2017 Assessment of the Reserve Bank Information and Transfer System 1. Executive Summary

Purpose

This report is an Assessment of the Reserve Bank Information and Transfer System (RITS) against the Principles for Financial Market Infrastructures (the Principles), which is operated by the Bank's Payments Settlements Department. The Principles were developed by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO).[1] This Assessment has been carried out in accordance with the approach and rating system set out in the Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology (the Disclosure Framework) produced by CPMI and IOSCO in December 2012[2] and CPMI and IOSCO's Application of the Principles for Financial Market Infrastructures to Central Bank FMIs, published in 2015.[3] The assessment was independently prepared by the Bank's Payments Policy Department and endorsed by the Payments System Board.

This report covers the period from December 2015 to March 2017.

Conclusion

This Assessment concludes that RITS observes all the relevant Principles.

Progress towards 2015 Recommendations

In the November 2015 Assessment several recommendations were made to ensure continuous improvement to support RITS in meeting international best practice on an ongoing basis. During the assessment period RITS has addressed each of the recommendations made in the 2015 Assessment.[4]

Legal basis. The Bank implemented new RITS Regulations on 27 March 2017.

Operational risk. All recommendations relating to the management of cyber-security risks have been addressed. Analysis and testing of the mechanisms in place to support prevention of cyber-related incidents has been completed and work to implement cyber-security enhancements is underway. A review of the ability to detect and recover from a disruption of service in RITS as a result of an operational incident, including cyber attack, has been completed and work to implement improvements is underway. Cyber-risk management arrangements have been reviewed in light of the CPMI-IOSCO Guidance on Cyber Resilience for Financial Market Infrastructures (the Cyber Resilience Guidance).[5] No significant issues were identified through this review.

Oversight Focus for the coming Assessment Period

RITS has observed all of the relevant Principles. This Assessment identified no areas of concern in terms of RITS's observance with the Principles or specific recommendations to support continuous improvement. Nevertheless, among other things, as part of its ongoing oversight process Payments Policy Department will be following up on developments in two aspects of the work to ensure that RITS remains resilient in the face of evolving cyber-security threats. Specifically, Payments Policy Department will monitor progress in:

  • implementing recommendations arising out of the completed reviews of RITS's cyber security and cyber resilience
  • evaluating current and emerging technology that could enable further enhancements to the ability to recover RITS from cyber attacks in a timely manner.

Footnotes

The Joint Statement by the RBA and ASIC, Implementing the CPSS-IOSCO Principles for Financial Market Infrastructures in Australia, is available at https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/principles/implementation-of-principles.html. [1]

See CPSS-IOSCO (2012), Principles for Financial Market Infrastructures: Disclosure framework and assessment methodology, December. Available at <http://www.bis.org/cpmi/publ/d106.htm>. [2]

See CPMI-IOSCO (2015), Application of the Principles for financial market infrastructures to central bank FMIs, August. Available at <http://www.bis.org/cpmi/publ/d130.pdf>. [3]

See RBA (2015), 2015 Assessment of the Reserve Bank Information and Transfer System, p 4. Available at https://www.rba.gov.au/payments-and-infrastructure/rits/self-assessments/2015/pdf/2015-assess-rits.pdf. [4]

See CPMI-IOSCO (2016) Guidance on Cyber Resilience Guidance for Financial Market Infrastructures, June. Available at <http://www.bis.org/cpmi/publ/d146.htm>. [5]