Oversight of payment systems and other financial market infrastructures
- What is oversight
- Function and standards of oversight
- Oversight by the Czech National Bank
Oversight of payment systems is one of the basic functions of the European System of Central Banks according to Article 127(2) of the Treaty on the Functioning of the European Union and Article 3(1) of the Statute of the European System of Central Banks. Oversight is aimed at preventing systemic risk, promoting efficiency of payment systems and means of payment, and ensuring security of, and public trust in, the currency. Its stabilisation function is particularly important, because failures arising from potential risks in payment systems can result in disruptions to monetary and financial stability. In addition to the stabilisation function, its function in the consumer protection area is of obvious relevance.
The oversight function applies primarily to payment systems because these are a major channel for the transfer of money. If a payment system or a participant fails, the effects can spread through domestic and international financial systems and markets. If the failure of a system or a participant can cause other participants to fail and is thus able to transmit shocks through the financial infrastructure, such a payment system is classified as a systemically important payment system (SIPS).
In the context of payment systems, oversight is focused first of all on systemically important large-value payment systems (LVPSs), which make most of the transfers in terms of value. They are followed by retail payment systems (RPSs), which conversely dominate in terms of numbers of payments, then securities settlement systems (SSSs) and central counterparties (CCPs). Oversight in Europe has also gradually expanded to include means of payment and trade repositories for OTC derivatives (TRs).
Oversight of payment and settlement systems is defined as a central bank function whereby the objectives of safety and efficiency are promoted by monitoring existing and planned systems, assessing them against the objectives and, where necessary, inducing change.
Oversight must be distinguished from financial market supervision. In general, oversight is focused on the operators of financial market infrastructure (payment systems, securities settlement systems, etc.) and on assessing them against approved standards, whereas supervision is targeted at individual financial market participants who use the market infrastructure (banks, payment institutions, investment firms, etc.).
Effective fulfilment of the most important oversight function, i.e. ensuring the safe and smooth functioning of market infrastructure, is conditional on compliance with the following three steps:
Setting the standards applied by the competent authority responsible for oversight and preparing relevant legal frameworks and a methodology governing oversight (defining the position and function of oversight).
Executing oversight, i.e. collecting and analysing relevant information in regular or ad-hoc assessments, identifying any shortcomings in a system’s functioning and subsequently providing the system operator with specific recommendations.
Compliance with recommendations is then achieved using
- formal instruments (e.g. ECB regulations and legislative acts of national central banks),
- informal instruments (moral appeals),
- possible restrictions on the provision of services imposed by the Eurosystem or national central banks,
- cooperation with other competent authorities.
Payment and securities settlement systems are assessed against international standards. In this respect, the global standards of the Principles for financial market infrastructures, which build on the previous standards of the Bank for International Settlements (BIS) and the ECB, are crucial for financial market infrastructures. For electronic payment instruments, schemes and arrangements, the ECB's The Eurosystem oversight framework for electronic payments (PISA) standard is relevant, replacing the ECB's previous standards in this area. In the area of cyber resilience of financial market infrastructures, the ECB‘s Cyber resilience oversight expectations for financial market infrastructures (CROE) standard is relevant.
Financial market infrastructures
Principles for Financial Market Infrastructures (PFMI) pertain to SIPS, SSSs, central securities depositories (CSDs), CPs and TRs. The principles were drawn up by the Committee on Payment and Settlement Systems (CPSS) of the BIS and the Technical Committee of the International Organization of Securities Commissions (IOSCO). In their work, the committees used the existing standards, updated to incorporate experience gained from their application.
In connection with these principles the CPMI and IOSCO have issued a number of documents and methodologies for their implementation. These are available on the BIS website.
In order to have sufficient powers and resources to fulfil its tasks, including taking corrective action, and to ensure the efficiency and soundness of SIPS, the European Central bank (ECB) decided to implement the PFMI in the form of a regulation. On 3 July 2014, it therefore published Regulation of the European Central Bank (EU) No 795/2014 on oversight requirements for systemically important payments systems, which the Eurosystem uses to assess SIPS (both LVPSs and RPSs). The Regulation has been amended several times, the latest consolidated version is available here. The regulation contains criteria enabling a Eurosystem payment system to be classified as systemically important. In connection with this Regulation, the ECB issued a Payment system classification, in which it classifies TARGET2, EURO1, STEP-T and CORE as SIPS. Following the ECB Decision of 20 May 2020 (ECB/2020/26), the ECB has identified the MASTERCARD CLEARING MANAGEMENT SYSTEM as the next SIPS. Up-to-date information is also available on the ECB's website.
In 2018, the ECB issued Cyber resilience oversight expectations for financial market infrastructures (CROE). Cyber resilience is an important aspect of FMIs’ operational resilience and is thus also a factor affecting the overall resilience of the financial system and the broader economy. The cyber resilience oversight expectations are based on the global guidance on cyber resilience for financial market infrastructures. This guidance was published by the Committee on Payments and Market Infrastructures and the Board of the International Organisation of Securities Commissions (CPMI-IOSCO) in June 2016.
Electronic payment instruments, schemes and arrangements
The Eurosystem has published the oversight framework for electronic payment instruments, schemes and arrangements (PISA), following a public consultation in 2020. The framework aims to contribute to the efficiency and safety of the current and future payments ecosystem as part of the ECB’s statutory task to promote the smooth operation of payment systems. It replaces the current Eurosystem oversight approach and oversight standards for payment instruments, including all the related oversight frameworks for cards, direct debits and credit transfers, as well as the security objectives for e-money.
The PISA framework establishes a set of oversight principles, based on international standards, to assess the safety and efficiency of electronic payment instruments, schemes and arrangements. The framework defines electronic payment instruments, schemes and arrangements as follows.
An electronic payment instrument is a personalised device (or set of devices), software and/or set of procedures agreed between the end user and the payment service provider to request the execution of an electronic transfer of value. Examples of electronic payment instruments are credit transfers, direct debits, payment cards, e-money transfers and digital payment tokens.
A scheme is a set of formal, standardised and common rules enabling the transfer of value between end users by means of electronic payment instruments. It is managed by a governance body. Examples of schemes are card payment schemes, e-money schemes, digital payment token schemes, credit transfer schemes and direct debit schemes.
An arrangement is a set of operational functionalities which support the end users of multiple payment service providers in their use of electronic payment instruments. The arrangement is managed by a governance body which, inter alia, issues the relevant rules or terms and conditions. An example is electronic wallets.
In line with the above, one of the Czech National Bank’s functions is oversight of payment and settlement systems in the Czech Republic. The oversight function is legally incorporated into Article 2 of the Act on the CNB (pdf, 238 kB): “In accordance with its primary objective, the CNB shall…contribute to the safety, soundness and efficiency of payment and settlement systems and to the development thereof”. This provision is complemented by Article 38a of this Act: “In order to undertake its tasks arising under Article 2(2)(c), the Czech National Bank shall be entitled to require from a payment system operator, settlement system operator, payment services provider and electronic money issuer information pertaining to the operation of such systems and information pertaining to the provision of payment services and the issuance of electronic money, and these entities shall be obliged to provide such information to the Czech National Bank.”
By performing this activity, the CNB ranks among the central banks of the EU Member States which execute oversight.
The CNB's priority in this area has long been the cyber resilience of the systemically important financial infrastructures in the Czech Republic (CERTIS, SKD and the Central Securities Depository). This is assessed against the BIS, IOSCO and ECB recommendations and standards.
The CNB performs the following activities as part of its oversight function:
- monitoring market infrastructure operated in the Czech Republic (the CERTIS payment system, the SKD and the Central Securities Depository securities settlement systems, and card payment schemes),
- cooperative oversight – monitoring Clearstream Operations Prague, s.r.o. in cooperation with the Central Bank of Luxembourg (Banque Centrale du Luxembourg, BCL),
- monitoring and evaluating whether these infrastructures operate in compliance with the standards and recommendations of European and international institutions
- evaluating crisis situations in these infrastructures,
- inducing possible changes in systems resulting in the removal of shortcomings.
1. CERTIS payment system
The CNB conducted the first assessment of the operational reliability of the systemically important payment system CERTIS, owned and operated by the CNB, in 2008. The assessment was done in accordance with the European recommendation for ensuring business continuity in crisis situations for systemically important payment institutions (Business Continuity Oversight Expectations for SIPS) issued by the ECB. It confirmed that the CERTIS is fully compliant with the principles required by this standard.
In late 2010/early 2011, the CNB performed a comprehensive assessment of the CERTIS payment system against the Core Principles for Systemically Important Payment Systems drawn up by the BIS and the Terms of Reference for the Oversight Assessment of Euro Systemically and Prominently Important Payment Systems Against the Core Principles issued by the ECB. This assessment revealed that CERTIS fulfils all the core principles required by the recommended standard. The assessment result ranks CERTIS in the highest category “Observed”.
A third assessment of CERTIS was conducted at the CNB in 2015–2016, this time against the Principles for Financial Market Infrastructures (PFMI) in accordance with the assessment methodology. This assessment again found that the system is of a high standard. Comments were discussed and minor shortcomings then removed.
2. SKD short-term bond system
The CNB conducted the first assessment of the operational reliability of the SKD short-term bond system, owned and operated by the CNB, in 2008. The SKD is a separate register of securities and a settlement system for securities recorded in this register. In accordance with the PFMI, it is a systemically important settlement system in the Czech Republic. The assessment was focused on ensuring settlement continuity in crisis situations and was conducted according to the international Recommendations for Securities Settlement Systems and the international criteria for assessing these recommendations (Assessment methodology for “Recommendations for Securities Settlement Systems”) set by the BIS, specifically Recommendation 11, Operational reliability.
Over the first six months of 2011, the CNB comprehensively assessed the SKD in accordance with all the European recommendations for securities settlement systems and central counterparties (Recommendations for Securities Settlement Systems and Recommendations for Central Counterparties in the European Union) issued in 2009 by the ECB and the Committee of European Securities Regulators (CESR). The assessment proved that the SKD is compliant with the relevant applicable recommendations.
In 2018 CNB assessed the SKD in accordance with the PFMI assessment methodology. The final assessment report contains information about the SKD condition and besides other things it mentions that the SKD complies with the vast majority of requirements set in PFMI, describes related risks with the securities settlement and the provision the CNB accepted to prevent these risks.
3. Central Securities Depository Prague, a.s. (CSDP)
The CSDP (formerly UNIVYC, a.s.) is a subsidiary wholly owned by the Prague Stock Exchange. It keeps the central register of book-entry securities and settles transactions in investment instruments. In accordance with the PFMI, it is a systemically important central securities depository in the Czech Republic.
On the basis of the CNB request the CSDP conducted a self-assessment in accordance with the PFMI assessment methodology. The final assessment report contains information about the CDCP condition and answers to questions proving that the CDCP complies with the respective standards.
4. Card payment schemes
There are no domestic card payment schemes operating in the Czech Republic. International card payment schemes operating in the Czech Republic include MasterCard, the lead overseer of which is the National Bank of Belgium, and VISA, American Express and Diners, whose lead overseer is the ECB. In 2009, a Memorandum of Understanding on sharing confidential information for the oversight of card payment schemes was signed between the assessment groups’ lead overseers and the relevant central banks of non-euro area Member States, including the Czech Republic. This memorandum aims to enable to exchange information obtained from oversight of card payment schemes at the national level.
In 2013–2014, assessments of the individual card payment schemes (with the exception of Diners) in accordance with the Oversight framework for card payment schemes – standards were completed and sent to central banks.
The CNB is in contact with representatives of the above-mentioned card schemes in the Czech Republic. Cooperation and exchange of information between the CNB and the Bank Card Association also contribute to the monitoring of card schemes and the situation in the area of payment cards.
5. Clearstream Operations Prague s.r.o.
Clearstream Operations Prague, s.r.o. (COP), to which the Luxembourg settlement system Clearstream Banking S.A. has outsourced some of its support services, started operating in the Czech Republic in 2009. At the request of the Central Bank of Luxembourg (BCL), a Memorandum of Understanding between the BCL and the CNB concerning the oversight of Clearstream Operations Prague, s.r.o. was signed. In this memorandum, the CNB undertook to execute oversight of COP in the area of operational risk.
At the request of the CNB, COP conducted a self-assessment consisting in completing a detailed questionnaire to determine the operational reliability of its activities. The questionnaire was designed in accordance with the BIS international standards Recommendations for Securities Settlement Systems.
COP reports selected statistical data to the CNB twice a year. Exceptional events are reported to the CNB immediately.