The Thomas Murray Risk Assessment Committee

Given the centrality of regulation to the firm’s information and monitoring services, the changing nature of financial markets these past twenty years and longer, the continuous adaptation of participants to new IT and evolving economies and geopolitics, Thomas Murray has always kept a sharp eye on risk affecting our clients and how its own services have enabled them to assess their appetite for it. When nothing is stable for long, the nature of risk is never fixed, either.

Risk outlook is the central point of the firm’s monitoring and assessment work. As a result of this its first topic at the inception of the business was on defining risks involved in establishing proper bank custody services for US institutional money outflows, and determining appropriate and adequate responses, all as per United States SEC regulation.

As Thomas Murray grew and its services matured, especially in the aftermath of the Global Financial Crisis of 2007-2009, what was done rather manually and informally amongst colleagues in a small analytical firm 15 and more years ago came to be formalised in a more complex financial services industry. The context of the corporation had changed, too; it had grown much larger, and was covering many more markets and types of post-trade actors.

Thomas Murray ‘grades’ post-trade infrastructures and service providers, or individual elements of their services, or even simply a particular aspect of the risk they face each day in serving the markets. The Risk Assessment Committee (‘RAC’) was introduced in order to discuss and approve any changes to the risk grades, as well as the criteria that needed to be detailed in order to assess and form a clear opinion of those risks. The complexity of new regulations in capital markets, as well as the increasing demand from clients to understand and justify the firm’s analyses and assessments, created the need to put a committee in place to bring in any necessary changes to these methodologies, to the level of risks, to the risk types, and so on.

Also, it was deemed necessary in order to harmonise the grades assigned to sub-custodians, global custodians, central securities depositories (CSDs), central counterparties (CCPs) and other market infrastructures as well as to have a common approach and a company view on the risk levels. We also needed to make sure that any changes in regulations are properly captured in our methodologies and assessments.

The RAC is composed of eight members, including Thomas Murray’s Chief Risk Officer, who leads the meetings; the Deputy Chief Risk Officer (the alternate chair); the head of the Capital Markets team and a senior risk analyst; the head of the Banking team; a network manager; a senior advisor; and the firm’s head of quality control. The diversity of the group’s collective body of expertise and backgrounds allows for a rich and balanced discussion. The meetings are scheduled twice weekly for some two hours. Any items sent by the analysts in each of the firm’s teams are then discussed; when complex, the matter is assigned to an individual for detailed review and a recommendation before presentation to the Committee for a final decision.

A typical meeting will address several topics. For example, these could be suggested changes to the risk grades of the entities the firm evaluates, approval of new assessments, proposed changes or amendments to the methodologies, and so on.

Some examples would help explain the significance of the RAC’s work. It recently undertook a major project to redevelop all existing methodologies from a largely qualitative basis to a more quantitative approach. The process involved analysts in each team going in detail through each individual type of risk, identifying key criteria, and suggesting a scoring guideline. The scoring ranges are set between 0 to 10, depending on the product. The actual grades go from AAA (extremely low risk) to CCC (extremely high risk). To provide a concrete case, financial risk for banks includes some criteria such as the bank’s external credit ratings (taking into consideration any sovereign rating constraints), regulatory capital ratios, and other balance sheet metrics to determine the level of financial strength, viability and stability of the bank. The process took several months to be completed, but resulted in a more consistent and stronger methodology that allows analysts to better judge what is riskier in the post-trade infrastructure.

As another example of how hard it can be to summarise in a grade something that can be highly qualitative, we cite the introduction of a governance grade to CSD and CCP assessments several years ago. The risk of poor governance is evident enough, but how to measure it on a comparative basis? This risk is composed of 6 criteria including Board Arrangements, Risk Governance and Risk Committee, Disclosure of Corporate Information, Management Arrangements, User Groups, and the Disclosure of Statistical Information. In each criterion, the Thomas Murray analysts try to answer some key questions, whose answers are assessed using the relevant scale.

For instance, under the Board Arrangement: does the objective of the Board place emphasis on the FMI’s financial stability and efficiency? Are the powers and responsibilities of the Board clearly defined and disclosed to relevant parties? In this case, those FMIs that have Board objectives documented to establish the FMI as a stable, efficient utility servicing its participants and have clearly documented authority and responsibilities widely published in the national language and English get the highest score. In Risk Management we consider, amongst others, whether there is a clearly articulated and documented risk management framework and if the Board and/or the Risk committee regularly review the risk management framework. Equally, FMIs get the highest score when they have established and documented their risk management framework encapsulating all areas of business, and where the framework is reviewed frequently and is understood by directors.

Thomas Murray communicates changes in grades and methodology to clients, almost in real time. Subscription clients receive flash bulletins of news affecting post-trade infrastructures and service providers several times per day, depending on the product. News is flashed with a comment on whether the particular event or item has an impact on the grades of one or more of the risk areas, and if so how and possibly to what extent; or is instead simply sent as a piece of information. When clients subscribe to a particular service of the firm, information on the risk assessment methodology is provided. The details of the methodologies remain proprietary to Thomas Murray.

Because of the particular third-party information needs of the firm’s clients, Thomas Murray has ended up with an unusual, highly distinctive position in the financial services industry. Other analytical or advisory firms were looking at credit risk ratings or restructuring business flows – in contrast, from a strictly neutral position, these risk methodologies enabled Thomas Murray to build up considered, disciplined expertise globally on the operational risk of market infrastructures and post-trade service providers to their clients.


Ana Giraldo, Deputy Chief Risk Officer, Thomas Murray.

Thomas Krantz, Senior Advisor Capital markets, Thomas Murray.

Tags: Riskrisk outlookregulationsmonitoring and assessmentPost-trade infrastructuresRisk Assessment CommitteeRACsub-custodiansGlobal CustodiansCSDsCCPsmarket infrastructures