2021 Assessment of the Reserve Bank Information and Transfer System 2. Summary and Review of Ratings and Recommendations
- Download the complete Document 1.4MB
RITS is Australia's high-value payments system, which is used by banks and other approved institutions to settle their payment obligations on a real-time gross settlement (RTGS) basis.[3] RITS is owned and operated by the Reserve Bank. The Bank seeks to ensure effective oversight of RITS by separating its operational and oversight functions, as well as by producing transparent assessments against international standards.
The Bank's Payments Policy Department – the functional area responsible for oversight of the Australian payments system – has produced this Assessment. In undertaking their assessment Payments Policy Staff worked closely with, and drew on information provided by, Payments Settlements Department – the functional area responsible for operating RITS. Payments Policy staff also sought feedback from other departments within the Bank, including those responsible for providing technology services for RITS (see section A.3 for further background on the governance and oversight of RITS). This report has been approved by the Payments System Board.
This Assessment focuses on the critical services provided by the Bank as operator of RITS, in particular the role of RITS as a wholesale RTGS system, as it is this role that makes RITS a systemically important payment system.[4] Currently, the Bank considers that RITS is the only domestic systemically important payment system for which an assessment against international principles is necessary.[5] This view reflects the fact that RITS:
- processes an aggregate value of Australian dollar payments that is high relative to other payment systems
- mainly handles time-critical and high-value payments
- is used to effect settlement of payment instructions arising in other systemically important financial market infrastructures.
The Fast Settlement Service (FSS), which settles transactions submitted via the New Payments Platform (NPP) feeder system, is also established under the RITS Regulations. However, focus on the FSS for the purposes of this Assessment is limited to its interaction with the core (wholesale) RITS system.[6] A similar approach is taken with the role RITS plays in the settlement of interbank payment obligations arising from net settlement systems, for example, those relating to cheque, direct entry and card transactions arising from the Low Value Settlement Service (LVSS).[7]
2.1 Progress against 2020 Recommendations
In the 2020 Assessment, RITS was found to observe all relevant Principles other than Principle 17 (Operational risk), which it was found to broadly observe (Table 2).[8] To observe Principle 17, Payments Policy Department recommended the Bank complete implementation of initiatives to support the continued operational stability of RITS as part of its TSIP.
In the year to March 2021, the Bank made progress across each of the initiatives identified under the TSIP. For example: resourcing of the Bank's IT shared services section was increased; the pilot of a new workload management tool was completed; a series of bespoke training modules were developed; and work to set up a central knowledge repository for relevant procedural documentation made substantial progress.
The TSIP program is still underway. Completion of the RITS-relevant initiatives within the program is expected in 2021. Work on related initiatives to be completed outside the program is also ongoing (see 3.1.1 below).
2.2 Developments in 2020 Areas of Oversight Focus
The 2020 Assessment noted that Payments Policy Department would monitor progress in two areas of oversight focus over the year to March 2021. These related to work to ensure that RITS remains resilient in the face of evolving cyber-security threats and the ongoing response to the COVID-19 pandemic. Table 1 summarises these areas of focus and the progress made during the assessment period.
Area of focus | Key developments |
---|---|
Exploration of enhancements to the ability to recover RITS from cyber-attacks in a timely manner | During the assessment period the Bank endorsed a project to establish a third-site data bunker for holding data from the Bank's most critical systems, including RITS. The data bunker enhances RITS's data resilience in the event of data corruption or loss caused by an operational incident, cyber security event, or the extended loss of one of the two primary data centres. |
Monitoring the Bank's ongoing response to the COVID-19 pandemic. | Over the assessment period, the Bank continued to adjust its response to the pandemic. During most of the assessment period RITS operated with remote working arrangements in place for most staff, while also maintaining an onsite presence for critical staff. In addition, the Bank continued to engage with RITS members and the operators of major feeder systems into RITS, to ensure they maintained appropriate contingency arrangements to minimise any potential impact on the operations of RITS. |
2.3 2021 Ratings, Recommendations and Areas of Oversight Focus
As at the end of March 2021, RITS was found to observe all of the relevant Principles, except for Principle 13 (Participant-Default Rules and Procedures) and Principle 17 (Operational Risk), which it broadly observed.
To observe Principle 13 (Participant-Default Rules and Procedures), Payments Policy Department recommends that the Bank formally document its decision-making and crisis-management arrangements in the event of a RITS member default, including consultation arrangements with other authorities and communications with industry.
To observe Principle 17 (Operational Risk), Payments Policy Department recommends the Bank:
- complete implementation of all initiatives related to the Bank's TSIP that are material to the continued operational stability of RITS (see 3.1.1 below)
- complete implementation of proposals to improve oversight of key maintenance activities conducted by external contractors on the Bank's critical infrastructure, including establishing an enhanced internal engineering review and advisory function.
Over the current assessment period, areas of particular interest for Payments Policy Department in its oversight of RITS will include:
- developments designed to ensure that RITS remains resilient in the face of evolving cyber-security threats. Specifically, Payments Policy Department will monitor progress in the implementation of the third-site data bunker and the continued exploration of other enhancements to the ability to limit exposure to cyber risk and recover RITS from cyber-attacks in a timely manner.
- the impact of planned upgrades to the Bank's physical infrastructure on the operational stability and resilience of RITS.
Principle | Rating[9] |
---|---|
|
Observed |
|
Broadly observed |
|
Not applicable |
(a) Principles 6, 10, 11, 14, 20 and 24 are not relevant for payment systems. |
Footnotes
This means that individual payments are processed and settled continuously and irrevocably in real time. [3]
‘RITS’ is used in this report to refer to the Bank as operator of RITS, as well as referring to the system itself. [4]
The Bank's Policy Statement on the Supervision and Oversight of Systemically Important Payment Systems is available at <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/principles/implementation-of-principles.html>. [5]
The NPP and FSS are not currently being used in ways that would trigger assessment against the Principles, based on the criteria for systemic importance listed in the Policy Statement. [6]
Further information on net settlement systems linked to RITS is provided in section A.5 of Appendix A. [7]
As noted, in undertaking this assessment Payments Policy Department has applied the approach and rating system set out in the Disclosure Framework. ‘Observed’ is the highest rating within this framework and is applied when Payments Policy Department assesses that ‘(An) FMI observes the principle. Any identified gaps and shortcomings are not issues of concern and are minor, manageable and of a nature that the FMI could consider taking them up in the normal course of its business.’ The full rating scale is set out in Appendix B. A rating of ‘broadly observed’ is applied when Payments Policy Department assesses that ‘(An) FMI broadly observes the principle. The assessment has identified one or more issues of concern that the FMI should address and follow up in a defined timeline.’ [8]
Further information on the application of the Principles to central bank financial market infrastructures such as RITS is available at <https://www.bis.org/cpmi/publ/d130.htm>. [9]