Large IT suppliers who provide the systems that underpin Australia’s stockmarket should be required to apply for an Australian Financial Services Licence, according to a recommendation made by the Murray Report.
The interim report released this week by the Government's Financial System Inquiry (otherwise known as the Murray Report) offered a broad set of discussion points around how the financial services industry should be regulated into the future.
It considered whether new forms of financial products such as loyalty schemes, mobile wallets, digital payments platforms like PayPal and digital currencies like Bitcoin might be regulated.
The report also discussed several risks to the health of Australia’s financial markets – one of them being the availability and security posture of “service providers of scale”, upon which trading relies.
“If such an IT system failed, this could impede the fair and orderly operation of financial markets.
“Technology service providers are subject to limited oversight, as any obligations to have appropriate risk management systems and resources fall on regulated entities, rather than the vendors. With providers of scale, there may be a case for considering direct regulation."
The interim report flagged the idea that these software providers should be required to attain an Australian Financial Services License to keep such risks under control.
“Requiring an AFSL for these entities would allow monitoring and minimum standards to be set.”
The option was intended to contemplate "third service providers of widely used and significant business systems to stockbrokers (direct market participants of a licensed financial market) or to exchanges (such as ASX or Chi-X licensed as financial market operators)," a Treasury spokesman confirmed to iTnews.
The large software systems that underpin major retail banks, by contrast, were not deemed to be in scope.
In late 2011, traders were unable to connect to the NASDAQ OMX system underpinning the Australian Stock Exchange.
Investigations into the incident found that the stock exchange struggled to raise a ticket with a service desk based in India, and took up to three hours to contact some stockbrokers about the issue. The ASX has since moved into a new data centre in Gore Hill, Sydney.
The inquiry is now seeking submissions from industry on how to set the appropriate “risk-based criteria” to ensure only the suppliers of the most crucial systems would be subject to any such regulation, if the Australian Government opted to introduce it.
“Such an option has practical implementation challenges, including setting clear and appropriate risk-based criteria to identify appropriate entities without imposing undue burden on all service providers.”
The closing date for the next round of submissions to the inquiry is 26 August 2014.