Diferencias con otros tipos de turismo verde

The technical architecture and infrastructure of the CLS system enables CLS Bank to provide a reliable Settlement Service to its Members. CLS Bank has a fully resilient systems and communications infrastructure supported by the provision of network and system management services. IBM has established a CLS-dedicated group, and command centers for the operation of core production services and service management.

A key element of the CLS system design is the high degree of symmetry. All key network and infrastructure system components are duplicated. CLS’s networks and power sources are also diverse and, consequently, the design of the CLS system allows for recovery and resilience at many different levels.

CLS Bank, which is located in New York, and CLS Services, which is located in London, are linked to each other and the representative office of CLS UK Holdings in Tokyo, by dual and diverse network links. Additionally, there are business continuity sites in both the U.S. and U.K., should the main offices of CLS Bank or CLS Services be destroyed or become inaccessible.

29 _{Such strategic and significant tactical enhancements or modifications would include without limitation,}

two technology projects currently under consideration. One of these projects is intended to enhance the processing speed, capacity and communications capabilities of the CLS computer system (also known as project “TIGER”) and the other would provide for a staged transition to a new componentized architecture and a new program language for the core settlement system.

There are two main core production service central processors, located in two geographically separate data centers containing identical sets of supporting systems, which are supported by IBM. In the event that one site is not available, the Settlement Service can still be provided to the Members using the alternate site. The second data center, which replicates data on a synchronous basis and provides full out of region capability and resilience, is designed to ensure that the CLS system is aligned with globally recognized standards, such as the “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System,” jointly published in April 2003 by the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Securities and Exchange Commission in the United States. The two data centers are supplied by different electricity suppliers from separate sources, and are also connected by two separate fibre networks, each capable of supporting the full volume of payment instructions received and processed by the CLS system. The data centers are supplied with market data by two Reuters links, one to each data center. Both links are accessible from each data center.

Administrative oversight of the core production service central processors at each data center can be performed at CLS’s business operations centers in the U.K. and the U.S. CLS has four business operations centers, with primary sites in London and New York, and disaster recovery sites for the business operations centers located elsewhere in both the U.K. and U.S. Each data center is connected to the CLS business operations centers (two in the U.K. and two in the U.S.) using separate networks. The technical and operational functions of the core production service central processors are also monitored at two active command centers maintained by IBM, one located in the U.K. and the other in the U.S. IBM conducts a series of linked processes internally which are parallel to the processes operated by CLS internally in order to provide the Settlement Service to Members.

The CLS system connects to the central bank payment systems for CHF, JPY and USD, using two separate links (per RTGS) to global networks. For AUD, CAD, DKK, EUR, GBP, HKD, ILS, KRW, MXN, NOK, NZD, SEK, SGD and ZAR payment systems the CLS systems connect using two separate links to the SWIFTNet network for FIN service connectivity. The CLS system has various communication contingency processes in place should these links fail, including the use of stand-alone terminals, secure file transfer mechanisms or authenticated fax messages. The CLS system also has payment contingency processes that can be employed in the event that there are severe operational difficulties affecting a central bank, RTGS system or the Settlement Member (or its nostro agent). In the case of JPY, the Tokyo representative office provides contingency access to the JPY RTGS system.

The CLS system connects to Member systems using two separate links, per data center, to the SWIFTNet network and two different points of presence (located in two jurisdictions) for FIN service connectivity. Similarly, the CLS system connects to Deriv/SERV’s system using two separate links, per data center, to the SWIFTNet network. Because all standards of duplicate alternative diverse connections (which apply to the connectivity from and to Members) are also applied to the connectivity from and to Deriv/SERV, the resilience of the CLS system is unchanged by introduction of a new interface with Deriv/SERV’s system. Since CLS actively switches between its sites, the resilience of the CLS system is constantly demonstrated.

CLS Bank subjects each Member and Deriv/SERV to an initial technical approval process in which the adequacy of its technical architecture (as it relates to the CLS system) must be demonstrated before it may participate in the Settlement Service. As part of this process, the Member or Deriv/SERV, as the case may be, is required to demonstrate that it can successfully communicate with the CLS system using a minimum of two alternative sites and provide sufficiently detailed information about its technical architecture to enable the CLS Technology Office to assess the resilience and security of the architecture. Testing is done in the joint acceptance service environment to determine the Member’s eligibility to progress to operational

approval for the core production service environment. IBM conducts active monitoring of the CLS system during testing and produces reports which enable CLS to make this evaluation. In addition, each Member and Deriv/SERV is required to provide written confirmation of its current technical architecture on an annual basis, or more frequently if there are changes to its architecture – this information is reviewed by the CLS Technology Office. Additionally, Members and Deriv/SERV are required to meet all of the Settlement Service’s deadlines. In the case of Deriv/SERV, for example, if the credit derivative payment instructions are not transmitted to the CLS system before the agreed deadline, the ability of CLS Bank to continue to process the other payment instructions in the CLS system for settlement is unaffected. There are no system linkages between the Settlement Service and the Aggregation Service; Members are required to submit payment instructions related to transactions calculated by the Aggregation Service to the Settlement Service by the Settlement Service deadlines, as is the case with other instructions. The symmetrical design of the CLS system and all significant aspects of its infrastructure are designed to ensure that the system is resilient. CLS Bank can recover its operational activities promptly should there be a complete loss of CLS Bank’s or CLS Services’s main offices. Disruption to the Settlement Service in the event of a site disaster at the primary data center is limited to the time it takes to start processing at the backup site. The CLS system is designed to allow the resumption of technical processing without loss of data within 40 minutes of the decision to transfer live production to the secondary site. Following such transfer, an additional 20-30 minutes is required before all operational checks are completed and the Settlement Service is fully monitored. The symmetrical design also allows CLS Bank to rotate the operation of its Settlement Service between its two data centers; by performing this rotation approximately every 8 to 12 weeks, the availability of these alternative sites is effectively tested and proven on a regular basis.

Under normal circumstances, the core production service central processors (at the primary or secondary site) are used to provide the Settlement Service. In the unlikely event that all these processors become unavailable, CLS Bank may resort to the use of an entirely separate utility application to commence or complete the settlement and funding processes. This utility was developed to strengthen the resilience of the Settlement Service by providing CLS Bank with an alternative mechanism for these key processes.

7.1.1 Operational Reliability

The CLS system performs reliably on a daily basis. In the previous 12 months beginning August 2010, the CLS system has been available 99.93% of the time it has been scheduled for operation.30 If operational problems do occur, there is a formal incident reporting and problem management process to facilitate the successful resolution of any service incidents. This process defines the roles and responsibilities of CLS and its vendors and provides a mechanism for tracking an incident from its inception to successful resolution and closure.

IBM monitors, tracks and records all incidents and proposes resolution plans to CLS. IBM and CLS hold triage and status calls if an incident affects a critical element of operational services. CLS and IBM will review a major incident follow-up plan prepared by IBM, including analyses of the cause of the incident, an explanation of how it was identified, a chronology of events, workarounds and program changes made in response, a summary of how the incident was managed, and lessons learned going forward. CLS and IBM also hold daily sweep calls during an incident, and weekly service review calls with SWIFT.

30 _{The CLS system is determined to be unavailable during its regularly scheduled hours of operation if an}

issue arises which prevents any one or more of the following activities, even if the system is otherwise operable: submission of new instructions, settlement, Pay-Ins or Pay-Outs.

The CLS system also has an automated service level reporting application that measures and reports a collection of performance data. This data tracks the system performance against various service targets and is used to predict future performance.

7.1.2 Capacity Planning

The CLS Group has in place a framework, reviewed annually, for performance and capacity planning which involves conducting an extensive review of the future capacity investment requirements for the CLS system as part of its annual budget and strategic plan. An integral part of this annual business planning process involves discussions with Members that are key FX market participants to determine a reasonable forecast of the anticipated volumes to be received by the CLS system in the following year, and anticipated overall trends in FX market activity. This information, together with CLS’s and IBM’s knowledge of technical architecture and infrastructure and past performance of the CLS system – and therefore limitations on capacity and scalability (e.g., relating to hardware, networks, software applications, etc.) – form the basis on which capacity planning is conducted. The results of these assessments form part of the input into CLS’s change programs for the next 12-24 months. These are classified into tactical or “Hotspot,” or medium and long term, improvements. Tactical or “Hotspots” are typically those performance changes that require code optimization or configuration tuning to achieve the necessary capability and are usually achievable within the next 12 months. Medium to long term improvements would usually mean a level of re-design or re-engineering of a module or functional component, where delivery would usually be beyond 12 months. As further validation of the performance of, and in anticipation of possible stress points for, the CLS system, the application is stress tested at least annually to identify extreme volume performance challenges. In addition, the CLS acceptance system is run daily at volumes of payment instructions that are typically six months in advance of actual volumes.

CLS continually assesses its existing and forecasted volumes against the contracted IBM service capacity for the CLS system, as well as proven capability and design points for hardware product selection and software development. All application software releases are regression tested against contracted service volumes and, for release with specific performance and capacity increases, a discrete set of tests are performed.

During the past 12 months CLS has proven that the enhanced application can process extreme volumes higher than those encountered during May 2010. CLS conducted market volatility testing with a single input day of 2.8 million and a sustained throughput of 1 million inputs in 5 hours. In addition, a period of saturation testing has been conducted against the application to identify possible future performance changes.

The CLS strategic programs for 2012 and beyond include improvements related to design and functionality, to bring about increased capacity. These improvements are designed to ensure that operational service levels can be maintained under the new volumetric structure of both double and “exceptional days” – considered as 5 times the projected business daily average – and validated at volumes beyond the volumetric service levels. CLS will continue to review future capacity investment requirements in order to determine what actions may be required to ensure capacity and scalability of the CLS system at future key capacity points.

7.1.3 Business Continuity Testing

CLS Bank and CLS Services have an “all hazards” business continuity plan (“BCP”) in place for each functional department, including those directly involved in providing or supporting the Settlement Service. Each plan is predicated on a comprehensive business impact assessment that identifies key risks to technology, people, premises and utility services, and the development of mitigating controls to ensure that key business processes can be maintained in the event of any type of disaster or incident, even in cases of extreme duration or severity.

Business continuity incidents are managed by an Incident Response Team comprising an appropriate representative from key functional departments.31 The Incident Response Team has responsibility for making decisions, including but not limited to the coordination of CLS resources and internal and external communications, during such incidents. The Incident Response Team, which is supported by company executives, is led by the CLS Chief Security and Business Continuity Officer who calls upon a team of specialists, depending on the nature of the incident.

In addition, IBM develops contingency plans to resolve any business or service continuity incidents which cause the Settlement Service to be unavailable. Upon the occurrence of a contingency event, IBM executes recovery plans for the relevant operational services in accordance with these contingency plans as agreed with CLS, and maintains secure backups for the CLS system’s operational environments which allow them to be rebuilt.

All functional departments undergo collective and individual testing as part of CLS’s annual BCP testing program. This includes an annual company-wide exercise that typically results in the loss of a site and the fail-over of associated technology, as well as desktop exercises for executives and a quarterly failover of CLS’s operations to a secondary site. The testing program incorporates realistic but challenging scenarios designed to disrupt customary business operations and activities in order to test and strengthen the ability of the various departments to manage the disruptions. CLS is also a participant in market-wide BCP exercises, including the FRBNY disaster recovery test and UK FSA Market Wide Exercises. In addition, CLS participates in disaster recovery and business continuity with key service providers and strategic partners. Through this testing program, CLS has a high degree of assurance that it meets applicable continuity and recovery targets (including targets set out in the “Interagency Paper” described above). In support of CLS’s BCP testing, each Member is also required to re-confirm annually that it has a CLS-related BCP that is current and comprehensive, and has been tested in the past six months. Members are also asked to confirm that they have proven their contingency pay-in arrangements for each CLS-eligible currency during the past twelve months. By way of example, CLS sought assurance from Members as to their ability to function in the event of a pandemic.

7.1.4 Member Responsibilities

The CLS Bank Rules require Members to maintain minimum operating capabilities as part of CLS Bank’s continuing membership criteria under the CLS Bank Rules. Included in these requirements is the maintenance of current and comprehensive business contingency plans that address both the operational and technical aspects of the Settlement Service. On an annual basis, each Member is required to certify to CLS Bank that it has successfully tested its business contingency plans within the previous six months, and that this test included the use of its contingency site, and the participation of any operational staff nominated by the Member to act in a contingency event affecting the Settlement Service. A Member must also certify that it has proven its contingency Pay-In arrangements for each currency settled by CLS Bank during the past 12 months, either during a planned test or in response to a real need to invoke a contingency arrangement.

7.1.5 Aggregation Service

The resilience of the technical architecture and infrastructure of the Settlement Service is unaffected by the Aggregation Service because there are no system linkages between the Settlement Service and the Aggregation Service. CLSAS’s system for the Aggregation Service

31 _{The Incident Response Team representatives have nominated deputies who can replace them when}

itself is generally aligned with globally recognized standards and is operated in a completely segregated environment, with two data centers which are synchronously linked using standard database synchronization software, and satisfy the 2-hour recovery limit for critical infrastructures set forth in the above-mentioned “Interagency Paper on Sound Practices to Strengthen the Resilience of the U.S. Financial System.” CLSAS’s system for the Aggregation Service is appropriately monitored, and management of incidents and crisis escalation is handled in a similar manner to the Settlement Service.

The Aggregation Rules require Aggregation Parties to satisfy minimum operating capabilities. Included in these requirements are adequate contingency plans for maintaining operational capabilities if a natural disaster, operational or technical failure, or other extraordinary event occurs. In addition, the Aggregation Rules specify clear cut-off times for the receipt of trade messages for aggregation. These times provide sufficient time for a Member to submit payment instructions, relating to eligible aggregated transactions, to the Settlement Service via the Member’s standard CLS interface and within the deadlines separately specified in the CLS Bank Rules. In the event that a trade message has been submitted to but not aggregated by the Aggregation Service for any reason, details of the trade are nonetheless permitted to be