2014/15 Assessment of ASX Clearing and Settlement Facilities A2. Financial Stability Standards for Securities Settlement Facilities

The Financial Stability Standards for Securities Settlement Facilities (SSF Standards) are made up of 19 headline standards, each of which is accompanied by a number of more detailed sub-standards. In assessing whether a facility has met each of the SSF Standards, the Reserve Bank takes into account associated guidance.^[1] The following provides details of how ASX Settlement Pty Limited (ASX Settlement) and Austraclear Limited (Austraclear) observe each of the SSF Standards (including sub-standards). It also sets out the Bank's assessment of how well ASX Settlement and Austraclear have complied with each of the SSF Standards during the Assessment period, and provides recommendations for each of the securities settlement facilities (SSFs) to address relevant areas of concern and to encourage steps to further strengthen the SSFs' observance of standards.^[2]

A2.1 ASX Settlement

ASX Settlement is a wholly owned subsidiary of ASX Settlement Corporation Limited, itself a wholly owned subsidiary of ASX Limited (see ‘ASX Group Structure’ in Appendix A). ASX Settlement is an SSF that provides settlement services for the ASX market and, through ASX's Trade Acceptance Service (TAS), access to settlement arrangements for Approved Market Operators (AMOs) such as Chi-X Australia Pty Ltd (Chi-X). ASX Settlement also provides delivery-versus-payment (DvP) settlement arrangements for transactions undertaken on AMOs that provide a platform for trading securities that are not listed on the ASX market, such as the National Stock Exchange of Australia (NSX) and Asia Pacific Stock Exchange (APX), through ASX's Settlement Facilitation Service. ASX Settlement also provides the mFund Settlement Service for unlisted managed funds.

Standard 1: Legal basis

A securities settlement facility should have a well-founded, clear, transparent and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions.

Rating: Observed

ASX Settlement is a legal entity within the ASX Group that solely provides settlement services (SSF Standard 1.1). ASX Settlement's legal basis is founded on clear and understandable rules that operate within the framework of relevant laws and regulations (SSF Standards 1.2, 1.3). The certainty of this legal basis in relevant jurisdictions is reinforced by supporting legislation, including the approval of ASX Settlement's netting arrangements under the Payment Systems and Netting Act 1998 (PSNA), and is subject to periodic review by ASX Legal (SSF Standards 1.2, 1.5). ASX Settlement has publicly outlined the key features of its legal basis on its website, and from time to time, for information, may provide legal opinions to participants or other stakeholders in respect of the legal basis of significant new services (SSF Standard 1.4). ASX has not identified any material risks arising from potential conflicts of law relating to the operations of ASX Settlement (SSF Standard 1.6).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 1 during the 2014/15 Assessment period. The legal basis of ASX Settlement is described in further detail under the following sub-standards.

1.1 A securities settlement facility should be a legal entity which is separate from other entities that may expose it to risks unrelated to those arising from its function as a securities settlement facility.

ASX Settlement is a wholly owned subsidiary of ASX Settlement Corporation Limited, which is itself a wholly owned subsidiary of ASX Limited. As a separate legal entity, ASX Settlement's securities settlement activities are separate from the activities conducted by ASX's other clearing and settlement (CS) facilities and the rest of the ASX Group, notwithstanding the sharing of operational resources across multiple entities within the group.

ASX Settlement's services are limited to: settlement services for the ASX market; settlement arrangements for AMOs, such as Chi-X, through the TAS; a DvP settlement service for transactions undertaken on AMOs through the Settlement Facilitation Service; and the mFund Settlement Service for subscriptions and redemption transactions in unlisted managed funds. Accordingly, ASX Settlement does not provide any services that have a distinct profile from, or pose additional risks to, its activity of operating a SSF.

1.2 The legal basis should provide a high degree of certainty for each material aspect of a securities settlement facility's activities in all relevant jurisdictions.

Legal basis

ASX Settlement's settlement and netting arrangements for transactions entered into by its participants require a high degree of legal certainty. Key components of the legal framework under which the SSF operates are:

• ASX Settlement holds a CS facility licence, under Part 7.3 of the Corporations Act 2001. This licence is administered by the Australian Securities and Investments Commission (ASIC) in consultation with the Bank, with the Minister acting as ultimate decision-maker on licensing matters.
• ASX Settlement has defined Operating Rules and Procedures. Under section 822B of the Corporations Act, these Operating Rules and Procedures have effect as a contract under seal between: ASX Settlement and each of its participants and issuers; each participant and each other participant; and each participant and each issuer. The Operating Rules and Procedures set out the rights and obligations of participants and ASX Settlement, including in the event of default or suspension.
• The netting arrangements contained in ASX Settlement's Operating Rules are protected as an ‘approved netting arrangement’ under Part 3 of the PSNA, and the finality of money settlements is supported by the approval of the Reserve Bank Information and Transfer System (RITS) as a real-time gross settlement (RTGS) system under Part 2 of the PSNA (see SSF Standard 1.5).
• ASX Settlement is a ‘prescribed CS facility’ for the purposes of Part 7.11, Division 4, of the Corporations Act. Section 1074D of the Corporations Act protects the validity of the transfer of a financial product effected through a prescribed CS facility in accordance with that facility's Operating Rules. Section 10 of the ASX Settlement Operating Rules specifies when transactions are taken to be settled.

The legal basis of ASX Settlement's activities is reviewed by ASX Legal whenever there are material amendments to the Operating Rules or Procedures. Three such reviews occurred for ASX Settlement during the Assessment period.

Rights and interests

The rights and interests of ASX Settlement, its participants and, where relevant, its participants' customers in securities held in the Clearing House Electronic Sub-register System (CHESS) are defined in ASX Settlement's Operating Rules and Procedures (see SSF Standard 9).

1.3 A securities settlement facility should have rules, procedures and contracts that are clear, understandable and consistent with relevant laws and regulations.

Section 822A of the Corporations Act establishes a framework to prescribe the matters that must be dealt with in the Operating Rules and those that may instead be considered under the Procedures. Rule changes are subject to a Ministerial disallowance process.

ASX Settlement's Operating Rules and Procedures are published on the ASX public website and the ASX restricted participant website, and are supplemented with explanatory material, to support participants' (and prospective participants') understanding of the risks they face through participation in the system. In addition to the Operating Rules and Procedures, publicly available material includes high-level descriptions of ASX Settlement's operations and settlement process, business continuity arrangements and the Default Management Framework (as it applies to participants that also participate in ASX Clear). Participants have access to additional manuals, reports and explanatory notes covering such topics as the application process for new participants, compliance, technical and operational details, and fees.

There is a clear process for changing ASX Settlement's Operating Rules and Procedures. Proposed rule changes may be submitted informally to ASIC. In consultation with the Bank, ASIC will consider the changes and advise ASX of any regulatory concerns. Once such concerns are satisfactorily addressed, ASIC will invite formal submission of the proposed changes, which triggers a 28-day ‘disallowance’ period (referred to above), during which the Minister may choose to disallow the changes. The Minister considers a number of factors, including whether the proposed changes are consistent with the public interest. To assist the Minister in this process, ASIC provides detailed advice to the Minister, incorporating the views of the Bank as appropriate. If changes to the Operating Rules are not disallowed by the Minister, they are notified to participants via the ASX website.

1.4 A securities settlement facility should be able to articulate the legal basis for its activities to the Reserve Bank and other relevant authorities, participants and, where relevant, participants' customers, in a clear and understandable way.

The legal basis for the activities of ASX Settlement and the protection afforded by the approval of the facility's netting arrangements under the PSNA (see also SSF Standard 1.5) are described on the ASX public website in its Disclosure Framework document, which sets out in detail how each CS facility meets the requirements of each Principle within the Principles for Financial Market Infrastructures developed by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO) (see SSF Standard 18.4).^[3]

On behalf of each licensed entity within the ASX Group, including all CS facilities, ASX Limited submits an Annual Group Licence Report to ASIC and the Bank. This report sets out the legal basis for the CS facilities' activities under their licence obligations, and is used by ASIC in the preparation of ASIC's Market Assessment Report for the ASX Group.

ASX Settlement may seek independent legal opinions on relevant legal matters relating to significant new services, including any implications that their introduction may have for the legal basis of existing functionality. These opinions may, in some circumstances, be shared with participants or other stakeholders for their information, particularly to demonstrate that new Operating Rules will have the intended legal effect.

1.5 A securities settlement facility should have rules, procedures and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the securities settlement facility under such rules and procedures will not be voided, reversed or subject to stays, including in the event that the securities settlement facility enters into external administration or that one or more of its participants or a settlement bank defaults or is suspended.

Settlement finality

The finality of ASX Settlement's settlement process is protected by:

• the approval of its netting arrangements under Part 3 of the PSNA. This approval protects the finality of settlements made in ASX Settlement's multilateral net batch in the event of a participant entering external administration (see SSF Standard 7.1)
• the approval of RITS as an RTGS system under Part 2 of the PSNA (see SSF Standard 8). This approval protects payments from being voided in the case of a Payment Provider entering external administration
• its designation as a ‘prescribed CS facility’ for the purposes of Part 7.11, Division 4 of the Corporations Act, in relation to the transfer of financial products effected through the settlement facility.

Enforceability of rules under external administration

ASX Legal has analysed the legal enforceability of ASX Settlement's Operating Rules upon the SSF's entry into external administration, and has identified no material legal risk to enforceability.

1.6 A securities settlement facility conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflicts of law across jurisdictions. A securities settlement facility should provide the Reserve Bank with a legal opinion that demonstrates the enforceability of its rules and addresses relevant conflicts of law across the jurisdictions in which it operates. This should be reviewed on a periodic basis or when material changes occur that may have an impact on the opinion, and updated where appropriate.

Although ASX Settlement's operations are based in Australia, participants of ASX Settlement include subsidiaries and branches of entities that are based in foreign countries. ASX Settlement's Operating Rules are governed by Australian law and require that all of its participants submit to the non-exclusive jurisdiction of New South Wales courts. ASX Legal's analysis of potential conflicts of law across jurisdictions has identified no material legal risks.

Standard 2: Governance

A securities settlement facility should have governance arrangements that are clear and transparent, promote the safety of the securities settlement facility, and support the stability of the broader financial system, other relevant public interest considerations and the objectives of relevant stakeholders.

Rating: Observed

ASX Settlement pursues objectives that place a high priority on risk management, through compliance with relevant Financial Stability Standards (FSS) and the broader Corporations Act requirement to do all other things necessary to reduce systemic risk. ASX Settlement also acknowledges public policy objectives directed at financial market and payments system integrity, as well as the interests of customers and other stakeholders (SSF Standard 2.1). ASX Settlement's governance arrangements are documented and publicly disclosed. These arrangements give ultimate responsibility for the oversight of the operations and risk management of ASX Settlement to the ASX Limited Board and the ASX Settlement Board (see ‘ASX Group Structure’ in Appendix A). Board and committee charters document Board roles and lines of responsibility and accountability (SSF Standards 2.2, 2.3). The performance of each relevant Board is reviewed at least annually for both individual directors and the Board as a whole. The relevant Boards each include a majority of independent non-executive directors and the ASX Settlement Board includes directors appointed for their expertise in clearing and settlement matters (SSF Standard 2.4). Board remuneration is designed to attract and retain appropriately skilled and qualified directors.

The reporting lines of management are set out in the CS Boards' Charter, along with roles and responsibilities of key management personnel. Remuneration of senior management in risk management roles is structured to provide appropriate incentives for sound and effective risk management (SSF Standard 2.5). ASX maintains a clear and documented risk management framework, subject to regular internal and external review (SSF Standard 2.6). Key processes and internal controls are subject to review by ASX's Internal Audit department, which is itself subject to periodic external review (SSF Standard 2.7). ASX utilises formal and informal consultation processes to ensure that the design and decisions of ASX Settlement reflect the interests of participants and other stakeholders. This includes an advisory forum (the Forum), introduced in accordance with commitments under the ASX Code of Practice for Clearing and Settlement of Cash Equities in Australia (the Code of Practice), which provides user feedback in relation to the ongoing development of cash market clearing and settlement infrastructure and services (SSF Standard 2.8). ASX has conflict-handling procedures in place to address potential conflicts of interest that may arise by virtue of its group structure. These require that staff and directors act in the best interests of each facility as appropriate. The composition of the CS Boards supports the effective handling of any conflicts that might arise (SSF Standard 2.9).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 2 during the 2014/15 Assessment period. ASX Settlement's governance arrangements are described in further detail under the following sub-standards.

2.1 A securities settlement facility should have objectives that place a high priority on the safety of the securities settlement facility and explicitly support the stability of the financial system and other relevant public interest considerations.

The high-level objectives of ASX Settlement are set out in the CS Boards' Charter, which is available on the ASX public website. The objectives prioritise the Boards' responsibilities in the area of risk management and, in particular, ASX Settlement's responsibility for complying with relevant FSS.

ASX Settlement's objectives recognise the public interest. These objectives are reflected in the ASX Limited Board Charter, which provides that the Board has a responsibility to oversee the conduct of the affairs of the ASX Group consistent with licence obligations, as well as public policy objectives directed at financial market and payments system integrity. The CS Boards' Charter also specifically acknowledges the Board's public interest responsibilities, as well as its obligations under Part 7.3 of the Corporations Act. These include that ASX Settlement, to the extent that it is reasonably practicable to do so, comply with relevant FSS and do all other things necessary to reduce systemic risk arising from its services, and that it provide its services in a fair and effective way.

To support the interests of its customers, ASX has developed a Customer Charter, which is referenced in the CS Boards' Charter. The Customer Charter commits that ASX: work with its customers to deliver products and services that meet their needs and provide them with choice; make its products and services available on a non-discriminatory basis and on reasonable commercial terms; and manage its businesses and operations on a commercial basis to benefit its customers and provide appropriate returns to ASX shareholders. The Customer Charter recognises ASX's role as a provider of critical infrastructure to the Australian financial markets and commits to make the necessary investments to ensure it can fulfil this role and provide confidence to market participants, investors and regulators.

ASX Settlement's governance arrangements allow for appropriate consideration of stakeholder views. When considering major operational or risk management changes, or new services, ASX uses stakeholder forums, and formal and informal consultation processes to communicate proposed changes to relevant stakeholders (see SSF Standard 2.8). Consultations and responses to consultations are made available on the ASX public website. In addition, the ASX Group has disclosure obligations under the Corporations Act and Listing Rules, which it manages in accordance with those laws and rules.

Under the Code of Practice, ASX has established the Forum and supporting Business Committee.^[4] The objectives of the Forum are to: provide user feedback in relation to the ongoing development of cash market clearing and settlement infrastructure and services; consider any matters of common interest arising under the Code of Practice; and provide a mechanism for the ASX Clear and ASX Settlement Boards to report to users on strategic plans and investment decisions (see SSF Standard 2.8).

2.2 A securities settlement facility should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, the Reserve Bank and other relevant authorities, participants and, at a more general level, the public.

The governance arrangements of ASX Settlement are documented on the ASX public website. This documentation includes the Charters of the ASX Limited Board, the CS Boards (which include the ASX Settlement Board), and other subsidiary boards and committees. The charter documents provide information about the role and composition of the CS Boards and Board committees. The CS Boards are responsible for the oversight and risk management of the ASX CS facilities (see SSF Standard 2.3). The board committees advise the ASX Limited Board on a number of matters:

• The Audit and Risk Committee is responsible for the oversight of ASX Group enterprise-wide risk. The Committee monitors ASX's financial management, internal controls, legal compliance and audit function, and assists the CS Boards in fulfilling their responsibility for the oversight of risk management of the ASX CS facilities.
• The Remuneration Committee oversees the remuneration and incentive framework for the Managing Director and Chief Executive Officer (CEO), non-executive directors, senior executives, and ASX staff more generally (see CCP Standard 2.5).
• The Nomination Committee is responsible for reviewing matters relating to board composition and performance, succession planning, and training for non-executive board members (see CCP Standard 2.4).

The charter documents also provide information about the key senior managers of the settlement facilities; namely the Managing Director and CEO, and the Group Executive, Operations (GE, Operations). Profiles of CS facilities directors are also publicly available online. Key governance policies and charters are reviewed regularly by the relevant boards and committees.

The ASX Limited Annual Report provides information about ASX Group's risk management arrangements, including the role of boards, key committees, key subsidiary boards (e.g. ASX Compliance) and the roles of senior group executives who report directly to the Managing Director and CEO. Explanatory documentation on the website also describes: the FSS and CPMI-IOSCO Principles; group and business structure, including an organisational chart showing senior Group Executives; and risk management policies (in summary form). ASX's response to the CPMI-IOSCO Disclosure Framework also summarises key governance and risk management arrangements (see SSF Standard 18.4).

Under the Corporations Act, ASX must notify ASIC as soon as practicable after a person becomes or ceases to become a director, secretary or senior manager of ASX Settlement, including when a person changes from one of those positions to another. Changes to these positions and senior risk management personnel are also notified to the Bank.

2.3 The roles and responsibilities of a securities settlement facility's board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address and manage member conflicts of interest. The board should regularly review both its overall performance and the performance of its individual board members.

Ultimate responsibility for the oversight of risks faced by ASX Settlement lies with the ASX Limited Board and the ASX Settlement Board. The ASX Limited Board is accountable for the overall management of the ASX Group. Its responsibilities include:

• reviewing the Group's corporate strategy and approving major initiatives
• overseeing and monitoring the Group's performance consistent with its strategic goals, licence obligations and public policy objectives
• reviewing and approving financial plans, and monitoring financial performance
• appointing and assessing the performance of the Managing Director and CEO
• overseeing the risk management, internal control, and compliance functions, including oversight of ASX's enterprise risk management policy
• ensuring that appropriate mechanisms are in place for identifying, controlling, monitoring and reporting significant risks
• reporting to, and communicating with, shareholders.

The ASX Limited Board Charter delegates certain responsibilities to the ASX Settlement Board, including the review and oversight of ASX Settlement's settlement-related risk, and its compliance with the FSS. The CS Boards' Charter elaborates on the roles and responsibilities of the ASX Settlement Board. The CS Boards' Charter places requirements on the structure of the CS Boards, including that the majority of directors and the Chair be independent. The ASX Settlement Board meets regularly (nine times in the Assessment period, including four meetings of independent directors that are not also directors of ASX Limited; see SSF Standard 2.9) and receives detailed reports on ASX Settlement's business and operations, risk management and financial performance.

Board performance is dealt with periodically in private session by the relevant boards. The process may be facilitated by external independent consultants. A number of tools are used, which may include private session review, skills matrices and surveys, and externally facilitated group discussions. Details of Board performance reviews are set out in the ASX Limited Annual Report (the same process applies for the key subsidiary boards).

The CS Boards' Charter also sets out how the Boards address directors' interests and potential conflicts. Directors of the CS Boards must disclose all material personal interests (such as shareholdings, directorships and consultancy arrangements) which may potentially conflict with their duties. If there is a change in a director's material personal interests, the director must notify that change at the next meeting of the CS Boards. If there is a real possibility of a material conflict of interest and duty on a matter being voted on at a meeting of the CS Boards, the director must not be present for the discussion or vote related to that matter.

2.4 The board should comprise suitable members with the appropriate skills and incentives to fulfil its multiple roles. This typically requires the inclusion of non-executive board member(s).

At the end of the Assessment period, the ASX Limited Board had ten members, comprising the ASX CEO and nine independent, non-executive directors. As set out in the CS Boards' Charter, the CS Boards, in consultation with the Nomination Committee and the ASX Limited Board, determine the composition of the CS Boards, with directors selected based on relevant skills and expertise. At the end of the Assessment period, the ASX Settlement Board comprised one executive director (the ASX CEO) and five non-executive directors. Two new directors were appointed during the Assessment period. Two of the non-executive directors are also members of the ASX Limited Board, while the remaining three, including the Chair, are external directors appointed for their expertise in clearing and settlement operational and risk management matters. This ensures that directors have the capacity to conduct informed independent review of relevant issues. The ASX Clear and ASX Settlement Boards share common directors, but one of these directors does not serve on the ASX Clear (Futures) or Austraclear Boards. This difference between the CS Boards is primarily for business reasons, but also supports ASX's conflict-handling arrangements (see SSF Standard 2.9).

The CS Boards' Charter sets out the ASX policy that the majority of directors on each CS Board must be independent. The Board Policy and Guideline to Relationships Affecting Independent Status is available on the ASX website.^[5] The independence of directors is assessed according to this policy, which is aligned to the ASX Corporate Governance Council's Corporate Governance Principles and Recommendations for listed companies. The policy requires, for example, that each independent director be free of business or other relationships that could interfere with the independent exercise of the director's judgement. Specifically considered is whether the director is a substantial shareholder of ASX, as well as whether in the last three years the director was previously employed by ASX or was an adviser to ASX. The biographies of the directors, which show their relationship with other ASX Group companies, are set out on the ASX website.

Selection, succession planning and training for board members are dealt with in private session by the Nomination Committee and Boards at appropriate intervals. New directors receive a comprehensive induction from Board and Nomination Committee members, as well as senior managers and other key staff. Directors' fees at both ASX Limited and at both ASX Limited and ASX Settlement are considered by the ASX Limited Remuneration Committee, to ensure that it has in place a fee scale that enables ASX to attract and retain appropriately skilled and qualified non-executive directors and recognises the workload and level of skill and expertise that a director must have to effectively meet their responsibilities. Remuneration of directors is determined in private session by the ASX Limited Board on the recommendation of the Remuneration Committee. Non-executive directors' fees are broadly aligned to the top quartile of the marketplace. In conducting a review, the Board may take advice from an external remuneration consultant. The process involves benchmarking against a group of peer companies. The last fee review took place in June 2015.

2.5 The roles and responsibilities of management should be clearly specified. A securities settlement facility's management should have the appropriate experience, mix of skills and integrity necessary to effectively discharge its responsibilities for the operation and risk management of the securities settlement facility. Compensation arrangements should be structured in such a way as to promote the soundness and effectiveness of risk management.

ASX has clear and direct reporting lines between management and the CS Boards. This is set out in the CS Boards' Charter, along with the roles and responsibilities of the Managing Director and CEO, the Chief Risk Officer (CRO), and the GE, Operations. The Managing Director and CEO has responsibility for the overall operational and business management and profit performance of ASX, while the GE, Operations is responsible for the overall settlement risk management of the CS facilities and for ensuring that the SSFs meet the regulatory obligations placed on them. The GE, Operations has a direct reporting line to the CS Boards.

ASX has a comprehensive remuneration policy and performance management framework in place, which aims to ensure that management personnel have an appropriate mix of skills and experience to discharge their responsibilities. The ASX Limited Remuneration Committee has delegated responsibility from the ASX Limited Board to conduct detailed examination of matters including oversight of the remuneration and incentive framework, succession plans, recruitment, retention and termination strategies, and the remuneration of the Managing Director and CEO and ASX Group non-executive directors. The Committee members are appointed by the ASX Limited Board, and must consist of only non-executive directors, with at least three members, a majority of independent directors, and an independent chair who is not Chairman of ASX Limited. The Committee has direct access to ASX senior management and the authority to seek independent advice. The CS Boards have delegated responsibility to the Committee for compensation arrangements and performance management processes relating to the CRO and the GE, Operations. The CS Boards provide input on the setting of Key Performance Indicators and may review the performance outcomes for the CRO and the GE, Operations. In June 2015, ASX announced changes to compensation arrangements for senior executives, including the CRO and GE, Operations, to place greater weight on longer-term incentives. These changes did not alter the Key Performance Indicators of either the CRO or GE, Operations, which remain aligned with the objectives of sound and effective risk management.

ASX carries out succession planning and management processes in order to ensure leadership continuity in key positions, and develop intellectual depth and business knowledge. This includes the biannual review of a ‘talent assessment tool’ by Group Executives and Human Resources to identify and manage the development of high potential staff according to individual and business needs. Succession and contingency planning is conducted for Group Executives, General Managers and other key staff.

2.6 The board should establish a clear, documented risk management framework that includes the securities settlement facility's risk tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision-making in crises and emergencies. Governance arrangements should ensure that the risk management and internal control functions have sufficient authority, independence, resources and access to the board, including through the maintenance of a separate and independent internal audit function.

ASX has a documented risk management framework, which is described under SSF Standard 3.1. The CS Boards are responsible for approving and reviewing high-level risk management policies relevant to clearing and settlement operations. The Boards approve all new clearing and settlement risk policies and standards, as well as material changes to existing clearing and settlement policies and standards. The Boards consider these policies and standards at a concurrent meeting; where the policy or standard is relevant to more than one facility, the Boards of those facilities would simultaneously determine whether to approve the policy or standard. If the policy requirements under consideration differ across facilities, the Boards of each relevant facility would separately determine whether to approve the policy or standard (during the concurrent meeting). Board feedback is incorporated before risk policies and standards are approved.

Responsibilities under the high-level risk management policy are distributed as follows:

• Detailed reporting to the CS Boards occurs quarterly on the implementation of risk management policies and standards relevant to clearing and settlement operations, and on broader management and operational matters. Internal Audit conducts a rotational risk-based audit program, which includes ensuring that relevant operational departments comply with Board-approved policies and standards, where necessary using external specialists to assist with reviews. The CS Boards may also request external reviews. The ASX Settlement Risk Policy Framework provides a formal structure for the development, governance and review of settlement risk policies and standards, and is reviewed annually. ASX formally documented the policies and standards referenced in the Framework during 2014/15. The Bank will continue to monitor the implementation of those policies and standards.
• The Audit and Risk Committee has responsibility for the oversight of the Enterprise Risk Management Framework.
• The Enterprise Risk Management Committee (ERMC), comprising executives from across the departments, is responsible for enterprise risk management policy and reviewing controls, processes and procedures to identify and manage risks. This committee is also responsible for formally approving significant operational risk policies prepared by individual departments.
• Individual departments are responsible for: identifying business-specific risks; applying controls; maintaining risk management systems; reporting on the effectiveness of risk controls; and implementing enhancements and taking remedial action as appropriate. Each department is required to maintain a record of its risk profile, reviewing this on a six-monthly basis and updating as appropriate. This record includes ‘Key Risk Indicators’ and action plans to address any identified risk that is not adequately mitigated. Policies are formally reviewed every 18 months to three years. More frequent reviews are undertaken where there are potential changes to technology, legal or regulatory requirements, or business drivers.

The Clearing and Settlement Operations and Settlement Services departments have responsibilities relevant to the management of settlement risks that are defined in ASX's Settlement Risk Policy Framework.

Directors are entitled to obtain independent advice. The Annual Report addresses directors' access to information, management and advice. To the extent that directors wish to seek independent advice, they can raise this in board meetings, with the Managing Director and CEO, or with the Chairman. ASX Settlement also obtains participant feedback on risk management matters through the Forum and the Business Committee (see SSF Standard 2.8).

2.7 A securities settlement facility's operations, risk management processes, internal control mechanisms and accounts should be subject to internal audit and, where appropriate, periodic independent expert reviews. Internal audits should be performed, at a minimum, on an annual basis. The outcome of internal audits and external reviews should be notified to the Reserve Bank and other relevant authorities.

ASX maintains an internal audit plan that provides for a three-to-five year review cycle of key operational and risk management processes, and internal control mechanisms that are governed by ASX's Enterprise Risk Management Framework, business continuity framework, enterprise compliance framework and internal audit methodology. The internal audit plan is approved by the ASX Limited Audit and Risk Committee, and the audit work that is relevant to the CS Boards and ASX Compliance Board is endorsed by those Boards. The key governance frameworks are reviewed by external independent experts, as required. ASX's internal audit arrangements are set out in an Internal Audit Charter, which is reviewed and approved by the ASX limited Audit and Risk Committee on an annual basis and made available on the ASX public website.

The Internal Audit department is a separate department within ASX that reports to the CRO for administrative purposes, and the Audit and Risk Committee and Managing Director and CEO for audit purposes. The Internal Audit department's reporting structure also includes reporting lines to the CS Boards and ASX Compliance Board. Internal Audit's principal objective is to ‘provide independent, objective assurance and consulting services designed to add value and improve the operations of ASX’. Its scope covers the policies, processes and procedures of all risk management and internal control systems. The General Manager of Internal Audit has direct access to the ASX Limited Audit and Risk Committee, CS Boards and ASX Compliance Board. Members of the Internal Audit department are required to hold appropriate undergraduate and postgraduate qualifications relevant to their roles.

The role and performance of the Internal Audit function is regularly reviewed by the ASX Limited Audit and Risk Committee. Internal Audit is also reviewed by external independent auditors on a three-year cycle. The last such audit was carried out in October/November 2014.

ASX has a clearly defined methodology for internal audit, based on the International Professional Practices Framework set out by the Institute of Internal Auditors.^[6] The audit process includes phases for planning, fieldwork, reporting, final sign-off, and issues logging and follow-up. The planning phase includes the preparation of terms of reference that define the purpose, timing, approach and scope of the audit.

The internal audit methodology allows for ad hoc reviews if, for example, material new risks are identified or other changes to ASX's business occur. This is a matter which the General Manager, Internal Audit and the Audit and Risk Committee consider. The ASX Compliance Board and the CS Boards may also request ad hoc reviews.

2.8 Governance arrangements should ensure that the securities settlement facility's design, rules, overall strategy and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Governance arrangements should provide for consultation and stakeholder engagement through appropriate forums on operational arrangements, risk controls and default management rules and procedures. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public.

The interests of direct and indirect participants and other relevant stakeholders are recognised in the ASX Limited Board Charter, the CS Boards' Charter and the ASX Customer Charter (see SSF Standard 2.1).

The views of participants and other stakeholders are sought through formal and informal means. ASX Settlement routinely conducts public consultations when considering major changes to existing services or new service offerings, such as ASX's new managed funds settlement service. These consultations allow for written submissions and discussion in both bilateral and open forums. Participants' views may also be gathered through the induction program for new participants, as well as ongoing participant liaison and compliance checks.

Under the Code of Practice, ASX established the Forum, an advisory body comprising users of ASX's cash market clearing and settlement services, and other relevant industry stakeholders. The Forum has three objectives:

• to provide user input to the Boards of ASX Clear and ASX Settlement in relation to ongoing investment in the design, operation and development of the core clearing and settlement infrastructure for the Australian cash equity market, including CHESS, to help ensure that these meet the needs of users and are aligned with global standards
• to consider any matters of common interest arising under the Code of Practice or in the principles set out in the 2012 Competition in Clearing Australian Cash Equities report prepared by the Council of Financial Regulators^[7]
• to provide a formal mechanism for the Boards of ASX Clear and ASX Settlement to report to users on their strategic plans and investment decisions in relation to the design, operation and development of the core clearing and settlement infrastructure for the Australian cash equity market, including CHESS.

The Forum comprises 22 senior representatives from clearing and settlement participants, an alternative market operator, and other stakeholders including system vendors, custodial service providers, share registries, investors, listed companies and the superannuation industry. Members are appointed for a term of two years. It is chaired by a non-executive member of the CS Boards and also includes a non-executive director representing ASX Limited. The Forum will meet at least three times each year. Upcoming meeting dates, agendas and minutes are all published on a dedicated website, together with a summary of key issues discussed and the Forum's recommendations for the CS Boards. Under the Code of Practice, ASX has also established a Business Committee to support the Forum. This Committee comprises representatives of clearing participants, settlement participants and AMOs, and provides business and operational input on the Forum's forward work program. Business Committee meetings are held four to six weeks prior to Forum meetings.

The Forum and Business Committee continued to progress two main work streams during the Assessment period (see Section 3.5.2):

• a proposed move to a shortened two-day settlement cycle for equities
• replacement of the CHESS clearing and settlement system.

Although the Business Committee was originally devised to provide operational input on matters dealt with in the Forum, it has also provided user input to ASX on a broader range of initiatives of interest to the industry, including initiatives aimed at providing more flexible and efficient participant structures.

In December 2014, ASX issued a consultation paper seeking feedback on a number of operational amendments to the Code, including to give greater prominence to the Business Committee. ASX has advised that feedback was supportive of the proposed amendments. ASX intends to respond to this consultation when the government announces the outcome of the Council of Financial Regulators' 2015 review of competition in clearing of Australian cash equities.

The Code also provides for the establishment of technical committees to examine and provide advice on specific matters dealt with in the Forum. A Technical Committee was convened in November 2013 to provide input on the introduction of global messaging standards and the broader CHESS replacement project. The members of this Technical Committee comprise technology executives from a range of industry users, including clearing and settlement participants, alternative market operators and share registries.

2.9 A securities settlement facility that is part of a group of companies should ensure that measures are in place such that decisions taken in accordance with its obligations as a securities settlement facility cannot be compromised by the group structure or by board members also being members of the board of other entities in the same group. In particular, such a securities settlement facility should consider specific procedures for preventing and managing conflicts of interest, including with respect to intragroup outsourcing arrangements.

ASX has conflict handling arrangements to help manage potential conflicts of interest that its directors and staff may face. The potential for intragroup conflicts arising from ASX's group structure is addressed by ‘intragroup’ service agreements, which set out the basis on which other group entities will provide services to the CS facilities and specify that the entities providing the services must have sufficient financial and other resources to meet their obligations. These agreements provide that ASX Group staff are under a duty to act in the best interests of the facility that is receiving the services.

ASX's governance arrangements are designed to ensure that shared directorships within the ASX Group cannot compromise each CS facility's compliance with its licence obligations, including observance of the FSS. ASX considers that there is limited potential for shared directorships to create conflicts between ASX's group-wide commercial interests and the risk management function of the CS facilities. More broadly, it considers that conflicts between directors' roles on the CS Boards and the ASX Limited Board are unlikely given the distinct roles the separate entities perform, and in view of group-wide arrangements to manage matters such as operations and compliance. If a conflict were to arise, a director sitting on multiple CS Boards would be expected to make decisions in the best interests of each facility.

The structure of the CS Boards further limits the potential for conflict. Two directors are able to form a quorum of the ASX Settlement Board, allowing matters that raise potential conflicts of interest to be considered and voted on without the involvement of directors that are also on the ASX Limited Board. The non-common independent directors of ASX Settlement that are not also directors of ASX Limited met on four occasions during 2014/15 to consider conflict-sensitive information.

Standard 3: Framework for the comprehensive management of risks

A securities settlement facility should have a sound risk management framework for comprehensively managing legal, credit, liquidity, operational and other risks.

Rating: Observed

ASX maintains an Enterprise Risk Management Policy that sets out its framework for managing the full range of strategic, legal, financial and operational risks faced by ASX Settlement. This high-level framework is supported by more granular policies (many of which were finalised or refreshed during 2014/15) and a governance structure to oversee ASX Settlement's risk management activities (SSF Standard 3.1). ASX Settlement's risk management framework does not place financial obligations on participants, but provides incentives to participants to control the risks that they bring to the SSF (SSF Standards 3.2, 3.3). As part of its risk management framework, ASX Settlement reviews on an ongoing basis risks associated with interdependencies with other entities and, in relation to new initiatives, applies appropriate tools to manage these risks (SSF Standard 3.4). ASX Settlement has further developed its recovery arrangements in line with CPMI-IOSCO guidance on recovery planning (SSF Standard 3.5).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 3 during the 2014/15 Assessment period. While existing arrangements are assessed to meet the minimum requirement under the standard, ASX Settlement is encouraged to complete planned updates to the documentation of its recovery plans.

ASX Settlement's risk management framework is described in further detail under the following sub-standards.

3.1 A securities settlement facility should have risk management policies, procedures and systems that enable it to identify, measure, monitor and manage the range of risks that arise in or are borne by the securities settlement facility. This risk management framework should be subject to periodic review.

Identification of risk

ASX's high-level framework for risk management is described in its Enterprise Risk Management Policy. This policy divides risks identified by ASX into two broad categories: strategic risks and operational risks. Operational risks are further categorised into financial risks, legal and regulatory risks, and technological and operational risks. Specific risks identified by ASX are described within these broad categories. For each identified risk, ASX judges how likely it is the risk event will occur within the next 12 months and the potential impact. Reputational and participant impacts are considered along with the financial, operational and regulatory impacts of risks.

Comprehensive risk policies, procedures and controls

ASX's Enterprise Risk Management Policy has been developed with reference to the international standard ISO 31000 Risk Management – Principles and Guidelines (see SSF Standard 2.6).^[8] At a high level, the ASX Enterprise Risk Management Policy outlines: the overall risk environment in the ASX Group; the objectives of risk management policies; the process by which risks are identified and assessed; the controls in place to detect and mitigate risks; and how risks are monitored and communicated. ASX's stated tolerance for financial, operational, legal and regulatory risks is ‘very low’.

ASX uses key risk indicators to measure levels of risk in the organisation and categorise risk levels according to a scale: satisfactory; within risk tolerance but requiring action to further control the level of risk; or exceeding ASX's risk tolerance.

The Enterprise Risk Management Policy also assigns specific risk responsibilities across the ASX Group, including to the ASX Limited Board of Directors, the Audit and Risk Committee, the ERMC, the General Manager, Enterprise Risk and managers of individual departments. Managers of each department are responsible for identifying and monitoring risks relevant to their department's activities, as well as for designing and implementing risk management policies and controls to manage identified risks. Department managers assess the appropriateness and operational effectiveness of these controls twice a year; these assessments are reviewed by Internal Audit and the ERMC.

In 2013/14, ASX adopted an updated and formalised Settlement Risk Policy Framework to better align both it and related governance structures with the new FSS. The Framework sets out a comprehensive set of settlement-related risk policies to support the risk management approach of ASX's SSFs, including ASX Settlement. These policies govern more detailed internal standards, which in turn govern specific procedures for the management of settlement-related risks. The structure of policies, standards and procedures reflects the requirements of the FSS. During the 2014/15 Assessment period, ASX finalised remaining policies and standards referenced in the Framework, and reviewed the policies and standards already in place.

A number of boards and internal committees oversee settlement risk management policy, including:

• The CS Boards. Each CS facility has a board (see SSF Standard 2.3 and ‘ASX Group Structure’ in Appendix A), which shares members with the other ASX CS facilities, has oversight of the Settlement Risk Policy Framework, and is responsible for any significant amendments. Policies and designated key standards under the Framework are governed by the CS Boards.
• The Settlement Risk Policy Committee (SRPC). The SRPC reviews and approves clearing risk policies and standards prior to submission to the CS Boards. The SRPC is chaired by the GE, Operations and includes the ASX Group Legal Counsel, General Manager of Clearing and Settlement Operations and the General Manager of Settlement Services. It will meet as needed when settlement risk policy matters arise.
• The Capital and Liquidity Committee (CALCO). CALCO is constituted to ensure the structural integrity and efficient use of the liquidity, on- and off-balance sheet assets, liabilities and capital resources of the ASX Group. CALCO advises on changes to settlement risk policies related to capital, liquidity and balance sheet management. CALCO is chaired by the CRO and comprises senior managers and executives from Finance, Risk and Internal Audit. CALCO generally meets on a quarterly basis.
• The SSF Risk, Operations and Compliance Committee (SROCC). SROCC is chaired by the GE, Operations and is made up of senior managers and executives from the settlement operations and compliance areas of ASX. The Committee acts as an information-sharing and discussion body for the purpose of enhancing ASX's ability to identify, assess and reduce systemic, operational or compliance risk, and manage settlement risk. The SROCC currently meets on a monthly basis.
• The Participant Incident Response Committee (PIRC). The PIRC is responsible for coordinating ASX's response to a settlement participant incident, and provides input into policy determinations and settings as necessary in response to such incidents. The PIRC is chaired by the GE, Operations, and is made up of senior staff from the operational, risk management, compliance and legal departments. Meetings of the PIRC are convened as required to address an actual or potential participant incident.

Information and control systems

Since ASX Settlement does not assume credit or liquidity risk as principal (see SSF Standards 4 and 6), it does not require information and control systems to monitor these risks. ASX Settlement nevertheless employs information systems that provide participants with information regarding their money and securities settlement obligations. This information assists participants in managing their funding and delivery obligations and risks (see SSF Standard 6.2).

Internal controls

ASX's risk management policies are generally reviewed formally every 18 months to three years, although more frequent reviews may occur depending on changes to technology, business drivers or legal requirements. Reviews are conducted by specific working groups and committees. Final approval of reviews for more significant policies is the responsibility of the ERMC. Under the Enterprise Risk Management Policy, ASX's departments are required to update a risk profile every six months, which identifies relevant risks and sets out planned actions to respond to those risks.

Risk management arrangements are also subject to periodic review by Internal Audit. Such audits provide assurance that the risk management framework continues to be effective. Risk management arrangements may also be subject to review by external experts from time to time. The last such review of the Enterprise Risk Management Policy was undertaken by PricewaterhouseCoopers in 2011 and the next review is scheduled for the second half of 2015.

The Enterprise Risk Management Policy is reviewed by the Audit and Risk Committee on a two year cycle, with the most recent review taking place in August 2015.

3.2 A securities settlement facility should ensure that financial and other obligations imposed on participants under its risk management framework are proportional to the scale and nature of individual participants' activities.

ASX Settlement does not place financial obligations on its participants. ASX Settlement is not a participant or guarantor to any transaction submitted for settlement through ASX Settlement and is not directly exposed to credit or liquidity risk. The DvP Model 3 settlement process does not expose participants to credit risk (see SSF Standard 10.2). Fees levied on participants that fail to meet their securities delivery obligations are proportional to the value of the failed obligations. Operational and other participation requirements placed on participants are discussed under SSF Standards 14.6 and 15.2.

3.3 A securities settlement facility should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the securities settlement facility.

ASX Settlement may apply sanctions to, or place additional requirements on, participants that fail to comply with its Operating Rules. Participants may ultimately be required to seek alternative settlement arrangements.

3.4 A securities settlement facility should regularly review the material risks it bears from and poses to other entities (such as other FMIs, money settlement agents, liquidity providers and service providers) as a result of interdependencies, and develop appropriate risk management tools to address these risks.

ASX Settlement reviews the material risks that it bears from and poses to other entities in the context of its ongoing review of enterprise risks (such as the six-monthly update of department risk profiles; see SSF Standard 3.1), and its processes for identifying risks associated with new activities. In the case of new products and services, ASX undertakes risk assessments when undertaking an expansion of its activities or in the event of material changes to its business. Risk assessments are built into ASX's project management framework (see SSF Standards 12.1 and 14.4).

For instance, ASX Settlement has identified risks to its operational activities arising from participants' increased usage of third-party vendors for back-office systems, and participants outsourcing their back-office processing offshore. ASX Settlement has also identified interdependencies with service providers. ASX Settlement's response to these interdependencies is outlined in SSF Standard 14.5.

Interdependencies with ASX Clear for the settlement of novated transactions are managed within the context of ASX Group's broader risk management framework (see SSF Standard 17).

3.5 A securities settlement facility should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. A securities settlement facility should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, a securities settlement facility should also provide relevant authorities with the information needed for purposes of resolution planning.

During the 2014/15 Assessment period, ASX Settlement has further developed its recovery arrangements to build on a basic recovery plan developed in early 2014. The earlier plan identified scenarios that could threaten ASX Settlement's ongoing provision of critical settlement services, and set out how it would respond to such scenarios on the basis of powers under its Operating Rules and Procedures. The plan sets out the likely sequence of actions that ASX would take under each identified recovery scenario, and analyses the advantages and disadvantages of tools available to ASX Settlement to respond to such scenarios.

ASX Settlement has enhanced its recovery approach in line with CPMI-IOSCO guidance on recovery planning published in October 2014, clarifying its process for addressing non default-related losses via business risk capital arrangements (see SSF Standard 12.3). While no rule changes are required to implement this enhancement, ASX Settlement is in the process of updating its recovery plan. ASX Settlement will also give consideration to how its recovery plan is maintained and tested on an ongoing basis. Section 6 discusses ASX's recovery planning arrangements in further detail.

Standard 4: Credit risk

A securities settlement facility should effectively measure, monitor and manage its credit exposures to participants and those arising from its settlement processes. A securities settlement facility should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence.

Rating: Not applicable

ASX Settlement does not extend credit to participants or provide a settlement guarantee. Accordingly, ASX Settlement does not assume credit risk as principal.

The Bank has concluded that SSF Standard 4 does not apply to ASX Settlement.

4.1 A securities settlement facility should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its settlement processes. Credit exposures may arise from current exposures, potential future exposures, or both.

Not applicable to ASX Settlement.

4.2 A securities settlement facility should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk management tools to control these risks. To assist in this process, a securities settlement facility should ensure it has the capacity to calculate exposures to participants on a timely basis as required, and to receive and review timely and accurate information on participants' credit standing.

Not applicable to ASX Settlement.

4.3 A securities settlement facility should have the authority to impose activity restrictions or additional credit risk controls on a participant in situations where the securities settlement facility determines that the participant's credit standing may be in doubt.

Not applicable to ASX Settlement.

4.4 A securities settlement facility should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see SSF Standard 5 on collateral). In the case of a deferred net settlement (DNS) securities settlement facility in which there is no settlement guarantee, but where its participants face credit exposures arising from its settlement processes, the facility should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system.

Not applicable to ASX Settlement.

4.5 A securities settlement facility should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the securities settlement facility. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds a securities settlement facility may borrow from liquidity providers. These rules and procedures should also indicate the securities settlement facility's process to replenish any financial resources that the securities settlement facility may employ during a stress event, so that the securities settlement facility can continue to operate in a safe and sound manner.

Not applicable to ASX Settlement.

Standard 5: Collateral

A securities settlement facility that requires collateral to manage its or its participants' credit exposures should accept collateral with low credit, liquidity and market risks. A securities settlement facility should also set and enforce appropriately conservative haircuts and concentration limits.

Rating: Not applicable

Since ASX Settlement does not assume credit risk as principal (see SSF Standard 4), it does not collect collateral from participants.

The Bank has concluded that SSF Standard 5 does not apply to ASX Settlement.

5.1 A securities settlement facility should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity and market risks.

Not applicable to ASX Settlement.

5.2 In determining its collateral policies, a securities settlement facility should take into consideration the broad effect of these policies on the market. As part of this, a securities settlement facility should consider allowing the use of collateral commonly accepted in the relevant jurisdictions in which it operates.

Not applicable to ASX Settlement.

5.3 A securities settlement facility should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions.

Not applicable to ASX Settlement.

5.4 In order to reduce the need for procyclical adjustments, a securities settlement facility should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent.

Not applicable to ASX Settlement.

5.5 A securities settlement facility should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects.

Not applicable to ASX Settlement.

5.6 A securities settlement facility that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner.

Not applicable to ASX Settlement.

5.7 A securities settlement facility should use a collateral management system that is well designed and operationally flexible.

Not applicable to ASX Settlement.

Standard 6: Liquidity risk

A securities settlement facility should effectively measure, monitor and manage its liquidity risk. A securities settlement facility should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the securities settlement facility in extreme but plausible market conditions.

Rating: Observed

ASX Settlement conducts settlement on a DvP Model 3 basis, and does not assume payment obligations in the settlement process. While participants face liquidity exposures arising from the possible reconstitution of the multilateral net batch in a default, including via the implementation of offsetting transaction arrangements (OTAs) related to novated transactions, ASX Settlement's back-out procedures are designed to limit concentrated liquidity exposures for non-defaulting participants (SSF Standard 6.1). These procedures are disclosed to participants through ASX Settlement's Operating Rules and Procedures (SSF Standard 6.2). ASX Settlement does not assume liquidity risk as principal through its settlement process (SSF Standards 6.3, 6.4, 6.5, 6.6, 6.7, 6.8, 6.9).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 6 during the 2014/15 Assessment period. While existing arrangements are assessed to meet the minimum requirement under the standard, ASX Settlement is encouraged to consider supplementing planned disclosures by ASX Clear to assist clearing participants in understanding their contingent exposure to the use of tools to address a liquidity shortfall, in order to provide additional information to participants on the potential liquidity impact of reconstitution of the ASX Settlement batch from failed settlements. In doing so, ASX Settlement is encouraged to consider the liquidity impact of batch reconstitution in scenarios that include, but are not limited to, the management of an ASX Clear participant default.

ASX Settlement's arrangements to measure and monitor liquidity risk for its participants are described in further detail under the following sub-standards.

6.1 A securities settlement facility should have a robust framework to manage its liquidity risks from its participants, commercial bank money settlement agents, nostro agents, custodians, liquidity providers and other entities.

ASX Settlement conducts its settlements on a DvP Model 3 basis in a multilateral net batch (see SSF Standard 10). While ASX Settlement does not assume any payment obligations in the batch settlement process, and hence does not assume liquidity risk as principal, the nature of the multilateral net batch creates liquidity exposures between participants.

The default of a participant with a payment obligation in the batch may require the reconstitution of the batch to bring the payment obligations of the defaulting participant down to zero (net of any liquidity injection by ASX Clear in respect of novated transactions).^[9] For non-novated transactions, this is done by removing transactions of the defaulting participant from the batch. These transactions are typically entered into solely to ‘prime’ the settlement accounts of participants to meet delivery obligations related to the settlement of novated transactions and occur late in the settlement cycle, at a time when the relevant participant is well positioned to meet these obligations. Non-novated transactions are bilateral and hence not subject to the protection of the central counterparty (CCP).

For novated transactions, however, reconstitution of the batch is achieved by injecting new transactions by way of OTAs with participants due to deliver securities (see SSF Standard 11.3 and Appendix A1.1, CCP Standard 7.3). OTAs were introduced by ASX Clear and ASX Settlement in the previous Assessment period to deal with shortfalls of funds related to novated transactions. Under these arrangements, ASX Clear would meet any payment obligations to allow securities delivery transactions to settle as intended, with participants providing the funds for settlement via separate repurchase transactions for the same stock to unwind the next day. These arrangements provide ex ante clarity by explicitly recognising and formalising the role of participants in providing liquidity to ASX Clear to allow settlement to occur as scheduled.

Reconstitution of the batch could create liquidity pressures for non-defaulting participants due to receive funds in respect of transactions that are removed. ASX Settlement seeks to minimise these liquidity pressures through the use of its procedures to back out non-novated transactions or inject OTAs into the batch in respect of novated transactions (see SSF Standard 11.3). Under these procedures, transactions are removed from the batch or settled by way of OTAs in such a way as to ensure that non-defaulting participants' payment obligations do not increase. While non-defaulting participants due to receive a net payment of funds in the batch may be exposed to liquidity risk associated with a reduction in expected receipts, ASX Settlement's back-out algorithm is designed to ensure that receipt expected by a participant does not become a payment obligation, and disperses this liquidity risk across a number of participants through a random allocation mechanism.

6.2 A securities settlement facility should have effective operational and analytical tools to identify, measure and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity.

Since ASX Settlement does not assume liquidity risk as principal, it does not have payment obligations related to settlement.

ASX Settlement provides participants with information regarding their money and securities settlement obligations between trade date and settlement date. This information includes individual trade notifications, netted obligations, projected funds obligations and rescheduled settlements following delivery failures. Participants use this information to monitor and manage their funding and delivery obligations and risks.

In the event of a participant default, ASX Settlement uses its back-out algorithm to reconstitute the batch and select transactions to be settled via an OTA. The outcome of the algorithm is dependent on the mix and profile of transactions scheduled for settlement at the time it is run, so it is not possible for ASX Settlement to provide detailed ex ante information to participants on how their settlement obligations might change in the event of a default. However, ASX Settlement's back-out arrangements are described in Section 10 of the ASX Settlement Operating Rules, as well as in related Procedures available to participants. Furthermore, during consultation with participants on the introduction of OTAs, ASX released a consultation paper and subsequent explanatory note outlining the operation and potential liquidity impact of OTAs (see SSF Standard 6.1). ASX Clear is currently investigating the disclosure of additional information to its participants on the potential liquidity impact of reconstitution of the ASX Settlement batch arising from the use of OTAs (see Appendix A1.1, CCP Standard 7.1). The Bank encourages ASX Settlement to consider the case for supplementing such disclosures for its own participants in scenarios that include, but are not limited to, the management of an ASX Clear participant default.

6.3 A securities settlement facility should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement and, where appropriate, intraday or multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions.

Since ASX Settlement does not assume liquidity risk as principal, it does not need to maintain liquid resources to cover payment obligations.

6.4 For the purpose of meeting its minimum liquid resource requirement, a securities settlement facility's qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If a securities settlement facility has access to routine credit at the central bank of issue, the securities settlement facility may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed.

Since ASX Settlement does not assume liquidity risk as principal, it does not maintain liquid resources to cover payment obligations in stressed scenarios.

6.5 A securities settlement facility may supplement its qualifying liquid resources with other forms of liquid resources. If the securities settlement facility does so, these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if a securities settlement facility does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. A securities settlement facility should not assume the availability of emergency central bank credit as part of its liquidity plan.

Since ASX Settlement does not assume liquidity risk as principal, it does not maintain liquid resources to cover payment obligations in stressed scenarios.

6.6 A securities settlement facility should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the securities settlement facility or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider's performance reliability with respect to a particular currency, a liquidity provider's potential access to credit from the central bank of issue may be taken into account. A securities settlement facility should regularly test its procedures for accessing its liquid resources at a liquidity provider.

Since ASX Settlement does not assume liquidity risk as principal, it does not maintain liquid resources to cover payment obligations in stressed scenarios.

6.7 A securities settlement facility with access to central bank accounts, payment services or securities services should use these services, where practical, to enhance its management of liquidity risk.

ASX Settlement does not assume liquidity risk as principal.

6.8 A securities settlement facility should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. A securities settlement facility should have clear procedures to report the results of its stress tests to appropriate decision-makers at the securities settlement facility and to use these results to evaluate the adequacy of, and adjust, its liquidity risk management framework. In conducting stress testing, a securities settlement facility should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the securities settlement facility, include all entities that might pose material liquidity risks to the securities settlement facility (such as commercial bank money settlement agents, nostro agents, custodians, liquidity providers and linked FMIs) and, where appropriate, cover a multiday period. In all cases, a securities settlement facility should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains.

Since ASX Settlement does not assume liquidity risk as principal, it does not maintain liquid resources to cover payment obligations in stressed scenarios.

6.9 A securities settlement facility should establish explicit rules and procedures that enable the securities settlement facility to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the securities settlement facility's process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner.

Since ASX Settlement does not assume liquidity risk as principal, it does not need rules and procedures to address a liquidity shortfall.

Standard 7: Settlement finality

A securities settlement facility should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, a securities settlement facility should provide final settlement intraday or in real time.

Rating: Observed

ASX Settlement defines the point at which settlement is final in its Operating Rules, and finality is ensured by the approval of its netting arrangements under Part 3 of the PSNA. Money settlements linked to securities transfers in ASX Settlement occur in RITS. The finality of interbank obligations arising from its settlements is protected by the approval of RITS under Part 2 of the same legislation (SSF Standard 7.1). Final settlement occurs each day in a single multilateral net batch on a DvP Model 3 basis (SSF Standard 7.2). ASX Settlement defines clear cut-off times for the cancellation of payment or transfer instructions (SSF Standard 7.3).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 7 during the 2014/15 Assessment period. ASX Settlement's arrangements for ensuring finality of settlements are described in further detail under the following sub-standards.

7.1 A securities settlement facility's rules and procedures should clearly define the point at which settlement is final.

The point at which settlement is final is defined in the ASX Settlement Operating Rules and Procedures. Settlement of securities transfers is final once ASX Settlement has recorded the transfers of securities in the settlement accounts of participants.

To provide legal certainty to the finality of its settlement process, ASX Settlement has obtained approval for its netting arrangements under Part 3 of the PSNA (see SSF Standard 1.2). In addition, money settlements between commercial settlement banks (known as Payment Providers) as part of the multilateral net batch fall within the scope of the approval of RITS as an RTGS system under Part 2 of the PSNA. With this approval, a payment executed in RITS at any time on the day on which a RITS participant enters external administration has the same standing as if the participant had gone into external administration on the next day. Accordingly, in the event of insolvency all transactions settled on the day of the insolvency are irrevocable and cannot be unwound.

7.2 The securities settlement facility should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. A securities settlement facility should consider adopting real-time gross settlement (RTGS) or multiple batch processing during the settlement day.

Settlement of securities transactions in ASX Settlement occurs on a DvP Model 3 basis in a single net batch on the settlement day (value date). This involves the simultaneous transfer of net payment and net securities obligations between buyers and sellers at the end of the settlement cycle (see SSF Standard 10). Failed settlements are removed from the multilateral net batch via the CHESS back-out algorithm (for a securities shortfall), and rescheduled for settlement on the next day (see SSF Standard 10.2).

ASX Settlement has also developed the functionality to settle securities transactions on a DvP Model 1 basis (by individual line of stock) via its CHESS RTGS service. This functionality is primarily used by AMOs to settle non-ASX listed securities through the Settlement Facilitation Service. Due to the relatively low value and volume of securities being settled through the CHESS RTGS service, as well as the relative netting efficiencies inherent in settling on a DvP Model 3 basis via a single batch, ASX Settlement currently has no plans to increase the frequency of batch settlement beyond once per day.

7.3 A securities settlement facility should clearly define the point after which unsettled payments, transfer instructions or other obligations may not be revoked by a participant.

Participants have until settlement cut-off (typically 10.30 am) on the day of settlement to remove payment or transfer instructions from the settlement batch.

Standard 8: Money settlements

A securities settlement facility should conduct its money settlements in central bank money where practical and available. If central bank money is not used, a securities settlement facility should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money.

Rating: Observed

ASX Settlement conducts its money settlements across the Exchange Settlement Accounts (ESAs) of Payment Providers at the Bank, via RITS (SSF Standard 8.1). ASX Settlement does not conduct settlements across its own books or in commercial bank money (SSF Standards 8.2, 8.3, 8.4, 8.5). Payment Providers that effect money settlements on behalf of participants must be prudentially regulated and meet ASX Settlement's application criteria. The roles and responsibilities of commercial bank Payment Providers are governed by legal agreements between those banks, ASX Settlement, ASX Clear and the Australian Payments Clearing Association (APCA) (SSF Standard 8.3).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 8 during the 2014/15 Assessment period.

ASX Settlement's money settlement arrangements are discussed in further detail under the following sub-standards.

8.1 A securities settlement facility should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks.

ASX Settlement's money settlements are all settled in central bank money. Net payment obligations in ASX Settlement associated with securities transfers are settled between commercial settlement banks, known as Payment Providers, in a single multilateral batch across ESAs at the Bank, via RITS.

8.2 If central bank money is not used, a securities settlement facility should conduct its money settlements using a settlement asset with little or no credit or liquidity risk.

Money settlements in ASX Settlement are effected using central bank money.

8.3 If a securities settlement facility settles in commercial bank money or its participants effect settlements using commercial settlement banks, it should monitor, manage and limit credit and liquidity risks arising from the commercial bank money settlement agents and commercial settlement banks. In particular, a securities settlement facility should establish and monitor adherence to strict criteria for commercial banks appropriate to their role in the settlement process, taking account of matters such as their regulation and supervision, creditworthiness, capitalisation, access to liquidity and operational reliability. A securities settlement facility should also monitor and manage the concentration of its and its participants' credit and liquidity exposures to commercial bank money settlement agents and settlement banks.

Participants in ASX Settlement use commercial bank Payment Providers to effect money settlements on their behalf. Payment Providers must be approved by ASX Settlement and their provision of this service is governed by the terms of a standard deed. A Payment Provider must submit an application to ASX Settlement and meet the following criteria:

• be approved by the Australian Prudential Regulation Authority (APRA) as an authorised deposit-taking institution for the purpose of carrying out banking business within Australia
• be a member of RITS with an ESA
• have the operational capacity to make payments to participants and on behalf of participants
• have executed the standard client payment deed
• have the technical ability to connect to CHESS, and the technical and financial capacity to participate in DvP settlement.

ASX Settlement does not have a formal process to monitor that Payment Providers meet these criteria on an ongoing basis, other than to observe that they remain connected to CHESS and continue to meet payment obligations by the required cut-off times. In the event that a Payment Provider experienced operational difficulties or failed to meet cut-off times, ASX Settlement would investigate the matter through senior-level discussions with the affected Payment Provider.

Currently there are 12 Payment Providers. ASX periodically monitors the proportion of participants that use each Payment Provider, but this is not subject to frequent change. ASX has identified that two large Australian banks act as Payment Providers for a large share of participants; however, the average value of daily settlements involved is small relative to the financial and operational capacity of these banks.

The terms of Payment Provider arrangements are covered by the CHESS Payment Interface Standard Payments Provider Deed, entered into by ASX Settlement, ASX Clear, APCA and the relevant commercial bank. This deed sets out payment authorisation deadlines and other operational requirements for Payment Providers that act as commercial settlement banks for participants. Changes to the deed were implemented during 2014/15 to support the introduction of enhanced client protection arrangements (see Appendix A1.1, CCP Standard 13). Further changes to the deed have been agreed to support the transition from a three-day to a two-day equities settlement cycle in March 2016 (see SSF Standard 10.2).

The process of updating the deed involves negotiation with APCA and Payment Providers, which can create delays in implementing changes to authorisation deadlines or other operational requirements required to support changes to the settlement process. During 2014/15, ASX worked with APCA to establish a framework for formally engaging Payment Providers on changes to settlement processes in response to regulatory or market-driven change. This took the form of an APCA standing sub-committee comprising representatives of the Payment Providers, with ASX acting as an ‘observer’. The role of the committee is to consider and provide feedback on proposed amendments to the Standard Payments Provider Deed, facilitate consultation with Payment Providers, and ensure that Payment Providers are notified of any upcoming developments. The Bank will monitor ASX Settlement's interaction with the sub-committee.

8.4 If a securities settlement facility conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks.

ASX Settlement does not conduct money settlements on its own books.

8.5 A securities settlement facility's legal agreements with any commercial bank money settlement agents should state clearly when transfers on the books of the relevant commercial bank are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the securities settlement facility and its participants to manage credit and liquidity risks.

ASX Settlement does not conduct settlements via commercial bank money settlement agents. Participants' arrangements with Payment Providers are conducted under legal agreements between the parties involved. ASX Settlement does, however, maintain separate agreements with Payment Providers regarding operational requirements (see SSF Standard 8.3).

Standard 9: Central securities depositories

A securities settlement facility operating a central securities depository should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A securities settlement facility operating a central securities depository should maintain securities in an immobilised or dematerialised form for their transfer by book entry.

Rating: Observed

ASX Settlement operates a central securities depository that maintains a record of securities holdings and movements for ASX-listed securities, and securities listed by AMOs, through the CHESS sub-register. Securities registries maintain a separate record of holdings on behalf of issuers, using information on securities movements provided by CHESS. ASX Settlement employs a range of controls to ensure the integrity of these securities, which are subject to annual audit. ASX Settlement's Operating Rules and Procedures identify participants' interests in each type of security held within ASX Settlement, identify how these interests can be transferred within the facility, and provide that participants' securities would not be subject to claims by creditors in the event that ASX Settlement entered external administration (SSF Standard 9.1).

ASX Settlement does not allow overdrafts or debit balances in securities accounts within its system, and all securities (or interests in securities) are held in a dematerialised form (SSF Standards 9.2, 9.3). ASX Settlement's Operating Rules set out its obligations in providing safekeeping of participant assets, and ASX Settlement employs operational controls and insurance to mitigate custody risk (SSF Standard 9.4). Participant assets are segregated from ASX Settlement's own assets, and ASX Settlement supports the segregation of participant and client assets through the use of identifiers for securities holders (SSF Standard 9.5). ASX Settlement does not provide any ancillary services that could pose a risk to its central securities depository function (SSF Standard 9.6).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 9 during the 2014/15 Assessment period. ASX Settlement's arrangements for its central securities depository activities are described in further detail under the following sub-standards.

9.1 A securities settlement facility operating a central securities depository should have appropriate rules, procedures and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains.

ASX Settlement employs a range of controls to ensure the integrity of securities held in CHESS. It maintains dual redundancy and a synchronous data update model which ensures that securities holding data are consistent across primary and backup data centres (see SSF Standard 14). A monthly statement is sent to securities holders to report changes in their holdings of securities on the CHESS sub-register, and issuer registries are sent daily information on the movement of securities to enable them to accurately maintain company registers.

Annual audits of CHESS system controls are conducted by an external auditor and the resulting report is published on the ASX website. These audits assess controls over transaction processing, as well as change management, security protocols, data system operations and disaster recovery planning. The auditor's opinion is provided under the Australian Government Auditing and Standards Board standard ASAE 3402 – Assurance Report on Controls at a Service Organisation. ASX Internal Audit performs an additional risk-based audit of key CHESS functions on a rolling three-year cycle.

These rules and procedures should:

(a) identify the type of title or interest held by participants for particular securities, to the extent such title or interest is recognised by the facility's rules and procedures;

Securities are dematerialised (electronic) and held in CHESS. Title is held in the name of clients of ASX Settlement participants. Encumbrances are recorded by placing a holding lock on securities that have been pledged for collateral against margin obligations to ASX Clear or are subject to participation in a buy-back or takeover, or that are subject to actions such as court orders or bankruptcy proceedings. Sub-positions of securities pledged as collateral to ASX Clear are reconciled against records in the Derivatives Clearing System (DCS) at least annually.

A CHESS sub-register forms part of the issuer's primary securities register. Maintenance and reconciliation of the complete register is the responsibility of the issuer or its appointed agent. Most ASX Settlement participants settle across a centralised settlement account and subsequently allocate securities to end-clients in the CHESS sub-register. As part of its end-of-day processes, CHESS reports net movements on each sub-register to the holder of the issuer's complete register. Settlement participants utilise the centralised account under ‘trust’ provisions and are obliged to give irrevocable legal title to an end-client as long as that client has met all relevant conditions in respect of the settlement.

For securities that cannot be directly held in a dematerialised form in CHESS (e.g. Australian Government securities), ASX Settlement utilises the CHESS Depository Interest (CDI) structure. Under this structure, the security is held in a separate securities depository, in which legal title is recorded, but a beneficial interest known as a CDI is created and maintained in CHESS. Holders of CDIs have beneficial, but not legal, ownership of the underlying security. Legal title is held by a related entity of ASX Settlement, CHESS Depository Nominees Pty Limited, or another nominee as appointed by the issuer.

(b) clearly identify the way in which the transfer of (or any other forms of dealing with) securities and related payments can be effected through the facility; and

The transfer of title to securities in CHESS is given effect by electronic book entry. Settlement occurs via a DvP Model 3 process in a daily scheduled batch settlement cycle (see SSF Standard 10). The ASX Settlement Operating Rules and Procedures also provide for the free-of-payment transfer of securities, where required.

(c) ensure that, to the extent permissible by law, the creditors of the operator of the securities settlement facility have no claim over securities or other assets held, deposited or registered by participants in the facility.

In the event of ASX Settlement's insolvency, the rules and arrangements for title within ASX Settlement provide a high degree of assurance that participants' securities would be immune from claims by ASX Settlement's creditors. ASX Settlement is not the legal owner of any participant or client assets; these assets are recorded in CHESS in the name of the participant or sponsored client.

9.2 A securities settlement facility operating a central securities depository should prohibit overdrafts and debit balances in securities accounts.

Participants do not maintain cash accounts with ASX Settlement, removing the possibility of overdrafts or the extension of credit. CHESS does not allow the movement of securities from a holding that exceeds the available securities in the holding, preventing any potential debit balance in securities accounts.

9.3 A securities settlement facility operating a central securities depository should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a securities settlement facility operating a central securities depository should provide incentives to immobilise or dematerialise securities.

Securities held in CHESS are dematerialised; securities underlying a CDI are immobilised and held by a nominee on behalf of the beneficial owner (see SSF Standard 9.1).

9.4 A securities settlement facility operating a central securities depository should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework.

ASX Settlement has identified potential custody risks arising from negligence, misuse of assets, fraud, poor administration, or inadequate recordkeeping. Operational controls to mitigate these risks include segregation of duties, access restrictions and authorisation checks. ASX Settlement's Operating Rules allow ASX Settlement to give advice to a participant or issuer to correct an error that it has caused. If ASX Settlement causes an error in its securities holdings, it is responsible for correcting that error.

ASX Settlement is covered by the ASX Group general and professional indemnity insurance policy for civil liabilities arising from its central securities depository activities. Where losses are the result of employee wrongdoing or a computer manipulation, ASX Settlement is covered by the ASX Group comprehensive Crime Policy.

9.5 A securities settlement facility operating a central securities depository should employ a robust system that ensures segregation between its own assets and the securities of its participants, and segregation among the securities of participants. Where supported by the legal framework, a securities settlement facility operating a central securities depository should also support operationally the segregation of securities belonging to a participant's customers on the participant's books and facilitate the transfer of customer holdings.

ASX Settlement is not the legal owner of any participant or client assets; these assets are recorded in CHESS in the name of the participant or sponsored client. CHESS provides an account structure that ensures the legal and operational segregation of participants' securities in CHESS and the segregation of clients' securities from those of participants. Under this account structure, securities are held against a unique Holder Identification Number for each client or participant.

However, during the settlement cycle there is a period in which securities have to be transferred into a separate ‘entrepot’ settlement account with no operational segregation between participant and client securities (reflecting the account structure at ASX Clear – see Appendix A1.1, CCP Standard 13; see also SSF Standard 10.2). Prior to transfer to the settlement account, client securities may be temporarily placed in an ‘accumulation’ account in the name of the participant. The client remains the beneficial owner of securities in the accumulation account until the point of transfer to the settlement account. In May 2015, ASX Settlement implemented rule changes that require participants to fund any transfer of securities beneficially owned by clients into their settlement account, by depositing the net sale proceeds into the client trust account concurrent with the CHESS batch settlement process. These changes were intended to ensure that clients remain beneficially in possession of their securities or corresponding funds for all but a brief window during the settlement period (see SSF Standard 10.2 and Appendix A1.1, CCP Standard 13).

9.6 A securities settlement facility operating a central securities depository should identify, measure, monitor and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks.

ASX Settlement does not perform any ancillary activities that may pose a risk to the operation of its central securities depository function. It does not provide a centralised securities lending facility or act as a principal in securities lending transactions.

Standard 10: Exchange-of-value settlement systems

If a securities settlement facility settles transactions that comprise the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other.

Rating: Observed

ASX Settlement eliminates principal risk in settlements involving the transfer of a security in exchange for cash by ensuring that delivery occurs if and only if the associated payment is settled at the same time (SSF Standard 10.1). For the purchase of securities, ASX Settlement does this through the use of a DvP Model 3 settlement mechanism, which completes settlement via a multilateral net batch (SSF Standard 10.2).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 10 during the 2014/15 Assessment period. ASX Settlement's arrangements for exchange-of-value settlements are described in further detail under the following sub-standards.

10.1 A securities settlement facility that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the securities settlement facility settles on a gross or net basis and when finality occurs.

ASX Settlement eliminates principal risk by ensuring that the settlement of securities delivery obligations occurs if and only if associated payment obligations are settled. It does so by performing both its cash and securities settlements in a multilateral net batch on a DvP Model 3 basis (see SSF Standard 10.2).

10.2 A securities settlement facility that is an exchange-of-value settlement system should eliminate principal risk by linking the final settlement of one obligation to the final settlement of the other through an appropriate delivery versus payment (DvP), delivery versus delivery (DvD) or payment versus payment (PvP) settlement mechanism.

ASX Settlement links the final settlement of securities and payment obligations through a DvP Model 3 mechanism, where final securities and payments transfers occur contemporaneously on a multilateral net basis through a single batch of instructions. The settlement of securities via this mechanism involves several steps (including related steps taken for the clearing of novated transactions in ASX Clear and the ‘priming’ of settlement accounts) (Figure 1).

Step 1: Once a trade has been executed on either the ASX or Chi-X markets, a trade-related instruction is sent to CHESS.

Step 2: Once CHESS validates these trades they are novated in real time to ASX Clear and CHESS sends messages to the relevant clearing participants and the market on which the trade was executed, notifying them that the trade has been accepted and cleared. Trades that have the same clearing participant as buyer and seller, called clearing crossings, are not novated, netted or scheduled for settlement in the CHESS batch. To facilitate the remaining back-office processes for these trades, CHESS sends a single message to the clearing participant confirming the trade's details. The settlement of clearing crossings is negotiated bilaterally between brokers and their clients, and occurs when securities are transferred between broker and client settlement accounts.

Step 3: At T+1, CHESS generates a single net batch instruction reflecting the net position of each participant's novated trades in each line of stock. Before netting, clearing participants can mutually agree to block a transaction from netting, or delete or modify existing novated transactions. If matching instructions are sent from both clearing participants that are counterparties to a particular trade, CHESS sends messages to the clearing participants confirming that instructions for that trade have been processed.

Step 4: Between T+1 and T+3, participants can also instruct CHESS to include additional non-novated (off-market) transactions in the batch at T+3. During 2014/15, around 81 per cent of the value of net securities settled in the final batch was in respect of non-novated transactions. Non-novated trades mainly arise from three types of activities: pre-positioning transfers of securities across accounts; securities lending to cover a short sale or a shortfall in a participant's securities account; and off-market trades. Pre-positioning involves transferring securities to a participant's entrepot settlement account, i.e. a centralised settlement account.

Step 5: On the evening before settlement, ASX Settlement notifies each participant of its projected net cash payment obligations. Participants have until 10.30 am to negotiate any additional non-novated transfers necessary to ‘prime’ their accounts for settlement. After the cut-off for new instructions, transfer of securities positions is stopped in CHESS pending completion of transfer once cash movements have been confirmed (Step 6), and participants' Payment Providers are requested to fund the net cash obligations of settlement participants.

Step 6: Payment obligations are settled between Payment Providers in RITS as a single daily multilateral net batch. Immediately upon confirmation from RITS that the funds transfers have been settled, ASX Settlement completes the net securities transfers in CHESS, thus ensuring DvP settlement. This typically occurs at around 11.30 am. CHESS then notifies the participants that settlement has been completed successfully.

Step 7: At the end of the day, CHESS reports net movements on each sub-register to the holder of the issuer's complete register.

There is considerable activity in the hours prior to the 10.30 am cut-off for settlement instructions as participants arrange to lend and transfer securities in order to prime their settlement accounts. Settlement participants may wait until the morning of T+3 to complete the priming of their accounts, partly due to the need to wait for final matched settlement instructions from offshore clients. As a consequence, fails in delivery of securities are a daily occurrence, although fail rates are relatively low by international comparison. The failure of a participant to meet payment obligations is a much rarer occurrence and may be indicative of problems that are not merely operational.

If a participant is unable to settle its scheduled obligations in the batch, due to a shortfall in either securities or funds, ASX Settlement's rules allow for all or some of the transactions of the affected participant to be either ‘backed out’ or settled by means of an offsetting transaction (see Appendix A1.1, CCP Standard 7.3). If the failed transactions relate to a shortfall of securities, these are rescheduled for settlement on the next settlement day. If the failed transactions related to a shortfall of funds, however, ASX Clear would, as part of its default management strategy, consider injecting liquidity to ensure the settlement of novated trades. If this did not occur, ASX Clear would settle novated trades by entering into OTAs with participants due to deliver securities. These offsetting transactions would be scheduled for settlement on the next settlement day.

ASX Settlement's back-out algorithm is used to identify transactions to be rescheduled or settled by means of offsetting transactions. The algorithm seeks to remove or roll over as few transactions from the batch as possible, maximising settlement values and volumes, while minimising the spillover to other participants. Transactions unrelated to novated settlement obligations would typically be backed out first. In 2014/15, an average of 0.07 per cent of settlement transactions were recorded as ‘initial fails’ (where a participant has insufficient stock on T+3), with an average of 0.33 per cent of settlements rescheduled following the application of the back-out algorithm. Both initial fails and rescheduled settlements were slightly higher as a proportion of total settlements than in 2013/14.

As recommended by the Forum and Business Committee established under the Code of Practice, ASX intends to shorten the equities settlement cycle described above to a two-day cycle. The transition to a T+2 settlement cycle is being targeted for March 2016. In recognition of the potential impact of a shortened cycle on participant arrangements to process and pre-position securities for settlement, the 10.30 am cut-off for batch settlement instructions will be extended to 11.30 am (see Section 3.5.6).

The use of the DvP Model 3 settlement mechanism described above is acceptable for ASX Settlement given the relatively low average value of securities transactions involved. In 2013/14, the average value of individual gross settlement instructions in ASX Settlement (for both novated and non-novated transactions) was around $11,200. This compares with an average of $30.1 million for an individual DvP settlement instruction for debt securities in Austraclear.

DvP Model 1 settlement (real time exchange of individual obligations) has certain risk management advantages over DvP Model 3 settlement, since the latter framework may only settle on an all or nothing basis. However, DvP Model 3 may be advantageous for a settlement system servicing a CCP that manages its risk on a net portfolio basis. Partial settlement (due to a clearing participant default) under DvP Model 1 would alter net exposures upon which the CCP's risk controls are based. This issue may be addressed within a DvP Model 1 framework by managing the order in which obligations are settled. However, achieving this may be complex and introduce inefficiencies from a liquidity viewpoint. Accordingly, while in its 2008 Review of Settlement Practices for Australian Equities the Bank encouraged ASX to consider introducing a DvP Model 1 settlement mechanism for cash equities over the medium term, the Bank accepts that, taking into account these complexities, neither ASX nor market participants are persuaded of the need to move to a new settlement model.^[10] Furthermore, ASX has taken actions since the 2008 review to further strengthen the resilience of the batch settlement process.

During 2014/15, the average daily value of Australian Government securities settled in the CHESS batch was less than $1 million, compared with $40.3 billion in debt securities transactions settled in Austraclear, suggesting that there has been no significant movement of wholesale Australian Government securities transactions into the CHESS batch. Initial settlement values from ASX Settlement's mFund service (for payments related to unlisted managed funds) have been small relative to the size of the gross value of settlements in the CHESS batch. While neither the settlement of Australian Government securities or mFund transactions within the CHESS batch currently pose significant risks to the batch process, the Bank will continue to monitor the use of both services.

Standard 11: Participant default rules and procedures

A securities settlement facility should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the securities settlement facility can take timely action to contain losses and liquidity pressures and continue to meet its obligations.

Rating: Observed

ASX Settlement has powers under its Operating Rules and Procedures to manage a participant default, and has documented procedures setting out how to manage a default. Powers available to ASX Settlement include powers to suspend or terminate the participant status of a defaulting participant (SSF Standards 11.1, 11.2). Participants are also required to report default events or an expected default to the SSF. ASX Settlement sets out its default management powers in its Operating Rules and Procedures (SSF Standard 11.3). Given that ASX Settlement is not exposed to financial loss in the event of a participant default, its handling of a default situation is largely procedural in nature (SSF Standard 11.4). ASX Settlement's default management arrangements are designed for the particular characteristics of its activities, and take into account potential impacts on Australian markets (SSF Standard 11.5).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 11 during the 2014/15 Assessment period. ASX Settlement's default management arrangements are described in further detail under the following sub-standards.

11.1 A securities settlement facility should have default rules and procedures that enable the securities settlement facility to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. A securities settlement facility should ensure that financial and other obligations created for non-defaulting participants in the event of a participant default are proportional to the scale and nature of individual participants' activities.

ASX Settlement does not provide participants with a guarantee against credit or liquidity risk. Nevertheless, the design of the system precludes principal credit exposures arising between participants. ASX Settlement is not exposed to risk as a participant and has no settlement obligations arising from its role as a provider of a settlement facility, including in the event of a default. Settlement occurs on a DvP Model 3 basis, with contemporaneous multilateral net settlement of securities transfers in ASX Settlement and associated funds movements in RITS (see SSF Standard 10.2). Finality of settlement is protected by the approval of ASX Settlement's netting arrangements under the PSNA. The default of a participant in ASX Settlement would not require the SSF to meet obligations on its behalf, although it could alter the obligations of non-defaulting participants if the default resulted in the reconstitution of ASX Settlement's multilateral net batch prior to settlement (see SSF Standard 11.3).

Section 12 of the ASX Settlement Operating Rules sets out the circumstances in which ASX may suspend or impose restrictions on participation. These include events of ‘non-compliance’, such as: entry or suspected entry into external administration, or the failure to comply with participation requirements; a failure or anticipated failure of a participant's Payment Provider to authorise its net payment obligation; or a failure to comply with legal or regulatory obligations. ASX Settlement maintains documented procedures for dealing with the default of a participant, including back-out procedures to reconstitute the multilateral net batch. The default of a settlement-only participant would be managed by the PIRC, while the default of a settlement participant that is also a participant in ASX Clear would be managed by the ASX Default Management Committee in accordance with ASX Clear's Default Management Framework (see Appendix A1.1, CCP Standard 12). The PIRC is chaired by the GE, Operations, and is made up of senior staff from the operational, risk management, compliance and legal departments.

11.2 A securities settlement facility should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. This requires that the securities settlement facility should:

1. require its participants to inform it immediately if they:
   1. become subject to, or aware of the likelihood of external administration, or have reasonable grounds for suspecting that they will become subject to external administration; or
   2. have breached, or are likely to breach, a risk control requirement of the securities settlement facility; and
2. allow for the cancellation or suspension of a participant or commercial settlement bank from the securities settlement facility:
   1. if the participant or commercial settlement bank is in external administration; or
   2. if there is a reasonable suspicion that the participant or commercial settlement bank may become subject to external administration; and
3. allow participant users of a commercial settlement bank which becomes subject to external administration, or which is reasonably likely to become subject to external administration, to quickly nominate a new commercial settlement bank.

ASX Settlement's Operating Rules and Procedures provide for the cancellation or suspension of a participant or a Payment Provider in the event that it becomes subject to external administration, or if ASX Settlement reasonably suspects that this may occur. A participant or a Payment Provider is also required to notify ASX Settlement if it, or any other participant or Payment Provider to its knowledge, becomes subject to external administration or where it reasonably suspects that this may occur.

The ASX Settlement Operating Rules and Procedures allow a participant to nominate a new Payment Provider if its current provider is subject to, or is reasonably likely to become subject to, external administration.

In May 2015 ASX Settlement employed its default management procedures to address the appointment of an external administrator to BBY Limited. The steps taken by ASX to manage this default are described in more detail in Appendix A1.1, CCP Standard 12.2 and Section 4.

11.3 A securities settlement facility should publicly disclose key aspects of its default rules and procedures. Where a securities settlement facility settles via a multilateral net batch, arrangements for dealing with any unsettled trades of a defaulting participant that are not guaranteed by a central counterparty, such as reconstituting the multilateral net batch excluding the settlement obligations of the defaulting participant, should be clear to all its participants and should be capable of being executed in a timely manner.

ASX Settlement's Operating Rules and Procedures are published on the ASX public website. These include requirements for participants to give notice of insolvency or the reasonable possibility of insolvency and the rights of ASX Settlement to suspend or terminate participant status in an event of non-compliance.

If a participant is unable to settle its scheduled obligations in the batch, due to a shortfall in either securities or funds, ASX Settlement's Operating Rules allow for all or some of the transactions of the affected participant to be either ‘backed out’ or settled by means of an offsetting transaction (see Appendix A1.1, CCP Standard 7.3). If the failed transactions relate to a shortfall of securities, these are rescheduled for settlement on the next settlement day. If the failed transactions related to a shortfall of funds, however, ASX Clear would, as part of its default management strategy, consider injecting liquidity to ensure the settlement of novated trades. If this did not occur, ASX Clear would settle novated trades by entering into OTAs with participants due to deliver securities. These offsetting transactions would be scheduled for settlement on the next settlement day.

ASX Settlement's back-out algorithm is used to identify transactions to be rescheduled or settled by means of offsetting transactions. The algorithm seeks to remove or roll over as few transactions from the batch as possible, maximising settlement values and volumes, while minimising the spillover to other participants. Transactions unrelated to novated settlement obligations would typically be backed out first.

ASX Settlement's back-out arrangements are described in Rule 10.11 of the ASX Settlement Operating Rules, as well as in related Procedures available to participants.

11.4 A securities settlement facility should involve its participants and other stakeholders in the testing and review of the securities settlement facility's default procedures. Such testing and review should be conducted at least annually and following material changes to the rules and procedures to ensure that they are practical and effective.

ASX conducts regular in-house default management ‘fire drills’ to test default procedures as they would apply to participants across one or more of the ASX CS facilities. While the focus of the fire drills is on the more complex scenario of a clearing participant default, procedures for managing the default of an ASX Settlement participant are also tested to the extent that clearing participants also participate in ASX Settlement. Settlement-only aspects of default management are less complex, and ASX has determined that its testing of default procedures in the context of a clearing participant default is sufficient to ensure that ASX Settlement's default procedures are practical and effective.

11.5 A securities settlement facility should demonstrate that its default management procedures take appropriate account of interests in relevant jurisdictions and, in particular, any implications for pricing, liquidity and stability in relevant financial markets.

Participants include both Australian and overseas brokers with a significant domestic presence, including subsidiaries of Australian and overseas banks. Products settled by ASX Settlement are traded on Australian markets and denominated in Australian dollars. Accordingly, default management actions would be taken during the local time zone for all participants.

Standard 12: General business risk

A securities settlement facility should identify, monitor and manage its general business risk and hold, or demonstrate that it has legally certain access to, sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services.

Rating: Observed

ASX Settlement identifies, monitors and manages its general business risks in the context of its overall Enterprise Risk Management Policy (SSF Standard 12.1). It has access to sufficient funds held at group level to support continued operations as a going concern if it incurs general business losses. These funds are backed by equity and invested in liquid assets. The legal basis of ASX Settlement's access to funds held at group level is set out in the ASX Group Support Agreement (SSF Standards 12.2, 12.3, 12.4). During the Assessment period, ASX Settlement enhanced its recovery arrangements in line with the CPMI-IOSCO guidance on recovery planning (SSF Standard 12.3). ASX maintains viable arrangements to raise additional equity for its CS facilities as required (SSF Standard 12.5).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 12 during the 2014/15 Assessment period. While existing arrangements are assessed to meet the minimum standard, the Bank encourages ASX Settlement to test and review its capacity to raise additional equity to replenish general business risk capital.

ASX Settlement's management of general business risk is described in further detail under the following sub-standards.

12.1 A securities settlement facility should have robust management and control systems to identify, monitor and manage general business risks, including losses from poor execution of business strategy, negative cash flows or unexpected and excessively large operating expenses.

ASX's approach to business risk is consistent with its overall Enterprise Risk Management Policy and Framework (see SSF Standard 3). Under the framework, formal policies are in place for individual risk categories such as accounting, authorisations, business continuity, technology, fraud control and procurement.

ASX monitors a variety of financial business risks, including market risk, credit risk, liquidity risk and capital risk.

• Group funds (as distinct from collateral lodged by participants) may be exposed to market risk due to changes in market variables such as interest rates, foreign exchange rates and equity prices. Mitigants for market risk include hedging of foreign exchange risk and monitoring of equity price risk, with appropriate capital allocation.
• Credit risk for the Group's general business activities arises in the collection of receivables, which principally comprise fees from market participants, issuers, users of market data and other customers. Mitigants include active collection procedures on trade receivables and ‘ageing’ of receivable amounts.
• Liquidity risk arises from the Group's time-critical payables, and is mitigated by prudent liquidity management, with forward planning and forecasting of liquidity requirements.
• ASX may be exposed to capital risk if equity in group entities falls below prudent or regulatory minimum levels. ASX manages its capital at a group level, in accordance with an objective of maintaining a prudent level of surplus net tangible equity. Ongoing monitoring of cash flows and capital adequacy is conducted via quarterly meetings of CALCO.

ASX undertakes periodic strategic risk assessments in the context of its overall business plans. Through this process, ASX identifies new strategic business initiatives, such as the projects that delivered the ASX Collateral and over-the-counter derivatives clearing services. These are subject to financial analysis, which includes high, low and base case revenue assumptions and forecasts. Impacts on capital are also determined and analysed.

ASX undertakes risk assessments when undertaking any expansion of its activities or in the event of material changes to its business. Risk assessments are built into ASX's project management framework (see SSF Standard 14.4). Under this framework an initial high-level risk indication is defined at the project concept stage. This is followed by a formal project risk assessment covering both project delivery risks and impacts to business activities. ASX typically conducts a series of workshops involving project staff to discuss risks associated with any planned new service. Prior to the approval of a project for launch/production, ASX prepares an operational readiness summary and conducts a final workshop to discuss possible risks associated with initial launch. This includes consideration of potential failure scenarios and workarounds, procedures for escalation of issues, and help desk and key staff availability.

Following launch, the risks of a new activity are captured in risk profiles that are prepared by department management every six months. CALCO also monitors actual and forecast capital and liquidity requirements on a quarterly basis, including requirements related to new projects.

12.2 A securities settlement facility should hold, or demonstrate that it has legally certain access to, liquid net assets funded by equity (such as common stock, disclosed reserves or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity a securities settlement facility should hold, or have access to, should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken.

ASX has set aside $241 million for operational and business risk across the four ASX Group CS facilities, $166 million of which has been attributed specifically to operational and business risks across both Austraclear and ASX Settlement. Since ASX has identified constraints to making business risk capital bankruptcy remote within the SSFs, this capital is held at the ASX Group level. Each CS facility has a separate allocation for business risk capital that is explicitly recognised within group-wide capital holdings. These holdings include an additional buffer against potential losses sustained elsewhere in the group. The ASX Group Support Agreement places an obligation on ASX to maintain sufficient capital to support ASX Settlement's continued operations in the event of general business losses, supporting the legal certainty of ASX Settlement's access to business risk capital as required.

In determining the sufficiency of the $166 million in operational and business risk capital set aside for ASX Settlement and Austraclear, ASX first calculated risk amounts for the individual SSFs. This was based on a methodology in use at other SSFs, fund managers and custodians that applies a capital charge for operational and business risk to the value of securities held in the facility. The correlation between asset values and associated risks is modelled on a percentage basis, with the percentage of required risk resources declining as the level of assets increases – recognising that a significant part of the risk resources required will represent a fixed cost. ASX's application of this methodology results in a charge of 0.74 basis points on $1.55 trillion of securities held in ASX Settlement and a charge of 0.68 basis points on $1.75 trillion securities held in Austraclear, giving a required value of risk resources of around $115 million and $120 million for ASX Settlement and Austraclear, respectively.

ASX assumes that the two facilities will not both require their full risk funds at the same time. This reflects that the custodial and operational risks that this capital is calibrated to cover are unlikely to result in simultaneous peak losses in both SSFs. ASX has applied a ‘square root of the sum of squares’ formula to arrive at the figure of $166 million to cover the operational and business risk exposure of the two settlement facilities. The business risk capital held in respect of the SSFs is sufficient to ensure that, even if one SSF were to utilise the full value of its required risk resources ($115 million and $120 million for ASX Settlement and Austraclear respectively), sufficient funds would be available to fund the other SSF's recovery plan and meet the single largest uninsured business loss event for that facility. In addition, ASX's general capital buffer is sufficient to ensure that it would remain able to provide to the second SSF the full value of its required risk resources in the event that this was required.

12.3 A securities settlement facility should maintain a viable recovery or orderly wind-down plan and should hold, or have legally certain access to, sufficient liquid net assets funded by equity to implement this plan. At a minimum, a securities settlement facility should hold, or have legally certain access to, liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under SSF Standard 4 on credit risk and SSF Standard 6 on liquidity risk. However, equity held under international risk-based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements.

ASX Settlement has developed a plan setting out options for its recovery or wind-down based on its existing Operating Rules, and has developed enhancements to this plan, in line with CPMI-IOSCO guidance on recovery planning (see SSF Standard 3.5). ASX will be formally documenting its enhanced recovery arrangements over the coming period. In calculating the quantum of business risk capital described under SSF Standard 12.2, ASX has sought to ensure access to sufficient liquid net assets to fund operations during the execution of ASX Settlement's recovery plan or to cover a minimum of six months of current operating expenses.

ASX Settlement's enhanced recovery approach establishes arrangements to address losses that arise from a range of general business risks. These general business losses to ASX Settlement would be absorbed by ASX, including through application of general business risk capital held for the SSFs by ASX Limited (see SSF Standard 12.2). This recovery approach takes into account that ASX supplements its business risk capital through the use of insurance to cover its exposure to a broad range of risks (including coverage of professional indemnity and fraud risks). ASX Limited has also committed to maintaining adequate levels of business risk capital for the CCPs and SSFs, recapitalising these funds as required (SSF Standard 12.5).

12.4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the securities settlement facility to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions.

The risk capital for ASX's CS facilities is invested in accordance with the ASX Limited and ASX Operations Pty Limited Investment Mandate. The Investment Mandate specifies investment objectives, responsibilities, approved products and counterparties, and audit and maintenance of the mandate. Approved products are generally highly rated and liquid products such as: cash deposits; bank bills, negotiable certificates of deposit and floating rate notes issued by APRA-approved ADIs; foreign exchange in specified currencies; Australian Government securities; and selected semi-government securities. Limits are applied against counterparty, liquidity and market risks. Liquidity limits are specified for maximum instrument maturity and weighted average maturity.

12.5 A securities settlement facility should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly.

As noted, ASX Limited manages its operational and business risk capital at the group level. The ASX Limited Board monitors the ongoing capital adequacy of the ASX Group as part of its regular capital planning activities. The Board determines the most appropriate means of raising additional capital when needed, giving due consideration to prevailing market conditions and available alternative financing mechanisms. For example, in June 2013, ASX Limited conducted a capital raising by way of a $553 million share entitlement offer, with the bulk of the funds being used to increase the business risk capital of the CS facilities and their pooled financial resources to deal with a participant default.

ASX Settlement's enhanced recovery approach depends on timely and reliable recapitalisation processes to address general business losses. ASX Settlement is therefore reviewing its recapitalisation arrangements to ensure consistency with its enhanced recovery plan. The Bank will continue to discuss recapitalisation arrangements with ASX Settlement over the 2015/16 Assessment period.

Standard 13: Custody and investment risks

A securities settlement facility should safeguard its own and its participants' assets and minimise the risk of loss on and delay in access to these assets. A securities settlement facility's investments should be in instruments with minimal credit, market and liquidity risks.

Rating: Not applicable

ASX Settlement does not have any financial investments, and its participants do not lodge collateral or other assets with the SSF. $166 million of general business risk capital for both ASX Settlement and Austraclear is invested at the group level. Arrangements for the investment of those funds are discussed under SSF Standard 12.

The Bank has concluded that SSF Standard 13 does not apply to ASX Settlement.

13.1 A securities settlement facility should hold its own and its participants' assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures and internal controls that fully protect these assets.

Not applicable to ASX Settlement.

13.2 A securities settlement facility should have prompt access to its assets and the assets provided by participants, when required.

Not applicable to ASX Settlement.

13.3 A securities settlement facility should evaluate and understand its exposures to its custodians, taking into account the full scope of its relationships with each.

Not applicable to ASX Settlement.

13.4 A securities settlement facility's investment strategy should be consistent with its overall risk management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect.

Not applicable to ASX Settlement.

Standard 14: Operational risk

A securities settlement facility should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the securities settlement facility's obligations, including in the event of a wide-scale or major disruption.

Rating: Observed

ASX Settlement's key operating system is CHESS.

ASX Settlement manages its operational risks in the context of its group-wide Enterprise Risk Management Framework (SSF Standard 14.1). Responsibility for approving and reviewing operational risk management policy is shared between the ASX Limited and CS Boards, the Audit and Risk Committee and individual departments. The management of each department is responsible for implementing operational risk controls in their respective areas (SSF Standard 14.2). ASX Settlement sets clear operational reliability objectives and pursues policies designed to achieve those objectives. Key objectives for CHESS, such as minimum availability of 99.8 per cent and peak capacity utilisation of 50 per cent, were met during the Assessment period. ASX Settlement maintains physical and information security policies based on relevant domestic and international standards (SSF Standard 14.3). ASX Settlement considers that it has sufficient well-trained and competent personnel and other resources to operate CHESS. During the Assessment period, ASX Settlement prioritises its projects to ensure that business development work does not risk the availability of these resources for key systems during the Assessment period (SSF Standard 14.4).

ASX Settlement manages operational interdependencies with participants and with ASX Clear through its participant monitoring processes and group-wide risk management framework, respectively (SSF Standard 14.5). Its dependencies on service providers and utilities are subject to ongoing monitoring and contingency arrangements where appropriate. ASX Settlement has introduced clauses in its legal agreements with key outsourcing and critical service providers that impose requirements on those providers equivalent to those under the FSS, access to information for the Bank, and notice to the Bank in the case of termination (SSF Standards 14.9, 14.10, 14.11).

ASX Settlement also maintains business continuity arrangements that provide a high degree of redundancy and, through the use of dual sites, target the resumption of operations within two hours following disruptive events. These arrangements are regularly tested in real time during live operations (SSF Standard 14.7). Participants are required to maintain appropriate operational and business continuity arrangements that complement ASX Settlement's own arrangements, and are appropriate to the nature and scale of their business. ASX Settlement monitors participants' compliance with these requirements, and broader operational performance, on an ongoing basis (SSF Standards 14.6, 14.8).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 14 during the 2014/15 Assessment period. In order to continue to observe this standard, ASX Settlement will need to review its operational arrangements in light of the proposed establishment of a special resolution regime for financial market infrastructures (FMIs) in Australia. In particular, ASX Settlement will need to ensure that its operations are organised in such a way as to facilitate effective crisis management actions under that regime once finalised.

In addition, ASX Settlement is encouraged to continue its dialogue with the Bank on its cyber risk management arrangements, including on the Board-level governance of its cyber risks and ongoing review of its information security strategy and policy framework. ASX Settlement is also encouraged to review its cyber risk management arrangements in light of forthcoming CPMI-IOSCO guidance on cyber resilience for FMIs.

The Bank will continue to examine prioritisation decisions, resourcing challenges, interdependencies with day-to-day business-as-usual processes, and potential change-management issues associated with ASX's technology transformation project. This includes the prioritisation of investment in the replacement of CHESS. The Bank will also discuss with ASX Settlement how it applies the CPMI-IOSCO oversight expectations in managing its relationships with external providers of critical services, including the role of the recently released CPMI-IOSCO Assessment Methodology in its oversight of these critical service providers.

ASX Settlement's arrangements for managing operational risks are described in further detail under the following sub-standards.

Identifying and managing operational risk

14.1 A securities settlement facility should establish a robust operational risk management framework with appropriate systems, policies, procedures and controls to identify, monitor and manage operational risks.

ASX's operational risk policies and controls have been developed in accordance with ASX's group-wide Enterprise Risk Management Framework (see SSF Standard 3.1). Under this Framework, the ASX Limited Board is responsible for reviewing and overseeing the Group's risk management systems (see SSF Standard 2.6). The Board delegates review of the Enterprise Risk Management Framework to its Audit and Risk Committee. An ERMC, comprising executives from across ASX's departments, is responsible for approving enterprise risk policies and reviewing controls, processes and procedures to identify and manage risks, as well as the formal approval of significant operational risk policies prepared by individual departments (see SSF Standard 14.2). Under the Enterprise Risk Management Framework, individual departments are also responsible for: identifying business-specific risks; applying controls; maintaining risk management systems; reporting on the effectiveness of risk controls; and implementing enhancements and taking remedial action.

Dedicated security teams have responsibility for assessing both physical and cyber security risks, and are overseen by an internal Security Steering Committee (see SSF Standard 14.3). The Security Steering Committee is responsible for approving, implementing and overseeing ASX's information and physical security strategies, and coordinating ASX's security initiatives with management of its Technology (IT security) and Finance (physical security) divisions. It is chaired by the Information Technology (IT) Security Manager, and comprises: the Chief Information Officer (CIO); Chief Financial Officer (CFO); GE, Operations; General Manager, Technology Governance; General Manager, Corporate Technology; National Facilities Manager; and General Manager, Internal Audit. The Security Steering Committee provides reports to the Audit and Risk Committee as well as ASX's executive-level ERMC, including regular Technology status and enterprise risk reports as well as ad hoc security reports.

14.2 A securities settlement facility's board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the securities settlement facility's operational risk management framework. Systems, operational policies, procedures and controls should be reviewed, audited and tested periodically and after significant changes.

The roles and responsibilities for addressing operational risk are defined in the CS Boards' Charter, the Audit and Risk Committee Charter, and the Enterprise Risk Management Framework. As described above, risk responsibilities are shared between the ASX Limited Board, the CS Boards, the Audit and Risk Committee, the ERMC and individual departments.

Ultimate responsibility for the management of ASX's cyber-related risks lies with the ASX Limited Board, reflecting that different business areas share common vulnerabilities to cyber threats and that the response to such threats may require group-wide coordination. In practice, however, the Board delegates its ongoing oversight of cyber resilience to the ASX Limited Audit and Risk Committee, subject to the Board's stated very low tolerance for residual operational risks. The Board remains informed of significant cyber-related developments or issues, including where cyber incidents could threaten the availability or integrity of ASX systems, and in considering cyber risks in the approval of major projects. The Audit and Risk Committee receives regular updates on information security matters and oversees the cyber resilience activities of ASX management and staff. ASX's governance arrangements for cyber resilience are described in more detail in Section 3.5.6, Box B.

Policies and procedures are the subject of internal and external review. ASX's Internal Audit department routinely monitors compliance with operational policy, reporting to the Audit and Risk Committee on a quarterly basis. Scheduled reviews carried out by Internal Audit include business unit process and operational audits and information technology reviews. Internal Audit also reviews major projects and carries out special investigations as required (e.g. following a major operational incident). Audit findings may prompt a review of policy, which would be conducted in consultation with key stakeholders. Technology-related security policy is considered by external auditors annually.

ASX benchmarks its operational risk policy against relevant international standards. For example:

• ISO 31000 – Risk Management Principles and Guidelines is used to benchmark ASX's overarching framework for operational risk management.
• The business continuity framework is benchmarked against the Business Continuity Institute's Good Practice Guidelines 2013, and the international standard ISO 22301:2012 Business Continuity Management Systems.
• The technology risk management framework is benchmarked against ISO 17799 (which covers principles for information security management) and ISO 27001 (requirements for information security management systems). Cyber security strategies are further benchmarked against the Australian Signals Directorate's Strategies to Mitigate Targeted Cyber Intrusions.
• The compliance framework is benchmarked to the AS 3806-2006: Compliance Programs.
• The ASX Fraud Control Policy is benchmarked against AS 8001-2008: Fraud and Corruption Control.

During the Assessment period, ASX carried out a high-level self-assessment of its cyber resilience practices against the United States National Institute of Standards and Technology (NIST) Cyber Security Framework.^[11] This self-assessment concluded that ASX's cyber security practices generally aligned with the upper two tiers of maturity levels under the NIST Framework (see Section 3.5.6, Box B).

The risk framework defines a variety of control procedures to support the core operational systems. These include audit logs, segregation of duties controls such as dual input checks and approval, management sign-off and processing checklists as the primary preventative controls, supported by reconciliations and management reviews of activity.

Change management and project management

ASX Settlement operates a separate test environment for its core system (CHESS), and has a formal change management process which is documented in the ASX Technology Change Management Policy and Guideline. The policy and guidelines cover the requirements for the notification, risk assessment, testing and implementation of technology changes for all ASX CS facilities, as well as the key roles and responsibilities in relation to technology change management. There are also defined procedures for communicating with participants and vendors details of technology upgrade releases, which include regular notices to participants of upcoming changes. Aspects of the change management process are reviewed each year by the external auditor.

Major projects are overseen by the Enterprise Portfolio Steering Committee (EPSC), which is comprised of representatives of the Group Executive. The EPSC is responsible for determining project priorities across the ASX Group and overseeing the quality of project execution. Project management of major projects is undertaken by the Project Management Office (PMO). Projects incorporate testing processes, which verify that systems or services meet benchmarks set prior to implementation. Testing addresses both technical and operational aspects of projects. The project management process includes engagement with customers and third-party vendors of supporting systems where appropriate, particularly in customer testing. Project plans also include formal checkpoints to ensure all appropriate risk management controls are in place prior to live use of a new or updated system or service.

In February 2015, ASX announced a technology transformation program to upgrade all of its major trading and post-trading systems over the next three to four years (see Section 3.5.6). The program is intended to rationalise ASX's core technology onto a single services platform, removing interdependencies that currently exist between unrelated systems. The first phase of the program will upgrade ASX's trading, risk management and market monitoring systems. A subsequent phase of the technology transformation program will focus on ASX's clearing and settlement platforms. This includes the consolidation of derivatives clearing onto a common platform and the replacement of the CHESS clearing and settlement system for cash equities.

Given the significance of the technology transformation program for ASX's critical trading, clearing, settlement and risk management systems, the ASX Limited Board and CS Boards will receive regular status updates throughout the life of the project, with executive-level oversight of project management provided by the EPSC. ASX's Audit and Risk Committee, together with the ERMC, oversees the management of operational and strategic risks associated with execution of the program, with internal and external audit providing review of key elements. ASX has formally adopted an ‘Agile project management’ approach for its technology transformation. This seeks to streamline decision making by bringing together the human and technological resources that support the design, development and testing processes, and delivering project outputs in a series of incremental stages (so-called ‘sprints’).

The Bank is receiving detailed monthly updates on the progress of the technology transformation program. These updates also provide an opportunity for the Bank to examine interdependencies with day-to-day business-as-usual processes and potential change-management issues.

14.3 A securities settlement facility should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These policies include, but are not limited to, having: exacting targets for system availability; scalable capacity adequate to handle increasing stress volumes; and comprehensive physical and information security policies that address all potential vulnerabilities and threats.

Operational reliability and availability

Availability targets are documented and defined formally for critical services. CHESS is required to meet a minimum availability target of 99.8 per cent; during the 2014/15 Assessment period it was available 100 per cent of the time.

Operational capacity

System capacity is monitored on an ongoing basis, with monthly reviews of current and projected capacity requirements. The results are reviewed against established guidance for capacity headroom over peak recorded values for all critical systems; that is, to maintain capacity 50 per cent over peak recorded daily volumes, with the ability to increase to 100 per cent over peak within six months. Capacity data are reported monthly to the CEO. Average capacity utilisation of CHESS during the Assessment period was 15 per cent, while peak utilisation was 20 per cent. ASX Settlement considers that it has sufficient technical and human resources to operate CHESS during peak periods, including in the event of operational incidents or system failure.

Information and physical security

ASX's cyber resilience approach is defined by the Information Security Strategy approved by the Security Steering Committee, and more granular policies and standards set out in ASX's Information Security Policy Framework. The Information Security Strategy sets out six high-level objectives for ASX's information security approach:

• ensuring that information security supports enterprise-wide strategy and governance, safeguarding the confidentiality, integrity and availability of critical data and systems
• ensuring that information security is implemented using a risk-based approach
• ensuring that information security considers interdependencies with external stakeholders (including participants and regulators)
• supporting the development of a culture of security and the acceptance of information security responsibilities throughout the organisation
• ensuring information security is flexible enough to adjust to meet changing market demands
• pursuing continual improvement in the effective and efficient deployment of information security controls.

The Information Security Strategy and Policy Framework are reviewed on a regular basis by the IT Security Team, with formal review by the Security Steering Committee carried out on an ad hoc basis in response to material changes to the security environment. The last such review was in October 2014.

Information security policy is tested at a number of levels. This includes penetration testing against the ASX perimeter and vulnerability testing within the perimeter. ASX Settlement performs CHESS security testing on a quarterly basis. ASX operates a suite of controls designed to prevent and detect cyber attacks on its systems, such as denial of service or malware threats. These include continuous monitoring of its network for cyber intrusions and malicious code, steps to monitor suspicious internet traffic, regular scans to ensure that both the network perimeter and system assets remain secure, and the maintenance of spare capacity to manage legitimate or malicious surges in internet traffic, as well as steps to regulate access to ASX systems (described below).

User access for the key systems is restricted to prevent inappropriate or unauthorised access to application software, operating systems and underlying data. User activities are uniquely identifiable and can be tracked via audit trail reports. The level of access is authorised by the system owner with users granted the minimum level of access to systems necessary to perform their roles effectively. External access to ASX systems must pass through multiple layers of firewalls and intrusion prevention, and individual networks are segregated. ASX's system architecture is designed to minimise the risk of a cyber threat spreading, via the segregation of critical systems. ASX has also recently commenced a project to implement a new identity management application to enhance the identity management capability and automate many of the set-up, maintenance and removal processes associated with user access administration.

Application testing is carried out in test environments (see SSF Standard 14.2). Testing reports are documented, with identified problems escalated to management and tracked through to remediation. Similarly, any significant technology-based operational incidents are reported to senior management and issues are tracked through to resolution via regular updates to management.

Physical access is controlled at both an enterprise and departmental level. The key systems supporting ASX's clearing and settlement processes are operated within secure buildings. Settlement operations are separated from general office areas with permitted access determined at a senior manager level and records of access maintained. Physical security arrangements for the primary and backup data centres are broadly equivalent.

14.4 A securities settlement facility should ensure that it can reliably access and utilise well-trained and competent personnel, as well as technical and other resources. These arrangements should be designed to ensure that all key systems are operated securely and reliably in all circumstances, including where a related body becomes subject to external administration.

Access to resources

ASX Settlement has arrangements in place to ensure that it has well-trained and competent personnel operating CHESS. Staff are provided with relevant policies and guidelines from commencement of employment, with weekly communications thereafter. Staff are evaluated with reference to each defined operational process and broader skills matrices, with training provided for identified areas of weakness. ASX Settlement has a formal succession planning and management process in place for key staff. ASX has sought to automate routine operational processes and reporting over recent years, freeing up additional staff resources that would otherwise be devoted to these tasks.

In April 2015, ASX launched a new customer support centre within ASX's Australian Liquidity Centre.^[12] The customer support centre brings together operations, technology and market surveillance staff in a single location, which is now ASX's primary operations base as well as primary data centre.^[13] The current customer support centre was previously ASX's secondary operations site for business continuity purposes. To facilitate rapid recovery in the event of an operational disruption, around 30 per cent of ASX's operational staff are now based at its secondary operations site (formerly the primary operations site). In case of a disruption to staffing arrangements at the primary site for staff, the secondary operations centre has capacity to house 65 per cent of all operational staff.

Following the opening of the centre, ASX established a new Customer Experience team under a new Executive General Manager. This team brings together the main customer-facing functions from across ASX and is responsible for the development and delivery of the ASX customer experience.

Alongside these changes to broader customer support arrangements, ASX introduced changes to the organisation of its operations division in June 2015. Most notable was the creation of a new ‘Risk Manager, Operations’ position, reporting directly to the GE, Operations; the new Risk Manager will have responsibility for matters such as operational business continuity, incident reporting and management, and will work closely with the General Manager responsible for enterprise-wide risk management. The new role is intended to enhance support for risk identification and management in operational processes.

Resources shared with a related body

Within the ASX group structure, most operational resources are provided by ASX Operations Limited, a subsidiary of ASX Limited (see ‘ASX Group Structure’ in Appendix A), under a contractual Support Agreement. ASX Operations is also required under the Support Agreement to provide the Bank with reasonable rights of access in respect of information relating to its operation of critical functions provided to ASX Settlement (see SSF Standard 14.10 in respect of broader rights of access provided to the Bank by ASX Settlement's critical service providers).

In the event that ASX Operations became subject to external administration, to the extent permissible by law, provisions within the Support Agreement provide for ASX Settlement and the other clearing and settlement corporate entities to retain the use of operational resources. Under proposals currently under consideration by the government in the context of establishing of a special resolution regime for CS facilities (see SSF Standard 14.11), the Bank would have the power to issue directions in day-to-day oversight, recovery and resolution to related entities such as ASX Operations that provide critical services to a CS facility under ex ante legal agreements. This proposed directions power would further safeguard ASX Settlement's access to critical services provided by ASX Operations.

Resourcing of major projects

The EPSC is tasked with ensuring that ASX has sufficient well-qualified personnel to cope with periods in which it is simultaneously undertaking a number of projects, including those resulting in significant changes to business (see SSF Standard 14.2). In managing projects affecting core systems (including CHESS), the PMO rates projects to ensure that they receive appropriate access to resources.

For example, in its oversight of ASX's technology transformation program (see SSF Standard 14.2), the EPSC determines the prioritisation of resourcing for key projects. The Bank is receiving detailed monthly updates on the progress of the technology transformation program. These updates also provide an opportunity for the Bank to examine prioritisation decisions and resourcing challenges. This includes ensuring that investment in the replacement of CHESS is appropriately prioritised.

14.5 A securities settlement facility should identify, monitor and manage the risks that key participants, other FMIs and service and utility providers might pose to its operations. A securities settlement facility should inform the Reserve Bank of any critical dependencies on utilities or service providers. In addition, a securities settlement facility should identify, monitor and manage the risks its operations might pose to its participants and other FMIs. Where a securities settlement facility operates in multiple jurisdictions, managing these risks may require it to provide adequate operational support to participants during the market hours of each relevant jurisdiction.

Dependencies on participants and other FMIs

ASX identifies, monitors and mitigates potential dependencies on participants in a number of ways:

• by holding regular discussions with participants on risk management processes (see SSF Standard 3.1)
• through participation requirements related to operational capacity and business continuity arrangements (see SSF Standards 14.6 and 15.2)
• as part of its assessments of project-related risks (see SSF Standard 14.1)
• through general monitoring of risks under its risk management framework (see SSF Standard 3.1).

For ASX Settlement, ASX has identified risks relating to its operational activities arising from participants' increased usage of third-party vendors for back-office systems, and participants outsourcing their back-office processing offshore.

• If multiple participants use the system of a vendor that experiences difficulties, these participants may have difficulty connecting to ASX's clearing and settlement infrastructure. If a vendor issue requires significant system changes, ASX Settlement's operations may be affected for an extended period. This risk is managed in part through technical and business continuity requirements placed on participants, but there are limitations to this approach. As a result, and notwithstanding that there are no contractual relationships between ASX and vendors, ASX has implemented a program to develop stronger direct relationships with key participant vendors. The program supports vendors' knowledge of ASX technical updates through early engagement before system changes are rolled out, as well as ASX's knowledge of vendor systems and business continuity arrangements.
• Participants' outsourcing of back-office processes and technology to overseas domiciled hubs or third-party vendors may complicate incident management due to differences in time zones and languages, and in some cases a lack of familiarity with local market practices and conventions. Such factors, if inadequately mitigated, could increase operational risk. During the Assessment period, ASX reviewed and standardised its offshoring and outsourcing regime across its markets and CS facilities, including ASX Settlement, and has published a guidance note setting out its expectations in relation to participants' offshoring and outsourcing arrangements.

ASX Settlement has an operational interdependence with ASX Clear, with which it shares the CHESS system (SSF Standard 17). Operational risk associated with this interdependence is managed within the context of the ASX Group's operational risk management framework. ASX Settlement does not have significant operational interdependencies with other FMIs.

Dependencies on service providers

ASX has a formal policy that sets out the process for entering into, maintaining and exiting key outsourcing arrangements. If a key service is to be provided by an external service provider, ASX first conducts a tender process in which proposals from potential vendors are assessed against relevant criteria. Arrangements have been implemented under which ASX would consult with the Bank before entering into new agreements with third parties for critical services. ASX also provides the Bank with a list of critical outsourcing arrangements on an annual basis. Issues relating to outsourcing or service provision are escalated as appropriate to executive management via the ASX Technology Vendor Management Group and the relevant operational support area.

ASX assesses the operational performance of its service providers on an ongoing basis against its own operational policies, to ensure that service providers meet the resilience, security and operational performance requirements of the FSS. ASX maintains current information on its service providers' operations and processes through ongoing liaison, and in turn provides relevant updates to service providers regarding ASX operations. Service providers are also assessed through software regression testing when there is a major system upgrade.^[14] Contractual arrangements with critical service providers require the approval of ASX Settlement before the service provider can itself outsource material elements of its service.

All core ASX Settlement operational functions are performed within ASX. However, external suppliers are used for utilities, hardware maintenance, operating system and product maintenance, and certain security-related specialist independent services.

ASX has put in place a number of mitigants to address the risks associated with dependencies on utilities and service providers.

• Primary and backup data centres are connected to different electricity grids and telecommunication exchanges.
• Each data centre has backup power generators with capacity to run the site at full load for 72 hours.
• All external communications links to data centres are via dual geographically separated links.
• ASX conducts regular testing of backup arrangements. Major systems are tested on a two year cycle. Participants are notified of business continuity tests in advance through ASX notices.
• ASX also performs a periodic assessment of suppliers, including consideration of contingency arrangements should externally provided services not be available (such as the use of alternative suppliers) as well as incident escalation procedures and contacts.

Disclosure

The nature and scope of ASX Settlement's dependencies on critical service providers are disclosed to participants through: Operating Rules; Guidance Notes; Notices and Bulletins; technical documentation available on the ASX participant website; more general information available on the ASX public website; and in one-on-one meetings with participants, both during the induction process for new participants and on an ongoing basis.

Operational Support

ASX Settlement provides telephone and email support to participants via a helpdesk, which operates from 8.00 am to 6.00 pm. In April 2015, ASX launched a new customer support centre that brings together operations, technology and market surveillance staff in a single location (see SSF Standard 14.4).

14.6 A participant of a securities settlement facility should have complementary operational and business continuity arrangements that are appropriate to the nature and size of the business undertaken by that participant. The securities settlement facility's rules and procedures should clearly specify operational requirements for participants.

Business continuity requirements are set out in the ASX Settlement Operating Rules and Procedures, supplemented by additional guidance issued by ASX on 1 July 2014. These require large participants to maintain adequate business continuity arrangements (see SSF Standard 14.8) to allow the recovery of usual operations within two hours, and no more than four hours, following a contingency event. The targeted recovery time for smaller participants is four hours (and no more than six). If a participant fails to maintain business continuity arrangements consistent with these recovery targets, it may become subject to sanctions or restrictions on its activities. Spot checks of participants' business continuity management are conducted if risk factors are identified, such as where a participant has experienced operational problems. These spot checks examine the participant's governance and processes for resilience and business continuity.

The Operating Rules and Procedures also require more broadly that participants have facilities, procedures and personnel that are adequate to meet technical and performance requirements. ASX's preferred approach to dealing with operational issues is to work collaboratively with the participant to educate them on their obligations. If the matter is serious, ASX may require that the participant address the weakness as a matter of priority. ASX may also impose conditions on participation or require that the participant appoint an independent expert to assist with the remediation task.

Business continuity arrangements

14.7 A securities settlement facility should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within two hours following disruptive events. Business continuity arrangements should provide appropriate redundancy of critical systems and appropriate mitigants for data loss. The business continuity plan should be designed to enable the securities settlement facility to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The securities settlement facility should regularly test these arrangements.

Business continuity management

ASX Settlement's approach to business continuity is defined in the ASX Business Continuity Management Policy. This policy describes the incident management and business continuity arrangements for all ASX CS facilities, including the appropriate operational response to a CS facility disruption, and the key roles and responsibilities in relation to business continuity. The Business Continuity Policy is supported by a range of other internal documents, including the Business Resumption Plan, the Pandemic Response Plan, and the testing policy for ASX's Business Continuity and Disaster Recovery Plans.

The Group Business Continuity Manager is responsible for developing the ASX business continuity management policies and procedures, and coordinating business continuity activities and training across the CS facilities. The outcomes of these activities are overseen by the Business Continuity Steering Committee, which is chaired by the General Manager Enterprise Risk and includes the Chief Information Officer, CRO, CFO and GE, Operations. The ERMC is responsible for approving ASX's overall business continuity strategy and any related policies.

ASX Settlement policy requires that failover to the backup data centre should occur within two hours. Plans for recovery of key systems apply to both physical and cyber threats to business continuity; these cover scenarios such as the loss of systems or site access (with or without damage to internal site infrastructure), mass unavailability of staff or a pandemic event. The Bank will discuss further with ASX its plans for recovery of key systems in the event of a cyber-related incident in the context of forthcoming CPMI-IOSCO guidance on cyber resilience.

ASX Settlement employs a variety of technologies to ensure a high degree of redundancy in its systems – both across sites and within a single site. ASX maintains both a primary and a backup data centre, with broadly equivalent operational requirements. Key plant and equipment at the primary data centre are designed to the Uptime Institute Tier 3 standard of concurrent maintainability.^[15] The main computer network is connected via point-to-point optical fibre, which ASX operates with its own technology, thereby reducing the potential for outages due to operational problems with the telecommunications provider. All core systems employ multiple servers with spare capacity. Front-end servers handling communications with participants are configured to provide automatic failover across sites. Failover of the more critical data servers is targeted to take place within two hours, but would generally be expected to occur within an hour, under the control of management.

Disruption to participants in such circumstances would be mitigated by the high degree of redundancy in front-end system components. In most circumstances, these would be expected to maintain communications with participants' systems and queue transactions until the data servers were reactivated. The integrity of transactions would be supported by: queuing messages until they could be processed; storing all transactions in the database with unique identifiers, thereby preventing the loss or duplication of transactions; and synchronising database records between the primary and backup data centres. Furthermore, in the event that a significant part of a system or an operational site failed, ASX Settlement has contingency arrangements to activate an additional tier of ‘cold’ redundancy arrangements (either by converting test systems into production systems or rebuilding systems from readily available hardware) within 24 hours to meet the contingency of any further service interruption.

ASX Settlement regularly tests its business continuity and technology disaster recovery arrangements against the range of identified business interruption scenarios. The testing requirements are set out in ASX's Business Continuity and Disaster Recovery Plans Testing Policy. Dual site operational teams across the primary and secondary operations sites effectively test backup operational processes on a continuous basis. These arrangements are supplemented by periodic desktop simulations, and exercises testing remote access and full attendance at the secondary site. ASX also participates in industry-wide tests of business continuity arrangements. Live technology tests, where settlement services are provided in real time from the backup data centre, are conducted on a two-year cycle. The use of live tests ensures that participant connectivity to the backup data centre is also tested. Test results are formally documented and reported to ASX senior management and are also made available to internal and external auditors. In addition to receiving the results of business continuity tests, Internal Audit also reviews Technology operational incidents, contributes to business continuity policy updates, and ensures that business continuity elements have been considered in project risk assessments. ASX's business continuity framework is audited externally every three to five years; the most recent audit, conducted in August 2015, found that ASX's business continuity standards were broadly consistent with widely recognised global standards and did not identify any major areas of concern.

Incident management

ASX Settlement has clearly defined procedures for crisis and event management. These procedures, as well as key roles and responsibilities for managing an incident, are documented in ASX's Major Incident Management Plan. The procedures cover incident notification (including notification and incident reporting to the Bank and ASIC), emergency response (including building evacuation), incident response (including overall incident assessment and monitoring), and incident management testing. These include the use of Twitter to advise stakeholders of market-wide operational or technical incidents. ASX maintains a major incident management team that includes senior representatives of the core business activities, as well as facilities management, business continuity, and media and communications. The procedures identify responsibilities, including for internal communication and external communication to emergency services, the market, industry and media. As part of these procedures, ASX maintains a ‘multi-market communication protocol’ for communicating information to participants and stakeholders should any disruption to market, clearing or settlement services eventuate, including where this affects market operators accessing ASX Settlement via the TAS.

The ASX Technology Incident Management Procedure would be invoked in the event of a high severity technology incident. The Incident Management Procedure provides guidelines for system recovery prioritisation and resource allocation, and the actions that would need to be taken in the event of an incident. The Procedure also outlines the key roles and responsibilities for managing an incident, as well as indicative communication and notification requirements.

14.8 A securities settlement facility should consider making contingency testing compulsory for the largest participants to ensure they are operationally reliable and have in place tested contingency arrangements to deal with a range of operational stress scenarios that may include impaired access to the securities settlement facility.

The ASX Settlement Operating Rules and Procedures require participants to maintain adequate business continuity arrangements that are appropriate to the nature and size of their business as a participant. The Operating Rules specify that participants must have arrangements that allow for the recovery of usual operations (see SSF Standard 14.6). It is ASX Settlement's expectation (set out in guidance) that this would be within two hours following a contingency event for large participants. These arrangements are reviewed as part of the participant admissions process. Participants are also subject to spot checks of their ongoing compliance with the ASX Settlement Operating Rules. Spot checks may be based on topical themes, in some cases arising from observations of general business developments, and in other cases motivated by a participant that has been experiencing operational problems. If a participant fails to implement any recommendations arising from a check, ASX may impose sanctions.

Participants are involved in the contingency testing of ASX Settlement's systems, as this testing is conducted in a live environment. ASX conducts comprehensive business continuity testing of key systems at least every two years, with participants being notified of the start and completion of testing. Participants are also involved in testing of major system changes or in advance of the introduction of a new system. ASX Settlement conducts regular connectivity tests and maintains an external testing environment for system changes.

Outsourcing and other dependencies

14.9 A securities settlement facility that relies upon, outsources some of its operations to, or has other dependencies with a related body, another FMI or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet the resilience, security and operational performance requirements of these SSF Standards and equivalent requirements of any other jurisdictions in which it operates.

ASX has developed a set of standard clauses for inclusion in contracts with third-party service providers of critical services to ASX Settlement (see SSF Standard 14.5). Similar clauses are also included in the Support Agreement between ASX Settlement and ASX Operations Pty Ltd, which provides all internal operational services for the facilities. The clauses seek to ensure that the agreements meet the resilience, security and operational performance requirements of the FSS. The clauses also allow the Bank to gather information from the service provider about the operation of critical functions (see SSF Standard 14.10). In the event that the Bank concluded that the terms of the service provider agreement did not meet FSS requirements, the clauses also require the service provider to negotiate acceptable new terms with ASX in good faith. Furthermore, if ASX Settlement were to become insolvent, the clauses provide for the Bank to negotiate with the service provider to continue service provision (see SSF Standard 14.11). ASX applies these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements.

In December 2014, CPMI and IOSCO published a finalised Assessment Methodology for the oversight expectations applicable to organisations providing critical services to FMIs.^[16] The Assessment Methodology provides a framework for considering how to apply the oversight expectations for critical service providers set out in Annex F of the Principles and the Bank's guidance to CCP Standard 16.9. The Bank will discuss with ASX how it applies these oversight expectations in managing its relationships with external providers of critical services, including the role of the CPMI-IOSCO Assessment Methodology in its oversight of these critical service providers.

14.10 All of a securities settlement facility's outsourcing or critical service provision arrangements should provide rights of access to the Reserve Bank to obtain sufficient information regarding the service provider's operation of any critical functions provided. A securities settlement facility should consult with the Reserve Bank prior to entering into an outsourcing or service provision arrangement for critical functions.

ASX's standard clauses for service providers require the provider to grant reasonable access to the Bank in respect of information relating to its operation of a critical function provided to ASX Settlement. ASX applies these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements.

14.11 A securities settlement facility should organise its operations, including any outsourcing or critical service provision arrangements, in such a way as to ensure continuity of service in a crisis and to facilitate effective crisis management actions by the Reserve Bank or other relevant authorities. These arrangements should be commensurate with the nature and scale of the securities settlement facility's operations.

Standard clauses in ASX Settlement's agreements with service providers require that providers give the Bank notice of any intention to terminate the agreement as a consequence of ASX Settlement's failure to pay fees, or in the event of the insolvency of ASX Settlement or any other ASX entity (see SSF Standards 14.9 and 14.10). This is intended to give the Bank an opportunity to take action to remedy the breach or otherwise ensure continued service provision.

ASX Settlement's arrangements to ensure continuity of operations in the event of a crisis will be shaped by the proposed introduction into Australian law of a special resolution regime for FMIs. For example, under the proposed regime the Bank would have powers to direct related entities (such as ASX Operations) to perform obligations under ex ante agreements to provide critical services (see SSF Standard 14.4). The government, on the advice of the Council of Financial Regulators, progressed work on the proposed FMI resolution regime via a February 2015 consultation paper. ASX Settlement will need to ensure that its arrangements to support continuity of operations in a crisis are appropriately adapted to the proposed FMI resolution regime once finalised.

Standard 15: Access and participation requirements

A securities settlement facility should have objective, risk-based and publicly disclosed criteria for participation, which permit fair and open access.

Rating: Observed

ASX Settlement has objective and transparent participation requirements set out in its Operating Rules and Procedures (SSF Standard 15.1). These include financial requirements, as well as operational arrangements tailored to the specific activities of ASX Settlement (SSF Standard 15.2). ASX Settlement monitors participants' compliance with requirements on an ongoing basis, and has the authority to suspend or terminate participation, or take other disciplinary or remedial action in the event of a breach of these requirements (SSF Standard 15.3).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 15 during the 2014/15 Assessment period. ASX Settlement's access and participation requirements are described in further detail under the following sub-standards.

15.1 A securities settlement facility should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements.

ASX Settlement has objective and transparent participation requirements, which are detailed in a number of policies and standards under the Settlement Risk Policy Framework. The participation requirements are publicly available and form part of ASX Settlement's Operating Rules and Procedures. ASX has also issued formal guidance to assist applicants' and participants' understanding of the participation requirements. ASX has an internal policy and supporting standards that summarise the minimum requirements placed on participants under the Operating Rules and Procedures (see SSF Standard 15.2), and document the responsibilities of the CS Boards, SRPC and relevant executives for ensuring these requirements are met and periodically reviewed. The Operating Rules and Procedures provide for an appeals process should an application for participation be rejected or a participant's access be terminated.

Under the Code of Practice, ASX has committed to providing transparent and non-discriminatory terms of access to ASX Settlement's cash equity settlement services, including to participants and AMOs.

At the end of June 2015, ASX Settlement had 86 participants. A further 12 participants were active as temporary specialist settlement participants set up to effect corporate actions.

15.2 A securities settlement facility's participation requirements should be justified in terms of the safety of the securities settlement facility and the markets it serves, be tailored to and commensurate with the securities settlement facility's specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, a securities settlement facility should endeavour to set requirements that have the least restrictive impact on access that circumstances permit.

ASX Settlement's participation requirements are designed to promote the safety and integrity of the SSF.

A settlement participant must post a settlement bond of $500,000, unless: it is subject to prudential supervision as an ADI; is an approved clearing facility or an AMO under ASX Settlement Operating Rules and Procedures; is a CS facility that complies with the FSS; or only acts as a Participant Bidder in a takeover. In addition, a sponsoring participant (i.e. a participant that also acts in ASX Settlement on behalf of non-participants) that is not covered by the National Guarantee Fund compensation arrangements (under the Corporations Act) must post a sponsorship bond of $500,000.

Performance and sponsorship bonds must be issued by an Australian bank or appropriately regulated insurance company. Funds held under a performance bond would be drawn upon by ASX Settlement in the event that the participant breached ASX Settlement rules. In a similar vein, funds held under a sponsorship bond would be drawn upon to meet any losses suffered by ASX Settlement, an issuer, or a holder sponsored by an ASX Settlement participant arising from a breach of the Operating Rules or other offence committed by the participant.

Under the Operating Rules and Procedures, a potential participant must satisfy ASX Clear that it has the resources and processes in place to comply with its obligations under the applicable Operating Rules. For these purposes, ‘resources’ include financial, technological and human resources, and ‘processes’ include management supervision, training, compliance, risk management, business continuity and disaster recovery processes.

In June 2015, ASX implemented changes to streamline the admission and notification requirements for the ASX and ASX 24 markets and the CS facilities that serve them (i.e. ASX Clear, ASX Clear (Futures) and ASX Settlement). This was intended to make it administratively simpler for organisations to become participants in ASX's markets and CS facilities and reduce the ongoing compliance cost for participants, while leaving substantive obligations unchanged. As part of this process, ASX provided additional guidance to participants on: the admission process and criteria; notification obligations; offshoring and outsourcing arrangements; and business continuity requirements.

15.3 A securities settlement facility should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements.

ASX Settlement's arrangements for monitoring and enforcing compliance with its Operating Rules are published on the ASX public website. Under these, ASX Settlement has wide-ranging powers to sanction its participants in order to preserve the integrity of the SSF. ASX Settlement may suspend or terminate a participant from the facility in the event of a failure to comply with the Operating Rules and Procedures, or where a Payment Provider fails to authorise a participant's payment for interbank settlement. The action taken in the event of a breach will depend on a number of factors, including the participant's history of compliance and whether the breach implies negligence, incompetence or dishonesty. Where a breach has been identified and the participant has taken appropriate steps to rectify it, ASX Settlement will typically continue to monitor the participant closely for a period of time. Breaches are also referred to ASIC and, in most cases, are investigated by ASX Compliance for formal disciplinary action.

ASX Settlement levies fees on participants that fail to meet securities delivery obligations on the scheduled settlement date (see SSF Standard 10.2). The fee is 0.1 per cent of the value of the settlement obligation, but with a minimum and maximum fee of $100 and $5,000, respectively. Participants are also required to close out any positions remaining unsettled on the fifth day after the trade date (i.e. two days after the scheduled settlement date). ASX Settlement also routinely benchmarks participants' settlement performance. Under this regime, a participant receives a ranking of its settlement performance (based on the value of its trades that have failed to settle) against its market group peers. In addition, under its Operating Rules, ASX Settlement is able to impose monetary penalties of up to $1 million on participants that it deems to be in violation of the Operating Rules.

Standard 16: Tiered participation arrangements

A securities settlement facility should identify, monitor and manage the material risks to the securities settlement facility arising from tiered participation arrangements.

Rating: Observed

In managing the risks associated with tiered arrangements, ASX Settlement is able to gather basic information on indirect participation (SSF Standards 16.1, 16.2). ASX Settlement does not maintain formal thresholds at which substantial indirect participants are encouraged to seek direct participation, but does actively manage risks posed by indirect participant activity through its relationship with the direct participant (SSF Standard 16.3). The partially overlapping participation base between ASX Settlement and ASX Clear allows for tiered participation risks to be monitored and addressed jointly (SSF Standard 16.4).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 16 during the 2014/15 Assessment period. ASX Settlement's approach to tiered participation arrangements is described in further detail under the following sub-standards.

16.1 A securities settlement facility should ensure that its rules, procedures and agreements allow it to gather basic information about indirect participation in order to identify, monitor and manage any material risks to the securities settlement facility arising from such tiered participation arrangements.

Since ASX Settlement does not assume credit or liquidity risk as principal, the primary risks that could arise from indirect participation are operational. In particular, indirect participation arrangements that concentrated settlement activity within a few direct participants could concentrate operational risk to the facility. ASX Settlement is able to access basic information on indirect participation via the separate participant identifiers (known as PIDs) assigned to trading or clearing participants (in ASX Trade or ASX Clear, respectively) that do not settle directly. ASX Settlement currently considers the risks from concentration of indirect participants to be low.

16.2 A securities settlement facility should identify material dependencies between direct and indirect participants that might affect the securities settlement facility.

ASX Settlement monitors dependencies arising from tiered participation indirectly via a variety of means. These include regular discussions with participants on developments in their business and risk management activities, participants' own risk assessments, and discussions with new participants as part of the induction process. Based on this information, ASX Settlement has not identified any material dependencies between direct and indirect participants that might affect its operations.

16.3 A securities settlement facility should identify indirect participants responsible for a significant proportion of transactions processed by the securities settlement facility and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the securities settlement facility in order to manage the risks arising from these transactions.

In general, participation in ASX Settlement is broader and more direct than that in ASX Clear. At end June 2015, there were 86 direct ASX Settlement participants (excluding temporary special-purpose participants), compared with 34 (active) direct participants in ASX Clear. Due to this, and given the vertical integration of the ASX Group, monitoring of tiered participation risks in ASX Clear would also be expected to highlight any such risks that may require further investigation in ASX Settlement (see Appendix A1.1, CCP Standard 18).

ASX encourages participants to develop appropriate risk control measures in managing their relationships with clients, including any substantial indirect participants. ASX does not set thresholds, either formal or informal, at which it would encourage direct participation by an indirect participant. ASX's general approach to managing risks associated with participants' business activities is based on a framework that can flexibly detect and react to new risks as they arise, rather than setting firm ex ante activity limits.

16.4 A securities settlement facility should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate.

ASX Settlement is not directly exposed to financial risks from indirect participation. Significant operational risks associated with indirect participation at ASX Settlement would be identified and mitigated through the application of ASX's concentration risk monitoring policy, which focuses on participation in ASX Clear (see SSF Standard 16.3).

Standard 17: FMI links

A securities settlement facility that establishes a link with one or more FMIs should identify, monitor and manage link-related risks.

Rating: Observed

ASX Settlement maintains a link to one other FMI, ASX Clear, for the settlement of novated securities transactions.

There are no direct financial risks associated with this link, but ASX Settlement is exposed to operational risks. These are managed in the context of ASX's group-wide framework for operational risk management (SSF Standard 17.1). The legal basis of the link is supported by finality legislation, and link arrangements have been discussed with the Bank (SSF Standards 17.2, 17.3). ASX Settlement does not maintain links with any other central securities depositories (SSF Standards 17.4, 17.5, 17.6).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 17 during the 2014/15 Assessment period. ASX Settlement's management of link-related risks is described in further detail under the following sub-standards.

17.1 Before entering into a link arrangement, and on an ongoing basis once the link is established, a securities settlement facility should identify, monitor and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that the securities settlement facility is able to comply with these SSF Standards.

Identifying link-related risks

ASX Settlement maintains one link to another FMI: ASX Clear. A link for the purposes of this standard is any connection that is made to another FMI according to a set of contractual and operational arrangements, irrespective of the complexity or otherwise of the link and whether it is directly with the FMI or through an intermediary.^[17] ASX Settlement maintains a link with ASX Clear for the settlement of securities transactions, including DvP settlement of novated securities trades and the lodgement of non-cash collateral. Instructions relating to these transactions are entered into CHESS, which operates across both ASX Clear and ASX Settlement.

Managing operational risk

The link to ASX Clear is subject to the same operational risk management framework that applies for all the ASX CS facilities (see SSF Standard 14). This addresses operational risks associated with software, infrastructure or network failures and manual processing errors. An incident report is required for any significant technical or operational incident, including an assessment of mitigating actions to reduce the risk of reoccurrence. In addition, six-monthly risk profile assessments are prepared and presented to the Audit and Risk Committee, and an independent system-controls audit is conducted annually.

Managing financial risk

ASX Settlement does not assume any direct financial risks by virtue of its link to ASX Clear.

17.2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the securities settlement facility and other FMIs involved in the link.

ASX Settlement's link to ASX Clear has its legal basis in the Operating Rules and Procedures of both facilities. The finality of settlements made via these links is supported by the approval of ASX Settlement's netting arrangements under Part 3 of the PSNA (see SSF Standard 1.5).

17.3 Where relevant to its operations in Australia, a securities settlement facility should consult with the Reserve Bank prior to entering into a link arrangement with another FMI.

ASX Settlement has discussed its current link arrangements with the Bank. ASX Settlement did not enter into any new link arrangements during the Assessment period.

17.4 A securities settlement facility operating a central securities depository that links to another central securities depository should measure, monitor and manage the credit and liquidity risks arising from such links. Any credit extended to the linked central securities depository should be covered fully with high-quality collateral and be subject to limits.

ASX Settlement does not operate any links to other central securities depositories.

17.5 Provisional transfers of securities between a securities settlement facility operating a central securities depository and another central securities depository should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final.

ASX Settlement does not operate any links to other central securities depositories.

17.6 A securities settlement facility operating an investor central securities depository that uses an intermediary to operate a link with an issuer central securities depository should measure, monitor and manage the additional risks (including custody, credit, legal and operational risks) arising from the use of the intermediary.

ASX Settlement does not operate any links to other central securities depositories.

Standard 18: Disclosure of rules, key policies and procedures, and market data

A securities settlement facility should have clear and comprehensive rules, policies and procedures and should provide sufficient information and data to enable participants to have an accurate understanding of the risks they incur by participating in the securities settlement facility. All relevant rules and key policies and procedures should be publicly disclosed.

Rating: Observed

ASX Settlement fully discloses its Operating Rules and Procedures to participants, and publicly discloses its rules and a range of additional relevant information on its risk management procedures. ASX provides links to information that is subject to disclosure requirements from a central location on its public website (SSF Standard 18.1). This includes information regarding the general descriptions of system design and the roles and obligations of ASX Settlement and its participants (SSF Standard 18.2). ASX Settlement provides new participants with comprehensive documentation, and verifies their understanding of their responsibilities as participants; existing participants are also provided with education on their obligations where required (SSF Standard 18.3). ASX has updated its published response to the CPMI-IOSCO Disclosure Framework and plans to periodically review and enhance this document where appropriate (SSF Standard 18.4).

The Bank will continue to monitor steps by ASX Settlement to refine and enhance its disclosure.

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 18 during the 2014/15 Assessment period. ASX Settlement's disclosure of rules, key policies and procedures, and market data is described in further detail under the following sub-standards.

18.1 A securities settlement facility should adopt clear and comprehensive rules, policies and procedures that are fully disclosed to participants. Relevant rules and key policies and procedures should also be publicly disclosed (including specific requirements relating to SSF Standards 1.4, 2.2, 11.3, 13.4, 15.2 and 15.3).

ASX Settlement's Operating Rules and Procedures form the basis of all material aspects of the SSF's service to participants. The Operating Rules and Procedures are disclosed on ASX's public website.^[18] The Rules and Procedures are also posted on the ASX participant website.

To assist participants in their understanding of the risks of participating in ASX Settlement, and for the information of other interested stakeholders, ASX publishes a range of additional material on its public website. Information specific to ASX Settlement includes information about participant requirements, trade and settlement monitoring systems, known software release issues and change requests, and business continuity arrangements. More general information includes: the ASX Group's regulatory framework; requirements of the FSS; requirements of the Corporations Act for provision of services in a ‘fair and effective’ way; the ASX Group's other obligations under the Corporations Act; and ASX Group's compliance with the Principles. ASX also operates a dedicated website that discloses information relevant to the clearing and settlement of cash equities, to support its disclosure responsibilities under the Code of Practice. ASX maintains a centralised list of links on its website to information required to be disclosed under the FSS.

Specific disclosure requirements are dealt with under SSF Standards 1.4, 2.2, 11.3, 13.4, 15.2 and 15.3.

18.2 A securities settlement facility should disclose clear descriptions of the system's design and operations, as well as the securities settlement facility's and participants' rights and obligations, so that participants can assess the risks they would incur by participating in the securities settlement facility (see SSF Standards 2.8 and 8.5).

General descriptions of ASX Settlement's system design and operations are available on ASX's public website, including as part of ASX's response to the CPMI-IOSCO Disclosure Framework (see SSF Standard 18.5).^[19] The Disclosure Framework document describes the ASX group structure, provides a general description of the CS facilities and their roles, system design and operations, outlines the legal and regulatory framework for clearing and settlement, and provides a description of steps taken by ASX to ensure compliance with the Principles and the corresponding FSS. The ASX public website provides additional information on system design and operations, including a description of the cash market settlement process.

18.3 A securities settlement facility should provide all necessary and appropriate documentation and training to facilitate participants' understanding of the securities settlement facility's rules, policies and procedures and the risks they face from participating in the securities settlement facility.

All applicants for participation in ASX Settlement are provided with a comprehensive application pack, which includes information regarding key requirements of the facilities. Applicants are provided with access to the Operating Rules, Procedures and Guidance Notes via the ASX website, as well as publicly available information about the facilities, services and participation requirements. When ASX Settlement has completed an initial assessment of an application, the applicant is also invited to attend formal ‘on boarding’ meetings with the Compliance and Operations departments to discuss key areas of importance for participants.

As part of the formal admission process, the applicant must provide supporting evidence of its capacity to comply with the Operating Rules. This is reviewed and discussed with the applicant prior to approving admission. An applicant is required to certify that it has resources and processes in place to comply with its obligations under the applicable Operating Rules and Procedures (see SSF Standard 15.2). When reviewing the submissions, or otherwise at any time following admission, the applicant must be able to demonstrate, to the satisfaction of ASX, the basis on which the certification is, or was, provided.

ASX Settlement requires that participants ‘tag’ settlement instructions submitted to CHESS that are related to securities lending, and participants must disclose outstanding positions, both borrowed and lent. ASX publishes aggregate securities lending data on its website daily, enabling participants to better understand the risks associated with these activities.

Where ASX becomes aware or suspects that a participant lacks a satisfactory understanding of the Operating Rules and Procedures, or the risks of participation, ASX will generally work collaboratively with the participant to educate them on their obligations. ASX may become aware of issues through its routine risk monitoring activities or through its regular discussions with participants (see SSF Standard 14.5). Examples of matters that might raise concerns are if a participant had increased settlement fail rates or had a high frequency of technical connectivity issues. If the matter is serious, ASX may require that the participant remediate the weakness. Alternatively ASX may impose conditions on participation, require that the participant appoint an independent expert to assist with the remediation task.

18.4 A securities settlement facility should complete regularly and disclose publicly responses to the CPSS-IOSCO Disclosure Framework for Financial Market Infrastructures.^[20] A securities settlement facility also should, at a minimum, disclose basic risk and activity data, as directed by the Reserve Bank from time to time.

ASX has published its response to the CPMI-IOSCO Disclosure Framework, including information describing how its CS facilities observe the applicable Principles. This document was revised during the Assessment period, expanding on previous versions to provide greater detail as to how the CS facilities meet the Principles and corresponding FSS, and to present this information in a way that is more useful for participants. ASX plans to update this document periodically (at least annually) and further enhance its disclosure as necessary from time to time.

ASX currently reports basic risk and activity data for the CS facilities via a monthly activity report, as well as through additional data published on both its main website and dedicated website on clearing and settlement of cash equities. The Bank will continue to monitor steps by ASX Settlement to refine and enhance its disclosure.

Standard 19: Regulatory reporting

A securities settlement facility should inform the Reserve Bank in a timely manner of any events or changes to its operations or circumstances that may materially impact its management of risks or ability to continue operations. A securities settlement facility should also regularly provide information to the Reserve Bank regarding its financial position and risk controls on a timely basis.

Rating: Observed

The Bank meets regularly with ASX Settlement to discuss matters relevant to its compliance with the FSS, and related aspects of its risk management and operational arrangements. The Bank has been kept informed of relevant developments during the Assessment period (SSF Standard 19.1).

ASX Settlement provides the Bank with financial, activity and operational data and reports on a regular and timely basis (SSF Standard 19.2).

The Bank's assessment is that ASX Settlement has observed the requirements of SSF Standard 19 during the 2014/15 Assessment period. ASX Settlement's regulatory reporting arrangements with the Bank are described in further detail under the following sub-standards.

19.1 A securities settlement facility should inform the Reserve Bank as soon as reasonably practicable if:

1. it breaches, or has reason to believe that it will breach:
   1. an SSF Standard; or
   2. its broader legislative obligation to do, to the extent that it is reasonably practicable to do so, all things necessary to reduce systemic risk;
2. it becomes subject to external administration, or has reasonable grounds for suspecting that it will become subject to external administration;
3. a related body to the securities settlement facility becomes subject to external administration, or if the securities settlement facility has reasonable grounds for suspecting that a related body will become subject to external administration;
4. a participant becomes subject to external administration, or if the securities settlement facility has reasonable grounds for suspecting that a participant will become subject to external administration;
5. a participant fails to meet its obligations under the securities settlement facility's risk control requirements or has its participation suspended or cancelled because of a failure to meet the securities settlement facility's risk control requirements;
6. it fails to enforce any of its own risk control requirements;
7. it plans to make significant changes to its risk control requirements or its rules, policies and procedures;
8. it or a service it relies on from a third party or outsourced provider experiences a significant operational disruption, including providing the conclusions of its post-incident review;
9. any internal audits or independent external expert reviews are undertaken of its operations, risk management processes or internal control mechanisms, including providing the conclusions of such audits or reviews;
10. its operations or risk controls are affected, or are likely to be affected, by distress in financial markets;
11. it has critical dependencies on utilities or service providers, including providing a description of the dependency and an update if the nature of this relationship changes;
12. it proposes to grant a security interest over its assets (other than a lien, right of retention or statutory charge that arises in the ordinary course of business);
13. it proposes to incur or permit to subsist any loans from participants or members unless such loans are subordinated to the claims of all other creditors of the securities settlement facility; or
14. any other matter arises which has or is likely to have a significant impact on its risk control arrangements (see also SSF Standards 1.6, 14.10 and 17.3).

Three routine meetings are held between the Bank and ASX each quarter:

• executive-level meetings to discuss developments relevant to compliance with the FSS, involving the CRO and other relevant members of ASX's management team; representatives from ASIC attend these meetings to discuss matters of common interest
• risk management meetings, involving general managers and other staff responsible for clearing risk policy and the implementation of risk management arrangements
• operations meetings, involving the GE, Operations, and other members of the management team responsible for implementation of operational strategy, management of operational risk and business continuity planning.

These meetings provide a forum for the discussion of material developments, such as issues regarding participant compliance, changes to risk management controls, and the results of internal audits. Matters discussed in the formal scheduled meetings are followed up, as appropriate, in more focused targeted sessions.

The Bank expects to be notified immediately of any significant risk related developments; for example, if there was an operational outage or a participant entered external administration. Notification to the Bank of significant developments is specified in many of ASX's key internal risk management policies. The Bank and ASX hold ad hoc meetings to discuss relevant matters as required.

During the 2014/15 Assessment period, ASX kept the Bank up to date with the status of important project milestones, including progress on the planned transition to a two-day settlement cycle. The Bank is satisfied with its level of communication with ASX over this period.

19.2 A securities settlement facility should also provide to the Reserve Bank, on a timely basis:

1. audited annual accounts;
2. management accounts on a regular basis, and at least quarterly;
3. risk management reports on a regular basis, and at least quarterly;
4. periodic activity, risk and operational data, as agreed with the Reserve Bank; and
5. any other information as specified by the Reserve Bank from time to time.

Audited annual reports are published on the ASX public website, while ASX provides the Bank with quarterly statements of balance sheet, income, and collateral held for each CS facility. Under the Code of Practice, ASX also publishes audited biannual management accounts for its cash equity clearing and settlement services.

ASX provides detailed activity, risk and operational data. Data provided quarterly to the Bank include settlement values and volumes, and data on system availability and capacity utilisation. The quarterly operations meetings between the Bank and ASX provide a forum for discussion of developments.

From time to time, the Bank will request additional information from ASX Settlement on topics of interest, particularly in regard to any operational incidents or the status of projects with significant risk implications.

During the previous Assessment period, the Bank conducted a review of the data that it collects from ASX in order to better support its assessment of the CS facilities against the requirements of the FSS. As a result of this review, ASX has implemented enhancements to the data it reports to the Bank during the Assessment period.

Footnotes

The guidance is available at <http://www.rba.gov.au/payments-system/clearing-settlement/standards/securities-settlement-facilities/2012/>. [1]

For an explanation of the Bank's Assessment approach and the ratings scale used, see the introduction to Appendix A. [2]

Available at <http://www.asx.com.au/documents/asx-compliance/pfmi-disclosure-framework.pdf>. Prior to 1 September 2014, CPMI was known as the Committee on Payment and Settlement Systems (CPSS). [3]

The Code of Practice is available at <http://www.asx.com.au/cs/index.htm>. [4]

Available at <http://www.asx.com.au/documents/regulation/ASXL_guidelines_affecting_independent_status.PDF>. [5]

The Institute of Internal Auditors is the leading international organisation representing internal auditors. It has developed a set of standards that provides a framework for carrying out and evaluating the performance of internal audits. [6]

Available at <http://www.treasury.gov.au/~/media/Treasury/Publications%20and%20Media/Publications/2013/Council%20of%20Financial%20Regulators%20advice%20on%20competition/Downloads/Competition%20in%20clearing%20and%20settlement%20of%20the%20Australian%20cash%20equity%20market.ashx>. [7]

ISO is an international standard-setting body and ISO 31000 is considered to be relevant guidance for enterprise risk management. The ISO 31000 standard has been reproduced by Standards Australia and Standards New Zealand as AS/NZS 31000. [8]

ASX Clear will seek to meet payment obligations of the defaulting participant out of its prefunded liquid resources where possible and prudent. However, if it was not possible or prudent to rely solely on prefunded liquidity, ASX Clear may rely on the use of OTAs with participants to allow novated transactions of the defaulting participant to settle. [9]

The Review of Settlement Practices for Australian Equities is available at <http://www.rba.gov.au/payments-system/clearing-settlement/review-practices/>. [10]

The NIST Cybersecurity Framework is used widely by critical infrastructure providers and other organisations in a number of jurisdictions internationally. [11]

The Australian Liquidity Centre provides market participants with the option to ‘co-locate’ their servers with ASX's data centre. [12]

ASX currently maintains three main sites for its operations and data processing: a primary operations site that also operates as the primary data centre (where the majority of staff are located); a secondary operations site; and a backup data centre. [13]

When a component of software is updated, ‘regression testing’ aims to perform checks on the full software to verify that the operation of other software components has not been inadvertently affected by the update. [14]

The Uptime Institute is an IT consulting organisation that has developed a widely adopted classification system for the level of redundancy arrangements in data centres. ‘Tier 3’ is the second highest standard of redundancy, indicating that a data centre has redundant components, multiple independent power and cooling systems, and a high degree of availability. [15]

See CPMI-IOSCO (2014), Principles for financial market infrastructures: Assessment methodology for the oversight expectations applicable to critical service providers, December. Available at <http://www.bis.org/cpmi/publ/d123.htm>. [16]

Links to payment systems are addressed in SSF Standard 8. [17]

Available at <http://www.asx.com.au/regulation/rules/asx-settlement-operating-rules.htm>. [18]

Available at <http://www.asx.com.au/documents/regulation/ASX_PFMI_Disclosure_Framework_28_February_2015.PDF>. [19]

The CPSS was renamed the CPMI in October 2014. [20]