Inside CDSC's SLB Risk Framework: Six Pillars and Their Mitigations

The single most important question for any participant in a securities lending market is what happens when something goes wrong. The framework is only as useful as its worst case, and the worst case has to be specified before the first transaction settles, not after. CDSC has done the work of specifying it, in a risk framework benchmarked against the international standards used in mature post-trade infrastructures: CPMI-IOSCO for financial market infrastructures, COSO for enterprise risk management, and ISO 31000 for the broader risk-management lifecycle.

This post walks through the six pillars of the SLB risk framework: credit (default), liquidity, operational, market, custody and agency, and legal and compliance. For each, the post lays out the specific risks the framework recognizes, the mitigation measures CDSC has put in place, and the residual risks that participants still need to budget for. The pattern is consistent throughout: the framework is designed to prevent loss to the non-defaulting side, not to eliminate all market risk for the defaulting side.

Pillar 1: Credit (default) risk

Credit risk in SLB is the risk that a counterparty (borrower, lender, or CDSC itself) cannot meet its funds or securities obligations when due. The CDSC framework decomposes it into four distinct sub-risks, each with its own mitigation set.

Collateral and securities settlement risk addresses the possibility that the borrower fails to provide collateral or the lender fails to make the lent securities available at contract start. The mitigation is structural: the borrower must pre-fund the collateral before any borrowing request can be placed, the lender's securities must be unencumbered before CDSC approves the lending order, and settlement of matched SLB orders follows the DVP-3 model. DVP-3 means the transfer of securities to the borrower happens simultaneously with the blocking of collateral, so neither side is exposed to the other defaulting between the two legs.

Margin risk addresses the borrower failing to deposit additional margin when a margin call is issued. Daily mark-to-market of both the lent securities and the non-cash collateral generates intraday margin calls. A borrower who fails to meet a margin call triggers immediate contract closeout, with the SLB contract terminated a day after default to bound the lender's exposure window.

Failed delivery risk addresses the borrower failing to return securities at contract end. The framework handles this through buy-in against the posted collateral, plus cash-equivalent compensation if a buy-in is not feasible. The 110 percent collateral cover (100 percent of notional plus 10 percent initial margin) is sized to handle typical buy-in cost plus the price-move buffer.

Lending-fee risk addresses the borrower's inability to settle outstanding lending fees at contract end. The provided collateral is used first; the Settlement Guarantee Fund is the backstop if collateral is insufficient. The structure means a lender never depends on the borrower's standalone credit for fee collection.

Pillar 2: Liquidity risk

Liquidity risk in SLB is the risk that a counterparty cannot settle for full value when due, even if ultimately solvent. The framework addresses this from two directions. On the securities side, only NSE 20 share-index constituents can be lent or borrowed at launch. The deliberately narrow eligible universe is the chosen mitigant: a buy-in in a thin name cannot be executed at a defensible price, so the framework restricts eligibility to names where the open-market liquidity actually exists. If a buy-in still cannot be executed, the framework permits cash settlement (compensation at the cash-equivalent value) to the lender.

On the collateral side, the eligible collateral is restricted to cash in Kenya shillings and Government of Kenya securities. Both are by construction the most liquid asset types in the Kenyan financial system. Reuse of collateral is further restricted: cash collateral can only be placed in interest-bearing accounts at tier-one banks, and government-securities collateral can only be repo-ed overnight. The combination prevents collateral from being recycled in ways that could create cascading liquidity stress in a default scenario.

Pillar 3: Operational risk

Operational risk is the risk of loss arising from inadequate or failed internal processes, people, or systems. The framework addresses each of those three dimensions explicitly. Processes are covered by the SLB Rules and Procedures, themselves approved by CMA, with documented escalation and dispute mechanisms. Periodic communication with participants (including daily reporting on executed transactions) is built into the procedure. Indemnification mechanisms are written into the SLB Rules and the agent contracts, so failures in operational duty are recoverable by the affected party.

Systems are covered by the CDS infrastructure itself, which has been tested for SLB support and benchmarked for the screen-based model against external reference implementations. The CMA Regulatory Sandbox arrangement provides a controlled pilot window for shaking out any operational issues before full production rollout. People are covered by ongoing training and capacity development at CDSC, the agents, and participants. None of these is glamorous; all of them are the kind of thing whose absence produces the operational failures that get covered later by costly insurance claims.

Pillars 4 and 5: Custody and settlement risk

Custody risk is the loss of collateral due to insolvency of the entity holding it. CDSC mitigates this by restricting collateral custody to tier-one Kenyan banks with low credit-risk ratings, and by distributing the collateral pool across multiple banks rather than concentrating it in a single custodian. The distribution is itself a defensible diversification choice; the tier-one restriction is the harder constraint.

Settlement risk is the delay in receiving securities or collateral. The DVP-3 model already discussed handles the standard case (simultaneous transfer of security to borrower and blocking of collateral, so neither side advances ahead of the other). The Settlement Guarantee Fund is the backstop for the residual case where the DVP-3 mechanism itself cannot complete due to one side's operational failure.

Pillar 6: Market risk

Market risk in SLB is the loss arising from price fluctuation in the lent or borrowed securities. The framework handles this with three layered tools. Daily mark-to-market against the closing reference price ensures that the gap between the position's economic value and the posted collateral closes every day. Initial margin (the 10 percent buffer on top of the 100 percent collateral) is sized to cover plausible intraday price moves between mark-to-market windows. Restrictions on collateral reuse prevent the collateral itself from being a source of secondary market risk.

There is a separate market risk that is genuinely not mitigated and is not the framework's job to mitigate: the price risk borne by the borrower or lender on the underlying position. A borrower who shorted shares hoping for a price decline carries the directional risk if the price rises. A lender whose securities are recalled after a price move carries the timing risk of the recall window. Those are investment risks of the participant's own choosing, and the framework correctly leaves them where they are.

Legal and compliance

Legal and compliance risk is the uncertainty in how regulations or contractual terms apply, the possibility of unfavourable regulatory changes, or the voiding of contracts due to non-compliance. The framework addresses this in three ways. First, the SLB Regulations, Rules, and Procedures have been exposed to stakeholders and approved by CMA, with the screen-based model further admitted into the CMA Regulatory Sandbox for piloting under explicit regulatory oversight. Second, all participating intermediaries are regulated entities, with CMA conducting continuous compliance monitoring. The Retirement Benefits Authority has issued a Letter of No Objection allowing retirement benefit schemes to participate in SLB, subject to each scheme's Investment Policy Statement. Third, standardized SLB Master Agreements are in place between every pair of counterparties (lender and borrower, lender or borrower and agent, agent and CDSC), spelling out obligations, responsibilities, and dispute-resolution mechanisms in advance.

What the framework does not mitigate

CDSC is honest about residual risks the framework does not eliminate, in both the borrower and lender directions, and the framework documentation explicitly lists them. For borrowers: the underlying market can move against the position; manufactured-dividend obligations (the requirement to compensate the lender for any dividends paid during the borrow window) increase the borrower's carrying cost; the contract may wind up prematurely if the lender exercises a recall or the borrower defaults on a margin call; illiquidity in the open market at return time may make sourcing the return securities expensive; delisting or suspension of the security during an open contract creates an operational scramble.

For lenders: the lender may lose control of the position when the borrower defaults and compensation is made on a cash basis rather than in shares; the 14-day recall notice limits how quickly the lender can exit an open contract to exploit a new investment opportunity; the borrower may return the securities earlier than the agreed date, ending the lending-fee stream sooner; the same delisting or suspension event that complicates the borrower's position also complicates the lender's exposure.

These residual risks are real, and any participant evaluating SLB engagement should understand them as the cost of admission. They are also the kind of risks a participant can price for and manage, rather than the kind that produce catastrophic uncovered loss. The framework's structural choice is to handle the catastrophic-loss scenarios through the collateral, margin, guarantee-fund, and master-agreement architecture, and to leave the position-level investment risks where they were always going to sit: with the participant who chose to take them.