The Bank of England’s approach to financial market infrastructure supervision

The Approach Document

In November 2024, the Bank of England (the “Bank”) published an Approach Document setting out its approach towards the supervision of financial market infrastructures (“FMIs”). 

The Bank has published documents of this nature before, and has decided that now is a suitable time to provide a updated statement of its approach.  The main drivers for the Bank in issuing the paper are (i) transparency (both for FMIs and for FMI users and the financial system more broadly); (ii) ensuring the proportionate and tailored supervision of FMIs, whilst also ensuring that the Bank is meeting its primary and secondary objectives; and (iii) the need for the Bank to be accountable, both to the public and Parliament, in relation to its supervision of FMIs. 

The Approach Document takes into account a number of recent regulatory developments that affect the Bank’s supervision of FMIs, as considered further below. 

The Approach Document should be read together with a number of other publications made by the Bank which were published at the end of 2024.  Links to the most relevant publications are included at the end of this note.

Background

Following the introduction of the Financial Services and Markets Act 2023, the Bank has a new set of powers, and additional responsibilities, in relation to FMIs.  These include:

• a broad rule-making power in relation to central counterparties (“CCPs”) and central securities depositories (“CSDs”), effective from 1 January 2024, which enables the Bank to impose requirements directly on FMIs, including by replacing assimilated EU law (such as the UK’s version of the European Market Infrastructure Regulation (“EMIR”) and Central Securities Depositories Regulations) with its own rules;
• a number of significant measures relevant to the Bank’s regulatory and supervisory powers, including the power to issue requirements to recognised UK CCPs and CSDs and systemic non-UK CCPs, under which such entities must take, or refrain from taking, a specified action.The Bank published a separate policy statement regarding this power in May 2024;
• a new secondary objective for the Bank as an FMI supervisor which requires that the Bank must “as far as reasonably possible, facilitate innovation in the provision of CCP and CSD services with a view to increasing the quality, efficiency, economy of FMI services”; and
• new accountability mechanisms that the Bank will be subject to, which are more aligned with those that already exist for the PRA and FCA. These include the creation of a new Financial Market Infrastructure Committee (“FMIC”), which is involved in key supervisory decisions (such as approving the Bank’s overall supervisory approach, and approving the Bank’s supervisory strategy for certain FMIs).

The Bank is also consulting separately on the introduction of Fundamental Rules for FMIs, which are similar to the fundamental rules and high-level principles that apply to firms authorised by the PRA or FCA – see link for further details.

In the light of these changes, the Bank has decided that it is appropriate to issue a statement setting out its policy towards the supervision of FMIs.  It intends that the Approach Document will act as a “standing reference”, which the Bank will update as necessary, to ensure it remains current - for example, to reflect significant legislative and other developments that result in changes to the Bank’s supervisory approach.

The Bank has issued statements on its approach to the supervision of FMIs before, but for CCPs and CSDs this is the first overall restatement since 2013, and so it reflects not only the recent changes to the Bank’s supervisory powers and responsibilities following Brexit, but also the Bank’s experience of supervising FMIs through the course of a number of significant events during the past decade.

This article sets out the main themes that apply in respect of the Bank’s supervision of CCPs and CSDs.  (The Approach Document also covers recognised payment system operators and some associated service providers, but these entities are outside the scope of this note.)

New themes

When compared to the previous expositions of the Bank’s approach, a number of new themes and issues emerge from the new approach document:

• There is greater focus on the Bank’s objectives and how it will comply with them in practice. Previous guidance had focussed more on the design of the framework rather than the practicalities of how it is operated, and so the Approach Document provides welcome transparency.
• In the light of the Bank’s secondary innovation objective, there is more emphasis on how the Bank can support innovation whilst still complying with its primary objectives. (Please note, however, that the secondary innovation objective does not apply to individual supervisory decisions.)
• The Bank will continue to be judgment-based and forward-looking in its approach, as well as applying the principle of proportionality. (We believe that the Bank has applied the principle of proportionality to its supervision of FMIs before now, but the Approach Document arguably makes it more explicit that this will be a key element of the supervisory regime going forwards.)
• There is more emphasis on the Bank being a data-driven regulator, and on the Bank embracing new technologies to help aid its supervisory activities.
• The risk assessment framework, while not new, has been reformulated and is arguably broader than before. The Bank says that it will apply to FMIs the same “proactive intervention framework” that the PRA currently uses in its supervision of authorised persons. This will enable supervisors and the FMIC to focus their attention on areas of concern.

High-level principles for advancing the Bank’s objectives

To advance the Bank’s objectives, the Bank’s supervisory approach follows four key principles – namely, that supervision should be:

1. judgement based;
2. forward looking;
3. focused on key risks; and
4. proportionate.

These are effectively the same principles that the PRA applies in the supervision of authorised persons, such as banks and insurance companies. 

All FMIs will be subject to a set of baseline supervisory processes and activities, the frequency and depth of which are proportionate to the potential impact of a firm on financial stability.

Identifying risks to the Bank’s objectives

In accordance with the principle of proportionality, the intensity of the Bank’s supervisory activity varies depending on the risks posed by each firm.  To identify and assess these risks, the Bank uses a standardised risk assessment framework which enables supervisors to focus on the biggest risks to financial stability and provides a common approach for making supervisory judgements.

Supervisors begin any FMI’s risk assessment with an assessment of systemic impact – that is, the significance of the FMI to the stability of the UK financial system.

FMIs are then assigned into one of three categories:

• Category 1 – the most significant systems, which have the capacity to cause very significant disruption to the financial system by failing or by the manner in which they carry out their business;
• Category 2 – significant systems which have the capacity to cause some disruption to the financial system by failing or by the manner in which they carry out their business; and
• Category 3 – systems which have the capacity to cause, at most, minor disruption to the financial system by failing or by the manner in which they carry out their business.

Supervisors then consider a series of further risk elements under gross risk and mitigating factors to assess the likelihood of an event disrupting the financial system occurring.

Gross risks include external factors (including political and/or macroeconomic risks) as well as business risks relating to the FMI itself – in particular the risks related to its business model, strategy, the complexity and inherent risk of the market that it serves, and its operating model (including its group structure).

Mitigating factors include:

• The effectiveness of the FMI’s Board and senior management. The Bank will consider the extent to which the Board and senior management manage the firm prudently, consistent with regulatory requirements, expectations and the Bank’s financial stability objective, having regard to the structure of the Board, composition and skill-set of the Board, the way in which overall strategy is set and how effectively risks are managed.
• The adequacy of the FMI’s risk management and controls. When assessing risk management and controls, the Bank will look at both the risk management of the FMI itself and how the FMI fulfils its role in ensuring risk management in the markets it serves.
• Operational resilience. The Bank expects FMIs to observe high standards in the management of operational risks. The Boards of the FMIs are responsible for operational resilience, and in relation to this the Bank expects them to have clear lines of accountability and be responsible for the internal operations and technology of the firm. The Approach Document highlights cyber resilience as an important aspect of operational resilience.
• Financial resilience. Financial resilience is an assessment of both the FMI’s own financial resources and whether the FMI appropriately manages financial risks within its ecosystem, subject to preserving the resilience of the FMI.

These mitigating factors are closely related to the proposed Fundamental Rules for FMIs.

There is also a strong emphasis on “preparedness for disruption” (“PfD”).  PfD assesses the extent to which the FMI has taken appropriate actions to support the Bank in being adequately prepared to mitigate impacts on financial stability in the event of the FMI being unable to recover from a financial or operational failure.  This recognises that the systemic nature of FMIs can result in disruption at one FMI having a much broader ecosystem-wide impact which may require additional market-wide intervention by the relevant authorities in order to mitigate risks to financial stability (and which may require the Bank to use its powers under the CCP resolution regime and/or the FMI special administration regime).

Assessing firms and using the Proactive Intervention Framework

The supervisors of the FMI will assess and rate each risk element against the Bank’s risk tolerance.  FMIs will be assigned a rating, which is forward looking over a 12 month period. 

The Bank will use a “Proactive Intervention Framework” (“PIF”) in relation to the FMIs.  This is the same approach that the PRA uses in its supervision of banks and insurance companies.  The intention is to capture the probability of risks outside of the Bank’s risk tolerance crystallising over the next 12 months.  FMIs will be assigned to one of five different stages under the PIF, denoting a different likelihood of disruption to financial stability, and the supervisors of an FMI will consider the PIF analysis when drawing up their supervisory strategy for an FMI. 

Bank supervision of FMIs that form part of groups

Where the FMI is part of a group, the Bank will want to understand how that FMI relates to the rest of its group, how the group’s objectives affect the FMI, and what risks the rest of the group might bring to the FMI and vice versa.  In particular, the Bank will consider interdependencies between group entities in relation to finances, operations, risks, risk management and governance.  This is a continuation of the approach that the Bank outlined in its 2013 guidance.

Supervisory activity

On the question of the Bank’s approach to supervision, the Approach Document is more prescriptive than previous guidance, particularly with regard to what an FMI can expect to experience as part of the supervision process.  Key elements of the approach include:

• Baseline supervisory activity: The Bank will undertake what it describes as “baseline activities” for all FMIs – that is, the minimum amount of supervision that would be required for a firm, provided that the firm is considered to be within the Bank’s risk tolerance for that type of FMI. The level for the baseline supervisory activity will be set by the Bank’s FMIC. The level may vary from FMI to FMI, as it will be informed by the risks that an FMI is considered to pose.
• Additional activities: If the FMI is assessed as being “out of tolerance”, the Bank supervisors will undertake additional work to ensure that the FMI carries out the necessary risk mitigation activities to bring the risk back into tolerance.
• Firm meetings: FMI Boards and directors should expect to meet regularly with their supervisors, under a series of “close and continuous” meetings. The Bank will work out a schedule for these meetings, having regard to the FMI’s category. The Bank will have a model regarding the minimum amount of engagement it will expect with different types of FMI. Ad hoc meetings may be required as well.
• Review of MI, reporting and data: The Bank will request an FMI to submit data of appropriate quality. The request will be proportionate to the size and potential impact of the FMI. The Bank may also gather information through MI from Board packs or disclosures made by FMIs. (See further below in relation to the Bank’s approach to data.)
• Risk reviews: Risk reviews are seen as part of the Bank’s baseline supervisory activity, which will determine the number of reviews to be undertaken in any year.^[1] Risk reviews are considered especially important in relation to financial and operational resilience.
• PFMI self-assessment: The Bank expects FMIs to undertake self-assessments of their adherence to the CPSS-IOSCO Principles for financial market infrastructures (“PFMI”). This has been a long-standing requirement of the Bank.
• Reviews of significant changes: An FMI is expected to inform the Bank whenever it is proposing a significant change to its business that could materially alter its business model, organisational structure or risk profile. Supervised FMIs will already be familiar with this process, which is sometimes referred to as a ‘non-objection’ process. The Approach Document sets out the Bank’s approach specifically towards new products and model changes in CCPs.
• Setting supervisory strategies: The Bank will hold regular internal stock-take meetings (known as Annual Risk Reviews) for each FMI that it supervises. Following an Annual Risk Review, the Bank will send an individually tailored letter to the Board of the FMI outlining the key risks that are of greatest concern and any action that is required to bring the FMI within the Bank’s risk appetite. The Bank says that it will, in general, consider representations by the firm but that FMIs should not approach their relationship with supervisors as a negotiation.
• Use of the Bank’s powers: In the Approach Document, the Bank reminds firms that while it expects them to co-operate in resolving supervisory areas of concern, the Bank will not hesitate to use its formal powers where this is appropriate in order to achieve the desired supervisory outcome. Similarly, the Bank will use its enforcement powers when appropriate. The Bank’s approach to enforcement is set out in a separate statement of policy and procedure (which, like the new Approach Document, was updated in November 2024).
• Supervisory stress testing of UK CCPs: As part of its supervision of UK CCPs, the Bank conducts regular supervisory stress tests. The Bank says that it is continuing to develop its approach to stress testing, including the use of desk-based stress-testing models that will allow it to test resilience to a wider set of decorrelated scenarios.

[1] The Approach Document gives the example that a typical Category 1 CCP could expect to have operational resilience reviews and financial resilience reviews twice every year and a review of management and governance once every three years.

Data-related capability

The Bank regards the data it collects directly from FMIs as an important input to its supervision process.  The Bank says that it aims to achieve four broad outcomes in its collection and use of data – namely to:

1. utilise data and analysis to support the supervisory approach;
2. be able to identify system-wide risks and facilitate effective crisis management responses;
3. proactively monitor data to spot trends and identify risks to firms, their participants and their wider ecosystem; and
4. make relevant data available to other parts of the Bank (such as the Financial Policy Committee and the PRA) to support broader initiatives.

The Bank says that, in order to achieve these outcomes, the Bank needs to increase the value of the data it collects by closing data gaps, sharing data effectively with relevant parties and by enabling safe and effective innovation, including artificial intelligence.

The Bank says that it is expanding its technical capability to make the best use of the data it collects and is continuing to work alongside international counterparts on the harmonisation of data standards.

New FMIs and the Digital Securities Sandbox

The Approach Document contains detailed information about the Bank’s approach to new FMIs that are seeking to enter the market through the new Digital Securities Sandbox (“DSS”).   The DSS creates a regulated environment that allows firms to test new technologies for financial securities in a controlled setting.

The DSS is jointly operated by the Bank and the FCA and it has three main aims – namely (i) facilitating innovation; (ii) protecting financial stability and (iii) protecting market integrity. 

In order to do this, the DSS uses:

• Limits on live activities: Given that innovative technologies are untested, live activity in the DSS will be subject to specific limits that are calibrated by the regulators, based on market analysis for the different asset types in scope of the DSS.
• Modified and flexible legal regime: The DSS allows the Bank to modify certain provisions of existing legislation and rules, in order to remove legal obstacles and barriers that prevent the use of developing technologies and to adapt those in light of the activities in the DSS. The Bank has previously issued Guidance on the operation of the DSS.
• Glidepath design: The DSS has been designed so that participants can upscale their business as they demonstrate their compliance with the regulatory requirements. At the end of the DSS (which is scheduled to run until 2029, but which may be extended by HM Treasury), the intention is that participants will have the opportunity to transition to a new permanent regime if the technology is successfully adopted.

The Bank says that firms in the DSS will be supervised under a modified approach, which will be grounded in the same high-level principles as set out in the new Approach Document, with a particular eye on ensuring that supervision in the DSS is proportionate to the risks posed by firms to the regulators’ objectives.  This modified approach will be kept under regular review as the sandbox is a living sandbox and the Bank recognises that further adjustments may need to be made.

Approach to non-UK FMIs

The Bank is responsible for supervising or overseeing a diverse range of FMIs.  This includes both systemic and non-systemic non-UK FMIs that provide services to the UK or have UK participants.  In respect of systemic third-country CCPs, the Bank has the power to require the CPP to take, or refrain from taking a specified action, in the same way that it does for UK FMIs.

In relation to the supervision and oversight of non-UK FMIs, the Bank says that it follows the same general approach to all non-UK FMIs, but with appropriate tailoring of its approach. 

When it regulates a non-UK FMI, the Bank will be placing reliance on the FMI’s home state regulator and the supervisory framework within which the FMI operates.  The level of co-operation and information sharing required of the home state regulator will depend on the Bank’s assessment of the systemic importance of the FMI to UK financial stability.  Where the level of co-operation and information sharing is considered sufficient, the Bank will advance its objectives primarily through engagement with the home authority.  This is consistent with the approach previously taken by the Bank.

The Approach Document also contains additional guidance for different types of non-UK FMI:

Non-UK CCPs

• The Approach Document says that the assessment of whether a non-UK CCP is systemic for UK financial stability, and the extent to which the Bank places reliance on the home authority, is currently implemented though UK EMIR, in particular the “tiering” framework.

Non-UK CSDs

• The assessment of the CSD’s systemic importance to UK financial stability results in the CSD being placed into one of two groups:
  • Group A (deemed to pose material risks to UK financial stability); and
  • Group B (deemed to pose low risks to UK financial stability).
• The Bank will assess the CSD against a range of qualitative and quantitative factors, including the value of the transactions settled by the CSD that are linked to the UK, the value of securities held by the CSD on behalf of UK-based participants and issuers and the proportion of the CSD’s total business that is linked to the UK.
• The Bank expects that non-UK CSDs primarily serving their respective national securities markets will be allocated to Group B and non-UK CSDs primarily serving international securities markets (such as the Eurobond market) will be allocated to Group A.
• The Bank will also seek to apply deference by agreeing appropriate co-operation agreements with home authorities, depending on the CSD group, in line with the general approach to regulating non-UK FMIs described above.

Other relevant Bank publications

Other publications issued by the Bank recently which are potentially relevant to the supervision of FMIs include:

• The Bank of England's supervision of financial market infrastructures - Annual Report 2024 (18 December 2024).
• The Bank of England’s approach to enforcement (updated 12 November 2024) – not limited to FMIs.
• The Bank of England’s approach to enforcement: statements of policy and procedure (updated 12 November 2024) – not limited to FMIs.
• A statement of policy on The Bank of England's approach to cost benefit analysis when making rules for CCPs and CSDs (12 December 2024).
• A consultation paper entitled Operational resilience: operational incident and outsourcing and third-party reporting for financial market infrastructures (13 December 2024).  The consultation closes in March 2025, with a policy statement expected later in the year.