ITU-T Focus Group Digital Financial Services
                                                       Interoperability



               Key issues:

               1.1  RPEs should identify and assess all potential sources of risk arising from an agreement before entering
                    into it and continue to assess on an ongoing basis once the agreement is established.
               1.2  RPEs participating in an interoperability agreement should be able to meet all of their related obligations
                    to the other participating RPEs in a timely manner.
               1.3  RPEs that participate in an interoperability agreement should ensure that the risks generated in one
                    system do not spill over and affect other systems.

               1.4  Interoperability should not affect the ability of each RPE to continue to observe all applicable oversight
                    principles to which it is subjected.

               42. Prior to entering into an interoperability agreement, RPEs should conduct an initial assessment to
               evaluate the sources of risks potentially arising from the agreement. The type and degree of risk varies
               according to the design and complexity of the agreement and depends on whether one or more jurisdictions
               are involved in the agreement. Interoperability should be designed in such a way that risks are adequately
               mitigated.

               43. RPEs participating in an interoperable agreement should assess their risk management procedures
               to ensure that they can effectively manage the risks that may arise from the agreement. In particular,
               RPEs should have robust risk management procedures to manage the legal, financial, and operational risks
               they are exposed to through other entities, as well as those they pose to other entities. These procedures
               should include business continuity plans allowing for a rapid recovery and resumption of critical activities, or
               alternative channels for processing cross-system payments.
               44. An RPE participating in an interoperability agreement should be able to meet in a timely manner
               all of its related obligations to the other participating RPEs. Furthermore, an RPE’s participation in an
               interoperability agreement should not compromise its ability to meet in a timely manner its obligations toward
               its own customers.

               45. Furthermore, RPEs that participate in an interoperability agreement should ensure that the risks
               generated in one system do not spill over and affect the soundness of the other systems. Mitigation of
               such spillover effects may require the use of strong risk management controls. Particular attention should be
               placed on the links connecting the systems by virtue of the agreement and the risks that could be transmitted
               through such links.

               Principle 2: A RPS that uses a RPE to achieve interoperability should measure, monitor and manage the
               additional risks arising from the use of the RPE.
               2.1  Before establishing an interoperability agreement, the RPS should analyse all the risks related to the RPE
                    selected to achieve interoperability.
               2.2  The RPS should measure, monitor, and manage the additional risks (including legal, financial, and
                    operational) arising from the use of the RPE.
               2.3  The RPS should ensure that the RPE does not unduly restrict usage of the link by any participant.

               46. An RPS could use an RPE to achieve interoperability. This could be, for example, a switch platform or a
               PSP such as a financial intermediary or a network operator. The RPS should measure, monitor, and manage
               the risks related to the RPE on an ongoing basis and provide evidence to the oversight authority that adequate
               measures have been implemented to limit and monitor these risks.

               47.  The  management  of  risks  should  be  commensurate  to  the  number  of  parties  involved  in  the
               interoperability agreement. In particular, if the RPE is a provider of clearing and/or settlement services and
               intervenes in the processing of the transactions, the number of entities through which the payment is routed
               increases and raises the risks involved. As a result, the risks should be assessed, monitored, and mitigated
               taking into consideration the higher number of entities involved in the agreement. The RPS should provide
               participants with the information necessary to conduct an assessment of the risks associated with the RPE.



                                                                                                       39