ECB-UNRESTRICTED Eurosystem oversight of retail payment systems and retail payment instruments Stephanie Czák ECB World Bank Global Payments Week Lisbon, 23 October 2012
ECB-UNRESTRICTED
Eurosystem oversight of retail
payment systems and retail
payment instruments
Stephanie Czák ECB
World Bank Global Payments Week
Lisbon, 23 October 2012
ECB-UNRESTRICTED
Overview
1. Oversight of retail payment systems (RPS)
- Application of CPSS-IOSCO PFMI
- Eurosystem expectations for links
2. Oversight of retail payment instruments &
work of the European Forum on the security of
retail payments (SecuRe Pay)
2
ECB-UNRESTRICTED
The objectives of payment systems
oversight
Maintaining systemic stability
Ensuring efficiency of payment systems
Maintaining public confidence in payment systems
Protecting the transmission channel for monetary policy
Objectives for retail payment systems and payment instruments
3
ECB-UNRESTRICTED
1. OVERSIGHT OF RETAIL
PAYMENT SYSTEMS (RPS)
4
ECB-UNRESTRICTED
Review of the RPS oversight standards
Motivation
5
ECB-UNRESTRICTED
New classification criteria for RPS
• Number of countries involved in a RPS via direct participants from abroad or interoperability links
• Payments send via cross-border channels
A: Cross-border
dimension
• Market share in euro area (all payments)
• Market share in euro area (cross-border payments)
• Market share at national level
B: Degree of market
penetration
• Total daily average value C: Size
6
Work in progress
ECB-UNRESTRICTED
Review of the RPS oversight standards
• New Classification of retail payment systems
– ERPS (RPS of European importance)
– NSIRPS (Systemically important RPS at national
level)
– NPIRPS (Prominently important RPS at national
level)
– Other RPS
Cooperative oversight arrangements for
• ERPS and
• RPSs with cross-border relevance
7
Work in progress
ECB-UNRESTRICTED
Applicability of CPSS-IOSCO PFMI
per category of RPS
PRINCIPLES
ER
PS
NS
IR
PS
NP
IR
PS
Oth
er
Principle 1: Legal basis X X X X
Principle 2: Governance X X X X
Principle 3: Framework for the comprehensive management of risks X X X X
Principle 4: Credit risk X X
Principle 5: Collateral X X
Principle 7: Liquidity risk X X
Principle 8: Settlement finality X X X X
Principle 9: Money settlements X X X
Principle 13: Participant-default rules and procedures X X X X
Principle 15: General business risk X X
Principle 16: Custody and investment risks X X
Principle 17: Operational risk X X X X
Principle 18: Access and participation requirements X X X X
Principle 19: Tiered participation arrangements X X
Principle 21: Efficiency and effectiveness X X X X
Principle 22: Communication procedures and standards X X X
Principle 23: Disclosure of rules, key procedures, and market data X X X X
Total number of applied principles 17 17 11 8
8
Work in progress
ECB-UNRESTRICTED
Oversight expectations for links between RPS
Aspects and risks covered:
9
General risk management
of links Legal risk
Operational risk
Financial risk Access criteria Efficiency
Governance Indirect and relayed links
Work in progress
ECB-UNRESTRICTED
2. OVERSIGHT OF
PAYMENT INSTRUMENTS
& WORK OF EUROPEAN
FORUM ON THE SECURITY OF
RETAIL PAYMENTS
10
ECB-UNRESTRICTED
Overview oversight expectations for
electronic payments instruments* Existing oversight expectations Access channel
Expectations in development
/under consideration Terminals Remote
contact technology
co
nta
ctl
ess
tech
no
logy (
e.g
. NF
C)
via internet
via
oth
er
co
mm
un
icati
on
netw
ork
s
(e.g
. mail, tel
ephon
e or
der
)
Paym
en
t in
stru
men
t
Credit transfer
Oversight framework for CT access by the account holder directly
and in person
access to the payment account involving
a third party provider
Direct debit
Oversight framework for
DD
Cards (physical, virtual)
Oversight framework for
cards
E-money (physical, virtual)
EMSSO, Harmonised
approach &standards for PI
Review ongoing
(adjustments for virtual e-
money) 11
* Paper based retail payment instruments are out of scope
ECB-UNRESTRICTED
12
European Forum on the security of retail
payments (SecuRe Pay)
The Forum:
• a platform for cooperation between central bank
overseers and supervisors
• Observers: European Commission, Europol
Scope:
• electronic retail payment services, instruments
& payment service providers
Mandate of the Forum
• Facilitate common understanding among authorities
• Make recommendations
ECB-UNRESTRICTED
SecuRe Pay Recommendations
for the security of internet payments
13
General control and security environment
Work in progress
ECB-UNRESTRICTED
Specific control and security measures for
internet payments
Initial customer
identification,
information
Strong customer authentication
Enrolment for & provision of strong authentication tools
Log-in attempts, session time-out,
validity of authentication
Transaction monitoring and authorisation
Protection of sensitive payment
data
Customer education and communication
Customer alerts and notifications,
setting of limits for internet payment
transactions 14
Work in progress
ECB-UNRESTRICTED
15
SecuRe Pay work on
Access to Payment Accounts
Scope: Access by a party, which is neither the account owner
nor the account servicer
• Account information services
• Payment initiation services
Risks:
Unregulated services, liabilities not clarified
Risks due to additional actors involved
Risks due to additional communication sessions
Changing customer behaviour
Work in progress
ECB-UNRESTRICTED
Questions?
16