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI.
Notwithstanding that governance arrangements may be different for each FMI, an FMI’s governance arrangements should be clear and transparent with clear and direct lines of responsibility and appropriate record keeping.
Fundamental Rule 7 – An FMI must deal with its regulators in an open and co-operative way and must disclose to the Bank appropriately anything relating to the firm of which the Bank would reasonably expect notice
Compliance with this rule means that the Bank expects there to be a co-operative relationship between an FMI and their supervisors and should be interpreted as encompassing any information that an FMI considers relevant to the Bank’s objectives.
This may include being proactive in disclosing documents, information and incidents that the Bank would reasonably expect, being ready, willing and organised to engage with supervisors and notifying the Bank of any changes, challenges or concerns relating to the operation of the FMI. This includes promptly informing the Bank of incidents that could affect the FMI, its members or the market.
The rule extends to the provision of information and notification of events concerning non-regulated activities and other members of a group, where appropriate. The Bank expects that the FMI would be responsible for disclosing such information, while noting that in certain circumstances the group entity may be best placed to do so. What constitutes reasonable is dependent on the particular circumstances facing the FMI, but is likely to include events at a group level which may have an impact on the FMI’s ability to meet its regulatory obligations, such as in relation to its financial or non-financial resources, governance or ownership structure.
Fundamental Rule 8 – An FMI must prepare for resolution or administration so, if the need arises, it can be resolved or placed into administration in an orderly manner with a minimum disruption to critical services
The Bank places high importance on FMIs being prepared for resolution or administration. What constitutes preparing for resolution or administration may vary by FMI, the legal regime that applies to it and what business it undertakes. In all cases, FMIs should identify scenarios that may prevent the FMI from potentially being able to provide its critical services and prepare appropriate plans for resolution or administration based on that exercise.
Critical services comprise of the services provided by the FMI that need to continue during a time of stress or during a resolution or administration procedure, where the withdrawal of such services would threaten the safety and soundness of the FMI, the stability of the financial system or the real economy. FMIs should identify their critical services in a way that makes sense for their business activities, including identifying what services they provide that are critical to the economy in the event an FMI could no longer recover. The Bank expects that there will be some overlap in the services identified as important in an operational resilience context, but they may not necessarily be the same.
Different regimes for resolution and administration apply depending on the FMI in question. The Financial Services and Markets Act (FSMA 2023) introduced an enhanced CCP resolution regime, which brings the Bank fully in line with international standards. This came into effect from 31 December 2023. The Bank expects CCPs to prepare for the enhanced resolution regime. CSDs and RPSOs should prepare for the FMI Special Administration Regime. The inclusion of both resolution and administration in this rule is intended to reflect the different regimes and approaches that would be taken should an FMI need to be placed into resolution or administration.
This rule is not the sole and comprehensive rule on the Bank’s expectations of what FMIs should prepare for. These may include the preparation of wind-down plans, separate to the preparations required under the relevant resolution or administration regimes, as relevant. If appropriate and if the need arises, the FMI could execute its wind-down plans and safely exit the market, without entering resolution or administration and without the threat of insolvency.
Fundamental Rule 9 – An FMI must maintain sufficient operational resilience
Operational resilience is the ability of FMIs and the sector as a whole to prevent, respond to, recover and learn from operational disruptions. Given the highly interconnected nature of FMIs, an operational outage could create risks to the stability of the financial system.
Sufficiency should be interpreted to mean that FMIs can deal with an extreme but plausible event, where FMIs not only can withstand such a scenario but can get back up and running in line with impact tolerances agreed in advance with their supervisors.
Impact tolerances set the maximum tolerable level of disruption for an important business service, whereby further disruption would:
- significantly threaten the transfer of payments or the safety and efficiency of the payment system;
- pose a significant impact to the market the CCP or CSD serves.
In complying with this rule, the Bank expects FMIs to have regard to the more detailed expectations set out in the existing policy on operational resilience for CCPs and CSDs.footnote [3] For RPSOs and SSPs, this includes the requirements set out in the Code of Practice and supervisory statement on operational resilience.footnote [4]
Fundamental Rule 10 – An FMI must identify, assess and manage the risks that its operations could pose to the stability of the financial system
FMIs are integral to the functioning of the financial system and the UK economy, which means they are highly systemic in nature. They can also be systemic in other jurisdictions. FMIs can, through their design, rules, procedures, and operation, reduce risk in financial markets. This contributes towards financial stability. Conversely, poor FMI design, rules, procedures or operation can mean that unnecessary exposures or frictions arise among market participants; in times of market stress, they could become channels of contagion or even amplification. As such, disruption to the operations of an FMI could have serious impacts across the financial system. Given the importance of FMIs to the financial system this rule sets a requirement for FMIs to identify, assess, and manage the risks that its operations could pose to the stability of the financial system.
The Bank seeks to ensure that the FMIs it regulates support financial stability and so reduce systemic risk by:
- avoiding disruption to the vital payment, settlement, and clearing services that they provide to the financial system and real economy;
- avoiding actions that have an adverse impact on the safety and soundness of their participants or users, subject to preserving the resilience of the FMI; and
- contributing to identifying and mitigating risks in the end-to-end process of making payments, clearing and settling securities transactions, and clearing derivatives trades.
In requiring firms to ‘identify, assess and manage’ the Bank expects that FMIs must seek to be aware of the risks their operations may pose (identify), understand these risks and their possible effects (assess) and then be able to deal with these effects (manage). The Bank expects FMIs to consider instances where both an action or an inaction by the FMI could result in its operations posing risk to the stability of the financial system. The Bank further expects that any action or inaction by an FMI should not place its own resilience at risk. As part of managing identified risks, FMIs should share relevant information that its members and participants would reasonably expect in an effort to prevent the transmission of systemic risk through the broader market and the financial system. For SSPs, this includes sharing any relevant information with the RPSO to which it provides critical services.
Understanding and consideration of systemic risks should be embedded into the FMIs’ overall risk management strategy and processes, which is relevant to Fundamental Rule 5 Risk Management.
The Bank recognises that the ‘stability of the financial system’ doesn’t mean that FMIs are responsible for all financial instability, but that, as far as is reasonably possible, they should seek to foresee the risk that they pose to financial stability, and work to ensure they do not introduce or exacerbate systemic risk. The Bank’s expectations in this respect will take into account the specific situation, including how foreseeable a particular risk is.
In recognition of the international importance of the services that UK CCPs and UK CSDs provide, FSMA 2023 also requires the Bank also to have regard to financial stability in countries where UK CCPs and UK CSDs provide services.footnote [5] As such, FMIs should consider the nature of their business as it relates to cross-border activities when interpreting this rule.
Box A: Example scenarios for Fundamental Rule 10
To help FMIs understand how Fundamental Rule 10 may work in practice, we have included some illustrative scenarios which explain how the Bank would expect FMIs to consider this rule in a range of difference circumstances. These examples are non-exhaustive and are presented to provide guidance only.
Scenario 1: FMI participation requirements
Scenario: FMIs should allow fair and open access to their services, with participation requirements being set by taking account of the risks presented to the FMI by its direct and indirect participants. An FMI may evaluate its participation requirements based on a review of its overall risk-management strategy. Based on this review, an FMI might identify risks that would warrant a change in participation requirements but despite these risks, the FMI may consider maintaining its current participation requirements based on commercial considerations.
Risk absent Fundamental Rule 10: Maintaining participation requirements despite the risks identified could result in broader financial stability concerns beyond the FMI itself given there may be a higher risk of default of some of its members or participants. A defaulting member/participant could create disruption to payments, clearing and settlement, which could exacerbate financial stability concerns in times of stress.
FMI action in complying with Fundamental Rule 10: Here the FMI should seek to identify and assess the risks to entities broader than the FMI itself where a decision to change or to maintain participation requirements could have on its members and participants, so that disruption can be minimised or avoided. The FMI should take reasonable steps to manage any broader financial stability risks introduced by its decision around participation requirements, including ending a firms’ membership where necessary or discussing the change to its overall risk management framework with the Bank if it chooses to maintain the existing participation requirements.
Scenario 2: End-to-end risk management of a payment chain
Scenario: Innovation in the payments landscape has resulted in the unbundling of payments, with the emergence of new actors and entities that provide critical services that ensure the smooth functioning of a payment chain. A RPSO is required to act as a systemic risk manager and have a view of the end-to-end risks in a payment chain so that an outage from a payment service provider does not cause disruption to the flow of payments or undermine confidence in payments more broadly.
Risk absent Fundamental Rule 10: Without the RPSO taking steps to have appropriate oversight of these critical entities in the entirety of payments chain, it creates heightened risk that an outage from an entity in the payments chain could create broader systemic risk.
FMI action in complying with Fundamental Rule 10: RPSOs should identify and manage any incidents or issues that could cause widespread disruption to the smooth flow of payments across the payment chain and/or reputational risk to the payment system, whether caused by one or more participants, critical service providers or other entities along the payments chain. They should also assess lessons learned from such incidents and reflect these in rules, standards, service legal agreements or similar, as appropriate. The RPSO should undertake end-to-end testing of the payment chain, including simulating the operation of the chain under extreme scenarios, and putting in place and maintaining business continuity plans that include consideration of risks to the end-to-end chain. Where a SSP is a critical service provider to a RPSO, the SSP should seek to identify, manage and communicate with the RPSO any risks that could disrupt the end-to-end flow of payments.
Scenario 3: Operational outage by a third-party provider
Scenario: An FMI may have significant outsourcing and third-party arrangements, with a third party providing a large proportion of its IT infrastructure. The FMI experiences an operational outage due to failure of an IT system whereby the FMI did not have adequate oversight of its outsourcing and third-party providers.
Risk absent Fundamental Rule 10: If this outage breaches specified impact tolerances, it could affect the FMIs’ ability to process financial transactions, which would likely cause widespread disruption to the payments, clearing or settlement services provided by the FMI.
FMI action in complying with Fundamental Rule 10: The FMI would need to identify the cause of the outage, and what third-party provider the outage is stemming from. The FMI would need to identify which of its important business services are impacted by the outage and assess how this will interact with financial stability risks. In particular, if the incident was prolonged in duration, it could impact the stability of the financial system or the wider economy. Once the broader financial stability implications of the outage are assessed, the FMI will need to take steps to manage those risks accordingly. As part of the FMI’s exercise in identifying important business services, the FMI may have done some analysis on the hierarchy of services and its role in the broader financial system. The FMI may have to examine trade-offs that should be made in order to minimise disruption to the financial system, which could include prioritising between recovery of important business services.
What does the Bank expect if an FMI finds itself in a scenario that may have broader implications for financial stability?
While these scenarios are illustrative and non-exhaustive, the Bank expects that with Fundamental Rule 10 in place, FMIs’ behaviours should take account of, and understand its own systemic importance and potential consequences to the stability and confidence of the financial system as a result of its operations, either through disruption or as a transition mechanism.
If an FMI finds itself in a situation where its operations are presenting systemic risk, the Bank expects the FMI to consider the impact of the scenario and address it in a way that recognises its impact and the impact of any mitigating actions the FMI could take on the stability of the financial system. The Bank does not expect the FMI to take any action which would place the FMI’s own resilience at risk.