The New Model of Network Management
Andrew Duffin, head of sales for emerging markets at Societe Generale Securities Services, chaired a panel at NeMa 2016 in Dubrovnik looking at the new model and focus for network management (the function within banks responsible for selecting agent banks) in today’s capital markets.
Network management has experienced a radical overhaul since the financial crisis of 2008. Pre-crisis Request for Proposals (RFPs) were a fraction of the length and detail, as were service level agreements. While due diligence on agent banks has always been thorough for most panel participants, the level of professionalism has increased dramatically.
“Traditionally, most network managers were simply required to verify their agent banks complied with US Securities and Exchange Commission’s (SEC) Rule 17f5, which stated foreign depositary institutions must have at least $200 million in balance sheet capital. In the immediacy following the crisis, network management at most banks came under cost pressures and headcount was reduced although this was a trend that generally impacted numerous business lines at banks. However, a resurgence is now occurring within network management, driven by regulations and emerging risks,” commented Duffin.
Divisions still remain as to whether network management should fall in a banks’ risk or operations’ business lines. Some organisations feel network managers should not be in operations lest they find themselves being distracted by operational issues, and not focussing enough on due diligence on agent banks. This ultimately is a strategic business division for any bank to make.
Network Management has been reorganised at numerous financial institutions. Financial Market Utilities and market infrastructure providers including central securities depositories (CSDs), central counterparty clearing houses (CCPs), trustee services and payment utilities now fall within network managers’ due diligence responsibilities. Conducting operational due diligence upon market infrastructure has its own challenges, with some network managers at NeMa commenting on a lack of transparency from some utilities.
THE ROLE OF REGULATION
While regulations such as the EU’s Alternative Investment Fund Managers Directive (AIFMD) and UCITS V have piled pressure through their requirements on network managers to ensure due diligence on agent banks is in-depth, other rules have had an impact too on network managers’ working practices.
“In 2013, the US Office of the Comptroller of the Currency (OCC) published Guidance 2013/29 outlining how financial institutions should assess and monitor risks at third party relationships, which includes market infrastructures and agent banks. 2013/29 stresses firms should review risk management at third parties, and back this up with tougher due diligence obligations,” said Duffin.
Due diligence will now increasingly cover areas such as legal and compliance and IT security, for example. It also requires service provider selection to be completely impartial, and this must be reinforced by independent internal committees and boards.
“These boards and committees seek to introduce a level of impartiality and formal governance around the network management function,” highlighted Duffin.
Regulators are taking a more proactive approach towards Network Management, with several NeMa participants acknowledging government agencies including the OCC and UK Financial Conduct Authority (FCA) had made inquiries about how their businesses operated, and demanded affirmation around the neutrality in service provider selection. As such, boards must be wholly independent to ensure regulators remain satisfied with network management processes.
TECHNOLOGY AND NETWORK MANAGERS
Cyber-risks are more prevalent than ever. While network managers are not IT professionals, they must work with IT personnel in formulating RFPs, and in enhancing their understanding and expertise on the subject matter. An on-going challenge for network managers is obtaining transparency from third party relationships on their IT architecture and processes. The latter feel transparency can expose them to cyber-breaches, although network managers need confirmation that IT systems are secure and in line with best practices. Again, a balance must be found.
“Regulation and new threats such as cyber-risks have impacted network managers’ operating model. Network managers need to adapt to these changes, and ensure that they manage their third party relationships in line with regulations such as the OCC’s 2013/29 provisions and new operational challenges,” said Duffin.