Recent market volatility associated with meme stocks, the implosion of Archegos, and the Colonial Pipeline ransomware attack have shown how tail events can have a sudden and significant impact on markets.
At DTCC’s eighth annual Client Risk Forum, a panel of risk experts led by Andrew Gray, DTCC Group Chief Risk Officer, discussed the recent extreme market events and how new tools and enhancements to existing risk management frameworks better prepare markets for future disruption.
Related: Perspectives on Market Resilience, Stability & Efficiency
Gray noted the industry’s resilience in the second year of the pandemic; however, outside of the pandemic, other risks are present. Supply-chain disruptions, inflation, geopolitical issues, additional tail risks and extreme events continue to affect the industry and are likely to continue.
Partnerships Are Key
Joanne Rowe, Corporate Risk Officer of Intercontinental Exchange, Inc. (ICE), spoke of how recent events have highlighted the necessity of strong threat intelligence, robust connections with regulators throughout the world, importance of sound risk management and stress testing. Risks are interconnected and in a world of extreme tail events, market leaders need to manage expectations and challenge standard practices and conventional thinking about risk management, she noted.
Thomas Wagner, Managing Director, Cybersecurity Committee and Business Continuity Planning Committee, SIFMA, commented that the level of planning and cooperation between the public and private sectors has been successful given the number of extreme events the industry has witnessed in just the last few years.
The pandemic provided the industry with the ultimate business continuity planning test, as it impacted every area of every firm. And while the resulting work from home situation did increase the number of cyber-attacks, overall the industry was resilient and prepared.
To help with industry preparedness, SIFMA will be conducting six global cyber exercises simulating a coordinated ransomware attack affecting multiple financial firms at the same time. The test will involve 200 financial institutions, the U.S. Treasury, central banks, regulators, government agencies and law enforcement to examine the industry’s response and recovery actions from a potential ransomware attack. SIFMA will also be examining the cross-border communication and coordination that is so essential as threats continue to evolve.
“Clients are looking for solutions that are built to be resilient by design, looking at extreme but plausible scenarios, to maintain and continue offering our services.”
Richard Berner, Co-Director of the NYU Volatility and Risk Institute at the NYU School of Business, agreed with the other panelists on the importance of the partnership between the public and private enterprise on sharing information. On the regulatory side, FinCen recently published a new report on ransomware following President Biden’s executive order. Ransomware attacks doubled in 2020 from the prior year and have become a global phenomenon, making cooperation critical across industry and regulators. The attacks on JBS and Colonial Pipeline are examples of how attacks can disrupt critical infrastructure and financial systems.
Dan Thieke, DTCC Managing Director, Business Risk and Resilience Management, spoke of how the firm has been actively discussing business resilience since 2019, and in response to the extreme events the market has witnessed. “Clients are looking for solutions that are built to be resilient by design, looking at extreme but plausible scenarios, to maintain and continue offering our services,” he said.
DTCC’s multi-year modernization effort includes building out technology and business processes using key resiliency principles to support the foundation for services going forward.
- Wide scale data corruption or disruption: DTCC is building immutable storage capabilities to capture critical data at all levels and being able to restore that data. Based on conversations with clients, in the case of a disruptive event, DTCC has designed processes to go back to an earlier point in the processing day at a preestablished restore point in order to expedite the recovery time.
- Event that disrupts end of day settlement process: DTCC also looked at scenarios to continue to finish the settlement day without too significant of a delay, by either bypassing a key job that is failing, or if there are multiple fails, having processes in place to finish the settlement day with minimal delays. And in the case of a more disruptive event, be prepared to perform a settlement rollover by closing out settlement for that day but working with the industry to rollover cash balances to the next day.
- Financial resilience and traditional risk management: To increase transparency around margin calculations, DTCC offers Risk Management as a Service. Available through both a portal and API, it allows clients to do intra intraday risk monitoring, manage intraday margin calls and cash positions, as well as VaR calculators to submit hypothetical portfolios. DTCC is also building a stress test calculator, which will let members simulate extreme market events.
Related: Assets of the Future – Key Considerations for Post-Trade Infrastructure
Emerging DeFi and Crypto
The decentralized finance (DeFi) and cryptocurrency markets have been widely adopted by consumers, including the recent launch of a Bitcoin ETF. While some feel that decentralized finance and crypto can improve efficiency and reduce risk, they can also introduce new risks to the market.
Berner added that DeFi and crypto have the benefits of innovation and cost reduction, efficiency and speed, but can also introduce new risks by being less transparent. In a world where some parts are centralized and permissioned and some are permissionless in ledgers, there needs to be a way to assess risk.
Thieke noted, “it's important that these providers are held to the same standards from a resilience and risk management perspective that other critical service providers are.”
Climate risk is beginning to affect parts of the economy now, as wildfires are influencing the willingness and ability of insurers to cover damages.
Views on Top Extreme Risks Facing the Industry
Panelists agreed that climate risk leads as a top extreme risk, particularly due to the many unknowns. Berner added that the problems are not just in the future. Climate risk is beginning to affect parts of the economy now, as wildfires are influencing the willingness and ability of insurers to cover damages.
Cybersecurity and ransomware attacks were also noted, as well as talent risk, as it's becoming more difficult to find talent in the current landscape. And increasing inflation is challenging the supply chain world where creditworthiness may become more of an issue.