2024 Assessment of the Reserve Bank Information and Transfer System 1. Executive Summary

Download the complete Document 886KB

The Reserve Bank Information and Transfer System (RITS), Australia’s high-value payments system, is owned and operated by the Reserve Bank of Australia (RBA). This report presents a detailed assessment of RITS against the Principles for Financial Market Infrastructures (PFMI).^[1] The assessment has been prepared by the RBA’s Payments Policy Department and endorsed by the Payments System Board. It provides an update as at end March 2024 from the 2022 Detailed RITS Assessment and the 2023 Targeted RITS Assessment.

This assessment has concluded that the published ratings of the 2023 Targeted Assessment should be retained. Specifically, RITS observed all relevant PFMI, except for: Principle 2 (Governance), which it broadly observed; Principle 3 (Framework for the comprehensive management of risks), which it partly observed; and Principle 17 (Operational risk), which it partly observed. To fully observe Principles 2, 3 and 17 of the PFMI, the program of work established following the RBA’s 2022 technology outage should be progressed and intended outcomes delivered. The Payments System Board expects this program of work to have materially advanced by 31 March 2026.

While this assessment does not make additional recommendations, three areas of oversight focus for the forthcoming assessment period are established:

FSS readiness for BECS migration – A target date of June 2030 has been set for the decommissioning of the Bulk Electronic Clearing System (BECS). The RBA’s Fast Settlement Service (FSS) will be required to settle a significantly larger volume of transactions when BECS transactions have migrated to the New Payments Platform (NPP). The RBA’s planning and preparation for the FSS to support industry migration will be an area of focus, especially given the risk assessment being performed as part of the commencement of overseeing BECS as a prominent payment system.
Management of change – The RBA is managing a number of significant change programs intended to deliver long-term improvements once fully implemented. In the meantime, the volume and competing time scales across multiple projects creates an environment of heightened risk for the operations of RITS. The RBA’s management of this risk will be an area of oversight focus over the coming period, with a focus on how any potential risks associated with the changes are being managed.
Cyber resilience – Payments Policy Department will continue to monitor the ability of RITS to remain resilient in the face of evolving cyber-security threats. This includes assessing progress in enhancing the cyber defences of RITS, and the ability of RITS to recover from cyber-attacks in a timely manner.

Footnotes

The PFMI are internationally recognised principles developed by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO). The contents, approach and ratings of this assessment are consistent with relevant CPMI-IOSCO guidance. For more information see: Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology and Application of the Principles for Financial Market Infrastructures to Central Bank FMI. [1]