Principles 15–17 assess whether a Financial Market Infrastructure (FMI) can survive as a business, protect assets under its custody, and continue operating during severe operational or cyber disruptions. These principles are increasingly critical as FMIs become more digital, interconnected, and reliant on third parties.
Each principle below includes a short PFMI excerpt, supervisory interpretation, detailed regulatory practices, real-life failure scenarios, benchmarks for good practice, common misunderstandings, and questions supervisors typically ask.
15) Principle 15 — General Business Risk
What this principle means
Principle 15 ensures that an FMI can continue operating as a going concern even when facing losses unrelated to participant defaults, such as revenue shocks, legal claims, regulatory penalties, or strategic failures.
Regulatory practice (what authorities actually require)
- EU (ESMA / ECB): They require FMIs to hold liquid net assets funded by equity sufficient to cover at least six months of operating expenses, supported by recovery plans that include capital replenishment and cost-reduction options.
- UK (Bank of England): They assess business model sustainability, challenge reliance on volatile revenue streams, and review wind-down plans to ensure continuity of critical services.
- Singapore (MAS): MAS requires FMIs to demonstrate sustainable revenue models, maintain capital buffers, and periodically test recovery options.
- Canada (Bank of Canada): They expect credible, actionable wind-down plans that protect financial stability and avoid public-sector support.
How this principle fails in real life
What good looks like
- Equity-funded liquid assets covering at least six months of operating expenses.
- A realistic, tested recovery plan with clear capital and cost levers.
- A credible wind-down plan that protects critical services.
- Active Board oversight of business sustainability.
How FMIs usually misunderstand this principle
16) Principle 16 — Custody & Investment Risk
What this principle means
Principle 16 focuses on protecting assets held by the FMI—both participant assets and its own funds—against loss arising from custodian failure, poor investment decisions, or legal uncertainty.
Regulatory practice
- EU (ESMA / ECB): They require conservative investment policies, use of highly rated custodians, diversification, and legal opinions confirming asset protection.
- UK (Bank of England): They scrutinize custody chains, enforce diversification of custodians, and review investment limits and concentration risks.
- Singapore (MAS): MAS mandates segregation, daily reconciliation, and strict investment eligibility criteria focused on capital preservation.
- Australia (RBA): They expect FMIs to stress-test custodian failure scenarios and demonstrate rapid access to assets under stress.
How this principle fails in real life
What good looks like
- Assets held with multiple, highly rated custodians.
- Daily reconciliation and strong segregation controls.
- Conservative investment policies prioritizing liquidity.
- Regular stress testing of custody and investment risks.
How FMIs usually misunderstand this principle
17) Principle 17 — Operational Risk (Including Cyber Resilience)
What this principle means
Principle 17 addresses IT resilience, cybersecurity, business continuity, outsourcing, and third-party risk. Regulators expect near-continuous availability of critical services, even under extreme but plausible scenarios.
Regulatory practice
- EU (DORA / ESMA): They require ICT risk management frameworks, cyber testing, incident reporting, and oversight of critical third-party providers.
- UK (Bank of England): They impose impact tolerances for important business services and test FMIs’ ability to remain within tolerance during severe disruptions.
- Singapore (MAS): MAS mandates cyber hygiene, penetration testing, red teaming, and strict recovery time objectives.
- Australia (RBA): They expect rapid recovery of critical services, often within hours, supported by regular operational resilience testing.
How this principle fails in real life
What good looks like
- Clearly defined RTO/RPO aligned with systemic importance.
- Regular cyber resilience testing, including red teaming.
- Tested business continuity and disaster recovery plans.
- Strong oversight of critical service providers and cloud vendors.
How FMIs usually misunderstand this principle
What supervisors typically ask (Principles 15–17)
- “How long can you operate without new revenue?”
- “Show us your recovery and wind-down plan—when was it last tested?”
- “Where are participant and FMI assets held, and how quickly can you access them?”
- “What is your impact tolerance for critical services?”
- “Provide evidence of your last cyber or operational resilience test.”
- “How do you oversee critical third-party service providers?”
Key takeaways
- Principles 15–17 determine whether an FMI can survive financial, custody, and operational shocks.
- Supervisors focus on evidence and testing—not just policies.
- Weaknesses usually stem from unrealistic recovery assumptions and under-tested resilience frameworks.