2014 Assessment of the Reserve Bank Information and Transfer System 3. Material Developments
- Download the complete Document 1.36MB
This Section draws out the material developments relevant to RITS and its operating environment since the 2013 Assessment. While the Assessment period was the 12 months to the end of October 2014, material developments since then are also described. To the extent that these developments, and planned enhancements, have implications for RITS's observance of the Principles, these are noted. Over the Assessment period, there have been material developments that are relevant to the Principles concerning credit risk and collateral (Principles 5 and 6), legal basis (Principle 1), the comprehensive management of risks (Principle 3) and operational risk (Principle 17). To complement this Section, background information on how RITS operates is set out in Appendix A. A detailed Assessment of how RITS meets the Principles is presented in Appendix B, which has been updated to reflect developments discussed in this Section.
There are a number of other areas in which the application of the Principles will necessarily differ for central bank-owned systems.[6] The Bank has relied on its own judgement regarding how the Principles should be applied to RITS. As a general rule, policies and operational arrangements dealing with matters such as access to central bank accounts, credit provision and collateral eligibility will typically be integrally linked to policies that underpin a central bank's monetary operations and it is therefore accepted that these should not be constrained by the Principles. In addition, it is the Bank's view that expectations around recovery planning and the organisation of operational arrangements to support resolution actions will not typically apply in the case of a central bank-owned system. Similarly, the requirement to hold ring-fenced liquid assets to cover business risk and support a recovery or wind-down plan are not expected to be relevant where a central bank can supply liquidity as required to support its operations.
3.1 Activity in RITS
Consistent with the Bank's judgement that RITS is the only domestic systemically important payment system in Australia, around 70 per cent of the value of non-cash payments in Australia is settled on an RTGS basis in RITS (Table 3). Furthermore, since RITS settles on a real-time basis, it is used to settle time-critical payments, including Australian dollar pay-ins to CLS Bank International (CLS). RITS is also integral to the functioning of other payment systems and FMIs, with the interbank obligations arising from non-cash retail payments, debt and equity securities transactions, and central counterparties' margin-related payments also settled in RITS (see Section A.2 for further background on systems that are linked to RITS).
Since the previous Assessment, the average number and value of transactions settled in RITS have been relatively constant (Graph 1). In the 12 months to October 2014, RITS settled on average around 42,000 RTGS transactions each day, with an aggregate daily value of over $164 billion. On the peak value day in that period, RITS settled around 50,000 RTGS transactions with a total value of $258 billion.
3.2 RITS Feeder Systems
The majority of RITS payments are settled on an RTGS basis. These payments can be entered into RITS directly (these payments are known as RITS cash transfers), or delivered via one of two external feeder systems: the Society for Worldwide Interbank Financial Telecommunications (SWIFT) Payment Delivery System (PDS) and Austraclear.
RITS also facilitates the settlement of net interbank obligations arising from the equity market (through the Clearing House Electronic Sub-register System, CHESS, the equities settlement system operated by ASX Settlement), retail payment systems and a new property settlements system. During the Assessment period there have been changes to the way retail payments settle in RITS, and there are planned enhancements that are expected to further expand the variety of channels for settlement in RITS of interbank obligations arising from retail payment systems.
3.2.1 Same-day settlement of direct entry payments
The DE system is used for the exchange of bulk electronic payment files between authorised deposit-taking institutions (ADIs). Payments occurring through DE include salary, welfare and dividend payments, as well as internet (‘pay anyone’) banking transfers and direct debits for bill payments. The use of DE payments has grown strongly over the past decade and these account for the majority of retail payments by value. As reported in the previous Assessment, on 25 November 2013, the first of the strategic objectives established by the Payments System Board's Strategic Review of Innovation in the Payments System was achieved when DE payments began to settle on a same-day basis.[7]
Previously, the settlement of all DE obligations took place in a daily multilateral batch at 9.00 am on the business day following the exchange of payment instructions between ADIs.[8] With the introduction of same-day settlement for DE, settlement now takes place in six scheduled batches throughout the day, consisting of the 9.00 am batch (which settles DE payments exchanged at 10.30 pm the previous business day) and five additional batches through the day, each of which settles around 45 minutes after the scheduled exchange of payment instructions.
A benefit of this change is that financial institutions are in a position to make funds available to recipients on a more timely basis without taking on interbank credit risk. The implementation has required significant operational changes to RITS and ADIs' systems, as well as to the Bank's arrangements for the provision of liquidity.[9]
The transition to the new arrangements has proceeded smoothly. In the 11 months to October, on average approximately 99 per cent of the $16.8 billion of interbank DE payments each day settled on a same-day basis, with the remainder settling in the 9.00 am batch on the next business day. The average value settled shows a clear pattern across the five daily settlements (Graph 2). The majority of the value of DE payments, around 58 per cent, is settled in the last two batches, at 7.15 pm and 9.15 pm. This is likely to reflect legacy system constraints and business practices, as well as the behaviour of banks' customers, who often initiate payments late in the day.
Settling payments on a multilateral net basis allows the payers to economise on liquidity. That is, by netting offsetting payments, the total value of funds required to achieve settlement can be reduced. Between the start of 2013 and the implementation of same-day settlement, an average of $20.2 billion in retail payments (comprising DE, cheques, and debit and credit card payments) that required interbank settlement were settled in the 9.00 am batch each business day. On average, these obligations were multilaterally netted so that only $1.9 billion was required to settle them. Due to the introduction of same-day settlement, there has been some un-netting of payment obligations, which has led to a small increase in the liquidity required to achieve settlement. The sum of net settlement obligations (representing the 9.00 am batch and the five new multilateral settlements) has grown to $3.6 billion on average between the start of same-day settlement on 25 November 2013 and the end of October 2014 (Graph 3).
As discussed in Section 3.4.1, to help participants manage the increase in liquidity needed to settle DE payments on a same-day basis, participants can now source liquidity through ‘open’ repurchase agreements (repos).
3.2.2 The Fast Settlement Service
The Bank is monitoring industry progress towards meeting the remaining objectives arising from the Payments System Board's Strategic Review of Innovation in the Payments System and will ensure that RITS can support the new arrangements. These objectives include the ability to:
- make real-time retail payments
- make and receive low-value payments outside normal banking hours
- send more complete remittance information with payments
- address payments in a relatively simple way.[10]
The industry-coordinated response is to meet the remaining strategic objectives via a purpose-built payments infrastructure, the New Payments Platform (NPP). Under this proposal, the core of the NPP will be the Basic Infrastructure, including a central switch that will connect participating financial institutions and other approved entities, allowing payment and settlement messages to flow between participants (Figure 1). The Basic Infrastructure will be capable of supporting various ‘overlay’ services – that is, tailored commercial payment services which participants can choose to make available to their customers.
The Fast Settlement Service (FSS) is being designed to facilitate the final and irrevocable settlement of each individual payment sent from the Basic Infrastructure in central bank money and is expected to operate 24 hours a day, 7 days a week. The FSS will be a RITS service, owned and operated by the Bank. As a RITS service, it is expected that direct users of the FSS will be RITS participants and as a result be bound by the RITS Regulations.
Since the proposed purpose of the FSS will be to settle retail payments in real time, it will be expected to settle a high volume of low-value payments within seconds of their initiation. Consequently, the FSS is not expected to incorporate the same kind of liquidity-saving mechanisms as those used in the core RITS service (see Section A.3 for a description of RITS liquidity-saving features). Although it is planned that the FSS will use some of the existing RITS infrastructure, the systems are expected to operate on separate platforms so that RITS's core settlement service and the FSS will be able to process and settle payments independently of one another. Each RITS participant would continue to have only one Exchange Settlement Account (ESA); however, ESAs would be divided into an ‘FSS allocation’ and a ‘RITS allocation’. FSS payments would only be tested for settlement against the FSS allocation, and payments sent to RITS's core settlement service would only be tested for settlement against the RITS allocation.
During the operating hours of RITS's core settlement service, participants would have to manage the distribution of their ESA funds between their FSS and RITS allocations (see Section A.5 for details of RITS operating hours). It is expected that tools will be available in RITS to help manage the distribution of funds, including functionality to automatically transfer funds between a participant's RITS allocation and its FSS allocation depending on user-determined thresholds. For example, if a participant's FSS allocation fell below its lower threshold, RITS would automatically initiate a transfer from its RITS allocation to its FSS allocation. Outside the operating hours of RITS's core settlement service, overnight and at weekends for example, it is expected that an ESA holder's entire RITS allocation would be transferred to its FSS allocation. Some of the funds in a participant's FSS allocation would then be returned to its RITS allocation, up to a user-defined ‘reset point’, when the core RITS settlement service reopened.
As noted, FSS payments will be settled individually on a gross basis. It is expected that payments will be tested for settlement on a settle-or-reject basis. That is, if a participant did not have enough funds in its FSS allocation the payment would be rejected, and the participant would need to resubmit the payment later if it wanted the payment to be settled. As discussed in Section 3.4.1, the introduction of open repos has been in part motivated by the need to ensure participants have sufficient funds to settle FSS payments outside of normal banking hours.
The FSS is being designed to meet standards in relation to availability, capacity and security that are equivalent to those of the core RITS service. As Figure 1 illustrates, even though the FSS will involve separate technological infrastructure, it is a RITS service, and hence will be governed by the RITS Regulations and subject to the same risk management framework as the core settlement service. Consequently, once the FSS is launched it is the Bank's intention that, to the extent that the FSS provided critical services, these would be assessed against the Principles as part of the Assessment of RITS.
3.2.3 Property settlements
Another material operational change has been the implementation of new functionality in RITS to facilitate the financial settlement of property transactions originating from a system operated by PEXA. PEXA is a company owned by the Victorian, New South Wales, Queensland and Western Australian Governments, as well as a number of Australia's largest financial institutions. PEXA has developed a national electronic conveyancing system, which removes the manual processes and paperwork associated with the exchange of property by allowing land registries, financial institutions and other industry participants to prepare and process property transactions on a shared electronic platform. By settling the cash leg of property transactions in RITS, participants can avoid having to rely on less efficient payment methods. This will improve the efficiency of property transactions in general. The RITS functionality to support these settlements was implemented prior to the 10 November launch of the transfer and settlement functionality on the PEXA platform.[11]
Property settlements tend to involve a number of linked transactions; typically funds from the purchaser's deposit and the drawing down of their mortgage are used to pay off the seller's mortgage, stamp duty and other fees, with the remainder being credited to the seller's account. These linked transactions, which together comprise one property settlement transaction, are submitted by PEXA to RITS as a batch for simultaneous settlement on a multilateral net basis. The settlement of each batch is independent of other property settlement batches, which minimises interdependence between property settlements. However, where there is a chain of property settlements (e.g. an individual is selling one property and using the funds to buy another), PEXA will manage the order and timing of these property settlements to manage this interdependence. PEXA settlements will be processed in RITS during the RITS ‘day session’ to ensure that RITS participants have certainty regarding their PEXA-related settlement obligations before the interbank cash market closes (see Section A.5 for details of the RITS session times).[12]
The settlement of a property transaction where title of the property needs to be transferred will generally involve the following steps (Figure 2):
- PEXA will send a request to RITS to reserve the funds equal to each RITS participants' net obligations in the batch.
- If all paying RITS participants in the property transaction have sufficient funds in their respective ESAs, RITS will reserve the funds required to settle this batch.[13] Reservation requests are tested against a participant's full ESA balance, less any funds currently reserved for other property settlements. Funds reserved for PEXA transactions are not available to fund any other RITS payment (for further background on reservations in RITS, see Section A.3).
- Once the funds have been successfully reserved, RITS will advise PEXA.
- PEXA will then lodge the title transfer with the relevant state or territory land titles office.
- If lodgement is successful, the relevant land titles office will send PEXA a confirmation.
- On receipt of this confirmation, PEXA will send a request to RITS to settle the batch.
- The batch will be submitted to the RITS queue and settled using the reserved funds.
- RITS will then advise PEXA that settlement is complete.
- At some point after lodgement, the relevant state or territory land titles office transfers title of the property.
PEXA's ability to reserve funds in RITS helps to ensure that settlement of the cash leg and lodgement of the property leg occur almost simultaneously. Under current arrangements, it still may take up to a few days for land title offices to effect a transfer of title after receiving a lodgement request.
While the settlement of property transactions in RITS requires reservation of ESA funds, which inherently reduces the availability of liquidity for other RITS settlements, the value of property settlements is expected to be small relative to the total value of RITS settlements. Further, the period over which funds will be reserved is expected to be short. Accordingly, the recycling of liquidity in RITS is not likely to be materially affected.
3.3 Participation
Since settlement in RITS occurs using central bank money, only an institution with an ESA at the Bank can be a settlement participant in RITS. Furthermore, since RITS is the only means of access to ESAs, all ESA holders must be participants of RITS, meeting all of its operating conditions. The eligibility criteria to hold an ESA with the Bank therefore effectively represent the eligibility criteria for settlement participants in RITS. The criteria have been designed to be fair and open and promote competition in the provision of payment services by allowing access to all providers of third-party payment services, irrespective of their institutional status (for background information, see Section A.4).
The profile of participation in RITS is set out in Table 4. Since the previous Assessment there have been five new participants, including one new central counterparty (CCP), LCH.Clearnet Ltd, which joined RITS in November 2014. In addition, two institutions ceased to be participants during the Assessment period. Participation in RITS remains highly concentrated among the major domestic banks and large foreign banks, both in terms of number and value of RTGS payments. The value of outgoing RTGS payments settled by RITS participants using an agent remains very low at below 1 per cent of total RTGS payments.
3.3.1 LCH.Clearnet Ltd's ESA
LCH.Clearnet Ltd (LCH.C Ltd) is a CCP incorporated in England and licensed to offer a defined set of services in Australia. In accordance with the Bank's Financial Stability Standards for Central Counterparties (CCP Standards), since LCH.C Ltd is deemed to be systemically important in Australia, it has been required to open an ESA and to use its ESA to settle its Australian dollar obligations (e.g. settlement of Australian dollar margin between LCH.C Ltd and its clearing participants).[14] LCH.C Ltd was granted an ESA in November 2014.
LCH.C Ltd's ‘Protected Payments System’ (PPS) is used to effect settlement of payments between it and its participants. Currently, LCH.C Ltd uses a commercial bank for the final stage of its Australian dollar settlements; in this stage, Australian dollar payments from clearing participants are ‘concentrated’ at a single LCH.C Ltd account at that commercial bank. Payments to the ‘concentration’ bank are made by settlement banks (known as PPS banks) on behalf of the clearing participants. Now that it has an ESA, LCH.C Ltd intends to replace the commercial bank account with its ESA to concentrate its Australian dollar settlements, which will mean that it no longer has an exposure to a commercial bank as part of the settlement of Australian dollar obligations.[15]
3.3.2 New batch administrators
While only institutions with an ESA can be settlement participants in RITS, the RITS Regulations do allow for institutions to join RITS, and be bound by the RITS Regulations, even if they do not settle payments on their own behalf in RITS. One reason for an institution to join RITS without an ESA is to become a ‘batch administrator’; that is, to be able to submit a batch of payment obligations between RITS participants to RITS to be settled on a net basis.[16]
To become a batch administrator, an institution has to meet certain risk-based requirements. These requirements include that it has:
- the operational capacity to administer the batch process
- appropriate operational and contingency procedures to ensure the efficient functioning of its batch
- business rules and other legal arrangements to support the batch arrangement.
In 2014, two new batch administrators joined RITS: PEXA and MasterCard. The PEXA settlement arrangements have been described above in Section 3.2.3, while the MasterCard settlement arrangements are set out below.
MasterCard provides a platform for the processing, clearing and settlement of payments made using MasterCard brand debit and credit cards. In September 2014, MasterCard modified the arrangements for settling the interbank obligations arising from the payments that it processes. Since 10 September, these interbank obligations have been settled in a stand-alone multilateral net batch during the Morning Settlement Session on the next business day after the underlying payments were initiated (see Section A.5 for background on RITS Settlement Sessions). Previously, the obligations were settled on a multilateral net basis in the 9.00 am batch two business days after the payment was initiated. MasterCard used a large commercial bank as a settlement agent, which acted as the counterparty to all banks' MasterCard-related settlement obligations in the 9.00 am batch. The value of MasterCard interbank obligations is very small compared with both the total value settled in RITS and the value of interbank obligations arising from other retail payment systems.
3.4 Liquidity and Settlement Performance
As an RTGS system, RITS prevents the build-up of large interbank exposures, which would otherwise occur if high-value payments were settled on a deferred net basis. However, RTGS systems require participants to hold substantial liquidity in order to settle payments individually. Accordingly, the Bank seeks to facilitate effective liquidity risk management by participants in two main ways: the provision of liquidity to settle payment obligations at low cost; and liquidity-saving features within the design of RITS.
3.4.1 Liquidity provision
Liquidity can been sourced from participants' opening ESA balances and additional funds made available to participants by the Bank via its liquidity facilities. The aggregate of opening ESA balances is determined by the Bank's open market operations and outstanding open repos. Open market operations, which are aimed at maintaining the overnight cash rate at its target, involve a combination of term repos and some outright transactions. Under a repo, outright title to eligible securities is transferred to the Bank (upon purchase of securities) in return for a credit to the participant's ESA, with an agreement to reverse the transaction at some point in the future. Open repos do not specify the date on which the transaction will be reversed, whereas term repos specify a future date on which the repo is to be unwound.
Open repos are one of the ways holders of ESAs can access the Bank's liquidity facilities for settlement purposes. Open repos were introduced in November 2013 to facilitate the settlement of DE payment obligations and future obligations arising via the FSS (see Sections 3.3.1 and 3.3.2). These settlement obligations are unknown prior to the close of the interbank cash market and Austraclear. Open repos help participants meet these settlement obligations without having to actively manage their liquidity outside of normal banking hours, which would require a fundamental change to their existing practices.[17] The Bank also offers intraday repos, where the transaction must be reversed before the settlement of SWIFT and Austraclear transactions ceases in RITS.[18]
To preserve the incentive for RITS participants to remain active in the interbank cash market while it is open, the Bank has put in place new arrangements for the remuneration of balances held in ESAs overnight. Open repos are contracted at the cash rate target and a capped at a predetermined amount for each RITS participant.[19] To the extent that ESA holders retain matching funds against their open repo position, those ESA balances are compensated at the cash rate target. However, surplus ESA funds earn a rate 25 basis points below the cash rate target, while any shortfall in funds below the ESA holder's open repo position incurs a 25 basis point penalty (subject to an allowance for variations in ESA balances arising from DE settlements that occur outside of normal banking hours).
The introduction of open repos has resulted in a significant increase in the average amount of liquidity available in RITS, from $13 billion during the 12 months to October 2013 to $24 billion over the same period in 2014 (Graph 4). Around 86 per cent of liquidity is now accounted for by opening ESA balances.
As well as facilitating the settlement of late DE payments, the additional liquidity has resulted in earlier settlement of payment instructions submitted to RITS. In the 12 months to October 2013, on average it took until around 1.00 pm for 50 per cent of the day's payments, by value, to settle. Over the same period in 2014, this occurred on average at around 12.40 pm. Also, since the introduction of the new arrangements, the average length of time a payment instruction has been held on the queue awaiting settlement has also declined; comparing the first three quarters of 2014 with the same period in 2013, there has been a decline in the time taken to settle from 48 minutes to 30 minutes for payments of over $100 million (Graph 5).
3.4.2 Design features
The design of RITS features a central queue, with both a ‘next-down looping’ and an ‘auto-offset’ algorithm (see Section A.3 for further details). Since the introduction of open repos, the daily average value of transactions settled using the auto-offset feature has declined substantially as a proportion of the total value settled in RITS. In the three quarters to September 2014, the proportion of payments settled by auto-offset has been roughly a third of the value settled over the same period in 2013 (Graph 6). The value of priority payments has stayed relatively constant, which is likely to be a reflection of participants' liquidity management strategies.
3.5 Credit Risk and Collateral
RITS is an RTGS system; that is, payments are settled individually and irrevocably in real time. RITS provides no guarantee that queued payments will settle, with any payments remaining on the queue at the end of the day removed from the queue. As an RTGS system, RITS participants are not exposed to unintended credit risk: since customer accounts are not updated before interbank settlement is completed (with finality), exposures between participants do not arise.[20]
3.5.1 Asset-backed securities
The Bank is not exposed to any financial risks in the RITS's settlement process. The Bank does, however, incur credit risk through the provision of liquidity to participants in support of settlement activity, which it manages by taking collateral under repo. By lending on a collateralised basis, the Bank would only face a loss if a RITS participant failed to repurchase securities sold under repo and the market value of the securities fell to less than the agreed repurchase amount. To manage the latter risk, the Bank only accepts selected highly rated debt securities denominated in Australian dollars as collateral. These securities are conservatively valued, and subject to haircuts and daily margin calls.
In light of the relative scarcity of Australian dollar government, semi-government and bank-issued debt securities, the Bank has permitted the use of certain related-party assets issued by bankruptcy remote vehicles, such as self-securitised residential mortgage-backed securities (RMBS), as collateral in open repos for participants involved in the DE payments exchange. These securities are subject to an additional haircut and additional reporting requirements. As discussed in Section 3.4.1, open repo has led to a significant increase in the average liquidity available in RITS and now accounts for the majority of this liquidity. As a result, the Bank's exposure to related-party assets has increased. As at 30 June 2014, around 90 per cent of the outstanding amount of open repos was backed by these self-securitised assets.
To enhance its risk management of these securities, as well as asset-backed securities more broadly, from 30 June 2015 the Bank will introduce new criteria to require issuers of asset-backed securities (or third parties) to provide more detailed information in order for these securities to be eligible for use in the Bank's operations.[21] This is a decision that the Bank has taken when considering its own risk appetite and monetary policy objectives. As noted in the introduction to Section 3, the Bank's view is that nothing in the Principles is intended to constrain central bank policies on credit provision or eligible collateral.
3.5.2 ASX Collateral
In April 2013 the Bank became a Foundation Customer of ASX Collateral, a collateral management service developed in partnership with Clearstream, a Luxembourg-based FMI provider.[22] As agent for the Bank's repos, ASX Collateral is responsible for ensuring that securities delivered to the Bank's Austraclear account are appropriately valued and meet the Bank's eligibility requirements. Since February 2014, RITS participants have had the option to use ASX Collateral services for certain types of repos in a subset of eligible securities.[23] To date, the use of ASX Collateral for repos with the Bank has been limited. As a result, only around 8 per cent of the outstanding amount of collateral securities held by the Bank under term repos is held via ASX Collateral. However, participants' use of ASX Collateral may increase in the future.
Securities provided to the Bank under repo through ASX Collateral are held in special purpose ‘collateral accounts’ in Austraclear. Securities in these accounts can only be transferred based on instructions from ASX Collateral. For this reason, the Bank relies on the availability of ASX Collateral to be able to promptly access the securities held in its collateral accounts and, in the case of a default, liquidate those securities in a timely manner.
While ASX Collateral is not itself subject to direct regulation as an FMI, the Bank's Financial Stability Standards for Securities Settlement Facilities (SSF Standards) set requirements for critical interdependent systems.[24] Accordingly, in light of the interdependence between ASX Collateral and Austraclear, in its assessment of Austraclear against the SSF Standards, the Bank has sought to establish that the standards for operational resilience at ASX Collateral (including the link with Clearstream) are consistent with those that apply to Austraclear. The Bank also monitors these interdependencies in the context of Austraclear as a key feeder system to RITS, to gain assurance that these would have no adverse implications for the operation of RITS.[25]
3.6 Legal Basis
The Bank seeks external legal advice on material amendments to the RITS Regulations and associated contractual agreements, including on the interaction of such amendments, where relevant, with Australian laws and regulations. While the RITS Regulations are comprehensive, changes in functionality and activity since the launch of RITS have added to their complexity. As discussed in the 2013 Assessment, the Bank has commenced a review of the RITS Regulations with the aim of identifying any areas where the clarity of the RITS Regulations could be improved.
Over the past year, the Bank has engaged a law firm to conduct the review. Following an extensive information-gathering exercise, this law firm has developed an initial proposal that the Bank is currently reviewing.
Recommendation. The Bank should continue its review of the RITS Regulations with the aim of identifying any areas where the clarity of the RITS Regulations could be improved.
3.7 Risk Management Framework
The Bank has a well-established organisation-wide risk management framework which facilitates the identification, assessment and treatment of all non-policy risks – including those arising from its operation of RITS – at both an enterprise (‘top-down’) and business (‘bottom-up’) level. To enhance this framework, the Bank has recently published a Risk Appetite Statement (the Statement), which provides an outline of the Bank's approach to managing its most significant risks.[26]
In particular, the Statement sets out the Bank's approach towards its key strategic, financial, people and culture, and operational risks. Of specific relevance to the Principles, the Statement covers:
- Credit risk. The Bank has a very low appetite for credit risk. The Bank manages this risk carefully by applying a strict set of criteria to investments, confining its dealings to institutions of high creditworthiness and ensuring exposures to counterparties are appropriately collateralised with high-quality assets and conservative haircuts.
-
Operational risk. The Bank generally has a low appetite for operational
risk, and makes resources available to control operational risks to acceptable
levels. In particular, the Statement notes that the Bank has a very low appetite
for:
– risks to the availability of systems which support its critical business functions related to interbank settlements
– threats to Bank assets arising from external malicious cyber attacks
– IT system-related incidents which are generated by poor change management practices.
All Heads of Department are responsible for the implementation of, and compliance with, the Statement. The Statement is reviewed annually, or whenever there is a significant change to the Bank's operating environment. Proposed changes to the Statement must be endorsed by the Executive Committee following review by the Risk Management Committee.
The Bank has also established a new Technology Committee that, in collaboration with the Risk Management Committee and the relevant business areas, facilitates the assessment, monitoring and management of IT risks, and ensures any IT-related initiatives are consistent with the Bank's overall technology strategy.
3.8 Operational Risk Management
3.8.1 Identifying and managing operational risk
The key operational target is for RITS to be available to its participants in excess of 99.95 per cent of the time. Availability is measured relative to the total number of hours that the system is open for settlement and reporting. In the nine months to the end of September 2014, RITS was available 99.98 per cent of the time (Table 5). During that period there was only one incident that affected the availability of RITS. This incident involved a disruption to the connection to SWIFT for 17 minutes. During the incident, RITS was still available through Austraclear and via the internet, and it continued to settle transactions (for further background on how RITS manages external feeder systems and other dependencies, see Section 3.8.3). A subsequent incident in early October delayed the start of the Morning Settlement Session for 36 minutes. Any incident that affects the normal operation of RITS is investigated thoroughly and actions are taken to prevent a recurrence or to mitigate any potential future impact.
RITS also has capacity targets. These include: a processing throughput target, which aims to ensure that RITS is able to process the peak day's transactions in less than two hours (assuming no liquidity constraints); and a projected capacity target, which specifies that RITS should be able to accommodate projected volumes 18 months in advance with 20 per cent headroom. RITS is regularly tested against these targets and continues to meet them.
Network and system monitoring
In 2012, RITS availability was slightly below the target – for the first time since 2007 – largely due to a single RITS operational incident.[27] As described in the 2013 Assessment, the Bank commissioned internal and external reviews with the aim of identifying both the root cause of the incident and actions to improve the efficiency and effectiveness of service restoration after a disruption. During the 2013 Assessment period, the Bank implemented a number of enhancements to RITS's operational risk procedures and controls that were recommended in the reviews, specifically:
- improvements to its network and systems monitoring, which enhance the ability to identify the source of disruptions and thus improve times for service restoration
- improvements to internal communications procedures during an incident
- enhancement of the functionality that automates retrieval of SWIFT messages.
Consistent with its commitments in the 2013 Assessment, the Bank has completed the remaining recommendations from these reviews. In particular, further measures to enhance the monitoring of RITS's network and systems were implemented in December 2013. These will improve the Bank's ability to identify and respond to system problems. These enhancements comprise new tools that automate the testing of the availability of RITS components. If any issues are detected by the tools, an email alert is automatically sent to the relevant Bank staff.
RITS core infrastructure renewal
In line with its commitment in the 2013 Assessment, the Bank completed the upgrade to the core infrastructure of RITS in June 2014. This upgrade was part of the Bank's commitment to continuously improve the resilience of RITS, and involved a renewal of the back-end technological infrastructure. This included the replacement and re-engineering of the critical software and hardware components that underpin the operation of RITS. The renewal has increased the performance and resilience of RITS, reduced the complexity of system maintenance, and will facilitate the implementation of the Fast Settlement Service (see Section 3.2.2). The new technology also features enhanced vendor monitoring and technical support, including real-time alerts and remote deployment of critical patches, should they be necessary. To ensure these additional features are delivered in a manner that meets the Bank's requirements, the Bank has executed a service level agreement with the vendor that sets out response times and the level of support expected.
The project was governed as part of an ongoing program of work to support and enhance RITS and was overseen by a Steering Committee comprised of senior specialist Bank officers, as well as senior representatives from the Bank's Risk and Compliance and Audit Departments. The Bank used a number of controls to ensure that the renewal did not affect business-as-usual RITS settlement services. The upgrade of the technology occurred outside of RITS operating hours, and was subject to extensive testing, including connectivity, capacity and failover testing, prior to go-live. The Bank also reviewed and updated its operational procedures and controls to reflect the changes arising from the renewal. In addition, the new technology was made available to RITS participants in a pre-production environment prior to its implementation. The renewal was also the first project delivered under the Bank's new project management framework (see below).
Project and change management
During the Assessment Period, the Bank finalised enhancements to its organisation-wide project and change management practices.
The enhancements to the Bank's project management practices include the formalisation of a new enterprise-wide project management framework. The new framework, which is consistent with international best practice, is expected to be fully implemented by mid 2015. In addition, the Bank has created a new functional area, the Enterprise Project Management Office, to oversee major initiatives. This will improve the governance of these initiatives, and will also increase their visibility to the senior executives.
The Bank also finalised a new IT change management policy during the Assessment period, which promotes strong control of risks associated with changes to the Bank's IT services and systems. The policy is aligned to standards that are considered best practice in the information and technology and finance industries, including:
- Information Technology Infrastructure Library, Version 3
- ISO Standard 20000: IT Service Management.
In addition to enhancing the Bank's change management processes and procedures, the policy will improve the governance of change management. These improvements include greater clarity in the risk assessment process and better representation of business and technical stakeholders on the governance bodies that oversee change management.
Cyber security
As the role of technology in the provision of financial services continues to expand, cyber-related issues are emerging as a growing systemic threat. This has been acknowledged both in Australia and overseas. The Financial System Inquiry Interim Report highlighted the increasing prevalence of cyber attacks and the potential for such attacks to be a source of systemic risk.[28] Internationally, a working group of the CPMI has been analysing the implications of cyber-related issues for FMIs, as well as FMIs' current practices in this area (see Box A). FMI overseers in other jurisdictions are also increasingly focusing on cyber security as a key priority. For instance, the Bank of England has identified cyber-related issues as a supervisory priority for all the FMIs it supervises.[29]
Box A: CPMI Report on Cyber Security
On 11 November the CPMI published a report that describes the potential threat of cyber attacks to FMIs and FMIs' evolving practices in relation to cyber resilience.[a1] The report reflects insights from liaison by members of the group (including from the Bank) with FMIs in a number of CPMI jurisdictions, which took place in the first half of 2014.
The report notes that FMIs have generally established comprehensive frameworks to mitigate the risk of a cyber attack. These frameworks typically have three characteristics:
- they address a number of potential scenarios resulting from a cyber attack, including a loss of confidential data, an FMI's systems being unavailable and corruption of an FMI's data or systems
- their scope is broader than just measures to protect IT infrastructure; they also cover people, governance, processes and communication
- they include a wide variety of controls to ensure that cyber attacks are prevented from occurring, that successful attacks are detected, and that services can be recovered after an attack.
While there are no measures that would guarantee the protection of an FMI's IT infrastructure from cyber attacks, the report highlights a number of existing and emerging preventive and detective controls used by FMIs, as well as measures to recover from a cyber attack. Notably, liaison suggests that in the past FMIs have focused their resources on prevention; however, they are now increasingly working to diversify their strategies to include more sophisticated mechanisms for detection and recovery as well.
The report analyses expectations related to cyber resilience in the Principles, including around FMIs' governance arrangements and operational risk management frameworks. It also considers the extent to which FMIs' business continuity plans target a two hour recovery time and completion of processing by the end of the relevant business day in the event of a cyber attack. Many of the FMIs interviewed noted that recovering their operations within two hours of an extreme cyber event would currently be challenging. Nevertheless, the report encourages further investment to move the industry towards achieving faster target recovery times.
Footnote
CPMI (2014), Cyber Resilience in Financial Market Infrastructures, November, available at <http://www.bis.org/cpmi/publ/d122.htm>. [a1]
At the Bank, cyber resilience – in relation to both RITS and the Bank's operations more broadly – is overseen by the Risk Management Committee as part of the Bank's enterprise-wide risk management framework. To support its cyber security framework, the Bank has a dedicated team of cyber security specialists. Its cyber security practices are informed and supported by domestic and international best practice, including strategies for mitigating cyber intrusions developed by the Australian Signals Directorate. The Bank recognises that both the nature of cyber-related issues and industry best practice are rapidly evolving and will continue to monitor developments in industry best practice over the coming Assessment period.
Recommendation. The Bank should keep under continued review its approach to cyber security, and in particular its mechanisms for prevention and detection, and its plans to recover from a cyber-related incident.
3.8.2 Business continuity arrangements
Business continuity arrangements in RITS include detailed contingency plans, which are updated at least annually and are tested regularly. Recovery time is targeted at equal to or less than 40 minutes, depending on the nature of the operational disruption. Core business data are protected through synchronous mirroring to a geographically remote second site. This is achieved through the use of specialised database technology, which has automated failover capabilities so that, in the event of a site outage, no data would be lost when switching to the second site. This technology is also designed to be resilient to the failure of individual system components and allows for patching to occur with no downtime. Full redundancy exists at both sites, ensuring that there is no single point of failure at either site. Both sites are permanently staffed and, since late 2009, live operations have been rotated between the two sites on a regular basis. Staff rotations and cross-training ensures that critical functions are not dependent on particular individuals. The Bank also has succession planning processes in place for key positions.
Redundancy in the design of RITS provides a valuable contingency in the event of a physical disruption, such as a hardware failure or isolated communications issue. However, the two sites operate on similar technology and are potentially equally vulnerable to a software issue and certain data corruptions. In such extreme scenarios, if RITS was unable to recover for an extended period of time, transactions from the SWIFT PDS and Austraclear feeder systems, which account for the majority of value and volume of payments settled in RITS, could be settled using ‘fallback arrangements’. These arrangements would involve the multilateral netting and settlement of transactions arising from those systems.
Recently, some central banks have implemented, or plan to implement, ‘non-similar facilities’ (NSFs) to enhance their contingency arrangements for data or software disruptions. The most prominent example of an NSF is the Market Infrastructure Resiliency Service (MIRS), developed by SWIFT in conjunction with a number of central banks. The Bank of England introduced MIRS in February 2014 for its RTGS system, CHAPS. The Hong Kong Monetary Authority and Bank of Norway have also recently announced that they intend to use MIRS for their RTGS systems. NSFs have also recently been highlighted in the CPMI report on cyber security as a potential option to assist in recovering from a cyber attack (see ‘Box A: CPMI Report on Cyber Security’).
An NSF replicates certain functionality of a systemically important payment system (or other FMI), but uses different technology from that used by the primary system. An NSF could potentially enhance an FMI's resilience by:
- adding diversity in the technological infrastructure, such that it would be resilient to a software or cyber-related disruption experienced by the primary facility
- maintaining an independent record of transactions and positions, which could be used to identify corrupted transactions
- providing additional geographical diversity in an FMI's operational sites
- continuing to settle on an RTGS basis, mitigating the credit risk inherent in fallback arrangements that rely on deferred net settlement.
However, NSFs are costly and implementing an NSF could increase the complexity of an FMI's operations. Moreover, implementing an NSF may not be the only way to achieve some of these enhancements. For instance, the maintenance of an independent record of transactions and positions could potentially be achieved by storing data outside the primary system without requiring the full functionality of an NSF. Similarly, an additional operational site would increase geographical diversity even if it was not used to operate an NSF.
The Bank is committed to enhancing the resilience of RITS on an ongoing basis. Given recent international developments, it is recommended that the Bank examine the benefits, challenges and costs of implementing a range of measures that could further enhance the resilience of RITS and facilitate timely recovery.
Recommendation. The Bank should examine the benefits, challenges and costs of implementing a range of measures that could further enhance the resilience of RITS and facilitate timely recovery from an operational incident.
3.8.3 External systems and other dependencies
External feeder systems to RITS consist of Austraclear and SWIFT. Over the Assessment period, availability of the Austraclear system and SWIFT services exceeded the minimum availability target for RITS of 99.95 per cent (see Table 5, above). The Bank has entered into agreements with these service providers. The agreements set out the expected response times and level of support should an issue arise. The close link between Austraclear and ASX Collateral (which is discussed in Section 3.5.2) could also have implications for the operation of RITS.
RITS also has critical dependencies on utility providers. To manage these dependencies, each site is connected to two separate electricity grids. All external communications links to data centres are via dual, geographically separated links. Each operational site also has uninterruptable power supply.
In recognition that efficient operation of RITS is also dependent on the operational reliability and resilience of its participants, in May 2013 the Bank published its Business Continuity Standards for RITS participants. These standards aim to promote ‘high availability’ in RITS payments processing operations, requiring both resilience of system components and rapid recovery if failover to alternative systems is required.[30],[31] The Business Continuity Standards take into account the relevant requirements of Australian Payments Clearing Association (APCA) and the Australian Prudential Regulation Authority (APRA) and are intended to complement those requirements.
To allow time for participants to meet the Business Continuity Standards, the Bank has set a deadline of 30 September 2015 for participants to become fully compliant. Consistent with its commitments in the last Assessment, the Bank continues to monitor RITS participants' compliance with the new standards. The Bank received participants' second annual self-certifications against the new standards as at the end of 2013, at which point 63 per cent of RITS participants were fully compliant with the standards. Of the participants that are yet to be fully compliant, many have indicated that they expect to be compliant by the end of 2014, or during the first half of 2015.
Recommendation. The Bank should continue to monitor RITS participants' compliance with the new Business Continuity Standards.
Footnotes
Specifically, paragraph 1.23 of the Principles (p 13) states:
‘In general, the principles are applicable to FMIs operated by central banks,
as well as those operated by the private sector. Central banks should apply
the same standards to their FMIs as those that are applicable to similar
private-sector FMIs. However, there are exceptional cases where the principles
are applied differently to FMIs operated by central banks due to requirements
in relevant law, regulation, or policy. For example, central banks may have
separate public policy objectives and responsibilities for monetary and liquidity
policies that take precedence. Such exceptional cases are referenced in (a)
Principle 2 on governance, (b) Principle 4 on credit risk, (c) Principle
5 on collateral, (d) Principle 15 on general business risk, and (e) Principle
18 on access and participation requirements. In some cases, FMIs operated
by central banks may be required by the relevant legislative framework or
by a central bank's public policy objectives to exceed the requirements
of one or more principles.’
[6]
RBA (2012), Strategic Review of Innovation in the Payments System: Conclusions, June. [7]
For further information, see Fraser S and A Gatty (2014), ‘The Introduction of Same-day Settlement of Direct Entry Obligations in Australia’, RBA Bulletin, June, pp 55–64. [8]
For more information on the operational changes to RITS, see RBA (2013), ‘Box A: Developments in Retail Payments Settlement Arrangements’, 2013 Self-assessment of the Reserve Bank Information and Transfer System, December, p 7. [9]
For more information, see RBA (2012), Strategic Review of Innovation in the Payments System: Conclusions, June. [10]
The PEXA transfer and settlement functionality is currently only available in New South Wales. However, it is expected to become available in the remaining states and the Northern Territory throughout 2015. [11]
However, where funds have been reserved during the RITS day session but PEXA only sends the settlement request after the end of the day session, the property batch will be settled during the ‘evening settlement session’, even if one of the participants is not an ‘evening agreed’ settlement participant. [12]
The reservation request is rejected if one (or more) of the paying RITS participants in a given batch does not have sufficient funds in its ESA. [13]
See Standard 9.1 of the CCP Standards, available at <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/standards/central-counterparties/2012/>. [14]
As a participant's obligation to LCH.C Ltd is only deemed to be met once funds have been transferred from the PPS bank to LCH.C Ltd's concentration bank for that currency, and any time permitted by the relevant payment system for the recall of any such payment has expired, LCH.C Ltd only has an exposure to its concentration banks and is not exposed to its PPS banks. [15]
A batch administrator may also be a settlement participant if it is a counterparty to the batch. For example, ASX Settlement is a settlement participant and batch administrator for the CHESS batch. [16]
Open repos will also be used to provide liquidity to banks under the Committed Liquidity Facility. For more information, refer to ‘The Implementation of the Basel III Liquidity Standards’, available at <https://www.rba.gov.au/mkt-operations/dom-mkt-oper.html>. [17]
In the exceptional case that a participant is unable to reverse an intraday repo with the Bank by the end of the day, the transaction can be converted to an overnight repo. Interest would then be charged at 25 basis points above the cash rate target. [18]
The cap is determined as a multiple of a participant's expected DE obligations. To limit the need for ESA holders to contract intraday repos on a regular basis, the Bank may agree to contract an amount of open repos (at the cash rate target) over and above the stipulated minimum position for an account holder. This includes ESA holders that do not participate directly in the settlement of DE obligations in RITS. These maximum permitted positions in open repos are reviewed at least annually. [19]
By contrast, unintended interbank exposures can arise during the settlement process in systems that settle on a deferred net basis, since banks may update customer accounts when payment messages are exchanged, rather than awaiting the completion of interbank settlement. [20]
The additional information, which will have to be kept up to date, covers both transaction-related data as well as information on the underlying assets. The data will help the Bank price self-securitised RMBS, for which there are no market prices, as well as refine the price of certain other asset-backed securities. Another objective of the enhanced reporting requirements is to promote broader transparency in the securitisation market. To this end, the Bank has made it a requirement that certain information be made publicly available if securities are to be eligible for the Bank's open market operations. For more information, see Aylmer C (2013), ‘Developments in Secured Issuance and RBA Reporting Initiatives’, Address to the Australian Securitisation Forum, Sydney, 11 November. [21]
For more information on ASX Collateral, see RBA (2013), ‘Box B: ASX Collateral’, 2013 Self-assessment of the Reserve Bank Information and Transfer System, December, p 12. [22]
The subset of eligible securities comprises: Commonwealth Government Securities; semi-government securities; eligible securities issued by supranational agencies; eligible securities issued and/or guaranteed by foreign governments; and eligible bank-accepted bills and certificates of deposit with less than 12 months to maturity. [23]
See Standard 14.9 of the SSF Standards. [24]
For more information on ASX Collateral and its implications for Austraclear, refer to the 2013/14 Assessment of ASX Clearing and Settlement Facilities, available at <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/assessments/2013-2014/>. [25]
The Risk Appetite Statement is available at <https://www.rba.gov.au/about-rba/risk-appetite-statement.html>. [26]
For more information on the incident, see RBA (2013), ‘Box D: September 2012 RITS Incident’, 2013 Self-assessment of the Reserve Bank Information and Transfer System, p 25. [27]
Financial System Inquiry (2014), Financial System Inquiry Interim Report (D Murray, Chair), July, available at <http://fsi.gov.au/publications/interim-report/>. [28]
Bank of England (2014), The Bank of England's Supervision of Financial Market Infrastructures – Annual Report, March, available at <http://www.bankofengland.co.uk/publications/Documents/fmi/fmiap1403.pdf>. [29]
For more information on the participant Business Continuity Standards, see RBA (2013), ‘Box E: Participant Business Continuity Standards’, 2013 Self-assessment of the Reserve Bank Information and Transfer System, p 27. [30]
Since the 2013 Assessment, a minor change that modifies the requirement that participants maintain multiple methods of communication has been made to Business Continuity Standards. In addition, the Bank has issued additional guidance notes to participants. [31]