2020 Assessment of the Reserve Bank Information and Transfer System 3. Material Developments

This section draws out material developments relevant to RITS that have occurred since the 2019 Assessment. This Assessment covers the period from April 2019 to March 2020. Over this period, there have been material developments that are relevant to the Principles concerning operational risk (Principle 17), legal basis (Principle 1), access and participation requirements (Principle 19) and communication procedures and standards (Principles 22). To complement this section, background information on how RITS operates, activity and participation in RITS, and the operational performance of RITS over the assessment period is set out in Appendix A. A detailed assessment of how RITS meets the Principles (incorporating developments discussed in this section) is presented in Appendix B.

3.1 Operational Risk Management

This section discusses the material developments relevant to the operational risk management of RITS during the assessment period. A summary of the impact of COVID-19 on the operation of RITS is included in Box A.

3.1.1 IT operational stability review

In June 2019, the Bank completed a review of its IT operational practices following a number of new systems coming into production across the Bank and some incidents that affected usual operations. The aim of the review was to ensure the reliability of technology services and, in turn, the Bank's business operations, including RITS. The scope of the review included the processes used to manage applications, software development, infrastructure, changes, configuration, and releases and testing. The Bank engaged an external consultant to provide assistance.

The review identified a number of findings for improving operational stability of the Bank's key systems and included a number of recommendations to address these findings. While the review did not identify any significant concerns with the operational stability of RITS, the Bank has identified that implementation of the review recommendations is necessary in order to reduce risks to the stability of systems supporting RITS. The Bank has established an executive-level Technology Stability Steering Committee to oversee the implementation of the review's recommendations via a Technology Stability Improvement Program (TSIP).

The TSIP includes a number of initiatives aimed at improving the operational stability of RITS. These include:

  • Additional resourcing and training for IT roles supporting RITS. The review identified areas of improvement in relation to staff resourcing and training to address workload and workforce capacity concerns. In response, the Bank has increased staff resources that support RITS operations and carried out additional training for IT staff working on key systems. The Bank will be implementing a broader IT training and certification framework for key systems specialists in the next assessment period.
  • Improvements to software patching processes. The review identified some areas for improvement in the current patching arrangements for software supporting RITS. The Bank is expected to implement these actions over the coming assessment period and will also be implementing an upgrade to an automation tool used to deploy RITS software updates.

Once implemented, Payments Policy Department will consider whether these initiatives have been effective in addressing the findings of the IT operational stability review.

3.1.2 30 August 2018 power outage

On 30 August 2018, the Bank experienced a disruption to the power supplying the data centre at one of its sites, which abruptly cut off technology systems operating from that data centre, including those supporting RITS. Payment and settlement systems were gradually restored throughout the day, although backup processing capability for RITS at the affected site was not fully restored until 8 September 2018. In light of the lessons learned from that power outage, three recommendations were made in the 2019 Assessment in order for RITS to observe Principle 17 on Operational Risk:[11]

  • The Bank should implement planned actions that support the ability of RITS to recover the operations of critical IT systems within two hours of a disruption, including changes that support the automated failover of the RITS database in contingency scenarios affecting the primary site and improve the resilience of the FSS automatic failover process and systems.
  • The Bank should carry out a contingency test that assumes FSS does not failover automatically in a site outage to validate that its business continuity plan supports the recovery of RITS within two hours of a disruption in these circumstances.
  • The Bank should document its process for determining whether RITS or FSS should be prioritised for restoration in circumstances where there is a potential resource conflict.
  • The Bank has fully addressed the first recommendation. In May 2019, the Bank implemented a software update to fix the issue that had prevented the automatic failover of the FSS. The Bank had previously implemented a temporary workaround in the event that the issue had reoccurred. The Bank has also moved a server that supports the automated failover of the RITS database to a third site to remove the risk that this server is also impacted by the same contingency that affects systems at a production site. In February 2020, the Bank completed preparations for moving the server. Implementation occurred in June 2020.
  • The Bank has fully addressed the second recommendation. In October 2019, the Bank conducted a contingency test that simulated an outage to RITS and FSS services at the Bank's Head Office and where the FSS does not recover automatically at the alternate site. RITS was successfully recovered within the two-hour recovery time objective, consistent with the Principles. FSS services were also recovered within the two-hour recovery time objective. The Bank will continue to test its ability to resume settlement operations within recovery time objectives, with the scope and scenario of each test reviewed annually.
  • The Bank has also fully addressed the third recommendation. In November 2019, the Bank finalised documentation in relation to prioritising the recovery of RITS and FSS when the operation of both systems is disrupted by an incident and there are not sufficient resources to restore both systems simultaneously. The default approach is for RITS to be prioritised during its standard operating hours and for FSS to be prioritised outside these hours (refer to A.6 in the Background Information for details on RITS' operating hours). The document notes that there may be circumstances in which it is appropriate to deviate from the default approach and includes factors that should be considered in making such a decision.

Box A: Impact of COVID-19 on the operation of RITS

In March 2020, the Bank's Executive Committee activated contingency arrangements in response to the spread of COVID-19. The Bank adopted a range of measures to safeguard the health of Bank staff and the Bank's operations, including the operation of RITS.

A pandemic event has the potential to cause significant operational disruption for operators of systemically important financial market infrastructures (FMIs) such as RITS. A pandemic event may cause significant staff absences as a result of staff contracting the illness, needing to fulfil carer responsibilities or due to travel restrictions preventing staff from travelling to their usual place of work. Such an event could affect the ability of the FMI to continue operating systems or to recover normal operations in the event of an outage. Participants and service providers to the FMI are likely to face similar risks, potentially exacerbating any operational disruption. It is therefore critical that FMIs have effective plans in place to respond to such an event.

RITS is designed to operate with high levels of technical resilience and is supported by mature business continuity arrangements. The technical systems underpinning the service, and the staff responsible for operating and supporting RITS, are normally located at two geographically separate sites. RITS can operate from either site with data mirrored synchronously between the two sites.

In response to the COVID-19 outbreak the Bank has activated a number of business continuity measures in order to maintain continuity of operations, reduce the risk of infection to key staff and in response to broader social isolation measures. These measures include successfully transitioning the majority of its staff to work-from-home arrangements while maintaining a small onsite presence and separating critical staff, responsible for the operation and support of RITS, between the Bank's Head Office and Business Resumption Site (BRS).[12] Key support staff, including IT teams, have been able to work from home to support RITS remotely. The Bank has also identified, and in some instances trained, additional staff to perform critical functions so that there is a ‘reserves bench’ that can be rotated into critical roles in circumstances where a large number of critical staff are simultaneously unable to work.

The smooth operation of RITS is also dependent on the operational reliability and resilience of RITS participants. The Bank sent a RITS Advice to RITS members advising them of the Bank's contingency arrangements and to remind members of their minimum staffing requirements for users and administrators to ensure effective management of their ESA and settlement activities. Members were also advised to test their work-from-home capabilities for critical staff if they had not already done so. The Bank has engaged with major RITS feeder systems (e.g. Austraclear and Property Exchange Australia Limited (PEXA)) to discuss contingency arrangements to manage the impact of COVID-19 on operations. No changes have been made to the usual RITS operating arrangements, including session times. However, there has been elevated activity in RITS. RTGS activity in RITS recorded above average settlement values in March 2020, with RITS settling the highest value on record of $374 billion on 18 March. This is in line with increased trading activity across a range of financial markets as investors responded to new information on the risks presented by the COVID-19 pandemic. The payments associated with many of these trades ultimately settle in RITS.

Graph 1
Graph 1: RITS RTGS Transations

Despite the elevated activity in March, RITS has continued to meet capacity demands and has not experienced any incidents affecting service availability. In the event of an incident affecting normal operations of RITS, the usual communications channels and incident management procedures would apply. In the event of a major incident affecting Bank systems, there may be some additional coordination challenges given the number of staff likely to be working from home across the industry. To improve preparedness for handling a possible RITS incident in the current environment, the Bank will rehearse some of its incident management arrangements in a work-from-home scenario.

3.1.3 Cyber resilience

Society for Worldwide Interbank Financial Telecommunication (SWIFT)-related security controls

As a user of the SWIFT messaging network, the Bank is required to meet security standards set out in SWIFT's Customer Security Controls Framework (CSCF). The CSCF is a set of mandatory and advisory controls for users of the network and provides a baseline security standard across the network. All customers are required to annually attest to their compliance with these controls.

During the assessment period, the Bank commissioned an external firm to conduct an independent assessment of its compliance with the SWIFT controls.[13] The assessment found the Bank to be fully compliant with the mandatory controls.

Evaluating current and emerging technologies to improve recovery times

Consistent with cyber resilience guidance developed by CPMI and IOSCO, the Bank continues to monitor current and emerging technology options that may further enhance the capability of RITS to safely resume critical operations within two hours of a cyber disruption. Following a review in late 2017, the Bank decided not to pursue implementation of an additional full-scale recovery solution that is technologically different from RITS. The Bank is continuing to explore a range of other options to protect RITS from cyber disruption. This includes improvements to defences against a disruption, enhancements to monitoring, and incident remediation. The Bank will also explore the capability to settle certain transactions outside of the core system and conduct some limited testing of new technology via the Bank's innovation lab.

Industry table-top exercise

In December 2019, the Bank conducted a cyber table-top exercise with a range of industry participants. The exercise was an interactive session in which participants were asked to respond to a hypothetical cyber scenario. The aim of the exercise was to rehearse the existing industry contingency procedures, focusing on communication and collaboration arrangements in the event of an attack on participants' payments systems. The Bank is engaging with participants and AusPayNet to implement improvements identified during the exercise.

CPMI wholesale payments endpoint security strategy

In May 2018, CPMI released the report Reducing the Risk of Wholesale Payments Fraud Related to Endpoint Security. The Bank already meets elements of the strategy described in this report and is in the process of implementing further enhancements to endpoint security as an ongoing process of continuous improvement.[14]

During the assessment period, the Bank engaged an external vendor to conduct a risk assessment of RITS's endpoints and recommend enhancements to the current security requirements. The Bank will consider the outcomes of this review and, where appropriate, implement recommendations.

3.1.4 Enhancing contingency arrangements for high-value feeder systems into RITS

As part of its business continuity arrangements, RITS has arrangements in place to allow clearing of transactions from SWIFT Payment Delivery System (PDS) and Austraclear feeder systems in the event that RITS is unavailable for an extended period. This reflects the importance of these two systems, which comprise the majority of settlement values that occur in RITS each day.

In the event that RITS is unavailable and a same-day recovery of normal operations is not possible, payments initiated via the SWIFT PDS can be settled in RITS using high-value clearing system (HVCS) fall-back arrangements. These arrangements involve the netting and settlement of SWIFT PDS transactions in a multilateral batch in RITS on the following day.

In the unlikely event that RITS is unavailable and same-day recovery of normal operations is not possible, the Bank and ASX can agree that the Austraclear system will switch to ‘Austraclear Assured Mode’. The Austraclear Assured Mode provides for settlement of Austraclear transactions in a multilateral net batch in RITS on the following day.

During the assessment period, the Bank in collaboration with the industry commenced work on enhancing the HVCS contingency arrangements to ensure the smooth functioning of interbank clearing in the event that RITS or a participant is unavailable. Work on enhancing these arrangements will be continued throughout the next assessment period.

ASX has also been working with Austraclear participants and the Bank on reviewing and enhancing the Austraclear Assured Mode. Further work is expected to be conducted over the coming assessment period.

3.2 Legal Basis

The Bank has a requirement that all overseas-domiciled RITS members provide an independent legal opinion that the RITS Membership Agreement is enforceable in their home jurisdiction. Following the signing of new RITS Membership Agreements in 2017, the Bank has continued to work with foreign members on the provision of legal opinions that meet the Bank's requirements, in cases where members had not provided a legal opinion previously or their previous opinion required updating. The Bank has received and accepted legal opinions from the majority of foreign members and expects to complete this process during the next assessment period.

3.3 Access and Participation

3.3.1 Access to Exchange Settlement Accounts

During the assessment period, the Bank reviewed its policy on access to its ESAs and published an updated ESA Policy in July 2019. The changes to the policy aim to ensure that the ESA Policy continues to promote competition in the market for payment services by broadening the categories of payment service providers that are eligible to apply for an ESA, while also ensuring that operational, liquidity and other risks are appropriately managed. Some of the changes were motivated by developments in technology that have allowed a wider range of non-authorised deposit-taking institutions (non-ADIs) (including ‘fintechs’) to compete directly with incumbents in the payments system. As a result, the number of entities applying for, or enquiring about, an ESA has increased.

The key changes to the ESA Policy included:

  • clarifying the requirements for an applicant to demonstrate an adequate understanding of the liquidity management, operational and business continuity requirements for operating an ESA, including the impact that the applicant's operational, liquidity and business continuity arrangements have on other RITS members
  • a requirement for an applicant's description of its business model to include a description of the types of customers it services and the types of payment services it provides. In addition, the application must include an attestation that the applicant complies with all applicable laws in Australia and in any other jurisdiction in which it provides payment services
  • a provision allowing the Bank to commission a report relating to the conduct and standing of the applicant, or its directors, key management personnel, shareholders or other related entities
  • a provision allowing the Bank to request an applicant to obtain, at its own cost, a report from an independent expert approved by the Bank assessing the applicant's policies and procedures related to sanctions and Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF), and the applicant's compliance with sanctions and AML/CTF legislation and other regulatory requirements
  • that the Bank retains the discretion to decline an application where, in its view, the provision of an ESA would adversely affect the reputation of the Bank
  • a requirement that any Australian-licensed Securities Settlement Facility (SSF) that the Bank determines to be systemically important and that faces liquidity risk from securities settlement related activities must hold its own ESA
  • a provision to allow holders of an Australian clearing and settlement facility licence to apply for an exemption from the requirement that ESA holders maintain management and resources in Australia. This is subject to the entity having appropriate management and operational resources in an approved offshore location. Such exemptions would be determined on a case-by-case basis, at the Bank's discretion, and would be reviewed periodically.

3.3.2 Property settlement

During the assessment period, the Bank approved ASX Financial Settlements Pty Limited (ASXFS) as administrator of the ASX Financial Settlements Batch. ASXFS submits to RITS batches of multilaterally netted interbank obligations arising from property transactions completed using the electronic conveyancing system managed by Sympli Australia Pty Limited (Sympli). Funds are initially reserved in the ESAs of paying participants in the batch while title changes are lodged with the relevant land titles office by Sympli. Following acceptance of the title lodgement, ASXFS requests settlement of the batch. The ASX Financial Settlements Batch is the second property batch in RITS, alongside the PEXA Batch.

3.4 Communication Procedures and Standards

3.4.1 Strategy for ISO 20022 payment messaging migration

In 2018, SWIFT announced plans to cease ongoing support of some categories of message type (MT) messages used by payment systems globally, including by RITS, and migrate them to the International Organization for Standardization (ISO) 20022 standard by late 2025. SWIFT's goal is to fully migrate all payments and reporting traffic to ISO 20022, allowing the global community to use the same standard for all payments flows.

In April 2019, the Bank and the Australian Payments Council (APC), released an Issues Paper to industry seeking stakeholder views on the migration of messaging used in some parts of the Australian payments system to the ISO 20022 standard and to assist the industry in coming to agreement on key strategic decisions for an ISO 20022 migration project.[15] This was followed by a Responses and Options Paper in September 2019 that summarised responses and put forward some potential implementation options for consideration, based on the same strategic issues outlined in the Issues Paper.[16]

In February 2020, the final conclusions of the consultation, including the agreed project scope, migration strategy, governance arrangements and timeline were published.[17] The Conclusions Paper confirmed that the scope of the industry-led migration will be limited to HVCS clearing and associated settlement messages.[18] The paper also set out the timeline for migration. During the build and test phase of the project, participants will need to build their systems to support ISO 20022 messaging and participate in industry-wide testing. The Bank will support settlement processing of both existing MT messages and the new ISO 20022 HVCS messages in RITS during a coexistence phase. By the end of this coexistence phase, participants will need to have fully completed their migration to ISO 20022.

AusPayNet has established a steering committee that will have overall responsibility, accountability and authority for the project's delivery. The Steering Committee will provide regular updates on progress to the APC, the Payments System Board (PSB), the AusPayNet Board and the HVCS Management Committee.

Footnotes

A detailed description of the outage can be found in RBA (2019), ‘Assessment of the Reserve Bank Information and Transfer System’, May, Section 3.1.1. The full report is available <https://www.rba.gov.au/payments-and-infrastructure/rits/self-assessments/2019/material-developments.html>. [11]

The Bank also implemented other standard risk mitigation measures to protect the health and wellbeing of its staff. These include deferral of international travel, increased cleaning of premises and self-isolation for staff that have had returned from overseas or been exposed to a high-risk situation. [12]

This independent assessment was conducted against the 2019 version of the CSCF. This version of the CSCF included three additional mandatory controls. [13]

For an overview of the report, see RBA (2018), ‘Box A: Endpoint Security’, ‘Assessment of the Reserve Bank Information and Transfer System’, May, pp 5–9. The full report is available at <https://www.bis.org/cpmi/publ/d178.htm> [14]

RBA and the APC (2019), ISO 20022 Migration for the Australian Payments System – Issues Paper. Available at <https://www.rba.gov.au/publications/consultations/201904-iso-20022-migration-for-the-australian-payments-system/pdf/issues-paper.pdf> [15]

RBA and the APC (2019), ISO 20022 Migration for the Australian Payments System – Responses and Options Paper. Available at <https://www.rba.gov.au/publications/consultations/201909-iso-20022-migration-for-the-australian-payments-system-responses-options/pdf/consultation-paper.pdf> [16]

RBA and the APC (2020), ISO 20022 Migration for the Australian Payments System – Conclusions Paper. Available at <https://www.rba.gov.au/publications/consultations/202002-iso-20022-migration-for-the-australian-payments-system/pdf/iso-20022-migration-for-the-australian-payments-system-conclusions-paper.pdf> [17]

Separate to this migration, the Bank will migrate its proprietary Automated Information Facility (AIF) message formats to ISO 20022. The Bank will also engage with each of the existing RITS Batch Administrators to plan the migration of batch settlement messaging to ISO 20022 (excluding reservation batch settlement messaging; e.g. the PEXA Batch and the ASX Financial Settlements (ASXF) Batch). [18]