2015 Assessment of the Reserve Bank Information and Transfer System 1. Introduction and Executive Summary

A key element of the Payments System Board's (the Board) responsibility for the safety and stability of payment systems in Australia is oversight of systemically important payment systems. Currently, the Bank considers that the Reserve Bank Information and Transfer System (RITS) is the only domestic systemically important payment system for which an assessment against international principles is necessary. This reflects the fact that RITS accounts for the majority of interbank settlements in Australia, and that RITS has a central role in settling time-critical payments and payment obligations arising in other financial market infrastructures (FMIs).

In light of this, the Bank has committed to assess RITS annually against the Principles within the Principles for Financial Market Infrastructures (the Principles), developed by the Committee on Payment and Market Infrastructures (CPMI) and the Technical Committee of the International Organization of Securities Commissions (IOSCO).^[1]

This report presents the third Assessment of RITS against the Principles. This Assessment has been carried out independently by the Bank's Payments Policy Department in accordance with the approach and rating system set out in the Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology (the Disclosure Framework) produced by CPMI and IOSCO in December 2012.^[2]

This Assessment concludes that RITS observed all of the relevant Principles. In the spirit of continuous improvement, however, a number of recommendations have been made.

1.1 Background

RITS is owned and operated by the Bank. The Bank seeks to ensure effective oversight of RITS by separating the Bank's operational and oversight functions, as well as by transparent Assessments against international standards. This report has been produced by the Bank's Payments Policy Department, which is the functional area responsible for oversight of the payments system, drawing on information provided by the Bank's Payments Settlements Department, which is the functional area responsible for operating RITS (see Section A.1 for further background on the governance and oversight of RITS). It has been endorsed by the Board.

This Assessment focuses on the critical services provided by RITS; in particular, RITS's role as a real-time gross settlement (RTGS) system. In RTGS systems, individual payments are processed and settled continuously and irrevocably in real time. RITS also has a role in the settlement of interbank payment obligations arising from net settlement systems, which is discussed where relevant. To the extent that the matters covered by the Principles are managed outside of Payments Settlements Department, these have also been considered in the Assessment.

1.2 Material Developments

This Assessment was conducted during the 12 months to the end of October 2015 (the Assessment period) and covers developments since the last Assessment of RITS, published in December 2014. The key developments are:

• the continued development of a revised version of the RITS Regulations, with a view to improving their clarity

• the initiation of two projects to assess RITS's operational resilience, with respect to:

  – the adequacy of mechanisms in place to prevent a cyber-related incident, including a comprehensive program of penetration testing

  – RITS's ability to detect and recover from a disruption of service, or loss of software or data integrity, resulting from a wide range of operational incidents, including a cyber attack

• the collection of more detailed information on asset-backed securities to enhance the Bank's risk management when providing cash under repurchase agreements (repos) against those assets.

1.3 Assessment

On the basis of the evidence presented in this report, the Assessment concludes that RITS observed all of the relevant Principles in the Assessment period. The Bank nevertheless continues to work to ensure that the operation of RITS meets international best practice on an ongoing basis. Consistent with this, Payments Policy Department has made recommendations in two areas:

• Legal basis. The Bank should continue to work towards implementation of new RITS Regulations, with a view to improving their clarity.

• Operational risk.

  – The Bank should complete its analysis and testing of the mechanisms in place to prevent a cyber-related incident and consider whether additional measures need to be put in place.

  – The Bank should complete its project to review and consider options to improve RITS's ability to detect and recover from a disruption of service, or loss of software or data integrity, resulting from a wide range of operational incidents, including a cyber attack.

  – The Bank is encouraged to review its cyber-risk management arrangements in light of forthcoming CPMI-IOSCO guidance on cyber resilience for FMIs when it is published.

The remainder of this report is structured as follows. Section 2 summarises in tabular form the progress towards implementing the recommendations in the 2014 Assessment, as well as the conclusions and recommendations arising from the 2015 Assessment of RITS. Section 3 summarises material developments in relation to RITS and its operating environment since the 2014 Assessment. Where relevant, the implications for RITS's observance of the Principles, and planned enhancements, are noted. Appendix A provides background information on RITS and its operating environment. Finally, the detailed assessment of RITS against the Key Considerations for each relevant Principle is provided in Appendix B.

Footnotes

The Joint Statement by the RBA and ASIC, Implementing the CPSS-IOSCO Principles for Financial Market Infrastructures in Australia. [1]

CPSS-IOSCO (2012), Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology, December, available at <http://www.bis.org/cpmi/publ/d106.htm>. [2]