Assessment of ASX Clearing and Settlement Facilities – September 2019 Appendix C1. Financial Stability Standards for Central Counterparties

Standard 16: Operational risk

A central counterparty should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the central counterparty's obligations, including in the event of a wide-scale or major disruption.

ASX Clear ASX Clear (Futures)
Broadly observed Broadly observed

Identifying and managing operational risk

16.1 A central counterparty should establish a robust operational risk management framework with appropriate systems, policies, procedures and controls to identify, monitor and manage operational risks.

ASX's operational risk policies and controls have been developed in accordance with ASX's group-wide Enterprise Risk Management Policy (see CCP Standard 3.1). Under this framework, the ASX Limited Board is responsible for reviewing and overseeing the group's risk management systems (see CCP Standard 2.6). The board delegates review of the Enterprise Risk Management Policy to its Audit and Risk Committee. In addition, the Risk Committee, a management committee comprising executives across ASX, is responsible for approving enterprise risk policies and reviewing controls, processes and procedures to identify and manage risks, as well as the formal approval of significant operational risk policies prepared by individual functions (see CCP Standards 16.2 and 2.6). Under the Enterprise Risk Management Policy, functions across ASX are also responsible for: identifying business-specific risks; applying controls; maintaining risk management systems; reporting on the effectiveness of risk controls; and implementing enhancements and taking remedial action.

Dedicated security teams have responsibility for assessing both physical and cyber security risks, and are overseen by the Technology Operations and Security Committee (TOSC; see CCP Standard 16.3).

Review of technology governance and operational risk and controls

During the previous assessment period, ASX commenced a multi-year ‘Building Stronger Foundations’ program, in order to address the findings of an independent external review of ASX's technology governance, operational risk and control frameworks (see Section 2.3). The review identified that ASX's operational risk framework lacks clarity and creates uncertainty regarding roles and responsibilities for managing risk across the organisation, in part due to a lack of effective processes, documented procedures and appropriate systems or tools. ASX has commenced work to develop a consistent enterprise-wide view of systems, policies, procedures and controls to identify, monitor and manage operational risks, and expects to conclude the first phase of this work by the end of 2019. The review also found evidence of inconsistencies in operational risk monitoring across the organisation and that KRIs were not sufficiently forward-looking, which limited ASX's ability to generate strategic insights for more effective risk management. The progress made by ASX in addressing these findings is summarised under CCP Standards 2.2, 2.6, 2.7, 16.2, 16.4 and 16.7.

16.2 A central counterparty's board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the central counterparty's operational risk management framework. Systems, operational policies, procedures and controls should be reviewed, audited and tested periodically and after significant changes.

The ASX Limited Board, the CS Boards, the Audit and Risk Committee, the Risk Committee and individual departments all have responsibilities within the ASX CS facilities' operational risk management framework. These roles and responsibilities are defined in the CS Boards' Charter, the Audit and Risk Committee Charter, the Risk Committee Charter and the Enterprise Risk Management Policy.

Policies and procedures are the subject of internal and external review. ASX's internal audit function routinely reviews compliance with operational policy, reporting to the Audit and Risk Committee on a quarterly basis. Scheduled reviews carried out by Internal Audit include business process and operational audits and information technology reviews. Internal Audit also reviews major projects and carries out special investigations as required (e.g. following a major operational incident). Audit findings may prompt a review of policy, which would be conducted in consultation with key stakeholders.

DCS and CHESS – ASX Clear's core systems – are also subject to an annual independent audit, the results of which are released to the market. The audits are performed with reference to the relevant assurance standard, ASAE 3402 (Assurance Report on Controls at a Service Organisation), and cover certain information processing functions and internal controls of DCS and CHESS, as well as the integrity and accuracy of information gathered by these systems.

ASX benchmarks its operational risk framework against relevant international standards. For example:

  • ISO 31000 – Risk Management Principles and Guidelines is used to benchmark ASX's overarching framework for operational risk management.
  • The business continuity framework is benchmarked against the Business Continuity Institute's Good Practice Guidelines 2018, and the international standard ISO 22301:2012 Business Continuity Management Systems. ASX is reviewing its business continuity framework as part of a broader review that also covers incident and crisis management.
  • ASX has taken into consideration the National Institute of Standards and Technology (NIST) cyber security framework in developing its information security framework. ASX has also reviewed its cyber resilience arrangements against the SWIFT customer security controls framework, and has previously reviewed its arrangements against industry standards and the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures.
  • The compliance framework is benchmarked to the Australian Standard (AS) 3806-2006: Compliance Programs. ASX is aligning its compliance framework to the findings of an external review against the principles outlined in the more recent ISO 19600:2015 standard as well as AS 3806:2006.
  • The ASX Fraud Control Policy is benchmarked against AS 8001-2008: Fraud and Corruption Control.

A variety of key control procedures support the effectiveness and resilience of core operational systems. These include audit logs, segregation of duties controls such as dual input checks and approval, reconciliations, management sign-off and processing checklists as primary preventative controls, supported by broader management review of activity.

Change management and project management

ASX Clear and ASX Clear (Futures) operate separate test and development environments for their core systems, and have a formal technology change management process that is documented in the ASX Technology Change Management Policy and Guideline. The policy and guideline covers the requirements for the notification, risk assessment, testing and implementation of technology changes for all ASX CS facilities, as well as the key roles and responsibilities in relation to technology change management. There are also defined procedures for communicating details of technology upgrade releases with participants and vendors, which include regular notices to participants of upcoming changes. Aspects of the change management process are externally reviewed each year. During the previous assessment period, the external review of ASX's technology governance, operational risk and control framework identified shortcomings in the tools used by ASX in managing change. As part of its Building Stronger Foundations program, ASX is implementing an IT service management tool that includes improved change management functionality (see CCP Standard 16.7).

Major projects are overseen by the Portfolio Governance Group (PGG), which is comprised of representatives of the Group Executive. The PGG is responsible for assessing project priorities across the ASX Group and overseeing the quality of project execution. Project management of major projects is undertaken by the Project Delivery Team. Projects incorporate testing processes, which verify that systems or services meet benchmarks set prior to implementation. Testing addresses both technical and operational aspects of projects. The project management process includes engagement with customers and third-party vendors of supporting systems where appropriate, particularly in customer testing. Project plans also include formal checkpoints which are intended to ensure that all appropriate risk management controls are in place prior to live use of a new or updated system or service.

A key project ASX has underway is the replacement of the CHESS clearing and settlement system. This replacement is an important element of ensuring that ASX's core infrastructure for the cash equities market meets international best practice, and that its performance, resilience, security and functionality continue to meet the needs of its users. ASX has selected Digital Asset Holdings, to assist in developing a replacement system for CHESS based on a permissioned, private distributed ledger technology (DLT) system. ASX expects the replacement system to commence operation in the first half of 2021.

16.3 A central counterparty should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. These policies include, but are not limited to, having: exacting targets for system availability; scalable capacity adequate to handle increasing stress volumes; and comprehensive physical and information security policies that address all potential vulnerabilities and threats.

Operational reliability and availability

Availability targets are documented and defined formally for critical services. Both CCPs' key systems are required to meet a minimum availability target of 99.8 per cent; during the assessment period, CHESS, DCS, Genium Clearing and Calypso were available 100 per cent of the time.

Operational capacity

System capacity is monitored on an ongoing basis, with regular reviews of current and projected capacity requirements. The results are reviewed against established guidance for capacity headroom over peak recorded values for all critical systems; that is, to maintain minimum capacity 50 per cent over peak recorded daily volumes, with the ability to rapidly increase to 100 per cent over peak within six months should the need arise. Capacity data are reported to the CRO, CFO, CIO, Executive General Manager Operations and COO on a monthly basis and to the TOSC and Audit and Risk Committee on a quarterly basis. Average capacity utilisation of DCS and CHESS during the assessment period was 8 per cent and 38 per cent respectively, while peak utilisation was 20 per cent for DCS and 53 per cent for CHESS. The average capacity utilisation of Genium during the assessment period was 10 per cent, while peak utilisation was 17 per cent; average capacity utilisation of Calypso was 43 per cent, while peak capacity utilisation was 44 per cent. ASX Clear and ASX Clear (Futures) consider that they have sufficient technical and human resources to operate DCS, CHESS, Genium and Calypso during peak periods, including in the event of operational incidents or system failure.

Physical and information security

Physical access is controlled at both an enterprise and function level. The key systems supporting ASX's clearing and settlement processes are operated within secure buildings.

ASX's approach to information security is set out in its cyber security plan and strategy, and complemented by more granular policies and standards. The cyber security plan and strategy is reviewed annually by Technology Security and endorsed by the TOSC, with formal approval by the Audit and Risk Committee.

ASX's cyber security is tested at a number of levels. This includes penetration testing against the ASX perimeter and vulnerability testing within the perimeter. Both CCPs perform security testing on a periodic basis. ASX operates a suite of controls designed to prevent and detect cyber attacks on its systems, such as denial of service or malware threats. These controls include: continuous monitoring of its network for cyber intrusions and malicious code; steps to monitor suspicious internet traffic; regular scans of both the network perimeter and system assets to confirm they remain secure; the maintenance of spare capacity to manage legitimate or malicious surges in internet traffic; and steps to regulate access to ASX systems.

Application testing is carried out in test environments (see CCP Standard 16.2). Testing reports are documented, with identified problems escalated to management and tracked through to remediation. Similarly, any technology-based operational incidents are reported to senior management and issues are tracked through to resolution via regular updates to management.

16.4 A central counterparty should ensure that it can reliably access and utilise well-trained and competent personnel, as well as technical and other resources. These arrangements should be designed to ensure that all key systems are operated securely and reliably in all circumstances, including where a related body becomes subject to external administration.

Access to resources

ASX Clear and ASX Clear (Futures) have arrangements in place which aim to ensure that they have well-trained and competent personnel operating the core systems supporting the ASX CCPs. Staff are provided with training on relevant policies and guidelines from commencement of employment, with periodic communications thereafter. Staff are evaluated with reference to each defined operational process and broader skills matrices, with training provided for identified areas of weakness. Both ASX CCPs have formal succession planning and management processes in place for key staff. During the previous assessment period, the external review of ASX's technology governance, operational risk and control frameworks identified that ASX was overly reliant on individual experts in key areas. As part of the Building Stronger Foundations program, ASX has placed additional resource into these areas in order to share knowledge more widely, has commenced work to improve the consistency of documentation of policies, processes and controls, and plans to build additional knowledge management functionality in its new IT service management tool (see CCP Standard 16.7). ASX has continued to automate certain routine technology-related processes and reporting during the assessment period.

ASX has a customer support centre within ASX's Australian Liquidity Centre.[37] The customer support centre brings together operations, technology and market surveillance staff in a single location with capacity to house 80 per cent of operational staff The customer support centre is ASX's primary operations base and primary data centre.[38] To facilitate rapid recovery in the event of an operational disruption, around 30 per cent of ASX's operational staff are based at its secondary operations site. In case of a disruption to staffing arrangements at the primary site for staff, the secondary operations site has capacity to house 100 per cent of all operational staff with remote access arrangements for non-essential staff, as required. ASX also has a Customer Experience Team led by a General Manager. This team is responsible for the development and delivery of the ASX customer experience.

Resources shared with a related body

Within the ASX group structure, most operational resources are provided by ASX Operations, a subsidiary of ASX Limited (see Appendix B.1), under a contractual support agreement. ASX Operations is also required under the support agreement to provide the Bank with reasonable rights of access in respect of information relating to its operation of critical functions provided to ASX Clear and ASX Clear (Futures) (see CCP Standard 16.10 in respect of broader rights of access provided to the Bank by the ASX CCPs' critical service providers).

In the event that ASX Operations became subject to external administration, to the extent permissible by law, provisions within the support agreement provide for the ASX CCPs and the other clearing and settlement corporate entities to retain the use of operational resources.

Resourcing of major projects

The PGG is tasked with ensuring that ASX has sufficient well-qualified personnel to cope with periods in which it is simultaneously undertaking a number of projects, including those resulting in significant changes to business (see CCP Standard 16.2). The Project Delivery Team rates projects to ensure that they receive appropriate access to resources.

16.5 A central counterparty should identify, monitor and manage the risks that key participants, other FMIs and service and utility providers might pose to its operations. A central counterparty should inform the Reserve Bank of any critical dependencies on utilities or service providers. In addition, a central counterparty should identify, monitor and manage the risks its operations might pose to its participants and other FMIs. Where a central counterparty operates in multiple jurisdictions, managing these risks may require it to provide adequate operational support to participants during the market hours of each relevant jurisdiction.

Dependencies on participants and other FMIs

ASX identifies, monitors and mitigates potential dependencies on participants in a number of ways:

  • by holding regular discussions with participants on risk management processes (see CCP Standard 3.1)
  • through participation requirements related to operational resources and capabilities, and business continuity arrangements (see CCP Standards 16.6 and 17.2)
  • as part of its assessments of project-related risks (see CCP Standard 14.1)
  • through general monitoring of risks under its risk management framework (see CCP Standard 3.1).

ASX Clear and ASX Clear (Futures) have operational interdependencies with Austraclear and RITS, as Austraclear is used to settle margin payments with the interbank settlement occurring in RITS. ASX Clear also has an operational interdependence with ASX Settlement, with which it shares the CHESS system, and ASX Settlement depends on RITS for interbank settlement (see CCP Standard 19). Operational risk associated with these interdependencies is managed within the context of the ASX Group's operational risk management framework. ASX Clear and ASX Clear (Futures) do not have significant operational interdependencies with other FMIs.

Dependencies on service providers

ASX has a formal policy that sets out the process for entering into, maintaining and exiting key outsourcing arrangements. If a key service is to be provided by an external service provider, ASX would conduct a tender or other process in which proposals from potential vendors are assessed against relevant criteria. Arrangements have been implemented under which ASX would consult with the Bank before entering into new agreements with third parties for critical services. ASX also provides the Bank with a list of critical outsourcing arrangements on an annual basis. Issues relating to outsourcing and service provision are escalated as appropriate to executive management via the ASX Technology vendor management group and the relevant operational support area.

ASX assesses the operational performance of its service providers on an ongoing basis against its own operational policies, aiming to ensure that service providers meet the resilience, security and operational performance requirements of the FSS. ASX maintains current information on its service providers' operations and processes through ongoing liaison, and in turn provides relevant updates to service providers regarding ASX operations. Service providers are also assessed through software ‘regression testing’ when there is a major system upgrade.[39] Contractual arrangements with critical service providers require the approval of ASX Operations or the relevant contracting entity before the service provider can itself outsource material elements of its service. ASX is currently developing a procedure for identifying and overseeing the activities of critical service providers in response to a previous audit that found that the previous procedure should be formalised and applied more consistently across the organisation.

All core ASX Clear operational functions are performed within ASX. However, external suppliers are used for utilities, hardware maintenance, operating system and product maintenance, and certain security-related specialist independent services.

ASX Clear (Futures)' core exchange-traded clearing system, Genium, is provided by a third-party vendor. ASX Clear (Futures) has responsibility for business continuity arrangements and computer-system support. The vendor provides support where changes to the system components or underlying source code are involved, under an agreement which extends to 2026. ASX Clear (Futures) has an escrow arrangement in place that would allow it to access source code for Genium in the event that the vendor was unable to continue providing support.

All other ASX Clear (Futures) operational functions are performed within ASX. However, external suppliers are used for utilities, hardware maintenance, operating system and product maintenance, and certain security-related specialist independent services.

ASX has put in place a number of mitigants to address the risks associated with dependencies on utilities and service providers.

  • Primary and backup data centres are connected to different electricity grids and telecommunication exchanges.
  • Each data centre has backup power generators with capacity to run the site at full load for at least 44 hours, and 72 hours in the case of the primary data centre.
  • All external communications links to data centres are via dual geographically separated links.
  • ASX conducts regular testing of backup arrangements. Major systems are tested annually. Participants take part in these business continuity tests and are notified of the tests in advance through ASX notices.
  • ASX also performs a periodic assessment of suppliers, including consideration of contingency arrangements should externally provided services not be available (such as the use of alternative suppliers), as well as incident escalation procedures and contacts.

Disclosure

The nature and scope of ASX Clear's and ASX Clear (Futures)' dependencies on critical service providers are disclosed to participants through: operating rules; guidance notes; notices and bulletins; technical documentation available on the ASX participant website; more general information available on the ASX public website; and in one-on-one meetings with participants, both during the induction process for new participants and on an ongoing basis.

Operational support

ASX Clear and ASX Clear (Futures) provide telephone and email support to participants via a helpdesk in its customer support centre. The service operates from 8.00 am to 7.30 pm.

16.6 A participant of a central counterparty should have complementary operational and business continuity arrangements that are appropriate to the nature and size of the business undertaken by that participant. The central counterparty's rules and procedures should clearly specify operational requirements for participants.

Participant business continuity requirements are set out in the ASX Clear and ASX Clear (Futures) Operating Rules and Procedures, supplemented by additional guidance issued by ASX. These require large participants to maintain adequate business continuity arrangements (see CCP Standard 16.8) to allow the recovery of usual operations preferably within two hours, and no more than four hours, following a contingency event. The targeted recovery time for smaller participants is preferably four hours, and no more than six. If a participant fails to maintain business continuity arrangements consistent with these recovery targets, it may become subject to sanctions or restrictions on its activities. Spot checks of participants' business continuity management are conducted if risk factors are identified, such as where a participant has experienced operational problems. These spot checks examine the participant's governance and processes for resilience and business continuity.

The Operating Rules and Procedures also require more broadly that participants have facilities, procedures and personnel that are adequate to meet technical and performance requirements. ASX's preferred approach to dealing with operational issues is to work collaboratively with the participant to educate them on their obligations. If the matter is serious, ASX may require that the participant address the weakness as a matter of priority. ASX may also impose conditions on participation, or require that the participant appoint an independent expert to assist with the remediation task.

Business continuity arrangements

16.7 A central counterparty should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology systems can resume operations within two hours following disruptive events. Business continuity arrangements should provide appropriate redundancy of critical systems and appropriate mitigants for data loss. The business continuity plan should be designed to enable the central counterparty to facilitate settlement by the end of the day of the disruption, even in case of extreme circumstances. The central counterparty should regularly test these arrangements.

Business continuity management

ASX's approach to business continuity is defined in the ASX Business Continuity Management Policy. This policy describes the incident management and business continuity arrangements for all ASX CS facilities, including the appropriate operational response to a CS facility disruption, and the key roles and responsibilities in relation to business continuity. The ASX Business Continuity Management Policy is supported by a range of other internal documents, including the Business Resumption Plan, the Pandemic Response Plan, and the testing policy for ASX's Business Continuity and Disaster Recovery Plans.

The Group Business Continuity Manager is responsible for developing business continuity management policies and procedures, and coordinating business continuity activities and training across the ASX CS facilities. The outcomes of these activities are overseen by the TOSC, which is chaired by the COO and includes the CEO, Executive General Manager Operations, CIO, CRO and GM Technology Security and Governance. The Risk Committee is responsible for approving ASX's overall business continuity strategy and any related policies.

The ASX Business Continuity Management Policy requires that failover to the backup data centre should occur within two hours. Plans for recovery of key systems apply to both physical and cyber threats to business continuity; these cover scenarios such as the loss of systems or site access (with or without damage to internal site infrastructure), mass unavailability of staff or a pandemic event.

ASX Clear and ASX Clear (Futures) employ a variety of technologies to ensure a high degree of redundancy in their systems – both across sites and within a single site. ASX maintains both primary and backup data centres, with broadly equivalent operational requirements. Key plant and equipment at the primary site are designed to the Uptime Institute Tier 3 standard of concurrent maintainability.[40] The main computer network is connected via point-to-point optical fibre, which ASX operates with its own technology, thereby reducing the potential for outages due to operational problems with the telecommunications provider. All core systems employ multiple servers with spare capacity. Front-end servers handling communications with participants are configured to provide automatic failover across sites. Failover of the more critical data servers is targeted to take place within two hours, but would generally be expected to occur within an hour, under the control of management.

Disruption to participants in such circumstances would be mitigated by the high degree of redundancy in front-end system components. In most circumstances, these would be expected to maintain communications with participants' systems and queue transactions until the data servers were reactivated. The integrity of transactions would be supported by: queuing messages until they could be processed; storing all transactions in the database with unique identifiers, thereby preventing the loss or duplication of transactions; and synchronising replication of database records between the primary and backup data centres. Furthermore, in the event that a significant part of a system or an operational site failed, the ASX CCPs have contingency arrangements to activate an additional tier of ‘cold’ redundancy arrangements (either by converting test systems into production systems or rebuilding systems from readily available hardware) within 24 hours to meet the contingency of any further service interruption.

ASX Clear and ASX Clear (Futures) regularly test their business continuity and technology disaster recovery arrangements against the range of identified business interruption scenarios. The testing requirements are set out in ASX's Business Continuity and Disaster Recovery Plans Testing Policy. Dual site operational teams across the primary and secondary operations sites effectively test backup operational processes on a continuous basis. These arrangements are supplemented by periodic desktop simulations, and exercises that test remote access and attendance at the secondary site. ASX also participates in industry-wide desktop exercises simulating business continuity arrangements for widespread disruptions. For teams not located across both sites, connectivity and procedural testing of the secondary site are performed monthly by representatives from those teams. Live technology tests, where clearing services are provided in real time from the backup data centre, are conducted on a two-year cycle. The use of live tests ensures that participant connectivity to the backup data centre is also tested. Test results are formally documented and reported to ASX senior management and are also made available to internal and external auditors. In addition to receiving the results of business continuity tests, Internal Audit also reviews technology operational incidents, contributes to business continuity policy updates, and helps ensure that business continuity elements have been considered in project risk assessments. ASX's business continuity framework is audited externally every three to five years; the most recent audit, completed in November 2015, found that ASX's business continuity standards were broadly consistent with widely recognised global standards and did not identify any major areas of concern.

Incident management

ASX Clear and ASX Clear (Futures) have defined procedures for crisis and event management. These procedures, as well as key roles and responsibilities for managing a crisis, are documented in ASX's Crisis Management Plan. The procedures cover: crisis notification (including notification and incident reporting to the Bank and ASIC); emergency response (including building evacuation); crisis response (including overall incident assessment and monitoring); and crisis management testing. During the assessment period, ASX implemented a crisis management communication tool to support more timely delivery of updates and instructions to the crisis management team and other key stakeholders during a crisis. ASX also updated its Crisis Management Plan to streamline the structure of the crisis management team and align the categorisation of crisis incidents with corresponding changes to the Incident Management Framework (see below). ASX's crisis management team includes senior representatives of the core business activities, as well as facilities management, business continuity, and media and communications. The procedures identify responsibilities, including for internal communication and external communication to emergency services, the market, industry and media. As part of these procedures, ASX maintains a multi-market communication protocol for communicating information to participants and stakeholders should any disruption to market, clearing or settlement services eventuate, including where this affects market operators accessing ASX Clear via the TAS.

ASX revised its Incident Management Framework to broaden the definition of an incident and clarify roles and responsibilities during an incident. The ASX Business Services Incident Management Procedure would be invoked in the event of a high severity technology or operational incident. The revised incident management procedure provides guidelines for system recovery prioritisation and resource allocation, and the actions that would need to be taken in the event of an incident. The updated procedure also outlines the key roles and responsibilities for managing an incident, as well as indicative communication and notification requirements.

During the previous assessment period, the external review of ASX's technology governance and operational risk and controls identified a number of areas in which ASX's incident management arrangements required strengthening. The review observed limitations in ASX's analysis of incident data, as well as the lack of a defined system for managing identified incidents and issues. The review also observed significant dependence on subject matter knowledge experts within ASX, in part resulting from the lack of a centralised knowledge repository that could provide an end-to-end view of system operations. In response, ASX is in the process of implementing an IT service management tool to support the management of incidents and issues, and provide an end-to-end view of system operations.

16.8 A central counterparty should consider making contingency testing compulsory for the largest participants to ensure they are operationally reliable and have in place tested contingency arrangements to deal with a range of operational stress scenarios that may include impaired access to the central counterparty.

The ASX Clear and ASX Clear (Futures) Operating Rules and Procedures require participants to maintain adequate business continuity arrangements that are appropriate to the nature and size of their business as a participant. The Operating Rules specify that participants must have arrangements that allow for the recovery of usual operations (see CCP Standard 16.6). It is the CCPs' expectation (set out in guidance) that this would be within two to four hours following a contingency event for large participants. During the assessment period, ASX consulted on proposed changes to participant guidance notes that set out strengthened admission criteria for participants in the areas of risk management, business continuity and disaster recovery. These arrangements are reviewed as part of the participant admissions process. Participants are also subject to risk-based spot checks of their ongoing compliance with the ASX Clear and ASX Clear (Futures) Operating Rules. Spot checks may be based on topical themes, in some cases arising from observations of general business developments, and in other cases motivated by a participant that has been experiencing operational problems. If a participant fails to implement any recommendations arising from a check, ASX may impose sanctions.

Participants are involved in the contingency testing of the ASX CCPs' systems, as this testing is conducted in a live environment. ASX conducts comprehensive business continuity testing of key systems at least every two years, with participants being notified of the start and completion of testing. Participants are also involved in testing of major system changes or in advance of the introduction of a new system. ASX Clear and ASX Clear (Futures) conduct regular connectivity tests and maintain an external testing environment for system changes.

Outsourcing and other dependencies

16.9 A central counterparty that relies upon, outsources some of its operations to, or has other dependencies with a related body, another FMI or a third-party service provider (for example, data processing and information systems management) should ensure that those operations meet the resilience, security and operational performance requirements of these CCP Standards and equivalent requirements of any other jurisdictions in which it operates.

ASX has developed a set of standard clauses for inclusion in contracts with third-party service providers of critical services to ASX Clear and ASX Clear (Futures) (see CCP Standard 16.5). Similar clauses are also included in the support agreement between the CCPs and ASX Operations Pty Limited, which provides all internal operational services for the facilities. The clauses seek to ensure that the service providers meet the resilience, security and operational performance requirements of the FSS. The clauses also allow the Bank to gather information from the service provider about the operation of critical functions (see CCP Standard 16.10). In the event that the Bank concluded that the terms of the service provider agreement did not meet FSS requirements, the clauses also require the service provider to negotiate acceptable new terms with ASX in good faith. Furthermore, if ASX Clear or ASX Clear (Futures) were to become insolvent, the clauses provide for the Bank to negotiate with the service provider to continue service provision (see CCP Standard 16.11). ASX applies these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements. This includes: ASX Clear's agreement with a third-party vendor for support of risk management software for CMM; ASX Clear (Futures)' agreement with a third-party vendor for support of Genium, which also incorporates EXIGO software support; and ASX Clear (Futures)' agreement with another third-party vendor for support of Calypso.

16.10 All of a central counterparty's outsourcing or critical service provision arrangements should provide rights of access to the Reserve Bank to obtain sufficient information regarding the service provider's operation of any critical functions provided. A central counterparty should consult with the Reserve Bank prior to entering into an outsourcing or service provision arrangement for critical functions.

ASX's standard clauses for service providers require the provider to grant reasonable access to the Bank in respect of information relating to its operation of a critical function provided to the ASX CCPs. ASX applies these clauses to all new agreements with service providers, and has incorporated them into all of its key existing service agreements.

16.11 A central counterparty should organise its operations, including any outsourcing or critical service provision arrangements, in such a way as to ensure continuity of service in a crisis and to facilitate effective crisis management actions by the Reserve Bank or other relevant authorities. These arrangements should be commensurate with the nature and scale of the central counterparty's operations.

Standard clauses in ASX Clear and ASX Clear (Futures)' agreements with service providers (described in CCP Standards 16.9 and 16.10) require that providers give the Bank notice of any intention to terminate the agreement as a consequence of a CCP's failure to pay fees, or in the event of the insolvency of one of the CCPs or any other relevant ASX entity. This is intended to give the Bank an opportunity to take action to remedy the breach or otherwise ensure continued service provision.

The ASX CCPs' arrangements to ensure continuity of operations in the event of a crisis will be shaped by the proposed introduction into Australian law of a special resolution regime for FMIs. The Council of Financial Regulators (CFR) agencies are currently developing a legislative proposal to implement the regime, as well as the operational arrangements to support the regime once implemented.

Footnotes

The Australian Liquidity Centre provides market participants with the option to co-locate their servers with ASX's data centre. [37]

ASX currently maintains three main sites for its operations and data processing: a primary operations site that also operates as the primary data centre (where the majority of staff are located); a secondary operations site; and a backup data centre. [38]

When a component of software is updated, regression testing aims to perform checks on the full software to verify that the operation of other software components has not been inadvertently affected by the update. [39]

The Uptime Institute is an IT consulting organisation that has developed a widely adopted classification system for the level of redundancy arrangements in data centres. ‘Tier 3’ is the second highest standard of redundancy, indicating that a data centre has redundant components, multiple independent power and cooling systems, and a high degree of availability. [40]