2019 Assessment of the Reserve Bank Information and Transfer System 1. Executive Summary

Purpose

This report is an assessment of the Reserve Bank Information and Transfer System (RITS), which is operated by the Bank's Payments Settlements Department. The assessment is against the Principles for Financial Market Infrastructures (the Principles), which were developed by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO).[1] This Assessment has been carried out in accordance with the approach and rating system set out in the Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology (the Disclosure Framework) produced by CPMI and IOSCO in December 2012[2] and CPMI and IOSCO's Application of the Principles for Financial Market Infrastructures to Central Bank FMIs, published in 2015.[3] The Assessment was independently prepared by the Bank's Payments Policy Department and endorsed by the Payments System Board.

This report covers the period from April 2018 to March 2019.

Conclusion

This Assessment concludes that at end March 2019 RITS observed all the relevant Principles other than Operational Risk, which RITS broadly observed.

Recommendations and Oversight Focus for the coming Assessment Period

In light of the lessons learned from an outage on 30 August, Payments Policy Department recommends that the Bank:

  • implement planned actions that support the ability of RITS to recover within two hours of a disruption
  • carry out a contingency test to help assess the effectiveness of its contingency procedures and support the Bank's ability for critical information technology (IT) systems to resume operations for RITS within two hours during a disruptive event that affects both RITS and the Fast Settlement Service (FSS)
  • document its process for determining whether RITS or FSS should be prioritised for restoration.

In addition, as part of its ongoing oversight process Payments Policy Department will continue to monitor developments designed to ensure that RITS remains resilient in the face of evolving cyber-security threats. Specifically, Payments Policy Department will follow up on progress in the continued exploration of non-similar technology that could enable further enhancements to the ability to recover RITS from cyber attacks in a timely manner.

Footnotes

The Joint Statement by the RBA and ASIC, Implementing the CPSS-IOSCO Principles for Financial Market Infrastructures in Australia, is available at https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/principles/implementation-of-principles.html. [1]

See CPSS-IOSCO (2012), Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology, December. Available at <http://www.bis.org/cpmi/publ/d106.htm>. [2]

See CPMI-IOSCO (2015), Application of the Principles for financial market infrastructures to central bank FMIs, August. Available at <http://www.bis.org/cpmi/publ/d130.pdf>. [3]