Payments System Board Annual Report – 2016 Oversight of High-value Payment Systems

The Payments System Board oversees Australia's systemically important payment systems, notably Australia's real-time gross settlement system, the Reserve Bank Information and Transfer System.

An important part of the Board's responsibility for the safety and stability of payment systems in Australia is the oversight of systemically important payment systems.

To date, two payment systems have been identified by the Bank as systemically important: the Reserve Bank Information and Transfer System (RITS) and CLS Bank International (CLS). Together, these systems account for the majority of payments settled by value (Table 6).

The Bank has also identified SWIFT as a provider of critical services to both RITS and CLS, since both systems depend on SWIFT's communications platform and other services to process payments and exchange information with their participants. SWIFT also provides critical services to other FMIs and many other entities in the financial system.

Reserve Bank Information and Transfer System

RITS is primarily an RTGS system, which settles transactions on an individual basis in real time across ESAs held at the Bank.[15] RITS is owned and operated by the Bank.

Day-to-day operations, liaison with participants, and the ongoing development of RITS are the responsibility of the Bank's Payments Settlements Department. Oversight of RITS is the responsibility of the Bank's Payments Policy Department, within the policy framework for which the Payments System Board has responsibility.

Assessment against international standards

A key part of the Board's oversight of RITS is the annual assessment of RITS against international standards. The relevant standards are the PFMIs, developed by CPMI and the International Organization of Securities Commissions (IOSCO).

The Bank's 2015 assessment of RITS was endorsed by the Board and published in November 2015. The Bank concluded that RITS had fully observed all of the relevant principles.[16] The assessment noted a number of developments that had occurred since the previous assessment published in December 2014. These included:

  • the continued development of a revised version of the RITS Regulations (the rules that govern RITS members' participation in RITS) with a view to improving their clarity
  • the initiation of two projects to assess RITS's operational resilience, with respect to the adequacy of mechanisms for the prevention of a cyber-related incident and its plans to detect and recover from a wide range of operational incidents (including a cyber attack)
  • the collection of more detailed information on asset-backed securities to enhance the Bank's risk management when providing cash under repurchase agreements (repos) against those assets.

Consistent with the Bank's ongoing effort to ensure that the operation of RITS will continue to meet international best practice in the future, the 2015 assessment made recommendations in the areas of legal basis and operational risk. In particular, the recommendations reiterated that the Bank should continue to work towards implementation of new RITS Regulations and encouraged the Bank to complete its ongoing projects to assess RITS's operational resilience. The Bank was further encouraged to review its cyber risk management arrangements for RITS in light of forthcoming CPMI-IOSCO guidance in cyber resilience for FMIs, which was published in June 2016.

Fast Settlement Service

The FSS is being developed by the Bank to facilitate the final and irrevocable settlement of each individual payment arising in the NPP, 24 hours a day, seven days a week.

The FSS will be a RITS service, owned and operated by the Bank. Accordingly, direct users of the FSS will be RITS participants bound by the RITS Regulations. Although the FSS will rely on part of the existing RITS infrastructure, the systems are expected to operate on separate technological platforms. This will allow the RITS core settlement service and the FSS to process and settle payments independently of one another.

The FSS is expected to be completed in 2017. Once the FSS is launched it is the Bank's intention that, to the extent that the FSS provides critical services, it would be assessed against the PFMIs as part of the annual assessment of RITS.

Property settlements

Property settlement functionality was introduced in RITS in November 2014 to support PEXA's national electronic conveyancing system. Using this functionality, PEXA can submit linked property transactions for settlement as individual multilateral net batches. The settlement of each batch is independent of other property settlement batches. Where there is interdependence between batches (e.g. if there is a chain of property settlements), PEXA manages the order and timing of these property settlements accordingly. The volume and value of property batches settling in RITS has grown quickly since its introduction (Graph 9), though they remain a very small proportion of overall activity in RITS.

CLS Bank International

CLS is an international payment system that links the settlement of the two legs of a foreign exchange transaction. By operating such a payment-versus-payment settlement mechanism, CLS allows participants to mitigate foreign exchange settlement risk – the risk that one counterparty to a transaction settles its obligation in one currency, but the other counterparty does not settle its obligation in the other currency. CLS currently settles 18 currencies.

CLS is regulated, supervised and overseen by the US Federal Reserve, in cooperation with an Oversight Committee that includes the Reserve Bank and the other central banks that issue CLS-settled currencies. Through this forum, the Bank contributes to the assessment of the ongoing adequacy and robustness of CLS's risk controls. The Bank also uses this forum to oversee how well CLS meets relevant international standards. The Board is updated periodically on material developments.

The Oversight Committee has monitored closely a number of developments in the design, operation and activities of CLS during 2015/16. CLS has continued to make progress in expanding its service offerings. In particular, CLS successfully added the Hungarian forint to its list of settled currencies and launched its cross-currency swaps service in November 2015. In partnership with TriOptima, CLS launched a compression service for foreign exchange (FX) forward transactions and completed the first compression run in October 2015. CLS has also been developing a CCP settlement service and is seeking to introduce additional membership models to grow participation in CLS and further mitigate settlement risk in the FX market.

SWIFT

While SWIFT is not a payment system, it provides critical communications services to both RITS and CLS, as well as other FMIs and market participants in Australia and overseas. Consequently, the Bank participates in international cooperative arrangements that facilitate oversight of SWIFT.

SWIFT is primarily overseen by the SWIFT Oversight Group (OG), of which the G10 central banks are members. Since SWIFT is incorporated in Belgium, the OG is chaired by the National Bank of Belgium (NBB). The Reserve Bank is a member of the SWIFT Oversight Forum, a separate group established to support information sharing and dialogue on oversight matters among a broader set of central banks. The SWIFT Oversight Forum gives these central banks an opportunity to input into the OG's oversight priorities. Oversight of SWIFT is supported by a set of standards – the High-level Expectations – which are consistent with standards for critical service providers in the PFMIs.

During 2015/16, cyber resilience has remained an important focus of SWIFT and its overseers. During the first half of 2016, there were a number of reports of cyber attacks targeting participants of SWIFT's financial messaging network. The most prominent of these was the attack against Bangladesh Bank, which resulted in the theft of more than US$80 million. SWIFT confirmed that these attacks did not compromise SWIFT's network, software or core messaging services, but rather targeted vulnerabilities in users' local environments. In its communications to users, SWIFT noted the sophistication of the reported attacks and identified some shared features. For instance, in each case, the attackers have hidden traces of their actions, delaying detection of the fraud. In response to these events, SWIFT is taking action to enhance the resilience of its wider ecosystem. In particular, SWIFT has launched a customer security program. This program aims, among other things, to improve information sharing on threats and emerging best security practices, as well as to enhance security guidelines and provide audit frameworks for users of the SWIFT network.

SWIFT has also continued progress on its global payments innovation initiative, which establishes new protocols for cross-border payments in correspondent banking. SWIFT is targeting go-live in the first quarter of 2017 for all participating banks, including two Australian banks.

Footnotes

The Board has responsibility for the Bank's policy on access to ESAs. This policy is available at http://www.rba.gov.au/payments-and-infrastructure/esa/. [15]

The 2015 Assessment of the Reserve Bank Information and Transfer System is available at <http://www.rba.gov.au/payments-and-infrastructure/rits/self-assessments/>. [16]