Dia 1

Oversight, PFMI and Business ContinuityManagement

Michiel van Doeveren

Sixth Macedonian Financial Sector Conference onPayments and Securities Settlement Systems

Ohrid, 1-3 July 2013

Agenda

What is Oversight?

Standards and methodology

Overlay services and access to bank accounts

CPSS Principles for Financial MarketInfrastructures

Framework for Business Continuity Planning

DNB – Oversight: Mission

Oversight aims to contribute to and

maintain financial stability by

•Reducing systemic risks

•Promote adequate payment settlements in theNetherlands

Criterium for DNB Oversight: relevance for TheNetherlands (both domestically and locatedabroad)

DNB – Oversight - Objects

•Payment systems

•Wholesale

•retail

•Payment instruments

•Securities clearing and settlement

•Risk-based approach, no scientific approach (so far)

•Accountability (and explain)

•Annual Oversight Report,

http://www.dnb.nl/Oversight

Oversight on Equens

•European Market Share: 10-15%

•10 crossborder links with other Retail PaymentSystems

•Regular meetings with operator: every 6 weeks

•Quarterly meetings with CEO Equens and HeadOversight

Oversight(on payment schemes)

Oversight framework:Standards

Oversight methodology:Key issues

Oversight guide:Key checkpoints

Oversight standards(for payment schemes)

Standard 1: The scheme should have a sound legal basis under allrelevant jurisdictions

Standard 2: The scheme should ensure that comprehensiveinformation , including appropriate information on financial risks, isavailable for all actors

Standard 3: The scheme should ensure an adequate degree ofsecurity, operational reliability and business continuity

Standard 4: The scheme should implement effective, accountableand transparent governance arrangements

Standard 5: The scheme should manage and contain financial risksin relation to the clearing and settlement process

Rest of Economy

End-investors

Consumers

Merchants Banks

Corporates

Pension Funds

Insurance companies

Government / Public sector

FMI FMI Venn diagram diagram

ELMI

Correspondentbanking

Payment Institutions

Retail paymentinstruments

FinanciaI

Infrastructure

Exchange MTF

ACH

CSP

OTC trading

Financial

MarketInfrastructures

CCP

SSS

CSD

SIPS

Banks as participant of FMIs

FMI Warehouse (links)

ACH

SIPS

ExchangeMTF

CCP

SSS

CSD

OTC

CCP

Bank

Direct participant of FMI

Indirect participantof FMI

Bank

Endclient

Correspondentbanking

CSP

Messaging (SWIFT)DatacomIT-processing

System-based

Three types ofinterdependencies

Environmental

Institutions-based

Fundamental risks financial infrastructure

•Three fundamental risks:

•Settlement risk (at level individual transactions anywhere)

•Infrastructural systemic risk (at the 1st and 2nd floor of warehouse)

•

•Social unrest (warehouse basement and ground floor)

•Improve safety and efficiency of financial infrastructure financial stability

•Mitigate infrastructural systemic risk

•Prevent social unrest

•Oversight assesses compliance with internationallyagreed principles (standards) and induces changewhere compliance is not fully observed

•No standards, no oversight

Why Oversight on Financial Infrastructure?

•Risk reduction standards

•Minimum character

•Principle-based, not rule-based

•Prevention (ex ante)

•Design of systems

•Feedback (cyclical)

•Assessment of operation of systems

Features of the Oversight Principles

Oversight scoring table

Scoring per principle; no overall score

Example assessment outcome of a CCP

European Multilateral Clearing Facility (EMCF)

How are the Oversight standards set?

•Committee on Payment and Settlement Systems(CPSS)

•International Organisation of SecuritiesCommissions (IOSCO)

•Eurosystem (User Standards for SSS and standardsfor credit transfers, direct debit and cards)

•CPSS-IOSCO Principles for Financial MarketInfrastructures (2012)

What are financial market infrastructures?

•Definition:

•An FMI is a multilateral system among participatingfinancial institutions, including the operator of thesystem, used for the purposes of recording, clearing, orsettling payments, securities, derivatives, or otherfinancial transactions.

•In practice:

•Systemically Important Payment Systems (SIPS)

•Central Securities Depositories (CSD)

•Securities Settlement Systems (SSS)

•Central Counterparties (CCP)

•Trade Repositories (TR)

Principles forFinancial MarketInfrastructures (24)

Generalorganisation (3)

Efficiency (2)

Credit &liquidity riskmanagement (4)

Settlement (3)

CSDs andexchange of valuesettlementsystems (2)

Defaultmanagement (2)

Transparency(2)

General businessand operational riskmanagement (3)

Access (3)

Legal risk

Governance

Credit risk

Collateral

Liquidity risk

Margin

Finality

Physicaldeliveries

CSD

DVP

Participantdefault

Segregation& portability

Disclosuremarket data

Disclosuresystem rules

Operational risk

Investment risk

Links

Tiering

Access

Efficiency

Risk management framework

Communicationstandards

Moneysettlements

Business risk

CPSS-IOSCO Principles for FMIs

Legend: completely new raising the bar basically unchanged

Dual consent: a new approach

•Integrated approach

•Access to a bank account by a third party isonly acceptable if account holder and bankagree contractually on the conditions.

Discussion points

•How to stimulate innovations and security inthe access to payment accounts?

•Is Dual Consent a good solution for access topayment acounts?

•Are there other elements to take care on in thefurther analysing of the approach?

Principles for Financial MarketInfrastructures (FMI)

Co-production of:

•BIS Committee on Payment and SettlementSystems

•Technical Committee of the Internationalorganization of Securities Commission (IOSCO)

•FMI Principles replaces all older separateprinciples for Systemically Important PaymentSystems, Securities Settlement Systems andRetail Payment Systems

•Final report was publishes in 2012

FMI Principles

General organisation

•Principle 1: Legal basis

•Principle 2: governance

•Principle 3: Framework for the comprehensivemanagement of risks

Business ContinuityManagement

What is Business Continuity?

•Business Continuity Management: a whole-of-business approach, that includes policies,standards, and procedures, to ensure (critical)operations can be maintained, or restored in atimely fashion, in the event of a disruption.

•Its purpose is to minimise the financial, legal,reputational and other material consequencesarising from disruptionSource: BIS 2005

Financial Core Infrastructure(FCI)

•The FCI is:

•A list of financial institutions andfinancial market infrastructures that formthe critical parts of the Dutch paymentand securities infrastructure

•Compiled by DNB in collaboration withMinistry of Finance and Authority forFinancial Markets (AFM)

Financial Core Infrastructure

Why:

•Effective operational crisis management

•Stricter requirements for crucial playersconcerning operational reliability

Financial Core Infrastructure

Criteria:

•Disruption of the institution leads to largefinancial losses for the economy or leads toserious social upheaval.

•The institution is directly regulated in theNetherlands.

•Cumulative 80% of the total transaction volumeor value.

Financial Core Infrastructure

Requirements for FCI institutions:

•Comply with the DNB Business ContinuityAssessment Framework.

•Participate in the sector crisismanagementorganisation

•Connect to the terrorism alert system.

•Contribute to critical infrastructure programs andprojects.

Tripartite CrisismanagementOrganization

•The goal of this organisational structure is toperform sector crisis management in case of amajor operational disruption of payment and / orsecurities systems and infrastructures.

Tripartite CrisismanagementOrganization

(inter)national crisismanagement

DNB BCP Assessment Framework (1)

•Drafted in cooperation with the financial institutions

•Commitment to use it on a high level

•Assessment Framework consists of

•9 ‘principles’

•Guidance note Human Factor

•Agreement between DNB and the financial sector for joint BCPinitiatives

•In line with international principles such as BIS

•Used by supervisor and overseer to assess the institutions

of the financial core infrastructure against these principles

DNB BCP Assessment Framework (2)

1.BCP should be approved by the EB/seniormanagement

2.Risk analyses of critical systems and activitiesshould be made

3.Explicit attention should be paid to the humanfactor

DNB BCP Assessment Framework (3)

4. Each institution should have a crisisorganisation, including senior management

5.Single points of failure (SPOFs) should beidentified

6.Critical processes and systems should beresumed as quickly as possible

DNB BCP Assessment Framework (4)

7. A back-up site/secondary site should beavailable

8. Alternate systems and contingency proceduresshould be regularly tested and exercised

9. Each institutions should have a communicationplan for all stakeholders

DNB Assessment framework

Why is the processunavailable?

What is the cause?

What controls /measures areavailable?

What residualrisks remain?

(Partial) unavailabilityof (and/or)

People

IT systems

Communications

Buildings



Natural calamities (fire,storm, earthquake, floodetc.)

Technical failure(hardware / softwaremalfunction, power cutetc.)

Organisational failure(human error, sicknessetc.)

Wilful malice (sabotage,terrorism, cybercrimeetc.)

Measure /controlcategories:

Preventive

Detective

Corrective

Response

List ofacceptedresidual risks

Guidance Note Human factor

•Assessment showed that institutions haveproblems with principle 3, paying explicit attentionto the human factor

•DNB developed a ‘Guidance note human factor’ toassess the human factor aspect for criticalsystems and business processes, depending onthe level of knowledge that is required (specific inthe extreme, highly specific, specific, not veryspecific, not specific)

•Matrix with level of required knowledge and humanfactor strategy  see www.dnb.nl – payments -BCP