Central Counterparties (Chapter 2)

 

Central Counterparties: Mandatory Clearing and Bilateral Margin Requirements for OTC DerivativesBilateral
by Jon Gregory
Published 2014

(Part of my undertaking to read Chapter 2 of books in my library.)

This book was published in 2014, so there will be some contents that are out of date.  A lot of activity has occurred in the central counterparties regulatory world recently.

Many derivatives contracts, such as options, and futures, are traded on an exchange. In an exchange, derivatives contracts are standardised. Standardisation leads to efficiency and tradeability.

While originally, contracts where traded on an exchange where the exchange served merely as a witness, and not a counterparty to the trade.  If a trading party did not live up to the contract, the exchange would fine them or even expel them.

Only approved firms and individuals may trade in an exchange.

Exchanges facilitate margining and netting between trade counterparties, which reduce the magnitude of risk for each side.

There are 3 forms of clearing: direct clearing, ring clearing, and complete clearing. Direct clearing is where each party delivers their contract obligations to the other. If there are offsetting trades, often the practice is to just net the difference, a practice called "netting", or "payment of difference". Ring clearing is an expansion of direct clearing to more than two parties. The parties must agree to join the ring. If A must pay B, who must pay C, then C can receive the payment directly from A. The exchange itself is not a participant other than an enforcer of rules. A disadvantage of rings is that a quality counterparty may be replaced by one that has lower credit quality. Not everyone in the ring benefits. Complete clearing extends and improves the ring by placing the exchange as a central counterparty to all parties. A party no longer has to worry about the credit rating of their counterparty; the exchanges assumes the rights and responsibilites of the counterparty.

Of course, if an exchanges assumes the obligations of a party, it must protect itself from exposures arising from an insolvent party. Two ways to mitigate the exposure is through the practice of initial margins and variation margins.  In addition to margins, a method of loss sharing is also implemented. One practice is requiring all members to make share purchases.

There was resistance to this concept early one: firms with high quality rating felt they lost their advantage over lower quality firms because a firm's credit rating became irrelevant.  The counterparty service can be provided by the exchange, or be provided by another firm offering that service for the eschange.

All derivatives market clearing service became standardised and used central clearing until OTC's arrived on the scene.

To be continued...

***

The New Risk

In the world of risk management, even the most basic things can get confusing.  When it comes to basics, it’s hard to think of a notion more basic than what ‘risk’ is. 

One of these is the distinction between a risk and the event that triggers the risk.  You can see a little bit of the confusion through the risk management standards.  The AS/NZS 4360:2004 standard considers risk as ‘the chance of something happening that will have an impact on objectives'.  Clearly, risk is closely related to, if not actually, an event (‘something happening’).

Compare this with the newer ISO 31000:2009 standard, which is not only an international standard, but also succeeds the AS/NZS 4360:2004 (i.e., the next version of AS/NZS 4360:2004 is ISO 31000:2009). Here, risk is ‘the effect of uncertainty on objectives’.  It is no longer an event.

Now, this very succinct definition also manages to be very confusing -- there are various discussions in LinkedIn about what it actually is trying to say. 

What then, is the difference, between an event (or a circumstance) that brings a consequence versus a risk the brings a consequence? The key to understanding risk is to focus on the word ‘objective’. Start with the objective. What do you want to achieve? This is the starting point. Literally, without an objective, there is no risk.

Once you have determined your objectives (there can be more than one), think of the various outcomes that deviate from that objective.  The third step is to consider the consequences of those various outcomes.

Let’s work through an example.  Suppose you have a job interview, and you identified your objective to be: arrive at the appointment on time.  What are the various deviations?  You can arrive 5 minutes late, 10 minutes late, 30 minutes late, 10 minutes early, and so forth.  What is the consequence of arriving 10 minutes late?  How about 30 minutes?

You can the look at the different possible events, circumstances, or situations that can cause the deviations: traffic, getting lost, underestimating the time needed for travel, forgetting something and having to go back, running out of petrol, having a car accident, etc.

After identifying possible causes, analyse them and implement mitigation plans for the ones that might be more likely, such as traffic, or underestimating the travel time required.  By mitigating the various events, you are reducing the chances of not being able to arrive on time.

You can also mitigate the risk.  But since risk is not an event, you cannot mitigate it from happening.  Instead you mitigate its consequences. So you mitigate the possibility of the deviation from occurring by addressing the events that can cause the deviation, and you mitigate the consequence of the deviation.

	Old World	New World
Risk	An event, or situation, or circumstance	The deviation from your objective
Consequence	The impact of the event, or situation, or circumstance	The impact of the deviation (regardless of what caused the deviation)
Risk Event	An event that brings about the risk	An event that causes a deviation

ISO 31000:2009’s Definition of Risk

As anyone involved in risk management knows, a couple of years ago the ISO published their new Risk Management Standard known as ISO/IEC 31000:2009 (ISO 31000 for short).  This standard is new for ISO, and is not replacing an older ISO standard.  For countries like Australia though, which had its own standard (AS/NZS 4360:2004), this new ISO standard supplants that older standard.

One of the innovations coming from ISO 31000 is a new definition of risk.  It is a  concise definition, albeit but strangely phrased. It defines risk as:

"the effect of uncertainty on objectives."

At first glance, it looks straightforward.  But a closer interpretation of the words makes on pause: the what of what on what?  

But before we delve into what it means, let’s compare this definition with the one used in AS/NZS 4360:2004, which was not only the Australian (and New Zealand) standard, but also adopted in several other countries.  As testament to its wide acceptance, the core of ISO 31000, its Risk Management Processes, is taken almost verbatim from AS/NZS 4360:2004.

This is how AS/NZS 4360:2004 defined risk:

"the chance of something happening that will have an impact on objectives." 

Here it’s clear that risk is clearly tied to "something happening".  Risk is an event or a circumstance (together with its chance of happening).

By contrast, in the new ISO definition, risk is the "effect of uncertainty".  What is this ‘effect’? 

ISO 31000 provides an explanation:

Effect - "a deviation from the expected -- positive or negative".

Now, since we are talking about risk, and risk is about future events, we can safely assume that when they say ‘deviation’, they are talking about potential deviation, or a possible deviation, not a deviation that has already happened.

If we take that meaning, then it seems to me that the definition of risk can be translated to:

"the possible deviation … on objectives."

This makes some sense.  Risk is indeed about its possible deviation on our objectives.  We hope to finish a project within 6 months, but it might end up finishing after 17 months. 

But notice that I put in ellipses.  The reason I did that is because if I restore the missing words, the definition of risk becomes:

"the possible deviation of uncertainty on objectives."

Which is clearly gibberish, so let’s parse it further.

In risk management, the word ‘uncertainty’ refers to ‘ignorance’ or ‘lack of knowledge’.   ISO 31000’s definition is aligned with this view:

Uncertainty - "the state, even partial, of deficiency of information related to understanding or knowledge of an event, its consequence or likelihood."

Note the definition: ‘Deficiency of information’, lack of information, or lack of knowledge.  This lack of knowledge, does not, I believe, refer to lack of skill, or lack of expertise, but specifically to lack of knowledge about what will happen. 

Given the above, a possible rephrasing of the definition can go like this: 

Risk - the possible deviation, arising from lack of information, on objectives.

The key difference is that in AS/NZS 4360:2004, risk is an event, whereas in ISO 31000, risk is the deviation.  This is not the consequence, but the deviation. 

So for example, we launch a product which we estimate will bring in $20 million dollars.  For AS / NZS 4360:2004, a possible risk is that a competitor might launch a similar product which changes the market dynamics, resulting in lower revenues for us.  For ISO 31000 a risk might be that sales are not as big as we expected.  What are the consequences of that?

This change in the definition of risk has been met with praise, criticism, and confusion.  One of the primary impetus in redefining risk is the desire to better incorporate the handling of ‘positive risks’ in the risk management process.

It certainly makes one rethink.

Market Share, Market Risk

Even as Company A owns and enjoys the biggest share of demographic market for teens, it begins to direct a zealous eye towards another section of the market, the one dominated by competitor Company B. 

Company A looks at the sales and profits of Company B and decides: “we’d like that share”.

Company A undertakes a campaign to grab market share from B.  A few expensive months of marketing begins to make substantial progress.  After a couple of years, Company A is swamped by regulatory demands which were never a problem with their other market.  Consequently, the profit margins end up far far less than originally expected, and the headaches far, far more.

Companies do this all the time.  They notice a market share and say: “we’d like that”. 

But they forget that markets are characterised not only by profits: they also come with market costs, market responsibilities, and market risks.

It seems company B was more adept at managing the risks of that market, hence its profits.  Company A did not have the experience managing the risks of that market, hence its headaches.

What is the difference between an impact and a risk?

Sit at any Risk Management 101 class or Risk Management introductory workshop and you will most certainly be introduced to the risk register. And in that risk register, you will be introduced to two columns: the Risk, and the Impact. 

You will be told that the Risk is an event that may or may not happen.  You will also be told that Impact is what will happen if the Risk occurs (or ‘eventuates’). Sounds clear, simple, direct. 

Now let’s apply what we’ve learned.  You are concerned (rightly) about crashing your car. Is that a risk? Or is it an impact?  (Avoiding the pun on crash and impact). It is not certain that your car will crash, so that is a risk.  What will be the impact?  Easy: you may experience fatality.  Or you may experience serious injury, or you may experience light injury. 

But why isn’t crashing the car an Impact? 

What caused the car crash? Did your brakes malfunction?  Was that a risk?  Was there a risk that your brakes would malfunction?  Were you hit by a drunken driver? Was that a risk you faced when you were driving? Absolutely.

So let’s say: Risk = Possibility of being hit by a drunker driver.  What is the impact?  Crashing your car.  What was the risk earlier is now the impact.

The distinction between risk and impact is not so clear.  What is a risk from one perspective is an impact from another.  But which perspective is the right one to take? And which perspective should you be taking when you fill in the risk register?  Do you put “Car crash” under Risk or under Impact?

Risk - What Can Go Wrong

There are so many definitions of risk.

The newer versions include 'positive risk' and variations thereof. These definitions try to be very inclusive, to make sure they cover all possible perspectives and manifestations of risk. It can be a bit confusing. Some days

I am tempted to find a simple, clear, usable definition of risk.

I am not yet convinced that 'positive risk' should have the word 'risk' appended to it. On those days when I look at risk management as 'the management of uncertainty' I have no problem accepting that positive risks belong to this domain.

But for now, I will use as the most basic definition of risk:

Risk = what can go wrong.

Risk management = managing what can go wrong

The ‘wrong’ already implicitly includes a reference to our objectives.  If something can go wrong from our point of view, it means something going wrong in relation to our interests.  Something that doesn’t affect us is not something going wrong. So I don’t have to extend it to ‘something that can go wrong with regard to our objectives’  (in any case, I prefer to use ‘interests’ rather than objectives).

The ‘managing’ in ‘managing what can go wrong encompasses identification, assessment, and mitigation.

Let’s see how far these definitions will let me go.

Risk Versus Risk

One of the most critical processes in managing projects are those addressing project risks.  Some writers go so far as to call risk managent 'project management for adults'.  The implication being that if you’re not doing risk management in your project, then you’re just a kid, you haven’t grown up yet, and have no place among grown-ups (I agree with this view, by the way).

When asked what risk is, quite a few will give an answer that goes something like: 'a risk anything that can go wrong.'  In this view, a risk is something that can go wrong, and therefore risk management is about addressing those things that can go wrong.

But there is another, less commonly known, view of risk.   In this view, risk is something uncertain that may affect the project.  Not something necessarily bad, but something uncertain. 

Let's suppose you are planning a picnic for tomorrow.  Being an adult, you have prepared a risk management plan (your picnics may be boring, but they are predictable).  You have an entry for weather in your risk plan.  In the first view of risk, you look at the weather and look for something that could 'go wrong' that could negatively affect your picnic.  Is it going to rain tomorrow?  If there's a chance of rain, what can we do to mitigate the effects of this rain on the picnic? Perhaps bring an umbrella.  Perhaps plan to hold the picnic nearby an accessible shelter, to make escaping from the rain easier.

In the second view, we look at the weather not as something that is the harbinger of something that can go wrong, but simply something uncertain.  So there's a 50% chance of rain.  Let's prepare for that eventuality.  But there's also a 50% chance of no rain. Let's also prepare for that happy eventuality as well -- perhaps plan to go to a place with a nicer view if the weather clears up.

With this second view, risk is not simply viewed as about bad circumstances that can happen, but simply about all uncertain circumstances. Circumstances which can indeed turn out bad (and whose effects we should be ready to address), but which can also turn out good (which we should be ready to take advantage of).

In the first view, we simply prepared ourselves for the worst.  But in the second view, we also prepared ourselves for the best.

On Issues Versus Risks

Whenever you find yourself in an introductory presentation on risk management, you can expect to hear a question like: “What’s the difference between an issue and a risk?” The expected answer seems to be always: “A risk is something that may or may happen, while an issue is something that has already happened.” 

Correct enough, but this description falls short of conveying any relationship between the two.

Here’s one I coined, I like, and plan to use and re-use: “Issues are the risks you failed to manage, now come to haunt you.”

The sentence makes clear that many of the issues that you face could have been mitigated if only you had done proper risk management.  The assertion is not always true of course.  Some issues just come from unpredictable circumstances, and no risk management is that perfect.  So surely,  there are exceptions, but the strong assertion of the sentence emphasises just that – that exceptions are the exception.

I believe I originally picked up this relationship from Bill Duncan.  A few years ago he quoted someone he knew who said that in a good risk management process, all the issues that arise will have been previously identified in the risk register.  So it’s not my original idea, but I like the “now come to haunt you” bit, which is mine.