Central banks must work hard to keep up with the ever-changing payments landscape.
By 1990, many countries had real-time gross settlement (RTGS) systems in place to rapidly clear and settle high-value transactions. Some, like Denmark, debuted their in-house solutions in the early 2000s. But as countries continue to demand more from their RTGS offerings, many are realizing that their aging services no longer meet their needs.
While central banks with legacy RTGS systems are pondering their next moves, others are looking to incorporate the technology for the first time. In both cases, many are turning to third-party providers for their solutions instead of updating or building their own infrastructure.
One such provider is SIA, which designs, develops and manages RTGS infrastructure for central banks and financial institutions (FIs). Mario De Lorenzo, the company’s Central Institutions Division director, said third parties can often create more robust solutions than those developed in-house. In a recent interview, he told PYMNTS what it takes for providers to work with and meet the needs of different central banks while keeping systems secure.
Countries adopting newer payments infrastructure can learn much from others who have already done so, and SIA channels these insights from its client base to improve its offering. The company provides the same base RTGS solution but customizes it to meet each customer’s needs. De Lorenzo said SIA holds an annual conference with them to get their input and advice on improving its system.
“The evolution of the product is based on the input of our customer community,” he said. “Thanks to the contributions of all these customers, our system has been advancing in the last few years.”
SIA primarily provides its system to central banks in the Middle East, Africa and Europe, and it recently added Denmark, Sweden, Iceland and Norway to its client list. New Zealand is also slated to join the ranks in 2019.
Serving such a diverse client base poses its own challenges, De Lorenzo said, and SIA’s solution must be flexible enough to serve central banks with either sophisticated or basic systems.
“The level of maturity and readiness and need of the central banks that we serve is different,” he said. “And, because of that, we need to have a flexible product suitable to cope with the needs of both the sophisticated [systems] and with other less advanced, more basic [ones].”
Serving clients with an existing RTGS system, which SIA did with Sweden’s central bank, means SIA must satisfy customers who are used to certain capabilities. In these cases, the company must meet those expectations to ensure a smooth transition onto its platform. On the other hand, SIA’s main challenges when serving clients who don’t have a solution are getting them onboarded and ready for the system, De Lorenzo noted.
SIA also has to satisfy current needs while anticipating what will be required of its RTGS system in the future. De Lorenzo said that he expects blockchain to become more important, and, as such, SIA’s offering enables integration with solutions based on distributed ledger technology (DLT).
“At the moment, the [DLT] is still not mature,” he explained. “It is applicable to some specific use cases, but we would expect in the future that it will take place more and more. Because of that, our system has been already proofed for a possible integration with DLT systems.”
He also observed that, as around-the-clock instant payments systems continue to proliferate, demand for 24/7-capable RTGS systems will likely increase as well.
“The processing of instant payments [creates] some expectations also in the RTGS — namely, one strong request from the market is [to have] RTGS working around the clock to reduce the liquidity risk,” De Lorenzo said.
Despite the evolving nature of the RTGS space, one need has remained constant: security. To protect its customers, SIA follows recommendations from centralized organizations, uses secure networks — like SIAnet or SWIFT — and maintains cybersecurity departments.
The company runs both static and dynamic security simulations, as well as penetration tests, on its infrastructure, De Lorenzo said. He also noted that allowing sufficient time for the final stage of testing — which involves the simulation of a live environment — is critical to SIA’s security efforts.
Should these strategies fail to stop a major attack from taking down the RTGS system, De Lorenzo said that SIA has a plan to quickly get it back online. Central banks already operate with secondary sites, which can manage the RTGS system should something happen to the primary site to make it necessary. But to further bolster protection, SIA supplies a third site.
“Our solution is that the account balances are mirrored in real time, rather than in a deferred way to this third site, outside the country,” De Lorenzo explained, “meaning that even in the case of cyberattacks jeopardizing the integrity of the data on the primary site, our users can resume their operation in a different manner by restarting the system on the third pole.”
As more countries embrace the potential of RTGS systems, they must carefully consider how to ensure security and meet needs — as well as whether their best option is an in-house or third-party solution.