ASX risk management
Continuing to generate long-term value for all our stakeholders is central to ASX's ability to operate at the heart of Australia's financial markets.
ASX risk management
Continuing to generate long-term value for all our stakeholders is central to ASX's ability to operate at the heart of Australia's financial markets.
ASX has a Board-approved Risk Appetite statement that describes the types of risk we encounter in our business, along with our tolerance for outcomes that impact on our stakeholders.
Complementing this is a governance structure, starting with the Board and flowing down through executive level management committees to individuals, which articulates roles and responsibilities for managing risk within the organisation. This is underpinned by the 3 Lines of Defence risk management framework.
The table below explains how ASX manages its risks.
Managing and protecting our data and that of our customers is critical to maintaining trust and confidence in Australia’s financial markets, and in strengthening the resilience of our operations. Continually strengthening our cybersecurity risk controls, procedures, and prevention strategies are fundamental to protecting our systems and customer information from fraud-related incidents and cyber attacks, as they evolve in their sophistication and frequency.
Our dedicated information security and risk team continued to implement and update the tools and strategies we use to manage and monitor cyberattacks in FY20. Among these initiatives was the implementation of a more contemporary email platform, which is better equipped to deal with the growing volume of sophisticated email threats. It also strengthens our cyber resilience through advanced configuration, analysis, and assessment capabilities.
Key to our efforts in mitigating the risk of cybercrime is the data security training all ASX employees receive, particularly in relation to recognising phishing emails and ransomware activities. We also send out regular communications keeping employees informed of the latest trends in email scams.
Risk | The risk and its impact | How we are responding |
Regulation, market structure and competition | ASX operates in highly regulated markets. Changes in regulations and/or market structure can impact on ASX or its customers and the environment in which we operate. Examples of how ASX's business could be impacted include if:
|
|
Economic environment and market activity | ASX's business can be impacted by the level of market activity. Market activity levels are influenced by economic performance, government policy, and general financial market conditions in Australia and overseas. Slowing economic conditions or a lessening of general market volatility can lead to a reduction in activity and revenues. Examples of how ASX's business could be impacted if there was a slowdown in the Australian economy include:
|
|
Operational excellence | The resilience, continuity and quality of our operational processes are critical to our ability to operate. This risk arises when failures in our people, processes, systems or controls impact on the delivery of our products or services to our customers. The occurrence of such a failure may result in reduced customer service, the inability to provide services, reduced revenues, increased costs, fines or regulatory issues. This category also captures the risk that our project execution is poor, which could lead to a failure of our strategic projects to deliver expected outcomes. |
|
Technology availability | ASX operates critically important financial market infrastructure which is expected to be open and available at all relevant business times. A risk to ASX arises where infrastructure and technology are unreliable and have slow recoverability or have insufficient capacity and where this cannot be quickly increased. Issues that would heighten this risk are the prevalence of ageing infrastructure, systems or applications that are near their end of life, and a significant increase in cyber attack activity. The risk may result in reduced ability or an inability to deliver ASX's trading, clearing and settlement services, reduced customer service, reduced revenues, unplanned remediation or replacement costs or further licence conditions. |
|
Counterparty default risk | This risk arises in our licensed clearing and settlement facilities when a participant fails to meet its contractual obligations to any of the facilities. Depending on the size and complexity of the defaulting counterparty, the default could lead to extremely volatile conditions in global financial markets. This, along with ASX's default management strategy, will determine the size of any possible loss sustained by ASX. |
|
Investment returns | Financial losses may arise from investment decisions taken in relation to the management of collateral balances received from clearing and settlement activity, from the investment of ASX's own capital, or the clearing and settlement facilities' pre-funded default capital resources. ASX also makes equity investments in support of its broader business objectives (e.g. Yieldbroker, Digital Asset, Sympli). |
|
Reputation and stakeholder confidence | The ongoing success of ASX is highly dependent on its reputation for trust, integrity and resilience in everything that we do. Reputation risk arises in a wide variety of situations, for example, where ASX is perceived to have not acted with integrity or failed to deliver resiliency in its activities. Any outcome that causes detriment to this reputation has the potential to damage ASX's future business prospects through reduced business volumes or regulatory impact or intervention. |
|