Oversight of payment systems, schemes and other financial market infrastructures
What is oversight
Oversight is one of the basic functions of the Czech National Bank (CNB) that helps ensure the safe and efficient operation of market infrastructures, such as payment and settlement systems, central securities depositories, and electronic payment instruments and schemes (especially card schemes). This function is regulated both in the Treaty on the Functioning of the EU[1] and in the Statute of the European System of Central Banks (ESCB[2]).
Oversight monitors market infrastructures on a preliminary basis, supports the efficiency of payment instruments and schemes, assesses them against existing standards and, if deficiencies are found, requires their correction.
Oversight must be distinguished from financial market supervision. In general, oversight focuses on the operators of financial market infrastructures and the rules they set,,assesing them against global or European standards. Supervision, by contrast, targets individual financial market participants (banks, payment institutions, securities dealers, etc.), ensuring they comply with legal obligations, typically as users of market infrastructure and payment schemes.
Standards of oversight
Financial market infrastructures are assessed against international standards. The Principles for Financial Market Infrastructures (PFMI) are key global standards for financial market infrastructures, building on previous standards of the Bank for International Settlements (BIS) and the International Organization of Securities Commissions (IOSCO). For electronic payment instruments, schemes, and arrangements, the relevant standard is the ECB’s Eurosystem oversight framework for electronic payments (PISA), which has replaced several earlier ECB standards in this area. Regarding cyber resilience, the applicable standard is the ECB’s Cyber Resilience Oversight Expectations for Financial Market Infrastructures (CROE).
Financial market infrastructures
The PFMI principles pertain to systemically important payment systems, settlement systems, central securities depositories, central counterparties, and trade repositories Following on from these principles, the BIS and IOSCO have published a number of documents and methodologies for their implementation. These are available on the BIS website.
In 2018, the ECB issued CROE, emphasizing the importance of cyber resilience for the operational resilience of financial infrastructures and, consequently, the overall resilience of the financial system and the broader economy. Another tool for enhancing cyber resilience is the European standard for advanced Threat intelligence-based ethical red teaming (TIBER-EU). The CNB has adopted this standard in the area of financial market supervision and intends to apply in oversight as well.
Electronic payment instruments, schemes and arrangements
The Eurosystem has published the oversight framework for electronic payments (PISA), following a public consultation in 2020.
The framework introduces a set of principles based on international standards for evaluating the safety and efficiency of electronic payment instruments, schemes, and arrangements, specifically those not forming part of payment systems.
Oversight by the Czech National Bank
Oversight is one of the statutory functions of the CNB, as laid down in the initial provisions of the Act on the CNB: “The CNB shall...contribute to the safety, reliability and efficiency of payment and settlement systems and to their development.”
The CNB’s priority in oversight is particularly the cyber resilience of systemically important financial infrastructures in the Czech Republic (the CERTIS interbank payment system, the SKD short-term bond system, and the Central Securities Depository). These are assessed against the BIS, IOSCO, and ECB recommendations and standards.
The CNB performs the following activities as part of its oversight function:
- Monitoring of market infrastructures operated in the Czech Republic[3] (CERTIS, SKD, card payment schemes)
- Monitoring and evaluating whether these infrastructures operate in accordance with European and international standards and recommendations
- Evaluating crisis situations in these infrastructures
- Recommending possible system modifications to correct identified deficiencies.
Assessments performed
1. CERTIS payment system
The CNB conducted the first assessment of the operational reliability of the systemically important payment system CERTIS, owned and operated by the CNB, in 2008.
The most recent assessment was conducted in 2023 according to the PFMI principles, focusing on changes since 2016 in system governance, risk management, participant default, and operational risk. The result was that CERTIS continues to comply with PFMI standards. Two principles were found to be only partially met, but these deficiencies were subsequently remedied.
2. SKD short-term bond system
The CNB conducted the first assessment of the operational reliability of the SKD short-term bond system, owned and operated by the CNB, in 2008. The SKD maintains a separate register of securities and settles securities transactions recorded in this register.
The latest assessment of the SKD, conducted by the CNB in 2023 according to the PFMI principles, focused on changes since the previous PFMI assessment in 2018, particularly in the areas of governance and risk management. The result was that the SKD complies with the standards. One principle was found to be only partially fulfilled, but this shortcoming was subsequently remedied.
[1] Article 127(2) of the Treaty on the Functioning of the European Union
[2] Article 3(1) of the Statute of the European System of Central Banks
[3] The Central Securities Depository (CDCP) indeed forms part of the financial market infrastructure. However, the Czech National Bank (CNB) exercises its oversight over the CDCP mainly in the realm of cyber resilience, following the Cyber Resilience Oversight Expectations (CROE). This is because the requirements stemming from the Principles for Financial Market Infrastructures (PFMI) have been integrated into the EU Regulation No. 909/2014 on improving securities settlement in the European Union and on central securities depositories (CSDR). Therefore, the CDCP is primarily subject to CNB's supervision concerning compliance with CSDR requirements.