When I started in securities custody there were no specific laws or rules about it, few regulators knew what it was, accounts were opened for new clients on the strength of a telex request and contracts to look at as precedents, if there were any at all, were two, perhaps as many as six pages of rather basic provisions in rather basic English. A market melt-down in 1987 identified, inter alia a need for those involved to understand what they were doing and to document it. It also caused dematerialization or at least immobilization of marketable securities to move from a “nice to have sometime” idea to “need to have now” and highlighted the value of “scrip lending” (as it then was) in supporting reliability of settlement of transactions. Today there are more laws, rules, guidelines, policy statements, master agreements… than could be printed by a whole forest worth of paper; many lawyers offering services and advice; every regulator, supervisor and authority has a view. For all that, I do not think that the fundamentals have changed much at all. The rules etc. have focused on a number of features, perhaps to the detriment of those features not specifically addressed. This series of articles will look at the core features of a relationship for custody of marketable securities and flesh some of them out, including a few examples from the coal face.
For convenience the articles have been written from the point of view of a local bank (i.e. not a broker, or other type of firm) acting as a master custodian, which means providing both:
1 – global custody (i.e. local and international) and related services to institutional investors from its home jurisdiction and
2 – local market sub-custody to global custodians from other jurisdictions.
This is not intended to be an in-depth analysis of any particular regulation; indeed there is a certain amalgamation of the applicable regulations to the “highest common denominator”, which per force entails an amount of glossing over the differences rather than exploring them. The latter is beyond the scope of these articles, as is detailed review of the law around a number of significant points, several of which could each fill lengthy articles.
Let us consider the core features:
The Parties Who are you? Who are you appointing and who is actually going to hold the assets?
You: perhaps more to the point; whose assets are you arranging to be held under custody in what capacity? Your own proprietary assets? The assets of your customers? What regulations apply to you and your customers? To what extent are you required, either legally, commercially or in practice, to impose those requirements on your custodians and how far down the custody chain?
It is rare for a custodian to accept an agency appointment; that is, where the custody contract would operate as several, separate (mostly) identical contracts between the custodian and it’s client’s customers individually, entered into through the client’s agency (I don’t recall ever seeing it). A custody network is a chain of back-to-back principal agreements. This is in contrast to securities lending, repo and ISDA master agreements, where agency relationships are common.
It is also rare for a global custodian to accept appointment by a client which is not itself a financial institution, regulated and supervised as such in its home jurisdiction (again, I have never seen it). A “quasi-exception” is perhaps seen in the largest sovereign wealth funds and government or treasury investment bodies: such institutions might well have the necessary systems and staff etc. They are often the creatures of an individual statute or decree; so perhaps one could say that they were “financial institutions, regulated and supervised as such in their home jurisdiction”. The usual route is for an institutional investor to appoint a master custodian in their home jurisdiction, or a place most convenient for their operation. That master custodian then attends to both local and global custody of the institution’s assets, provides consolidated reporting to the institution and shares the benefits of economies of scale. Whilst this might now be a requirement of law or regulation, at least in some jurisdictions for certain types of investors, it has more to do with practicalities: the communication systems, record-keeping and reporting systems required; the essential memberships of exchanges, clearing houses and depositories; the staff expertise to manage a global network are all unlikely to be available to non-financial institutions or even to smaller organisations. In particular, if the assets involved are not only your own, the regulations applicable to the relationship with your customers probably requires you to be a regulated financial institution.
The Custodian: In many jurisdictions, custody – the holding of investments for the account of another – is now a regulated activity: E.U.: MiFID 2 Art 4 1(2) and definition in Annex 1 B (1); UK: Financial Services and Markets Act 2000 (Regulated Activities) Order 2001 – Art 40, safeguarding and administering investments; possibly some other articles also, depending on the individual arrangement. Ireland: European Union (Markets in Financial Instruments) Regulations 2017 reg. 5(1) and follow the definitions to Sch. 1 part 2 – 1. Australia: Corporations Act ss766A(1)(e) and E.
A license, permit or similar authorisation is required for which qualitative and quantitative standards are imposed: E.U. MiFID2 Art 5, 1 for authorization; then arts 9, 16, 23 & 25; MiFID 2 delegated directive Arts 2 – 5 & 7; much of the MiFID 2 delegated regulation. UK: Financial Services and Markets Act 2000 ss 19 & 22A for authorisation, then CASS, COBS and other portions of the FCA Handbook for the standards. Australia: Corporations Act s911A, then ss912AAC and AAD
Further, investment entities of various sorts are subject to regulations regarding the types of institutions with whom they can place their assets and custodian are subject to regulations regarding entities to whom they can delegate the holding of their clients’ asset. In each case there are also obligations to “push down” some at least of those requirements through their custodians to sub-custodians and other entities in the chain. For example E.U.: MiFID Delegated Directive Art 2 (1)(d), 3 & 4; UCITS V Dir 22a(3), Reg 17; AIFMD Art 21 (11), AIFM Reg Arts 98 & 99; Australia: Corporations Act ss601FCAA(1) to (4), 912AAD(2)(a); . These will be considered in greater detail under “Delegation”.
The obligations imposed on custodians, whether directly by laws and regulations or by conditions in their licences, or which clients ought to insist be negotiated into contracts, can be summarised in the following touchstone:
The custodian must make suitable arrangements to safeguard A – their clients’ assets and B – the rights arising out of those assets from loss or diminution , in particular arising from:
- The insolvency of the Custodian or any holder of those assets (including intermediate steps in a chain),
- Use, reuse or misuse of those assets without the client’s consent,
- Poor performance by the custodian or any holder of those assets such as fraud, wilful misconduct, poor administration, inadequate record-keeping, negligence…
(not understood to include investment, counterparty, infrastructure or market risks)
Thus expressed, there is not really much new; one could have formulated the basic requirements in those terms twenty, perhaps even one hundred and twenty years ago, at least under the Anglo-Saxon law. The expressions used include “arrange adequate protection (UK: PRIN 10, CASS 6.1.22, 6.2.1 & .2); “takes all reasonable steps” (Ire: EU MiFID Regs 23(1)(a) & (g); “adequate organisational arrangements to minimise the risk” (MiFID2 delegated directive Art 2(1)(f), AIFM Reg 99(1)(d), UCITS V Reg 16(1)(d)); So it is not a strict liability, albeit it that there are some absolute obligations – “the custodian shall / must not…” – which will be considered in context.
Assets As a general comment, the industry provides services to investors in marketable securities or financial instruments; those are the services which will be reviewed in this paper. Other sorts of investments are quite capable of being the subject of a custody relationship – real property (at least in some jurisdictions), bullion, non-securitized financial investments, even art and collectibles are all held by some institutions on behalf of their clients with a more or less full custody service – and are contemplated by some of the regulations. These sorts of investments will not be considered here.
It is worthwhile considering the nature and status of client’s assets in a custodian’s hands: Anglo-Saxon legal systems recognise four possibilities; debt/loan, agency, bailment or trust. “Agency” is not really a separate category as the principal’s property in the agent’s hands will fall into one of the other categories.
Under a loan or debt, the property in the asset passes absolutely to the receiver with full rights of use and alienation subject to an obligation to repay (in the case of funds) or to return equivalent property (in the case of other assets such as securities). It is settled law that the money in a bank account is held by the bank as a debt to its customer, a situation reflected in the regulations involved in custody; the “banking exemption”. Securities might not be “capable of being lent”: at best the relationship might be a mutuum (a transfer of personal chattels to be consumed by the “borrower” and returned similar in kind and quality, for example “a cup of sugar”). In each case the “lender” loses all proprietary rights in the assets and has only a contractual right against the borrower. This is not the intention of either party in respect of securities held pursuant to a custody relationship, nor is it permitted by the regulations.
At a somewhat simplified level, where the client’s securities are registered in the name of the custodian (or a nominee controlled by the custodian) there is a division of legal and beneficial ownership: under Anglo-Saxon law there must be some sort of trust. In contrast, where a client’s securities are registered in the client’s name (with the custodian empowered to make transactions and give instructions regarding them), there is no division between legal and beneficial owner, so there cannot be a trust; the relationship is probably one of bailment. Whilst this analysis might not be sufficient where securities not in registerable form are involved – many debt securities and discount instruments and the bearer shares issued in some European and other jurisdictions, for example –it is instructive. At least one jurisdiction, Australia, expressly requires that custodian property be held on trust at all levels in the chain and that each level acknowledges that it holds property on trust: Corporations Law 601FCAA(1)(a) and FCAB(2)(c); 912AAC(2) and AAD(2)(c). There follow a volume of provisions to deal with situations where trusts are unknown or not appropriate.
In either case an existing body of law, at least in both Anglo-Saxon and civil law systems, is applicable and includes rights and obligations in line with the greater part of what is now found in the various regulations. As not all of the rights and obligations which would be applied by the law of trust or bailment are desirable or beneficial in the context of a custody relationship – for example, neither party wants a custodian to make or veto investment decisions – it is advisable to expressly limit the rights and obligations to those set out in the custody agreement.
For completion, two other possibilities can be dismissed:
Firstly, the possibility that the assets might be held by the custodian as some sort of charge or pledgee in possession can be dismissed: (subject to some exceptions which will be considered in context) the assets are required to be freely transferrable on the instructions of the client, including returned in full to the client or transferred to an alternative holder; the custodian has no overriding rights to refuse to part with possession when instructed; no provision or other agreement exists which would create a charge, pledge or other encumbrance; the volume of assets held is determined by the client without reference to any connected (or even unconnected) debt or other obligation to the custodian… this possibility is usually expressly excluded in the custody agreement; indeed the regulations now require that assets held by a custodian not be subject to any such charge, pledge or similar right in favour of the custodian, subject to very limited exceptions.
Secondly, the body of law, both statute and case law, concerning “vendor in possession” situations has limited, if any application. In the standard, vanilla custody of marketable securities relationship the custodian receives, holds and eventually delivers securities which its clients have purchased or acquired from someone else, primarily on a regulated secondary market or trading platform, at times by initial subscription or investment. The custodian is neither vendor of the assets held for its clients, nor even involved in their selection. The occasional exception – the portfolio of a large institutional investor may well include the shares of the custodian or funds which it has created or marketed; or a business unit within the custodian company might actually also serve as investment manager – should not be regarded as compromising this basic feature of the relationship, at least not without further investigation in individual situations. This feature might also provide the basis on which to distinguish the line of cases and commentary concerned with the competing claims of clients and creditors to an unallocated body of assets upon the insolvency of vendors of wine, bullion or collectibles who had been storing the purchases’ assets in their warehouse.
ASIDE: the morning of 26th February, 1995 started just like any other work-day morning: radio alarm, yawn and stretch, get out of bed, assemble clothes etc, listen to the radio news… Headline “Barings Bank collapse”. I dressed hastily and got to my desk in record time to find five “please call”, “please advise” messages regarding payments or deliveries to or from Barings accounts and a meeting invitation forwarded by the general manager of custodian services to join the CEO and others to review the situation. I accepted the invitation, answered the messages concerning inward payment or receipts to Barings accounts with “yes, accept” and those concerning payments or deliveries from Barings accounts with “no, decline” and went to the cafeteria for some breakfast. (Instructions are not required to accept payments or receive deliveries to an account, but valid instructions are required make payments or deliveries out of an account.) Upon returning with my toast I found five notices of emergency ex-parte injunctions, one from each of the counterparties to the five transactions. The meeting to review the situation brought praise to custodian services for having been quick off the mark regarding the receipts and payments, but also a suggestion from one senior banker that the assets held might be available to cover any loses in the insolvency. I promptly explained not only my view of the status of those assets in our hands as custodian – either trust or bailment, in either case not available to cover (unrelated) obligations of Barings Bank – but also the potential impact to reputation and revenue of even attempting such a thing. This position was supported by the Chief Legal Officer and then the CEO.
Agreement An agreement for custody is required be in writing (UK: CASS 6.3.4A, MiFID Regs Art 31(3), AIFMD 21(2), UCITS V 22(2) + 22a(3)(e), Aust. Corporations Law 601FCAB (1)(a) and 912AAD (1)). There is no suggestion, however, that this is a “special condition” for validity, non-compliance with which would impact on the validity or enforceability of the contract or of transactions completed pursuant to it. Having said that, individual jurisdictions may well require enhanced execution or confirmation of validity such as an endorsement by a notary, an apostille or authentication by the consulate of the country involved.
Accounts The custodian must open accounts to record the assets which it holds on behalf of its clients. Invariably cash will be in accounts separate from accounts for other assets; securities / investments accounts. This is as much a practical requirement: to be able to be used to pay for purchases or to remit to the client, the cash must be held within the regular payments system. There are often different provisions applicable to cash held by custodians in the various regulations, albeit in quite similar terms; e.g. CASS 6 for securities, CASS 7 for cash.
These accounts must be in the books of the counterparty to the custody agreement, such that they represent obligations of that entity (CASS 6.3.4A; AIFMD Art. 21(8)(a) + (11)(d)(v); UCITS V 22(5)(a) + 22a(3)(e) and third paragraph). Cash accounts will be a debt on the custodian’s balance sheet. Whilst clients’ securities are not held in such a capacity – the custodian has no rights of use other than as set out in the custody agreement, as instructed or possibly as provided in applicable law and not excluded in the custody agreement – clients expect and the regulations anticipate that they will have rights in rem against the custodian in respect of the securities held, not just contractual rights, which circles back to the earlier review of the status of the assets in the custodian’s hands.
Against whom can these rights be enforced? Unfortunately the answer is not as simple as it ought to be. Various regulations, guidelines etc mention that the custodian (or depositary) must not be a “letterbox”, or white-labelling for other entities. There are a number of structures used by master custodians to establish a global network, including:
- Direct – The master custodian directly appoints numerous individual sub-custodians, one (or more) in each jurisdiction in which it is prepared to offer custody services for clients in its home jurisdictions;
- Hub-and-Spoke – The master custodian appoints a smaller number of sub-custodians to cover several jurisdictions, perhaps to cover a region, with the custodian on the ground in each jurisdiction either a branch of the sub-custodian, or a separate legal entity as a sub-sub-custodian. The master custodian’s agreement is with the regional custodian, not the individual, local custodians: there are two (at least) steps in the chain with the entity at each level being the “client” of the next level;
- “Deemed” Direct – The master custodian enters into a contract with a major custodian, the terms of which form the core, common provisions for a number of individual appointments. The appointment of individual custodians in each jurisdiction occurs by the master custodian and the local custodian entering into a shorter agreement, often a “Country Addendum”, which adopts the terms or the existing contract as modified or added to by this jurisdiction-specific document. This is a one-step chain.
Each of these structures is permitted, provided you know what the situation is. The regulations include several requirements for the appointment of sub-custodians, including review of the suitability, legal and regulatory status, creditworthiness, performance etc of the entities being considered. These will be considered in detail under “Delegation”. Suffice it here to point out that these obligations cannot be fulfilled if you don’t know which entity to review.
Of particular concern are situations where a local custodian is appointed by you pursuant to a contract which appears to meet all of these requirements, but that local custodian then opens accounts with a sub-custodian or securities depository “as agent for” you pursuant to a power to do so under applicable local law. In this case the real contract for custody is between you and the sub-custodian or securities depository; you are the “account holder”, the local custodian will be something like an “account operator”; a third party to the true contractual relationship. Who is your custodian in that market? Against whom could you enforce rights in rem in respect of the assets? The local custodian, who it turns out does not actually have either possession or any sort of property in your assets, or the sub-custodian or securities depository which appears to have both possession and property but with whom you have no direct contact? This is the situation, established by statute, in at least one Nordic market, possibly elsewhere. It raises difficult questions which deserve an article all to themselves. (NB: this is be distinguished from the situation in “beneficial owner” markets where accounts identify the master custodian, client or end investor in some way, but that entity is not a party to the account. In that case the parties to the account are still the local custodian and the sub-custodian or securities depository.)
There are very strict requirements in respect of accounts intended to hold and record your clients’ assets. Your clients’ assets must be held and recorded so that they are clearly and easily identifiable as “clients’ assets”, “separately identifiable from” or “distinguished from” your own assets and those of any appointee or delegate. One could well argue that this is included by necessary implication within the CASS 6.2.1 requirement to make “adequate arrangements so as to safeguard clients’ ownership rights…” and 6.2.2 requirements to “introduce adequate organisational arrangements to minimise the risk of the loss or diminution…”. Specific requirements include CASS 6.6.2 “keep such records and accounts as necessary to enable it (i.e.: you) at any time and without delay to distinguish safe custody assets held for one clients from safe custody assets held for any other client and from [your] own applicable assets”; The wording is almost identical in Schedule 3, s1 (1 (a) of the Irish E.U. (MiFID) Regs 2017 – appropriately so, as each is intended to implement MiFID 2 delegated directive Art 2 (1)(a). The Australian provisions are perhaps less proscriptive, but amount to the same thing: Corporations Law 601FCAA(1)(c)(ii) and 912AAC(5)(b). This obligation is invariably required to be “pushed down” to third parties which hold your clients’ assets on your instructions: CASS 6.3.4A-1 “…take the necessary steps to ensure that any client’s safe custody assets deposited with a third party are identified separately from the applicable assets belonging to [you] and from the applicable assets belonging to that third party, by means of differently titled accounts on the books of the third party or other equivalent measures…”. Again, Irish E.U. (MiFID) Reg 2017 Schedule 3 s1(1)(d) is on almost identical terms, for the same reason, namely that both implement MiFID Delegated Directive art 2 (1)(d). In Australia; Corporations Law 601FCAA(1)(c)(i) and 912AAC(5)(a).
These requirements have not been understood as prohibiting “omnibusing” of clients’ assets at each level; segregation of individual client’s assets is not required all the way down the chain to the issuers of the securities. That does represent a risk – the “allocation problem” – which has been addressed by legislation in many civil law jurisdictions (e.g. Swiss Banking Act 37d). Whether it is still an issue in Anglo-Saxon jurisdictions is one of those matters about which lengthy articles or chapters can (and have) been written. It is beyond the scope of this article.
The requirements of AIFMD and UCITS V, whilst worded differently, amount to the same thing: AIFMD Art 21 (8)(a)(ii) “so that they can be clearly identified as belonging to the AIF” and Art 21 (11)(d)(iii) “the third party segregates the assets of the depositary’s clients from its own assets and from the assets of the depositary in such a way that they can at any time be clearly identified as belonging to clients of a particular depositary”, supported by AIFM Regs Arts 89(1)(b) & 98 (3)(b) and art 99(1)(a). UCITS V Directive Art 22 (5)(a)(ii) refers to the MiFID 1 Implementing Directive Art 16, (1) (a), (b) and (d) of which contain wording we have already seen, as does UCITS V reg Art. 16(1)(a).
Supporting the requirements for separate accounts with suitable names are requirements to keep comprehensive records and accounts (MiFID 2 Delegated Reg art 21 (1)(f)); to maintain records and segregated accounts which are up-to-date and accurate, correspond to the assets held (CASS 6.6.3 and 7.15.2 & .3; AIFM Reg Art 99(1)(b)), allow the precise nature, location and ownership status of the assets to be established at any time and which can conveniently be used as an audit trail (more on audit etc later) (Ire E.U. (MiFID) Regs 2017 Sch3 s1(1)(b); Australia; Corporations Law 601FCAA(9) and 912AAC(13); MiFID 2 art 16(6)) and to retain these records for various set or determinable periods of time (NB: each of these is shorter than the ten year limitation period for trust actions, so it is recommended that the ten year period be imposed by contract). The CASS 9.3.1 requirement that the location be established is problematical: does it mean country, city, street address, entity holding? At what level? The “location” of dematerialized securities is a matter of debate.
Further, reconciliations must be performed daily (CASS 6.6.34 to .40; Ire E.U. (MiFID) Regs 2017 Sch 3, s1(1)(d); Australia; Corporations Law 601FCAB(2)(g) and 912AAC(6)(d) and AAD(2)(g); AIFM Reg Arts 89(1)(c) & 99(1)(c)); and statements of account provided at least monthly (CASS 6.6.40; MiFID 2 Art 25(6) and delegated reg Art 63(1).
A feature to note of each of the obligation outlined above is that they are absolute obligations: there are no “best endeavours”, “reasonable steps”, “minimise the risk” qualifiers.
So far we have outlined the background. In future instalments the flow of transactions in client securities will be followed, from receipt through long(er) term holding and the sorts of things that can take place over time to eventual delivery out. A further instalment will look at provisions necessary to equip you to provide a custody service such as delegation, fees and expenses and indemnities to eventual termination.