Legislative Council: Thursday, February 23, 2023

Contents

Government Contracts, Banking Services

In reply to the Hon. F. PANGALLO ().1 December 2022).

The Hon. K.J. MAHER (Minister for Aboriginal Affairs, Attorney-General, Minister for Industrial Relations and Public Sector): The Treasurer has advised:

1. The procurement for government-wide banking services was conducted in line with the South Australian government (SA government) procurement protocols and Treasurer's Instruction 18: Procurement. The procurement process was overseen by the Procurement Governance Committee, a steering committee and the Chief Executive of the Department of Treasury and Finance. The 'Invitation to Supply' was advertised as an open invitation on the SA Tenders and Contracts website for suppliers that met the minimum mandatory requirements to be eligible to provide banking services to the SA government.

2. The Invitation to Supply was issued to the market on 16 July 2021 and closed on 13 September 2021. This includes additional time which was granted for responses to be submitted given the prevailing COVID lockdown conditions at that time.

3. The existing contracts for banking services had exhausted all the options available for extensions, with the expiry date for the contracts being 10 November 2022 at that time. In view of this fact, it was deemed prudent to allow sufficient time to approach the market, advertise/issue the 'Invitation to Supply', assess responses and undertake negotiations with shortlisted suppliers prior to the contract expiry (of 10 November 2022) to ensure that the SA government would continue to receive the best of market service and price for its continuing banking requirements.

4. The new government-wide banking contracts document the agreed information technology (IT) security clauses requiring the bank to notify the Treasurer, contract administrator and Office of the Chief Information Officer of any cyber event, and work with SA government over the course of the event. The supplier is directly reportable to the Australian Prudential Regulation Authority (APRA) for its prudential requirements, its governance and its licencing requirements to conduct its business. The supplier has appended its business-wide 'Information Security Standards' document to the contract for SA government banking services and there is an obligation by the supplier to annually attest to the SA government that it fulfils/satisfies the requirements outlined in this document. The cyber and IT security clauses documented in the contract were reviewed by the Department of the Premier and Cabinet information and communications technology (ICT) team during the contract negotiation phase of the procurement. The contracts were negotiated with the successful supplier in conjunction with Crown Solicitor's Office to provide the best commercial position for both the SA government and successful supplier.

5. There are no financial penalties incorporated in the contract in the event of a cyber attack.