2012/13 Assessment of ASX Clearing and Settlement Facilities B1.2 ASX Clear (Futures)
Standard 16: Operational Risk
A central counterparty should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the central counterparty's obligations, including in the event of a wide-scale or major disruption.
Rating: Observed
ASX Clear (Futures)' key operating system is SECUR.
ASX Clear (Futures) manages its operational risks in the context of its group-wide Enterprise Risk Management Framework (CCP Standard 16.1). Responsibility for approving and reviewing operational risk management policy is shared between the ASX Limited and CS Boards, the Audit and Risk Committee and business units, the last of which are responsible for implementing operational risk controls (CCP Standard 16.2). ASX Clear (Futures) sets clear operational reliability objectives and pursues policies designed to achieve those objectives. Key objectives for SECUR, such as minimum availability of 99.8 per cent and peak capacity utilisation of 50 per cent, were met over the Assessment period (CCP Standard 16.3). ASX Clear (Futures) maintains sufficient well-trained and competent personnel and other resources to operate SECUR, and ASX has taken steps to ensure business development work did not risk the availability of these resources for key systems during the Assessment period (CCP Standard 16.4).
ASX Clear (Futures) manages operational interdependencies with participants and Austraclear through its participant monitoring processes and group-wide risk management framework (CCP Standard 16.5). Its dependencies on service providers and utilities are subject to ongoing monitoring and contingency arrangements where appropriate, including an escrow arrangement for SECUR source code subject to third-party vendor support. During the Assessment period, ASX Clear (Futures) strengthened its arrangements with key outsourcing and critical service providers through additional clauses added to legal agreements that support the providers' compliance with FSS requirements, access to information for the Bank, and notice to the Bank in the case of termination (CCP Standards 16.9, 16.10, 16.11).
ASX Clear (Futures) also maintains business continuity arrangements that provide a high degree of redundancy and, through the use of dual sites, target the resumption of operations within two hours following disruptive events. These arrangements are regularly tested in real time during live operations (CCP Standard 16.7). Participants are required to maintain appropriate operational and business continuity arrangements that complement ASX Clear (Futures)' own arrangements, and are appropriate to the nature and size of their business. ASX Clear (Futures) monitors participants' compliance with these requirements, and broader operational performance, on an ongoing basis (CCP Standards 16.6, 16.8).
Over the forthcoming Assessment period, ASX Clear (Futures) will be undertaking a project to upgrade its core operating system, SECUR, to the Genium INET Clearing system offered by the same vendor. The Bank will monitor the progress of this project.
The Bank notes the following steps that ASX Clear (Futures) should take to strengthen its observance of CCP Standard 16:
- In order to meet the requirements of CCP Standard 16.11, which comes into effect on 31 March 2014, review its operational arrangements in light of the proposed Australian FMI resolution regime to ensure that they are consistent with the form of the regime once finalised.
On the basis of this information, and noting that CCP Standard 16.11 is not yet in force, the Bank's assessment is that ASX Clear (Futures) has observed the requirements of CCP Standard 16 during the 2012/13 Assessment period. ASX Clear (Futures)' arrangements for managing operational risks are described in further detail under the following sub-standards.
Identifying and managing operational risk
16.1 A central counterparty should establish a robust operational risk management framework with appropriate systems, policies, procedures and controls to identify, monitor and manage operational risks.
ASX's operational risk policies and controls have been developed in accordance with ASX's group-wide Enterprise Risk Management Framework (see Standard 3.1). Under this framework, the ASX Limited Board is responsible for reviewing and overseeing the group's risk management systems. The Board delegates review of the Enterprise Risk Management Framework to its Audit and Risk Committee. An Enterprise Risk Management Committee, comprising executives from across ASX's business units, is responsible for approving enterprise risk policies and reviewing controls, processes and procedures to identify and manage risks, as well as the formal approval of significant operational risk policies prepared by individual business units. Individual business units are also responsible for: identifying business-specific risks; applying controls; maintaining risk management systems; reporting on the effectiveness of risk controls; and implementing enhancements and taking remedial action.
16.2 A central counterparty's board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the central counterparty's operational risk management framework. Systems, operational policies, procedures and controls should be reviewed, audited and tested periodically and after significant changes.
The roles and responsibilities for addressing operational risk are clearly defined in the CS Boards' Charter, the Audit and Risk Committee Charter, and the Enterprise Risk Management Framework. As described above, risk responsibilities are shared between the ASX Limited Board, the CS Boards, the Audit and Risk Committee, the Enterprise Risk Management Committee and individual business units.
Policies and procedures are the subject of internal and external review. ASX's Internal Audit unit routinely monitors compliance with operational policy, reporting to the Audit and Risk Committee on a quarterly basis. Audit findings may prompt a review of policy, which would be conducted in consultation with key stakeholders. Technology-related security policy is reviewed by external auditors twice a year.
ASX benchmarks its operational risk policy against relevant international standards. For example:
- The business continuity framework is benchmarked against the Business Continuity Institute's Good Practice Guidelines 2010, the international standard ISO 22301:2012 Business Continuity Management Systems, and the British standard BS 25999 1:2006.
- The technology risk management framework is benchmarked against the ISO 27001:2005 Information Security Management Systems standard.
- The compliance framework is benchmarked to the AS 3806-2006: Australian Standard Compliance Program.
- The ASX Fraud Control Policy is benchmarked against AS 8000-2008: Fraud and Corruption Control.
The risk framework defines a variety of control procedures to support the core operational systems. These include audit logs, dual input checks, management sign-off and processing checklists as the primary preventative controls, supported by reconciliations and management reviews of activity. ASX Clear (Futures) operates a separate test environment for its core system (SECUR) and has a formal, documented change management process. There are also defined procedures for communicating with participants and vendors around technology upgrade releases, which include regular notices to participants of upcoming changes.
16.3 A central counterparty should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These policies include, but are not limited to, having: exacting targets for system availability; scalable capacity adequate to handle increasing stress volumes; and comprehensive physical and information security policies that address all potential vulnerabilities and threats.
Availability targets are documented and defined formally for critical services. SECUR is required to meet a minimum availability target of 99.8 per cent; over the 2012/13 Assessment period SECUR was available 100 per cent of the time.
System capacity is monitored on an ongoing basis, with monthly reviews of current and projected capacity requirements. The results are reviewed against established guidance for capacity headroom over peak recorded values for all critical systems; that is, to maintain 50 per cent over peak recorded daily volumes, with the ability to increase to 100 per cent over peak within six months. Capacity data are reported monthly to the CEO. Average capacity utilisation of SECUR over the Assessment period was 10 per cent, while peak utilisation was 17 per cent. ASX Clear (Futures) maintains sufficient technical and human resources to operate SECUR during peak periods, including in the event of operational incidents or system failure.
Information security policy is implemented using a risk-based decision process, based on AS 4360, relevant federal and state legislation, and other best-practice standards. The goal of ASX's information strategy is to create a strong and reliable security environment that meets business and functional requirements for customers and employees while balancing risk to the organisation, cost of controls, and richness and flexibility of services. Information security policy applies to all employees, consultants, vendors and contractors of ASX. It also applies to all facilities, equipment and services managed by or on behalf of ASX, including off-site data storage, computing and telecommunications equipment. The policy is reviewed annually or when material or organisational changes are made. The last review was in late 2012.
Testing of information security policy is carried out against production infrastructure where possible. This includes penetration testing against the ASX perimeter and vulnerability testing within the perimeter. ASX Clear (Futures) performs SECUR security testing on a quarterly basis. ASX operates a suite of controls designed to prevent a successful cyber attack on its systems, such as denial of service or malware threats. These include steps to monitor suspicious internet traffic, and the maintenance of spare capacity to manage legitimate or malicious surges in internet traffic, as well as steps to regulate access to ASX systems described below.
Physical access is controlled at both an enterprise and business unit level. The key systems supporting ASX's clearing and settlement processes are operated within a secure building. Clearing operations are separated from general office areas with permitted access determined at a senior manager level and records of access maintained. Physical security arrangements for the primary and backup data centres are broadly equivalent.
User access for the key systems is restricted to prevent inappropriate or unauthorised access to application software, operating systems and underlying data. User activities are uniquely identifiable and can be tracked via audit trail reports. The level of access is authorised by the system owner with users granted the minimum level of access to systems necessary to perform their roles effectively. External access to ASX systems must pass through multiple layers of firewalls and intrusion prevention, and individual networks are segregated.
Application testing is carried out in test environments. Testing reports are documented, with identified problems escalated to management and tracked through to remediation. Similarly, any technology-based operational incidents are reported to senior management and issues are tracked through to resolution via regular updates to management.
16.4 A central counterparty should ensure that it can reliably access and utilise well-trained and competent personnel, as well as technical and other resources. These arrangements should be designed to ensure that all key systems are operated securely and reliably in all circumstances, including where a related body becomes subject to external administration.
Access to resources
ASX Clear (Futures) has arrangements in place to ensure that it has well-trained and competent personnel operating SECUR. Staff are provided with relevant policies and guidelines from commencement of employment, with weekly communications thereafter. Staff are evaluated with reference to each defined operational process. ASX Clear (Futures) has a formal succession planning and management process in place for key staff.
To facilitate rapid recovery in the event of an operational disruption, ASX intends to increase the number of operational staff based at its secondary operations site, to around 30 per cent from the current 17 per cent. In case of a disruption to staffing arrangements at the primary site for staff, the secondary operations site has capacity to house 65 per cent of all operational staff.[1]
Resources shared with a related body
Within the ASX group structure, most operational resources are provided by ASX Operations Limited, a subsidiary of ASX Limited. In the event that ASX Operations Limited became subject to external administration, ASX Clear (Futures) and the other clearing and settlement corporate entities would be able to retain use of resources under provisions within the written support agreement (to the extent permissible by law).
Major projects
Major projects are overseen by the Enterprise Portfolio Steering Committee (EPSC), which is comprised of representatives of the Group Executive. The EPSC is responsible for determining project priorities across the ASX Group and overseeing the quality of project execution. The EPSC is also tasked with ensuring that ASX has sufficient well-qualified personnel to cope with periods in which it is simultaneously undertaking a number of projects, including those resulting in significant changes to business. Project management of major projects is undertaken by the Project Management Office (PMO). For projects affecting core systems (including SECUR), the PMO rates projects to ensure they receive appropriate access to resources. Projects incorporate testing processes, which verify that systems or services meet benchmarks set prior to implementation. Testing addresses both technical and operational aspects of projects. The project management process includes engagement with customers and third-party vendors of supporting systems where appropriate, particularly in customer testing. Project plans also include formal checkpoints to ensure all appropriate risk management controls are in place prior to live use of a new or updated system or service.
During the Assessment period, ASX undertook work on over 30 projects, including major projects such as the OTC derivatives clearing service in ASX Clear (Futures) and the ASX Collateral service (see Section 4). Work on these projects, often to challenging time frames, in addition to work required by ASX to ensure compliance with the new FSS, has tested the capacity of ASX's existing resources, although targeted deadlines for key projects have largely been met. In order to meet increased demand for resources associated with these projects and ongoing business requirements, ASX has taken on new staff, employed consultants and utilised partnerships with service providers, including in respect of the OTC derivatives clearing service. ASX's resource management is discussed further in Section 3.5.5 of the Assessment report.
16.5 A central counterparty should identify, monitor and manage the risks that key participants, other FMIs and service and utility providers might pose to its operations. A central counterparty should inform the Reserve Bank of any critical dependencies on utilities or service providers. In addition, a central counterparty should identify, monitor and manage the risks its operations might pose to its participants and other FMIs. Where a central counterparty operates in multiple jurisdictions, managing these risks may require it to provide adequate operational support to participants during the market hours of each relevant jurisdiction.
Dependencies on participants and other FMIs
ASX identifies and monitors potential dependencies on participants in a number of ways: by holding regular discussions with participants on risk management processes (see CCP Standard 3.1); as part of its assessments of project-related risks (see CCP Standard 14.1); and through its general monitoring of risks as part of its risk management framework (see CCP Standard 3.1). For ASX Clear (Futures), ASX has identified risks relating to its operational activities arising from participants' increased usage of third-party vendors for back-office systems, and participants outsourcing their back-office processing offshore.
- If multiple participants use the system of a vendor that experiences difficulties, these participants may have difficulty connecting to ASX's clearing and settlement infrastructure. If a vendor issue requires significant system changes, ASX Clear (Futures)' operations may be affected for an extended period. To date this risk has been managed through technical and business continuity requirements on participants, but there are limitations to this approach. Notwithstanding that there are no contractual relationships between ASX and vendors, ASX has commenced a program to develop stronger direct relationships with key participant vendors. This formalises steps taken by ASX to engage with participant vendors, for example to align margin calculations following the introduction of CME SPAN in ASX Clear (see CCP Standard 3.1). The objective of the program is to improve vendors' knowledge of ASX technical updates as well as ASX's knowledge of vendor systems and business continuity arrangements.
- Participants' outsourcing of back-office processes and technology to overseas domiciled hubs or third-party vendors may complicate incident management due to differences in time zones and languages, and possible lack of local market knowledge. Such factors, if improperly mitigated, could increase operational risk. ASX is examining options to mitigate these risks. As part of this, ASX Compliance has initiated a spot review on participants' outsourcing arrangements that will benchmark participants against a number of standards, including APRA's outsourcing prudential standard CPS 231.
ASX Clear (Futures) has an operational interdependence with Austraclear, which is used to settle margin payments. Operational risk associated with this interdependence is managed within the context of the ASX Group's operational risk management framework. ASX Clear (Futures) does not have significant operational interdependencies with other FMIs.
Dependencies on service providers
ASX has a formal policy that sets out the process for entering into, maintaining and exiting key outsourcing arrangements. If a key service is to be provided by an external service provider, ASX first conducts a tender process in which proposals from potential vendors are assessed against relevant criteria. Arrangements have been implemented under which ASX would consult with the Bank before entering into new agreements with third parties for critical services and provide the Bank with a list of critical outsourcing arrangements on an annual basis. Issues relating to outsourcing or service provision are escalated as appropriate to executive management via the ASX Technology Vendor Management Group and the relevant operational support area.
ASX assesses the operational performance of its service providers on an ongoing basis against its own operational policies, to ensure that service providers meet the resilience, security and operational performance requirements of the FSS. ASX maintains current information on its service providers' operations and processes through ongoing liaison, and in turn provides relevant updates to service providers regarding ASX operations. Service providers are also assessed through software regression testing when there is a major system upgrade.[2] Contractual arrangements with critical service providers require the approval of ASX Clear (Futures) before the service provider can itself outsource material elements of its service.
ASX Clear (Futures) has identified a critical dependence on a third-party vendor regarding support and development of its core system, SECUR. In order to address this dependence, ASX Clear (Futures) took over responsibility for business continuity arrangements and computer-system support in mid 2008. The third-party vendor continues to provide support where changes to system components or underlying source code are involved, under an agreement that extends beyond 2013. ASX Clear (Futures) has an escrow arrangement in place that would allow it to access source code for SECUR in the event that its vendor was unable to continue providing support. These arrangements will remain in place until completion of a planned upgrade of the SECUR system to the Genium INET Clearing system, also offered by the same vendor, in the first half of 2014. The upgraded system will be covered by similar support arrangements between ASX Clear (Futures) and the third-party vendor to those already in place in respect of SECUR.
All other ASX Clear (Futures) operational functions are performed within ASX. However, external suppliers are used for utilities, hardware maintenance, operating system and product maintenance, and certain security-related specialist independent services.
ASX has put in place a number of mitigants to address the risks associated with dependencies on utilities and service providers.
- Primary and backup data centres are connected to different electricity grids and telecommunication exchanges.
- Each data centre has backup power generators with capacity to run the site at full load for 72 hours.
- All external communications links to data centres are via dual geographically separated links.
- ASX conducts regular testing of backup arrangements. Major systems are tested on a two-year cycle. Participants are notified of business continuity tests in advance through ASX notices.
- ASX also performs a periodic assessment of suppliers, including consideration of contingency arrangements should externally provided services not be available (such as the use of alternative suppliers), and incident escalation procedures and contacts.
Disclosure
The nature and scope of ASX Clear (Futures)' dependencies on critical service providers are disclosed to participants through: Operating Rules; Guidance Notes; Notices and Bulletins; technical documentation available on ASX's website for participants; more general information available on the ASX public website; and in one-on-one meetings with participants, both during the induction process for new participants and on an ongoing basis.
16.6 A participant of a central counterparty should have complementary operational and business continuity arrangements that are appropriate to the nature and size of the business undertaken by that participant. The central counterparty's rules and procedures should clearly specify operational requirements for participants.
The ASX Clear (Futures) Operating Rules and Procedures require participants to maintain adequate business continuity arrangements (see CCP Standard 16.8) to allow the recovery of usual operations within two hours following a contingency event. If a participant fails to do so, it may become subject to sanctions or restrictions on its activities. Spot checks of participants' business continuity management are conducted if risk factors are identified, such as where a participant has been experiencing operational problems. These spot checks examine the participant's governance and processes surrounding resilience and business continuity.
The Operating Rules and Procedures also require more broadly that participants have facilities, procedures and personnel that are adequate to meet technical and performance requirements. ASX's preferred approach to operational concerns is to work collaboratively with the participant to educate them on their obligations. If the matter is serious, ASX may require that the participant remediate the weakness. Alternatively, ASX may impose conditions on participation, or require that the participant appoint an independent expert to assist with the remediation task.
Business continuity arrangements
16.7 A central counterparty should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within two hours following disruptive events. Business continuity arrangements should provide appropriate redundancy of critical systems and appropriate mitigants for data loss. The business continuity plan should be designed to enable the central counterparty to facilitate settlement by the end of the day of the disruption, even in case of extreme circumstances. The central counterparty should regularly test these arrangements.
ASX Clear (Futures) maintains extensive contingency plans detailing the appropriate operational response to a CS facility disruption, including coverage of the various lines of authority, means of communication, and failover procedures. These plans are updated periodically. ASX Clear (Futures) policy requires that failover to the backup data centre should occur within two hours for all systems.
ASX Clear (Futures) employs a variety of technologies to ensure a high degree of redundancy in its systems – both across sites and within a single site. ASX maintains both primary and backup data centres, with hardware at both locations subject to common operational requirements. Key plant and equipment at the primary site are designed to the Uptime Institute Tier 3 standard of concurrent maintainability.[3] The main computer network is connected via point-to-point optical fibre, which ASX operates with its own technology, thereby reducing the potential for outages due to operational errors by the telecommunications provider. All core systems employ multiple servers with spare capacity. Front-end servers handling communications with participants are configured to provide automatic failover across sites. Failover of the more critical data servers will generally take place within an hour under the control of management; however, the disruption to participants in such a case is reduced due to the high degree of redundancy in the front-end system components, which in most circumstances will maintain communications with external systems and queue transactions until the data servers are reactivated. The integrity of transactions is ensured by queuing messages until they can be processed; storing all transactions in the database with unique identifiers, thereby preventing the loss or duplication of transactions; and synchronised replication of database records across both data centres. Furthermore, in the event that a significant part of a system or an operational site fails, ASX Clear (Futures) has contingency arrangements to activate an additional tier of redundancy arrangements (either by converting test systems into production systems or rebuilding systems from readily available hardware) within 24 hours to meet the contingency of any further service interruption.
ASX Clear (Futures) has clearly defined procedures for crisis and event management. These procedures cover incident notification, emergency response (including building evacuation), incident response (including overall incident assessment and monitoring), and incident management testing. ASX maintains a major incident management team that includes senior representatives of the core business activities, as well as facilities management, business continuity, and media and communications. The procedures identify responsibilities, including for internal communication and external communication to emergency services, the market, industry and media.
ASX Clear (Futures) regularly tests its business continuity arrangements. Dual site operational teams across the primary and secondary operations sites effectively test backup operational processes on a continuous basis. For those teams not located across both sites, connectivity and procedural testing of the secondary site are performed monthly by representatives from ASX Clear (Futures). Live tests, where market and clearing and settlement services are provided in real time from the backup data centre, are conducted on a two-year cycle. Test results are formally documented and reported to ASX senior management and are also made available to internal and external auditors. The use of live tests ensures that participant connectivity to the backup data centre is also tested. ASX's business continuity framework is audited externally every three to five years; the most recent audit, conducted in late 2012, found that ASX's business continuity standards were broadly consistent with widely recognised global standards and did not identify any major areas of concern.
16.8 A central counterparty should consider making contingency testing compulsory for the largest participants to ensure they are operationally reliable and have in place tested contingency arrangements to deal with a range of operational stress scenarios that may include impaired access to the central counterparty.
The ASX Clear (Futures) Operating Rules and Procedures require participants to maintain adequate business continuity arrangements that are appropriate to the nature and size of their business as a participant. The Operating Rules specify that participants must have arrangements that allow for the recovery of usual operations. It is ASX Clear (Futures)' expectation that this would be within two hours following a contingency event. These arrangements are reviewed as part of the participant admissions process. Participants are also subject to spot checks of their ongoing compliance with operational requirements. Spot checks may be based on topical themes, in some cases arising from observations of general business developments, and in other cases motivated by a participant that has been experiencing operational problems. If a participant fails to implement any recommendations arising from a check, ASX may impose sanctions.
Participants are involved in the contingency testing of ASX Clear (Futures)' systems, as this testing is conducted in a live environment. ASX conducts comprehensive business continuity testing of key systems at least every two years, with participants being notified of the start and completion of testing. Participants are also involved in testing of major system changes or in advance of the introduction of a new system. ASX Clear (Futures) conducts regular connectivity tests and maintains an external testing environment for system changes.
Outsourcing and other dependencies
16.9 A central counterparty that relies upon, outsources some of its operations to, or has other dependencies with a related body, another FMI or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet the resilience, security and operational performance requirements of these CCP Standards and equivalent requirements of any other jurisdictions in which it operates.
ASX has developed a set of standard clauses for inclusion in contracts with third-party service providers for provision of critical services to ASX Clear (Futures). Similar clauses are also included in the Support Agreement between ASX Clear (Futures) and ASX Operations Pty Ltd, which provides all internal operational services for the facilities. The clauses seek to ensure that the agreements meet the resilience, security and operational performance requirements of the FSS. In particular, the clauses allow the Bank to gather information from the service provider about the operation of critical functions (see CCP Standard 16.10). In the event that the Bank concluded that the terms of the service provider agreement did not meet FSS requirements, the clauses also require the service provider to negotiate acceptable new terms with ASX in good faith. Furthermore, if ASX Clear (Futures) were to become insolvent, the clauses give the Bank an opportunity to negotiate with the service provider to continue service provision (see CCP Standard 16.11). ASX is applying these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements. This includes ASX Clear (Futures)' agreements with a third-party vendor for support of SECUR, which also incorporates EXIGO software support, and another third-party vendor for support of software systems developed for clearing of OTC derivatives.
16.10 All of a central counterparty's outsourcing or critical service provision arrangements should provide rights of access to the Reserve Bank to obtain sufficient information regarding the service provider's operation of any critical functions provided. A central counterparty should consult with the Reserve Bank prior to entering into an outsourcing or service provision arrangement for critical functions.
ASX's standard clauses for service providers require the provider to grant reasonable access to the Bank in respect of information relating to its operation of a critical function provided to ASX Clear (Futures). ASX is applying these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements, including its agreements with the vendors mentioned in CCP Standard 16.9.
16.11 A central counterparty should organise its operations, including any outsourcing or critical service provision arrangements, in such a way as to ensure continuity of service in a crisis and to facilitate effective crisis management actions by the Reserve Bank or other relevant authorities. These arrangements should be commensurate with the nature and scale of the central counterparty's operations.
CCP Standard 16.11 comes into effect on 31 March 2014.
ASX Clear (Futures) has begun to take steps to ensure that it will be able to comply with this standard once it comes into effect. Standard clauses in its agreements with service providers (described in CCP Standards 16.9 and 16.10) require that providers give the Bank notice of any intention to terminate the agreement as a consequence of ASX Clear (Futures)' failure to pay fees, or in the event of the insolvency of ASX Clear (Futures) or any other relevant ASX entity. This is intended to give the Bank an opportunity to take action to remedy the breach or otherwise ensure continued service provision.
ASX Clear (Futures)' arrangements to ensure continuity of operations in the event of a crisis will be shaped by the proposed introduction into Australian law of a resolution regime for FMIs. This was foreshadowed in consultations undertaken by the Council of Financial Regulators and Treasury in 2011 and 2012. ASX Clear (Futures) will need to ensure that its arrangements to support continuity of operations in a crisis are appropriately adapted to the proposed FMI resolution regime.
Footnotes
ASX currently maintains three main sites for its operations and data processing: a primary operations site (where the majority of staff are located); a secondary operations site that also operates as the primary data centre; and a backup data centre. [1]
When a component of software is updated, ‘regression testing’ aims to perform checks on the full software to verify that the operation of other software components has not been inadvertently affected by the update. [2]
The Uptime Institute is an IT consulting organisation that has developed a widely adopted classification system for the level of redundancy arrangements in data centres. ‘Tier 3’ is the second highest standard of redundancy, indicating that a data centre has redundant components, multiple independent power and cooling systems, and a high degree of availability. [3]