CCPA, as an EMIR certified central counterparty, is responsible for the clearing and risk management of all CCP-eligible securities transactions on Vienna Stock Exchange and of all electricity spot market products which were traded on EXAA as well as for assuming and managing the settlement and default risk and is therefore contributing to market stability. A failure to perform services may have an adverse effect on the liquidity and stability of the financial and electricity spot market. Hence, CCPA has implemented a solid risk management system, which is a key element in its business activity and corresponds to the complexity of the business processes and the cleared products.

According to its risk management framework, CCPA has implemented organisational and procedural measures to identify, assess, control, manage, monitor and report the risks, to which the company is exposed.

These safety measures and procedures ensure the highest possible degree of business continuity and business contingency at all times.

Business Continuity Management

CCPA represents an important part of the Austrian financial and electricity spot market infrastructure and therefore it has implemented a comprehensive risk management framework including measures for mitigating operational risks

  • by preventive actions on the one hand as well as
  • by planning and testing of business contingency actions on the other hand.

The operational risk management involves the management of risks resulting from IT, external events, internal processes and human resources.

CCPA has defined measures which enable critical functions to recover within two hours, with backup systems ideally starting processing immediately after an incident. Furthermore, it is ensured with very high probability that no data will be permanently lost.

To minimise the negative impact on business processes, if a risk materialises, and ensure a minimum level of critical functions a business continuity management, according to Art. 26 and 34 of EMIR and Articles 17 – 23 of RTS 153/2013, is established, implemented, maintained and tested on regular basis.

The business continuity measures aim to ensure

  • the preservation of CCPA’s core functions,
  • the timely recovery of operations and
  • the fulfilment of its obligations. 

In order to guarantee the economic existence of the organization even after incurring serious damage, CCPA takes preventive measures to reduce the damage from or probability of occurrence of operational risks including minimum requirements on clearing systems, clearing operations, IT workplaces, information security as well as internal controls.