Risk Management Framework

The robustness and stability of the Settlement Service relies on a comprehensive risk management framework that is formally documented and regularly reviewed to ensure risk management policies, procedures and systems are effective and take into account fluctuations in risk severity and likelihood, changing environments and market practices.

The risk management framework’s policies and procedures are governed by the Policy Framework as discussed under Principle 2, and are subject to annual review⁴² and approval by the CLS Group Board, the Risk Management Committee, and the EMC or CRO, as relevant. While the CLS Group Board is responsible for the overall strategy and supervision of the CLS group entities, the Risk Management Committee assists by providing oversight and governance for CLS Bank’s Risk Management function as well as the risk management framework’s policies and procedures.

As detailed in the Introduction, the CLS system applies three risk management tests to each payment instruction. These risk management tests are applied based on models within the CLS system (i.e., the haircuts model), as well as standalone systems (i.e., the model used to determine each Member’s Aggregate Short Position Limit). CLS Bank’s risk management systems are also used for modelling and analysis to optimize the CLS risk design and conduct comprehensive back and stress testing, discussed in detail under Principle 7.

41The CLS risk design is CLS Bank’s delivery and design of existing processes and services that contribute to the overall management and mitigation of settlement risk and broader risk in the FX market.

42Additional reviews may be triggered by major changes in corporate strategy, the regulatory environment, financial market conditions or CLS Bank’s risk profile, as well as the discretion of the owner of the relevant policy or procedure.

As discussed under Principle 2, the MAAC has direct oversight responsibility for all CLS Bank models, including quarterly certification of the CLS Bank model inventory, tracking timely remediation of any deficiencies identified in periodic independent validation, and approving changes to existing models or implementation of new models prior to deployment. All models are also subject to further specific model governance, development, implementation, change management and periodic validation requirements, discussed in detail under Principle 7.

The risk management framework provides robust processes, tools, and controls to identify, measure, monitor and manage risks in alignment with the CLS Risk Appetite Statement and associated tolerances, as discussed under Principle 2. The risk management framework includes:

� Systemic Risk and the ERM Framework: as discussed in detail below, the internal and external sources of risks that arise from the CLS system and associated mitigants are defined in the Systemic Risk Policy. The top-down and bottom-up operational risk assessment approaches noted above (and detailed under Principle 17) are supplemented with additional risk information in a systematic approach to monitoring, aggregating and reporting material risks under the ERM Framework.

� Legal Risk Management: CLS Bank’s legal framework (detailed under Principle 1) ensures a clear, transparent, enforceable legal basis for the material aspects of CLS Bank’s activities in all relevant jurisdictions, based on rules, operating procedures, contractual agreements, laws and regulations. The Rules and Member Handbook outline the various processes involved in the CLS system, define the respective responsibilities and obligations of CLS Bank and each Member, and provide the legal underpinning for the CLS risk design.

� Governance Framework: the governance elements discussed under Principle 2 articulate the division of responsibilities between the EMC and the CLS Group Board, provide for objective setting and performance evaluation, and ensure risks are properly identified, measured, monitored, reported and controlled, including providing for transparent documentation of governance arrangements to ensure direct lines of responsibility and accountability for risk decisions.

� Credit Risk Management: the Credit Risk Policy and associated procedures outline the requirements for identifying, assessing, managing, monitoring and reporting credit risk at CLS Bank, including the calculation and adjustment of Aggregate Short Position Limits and assessment of initial compliance with credit requirements for membership as well as on-going credit eligibility for Settlement Members, Eligible Currencies and Liquidity Providers, as detailed under Principle 4.

� Liquidity Risk Management: CLS Bank seeks to minimize funding liquidity demands on Members, subject to its primary mandate to maximize settlement completion. The Liquidity and Market Risk Policy and associated tools, processes and procedures (detailed under Principle 7) ensure consistent management of liquidity and funding risks that arise in the CLS system. These tools include an extensive modelling plan that includes CLS risk design optimization, support for CLS strategic initiatives as well as Settlement Member and currency onboarding, a robust, automated back/stress testing program, and risk trade-off analysis.

� Model Risk Management: the Model Governance Policy and Model Validation Policy, along with their supporting procedures and processes, define a consistent and effective model risk management framework aligned with regulatory requirements. Model risk management includes requirements for robust model development, implementation and use, a sound periodic validation process to ensure that models are performing as expected and in line with their design objectives and business uses, defined roles and responsibilities for clear communication of

model limitations and assumptions, and the authority to restrict model usage. More details on model risk management are provided under Principle 7.

� Operational Risk Management (“ORM”): the ORM Policy, ORM Framework and supporting procedures provide an integrated approach to operational risk management that aligns with regulatory requirements, including the operational risk management and measurement requirements under Basel II. As discussed in detail under Principle 17, internal and external sources of operational risk are considered and managed on a departmental as well as firm-wide basis with defined processes for regularly identifying, managing, mitigating, and reporting operational risk and specific requirements for top corporate risks. The management of operational risk is a key component of the risk management framework, and feeds into the ERM Framework and the associated reporting discussed below.

� Crisis and Failure Management: tools and processes for managing crisis/failure situations have been developed so that relevant CLS Bank functions can manage small and larger-scale disruptions, accelerate remedial action, ensure regional resilience, and mitigate systemic risk by meeting various challenges presented by participants in the Settlement Service, as well as internal and external events while minimizing risks to provision of the Settlement Service.

� Communications and Training: on-going communication and training processes drive internal stakeholder engagement to reinforce a culture of risk awareness and responsibility throughout the CLS group, as well as establish and maintain proactive risk communication with the external risk management community (including Chief/Senior Risk Officers of Member banks, other FMIs, critical service providers, and regulators). CLS Bank also promotes thought leadership in seeking industry solutions related to systemic risks arising from FX settlement, including the potential failure of a CLS Bank nostro agent or third party service provider, as discussed under Key Consideration 3.

� Vendor Management: CLS Bank’s Vendor Management Framework defines vendor services and establishes CLS Bank’s policies and standards for managing procurement. This includes detailed vendor selection processes and associated periodic risk assessment based on monetary value as well as business criticality and strategic service importance and stringent review requirements based on CLS group security and technical policies for major business undertakings and joint ventures.

� Independent Audit and Validation: as detailed under Principle 2, the CLS group has a comprehensive framework for regularly advising the EMC and the CLS Group Board on the quality of business operations, with particular emphasis on systems of control. The Internal Audit function analyses CLS Bank’s risks and provides proactive independent assurance on the adequacy and effectiveness of internal controls, collaborates with the Risk Management function to facilitate identification and evaluation of risks, and provides recommendations to the EMC for responding to risks.

� Project and Implementation Management: as discussed under Principle 17, CLS Bank has implemented robust change and project management processes under which projects and system changes are subjected to thorough, coordinated due diligence and, as relevant, are submitted for regulatory consultation and/or undergo comprehensive risk assessment and stress testing to insulate the Settlement Service from adverse or unintended impact.

Key Consideration 2. An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI.

3.2 Delivering the CLS Mission Statement: Enhance Financial Stability by Providing Risk