2013 Self-assessment of the Reserve Bank Information and Transfer System Appendix A: Detailed Self-assessment

Introduction

This Appendix sets out the Bank's 2013 detailed Self-assessment of how well RITS observes the Principles, developed by the CPSS and IOSCO. In its assessment, the Bank has applied the rating system used in the Disclosure Framework. Under this framework, observance of each of the applicable Principles is rated according to the following scale:

• Observed – Any identified gaps and shortcomings are not issues of concern and are minor, manageable and of a nature that the facility could consider taking them up in the normal course of its business.
• Broadly observed – The assessment has identified one or more issues of concern that the facility should address and follow up on in a defined time line.
• Partly observed – The assessment has identified one or more issues of concern that could become serious if not addressed promptly. The facility should accord a high priority to addressing these issues.
• Not observed – The assessment has identified one or more serious issues of concern that warrant immediate action. Therefore, the facility should accord the highest priority to addressing these issues.
• Not applicable – The standard does not apply to the type of facility being assessed because of the particular legal, institutional, structural or other characteristics of the facility.

The Bank's ratings of RITS against the relevant Principles are supplemented by detailed information under each Key Consideration that is relevant to the Bank's assessment.

Note: Principle 6 (Margin), 10 (Physical deliveries), 11 (Central securities depositories), 14 (Segregation and portability), 20 (FMI links) and 24 (Disclosure of market data by trade repositories) are not applicable to systemically important payment systems and have therefore been omitted.

1. Legal basis

A payment system should have a well-founded, clear, transparent and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions.

Rating: Observed

RITS is owned and operated by the Bank. The RITS Regulations form the legal basis for all material aspects of RITS. The Reserve Bank seeks external legal advice on material amendments to the RITS Regulations and associated contractual agreements, including, where relevant, on the interaction of such amendments with Australian and New South Wales laws and regulations. While the RITS Regulations are comprehensive, changes in functionality and activity since its launch have added to their complexity. The Bank has commenced a comprehensive review of the RITS Regulations with the aim of identifying areas where the clarity of the RITS Regulations could usefully be enhanced.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 1 during the 2013 Assessment period. The legal basis of RITS is described in further detail under the following Key Considerations.

1.1 The legal basis should provide a high degree of certainty for each material aspect of a payment system's activities in all relevant jurisdictions.

The legal basis of RITS is set out in the RITS Regulations, which cover the operation of RITS, and the rights and obligations of participants and the Bank. Standard agreements are executed to bind each participant to the RITS Regulations. In addition to the RITS Regulations, the following key aspects of RITS activities are supported by Australian legislation and additional contractual arrangements.

RTGS feeder systems

RITS accepts settlement instructions from approved feeder systems. Admission as a feeder system is by specific reference in the RITS Regulations. The RTGS feeder systems are the SWIFT PDS, Austraclear and the CHESS RTGS.^[1] The SWIFT PDS is administered by the APCA under its HVCS. The Bank and APCA each have contractual arrangements with SWIFT covering the SWIFT PDS. The Austraclear and CHESS RTGS feeder systems are operated by Austraclear and ASX Settlement, respectively. Both entities are wholly owned subsidiaries of ASX. The Bank has separate contractual arrangements with Austraclear and ASX Settlement, respectively, covering these feeder systems.

Settlement finality

The RITS Regulations state that settlement is final when the ESAs of the paying and receiving participants in RITS are simultaneously debited and credited, respectively. The irrevocability of payments settled in RITS is protected by RITS's approval as an RTGS system under Part 2 of the Payment Systems and Netting Act. With this approval, a payment executed in RITS at any time on the day on which a RITS participant enters external administration has the same standing as if the participant had gone into external administration on the next day. Accordingly, in the event of insolvency all transactions settled on the day of the insolvency are irrevocable and cannot be unwound.

Similarly, the irrevocability of settled transactions originating from the Austraclear and CHESS RTGS feeder systems is supported by their respective approvals as RTGS systems under Part 2 of the Payment Systems and Netting Act.

Netting arrangements

In the unlikely event that RITS is unavailable for a significant period of time, payments arising from Austraclear and the SWIFT PDS can be settled using ‘fallback arrangements’. These arrangements involve the multilateral netting and settlement of transactions arising from those systems. The irrevocability of settlement under these fallback arrangements is supported by the approval of Austraclear and HVCS as netting arrangements under Part 3 of the Payment Systems and Netting Act. The approval of HVCS establishes the legal basis for the netting of SWIFT PDS payments.

While RITS is primarily an RTGS system, it also provides for the final settlement of net obligations arising in other payment systems. This is either through the LVSS or the batch feeder functionality. RITS's approval under Part 2 of the Payment Systems and Netting Act does not ensure the legal certainty of the netting of the underlying obligations. Nevertheless, the majority of the value of obligations settled in these multilateral batches originates from the APCA clearing streams and transactions settled in the CHESS batch, which are approved netting arrangements under Part 3 of the Payment Systems and Netting Act.

Enforceability of repurchase agreements

The enforceability of repos in the event of a default also requires a high degree of legal certainty. Repos with the Bank are governed by an international standard agreement – The Bond Market Association (TBMA)/International Securities Market Association (ISMA) Global Master Repurchase Agreement (2000 version) – as amended by exhibits under the RITS Regulations.^[2] This agreement sets out, among other things, what constitutes default and the consequential rights and obligations of the parties. In the event of a default, the agreement allows the non-defaulting party to terminate the agreement, calculating the net obligation based on the prevailing market value at the time the contract is closed out. Close-out netting provisions included in repo contracts with participants provide for the immediate liquidation of collateral in the event of default. This right is supported by Part 4 of the Payment Systems and Netting Act.

1.2 A payment system should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations.

To facilitate a clear understanding of RITS rules and procedures, the RITS Regulations are supplemented by information papers and user guides that explain RITS requirements and functions. This material facilitates existing and prospective participants' understanding of the RITS Regulations and the resulting risks they face by participating in RITS. Notwithstanding the above, changes in functionality and activity since RITS's launch have added to the complexity of the RITS Regulations. The Bank has commenced a comprehensive review of the RITS Regulations with the aim of identifying areas where the clarity of the RITS Regulations could usefully be enhanced.

The Bank also seeks external legal advice on material amendments to the RITS Regulations and associated contractual agreements, including, where relevant, on the interaction of such amendments with Australian and New South Wales laws and regulations.

1.3 A payment system should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants' customers, in a clear and understandable way.

At a high level, the legal basis for RITS is articulated in a clear and understandable manner on the Bank's website.^[3] The information paper on the RITS Regulations provides further detail on RITS's legal basis.^[4]

1.4 A payment system should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the payment system under such rules and procedures will not be voided, reversed, or subject to stays.

To ensure that the RITS Regulations and associated contractual agreements are enforceable, the Bank seeks external legal advice on material amendments to these documents.

There have been no court cases that have tested the RITS legal framework.

1.5 A payment system conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions.

The RITS Regulations are governed by New South Wales law and require that all participants submit to the non-exclusive jurisdiction of the courts of New South Wales. Since 2011, the Bank has required foreign RITS applicants to provide a legal opinion affirming that the RITS membership legal documents constitute valid, legally binding and enforceable obligations.^[5] This opinion must cover whether the courts in the home jurisdiction of the applicant will give effect to the choice of New South Wales law as the governing law and whether the judgement of an Australian court would be enforceable in the home jurisdiction without retrial or re-examination.

2. Governance

A payment system should have governance arrangements that are clear and transparent, promote the safety and efficiency of the payment system, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders.

Rating: Observed

RITS is owned and operated by the Bank. Since it is not operated as a separate entity, the management and operation of RITS fall under the governance structure of the Bank, and are subject to the Bank's normal oversight, decision-making and audit processes. The Bank has clear and transparent governance arrangements, which are publicly available on the Bank's website. The Bank has recently updated its website to articulate its specific objectives in relation to its operation of RITS. These are consistent with the high-level objectives of the Reserve Bank, which emphasise the stability of the broader financial system and the welfare of the Australian people. The Bank accordingly aims to provide infrastructure through which settlement obligations arising from the exchange of high-value payments and debt securities settlements can be extinguished in a safe and efficient manner. To ensure that the interests of relevant stakeholders are taken into account, the Bank engages in routine liaison with participants and consults on material changes to operational arrangements. Oversight of RITS is carried out by the Payments Policy Department, under the governance of the Payments System Board.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 2 during the 2013 Assessment period. Details of RITS's governance arrangements are described under the following Key Considerations.

Note: Paragraph 3.2.7 of the Principles states that ‘[c]entral bank-operated systems may need to tailor the application of [the governance] principle in light of the central bank's own governance requirements and specific policy mandates’. The Bank's view is that since RITS is owned and operated by the Bank as an internal function, rather than a separate legal entity, Key Considerations 3 and 4 of this Principle should not constrain the composition of the Bank's governing body or that body's roles and responsibilities.

2.1 A payment system should have objectives that place a high priority on the safety and efficiency of the payment system and explicitly support financial stability and other relevant public interest considerations.

The high-level objectives of the Reserve Bank are set out in the Reserve Bank Act. The Bank's duty is to contribute to the stability of the currency, full employment, and the economic prosperity and welfare of the Australian people. Stability of the financial system is also a longstanding responsibility of the Reserve Bank – a mandate reconfirmed by the Australian Government when it introduced significant changes to Australia's financial regulatory structure in July 1998.^[6]

The Bank's website states its specific objectives in relation to its operation of RITS. In particular, the Bank's objective in developing and operating RITS is to provide the infrastructure through which settlement obligations arising from the exchange of high-value payments and debt securities transactions can be extinguished in a safe and efficient manner. The design of RITS ensures that there is no build-up of settlement exposures associated with high-value transactions, which in turn promotes the stability of Australia's financial system. Reflecting the critical importance of RITS to the Australian financial system, the Bank aims to operate RITS at an extremely high standard of availability and resilience, and to ensure that its settlement services continue to evolve to meet the changing needs of the broader payments system.

Decisions concerning the operation of RITS and ESAs are required to be consistent with the policy environment determined by Payments Policy Department, under the governance of the Payments System Board. The broad mandate of the Payments System Board, which is also set out in the Reserve Bank Act, places a high priority on the safety and the efficiency of the wider Australian payments system.^[7]

2.2 A payment system should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public.

Information on the Bank's governance arrangements for RITS is documented on the Bank's website.^[8]

The Bank's governance arrangements reflect relevant provisions of the Reserve Bank Act. In accordance with this Act, the Governor is responsible for the management of the Reserve Bank, and is therefore ultimately responsible for the operation of RITS. The Governor is assisted and supported in this responsibility by the Executive Committee, which is comprised of the Bank's most senior executives. The Executive Committee is the key decision-making committee of the Bank for matters of an administrative and management nature that have strategic, Bank-wide or external significance. Accordingly, major decisions related to RITS are considered by the Executive Committee.

Decisions affecting the day-to-day operations, customer relations and development of RITS have been delegated to the Bank's Payments Settlements Department. Payments Settlements Department is part of the Bank's Banking and Payments Group, which is headed by an Assistant Governor who reports to the Deputy Governor. Clear internal procedures are in place to elevate day-to-day operational matters within Payments Settlements Department and other areas of the Bank, as appropriate.

Oversight of RITS is carried out by the Bank's Payments Policy Department, under the governance of the Payments System Board. Payments Policy Department is separate from Payments Settlements Department in the Bank's organisational structure, with separate reporting lines up to and including the level of Assistant Governor (see Section 4.1 for more details). The two departments nevertheless meet regularly to discuss policy issues and operational developments, and the Payments System Board is periodically updated on relevant developments.

As an independent central bank and statutory body, the Bank is ultimately accountable to the Parliament of Australia. Since 1996, the Governor and senior officers of the Bank have appeared twice yearly before the House of Representatives Standing Committee on Economics to report on matters under the responsibility of the Bank. The Reserve Bank Act also requires that the Bank inform the Australian Government of its policies ‘from time to time’. In addition, to fulfil its obligation under the Commonwealth Authorities and Companies Act 1997, the Bank prepares an Annual Report, for presentation to the Treasurer and tabling in Parliament.^[9] The Payments System Board produces a separate annual report, which is tabled in Parliament, although this is not a legislative requirement.^[10]

2.3 The roles and responsibilities of a payment system's board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly.

As described in Key Consideration 2.2, the Governor, with assistance from the Executive Committee, is ultimately responsible for the management of the Bank, including the operation of RITS. The roles and responsibilities of the Governor are set out it in the Reserve Bank Act. The roles and responsibilities of members of the Executive Committee are set out in internal position descriptions.

In recognition of the Governor's responsibility for maintaining a reputation for integrity and propriety on the part of the Bank, the Governor and other members of the Executive Committee, as well as the Governor, are subject to the Code of Conduct for Reserve Bank Staff, which places a high priority on integrity and has provisions that address conflicts of interest. There are also specific Bank policies that deal with potential conflicts of interest arising from the Bank's roles as the principal regulator of the payments system and as provider of banking services to the Australian Government.^[11]

2.4 The board should contain suitable members with the appropriate skills and incentives to fulfil its multiple roles. This typically requires the inclusion of non-executive board member(s).

In accordance with the Reserve Bank Act, the Governor is appointed by the Treasurer. Since RITS is owned by the Bank, and is not operated as a separate legal entity, the skills and qualifications of the Governor are determined in accordance with the Bank's broader responsibilities. The Bank has human resources policies in place to help ensure that senior staff, including members of the Executive Committee have the appropriate skills and incentives. These policies are described in Key Consideration 2.5.

2.5 The roles and responsibilities of management should be clearly specified. A payment system's management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the payment system.

The roles and responsibilities of the management responsible for the day-to-day operation of RITS are clearly documented in position descriptions.

The Bank has human resources policies in place to help ensure that management positions are filled with employees with the appropriate skills, incentives, experience and integrity to perform their duties. The Bank has a formal performance management program, which helps to clarify the expectations of supervisors and employees, and ensure that timely feedback is provided. Recruitment and selection at the Bank is based on the suitability of an applicant to carry out the specific requirements of the position to be filled, having regard to the applicant's: ability to perform the duties; relevant experience; relevant training and qualifications; and willingness to meet any particular requirement specified in the job description. Bank staff are subject to the Code of Conduct for Reserve Bank Staff (see Key Consideration 2.3).

The Bank also aims to offer remuneration packages that attract employees able to perform their duties to a high standard. To this end, independent consultants are engaged to ensure that remuneration policies are consistent with market practice. The Remuneration Committee of the Reserve Bank Board is also kept informed of the remuneration arrangements for Bank staff.

2.6 The board should establish a clear, documented, risk-management framework that includes the payment system's risk tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board.

The Bank has a well-established risk management framework that facilitates the identification, assessment and treatment of all non-policy risks – including those arising from its operation of RITS – at both an enterprise (‘top-down’) and business (‘bottom-up’) level. This is set out in the Bank's Risk Management Policy.^[12] Risk management is seen as an integral part of the management function within the Bank. Line managers have the responsibility to evaluate their risk environment, put in place appropriate controls, and monitor the effectiveness of these controls. Management is supported in this role through the development and maintenance of a culture that acknowledges the need for careful analysis and management of risk in all business processes.

The risk management framework is governed by the Risk Management Committee, in accordance with the Risk Management Committee Charter. Structurally, this Committee consists of members of the executive team who are responsible for the Bank's operational areas or key support functions. It is chaired by the Deputy Governor and comprises: the Assistant Governors for Banking and Payments, Corporate Services, Currency and Financial Markets; the Chief Financial Officer; the Chief Information Officer; the Heads of Audit Department, Human Resources Department and Risk Management Unit; the General Counsel; and the Deputy Secretary.^[13] The Risk Management Committee meets six times a year or more frequently if required, and reports on its activities both to the Executive Committee and the Board Audit Committee.

The Risk Management Committee is assisted in its responsibilities by the Risk Management Unit. Risk Management Unit's main role is to assist individual business areas to manage their risk environment within a broadly consistent framework. Risk Management Unit also monitors risk and performance associated with the Bank's activities in financial markets and provides support to business areas in the implementation of fraud control and business continuity. The Risk Management Unit reports directly to the Deputy Governor.

The Audit Department also supports the framework for managing risk, complementing but remaining separate from the work of Risk Management Unit. In addition to providing assurance that the Bank's risk management policies are effective, Audit Department has a separate, independent brief to test the adequacy of procedures and controls at all levels of the Bank. Audit Department reports to the Deputy Governor and Reserve Bank Board Audit Committee.

Crisis and emergencies

In circumstances including a significant disruption to the Bank's operations that affects several business areas, the Governor may delegate responsibility for coordination of the Bank's response, either to the Bank's Crisis Management Group or an individual. The Crisis Management Group's membership would vary with the nature of the disruption and would typically comprise executives from a number of areas of the Bank.

Payments Settlements Department also maintains plans that address decision-making in crises and emergencies. These plans cover operational disruptions (see Principle 17) and the default of a RITS participant (see Principle 13). The plans are required to set out how Payments Settlements Department would communicate with the Crisis Management Group during a disruption.

2.7 The board should ensure that the payment system design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public.

The Bank's governance arrangements ensure accountability and transparency to RITS participants and other relevant parties. To ensure the interests of relevant stakeholders are taken into account, the Bank engages in routine liaison with participants and consults on all material changes to operational arrangements (See Principle 21 for further details). All decisions affecting the operation of RITS are advised to participants. Policy decisions that impact upon RITS are also advised by media release. Major decisions and the reasons for them are explained in the Bank's Annual Report and, if relevant, in the Payments System Board Annual Report.

3. Framework for the comprehensive management of risks

A payment system should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks.

Rating: Observed

The Bank has a well-established risk management framework which facilitates the identification, assessment and treatment of all non-policy risks – including those arising from its operation of RITS – at both an enterprise (‘top-down’) and business (‘bottom-up’) level. Under the Bank's Risk Management Policy, Payments Settlements Department aims to identify in a single Risk Register all risks that might impact its ability to operate RITS in a safe and efficient manner, including those arising from interdependencies with other participants, other FMIs or service providers. The Risk Register is updated at least annually, or when material changes to operations or the business environment occur. Payments Settlements Department also designs and applies appropriate controls to mitigate identified risks. This high-level framework is supported by more detailed policies (see Principles 4, 5, 7 and 17) and a governance structure to oversee the Bank's risk management activities (see Key Consideration 2.6).

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 3 during the 2013 Assessment period. The framework for the comprehensive management of risks in RITS is described in further detail under the following Key Considerations.

Note: It is the Bank's view that expectations around recovery planning and the organisation of operational arrangements to support resolution actions will not typically apply in the case of a central bank-owned and -operated system. Accordingly, the Bank has not assessed RITS against Key Consideration 3.4 of this Principle.

3.1 A payment system should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the payment system. Risk-management frameworks should be subject to periodic review.

The Bank's risk management framework is set out under Key Consideration 2.6. Under this framework, Payments Settlements Department is required to identify all of the risks that might impact its ability to operate RITS in a safe and efficient manner in a single register. Risks are categorised at a high level into strategic, credit, liquidity and operational risks, and further sub-categorised into more detailed risk groups (e.g. legal and information technology risks are sub-categories of operational risk). For each risk that has been identified, Payments Settlements Department sets out the potential impact and probability of the risk occurring, and also identifies existing controls and mitigation strategies (including contingency plans) to reduce the likelihood and/or impact of the risk crystallising. Where a risk is co-managed by another business area – for example, some RITS operational controls are implemented by the Bank's Information Technology Department – this must be acknowledged by the other business area.

The Bank's Risk Management Policy requires that Payments Settlements Department reviews and updates its register of risks annually, and after any major change to the Department's risk environment, to reflect any changes in risks and controls that have occurred.

3.2 A payment system should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the payment system.

The design of RITS means that participants do not pose liquidity or credit risks to the Bank as operator of RITS (see Principle 4 and 7). RITS participation requirements are designed to reduce the likelihood that an individual participant would disrupt the operation of RITS. If a participant does not meet these participation requirements, the Bank may apply sanctions to or impose additional requirements on that participant (see Principle 18 for more detail).

3.3 A payment system should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks.

The Bank, in operating RITS, reviews the material risks that it bears from and poses to other entities. This is done in the context of its ongoing review of risks (such as the annual update of its Risk Register), and its processes for identifying risks associated with major changes to its risk environment, such as new activities or system changes. This is also part of the Bank's change management framework (see Key Consideration 17.1). The tools used to manage risks from other entities include service level agreements, customer support packages and documented operational and contingency procedures (see Key Consideration 17.7).

4. Credit risk

A payment system should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. A payment system should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence.

Rating: Observed

The Bank is not exposed to credit risk from the settlement of payments between participants in RITS. These payments are settled using funds in participants' ESAs, which cannot be overdrawn, and the Bank does not guarantee any transaction submitted for settlement in RITS. In the event of a default, the Bank would not be exposed to a loss in its role as operator of RITS. Accordingly, RITS does not maintain financial resources to cover the default of a participant. In addition, the RTGS mode of settlement in RITS is designed to ensure that unintended credit risk does not arise between participants during the settlement process: payment messages are exchanged between participants simultaneously with the transfer of funds across ESAs.

The Bank does, however, incur credit risk through the provision of liquidity to participants in support of payments activity. This risk is managed by taking high-quality collateral under repo, applying a conservative haircut to the securities, and collecting mark-to-market margin (see Principle 5).

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 4 during the 2013 Assessment period. Credit risk in RITS is described in further detail under the following Key Considerations.

Note: Key Considerations 4.4, 4.5 and 4.6 do not apply to RITS as it is not a CCP. Consistent with footnote 45 of the Principles, which notes that a central bank often avoids putting limits on the credit it extends to a participant because of its role as a monetary authority and liquidity provider, the Bank's view is that this Principle should not constrain central bank policies on the provision of credit, or the terms or limits of such provision.

4.1 A payment system should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both.

The Bank is not exposed to credit risk in its role as operator of RITS. Payments in RITS are settled using funds in participants' ESAs, which cannot be overdrawn, and the Bank does not guarantee any transaction submitted for settlement in RITS. Accordingly, in the event of a participant default the Bank would not be exposed to a loss in its role as operator of RITS.

The Bank does, however, incur credit risk through the provision of liquidity to participants, in part to support payments activity. This risk is primarily managed by taking collateral under repo, in accordance with the Bank's risk management framework. Under this framework, responsibility for approving and reviewing collateral policy is the responsibility of Domestic Markets Department, with oversight from the Risk Management Committee. The policies, procedures and controls implemented to mitigate credit risk are subject to audit by Audit Department. The Bank's risk management framework is reviewed annually. (See Key Consideration 2.6 for further detail on the Bank's risk management framework.)

The RTGS mode of settlement in RITS is designed also to ensure that unintended credit risks do not accumulate between participants during the settlement process: payment messages are exchanged between participants simultaneously with the transfer of funds across ESAs.

4.2 A payment system should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks.

Under the Bank's risk management framework, Domestic Markets Department has responsibility for identifying and managing the credit risks that arise from its activities. For each credit risk identified, the Department sets out the potential impact and probability of the credit risk crystallising, and, where possible, the existing controls and mitigation strategies. These controls are reviewed and signed off by management annually, or when there are material changes to the Bank's risk environment.

The Bank incurs credit risk through the provision of liquidity to RITS participants through repos. This credit risk is mitigated by accepting only high-quality collateral, applying an appropriate haircut to the collateral, and collecting mark-to-market margin daily (see Principle 5 for further detail). Participation requirements in RITS also help to reduce the probability of a participant default (see Principle 18). The Bank monitors the liquidity it extends to RITS participants and the composition of collateral that it holds on a daily basis. This information is readily available in the Bank's collateral management system (see Principle 5.6 for further detail).

4.3 A payment system should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a deferred net settlement payment system in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such a payment system should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system.

The Bank's credit risk in providing liquidity to RITS participants is related to the value of liquidity provided under repo. This risk is mitigated by accepting high-quality collateral under repo, which could be closed out immediately after a participant default. The Bank also faces a potential future loss, which would crystallise in the event that a participant defaulted and the market value of collateral securities fell below the amount of credit provided under repo. This risk is mitigated by applying a haircut to the collateral, calibrated to cover the maximum expected decline in the market price of the collateral, over a conservative liquidation horizon, at a high level of confidence. The Bank also collects mark-to-market margin daily to cover past changes in the value of its collateral. (See Principle 5 for further detail on collateral eligibility, haircuts and mark-to-market margin.)

RITS is not a deferred net settlement payment system and accordingly the requirement to maintain sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system does not apply.

4.7 A payment system should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the payment system. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds a payment system may borrow from liquidity providers. These rules and procedures should also indicate the payment system's process to replenish any financial resources that the payment system may employ during a stress event, so that the payment system can continue to operate in a safe and sound manner.

As explained under Key Consideration 4.1, in the event of a participant default the Bank would not be exposed to a loss in its role as operator of RITS. Accordingly, RITS participants would not have any obligations to the Bank as operator of RITS in the event of a default. Nevertheless, the Bank maintains internal procedures that set out the course of action it would take after a participant default (see Principle 13 for further details).

5. Collateral

A payment system that requires collateral to manage its or its participants' credit exposure should accept collateral with low credit, liquidity, and market risks. A payment system should also set and enforce appropriately conservative haircuts and concentration limits.

Rating: Observed

The effective implementation of monetary policy is the primary driver of the Bank's collateral policy. Notwithstanding this, the Bank's collateral eligibility policies as provider of liquidity to RITS participants are broadly consistent with this Principle. The Bank only accepts highly rated debt securities denominated in Australian dollars as collateral for liquidity in ESAs. Collateral is conservatively valued, and subject to haircuts and daily mark-to-market margin calls.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 5 during the 2013 Assessment period. The Bank's collateral policies are described in further detail under the following Key Considerations.

Note: Paragraph 1.23 of the Principles acknowledges that ‘central banks may have separate public policy objectives and responsibilities for monetary and liquidity policies that take precedence’. Accordingly, it is the Bank's view that nothing in this Principle should constrain the Bank's policies on collateral eligibility criteria for its lending operations.

5.1 A payment system should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks.

The Bank provides liquidity in participants' ESAs through repos. Under these repos, outright title to collateral is exchanged in return for credit of funds to the participant's ESA, with an agreement to reverse the transaction at some point in the future (see Section 2.4.2 for more information on repos and liquidity provision in RITS).

The Bank only accepts highly rated debt securities denominated in Australian dollars as collateral for repo. This policy covers all of the Bank's repo activity, including both intraday repos and open repos (which are aimed at providing liquidity in RITS), as well as term repos (which are primarily for open market operations). This policy is publicly available on the Bank's website.^[14] Eligible collateral is generally restricted to highly liquid securities issued by entities with high credit quality, including those issued by: the Australian Government; the central borrowing authorities of the state and territory governments (semi-government securities); certain supranational organisations, foreign governments and government agencies with an explicit government guarantee; and ADIs. In October 2007, in light of developments in securities markets and the relative scarcity of government securities, the Bank expanded its collateral eligibility criteria to include certain highly rated asset-backed securities and other private securities as collateral for repos.^[15]

In addition, any security accepted must meet the following criteria:

• The security must be denominated in Australian dollars.
• The security must be lodged and active in Austraclear, which is the central securities depository for fixed income securities in Australia.
• Securities accepted as collateral must generally meet a minimum credit rating. This requirement does not apply to Commonwealth Government securities, semi-government securities and securities with an Australian Government guarantee, which do not need a minimum rating.
• Asset-backed securities must be tradeable in the secondary market and must be based on a true sale of assets into a bankruptcy remote special purpose vehicle.
• Securities sold to the Bank under a repo must not enter the closed period to maturity (the ex-interest period before maturity) during the term of the repo.

In addition, the Bank will not accept what it deems to be highly structured securities, such as collateralised debt obligations backed by other asset-backed securities.

If the above conditions are met, securities issued by the Australian Government or by the central borrowing authorities of the states and territories are automatically eligible collateral. All other securities are subject to an approval process. The Bank will not accept such securities as collateral until the approval process is complete and the securities appear on the Bank's list of eligible collateral.^[16]

In order to assess the eligibility of the security, the minimum credit rating assigned to a security or its issuer by any of the major rating agencies will be used (except certain credit-enhanced securities such as covered bonds). For ADI-issued securities with a residual maturity greater than one year, at least two major credit rating agencies must rate the security or the issuer. For covered bonds issued by ADIs, where two or more security ratings are available, only the ratings on the security will be considered. If two security ratings are not available for ADI-issued covered bonds, the minimum issuer rating will also be considered.

The Bank routinely monitors events such as credit downgrades to ensure that its list of eligible collateral remains current. If a particular collateral security is no longer eligible, counterparties with outstanding repos in that security with the Bank will be required, on a same-day basis, to substitute eligible collateral.

Wrong-way risk

To avoid wrong way risk, the Bank will not accept collateral from a RITS participant if it deems that participant to be materially related to the credit quality of the security. Where applicable, the Bank's list of eligible collateral denotes those RITS participants considered to be related to specific securities. The Bank considers any entities that are members of the same corporate group to be the same entity and therefore materially related. Similarly, where one entity has an ownership stake in another entity that exceeds 15 per cent, the two entities will be deemed to be equivalent.

The Bank accepts related party asset-backed securities, but these securities are subject to an additional haircut. The Bank considers each of the following parties to be related to an asset-backed security: the sponsor of the issuing trust, the loan originators, servicers, swap counterparties, liquidity providers and guaranteed investment contract providers to the issuing trust. The magnitude of any additional haircut will depend on the nature of the relationship between the participant and the asset-backed security.

In the event of insolvency, the close-out netting provisions included in the repo agreements allow the Bank to close out or terminate the second leg of the repo immediately. This right is protected by Part 4 of the Payment Systems and Netting Act. Where a participant provides securities issued by a third party as collateral, both the participant and the issuer would have to fail for the Bank to experience a total loss. Where a participant provides asset-backed securities, the Bank would have access to the assets behind the security if the participant were to fail.

5.2 A payment system should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions.

Valuation

The Bank values securities accepted as collateral using available market prices, except for Commonwealth Government securities, which are valued using publicly available pricing formulae.^[17] When a timely market price is not available or reliable, the Bank uses conservative valuation formulas: government-related securities are valued using a yield of 50 basis points above an equivalent maturity swap rate referenced to the 3-month Bank Bill Swap reference rate, while private securities are valued at a price equal to 90 per cent of the face value of the security.

Haircuts and mark-to-market margin

The Bank applies haircuts to all securities bought under a repo.^[18] For operational simplicity, uniform haircut rates are set for broad groups of securities rather than for individual securities. Haircut rates are set to cover the maximum expected decline in the market price of the collateral, over a conservative liquidation horizon, at a confidence level of at least 95 per cent. The key inputs to this calculation are market prices, the maturity of the securities in the relevant asset classes and the credit ratings of the securities. Haircut rates are publicly available on the Bank's website.^[19]

The Bank also collects mark-to-market margin to cover changes in the value of its collateral.^[20] To do this, the Bank revalues all securities held as collateral using the aforementioned valuation practices at the start of each business day. Where the Bank's net exposure to a counterparty is greater than $1 million and represents more than 1 per cent of the net repurchase amounts agreed with that party, the Bank will call for mark-to-market margin equal to its net exposure.^[21] Similarly, the Bank will meet requests for mark-to-market margin from counterparties to which the Bank has a net exposure greater than $1 million and where that net exposure represents more than 1 per cent of the net repurchase amounts agreed with that party.

5.3 In order to reduce the need for procyclical adjustments, a payment system should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent.

The Bank generally applies haircuts that are calibrated to include periods of stressed market conditions. Indeed, in February 2012, haircuts were modified to capture the stressed markets conditions following the default of Lehman Brothers in late 2008. This reduces the need for procyclical haircut adjustments during periods of stress.

5.4 A payment system should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects.

The Bank routinely monitors transaction and collateral summary reports to ensure that the Bank is not exposed to large collateral concentration and liquidation risks. The key factor considered by the Bank is the depth of the market for each security when compared with the Bank's holdings of that security. This mitigates the risk of a price impact from liquidation of a large collateral holding.

5.5 A payment system that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner.

The Bank mitigates the risks associated with cross-border collateral by imposing additional restrictions. In particular, the Bank currently accepts only very highly rated Australian dollar denominated securities issued or guaranteed by a foreign government or issued by a supranational. These securities must be issued under and governed by Australian law. In addition, because certain cross-border securities may be less liquid than domestic securities, the Bank applies higher haircuts to these securities. There is no operational risk associated with differences in time zones since all collateral must be lodged in Austraclear, and the Austraclear system and RITS operate at similar times.

5.6 A payment system should use a collateral management system that is well-designed and operationally flexible.

The Bank relies on a well-designed and operationally flexible system to manage its collateral. This system is a widely used integrated trading, middle-office and back-office system, which has been customised for the Bank. All transactions involving the exchange of collateral are recorded and tracked in this system. In addition, the system facilitates the calculation and execution of haircuts and margin calls. Using this system, the Bank has the capacity to produce a wide variety of reports and can easily transfer its collateral in a timely manner. The Bank ensures that there are sufficient resources to maintain its collateral management system to a high standard.

In April, the Bank agreed to become a Foundation Customer of ASX Collateral. ASX Collateral is a centralised collateral management service, which automates the allocation and optimisation of securities held as collateral in Austraclear. It is expected that RITS participants will have the option to use ASX Collateral services for some repos. While ASX Collateral itself is not subject to direct regulation as an FMI, the Bank has carried out a detailed assessment of the implications of interdependencies between ASX Collateral and the Austraclear system, in the context of its assessment of Austraclear against the Bank's Financial Stability Standards for Securities Settlement Facilities (SSF Standards).^[22],^[23] In particular, the Bank has sought to establish that the standards for operational resilience at ASX Collateral are appropriate for a critical system and consistent with those that apply to the Austraclear system.

The Bank does not re-use collateral it receives under repo.

7. Liquidity risk

A payment system should effectively measure, monitor, and manage its liquidity risk. A payment system should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the payment system in extreme but plausible market conditions.

Rating: Observed

RITS conducts its settlements on an RTGS basis and does not guarantee settlement. The Bank, as operator of RITS, does not therefore assume liquidity risk through these operations. Accordingly, many of the requirements under this Principle – including those around liquidity stress testing, monitoring, and the maintenance of a pool of liquid assets – do not apply.

However, settling payments on an RTGS basis does impose liquidity requirements on participants. RITS assists participants in the management of these requirements through its liquidity-efficient design, the provision of liquidity under repo, and the provision of real-time information on transactions and ESA balances. The Bank's operational staff also continuously monitor settlement activity and participant balances in RITS for evidence of any disruption to the flow of liquidity, which could occur if a participant experienced an operational or financial problem. RITS's participation requirements aim to reduce the probability that such problems arise.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 7 during the 2013 Assessment period. Liquidity risk in RITS is described in further detail under the following Key Considerations.

Note: Key Consideration 7.4 does not apply to RITS as it does not operate a CCP. Key Consideration 7.8, which refers to an FMI's access to central bank services, does not apply to RITS as it is owned by the Bank and operated as an internal function.

7.1 A payment system should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities.

RITS conducts its settlements on an RTGS basis and does not guarantee settlement. The Bank, as operator of RITS, does not therefore assume liquidity risk in its operations. Since participants face liquidity risks, however, RITS assists participants in their liquidity management through its liquidity-efficient design, the provision of liquidity under repo, and the provision of real-time information on transactions and ESA balances. Furthermore, RITS's participation requirements aim to reduce the probability that a participant experiences an operational or financial problem that could disrupt the flow of liquidity in the system (see Principle 18).

7.2 A payment system should have effective operational and analytical tools to identify, measure, and monitor its funding flows on an ongoing and timely basis, including its use of intraday liquidity.

Since RITS does not assume liquidity risk, there are no relevant funding flows for RITS to measure and monitor. As discussed in Section 2.4, RITS provides tools for participants to manage their liquidity. In managing operational risk the Bank's operational staff also continuously monitor the flow of liquidity and payments at both a system and participant level for evidence of any disruption to the flow of liquidity, which could occur if a participant experienced an operational or financial problem (see Principle 17). If such a disruption were observed, the Bank would liaise with participants to mitigate the impact. To further mitigate possible disruption under such a scenario, participants are required to inform the Bank in the event of any operational problem, and the RITS Regulations also set out actions that the Bank may take in response to a participant default (see Principle 13).

7.3 A payment system, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

7.5 For the purpose of meeting its minimum liquid resource requirement, a payment system's qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If a payment system has access to routine credit at the central bank of issue, the payment system may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

7.6 A payment system may supplement its qualifying liquid resources with other forms of liquid resources. If the payment system does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if a payment system does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. A payment system should not assume the availability of emergency central bank credit as a part of its liquidity plan.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

7.7 A payment system should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the payment system or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider's performance reliability with respect to a particular currency, a liquidity provider's potential access to credit from the central bank of issue may be taken into account. A payment system should regularly test its procedures for accessing its liquid resources at a liquidity provider.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

7.9 Since RITS does not assume liquidity risk as principal, this requirement does not apply. A payment system should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. A payment system should have clear procedures to report the results of its stress tests to appropriate decision makers at the payment system and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, a payment system should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the payment system, include all entities that might pose material liquidity risks to the payment system (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, a payment system should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

7.10 A payment system should establish explicit rules and procedures that enable the payment system to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the payment system's process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner.

Since the Bank does not assume liquidity risk as operator of RITS, the requirement to maintain liquid resources to cover payment obligations in stressed scenarios does not apply.

8. Settlement finality

A payment system should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, a payment system should provide final settlement intraday or in real time.

Rating: Observed

Payments in RITS are settled on an RTGS basis. The RITS Regulations specify that settlement is final when the ESAs of the paying and receiving RITS participants are simultaneously debited and credited, respectively. The irrevocability of payments settled in RITS is further protected by RITS's approval as an RTGS system under Part 2 of the Payment Systems and Netting Act.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 8 during the 2013 Assessment period. RITS's arrangements for ensuring finality of settlements are described in further detail under the following Key Considerations.

8.1 A payment system's rules and procedures should clearly define the point at which settlement is final.

The settlement of a payment in RITS is final and irrevocable when the ESAs of the paying and receiving RITS participants are simultaneously debited and credited, respectively.^[24] The point of settlement is clearly defined in Regulation 1 of the RITS Regulations. As explained under Key Consideration 1.1, this is further protected by RITS's approval as an RTGS system under Part 2 of the Payment Systems and Netting Act.

8.2 A payment system should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. A large-value payment system should consider adopting RTGS or multiple-batch processing during the settlement day.

RITS is an RTGS system. Payments are therefore settled individually in real time. Although settlements occur in real time, a payment submitted to the RITS queue may remain there if the payer chooses not to settle the transaction (e.g. if the payer has set the status of the transaction to ‘deferred’) or has insufficient funds. Any payments that are not settled at the end of the relevant session are automatically removed from RITS and must therefore be resubmitted for settlement when the system reopens (for more information on RITS session times refer to Section 2.3).

8.3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant.

Under Regulation 8 of the RITS Regulations, a participant can unilaterally revoke its outgoing RTGS payments at any time prior to settlement. RITS cash transfers can be revoked via the RITS User Interface, while payments sent via a feeder system must be revoked via that feeder system.

9. Money settlements

A payment system should conduct its money settlements in central bank money where practical and available. If central bank money is not used, a payment system should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money.

Rating: Observed

RITS conducts its money settlements in central bank money across participants' ESAs at the Bank.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 9 during the 2013 Assessment period. Money settlements in RITS are described in further detail under the following Key Considerations.

9.1 A payment system should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks.

Money settlements in RITS are conducted in central bank money. Payment obligations in RITS are settled on an RTGS basis across ESAs at the Bank.

9.2 If central bank money is not used, a payment system should conduct its money settlements using a settlement asset with little or no credit or liquidity risk.

Money settlements in RITS are conducted using central bank money.

9.3 If a payment system settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, a payment system should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. A payment system should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks.

Money settlements in RITS are conducted using central bank money.

9.4 If a payment system conducts money settlements on its own books, it should minimise and strictly control its credit and liquidity risks.

Money settlements in RITS are conducted using central bank money across the books of the Bank. The Bank's credit and liquidity risks from the operation and provision of liquidity in RITS are strictly controlled, as described in Principles 4 and 7.

9.5 A payment system's legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the payment system and its participants to manage credit and liquidity risks.

The Bank does not use commercial bank money settlement agents in the operation of RITS.

12. Exchange-of-value settlement systems

If a payment system settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other.

Rating: Not applicable

RITS is not an exchange-of value settlement system. It does not perform the settlement of foreign exchange transactions or securities transactions. RITS does, however, facilitate the settlement of linked securities and foreign exchange transactions in other systems, assisting to eliminate principal risk in those systems. In particular, RITS settles the interbank obligations arising from the cash leg of delivery-versus-payment debt and equity security transactions in Austraclear and ASX Settlement, respectively.^[25] RITS is also used to fund the Australian dollar leg of foreign exchange transactions settled on a payment-versus-payment basis in CLS's settlement system.

13. Participant-default rules and procedures

A payment system should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the payment system can take timely action to contain losses and liquidity pressures and continue to meet its obligations.

Rating: Observed

The RITS Regulations define what constitutes an insolvency event, as well as the rights and responsibilities of participants and the Bank in an insolvency scenario, and the actions the Bank may take to manage the situation. The Bank may suspend an insolvent participant, remove any queued payments to and from the participant, and prohibit the participant from submitting new payments. By permitting swift and decisive action in this way, the RITS Regulations allow the Bank to minimise the potential for a participant default to disrupt settlement in the system more widely.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 13 during the 2013 Assessment period. RITS's default management arrangements are discussed in further detail under the following Key Considerations.

13.1 A payment system should have default rules and procedures that enable the payment system to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default.

The RITS Regulations include rules and procedures to govern the management of a participant default. A participant that becomes aware of an insolvency event – either its own insolvency, or the suspected insolvency of another participant – must notify the Bank immediately. The Bank may then suspend the relevant participant, remove any queued payments to and from the participant, and prohibit the suspended participant from submitting new payments. The Bank may also suspend a participant that is unable to meet its settlement obligations. By permitting swift and decisive action in this way, the RITS Regulations allow the Bank to minimise the potential for a participant default to disrupt settlement in the system more widely.

As explained under Principle 4, in the event of a participant default the Bank would not be exposed to a loss in its role as operator of RITS. Accordingly, the RITS Regulations do not cover replenishment of financial resources following a participant default.

13.2 A payment system should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules.

The Bank has internal default management procedures that document the steps it would take in response to an insolvency event. These procedures outline the roles and responsibilities of management for each decision that must be taken after an event, which persons should be consulted when taking each decision, and which persons should be advised of a decision. The procedures also set out which other Australian industry bodies and other FMIs should be contacted if a participant is suspended from RITS, and the methods available for communication with these parties. The procedures are updated on a periodic basis.

The Bank tests most aspects of the default procedures semiannually. Testing of the procedures to effect the suspension of a RITS participant is undertaken annually. Test results are reviewed by Payments Settlements Department senior management and the Assistant Governor, Banking and Payments.

13.3 A payment system should publicly disclose key aspects of its default rules and procedures.

The key aspects of the default management rules and procedures are set out in the RITS Regulations, which are publicly available on the Bank's website.

13.4 A payment system should involve its participants and other stakeholders in the testing and review of the payment system's default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective.

Since RITS default management procedures do not require participants to perform any actions, participants are not involved in the testing or review of these procedures.

15. General business risk

A payment system should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services.

Rating: Observed

The Bank manages the general business risk arising from RITS within the context of its organisation-wide risk management framework (see Principle 3). This process covers the full spectrum of financial, market, credit, operational and other risks. This is supported by the Bank's budgeting and accounting processes, which allow it to monitor, manage and control its operating expenses. New projects are subject to strong governance arrangements, both prior to initiation and through the implementation process. As a central-bank owned FMI, RITS does not hold ring-fenced liquid net assets to cover general business risk. Nevertheless, should a general business risk crystallise, the Bank has access to sufficient liquid funds to meet its current and projected operating expenses.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 15 during the 2013 Assessment period. The Bank's arrangements for managing general business risk are discussed in further detail under the following Key Considerations.

Note: Since RITS is a central bank owned system, it has not been assessed against the requirement to hold ring-fenced liquid net assets funded by equity to cover business risk and support a recovery or wind-down plan (Key Considerations 15.2–15.4). This recognises central banks' inherent ability to supply liquidity to support continuity of operations, should liquidity be required for this purpose. Similarly, RITS has not been assessed against the requirement to maintain a plan to raise additional equity (Key Consideration 15.5).

15.1 A payment system should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses.

As set out under Key Consideration 2.6, the Bank takes a coordinated approach to identifying, assessing and managing risk at both an enterprise and business level. A key component of the Bank's framework for managing general business risk is its budgeting and accounting processes, which allow it to monitor, manage and control its operating expenses, including those arising from the operation of RITS. The Bank's financial accounts are also subject to audit by both the Audit Department and external auditors. Audit reports are reviewed by the Audit Committee.

The Bank's financial target with respect to RITS is to recover its operating costs. It regularly reviews its pricing and in July 2012 implemented a revised pricing structure to provide a more representative distribution of costs among RITS participants (See ‘Box C: RITS Pricing’ in Section 4.3 for further details). The Bank's policy is that it will absorb investment costs, including capital and development costs, associated with major improvements to RITS's functionality and resilience. However, any new significant projects must be approved by the Executive Committee and relevant financial analysis must be included as part of the Bank's budget process.

In addition, the Bank has an ongoing program to evaluate fraud risks and review its fraud control framework (see Key Consideration 17.1 for further details).

16. Custody and investment risks

A payment system should safeguard its own and its participants' assets and minimise the risk of loss on and delay in access to these assets. A systemically important payment system's investments should be in instruments with minimal credit, market, and liquidity risks.

Rating: Observed

Securities provided to the Bank as collateral under repo (both for payment system purposes and open market operations) must be lodged in Austraclear, which is a licensed clearing and settlement (CS) facility overseen by the ASIC and the Bank and subject to the SSF Standards. Close-out netting provisions included in repo contracts with participants provide for the immediate liquidation of collateral in the event of default. This right is supported by Part 4 of the Payment Systems and Netting Act. In addition, the Austraclear system is subject to high operational resilience standards and operates in the same time zone as RITS, with highly overlapping operating hours. The Bank would therefore expect to have prompt access to the securities it holds as collateral.

The Bank does not hold the collateral it receives in providing liquidity to RITS participants with custodian banks, or with entities in other time zones or legal jurisdictions. The Bank accepts only securities collateral under repo and does not re-use collateral received. The Bank therefore does not face investment risks.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 16 during the 2013 Assessment period. Custody and investment risks in RITS are described in further detail under the following Key Considerations.

Note: Paragraph 1.23 of the Principles acknowledges that ‘central banks may have separate public policy objectives and responsibilities for monetary and liquidity policies that take precedence’. Accordingly, it is the Bank's view that nothing in this Principle should constrain central bank policies on its investment strategy (including that for reserve management) or the disclosure of that strategy.

16.1 A payment system should hold its own and its participants' assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets.

Securities held by the Bank under repo must be lodged in Austraclear (see Principle 5). Austraclear is a licensed CS facility and is therefore overseen by ASIC and the Bank. In accordance with the licensing regime, Austraclear must meet the Bank's SSF Standards, which are aligned with the Principles. The SSF Standards require that Austraclear maintain robust accounting practices, safekeeping procedures and internal controls that fully protect the assets for which it acts as a central securities depository.

The Bank does not use custodian banks to hold the collateral it receives in providing liquidity to RITS participants, or hold collateral with entities in other time zones or legal jurisdictions.

16.2 A payment system should have prompt access to its assets and the assets provided by participants, when required.

The close-out netting provisions included in the Bank's repo agreements with counterparties provide for the Bank to close out or terminate the second leg of a repo immediately. This right is protected by Part 4 of the Payment Systems and Netting Act (see Principle 1).

The Austraclear system is subject to high operational resilience standards and operates in the same time zone as RITS, with highly overlapping operating hours. The Bank would therefore expect to have prompt access to the securities it holds as collateral. In particular, the Bank has a service agreement with ASX – the owner of Austraclear – that imposes strict operational requirements on the Austraclear system, including a requirement to provide a minimum 99.9 per cent availability during business hours. The Austraclear system must also adhere to similar high standards of security and operational reliability set out in the SSF Standards.

16.3 A payment system should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each.

The Bank does not use custodian banks to hold the collateral it receives in providing liquidity to RITS participants.

16.4 A payment system's investment strategy should be consistent with its overall risk-management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect.

The Bank accepts only securities collateral under repo and does not re-use collateral received. The Bank therefore does not face investment risks.

17. Operational risk

A payment system should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the payment system's obligations, including in the event of a wide-scale or major disruption.

Rating: Observed

RITS is designed to achieve a very high standard of operational reliability, with comprehensive policies and controls in place to: ensure reliability of IT infrastructure, monitor performance in real time and address potential problems promptly; maintain sufficient capacity; and manage change effectively. The Bank manages the operational risks arising from RITS within the Bank's organisation-wide risk management framework (see Key Consideration 2.6).

The Bank sets clear operational reliability and capacity objectives and implements policies, procedures and controls to achieve those targets. The key operational targets for RITS are 99.95 per cent availability and minimum capacity to accommodate projected volumes 18 months in advance with 20 per cent headroom. The Bank has sufficient well-trained and competent personnel, and other sufficient resources, to operate RITS. There is also an effective change management framework to ensure that system changes do not affect the operation of RITS. To ensure RITS will continue to meet resilience and performance targets in the future, a program of continuous improvement is in place; including an upgrade of RITS's core infrastructure. In response to an incident that occurred in September 2012 (see ‘Box D: September 2012 RITS Incident’ in Section 4.4.1), the Bank recently refined its incident management procedures and implemented a number of enhancements to systems and monitoring processes. Further enhancements to network and system monitoring are also planned.

Access to RITS is tightly controlled using a range of security controls. To gain access to the RITS User Interface, each user requires a RITS token with a valid and unique digital certificate; these are issued to users via a secure process. This system was updated in 2013. Access rights are controlled via unique logons for each user, creating an audit trail for each action within the system. All traffic across the various networks that are used to access RITS is encrypted end-to-end. The RITS application and supporting infrastructure is segmented using firewalls approved by the Australian Signals Directorate. Vulnerability assessments and penetration testing are undertaken periodically by external consultants.

RITS's business continuity arrangements include detailed contingency plans, which are updated at least annually and are tested regularly, with recovery time targets up to 40 minutes, depending on the nature of the operational disruption. The primary control to reduce the impact of a disruption is a high degree of redundancy in RITS's architecture. RITS is synchronously mirrored at a geographically remote second site, which is permanently staffed. Full redundancy exists at both sites, ensuring that there is no single point of failure at either site. Since late 2009, live operations have been rotated between the two sites on a regular basis. Staff rotation and cross-training ensure that critical functions are not dependent on particular individuals. The Bank also has succession planning processes in place for key staff.

The Bank monitors the operational performance of its participants. In addition, in 2013, the Bank introduced Business Continuity Standards for RITS participants, which must be met by mid-2015. Going forward, the Bank will continue to monitor RITS participants' compliance with the Business Continuity Standards. The Bank has also established controls to limit the risk from critical service providers and utilities. The Bank has a service level agreement with Austraclear and has a premium support package from SWIFT; both entities are key service providers to RITS. These arrangements set out the response times and the minimum level of support expected from each service provider. RITS's use of critical service providers and utilities is subject to ongoing monitoring and testing.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 17 during the 2013 Assessment period. Details of RITS's operational risk management arrangements are described under the following Key Considerations.

17.1 A payment system should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks.

The Bank has established a robust operational risk management framework, with systems, policies and procedures to identify, monitor and manage operational risk. Under the risk management framework, Payments Settlements Department is required to identify the range of risks that might impact its ability to operate RITS in a safe and efficient manner. To identify operational risks, the Bank applies both an historical approach, drawing lessons from issues that have occurred in the past, and a theoretical approach whereby experienced staff members seek to identify possible additional sources of risk. For each operational risk identified, the Payments Settlements Department assesses the probability of the operational risk crystallising and its potential impact. Controls and mitigation strategies are also considered. Operational controls are documented in procedures manuals, administration guides and daily checklists. These controls and contingency plans are reviewed and signed off by management annually, or when system changes or upgrades are planned.

The RITS operational risk management framework is benchmarked against relevant domestic and international standards, including:

• Business Continuity – Managing Disruption-related Risk (AS/NZS 5050-2010)
• Fraud and Corruption Control (AS 8001-2008)
• Whistleblower Protection Program for Entities (AS 8004-2003).

Change management

The Bank has detailed change management processes and procedures in place to safeguard the integrity and reliability of RITS. Any material change typically would require the responsible business area to prepare a change implementation plan, which would identify possible risks arising from the change and controls in place to mitigate those risks. These controls would include plans to ‘back out’ any change that had been implemented, should this be necessary. Changes assessed as high- or medium-risk are presented for approval to the Change Advisory Board, which comprises senior management from operational and information technology areas in the Bank.

To ensure that changes do not disrupt the operation of RITS, major or high-risk changes are implemented outside operating hours. This allows time for testing before RITS opens. Backups of data and system configurations are made prior to the implementation of any major changes. Any system changes are subject to extensive testing in a separate test environment before approval for live implementation. This includes connectivity, functional, capacity and failover testing. RITS participants are given the opportunity to trial new functionality in a test environment prior to live implementation.

In 2013, the Reserve Bank initiated a process to refresh its change management framework, including the introduction of tools and processes that place greater responsibility on the personnel reviewing the change and on the personnel responsible for the relevant system or system component. Other improvements include greater clarity in the risk assessment process and better representation of business and technical stakeholders on the Change Advisory Board.

Access to resources

The resourcing of the areas in Payments Settlements Department involved in the operation of RITS is the responsibility of the senior management in those areas. Recruitment and promotions at the Bank are merit based and subject to a formal selection process. New staff are required to undergo training in a range of areas, including anti-money laundering, information security, workplace health and safety, acceptable use of technology, fraud awareness and the Bank's Code of Conduct. Staff rotations and cross-training in critical areas ensure that critical functions are not dependent on particular individuals. The Bank also has succession planning processes in place for key staff.

Payments Settlements Department relies on the Bank's Information Technology Department to provide technical support for RITS. To ensure that there is a common understanding, the level of service expected from Information Technology Department with regard to the support of RITS is set out in internal documents. The resourcing policies set out above also apply to Information Technology Department.

Fraud control

The Bank has an ongoing program to evaluate fraud risks and review its fraud control framework. This is documented in the Fraud Control Policy. The primary preventative fraud controls include audit logs, dual input checks, separation of duties, management sign-off and processing checklists. These controls are supported by reconciliations and review by management. Regular staff training in fraud awareness is also conducted and monitored to ensure that all staff are actively engaged in fraud prevention. The Bank operates a hot line, through which suspicious behaviour can also be reported anonymously. Audit Department investigates the potential for fraud and fraud controls as part of its regular audits.

17.2 A payment system's board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the payment system's operational risk-management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes.

The Bank manages the operational risks arising from RITS within its risk management framework, the governance of which is set out under Key Consideration 2.6. Under this framework, operational risk policies are developed and approved by the senior management of Payments Settlements Department, with oversight from the Risk Management Committee. In some circumstances, policies would need to be approved by the Assistant Governor, Banking and Payments. RITS's operational policies, procedures and controls are subject to audit by the Audit Department, with assistance from external consultants. Audit reports are reviewed by the Audit Committee, with copies provided to the Risk Management Committee.

The systems, policies, procedures and controls in the operational risk policy are tested periodically (see Key Considerations 17.4–17.7 for further details).

17.3 A payment system should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives.

RITS availability targets are clearly defined and documented. RITS's target availability is 99.95 per cent for Bank-controlled components. Availability is measured relative to the total number of hours that the system is open for settlement and reporting. This target is set out in internal documents, and is assessed on a quarterly basis. Assessments are available to senior management in Payments Settlements Department and Payments Policy Department.

The Bank has established arrangements to ensure that RITS meets target availability, including a detailed business continuity policy (see Key Consideration 17.6) and change management framework (see Key Consideration 17.1). In addition, RITS applies a number of controls to prevent disruptions, including operating procedure manuals, dual input checks and the use of checklists.

The Bank also monitors RITS's components to ensure that issues are detected in a timely manner. The monitoring aims to detect system problems within 15 minutes of their inception. In some cases, automated tools are used, which verify the operation of system components at intraday intervals as short as one minute. System liquidity, and the value and volume of queued and settled payments relative to historical averages, are also monitored on a near real-time basis. In 2012, monitoring of the RITS system after business hours was introduced, to improve monitoring of overnight processing and to facilitate the submission and settlement of retail payments (for more information on changes to these clearing and settlement arrangements see ‘Box A: Developments in Retail Payments Settlement Arrangements’ in Section 2.2).

In response to an operational incident in September 2012, the Bank implemented enhanced monitoring of RITS's components. This involves the use of a third-party system to test connectivity by logging in from outside of the Bank's internal communications network. The third-party system delivers data on the performance of RITS's components back to Payments Settlements staff in real time, providing an additional source of data to identify potential system problems.

17.4 A payment system should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives.

The Bank has processes and controls in place to ensure that RITS has sufficient capacity. RITS capacity targets include:

• a processing throughput target – that is, that RITS should be able to process peak-day transactions in less than two hours (assuming no liquidity constraints)
• a projected capacity target – that is, RITS should be able to accommodate projected volumes 18 months in advance with 20 per cent headroom.

Targets are also set for the system's maximum response time to a participant command.

RITS is tested regularly to ensure that it meets these targets. Processing throughput testing is performed quarterly and complemented by daily monitoring of actual processing throughput.

Capacity testing is performed prior to each new RITS software release and at regular intervals. Test outcomes are reviewed by management in Payments Settlements Department. In the event of a problem, the Bank would investigate options to either improve processing throughput or increase capacity.

Testing is complemented by an alert system, which is designed to automatically advise operational staff if operational capacity for various RITS components is approached. The alert system also has an escalation feature, which would alert senior management if action was not taken within a defined time.

17.5 A payment system should have comprehensive physical and information security policies that address all potential vulnerabilities and threats.

Information security

Information Technology Department is responsible for the review and implementation of the information security policies applicable to RITS. The security policies are reviewed annually and in the event of changes to either the nature of the risk or the assets being protected. Security reviews by external consultants are also routinely commissioned for new RITS components and in response to significant changes to the RITS system. RITS information security policies are aligned to the Australian Government's Protective Security Policy Framework.^[26]

Access to RITS is tightly controlled using a range of security controls, which vary with the method of access. To gain access to the RITS User Interface, each user requires a RITS token with a valid and unique digital certificate; these are issued to users via a secure process. This system was updated in 2013. Access rights are controlled via unique logons for each user, creating an audit trail for each action within the system. RITS also provides functionality to participants to enable dual entry checks at all stages of the payment process.

Security administrators can review event logs and follow up on unusual activity. All transactions can be traced end-to-end, and are signed using a private key that allows for enhanced non-repudiation of the transaction.

All traffic across the various networks that are used to access RITS is secure. Access via the internet and the Austraclear National Network Infrastructure is encrypted end-to-end using the Secure Sockets Layer protocol. The RITS application and supporting infrastructure is segmented using firewalls approved by the Australian Signals Directorate (the agency responsible for evaluating information security products and services used by the Australian Government), so that only authorised traffic can reach it. Vulnerability assessments and penetration testing are undertaken by external consultants periodically.

Physical security

Facilities Management Department administers the Bank's physical security policy, which complies with the Protective Security Policy Framework set by the Australian Government. Under the policy, security risks are identified and controls implemented to mitigate these risks. The Bank maintains a number of controls to limit physical access to sensitive areas. Access to both the primary and business recovery sites are restricted to staff and authorised visitors. Access to sensitive areas, such as data centres, is further restricted to those staff who require access for their duties. The Bank maintains audit trails of access to all sensitive areas. Both operational sites are also designed in such a way to provide physical protection to the buildings.

17.6 A payment system should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within two hours following disruptive events. The plan should be designed to enable the payment system to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The payment system should regularly test these arrangements.

The Bank maintains detailed business continuity plans. These set out the operational response to events that could disrupt RITS's operations. These plans cover lines of authority, means of communications and failover procedures, and are updated annually or when there are major changes to RITS.

A primary control to reduce the impact of a contingency is a high degree of redundancy in RITS's systems. RITS is synchronously mirrored at two geographically remote sites, which are permanently staffed. Full redundancy of equipment exists at both these sites, ensuring there is no single point of failure at either site. RITS can be operated from either site indefinitely. Live operations alternate between both sites on a regular basis. Critical staff are also able to work from home through remote logon using a Virtual Private Network. The recovery time target is up to 40 minutes, depending on the nature of the operational disruption.

A high degree of redundancy is complemented by internal plans to deal with a wide variety of potential disruptions. These include the failure of individual RITS components and wide-scale external disruptions, such as floods and pandemics. For each scenario, target recovery times are documented. Contingency procedures are reviewed at regular intervals, after major system changes and after testing.

Contingency plans include arrangements for the provision of timely information to stakeholders, including RITS participants and operators of interdependent systems. The plans include predefined notification lists of both internal and external parties, and assign responsibility for regular updates. A web-based crisis communication facility for RITS enables the Bank to disseminate information via email, SMS and voice messages to a large number of stakeholders within minutes. This facility can also be operated from remote locations and does not rely on the availability of either operational site. Conference call facilities can also be quickly set up to enable discussion between key stakeholders. To ensure that staff are familiar with the crisis communications facility, it is used regularly.

The responses to all key contingencies are tested at least annually. The tests involve all elements of the response, including participation by other FMIs (see Key Consideration 17.7). To ensure staff are fully aware of the contingency plans, procedures are tested in regular ‘at-desk’ contingency drills.

In the extremely low-probability event that both sites were rendered inoperable and RTGS processing was abandoned for the day, fallback arrangements for Austraclear and the SWIFT PDS could be invoked. These arrangements provide for interbank settlement on a deferred net basis the following day.

17.7 A payment system should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, a payment system should identify, monitor, and manage the risks its operations might pose to other FMIs.

Participants

Recognising that the efficient operation of RITS is also dependent on the operational reliability and resilience of its participants, any technical problem affecting a participant's transaction activity must be notified to the Bank immediately. The Bank also monitors participants' payment flows in real time. If a potential problem is detected, the Bank will contact that participant for further information. After a disruption, a participant is required to provide the Bank with a detailed report on the causes and remedial actions of the disruption.^[27]

From September 2015, the Bank will also require participants to meet RITS participant Business Continuity Standards (see ‘Box E: Participant Business Continuity Standards’ in Section 4.4). The Business Continuity Standards aim to promote ‘high availability’ in RITS payments processing, requiring both resilience of system components and rapid recovery if failover to alternate systems is required. The standards complement the relevant requirements of APCA and APRA.

Procedures are also in place to reduce the impact of a participant disruption, should this arise. If a participant is unable to submit payments due to a disruption, the Bank can manually enter some payments into RITS on that participant's behalf.

Service and utility providers

SWIFT has been identified as a critical service provider to RITS, as the failure of SWIFT would severely impair the ability of participants to effect third-party payments, as well as the management of Austraclear settlements via the RITS Automated Information Facility (which uses SWIFT messages). The Bank has a premium support package from SWIFT. The terms of this package set out the response times and level of support expected from SWIFT should an issue arise. The Bank also liaises regularly with SWIFT and participates in a coordinated global outage test, which simulates an operational disruption at SWIFT. The resilience and reliability of SWIFT is supported by regulation and oversight by the SWIFT Oversight Group, comprising the G10 central banks and chaired by the National Bank of Belgium.^[28] To support its oversight activities, the Oversight Group has set proprietary minimum standards – the High Level Expectations – against which SWIFT is assessed.

To address the risks to RITS from critical dependencies on utility providers, the Bank has put in place a number of controls:

• both operational sites are each connected to two different electricity grids
• each operational site has an uninterruptable power supply and backup power generators
• all external communications links to the two operational sites are via dual geographically separated links, and where possible with different telecommunications providers
• the Bank performs regular testing of backup arrangements.

Other FMIs

Austraclear has been identified as an FMI that is of critical importance to the operation of RITS. The service level agreement with ASX – the owner of Austraclear – imposes strict service operational requirements on the Austraclear system, including requiring the Austraclear system to provide a minimum 99.9 per cent availability during business hours. The agreement also requires the Austraclear system to conduct connectivity testing with RITS annually. Going forward, the close link between the Austraclear system and ASX Collateral (which is discussed in ‘Box B: ASX Collateral’ in Section 2.4.2) could also have implications for the operation of RITS.

Austraclear and CLS rely on RITS to settle Australian dollar-denominated payments, and their operations would be disrupted if RITS was not available. This risk is mitigated by ensuring the operational reliability and resilience of RITS. The Bank also conducts joint contingency testing with ASX (the operator of Austraclear) and SWIFT. In addition, ASX has prepared business plans that contemplate Austraclear continuing to operate independently of RITS.

18. Access and participation requirements

A payment system should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access.

Rating: Observed

Since settlement in RITS occurs using central bank money, only an institution with an ESA at the Bank can be a settlement participant in RITS. Furthermore, since RITS is the only means of access to ESAs, all ESA holders must be participants of RITS and meet all of its operating conditions. The eligibility criteria for ESA holders therefore effectively represent the eligibility criteria for participation in RITS.

Policy around ESA eligibility is set by the Bank's Payments Policy Department, under the governance of the Payments System Board, and is available on the Bank's website. The policy has been designed to be fair and open and promote competition in the provision of payment services by allowing access to all providers of third-party payment services, irrespective of their institutional status. ADIs are eligible by default, because these institutions are assumed to provide third-party payment services as part of their business. Similarly, Australian-licensed CCPs and SSFs with payment arrangements that require Australian dollar settlement are also eligible to hold an ESA. The ESA policy sets a number of risk-based participation requirements, including around operational capacity and access to liquidity, which are designed to reduce the likelihood that an individual participant experiences an operational or financial shock that disrupts the system more broadly. These requirements are generally proportional to participants' expected payments in RITS.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 18 during the 2013 Assessment period. RITS access and participation requirements are described in further detail under the following Key Considerations.

Note: In applying this Principle to RITS, the Bank notes that footnote 144 of the Principles states that central banks ‘may exclude certain categories of financial institutions (such as non-deposit-taking institutions) from the FMIs that they operate, such as [large value payment systems], because of legislative constraints or broader policy objectives’.

18.1 A payment system should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements.

The ESA eligibility policy has been designed to be fair and open and enhance competition in the provision of payment services by allowing providers of third-party payment services access, irrespective of their institutional status. ADIs are eligible by default, because these institutions are assumed to provide third-party payment services as part of their business. Similarly, Australian-licensed CCPs and SSFs (or a related body corporate acceptable to the Bank) with payment arrangements that require Australian dollar settlement are also eligible to hold an ESA.

An ESA applicant must also demonstrate that it meets certain risk-related participation requirements at the time of application, including that:

• it has the operational capacity to operate and manage its ESA
• it has access to sufficient ESA liquidity to meet its anticipated routine and ‘peak’ period settlement obligations (applicable to participants that join in deferred net settlement and other time critical payment arrangements)
• access to adequate intraday ESA liquidity to allow it to conduct its customers' business in a way that does not unreasonably impinge on other participants or reduce the efficiency of the system
• any collateral or guarantees it relies upon, especially in times of unpredictable stress, are adequate to meet its obligations.

To ensure that the institution is always able to authorise, execute and settle RTGS transactions in an efficient and timely manner, the Bank requires that, for institutions settling transactions using their own ESA, responsibility for the ESA must rest with management located in Australia. ESA holders must also meet the Business Continuity Standards set by the Bank (see Key Consideration 17.7).

The Bank reserves the right to impose additional operational or other requirements on ESA holders at its discretion. In particular, an institution that is not supervised by APRA (i.e. not an ADI) or that has limited access to liquid assets, and that has deferred net settlement or time critical payment obligations, may need to meet additional liquidity requirements on an ongoing basis.

18.2 A payment system's participation requirements should be justified in terms of the safety and efficiency of the payment system and the markets it serves, be tailored to and commensurate with the payment system's specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, a payment system should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit.

RITS participation requirements are designed to reduce the likelihood that an individual participant experiences an operational or financial shock that disrupts the system more broadly, for instance by defaulting, becoming a liquidity sink or excessively delaying payments. The requirements are generally proportional to participants' expected payments in RITS. For example, additional liquidity requirements and the Business Continuity Standards would be proportional with the nature and size of a prospective participant's payments business.

To reduce the operational burden on smaller RITS participants, any ESA holder that is not a CCP, with aggregate outgoing RTGS transactions of less than 0.25 per cent of the total value of RTGS transactions, may use an agent to settle its RTGS transactions, rather than settling directly across its own ESA (see Principle 19).

Indirect participation in RITS is not available more broadly because of the concern that it might lead to a high degree of concentration of payments through a few direct participants, and give rise to an unacceptable concentration of liquidity and operational risks in these participants (see Principle 19). Indirect participation also introduces credit risk for participants because settlement between an indirect participant and its settlement agent occurs in commercial bank money. Although some smaller institutions are therefore required to participate in RITS directly, the cost of technical access to RITS was reduced significantly by the introduction of the internet browser-based user interface in 2006.

18.3 A payment system should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements.

The Bank closely monitors participants' activity in RITS, to ensure that participants are demonstrating that they have the operational capacity and sufficient liquidity to manage their payments activity on an ongoing basis (see Key Consideration 17.7). RITS participants are also required to self-certify their compliance with RITS participant Business Continuity Standards annually. In addition, the majority of RITS participants – ADIs, CCPs and SSFs – are subject to ongoing regulation, supervision and oversight by either APRA, or ASIC and the Bank, including with respect to operational and liquidity requirements. Where RITS participants, as ESA holders, are subject to additional operational or other requirements, evidence of their compliance with these requirements must be provided periodically to the Bank.

The RITS Regulations clearly set out the conditions under which the Bank can suspend a participant or revoke its ESA. Accompanying procedures are designed to facilitate an orderly exit. The Bank may at any time terminate or vary the terms of the membership of any institution, or impose particular conditions on an institution's membership of RITS. In addition to these rights, the Bank may suspend, for such a period as it considers appropriate, any participant: who fails to comply with any provision of the RITS Regulations; who is guilty of any conduct regarded by the Bank to be contrary to the interests of the participants of the system; or who has become insolvent. To facilitate an orderly exit, unsettled payments to or from a suspended participant would be removed from the RITS queue, and the participant would be prevented from submitting or receiving any new transactions to RITS (see Principle 13).

19. Tiered participation arrangements

A payment system should identify, monitor and manage the material risks to the payment system arising from tiered participation arrangements.

Rating: Observed

The Bank's ESA policy limits the scope for material risks to arise from tiered participation arrangements. Under the policy, ADIs that settle over 0.25 per cent of the total value of RTGS transactions and systemically important CCPs are required to settle their Australian dollar obligations in RITS using their own ESAs. ESA holders with a share of transactions of less than 0.25 per cent of the total value of RTGS transactions are permitted to use an agent to settle their transactions. The Bank monitors ESA holders' compliance with this policy on an ongoing basis.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 19 during the 2013 Assessment period. Tiered participation arrangements in RITS are described in further detail under the following Key Considerations.

19.1 A payment system should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the payment system arising from such tiered participation arrangements.

The Bank's ESA policy limits the scope for material risks to arise from tiered participation arrangements (see Principle 18). In particular, the Bank's ESA policy limits indirect participation by ADIs, which are the primary providers of payment services in Australia, to those with aggregate outgoing RTGS transactions of less than 0.25 per cent of the total value of RTGS transactions. Further, to reduce dependence on its agent, a bank that participates indirectly is required to maintain an ESA for contingency purposes.

To ensure RITS has sufficient information about indirect participation, ESA holders that participate indirectly are required to report the value and volume of their outgoing RTGS payments to the Bank on a quarterly basis, and also notify the Bank if they change the agent bank through which they settle. These reporting requirements are set out in the Supplementary Membership Agreement that such ESA holders sign with the Bank. This information is used to monitor compliance with the 0.25 per cent threshold. If the value of an ESA holder's outgoing payments consistently exceeded the 0.25 per cent threshold, the Bank would consider revoking approval for the agency arrangement. If revoked, the ESA holder would be required to settle payments using its own ESA.

As noted under Principle 18, the ESA Policy also minimises the scope for risks arising from indirect participation by CCPs and SSFs:

• The Bank requires any Australian-licensed CCP that the Bank has determined to be systemically important in Australia to settle Australian dollar margin-related receipts or payments, and the CCP's Australian dollar securities- or derivatives-related obligations, across an ESA held in its own name, or that of a related body corporate acceptable to the Bank.
• Australian-licensed SSFs with payment arrangements that require Australian dollar settlement are eligible to hold ESAs. The Bank's SSF Standards also require that an SSF conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Together, these requirements mean that Australian-licensed SSFs with payment arrangements that require Australian dollar settlement settle such obligations as direct participants in RITS.

19.2 A payment system should identify material dependencies between direct and indirect participants that might affect the payment system.

Taken in combination, the requirements described in 19.1 mitigate the risk of material dependencies developing between direct and indirect participants. The Bank considers it unlikely that there are material dependencies between indirect participants that are not required to hold ESAs – that is, non-banks – and direct RITS participants. For this reason it only collects information on indirect payment flows from ESA holders that use an agent.

19.3 A payment system should identify indirect participants responsible for a significant proportion of transactions processed by the payment system and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the payment system in order to manage the risks arising from these transactions.

Given that the value of an indirect participant's RTGS payments must be less than 0.25 per cent of total RTGS payments, it is unlikely that such a participant would be larger than the direct participant it uses as an agent. In addition, to evaluate the potential impact of an ADI's agency arrangement, APRA requires the arrangement to be compliant with the ADI Prudential Standard on Outsourcing (CPS 231). Under this standard, an ESA holder using an agent would have to describe to APRA the key risks involved in using the agent and the mitigation strategies used to address these risks. APRA also assesses whether the agency arrangement introduces unacceptable risks to the direct participant.

The design of RITS also encourages direct participation by reducing the liquidity required for direct participation through liquidity-saving features, which are described in Section 2.4.1.

19.4 A payment system should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate.

The Bank monitors compliance with its ESA policy, which mitigates the potential for risks to arise from tiered participation arrangements, on an ongoing basis. Notwithstanding this, the Bank also reviews the risks that arise from tiering in RITS on an ad hoc basis.

21. Efficiency and effectiveness

A payment system should be efficient and effective in meeting the requirements of its participants and the markets it serves.

Rating: Observed

The Bank ensures that RITS meets the needs of its participants by consulting with RITS participants on a regular basis. In addition to holding RITS User Group meetings in Melbourne and Sydney every six months, the Bank liaises closely with industry through APCA and AFMA and consults directly with RITS participants on proposed changes to RITS. Such consultation is key to setting and communicating RITS's business priorities. To ensure efficiency and effectiveness in RITS's operations, the Bank sets goals relating to minimum service levels and risk management, and monitors its performance against these goals (see Principle 17 for further details on minimum service levels).

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 21 during the 2013 Assessment period. Efficiency and effectiveness in RITS are described in further detail under the following Key Considerations.

21.1 A payment system should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures.

To ensure that the needs of its participants and the markets its serves are met, the Bank consults widely on any proposed changes to RITS. The Bank also holds RITS User Group forums in Melbourne and Sydney every six months. These forums provide an opportunity both for participants to suggest improvements and for the Bank to consult on planned upgrades. The Bank also liaises closely with the industry through APCA and AFMA, and directly with RITS participants on proposed changes to RITS.

21.2 A payment system should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities.

The Bank's objectives in developing and operating RITS are clearly defined (see Key Consideration 2.1). The Bank sets goals relating to minimum service levels and risk management (see Key Consideration 17.3). A key business priority for RITS is to meet the changing needs of participants in the payments system. RITS communicates its business priorities through public consultation, the RITS User Group forum, other direct consultations with RITS participants, and liaison with industry through APCA and AFMA.

21.3 A payment system should have established mechanisms for the regular review of its efficiency and effectiveness.

The Bank has processes in place to ensure that RITS is operated in an efficient manner. These include regular audits of the functional areas involved in the operation of RITS, which are presented to the Audit Committee, and performance evaluations of Payments Settlements Department management against their position descriptions. A key metric for the review of the effectiveness of Payments Settlements Department is its operational performance. This is reviewed on a quarterly basis. Feedback from periodic liaison with stakeholders at RITS User Group forums and industry liaison through APCA and AFMA are also key inputs into reviews of the effectiveness of RITS.

22. Communication procedures and standards

A payment system should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording.

Rating: Observed

RTGS payment instructions can be submitted to RITS via two linked external feeder systems – SWIFT PDS and Austraclear – or entered into RITS directly. Messages sent to RITS via the SWIFT PDS feeder system – which accounts for the majority of volumes and value settled in RITS – are sent using internationally accepted communication procedures and message standards set by SWIFT, and are transmitted over the SWIFT communications network. The procedures and standards for participants to send payments via the Austraclear feeder systems are determined by ASX, the owner of Austraclear. Some payments are manually entered directly into RITS using the RITS User Interface.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 22 during the 2013 Assessment period. RITS's communication procedures and standards are described in further detail under the following Key Considerations.

22.1 A payment system should use, or at a minimum accommodate, internationally accepted communication procedures and standards.

Messages sent to RITS via the SWIFT PDS use communication procedures and message standards set by SWIFT and are sent over the SWIFT network, in accordance with APCA's HVCS Regulations and Procedures.^[29] The majority of RTGS payments by value and volume submitted to RITS are entered via the SWIFT PDS feeder system. The Automated Information Facility, which participants can use to access information on their payments, receipts and liquidity in real time, and receive end-of-day ESA statements, also uses message standards set by SWIFT and is accessed via the SWIFT network.

The procedures and standards used to send payments messages via the Austraclear feeder system are determined by ASX.^[30] Notwithstanding this, participants can use the RITS User Interface or the Automated Information Facility to control the status of payments sent via those feeder systems.

Payments can be manually entered directly into RITS using the RITS User Interface. The RITS User Interface is a browser-based interface that can be accessed over the internet.

In addition, the messages used to submit interbank obligations from deferred net settlement systems generally use internationally accepted communication procedures and standards. Batch administrators can either send batch payment instructions over the SWIFT network using SWIFT messages or via the RITS User Interface. The messages accepted by LVSS are XML files that are consistent with the ISO 20022 message standard and can be transferred to RITS over the SWIFT network or the COIN.^[31],^[32]

23. Disclosure of rules, key procedures, and market data

A payment system should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the payment system. All relevant rules and key procedures should be publicly disclosed.

Rating: Observed

The RITS Regulations and associated contractual arrangements, which are available on the Bank's website, are supplemented by information papers and user guides that explain RITS requirements and functions. In addition, this Self-assessment satisfies the requirement to provide information on operations in accordance with the CPSS-IOSCO Disclosure Framework. The RITS fee schedule, which was reviewed in July 2012, is also publicly available on the Bank's website. The Bank publishes on its website monthly data on the number and value of RITS payments, as well as a list of RITS participants. CPSS and IOSCO are developing supplementary quantitative disclosure requirements for FMIs. The Bank is engaged in this work and, once finalised, will ensure that RITS complies fully with the disclosure requirements for payment systems. Finally, to further enhance participant understanding of RITS's operations, the Bank provides training to RITS participants, and also monitors participants' activity and operations to confirm that RITS rules, procedures and features are well understood and to identify any potential issues.

Based on this information, the Bank's assessment is that RITS has observed the requirements of Principle 23 during the 2013 Assessment period. The disclosure of rules, key procedures and market data relating to RITS is described in further detail under the following Key Considerations.

23.1 A payment system should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed.

The RITS Regulations are comprehensive, and are available to the public on the Bank's website. As discussed under Key Consideration 1.2, the Bank has commenced a review of the RITS Regulations with the aim of identifying any areas in which the clarity of the RITS Regulations could usefully be improved. The RITS Regulations are supplemented by information papers and user guides that explain RITS requirements and functions.

23.2 A payment system should disclose clear descriptions of the system's design and operations, as well as the payment system's and participants' rights and obligations, so that participants can assess the risks they would incur by participating in the payment system.

The RITS Regulations are accompanied by an information paper that provides further information on participant's rights and obligations. This paper is available on the Bank's website. The Bank also provides participants with detailed descriptions of RITS's features and instruction manuals on how to use them, and information notes on material changes to RITS.

23.3 A payment system should provide all necessary and appropriate documentation and training to facilitate participants' understanding of the payment system's rules and procedures and the risks they face from participating in the payment system.

The Bank provides participant training and monitors participants' operations to ensure RITS rules, procedures and features are well understood. Training is provided to all new participants, and is offered to all participants when new functionality is introduced. Refresher training is available upon request. Training consists of presentations by the Bank on the key features of RITS, as well as the opportunity to be guided through transaction input and management in a test environment. The Bank has established the RITS Help Desk to provide ongoing operational assistance to RITS participants. The Help Desk is open during RITS business hours.

23.4 A payment system should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The payment system should provide clear descriptions of priced services for comparability purposes.

The RITS fees schedule is publicly available on the Bank website (for further details on the RITS pricing policy see ‘Box C: RITS Pricing’ in Section 4.3). This schedule provides fees at the level of individual services and provides clear descriptions of priced services. There are no discounts on RITS fees. Under the RITS Regulations, all changes to fees must be announced to participants at least once a month before they take effect.

23.5 A payment system should complete regularly and disclose publicly responses to the CPSS-IOSCO Disclosure framework for financial market infrastructures. A payment system also should, at a minimum, disclose basic data on transaction volumes and values.

The Bank's Self-assessment of RITS against the Principles – of which this is the first – is published on its website. This report addresses all of the matters identified in the Disclosure Framework. The Bank also publishes on its website monthly data the number and value of RITS payments, as well as a list of RITS participants. In addition, these data are made available in the Statistics on payment, clearing and settlement systems in the CPSS countries.^[33] The Bank is engaged in the ongoing work by CPSS and IOSCO on quantitative disclosures for FMIs and going forward will ensure that RITS complies with the disclosure requirements for payment systems.

Footnotes

The CHESS RTGS feeder system provides for the delivery-versus-payment Model 1 settlement of equities transactions executed on ASX. This system is currently not actively used. [1]

The TBMA/ISMA Global Master Repurchase Agreement (2000 version) is available at <http://www.sifma.org/Services/Standard-Forms-and-Documentation/MRA,-GMRA,-MSLA-and-MSFTAs/GMRA_Global-Master-Repurchase-Agreement-(2000-Version)/>. [2]

The relevant webpages are available at <https://www.rba.gov.au/payments-and-infrastructure/rits/legal-framework.html>. [3]

For example, the legal basis of RITS is explained in Information Paper: RITS Regulations and Conditions of Operation, available at <https://www.rba.gov.au/payments-and-infrastructure/rits/user-doc/pdf/regulations-conditions.pdf>. [4]

For further details on the scope of the legal opinion, see <https://www.rba.gov.au/rits/info/pdf/Signing_Instructions.pdf>. [5]

Information on the Bank's financial stability mandate is available at <https://www.rba.gov.au/fin-stability/reg-framework/role-of-the-reserve-bank-in-maintaining-financial-stability.html>. [6]

For more information on the Payments System Board refer to: <https://www.rba.gov.au/about-rba/boards/psb-board.html>. [7]

A summary of the governance arrangements of the Bank is available at <https://www.rba.gov.au/about-rba/governance.html>. [8]

The 2013 Reserve Bank of Australia Annual Report is available at <https://www.rba.gov.au/publications/annual-reports/rba/>. [9]

The 2013 Payments System Board Annual Report is available at <https://www.rba.gov.au/publications/annual-reports/psb/>. [10]

These are set out in the document: Managing Potential Conflicts of Interest Arising from the Bank's Commercial Activities, available at <https://www.rba.gov.au/payments-and-infrastructure/payments-system-regulation/conflict-of-interest.html>. [11]

This policy is available at <https://www.rba.gov.au/about-rba/our-policies/risk-management-policy.html>. [12]

In November 2013, Risk Management Unit was renamed Risk and Compliance Department. [13]

The policy is available at <https://www.rba.gov.au/mkt-operations/resources/tech-notes/eligible-securities.html>. [14]

For more information on the Bank's decision to expand the pool of eligible collateral see Debelle G (2013), Open Market Operations and Domestic Securities, Address to Australian Securitisation Forum, Sydney, 29 November 2007, available at <https://www.rba.gov.au/speeches/2007/sp-ag-291107.html>. [15]

The current list of eligible securities is available at <https://www.rba.gov.au/mkt-operations/xls/eligible-securities.xls>. [16]

These formulas are available at <https://www.rba.gov.au/mkt-operations/resources/tech-notes/pricing-formulae.html>. [17]

The Bank uses the terminology ‘margins’ instead of ‘haircuts’ in its publicly available documents. [18]

A list of the haircuts used by the Bank is available at <https://www.rba.gov.au/mkt-operations/resources/tech-notes/margins.html>. [19]

Intraday repos do not require mark-to-market margin collection, as they are reversed by the end of the business day. [20]

The repurchase amount for a repo is the value of the repo purchase price adjusted for accrued interest. [21]

The SSF Standards are available a <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/standards/securities-settlement-facilities/2012/>. [22]

For more information on ASX Collateral and its implications for Austraclear, refer to the 2012/13 Assessment of ASX Clearing and Settlement Facilities, available at <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/assessments/2012-2013/>. [23]

Payments settled using the ‘auto offset’ functionality are settled in full across relevant ESAs simultaneously. These payments are posted in full to the ESAs and are not subject to bilateral netting. [24]

For more information, see Standard 10 in Appendix B2.1 and B2.2 of the 2012/13 Assessment of ASX Clearing and Settlement Facilities, available at <https://www.rba.gov.au/payments-and-infrastructure/financial-market-infrastructure/clearing-and-settlement-facilities/assessments/2012-2013/>. [25]

This framework is available at <http://www.protectivesecurity.gov.au/pspf/Pages/>. [26]

The RITS incident reporting arrangements are available at <https://www.rba.gov.au/payments-and-infrastructure/rits/user-doc/pdf/incident-reporting-arrangements.pdf>. Under these arrangements, participants are also required to report the details of any operational incidents related to their retail payment systems. [27]

In 2012, the Oversight Group set up the SWIFT Oversight Forum to include 12 additional central banks, including the Bank, in the oversight process. Through its membership of the Oversight Forum, the Bank is able to access information relevant to SWIFT oversight. [28]

The HVCS Regulations and Procedures are available at <http://apca.com.au/payment-systems/high-value>. [29]

ASX also controls the procedures and standards for payment messages through a third RTGS feeder system, CHESS RTGS, which is currently not used. [30]

The LVSS message standard has not been registered with ISO 20022. [31]

The COIN is a private network managed by APCA and used by its members. [32]

These data are available at <http://www.bis.org/publ/cpssll2.pdf>. [33]