Skip Navigation.
Go to home page - Securities Commission New Zealand.
  • About
  • Publications
  • Exemptions
  • Notices
  • What's new?
  • International
  • Speeches
  • Information for investors
  • Contact us
  • Site map
  • Home

Print this page.

Consultation on request for approval of Austraclear NZ's proposed electronic registry interface under section 7 of the Securities Transfer Act

1 September 2008

 

Unauthorised transfers by staff of a member

  1. Our preliminary thinking is that the proposed electronic registry interface does not increase the risk of staff of an Austraclear NZ member intentionally (as opposed to mistakenly) lodging securities into Austraclear NZ without being authorised to do so. The reason for that is under the proposed electronic system each Austraclear NZ member will control who has user access and which users have access to the lodge an uplift functionality, with the user login details being personal and only known to each authorised user. In contrast, under the existing paper based system, the apparent control for lodging securities is the signature of an authorised signatory on a transfer form. However, that form does not actually act as a control because the signatures are not validated.
  2. For a staff member or unrelated third party to benefit from an unauthorised transfer, securities need to be uplifted from Austraclear NZ. As discussed above, because the existing paper-based transfer form to uplift securities is not signed by the Austraclear NZ member, removing the need for that form does not seem to result in any increased risk of unauthorised uplifts. If anything the new electronic processes would seem to reduce the risk of unauthorised uplifts because a user log-on is confidential to the user.

Unauthorised transfers by an unrelated third party

  1. Our preliminary thinking is that under the proposed electronic registry interface it will be more difficult for third parties to compromise the process. First, the process will be more automatic so there is less opportunity for the process to be physically compromised. Secondly, there are more controls around submitting instructions electronically.
  2. However, any compromise of an electronic process would potentially be on a greater scale than under the paper-based system. System security therefore becomes even more important. As discussed below under "Control of automation risks", there are a number of system features that address security issues and Austraclear NZ members should be well placed to assess any such issues and seek to have them addressed by the system operator.
  3. The Commission also notes that the interests of Austraclear NZ members are aligned with the interests of securities holders who are not members, and issuers, regarding unauthorised transfers by staff of a member or by an unrelated third party. As such, the interests of non-members should be adequately addressed by any steps members take in this regard to protect their own interests.

Operational mistake

  1. Our preliminary thinking is that overall the proposed electronic registry interface is designed to make the process for lodging and uplifting securities more automatic which will reduce the number of points in the process at which operational mistakes could occur.
  2. It is also relevant to consider the consequences of a mistake:
    1. If securities are lodged by mistake or uplifted by mistake into the members' own name, the Austraclear NZ member can itself rectify the mistake since it retains control over the securities. The proposed electronic transfer system does not affect that position. We also note that if a member is able to rectify a mistaken transfer it will be able to do so more readily under the proposed electronic system.
    2. If a member uplifts securities directly into a third party's name over whose holding it has no authority to deal, it cannot directly rectify the mistake since it no longer has control over the securities. The risk of that is arguably greater with an electronic transfer system than with the paper-based system because the electronic transaction is completed more quickly. There is therefore less opportunity to identify a mistake before the transaction is completed.
    3. However, the Commission notes that it is optional to use this functionality, the consequences of a mistaken transfer are borne by the member itself (who is therefore appropriately incentivised to manage the risk), and as wholesale financial markets participants Austraclear NZ members can be expected to have appropriate controls in place if they do elect to use that functionality.

Control of automation risks

  1. In consultations relating to previous applications under section 7 of the Securities Transfer Act the Commission has also specifically sought comments on the control of automation risks, including:
    1. security to prevent unauthorised access and misuse of data;
    2. capacity planning to deal with sudden increases in demand;
    3. contingency systems to ensure continuous service in the event of system failure, natural disaster or intentional malicious act; and
    4. independent technical reviews to confirm that the system performs and continues to perform as intended.
  2. As noted on previous occasions, the Commission is not qualified to analyse a system's adequacy in this respect. However, it is necessary for us to form a view based on the information available and comments made as a result of this consultation. We would therefore particularly welcome any comments on these matters in relation to Austraclear NZ's proposed electronic registry interface.
  1. In terms of security issues, the Commission notes that it is in the system operator's and members' interests to ensure that Austraclear NZ is secure. Austraclear NZ's security measures include:
    1. encryption on Austraclear NZ's messaging networks,
    2. two-factor authentication being required for members connecting through the internet, and
    3. a member log-on only working from a network or RSA SecurID card that the system recognises as being that member's network or RSA SecurID card.
  2. As regards capacity, it would seem that the electronic registry interface will easily cope with demand peaks. Peak volumes are in the order of 2 to 3 requests per minute, with up to several hundred per day, whereas the capacity of the proposed electronic system will be in excess of a hundred requests per minute.
  3. After processing a request the proposed electronic system will check for queued instructions and process them on a first-in-first-out basis. If there are no queued instructions the system will go to sleep until invoked. Once an instruction has been accepted for processing, because the proposed electronic system is automated and does not require manual data entry by the system operator or registries, lodges and uplifts will be processed more quickly than under the existing paper-based system. The turnaround for lodges and uplifts will be reduced from the current 1 hour plus, to less than 5 minutes - the time depending on registry processes and the sleep-wake cycles of registry and Austraclear NZ systems (which will be able to be adjusted to ensure optimal performance and throughput).
  4. The Commission's understanding is that that the Reserve Bank has extensive business continuity planning in relation to Austraclear NZ. In particular, the Commission notes that Austraclear NZ has two identical processing systems - one located in Wellington and the other in Auckland. The two systems are continuously live and synchronised, with one system being designated "production" at any point in time. The location of the "production" system is alternated between the Wellington and Auckland systems every few weeks and can be switched immediately (within 15 minutes) if required.
  5. As regard independent technical reviews, Rule 19 of the Austraclear NZ Rules requires the system to be independently audited on a quarterly basis (the most recent independent auditor's report is available on the Austraclear page of the Reserve Bank's website at www.rbnz.govt.nz/payment/austraclear/ under the heading "Operational Information").
  6. More generally, the Commission notes that as electronic systems become the norm, the control of automation risks is increasingly factored into system design and operating practice as a result of user demand, regulatory requirements, and benchmarking to international best practice. Also, as wholesale financial markets participants, our expectation is that Austraclear NZ members should be well placed to assess any such risks and seek to have them addressed by the system operator.
  7. As such, our preliminary thinking is that there is likely to be appropriate control of automation risks in relation to Austraclear NZ's proposed electronic registry interface.

The system rules

  1. The Commission is also interested in there being an appropriate level of control around the setting and changing of relevant system rules.
  2. The Commission notes that the Austraclear NZ Rules are subject to internal controls at the Reserve Bank under the oversight of senior management. We also note that, in practice, proposed rule changes are first discussed with the User Advisory Committee. As such, there appears to be an appropriate level of control over the Rules themselves, including the rules setting out the processes for lodging, transferring, and uplifting securities, the rules and processes relating to membership of Austraclear NZ, and the rules relating to system audits.

Comments sought

  1. The Commission is interested in receiving comments on its preliminary analysis and, in particular, is interested in submitters' views on the following questions:
    1. What do you see as the benefits of Austraclear's NZ's proposed electronic registry interface?
    2. What do you see as the risks and costs associated with Austraclear's NZ's proposed electronic registry interface?
    3. Are the risks appropriately allocated and adequately managed?
    4. Do the benefits of Austraclear's NZ's proposed electronic registry interface outweigh the risks and costs?
    5. Are there any reasons why you think the Commission should not make a recommendation that Austraclear NZ's proposed electronic registry interface be approved under section 7 of the Securities Transfer Act?
  2. We are also interested in whether there are other any matters which submitters think should be taken into account. Please note that the Commission is seeking comments only on Austraclear NZ's application under section 7 of the Securities Transfer Act and not on broader issues relating to the structure and regulation of settlement systems in New Zealand.
  3. As noted above, comments should be sent to the Commission by 5.30 pm on Friday 26 September 2008.

 

...PREV | CONTENTS | NEXT...

 

About | Publications | Notices | What's new? | International | Speeches | Site map
Search | Information for investors | Contact us | Accessibility Disclaimer
Copyright | Privacy | newzealand.govt.nz | Home
© Copyright New Zealand Securities Commission