Options Clearing Corp faces pressures of systemic status

Business continuity is high on the operational risk list for the US Options Clearing Corporation (OCC), which clears about four billion US equity options contracts each year in Chicago. John Grace, chief risk officer at OCC, says the experience has taught him the value of guarding against natural – and man-made – disasters that could disrupt operations.

"Hurricane Sandy taught us a really hard lesson – that we had to be able to function remotely," he says.

OCC conducts frequent testing of its business continuity plans, including simulating disasters that would require personnel to work from remote locations. Earlier in his career, when he was a risk executive in the home finance division at JP Morgan Chase, Grace witnessed first-hand the havoc created by the 2003 blackout that hit the northeastern US; by the time Hurricane Sandy hit New York in October 2012, he was a senior managing director in the global treasury and strategic planning department at AIG.

"A lot of people [in 2003] had their primary sites in Manhattan and their backup sites in New Jersey. That didn't work very well," he says. "We learned a lesson from the 2003 blackout that we had to be geographically dispersed; then we learned a lesson from Sandy that we have to be able to function remotely. We did that, and we do it here, but it's something we always have to work on."

OCC conducts co-ordinated testing of its own business continuity and disaster-recovery plans with those of its exchanges and the clearing member firms that make up the top 80% of trading volumes.

As a systemically important institution, we recognise the critical role we play in promoting financial stability and integrity in every market that we serve

Additionally, OCC expects all of its clearing members, exchanges and Tier 1 service providers to maintain their own business continuity plans. Its scenario-analysis programme covers problems from sudden market events to a fire breaking out at a computer facility.

Critical contingency plans

"One of the things I want to do is to develop contingency action plans," says Grace. "What are the risks? How do we handle a catastrophic event? What are the probabilities that it's going to happen and what are the alternatives?"

OCC’s business continuity strategy is built on several key characteristics, such as substantial geographic separation between processing sites, a two-hour recovery goal for critical infrastructure, and working with third-party service providers, exchanges and critical clearing members to foster sector preparedness. “Because we want to serve as a foundation for secure markets, we have to be secure in our physical ability to do it,” says Grace.  

Later in 2015, OCC will conduct a test in which its primary operations and technology centre in Texas will be shut down, and the processing will be transferred to its backup site in suburban Chicago to see how it performs. The two sites are not only separated by more than 800 miles, but are connected to different power grids. “This is really important, because if there’s a power failure you’ve got one site that’s completely isolated from the rest of the country,” says Grace. 

OCC conducts internal business continuity testing and participates in industry-wide business continuity tests. Every year, it develops a business continuity/disaster recovery test plan focusing on high-risk areas based on the risk and control self-assessment results, critical areas of system processing, significant changes to the infrastructure and industry exercises for OCC participation.

Beyond business continuity

But operational risk for OCC means more than business continuity. Although OCC formally groups operational risk into traditional subcategories such as legal and regulatory compliance risk, physical asset risk, human capital risk, and business process risk, the reality is that operational risk permeates every facet of its business. “Operational risk is like dust. It’s everywhere, not just at OCC, but at every institution,” says Grace. “There has to be a constant effort to make sure that dust is cleaned up.”

OCC is an important financial market utility, interacting with 12 options exchanges, three regulators, a stock loan alternative trading system, four futures exchanges and 114 clearing members, who themselves act as intermediaries supporting asset managers, mutual funds, pension funds, retail investors, insurers and other market participants. It clears about four billion US equity contracts annually and holds $100 billion in collateral deposited by clearing members. 

Grace, who joined the company at the beginning of 2015, reports directly to executive chairman Craig Donohue. Grace is responsible for developing and implementing OCC’s enterprise risk management programme, primarily through supervision of its enterprise risk management department and its model validation group. The development and implementation of OCC’s risk-related guidelines and strategies require close co-ordination with OCC’s management. 

Grace has forged close working relationships with the board and senior executives such as Donohue and chief operating officer Michael McClain, as well as John Fennell, head of financial risk management, whom he credits with “really being able to dig into these issues, where they go out and solicit my point of view as the chief risk officer.”

OCC plans to add more than 100 employees to its risk function over a two-year period to ensure it has the resources needed to develop policies, procedures, internal controls, and testing and validation capabilities. Part of the increased headcount is attributable to the firm’s decision to adopt the three lines of defence model. This includes operational managers that own and manage risks, enterprise risk management and compliance functions to build and monitor the first line of defence controls, and internal auditors who provide the board and management with independent assurance.

Donohue joined OCC as executive chairman in January 2014, following eight years as head of CME Group, with the goal of driving change across the organisation in light of OCC's July 2012 designation as a systemically important financial market utility (Sifmu) by the Financial Stability Oversight Council. 

Three-strand strategy

Donohue’s three-part strategy for OCC is focused on strengthening its capital structure to ensure loss absorption and recovery capabilities, overhauling the company’s leadership team, and enhancing OCC's resiliency to systemic risk.

Since Donohue’s arrival, OCC has seen the departure of chief executive Michael Cahill, and appointed a new chief executive, general counsel, chief risk officer, chief information officer, chief operating officer, head of business development, chief financial officer, chief human resources officer, head of enterprise risk management, among many senior positions. The company also implemented a capital plan to increase shareholder equity from $25 million to $247 million in 2015.

As for systemic risk, Donohue told the Risk USA conference in 2014: “As a systemically important institution, we recognise the critical role we play in promoting financial stability and integrity in every market that we serve. That is why we have undertaken a comprehensive review of every aspect of our business: our policies and procedures, our internal business controls, our testing and validation processes, and our core risk management methodologies.”

Grace experienced the financial crisis first-hand at AIG, where he managed the company’s relationship with the Federal Reserve Bank of New York as the point person with regulators in the areas of global treasury and capital markets.

The week he joined AIG in March 2008 was the week Bear Stearns failed. He worked closely with senior management throughout the crisis, both leading up to the Fed’s involvement with AIG and throughout the restructuring process.

One of the enduring lessons of the global financial crisis, he says, was the speed with which vulnerabilities can propagate from company to company, and from sector to sector. “Not only did the crisis happen quickly in 2008, but we didn’t understand the connections,” says Grace. “There were a lot of surprises, and surprises are a very bad thing in risk management.”

'Flash crash'

To take a more recent example, Grace cited the October 15, 2014 bond market ‘flash crash’, when yields on the benchmark 10-year US Treasury notes plunged 30 basis points from its previous-day close of 2.2% to 1.9%, then spiked to trade at more than 2% once again within 15 minutes.  

“During the flash crash with the treasuries last fall, it was 15 minutes peak to trough and back to peak,” Grace says. “So, in that sense, speed was good. But speed can also be bad, because if you have some sort of error move through, if you’re not aware of it – if you’re not always looking for that ‘dust’ – it can impact you.”

Since the financial crisis, regulators have increasingly focused on the role played by CCPs and other systemically important financial market utilities (FMUs) such as OCC in safeguarding the financial system. They have noted that FMUs form a critical part of the financial infrastructure, as they support and facilitate the transfer, clearing or settlement of financial transactions, and their smooth operation is integral to the soundness of the financial system.

The Financial Stability Board is working with the International Organization of Securities Commissions (Iosco) and the Basel Committee on a co-ordinated work plan to promote CCP resilience, recovery planning and resolvability. Key elements include: evaluating existing measures for CCP resilience, including loss absorption capacity, liquidity and stress testing; and analysing the interconnections between CCPs and the banks that are their clearing members, and potential channels for transmission of risk.

Operational risk is addressed in the Basel Committee and Iosco’s assessment methodology for FMUs, which requires each FMU to “identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls”.

In order to identify and assess operational risks, OCC uses a business objective-based risk and control self-assessment (RCSA) approach, which consists of generating a list of business processes and identifying potential risks related to the execution of each process and the related risk controls, if any, that are in place to address each risk – including the involvement of an external consultancy to identify key controls and assess their effectiveness. Possible risk responses include avoiding, accepting or transferring the risk, or taking affirmative steps to mitigate the risk’s impact through automated or manual controls, business policies or operational limits.

The RCSA programme has 31 RCSAs that cover multiple business processes, and each of those RCSAs is rated as high, medium or low priority, says Grace. “We’re now making sure that there is a risk-based RCSA schedule, so we can go back every year if it’s high risk, every other year if it’s medium risk, and every third year if it’s low risk, to make sure we have a robust environment,” he says. 

Internal structure and model risk

OCC has established an operational risk management group to oversee processes and procedures at the management and operational levels to identify, monitor and mitigate significant operational risks in accordance with OCC’s risk oversight and management policies. 

The group consists of representatives from the enterprise risk management department that reports to Grace, as well as other OCC officer-level department management. The group meets monthly to review significant operational risks and discuss any operational risks raised by a group member, and to identify any specific operational risk issues that should be escalated to the chief risk officer or the enterprise risk management committee.

It has also created a board-level technology committee that looks at the risks embedded in technology. “We do so much in terms of so many transactions in terms of our business that we’re very dependent on technology and an operational risk could emerge through technology,” says Grace. 

Donohue noted in his Risk USA speech that an important part of the second line of defence is protection against model risk – validation of the models that are developed, documented and tested in first-line business functions, including validation of margin models and clearing fund sizing, two key aspects of OCC’s financial resources and safeguards. 

OCC uses a model approach to estimate the clearing fund’s size relative to the cost of liquidation under stressed market conditions. Model assumptions include default of the single largest clearing member and a systemic event involving the near-simultaneous default or two clearing members.

The calculation of margin and clearing fund size is based on extremely sophisticated financial models, Donohue noted. “Due to the vital nature of the models, it is crucial that they perform as intended,” he said. “In light of our systemic role, we now have an independent group of scientists and programmers to validate the work of the model developers.”

OCC’s model validation group, which reports to Grace, presents its model risk management framework to the risk committee and board for review, and engages in an annual review to determine if the model is working as intended. 

“One of the things I’ve done is develop a model governance committee, and the idea is to look at models from when they start out on a piece of paper or a whiteboard, all the way through development, validation, installation and retirement,” Grace says. “Where I’m spending a lot of time is looking at model risk holistically. How do we make sure the model’s properly deployed. When we update the model or make a system change, is it properly tested?”

The possibility of the default of one or more clearing members rippling through the financial system is exacerbated by the increasing fragmentation of markets. Liquidity in the US options market is fragmented across a dozen exchanges, with no options exchange clearly dominating the market. In 2014, 3.8 billion equity options contracts were traded on the 12 US options exchanges, led by Chicago Board Options Exchange with a 21% market share, followed by Nasdaq OMX PHLX (18%) and International Securities Exchange (14%). Of the other nine exchanges, none holds greater than a 10% market share. 

The biggest problem facing options traders is a lack of sufficient liquidity when they need to execute larger trades, with 42% of institutional firms citing a lack of liquidity as the biggest change in the options markets in 2014, according to Tabb Group. 

OCC has added California Public Employees’ Retirement System (Calpers) to its list of committed lenders, along with its existing base of banks and broker-dealers to help ensure that sufficient capacity is maintained at all times. This is critical to central counterparties such as OCC, which now has a third of its liquidity committed and pre-funded through Calpers.

“This new and innovative approach to liquidity has the benefit of diversifying our dependence on banks while their committed facilities contract as they undergo their own regulatory pressures,” McClain said at the Options Industry Conference in Miami in May. “Increasing our total resources through this innovative solution will facilitate the growth of the US options industry and the futures markets that we serve while also enhancing OCC’s resiliency.”

Scenario building

In addition to RCSA, OCC engages in scenario analysis, under which it systematically obtains opinions from business managers to derive assessments of the likelihood of plausible, high-severity operational events. 

Sometimes scenario building yields unexpected dividends, as happened in the late 1990s when Grace, who was then market risk manager for North American consumer banking at Citigroup, and his team were preoccupied with developing contingency plans for the Y2K bug and what could have happened if the payment systems were affected.

As it turned out, the plans were not required on January 1, 2000, but they were needed the day after the 9/11 terrorist attacks in 2001, when much of lower Manhattan and the large settlement banks were cut off. "We had our contingency action plan that we had developed for another event we thought would impact the payment systems and we were able to pull it off the shelf," says Grace.

One of the emerging areas of clearing house risk that OCC has had to deal with is the financial risk posed by trading errors in financial markets involving direct-access automated trading systems creating erroneous trades that result in significant financial losses to qualifying clearing member firms and their customers. 

OCC and US options exchanges last year agreed on risk control standards designed to reduce the risk of errors or unintended activity that could cause or contribute to a financial loss to market participants and OCC. “What we tried to do is build a framework that wasn’t prescriptive,” OCC’s Fennell said during a podcast earlier this year. “It was intended to allow each of the different markets with their different execution models to be able to thrive but at the same time have sound controls in place.”

The standards will be implemented through an OCC rule that will apply a principles-based approach to options transactions. The rule goes into effect June 2016. “We are in the process of rolling out an examination process to make sure each of the exchanges has activity-based controls, pre-trade price reasonability, drill-throughs and kill switches,” said Fennell. “We’re going to be evaluating what the exchanges have in place, and we’re going to be very public about which exchanges are meeting the bar and which ones aren’t.”