It takes rock-solid infrastructure to maintain financial market resilience and reliability through inevitable stresses and crises. That’s where Depository Trust & Clearing Corp. (DTCC) comes in. Last year the industry-owned post-trade services giant’s subsidiaries processed securities transactions valued at $3.7 quadrillion. Its Depository Trust Co. is one of eight strategically important financial market utilities (SIFMUs) designated by the U.S. Financial Stability Oversight Council. Its National Securities Clearing Corp., Fixed Income Clearing Corp. (FICC), and Institutional Trade Processing facilities handled record volumes amid recent bouts of volatility.
All that risk being mitigated on behalf of DTCC’s owners, customers and the global financial system as a whole is central to the organization’s mission, which in turn defines the critical role of group chief risk officer Timothy Cuddihy.
A managing director and 14-year veteran of DTCC, Cuddihy rose to group CRO in 2022, succeeding Andrew Gray. Cuddihy was previously responsible for FICC and liquidity risk management (2011-2015) and DTCC financial risk management (2015-2022).
“I’ve always been drawn to the analytical rigor and strategic challenges that risk management demands,” says Cuddihy. His BA degree in mathematics and statistics and MBA in finance, both from Rutgers University, “helped give me the quantitative grounding to build complex financial models supported by well-developed assumptions, analyses and market considerations.”
Since it was formed in the 1970s to resolve a paperwork crisis then overwhelming Wall Street back offices, DTCC has been an agent of automation and modernization. The shortening of the trade settlement cycle to one day, or T+1, and the pending mandatory clearing of U.S. Treasury securities are cases in point.
Group CRO Cuddihy: “A purpose-driven culture.”
Over the last decade, the company has piloted and pursued blockchain innovations, established a Digital Assets business unit, and last year introduced the Digital Launchpad sandbox program to “unify stakeholders from nearly every corner of the financial markets to solve the challenges facing adoption of digital asset technology,” in the words of president and CEO Frank La Salla.
Now comes artificial intelligence: “It has the potential to reinvent all stages of the trade lifecycle to enhance market efficiency, risk management and liquidity,” La Salla wrote in an article for the World Economic Forum.
Cuddihy notes that “DTCC has established a governance framework for the assessment of [AI and machine learning] models” including large language models (LLM)/generative AI. “DTCC closely monitors emerging AI/ML use cases to ensure new uses of assessed models and/or existing vendor tools are in alignment with approved model uses.”
Cuddihy worked in actuarial and risk roles at American International Group from 1989 to 1996 and moved on to Swiss Re, ACE Ltd. and German bank WestLB, where he was managing director of market risk management before joining DTCC in 2011. He engaged in this interview via email.
How would you characterize DTCC’s culture?
DTCC emphasizes a purpose-driven culture that's all about collaboration, innovation and resilience. We encourage everyone to share their ideas and continuously learn. It’s a place where respect and striving for excellence go hand-in-hand.
Please describe your risk responsibilities.
I now oversee a broad portfolio that includes credit, market, liquidity, model, operational, third-party, systemic, and cyber risk, as well as business continuity and data management.
I also chair our Management Risk Committee, which ensures that risk considerations are embedded in enterprise decisions.
In June, Laura Deaner was appointed chief information security officer (CISO), reporting to Chief Information Officer Lynn Bishop. What is your relationship with IT?
Last November, we announced that we would be moving the CISO position and first line cyber functions to IT, while strengthening the second line of defense within the Group Chief Risk Office (GCRO). The office works in close collaboration with the CIO and CISO to ensure a cohesive strategy that encompasses all facets of risk.
These organizational changes enhance existing capabilities by ensuring that cyber risk ownership and oversight are distinctly separated; demonstrating independent oversight, governance, and credible challenge; and strengthening escalation and control assessments. This alignment follows best practices, ensuring a clear governance structure and a robust cybersecurity strategy.
Describe your management style.
I focus on being transparent and empowering my team. I like to keep things open and approachable, making sure everyone feels comfortable sharing their thoughts. I set clear goals and ensure the team has what they need to succeed, leading by example.
What do you look for when recruiting a risk team?
People who are not just skilled, but also curious and adaptable. I want proactive problem-solvers who can thrive in agile, evolving conditions. Strong analytical, technological and communication skills are key. As risk managers we need to systematically evaluate information, identify patterns, draw conclusions and make well-informed decisions.
What is the importance of DTCC’s annual Systemic Risk Barometer Survey each December?
It serves as a crucial tool for understanding the most pressing risks in the financial sector. [Geopolitical, cyber, and U.S. political uncertainty were the most recent top three.] By pinpointing the areas of highest concern, firms can tailor their risk mitigation efforts to address specific vulnerabilities.
How have you been navigating those prominent risks?
Trade wars, elections and international conflicts can send shockwaves through financial markets. Given the complexity and unpredictability of geopolitical events and the U.S. political landscape, DTCC has adopted a dynamic and agile approach to risk management. Our strategy involves continuously monitoring the global political landscape and developing flexible risk mitigation plans to adapt to changing circumstances.
What stands out on the technology-risk front?
The threat landscape has expanded exponentially. Cyber attacks and data breaches now pose significant risks, requiring a more agile and adaptable approach to cyber risk management.
An emerging threat is quantum computing and its anticipated ability to break public key cryptography methods. This would seriously compromise the confidentiality and integrity of digital communications that the financial system relies on. DTCC is evaluating algorithms and cryptographic standards that will promote an agile post-quantum computing approach for its clients and their third-party vendors.
What about risk management continues to capture your heart?
One of the most rewarding aspects of my role is collaborating with clients, internal stakeholders, industry groups and regulators to build a resilient financial ecosystem. Leading the risk office at a company that plays a key role in protecting the global financial system is not just exciting, it’s genuinely meaningful to me.
L.A. Winokur is a veteran business journalist based in the San Francisco Bay Area.