79211 This volume is a product of the staff of the International Bank for Reconstruction and Development / The World Bank. The World Bank does not guarantee the accuracy of the data included in this work. The findings, interpretations, and conclusions expressed in this paper do not necessarily reflect the views of the Executive Directors of the World Bank or the governments they represent. The material in this publication is copyrighted. FINANCIAL SECTOR ASSESSMENT PROGRAM MALAYSIA ASSESSMENT OF OBSERVANCE OF THE CPSS-IOSCO PRINCIPLES FOR FINANCIAL MARKET INFRASTRUCTURES DETAILED ASSESSMENT OF OBSERVANCE FEBRUARY 2013 INTERNATIONAL MONETARY FUND THE WORLD BANK MONETARY AND CAPITAL MARKETS FINANCIAL AND PRIVATE SECTOR DEVELOPMENT DEPARTMENT VICE-PRESIDENCY EAST ASIA AND PACIFIC REGION VICE-PRESIDENCY CONTENTS I. EXECUTIVE SUMMARY ................................................................................................................. 1 II. INTRODUCTION ............................................................................................................................. 3 III. PAYMENT AND SECURITIES SETTLEMENT SYSTEMS LANDSCAPE ............................................ 4 A. Legal and regulatory framework.......................................................................................... 4 B. Large Value Payment Systems ............................................................................................ 5 C. Retail Payment systems ....................................................................................................... 7 D. Securities Settlement Systems ............................................................................................. 8 E. Oversight arrangements ....................................................................................................... 9 IV. SUMMARY ASSESSMENT ............................................................................................................. 10 A. Summary assessment of the principles .............................................................................. 10 B. Summary assessment of the responsibilities ...................................................................... 11 C. Recommendations for FMIs .............................................................................................. 12 D. Recommendations for Authorities ..................................................................................... 17 V. DETAILED ASSESSMENT – RENTAS (RTGS, CSD AND SSS) .................................................. 18 VI. DETAILED ASSESSMENT OF THE BMSC.................................................................................... 63 VII. DETAILED ASSESSMENT - BMDEPO ........................................................................................ 111 VIII. DETAILED ASSESSMENT BMDC .............................................................................................. 129 IX. RESPONSIBILITIES OF AUTHORITIES....................................................................................... 169 X. AUTHORITIES’ RESPONSE ........................................................................................................ 178 Tables 1. Retail Payment Instruments Usage Statistics – 2011..............................................................7 2. Securities Market Statistics for 2011......................................................................................8 3. Ratings Summary RENTAS – RTGS component................................................................10 4. Ratings Summary RENTAS – CSD and SSS components...................................................10 5. Ratings Summary BMSC......................................................................................................10 6. Ratings Summary BMDepo..................................................................................................10 7. Ratings Summary BMDC.....................................................................................................11 8. Ratings Summary – Responsibilities of Authorities.............................................................11 9. Prioritized List of Recommendations – RENTAS (RTGS, CSD, and SSS).........................12 10. List of Prioritized Recommendations – BMDC .................................................................13 11. List of Prioritized Recommendations – BMSC .................................................................14 12. List of Prioritized Recommendations – BMDepo..............................................................16 13. List of Prioritized Recommendations – Authorities...........................................................17 Figures 1. Malaysia’s National Payments System...................................................................................6 2. RENTAS volumes and values.................................................................................................7 3. Overview of the securities and derivatives market in Malaysia..............................................8 i ABBREVIATIONS ADA Authorised Depository Agent (agents of the BMDepo) ADI Authorized Depository Institution (participants of the RENTAS) ADM Authorised Direct Member (participants of the BMDepo) BFE Brokers’ Front End BFF Bridge Financing Facility BM Bursa Malaysia Berhad (the exchange holding company) BMD Bursa Malaysia Derivatives Berhad (the derivatives exchange) BMDC Bursa Malaysia Derivatives Clearing Sdn Bhd (the derivatives clearing house) BMDepo Bursa Malaysia Depository Sdn Bhd (the central depository) BMS Bursa Malaysia Securities Berhad (the stock exchange) BMSC Bursa Malaysia Securities Clearing Sdn Bhd (the securities clearing house) BNM Bank Negara Malaysia (the central bank) BOCM Bank of China, Malaysia BPA Bond Pricing Agency BTS Bursa Trade Securities System (the securities trading engine) CBA Central Bank of Malaysia Act 2009 CBRC China Banking and Regulatory Commission CDS Central Depository System CGF Clearing Guarantee Fund CF Clearing Fund CMSA Capital Markets and Services Act 2007 CP Clearing Participants (TCP or NTCP) CPSS Committee on Payment and Settlement Systems DSA Digital Signature Act 1997 DVP Delivery versus Payment EA Evidence Act 1950 FAST Fully Automates System for Issuing/Tendering FCTSAS Foreign Currency Transfer Settlement Account System FDSS Fixed Delivery and Securities Settlements provisions FMG Malaysian Government Securities Futures (3-year and 5-year) FMI Financial Markets Infrastructure GFA Government Funding Act 1983 GMRA Global Master Repurchase Agreement HKMA Hong Kong Monetary Authority IFTS Inter-bank Fund Transfer System INED Independent Non-Executive Director IOSCO International Organisation of Securities Commissions ISCAP Institutional Securities Custodian Programme ISS Institutional Settlement System KPI Key Performance Indicator LA Loan (Local) Act 1959 LO Loan (Local) Ordinance 1959 ii LOSF Liquidity Optimization Settlement Facility MDIC Malaysian Deposit Insurance Corporation Act 2011 MGS Malaysian Government Securities MoU Memorandum of Understanding MPOR MyClear Participation and Operating Rules MSAS MYR Settlement Account System MyClear Malaysian Electronic Clearing Sdn. Bhd. MYR Malaysian Ringgit NRC Nomination & remuneration Committee NTCP Non Trading Clearing Participant OPSS Operating Procedures for Securities Settlement PBOC Peoples Bank of China PDIM Perbadanan Deposit Insurans Malaysia PDS Private Debt Securities PFMI CPSS-IOSCO Principles for Financial Markets Infrastructure PID Public Interest Director PO Participating Organisation (securities broker) PSA Payment Systems Act 2003 PSIDWG Payment Systems Infrastructure Development Working Group PTI Port Tank Installation PVP Payment Versus Payment RAM Rating Agency Malaysia RENTAS Real Time Electronic Transfer of Funds and Securities RNM Renminbi ROP RENTAS Operating Rules and Procedures SBL Securities Borrowing and Lending SBL-CLA Securities Borrowing and Lending with Central Lending Agency SBLNT Securities Borrowing and Lending Negotiated Transaction SC Securities Commission Malaysia SCA Securities Commission Act 1993 SICDA Securities Industry (Central Depositories) Act 1991 SPAN Standard Portfolio Analysis of Risk SSDSS Scripless Securities Depository and Settlement System SSF Single Stock Futures TBA Treasury Bills (Local) Act 1946 TCP Trading Clearing Participant TP Trading Participant (derivatives broker) iii I. EXECUTIVE SUMMARY 1. There is a clear demarcation of oversight, regulatory and supervision jurisdiction between the Securities Commission and the central bank. The Bank Negara Malaysia (BNM): the central bank is responsible for the oversight of the payment systems and settlement systems for unlisted government, BNM and private debt securities. The Securities Commission (SC) is responsible for the regulation, supervision and oversight of the FMIs for the corporate securities and derivatives market. 2. MyClear a 100% owned subsidiary of the central bank (Bank Negara Malaysia) operates an integrated large value payment and securities settlement system – RENTAS. RENTAS functions as a Real-Time Gross Settlement System which is also integrated with a CSD and also handles securities settlement of unlisted Government, BNM and private debt securities. 3. Securities and derivatives clearing and settlement infrastructure is managed by an integrated exchange holding company: Bursa Malaysia Berhad (BM). The BM is licensed as an exchange holding company and it has a 100% owned subsidiary Bursa Malaysia Securities (BMS) a securities exchange and a joint venture with the Chicago Mercantile Exchange (CME) – Bursa Malaysia Derivatives (BMD) that is licensed as a derivatives exchange. Bursa Malaysia Securities Clearing (BMSC), a 100% owned subsidiary of BM, functions as a central counterparty (CCP) for the securities market and Bursa Malaysia Derivatives Clearing (BMDC), a 100% owned subsidiary of BMD, functions as the CCP for the derivatives market. The BM also has a 100% owned subsidiary Bursa Malaysia Depository (BMDepo) that functions as the lone CSD for the securities traded on the BMS. 4. The BM had planned a default drill for its FMIs well before the FSAP assessment and this has been taken into account in the assessment however the actions taken by the FMIs and authorities subsequent to the FSAP while being acknowledged are not being taken into account in the assessment. The default drill was proposed in January 2012 and was planned to be executed in December 2012. The assessors were notified of the successful conduct of this and also the plans to conduct this on a periodic basis. The principle 13 (default procedures) and principle 14 (segregation and portability) for the BMSC and the BMDC have been assessed taking this into account. A number of other initiatives have been taken post the FSAP assessment that could address specific gaps identified in the FSAP; these are acknowledged however the assessment does not take this into account as part of the rating for the impacted principles and responsibilities. These initiatives include enhancement of stress testing scenarios and overall credit risk framework by the BMSC and BMDC; institution of liquidity risk management stress tests by the BMSC and the BMDC; and, the enhanced MOU entered into between the SC and the BNM and the establishment of a focus group to discuss co- operative oversight arrangements. 5. The RENTAS system was assessed against the CPSS-IOSCO Principles for Financial Market Infrastructures (PFMI) as a unified system although, from a technical standpoint, it involves the operation of three FMIs. The rationale of this choice is that the system is highly integrated. RENTAS observes 19 principles and five principles are not applicable. However, a few areas of further improvement are noted.  Legal Basis: The legal framework explicitly provides for finality. However the certainty of protection of collateral placed for liquidity support and protection of repo arrangements is not explicit. This is not an immediate concern as all the participants that use these facilities are supervised by the BNM and the BNM is responsible for initiating insolvency/bankruptcy proceedings for these entities, however when other classes of entities are allowed this could be an area of concern. 1  Collateral: The valuation of collateral placed for intra-day credit facility which could be converted to overnight credit is based on quotes from principal dealers. This could be enhanced by seeking quotes from the Bond Pricing Agency.  CSD: The segregation arrangements for the customers that have been provided for in the legal framework should be tested and procedures for implementing portability should be tested.  Disclosure Framework: The RENTAS is required to comply with the relevant CPSS-IOSCO standards with the introduction of the PFMIs the RENTAS should comply with the disclosure requirements as well. 6. The BMSC observes 16 principles, broadly observes two, partially observed one, one principle was not observed and four principles are not applicable.  Legal Basis: The legal framework for the securities market explicitly provides for finality and protection for collateral but explicitly recognizes netting and novation only at the level of rules. An independent legal opinion has confirmed the enforceability of the rules; however as part of the proposed Financial Services Act these can be addressed at the level of law as well.  Credit Risk: The stress testing models need to be enhanced and reviewed monthly against the current quarterly review schedule. The BMSC does not collect margins and the resources used for handling credit risk is the clearing guarantee fund, the SBL-CLA collateral for SBL-CLA related exposures and in addition the liquid assets of the BMSC. The size of the clearing guarantee fund should be enhanced to ensure that committed funds are adequate to handle the default of the participant with the largest exposure. Stress tests in 2011 indicated the committed funds would be just about sufficient, however after inclusion of the stand-by credit facility from the BM defaults of the three participants with the largest exposures could be handled.  Margin: The BMSC has established a clearing guarantee fund that is pre-funded by the participants, the BMSC and the stand-by credit arrangement from the BM. This fund is structured to cover the potential exposure of the BMSC from the settlement default of the novated trades of a participant with the largest settlement position. The structure and the objective of the clearing fund do not fully conform to the margin methodology envisaged for the PFMIs. The BMSC should consider instituting a margin mechanism, this can be done by recasting a part of the CGF as a margin which is collected based on the positions of the participants and also have the ability to collect variation margin on an intra-day basis.  Liquidity Risk: The BMSC does not have an explicit stress testing model for assessing its liquidity risk. The BMSC should institute this and also subject it to periodic review.  Exchange of value: The DVP mechanism is achieved by placing a system-wide freeze on the CSD until the funds leg is completed. However buy-ins initiated to address delivery failures can over- ride the freeze and there could be a scenario where a participant receiving securities as part of the days’ settlement and participate in the buy-in using those securities even before his fund pay-in and potentially default on his funds obligation. This risk is however mitigated by the operational controls required to be instituted by the participants, which ensure that the participant ’s clients cannot participate in the buy-in process without them first having met their settlement obligations for the day. The BMSC should ensure that the CSD systems prevent the above scenario from happening or alternatively ensure that the market participants exercise specific operational controls in their processes to prevent this from happening.  Default procedures: At the time of the FSAP assessment the BMSC had proposed to carry out a default drill in December 2012 and on a periodic basis thereafter. The assessor was notified about the successful completion of the default drill as planned. The BMSC should ensure that the drill 2 is carried out on an ongoing basis and also any gaps or issues identified are addressed in a time-bound manner.  Operational Reliability: The BM manages the BCP at a group level and has a stated RTO of 5.5 hours for critical function which includes depository, clearing and settlement arrangements. The BMSC does not fully test the reliability of the participants BCP procedures. 7. The BMDepo observes 11 principles, broadly observes one and 12 principles are not applicable. The operational reliability issue mentioned for the BMSC applies for the BMDepo as well. 8. The BMDC observed 17 principles, broadly observed four, and three principles were not applicable.  Legal Basis, default procedures and operational reliability: The observations related to these principles summarized above for the BMSC are applicable to the BMDC as well.  Credit Risk: The stress testing models need to be enhanced and reviewed monthly against the current quarterly review schedule.  Margin: The Margin model is currently only reviewed twice a year; it should be reviewed every month with a full-fledged review once a year.  Liquidity Risk: The BMDC does not have an explicit stress testing model for assessing its liquidity risk. The BMDC should institute this and also subject it to periodic review. 9. The authorities observe three of the responsibilities and broadly observe two.  Responsibility C: The authorities currently do not have a formal mechanism for disclosing their oversight policies with respect to the FMI’S for the securities and derivatives market. The oversight policies for the payment systems are shared in the annual financial stability report, however the extent of coverage could be enhanced and other delivery mechanisms could be considered.  Responsibility E: The co-operative arrangements in place should be fully leveraged and the extent of information and scope of collaboration could be enhanced. Information sharing related to concentration limits in settlement banks and letter of credits could be enhanced. The scope of collaboration could be enhanced to jointly explore aspects related to FMIs on an ongoing basis. II. INTRODUCTION 10. The present document is the assessment of systemically important financial market infrastructures in Malaysia based on the Committee for Payment and Settlement Systems (CPSS) and International Organization of Securities Commission (IOSCO) Principles for Financial Market Infrastructures (PFMIs). The assessment was conducted in the context of field missions of the Financial Sector Assessment Program (FSAP) to Malaysia in July 2012. 11. Harish Natarajan (World Bank) was the assessor and was supported by Isaku Endo (also World Bank). This assessment covers the following FMIS: All sub-components of the RENTAS system, the BMSC, the BMDC and the BMDepo and the responsibilities of central banks and the securities as the relevant authorities for financial market infrastructures. The RENTAS technically is comprised of three FMIS – the RTGS, SSS and CSD however the assessment is presented as one for ease of presentation and also because it is operated, overseen and used by the participants as one integrated system. RENTAS is a designated payment system, and in the designation it is recorded as one system. The Bursa Bonds has not been included in the scope, as the participants and the SC are re- working the way they approach this FMI given its evolution from a trading platform to a TR now. The 3 SC is encouraged to consider an assessment of this FMI as a TR in the near future. The FMIs covered in this assessment are listed below.  Real Time Electronic Transfer of Funds and Securities (RENTAS) - RTGS  Real Time Electronic Transfer of Funds and Securities (RENTAS) - CSD  Real Time Electronic Transfer of Funds and Securities (RENTAS) - SSS  Bursa Malaysia Securities Clearing (BMSC) – CCP  Bursa Malaysia Derivatives Clearing (BMDC) – CCP  Bursa Malaysia Depository (BMDepo) – CSD 12. The links of the RENTAS with the Euroclear has not been included in the scope, as it has been introduced very recently and the usage has not yet started. The assessment tables includes some remarks on this linkage however it has not been included in the key conclusions for the relevant principles. 13. The information used in the assessment included all relevant laws, rules and procedures governing the systems, material available on these FMIs in the public domain and from the central bank and the securities commission. In addition, extensive discussions were held with the regulators and overseers – Bank Negara Malaysia (Central Bank) and Securities Commission of Malaysia (SC), the systems operators – MyClear and Bursa Malaysia; and stakeholders such as commercial banks and market participants. In addition, the mission team was provided with:  A self-assessment of the RENTAS system against the CPSS Core Principles for Systemically Important Payment Systems against the CPSS-IOSCO Recommendations for Securities Settlement Systems.  A self-assessment of the BMSC and the BMDC against the CPSS-IOSCO Recommendations for CCPs.  A self-assessment of the BMSC and BMDepo against the CPSS-IOSCO Recommendations for Securities Settlement Systems.  The responses from the authorities and the operators of these systems to a set of questions to fill the gaps between the self-assessments and the new information required for assessment against the PFMIs. 14. The methodology used follows the CPSS-IOSCO Principles for Financial market infrastructures (April 16, 2012) and the Assessment methodology for Principles for FMIs (Consultative Report, April 16, 2012) and the Disclosure framework for financial market infrastructures (Consultative Report April 16, 2012). III. PAYMENT AND SECURITIES SETTLEMENT SYSTEMS LANDSCAPE A. Legal and regulatory framework 15. The legal framework for the payment and settlement system can be grouped into two – one group for the payment systems and government securities; and, another for the equities, corporate debts and derivatives. In addition there are legal provisions that protect some of the common aspects like recognition of electronic means of initiating payment and securities transfer instructions and the recognition of contracts. 16. The legal framework for payment systems and government securities includes Central Bank of Malaysia Act 2009 (CBA) that provides the mandate for Bank Negara Malaysia (BNM) to own and operate payment and settlement systems and Payment System Act 2003 (PSA) that strengthens the payment and settlement systems oversight powers and firmly establishes the BNM as the authority responsible for promoting the reliable, efficient and smooth operation of 4 the national payment and settlement systems. The PSA provides enhanced oversight powers to the BNM over systems that the BNM designates as systemically important payment system. The PSA requires the operator of designated payment systems to develop operating rules and procedures including default provisions. The PSA further provides primacy to the default procedures of a designated payment system over any other legal provision in Malaysia including insolvency related proceedings. The PSA requires certain minimum governance arrangements for all payment systems operating in the country. There are other specific legal measures that govern aspects related to the government securities. These acts are the Treasury Bills Act, Loans (local) Act and Loans (local) ordinance. These legal measures include aspects related to de-materialization of government securities and provisions related to investor protection. 17. The corporate securities – both equity and bonds and derivatives clearing and settlement systems are governed by Securities Commission Act (1993), Capital Market and Services Act 2007 (CMSA) and Securities Industry (Central Depositories) Act 1991 (SICDA). The Securities Commission Act (SCA) establishes the duties, responsibilities and operating arrangements for the Securities Commission. The CMSA provides the overall framework for operation of various entities in the security markets like stock exchange, clearing houses and trade repositories. The SICDA provides the overall regulatory framework for depositories and immobilization of securities in approved depositories. 18. The CMSA requires the licensed exchanges and clearing houses to prioritize public interest, safety and efficiency aspects over their commercial objective and also establish rules and procedures and in particular in relation to handling of participant defaults . The CMSA provides for the primacy of the default procedures of a clearing house in particular over insolvency and bankruptcy related proceedings. The CMSA requires all participants of the exchanges and other entities playing a role in the securities market to be licensed by the SC. B. Large Value Payment Systems 19. The BNM has established a fully-owned subsidiary MyClear to operate the large value payment and settlement system: RENTAS. The RENTAS system itself is also owned by the BNM but is operated by MyClear under a SLA. The RENTAS system is an integrated system that provides RTGS services along with a SSS and CSD for government securities and Private Debt Securities (PDS). In addition to operating RENTAS, the MyClear owns and operates a number of retail payment systems – Giro for inter-bank credit transfers, eSPICK an automated cheque clearing house, MyMobile a mobile payments platform and FPX an online banking enabled payment system. The RENTAS and eSPICK system are designated payment systems given that RENTAS is a systemically important payment system and eSPICK is widely used. 20. RENTAS settles MYR transactions in real-time and on gross basis in central bank money. RENTAS system consists of the following major modules: Inter-bank Fund Transfer System (IFTS), MYR Settlement Account System (MYR SAS), Foreign Currency Transfer Settlement Account System (MCT SAS), and Scripless Securities Depository and Settlement System (SSDS). The business hours for Malaysian Ringgit Settlement in RENTAS are from 8:00 am to 6:00 pm on all business days. 21. The RENTAS system is used for the MYR denominated local large value credit transfers on a real time gross settlement basis; DVP and free-of-payment settlement for securities transfers; USD-MYR PvP transactions through a link with the USD CHATS in the Hong Kong; MYR-RMB PvP transactions through a link with the Bank of China in Malaysia; and, the link with Euroclear for securities transfers and settlements for investment by RENTAS participants in securities deposited with or linked to Euroclear. The RENTAS link with the Euroclear and the BOCM are very recent developments and there has been no usage since the system went live in April 2012. 5 Figure 1: Malaysia’s National Payments System RENTAS Central Depository Securities Settlement System RTGS (CSD) (SSS) Large Value Payment System (SIPS) Bursa BM FAST Bonds Depository TR CSD Interbank eSPICK FPX GIRO (Check (ACH) (ACH) Clearing) BM BM Derivatives Securities Banks Clearing Clearing CCP CCP BM BM MEPS/HOUSe Direct Debit / MYMobile Derivatives Securities Shared ATM Networks eDebit ADI Brokers Investors Clients (legal and natural persons) 22. The RENTAS system functions as an integrated system with a common overarching rules framework and membership agreement, under which certain module specific rules have been created. The BNM has been historically overseeing the RENTAS system as one integrated system and not as individual component infrastructures. All the different services of RENTAS are accessed through a common front-end and are seen as one integrated system by the users as well. 23. As of June 2012 RENTAS has 68 members. The following regulated institutions are eligible to access RENTAS:  Commercial Banks (25)  Islamic Banks (16)  Investment banks co-regulated by BNM and the Securities Commission of Malaysia (15)  International Central Securities Depository (ICSD) and National Central Securities Depository (CSD) (1: Euroclear)  Central banks/monetary authorities and qualified foreign licensed institutions (1: BNM)  Qualified domestic entities that provide payment and clearing services (clearing houses) (2: MEPS, eSPICK)  Qualified institutions whose admission will promote the development of the Malaysian financial markets. (8: Development financial institutions and others) 24. The RENTAS provides customer omnibus accounts in the CSD sub-component. The RENTAS members who wish to provide depository services sign-up for this service. These institutions are called Authorized Depository Institutions (ADI). Currently there are 61 ADIs. The ADIs are required to open three accounts – one for the ADI’s proprietary holdings, one omnibus account for the domestic clients and one omnibus account for the foreign clients. The TBA, LO and the GFA require the ADIs to segregate the client accounts in their books and that the clients holdings are held in trust and should not be treated as the holdings of the ADI. 6 25. The sources of liquidity for the transactions in RENTAS are: participants opening balances, participant’s statutory reserve balances placed with the BNM, incoming transfers and intra-day credit facility. The Intra-day Credit Facility (ICF) is fully collateralized and is interest-free. The ICF is available only to banks, Islamic banks and investment banks. The eligible securities are those issued by the Malaysian Government and BNM as well as private debt securities with a minimum credit rating of ‘AAA’ which are deposited in RENTAS. The collaterals accepted for ICF is aligned with those accepted for the standing-facility of the BNM offered to the same of institutions. This enables conversion of the ICF if the need arises to an overnight loan under the standing facility. 26. In 2011 RENTAS settled RM47.2 trillion, representing more than 53.5times Malaysia’s annual GDP. On an average the stand-alone funds transfer and securities settlement transactions put together, the system processes about 14,000 transactions per day with an average daily value of RM193 billion. The securities settlement transaction account for around 6.2% by value and 3.3% by volume. Figure 2: RENTAS volumes and values RENTAS turnover to GDP RENTAS : Total volume and value of transfers Times RM bil '000 60 50,000 4,000 53.5 45,000 55 52.3 3,500 40,000 50 3,000 35,000 50.3 49.6 45 41.8 2,500 30,000 44.9 40 37.7 25,000 2,000 35 20,000 1,500 31.7 31.6 35.5 15,000 30 31.9 1,000 30.9 10,000 25 500 5,000 20 0 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2006 2007 2008 2009 2010 2011 Volume Value C. Retail Payment systems 27. MyClear operates four retail payment systems: eSPICK Interbank GIRO, FPX and MyMobile. eSPICK is an image-based clearing system where the check image and magnetic ink character recognition (MICR) code line data are captured and transmitted electronically to facilitate clearing. The eSPICK settles on a T+1 basis in central bank money through RENTAS. On average, eSPICK processes 17.8 million cheques transactions amounting to RM164.99 billion monthly and 0.84 million transactions worth RM8.05 billion daily. The table 1 provides the transaction statistics for the retail payment instruments in 2011. 28. The Malaysian Electronic Payment System (MEPS) operates the Shared ATM Network (SAN). In 2011, SAN expanded its membership to include five locally-incorporated foreign banks, allowing nearly all account holders in Malaysia access to 11,689 ATMs nationwide via a single network. In addition to credit, debit and charge cards, E-money is widely used in Malaysia. Seven banks and 16 non-banking entities offer e-money services. The largest e-money operator Touch n’ Go processed 796.8 million transactions for a value of 2.3 billion MYR. Table 1: Retail Payment Instruments Usage Statistics - 2011 Payment Instrument Volume Value (in Millions) (in MYR Billion) Cheques 204.9 1979.9 Credit and Debit Transfers 61.8 171.6 ATM transactions 215.4 69.7 Card payments 342.1 95.1 e-money 806.5 3.8 7 D. Securities Settlement Systems 29. The securities clearing and settlement system in Malaysia are vertically organized market wise for the three different markets: the bond market, the equities market, and the derivatives market (see table 2). 30. Bonds such as Malaysia Government Securities (MGS), Bank Negara Malaysia Bills (BNB), Cagamas Papers, PDS and ABS are issued through the BNM managed system - Fully Automated System for Issuing /Tendering (FAST). FAST is a web based system and supports issuances of debt securities both through tender or non-tender basis. This system integrates with the RENTAS for settlement of funds and also for transfer of securities. The secondary market for bonds is primarily OTC and all trades are required to be reported to the Bursa Bonds within 15 minutes. The only bonds currently traded on the BMS are loan stocks (commercial papers). Table 2: Securities Market Statistics for 2011 Market Trade Volume /Market Parameter Trade Value (Approx, in millions) (in MYR Billions) Corporate Securities 1360 0.296 Equities (shares traded) 329,000 438 Derivatives Contracts traded 8.05 - Derivatives (Open Interest ) - 152,419 (actuals) Figure 3: Overview of the securities and derivatives market in Malaysia Bond (Gov’t Securities, BNB, Shares, funds, warrants, Commodity derivatives, Bonds Cagamas Papers, PDS, ABS) REITs, bonds, sukuk equity derivatives, financial derivatives OTC trading and Electronic trading platform (FAST, Trading ETP) Bursa Malaysia Bursa Malaysia Bursa Bond Securities Derivative s (TR) BM Securities BM Derivatives Clearing bilateral Clearing Clearing CCP CCP Settlement BM Euroclear Depository DvP Model 2 Securities leg RENTAS CSD SSS / CSD RMB Bank of Settlement PvP HK ICL RENTAS China Cash leg CHATS RTGS Commercial ‘Settlement’ Banks Reporting or information flows 31. The Bursa Malaysia Group a public listed company is the holding company for all the institutions operating in the equities and derivatives market. Its 100% subsidiary Bursa Malaysia Securities (BMS) is the stock exchange where all equities, ETFs, warrants, Real-Estate Investment Trusts (REITs), loan stocks (commercial papers) and Islamic securities (Sukuk) are traded. The Bursa Malaysia Derivatives (BMD) is the futures and options exchange; it is a joint venture between the Bursa Malaysia (75%) and the Chicago Mercantile Exchange (CME – 25%). The Bursa Malaysia 8 Depository (BMDepo) is the Central Securities Depository (CSD) where all the equities traded on the BMS are immobilized. The services of each of these institutions are described further below. The market capitalization in 2011 was MYR 1.28 trillion. 32. The BMS operates the screen based real-time trading platform Bursa Trade Securities (BTS) system through which trades by markets participants are placed and matched in real- time. In 2011, there were 35 participants and on an average MYR 1.7 billion was traded daily. In 2011, there were 941 equities listed in the BMS across two markets the main and the alternate market - ACE. The matched trades are cleared and settled through a 100% owned subsidiary of the BMS – Bursa Malaysia Securities Clearing (BMSC). The BMSC functions as a CCP, and settles trades at T+3 on a DVP model 2 basis. 33. BMDepo functions as the CSD for the equities, warrants, ETFs and Sukuk securities traded on the BMS. The BMDepo uses a beneficial owner account structure. The investors in the securities market are required to open accounts through the participants of the BMDepo who are also participants of the BMS. The account though in the name of the investor is linked to a participant and if the investor places trades through another participant another account needs to be opened. There were 4.2 million CSD accounts in 2011. 34. BMD is the derivatives exchange that is used for trading of all derivative products comprising of commodity futures and options, interest rate futures1 and equity index2 and single stock futures and options. In all there are 10 products that are traded at the BMD. The Futures on Crude Palm Oil (FCPO) is the main product traded on the exchange and it is the global benchmark for the palm oil industry. The trading is through a screen-based on-line GLOBEX trading system of the CME. All matched trades are sent to the Bursa Malaysia Derivatives Clearing (BMDC) for the clearing and settlement of the trades. The BMDC functions as the CCP. E. Oversight arrangements 35. The Payment Systems Act (PSA) and the Central Bank Act (CBA) empowers the BNM to be the overseer of the payment systems; securities settlement system and central securities depositories for the Government securities. The PSA provides enhanced oversight powers to the BNM over designated payment systems. The designation could be for systems that are of systemic importance or in public interest. The BNM has designated the RENTAS system and eSPICK system. These designated systems are required to comply with international standards in particular those issued by the CPSS and IOSCO and required to submit detailed information periodically. All the rules and procedures of these systems are subject to the approval of the BNM. The BNM conducts periodic dialogue with the operators of these systems and also has the powers to audit and call for detailed information from the operators. 36. The Securities Commission Act (SCA) and the Capital Market Services Act (CMSA) empower the SC to oversee the orderly functioning of the capital market and all the entities connected with it. Accordingly the SC oversees the functioning of the exchanges- BMS and BMD; the CCPs – BMSC and BMDC; the CSD – BM Depo. The SC requires these institutions to submit detailed information periodically and also subjects them to periodic audits. These institutions are also required to comply with the prevalent international standards in particular those issued by the CPSS and IOSCO. All the rules and procedures of these entities are required to be approved by the SC. The 1 The futures are based on the Kuala Lumpur Inter Bank Offered Rate (KLIBOR). 2 The index of the BMS is the KLCI. 9 SC also supervises the participants in these securities and derivatives markets entities, in addition as required under the CMSA, the BMS and BMD are required to ensure safe, reliable and efficient operations of the clearing and settlement infrastructure for securities and derivatives market transactions. IV. SUMMARY ASSESSMENT A. Summary assessment of the principles Table 3: Ratings Summary RENTAS – RTGS component Assessment category Principles Observed 1,2,3,4, 5, 7, 8, 9, 12,13, 15,16,17, 18, 20,21,22,23 Broadly observed Partly observed Not observed Not applicable 6, 10, 11, 14, 19, 24 Table 4: Ratings Summary RENTAS – CSD and SSS components Assessment category Principles Observed 1, 2, 3, 4, 5, 7, 8, 9, 11, 12,13, 15,16,17, 18, 20, 21, 22, 23 Broadly observed Partly observed Not observed Not applicable 6, 10, 14, 19, 24 Table 5: Ratings Summary BMSC Assessment category Principles Observed 1, 2, 3, 5, 8, 9, 12, 13,14, 15,16, 18, 20,21,22, 23 Broadly observed 7, 17 Partly observed 4 Not observed 6 Not applicable 10, 11, 19, 24 Table 6: Ratings Summary BMDepo Assessment category Principles Observed 1,2,3, 11, 13, 15,16, 18, 21, 22, 23 Broadly observed 17 Partly observed Not observed Not applicable 4, 5, 6, 7, 8, 9, 10, 12, 14, 19, 20, 24 10 Table 7: Ratings Summary BMDC Assessment category Principles Observed 1, 2, 3, 5, 8,9,10, 12, 13, 14,15, 16, 18, 20,21,22,23 Broadly observed 4, 6, 7, 17 Partly observed Not observed Not applicable 11, 19, 24 B. Summary assessment of the responsibilities Table 8: Ratings Summary – Responsibilities of Authorities Assessment category Responsibility Observed A, B, D Broadly observed C, E Partly observed Not observed Not applicable 11 C. Recommendations for FMIs Table 9: Prioritized List of Recommendations – RENTAS (RTGS, CSD and SSS) Issue of concern Timeframe for addressing Principle Recommended action and comments and other gap or shortcoming recommended action 13 Testing of default management procedures MyClear should introduce periodic testing of the default Short Term management procedures and involve the participants also. 11 Articulate how the CSD would support the portability of MyClear could enhance their disclosures related to Short term client holdings. RENTAS and test their ability to support portability of client holdings. 23 Comply with the disclosure framework requirements. All the FMIs should comply with the disclosure Short Term framework requirements as part of their ongoing compliance to the regulatory and oversight requirements. 1 The legal framework could be strengthened to provide The provisions in the CMSA that provides for primacy of Medium Term explicit protection for the collateral placed for intra-day the default procedures of the BMSC and BMDC over any credit in the RENTAS and also for repo arrangements. insolvency related proceedings could be replicated for the 12 RENTAS as well perhaps in the PSA or in the upcoming Financial Services Act. 5 The valuation for the PDS accepted as collateral for the Currently the price quotes are collected from the principal Medium Term ICF should also include price information from the Bond dealers only. The reliability of the price estimates could Pricing Agency. be enhanced by taking quotes from the Bond Pricing Agency. 17 Enhancing the operational reliability through more robust RENTAS has a robust BCP; the operational reliability of Medium Term verification of participants BCP. the whole system can be enhanced by robust verification of the participants BCP arrangements for (e.g.) by requiring external certification of participants BCP. In addition exceptional scenarios like RENTAS experiencing operational issues close to end-of-business day, unusual queue sizes, and high number of requests for ICF etc. could be included in the BCP testing. Table 10: List of Prioritized Recommendations: BMDC Issue of concern Timeframe for addressing Principles Recommended action and comments and other gap or shortcoming recommended action 7 There is no stress testing model used for monitoring The BMDC currently use the results of the credit risk Short Term liquidity risk. stress to monitor liquidity risk. In addition to this they should create specific models for assessing liquidity risk, this could include for (e.g.) simulating unavailability of one or more banks with which they maintain their liquid assets. 13 Testing of default management procedures The assessor was notified that the BMDC has conducted Short Term the planned default drill and also that this drill is planned to be conducted on a periodic basis. The BMDC should ensure this is incorporated as an ongoing activity and any gaps or issues identified are addressed in a time-bound manner. 14 Testing and validation of segregation and portability The BMDC should verify and test its ability to assist Short Term movement of customers’ positions from a defaulting 13 arrangements participant to another. The assessor was notified that this was included in the default drill conducted in December 2012. The BMDC should ensure that this is included in future default drills as well and any gaps or issues identified are addressed in a time-bound manner. 23 Comply with the disclosure framework requirements. All the FMIs should comply with the disclosure Short Term framework requirements as part of their ongoing compliance to the regulatory and oversight requirements. 1 The CMSA and the SCA do not explicitly recognize The provisions in the PSA related to finality, netting and Medium Term netting and novation. These are however addressed in the novation can be replicated for the BMDC. This could be default procedures of the BMDC which have primacy in addressed as part of the upcoming Financial Services Act the event of insolvency of a participant. which envisages empowering the BNM to declare the BMDC as a designated payment systems. 17 Achieve RTO of less than two hours and be able to The RTO of the BMDC is currently more than 2 hours. Medium Term continue performing from DR site for prolonged period The BCP and all associated processes, systems and of time. procedures should be structured to achieve this objective. In addition this should be periodically tested. The BMDC should also institute a robust process for ascertaining the effectiveness of the BCP of the liquidity providers, settlement banks and banks where it holds its and participants funds. 9 The settlement is currently in commercial bank money. It is recommended that the BMDC in a time-bound Long Term manner migrate settlement from commercial bank money to central money in the RENTAS. This would need the active involvement of the SC and the BNM. Table 11: List of Prioritized Recommendations - BMSC Issue of concern Timeframe for addressing Principles Recommended action and comments and other gap or shortcoming recommended action 4 The stress testing methodology is inadequate and the size The stress testing of the BMSC should incorporate the Short Term of the clearing guarantee fund is likely inadequate as SBL and BFF related credit risks as well and include well. more robust scenarios for (e.g.) stock specific movements. In addition the BMSC could consider the 14 following to further strengthen the credit risk management framework: (i) stand-by credit of the BM should be converted into an explicit BM contribution to the CGF; (ii) evaluate the relevance of the BFF given its limited usage and encourage the participants to use credit facilities from the banks; and, (iii) on an ongoing basis enhance the stress testing process by including scenarios that cover other market factors, stock specific movements and forward looking scenarios and review them on a more frequent basis. 6 The BMSC CGF mechanism does not fully conform to An initial and variation margin mechanism should be Short Term the margin requirement of the PFMI. instituted at the earliest. A portion of the participant’s contribution to the CGF can be collected as margin. This component should be collected based on the participant specific credit exposures and computed on a daily basis and also have the ability to collect additional margin as needed on an intra-day basis. 7 There is no stress testing model used for monitoring The BMSC currently use the results of the credit risk Short Term liquidity risk. stress to monitor liquidity risk. In addition to this they should create specific models for assessing liquidity risk, this could include for (e.g.) simulating unavailability of one or more banks with which they maintain their liquid assets in particular in periods of heightened liquidity stress and over multi-day periods 13 Testing of default management procedures The assessor was notified that the BMSC has conducted Short Term the planned default drill and also that this drill is planned to be conducted on a periodic basis. The BMSC should ensure this is incorporated as an ongoing activity and any gaps or issues identified are addressed in a time-bound manner. 14 Testing and validation of segregation and portability The BMSC should verify and test its ability to assist Short Term arrangements movement of customer’s positions from a defaulting participant to another. The assessor was notified that this was included in the default drill conducted in December 2012. The BMSC should ensure that this is included in future default drills as well and any gaps or issues 15 identified are addressed in a time-bound manner. 23 Comply with the disclosure framework requirements. All the FMIs should comply with the disclosure Short Term framework requirements as part of their ongoing compliance to the regulatory and oversight requirements. 1 The CMSA and the SCA do not explicitly recognize The provisions in the PSA related to finality, netting and Medium Term netting and novation. These are however addressed in the novation can be replicated for the BMSC. This could be default procedures which have primacy in the event of addressed as part of the upcoming Financial Services Act insolvency of a participant. which envisages empowering the BNM to declare the BMSC as designated payment systems. 12 The DVP arrangements need to be tightened. DVP is currently achieved by placing a system-wide Medium Term freeze on the BMDepo which is released only when the funds leg is completed. There is however an exception allowed for participating in a buy-in. A system check should be instituted to ensure that a participant receiving securities as part of the days’ delivery cannot participate in the buy-in with those securities. Alternatively the BMSC could ensure that the operational controls that the market participants are required to enforce as per the BMS rules to prevent this from happening is indeed enforced on an ongoing basis. 17 Achieve RTO of less than two hours and be able to The RTO of the BMSC is currently more than 2 hours. Medium Term continue performing from DR site for prolonged period The BCP and all associated processes, systems and of time procedures should be structured to achieve this objective. In addition this should be periodically tested. The BMSC should also institute a robust process for ascertaining the effectiveness of the BCP of the liquidity providers, settlement banks and banks where it holds its and participants funds. 9 The settlement is currently in commercial bank money. It is recommended that the BMSC in a time-bound Long Term manner migrate settlement from commercial bank money to central money in the RENTAS. This would need the active involvement of the SC and the BNM. Table 12: List of Prioritized Recommendations – BMDepo 16 Issue of concern Timeframe for addressing Principle Recommended action and comments and other gap or shortcoming recommended action 11 Articulate how the CSD would support the portability The BMDepo could enhance their disclosures and test Medium Term of client holdings. their ability to support portability of client holdings. 17 Achieve RTO of less than two hours and be able to The RTO of the BMDepo is currently more than 2 hours. Medium Term continue performing from DR site for prolonged period The BCP and all associated processes, systems and of time procedures should be structured to achieve this objective. In addition this should be periodically tested. 23 Comply with the disclosure framework requirements. All the FMIs should comply with the disclosure Medium Term framework requirements as part of their ongoing compliance to the regulatory and oversight requirements. D. Recommendations for Authorities Table 13: List of Prioritized Recommendations – Authorities Timeframe for Issue of concern Responsibility Recommended action and comments Relevant parties addressing and other gap or shortcoming recommended action Responsibility C Disclosure of Oversight policies The SC and the BNM could enhance their disclosure of SC and BNM Short Term oversight policies to the public. The disclosure to the FMIs is adequate. Responsibility E Co-operation arrangements The co-operation framework is in place; however, the SC and BNM Medium Term SC and the BNM should operationalize the co-operation in the area of oversight of the FMIs by expanding the scope of information exchange on an ongoing basis and initiating joint efforts to enhance safety, efficiency and reliability for the payment and settlement systems. The BNM and the SC can consider leveraging the new MOU framework to enhance the operational co-ordination. 17 These could include areas like sharing information relating to the ongoing oversight assessments of the FMIs in their respective jurisdictions and measures to enhance the risk management framework in the FMIs in their respective jurisdiction by sharing information that could be pertinent to the overseer of a particular FMI. V. DETAILED ASSESSMENT – RENTAS (RTGS, CSD AND SSS) Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key consideration 1.1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions Description The legal framework supporting the activities of RENTAS is primarily made- up of the Central Bank of Malaysia Act 2009 (CBA), the Payment Systems Act 2003 (PSA), and the confirmation of participation agreement that all participants of RENTAS sign binding themselves to the operating rules and procedures. The operating rules and procedures are comprised of: the MyClear Operating Rules and Procedures (MORP) which provides an overarching framework, RENTAS Operating Procedures (ROP), Operating Procedures for Securities Settlement Systems (OPSS), operational procedures for foreign currency settlement, and the Central Securities Depository and Paying Agency Rules which governs the depository and paying agency services3 provided by MyClear, as agent for BNM in relation to the securities deposited in RENTAS. In addition, certain aspects relating to the activities of RENTAS are covered in the Evidence Act 1950, the Companies Act 1965, Digital Signature Act 1997, Capital Markets and Services Act 2007 and, Securities Commission Act 1993. The PSA empowers (art 6.1) the BNM to designate payment systems that could pose systemic risks to the financial system or for public interest considerations. The BNM has designated RENTAS under this act as a Designated Payment System (DPS) this provides a broad range of oversight powers over RENTAS to the BNM and also provides certain protection to the operating procedures of RENTAS. The BNM has issued the Guidelines on Securities Borrowing and Lending Programme and Guidance Notes on Repurchase Agreement Transactions. The issuances and operations pertaining to Treasury Bills, Malaysian Government Securities (MGS) and Government Investment Issues are covered under Treasury Bills Act (TBA), Loans Act (LA) and Government Funding Act (GFA) respectively. The key aspects of the RENTAS that require legal certainty given its nature as an RTGS and Securities Settlement System and its particular arrangements for liquidity provisioning are properly provided for, as follows: Finality: article 19(1) of the PSA provides for payment instructions settled in RENTAS to be final and irrevocable from the point the payment instruction is settled as per the rules of RENTAS. The definition of payment instructions in the PSA encompasses funds transfer and securities transfer. The definition of securities in the PSA refers to the definition for securities in the SCA which includes the types of securities settled in the RENTAS. The same article also states that bankruptcy, insolvency and other similar events shall not have any effect over payments deemed final. For MYR funds transfers, the RENTAS 3 Payment of coupons and other such services are referred to as paying agency services. 18 operating rules (art 10) deem a funds transfer instruction as final once it is eligible for execution4 and has been picked up for execution. The same provision is there in the operating rules for foreign currency transactions (art 12). In the case of SSS the OPSS (art 70) specifies the settlement principles and requires usage of DvP process and on the conclusion of the DvP process the SSS transaction is final as per the OPSS rules. The PSA specifically protects the finality of transactions settled in RENTAS from the insolvency related provisions in the Companies Act 1965 and Bankruptcy Act 1967. Netting: Though RENTAS does not use netting as such, the finality and irrevocability of transactions settled through netting is provided for in art 19(2) of the PSA. The recently introduced optional multilateral offsetting feature uses simulated netting. Immobilization and dematerialization of securities: The OPSS issued by MyClear requires the issuances of BNM and Government papers to be dematerialized and deposited into RENTAS. Collectively, BNM and Government papers are referred to as Specified RENTAS Securities in the OPSS. The dematerialization of Malaysian Government Securities is supported by art 6 of the Loan (Local) Act 1959, art 6 of the Government Funding Act 1983 (GFA), art 9a (3) of the GFA and Section 7(3) of the Treasury Bills (Local) Act 1946. As there is no legislation for the dematerialization of Private Debt Securities and Islamic Securities, the immobilization of these securities is backed by the global certificates which represent their issuance in RENTAS. However for the issuances of Private Debt Securities (PDS), the Guideline on the Offering of Private Debt Securities and the Guideline on the Offering of Islamic Securities by SC require both conventional and Islamic Private Debt Securities to be deposited in RENTAS. The Guidelines are issued pursuant to the SCA and CMSA. The global certificates which represent the issuances of Private Debt Securities are required to be lodged and immobilized in RENTAS. Repurchase (repo) operations and securities borrowing and lending: The article 71 of the OPSS specifies the rules for the repo operations and requires settlement of the repo transactions on a DvP basis. If the party that initially transferred the securities does not repurchase such securities, the counterparty holding the securities is entitled to keep those securities as rightful owner and to protect against adverse movement the counterparty holding the security can call for additional margins. The securities lending activities are governed by the relevant guidance notes issued by BNM. The rules require the transfer of legal title ownership of borrowed securities from the lender to the borrower. In addition, the Global Master Repurchase Agreement (GMRA) is required to be signed between the participants. GMRA sets out the relationships between parties and general positions applicable to all repos in terms of definition, delivery and payment obligations of the parties, margin mechanics, rights of substitution, treatment of income on securities involved and notice provisions. The agreement also seeks to specify clearly the events of default and the consequential rights and obligation of the counterparties. Rights and interests in financial instruments: The ICF provided by BNM via RENTAS is a collateralized credit line provided to the participants during business 4 Eligibility conditions include availability of sufficient liquidity, the participant membership being in good order and the payment instruction date being the current business day. 19 hours to ensure that there is sufficient liquidity in RENTAS to effect settlements on a timely basis. Art 10.1 to 10.12 of the Operational Procedures for RENTAS provide BNM with the legal right over the collateral pledged should participants fail to repay the ICF by end of the day. The rights of the seller over securities sold as part of a repo and that of BNM as holder of collateral posted for availing ICF are not explicitly protected at the level of law from insolvency related proceedings. In the case of ICF, it is provided only to entities that are supervised by the BNM and it has the powers to oversee the dissolution or handling insolvency proceedings this likely is not an immediate area of concern. The case of protection of repo contracts in the event of insolvency related proceedings being initiated against one of the parties remains an area of concern. Default handling procedures: The rules on the default by participants are covered under the OPSS issued by MyClear. A failed settlement is deemed to have occurred if cash or securities settlement is not executed by the closing of the business on the value date. A securities buyer who did not receive a delivery of securities as contracted, has the right to buy securities from the market or do a reverse repo, to cover a short position and charge the defaulting party costs equivalent to the amount paid as well as damages paid to third parties who may have suffered due to the non-delivery of the securities. Similarly, a securities seller has the right to execute the sell-out if the buyer is unable to execute the purchase. The seller will immediately advise the buyer the price at which the sell-out was executed and is entitled to claim compensation from the buyer for the monetary difference if the original contract price is higher than the sell-out price. Applicability of the rules of MyClear: The Contracts ACT 1950 governs all contracts and in general a contract duly accepted by the parties is binding. In this regard, all RENTAS participants have signed a Confirmation of Participation Agreement prior to joining RENTAS, which is a contract as per the contracts act. This hence binds the participants to the relevant rules and procedures. In addition the PSA requires that payment systems and in particular designated payments systems develop rules and operating procedures. The BNM reviews all the rules of MyClear. Legal protection for electronic payment transactions: PSA’s definition of a payment system recognizes any mode of payment system including electronic payments. In addition, the DSA provides the legal framework for the use of electronic signatures. In the court of law in Malaysia, an electronic payment transaction made is binding based on the contractual relationship between the operator of a payment system and its participants. Furthermore, the EA recognizes any document produced by a computer as evidence in the court of law. Powers of the BNM to operate a payments system: article 44 of the CBA empowers the BNM or any body-corporate established by the BNM to own and operate any payment and securities settlement system and depository for debt securities. The RENTAS system is owned by the BNM and operated by MyClear a 100% owned subsidiary of the BNM. Regulation and oversight of payment systems: The PSA empowers the BNM to be the authority responsible for promoting the reliable, efficient and smooth operation of the national payment and settlement systems. The PSA provides the BNM with the following powers, amongst others, to oversee RENTAS, by virtue of it being a DPS: To obtain information and conduct examination; and to make modification to the governance and operational arrangements, issue directives and assume control in the event the operator of a DPS becomes insolvent (art 32 to 38). Relevant jurisdictions: The participants of RENTAS, including foreign institutions, 20 are subject to Malaysian laws. As regards the settlement of MYR-US Dollar trade transactions via the PvP and DvP link between RENTAS and H ong Kong’s USD- CHATS, Hong Kong’s legal framework also has a similar provision on finality. Transactions settled through the RENTAS-USD CHATS link are considered final for the MYR leg in Malaysia as per the PSA and the USD leg in Hong Kong is deemed final as per the Hong Kong legal framework. In general, the Ringgit settlement leg is subjected to Malaysian law while the US Dollar settlement leg is subjected to Hong Kong law. Key consideration 1.2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description RENTAS detailed rules and procedures are issued by MYClear. The participants of RENTAS sign a confirmation of participation agreement binding themselves to the rules and procedures specified from time to time by MyClear. The Rules and procedures are clearly stated and are understandable. These rules are provided to all participants when they become members, subsequent modifications are notified to participants through emails and circulars from MyClear and also updated in the Myclear web-site. These are also available at BNM’s online regulatory handbook for institutions supervised by the BNM. The BNM reviews all rules and procedures and has found them to be in compliance with the various legal provisions and enforceable. The PSA provides for the operator of RENTAS as a DPS to specify rules (art 14(b)). Key consideration 1.3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description The RENTAS legal framework is clearly articulated in its rules and procedures and the contracts between MyClear as the operator of RENTAS with the participants. The legal framework in Malaysia directly supports provisions related to finality and irrevocability of transactions settled through RENTAS (PSA, art 19); the other aspects are enforceable under the Contracts Act 1950. The rules clearly specify the overall legal basis and also list all the other relevant rules that need to be taken into account. The MyClear Participation and Operating Rule (MPOR) provide an overarching framework and there are then specific rules like ROP for the RENTAS and OPSS for the securities settlement services. In addition, prior to proposing major changes to the Rules, MyClear will consult the industry via its Rules Working Group (RWG), consisting of the banking associations and selected participants. Key consideration 1.4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description The participants of RENTAS, including foreign institutions, are subject to Malaysian laws. Settlement of MYR-US Dollar trade transactions via the PvP and DvP link between RENTAS and Hong Kong’s USD-CHATS, Hong Kong’s legal framework also provides a strong and similar provision on finality. Transactions settled through the RENTAS-USD CHATS link are considered final and cannot be revoked. In general, the Ringgit settlement leg is subjected to Malaysian law while the US Dollar settlement leg is subjected to Hong Kong law. There has been no precedent of transactions processed through RENTAS being challenged in a court of law. 21 Key consideration 1.5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description The USD CHATS PvP and DvP link with RENTAS is exposed to conflict of laws related risks. The BNM has conducted a detailed review of the implications and has determined that both jurisdictions support finality and irrevocability of transactions processed through the systems in their respective jurisdictions. This is also supported by the CPSIPS assessment of the CHATS system by the HKMA available on HKMA’s website. There is also a MOU between the HKMA and BNM which enables both the institutions to conduct dialogue and exchange relevant information impacting the transactions processed through this link. Key conclusion(s) The legal and regulatory basis properly supports each of the material aspects of the RENTAS activities in Malaysia and the PvP and DvP links with the USD CHATS system in Hong Kong. The rules, procedures and contracts derived from that legal and regulatory base are clear and understandable and are comprehensively articulated. RENTAS rules, procedures and contracts have not been subject of any judicial controversy, and actions taken under such rules, procedures and contracts have not been voided or reversed by another administrative or judicial authority. The rights of the BNM/lender over the collateral placed for ICF and Repos in the RENTAS is only protected at the level of rules, and does not have a clear backing at the level of law. However given that the ICF is currently only provided to institutions that are supervised by the BNM and for which the BNM is responsible for overseeing any insolvency proceedings relating to them it is not an immediate area of concern. In the case of repo transactions, the legal rights over the securities gets transferred to the lender but the borrowers obligation to buy-back the securities might be impacted, which could be an issue of concern. Assessment of Principle 1 Observed Recommendations and It is recommended that the BNM consider advocating addressing the potential Comments issues related to protection of ownership rights over collateral placed for ICF and enforcement of repo contracts identified in this assessment in the upcoming Financial Services Act, which would be replacing the PSA. 22 Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 2.1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations Description The RENTAS is owned by the BNM and operated by MyClear – a 100% owned subsidiary of the BNM. As Malaysia’s central bank, promoting financial stability is one of the main objectives of the BNM, which is stated in the CBA. The safety and efficiency objectives of RENTAS and its connection with, and hence support to, financial stability are expressed in several documents and is also a requirement for a payment system (art 14 d). In addition the BNM has set specific requirements that Myclear needs to comply with as an operator of a DPS, which further re- iterates the need to place high priority on safety, efficiency and reliability and compliance with international standards in particular those issued by the CPSS and IOSCO. The requirements were updated in December 2011. There is a monthly meeting between the Payment Systems Policy Department of the BNM and the MyClear management team where the ongoing performance against these expectations is assessed including discussion of other topical matters. The 2012 business plan of MyClear approved by its board of directors lists two key performance indicators (KPI) – maintaining reliability, safety and efficiency of the systems; and, expanding range of services being provided and ensuring continued sustainability. MyClear evaluates its performance against these KPIs once a quarter. Key consideration 2.2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description RENTAS is owned by BNM and operated by MyClear, a wholly-owned subsidiary of BNM. The segregation of the oversight and operational function of RENTAS paves the way for more effective surveillance, independent assessment and monitoring of risks in the systemically important payment system. The MyClear board has seven board members comprising a non-Executive Chairman, five non-Executive Directors and an Executive Director cum Managing Director. Of the five non-Executive Directors, two are officers of the BNM (a deputy governor and an assistant governor) whose responsibilities do not include payment systems policy. MyClear’s duties and responsibilities are clearly articulated in Section 7 of the MPOR, which is publicly available in MyClear’s website. In addition, MyClear holds quarterly meetings with all banking associations, semiannual meetings with all participants (since 2012) and conducts surveys. MyClear’s governance arrangement, including the composition of its Board, Board committees and management team, the responsibilities of its Board and Board committees, and its organizational structure with lines of reporting to the Board, are disclosed publicly in MyClear’s website. 23 Key consideration 2.3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description The roles and responsibilities of MyClear board of directors are clearly specified and are available in the web site of MyClear. BNMs and its governance arrangements and roles and responsibilities are articulated in the CBA. The payment systems policy department of the BNM has been entrusted with the responsibility of overseeing the payment and settlement systems in the country including the designated payment system – RENTAS. The responsibility of the BNM in the area of payment systems oversight is articulated clearly in the PSA. The MyClear board is assisted by three Board Committees: Audit and Risk Committee – it sets and reviews the audit and risk management policies and strategies of the company; Rules Committee - evaluates and makes decisions with regard to the rules and procedures for systems provided by MyClear; and Nomination and Remuneration Committee - evaluate and make decisions on matters related to nomination, remuneration, compensation and benefits of the Board and the senior management of the company. The MyClear Management Committee (MMC) is responsible for formulating procedural policies and making decisions for the day-to-day operations, management and administrative issues based on the powers and authority delegated by the Board. The MMC consists of the key senior management of the company. MyClear has recently set-up its own internal audit department. Prior to that, the internal audit function was conducted by BNM’s audit department, which is independent of those responsible for the payment systems policy. MyClear is guided by the Companies Act 1965 (CA) in identifying, addressing and managing conflicts of interest. As a designated payment system the objective of promoting and supporting safety, reliability and efficiency of the payment systems it operates is explicitly included in its KPIs and guides it overall business decisions. The MyClear has developed a performance evaluation framework for its board. A recent assessment for the board’s performance in 2011 rated the performance of the board as acceptable and identified scope for improvement in the size of the board, board member orientation processes and paying attention to succession planning. This assessment also included self-reviews by directors and peer review of other directors, in the areas of participation, quality of inputs and understanding of role. Key consideration 2.4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of non-executive board member(s). Description The MyClear board has seven board members comprising of a non-Executive Chairman, five non-Executive Directors and an Executive Director cum Managing Director. Of the five non-Executive Directors, two are officers of the BNM (a deputy governor and an assistant governor) whose responsibilities do not include payment systems. The three non-executive directors are independent directors. There is no fixed tenure for the board. 24 At the time of MyClear’s establishment in 2008, the BNM had selected and appointed the Board members of MyClear based on the following criteria: (i) Working/industry experience related to the Company’s business and operations; and, (ii) Specific technical capabilities or competencies related to the Company’s business and operations. Currently, the Board is comprised of members with different backgrounds and working experiences. Moving forward, these processes will be formalized and MyClear’s Nomination & Remuneration Committee will identify suitable candidates based on the criteria, which subsequently will be endorsed by the Board of Directors and the BNM. The members of the Board are paid an annual fee and a meeting allowance, as prescribed in MyClear’s Corporate Governance Handbook. The incentives are benchmarked against industry standards/practice and are reviewed periodically. Key consideration 2.5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description MyClear has put in place a rigorous process to ensure that only qualified candidates are appointed for senior management positions. This process is articulated in the Human Capital Department Procedure Manual of MyClear. Among others, the candidates need to possess strong technical competencies, leadership qualities and good business acumen. Specific competencies that may be required for certain positions like risk management are documented in the approved job description. An interview process is conducted and shortlisted candidates are recommended by the Management to MyClear’s Nomination and Remuneration Committee. The final selection/approval is made by the Board of Directors. Individual performance planning (which consists of individual KPIs) is agreed upon in the beginning of the year. The assessments for senior management’s performance against the agreed KPIs are conducted twice a year, during the mid-year and year-end. In addition to the KPI’s, the staffs are assessed based on core, leadership and technical competencies demonstrated throughout the year. For senior management positions reporting directly to the Managing Director, the initial assessment is conducted by the Managing Director, and then subsequently reviewed by the Nomination and Remuneration Committee, prior to the approval of MyClear’s Board of Directors. The Managing Director’s performance is assessed by the Nomination and Remuneration Committee prior to the approval of the Board of Directors. The MyClear has established the process for removal of senior management to eliminate any potential risks to the operations of the company. To date, there has been no instance of removal of senior management staff. Key consideration 2.6 The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk- management and internal control functions have sufficient authority, independence, resources, and access to the board. 25 Description The current MyClear risk management methodology has the following processes: (i) Identify and prioritize business objectives; (ii) Assess and manage high risk areas of specific business processes and also risks which are pervasive across MyClear; (iii) Evaluate adequacy of controls; (iv) Develop and monitor risk treatment action plans; (V) Ensure that identification, recognition and evaluation of business objectives; (VI) risks are consistent across all levels of the organization; and, (VII) Introduction of new systems and procedures. MyClear has engaged consultants to assist in the development of a new enterprise risk management framework. This is expected to be completed in Q4 2012. The key business objectives identified as part of this framework include: (i) Ensuring smooth operation of RENTAS; and, (ii) ensuring integrity of the system. A number of potential risks that could impact achievement of these objectives have been identified and the mitigating measures for those have been implemented. MyClear has recently established its own internal audit department. Till recently the internal audit function was conducted by BNM’s audit department, which is independent of those responsible for the day-to-day operations. Key consideration 2.7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. Description The MyClear has periodic meetings with the participants and has a formal quarterly meeting with the association of commercial banks, investment banks and Islamic banks. There is a formal Rules Working Group that assists in reviewing and framing new rules. This group is comprised of participants of RENTAS. MyClear also conducts periodic surveys to assess the impact of planned and proposed changes. One such survey was for the usage of SWIFT messaging standards for RENTAS. The BNM also as part of its monthly meetings channels any views it hears from participants. The BNM also conducts periodic surveys; a recent instance was for exploring suitability of extending the operating hours of RENTAS. Key conclusion(s) As a central bank, the BNM explicitly supports financial stability and it has also required MyClear to ensure reliability, safety and efficiency of the payment systems it operates, and monitors this closely. Policies, regulations and activities in connection with the MyClear also place a high priority on its safety and efficiency. Assessment of Principle 2 Observed Recommendations and The MyClear is a relatively new organization and has been steadily Comments strengthening the governance arrangements. A number of initiatives are currently underway which would further strengthen the governance arrangements. 26 Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 3.1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description The risk management policies and procedures of MyClear are focused on disclosing known risks, ensuring participants know how to manage these risks and continuously strengthen its internal arrangements to mitigate these risks and also ensure continued adoption of risk mitigation measures by its participants. The risks identified by MyClear with respect to the operation of RENTAS are: credit risk, liquidity risk, operational risk and custody risk. The MyClear has clearly articulated these risks in the various operating procedures and manuals, and in particular in the MPOR. The MyClear periodically conducts simulation runs to assess its risk management measures, a core component of which is the business continuity planning tests that it conducts on a monthly basis. MyClear also conducts periodic risk awareness programs for its participants. In the recent awareness program the MyClear covered the following topics: risks posed by RENTAS to its participants; risks posed by participants to RENTAS; and risks posed by participants to other participants. The MyClear system provides a range of tools to the participants online that help them in monitoring their performance and assess their risks on a continuous basis. The FAST system of the BNM also provides system wide liquidity position four times a day. Based on the evaluation of the risks the MyClear has instituted a number of measures notably Liquidity Optimization Settlement Facility (LOSF) and mini RENTAS. These are described in detail in the discussions under principle 7 and 17 respectively. The Investment Operations and Financial Markets Department of the BNM also monitors the ongoing liquidity position of the financial system. Key consideration 3.2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. Description There are no direct explicit incentives provided to participants for ensuring mitigation of risks. The approach followed by MyClear is periodic ongoing monitoring and providing tools to the participants to manage risks. The participants have access to real-time information on the settlement status of their transactions, settlement account balances and securities holdings through RENTAS Member Computer (MC)5 and RENTAS iLINK. Through these facilities, participants are able to monitor their own position and financial risks 5 This is like a system console. 27 exposure. In addition, participants are also able to set alert thresholds, such as excessive value of queued transactions measured against the participant’s average daily transaction value. The system will prompt the participant via real- time notification when the threshold is breached. Participants are also able to extend vital RENTAS data to their own front office for value-added analysis, prepare management reports and update the directory online, hence, allowing active management of information by them. Investment Operations and Financial Markets Department (BNM) monitors account balances and liquidity positions of the banking system on a daily basis. They maintain close contact with the Treasury Departments of the participants and are alerted promptly on any transactional, infrastructure/operational liquidity problems and when any participant cannot square off their position by end of the day. They also model and forecast the banking system’s liquidity based on information collated from a variety of sources to manage domestic liquidity to ensure that monetary policy targets are achieved. In addition, the usage of the standing facility provided by BNM to financial institutions is being monitored closely. Where there is an abnormal pattern of borrowing from BNM (frequent and/or large amounts) and/or borrowing from the market at an unusually high premium, the Supervision Department of BNM will be alerted. MyClear also continuously monitors the system for any functional problems and payment queues. MyClear will prompt the respective participant via messaging in the system or phone call if there is a long pending transaction to ensure that participants do not overlook their queued transactions as this may cause gridlock. The usage of the intra-day credit facility is stopped at 4.30 PM, and the monitoring of liquidity position from thereon is very closely monitored. Participants typically complete a large proportion of their transactions on a timely basis. In the year 2011, on average, members settled about 50% of their transactions by 12 noon. The top five members settle more than 80% of their transactions by 3.00 pm and 97.5% of transactions are completed by 5 pm. As part of MyClear’s risk management framework, the RENTAS operation team (first line of defence) will identify the types of risk involved and determine the causes of these risks based on the significant activities involved in the daily operation. MyClear also conducts ongoing evaluation to identify possible new risks or scenarios that may have an impact on RENTAS operations. For example, based on MyClear’s observation, potential concentration risk in relation to the engagement of the same third party disaster recovery service providers by several participants was identified. MyClear then highlighted the risk to the affected participants so that necessary actions could be taken to mitigate the risk. Key consideration 3.3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. Description MyClear is an integrated RTGS, depository and securities settlement system for the domestic MYR settlement and securities handled by RENTAS. It does not depend directly on any other external system and settles in the settlement accounts maintained in the BNM systems. There is an online real-time interface between the RENTAS and the BNM which is used to reflect the participants transactions in their respective accounts in real-time. The RENTAS also offers settlement facility for the PVP and DVP settlement of 28 USD-MYR and USD securities settlement respectively through the linkage with the USD CHATS in Hong Kong and for domestic RMB settlement through using Bank of China (Malaysia) Berhad (BOCM) as the local settlement bank. The risks related to these links include the full range of credit, liquidity and operational reliability risks. The transactions are processed through the RENTAS system hence the same tools described is used to monitor these risks. In addition, in the case of the RMB settlement MyClear has a service level agreement with the settlement bank - BOCM, specifying the tools, facilities and the levels of operational reliability that the BOCM should provide. In the case of the CHATS system, the HKMA oversees the system and the BNM relies on this and has an MOU with the HKMA to gather pertinent information to actively manage its risk. Key consideration 3.4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind- down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description RENTAS is a designated payment system under the PSA, the PSA provides BNM the power to assume control of RENTAS, in any case RENTAS is operated by MyClear its 100% owned subsidiary. In addition, the key operational staffs for RENTAS are seconded from BNM and remains on BNM’s payroll. The Information Technology (IT) development and support for RENTAS is also managed by BNM’s IT Services Department using BNM’s IT infrastructure. In the event that MyClear is to wind-down and cease operations, the operations of the system can be seamlessly transferred back to BNM which has the ability, capacity and infrastructure to operate, maintain and develop RENTAS. Such transfer would not entail any IT infrastructure changes. The PSA also provides for the BNM to directly own and operate payment systems and also take over operation of DPS that are in wind-down stage. Key conclusion(s) MyClear has developed robust risk management policies, procedures and systems that enable it to manage the risks associated with the operation of the RENTAS effectively. RENTAS’s participants have access to information that would enable them to manage the risks they may face by participating in the system as well as the risks they pose to the RENTAS. The rules and procedures are effectively enforced to ensure ongoing compliance by the participants. MyClear continuously analyzes the risks arising from interdependencies with other FMIs and with the support of BNM in the case of the link with Hong Kong USD CHATS and BOCM for RMB settlement has a robust framework for the management of operational risks, including comprehensive business continuity arrangements. Assessment of Principle 3 Observed Recommendations and Comments 29 Principle 4: Credit risk. An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Key consideration 4.1 An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. Description The RENTAS system operates an Intraday Credit Facility (ICF) provided by the BNM to provide liquidity support. For securities settlement, the RENTAS operates a DVP model 1 settlement process and does not act as a central counterparty and thus is not exposed to any credit risk. The interest-free ICF is collateralized and after a recent review the collateral accepted and the haircut applied has been aligned with the standing credit facility offered by the BNM available to institutions it supervises – banks, investment banks and Islamic banks. This enables conversion of the ICF to a loan under the standing facility in case the participant is unable to repay. The Monetary Policy Committee of the BNM reviews the policies around ICF and standing facility on an annual basis. The ICF facility is available only for commercial banks, Islamic banks, investment banks and Cagamas, other participants have to source any liquidity required from other sources. In the six month period January-June 2012, 14.1% of the value settled in RENTAS used the liquidity available from the ICF. Key consideration 4.2 An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. Description The ICF is aligned with the standing facility offered by the BNM. The lists of collaterals accepted are assessed to be extremely low risk. In an extreme price volatility scenario, the BNM could face a residual exposure if the market value of the collateralized securities is not enough to cover the amount of cash lent. This is mitigated by applying robust haircuts. The ICF facility is offered until 4.30 PM to ensure that the participants with outstanding ICF have sufficient time to ensure they repay the credit availed or in the worst case they are unable to repay contact the BNM to convert this to standing facility. The standing facility window is available until 5.30 p.m. In the event more time is required, the MyClear team can extend the operating hours of the RENTAS system to enable the participant to source liquidity from the market. The ICF facility is available only to commercial banks, investment banks and Islamic banks. These institutions are in the direct supervision of the BNM and also maintain reserves with the BNM. 30 Key consideration 4.3 A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS payment system or DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. Description To collaterals accepted for the ICF are of very high quality and robust haircut policy is used. The RENTAS system does not use DNS. Key consideration 4.7 An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. Description This arrangement is enforced and governed by the RENTAS rules whereby the Operational Procedures for RENTAS clearly state the rights and obligations of each party involved throughout the whole process, such as: (i) BNM has the right to identify and tag eligible securities when granting the intraday credit facility; (ii) BNM has complete and full ownership of the securities used as collateral; (iii) BNM has the obligation to return the securities used as collateral when the intraday credit facility is repaid within the stipulated time; and, (iv) BNM has the right to take possession of the securities used as collateral if the participant fails to repay the intraday credit facility. Operationally the participants that want to use ICF are required to transfer their securities from their regular depository account in RENTAS to another account owned by them designated “K account”. The securities transferred to K account cannot be retransferred by the participants if they have been marked as used. The sequence of using collateral also is based on using the safest set of collaterals placed first. If a participant is unable to repay the ICF it can source funds from other participants or request BNM for conversion of the ICF to overnight loan. As a last resort, BNM will take possession of the collateral and any loss on ICF due to the inadequacy of haircuts applied is to be borne by BNM. Any potential loss arising from inter-bank repo or other such arrangements are to be borne by the impacted participant. Key conclusion(s) The RENTAS has been designed as an RTGS cum SSS in order to eliminate credit risks between participants and for the system operator. The BNM, in its role as provider of intraday liquidity, limits its exposures by providing collateralized ICF. The BNM may face residual risk in an extreme scenario of volatility. This risk is strongly mitigated through the use of high quality collateral with conservative haircuts and other legal and regulatory provisions. Any losses arising from the 31 ICF are borne by the BNM. Assessment of Principle 4 Observed Recommendations and comments Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key consideration 5.1 An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. Description Securities eligible for ICF are Malaysian Government Securities, BNM Securities, Private Debt Securities (PDS) with AAA domestic ratings and other securities as specified in the Standing Facility Guideline. The guiding principles to determine which securities to accept for ICF are as follows: (i) Protect the interest of BNM as ICF provider; (ii) accept high quality and liquid securities deposited in RENTAS; and, (iii) facilitate conversion of ICF into Standing Facilities (SF) in the event the ICF remains unpaid by RENTAS closing time by accepting only those securities that are also eligible for use in SF. Participants have sufficient eligible securities to be used to access ICF. The list of eligible securities is approved by the Monetary Policy Committee (MPC). Both BNM and MyClear monitor the payment behaviour of participants including usage of ICF and will review the list of eligible securities at least on an annual basis to assess if there is a need to expand the list of eligible securities. All securities in Malaysia have been assigned stock codes along with an ISIN. The Collateral module in RENTAS maintains a list of stock codes that are eligible for use as collateral for ICF. The depository component in RENTAS maintains the stock code as an attribute for the deposited securities. Key consideration 5.2 An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. Description The factors that are taken into account to determine the haircuts are as following: i) The price volatility (one month price) of the collateral, to determine the worst case decline in the value of the collateral; ii) the maturity of the collateral (duration), with longer duration requiring higher margin due to the sensitivity of the price; iii) the credit standing of the issuer of the collateral. The haircut is set at a level to cover 99% VAR based on prices over a month with additional haircut ranging from 0.5% to 2% for longer maturities and type of issuer. The collaterals are valued on a daily basis based on the (yield to maturities) submitted by the principal dealers. The YTM is submitted daily for the MGS and once a week for PDS. The BNM currently assesses the one-month variation over a five year period to determine the haircut. The collateral model is reviewed annually. 32 Key consideration 5.3 In order to reduce the need for pro-cyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. Description The one month price variation over a five year period is used to determine the 99% VAR for calculating the haircut. This period includes the periods of severe market stress during 2008-9 and also the holding period is actually only 1-day but a potential variation over a month period is considered. Key consideration 5.4 An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. Description The BNM does not currently measure the concentration of securities in the collaterals used for ICF. It plans to introduce this shortly. However, the current concentration of the collateral holdings is centered on high quality securities, i.e. Government and BNM papers. In the event ICF is not repaid, the securities will not be immediately liquidated. The unpaid ICF will be converted to SF, using the same collateral used. Key consideration 5.5 An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. Description Cross border collateral is not accepted for ICF. Key consideration 5.6 An FMI should use a collateral management system that is well-designed and operationally flexible. Description In RENTAS, participants may transfer securities that they wish to set aside as collateral by transferring these securities into their own collateral account (K - Account). The collateral account is a pool of securities from which RENTAS will select and earmark as collateral for the ICF extended. When a participant does not have sufficient balances for the outgoing payments, RENTAS system grants ICF automatically based on the available securities in the K-account. RENTAS automatically selects and earmarks the securities in the K account which meets BNM’s collateral eligibility criteria (based on matching stock- code) and calculates the market value of the eligible securities based on the net price of each security which is sourced from the Fully Automated System for Tendering/Issuing (FAST). Once the ICF is repaid, the earmarked securities will be released. The ICF is available only until 4.30 PM. In addition, MyClear monitors ICF repayment status and would alert participants if they have not paid by 5.30 pm. MyClear also monitors the use of ICF, transaction queues and pending transactions to ensure that ICF is available and that transactions can be settled smoothly. The process of adding and removing securities for the list eligible for use in ICF was recently tested as part of introduction of new securities to the list. The process was determined to be smooth and capable of supporting additions and deletions during a day. Key conclusion(s) The BNM accepts securities with low-risk and uses a one-month price data to determine haircuts. The credit facility is available only to commercial banks, investment banks and Islamic banks. These institutions are directly overseen by the BNM and they maintain statutory reserves with the BNM. Assessment of Principle 5 Observed. 33 Recommendations and The BNM could consider sourcing the daily price of bond securities from the comments Bond Pricing Agency (BPA). Principle 7: Liquidity Risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key consideration 7.1 An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. Description The RENTAS settles participant payment orders if, and only if, there is sufficient balance in the settlement accounts those participants hold at the BNM. The main sources of liquidity for participants are: Opening balances; excess statutory reserve balances; Maturity of money market placements with BNM. BNM pays out all matured placements by 9 am so that participants may make full use of the liquidity from these transactions; Liquidity sourced from the market; and ICF. In 2011, 14.1% by transaction value was settled using ICF; 1.06% through using excess statutory reserves; and, the rest was through balances in the account or incoming transfers. The SSS component of the RENTAS system settles securities transfers using a DVP model 1 process with the funds leg being settled through the RTGS component and the securities leg at the CSD component. As the RTGS component is used for the funds leg, the same liquidity management arrangements for the funds transfers apply for the SSS component as well. The BNM supports liquidity management for the RTGS component in the RENTAS through ICF. As a central bank, in principle the BNM would be able to provide unlimited liquidity support to the RENTAS – hence it does not face liquidity risks. In practice, however, the liquidity that can be provided through ICF is capped by the amount of eligible securities each participant holds. Thereby, participants bear any remaining liquidity risks. Investment Operations and Financial Markets Department (BNM) monitors account balances and liquidity positions of the banking system on a daily basis. They maintain close contact with the treasury departments of the participants and are alerted promptly on any transactional, infrastructure/operational liquidity problems and when any participant cannot square off their position by end of the day. They also model and forecast the banking system’s liquidity based on information collated from a variety of sources to manage domestic liquidity to ensure that monetary policy targets are achieved. In addition, the usage of the standing facility provided by BNM to financial institutions is monitored closely. Where there is an abnormal pattern of borrowing from BNM (frequent and/or large amounts) and/or borrowing from the market at an unusually high premium, the supervision department of BNM will be alerted. MyClear also continuously monitors the system for any functional problems and the status of the payment queues. MyClear informs the respective participant via messaging in the system or phone call if there is a long pending transaction to ensure that participants do not overlook their queued transactions 34 as this may cause gridlock. MyClear also recently introduced Liquidity Optimization Settlement Facility, which enables participants to tag transactions that can be settled in a multi- lateral offsetting mode. The RENTAS system can run the multilateral offsetting algorithm every few minutes. This has not been very widely used by the participants yet. For the RMB settlement, through a service level agreement (SLA) with MyClear, BOCM - the RMB settlement bank is contractually obligated to provide sufficient RMB liquidity to support the liquidity requirements of the participants both during normal and stressed conditions. In addition, the RMB settlement bank is required, under the SLA to provide the set of pre-determined criteria and terms and conditions that would be used to provide liquidity to the participants to ensure that participants have clarity on access to liquidity. For the USD PVP and DVP settlement, the settlement bank in USD CHATS provides liquidity through intra-day overdraft and intra-day repos. HKMA appoints the USD CHATS settlement bank which is subjected to regular review. In addition, the settlement bank allows USD CHATS participants to fund any deficit position in Hong Kong until the close of CHIPS in New York, allowing banks to draw on USD liquidity in New York. RENTAS participants have established credit lines with correspondent banks in Hong Kong to facilitate the participants’ access to USD liquidity. The arrangement with the correspondent banks also allow for the auto-sweeping of liquidity from USD accounts in New York and vice-versa. The rules of the RENTAS for foreign currency transactions clearly place the responsibility for managing their liquidity risks and that RENTAS has no role in that. Key consideration 7.2 An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. Description RENTAS surveillance system enables MyClear and BNM to: monitor liquidity inflows and outflows; monitor use of intraday credit facility, available balances, queues and pending transactions; and receive alerts for unredeemed intraday credit, pending transactions and excessive buildup of queued transactions. The participants have access to detailed information on their RENTAS transactions through the Member Computer and RENTAS iLink. The participants can see the status of their USD-MYR PVP transactions also through RENTAS. In addition the CHATS system provides similar tools to the participants. The Settlement bank for the USD CHATS system provides online access to the participants USD settlement account. Key consideration 7.3 A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. 35 Description The RENTAS system is used for MYR and USD settlements. Settlements for RMB-MYR PVP transactions will be introduced in 2013. The RENTAS rules provide for liquidity support by the BNM only for the MYR transactions. The design of RENTAS as a RTGS system ensures that the participants cannot default on each other or on the system. For the RMB and USD settlements, though the transactions are initiated in the RENTAS system, the settlement is in the books of settlement banks – BOCM in Malaysia for the RMB transactions and the settlement bank appointed by the HKMA for USD transactions. For these foreign currency settlements in these systems the RENTAS ensures PVP, hence ensuring that the participants cannot default on each other or on the system. Key consideration 7.5 For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. Description The only relevant currency for liquidity provision in RENTAS is MYR. The BNM acts as the liquidity provider for the MYR transactions. As the central bank of issue it has access to unlimited liquidity. Key consideration 7.6 An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. Description The only relevant currency for liquidity provision in RENTAS is MYR and the liquidity provider is the BNM. Key consideration 7.7 An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. Description The design of RENTAS as a RTGS system for MYR and through PVP links for the RMB and USD settlements ensures that the participants cannot default on each other or on the system. Hence this key consideration is not directly 36 applicable. In addition, MyClear through the SLA with BOCM for liquidity provision and the HKMA as part of its process for appointing settlement bank for the USD transactions provide a degree of assurance on the availability of the required liquidity in those currencies. Key consideration 7.8 An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. Description RENTAS uses the settlement accounts of participants with the BNM for MYR transactions. Key consideration 7.9 An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. Description The design of RENTAS as a RTGS system for MYR and through PVP links for the RMB and USD settlements ensures that the participants cannot default on each other or on the system. The BNM provides liquidity through ICF for MYR transactions, any default by participants availing ICF transactions could potentially pose a liquidity risk. However as central bank of issue in the relevant currency, this risk is very remote. In the case of the USD settlements, the settlement bank provides liquidity and in this case the liquidity risk does exist. The HKMA as part of its oversight over the USD CHATS system ensures that this risk is adequately addressed. Key consideration 7.10 An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Description Due to the RENTAS design, participants cannot default on each other or on the system. Payments are settled on real time (i.e. on a continuous basis) for MYR 37 transactions and on PVP basis for the foreign currency transactions upon availability of the necessary funds. RENTAS rules, procedures and operational tools, including rules for the ICF, support the continuous and smooth settlement of payments throughout the operational day. In some cases, mainly as a result of operational and/or technical problems, participants may request an extension of regular operating hours in order to be able to complete same-day settlement. In 2011 there were only 5 such instances and these were primarily for ensuring settlement of systemically important transactions. All relevant rules and procedures are communicated to participants through rule updates and are available on the MyClear website. Their effectiveness is discussed in the rules working group, in the quarterly meeting with the associations and in the monthly meeting with the BNM. Key conclusion(s) In its role as operator of the RENTAS, the BNM and MyClear are not exposed to liquidity risks, which are borne entirely by system participants. To address the liquidity risks of the participants, the BNM and MyClear support the sound and efficient operation of the RENTAS and provides a variety of tools and facilities to promote its smooth operation and avoid a gridlock situation and have required the BOCM to provide the same for RMB settlements and the HKMA ensures the same for the USD settlement in the CHATS system. The MyClear has developed a variety of operational tools in the RENTAS application for this purpose, to assist participants in managing their liquidity risks. The BNM has also developed the intra-day credit facility. These tools have proved effective so far in reducing liquidity and overall settlement risks, and are monitored on an ongoing basis. Where necessary, adjustments/changes have been made after proper consultations with the participants. As a central bank, the BNM relies on the powers vested to it by law and on its own operational tools and systems to provide liquidity to RENTAS participants. Therefore, it relies on MyClear only for operational support to implement any of its relevant actions in this area, and the ability to implement this is tested as part of its BCP process. In the case of the USD and RMB settlement links the participants are responsible for arranging their own liquidity support mechanisms. However the BNM and MyClear through their SLA with BOCM contractually require the BOCM to provide liquidity and for USD the HKMA as part of its oversight activities requires the same from the operator of CHATS. Assessment of Principle 7 Observed Recommendations and BNM should closely monitor the adequacy of the liquidity risk management Comments framework for the RMB transactions when the volume or value of transactions becomes significant. Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key consideration 8.1 An FMI’s rules and procedures should clearly define the point at which settlement is final. 38 Description Article 19(1) of the PSA provides for payment instructions settled in RENTAS to be final and irrevocable from the point the payment instruction is settled as per the rules of RENTAS. The definition of payment instructions in the PSA encompasses funds transfer and securities transfer. The definition of securities in the PSA refers to the definition for securities in the SCA which includes the types of securities settled in the RENTAS. The same article also states that bankruptcy, insolvency and other similar events shall not have any effect over payments deemed final. For MYR funds transfers, the RENTAS operating rules (art 10) deem a funds transfer instruction as final once it is eligible for execution6 and has been picked up for execution. The same provision is there in the operating rules for foreign currency transactions (art 12). In the case of SSS the OPSS (art 70) specifies the settlement principles and requires usage of DvP process and on the conclusion of the DvP process the SSS transaction is final as per the OPSS rules. The PSA specifically protects the finality of transactions settled in RENTAS from the insolvency related provisions in the Companies Act 1965 and Bankruptcy Act 1967. All RENTAS securities transactions are final and irrevocable once the transaction is settled in RENTAS, i.e. simultaneous debit and credit of the securities and cash account. For Free of Payment (FoP) transactions, securities transactions are final when the transfer of securities is completed. The RENTAS system ensures DVP settlement for securities: the system matches the instructions and simultaneously transfers the securities and cash if both of the following conditions are met: seller has sufficient unencumbered securities to deliver; and, buyer has sufficient cash balances (or intraday credit lines) to pay for the securities. If either or both have insufficient balances, the transaction will be queued in the system until there are adequate balances. If settlement does not occur by RENTAS cut-off time, the transaction will be cancelled. A similar process is followed for the PVP and settlement links with the USD CHATS system in Hong Kong. The CCPMP i.e. the cross currency payment matching processor operated by HKICL will match the MYR leg of a transaction in RENTAS against the USD leg of a transaction in USD CHATS and co-ordinate the simultaneous settlement of both legs for PvP settlement for availability of adequate balance in the counterparty USD account, and completes the transaction if both the accounts have adequate balance. When there is inadequate balance in either of the accounts the transaction is queued. The proposed RMB PVP system would follow a similar approach. As the foreign currency transactions are initiated in RENTAS the transactions leg in Malaysia for the USD CHATS linkage and for both the MYR leg and the RMB leg in Malaysia for the RMB settlement are deemed final under the finality rules. Key consideration 8.2 An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the 6 Eligibility conditions include availability of sufficient liquidity, the participant membership being in good order and the payment instruction date being the current business day. 39 settlement day. Description All payment orders processed through the RENTAS are settled individually in real time once the system verifies there are sufficient funds in the associated deposit account. Settlement is continuous throughout the operational day. Information on account balances that is made available to the participants is updated in real-time. The transactions tagged for LOSF settlement are pended in the queue till the next run and all such transactions from all participants are taken up for processing, and those that can be settled based on the respective available balances are settled. The algorithm runs multiples times in a day and all settlements concluded using that arrangement are deemed final. Regular operating hours may be extended following a participant’s request. Payments processed during extended hours receive the same treatment as those processed during regular hours. Key consideration 8.3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Description Participants may cancel securities transaction submitted for settlement, provided it has not been settled and subject to mutual agreement between both buyer and seller, as follows: for securities transaction before its settlement date, i.e. forward-dated transactions, the seller can initiate the cancellation advice before the settlement date and the buyer shall confirm the cancellation advice immediately on the same day. For transaction pending payment on the settlement date, the buyer shall initiate cancellation of the cash leg transaction from the payment queue. This will then prevent DVP from occurring and the transaction will automatically be cancelled by the system at settlement cut-off. These conditions are stated in Section 68 of the Operational Procedures for Securities Services and Section 14 of the Operational Procedures for MYR Settlement in RENTAS. Funds transfer transactions in the queue can be cancelled anytime. However, transactions marked for priority handling can only be cancelled by MyClear. The transactions marked for priority handling are settlement of money market operations, settlement of government bond auctions and transactions arising from cash-in-transit deposits and withdrawals. This process is detailed in section 13.0 of the Operational Procedures for MYR Settlement in RENTAS. Payment orders that have been not been settled by the end of the day are removed automatically by the system. Key conclusion(s) RENTAS rules clearly define the point at which settlement is final for funds and securities transfers and this has the backing of the PSA and hence is protected at the level of law. Final settlement is achieved in real-time upon fulfillment of the necessary conditions. To cater for any liquidity issues participants’ face and other operational issues in addition to the liquidity support mechanisms the MyClear has developed a procedure by which regular operating hours may be extended to complete final settlement on a same-day basis. In 2011 this procedure was used a total of 5 times. MyClear rules also clearly define the point after which unsettled payments may be revoked (i.e. once the payment has been accepted for settlement it may no 40 longer be revoked). Assessment of Principle 8 Observed Recommendations and Comments Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimize and strictly control the credit and liquidity risks arising from the use of commercial bank money. Key consideration 9.1 An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Description The MYR transactions are settled in the books of the BNM. The foreign currency transactions are settled in the books of commercial banks, the BOCM in Malaysia in the case of RMB settlement and in the books of the CHATS settlement bank in Hong Kong in the case of USD transactions. Key consideration 9.2 If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. Description The BOCM has entered into a SLA with MyClear which stipulates adherence to a set of operational reliability and establishment of liquidity facilities. In addition the BOCM is supervised by the BNM as a commercial bank and it has conducted a rigorous analysis to ascertain its suitability. The BNM has also entered into an MOU with the China Banking Regulatory Commission (CBRC) –the home supervisor of the BOCM, which collectively provide a mechanism for the BNM to gather the views and seek co-operation of the home country supervisor of BOC. In the case of USD transactions, the CHATS system is overseen by the HKMA. The oversight arrangement between the HKMA and the BNM provide a mechanism for the BNM to gather the views of HKMA on the continued compliance of the CHATS systems to relevant standards and also on the stability of the settlement bank. The HKMA also has a process of constantly reviewing the operations and suitability of the settlement bank. Key consideration 9.3 If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. Description The MYR transactions are settled in central bank money in the books of the BNM. For the USD PVP transactions, the USD leg is settled in the settlement bank of the CHATS system. The CHATS settlement bank is supervised by the 41 HKMA and the CHATS system is also overseen by the HKMA. In the 2009 CPSIPS assessment conducted by the HKMA, the CPSIPS principle VI is rated as observed. The settlement bank for the RMB leg of the RMB-MYR transactions is chosen by the BNM after a rigorous analysis. The BNM has also held extensive discussions with the CBRC the home country supervisor of the BOC. Key consideration 9.4 If an FMI conducts money settlements on its own books, it should minimize and strictly control its credit and liquidity risks. Description The RENTAS system conducts money settlements in the books of BNM or for the foreign currency transactions in the books of settlement banks. This key consideration hence is not applicable. Key consideration 9.5 An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Description The foreign currency transactions are processed through RENTAS and the MYClear rules and procedures for foreign currency transactions are applicable for these. The rules clearly state that the transactions are settled on a PVP / DVP basis and are final when effected. Key conclusion(s) The MYR transactions are settled in the books of the BNM. Settling in the books of the BNM for RMB and USD transactions is not practical. The choice of settlement banks for the RMB and USD transactions are based on sound procedures and due process and are designed to mitigate risks. Assessment of Principle 9 Observed Recommendations and Comments Principle 10: Physical Deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Assessment of Principle Not Applicable, as RENTAS does not handle physical deliveries. 10 Recommendations and Comments Principle 11: Central Securities Depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Key consideration 11.1 A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and 42 conduct periodic and at least daily reconciliation of securities issues it maintains. Description The securities accounts in RENTAS are held electronically for each Authorized Depository Institutions (ADI), these are all commercial banks. The securities accounts are maintained at the level of ADI and the segregation of client accounts are in the books of the ADI. The client accounts are held un- segregated in client omnibus accounts – one each for foreign and domestic investors. The ADI’s proprietary holdings are held in a separate account. The RENTAS manages outstanding securities until their maturity. At this moment, securities are marked as “redeemed” in the system upon maturity. MyClear as an agent of the BNM is the registrar for the specified securities dematerialized/immobilized in RENTAS. All securities transfers are done through book entry. The dematerialization of Malaysian Government Securities is supported by Section 6 of the Loan (Local) Act 1959, Section 6 of the Government Funding Act 1983 (GFA), Section 9a(3) of the GFA and Section 7(3) of the Treasury Bills (Local) Act 1946. The Guideline on the Offering of Private Debt Securities (PDS) and the Guideline on the Offering of Islamic Securities issued by the SC require both conventional and Islamic PDS to be deposited in RENTAS. The Guidelines are issued pursuant to the SCA and CMSA. The global certificates which represent the issuances of Private Debt Securities are required to be lodged and immobilized in RENTAS. MyClear, as the operator of RENTAS, is required under section 14 of PSA to issue operational rules and procedures on RENTAS. The main rules governing securities settlement arrangements in RENTAS are: The MPORP - Participation and Operation Rules for Payment and Securities Services provided by MyClear which defines the rights and responsibilities of BNM, MyClear and RENTAS participants; ROP - The Operational Procedures for RENTAS which provides the overview of the RENTAS operation; OPSS - Provides details on the operational procedures on securities services performed in RENTAS; and, The Central Securities Depository and Paying Agency Rules which governs the depository and paying agency services provided by MyClear, as agent for BNM in relation to the securities deposited in RENTAS. Securities are created in the RENTAS system upon the primary placement of securities in the market place. A global certificate representing a specific issuance is kept in safe custody by MyClear (art 9.18 OPSS). RENTAS. Securities allotted to the various financial intermediaries both for their own holding and on behalf of their clients are credited into their respective securities account. The rights of the securities holders are safeguarded as stated in the Operational Procedures for Securities Services Section 9.7, which requires RENTAS ADI participants to segregate their own holdings from that of their customers, thus protecting the customer’s assets from seizure in the event of insolvency of the participants. Participants have to employ accounting practices and safekeeping procedures that fully safeguard the customers’ securities from claims from the participants’ creditors. All the ADIs are commercial banks and are subject to 43 periodic audits by the BNM. No securities can be created in the RENTAS depository without undergoing a process of primary issuance via tender or private placement in BNM’s Fully Automated System for Issuing/Tendering (FAST). All securities creation involves a process of inviting tenders, bid submission, tender processing and results announcement. Each step of the process requires dual control approval. The detailed results of the allotment are disclosed to bidders and general allotment results are publicly disclosed. Results of the allotment are then automatically transferred to RENTAS for settlement and creation of holding records. These controls are enforced by the RENTAS system. No securities can be deleted in RENTAS unless the securities have reached its maturity date and all holdings have been redeemed on a DVP basis. These controls are enforced by the RENTAS system. RENTAS performs a daily automatic comparison of securities deposited in RENTAS against the list of securities in the primary issuance system (FAST) to ensure that securities in RENTAS are complete and accurate. The total securities holdings, aggregated across all participants, are also compared against the total securities outstanding amount to ensure consistency. An internal process has also been established to investigate any discrepancy that is generated from the daily automatic comparison. All the audits thus far have not indicated any shortfall in securities. All the relevant rules and law are available in the website of MyClear. Participants are also informed through emails and official communication on any changes, which are also discussed in the rules working committee. Key consideration 11.2 A CSD should prohibit overdrafts and debit balances in securities accounts. Description Operational controls are used to prohibit overdraft and debit balances in securities accounts. There is dual control mechanism to prevent the unauthorized creation and deletion of securities. The securities transfer and settlement components in RENTAS ensure that the ADIs securities account can never go into a debit position. Key consideration 11.3 A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. Description At present, all the new issues of specified securities are immobilized or dematerialized in RENTAS. These represent over 97.37% of total securities holdings as of June 2012 There some PDS securities issued before 2006 those are still held by investors in paper form. As of June 2012, 52.46% of all securities lodged in RENTAS are de- materialized, 44.91% are immobilized and 2.63% are still held in paper form. Key consideration 11.4 A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. Description Several measures are in place to protect the participants against any loss due to fraud, negligence and operational problems: i) Adoption of digital signature and encryption mechanisms to ensure to ensure the integrity, confidentiality and non-repudiation of the transaction message; (ii) Availability of system’s end-to- end audit trails which are closely monitored by MyClear; and, iii) Establishment of MyClear’s independent Rules and Compliance Division that undertakes pro-active monitoring of internal compliance to operational 44 procedures and supervisory expectations of the central bank. The MyClear rules provide for good-faith settlement of disputes failing which an arbitration process is allowed for. These are specified in art 17.0 (i) of the OPSS. For investors, disputes can be raised to SC’s Complaint Unit and also BNM. MyClear rules are issued in accordance with the requirement for a DPS under the PSA. These rules are also reviewed by the BNM. Key consideration 11.5 A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. Description There are two categories of RENTAS participants. The first category are allowed to hold their own securities only while the second category, known as ADIs, are allowed to hold both their own securities as well as on behalf of their customers. ADIs comprise financial institutions, i.e. commercial banks, Islamic banks and investment banks that are regulated and supervised by BNM. ADIs are required to segregate their own holdings from those of their customers. Customers’ holdings at each ADI are further segregated into omnibus ‘Resident’ and ‘Non-Resident’ securities accounts. The requirements for the segregation are stated in the LO, TBA, GFA and OPSS. In addition, to ensure adequate protection of customers’ assets, the following requirements are spelt out in the OPSS, are imposed on all custodians of RENTAS securities: • Maintain details of each customer’s accounts in the ADIs internal records for securities holding for both “Resident” and “Non-Resident” omnibus accounts; • Employ accounting practices and safekeeping procedures that fully safeguard the customers’ securities from claims from the ADIs' creditors; • Prohibit ADIs from using securities belonging to their customers for any purpose without prior written approval of the customers; • Conduct regular reconciliation to ensure that the securities held in the ADIs' internal records tally with their aggregated holdings in RENTAS; • Issue monthly statements to each customer in respect of their holdings of RENTAS securities; • Pay customers coupon/interest/dividend/profit payment and redemption proceeds on the dates they are due provided clear and complete instructions have been received from customers and subject to receipt of funds from the Issuer; and The custody activities of the ADIs who hold securities on behalf of their clients are subject to regulations and supervision by BNM. The scope of surveillance covers procedures and internal controls used in the safekeeping of securities belonging to customers. The RENTAS has tools that can enable transfers of customer securities from one ADI to another; this has been tested indirectly as part of the merger of some ADIs. Key consideration 11.6 A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to 45 address these risks. Description RENTAS provides various other retail payments services, however a different set of personnel and systems are used for managing them. Key conclusion(s) The rights of securities issuers and holders are adequately safeguarded at the RENTAS. In particular, there is a robust legal framework that minimizes custody risk. At the operational level, securities holding records are held at the omnibus level. RENTAS facilitates, from an operational standpoint, the transfer of customer accounts from one direct participant/custodian to another. The RENTAS rules and the RENTAS application prohibit overdrafts or debit balances in securities accounts. Securities managed by the RENTAS are immobilized and maintained in book entry form. RENTAS provides a number of retail payment related services, however the RENTAS SSS and RTGS functions are segregated both at the level of personnel and systems. Also none of the other activities pose any liquidity or credit risk to MyClear. In the event of any issues, the activities of RENTAS can be seamlessly taken over by the BNM. Assessment of Principle Observed 11 Recommendations and The link between RENTAs and Euroclear is in the early stages, as it develops Comments MyClear should effectively address the risks associated with this and other aspects covered under this principle. MyClear and BNM could consider inclusion of periodic testing its ability to support portability of client positions. Principle 12: Exchange of Value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example securities or foreign exchange transactions) it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 12.1 An FMI that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis when finality occurs. Description The RENTAS system supports securities settlement. In addition it also supports USD-MYR and RMB-MYR PVP transactions through links with USD CHATS in Hong Kong and BOCM in Malaysia respectively. The DVP and PVP processes are ensured through system controls. The RENTAS uses DVP Model 1 wherein the securities and funds are settled on a gross basis for ensuring DVP process for securities settlement, the system matches the instructions for securities transfers and corresponding funds transfer and simultaneously transfers the securities and cash if both of the following conditions are met: • Seller has sufficient unencumbered securities to deliver; and • Buyer has sufficient cash balances (or intraday credit lines) to pay for the 46 securities. If either or both have insufficient balances, the transaction will be queued in the system until there are adequate balances. If settlement does not occur by RENTAS cut-off time, the transaction will be cancelled. PvP is achieved through simultaneous transfer of both MYR in RENTAS and USD in USD CHATS and RMB in the case of the BOCM link. For USD CHATS, the matching of the instruction is done by the Cross Currency Payment Matching Processor (CCPMP) in RENTAS, and interfaces to both the USD CHATS. Key conclusion(s) The DVP and PVP processes are ensured by RENTAS through appropriate system controls and through interfaces with the relevant systems. Assessment of Principle Observed 12 Recommendations and Comments Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration 13.1 An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description Due to the RENTAS design as an RTGS system and using DVP model 1 for SSS in which all transactions are processed if, and only if, the necessary funds are available at the respective accounts, participants do not default on each other or on MyClear and BNM. Other payment and settlement systems settle their final balances at the RENTAS; any default on such other systems is to be managed solely by the relevant operator/participants. Payment orders that have not been settled by the end of the operational day are removed from the central processing queue. Participants that use ICF eventually could fail to repay the credit. For the BNM and MyClear this potential event is considered out of the scope of the RENTAS (i.e. the BNM does not require to use those assets to complete daily settlements in the RENTAS) and instead is regarded as a default on BNM’s monetary policy operations. The rules relating to the ICF provide the BNM full powers to liquidate the collateral posted. The participant can also request for conversion of the ICF to a credit from the standing facility. At the moment this is done manually. MyClear is in discussion with the BNM to facilitate auto-conversion of ICF to standing facility. The other avenue available to participants is to request extension of operating hours. The Rules and operating procedures specify the procedures that MyClear, the participants as well as other relevant parties will undertake in the event a 47 participant needs extension. This includes, for example, the responsibility of HKMA to consider and mutually agree with MyClear to grant an extension of cut-off time for the RENTAS USD CHATS PvP link to avoid systemic failure. The procedures for this are spelt out in the following: i) Request for extension of PvP link cut-off time - art 15.0 of the operating procedures for MYR Settlement in RENTAS; ii) Request for extension of MYR settlement cut-off time - art 16.0 of the operating procedures for MYR Settlement in RENTAS; iii) MYR intraday credit facility – Sections 11.0 and 19.0 of the operating procedure for MYR Settlement in RENTAS; and, iv) Procedure to handle operational failure – Section 10 of the Rules. MyClear has developed internal procedures to follow if a participant is declared insolvent. The RENTAS rules also cover how insolvency of participants is to be handled - art 5.17 to 5.30 of the rules. In general terms once a participant is declared insolvent, MyClear in consultation with the BNM will take stock of all the queued transactions, future dated transactions and securities holding of the participant. The other participants are informed of the default and all the pending and queued transactions are cancelled. In consultation with the BNM the accounts of the insolvent participants would be suspended, cancelled or frozen. Key consideration 13.2 An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. Description The BNM and MyClear are well prepared from both a regulatory and operational perspective to address any default on ICF. The MyClear has also developed internal procedures to handle insolvency of a participant. Key consideration 13.3 An FMI should publicly disclose key aspects of its default rules and procedures. Description The relevant rules and procedures are posted on MyClear website. Key consideration 13.4 An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. Description The applicable rules are discussed at the level of the rules working group of MyClear. MyClear is also considering conducting an annual simulation and testing of procedures to handle scenarios involving termination of participants following their becoming insolvent and extension of operating hours. Key conclusion(s) The RENTAS design does not allow for defaults between participants, or between the participants and the RENTAS. The only exception, which might be regarded as out of the scope of the RENTAS, is a potential default on the repayment of ICF. The RENTAS rules describe how insolvency of a participant would be handled. MyClear has developed internal procedures to handle insolvency of participants as well. Assessment of Principle Observed 13 Recommendations and Provision of ICF is closely aligned with the other monetary policy instruments 48 Comments enabling smooth transformation of an ICF into overnight credit, and thereby an ICF default will not necessarily result in invoking the default procedures of the RENTAS system. MyClear and BNM could consider periodic testing of the default management procedures and involving the participants in this process. Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration 15.1 An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description MyClear is a 100% owned subsidiary of the BNM. Ensuring a safe, reliable and efficient national payment system is responsibility vested on the BNM by virtue of the CBA and PSA. MyClear has been established as a body corporate and it has instituted various controls systems to address business risk. MyClear has identified 5 main risks that it is exposed to: (i) poor business planning and execution; (ii) poor financial planning; (iii) legal action on negligence; (iv) risks from investments; and, (v) loss of key personnel. A comprehensive approach has been developed to manage these risks and is monitored at the board level. Key consideration 15.2 An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. MyClear monitors its financial performance including its cash flow position on a monthly basis. MyClear has a well-developed revenue model comprising of participant membership fees and transaction fees. The IT related costs of RENTAS are funded by the BNM and MyClear only implements and manages the RENTAS application. In the event MyClear has to wind-down the BNM would take over the operation of the RENTAS system. Key consideration 15.3 An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk- based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description As at 31 May 2012, MyClear has sufficient liquid net assets to handle, at least, six months of its projected operational expenses. In the event MyClear has to wind-down the BNM would take over the 49 operation of the RENTAS system. Key consideration 15.4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description MyClear’s liquid net assets are held in low risk investments, primarily as fixed deposits and cash held in financial institutions licensed by BNM. As such, conversion of the fixed deposits to cash in adverse market conditions will not result in any loss in market value. Key consideration 15.5 An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description The financial performance of MyClear is tabled to the Board. Should there be a need to replenish its capital due to inadequate financial resources to meet its operating expenses or expansion of business, the Board shall review and approve, which will then be proposed to the BNM. The BNM is committed to ensuring the orderly performance of the national payments system, and it is expected that the BNM would support a genuine need for additional capital or identify a suitable alternative mechanism. Key conclusion(s) Ensuring availability of safe, reliable and efficient payment and clearing services is one of the core functions of the BNM established in the CBA and PSA. The BNM owns RENTAS and operates it through its 100% owned subsidiary MyClear. Moreover, the RENTAS pricing policy is full cost recovery. The initial set-up costs are in general recouped in 5 years. Over the past years the operations of RENTAS and has been generating financial surplus. Assessment of Principle Observed 15 Recommendations and Comments Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimize the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 16.1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description The MyClear holds its own assets in fixed deposits and other accounts in commercial banks in Malaysia. The BNM as the central bank manages its assets prudently in line with its role and responsibility. MyClear does not hold any operational assets of the participants. The collateral placed for ICF continue to be held in the accounts of the respective participants, but are marked as pledged. Key consideration 16.2 An FMI should have prompt access to its assets and the assets provided by 50 participants, when required. Description As MyClear’s assets are in commercial banks in Malaysia it has prompt access to them. The collateral placed for the ICF is in the RENTAS system and are managed by the BNM. Key consideration 16.3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. Description MyClear does not use custodian banks. Key consideration 16.4 An FMI’s investment strategy should be consistent with its overall risk- management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description As MyClear’s assets are in commercial banks in Malaysia it has prompt access to them. The collateral placed for the ICF is held in the RENTAS system and are managed by the BNM. Key conclusion(s) MyClear maintains its assets as FDs in commercial banks in Malaysia and does not manage any participant assets. The participants’ collateral pledged for ICF are held in the RENTAS and managed by the BNM. Assessment of Principle Observed 16 Recommendations and Comments Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Key consideration 17.1 An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description Several processes are implemented by BNM and MyClear in identifying and managing the operational risks related to RENTAS operations. These include: (i) Assessing the adequacy of controls to comply with the requirements outlined in the supervisory expectations and requirements on DPS issued by BNM; (ii) Identifying gaps and possible operational issues from the self- assessment against the international standards; (iii) analyzing the findings highlighted from the Internal Audit Department (IAD) reports; (iv) Risk assessment performed by the Risk Management Department (RMD) of MyClear; and, (v) oversight and regulatory activities of the Payment Systems Policy Department (PSP) of BNM, which helps in identifying any remnant operational risks. The main operational risks that have been identified are as follows: (i) system 51 related disruptions; (ii) participant facing operational issues; (iii) operational reliability issues with the settlement banks for the foreign currency transactions; and, (iv) personnel related risks. Potential single points of failure in terms of hardware, software, network infrastructure, public key infrastructure and utility providers have been identified. These have been effectively addressed using a combination of operational procedures and appropriate system architecture and data center management processes. A full-fledged disaster recovery (DR) center has been established 35 kilometers away from the main site and the data is replicated in real-time from the main site to the back-up center. The DR center is of the same configuration as the primary site. The Maximum Tolerable Downtime (MTD) Objective is under two hours and is tested every month. Participants are required to conduct their business continuity tests at-least six times a year and two of which should be to simulate connecting the DR site of the participant to the DR site of RENTAS. MyClear has a third backup which runs on a separate server infrastructure than can provide a minimal level of service. This last resort backup system which is called Mini RENTAS is accessible over the Internet. As at June 2012, all single points of failure that have been identified have been mitigated. The resilience of the RENTAS infrastructure has been proven by its ability to withstand a major power outage in January 2005 and earthquakes that damaged one of the undersea network to Hong Kong its uses. MyClear has documented the risks associated in RENTAS operations into RENTAS’s Operational Procedures and Business Continuity Management procedure manual. Internal operational risk is mitigated by a well-documented internal Standard Operating Procedure and daily operational checklist. Payment systems policy department regularly reviews MyClear’s activities, especially via the monthly reports and incident reports, to assess the adequacy of MyClear’s operational risk mitigation measures. BNM’s internal auditors, in their capacity as the group internal auditor, audits MyClear at least once per annum. Going forward, the recently established MyClear’s Internal Audit Department (IAD) would carry out regular audit exercises. MyClear performs a complete circle of System Integration Test, User Acceptance Test, Pilot Bank Testing and Industry Wide Testing before the implementation of any changes or new development in RENTAS. IAD undertakes an independent readiness audit when new RENTAS changes are proposed to be implemented to ensure that systems, processes, procedures and documentation are in place. The readiness audit reports are submitted to the BNM for review. The BNM would also assess if the audit coverage is sufficiently comprehensive and may request for additional verification to be performed if necessary. The HR policies of MyClear are geared towards ensuring retention by using a combination of providing opportunities for learning and growth and constantly benchmarking its compensation policies and other HR policies to the market. MyClear is currently in the process of recruiting a Chief Operating Officer (COO) as part of developing a succession plan. 52 In addition to the above, MyClear manages the risk of personnel attrition by documenting and centrally managing all processes, records etc. that are critical to the company’s operations via its System & Methods Department - thus mitigating a total loss of knowledge should a key person resign. Key consideration 17.2 An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk-management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. Description Operational risk matters, including system incidents and SLA report on RENTAS’ system, are presented at every board meeting as part of the business operation update report. The Audit and Risk Management Committee reviews in details all audit and risks reports on a quarterly basis. This committee comprises of three board members, of which two, including the chairman of the committee, are Independent Directors. The status of the action plans derived from the risk assessment activities are tracked and updated in the Audit and Risk Management Committee meeting on quarterly basis. MyClear carries out a formal business continuity planning exercise at the start of each calendar year and the plan details are updated regularly. Business continuity arrangements are formally documented based on the respective roles and tasks of MyClear staff. The details of the BCP are elaborated further in the response to key consideration 17.6. The risk management procedures are audited by MyClear’s internal audit department and are also subject to audit assessments by Bank Negara Malaysia’s Audit Department. Key consideration 17.3 An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. Description The operational reliability objective of MyClear/BNM is to ensure a system uptime of at least 99.9% during the RENTAS operating hours. This is included in the SLA between BNM and MyClear, MyClear as the operator of RENTAS is required to establish proper controls and measures to ensure the reliability objectives are met. All RENTAS services are implemented using high availability solution that supports 99.9% availability. All system components and infrastructure services (e.g. network connectivity) are, at a minimum, configured as redundant pairs which enable seamless resumption if the main components fail. To date, RENTAS has remained resilient and continues to operate smoothly achieving a minimum of 99.9% system uptime. In addition, due to the criticality of RENTAS, the Maximum Tolerable Downtime (MTD) and Recovery Time Objective (RTO) are set at two (2) hours and one (1) hour respectively and these are incorporated in the operation rules and service level agreement to ensure the reliability of the systems at all times even during unexpected event or disaster. Key consideration 17.4 An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. Description MyClear has the requisite capacity to execute its BCP, and this is tested multiple times a year as explained in the response to key consideration 17.2. The system utilization threshold is set at 50%, and information pertaining to 53 this is included the business operations update. Key consideration 17.5 An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. Description RENTAS is currently located in BNM’s data center which is highly controlled with physical access restrictions. The buildings are equipped with physical security systems such as perimeter intrusion detection systems, alarm systems, closed-circuit television, card access systems, as well as 24-hours armed auxiliary police patrols. BNM’s data center also employs biometric security to restrict access into the computer rooms. In addition, the operation of RENTAS is located in a secured room with double anti-pass back doors, where access is restricted to only MyClear’s staff holding valid ID cards. An Information Security Policy is in place to set out a framework for protection of the RENTAS information assets. IT security risk is mitigated using authentication and encryption that are in line with best practices. In addition, security penetration testing is carried out on an annual basis by independent security consultants to assess security vulnerabilities in RENTAS and its supporting IT infrastructure. The general scope of the security assessment encompasses the three existing RENTAS interface, i.e. web interface, thick client interface and direct terminal interface. Individual transactions can be traced end-to-end through system audit trails. Audit log monitoring is performed by the IT Services Department’s security team. For assurance of technical and financial integrity, monitoring activities are put in place to capture trails of any “access denied” events, repeated use of invalid password, usage of key users, failed login attempts and also to monitor user passwords that has expired but have not been changed. All incidences are recorded and escalated as part of a formal process. Key consideration 17.6 An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description A full-fledged disaster recovery (DR) center has been established 35 kilometers away from the main site and the data is replicated in real-time from the main site to the back-up center. The systems in the DR center are of the same configuration as the primary site. The Maximum Tolerable Downtime objective is under two hours and is tested every month and participants are required to test their business continuity plans at least six times a year, two of them to test scenario of the DR site of the participants connecting to the DR site of RENTAS. MyClear carries out a formal business continuity planning exercise at the start of each calendar year and the plan details are updated regularly. Business continuity arrangements are formally documented based on the respective roles and tasks of MyClear staff. There is also a DR Manual for reference which includes procedures for crisis management and information dissemination. Dissemination of information is performed via a call tree and regular call tree exercises are conducted to ensure execution. MyClear 54 conducts a range of contingency exercises to test the operational reliability of RENTAS under different circumstances. On a monthly basis, MyClear conducts live runs at the DR site to ensure that the back-up systems run smoothly and staffs are familiar with the plan to pre-empt system issues and ensure people readiness when a disaster happens. Combined live runs with other critical departments of BNM are also held on a quarterly basis. In addition, participants are required to test their business continuity plan at least six times in a year, and at in at least two of them the participants are required to operate from their respective DR centers and connect to the DR site of MyClear. For the PvP link between RENTAS and USD CHATS, a live run is also conducted jointly with the operator the USD CHATS yearly to ensure the readiness of the connectivity between the respective DR sites. To date, all these exercises have been completed smoothly without any problems pertaining to the readiness of MyClear and participants’ DR sites. A similar process is being implemented for the testing of the links with the BOCM for the RMB settlement. Key consideration 17.7 An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description The MPOR requires participants to establish a functional BCP. This is tested multiple times a year, of which at least two tests require the participants to connect from their DR sites to the DR site of MyClear. As mentioned in the response to the key consideration 17.6, the risks associated with the PVP and DVP links with the USD CHATS system and the BOCM system are also tested at least once a year. The agreements with the operators of these systems include exchanging information relevant to operational reliability aspects. Key conclusion(s) and MyClear has a robust operational risk-management framework. This comments framework is reviewed by the audit and risk committee of the MyClear Board and also by the BNM. Operational reliability objectives for the RENTAS have been defined. These objectives have been successfully achieved so far. The RENTAS processing capacity is tested and stress tested periodically. Recent tests show sufficient excess capacity even during peak hours. MyClear and the BNM have developed robust physical and information security policies. The business continuity plan for RENTAS is comprehensive and considers both contingency planning for both technology as well as human and other aspects. Various aspects of the continuity plan for the RENTAS are tested periodically, including during regular operating hours. The BCP testing also includes the participants and MyClear monitors the disaster recovery capabilities of the participants through their performance in the BCP tests. The BCP includes the testing of the RENTAS links with the USD CHATS. MyClear is committed to expanding the BCP to include the recently introduced RMB settlement link with the BOC. Assessment of Principle Observed. 17 55 Recommendations and The RENTAS BCP testing can be enhanced by including a set of abnormal Comments stress situations like operational disruption just before the close of the ICF window, unusually long queue sizes and simulating disruptions closer to the RENTAS closing time. The MyClear already periodically requires the participants to connect their systems from their back-up systems. In addition, MyClear could require external verification of the participants BCP. Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 18.1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description RENTAS membership is open to all who fulfill the criteria described in art 6.0 of the Operational Procedures (OP) for MYR Settlement in RENTAS and the OP for Foreign Currency Settlement, which are publicly available in MyClear’s website. Assessment of eligibility is based on whether the potential participants are able to demonstrate the following: i) financial soundness, including having sufficient liquidity position or credit lines to cover the participants’ maximum expected settlement obligation in RENTAS; ii) expertise and resources to operate RENTAS; iii) risk management and business continuity planning capabilities; and, iv) value proposition to the development of the Malaysian financial market. To ensure that all applications will be fairly assessed, applications will undergo several levels of approval: • Assessment by MyClear’s Large Value Payment Services Division. • Approval by MyClear’s Management Committee (MMC). • Notification to BNM of the admission of new participants. Currently there are 68 participants comprising of 25 commercial banks, 16 Islamic banks, 15 investment banks, one foreign participant, 10 non-bank entities primarily other retail payment systems and government entities like the provident fund and the BNM. There is no evidence of any eligible entity having been denied participation. Only the banking participants have access to the ICF. There is an annual membership fee based on the classes of membership as described in the Operational Procedures for RENTAS. In addition, for each transaction, there is a standard transaction fee imposed that does not differentiate between low or high volume participants. The initial investment costs to set up the terminal at the participants’ end ranges from MYR 200,000 to MYR 400,000. Key consideration 18.2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. 56 Description MyClear has to obtain BNM’s approval for application by foreign central banks, In this regard, the process will be as follows: • Assessment by MyClear’s Large Value Payment Services Division. • Approval by MyClear’s Management Committee (MMC). • Proposal submitted to BNM for approval. • Assessment by the Payment Systems Policy Department of BNM. • Approval by BNM’s Management Committee, which is chaired by Governor Only the banking participants and Cagamas have access to the ICF. These participants are directly supervised by the BNM. The relevant rules and procedures are available to the general public at MyClear website. Key consideration 18.3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description The Rules and Compliance Division of MyClear monitors the participants’ compliance to the applicable Rules and the operating procedures on an ongoing basis. Incidents of non-compliance are reported to MyClear’s Management Committee (MMC) and Board Rules Committee based on the severity of the non-compliance. To instill market discipline among the participants to ensure efficient operation of the system, MyClear has introduced penalties for non- compliance with certain provisions of the applicable rules. Participants that are not supervised by the BNM may be required to submit their annual statements to MyClear for review. MyClear may suspend or terminate a participant’s access to RENTAS system entirely or partially under the following circumstances: i) A court order; ii) A directive issued by BNM; iii) Material breaches of the Rules and OPs issued by MyClear; and iv) Insolvency of the participant. However, before the participant is terminated or suspended, MyClear is required to consult and obtain endorsement from BNM. The procedures for managing the suspension and orderly exit of participants that breach or fail to meet the requirements are described in art 5.5 to 5.8 of the ROP. These also include the rules related to voluntary termination of membership. The procedures for managing the suspension and orderly exit of a participant are described in the ROP which is publicly disclosed in MyClear's website and accessible to all financial institutions under BNM’s purview via BNM’s online Regulatory Handbook. Key conclusion(s) Access policies and requirements are clear and transparent. The access criteria are risk based. The ROP state the conditions under which a participant may be suspended or excluded, and also provide for the voluntary exit of a participant. The rules related to participation of foreign entities are not available in the public domain, the MyClear and the BNM should consider including these in the rules. The process for monitoring the ongoing compliance requirements for non- banks is restricted to annual review of statements. Currently the non-bank 57 participants are government/quasi-government institutions and this approach is sufficient. However when other types of entities become participants MyClear should consider enhancing its monitoring procedures. Assessment of Principle Observed 18 Recommendations and None Comments Principle 19: Tiered participation requirements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Assessment of Principle Not Applicable. 19 Recommendations and RENTAS does not support tiered participation arrangements, hence all the key Comments considerations related to this principle are not applicable. Principle 20: FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks. Key consideration 20.1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. Description Currently the RENTAS system has two links with other FMIs – with the USD CHATS in Hong Kong and Euroclear. The link with Euroclear was commissioned in March 2012 and there has been no usage of this yet. Hence that link has not been included in the scope. The BOCM system for the RMB settlement, is not treated as a FMI, it is instead treated as a settlement bank used by RENTAS. The establishment of the link with CHATS was preceded by an elaborate internal review and discussions by the BNM. The risks associated with the link continue to monitored on an ongoing basis and form part of the risk management framework used by MyClear. MyClear and BNM have created necessary arrangements to enable ongoing monitoring through an oversight arrangement between the HKMA and BNM and also between MyClear and the operator of USD CHATS. Key consideration 20.2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description The systems have a well-founded legal basis framework under respective jurisdictions. The RENTAS participants including foreign institutions are subjected to the Laws of Malaysia. All RENTAS payments once executed are final and irrevocable and cannot be reversed by any party including by any court order. The Hong Kong’s legal framework also provides a strong and 58 similar provision on finality Key consideration 20.3 Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high quality collateral and be subject to limits. Description The link with Euroclear has not been included in the scope of this review. Apart from that link there are no other links with other CSDs. Key consideration 20.4 Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. Description As mentioned in KC 20.3 above, this is not applicable. Key consideration 20.5 An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. Description As mentioned in KC 20.3 above, this is not applicable. Key consideration 20.6 An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. Description As mentioned in KC 20.3 above, this is not applicable. Key consideration 20.7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description RENTAS does not function as a CCP hence this key consideration is not applicable. Key consideration 20.8 Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfill its obligations to its own participants at any time. Description As mentioned in KC 20.7 above, this is not applicable. Key consideration 20.9 A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Description RENTAS does not function as a TR hence this key consideration is not applicable. Key conclusion(s) The only FMI links of the RENTAS are with the USD CHATS in Hong Kong and with Euroclear. The link with Euroclear is out of the scope of this assessment. RENTAS does not function as a CCP or TR. The link with the USD CHATS in Hong Kong has been established with very strong mitigating measures in place to address any potential risks. Assessment of Principle Observed 20 Recommendations and 59 comments Principle 21: Efficiency and Effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key consideration 21.1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description The RENTAS design and operations are based on best practices and international standards. The payment transactions are settled real time and in gross, a variety of liquidity management and optimization mechanisms are provided, and DVP is used for securities settlements. The services provided by RENTAS has been constantly upgraded to meet the evolving needs of the participants and the Malaysian financial sector in general, some of the recent initiatives include: introduction of the USD PvP and DvP link, the RMB settlement and introduction of Mini-RENTAS. MyClear has also recently introduced links with the Euroclear ICSD and is moving towards SWIFT based message processing. MyClear engages with the industry via regular discussions and customer satisfaction surveys (random sample) to obtain views from the participants regarding the operations of RENTAS and determine the level of participants’ satisfaction in relation to the quality of MyClear’s services and its efficiency in resolving queries or problems encountered by the participants. Based on the results of the customer satisfaction survey (on a random basis after each incident reporting) conducted by MyClear in 2011, indicates very high level of satisfaction with over 1/3rd of the respondents indicating excellent services and over 60% rated the services as good. Key consideration 21.2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk- management expectations, and business priorities. Description The objectives and goals of MyClear are captured in the KPIs used for evaluating the performance of the MyClear senior management. These stem directly from the requirements specified by the BNM in the letter of supervisory and regulatory expectations. Key consideration 21.3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description The Payment Systems Policy department of the BNM meets the MyClear team every month to review performance and other ongoing activities. In addition the business performance and compliance with the BNMs requirements as specified in the letter of supervisory and regulatory requirements are reviewed. One of the requirements pertains to continued efficient and effective provision of services. MyClear did a benchmarking exercise with Hong Kong, Singapore, Norway, Sweden, USA, India and Argentina on the pricing and range of services provided. The benchmark findings indicate that RENTAS compares very well with similar systems operated in these countries. 60 Key conclusion(s) RENTAS is efficient from both the operational and financial perspectives, and has been able to accommodate the needs of Malaysian financial institutions and other market participants. Mechanisms have been implemented to promote, together with market participants, the ongoing improvement of the RENTAS system. Assessment of Principle Observed 21 Recommendations and comments Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 22.1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description MyClear uses a proprietary messaging platform based on the ASCII character set. However, to facilitate the DvP settlement of US dollar securities that are issued, deposited and traded in Malaysia and settlement of MYR-USD foreign exchange trades on a PVP basis, the RENTAS messaging format was enhanced to enable its messaging format to be converted into a format accepted by USD CHATS in Hong Kong. Moving forward, to support the Malaysia international Islamic financial center initiative and to facilitate the development of the Asian bond market, the RENTAS system is currently being enhanced to adopt the SWIFT messaging standards. The RENTAS migration to SWIFT standards is expected to be completed by 2014. The communications protocol used is the industry standard TCP/IP and industry authentication mechanisms based on public key infrastructure are used. Key conclusion(s) MyClear currently uses a proprietary messaging format. This is being migrated to SWIFT messaging standards and is expected to be completed in 2014. Assessment of Principle Observed 22 Recommendations and Comments Principle 23: Disclosure of rules, key procedures and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks and fees and other material costs they incur by participant in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration 23.1 An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also 61 be publicly disclosed. Description The information on the systems design and operations of RENTAS are available in the following documents: i) MPORP (Rules); ii) Operational Procedure (OP) for MYR Settlement in RENTAS; and iii) OP for Foreign Currency Settlement in RENTAS. The above documents are distributed to all participants and are publicly available in MyClear's website. All these documents are delivered to each new participant that joins the system. Further, all relevant documents are posted in MyClear’s public website and are kept up-to-date. All rule changes are discussed at the Rules Working Group which has representation of the participants. MyClear conducts formal meeting with the associations that represent the participants and this forum is also used to discuss the appropriateness of the rules. Periodic discussions are also held between BNM and MyClear in the Payment Systems Infrastructure Development Working Group (PSIDWG) – an internal working group of the BNM, to deliberate on the strategic direction, approach on the infrastructure developments taking place and risk assessment to facilitate implementation of policy initiatives in a coordinated manner with minimal risk. Projects that were discussed in the PSIDWG include the approach to be taken for the migration to SWIFT messaging platform, RENTAS server capacity issues and the re-prioritization of projects that may affect other projects in the pipeline. Key consideration 23.2 An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. Description The information on the systems design and operations and information pertaining to risks participants are exposed to by participating in RENTAS are available in the following documents: i) MPORP (Rules); ii) Operational Procedure (OP) for MYR Settlement in RENTAS; and, iii) OP for Foreign Currency Settlement in RENTAS. The risks are clearly explained in these documents; however there is no single consolidated document that explains the risks participants are exposed to by their participation in the RENTAS system. Key consideration 23.3 An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. Description MyClear provides all relevant documentation to the RENTAS participants at different stages, and the same documentation is kept updated at MyClear’s public website. MyClear intends to conduct risk awareness sessions periodically with the participants. MyClear’s Rules and Compliance Department monitors participants’ compliance with the MyClear rules and operating procedures. From the monitoring, if it is ascertained that there is a lack of understanding of any of the processes, training sessions including live simulation exercises are conducted for the participant. As an example, MyClear noticed that participants were not familiar with the 62 manual process of initiating repo transactions to obtain BNM’s standing facility as the process is not frequently performed. As such, MyClear, in cooperation with BNM, conducted a live simulation where participants initiated dummy standing facility transactions to build familiarity with the process. Key consideration 23.4 An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description The fees for the various RENTAS services are described in the MPORP in appendix III. These are in a format to enable easy comprehension and also enable comparison. MyClear also concluded a benchmarking exercise in 2009. Following the study, MyClear had revised its fee structure by introducing a safekeeping fee and reducing the one-time depository fee to be in line with international practice. The revised fee structured was implemented on 3 January 2012. Key consideration 23.5 An FMI should complete regularly and disclose publicly responses to the CPSS-IOSCO Disclosure framework for FMIs. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Description The current version of the Disclosure Framework was released only in mid- April 2012 and is still in consultation phase, for which reason this key consideration is deemed not applicable. The BNM requires MyClear to conduct self-assessments against the relevant CPSS and IOSCO principles and this would include the PFMI principles. In due course BNM would require MyClear to complete the disclosure framework. Key conclusion(s) The RENTAS operates transparently. Its rules and procedures are clear and comprehensive and are fully disclosed to both the participants and to the general public. The RENTAS design and operations as well as participants’ rights and obligations and the fee schedule and other cost details are described in the relevant rules and procedures which are also publicly available. MyClear Rules and Compliance department monitors ongoing compliance to the rules and has a process for training participants if it identifies that a participant does not understand the rules. Assessment of Principle Observed 23 Recommendations and MyClear intends to complete the disclosure framework as it is required to be in comments compliance to the international standards. As part of this, MyClear should clearly articulate the risks the participants are exposed to. VI. Detailed Assessment of the BMSC Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. 63 Key consideration 1.1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. Description The system for the clearing and settlement of securities transacted in the Bursa Malaysia Securities (BMS) exchange is handled by the Bursa Malaysia Securities Clearing Sdn Bhd (BMSC). The law and regulations governing clearing and settlement activities in the securities markets are the Capital Markets and Services Act 2007 (CMSA) and Rules of BMSC (the Securities Clearing House) and Rules of BMS (the Securities Exchange) and the contractual agreement between BMSC and their participants. In addition, certain aspects relating to the activities of BMSC are covered in the Evidence Act 1950 (EA), the Companies Act 1965, Digital Signature Act (DSA) 1997, Contract Act 1950 and, Securities Commission Act (SCA) 1993. The Capital Markets and Services Act 2007 (CMSA) governs the establishment of clearing houses and contains certain provisions pertaining to the operation of clearing houses (Part II, subdivision V). The description of clearing house used in the CMSA encompasses the function of CCP and Securities Settlement Systems (SSS). The CMSA is publicly available and accessible from the Securities Commission’s (SC) website at www.sc.com.my. These provisions in the CMSA require the clearing house to publish rules and specify the aspects that need to be covered. In addition, BMSC’s operations a s a CCP is governed by the contract it has with its participants. All participants enter into contracts as principal whether or not they are acting on behalf of client. The BMSC also operates a Securities Borrowing and Lending under the Central Lending Agency model (SBL-CLA) where the lenders deposit the securities with the BMSC for a fee, and the BMSC lends these securities onward to borrowers against collateral. There is another model of SBL, where the borrower and lender manage the securities borrowing arrangements bi-laterally outside the system; this is called SBL-NT. The key aspects of the BMSC that require legal certainty given its nature as an CCP for securities market and its particular arrangements for SBL are properly provided for, as follows: Finality: Rule 601 and rules 801 to 804 of the BMSC rules bind the clearing participants to the open contracts in the system and all settlements are deemed final and irrevocable. In addition the CMSA (Sec 43) provides protection from insolvency proceedings from impacting initiation and completion of a clearing houses default procedures. The BMSC rules specify insolvency of a participant as a condition for triggering its default procedures (Ch 4). Netting: Rule 5.3, 5.9 and 804 of BMSC Rules provides that the BMSC is entitled to set off any amount due from a clearing participant to the clearing house against any amount due from the clearing house to the clearing participant. The SC had sought an independent legal opinion on the enforceability of netting in the event of insolvency of a participant while considering the revisions to the CMSA. The independent opinion confirmed that the CMSA amendments in section 43 would protect the netting and novation arrangements. Dematerialization: Section 14 of the SICDA requires all securities to be dematerialized in an approved CSD. The BMDepo is an approved CSD under the SICDA and all the securities transfers handled by the BMSC are with 64 respect to securities dematerialized in the BMDepo. Novation: Rule 5.1A of the BMSC rules describes the novation process and the point of novation as the moment the market contract is accepted by the BMSC. The default rules specified in the BMSC rules support and honour novation during the exercise of default proceedings. Securities Borrowing and Lending: SBL was introduced in 2007 based on the guidelines for SBL issued by the SC. The Ch 7 of BMSC Rules describes the process of SBL-CLA, the rights and responsibilities of the two parties and the BMSC. There are separate master agreements entered into between the borrowers and the BMSC and the lenders and the BMSC. These agreements also include specific terms and conditions. Including the manner in which Approved Collateral for margin shall be pledged with the BMSC. In addition, Ch 4 of the BMSC rules (Rule B4.1 and 6.12.1) and the SBL-CLA agreement (art 13.3) taken together can be interpreted to mean that in the event of a default by the clearing participant, BMSC has the power to liquidate the collateral of the clearing participant held by the clearing house and set-off the amounts realised against any loss incurred by the clearing house in liquidating or novating the rights and obligations under the open contracts of the clearing participant in default. The requirement to include provisions related to this is stated in the CMSA. In the case of SBL-NT, the BMSC does not have a direct role. The agreement related to the terms of the SBL is handled outside of the BMSC between the two parties. The Ch 8 of the BMSC rules provide a framework for the SBL-NT process, and very clearly articulates that the BMSC is not a party to the transaction. Default handling procedures: Chapter 14 of the BMSC rules specify the default handling procedures – the events that constitute default, the rights of the BMSC to implement the stated procedures and the handling of the open contracts and any pending settlements. The rules define default broadly to include any failure of the participant to honour their financial obligations or dues to the clearing house. The CMSA protects the implementation of the default procedures from any interference from the implementation of any insolvency procedures on the concerned participant. Under Subdivision 6 of Part II of the CMSA, modifications to the laws of insolvency and miscellaneous provisions in relation to the default procedures of the clearing house are provided for. In the case where the system participants are member institutions of Malaysian Deposit Insurance Corporation (MDIC), the MDIC Act 2011 provides for MDIC to assume control of the member institution, upon notification by BNM that the member institution has ceased to be viable. The invocation of Part VII of the MDIC Act 2011 will not affect the ability of the clearing house to enforce the rules and contracts governing the legal relationship between BMSC and the system participants Applicability of the rules of BMSC: In a court of law in Malaysia, a transaction made is binding based on the contractual relationship between the operator of a payment system and its participants, through the provisions in the Contracts Act 1950. In this regard, all BMSC participants have signed an agreement as a principal, which binds the participants to the relevant rules and procedures. Legal protection for electronic payment transactions: The DSA provides the legal framework for the use of electronic signatures. In the court of law in Malaysia, an electronic payment transaction made is binding based on the contractual relationship between the operator of a payment system and its participants. Furthermore, the EA recognizes any document produced by a 65 computer as evidence in the court of law. Regulation and oversight of BMSC: BMSC is subject to regulatory oversight by the Securities Commission (“SC”). The SC’s role to supervise and monitor the activities of any clearing house is stipulated in section 15(1)(f) of the Securities Commission Act 1993 (SCA). This encompasses the oversight and regulation of the securities and derivatives settlement system. By virtue of section 38 of the CMSA, BMSC is approved by the SC, with the concurrence of the Minister of Finance, to be an approved clearing house for the regulation of services for the clearing and settlement of securities transactions. Other aspects: Aspects relating to collection of margins, the settlement process, and establishment of clearing fund, delivery procedures and financial requirements for participants are described in the BMSC rules. Relevant jurisdictions: The participants of BMSC, including foreign institutions, are subject to Malaysian laws. BMSC is incorporated in Malaysia as a 100% owned subsidiary of BM. The relevant jurisdiction is only Malaysia. The BMSC rules have been approved by the SC including any ongoing amendments except for the ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. In the assessment of the SC, the BMSC rules are enforceable. Key consideration 1.2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description The BMSC rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMSC rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Though the BMSC operating procedures like novation and netting are not explicitly defined and provided for at the level of the law, in the opinion of the SC based on the specific provisions in the CMSA relating to insolvency and the requirement of an approved clearing house to specify its rules, provides a strong basis for its enforceability in the Malaysian legal framework. An independent legal analysis commissioned by the SC when the insolvency related provisions were added into the CMSA, upholds this view. Key consideration 1.3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description These Rules are publicly available at the Bursa Malaysia website www.bursamalaysia.com. In addition, all participants of BMSC and also the BMDC are notified of any amendments to the rules via circulars. The Operational procedures are readily accessible by the participants of BMSC and BMDC via eRAPID, a web-based solution to facilitate electronic transmission of circulars containing these operational procedures as well as other notices addressed to the participants. These operational procedures are not publicly available. 66 A consultative panel has also been established as an advisory body for both the clearing houses. Participants are also provided an opportunity to comment on material changes to rules and procedures. Key consideration 1.4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description The BMSC rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMSC rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Key consideration 1.5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description The BMSC conducts business only in Malaysia. Key conclusion(s) The legal and regulatory basis properly supports each of the material aspects of the BMSC activities in Malaysia. The rules, procedures and contracts derived from that legal and regulatory base are clear and understandable and are comprehensively articulated. BMSC rules, procedures and contracts have not been subject to judicial controversy, and actions taken under such rules, procedures and contracts have not been voided or reversed by another administrative or judicial authority. The assessments done by the BM and the SC indicate the enforceability of all the provisions outlined in the BMSC rules. Assessment of Principle 1 Observed Recommendations and The potential gaps identified could be addressed as part of the changes related comments to the upcoming Financial Services Act. Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 2.1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations. 67 Description The BMSC is a fully owned subsidiary of the Bursa Malaysia (BM). The BM is a de-mutualized stock exchange holding company and as such is a public listed company. The objectives of the BMSC follow directly from the CMSA, which requires approved clearing houses like the BMSC to ensure that there are orderly, clear and efficient clearing and settlement arrangements for transactions in securities. The CMSA also requires clearing houses like the BMSC to prioritize public interest over its commercial business interests. The objectives of the BMSC are recorded in its memorandum and articles of association. The BM adopts a group governance model, and hence the overall KPIs for the BMSC are derived from the KPIs of the group as a whole. The KPIs of the BM for 2011-12, is grouped into four areas: (i) financial objectives; (ii) shareholder value; (iii) internal processes; and, (iv) enhancing employee engagement and motivation levels. The derived KPIs for the BMSC comprises of a combination of implementing new initiatives and efficiency objectives. Performance against the BMSC KPIs is measured through a scorecard developed each year in discussion with the Nominations and Remuneration Committee (NRC) a BM board committee. The performance against these KPIs is assessed quarterly, mid-yearly and annually. The reviews are discussed with the BM CEO and the final annual review is presented to the NRC, and after adoption is also tabled to the SC. Key consideration 2.2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description The BMSC functionally falls under the purview of the Market Operations Business Unit of the BM. All the business unit heads including the Chief Market Operations Officer (CMOO) of BM participate in fortnightly meetings with the BM CEO. This meeting is used for discussion of all strategic areas The BM follows a group governance model, wherein all governance arrangements are handled at a group level by the board of the Bursa group. The BMSC which is 100% owned by the BM has a nominal board but is effectively under the governance arrangements of the BM. Key consideration 2.3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description The Board of Directors of the BM has primary responsibility for the governance and management of the company and all subsidiaries including BMSC. In addition, the Board of Directors monitors the functioning of the Board Committees i.e. Governance Committees and Regulatory Committees. The Governance Committees comprise of Audit Committee (AC), Nomination & Remuneration Committee (NRC) and Risk Management Committee (RMC), carry out their respective functions for the Group and subsidiaries including BMDepo and BMSC. The Regulatory Committees for BMSC are the Market Participants Committee and Appeals Committee. 68 Information regarding the governance, ownership and board and management structure of BM, including that of BMDepo and BMSC is publicly available at the website of Bursa Malaysia: www.bursamalaysia.com Currently, the Board of Bursa consists of 13 directors, of which 4 directors are Public Interest Directors (PID), 8 directors are Independent Non-Executive Directors (INED) and there is one Executive Director, who is also the CEO. The 4 PIDs are appointed by the Ministry of Finance in line with the requirements under the CMSA for Bursa to act in the public interest, having particular regard to the need for the protection of investors in performing its duties as an exchange holding company. The terms of reference of the Market Participants Committee (MPC) include deliberating on and developing membership requirements and reviewing all operating procedures and rules referred to the MPC by the management. This is a 10 member committee, chaired by an INED or PID. The members comprise of three INEDs, three independent legal experts, three independent securities market experts and one derivatives market expert. The Audit Committee (AC) is responsible for ensuring that proper processes and procedures are in place to comply with all laws, rules and regulations, directives and guidelines established by the relevant regulatory bodies and in discharge of the statutory duties of the clearing houses and depository arms of the BM in respect of their obligations as clearing houses and a central depository. The AC comprises of 5 members, four INEDs and one PID, with one of the INEDs being the chairperson. The Risk Management Committee (RMC) is responsible for overseeing the risk management processes of the BM group. The five member RMC is headed by a PID and comprises in total 3 to 4 INEDS, and two or one PIDs. The heads of all the other committees except the Appeals Committee is an INED or PID. The head of the Appeals Committee is the BM Chairman, who is also a PID. Each year a board performance evaluation is carried out. Every 3 years an external consultant is engaged to conduct this evaluation. For the intervening two years the company secretary carries out the review. The review exercise encompasses the evaluation of Board's performance as a whole, the performance of the Committees, individual directors and the Chairman as well as a review of the Board's size, composition, mix of skills/experience/qualities and training/development needs. The NRC of the board co-ordinates this review and presents the findings to the board. The interest of shareholders, users and the public are addressed through the balanced board structure at Bursa. In addition, the PIDs and INEDs are all independent of management and free from any business or other relationship which could materially interfere with the exercise of their independent judgment. The directors have a wide range of skills and backgrounds such as accountancy, law, regulation, business, finance, stock broking and risk management. In addition, Section 10 (1) (b) of the CMSA states that no person other than a PID shall accept appointment, re-appointment, election and re-election as a director of BM unless the concurrence of the SC is obtained. Key consideration 2.4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of 69 non-executive board member(s). Description The composition of the BM board is governed by the provisions in the CMSA, the memorandum and articles of association and the listing requirements of the BM as a public listed company. The CMSA rules require one-third of the directors to be PIDs appointed by the Minister of Finance in consultation with the SC to ensure due consideration is given to public interest aspects. An additional one-third of the directors is required to be Independent Non- Executive Directors (INED), and is to be nominated by the NRC. The current size of the BM Board is 13 – 4 PIDs (one of whom is the Chairman), 8 INEDs and one ED cum CEO. The NRC takes due care to ensure the incoming INEDs have the requisite expertise, knowledge, integrity and professionalism. The ongoing training needs of the board members are assessed as part of the annual review of the board performance. In general, the programmes are focused on corporate governance, the responsibilities of the board, and the trends in global exchanges, exchange valuations, mergers and acquisitions. The requirements listed in the Chapter 1 of the Main Market Listing Requirements are used to identify candidates for INEDs. Their continued independence is assessed as part of the annual board performance evaluation, which includes a peer review by other board members. Key consideration 2.5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description The recruitment process for all senior positions includes interviews with the senior management, the CEO and also a Hogan Business Reasoning assessment. In addition detailed reference checks are conducted. The CMSA requires the BM to ensure that the staff has the requisite knowledge; the same is also assessed by the SC. The BM has incorporated this into its HR policies and ensures that all the senior management staff has all the requisite skills. The BM also attempts to maintain a pool of internal candidates in the ratio of 1:2 for all senior and critical positions. There is a well-established performance evaluation process against KPIs for all employees. The performance of the CEO is assessed by the board and that of the senior management by the NRC in consultation with the CEO. The performance evaluation process is used to guide the career growth and if need be any termination. Key consideration 2.6 The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk- management and internal control functions have sufficient authority, independence, resources, and access to the board. Description The BM uses an Enterprise Risk Management framework. This involves identification of risks, measurement of risk indicators, identifying risk management measures and continuous review. The Australian/New Zealand Standard for Risk Management (AS/NZS 4360) has been used for the 70 development of the ERM framework. The Corporate Risk Management head is responsible for the overall risk management framework and reports to the CEO of the BM, and is supported by two senior management personnel. The ERM framework requires the business owners to be responsible for identifying and monitoring the risks specific to their business. Accordingly the BMSC has created the Equities Risk Management function that is responsible for risks associated with the BMSC and reports to the Chief Market Operations Officer (CMOO) of the BM. This function has a total of three staff. The Risk Management Committee of the board has the overall responsibility for providing governance to the risk management processes. The Independent Audit function is charged with providing an independent review of the risk management framework. This group has 13 staff. Key consideration 2.7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. Description Bursa Malaysia adopts a consultative and inclusive approach to take into account the interest of its participants and other relevant stakeholders in its decision making in relation to its design, rules, overall strategy and major decisions. Prior to initiating changes to its system, services, operations and rules, Bursa Malaysia conducts consultation with its participants and other related users of the system and services. Further, any proposed amendments to rules are subject to SC’s approval. In practice, all rules amendment submission to the SC for approval requires Bursa Malaysia to obtain feedback from the industry and other relevant users via a consultation process. All rules and amendments are publicly available in Bursa Malaysia’s website. Operational procedures for clearing and depository participants are disseminated to all clearing and depository participants via circulars. Key conclusion(s) The BM follows a group governance model and the BMSC accordingly is subject to the governance arrangements of the BM. The arrangements provide an effective framework for ensuring primacy of efficiency and public interest. The various board committees assist the board in executing its Governance mandate. The composition of the board and the various committees also promote the efficiency and public interest objectives. There are processes in place to ensure effectiveness of the senior management. An ERM framework is used. The risk management function for securities clearing and settlement is adequately staffed and is overseen by the Risk Management Committee of the board. The rules and procedures are developed through a consultative process and the participants have adequate opportunities to express their views. Assessment of Principle 2 Observed Recommendations and comments 71 Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 3.1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description The types of risk that can arise in BMSC are: credit and liquidity risks arising from its role as the CCP for the securities market and also as lender under the SBL-CLA model and Bridging Financing Facility; and, operational reliability risks that could prevent it from discharging its responsibility as a CCP. The general business risks for the BMSC are to a large extent subsumed in the overall business risk for the BM group, as it is a 100% subsidiary of the BM. As described in key consideration 2.6, the BM group uses an ERM framework based on the AS/NZS 4360. The BM groups Corporate Risk Management head is responsible for ensuring robust risk management framework is used throughout the BM group which includes for the BMSC. Each business owner is responsible for identifying the risks their business processes are exposed to, measuring and monitoring the risk indicators and identifying risk management measures and implementing them. The RMC of the board reviews the risk management aspects every quarter and tables all important developments and plans to the board. The internal audit team also reviews the adequacy of the risk management measures periodically. The corporate risk management also reviews the risk management measures periodically and benchmarks them to established standards in particular the ISO 31000 standard. Key consideration 3.2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. Description The BMSC rules and the BMS rules clearly explain the requirements and responsibilities of the participants, and also the responsibilities of the BMSC. The BM has established a group approach to supervise the ongoing compliance of the participants to the requirements of the BMSC, BMDepo and the BMDC. The Participants Supervision Department of the BM is entrusted with the responsibility for managing this. The supervision approach combines a combination of off-site supervision and onsite inspections. As part of the off-site supervision - weekly, monthly and annual submission of various financial indicators and data is required. Key consideration 3.3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. Description The BMSC has identified the following entities that could pose material risks to it: participants, BMDepo, settlement banks and banks where the BMSC maintains its funds. The BMSC leverages the BM group participant supervision explained in key consideration 3.2 to manage the risks arising from the participants. 72 The BMSC has established a methodology for selecting its banking partners, settlement banks and also the banks whose bank guarantees and letter of credit it accepts. A combination of financial indicators like capital adequacy ratios, credit rating and operational services provided is used as part of this methodology. In addition, it has established bank-wise concentration limits for the various services it uses. The BMSC uses the BMDepo for securities transfers and also for maintaining the securities collateral it collects for the SBL-CLA and also the loaned securities. As the BMDepo is also a BM group company, the risks are addressed at a group level as part of the ERM framework. Key consideration 3.4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind- down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description The BM has a crisis management framework. This framework has identified four broad categories of scenarios that could significantly impair its operations: data errors, system downtimes, participant failures and operational lapses. There are various measures implemented to mitigate these risks. A key component of the risk management measure related to the system risk is to institute Business Continuity Plans and periodically test and revise them based on new development and the test findings. The BMSC has constituted a Clearing Guarantee Fund (CGF), described in more detail in the discussion under PFMI 4. The CGF is intended to cover the default of the participant with the largest position. In the event there are large scale participant defaults which exhaust the CGF, the BMSC could be significantly impacted. There is no explicit plan on how such scenarios would be handled. The CMSA and the SC guidelines require the BMS to ensure that it establishes mechanisms for orderly clearing and settlement of transactions. It is generally understood that if such a scenario were to occur the BMS and the BM group as such would be required to stand-in and ensure the functioning of the BMSC, as there is no other clearing house for securities in Malaysia. Key conclusion(s) The BMSC relies on the overall BM group ERM framework. A robust risk management framework is in place. A large scale default of participants could impair the financial resources of the BMSC. The approach of the BMSC is to monitor the participant’s financial resources and daily stress testing of the adequacy of the CGF. The prevalent legal framework would require the BM and the BMS to ensure that the BMSC is supported to resume operations. Assessment of Principle 3 Observed Recommendations and comments 73 Principle 4: Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Key consideration 4.1 An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. Description The BMSC functions as the CCP for the securities market and in its role as the CCP; it is exposed to credit risk stemming from the potential inability of one or more participant to discharge their settlement obligations. There are two types of BMSC participants: Trading Clearing Participants (TCP) and Non-Trading Clearing Participants (NTCP). The former are also participants of the BMS and BMDepo. The latter are essentially custodians who settle their clients trades conducted through a TCP. In addition the BMSC also acts as the CCP for the SBL arrangement in the SBL-CLA model. The BMSC is exposed to credit risk in case the borrower does not return the securities. The SBL-CLA agreement allows for repayment to the lender in cash in lieu of securities. The credit risk arises from the potential gap at the time of repayment between the value of the collateral and that of the securities. The BMSC as the CCP in the SBL-CLA model has to make good any shortfall. The BMSC also offer Bridge Financing Facility (BFF) to its TCPs facing any liquidity problems. The BMSC is exposed to the risk of the borrower not re- paying the funds borrowed under BFF. The BMSC has instituted a framework for managing its credit risk, this comprises of: requiring each participant to contribute to Clearing Guarantee Fund (CGF) - (Ch 6, BMSC rules), stringent financial requirements to become a participant (Ch 11, BMSC rules) and rigorous ongoing monitoring of the same, and finally, clear and enforceable default rules. The BMSC also reserves the right to seek additional contributions to the CGF and also seek collateral. In the case, of the SBL-CLA, the BMSC seeks collateral from the borrower. For provision of BFF, the BMSC requires an undertaking to repay from the TCP. The rule 6.12 of the BMSC rules specify that the CGF can be applied with respect to only settlement of any obligations and liabilities of the BMSC with respect to novated trades including for any related incidental and risk management expenses. In addition to the daily monitoring and stress test to check the adequacy of the CGF, BMSC also reviews the size of the CGF on a quarterly basis to determine if there is a need to increase the CGF size and also when ten consecutive days of the daily stress testing showing inadequacy of the CGF to cover the default of the participant with the largest exposure. The collateral lodged for the SBL- 74 CLA is valued daily and accepted with appropriate hair-cuts and the value of collateral is required to cover 105% of the current value of the stocks borrowed. BMSC has a robust mechanism for monitoring the liquidity and credit position of the participants. TCPs are required to submit to BMSC, on weekly basis, information related to their financial positions and liquidity position over different time-horizons. This information is submitted online. BMSC runs simulation of potential intraday cash shortage for each clearing participant and assesses the impact against the clearing participants’ cash in the bank and their credit facilities. This assessment is to analyze the clearing participants’ liquidity position and ability to meet financial obligations to the BMSC when it is due. The BMSC monitors positions of participants on an ongoing basis and has the powers to impose trading restrictions. [Rule 1105 of the BMS rules] Further, BMSC has a risk management policy for securities borrowing and lending as well as standard operating procedure on these activities. Key consideration 4.2 An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. Description The sources of credit risk for the BMSC stem from its role as a CCP for the securities transactions and from its role in SBL-CLA. As a CCP, BMSC is obligated to settle all novated contracts, even in the event of one or more participants fail to honour their side of the contract. In the case of the SBL- CLA, the BMSC is exposed to the risk of the borrower of securities being unable to return them. The BMSC is also exposed to the default of a borrower under the BFF. The BMSC measures its credit risk primarily by monitoring the settlement positions of the TCPs; its exposures under the SBL-CLA by monitoring the value of the securities borrowed and monitoring the cash positions of the TCPs who have borrowed using the BFF. BMSC uses the DVP Model2 for settlement and accordingly nets the settlement amount and settles the securities in gross. Key consideration 4.4 A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. 75 Description The BMSC has established the sequence of using the available resources for handling participant defaults – “Water fall”: (i) participants contribution to the CGF and in the case of SBL-CLA the collateral placed by the borrower; (ii) BMSC’s contribution to the CGF; and (iii) CGF contributions of the non- defaulting participant. In the case of the SBL-CLA model, the BMSC can liquidate the collateral placed by the borrower and also if this is insufficient also use the participant’s contribution to the CGF. For the BFF borrower default, the BMSC can use the participant’s contribution to the CGF. The contribution of the clearing participants to the CGF is comprised of a minimum fixed contribution by each clearing participant (MYR 10,000) and a variable contribution. The adequacy of the CGF is reviewed quarterly or as and when needed and additional contributions can be called for by the BMSC. Failure to honor request for additional contribution is treated as a default and default procedures could be invoked against the erring participant. The CGF is currently set at MYR 100 million, with 15% of it coming from the TCPs; 25% from the BMSC and the remaining as a standby credit facility from the BM. As at 31 December 2011, the financial resources of BMSC include: (i) Cash and bank balances of BMSC: MYR 46.8 million; (ii) SBL collaterals from TCP: MYR 3.4 million; (iii) CGF of MYR 102.5 million: TCP’ contribution: MYR 17.5 million, BMSC’s contribution: MYR 25.0 million and Standby credit facility from the Bursa Malaysia holding company: MYR 60.0 million. The standby credit facility of the Bursa Malaysia holding company is structured as a credit that will need to be re-paid by the BMSC. As per the BM internal policies, before declaring dividend it is ensured that the BM will remain in position to honor its commitment for the CGF. Despite this, as a guarantee fund is required to be pre-funded, this cannot be included in the computation of the CGF. The standby credit facility should instead be treated as an additional fund that is available in case the BMSC’s contribution is exhausted. In addition the BMSC has Intraday Credit Facilities of MYR 1.39 billion committed by the settlement banks to BMSC: (i) Maybank: MYR 1 billion; (ii) CIMB: MYR 190 million; and, (iii) Standard Chartered Bank: MYR 200 million (shared with Bursa Group). The sufficiency of these resources to handle its credit risk is ascertained through daily and intra-day stress tests. For the scenarios tested the available resources are sufficient to meet the default of the TCPs with the two largest positions; however the stated objective of the BMSC is to meet the default of the participant with largest position including all the exposures across the next three days. Monitoring of the financial resources is carried out on a daily basis and reported to the senior management. For CGF, the daily monitoring includes the net exposure, netting efficiency and movement of BMS index - FBM KLCI. The CGF model is based on the assumption that the fund size must be able to cover the single largest default by a participant. The largest default is computed by stress-testing the net exposure based on the historical worst case movement of the FBM KLCI. Regular updates are also provided to the senior management, Risk Management Committee and the SC where applicable. Based on the outcome of BMSC’s assessment, if there is a need to increase the financial resources of BMSC, a proposal will be made to the Finance 76 Department of Bursa group and subsequently presented to the management committee and tabled to the Board for approval. The BMSC operates only in Malaysia and clears and settles standard products – equities, ETFs and warrants. Given this the BMSC does not fall under the requirement of FMIs which need to maintain adequate cover to withstand default of the two participants with the largest exposures. On an average the daily stress tests conducted in 2011 indicate that the average potential utilisation rate for CGF (including the BM stand-by credit) to cover top one, two and three largest potential defaults are 36%, 60% and 79% respectively. Excluding the stand-by credit, the CGF would be just about enough to cover the default of the TCP with the largest exposure. Key consideration 4.5 A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. Description Daily stress testing is conducted on the adequacy of the CGF. The CGF stress- testing results are communicated to BMSC’s management and Bursa Group’s Risk Management Committee. The results are also shared with the SC on a quarterly basis, which will be followed with a discussion with the SC, if necessary. If the prescribed threshold is exceeded, a detailed analysis is performed by BMSC on the potential cause, contracts affected, counterparties involved, securities type, and participant’s financial position. Clarification will also be sought from the participant. This detailed analysis is shared with BMSC’s management, Bursa Group’s Risk Management Committee as well as with the SC. If the potential single largest liquidation losses exceed RM98 million for 10 consecutive days, BMSC will propose the CGF size to be reviewed subject to the SC’s approval. (Rule 6.10.3 of the Rules of BMSC and Section 2.1 of the Risk Management Internal Procedure Manual). The stress testing approach is reviewed once a quarter and also a full review is conducted annually. The quarterly review involves review of the settlement exposure to the BMSC from a participant with the largest position across the last 5 years and movement of the KLCI. During the annual review the following aspects are assessed: (i) worst case movement of other exchanges’ indices e.g. DJIA, SET 50 that have positive correlation; (ii) review enhanced methodology adopted by other exchanges i.e. SGX and SET, if any, as part of the annual assessment; and, (iii) impact of any new products or other changes in the clearing and settlement arrangements. 77 Key consideration 4.6 In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. BMSC has established a procedure to stress test its exposures in extreme but plausible market conditions taking into account various conditions and factors. To address risk of surge in position and price volatility, BMSC uses the historical worst case movement of its main index. The extreme parameter used will mitigate the risk of having to shift the parameter during crisis mode. For position concentration and change in market liquidity, the exchange has prescribed a large exposure limit to single client and equity to its participants pursuant to Rule 1105.8(3)(e) and Rule 1105.8(5)(h) of Rules of BMS respectively. BMSC assesses the effectiveness and appropriateness of its stress- testing assumptions and parameters on a regular basis through its daily, quarterly and annually reviewing processes. The parameter/assumption used to stress testing the CGF are:  Market volatility based on historical worst case movement of BM’s main index – FBM KLCI;  positive movement of FBM KLCI across three days in the following sequence of 23.14%, -1.5%, 3.19%;  negative movement of FBM KLCI: index movement across three days in the following sequence: – 20%; -11.47% ; 2.43%  Participant fails to fulfill its 3 days net settlement obligations to BMSC;  BMSC to liquidate the underlying securities of the unsettled contracts; and,  CGF to be able to cover single largest liquidation losses. The exposures under the SBL-CLA are not included in the stress testing. The BMSC collects collaterals to cover 105% of the MTM of the stock lent. Securities paid in as collateral are subject to a haircut of 30%, the largest single day fall possible in the BMS given the prevalent circuit-breaker rules. This approach assumes the BMSC is able to offload the collateral the same day the TCP becomes insolvent. If it is unable to do so, its exposure could be higher and the haircut could fall short. The extent of the SBL-CLA usage is very limited; in 2011 the average collateral collected for SBL-CLA was MYR 3.4 million indicating the very limited usage of SBL-CLA currently. The BFF had not been included in the stress tests until recently as it is very sparingly used. In 2011 there was only one instance the BFF was used. The assessor was notified that the BMSC has included additional scenarios post the FSAP assessment to strengthen the stress testing process by covering certain potential future scenarios and certain sector and stock specific scenarios. The scenarios added are: (i) incorporated potential BFF defaults in to the scenarios related to worst movement of the main index; (ii) inclusion of scenarios related to the movement of the main sectoral indices related to finance, consumer goods, plantation, realty, industrial products and trading/services including potential BFF exposures; and, (iii) future events related scenarios like simulated 78 impact due to upcoming general elections in Malaysia and worst 3-day movement of certain illiquid securities. The assessor was also notified that the stress testing process is now reviewed monthly. Key consideration 4.7 An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. Description Rule 6.14 of the Rules of BMSC and CGF Operational Procedures also prescribed the right of BMSC to require its participants to promptly replenish the CGF that are exhausted during a stress event. Besides the ability of BMSC to liquidate the position of the defaulting participants and utilize the CGF, as prescribed in Rule 4.2.2(e) and (f) of the Rules of BMSC, BMSC also has the right to take any further action against the defaulting participants including engaging any person to render assistance to ensure BMSC can fully recover any of its uncovered credit losses. As prescribed under Section 43 of the CMSA, BMSC’s default rules and procedures shall also take precedence over laws of insolvency. Key conclusion(s) The BMSC credit risk management framework comprises primarily of a clearing guarantee fund and additional collaterals for specifically covering the potential credit exposure arising from SBL-CLA. In addition the participant’s financial resources and position limits are monitored. Daily stress tests are used to validate the adequacy of the resources available to handle the default of one participant with the largest exposure to the BMSC. The stress testing scenarios used are the worst one-day price movement in the primary index of the BM and not the individual stock positions and the stress testing process is reviewed quarterly. The assessor was notified that the stress testing scenarios have been expanded post the FSAP assessment to include exposures arising from BFF, worst movements in specific sectoral indices and specific illiquid securities and also simulates future scenarios like simulation of impact on the market due to the upcoming general elections. The size of the CGF appears sufficient to bear the default of a large participant, but the composition of the CGF is such that, with this the entire contribution of the TCPs and the BMSC would be consumed with this. Also the stress test scenarios do not include the potential exposure of the defaulter in the SBL-CLA and BFF (until recently). While the usage of the SBL-CLA and the BFF is currently very low, in stressed market situations the usage of these could plausibly increase and this scenario should also be factored into the stress tests. The stress tests could include the CGF, the collaterals placed for the SBL-CLA and also other resources at the disposal of the BMSC, as the funds available to meet the credit exposures. Given the above the size and composition of the CGF itself might also need to be reviewed. Assessment of Principle 4 Partly Observed 79 Recommendations and The stress testing should be expanded to include other market factors, include comments stress scenarios for specific securities, adverse movement in more than one securities product and other forward looking stress scenarios and also include credits risks arising from the SBL and BFF in particular including potential increase in the usage of these services in stressed market conditions. The assessor was notified that the BMSC as noted has already instituted important changes in the stress test scenarios. The BMSC could further strengthen its credit risk management framework by: (i) converting the entire stand-by credit facility or a portion of that into an explicit BM contribution to the CGF; (ii) evaluate the relevance of the BFF given its limited usage and encourage the participants to use credit facilities from the banks instead; and, (iii) enhance the stress testing scenarios to cover the exposures arising from the SBL-CLA and BFF, in particular potential increased usage of these during stress periods. Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key consideration 5.1 An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. Description The BMSC accepts collateral for the SBL-CLA arrangements and when it provides the BFF. In the case of the SBL-CLA, the accepted collateral includes cash, approved securities traded in the BMS, prescribed bank guarantee/letter of credit and foreign currencies. The list of accepted collateral is decided based on low volatility, liquidity and reliability in being able to price it. Currently all the collateral placed is in cash in local currency. In the case of BFF, the collateral is in the form of a corporate indemnity provided by the TCP. To cover its risk being the lender in the SBL-CLA model, BMSC imposes a collateral requirement from its borrowers. Borrowers are required to lodge sufficient collateral with BMSC before the borrowing request status can be confirmed in the SBL system. Acceptable collateral include cash, approved securities, prescribed bank guarantee/letter of credit and foreign currencies. The stand-by letters of credit are revocable but require 60 days notice and as per the legal framework in Malaysia and standard operating procedures enforceable at short notice and typically within the same day. Securities collateral is subjected to haircut on its value and mark-to-market daily. Collateral must be maintained at 105% against value of stocks borrowed. If at any time after the mark-to-market valuation, the margin falls below the maintenance level of 105% of stock borrowed, the borrower must top-up the margin cover. The lists of acceptable collateral and haircut are reviewed from time to time by the Equity Risk Management of BMSC. As per the current policy MYR, select foreign currencies and select securities traded on the BMS are accepted. The securities accepted are based on the following criteria: (i) Top 100 securities (by highest volume) that meet the prescribed criteria set 80 by BMSC i.e. average market capitalisation to be at least RM500 million for the past 3 months, average monthly volume for the past 1 year to be at least 1 million and the public float to be at least RM50 million; or, (ii) Securities that form part of FBM KLCI (Note: There are securities that form part of the FBM KLCI which are outside the Top 100, given the differing criteria used for the component securities of the FBM KLCI). Key consideration 5.2 An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. Description For the SBL-CLA, the collateral is marked to market daily. For the equities a haircut of 30% is applied, which is the largest possible movement in a single stock in one day. The collaterals are required to cover 105% of the value of the lent securities. The SBL-CLA collateral related policies are reviewed twice a year. The Equity Risk Management of the BMSC is entrusted with the responsibility for this. The list of securities accepted as collateral was last reviewed in February 2012 and currently 102 securities are accepted as collateral. However till date from the time of introduction the only collaterals placed for SBL-CLA has been entirely in cash. Key consideration 5.3 In order to reduce the need for procyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. Description The 30% haircut required for securities is a conservative level and this would minimize the need to adjust the rates frequently. In addition the collateral is required to cover 105% of the value of the stock borrowed, thus imposing an additional 5% haircut on top of the 30%. Currently there are no haircuts applied for foreign currency collateral. The 5% implied hair-cut because of the requirement to cover 105% of the underlying stock is deemed as sufficient to cover for any one-day exchange rate movement. The only collateral that has been placed by TCPs is MYR cash. Key consideration 5.4 An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. Description The BMSC has established concentration limits for the securities collaterals and bank guarantees it accepts. The adherence to the collateral limit is monitored on a daily basis. There are no concentration limits for cash collaterals. The current concentration policies are: (i) Total Bank guarantee should be less than 30% of the BM’s shareholder funds; (ii) securities should constitute only 30% of the collaterals accepted for SBL-CLA; and, (iii) none of the securities should have more than 30% of the overall securities component of the collateral or 30 million MYR whichever is higher. In addition there are bank-wise concentration limits for bank guarantees. Key consideration 5.5 An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. 81 Description BMSC does not accept cross-border collateral. The foreign currency collateral that is accepted is held in Malaysian banks in the country. Key consideration 5.6 An FMI should use a collateral management system that is well-designed and operationally flexible. Description Collateral records are kept within BMSC’s clearing & settlement system and are managed by BMSC staff, in accordance to a set of standard operating procedures. The process and procedure are subject to audit. There was an audit conducted by the SC in 2009. Key conclusion(s) The BMSC collateral management process is well-defined and the policy ensures that collateral accepted is of low-credit, liquidity and market risk. Appropriate concentration and haircuts are being applied. Assessment of Principle 5 Observed. Recommendations and The BMSC as part of its ongoing review process could consider instituting comments concentration limits for foreign currency and also encourage the adoption of MGS for collateral. Principle 6: Margin A CCP should cover its exposure to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Key consideration 6.1 A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. Description The BMSC applies in the form of a clearing guarantee fund. The CGF is structured to cover the 3-day exposure of the participant with the largest exposure. For further details on the CGF please refer the description in the key considerations 4.1 and 4.4 for the BMSC. Key consideration 6.2 A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. Description The CGF is pre-funded by the participants and is held as a fund managed by the BMSC. The fund is comprised entirely of cash in local currency held in domestic banks. 82 Key consideration 6.3 A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single-tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more-granular levels, such as at the sub portfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for destabilising, procyclical changes. Description The CGF structure comprises of a fixed contribution and a variable contribution, both of which are pre-funded. The variable component is proportional to the ratio of the trading value of a participant to the overall market trading value. Further details are available in the descriptions for key considerations 4.1 and 4.4 for the BMSC. Key consideration 6.4 A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and un-scheduled, to participants. Description The CGF is pre-funded. The adequacy of the CGF to cover the exposure to the BMSC from the participant with the largest position is assessed as part of a daily stress test and in the event of 10 consecutive days of adverse results, the CGF amount would be reviewed and additional contributions from the participants could be called for. The BMSC rules provide the rights to the BMSC to call for additional contributions from the participants, for further details please refer the description for key consideration 4.5 for the BMSC. Key consideration 6.5 In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall risk-management systems. Description The BMSC clears only listed securities in the BMS. Key consideration 6.6 A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting and at least monthly, and more-frequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. 83 Description The CGF is reviewed quarterly and is subject to a daily stress test. For further details please refer the descriptions for the key considerations of principle 4 for the BMSC. Key consideration 6.7 A CCP should regularly review and validate its margin system. Description CGF is reviewed quarterly and is subject to a daily stress test. For further details please refer the descriptions for the key considerations of principle 4 for the BMSC. Key Conclusion(s) The BMSC has constituted a pre-funded CGF to cover its exposure arising from the participant with the largest settlement exposure. The CGF does not strictly qualify as a margin, because: (i) this could also be used to settle defaults of other participants; (ii) it is not structured to cover each participants current and future exposures with 99% confidence as required under this principle; and, (iii) while the CGF is subject to daily stress testing but this is not equivalent to a back-test and also increasing the CGF is not an automatic process as it would require approval from the SC. Assessment of Principle 6 Not Observed Recommendations and It is recommended that the BMSC institute an initial and variation margin comments mechanism in the short term. A portion of the participants contribution to the CGF could be considered as margin, and this component should be collected based on the specific risk assessment of the participant positions on a daily and intra-day basis. Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key consideration 7.1 An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. Description The BMSC faces liquidity risk from: (i) its role as a CCP; and, (ii) its role as the BFF provider. Based on BMSC’s stress test results conducted in June 2012, the highest potential uncovered loss following a default of a single largest participant in an extreme market scenario is MYR 29.8 million. On an average for 2011, the participant with the largest exposure was around MYR 36 million. Any TCP can request for BFF for MYR 10 million and over a 3 day period the maximum BFF outstanding per TCP is MYR 20 million. The BFF however is being very sparingly used, as per the regulatory filing with the SC in 2011 there was only one instance of BFF being used. To assess its liquidity risk the BMSC primarily measures the settlement obligation of the participant with the largest position. In addition the BMSC has a robust framework of measuring the liquidity positions of the TCPs based on their weekly filing of their projected liquidity positions across different time 84 horizons. Key consideration 7.2 An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. Description The BMSC uses the inputs from the daily stress test which provides the settlement obligations across a 3 day period for the participant with the largest settlement position, and compares that against the liquidity positions of the TCP to assess its potential liquidity needs. The TCPs liquidity positions are collected through weekly reports from the TCPs on their liquidity positions over 3 days, 7 days, 14 days and one month. The BMSC has established a Liquidity Risk Management Framework (LRM) which specifies the required liquidity coverage ratio the TCP needs to maintain across these time-horizons. The weekly reports are subject to periodic audit to ensure correctness of reported data. Key consideration 7.4 A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more- complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. Description Based on BMSC’s stress test results conducted in June 2012, the highest potential uncovered loss following a default of a single largest participant in an extreme market scenario is MYR 29.8 million. On an average for 2011, the participant with the largest exposure was around MYR 36 million. In the period July 2011 to June 2012 the largest exposure was MYR 388.5 million and the average exposure was MYR 69.55 million. The only currency of relevance for the BMSC’s operations is Malaysian Ringgit. The BMSC activities do no not constitute a complex risk profile and it is not systemically important in multiple jurisdictions. Based on the available resources, please refer response to key consideration 7.5, the BMSC’s resources are adequate to cover the liquidity risk of the participant with the largest exposure. Key consideration 7.5 For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such 85 access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. Description The only relevant currency for liquidity provision in BMSC is MYR. The BMSC’s resources available for use to meet liquidity requirements are primarily the intra-day credit lines and the BMSCs cash balances. The CGF is also available as this can be used in the event of a default and inability to meet settlement obligation as per the BMSC rules constitutes a default. The size of the resources available as of 31 December 2011, which is reflective of a typical day are: CGF of RM102.5 million: participants’ contribution: RM17.5 million; BMSC’s contribution: RM25.0 million; and, Standby credit facility from the holding company: RM60.0 million Intraday Credit Facilities of RM1.39 billion Maybank: RM1 billion CIMB: RM190 million Standard Chartered Bank: RM200 million (shared with Bursa Group) Cash and bank balances of BMSC: RM46.8 million The BMSC maintains its balances and takes intra-day overdraft facilities only from banks that provide online banking facility and are rated at least A by the credit rating agency of Malaysia and BBB by S&P and also comply with the risk weighted CAR of at least 10%. Based on the available resources, (please refer response to key consideration 7.4) the BMSC’s resources are adequate to cover the risk arising from the participant with the largest net settlement obligation. Key consideration 7.6 An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. Description The BMSC uses only bank deposits, intra-day credit facilities and the CGF. Key consideration 7.7 An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly 86 test its procedures for accessing its liquid resources at a liquidity provider. Description The BMSC routinely monitors the concentration of exposure and financial condition of the banks with which it places it resources for and avails intra-day credit facilities to ensure they have the capacity to perform on its commitment on an on-going basis by performing the following review on a regular basis: (i) minimum Risk Weighted Capital Ratio (RWCR) of at least 10% (quarterly); (ii) minimum credit rating of at least ‘A’ based on Rating Agency Malaysia (RAM) and minimum credit rating of at least ‘BBB’ and ‘C’ based on S&P Issuer Credit Rating and S&P Bank Fundamental Strength Rating respectively (monthly); and, (iii) the concentration of settlement flows through the settlement banks, to ensure that it has adequate balance in the settlement bank to immediately step-in time of need (monthly). The BMSC currently does not have an established process of testing the ability of its banks to ensure provision of adequate intra-day credit facilities. But based on its ongoing relationship with the banks and the operational reliability of the chosen banks and the fact that these are subject to the supervision of the BNM, the BMSC is confident of using these facilities as and when needed. Key consideration 7.8 An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. Description The BMSC does not have access to liquidity support from the BNM. Key consideration 7.9 An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. Description The BMSC conducts its liquidity needs assessment on a daily basis. The results from the daily stress tests for credit risks are used to determine the potential size of defaults that the BMSC might need to honor and it is verified whether the existing credit lines would be adequate to cover the exposure, either all three of the credit lines put together (MYR 1.39 billion) or the ones with CIMB and the SCB (MYR 390 million). As mentioned in KC 7.4 above, the largest exposure seen in the period July 2011 to June 2012 was MYR 388.5 million just enough to be covered by the 87 credit lines from the CIMB and SCB. Apart from this the BMSC does not have any specific methodology for liquidity risk management. Key consideration 7.10 An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Description BMSC documents its supporting rationale for, and its governance arrangements relating to the appropriate amount of total liquid resources and the form of liquid resources it maintain in its standard operating procedures. For CGF, Rule 6.14 of the BMSC rules and CGF Operational Procedures prescribed the right of BMSC to require its participants to promptly replenish the CGF that are exhausted during a stress event. The CGF Operational Procedure is disseminated to the participant upon successful acceptance as a Trading Clearing Participant. BMSC rules are available to the participants on Bursa Malaysia’s website. Key conclusion(s) The BMSC uses a daily liquidity forecasting and needs assessment. This assessment takes into account the three-day settlement exposures and the stress test results. The BMSC uses a very conservative approach with respect to managing its resources and all resource identified for meeting liquidity needs are placed as short term deposits in strong local banks. In addition it has access to intra-day credit facilities from banks. The BMSC’s management of its resources for meeting liquidity needs and inclusion of the results of the daily stress test results to a significant extent mitigate the absence of a structured liquidity stress test mechanism. However the absence of a dedicated liquidity risk management stress test impacts the ability of the BMSC to reliably ascertain the adequacy and reliability of its current liquidity risk management mechanisms. Assessment of Principle 7 Broadly Observed Recommendations and The BMSC does not have an explicit liquidity risk stress testing framework. On comments an ongoing basis, the BMSC should consider instituting a separate stress test model for assessing its liquidity risk. This could include specific scenarios like operational failures at one or more of its settlement banks and inability to use its credit lines and also potential spillover effects from liquidity risks from other markets like the BMDC which share some of the same settlement banks and liquidity providers 88 Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key consideration 8.1 An FMI’s rules and procedures should clearly define the point at which settlement is final. Description The BMSC conducts a T+3 rolling settlement. Fund Pay-ins are received into BMSC’s accounts at any of the designated settlement bank and the fund payouts by the BMSC are made into the designated settlement account in one of the banks approved by the BMSC. The securities pay-in and pay-out is managed by the BMDepo under the instructions of the BMSC. The pay-in schedule for the funds leg is 10.00 a.m. on all settlement days. The BMS rules [804.1, 3 and 4] specify that the payment is irrevocable upon crediting of the BMSC’s account or the participant’s bank accounts. The BMSC rules [5.1B] states that the clearing house can instruct debit and credit of the depository account of the buyer and seller, and that these transfers are final however title over the securities passed only when the buyers pay-in obligation is completed. The BMSC rule 5.7A sets out that the title passes upon full payment. If the buyer defaults in his payment obligations, then as a consequence, BMSC can take action to sell the securities and recoup the losses. The enforceability of this rule is protected by section 53(3) of the CMSA - this states that notwithstanding any other provision of law, where any transfer of securities is processed by the central depository to or from a securities account, no title in such securities shall pass to a depositor except as provided under the rules of the approved clearing house. Key consideration 8.2 An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. Description The daily settlements are completed at 10 AM and are deemed final once the funds are credited. Pay-ins for any call for funds for additional contribution to the CGF is also processed with immediate finality. Key consideration 8.3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Description The BMS rules specify that matched orders cannot be cancelled [Rule 701.8]. These are further reinforced by the BMSC rules [Ch 5]. All trades that are matched on T day must be settled on T+3 by the brokers. However, under the ISS arrangement where settlement instruction is generated, settlement will be redirected to indirect participant (NTCP - custodian bank). At any time prior to settlement by 5:00 p.m. on T+2, brokers and indirect participants can delete/cancel an ISS instruction. There is no impact on the trade contract that is due for settlement on T+3. It merely means that the NTCP does not intend to use ISS for its trade settlement. When instruction is deleted, the trade will settle directly with the contracting brokers on T+3 instead. [BMSC rule A5.3(c)] 89 Key conclusion(s) The BMSC rules clearly define the point at which settlement is final and this has the backing of the CMSA and hence is protected at the level of law. Final settlement is achieved in real-time. Assessment of Principle 8 Observed Recommendations and comments Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimize and strictly control the credit and liquidity risks arising from the use of commercial bank money. Key consideration 9.1 A FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Identification of money The BMSC uses private settlement bank model and until recently used 3 settlement assets. settlement banks – CIMB, Maybank and Standard Chartered. Recently the BMSC has allowed participants to choose any bank for settlement upon approval by the BMSC, however most the participants continue to use the three settlement banks. The TCPs are required to credit any payments due to the BMSC in the settlement of the BMSC in any of the settlement banks, and the BMSC credits any payments due to the CPs in their specified settlement accounts. Key consideration 9.2 If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. Description The BMSC had established specific criteria for the choosing settlement banks:  Licensed commercial banks approved by BNM.  Provide real time online banking system  Provide intraday facility  Must be able to comply with BMSC’s payment cut-off time.  Must have good credit standing - minimum of A for Rating Agency Malaysia (RAM) and BBB and C for Standard & Poor’s (S&P) Issuer Credit Rating and Bank Fundamental Strength Rating respectively. The BMSC has recently allowed the TCPs and NTCPs to choose their own settlement bank, however it continues to use the above criteria to select where it maintains its settlement accounts. The TCPs and NTCPs who want to choose a settlement bank beyond the three pre-selected by the BMSC would have to seek BMSC’s approval. As the change is rather recent, it is not clear how many TCPs and NTCPs will change their settlement banking partners. Key consideration 9.3 If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. 90 Description The BMSC had established specific criteria for the choosing settlement banks, refer response to the key consideration 9.2 above. The BMSC monitors the settlement concentrations, for 2011, the settlement concentrations across the three settlement banks were: 15.31% from CIMB, 41.56% from Maybank and 43.13% from Standard Chartered Bank. In response to the high concentration across two settlement banks, the BMSC has allowed the TCP and NTCPs to select their own settlement bank subject to the approval of the BMSC. Key consideration 9.4 If an FMI conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks. Description The BMSC does not settle in its books, hence this key consideration is not applicable. Key consideration 9.5 An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Description The BMSC does not have any legal agreements relating to the settlement process with the settlement banks relating to the settlement process. The agreements it has are as a regular banking customer and similarly for the TCPs/NTCPs. Key conclusion(s) The BMSC uses commercial bank model for settlement. It has established criteria to ensure that the chosen settlement banks minimize credit and liquidity risk. The settlement flows are concentrated in two banks the BMSC has already initiated measures to diversify the settlement banks. Assessment of Principle 9 Observed Recommendations and The BMSC, the BMDC, the SC and the BNM could in a time-bound manner comments migrate from settlement in commercial bank money to central bank money. Principle 10: Physical Deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Key consideration 10.1 Not Applicable and 10.2 Description Not Applicable Key conclusion(s) Not Applicable Assessment of Principle Not Applicable 10 91 Recommendations and comments Principle 12: Exchange of Value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example securities or foreign exchange transactions) it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 12.1 An FMI that is an exchange-of-value settlement system, should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis when finality occurs. Description The BMSC uses DvP Model 2. The funds leg is settled on a net basis at 10 AM on all settlement days. The securities leg is settled in gross 1-2 hours before 10 AM for the trade that are participating in FDSS settlement and just before 10 AM for the trades being settled in ISS settlement mode. The BMSC rules (refer response to PFMI 8) deem all the funds and securities transfer done by the BMSC final, however the title for the securities passes to the buyer only when the funds leg is completed. The BMDepo places a freeze on all securities transfer on all days until 10 AM, to ensure that transferred securities cannot be withdrawn or transferred until the funds leg is done. The only exception is with respect to transfers related to a force buy-in initiated by the BMSC to cover a buyer default. However the BMS rule 601.6 empowers the market participant to block his client from transacting on securities if they have met their settlement obligations. This rule operationally enables this scenario to actually play-out. Also the failed trades by both value and volume over the last 3 years are less than 0.02%. Key conclusion(s) The BMSC used DvP model 2 for settlement. The processes used by the BMSC ensure that only upon funds transfer the buyer has access to securities. The BMSC places a system-wide freeze on the BMDepo until 10 AM to ensure to securities are available only after funds have been settled. However technically there is a window available for participation in buy-in. This risk is significantly mitigated by the BMS rules empowering the market participant to block its clients from transacting on the delivered securities for which payments have not been made. In addition the value of failed trades is also very insignificant at the moment and does not pose an immediate issue of concern. Assessment of Principle Observed. 12 Recommendations and The BMSC should consider instituting controls to ensure that securities comments transferred during a settlement day are tagged and cannot be used for buy-in. This could be done by a system change in the BMDepo or by ensuring that the market participants enforce this at their end. 92 Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration 13.1 An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description Chapter 4 of the BMSC rules details what constitutes default and the process for handling defaults. The Rule 4.1 lists among others non-payment of any dues to the BMSC, declaration of insolvency, cancellation of license by the SC or failure to meet the financial requirements specified by the BMSC as constituting a default. The rule 4.2 gives a wide range of powers to the BMSC to handle defaults. The set of actions that the BMSC needs to take is specified: (i) notify all the participants; (ii) settle all novated contracts and compute the net dues/surplus; (iii) if there are dues from the TCP then the BMSC can use all the TCPs resources with it including the deposits and claw-back any securities transfers executed in step (i) and also use the CGF; (iii) if there is a surplus then the properties in lien can be released; and (iv) finally prepare a report including the net sum payable/due from the TCP to the SC. The Chapter 6 of the BMSC rules provide the powers to the BMSC to use the CGF in the event of default of a participant, the sequence specified is: usage of the failing participant’s contribution first, followed by the BMSCs contribution and finally the contribution of the other non-defaulting participants. The BMSC retains the claims from the defaulting TCP for any sums used from the CGF. The Chapter 6 of the BMSC rules pertaining to CGF provides the powers to seek replenishment of the CGF. The Rules in Chapter 4, list not honoring a replenishment request as constituting default. Section 43 of the CMSA provides for the default proceeding by the clearing house to take precedence over the Law of Insolvency. The internal procedures developed by the BMSC, list the following sequence of using the financial resources to handle the default: (i) use intra-day credit facilities to complete the settlement of novated contracts and execute buy-in in case of securities shortfall; (ii) contact the defaulting TCP to arrange for necessary funds, if not arranged constitute Default Management Committee; (iii) use the CGF in the order specified in the Ch 6; (iv) if CGF insufficient claw-back securities from the days settlement to off-set dues; and, (v) claw- back securities from TCPs proprietary transactions. If there are still outstanding dues, file a claim. Key consideration 13.2 An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. Description The BMSC has developed a Default Management Procedure, which describe the roles, obligations, and responsibilities of the various parties, including non- defaulting participants. The first step in this procedure is for the Default Management Committee to convene. The roles defined are: - Declaration of default by Chairman of DMC (Default Management Committee) - Suspension of accounts by the BMDepo 93 - Selection and liquidation of securities by risk management and approved by Chairman of DMC - Panel of non-defaulting participants to assist in the liquidation process - Payment of CGF/ other financial resources by Finance - Non-defaulting participants to replenish the CGF upon notification by risk management - Communication and press release by Default Recovery Management Committee (DRMT) The default handling procedures are reviewed as and when there are significant local or international developments. In the aftermath of the recent failure of a large commodity clearing house participants in the USA (MF Global) both the BMSC and the BMDC reviewed its default handling procedures. It now intends to conduct a default handling drill. The interests of the participant’s customers are protected by the BMDepo. This is provided under Rule 3.01(1)(h) and 3.02(2) of rules of BMDepo, which include the following to be followed by the BMDepo in the event of a participant default: (i) Establish Task Force Team to monitor CSD operations of the defaulting ADA while waiting for special administrator to be appointed; (ii) Special administrator to take over the task of overseeing the CSD operations; (iii) Identify new ADA to take over the CSD accounts of the depositors; and, (iv) Transfer all CSD accounts to the new ADA Key consideration 13.3 An FMI should publicly disclose key aspects of its default rules and procedures. Description The relevant rules and procedures are posted on the website of the Bursa Malaysia and are also available to the TCPs through the eRapid system for distribution of any changes by way of circulars. The BMSC has the powers to access all the relevant systems and book of accounts of the defaulting participant to assist the defaulting participant ’s customers. [Rule 2.11(b) of BMSC rules] and also as part of the periodic reporting from the TCPs require them to confirm segregation of client accounts. This is also a requirement under the CMSA. Key consideration 13.4 An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. Description The BMSC currently on an ongoing basis involves participants in one-on-one basis to discuss risk controls and default handling procedures. The assessor was notified at the time of the FSAP assessment that a default drill had already been scheduled for August 2012. The assessor was notified post the FSAP that this drill has subsequently been conducted and it has been scheduled to be executed annually. The assessor was notified of the planned default drill having been completed with no adverse findings and that it included the following scenarios; i) to test the BMSC’s default procedures with a broker and other relevant departments within BMSC; ii) to identify the market participant’s relevant CSD accounts of the affected T+3 purchase trades; and iii) the claw back of securities and other recovery procedures required. 94 Key conclusion(s) The BMSC has established a default management procedure which identifies the roles and responsibilities of the various stakeholders. The rules related to the default management are clearly specified in the BMSC rules and these have the backing of the CMSA. The rules provide ample powers and flexibility to the BMSC in handling defaults. The default management procedures are reviewed based on any significant domestic or international events. The BMSC along with the BMDC at the time of the FSAP had already scheduled for a default drill. The assessor was notified that this was subsequently conducted with no adverse findings. Assessment of Principle Observed 13 Recommendations and The BMSC should ensure the default drill is a periodic arrangement and it comments should use this to assess its readiness to manage the default management procedure. Principle 14: Segregation and Portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. Key consideration 14.1 A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. Description The BMSC does not manage funds and collaterals of participant’s clients. The part III, division 4 of the CMSA lays out the requirements for segregating [sec 111 and 118] and safeguarding of client positions by all market participants [sec 112-117]. Various sections in the CMSA further provide the clients of the participant’s full rights to seek details of their holdings from the participant either directly or through a representative. The BMSC as a market participant is subject to the audit of the SC and the aspects related to segregation are in the scope of the audits. The CMSA requires all securities and funds paid in or to be received by clients to be deposited into their segregated accounts no later than one day of the event [sec 111 (1) and 118 (1)]. The BMS rules also require all market participants to segregate client positions and funds. Compliance to this is assessed as part of the market participants supervision conducted at the BM group level. The BMDepo further requires maintenance of securities accounts at the beneficial owner level. The BMSC does not collect collateral and margins from the TCPs for transactions on the securities market. The BMSC only collects collateral for SBL-CLA transactions, and requires all SBL-CLA transactions to be entered in as a principal. These collaterals are collected from the TCP and reflected as the TCPs collateral. The SBL-CLA rules in Ch 7 of the BMSC rules, specify the situations in which SBL-CLA can be used, and require the arrangement of using SBL to be established explicitly to address any known short-fall of securities and for those entities designated as market-makers of ETFs. 95 The TCPs themselves could collect collateral and margin. The Rule 608.7(2) and Rule 703.10 of the BMS rules require all participating organizations to segregate the client’s accounts including collateral and margin paid from those of the participating organization and also from that of other customers. Section 118 of the CMSA requires this as well. In addition, there is also an overriding requirement on participants to ensure that customers' assets are adequately safeguarded under Rule 404.3(11) of the Rules of BMS. Key consideration 14.2 A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. Description The BMSC collect collateral from the TCPs only for the SBL-CLA transactions. The BMSC rules for SBL-CLA requires the borrowing TCPs to enter into the transaction as a principal. The collateral placed is hence recorded as that of the TCP. The CMSA requires all client assets collected by participants to be held in a trust account (sec 111). The securities accounts of clients are held in BMDepo at the beneficial owner level and hence provides for full segregation. Key consideration 14.3 A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. Description The BMSC treats the collateral as that of the TCP, and as such does not have any portability arrangements in place. The BMSC relies on the portability arrangements of the BMDepo with respect to securities. The BMDepo rules provide for the BMDepo to assist in porting client positions from a defaulting participant to another willing participant and also facilitate participants that can accept clients of defaulting participants [Part V, Rule 25.04]. Key consideration 14.4 A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. Description The BMSC rules are available at the Bursa Malaysia’s website and the SBL guidelines are available on the SC’s website. The rules require any entity acting as a principal for SBL-CLA or SBL-NT transaction to have prior permission from the SC to engage in SBL. Any other entity wanting to engage in SBL needs to use the services of an approved entity. Key conclusion(s) The BMSC does not manage client funds and securities, these are managed by the participants. The CMSA and the BMSC rules require participants to ensure segregation of client funds, securities and collaterals. Compliance to this is verified as part of the internal supervision arrangements of the BM and also by the SC. 96 The BMDepo holds securities accounts at beneficial owner level and provides for portability of securities of a client from one participant to another. The BMSC relies on this for segregation and portability of securities positions. The BMSC collects collateral only from the borrowers of securities in the SBL- CLA model. It does not collect collateral in the normal course of securities clearing and settlement functions. In the case of the SBL-CLA model, the borrower enters into the transaction as a principal and the collateral placed is held in the borrower’s name. The SBL activity is a regulated activity with very clear set of situations in which securities can be borrowed. Since collaterals are only collected in the course of SBL and not for regular securities settlement, the absence of an account structure and procedures to facilitate segregation and portability is not an issue of concern. Assessment of Principle Observed 14 Recommendations and The BMSC should include verification of its continued ability to assist comments movement of customer’s positions from a defaulting participant to another as part of its testing of default procedures. Please also refer recommendations under principle 13. Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration 15.1 An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description The general business risks are identified as part of the ERM framework described in the key considerations for the PFMI 2. The business risks are identified and managed at the BM group level. The business risks identified as part of this process are: competition risk, talent management risk, wrong business strategy or wrong execution, business interruption, reputational risk, economic risks, non-compliance to regulatory requirements and litigation risk. As described in the key considerations for PFMI 2, the BM group has established a group governance model and has established a robust risk management framework to assess, track and manage risks. The same framework is used for the management of the business risks as well. Key consideration 15.2 An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. 97 Description As of December 2011, the BMSC has enough liquid net assets funded by equity to support one year’s operational expenses. The BM group as a whole also as a policy maintains net liquid assets funded by equity to cover more than six months operating expenses. These are held in bank deposits with a maturity period of not more than three months. The adequacies of the liquid funds are reviewed on a half-yearly basis. The BMSC functions as a clearing house and has no other business activities. Key consideration 15.3 An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk- based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description The BMSC is a 100% owned subsidiary of the BM. The BMS which is also a 100% owned subsidiary of the BM is required by the CMSA to ensure orderly arrangements for the clearing and settlement of the securities transacted at the BMS. This responsibility folds up to the BM. In the event the BMSC cannot continue as a viable entity, then the BMS and in turn the BM is responsible for ensuring alternative arrangements are implemented and the BMSC is smoothly wound down. This said however there is no explicit plan to handle such a scenario. As of December 2011, the BMSC has enough liquid net assets funded by equity to support one year’s operational expenses. Key consideration 15.4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description The BM, BMSC, BMDepo and BMDC’s assets are held in fixed deposits and money market placement with approved financial institutions and liquid debt securities which are rated ‘AA’ and above by the local rating agencies. These assets can be easily liquidated in adverse market conditions at very little loss of value. In practice, 80% of its funds are invested in money market deposits. Key consideration 15.5 An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description Given that BMSC is wholly-owned by the holding company(BM), the holding company is readily available to inject equity capital in to the BMSC if required. In addition, the holding company, being a listed entity, may also raise funds via the capital market, as well as, for injection of equity capital to BMSC. There is however no explicit plan for raising additional equity for the BMSC at the moment. 98 Key conclusion(s) The BM uses an ERM framework and the BMSC leverages the BM groups risk management and governance arrangements. The BMSC as a 100% subsidiary of the BM and also the BM being responsible for ensuring availability of safe and efficient clearing and settlement arrangements, it can be reasonably assumed that alternative arrangements would be created by the BM in the event the BMSC has to be wound-down. The BMSC has liquid net assets funded by equity to cover over six months of operational expenses and these are maintained in bank deposits and money market instruments. However there are no explicit plans for this, including for raising additional equity if required for the BMSC. Assessment of Principle Observed 15 Recommendations and comments Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 16.1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description The BMSC holds all its cash assets as deposits in banks and debt securities. Around 80% of BMSC’s assets are held in current accounts or deposits in banks. The CGF and any other funds collected from the TCP are held in bank deposits. The investment policy sets out qualitative criteria on the financial institutions which determine the exposure limit in each bank. The investments are spread out in multiple banks to diversify its exposure to any single bank. In addition, the list of panel banks and exposure limits are reviewed on annual basis or as and when necessary (e.g. in adverse financial condition). Investment in debt securities must be rated ‘AA’ and above by the local rating agencies. Key consideration 16.2 An FMI should have prompt access to its assets and the assets provided by participants, when required. Description As BMSC’s assets are in commercial banks in Malaysia or debt securities it has prompt access to them. The equity collateral for SBL-CLA is held in the BMDepo. Key consideration 16.3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. Description Not applicable. Key consideration 16.4 An FMI’s investment strategy should be consistent with its overall risk- management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description The BMSC’s investment policy with respect to the CGF is specified in the BMSC rules. The collateral collected for SBL-CLA is held in BMDepo and in 99 normal course of business is not used by the BMSC. Key conclusion(s) BMSC maintains its participant’s assets in FDs and other types of accounts in commercial banks in Malaysia. The participant’s collateral pledged for SBL- CLA borrowing is held in the BMDepo. All the BMSC’s own assets are held in banks in current accounts or fixed deposits and debt securities. Assessment of Principle Observed 16 Recommendations and Comments Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Key consideration 17.1 An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description Operational risk is managed by the Corporate Risk Management Group for the whole Bursa group. An Enterprise Risk Management (ERM) framework is used for identifying, measuring, monitoring and managing risks. The risk assessment process involves identifying major processes, measuring risk events in terms of likelihood of occurrence and impact to the System Operators, and listing down current controls in place and management action plans if needed. The risk profiles are managed and updated from time to time. The risks identified include: (i) business interruption risk; (ii) physical security; (iii) information security risk; (iv) fraud; (v) operational errors; and, (vi) service provider related risks. Each of these risks have been further broken. The causes for each of these risks and how they can be addressed are documented and implemented. The overall approach is geared towards ensuring adequate back-up arrangements for all system components; data replication and data back-ups to ensure no data loss; operational controls and processes to reduce scope for errors and frauds and enable early identification; and, developing business continuity procedures and testing them periodically. The BCP simulation for the BMSC was carried out in November 2011. The Bursa group has developed a set of HR policies centred on providing a comfortable work environment and providing opportunities for learning and professional development. The Bursa groups measures the level of employee engagement on a periodic basis, in 2011 this was measured at 72%. The Bursa group uses ITIL framework for its IT management, which guides its on-going system changes and uses the Project Management Institute (PMI) methodology for project management. 100 Key consideration 17.2 An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk- management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. Description The Risk Management Committee (RMC) of the Bursa board is tasked with overseeing the risk management efforts of all the group institutions including that of the BMSC. The Corporate Risk Management department provides reports of the ongoing risk management activities, the status of identified risks, emerging concerns and action plans. The RMC meets at least four times a year. The RMC also updates and advises the board on all significant issues and reports on progress on the planned activities. Operational reliability related processes are subject to audit by an independent internal audit department. The internal audit department assesses the adequacy and effectiveness of controls to mitigate operational and information system risks in the areas of clearing and settlement. Audits are conducted according to an annual audit plan which is developed using a risk-based approach. Between 2009 and 2011, the internal audit department has audited the following BMSC processes: Equities funds settlement (April 2009); Securities clearing & settlement functions (June 2010); and, Securities risk management (August 2011). In addition, the internal audit department has also performed the following IT audits between 2009 and 2011 in relation to the configuration management, change management and system administration of the BMSC systems. Procedures in the Business Continuity Plan for mitigating business interruption risks are tested at least once a year. These procedures are also subjected to external audits by the SC and the appointed external auditor of BM. Key consideration 17.3 An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. Description The operational reliability objectives of the BMSC have been defined as: To ensure all clearing and settlement activities are processed, executed and completed in a timely manner, in accordance with the prescribed procedures, rules, guidelines and directives; To provide an efficient, reliable and stable clearing and settlement infrastructure; and, To ensure adequate risk management measures. These are recorded in the ERM related documents and the BCP plan documents. These objectives guide the overall risk management measures including the system design. Key consideration 17.4 An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. Description The BM IT team monitors the system capacity utilization on a daily basis of all systems, including that of the BMSC. In October 2011, the average capacity utilization was 50%. All new systems are subject to stress tests. Key consideration 17.5 An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. 101 Description BM’s group information security management systems have been certified under ISO 27001:2005. The access to data center is restricted with access granted only after proper verification. The data center is monitored using CCTV cameras. Key consideration 17.6 An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description The Bursa group’s back-up systems are in Damansara Heights in Kuala Lumpur, around 10 kilometres from the main site. Kuala Lumpur does not have any risk profile related to earthquakes and hurricane. These two different sites are provisioned with different power and communication service providers and also different power sub-stations and telecom exchanges. There is online data replication from the main site to the DR site. The BM group has a comprehensive group wide BCP plan. This is tested at least once a year. The BCPs test includes participation of the BMSC participants, they are required to connect to the BM’s disaster recovery site and verify their ability to conduct their usual services and also the integrity of their data. Appropriate re- calibration of the BCP are made and if required these are re-tested. The BM DR plans categorize systems in critical, essential and deferred. The trading systems are classified as critical (stage 1) and, the clearing and settlement systems as critical (stage 2). The order of the recovery of systems is: “Critical (Stage 1)”, “Critical (Stage 2)”, “Essential” and then finally “Deferred”. The Recovery Time Objective (RTO) for critical and essential systems is set at 5.5 hours, which was subsequently changed to four hours in July 2012. The BMSC, BMDC and BMDepo fall under “Critical Systems (stage 2)” which are to be recovered after the critical systems (stage 1) are recovered. The BCP documents of the BM classify recovery time into: (i) system recovery time; and, (ii) business recovery time. The system recovery time is defined as restoring the system in the back-up site and verification of the system and the business recovery time is defined as system recovery time plus one hour for mobilizing staff and other necessary time required to fully recover the business function. A three hour time window is envisaged from the occurrence of an event till the decision on how to handle the event is taken. The last three BCP tests carried out achieved a business recovery time of less than two hours on two occasions and three hours and 15 minutes on one instance. The BM as part of the business impact analysis process concluded that the current recovery time objective is sufficient to ensure completion of the clearing and settlement processing on a given settlement day by end of that day if there is a disruption during the end of day process. The details of the trade transactions are available for download from the BM systems by 8 PM on the T day and the settlement obligations corresponding to that are available for download at the beginning of day on T+3. The settlement obligations information is generated by the end-of-day process on T+2 which typically run from 9.30-11.30 PM on T+2. A disruption to this process can be recovered in 102 time to generate the obligations by T+3 beginning of day with the current recovery time objectives. In addition, the settlement timing can be extended by a few hours and still complete the settlement on T+3 as required. However occurrence of an event in the midst of the clearing and settlement process could impact the completion of the daily settlement. The back-up site is believed to have adequate capacity and as part of the annual BCP testing has been found to be capable of handling the operations for a sustained period of time. Key consideration 17.7 An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description Operational risks related to BMDepo, settlement banks and participants have a bearing on the BMSC. BMDepo holds all the securities accounts, and is required to ensure completion of the securities settlement and also for recording collaterals. Settlement banks are used to effect the settlement of funds. Operational issues faced by large participants could have large-scale impact. The risks in the BMDepo are addressed as part of the common group-wide operational risk management. The risks with respect to settlement banks is attempted to be mitigated by carefully choosing the settlement banks. All participants are required to maintain robust BCP and this is verified as part of the periodic onsite audits. The Bursa requires all participants to maintain robust BCP and this is ascertained as part of the ongoing supervision activities which includes onsite audits of the DR sites of the participants. The participants are also required to participate in the BCP tests of the BM. As part of the BCP testing the BM’s treasury processing and cash settlement unit which deals with the settlement bank including the ones which are liquidity providers, checks its ability to function from the DR site. The ability to provide online banking facilities is one of the criteria used to select settlement banks and banks that provide liquidity support. Key conclusion(s) The BMSC leverages the Bursa Group’s overall enterprise risk management framework. The Bursa group has a group-wide disaster recovery site that is 10 kilometers away from the main site. The BCP is tested annually with the participation of all stakeholders with a target RTO of 4 hours from the time disaster has been declared. The risk management activities are monitored by the RMC of the Bursa board. The standard requires achieving recovery of the functions of the BMSC in two hours from the time of occurrence of any disruption this in the terminology of the BM would mean a time required to assess the impact of the event and declare the course of action and the business recovery time all put together being two hours. Currently as per the stated RTO this would be around 7 hours – three hours for decision making and four hours for recovering business processes. The BCP includes assessing the BCP preparedness of the participants, and the ability of the BM units including the one dealing with settlement banks and liquidity providers, is checked. However the BCP preparedness of the settlement banks and liquidity providers is not assessed by the BMSC. It needs to be noted that the banks are under the supervision of the BNM and from the perspective of the SC and the BMSC this aspect is being monitored by the BNM. However the BMSC has no visibility on the effectiveness of the BCP effectiveness of its settlement banks and liquidity 103 providers. Assessment of Principle Broadly Observed 17 Recommendations and The BMSC operational reliability measures need to be enhanced: (i) Institute Comments RTO of 2 hours; and, (ii) BCP process needs strengthening to include testing of the BCP arrangements of the participants and settlement banks as part of the overall BCP testing and also including simulation of an operational impact in the midst of the clearing and settlement function of the BMSC in the beginning of the day and inability of one or more settlement banks and liquidity providers to provide the services. Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 18.1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description The BMSC has two types of members – Trading Clearing Participant (TCP) and Non Trading Clearing Participant (NTCP). TCPs are entities that are members of the BMS and introduce trades into the exchange and they clear and settle the trades through their membership in BMSC. The NTCP’s are essentially custodians, who manage funds and securities of their clients and upon instructions from their clients settle their customers trades conducted through a TCP, with the BMSC directly. The TCP hands-over such trades to the involved NTCP and both the parties inform the BMSC. All TCP and NTCP also need to be members of the BMDepo, as all client accounts are tied to a TCP and where relevant NTCP. The rules pertaining to becoming a participant in the BMSC and BMDepo are stated in the Chapter 2 of BMSC rules and Part II Chapter 2.0 and Part III Chapter 14 of BMDepo rules. These rules are available on Bursa Malaysia’s website. In addition relevant operating manuals are given to new participants and all changes are communicated through eRapid an online notification system used by the BM group. The TCPs are required to be members of the BMS as a Participating Organization. The BMSC rules state that the financial requirements related to the participation of the TCPs should be the same as for that for a PO in the BMS rules. The financial requirements and other membership requirements are same for the NTCP, except only entities that function as a unit trust, custodian, and investment bank or have been explicitly allowed by the SC to provide investment services can be a NTCP. The TCPs can be investment banks or any other institution that meets the financial requirements. Investment banks are regulated jointly by the SC and the BNM. The BNM has specified capital requirements for investment banks. There is a distinction made between investment banks that are part of a banking group, and those that are stand-alone. The capital required is different for each category. The BMS rules for PO, does not specify any specific financial requirement for investment banks, as they are covered under the BNM and SC guidelines. 104 The financial requirements for non-investment bank TCPs are specified in Ch 11 of the BMS rules. The rules require a minimum amount of financial and capital adequacy requirements. The capital adequacy requirement framework is a risk-based approach and participants are required to compute this on a daily basis, all exposures undertaken based on prescribed requirements to ensure that the Capital Adequacy ratio is above the prescribed minimum ratio of 1.20. In addition to the Capital Adequacy Requirement framework, the participant is required to maintain the minimum shareholders’ funds (unimpaired by losses) of at least RM20 million [Rule 1101 of BMS Rules]. There is a higher shareholders’ funds requirement for TCPs who provide additional services beyond pure broking services. The BMS rules also specify minimum operational requirements that participating organizations must adhere to. These include availability of trained personnel, data processing capacity, operational reliability measures and effective risk management measures. [Ch 3 &4, BMS rules]. Key consideration 18.2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. Description The participation requirements of the BMSC is primarily based on financial requirements and this is justified given the need of the BMSC as part of its risk management requirements and also for the orderly development of the market. There are differing financial requirements for investment banks (which are specified by the BNM and SC) and non-investment banks. The differing requirements take into account the risks posed by these institutions given their nature of the business. In setting the requirements for non-investment bank TCPs, the BMS has attempted to use the same approach used by the BNM and SC, and this has been developed with assistance of a consulting company. The access restrictions and requirements are reviewed as and when the need arise with the consultation of the SC. Any changes to the participation rules are reviewed by the SC. The participation rules are available in the public domain through the website of Bursa Malaysia. Key consideration 18.3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description The BM monitors ongoing compliance of participants on a group basis. There is a separate 24 member unit at the BM that handles this function. The participants of the exchanges, the clearing houses and the depository are all subject to the same process. The BM uses a combination of off-site supervision based on data collection and on-site inspections. On-site inspection frequency is guided by a risk-based profile of each participant. In general each PO is subject to on-site inspections at least once in 3 years, with those with a higher risk profile are audited more frequently. 105 The scope of the onsite and offsite supervision activities verifying participants ability to meet payment obligations, risk management policies, management supervision, compliance to its rules, staffing, internal audit and security of IT systems. The compliance head of a participating organization is required to report any violation of rules to the BMS or the BMD as the case maybe. All the participating organizations are required to report their capital adequacy ratio on a daily basis; liquidity position, Adjusted net capital and risk analysis of client positions on a weekly basis; and, profit and loss statement, statement about their compliance to the segregation requirement and detailed of the segregated positions. In addition there are reporting requirements related to errors, under-margining for SBL by their clients etc. The BMSC has adequate powers to ensure it is able to smoothly handle the exit of a participant voluntarily or involuntarily. The BMS rules [301.4] require the BMS to consult with the BMSC before it accepts the termination request of a PO. The rules 2.12 and 2.14 of the BMSC rules require a participant to provide at least 30 days’ notice and gives discretionary powers to the BMSC to reject the request if it could pose problems to the orderly functioning of the clearing house. In addition these rules provide the BMSC powers to place specific restrictions on the participant in the intervening period to ensure the BMSC can smoothly process the request for termination. The processes related to involuntarily exit are described in Ch 4 of the BMSC rules and also discussed in detailed in the analysis for PFMI 13. Key conclusion(s) Access policies and requirements are clear and transparent. The access criteria are risk based. The access policy and ongoing supervision are managed at the Bursa group level with specific requirements of the individual institutions being addressed in the respective rules. Assessment of Principle Observed 18 Recommendations and comments Principle 19: Tiered participation requirements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Assessment of Principle Not Applicable. 13 Recommendations and BMSC does not support tiered participation arrangements. Comments 106 Principle 20: FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks. Key consideration 20.1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. Description The only link the BMSC has with other FMIs is with the BMDepo for settlement of securities and depositing equity collaterals collected from the CPs. An operational failure in BMDepo will impact the BMSC as it would not be able to complete the securities settlement processes. The operational risks arising from this linkage are included in the overall operational reliability planning of the Bursa group. Key consideration 20.2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description The BMDepo and the BMSC are institutions licensed pursuant to the provisions in the SICDA and the CMSA respectively. The operational rules of these FMIs describe the linkages and the operational procedures. These rules have the backing of the SICDA and the CMSA. Key consideration 20.7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description Not Applicable Key consideration 20.8 Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfill its obligations to its own participants at any time. Description Not Applicable Key consideration 20.9 A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Description Not Applicable Key conclusion(s) The only FMI link the BMSC has is with the BMDepo. These two are operated from the same infrastructure and are part of the same holding company. These FMIs have a sound legal basis as discussed in their respective assessments of the PFMI 1. Assessment of Principle Observed 20 Recommendations and 107 comments Principle 21: Efficiency and Effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key consideration 21.1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description The primary means used by the BMSC for assessing its effectiveness is through a customer satisfaction survey conducted annually. There is extensive consultation with participants and with the SC prior to introduction of any new changes/enhancements. The BMSC also conducts periodic benchmarking of its services and fees with other clearing houses in the region like Hong Kong and Singapore. The recent enhancements to the matching features in the ISS, which enables a system- based matching of TCP and NTCP confirmations to use ISS, were a result of such benchmarking exercises. Key consideration 21.2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk- management expectations, and business priorities. Description The goals of the BMSC include: − To process, execute and complete all clearing and settlement activities in a timely manner, in accordance with the prescribed procedures, rules, guidelines and directives − To provide an efficient, reliable and stable clearing and settlement infrastructure − To ensure adequate risk management measures, including monitoring participant’s ability to meet their settlement obligations, effective handling of default and adequacy of financial resources. There are KPIs established for tracking achievement of these objectives both at the organization level and also at the level of the personnel. Key consideration 21.3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description The BMSC obtains feedback from the participants through the annual survey and other periodic consultations. In addition, the BMSC has identified and established targets for key operational indicators: (i) Time taken to complete trade processing; (ii) Adherence to cut- off times; and, (iii) System availability. BMSC also performs a post implementation review for any new initiatives, which involves consultation with the participants. This requirement is also imposed by the SC for any new initiatives/projects approved by the SC. The review report is tabled to the management. 108 Key conclusion(s) The BMSC has processes in place to ensure it remains efficient and meets the needs of its participants. The participants interviewed by the mission team also expressed satisfaction with the services provided by the BMSC. Assessment of Principle Observed. 21 Recommendations and comments Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 22.1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description The BMSC uses a proprietary message format. However the system interfaces use the industry standard protocols like TCP/IP. Key conclusion(s) The BMSC is currently used for clearing and settlement of securities market transactions in Malaysia. It uses proprietary message formats for exchanging of securities transfer instructions with the BMDepo and for receipt of ISS confirmations from the NTCPs. The other interactions with the participants are through system screens, and industry standard protocols are used for that. Assessment of Principle Observed 22 Recommendations and comments Principle 23: Disclosure of rules, key procedures and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks and fees and other material costs they incur by participant in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration 23.1 An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. Description The operational procedures and circulars issued by BMSC are made available to its clearing participants through eRapid. The BMSC and BMS rules are posted on the website of Bursa. Key consideration 23.2 An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. Description The system’s design and details of the operations are specified in the Technical Architecture Design and Operational Run Chart. This is provided to the 109 participants and if required their vendor upon completion of a Non-Disclosure Agreement (NDA). Technical documents on the system processes and designs are sent to participants through circulars. The fees and charges are provided to all new participants and changes are notified through circulars. The governance model of BMSC is provided in the annual report of Bursa Malaysia which is available to the public on Bursa Malaysia’s website. Similarly, disclosures to market participants about BMSC’s risks and the steps taken to mitigate the risks are also made via Bursa Malaysia’s annual report. The BMSC has also published its self-assessment against the RSSS. Key consideration 23.3 An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. Description All new participants are provided with requisite training to ensure they have the requisite knowledge of the systems, processes and rules. The ongoing supervision activities are used to identify if there are any gaps in the knowledge relating to process and rules. Based on discussions with the participant a suitable course of action is determined, which could include additional training. If need be, training will be provided to participants on areas that the participants feel they require refresher. Key consideration 23.4 An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description Fees charged by BMSC and BMDepo are communicated to the TCP/NTCP and ADA/ADM respectively via the rules of BMSC and rules of BMDepo or circulars. Since this is a prescribed fee, Bursa does not offer further discounts and if any it will consistently be applied to all future similar cases. Key consideration 23.5 An FMI should complete regularly and disclose publicly responses to the CPSS- IOSCO Disclosure framework for FMIs. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Description The current version of the Disclosure Framework was released only in mid- April 2012 and is still in consultation phase, for which reason this key consideration is deemed not applicable. The SC requires the BMSC to comply with international standards, and the BMSC is preparing to comply with this requirement. Key conclusion(s) The BMSC operates transparently. Its rules and procedures are clear and comprehensive and are fully disclosed to the participants and the participation and certain operational aspects are available to the general public. The BM participant supervision unit monitors ongoing compliance of the participants of the BMSC to the rules and has a process for training participants if it identifies that a participant does not understand the rules. BMSC intends to complete the disclosure framework as it is required to be in compliance to the international standards. Assessment of Principle Observed 110 23 Recommendations and The BMSC already has an established practice of transparency. It should in the comments short term comply with the disclosure framework specified in the PFMIs. VII. DETAILED ASSESSMENT - BMDEPO Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key consideration 1.1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions Description The BMDepo functions as the central securities depository for all the securities traded on the BMS - corporate equity, REITS, ETFs and warrants. The BMDepo is part of the BM group. The BMDepo has no links with any other CSD, but is linked to the CCPS - BMSC and BMDC. The BMDepo does not handle any functionality related to SSS. The BMDepo is an approved CSD under the SICDA sec 5.1. The legal framework governing the aspects related to the functioning of the BMDepo are described below: Immobilization: Section 14 of the SICDA requires all securities to be deposited in an approved CSD by 1 December 1998. Currently over 99% of all securities are immobilized in the BMDepo. Sec 24 of the SICDA prohibits withdrawal of securities except in circumstances specified in the rules of the depository. The rules of the BMDepo allow this in cases of de-listing, mergers and or maturity of the instrument. Sec 20 of the SICDA requires lodging of “Jumbo” certificates with the BMDepo and all transfers to be carried from thereon in electronic book entry form at the BMDepo. Division 6A, Part IV of the Companies Act 1965 sets out provisions applicable to companies whose securities are deposited with the central depository including Section107B and Section 107C which states that the transfer of any deposited securities shall be by way of book entry by the central depository. Finality: The finality related provisions stem from the rules of the clearing house [BMSC Rule 802.2] and the CMSA, and is described in the KC 1.1 for the BMSC. Ownership of securities: Sec 21 of the SICDA specifies that the CSDs like BMDepo would be a bare trustee with no rights on the securities. Sec 35 gives primacy to the ownership records in the books of the CSD and the owner as in the books of the CSD would have all the rights and liabilities as if he appeared in the relevant records of the issuer of the securities. Applicability of the rules of BMDepo: In a court of law in Malaysia, a transaction made is binding based on the contractual relationship between the operator of a payment system and its participants, through the provisions in the Contracts Act 1950. Legal protection for electronic payment transactions: The DSA provides the legal framework for the use of electronic signatures. In the court of law in Malaysia, an electronic payment transaction made is binding based on the contractual relationship between the operator of a payment system and its 111 participants. Furthermore, the EA recognizes any document produced by a computer as evidence in the court of law. Regulation and oversight of BMDepo: BMDepo is subject to regulatory oversight by the Securities Commission (“SC”). The SC’s role to supervise and monitor the activities of any clearing house is stipulated in section 15(1)(f) of the Securities Commission Act 1993 (SCA). Other aspects: The rules for the operational aspects are described in the BMDepo rules. The SICDA provides for a CSD to develop rules and these rules are also subject to the review and approval of the SC [Sec 9, CMSA]. Relevant jurisdictions: The participants of BMDepo, including foreign institutions, are subject to Malaysian laws. BMDepo is incorporated in Malaysia as a 100% owned subsidiary of BM, The relevant jurisdiction is only Malaysia. The BMDepo rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMDepo rules are deemed enforceable. Key consideration 1.2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description The BMDepo rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. Based on these assessments and also based on the assessments of the SC, the BMDepo rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Key consideration 1.3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description These Rules are publicly available at the Bursa Malaysia website www.bursamalaysia.com. In addition, all participants of BMDepo are notified of any amendments to the rules via circulars. The Operational procedures are readily accessible by the participants via eRAPID, a web-based solution to facilitate electronic transmission of circulars containing these operational procedures as well as other notices addressed to the participants. These operational procedures are not publicly available. The assessment against the RSSS conducted in 2007 which covered the BMDepo as well was published. This assessment has a good articulation of the legal basis. In addition, the SC requires a public consultation as a necessary step before it reviews and accepts any rule changes. The BMDepo also has included a detailed FAQ section in the BM website to explain the operations and procedures of the BMDepo. 112 Key consideration 1.4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description The BMDepo rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMDepo rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Key consideration 1.5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description The BMDepo’s operations could be subject to conflict of law in two scenarios: (i) immobilization of foreign securities traded on the BMS; and, (ii) foreign participant of the BMDepo. The BMDepo takes an independent legal opinion on the potential legal issues with respect to immobilizing the securities of a foreign issuer, in addition the BMDepo requires the issuers to comply with the SICDA. The BMDepo’s rules which have the backing of the Section 9 of the SICDA are considered to be applicable even in the case of foreign participants as regards their activities within Malaysia. Key conclusion(s) The legal and regulatory basis properly supports each of the material aspects of the BMDepos activities. The only jurisdiction of relevance is Malaysia. The rules, procedures and contracts derived from that legal and regulatory base are clear an understandable and are comprehensively articulated. BMDepo rules, procedures and contracts have not been subject to judicial controversy, and actions taken under such rules, procedures and contracts have not been voided or reversed by another administrative or judicial authority. The assessments done by the BM and the SC indicate the enforceability of all the provisions outlined in the BMDepo rules. Assessment of Principle Observed 1 Recommendations and comments Please refer the description for the BMSC. Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 2.1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other 113 relevant public interest considerations Description The BMDepo is a 100% subsidiary of the BM. The BM is a de-mutualized stock exchange holding company and as such is a public limited company. It has adopted the BM group governance model. The responses for the KC 2.1 of the BMSC are valid for BMDepo as well. Key consideration 2.2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description The responses for the KC 2.2 of the BMSC are valid for BMDepo as well. Key consideration 2.3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description The responses for the KC 2.3 of the BMSC are valid for BMDepo as well. Key consideration 2.4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of non-executive board member(s). Description The responses for the KC 2.4 of the BMSC are valid for BMDepo as well. Key consideration 2.5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description The responses for the KC 2.5 of the BMSC are valid for BMDepo as well. Key consideration 2.6 The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk- management and internal control functions have sufficient authority, independence, resources, and access to the board. Description The responses for the KC 2.6 of the BMSC are valid for BMDepo as well. Key consideration 2.7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. Description The responses for the KC 2.7 of the BMSC are valid for BMDepo as well. Key conclusion(s) The BM follows a group governance model and the BMDepo accordingly is subject to the governance arrangements of the BM. The arrangements provide an effective framework for ensuring promoting efficiency and public interest. The various board committees assist the board in executive its Governance mandate. The composition of the board and the various committees also promote the efficiency and public interest objectives. There are processes in 114 place to ensure effectiveness of the senior management. An ERM framework is used. The risk management function for securities clearing and settlement is adequately staffed and is overseen by the Risk Management Committee of the board. The rules and procedures are developed through a consultative process and the participants have adequate opportunities to express their views. Assessment of Principle Observed 2 Recommendations and comments Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 3.1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description The BMDepo is a 100% subsidiary of the BM. It has adopted the BM group governance model including for risk management. The responses for the KC 3.1 of the BMSC are valid for BMDepo as well. The BMDepo does not function as a SSS hence its risks are primarily related to business risk and operational risk and these are managed as per the ERM framework of the BM group. Key consideration 3.2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. Description The responses for the KC 3.2 of the BMSC are valid for BMDepo as well. Key consideration 3.3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. Description The responses for the KC 3.3 of the BMSC are valid for BMDepo as well. Key consideration 3.4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind- down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description The responses for the KC 3.4 of the BMSC are valid for BMDepo as well. Key conclusion(s) The BMDepo relies on the overall BM group ERM framework. A robust risk management framework is in place. The BMDepo does not function as a SSS hence its risks are primarily related to business risk and operational risk and these are managed as per the ERM framework of the BM group. Assessment of Principle Observed 115 3 Recommendations and comments Principle 11: Central Securities Depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Key consideration 11.1 A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains. Description BMDepo maintains accounts at the level of beneficial owners. The accounts are however tied to a participant of the BMS and instructions for transfers can originate either from the participating organizations or directly from the customer. The Sec 35 of the SICDA provides all the rights of securities ownership to the beneficial owner as recorded in the books of a CSD. Securities are created in BMDepo as a result of new public offerings, corporate actions or dematerialization of unlisted securities. In all cases this is done based on express instructions of the issuer or its registrar. The BMDepo rules govern what information is required, how it is to be exchanged and the time- lines involved. Similarly securities can be deleted only upon specific instructions by the concerned issuers or their registrars. The eRapid system is used for exchange of information between issuers/registrars and the BMDepo. Account holders interests The Sec 43 of the SICDA requires BMDepo as an approved CSD to protect the confidentiality of the account owners. Sec 23 of the SICDA and Ch 32 of the BMDepo rules require the provision of periodic account statements. The BMDepo rules further require customer permission for any securities transfers. The BMDepo operational controls and the governance model also require maintenance of strict audit trails and periodic audit of all critical procedures. Securities issuers interests Sec 28 of the SICDA requires an approved CSD to conduct a quarterly stock- take and reconcile the total securities as recorded in the jumbo certificates and the actual holdings as per the books of the CSD. The SICDA further requires the CSD to provide in a timely manner requests from the issuer for list of all securities holders and processing of any corporate actions. Internal Audit team of the BM performs an annual audit of the BMDepo operations. In addition the SC also conducts periodic audits. Key consideration 11.2 A CSD should prohibit overdrafts and debit balances in securities accounts. Description The BMDepo has instituted maker-checker procedures for all activities that can result in creation, deletion of transfer of securities. In addition there is a daily automated stock-take of all securities transactions and detailed audit trails are maintained. The BMDepo system also prevents any overdraft and debit balance in 116 securities accounts. Key consideration 11.3 A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. Description The SICDA mandates immobilization of all securities traded on the BMS. As of December 2011, 99.74% of securities in existence are immobilized in the BMDepo. The ones which are still held in paper form are the ones which were created before 1998. Key consideration 11.4 A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. Description The Rule 34 of the BMDepo rules provides for establishment of a compensation fund that can be used to recompense any loss to clients due to any negligence of BMDepo, internal fraud or because of any computer crimes. The size of the compensation fund currently is MYR50 million. In addition there is an insurance policy with a limit of indemnity of MYR 25 million. The maximum amount of compensation payable to a claimant is MYR 100,000 per claim. Key consideration 11.5 A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. Description The BMDepo maintains accounts at the level of beneficial owners. The BMDepo is prohibited as per the provisions in the SICDA from holding any securities which it immobilizes. [Sec 36]. Key consideration 11.6 A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks. Description The primary function of the BMDepo is recording of securities issuance, transfer of securities and deletion of securities. Recently the BMDepo has started providing distribution of dividends and other corporate actions like processing of bonus issues. The risks associated with these services are primarily operational risk in nature. The BMDepo has instituted appropriate operational controls to mitigate those risks. Key conclusion(s) The BMDepo’s operations have a strong legal basis. The operational procedures have been designed to ensure protection of the interests of the issuers and holders of securities. The BMDepo provides accounts at the level of beneficiary owner. A compensation fund has been created to recompense losses to the clients due to negligence, internal fraud or computer crimes. Assessment of Principle Observed 11 Recommendations and The BMDepo could institute periodic testing of its continued ability to support comments portability of client holdings. 117 Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration 13.1 An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description The BMDepo functions as a CSD with no activities related to SSS. All the participants of the BMDepo are required to be participants of the BMSC. The default of a participant is handled as per the default procedures of the BMSC. As per the default procedures the BMDepo can be required to execute transfer of securities to meet the settlement obligations of the BMSC participants and suspend the participant. Beyond this the BMDepo does not have any direct role in the default of a participant. The default procedures of the BMSC are described in the principle 13 for the BMSC. Key consideration 13.2 An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. Description As stated in the KC 13.1 above, the role of BMDepo is limited to executing specific transfers and suspending the defaulting participants’ accounts. The BMDepo is operationally well-prepared for this. Key consideration 13.3 An FMI should publicly disclose key aspects of its default rules and procedures. Description Please refer the discussion for KC 13.3 for the BMSC. Key consideration 13.4 An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. Description Please refer the discussion for KC 13.3 for the BMSC. Key conclusion(s) The BMDepo functions as a CSD with no SSS functions. The default of participants is handled as per the default procedures of the BMSC. Assessment of Principle Observed 13 Recommendations and comments Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration 15.1 An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor 118 execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description The general business risks are identified as part of the ERM framework described in the key considerations for the PFMI 2 for the BMSC. Under the group governance model the BMSC, BMDepo and the BMDC follow the same ERM framework for addressing business risk. The discussion under the KC 15.1 for the BMSC is applicable for the BMDepo as well. Key consideration 15.2 An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required achieving a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. Description As of December 2011, the BMDepo has enough liquid net assets funded by equity to support one year’s operational expenses. The discussion under the KC 15.2 for the BMSC is applicable for the BMDepo as well. Key consideration 15.3 An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk- based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description The discussion under the KC 15.3 for the BMSC is applicable for the BMDepo as well. Key consideration 15.4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description The discussion under the KC 15.4 for the BMSC is applicable for the BMDepo as well. Key consideration 15.5 An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description The discussion under the KC 15.5 for the BMSC is applicable for the BMDepo as well. Key conclusion(s) The BM uses an ERM framework and the BMDepo leverages the BM groups risk management governance arrangements. As mentioned for the BMSC, the BM group can be reasonably assumed to ensure the continued operation of the BMDepo or provide an alternative. However there is no explicit plan that has been developed to handle such an event. The BM group should consider developing such a plan. Assessment of Principle Observed 119 15 Recommendations and comments Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 16.1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description The BMDepo holds all its cash assets as deposits in banks and debt securities. The BMDepo does not hold any assets of the clients or the participants. The SICDA prohibits the BMDepo from holding any securities that are immobilized in the BMDepo. Key consideration 16.2 An FMI should have prompt access to its assets and the assets provided by participants, when required. Description As BMDepo’s assets are in commercial banks in Malaysia or debt securities it has prompt access to them. Key consideration 16.3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. Description Not applicable. Key consideration 16.4 An FMI’s investment strategy should be consistent with its overall risk- management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description The BMDepo does not hold any funds or securities of the participants. Key conclusion(s) BMDepo maintains its assets in FDs and other types of accounts in commercial banks in Malaysia. The BMDepo does not hold any assets of the participants. Assessment of Principle Observed 16 Recommendations and comments Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. 120 Key consideration 17.1 An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description Operational risk is managed by the Corporate Risk Management Group for the whole Bursa group. An Enterprise Risk Management (ERM) framework is used for identifying, measuring, monitoring and managing risks. The risk assessment process involves identifying major processes, measuring risk events in terms of likelihood of occurrence and impact to the System Operators, and listing down current controls in place and management action plans if needed. The risk profiles are managed and updated from time to time. The risks identified include: (i) business interruption risk; (ii) physical security for the infrastructure including for the safe-keeping of Jumbo certificates; (iii) information security risk; (iv) fraud; (v) operational errors in securities transfers and other ancillary services like dividend transfers; and, (vi) service provider related risks. Each of these risks have been further broken. The causes for each of these risks and how they can be addressed are documented and implemented. The overall approach is geared towards ensuring adequate back-up arrangements for all system components; data replication and data back-ups to ensure no data loss; operational controls and processes to reduce scope for errors and frauds and enable early identification; and, developing business continuity procedures and testing them periodically. The BCP simulation for the BMDepo (as part of the BM BCP) was carried out in November 2011. The Bursa group has developed a set of HR policies centred on providing a comfortable work environment and providing opportunities for learning and professional development. The Bursa groups measures the level of employee engagement on a periodic basis, in 2011 this was measured at 72%. The Bursa group uses ITIL framework for its IT management, which guides its on-going system changes and uses the Project Management Institute (PMI) methodology for project management. Key consideration 17.2 An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk- management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. Description Please refer the discussion under KC 17.2 for the BMSC FMI. Key consideration 17.3 An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. Description The operational reliability objectives of the BMDepo have been defined as: – To ensure confidentiality and integrity of the securities accounts; – To provide an efficient, reliable and stable provision of depository services; and, – To ensure adequate risk management measures. These are recorded in the ERM related documents and the BCP plan documents. These objectives guide the overall risk management measures including the system design. 121 Key consideration 17.4 An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. Description The BMSC and BMDepo systems run on the same system. The Bursa IT team monitors the system capacity utilization on a daily basis of all systems, including that of the BMSC/BMDepo. In October 2011, the average capacity utilization was 50%. The BMDepo system experienced down-times five times in 2011. Three of the instances were related to the web-server overload from high number of concurrent users and were operations were restored in 30 minutes. The remaining two instances related to some configuration problems which impact two stocks and normal operations were resumed within the day. The BMDepo has identified the constraints in the number of concurrent users it is able to handle and is working on upgrading the required system component in 2012. Key consideration 17.5 An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. Description Please refer discussion under KC 17.5 for BMSC. Key consideration 17.6 An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description The Bursa group’s back-up systems are in Damansara heights in Kuala Lumpur, around 10 Kilometres from the main site. There is online data replication from the main site to the DR site. The Bursa group has a comprehensive group wide BCP plan. This is tested at least once a year. The BCPs test includes participation of the BMSC, BMDepo and participants, they are required to connect to the BM’s disaster recovery site and verify their ability to conduct their usual services and also the integrity of their data. Appropriate re-calibration of the BCP are made and if required these are re- tested. The Business Recovery Time Objective (RTO) for critical systems which includes BMDepo operations was set at 5.5 hours at the time of the FSAP which has subsequently been reduced to four hours in July 2012. As explained in the KC 17.6 for the BMSC this time includes the time for the system recovery and also mobilization of the necessary staff and resources at the backup site. This however does not include the time taken for the decision to invoke disaster recovery process, which is envisaged to take up to 3 hours. The business recovery time objective is computed based on recovery of all the systems and processes of the BM in the back-up site. As per the BM simulations recovery of individual systems and processes could be lower. During the recent BCP testing the business recovery of the BMDepo processes achieved a recovery time of just above two hours on two occasions and over three and a half hours in one instance. 122 The business impact analysis of the BMDepo processes shows there is sufficient buffer available in the event of an operational impact to the end-of-day processes of the BMDepo. The business hours of the BMDepo are from 8.30 Am to 7.00 PM Monday through Friday. The End-of-Day processes are scheduled from 9.30-1.30 PM. An impact to this process can be recovered by beginning of day of the subsequent day with the current recovery time objective. The securities delivery from the BMSC for the ISS settlement mode is required by 10 AM on T+3 into the relevant securities accounts in the BMDepo. In the case of non-ISS settlement mode, the securities are required to be delivered by 4 PM on T+2. The funds settlement leg is linked with completion of the securities settlement leg. An operational impact to the BMDepo during these times could impact the ability of the BMSC to complete its settlement on T+3 basis. Key consideration 17.7 An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description Operational risks related to BMDepo have a bearing on the BMSC and BMDC. BMDepo holds all the securities accounts, and is required to ensure completion of the securities settlement and also for recording collaterals. The risks in the BMDepo are addressed as part of the common group-wide operational risk management. Key conclusion(s) The BMDepo leverages the Bursa Group’s overall enterprise risk management framework. The Bursa group has a group-wide disaster recovery site that is 10 kilometers away from the main site. The BCP is tested annually with the participation of all stakeholders with a target RTO of 5.5 (recently changed to 4 hours) plus the time required for decision on action to be taken for handling the event which in total could lead to a recovery time of over 7 hours. The risk management activities are monitored by the RMC of the Bursa board. Assessment of Principle Broadly Observed 17 Recommendations and The BMDepo operational reliability measures need to be enhanced to achieve comments RTO of 2 hours. Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 18.1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description There are two-types of participants of the BMDepo – Authorized Depository Agents (ADA) and Authorized Depository Member (ADM). The ADAs are essentially the TCPs of the BMSC and the ADMs the NTCP (custodians) of the BMSC. 123 The criteria applicable to applicant applying to be Authorised Depository Agents (ADAs) and Authorised Direct Members (ADMs) are stipulated under Rule 2.02 and 14.02 of Rules of BMDepo respectively. The participants of the BMDepo are required to be participants of the BMSC and also the BMS. The access criteria described in the PFMI 18 for the BMSC are hence applicable for the BMDepo as well. Key consideration 18.2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. Description Please refer the discussion for KC 18.2 for BMSC. Key consideration 18.3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description Please refer the discussion for KC 18.3 for BMSC. Key conclusion(s) Access policies and requirements are clear and transparent. The access criteria are risk based. The access policy and ongoing supervision are managed at the Bursa group level with specific requirements of the individual institutions being addressed in the respective rules. Assessment of Principle Observed 18 Recommendations and comments Principle 19: Tiered participation requirements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Assessment of Not Applicable Principle 19 Recommendations and BMDepo does not support tiered participation arrangements. comments Principle 20: FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks. Key consideration 20.1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. 124 Description The BMDepo has links with the BMSC and BMDC for settlement of securities and depositing equity collaterals collected from the participants of these clearing houses. However as the BMDepo effectively carries out instructions issued by the BMSC and BMDC, it as such is not dependent on them The operational risks arising from this linkage are included in the overall operational reliability planning of the Bursa group and also discussed in the PFMI 20 for the BMSC and BMDC. Key consideration 20.2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description Please refer KC 20.2 for the BMSC and BMDC. Key consideration 20.3 Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high quality collateral and be subject to limits. Description Not applicable. Key consideration 20.4 Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. Description Not applicable Key consideration 20.5 An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. Description Not applicable Key consideration 20.6 An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. Description Not Applicable Key consideration 20.7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description Not Applicable Key consideration 20.8 Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfill its obligations to its own participants at any time. Description Not Applicable Key consideration 20.9 A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Description Not Applicable Key conclusion(s) The BMDepo has links with the BMSC and BMDC. However the link is in a way unidirectional from the BMSC and BMDC to BMDepo, the BMDepo as such is not dependent on them but the other way around. So effectively this 125 principle is not applicable for the BMDepo. Assessment of Not Applicable Principle 20 Recommendations and comments Principle 21: Efficiency and Effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key consideration 21.1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description The BMDepo is designed as a CSD. Its operational procedures, membership arrangements and technology arrangements are geared towards achieving efficient operations. The BMDepo has also enhanced its services to the issuers to enable seamless processing of dividends and other corporate actions. Key consideration 21.2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities. Description The goals of the BMDepo are: - To protect confidentiality of securities accountholder information at all times. - To prevent any unauthorized usage of securities accounts. - To provide efficient services when dealing with securities accountholders request for any services related to depository as prescribed in the timeline in the CDS Procedure Manual for ADA/ADM and also the User Guide for Depositors of BMDepo - To continuously monitor all submission by securities accountholders ensuring they have been attended to within the scope of request and authorized by the securities accountholder - To ensure adequate risk management measures - To ensure safe custody of securities in securities accountholders - To facilitate efficient deposit of securities. - To facilitate registration of dealings in securities - To establish a proper and efficient system for recording of all securities held by securities accountholders. - To guard against any falsification of records or accounts maintained with the depository. There are KPIs established for tracking achievement of these objectives both at the organization level and also at the level of the personnel. Key consideration 21.3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description The BMDepo obtains feedback from the participants through the annual survey 126 and other periodic consultations. In addition, the BMDepo has a role to play in the efficient functioning of the BMSC and as such the operational indicators of the BMSC are applicable for the BMDepo as well. The BMSC has identified and established targets for key operational indicators: - Time taken to complete trade processing; - Adherence to cut-off times; - System availability. BMDepo like BMSC and BMDC also performs a post implementation review for any new initiatives, which involves consultation with the participants. This requirement is also imposed by the SC for any new initiatives/projects approved by the SC. The review report is tabled to the management. Key conclusion(s) The BMDepo has processes in place to ensure it remains efficient and meets the needs of its participants. The participants interviewed by the mission team also expressed satisfaction with the services provided by the BMDepo. Assessment of Observed Principle 21 Recommendations and comments Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 22.1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description The BMDepo uses a proprietary message format. However the system interfaces use the industry standard protocols like TCP/IP. Key conclusion(s) The BMDepo functions as a CSD. It uses proprietary message formats for exchanging of securities transfer instructions with the BMSC and collateral registrations arising from the BMSC and BMDC. The other interactions with the participants are through system screens, and industry standard protocols are used for that. Assessment of Observed Principle 22 Recommendations and comments 127 Principle 23: Disclosure of rules, key procedures and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks and fees and other material costs they incur by participant in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration 23.1 An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. Description The operational procedures and circulars issued by BMDepo are made available to its clearing participants through eRapid. The BMDepo, BMSC and BMS rules are posted on the website of Bursa. Key consideration 23.2 An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. Description The system’s design and details of the operations are specified in the Technical Architecture Design and Operational Run Chart. This is provided to the participants and if required their vendor upon completion of a NDA. Technical documents on the system processes and designs are sent to participants through circulars. The fees and charges are provided to all new participants and changes are notified through circulars. The fees are also available in the BMDepo rules. The governance model of BM group which includes the BMDepo is provided in the annual report of BM which is available to the public on Bursa Malaysia’s website. Similarly, disclosures to market participants about BMDepo’s risks and the steps taken to mitigate the risks are also made via Bursa Malaysia’s annual report. The BM has also published its self-assessment of the BMSC and BMDepo against the RSSS in 2007. Key consideration 23.3 An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. Description All new participants are provided with requisite training to ensure they have the requisite knowledge of the systems, processes and rules. The ongoing supervision activities are used to identify if there are any gaps in the knowledge relating to process and rules. Based on discussions with the participant a suitable course of action is determined, which could include additional training. If need be, training will be provided to participants on areas that the participants feel they require refresher. Key consideration 23.4 An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description Fees charged by BMSC and BMDepo are communicated to the TCP/NTCP and ADA/ADM respectively via the rules of BMSC and rules of BMDepo or circulars. Since this is a prescribed fee, Bursa does not offer further discounts and if any discounts are provided in the future it is expected to be consistently applied to all similar cases. Key consideration 23.5 An FMI should complete regularly and disclose publicly responses to the CPSS- IOSCO Disclosure framework for FMIs. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. 128 Description The current version of the Disclosure Framework was released only in mid-April 2012 and is still in consultation phase, for which reason this key consideration is deemed not applicable. The SC requires the BMDepo to comply with international standards, and the BMDepo is preparing to comply with this requirement. Key conclusion(s) The BMDepo operates transparently. Its rules and procedures are clear and comprehensive and are fully disclosed to the participants and the participation rules and certain operational aspects are available to the general public. The BM’s participant supervision unit monitors ongoing compliance of the participants of the BMDepo to the rules and has a process for training participants if it identifies that a participant does not understand the rules. BMDepo intends to complete the disclosure framework as it is required to be in compliance to the international standards. Assessment of Observed Principle 23 Recommendations and The BMDepo already has transparency objectives and discloses all key comments information. In the short term the BMDepo should fully comply with the disclosure framework requirements of the PFMI. VIII. DETAILED ASSESSMENT BMDC Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key consideration 1.1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions Description The clearing and settlement of derivatives transactions, is operated by Bursa Malaysia Derivative Clearing Bhd (BMDC). The law and regulations governing clearing and settlement activities in the derivatives markets are the Capital Markets and Services Act 2007 (CMSA) and Rules of BMDC (the Derivatives Clearing House) and Rules of BMD (the Derivatives Exchange) and the contractual agreement between BMDC and their participants. In addition, certain aspects relating to the activities of BMDC are covered in the Evidence Act 1950, the Companies Act 1965, Digital Signature Act 1997, Contract Act 1950 and, Securities Commission Act 1993. The Capital Markets and Services Act 2007 (CMSA) governs the establishment and contains certain provisions pertaining to the operation of clearing houses, which encompasses the function of CCP (Part II, subdivision V) in Malaysia and is publicly available and accessible from the Securities Commission’s (SC) website at www.sc.com.my. These provisions in the CMSA require the clearing house to publish rules and specify the aspects that need to be covered. In addition, BMDC’s operations as a CCP is governed by the contract it has with its participants. All participants enter into contracts as principal whether or not they are acting on behalf of client. The key aspects of the BMDC that require legal certainty given its nature as an 129 CCP for derivatives market and its particular arrangements for liquidity provisioning are properly provided for, as follows: Finality: Rule 602(d) of BMDC rules bind the clearing participants to the open contracts in the system and all settlements are deemed final and irrevocable. In addition the CMSA (Sec 43) provides protection from insolvency proceedings from impacting initiation and completion of a clearing houses default procedures. The BMDC rules specify insolvency of a participant as a condition for triggering default procedures (Ch 10). Netting: Rule 614(b) of BMDC Rules provides that BMDC is entitled to set off any amount due from a clearing participant to the clearing house against any amount due from the clearing house to the clearing participant. As described in the discussion on netting in the PFMI 1 for the BMSC, though the protection for netting procedures is at the level of rules, the legal framework as a whole in the view of the SC protects netting and also novation. Novation: Rule 602 of the BMDC rules describes the novation process and the point of novation as the moment the market contract is accepted by the BMDC. Rights and interests in financial instruments: Rule 613 of BMDC Rules prescribes for the Clearing House to determine and collect margin from clearing participants. Rule 616 of the same rules provides for the manner in which approved collateral for margin shall be pledged with the BMDC. In addition, Rule 1001 states that in the event of a default by the clearing participant, BMDC has the power to liquidate the collateral of the clearing participant held by the clearing house and set-off the amounts realized against any loss incurred by the clearing house in liquidating or novating the rights and obligations under the open contracts of the clearing participant in default. The requirement to include provisions related to this is stated in the CMSA. Default handling procedures: Chapter 10 of the BMDC rules specify the default handling procedures – the events that constitute default, the rights of the BMDC to implement the stated procedures and the handling of the open contracts and any pending settlements. The BMDC rules define default broadly as any failure by a participant to meet the financial obligations or due to the clearing house. The CMSA protects the implementation of the default procedures from any interference from the implementation of any insolvency procedures on the concerned participant. Under Subdivision 6 of Part II of the CMSA, modifications to the laws of insolvency and miscellaneous provisions in relation to the default procedures of the clearing house are provided for. In the case where the system participants are member institutions of Malaysian Deposit Insurance Corporation (MDIC), the MDIC Act 2011 provides for MDIC to assume control of the member institution, upon notification by BNM that the member institution has ceased to be viable. The invocation of Part VII of the MDIC Act 2011 will not affect the ability of the clearing house to enforce the rules and contracts governing the legal relationship between BMDC and the system participants Applicability of the rules of BMDC: In a court of law in Malaysia, a transaction made is binding based on the contractual relationship between the operator of a payment system and its participants, through the provisions in the Contracts Act 1950. In this regard, all BMDC participants have signed an agreement as a principal, which binds the participants to the relevant rules and procedures. Legal protection for electronic payment transactions: The DSA provides the legal framework for the use of electronic signatures. In the court of law in 130 Malaysia, an electronic payment transaction made is binding based on the contractual relationship between the operator of a payment system and its participants. Furthermore, the EA recognizes any document produced by a computer as evidence in the court of law. Regulation and oversight of BMDC: BMDC is subject to regulatory oversight by the Securities Commission (“SC”). The SC’s role to supervise and monitor the activities of any clearing house is stipulated in Sec 15(1)(f) of the Securities Commission Act 1993 (SCA). This encompasses the oversight regulation of the securities and derivatives settlement system. By virtue of section 38 of the CMSA, BMDC is approved by the SC, with the concurrence of the Minister of Finance, to be an approved clearing house for the regulation of services for the clearing and settlement of derivatives transactions. Other aspects: Aspects relating to collection of margins, the settlement process, and establishment of clearing fund, delivery procedures and financial requirements for participants are described in the BMDC rules. Relevant jurisdictions: The participants of BMDC, including foreign institutions, are subject to Malaysian laws. BMDC is incorporated in Malaysia as a 100% owned subsidiary of BMD, which is 75% owned by BM and 25% by CME incorporated in the USA. The relevant jurisdiction is only Malaysia. The BMDC rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMDC rules are deemed enforceable. Key consideration 1.2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description The BMDC rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the Competition Act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMDC rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Key consideration 1.3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description These Rules are publicly available at the Bursa Malaysia website www.bursamalaysia.com. In addition, all participants of BMDC are notified of any amendments to the rules via circulars. The Operational procedures are readily accessible by the participants of BMDC via eRAPID, a web-based solution to facilitate electronic transmission of circulars containing these operational procedures as well as other notices addressed to the participants. These operational procedures are not publicly available. A consultative panel has also been established as an advisory body for both the clearing houses. Participants are also provided an opportunity to comment on 131 material changes to rules and procedures. Key consideration 1.4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description The BMDC rules have been approved by the SC including any ongoing amendments except for ones deemed to have no material impact. The BM also has a process of seeking external legal opinion in the course of making any amendments like in the case of introducing securities borrowing and lending for the BMSC and recently for all rules in relation to the introduction of the competition act 2010 in Malaysia. These assessments and also based on the assessments of the SC, the BMDC rules are deemed clear, understandable, enforceable and consistent with the Malaysian legal framework. Key consideration 1.5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description Aside from margin collateral lodged by the Clearing Participants in Renminbi and Hong Kong Dollars which is held in BMDC’s bank account in Hong K ong, there are no other sources of potential conflict of law. Any margin collateral held in Hong Kong would be subject to the laws of Hong Kong and as such, this is a source of potential conflict of law. The Hong Kong Monetary Authority’s Deposit Protection Scheme Ordinance 2004 establishes a deposit protection scheme in Hong Kong where the protection limit is set at HK500,000 per depositor per bank. BMDC’s risk of holding a bank account in Hong Kong and being subject to a potential conflict of law is mitigated by BMDC having procedures in place to monitor and to transfer the funds in Hong Kong back to Malaysia in the event the limit of the Hong Kong deposit protection scheme is breached. Key conclusion(s) The legal and regulatory basis properly supports each of the material aspects of the BMDC activities in Malaysia. The rules, procedures and contracts derived from that legal and regulatory base are clear an understandable and are comprehensively articulated. BMDC rules, procedures and contracts have not been subject to judicial controversy, and actions taken under such rules, procedures and contracts have not been voided or reversed by another administrative or judicial authority. Assessment of Observed. Principle 1 Recommendations and The CMSA and the SCA do not explicitly recognize netting and novation. These comments are however described in the operating rules including in the default procedures. The default procedures as per the CMSA have primacy in the event of insolvency of a participant. Hence the SC is of the opinion that the legal framework in Malaysia adequately recognizes netting and novation. This opinion has been validated by an independent legal opinion as well. It is recommended that to strengthen the legal certainty these issues be addressed at the level law in the medium term. The proposed Financial Services Act provides a good opportunity for that. 132 Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 2.1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations Description The BMDC is a fully owned subsidiary of the BMD, which in turn is a joint venture between the BM (75%) and the Chicago Mercantile Exchange (25%). The BM is a de-mutualized stock exchange holding company and as such is a public listed company, and the CME is incorporated in the USA. The objectives of the BMDC follow directly from the CMSA, which requires approved clearing houses like the BMDC to ensure that there are orderly, clear and efficient clearing and settlement arrangements for transactions in derivatives. The CMSA also requires clearing houses like the BMDC to prioritize public interest over its commercial business interests. The objectives of the BMDC are recorded in its memorandum and articles of association. The BM adopts a group governance model, and hence the overall KPIs for the BMDC are derived from the KPIs of the group as a whole in addition to the specific KPIs of the BMD. The KPIs of the BM for 2011-12 are mentioned in the KC2.1 for the BMSC. The KPIs for the BMD is grouped into four areas: (i) financial objectives; (ii) shareholder value; (iii) internal processes; and, (iv) enhancing employee learning and development. The derived KPIs for the BMDC comprises of a combination of implementing new initiatives, supporting increase in number of participants and efficiency objectives. Performance against the BMDC KPIs is measured through a scorecard developed each year in discussion with the Nominations and Remuneration Committee a BM board committee. The performance against these KPIs is assessed quarterly, mid-yearly and annually. The reviews are discussed with the BMD CEO and the final annual review is presented to the NRC, and after adoption is also tabled to the SC. Key consideration 2.2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description All the business unit heads including the CEO of BMDC participate in fortnightly meetings with the BM CEO. This meeting is used for discussion of all strategic areas The BM follows a group governance model, wherein all governance arrangements are handled at a group level by the board of the Bursa group. The BMDC which is 100% owned by the BMD which in turn is a joint venture between BM (75%) and CME (25%) has a separate board. However the BMD has adopted the Risk Management Committee, Nominations and Remuneration Committee, Audit committee, Market Participants Committee and Appeals Committee of the BM board. 133 Key consideration 2.3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description The Board of Directors of the BMD has primary responsibility for the governance and management of the company and BMDC. In addition, the BMD Board of Directors adopted certain board committees of the BM board. Information regarding the governance, ownership and board and management structure of BM, including that of BMD and BMDC is publicly available at the website of Bursa Malaysia: www.bursamalaysia.com The board of the BMD comprises of 3 directors: two from the BM and one from the CME. The details of the boards of the BM, the various board committees and evaluation of the board are in the description for KC2.3 for the BMSC. Key consideration 2.4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of non- executive board member(s). Description The BMD and in turn BMDC have adopted the group governance model. Please refer to the description for KC 2.4 for the BMSC. Key consideration 2.5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description The BMD and in turn BMDC have adopted the group governance model. Please refer to the description for KC 2.5 for the BMSC. Key consideration 2.6 The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board. Description The BMD and in turn BMDC have adopted the group governance model. Please refer to the description for KC 2.6 for the BMSC. The ERM framework requires the business owners to be responsible for identifying and monitoring the risks specific to their business. Accordingly the BMDC has created the Derivatives Operations Risk Management function that is responsible for risks associated with the BMDC and reports to the CEO of the BMD. This function has a total of three staff. Key consideration 2.7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. 134 Description The BMD and in turn BMDC have adopted the group governance model. Please refer to the description for KC 2.7 for the BMSC. Key conclusion(s) The BM follows a group governance model and the BMDC accordingly is subject to the governance arrangements of the BM. The arrangements provide an effective framework for ensuring primacy of efficiency and public interest. The various board committees assist the board in executive its Governance mandate. The composition of the board and the various committees also promote the efficiency and public interest objectives. There are processes in place to ensure effectiveness of the senior management. An ERM framework is used. The risk management function for derivatives clearing and settlement is adequately staffed and is overseen by the Risk Management Committee of the board. The rules and procedures are developed through a consultative process and the participants have adequate opportunities to express their views. Assessment of Observed Principle 2 Recommendations and comments Refer the table for BMSC Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 3.1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description The BMDC has adopted the group governance model of the BM group and in particular for the risk management framework. Please refer the description for the KC 3.1 for the BMSC. Key consideration 3.2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. Description The BMDC has adopted the group governance model of the BM group and in particular for the risk management framework. Please refer the description for the KC 3.2 for the BMSC. Key consideration 3.3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk- management tools to address these risks. Description The BMDC has adopted the group governance model of the BM group and in particular for the risk management framework. Please refer the description for the KC 3.3 for the BMSC. 135 Key consideration 3.4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description The BMDC has adopted the group governance model of the BM group and in particular for the risk management framework. Please refer the description for the KC 3.4 for the BMSC. Key conclusion(s) The BMDC relies on the overall BM group ERM framework. A robust risk management framework is in place. A large scale default of participants could impair the financial resources of the BMDC. The approach of the BMDC is to monitor the participant’s financial resources, collection of MTM margins for all open contracts and daily stress testing of the adequacy of the CF. The prevalent legal framework would require the BM and the BMD to ensure that the BMDC is supported to resume operations. Assessment of Observed Principle 3 Recommendations and comments Principle 4: Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Key consideration 4.1 An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. Description The BMDC functions as the CCP for the derivatives market and in its role as the CCP it is exposed to credit risk stemming from the potential inability of one or more participant to discharge their settlement obligations. The BMDC has instituted a framework for managing its credit risk, this comprises of: margin collateral collected for every trade (Rule 613) and powers to call for intraday margin (rule 615), security deposit from each participant (Rule 206A), require each participant to contribute to clearing fund (rule 401), stringent financial requirements to become a participant (rule 208) and rigorous ongoing monitoring 136 of the same, and finally, clear and enforceable default rules. In addition to the daily monitoring and stress test to check the adequacy of the clearing fund, BMDC also reviews the size of the Clearing Fund on a monthly basis to determine if there is a need to increase the Clearing Fund size. BMDC has a robust mechanism for monitoring the liquidity and credit position of the participants. Clearing participants are required to submit to BMDC, on weekly basis, information related to their cash deposit for both segregated and un-segregated accounts with financial institutions and the available credit facilities as prescribed in Chapter 24 of BMDC’s clearing participants Manual. This information is submitted online. BMDC runs simulation of potential intraday cash shortage for each clearing participant and assesses the impact against the clearing participants’ cash in the bank and their credit facilities. This assessment is to analyse the clearing participants’ liquidity position and ability to meet margin call by BMDC when it is due. The BMDC monitors positions of participants on an ongoing basis and has the powers and operational ability to establish position limits (rules 1103 and 613.1) and also inform any abnormal trends to the SC. BMDC nets fund settlement at client level and settles that with the CP. Key consideration 4.2 An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. Description The sources of credit risk for the BMDC stem from its role as a CCP. As a CCP, BMDC is responsible to settle all novated contracts, even in the event of one of more participants failing to honor their side of the contract. BMDC uses a combination of initial margin, variation margin and establishing position limits to control its credit risk. The initial margin is collected at the time of contract acceptance and variation margin is collected based on a daily MTM process. BMDC measures its exposure to CPs at the end of each business day. In times of volatile market, the derivatives clearing house performs intraday mark- to-market process, using the latest information snapshot from real-time trading activities and prices, to measure the exposure and collect the shortfall, if any, from the CPs [Rule 615]. The BMDC uses a DVP model 2 settlements, only the Palm Oil futures could result in physical delivery the rest result in financial settlement. The funds settlement is done on a net basis for all contracts maturing on that settlement date. Key consideration 4.4 A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would 137 potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. Description The BMDC’s has established the sequence of using the available resources for handling participant defaults – “Water fall”: (i) participants margin collateral; (ii) participants security deposit; (iii) participants contribution to the clearing fund; (iv) BMDC’s contribution to the clearing fund; and (v) clearing fund contributions of the non-defaulting participant. As at 31 December 2011, the financial resources of BMDC include: Clearing Fund of MYR 26 million; Security Deposit of MYR 21 million; Direct Clearing Participant Deposit of MYR 3.96 million; and, Margin requirements of MYR 800 million. The sufficiency of these resources to handle its credit risk is ascertained through daily and intra-day stress tests. For the scenarios tested the available resources are sufficient to meet the default of the CPs with the two largest positions. There are standard operating procedures and processes related to determining and maintaining the required amount of financial resources to effectively address BMDC’s credit risk. These are articulated in the internal documents of the BMDC: BMD Authority Manual (dated 25 Jan 2010) and BMD Risk Management Authority Manual (dated 03 Feb 2010). The size of the Clearing Fund is reviewed on a monthly basis. The criteria for increasing the clearing fund size are when the daily average single largest loss of the preceding month exceeds the current Clearing Fund resources. In order to increase the Clearing Fund size, BMDC calls for variable contribution and will also have to inform the SC. Key consideration 4.5 A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participant’s increases significantly. A full validation of a CCP’s risk- management model should be performed at least annually. Description The daily stress test of Clearing Fund includes the following parameters: − Latest open positions of CP − Latest financial resources of CP held by the Clearing House − Latest price movement in the market − Pre-defined stress scenarios − Clearing House’ financial resources 138 The results of the stress tests are analyzed by the risk management team and the CPs contributing to any excessive risk are required to place additional margin. This is communicated through a margin call placed through the system. The daily stress test model to assess the adequacy of financial resources uses two (historical worst case) scenarios which cover extreme movement (up and down) in the history for five actively traded derivative products traded on the exchange – FKLI, FKB3, FCPO Spot, FCPO non-spot and FMG5. The assessment involves simulating the potential uncovered losses derived from the CPs’ latest portfolio of open positions held. This daily stress test process is currently run at hourly interval by BMDC’s Risk Management team, starting at 8.30 AM. The stress test results consist of the potential position of each CP who has holdings in these five actively traded derivatives. This is used to assess the adequacy of the overall financial resources. In the event the single largest loss exceeds the total financial resources available for at least two consecutive days, BMDC meets with the clearing participants concerned to communicate on the simulated losses from the stress test and the requirement for additional margin deposit. The size of the Clearing Fund is reviewed on a monthly basis to determine if there is a need to increase the fund size when the daily average single largest loss of the preceding month exceeds the current Clearing Fund resources. In order to increase the Clearing Fund size, BMDC calls for variable contribution and informs the SC. The stress test results for the past 4 years (2009-2012) showed that there was no incident of clearing fund breach in 2009, 2 incidents each in year 2010 and 2011 and 1 incident in 2012. All these incidents are deemed isolated incidents and have been determined to originate from position concentration of a clearing participant and BMDC had imposed additional margin requirement on the affected clearing participant to mitigate the concentration risk. Hence, no review of the clearing fund was required. The stress-test result is reported to the CEO of BMD and Bursa Group’s Risk Management Committee. The result is also shared with the SC on quarterly basis which will be followed by a discussion, if required. The stress test models are reviewed annually. Based on the review in 2011, the stress testing now includes stress testing each CPs top five clients with the highest exposures. Key consideration 4.6 In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Description The daily stress test model to assess the adequacy of financial resources uses two (historical worst case) scenarios which cover extreme movement (up and down) in the history for five actively traded derivative products traded on the exchange – FKLI, FKB3, FCPO Spot, FCPO non-spot and FMG5. The assessment involves simulating the potential uncovered losses derived from the CPs’ latest portfolio of open positions held. This daily stress test process is currently run at 139 hourly interval by BMDC’s Risk Management team, starting at 8.30 AM. The stress test results consist of the potential position of each CP who has holdings in these five actively traded derivatives. This is used to assess the adequacy of the overall financial resources. At the time of the FSAP assessment the stress test model did not include other market factors and forward-looking stress scenarios. The assessor was notified that post the FSAP assessment the BMDC has instituted in August 2012 additional stress test scenarios: (i) impact of movement in select foreign indices with which the FKLI is strongly correlated; (ii) impact of movement of select commodity indices with which the FCPO is strongly correlated; and, (iii) simulation of the potential impact of the upcoming general election. Key consideration 4.7 An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. Description In the event of a default by CP, where Clearing Fund is being utilised, CPs are required to replenish the Clearing Fund in accordance with Rule 407 of the Rules of BMDC. The Rule 407 and 412 specify the loss-sharing procedures. Rule 407 of the Rules of BMDC sets out the policy of distribution of losses in the event that the Clearing Fund is drawn upon due to CP default. Prior to the utilisation of Clearing Fund, the losses will be mitigated with the defaulting CP’s cash, margin collateral and security deposit held by BMDC. Subsequently, the Clearing Fund will be used to cover the remaining uncovered losses. The losses will be shared by clearing participants in accordance with their existing contribution to the Clearing Fund subject to Rules 401(g) and 408(b) of the Rules of BMDC. Key conclusion(s) The BMDC credit risk management framework comprises of margins, a clearing fund and other deposits from the participant. In addition the participant’s financial resources and position limits are monitored. Daily stress tests are used to validate the adequacy of the resources available to handle the default of the two participants with the largest exposure to the BMDC. At the time of the FSAP assessment the stress testing scenarios used were the worst one-day price movement in the five active derivative contracts. In addition to the CPs positions, the positions of the CPs top five clients were also subjected to stress tests. The assessor was notified about additional scenarios being included post the FSAP assessment. Assessment of Broadly Observed Principle 4 Recommendations and The stress testing should be expanded to include other market factors, adverse comments movement in more than one derivative product and other forward looking stress 140 scenarios. Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key consideration 5.1 An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. Description The criteria used by the BMDC in determining the collaterals that can be accepted are: (i) ability to accurately determine the price; (ii) low volatility; and (iii) the market for the collateral should be liquid. The list of collaterals to be accepted is reviewed every six months. The BMDC also conducts feasibility studies for acceptance of new collaterals based on requests from the participants. Currently BMDC accepts the following types of collateral from participants for covering their margin requirements: (i) Cash (MYR, USD, GBP, EUR, SGD, AUD, HKD, RMB & JPY); (ii) Standby Letter of Credit (SBLC); (iii) Selected Malaysian equities - Currently only the top 30 stocks by market-cap listed in the BMS are accepted. The SBLC are irrevocable and as per the legal framework in Malaysia and standard operating procedures enforceable at short notice and typically within the same day. The BMDC is currently evaluating the feasibility of accepting MGS as collateral. All foreign currency collaterals both cash and SBLC are valued daily and haircut is applied. The equities are also valued daily and a 30% haircut is applied, which is the circuit breaker for a counter in the securities exchange. The collateral management system of the BMDC ensures that only the accepted collateral is included in the evaluation of sufficiency of collateral posted. The collateral related rules and procedures are specified in the BMDC rules, in particular in rule 616. Key consideration 5.2 An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. Description BMDC performs a daily mark-to-market of the collateral posted. This is specified in the rule 616 of the BMDC. This rule empowers the BMDC to decide the valuation process and also specifies that any appreciation in collateral value would be passed on to the participant at a time at the discretion of the BMDC at a time to be decided at the discretion of the BMDC. The haircut rates are determined based on the price volatility of these collaterals. The closing price from the BMS market is used for valuation of the equity collateral and for the foreign currency collateral the closing exchange rate from the banks where the BMDC maintains the collateral is used to value the foreign currency collateral. The haircut rates are monitored daily by BMDC’s Risk Management Department to ensure its adequacy and also reviewed on a quarterly basis. The quarterly review involves back-testing the adequacy and efficiency of the haircut rates for foreign currency collateral. The adequacy test assesses the 141 performance of a set of proposed haircut rates against the exchange rate movements over the last 5 years, which includes the stressed period of 2008-09. The proposed haircuts are the scored based on number instances of margin erosion. Then an efficiency test is used to score margins based on the margin erosion being in the 30%-80% band. The haircut rate for the equity collaterals is not reviewed as they have been set at the highest possible single day erosion given the circuit breaker rules. Key consideration 5.3 In order to reduce the need for procyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. Description During the calibration of haircuts for collateral valuation, a reasonable buffer is incorporated to minimize the need to adjust the rates frequently. The back-testing includes the 2008-9 periods of market stress. As per the internal standard operating procedures of the BMDC, the six-monthly review includes ensuring inclusion of data related to periods of market stress in the back-testing models. The haircuts for foreign currencies with very little volatility like RMB are set conservatively. Key consideration 5.4 An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. Description BMDC has limit on each type of collateral, to avoid concentration risk. The system allows BMDC’s Risk Manager to set limits for collateral and the system will prevent any further placement of the particular type of new collateral by the clearing participant, if the limit has been reached. There are no limits for cash collateral even for foreign currencies, and there are specific limits specified for each of the accepted securities and also bank-wise limits for the letter of credits. Currently foreign currency constitutes only 1% of the collateral funds. The review of concentration limit on shares accepted as margin collateral is carried out on half-yearly basis, by analysing the historical trend of performance bond requirement. The review of the concentration limit on SBLC issuing banks is performed annually, taking into consideration the credit ratings and shareholders’ fund of the respective financial institutions. Key consideration 5.5 An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. Description BMDC does not accept cross-border collateral. The foreign currency collateral that is accepted is held in Malaysian banks in the country. Key consideration 5.6 An FMI should use a collateral management system that is well-designed and operationally flexible. Description Collateral records are kept within BMDC’s derivatives clearing & settlement system (DCS) and are managed by BMDC staff, in accordance to a set of standard operating procedures. The process and procedure are subject to audit. There was an audit in 2007 followed by one in end 2011. 142 Key conclusion(s) The BMDC collateral management process is well-defined and the policy ensures that collateral accepted is of low-credit, liquidity and market risk. Appropriate concentration and haircuts are being applied. Concentration limits have not been established for foreign currencies, however given that these constitute only about 1% of the overall collateral value, this is not an issue of concern at this stage. Assessment of Observed. Principle 5 Recommendations and The BMDC as part of its ongoing review process could consider instituting comments concentration limits for foreign currency and also encourage the adoption of MGS for collateral. Principle 6: Margin A CCP should cover its exposure to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Key consideration 6.1 A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. Description Margin requirements imposed by BMDC are determined using a risk-based algorithm, modeled to cover 1-day potential exposure under normal market circumstances. The SPAN margining system is used. An initial margin is required at the time of entering into the contract and a variation margin is assessed daily. In times of high volatility, BMDC intraday MTM positions are computed and intra-day margin calls could be placed, if there is more than 60% erosion in the margin held. A CP is required to honor margin call within 1 hour upon being notified. Failure to honor margin call is treated as a default. BMDC adopts a gross margining concept, the margin amount is calculated for each client separately and the client margin requirement is aggregated to the CP level. The total margin for a CP is the sum of the margins for all the individual client's accounts of the CP. The proprietary position of a CP is margined on a net position. The margining model and assumptions are reviewed twice a year and back- testing is performed to ensure the relevance of the model/parameter used. Rule 612 of the BMDC rules specify the timelines of collection of initial and variation margin. The participants’ ability to honor margin requirement is evaluated as part of the overall assessment of the participants’ ability to meet settlement obligations, A weekly report is collected from each CP which specifies their projected liquidity position across multiple time-horizons. The derivatives section in the Bursa Malaysia website has a detailed explanation of the risk management processes and also includes a document describing the margining process. Key consideration 6.2 A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. Description Real-time market data is collected from the BMD, Bloomberg and Reuters. Data is entered into the BMDC system by a user and verified by the supervisor from 143 thereon the process is automated. Key consideration 6.3 A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single-tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more-granular levels, such as at the sub portfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for de-stabilising, procyclical changes. Description The margin is determined by measuring the expected loss over one trading day period under normal market circumstances at single-tailed confidence interval of 99.5% VAR. The objective of margining system used is to cover “normal” market volatility. Volatility is assessed over 5-days, 30-days, 90-days and 240- days and margin rates are computed based on weighted VaR. The final margin rates also include other qualitative factors such as price level and market liquidity. Higher margins are also required during long holiday periods to cover for more than one trading day period. In determination of the historical data period to be used in the margin model, BMDC takes into consideration the historical volatility, recent volatility, price trend and market liquidity. For new products without much history, BMDC simulates the potential volatility using data from the underlying assets or other highly correlated products. BMDC’s margin methodology, besides the statistical model, also takes into consideration the qualitative, seasonal and cyclical factors. For example, due to uncertainties in the Eurozone and commodities prices BMDC has kept the margin level higher than the amount recommended by the statistical model, in anticipation for any unusual market movement. The 1-day close-out period is reasonable for products with a liquid market. The additional buffer used for assessing margin for products with illiquid markets mitigates the need for prompt liquidation, thereby minimizing the potential for adverse price effects. As per the BMDC policy, when there is a default by CP, the priority is to protect the clients’ interest and assist clients to transfer their positions and assets over to another CP. This will enable clients to continue trading or close out their positions without much delay. The liquidation of defaulting clients’ positions and assets will take place after the above. In 2011 there was no default by CPs in honouring their margin payments. In the regulatory report to the SC, the BMDC has reported the number of times the margin rates were changed in 2011 for each of the derivative products offered. The highest numbers of changes were 12 for the FCPO/FCKO and two for the SSFs and FMGs. The margin rates for all the other products were 144 changed at least once in 2011. The changes stemmed from daily volatilities in the price of future contracts, to account for long holiday periods and other market circumstances. Key consideration 6.4 A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and un-scheduled, to participants. Description The BMDC marks to market all positions at the close of the BMD market and requires the variation margin thus calculated to be paid in by the next day’s market open. The BMDC also has the powers and the ability to call for intra-day margin. Intraday margin call is designed to address exceptional volatilities experienced during intraday, limiting BMDC exposure to ½ day. Intraday margin call when margin erosion > 60% CPs with settlement losses will have to pay to the Clearing House within 1 hour upon being notified. This is stated in the BMDC rules. The BMDC monitors the liquidity positions of the participants closely. Participants are required to provide weekly reports with their projected liquidity position across various time-horizons. The BMDC uses this to ascertain the ability of CPs to honour initial margin, intra-day margin and variation margin. Key consideration 6.5 In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall risk-management systems. Description The SPAN risk analysis model simulates potential market moves and calculates the profit or loss on individual contracts. The model organizes all futures and options relating to the same underlying assets into one combined commodity group for analysis. The BMDC is not linked with any other CCP. Key consideration 6.6 A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily back-testing and at least monthly, and more-frequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. Description Back-testing of the margin rates is performed daily to ensure margins are adequate and efficient. In 2011 there were 12 instances of margin rates adjustments in the FCPO and seven instances FKLI contracts. Adequacy test is to ensure sufficient buffer under adverse market movement, measured by number of occurrence for complete margin erosion and then efficiency test is used to select margin rates that show an erosion in the band of 145 30% to 70%. Sensitivity analysis is done by applying different sets of inputs as parameters to the margin and using the different outputs to guide determination of the optimal margin, this is done as part of the half-yearly model review. The most recent model review was done in June 2012; the analysis resulted in changing the weight for volatility from medium to short-term for the FKLI and FCPO. Prior to this the back-testing model was changed in 2010, by adjusting various parameters to increase responsiveness to volatility. The assessor was notified that post the FSAP assessment the BMDC has instituted a monthly review of the model and sensitivity analysis. As part of this the daily back-testing process and its outcomes are also reviewed. Key consideration 6.7 A CCP should regularly review and validate its margin system. Description Model review is performed twice yearly to ensure margins are adequate and efficient. However, if there is any major event and changes that warrant a change in the model, the Risk Manager will perform ad-hoc review. Adequacy test is to ensure sufficient buffer under adverse market movement, measured by number of occurrence for complete margin erosion and then efficiency test is used to select margin rates that show an erosion in the band of 30% to 70%. The process includes simulating changes in different parameters used in the margin model, on a set of historical data. Based on the analysis result, BMDC may update the margin model with the recommended change in the parameter/assumption used. Changes to the margin methodology will be recommended by the Senior Manager, Risk Management Division for the approval by the Head of Operations & Risk Management, before implementation. This authority is spelled out in the BMD Risk Management Authority Manual dated 03 Feb 2010. In the event that changes to the margin methodology result in changes to the margin parameter, as per process the BMDC will communicate the same to the CPs via issuance of a Clearing Participant Circular, which Circular is publicly available on Bursa Malaysia’s website and is also communicated to the SC. Key Conclusion(s) The BMDC uses a gross margining system at the client level, and margin rates are determined based on a combined commodity basis, with a 99.5% VaR. The SPAN margining system is used. At the time of the FSAP assessment, the model back-testing was performed daily and a full model review and sensitivity analysis on a half-yearly basis. The assessor was notified that post the FSAP the BMDC has instituted a monthly model review and sensitivity analysis process. Assessment of Broadly Observed Principle 6 Recommendations and These standards were published only in April 2012, and the BMDC and the SC comments had not yet instituted the required changes in the frequency of the model review and sensitivity analysis. The assessor was notified that the BMDC has already instituted the monthly model review and sensitivity analysis. 146 Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key consideration 7.1 An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. Description The BMDC functions as a CCP for the derivatives market. On a daily basis it is exposed to liquidity risk from its responsibility to stand-in for defaulting participants. In addition, the BMDC collects margin from the CPs and evaluates sufficiency of the margins on a daily basis, and allows CPs to withdraw any excess margin placed with the BMDC at an hour’s notice. The BMDC has a liquidity management framework that takes into accounts its potential payment obligations and its current resources and it aims to ensure availability of sufficient liquidity to cover any calls for withdrawal of excess margin and the default of the CP with the largest exposure. The results of this assessment are used by the BMDC treasury team to plan for any liquidity risks that it could face during the day. All the assets of the BMDC marked for use for its liquidity needs are placed with Malaysian banks. In addition the BMDC has intra-day credit facilities in place. Key consideration 7.2 An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. Description BMDC conducts a daily liquidity needs assessment at the beginning of the day after the first stress test results are available. The assessment includes the following information: the settlement positions; financial resources available; current investment placements; and, clearing fund stress test result with simulated potential default. Key consideration 7.4 A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more- complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. Description BMDC conducts a daily liquidity needs assessment at the beginning of the day after the first stress test results are available. The assessment includes the following information: the settlement positions; financial resources available; 147 current investment placements; and, clearing fund stress test result with simulated potential default. The only currencies of relevance for the BMDC’s operations are Malaysian Ringgit. Based on BMDC's stress test results conducted in March 2012, the highest potential uncovered loss in an extreme market scenario is RM39 million. For information on available resources, please refer response to KC 7.5 below. Based on this, the BMDC’s resources are adequate to cover the default of more than one participant. Key consideration 7.5 For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. Description The only relevant currency for liquidity provision in BMDC is MYR. The current financial resources of the BMDC are: Cash and bank balances: MYR 25.1 million. Margin and collaterals on derivatives contracts: Margin - cash MYR 623.8million, Letter of credit (LC) MYR 387.5million Security deposits -cash MYR 5 million, LC – MYR 15million Direct clearing participant deposit – cash MYR 3.96million, LC MYR 5million Clearing Fund of MYR 27.4 million: Clearing Participants' contribution: MYR 22.4 million BMDC's contribution: MYR 5.0 million Intraday Overdraft Facilities of MYR 90.0 million committed by the settlement banks and another MYR 200 million shared with the Group. Maybank: MYR 30 million; RHB Bank: MYR 30 million; Deutsche Bank: MYR 30 million; Standard Chartered Bank: MYR 200 million (shared with Bursa Group). This position is reflective of a typical days’ position. The BMDC maintains its balances and takes intra-day overdraft facilities only from banks that provide online banking facility and are rated A by the credit rating agency of Malaysia and BBB by S&P. The results from the stress results presented in KC 7.4 above indicates that the BMDC’s resources are adequate to cover the default of more than one participant. Key consideration 7.6 An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of 148 credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. Description The BMDC uses only bank deposits and intra-day credit facilities. Key consideration 7.7 An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. Description The BMDC routinely monitors the concentration of exposure and financial condition of the banks with which it places it resources for and avails intra-day credit facilities to ensure they have the capacity to perform on its commitment on an on-going basis by performing the following review on an annual basis: (i) minimum Risk Weighted Capital Ratio (RWCR) of at least 10%; (ii) minimum RAM credit rating of at least ‘A’ and minimum S&P issuer credit rating of at ‘BBB’ and ‘C’ and S&P Bank Fundamental Strength Rating respectively; and, (iii) the concentration of settlement flows through the settlement banks, to ensure that it has adequate balance in the settlement bank to immediately step-in time of need. The BMDC currently does not have an established process of testing the ability of its banks to ensure provision of adequate intra-day credit facilities. However in its normal course of activities the BMDC routinely uses the intra-day credit facilities, which are interest-free. Key consideration 7.8 An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. Description As per the current policies of the BNM, the BMDC does not have access to liquidity support from the BNM. Key consideration 7.9 An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum 149 of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. Description The BMDC conducts its liquidity needs assessment on a daily basis. The results from the daily stress tests for credit risks are used to determine the potential size of defaults that the BMDC might need to honor. Apart from this the BMDC did not have any specific methodology for liquidity risk management. The assessor was notified that post the FSAP assessment from November 2012 the BMDC has enhanced its liquidity needs assessment and also has instituted a daily liquidity stress test. The liquidity needs assessment now takes into account the following: potential settlement failure of the participant with the largest position; ability to handle two-day’s worth of the daily average cash-out of excess margin placed by the participants; and, only half of the expected investment income due on a day being available in addition to the pre- established credit lines and its liquid resources. The daily liquidity stress test scenarios include the simulation of the unavailability of the large credit line and withdrawal of 80% of the excess margin held by the participants with the BMDC. Key consideration 7.10 An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Description BMDC documents its supporting rationale for, and its governance arrangements relating to the appropriate amount of total liquid resources and the form of liquid resources it maintain in its Liquidity Risk Management Framework. The BMDC rules provide for the BMDC to request additional contributions to the clearing fund in the event of the default of a participant. [Rule 407]. The size of the clearing fund is reviewed monthly. An additional clearing fund contribution was called for four years back. Key conclusion(s) The BMDC uses a daily liquidity forecasting and needs assessment. This assessment takes into account the stress test results. The BMDC uses a very conservative approach with respect to managing its resources and all resource identified for meeting liquidity needs are placed as short term deposits in strong local banks. In addition it has access to intra-day credit facilities from banks. The BMDC’s management of its resources for meeting liquidity needs and inclusion of the results of the daily stress test results to a significant extent mitigate the absence of a structured liquidity stress test mechanism. On an 150 ongoing basis, the BMDC should consider instituting a separate stress test model for assessing its liquidity risk. The assessor was notified that post the FSAP assessment; the BMDC has enhanced its liquidity risk management framework. The BMDC should continue the review process and in particular enhance the liquidity risk stress testing and also establish an ongoing structured review process for its liquidity risk management framework. Assessment of Broadly Observed Principle 7 Recommendations and At the time of the assessment, the BMDC used the results of the credit risk stress comments testing results to monitor liquidity risk. The assessor was notified that post the FSAP assessment the BMDC has enhanced the daily liquidity needs assessment and instituted a daily liquidity stress testing process. The BMDC should establish a process for ongoing monitoring and review of the liquidity risk management framework and enhance the liquidity risk stress testing to also include impact of the market stress in both the derivatives and securities market; ability to withstand multi-day stressed market conditions; and, inability to access its liquid resources and credit lines from one or more banks. Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key consideration 8.1 An FMI’s rules and procedures should clearly define the point at which settlement is final. Description The rules of the BMDC [rule 504] states that transfer of funds between the clearing participant and BMDC will be irrevocable upon the crediting of BMDC’s or the clearing participant’s bank account, whichever applicable. The CMSA protects the settlements processed by the BMDC as an approved clearing house from the proceedings related to insolvency or bankruptcy. Key consideration 8.2 An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. Description The daily settlements are completed at 10 AM and are deemed final once the funds are credited. Intra-day margin calls are also processed with immediate finality. Key consideration 8.3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Description The BMDC rules clearly states that contracts that have been accepted cannot be reversed. Key conclusion(s) The BMDC rules clearly define the point at which settlement is final and this has the backing of the CMSA and hence is protected at the level of law. Final settlement is achieved in real-time. Assessment of Observed 151 Principle 8 Recommendations and comments Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risks arising from the use of commercial bank money. Key consideration 9.1 An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Description The BMDC uses private settlement bank model and currently uses four settlement banks. All the clearing participants (CPs) are required to open settlement accounts in one of these four banks. The CPs are required to credit any payments due to the BMDC in the settlement account of the BMDC in any of the settlement banks, and the BMDC credits any payments due to the CPs in their specified settlement accounts. Key consideration 9.2 If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. Description The BMDC had established specific criteria for the appointing settlement banks:  Licensed commercial banks approved by BNM.  Provide real time online banking system  Provide intraday credit facility  Must be able to comply with BMDC’s payment cut-off time.  Must have good credit standing - minimum of A for Rating Agency Malaysia (RAM) and BBB and C for Standard & Poor’s (S&P) Issuer Credit Rating and Bank Fundamental Strength Rating respectively. In addition to the above criteria, for derivatives market, the settlement banks must also agree to sign tripartite agreement between the clearing participant, settlement bank and the Clearing House. (This tripartite agreement allows the settlement banks to debit the clearing participant's account should there be a shortage of funds to meet the margin requirements of derivatives clearing house, provided that the clearing participant has sufficient funds or maintains credit line in their banking accounts). Key consideration 9.3 If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. Description The BMDC has well established criteria to select settlement banks, as specified in KC 9.2 above. All the banks in Malaysia are supervised by the BNM. The criteria include requirements related to capital adequacy and credit worthiness. 152 The BMDC monitors the settlement concentration periodically. The settlement flows are concentrated in two settlement banks which put together account for over 70% of the settlement flows Key consideration 9.4 If an FMI conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks. Description Not applicable. Key consideration 9.5 An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Description The BMDC, CP and settlement bank enter into a tri-partite agreement. This agreement authorizes the BMDC to instruct the settlement bank to debit the CPs account for meeting settlement and margin call obligations. The agreement also provides for irrevocability of transfers. Key conclusion(s) The BMDC has well-defined criteria for choosing its settlement banks. All banks are supervised by the BNM the criteria in addition include credit rating of the bank, capital adequacy, operational aspects and provision of intra-day facilities. The BMDC has a tri-partite agreement which empowers the BMDC to instruct debits to the CPs settlement accounts and also provides for irrevocability of transfers. Assessment of Observed Principle 9 Recommendations and It is recommended that the BMDC and the BMSC in a time-bound manner comments migrate settlement from commercial bank money to central bank money in the RENTAS system. This would need the active involvement of the SC and the BNM. Principle 10: Physical Deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Key consideration 10.1 An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. Description Palm Oil and Palm Oil Kernel are accepted by the BMDC for delivery. The Chapter 8 of the BMDC rules describes the details of the delivery process. These rules describe the obligations of the buyer and seller; the delivery procedures; the payment procedures; and, exceptional procedures related to non- delivery/non-payment or non-acceptance of delivery. The details of the delivery process are described in the CP Manual. Key consideration 10.2 An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. 153 Description Deliveries are to be made to one of the approved Port Tank Installations (PTI) in one of three approved sea ports – Port Klang, Butterworth and Pasir Gudang, between the first and 20th of the delivery month. The PTIs verify the quality of the delivery and issues a reference number to the seller and creates an Electronic Negotiable Storage Receipt (e-NSR) in the system of the BMDC. The details captured are: Reference number, PTI Location, Delivery Date, Quality related information and validity date. The seller’s broker provides this reference number to the BMDC to discharge its delivery obligation the BMDC accepts this by matching the reference number with the details entered by the PTI. The BMDC allocates the deliveries to the buyers on a pro-rata basis and then further pro-rata allocations to the clients of the buyer. The buyers are notified about their allocations and are required to pay-in on T+1 to their broker and the broker in turn to the BMDC on T+2. The Buyer is provided another reference number and the BMDC also records this reference number in the systems of the PTI. The margins of the buyer and sellers are enhanced closer to the delivery month. The margin of the seller is released only upon delivery and for the buyer only upon payment. The participants in delivery process need Government certification. Key conclusion(s) The BMDC has established a robust delivery and collection process for Palm Oil and Palm Kernel contracts. There are system based controls for the delivery and collection process that minimizes risks. The PTIs are entrusted with the responsibility to verify quality and safekeeping of the deliveries. Assessment of Observed. Principle 10 Recommendations and comments Principle 12: Exchange of value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example securities or foreign exchange transactions) it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 12.1 An FMI that is an exchange-of-value settlement system, should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis when finality occurs. Description The BMDC handles contracts resulting in deliveries only for Palm Oil and Palm Kernel. All other derivatives contracts result in exchange of funds. The description for the principle 10 above describes how principal risk is addressed for those deliveries. 154 Key conclusion(s) The BMDC delivery process for Palm Oil and Palm Kernel Oil contracts ensures elimination of principal risk. Assessment of Observed Principle 12 Recommendations and comments Principle 13: Participant-default rules and procedures+ An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration 13.1 An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description Chapter 10 of BMDC rules states clearly the grounds for default and the actions that can be taken by the BMDC. Rules 1001 and 1002 provides for the BMDC to novate or liquidate open positions of the defaulting CP at any time and liquidate its collateral and resources to set off the losses (defaulted amount). Section 43 of the CMSA provides for the default proceeding by the clearing house to take precedence over the Law of Insolvency. Further section 43 of CMSA and Chapter 10 of BMDC Rules empower the BMDC to draw promptly on the financial resources available in its default management actions. The Ch 10 of the BMDC rules, specifies the occurrence of any of the below in relation to a CP as grounds for invoking default procedures: − failure to meet in full a call for Margin; − failure to pay a Premium under Rule 700 of the Rules of BMDC or any settlement difference pursuant to Rule 608 or 612 of the Rules of BMDC; − failure to promptly meet its obligations under the terms of an Open Contract; − failure to meet in full its Clearing Fund Contribution; − When applicable, failure to meet in full its Direct Clearing Participant Deposit; − ceases to be an Affiliate of an Exchange due to termination of its membership by such Exchange or its membership of an Exchange is suspended; − is unable to pay its debts as and when they fall due in the ordinary course of business; and, − files a petition for the winding up of its affairs, or, has been ordered to wind up its affairs (voluntary or involuntary winding up) The BMDC has developed a Default Management Procedure which clearly articulates the following roles and responsibilities of various stakeholders and the procedures to handle clearing participant default. A default management committee comprising of the CEO of the BMD and the heads of the business development and operations and risk management has been constituted. • Default Management Committee (DMC) is alerted when there is default event 155 • The DMC will meet to deliberate the case and decide on the actions to be taken • BMDC will take the necessary actions to transfer positions, liquidate collateral, utilisation of clearing fund and etc as per DMC’s instructions • DMC’s decision will be guided by the provisions in BMDC Rules, in particular Chapter 10. • BMDC will engage the defaulting CPs back office onsite to facilitate the default actions • Communications will be handled by BM Corporate Communications team. • Post-default, BMDC will submit report to the relevant authority, including the Board of Directors and Securities Commission. Rule 407 of the Rules of BMDC provide for the replenishment of Clearing Fund in the event that the clearing fund is drawn upon. BMDC will issue a statement to inform CPs of their share of loss and CPs are required to replenish the clearing fund within one business day upon being notified. Key consideration 13.2 An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. Description Ch 10 of the BMDC rules sets out the responsibilities of the BMDC in the event of default. BMDC has established a default management procedure which sets out the following responsibilities of the various stakeholders in managing the default, and has established a default management committee:- Default Management Committee (DMC) − To declare a default − To deliberate the appropriate actions to be taken by the BMDC − To manage communication with other stakeholders, which include BM, CME Group and SC − To work with Bursa Communication team on communications with media & public. BMDC − To take action based on the decision by DMC − To update DMC on the default actions taken − To manage communications with Clearing Participants Exchange (BMD) − To facilitate default actions by Clearing House, where necessary − To manage communications with Trading Participants The default handling procedures are reviewed as and when there are significant local or international developments. In the aftermath of the recent failure of a large commodity clearing house participants in the US (MF Global) the BMDC reviewed its default handling procedures. It now intends to conduct a default handling drill. Key consideration 13.3 An FMI should publicly disclose key aspects of its default rules and procedures. Description The relevant rules and procedures are posted on the website of the Bursa Malaysia and are also available to the CPs through the eRapid system for distribution of any changes by way of circulars. Key consideration 13.4 An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following 156 material changes to the rules and procedures to ensure that they are practical and effective. Description At the time of the FSAP assessment, the BMDC did not involve the participants in its review of the default procedures. However in January 2012 a default drill process had already been planned for December 2012 and it was carried out as planned on 13-December-2012. The assessor was notified that the default drill verified the readiness of the default procedures, and in particular tested the ability to port of clients’ positions. Portability was tested by isolating defaulting clients’ accounts and non- defaulting accounts were transferred to other Clearing Participants. The drill involved BMDC as the Clearing House, and all but one of the BMDC participants. The assessor was notified that the Default Event Drill 2012 had achieved its stated objective to test the portability of clients’ positions and to have all the participants familiarized with the Clearing House default procedures, in particular, the management of clients’ positions in a default circumstance. The assessor was also notified that the BMDC has instituted the default drill on an annual basis to ensure the Clearing House’s ability to take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key conclusion(s) The BMDC has established a default management procedure which identifies the roles and responsibilities of the various stakeholders. The rules related to the default management are clearly specified in the BMDC rules and these have the backing of the CMSA. The rules provide ample powers and flexibility to the BMDC in handling any defaults. The default management procedures are reviewed based on any significant domestic or international events. Assessment of Observed Principle 13 Recommendations and At the time of the FSAP assessment the BMDC was in the process of conducting comments a default drill involving the participants. The BMDC, has since then successfully completed the default drill and has also instituted this as an annual exercise. The BMDC should ensure that this drill is carried out periodically on an ongoing basis and any gaps or issues identified are addressed in a time-bound manner. Principle 14: Segregation and portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. Key consideration 14.1 A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. Description Section 118 of the CMSA requires that all clients’ assets must be segregated from the CP’s own assets and requires the CP to have prior customer instructions to use the clients’ accounts. For a full discussion on this please refer the description for KC 14.1 in assessment tables of BMSC. In the case of pass through letter of credit, BMDC manages the collateral of the 157 clearing participants’ clients’ directly. Other than this, the clearing participants are responsible to manage the funds, collaterals and margins of its customers as set out in Rule 614 of the Rules of BMDC. However, although the clearing participants are responsible for managing the funds, collateral and margins, BMDC calculates the margin for each client’s account separately and totals it up as a requirement for the clearing participants. Key consideration 14.2 A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. Description The BMDC requires reporting of client information for all trades and it also calculates margin requirements on a client level however the CP manages the collateral except in the case of pass-through letter of credit which is managed by the BMDC directly. The BMDC does not have a direct access to the CP’s books, however in the event of invoking default procedures, it has the powers to require the CP to help the BMDC is segregating the client funds, positions and collaterals. The BMDC rules require the CP to maintain client funds and collateral in a segregated manner, as required under the CMSA. The BMDC computes collateral on a gross basis at the client level, hence it has the required information to assist it in segregating client level collaterals. Key consideration 14.3 A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. Description The BMDC does not handle the clients’ collateral and funds directly it relies on the CPs internal records. The BMDC rules and the CMSA both require the CPs to maintain client accounts in a segregated manner. The BMDC has tested its ability to port the positions of a defaulting CP to another CP as part of the implementation of the new clearing system in February 2012, however there are no periodic testing undertaken for this aspect. In addition, the CPs are audited by the BM’s participants monitoring team periodically and this aspect is reviewed as part of that. Key consideration 14.4 A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. Description The BMDC rules are available at the Bursa Malaysia’s website, the requirement of the CPs is also mentioned in the financial safeguards and risk management section in the website. Key conclusion(s) BMDC does not maintain client funds and collaterals (except in the case of pass- through letter of credit), however its rules and also the CMSA require the CP to ensure that the client funds are segregated. The BM as part of its monitoring of the participants compliance to rules reviews the compliance of the participants to 158 the segregation rules. At the time of the FSAP assessment the BMDC did not periodically test its ability to port clients position from a defaulting participant to another. However as part of the default drill described in the KC 13.4 above this was included and is intended to be covered in all future default drills as well. Assessment of Observed Principle 14 Recommendations and The testing of the BMDC procedures and processes to support portability have comments been included in the first default management drill conducted post the FSAP assessment. The BMDC also intends to include this as part of all future default management drills. The BMDC should ensure this is done and also that any issues or gaps identified are addressed in a time-bound manner. Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration 15.1 An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description The BMDC has adopted the BM group governance model including for risk management and all aspects of business risk are handled at the BM group level. The responses provided for the BMSC KC 15.1 are applicable for BMDC as well. Key consideration 15.2 An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. Description The responses provided for the BMSC KC 15.2 are applicable for BMDC as well. Key consideration 15.3 An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk- based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description The responses provided for the BMSC KC 15.3 are applicable for BMDC as well. 159 Key consideration 15.4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description The responses provided for the BMSC KC 15.4 are applicable for BMDC as well. Key consideration 15.5 An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description The responses provided for the BMSC KC 15.5 are applicable for BMDC as well. Key conclusion(s) The BMDC has adopted a group governance model including for risk management. The description for the PFMI 15 for the BMSC is applicable for the BMDC as well. On a stand-alone basis the BMDC maintains over 6 month’s operational expenses. Assessment of Observed Principle 15 Recommendations and Comments Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 16.1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description The BMDC holds all its cash assets and the CPs cash assets as deposits in banks. It has opened accounts in Hong Kong with HSBC bank for HKD deposits, and this account is mirrored with its account with the HSBC bank in Malaysia. This account however is not used currently. The BMDC uses a criteria based on operational ease, services offered, capital adequacy and credit rating to choose its banking partners. The CPs equity collateral is maintained at the BMDepo in a depository account in the name of the BMDC. Key consideration 16.2 An FMI should have prompt access to its assets and the assets provided by participants, when required. Description As BMDC’s assets are in commercial banks in Malaysia and it has prompt access to them. The equity collateral placed is held in the BMDepo. Key consideration 16.3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. 160 Description Not applicable. Key consideration 16.4 An FMI’s investment strategy should be consistent with its overall risk- management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description The BMDC rules [rule 413] allow the BMDC to invest the contributions into the clearing fund in either government securities or as deposits in prescribed financial institutions. The BMDC rules do not specify whether the margin collected by the BMDC from the CPs can be invested. However the rule 616(c) states that all interests and other benefit accruing from the underlying asset provided for margin purposes would accrue to the CP and the BMDC rules allow the CP to replace the collaterals placed for margin. BMDCs investment policy is very conservative and al assets are held in banks in Malaysia as FDs or in regular accounts. As BMDC’s assets are in commercial banks in Malaysia it has prompt access to them. The equity collateral placed for the margin is held in the BMDepo managed by the BM and the collateral is used by the BMDC only as part of executing its default procedures. Key conclusion(s) BMDC maintains its assets and its participant’s assets in FDs and other types of accounts in commercial banks in Malaysia. The participant’s securities collateral pledged for margin purposes is held in the BMDepo. Assessment of Observed. Principle 16 Recommendations and Comments Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Key consideration 17.1 An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description As mentioned for the PFMI 2 and 15 the BMDC has adopted the group governance model and this includes for risk management. The description for KC 17.1 for the BMSC is applicable for the BMDC as well. The BMDC has a partner exchange arrangement with the Globex trading platform of the CME and this has an impact on the BCP which is described in the KC 17.6 below. Key consideration 17.2 An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk- 161 management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. Description The description for KC 17.2 for the BMSC is applicable for the BMDC as well. Key consideration 17.3 An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. Description The description for KC 17.3 for the BMSC is applicable for the BMDC as well. Key consideration 17.4 An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. Description The description for KC 17.4 for the BMSC is applicable for the BMDC as well. Key consideration 17.5 An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. Description The description for KC 17.5 for the BMSC is applicable for the BMDC as well. Key consideration 17.6 An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description The description for KC 17.6 for the BMSC is applicable for the BMDC as well. In the recent three rounds of BCP testing the BMDC has achieved a business recovery RTO of under two hours. However as explained in the KC 17.6 for the BMSC as per the terminology used by the BMDC this translates to a gap between occurrence of an event and the recovery of the business processes in the back-up site of potentially more than four hours. The BCP for the BMDC also includes testing its ability to exchange information with the GLOBEX platform both at the primary site of the CME and the secondary site. Key consideration 17.7 An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description The description for KC 17.7 for the BMSC is applicable for the BMDC as well. Key conclusion(s) As mentioned for the PFMI 2 and 15 the BMDC has adopted the group governance model and this includes for risk management. The description for key conclusions for principle 17 for the BMSC is applicable for the BMDC as well. Assessment of Broadly Observed. Principle 17 162 Recommendations and The recommendations and comments for principle 17 for the BMSC are Comments applicable for the BMDC as well. Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 18.1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description The eligibility requirements, including minimum financial requirements for both the General and Direct clearing participants (CPs) of the BMDC are prescribed under Rules 200A and 200B of BMDC rules. In addition, trading participants (TPs) of the BMD -derivatives exchange are required to be a CP of the BMDC. All TPs are required to have a minimum issued and paid-up capital of RM5 million. BMDC has established the Adjusted Net Capital (ANC) requirement framework in order to ensure that the CPs comply with the minimum financial requirements on a continuous basis. The minimum financial requirement for General CPs is to maintain, at all times, its ANC at the higher of MYR 500,000 or 10% of the total amount paid by the CP to the Derivatives Clearing House. [Rule 208A of BMDC Rules]. If the CP is a non-investment bank, it must comply with CAR imposed by the Exchange and if the CP is an investment bank, then it must comply with capital adequacy, imposed by the Central Bank. As for the Direct CP, Rule 208B of BMDC Rules states that each Direct CP must at all times:- - maintain Net Tangible Assets of not less than MYR 5 million, or a corporate guarantee of not less than MYR 5 million; or - lodge Direct CP Deposit of at least MYR 1 million in the form of cash and/or Approved Collateral in accordance with Rules 206B. Rules 205(g) of BMDC Rules requires that each CP must at all times maintain an adequate back office system, staff and procedures that ensure orderly and expeditious accounting of its dealings in Derivatives. The BMDC applies a risk-based approach to carry out assessment of participants’ operational capability by way of on-site inspection and off-site supervision on the arrangements to meet payment obligations, risk management policies, management supervision, compliance to its Rules, staffing, internal audit and security of IT systems. Key consideration 18.2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. Description The participation requirements of the BMDC is primarily based on financial requirements and this is justified given the need of the BMDC as part of its risk 163 management requirements and also for the orderly development of the market. The access restrictions and requirements are reviewed as and when the need arise with the consultation of the SC. Key consideration 18.3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description The Head of Compliance or Compliance Officer of a TP is required to immediately report to the Exchange upon him becoming aware of any matter, which in his opinion, may – - constitute a breach of any provision of the Securities Laws; - involve the potential default of the TP, as the case may be, against the Clearing House or other counterparty; - have a material effect upon the minimum financial requirements prescribed pursuant to Section 67 of the CMSA and these Rules to be complied with by the TP; - jeopardise the monies, funds, collateral, property or assets of the clients held by the TP; and/or significantly affect the risk position and financial integrity of the TP. The BMDC, through BM’s participant supervision unit monitors the on-going compliance by the participants to the participation requirements via on-site inspection and off-site supervision. This is done either through direct access (on- site supervision) or through periodic submissions of regulatory reports by the participants (off-site supervision). On a monthly basis the TPs are required to report their Adjusted Net Capital and Balance Sheet and provide a statement of their compliance to the client funds segregation. The TPs are also audited based on the risk profiling of the TPs with each TP being audited at least once in 3 years and the ones flagged as higher risk more often. The team monitoring the ongoing performance of the TPs consists of around 24 people organized into 3 teams. Key conclusion(s) Access policies and requirements are clear and transparent. The access criteria are risk based. The access policy is managed at the Bursa group level with specific requirements of the individual institutions being addressed in the respective rules. Assessment of Observed Principle 18 Recommendations and comments Principle 19: Tiered participation requirements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Assessment of Not Applicable Principle 19 164 Recommendations and BMDC does not support tiered participation arrangements. comments Principle 20: FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link- related risks. Key consideration 20.1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. Description The only link the BMDC has with other FMIs is with the BMDepo for depositing equity collaterals collected from the CPs. Key consideration 20.2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description The BMDC and BMDepo are institutions that have been created in accordance to the provisions in the CMSA and the SICDA respectively. These are also supervised and overseen by the SC. In addition the BMDC and BMDepo are group institutions and are subject to the group governance model. Key consideration 20.7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description Not Applicable. Key consideration 20.8 Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfill its obligations to its own participants at any time. Description Not Applicable Key conclusion(s) The only FMI link the BMDC has is with the BMDepo. The BMDepo and the BMDC are both institutions created as per the provisions of their respective governing acts. The BMDC and BMDepo are part of the BM group and are subject to the group governance model. Assessment of Observed Principle 20 Recommendations and comments Principle 21: Efficiency and Effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets 165 it serves. Key consideration 21.1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description The BMD is a joint venture between the BM and the CME. The operational arrangements, products, clearing and settlement procedures and technology platform have all benefited from the sharing of knowledge from the CME. The BMDC also conducts periodic benchmarking, in particular to ensure appropriateness of the margin levels at all times, BMDC performs the benchmarking analysis on a monthly basis. The result is taken into consideration by BMDC for the determination of an appropriate margin level for the respective products. Key consideration 21.2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk- management expectations, and business priorities. Description The goals of the BMDC are aligned with that of the BMSC and include: − To process, execute and complete all clearing and settlement activities in a timely manner, in accordance with the prescribed procedures, rules, guidelines and directives − To provide an efficient, reliable and stable clearing and settlement infrastructure − To ensure adequate risk management measures, including monitoring participant’s ability to meet their settlement obligations, effective handling of default and adequacy of financial resources. There are KPIs established for tracking achievement of these objectives both at the organization level and also at the level of the personnel. Key consideration 21.3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description The BMDC obtains feedback from the participants through the annual survey and other periodic consultations. In addition, the BMDC has identified and established targets for key operational indicators: (i) Time taken to complete trade processing; (ii) Adherence to cut-off times; and, (iii) System availability. BMDC also performs a post implementation review for any new initiatives, which involves consultation with the participants. This requirement is also imposed by the SC for any new initiatives/projects approved by the SC. The review report is tabled to the management. Key conclusion(s) and The BMDC has processes in place to ensure it remains efficient and meets the comments needs of its participants. The participants interviewed by the mission team also expressed satisfaction with the services provided by the BMDC. Assessment of Observed Principle 21 166 Recommendations and comments Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 22.1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description The BMDC has interfaces with the GLOBEX trading platform for receiving the contracts that are to be novated, the participants for sending their respective settlement positions and also screen based interface for communicating margin calls and other such information. All the interfaces are built on industry standard technology platforms however the message formats are proprietary. The participants interviewed expressed satisfaction with the communication standards used and the participants including the foreign partners did not have any concerns on the message formats. Key conclusion(s) The BMDC uses industry standard technology platforms. Though the messaging formats are proprietary the participants have faced no problems in conforming to them. Assessment of Observed Principle 23 Recommendations and comments Principle 23: Disclosure of rules, key procedures and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks and fees and other material costs they incur by participant in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration 23.1 An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. Description Relevant documentation and information are disseminated to all CPs of BMDC in the form of business rules, CPs’ manuals and circulars. Prudent risk management measures are in place which includes membership requirements, financial and operational capability, margin, securities deposit and daily mark- to-market operation. All risk management measures are included in the clearing participants’ manual and the BMDC Rules which are available to all CPs. Information which relates to the legal framework between both CCPs and the market participants is publicly available via the website of Bursa Malaysia in English whereas information which governs the operational matters between the CCPs and the respective market participants are made available to the market participants via circulars. 167 The rights and obligations of the CPs of BMDC are provided for, inter alia, under various chapters of BMDC Rules, the important ones include: Ch 1 on obligations of a CP; Ch2 on compliance with requirements; and, Ch5 on the responsibilities of a CP. Key consideration 23.2 An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. Description The Technical Architecture Design and Operational Run Chart describe the systems design and operations. These documents are provided to the CPs technical team and if required under an NDA to the vendors of the CPs. Technical documents on the system processes and designs are sent to participants through circulars. The BMDC system provides the following information to the CPs to help them manage their risks: - Matched trades and open positions (real time) - Financial information: cash and collateral (end of day) - Risk: performance bond requirement for each clients’ account and risk arrays for margining (end of day and intraday) - Financial requirement: clearing fund contribution, security deposit and deposit (end of day) - Physical delivery: allocation of delivery receipts and payable amount,(end of day) - Settlement parameter: daily settlement price and theoretical variable (end of day) Key consideration 23.3 An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. Description In the course of supervision of participants, participant(s) who demonstrate lack of understanding may be required to furnish regular report of the activities. If required, training will be provided to participants on areas that the participants feel they require refresher. For non-compliance issues, the matters will be brought forward by Participants Supervision to the Market Participants Committee. Further actions may be taken against the participants such as imposing trading restrictions and fines. Key consideration 23.4 An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description The BMDC provides the details of the fees to the participants. The participants interviewed expressed no concerns with respect to transparency related to the fees. Key consideration 23.5 An FMI should complete regularly and disclose publicly responses to the CPSS- IOSCO Disclosure framework for FMIs. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Description The current version of the Disclosure Framework was released only in mid-April 2012 and is still in consultation phase, for which reason this key consideration is deemed not applicable. The SC requires BMDC to conduct self-assessments 168 against the relevant CPSS and IOSCO principles and this would include the PFMI principles. In due course SC would require BMDC to complete the disclosure framework. Key conclusion(s) The BMDC operates transparently. Its rules and procedures are clear and comprehensive and are fully disclosed to both the participants and to the general public. The BMDC design and operations as well as participants’ rights and obligations and the fee schedule and other cost details are described in the relevant internal manuals and documents which are provided to the participants. Some of these aspects are also reflected in the BMDC and BMD rules. The risk management aspects are explained in detail in the BM website. The BM participant’s supervision departments monitors ongoing compliance to the rules and has a process for training participants if it identifies that a participant does not understand the rules. Assessment of Observed Principle 23 Recommendations and BMDC intends to complete the disclosure framework as it is required to be in comments compliance to the international standards. As part of this, BMDC should clearly articulate the design aspects, fees and charges. IX. RESPONSIBILITIES OF AUTHORITIES Responsibility A: Regulation, supervision, and oversight of FMIs FMIs should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority. Key consideration A.1 Authorities should clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. Description The definition of the criteria used to identify FMIs that are subject to regulation, supervision and oversight in Malaysia flows directly from the legal and regulatory framework. The CBA and the PSA require the BNM as the central bank to regulate and oversee all the national payment and settlement systems. In addition, the PSA empowers the BNM to designate certain systems in the gazette that are to be subject to enhanced oversight. The CMSA and the SCA require the SC to regulate, supervise and oversee all clearing houses, CSDs, exchanges, TRs, participants of these FMIS and other entities like investment advisors. Key consideration A.2 FMIs that have been identified using these criteria should be regulated, supervised, and overseen by a central bank, market regulator, or other relevant authority. Description The PSA specifies the following as the criteria for designating payment systems: (i) is of systemic importance; and, (ii) is necessary to be subject the system to enhanced oversight in light of public interest. The BNM has designated the RENTAS and eSPICK as they are of systemic importance. 169 The SC as required under the SCA and the CMSA oversees the BMSC, BMDC and BMDepo. The SC thus far has subjected the Bursa Bonds as a “registered electronic facility” as it was intended to be a trading platform. Given its evolution as a TR, the SC would be regulating and overseeing it as a TR. Key conclusion(s) The legal framework in Malaysia specifies which entities need to be overseen by the regulators. The RENTAS, eSPICK, BMSC, BMDepo and BMDC have been identified as the FMIs in Malaysia. The Bursa Bonds is intended to be overseen as a TR, hitherto it was a trading platform that has evolved into a TR recently and the SC should accordingly re-orient its oversight approach to this FMI. Assessment of Observed Responsibility A Recommendations and comments Responsibility B: Regulatory, supervisory, and oversight powers and resources Central banks, market regulators, and other relevant authorities should have the powers and resources to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Key consideration B.1 Authorities should have powers or other authority consistent with their relevant responsibilities, including the ability to obtain timely information and to induce change or enforce corrective action. Description The BNM has extensive powers to oversee payment and settlement systems of systemic importance and also retail payment systems. In addition the BNM has powers to oversee issuers of specific payment instruments. These powers as mentioned above flow directly from the PSA and the CBA. In particular the powers that the BNM has are:  License Payment System Operators (PSO), designate payment systems and payment instruments;  Revoke an approval granted;  Right to seek information from a PSO or issuer of designated payment instrument;  Conduct examination, investigation, search and seizure rights;  Require the operator of a Designated Payment System (DPS) and the issuer of a Designated Payment Instrument (DPI) to: - Establish adequate governance; - Establish operational arrangements pertaining to rules and procedures, risk management, access criteria and reliability of payment system including contingency measures; - Make modifications to the DPS or DPI, governance arrangement; and, - Have operational arrangement and documents and information submitted.  Issue directives to the operator of DPS and issuer of DPI.  Right to inspect a clearing house licensed under the SCA if there are sufficient grounds to believe there has been a violation pertaining to the PSA has been committed.  Right to issue regulations and guidelines. 170 The FMIs pertaining to the securities market licensed under the SCA and CMSA are outside the purview of the BNM. The SCA, SICDA and the CMSA provides the following powers to the SC: - License exchange holding companies, clearing houses and CSDs. - Require the exchange holding company to submit an annual report detailing its activities and conformance to the requirements set forth in the CMSA. This includes requirements related to the clearing houses and the depository. - Right to seek information, inspect and audit. - Right to direct a change in rules or operating procedures of the clearing houses and CSDs, through the minister of finance. - Require approval of any rule changes of the clearing houses or CSD. - Right to issue regulations and guidelines. The CBA empowers the BNM to co-ordinate and collaborate with foreign central banks and other international institutions [CBA, art 79]. The PSA requires the BNM to inform the SC in case it has to inspect any institution licensed under the SICDA or CMSA. The SCA empowers the SC to form any committee and invite any relevant institution or person to participate in such committee. These mechanisms put together provide a good basis for exchange of information both amongst the domestic institutions and also internationally. Key consideration B.2 Authorities should have sufficient resources to fulfill their regulatory, supervisory, and oversight responsibilities. Description The Payment Systems Policy Department (PSPD) of the BNM has been entrusted with the responsibility to oversee the payment and settlement systems in Malaysia. It has 5 staff in this department headed by a Director. The BNM has issued a “Letter of Supervisory and regulatory expectations” to the operators of the DPS – RENTAS and eSPICK. The BNM through its PSPD meets MyClear the operator of the DPS every month and collects information periodically. The Institution Supervision under the Market Oversight function is charged with the responsibility to oversee the Bursa Group including the BMSC, BMDC and BMDepo. There are 20 staff in this unit, headed by a General Manager. Their responsibilities include: oversee the exchange holding companies including FMIs, review of rules and lead developmental initiatives. The SC conducts an annual on-site audit of the Bursa group. Since 2004 there have been six audits including 1 thematic audit. In addition the SC collects and reviews a range of information including statistics and results of the stress testing of the clearing houses. In addition the Bursa group is required to file an annual report detailing its compliance against the required regulations. Key conclusion(s) The SC and BNM have adequately staffed units overseeing the FMIs in their purview. A combination of information collection, meetings and on-site audits are used to effectively oversee the FMIs. Assessment of Observed Responsibility B Recommendations and comments 171 Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs. Key consideration C.1 Authorities should clearly define their policies with respect to FMIs, which include the authorities’ objectives, roles, and regulations. Description The BNM has issued a letter to MyClear which operates the RENTAS and ESPICK FMIs. The letter clearly articulates the expectations of the BNM from an oversight and regulatory perspective with respect to these FMs. The areas covered in the letter include: governance arrangements, risk management, operational reliability aspects and transparency. In addition this clearly articulates that the FMI needs to comply with the relevant international standards. The SC has articulated its regulation, supervision and oversight policies through various meetings and circulars. The CMSA in particular also clearly establishes the oversight policy to be used and to a large extent this has been leveraged by the SC to establish its oversight policies. Key consideration C.2 Authorities should publicly disclose their relevant policies with respect to the regulation, supervision, and oversight of FMIs. Description The BNM conveys its policies with respect to payment systems including developmental aspects in a separate chapter in the Financial Stability report. This report has the relevant statistics, major developments in the past year, goals and targets for the next few years and specific oversight related activities. The summary of the compliance of RENTAS against the CPSIPS and RSSS has been included. In addition there is a detailed payment systems section in the BNM site that has relevant information on payment systems. However there is no specific section on payment systems oversight. The SC website has some information pertaining to the policies relating to the regulation, supervision and oversight of the FMIs. To a large extent this is very clearly specified in the legal framework and also the regulations and guidelines, and also in the annual report of the BM. However at the time of the FSAP assessment there was no specific publication or website where this is clearly articulated to the public. Post the FSAP assessment a dedicated web-page has been added to the website of the SC which articulates at a very high level the oversight activities of the SC and the international standards and principles that the SC uses as part of its oversight activities. This web-page however does not have information related to full scope of its oversight activities and the results of the recent oversight activities. The SC annual report and the capital market development plan clearly recognize the role of the SC in the oversight of the FMIs and in addressing systemic risk in the Malaysian financial system but do not elaborate upon the oversight arrangements and activities. Key conclusion(s) The SC and BNM have both clearly articulated their regulatory, supervisory and oversight policies to the FMIs under their purview. The BNM in addition articulates this at a high-level also in the financial stability report and the SC has recently post the FSAP assessment added a dedicated web-page on its oversight policy with respect to the FMIs under its purview. The information in the SC web-page is however at a very high-level and this needs to be enhanced further. Assessment of Broadly Observed Responsibility C 172 Recommendations and The SC and BNM could consider elaborating their policies in this area in more comments detail in a public document and/or in their respective websites as well. The BNM’s financial stability report contains all the relevant information on its oversight activities and it could consider reflecting this in a dedicated web-page as well. The SC could consider enhancing the new web-page recently added and also including this in other publications like the annual report. Responsibility D: Application of the principles for FMIs Central banks, market regulators, and other relevant authorities should adopt the CPSSIOSCO Principles for financial market infrastructures and apply them consistently. Key consideration D.1 Authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures. Description The SC and BNM both have adopted the relevant CPSS-IOSCO standards and mandated compliance against them for the FMIs in their purview. The FMIs are required to conduct periodic self-assessments against these standards. Key consideration D.2 Authorities should ensure that these principles are, at a minimum, applied to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs. Description Until recently the CPSIPS and RSSS was applied to the RENTAS system and the CPSIPS to the eSPICK system. The RCCP was applied to the BMDC and BMSC, and RSSS to BMSC and BMDepo. After the publication of the PFMIs the BNM and SC have already instituted measures to require the FMIs to apply these new principles. Key consideration D.3 Authorities should apply these principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by the principles. Description The only jurisdiction of relevance is Malaysia. All the relevant FMIs have been required to comply with these principles except the Bursa Bonds. As mentioned earlier this FMI was established as a trading platform and transformed itself into a TR. The PFMI which are applicable to TRs as well has only recently been published. The SC intends to apply these principles to Bursa Bonds and accordingly has initiated steps to require the Bursa Bonds to license itself as a TR under the CMSA. Key conclusion(s) The CPSS-IOSCO principles have been applied to all relevant FMIs. The SC and BNM have already initiated measures to require the FMIs to comply with the new PFMIs and also initiated steps to require Bursa Bonds a TR to comply as well. Assessment of Observed Responsibility D Recommendations and comments 173 Responsibility E; Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs. Key consideration E.1 Relevant authorities should cooperate with each other, both domestically and internationally, to foster efficient and effective communication and consultation in order to support each other in fulfilling their respective mandates with respect to FMIs. Such cooperation needs to be effective in normal circumstances and should be adequately flexible to facilitate effective communication, consultation, or coordination, as appropriate, during periods of market stress, crisis situations, and the potential recovery, wind-down, or resolution of an FMI. Description The legal and regulatory framework in Malaysia clearly demarcates the oversight responsibilities of the SC and the BNM. The SC is responsible for the oversight of the BMSC, BMDC and BMDepo; and, the BNM is responsible for the payment and settlement systems including the one used for the clearing and settlement of bonds. The BNM has investigative powers over the BMDC and BMSC to investigate any violations under the PSA. Sections 15 and 16 of the SCA, read with sections 148-150, provide the SC with the powers necessary for the performance of its functions with respect to information sharing with other domestic and foreign authorities. In addition, the BNM and the SC have entered into a MOU to exchange information and views relating to functioning of the FMIs under their purview, co-operate in the investigation of clearing houses and in general co-operate for the orderly functioning of the payment and settlement systems in the country. This MOU framework does not however spell out specific types of information that can be shared for (e.g.) exchanging views on suitability of the settlement banks and also does not directly provide for closer co-ordination in areas like provision of the RENTAS settlement services to the CCPs and conducting joint BCP tests. At the time of the FSAP this MOU was in the process of being upgraded in view of the upcoming Financial Services Act and with the SC being also vested with responsibility for managing systemic risk in the Malaysian financial system. The assessor was notified that a new MOU was signed in October 2012 and that this has dedicated provisions related to co-operative oversight of the payment and settlement systems. The assessor was also notified that a focus group to discuss topics related to payment and settlement systems on an ongoing basis had also been established. This group met ahead of the signing of the MOU in August 2012 to discuss the specifics and agreed on the following specific areas of ongoing collaboration: (i) designation of clearing houses as systemically important payment and settlement system; (ii) explicit inclusion in the BNMs supervision activities of verification of the banks and financial entities abilities to meet their commitments to the FMIs; (iii) including BMSC and BMDC as participants in the RENTAS system; and, (iv) leveraging SC’s oversight of the Bond Pricing Agency (BPA) to expand usage of the pricing information provided by the BPA. The senior management of the SC and the BNM meet every quarter and the topics related to oversight of the FMIs could be included on a need basis. The IOSCO assessment done as part of this FSAP assessment acknowledges various instances of exchange of information between the SC and the BNM. The BNM as part of its stress testing of the banks also assesses contagion risk 174 arising from one or more banks failures in meeting inter-bank exposures and exposures to third parties. However exchange of information relating to this is on a need basis in particular in the event of any significant adverse findings. To date there has been no instance of information pertaining to this being exchanged. The BNM also has an MOU with the Hong Kong Monetary Authority (HKMA) to exchange views and information related to the functioning of the USD CHATS system with which the RENTAS has a PVP and DVP link. This framework has enabled the BNM to ensure the safety and reliability of this important FMI link. The PDIM is the deposit insurance agency in Malaysia. Many of the participants in the clearing house and CSD are covered under the deposit insurance program. The PIDM is responsible for handling the dissolution of these entities in co- ordination with the BNM. The SC envisages entering into an MOU with this agency to formalize the procedures to be used in the event of insolvency of a participant. Key consideration E.2 If an authority has identified an actual or proposed operation of a cross-border or multicurrency FMI in its jurisdiction, the authority should, as soon as it is practicable, inform other relevant authorities that may have an interest in the FMI’s observance of the CPSS-IOSCO Principles for financial market infrastructures. Description There are no foreign FMIs in operation in Malaysia. The RENTAS system operates a MYR-USD and MYR-RMB PVP and DVP link The USD-MYR transactions involve links between the RENTAS and Hong Kong CHATS system. The BNM has ongoing discussions and dialogue with the HKMA. The HKMA also actively oversees the CHATS system. The MYR-RMB transactions are processed in RENTAS with the BOCM as the settlement bank. Cooperative oversight arrangements are in place between BNM and CBRC given that BOCM is a licensed financial institution in Malaysia and CBRC the home country regulator of BOC. Key consideration E.3 Cooperation may take a variety of forms. The form, degree of formalization and intensity of cooperation should promote the efficiency and effectiveness of the cooperation, and should be appropriate to the nature and scope of each authority’s responsibility for the supervision or oversight of the FMI and commensurate with the FMI’s systemic importance in the cooperating authorities’ various jurisdictions. Cooperative arrangements should be managed to ensure the efficiency and effectiveness of the cooperation with respect to the number of authorities participating in such arrangements. Description As described in the KC E.1 the co-operative arrangement that has been used is a formal MOU. This arrangement has been effective in achieving the objectives of co-operation in oversight by clearly recognizing each of the institutions rights and specifying areas where they will collaborate and also establishing a broad information sharing arrangement. Apart from information sharing in the MOU, either BNM or SC may request from the other party, in writing, information or other assistance for the purpose of performing its surveillance, oversight or any other regulatory functions of any system for the transfer, clearing or settlement. Key consideration E.4 For an FMI where cooperative arrangements are appropriate, at least one authority should accept responsibility for establishing efficient and effective cooperation among all relevant authorities. In international cooperative arrangements where no other authority accepts this responsibility, the presumption is the authority or authorities with primary responsibility in the 175 FMI’s home jurisdiction should accept this responsibility. Description For the FMIs in Malaysia the oversight responsibilities are well-spelt out in the legal framework. The SC has oversight responsibilities over the BMSC, BMDepo and BMDC; and, the BNM over RENTAS and eSPICK. There are no co- operative oversight arrangements for overseeing the FMIs as such. However there is a co-operation framework in place where the direct overseer can request information and assistance from the other overseer incase that is required for its oversight activities. In the case of the USD CHATS, it is clearly under the oversight of the HKMA. Key consideration E.5 At least one authority should ensure that the FMI is periodically assessed against the principles and should, in developing these assessments, consult with other authorities that conduct the supervision or oversight of the FMI and for which the FMI is systemically important. Description The SC ensures compliance against the international standards in the case of the BMSC, BMDC and BMDepo; and, the BNM in the case of the RENTAS and eSPICK. Key consideration E.6 When assessing an FMI’s payment and settlement arrangements and its related liquidity risk-management procedures in any currency for which the FMI’s settlements are systemically important against the principles, the authority or authorities with primary responsibility with respect to the FMI should consider the views of the central banks of issue. If a central bank of issue is required under its responsibilities to conduct its own assessment of these arrangements and procedures, the central bank should consider the views of the authority or authorities with primary responsibility with respect to the FMI. Description The clear demarcation of oversight responsibilities is such that the BNM does not oversee the BMSC, BMDC and BMDepo and the SC similarly has no oversight responsibility for the RENTAS. However the MOU between the SC and the BNM allow for information exchange and also exchange of views between the SC and the BNM. Key consideration E.7 Relevant authorities should provide advance notification, where practicable and otherwise as soon as possible thereafter, regarding pending material regulatory changes and adverse events with respect to the FMI that may significantly affect another authority’s regulatory, supervisory, or oversight interests. Description The arrangements for the oversight do not explicitly envisage advance notification as the demarcation is such and also that there is no direct interaction between the two sets of the FMIs. However there are some indirect links for (e.g.) the RENTAS is extensively used by the participants in the BMSC and BMDC to transfer funds for meeting their settlement obligations. Key consideration E.8 Relevant authorities should coordinate to ensure timely access to trade data recorded in a TR. Description There is no entity formally designated as a TR in Malaysia. The Bursa Bonds has evolved from a trading platform into a TR, and the SC is now in the process of formally recognizing this and regulating it as a TR. The trade data for securities traded in the BMS and BMD are available for review and analysis of the SC. The CMSA provides adequate powers for that. The BNM as the owner and overseer of the RENTAS system has access to the MGS transactions in the RENTAS system. The MOU between the SC and BNM also 176 provides for exchange of relevant market data on a need basis. Key consideration E.9 Each authority maintains its discretion to discourage the use of an FMI or the provision of services to such an FMI if, in the authority’s judgment, the FMI is not prudently designed or managed or the principles are not adequately observed. An authority exercising such discretion should provide a clear rationale for the action taken both to the FMI and to the authority or authorities with primary responsibility for the supervision or oversight of the FMI. Description As mentioned in the description for KC E.7 there is no direct linkage between the two sets of FMIs. Also currently there are only one FMI of each type and hence there are no immediate alternative arrangements in place. Key consideration Cooperative arrangements between authorities in no way prejudice the statutory E.10 or legal or other powers of each participating authority, nor do these arrangements constrain in any way an authority’s powers to fulfill its statutory or legislative mandate or its discretion to act in accordance with those powers. Description The MOU between the BNM and the SC, in effect at the time of the FSAP assessment, clearly recognized each other’s jurisdiction and did not in any way prejudice the statutory or legal powers of either party. The PSA provides the BNM with investigative powers the clearing houses which are overseen by the SC. The MOU re-iterated this and envisages the BNM consulting with the SC before exercising its rights. Key conclusion(s) The collaborative framework is in place and is sufficient given the current structure of the payment and settlement systems in the country. At the time of the FSAP, this collaboration framework has not been however fully operationalized to develop ongoing arrangements for exchange of information pertinent to the safety, reliability and efficiency of the FMIs under the oversight of the other authority. A new MOU was envisaged at the time of the FSAP. The assessor was notified that this was formally signed in October 2012 and that this also has explicit provisions for collaborative oversight of FMIs and also establishes a focus group to discuss oversight of the FMIs on an ongoing basis. Assessment of Broadly Observed Responsibility E Recommendations and The BNM and the SC can consider leveraging the new MOU framework to Comments enhance the operational co-ordination. These could include areas like sharing information relating to the ongoing oversight assessments of the FMIs in their respective jurisdictions and measures to enhance the risk management framework in the FMIs in their respective jurisdiction by sharing information that could be pertinent to the overseer of a particular FMI. 177 X. AUTHORITIES’ RESPONSE 37. BNM and SC would like to thank the FSAP mission team for the substantive discussions, comprehensive assessment and recommendations in relation to the recently issued Principles for Financial Market Infrastructures (FMI) assessment. The high level of observance accorded to RENTAS, BMSC, BMDC and BMDepo in this assessment under the more stringent FMI principles demonstrates that the strategic “roadmap” and the oversight approach adopted by the both BNM and SC in regulating these infrastructures have been effective. Given the robust payment and settlement framework already in place, BNM and SC have been able to fully implement many of the recommendations made by assessors, while others are in the midst of being implemented. 38. Malaysia has been committed to continuously benchmarking itself against international standards and best practices. In the case of the capital market, in 2008, we voluntarily underwent an independent assessment to benchmark our compliance with the IOSCO Objectives and Principles of Securities Regulation (IOSCO Principles), and this included our assessment on compliance with CPSS-IOSCO Recommendations for Securities Settlement Systems (SSS). 39. The FMI assessment was a particularly challenging one to undertake. In relation to the capital market, we had initially used the CPSS-IOSCO Recommendations for SSS and Central Counterparties (CCP), and its related methodology, to conduct the self- assessment of payment, clearing and settlement assessments; the FMI principles had not been officially released at the time of the self-assessment, and the FMI methodology was not finalized and still in the process of international consultation. Nevertheless, we were subsequently persuaded by the FSAP team to use the new standards and methodology. The FSAP mission provided a “patch” with which we conducted a further round of self- assessment to bridge any gaps between the CPSS-IOSCO recommendations and the FMI principles. During the assessment discussions, however, the guiding documents were the new FMI principles and the accompanying methodology, resulting in ratings being based entirely on strict application of the new methodology. Given the absence of a “track record” of assessments under the new FMI principles, we were disadvantaged by the inability to exercise flexibility and apply the principles to circumstances peculiar to Malaysia. 40. An important issue for the capital market is that while we have been assessed by global standards, application of the methodology must be done within the context of the structure and characteristics of the domestic financial sector. In the case of the FMI, the evaluation of systems, processes etc in place must take cognisance of the structure of the Malaysian financial sector. This also requires that the assessment must give sufficient weight to the outcome achieved, even if the implementation of a particular principle does not match exactly the approach described by the methodology, especially when such an outcome sufficiently contributes to the effectiveness and soundness of the payments and settlement systems. 41. For example, stress testing should be commensurate with the risks in the Malaysian capital markets. While we do not disagree with the view that there is a need to build scenarios for stress-testing that incorporates extreme possibilities, the assessment should give due recognition to regulatory equivalence, namely the features of the country financial sector and existing frameworks which act to build regulatory strength and reinforce each other in a manner expected of that particular principle. Risks scenarios must be appropriate, and avoid detrimentally-high costs of capital and operations. Good regulatory practice requires that measures are proportionate to the specific needs of financial system being assessed, and should minimise the risk of inefficiencies and loss of competitive position due to a high burden of regulation. 178 42. Therefore, an important lesson from the capital market’s experience of the FMI assessment is that assessors should consider giving due recognition to the outcomes of measures and not just the measures in place. The methodology does give options to regulators on the means to achieve the results intended to be measured by the FMI standard. Given that there are likely to be many ways of achieving the expected outcome, the assessment would provide even more value, and lead to recommendations that are more meaningful to regulators and policy makers, if greater attention is given to actual results of measures. 43. The SC and BNM work closely together to ensure financial stability and this has significantly helped to build market confidence and manage systemic risks issues. In the case of FMI, the SC and BNM continuously engage, share information and co-operate very closely and undertake pre-emptive interventions where necessary. The regulatory framework in Malaysia is underpinned by a structure and practice of coordination between SC and BNM at various levels on operations and policy. The effectiveness of such close collaboration has been tested and demonstrated in avoidance of defaults and early management of problem issues. 44. There are several principles assessed that we view as not taking into account the contextual considerations. These include:  The issue of Bridging Finance Facility (BFF) not included by BMSC in its stress testing – Taking the contextual argument, assessors need to give weight to outcomes, that the utilisation rate of the facility is very insignificant and that the PO’s financial standing is relatively strong. Moreover, Bursa Malaysia has intention to remove the BFF.  Scenarios for assessing robustness stress testing in relation to the capital markets – the scenarios for stress testing should take into account other market factors, adverse movement in more than one product and other forward looking stress scenarios. The stress testing scenarios should be proportionate to risks in the Malaysian capital markets. The 5 additional scenarios for stress test undertaken soon after being informed by assessors showed results that such additional factors did not post a significant loss to the Clearing Fund and the financial resources remain adequate. This again begets the point that outcomes should matter. The fact that we can quickly implement a shortcoming almost immediately after it being pointed out by assessors, indicate the robustness of the risk framework. Due weight should be given to the underlying framework and the results of the test, not just when the additional scenarios were tested.  Requirement for margins in the securities trading – The principle on margin requirements for securities markets was first assessed as “not applicable” for the clearing of securities at the first round of assessment in July 2012. However, post peer review, the pendulum was swung to the other extreme, whereby this principle was not only reclassified as applicable to the securities clearing but rated as “not observed”. Such a rating implies that the BMSC allows its Trading Clearing Participants (TCPs) to trade and clear their trades without any form of collateral or protection against potential TCP default, that trades on the Malaysian securities market are cleared by BMSC without any safety net. On the contrary, Malaysia has put in place a collateral system proven to be as effective as the margin requirements. While there is an alternative system in place that may not meet all the requirements of a margin system, credit must be given to the existence of such a system of pooled collateral that broadly achieves the intended results and objectives of a margin system. Further this alternative system of clearing and settlement is recognised in the FMI principle. 179 Going Forward 45. The SC’s efforts to enhance the efficiency of the trading, clearing and settlement infrastructure have been articulated in both CMP1 (2001-2010) and CMP2 (2011-2020). In CMP1, we recognised that an efficient trading, clearing and settlement infrastructure helps make more instruments accessible to larger pools of liquidity at minimal cost. Therefore on-going benchmarking of the trading, clearing and settlement standards and processes against international best practices remain a key priority, particularly where there is a need to further enhance the market infrastructure and regulatory framework. 46. In CMP2, we recognised that, although the trading infrastructure for equities, derivatives and bonds has already been enhanced to improve market access and connectivity, given the changing intermediation landscape, market participants require a further reduction in friction costs and a seamless post-trade infrastructure for clearing and settlement. Areas identified under CMP2 include enhancing post-trade settlement efficiencies through the implementation of straight through processing capabilities. This will involve identifying required improvements in clearing and settlement, depository, custody and collateral management practices, and the requirements to facilitate integration of clearing and settlement with the payments system. Integration of the money market and exchange-traded settlement systems will offer major benefits and help reduce settlement risk by introducing finality and certainty to payments. Other areas to be addressed include reducing the gap on the delivery-versus-payment arrangements and strengthening the process for failed trades. 47. We will take on board recommendations to improve efficiency for a seamless post trade infrastructure for clearing and settlement. We are revamping our Guidance on the Regulatory Role of Bursa Malaysia this year, and in line with FMI standards will introduce specific requirements and obligations on the clearing, settlement and depository services provided by Bursa Malaysia, such as enhancements to credit and liquidity risk management, strengthening collateral management practices and improving information sharing, supervision and surveillance of the clearing and settlement activities with a view to better monitor, mitigate and manage systemic risk to the financial sector. 180