Benoît Cœuré: The new frontier of payments and market infrastructure: on cryptos, cyber and CCPs

Welcome remarks by Mr Benoît Cœuré, Chair of the Committee on Payments and Market Infrastructures (CPMI) and Member of the Executive Board of the European Central Bank, at the Economics of Payments IX conference, Basel, 15 November 2018.

The views expressed in this speech are those of the speaker and not the view of the BIS.

CPMI, Central bank speech  | 
15 November 2018

I open this conference on Economics of Payments with real pleasure. It is great to see so many familiar faces as well as newer ones. I thank you all for coming, especially those who have travelled from afar.

This is the ninth iteration of this conference. The first gathering in 2004 was organised by the New York and Atlanta Feds to celebrate the emergence of "payments" as a distinct field of study in economics. Since then, interest in payment economics has taken off, thanks to the efforts by many of you here today, and the conferences have gone global. The last conference in 2016 was hosted by the Deutsche Bundesbank in the charming village of Eltville.

It is only natural for the global standard setter in this area, the Committee on Payments and Market Infrastructures (CPMI), to offer its support and sponsor this year's conference. It comes at a timely moment as the G20 is taking stock of 10 years of global financial regulatory effort, and earlier this year the central banks of Argentina, Indonesia and Spain joined our Committee.

On my first slide you can see that the CPMI now covers 86% of the world economy and 63% of its population. It includes all G20 countries, and nearly half of its members are from emerging market economies. Outreach and broad coverage is the basis for success for global standard setting.

In the collaborative spirit of our Committee, we are not organising today's event alone. Our parent organisation, the Bank for International Settlements (BIS), is our co-sponsor, and I very much appreciate the support and hospitality of Hyun Shin and Stijn Claessens, commensurate with their constant thought leadership. Many thanks also to the organising committee for putting together a fascinating programme. The next one and a half days look very promising indeed.

The CPMI, following in the footsteps of its predecessor, the Committee on Payments and Settlement Systems (CPSS), has a distinguished history of dealing with the infrastructures supporting global financial markets.1 It has become recognised and respected as a global standard setter and - as proved again today - an analytical reference point.

In my remarks today I would like to give you a brief overview of some of the current policy issues that the CPMI faces, and I will highlight a few examples of where the Committee can benefit from your collective wisdom for improving on its work going forward.

I will focus on the frontier of what the CPMI does - what our Secretariat refers to as the CPMI's 3C challenge:2 cryptos, cyber and CCPs. This is without prejudice to the work of the CPMI in other important areas such as retail payments, correspondent banking or large-value payment systems.

Let me take the 3Cs in reverse order and start with central counterparties (CCPs).

Central counterparties

This conference takes place against the backdrop of the 10th anniversary of the failure of Lehman Brothers. The Lehman debacle exposed significant weaknesses in the over-the-counter (OTC) derivatives market, including the unchecked build-up of large counterparty exposures between market participants, which were not appropriately understood and risk-managed. In 2009, the G20 Leaders mandated the global standard-setting community to reform the OTC derivatives market with a view to promoting transparency and central clearing.

The regulatory efforts to promote central clearing have gone hand in hand with efforts to make it safer. The CPMI plays a significant role in this process. Together with our friends from the International Organization of Securities Commissions (IOSCO), we have designed and monitored the implementation of the Principles for Financial Markets Infrastructures (PFMI) and we now lead the efforts to strengthen the resilience and recoverability of CCPs. This includes providing guidance on how to design supervisory stress tests. And together with the Financial Stability Board (FSB), we are looking at ways to resolve a CCP in an orderly manner, should this be ever needed.3

Defining the rules of the game is not possible without sound analytical groundwork. As in any other field in economics, this starts with getting the incentives right. In recent months, we have therefore examined in depth, also as part of the wider efforts to evaluate the effects of the G20 financial regulatory reforms, the incentives to centrally clear OTC derivatives. We have done this together with our colleagues from the Basel Committee on Banking Supervision (BCBS), the FSB and IOSCO. Next week we will publish a final report on this matter.

Two findings are worth mentioning. First, although we find that the reforms are achieving their goals of promoting central clearing, they do so mainly for the most systemic market participants but less so for smaller market participants.

Second, the report argues that the treatment of initial margin in the leverage ratio can be a disincentive for client clearing. I am pleased that the BCBS has already acted on this finding. A consultative document has been published, seeking views on whether a targeted and limited revision of the leverage ratio's treatment of client-cleared derivatives may be warranted. Should the BCBS ultimately decide to change the leverage ratio, then it is incumbent on the clearing industry to deliver improvements in access to clearing services.

With the same group of international bodies, we have also analysed central clearing interdependencies. You can see this on the left-hand side of my second slide. Using network analysis, we find that a few CCPs are connected to many clearing members, and a few clearing members are connected to many CCPs.

On the right-hand side you can see that a small number of entities - often clearing members themselves - also tend to dominate the provision of critical operational services to CCPs, such as extending credit lines or offering custody and investment services.

In other words, a default, or an operational outage, of a key node in the network can have significant consequences across a number of CCPs. We need to keep these interdependencies in mind when designing policies aimed at strengthening the safety of CCPs and, ultimately, of the broader financial system. For example, the framework we released earlier this year for supervisory stress testing of CCPs is by design macro-oriented and multi-CCP.4

Our analysis is, of course, only a first step. Further economic analysis of the interactions, in particular in times of stress, between CCPs, their clearing members and the end users of derivatives are needed. Moreover, research should help us understand better how the network itself is shaped by competition between CCPs, building on earlier literature on competition between platforms in two-sided markets.5 We count on your work to fill these gaps.

Recent events highlight that such efforts are not just scientific curiosity. Consider the recent default of a member of a Swedish CCP where a trader failed to meet margins calls on a sizeable spread position between the Nordic and German electricity markets. The CCP's default management processes kicked in, but it turned out to be difficult to offload the defaulting trader's position in an increasingly illiquid market. In the end, the CCP was left with a large hole in its default fund, which the remaining members had to meet.6

This example highlights two points I often make. First, CCPs themselves are rarely, if at all, sources of risk (in fact, pooling risk actually reduces it), but they can become nodes of risk amplification and propagation. Second, the sources of disruption can be manifold. These include insufficient financial resources, failure of margining models, particularly in illiquid markets, and/or badly designed or executed default management processes. The Swedish incident appears to have had elements of all three.

Further work is therefore needed to strengthen the resilience of our system. As serendipity would have it, we hosted an industry workshop on default management auctions for CCPs the very week that the default occurred. Ashley Alder, the Chair of the IOSCO Board, and I have instructed our joint group to accelerate work on this matter. More empirical work on this and other sources of disruption is needed.

Cyber-resilience

Disruption brings me to my second C, cyber.

As 10 years have already passed since the global financial crisis, economic history regrettably tells us that post-crisis is also pre-crisis. Although crises periodically re-emerge, their sources often differ. This means two things for policymakers. First, learn from past crises and prevent them from happening again. The work on central clearing started nine years ago in Pittsburgh and belongs to this category of action. And, second, look out and prepare for the next crisis.   

And the next financial crisis may well start as a cyber-incident.7 In recent years, these have grown rapidly in scale, scope and sophistication. Failure to adequately protect against cyber-attacks may have far-reaching repercussions.8

Digitalisation is the breeding ground for cyber-threats. Despite its undisputable benefits, digitalisation brought many ills, such as hacking, phishing or identity theft, and in general it is an enabler of new forms of fraud. And the stakes have risen. Hackers increasingly target wholesale payment systems and the large money flows they handle.

The 2016 heist at the Bangladesh Bank is a case in point. Weak cyber-security allowed hackers to transmit fraudulent messages and divert $81 million from the Bank's account with the New York Fed.9 More recently, criminals have targeted the wholesale systems in other jurisdictions.

Strengthening cyber-resilience, especially in payments, must therefore be part of any policy agenda. The CPMI plays an active role in this process. We are present on two main fronts: at the core of the financial system and in its periphery.

To protect the core, we are promoting the broad adoption of the CPMI-IOSCO guidance on cyber resilience for financial market infrastructures (FMI) issued in June 2016.10 To secure the periphery, the CPMI recently published a strategy for reducing the risk of wholesale payments fraud related to endpoint security.11

This strategy seeks to encourage industry-wide efforts to reduce the risks of wholesale payments fraud. It is designed to address all areas relevant to preventing, detecting, responding to and communicating about fraud. The CPMI and its members are committed to this strategy and are actively reaching out to non-member jurisdictions.

Leadership by, and collaboration within, the industry is paramount here. I recently co-chaired a cyber-resilience roundtable hosted by the Bank of France that brought together senior executives of global FMIs to discuss continued collaboration and preparation for, and responses to, cyber-incidents, with a particular focus on cross-border actions.12 The ECB is supporting a similar group at the European level whose work can feed into these global efforts.13 We are currently following up on the commitments made by the attendees.

Work by the CPMI supports efforts at other levels. Earlier this year in Whistler (British Columbia), G7 finance ministers and central bank Governors took part in a simulation of the day after a major cyber-incident in the financial sector. This exercise showed that a major cyber-incident would require an internationally coordinated response.14 Forthcoming work of the G7 cyber expert group includes a cross-border cyber-crisis simulation exercise involving G7 financial authorities.

Sharing of information, also across borders, is therefore essential in fending off cyber-attacks. But impediments, related to privacy, data protection or reputational concerns, abound. So, we need some structured thinking about how to overcome these impediments with a view to strengthening cyber-resilience. In other words, there is plenty of opportunity for all of you to contribute to make public policy better.

Cryptos

Let me turn to my last C - cryptos.

Ten years ago we saw the Lehman failure, but it was also when the domain bitcoin.org was first registered and when "Satoshi Nakamoto" posted the original Bitcoin white paper. A few months later, Satoshi mined the first so-called genesis block and got a reward of 50 bitcoins. The rest is history, as they say. Few remember that Satoshi embedded the genesis block with a Times headline from January 2009 about UK banks' bailout. In more ways than one, Bitcoin is the evil spawn of the financial crisis.

Lightning may strike me for saying this in the Tower of Basel - but Bitcoin was an extremely clever idea. Sadly, not every clever idea is a good idea. The opportunities of the blockchain are many, but the problems of Bitcoin are also plentiful. I believe that Agustín Carstens summed its manifold problems up well when he said that Bitcoin is "a combination of a bubble, a Ponzi scheme and an environmental disaster".15

The CPMI started studying cryptos and the underlying distributed ledger technology (DLT), including blockchain, early on. Back in 2015, we released a report on cryptocurrencies - today, for well-known reasons, we like to speak of them as assets16 - and last year we published an analytical framework for looking at DLT.17 That said, there is still much that we do not understand, and things are moving rapidly.

Closer to our realm, this relates, of course, to central banks themselves using DLT to issue their own digital currencies.18 Earlier this year, we, together with the Markets Committee, published a first study on central bank digital currencies (CBDCs).19 This is a particularly pressing issue in countries where demand for cash has been declining sharply. Sveriges Riksbank, for example, may soon start an inquiry to draw up concrete proposals for the amendments of the Sveriges Riksbank Act to eventually pave the way for the introduction of the e-krona.20

In most other jurisdictions, there is more time to continue studying the technology and to assess the implications for both monetary policy and financial stability of central banks issuing their own digital currencies. Here I see tremendous potential for macroeconomists to contribute and to examine questions of exceptional relevance, such as how CDBCs may affect the future of financial intermediation. These and other questions deserve careful analysis.  

Work is already under way at most central banks. You can see this on my next slide, which holds a sneak preview of the findings of a recent CPMI survey of some 80 central banks on their work in this field. 

A clear majority, 69%, is currently, or will soon be, conducting work related to CBDCs. The remaining central banks are typically either small in size, face more pressing challenges, or indicated that they rely on work by regional research programmes or international organisations, such as the BIS or the IMF.

And of those that are conducting work - you can see this on the right-hand
side - the majority, 57%, investigates two broad forms of possible application: a wholesale payment application restricted to large-value and high-priority transactions, such as interbank transfers, or a widely available, consumer-facing payment instrument targeted at retail transactions - what we call general purpose CDBC.21  Recent successful experiences also show a potential for cross-border remittances-related payment services, which confirms the potential for new technologies to support financial inclusion.

However, on my next slide, you can see proof that most central banks are still at an early stage of studying digital currencies. There is broad agreement that a CBDC, in whatever form, is unlikely to be issued within the next decade, even among those four central banks that have indicated that they have reached the stage of developing a pilot project. We will hear from one of them tomorrow morning when Gerardo Licandro, from the Central Bank of Uruguay, explains their pilot experiment of a CBDC for the general public.

Conclusion

Let me conclude.

Rapidly growing digitalisation means both challenges and opportunities for payments. New technologies will reshape the way financial services are provided in the future. And they will pose new and virulent risks to the financial system. More interdisciplinary research, bringing together macroeconomists, payment experts and IT developers, is needed to reap the benefits that new technologies promise, to help central banks, regulators and standard-setting bodies keep our financial system safe, and to forestall and prevent misuse and deception. I hope that this conference will bring us one step closer to achieving these goals.

Thank you.



1      See Cœuré, B. (2015), Opening remarks at the 25th anniversary of the CPMI, Basel, 30 June.

2      The original "3Cs" were highlighted by UCLA professor Kenichi Ohmae as the three main elements a successful business strategy needs to take into account: the company, the customer and the competitors.

3      For an overview of the CCP workplan, see Cœuré, B. (2017), "Central clearing: reaping the benefits, controlling the risks", Bank of France Financial Stability Review No 21, April, pp. 97-110.

4      See CPMI-IOSCO (2018), Framework for supervisory stress testing of central counterparties (CCPs), April.

5      See Rochet, J. and J. Tirole (2003), "Platform competition in two-sided markets", Journal of the European Economic Association, 1(4), pp.990 -1029.

6      The parent company also supplied additional capital to the CCP.

7      See also Healey et al. (2018), "The future of financial stability and cyber risk", Brookings Institution, October.

8      See also Cœuré, B. (2018), "The future of financial market infrastructures: spearheading progress without renouncing safety", speech at the Central Bank Payments Conference, Singapore, 26 June.

9      Only a combination of diligence, luck and identification of spelling errors prevented a further loss of up to $1 billion.

13     See Cœuré, B. (2018), "A euro cyber resilience board for pan-European financial infrastructures", introductory remarks at the first meeting of the Euro Cyber Resilience Board for pan-European Financial Infrastructures, Frankfurt, 9 March.

14     It also highlighted areas where the G7 Cyber Expert Group could help address potential coordination issues, including areas beyond the traditional reach of regulators, such as third-party providers. See G7 Cyber Expert Group, "Fundamental elements for third-party cyber risk management in the financial sector", 12 October 2018.

15     See Carstens, A. (2018), "Money in the digital age: what role for central banks?", speech at House of Finance, Goethe University, Frankfurt, 6 February.

16     See G20 Finance Ministers and Central Bank Governors, Buenos Aires Summit communiqué, 19-20 March 2018.

18     See Cœuré, B. (2018), "The future of central bank money", speech at the International Center for Monetary and Banking Studies, Geneva, 14 May.

19     CPMI and Markets Committee (2018), Central bank digital currencies, March. See also Cœuré, B. and J. Loh (2018), "Bitcoin not the answer to a cashless society", Financial Times, 12 March.

20     See Sveriges Riksbank (2018), E-krona project: report 2, 26 October.

21     See Bech, M. and R. Garratt (2017), "Central bank cryptocurrencies", BIS Quarterly Review, September, pp. 55-70.