Page 49 - ITU-T Focus Group Digital Financial Services – Interoperability
P. 49
ITU-T Focus Group Digital Financial Services
Interoperability
Key issues:
1.1 RPEs should identify and assess all potential sources of risk arising from an agreement before entering
into it and continue to assess on an ongoing basis once the agreement is established.
1.2 RPEs participating in an interoperability agreement should be able to meet all of their related obligations
to the other participating RPEs in a timely manner.
1.3 RPEs that participate in an interoperability agreement should ensure that the risks generated in one
system do not spill over and affect other systems.
1.4 Interoperability should not affect the ability of each RPE to continue to observe all applicable oversight
principles to which it is subjected.
42. Prior to entering into an interoperability agreement, RPEs should conduct an initial assessment to
evaluate the sources of risks potentially arising from the agreement. The type and degree of risk varies
according to the design and complexity of the agreement and depends on whether one or more jurisdictions
are involved in the agreement. Interoperability should be designed in such a way that risks are adequately
mitigated.
43. RPEs participating in an interoperable agreement should assess their risk management procedures
to ensure that they can effectively manage the risks that may arise from the agreement. In particular,
RPEs should have robust risk management procedures to manage the legal, financial, and operational risks
they are exposed to through other entities, as well as those they pose to other entities. These procedures
should include business continuity plans allowing for a rapid recovery and resumption of critical activities, or
alternative channels for processing cross-system payments.
44. An RPE participating in an interoperability agreement should be able to meet in a timely manner
all of its related obligations to the other participating RPEs. Furthermore, an RPE’s participation in an
interoperability agreement should not compromise its ability to meet in a timely manner its obligations toward
its own customers.
45. Furthermore, RPEs that participate in an interoperability agreement should ensure that the risks
generated in one system do not spill over and affect the soundness of the other systems. Mitigation of
such spillover effects may require the use of strong risk management controls. Particular attention should be
placed on the links connecting the systems by virtue of the agreement and the risks that could be transmitted
through such links.
Principle 2: A RPS that uses a RPE to achieve interoperability should measure, monitor and manage the
additional risks arising from the use of the RPE.
2.1 Before establishing an interoperability agreement, the RPS should analyse all the risks related to the RPE
selected to achieve interoperability.
2.2 The RPS should measure, monitor, and manage the additional risks (including legal, financial, and
operational) arising from the use of the RPE.
2.3 The RPS should ensure that the RPE does not unduly restrict usage of the link by any participant.
46. An RPS could use an RPE to achieve interoperability. This could be, for example, a switch platform or a
PSP such as a financial intermediary or a network operator. The RPS should measure, monitor, and manage
the risks related to the RPE on an ongoing basis and provide evidence to the oversight authority that adequate
measures have been implemented to limit and monitor these risks.
47. The management of risks should be commensurate to the number of parties involved in the
interoperability agreement. In particular, if the RPE is a provider of clearing and/or settlement services and
intervenes in the processing of the transactions, the number of entities through which the payment is routed
increases and raises the risks involved. As a result, the risks should be assessed, monitored, and mitigated
taking into consideration the higher number of entities involved in the agreement. The RPS should provide
participants with the information necessary to conduct an assessment of the risks associated with the RPE.
39