Four digital locks depicting cyber security

Strengthening Securities Services: ISSA’s FCC principles explained

The ISSA has newly developed a more robust compliance framework to help detect and prevent crimes in Securities Services.

Traditionally, most policy and regulatory efforts to combat financial crime have focused on cyber security trade and/or cash and not on securities. Following several enforcement actions against custodians in early 2014 that related to sanctions and penny stocks abuse, the International Securities Services Association (the ISSA) recognised that the regulatory guidance covering securities business was limited and outdated.

ISSA started its work on drafting the “Financial Crime Compliance Principles for Securities Custody and Settlement” (the Principles), with the objective that once implemented across the securities and funds distribution industry, it would strengthen the control framework in place to prevent, detect and remediate financial crime related risks. The first version of the Principles was issued in August 2015, and subsequently revised in May 2017 and April 2019. Notably, the regulatory landscape continues to evolve over time and most recently in October 2018, The Financial Action Task Force (FATF) issued a guidance for a risk-based approach for the securities sector.

With the objective of protecting the global securities custody and settlement infrastructure and its participants from criminal activity, the Principles provide guidance to securities custodians (‘’Custodians’’) on how best to manage the risks that arise from the layers of intermediation between securities issuers and the ultimate beneficial owners. Custodians define the policies and procedures by which they will ensure compliance with these Principles, which apply to Custodians and account holders (Account Holders).

The 17 Principles cover policies and standards, Account Holder’s assets – segregated versus omnibus accounts and disclosure of buyers and sellers. They provide practical guidance to Custodians on the appropriate due diligence measures to fulfil one of the recommendations set out in the Principles of client identification and beneficial ownership for the securities industry that were published by the International Organisation of Securities Commissions (IOSCO) in 2004. Particularly, the guidance under the Principles is focused on the question of transparency of ownership and control in intermediated securities custody arrangements.

A businessman using a mobile phone to check stock market data, business on the go

Due diligence framework

All Account Holders of the Custodian shall be subject to the appropriate due diligence, the aim of which is to satisfy the Custodian that it is comfortable conducting business with the Account Holder, in the light of that Account Holder’s risk profile and the nature of the business relationship that it will have with the Custodian.

In relation to the risk profile of the Account Holder, the Custodian has to assess its geographic risk, and its ownership and management structures. The Custodian will also obtain information on the products and segments supported by the account provided to the Account Holder (including relevant verification) to establish the nature of the business relationship that it will have with the Custodian.

Account Holder’s assets – segregated versus omnibus

To ensure that due diligence adequately addresses the underlying risks, the Principles recommend that the Custodian ensure that all accounts opened by an Account Holder are clearly categorised as proprietary or for client assets. Client accounts must then be designated as segregated or omnibus, depending on whether the account is held for a single client or for many whose interests are co-mingled.

For proprietary accounts, the due diligence is tailored to the risk profile of the Account Holder.

For segregated client accounts, the due diligence conditions would include:

  1. The Account Holder must be regulated and authorised to accept client assets and money; and must have adequate compliance and control functions to fulfil the obligations of safekeeping client assets.
  2. The segregated client account must be associated with the name of the client of the Account Holder.
  3. The Account Holder should disclose the asset’s beneficial owners, that is, the end investor of the assets deposited.

In the case of an omnibus account, more stringent conditions are imposed by the Principles, whereby the Account Holder should:

  1. Be regulated and authorised to accept client assets and money; and must have adequate compliance and control functions to fulfil the obligations of safekeeping client assets.
  2. Represent that they have applied the due diligence requirements as communicated by the Custodian and taken risk-based steps to verify compliance with those requirements by their clients.
  3. Screen transactions and holdings against relevant sanctions or other relevant lists.
  4. Disclose to the Custodian the geography, segments and products which the account will support and inform the Custodian of any material change in the use of its account.

The Custodian should be entitled to require its Account Holder to disclose the identities of the ultimate buyer and/or seller of a security in response to a specific request predicated on risk factors within a reasonable period.

ISSA has created a due diligence questionnaire to guide Custodians on the specific industry risks that need to be addressed. The due diligence questionnaire, the Principles, the background and overview of the Principles and the examples of draft contractual terms to support the implementation of the Principles, are available on the ISSA website.

Standard Chartered Bank is represented as a board member in ISSA and actively participates in the ISSA FCC working group.


1. ISSA Financial Crime Compliance Principles for Securities Custody and Settlement (April 2019) (

2. Publication on ‘Financial Crime Compliance Principles in the Securities Custody Business’ (

This article was also published in “The Custodian, Issue 6”. To read the full issue, click here.

Back to CCIB News and Views