Conditions Applied to ASX Licence After Outage

Cyber Security Looms Large at Sibos

The Australian Securities and Investments Commission (ASIC) has  announced the conclusion of its investigation into the ASX equity market outage in November 2020.

On 23 August 2021, ASX agreed to address the recommendations of the independent expert report into the outage. This work has begun and is expected to be completed over the next 12 to 18 months. Until the implementation of these recommendations and the completion of the CHESS replacement project, additional conditions will be applied to ASX’s market and its clearing and settlement licences.

These new conditions relate to actions ASX is taking to strengthen its project governance and execution practices. In summary they involve:

  • addressing the independent expert recommendations following the market outage and appointing an independent expert to assess the remediation
  • appointing an independent expert to assess ASX’s assurance program for the implementation of the CHESS replacement program
  • while the program is ongoing, requiring attestations from senior executives and the Board about technology project readiness.

The conditions will cease once ASX’s work is complete and independent assurance reports have been provided to ASIC.

ASX also acknowledges the release by ASIC of its expectations for industry in responding to a market outage. This report outlines a number of expectations for market operators and participants to support the resilience of the Australian equity market. ASX is considering the report closely and will engage with ASIC and market users on our response to these expectations.

Dominic Stevens, ASX Managing Director and Chief Executive Officer, said: “ASX plays a critical role in Australia’s financial markets and confidence in our operations is vital. We share the determination of our regulators to continue to strengthen market resilience. The new licence conditions are practical and are aligned with the action ASX is taking to improve the way we operate our business.

“Work to fulfil the new conditions is well underway. We are addressing each of the recommendations made in the report into the market outage and will appoint an independent expert to review our actions to meet the recommendations. Where relevant, we are applying lessons from the outage to CHESS replacement and are strengthening the project by appointing an independent expert to assess the assurance program.

“We are pleased that ASIC’s investigation into the market outage is closed and that no breach of ASX’s licence conditions was found. However, we will continue to invest to strengthen the quality of our infrastructure and reduce operational risk.”

Mr Stevens continued: “I am proud of the work the team has done over the last five years to reduce outages and incidents across ASX by close to 90%. In addition, when CHESS replacement goes live in April 2023, a significant upgrade program across all levels of our equities technology stack will be complete, with the average age of our technology dropping from over 13 years old to four years old. “

ASX is a heavily scrutinised organisation with high standards. While no process can eliminate all possibility of technology incidents, our continuous improvement programs have driven the significant reduction in incidents over the last five years. We look forward to working with ASIC to deliver the best outcomes for the Australian market.”

Source: ASX

Related articles

  1. Cybersecurity Still a Work in Progress

    Brokers need to bolster protection against the "account intrusion" threat.

  2. The Crypto Assets and Cyber Unit in the Division of Enforcement will grow to 50 dedicated positions.

  3. Cyber-Criminals Target Wall Street

    Participants included over 1,000 representatives from more than 20 countries.

  4. Cyber-Criminals Target Wall Street

    COVID-19 pandemic and geopolitical tensions round out the top three threats in DTCC survey.

  5. Wall Street Confronts Cyber Threats

    Quantum Dawn VI tested over 900 participants' responses to a simulated ransomware event.