THE NATIONAL PAYMENT SYSTEMS OVERSIGHT FRAMEWORK FOR THE MALDIVES MONETARY AUTHORITY September 2019 1 Abbreviations ACH Automated Clearing House AG Attorney General AML Anti Money Laundering ATMs Automated Teller Machines BCP Business Continuity Plan BIS Bank for International Settlement BML Bank of Maldives CAM Communications Authority-Maldives CBSL Central Bank of Sri Lanka CCP Central Counter Party CDS Central Depository System CFT Countering Financing of Terrorism CIT Cheque Imaging and Truncation CPSS Committee on Payment and Settlement Systems DG Deputy Governor FMIs Financial Market Infrastructures GOM Government of Maldives IOSCO International Organization of Securities Commissions LICs Low Income Countries MMA Maldives monetary Authority MMIC Mobile Money Implementation Committee MNOs Mobile Network Operators MVR Maldives Rufiyaa NAPS National Payment Switch NPS National Payments System NPC National Payments Council OFID Other Financial Institutions Department OSU Oversight Unit POS Point of Sale PSA Payment System Bill PSSOU Payment and Settlement Oversight Unit RTGS Real Time Gross Settlement System SEC Securities and Exchange Commission SIPs Systemically Important Payment Systems SSSS Scripless Securities Settlement TRs Trade Repositories 2 Table of Contents Executive Summary ........................................................................................................................................ 5 1.0 Introduction and Purpose of Report .......................................................................................................... 6 1.1 Payment and Settlement Systems Oversight: Objectives ..................................................................... 7 1.1.1 Containment of systemic and other payment risks: .............................................................................. 7 1.1.2 Payment and Settlement Systems Oversight: Areas of Monitoring: .................................................... 7 1.1.3 Implementation of a Structured Payment System Oversight and Its Benefits: .................................... 7 1.2 International Standards of Oversight ........................................................................................................ 7 1.2.1 The BIS/IOSCO 24 principles: Responsibilities of the regulatory authorities. .................................. 8 1.2.2. Responsibility A: Regulation, supervision, and oversight of FMIs .................................................... 9 1.2.3. Responsibility B: Regulatory, Supervisory and oversight powers and resources .............................. 9 1.2.4 Responsibility C: Disclosure of policies with respect to FMIS ........................................................... 9 1.2.5 Responsibility D: Adoption and application of the CPSS-IOSCO Principles for FMIs ...................... 9 1.2.6 Responsibility E: Cooperation with other authorities ........................................................................ 10 2.0 The Background: Payment System Development in the Maldives ...................................................... 10 2.1 Payment and settlement landscape in the Maldives: ............................................................................... 10 2.1.1 High value SIPS ................................................................................................................................. 10 2.1.2 Other small-scale payment systems: .................................................................................................. 10 2.2 Legal and regulatory framework ............................................................................................................. 10 2.3 PSSOU of MMA: The Mandate.............................................................................................................. 11 2.3.1 The PSSOU Mandate Requires Revision ........................................................................................... 11 2.3.2 Widening Scope of Oversight Activities by PSSOU ......................................................................... 12 2.4 Critical Areas of Focus and New Responsibilities for PSSOU:......................................................... 13 2.4.1 Determination of a SIP: ................................................................................................................... 13 2.5. Organigram, New Functional Areas for PSSOU ................................................................................... 14 2.5.1 Policy and development ..................................................................................................................... 14 2.5.2 Research and Statistics Unit ............................................................................................................... 15 2.5.3 Monitoring and Compliance Unit ...................................................................................................... 15 2.6 Adoption of Guiding Principles for Oversight Activities .................................................................... 15 2.7 Business Continuity Process (BCP) ........................................................................................................ 16 2.8 Analysis of Information and Reporting on Oversight Activities ............................................................ 16 3.0 Challenges to be Faced by PSSOU-MMA .............................................................................................. 17 3.1 Lack of an appropriate legal framework to oversee the payment and settlement systems: .................... 17 3.2 E-money Issuing Banks and Safety of Customer Funds ......................................................................... 17 3.3 Lack of Interoperability in Payment Infrastructure ................................................................................. 18 3.4 Avoidance of Potential Failures .............................................................................................................. 19 3.4.1 Coordination failures: ......................................................................................................................... 19 3.4.2 Maintaining a Level-playing Field and Avoidance of Non-contestable Monopolies ........................ 19 3 3.4.3 Information asymmetry and biased decision making: ........................................................................ 19 3.4.4 Underinvestment in safety mechanisms in payment and settlement systems: ................................... 19 3.4.5. Ignorance and Negligence of Early Identification and Mitigation of Payment and Settlement Risks ..................................................................................................................................................................... 20 3.5 Other Potential Risks: ............................................................................................................................. 20 4.0 Establishment and Constitution of NPC ................................................................................................. 21 4.1 NATIONAL PAYMENT SYSTEM GOVERNANCE STRUCTURE .................................................. 22 4.2 Policy Formulation and Design of Strategy by NPC .............................................................................. 22 4.3 NPC to Review Pricing Policy of Payment Services Provided by MMA ............................................... 23 5.0 Way Forward and Recommendations ..................................................................................................... 23 Annex I : Payments Bulletin ......................................................................................................................... 23 4 PAYMENT AND SETTLEMENT SYSTEMS OVERSIGHT FRAMEWORK FOR THE MALDIVES MONETARY AUTHORITY (MMA)1 This document outlines the framework for an effective oversight function by MMA, using the ‘Principles for Financial Market Infrastructures’ (FMIs) issued in April 2012 by the Committee on Payment and Settlement Systems (CPSS) of the Bank for International Settlements (BIS) in collaboration with the Technical Committee of the International Organization of Securities Commissions (IOSCO). This framework is aimed at ensuring that the national payment system (NPS) in the Maldives meets its current and future domestic and regional payment and settlement demands; the different systems function efficiently and smoothly; and that it helps enhance financial inclusion through the provision of efficient payment services. The effective oversight of the payment system infrastructure would ensure the safety, security and reliability of financial transactions, which are vital to monetary and financial stability. Executive Summary A payment system is an arrangement which facilitates the transfer of funds between participants in the system and includes a set of payment instruments, regulations, rules, standards, procedures, infrastructure and institutions relating to clearing and settlement of funds. It therefore incorporates the methods for transmitting payment messages between members, the means to settle claims among members and agreed rules and procedures. Central bank’s/monetary authorities’ oversight of payment and settlement systems is consequently a core objective of its broad responsibility for monetary and financial stability. According to the BIS Core principles for Systematically Important Payment Systems (SIPS), “payment system oversight is a public policy activity principally intended to promote the safety and efficiency of payment systems and to reduce systemic risk’’. This role is significant because the efficient functioning of payment systems allows safe, secure and timely completion of financial transactions and therefore, makes a vital contribution to overall economic performance and financial stability. Oversight of payment systems complements the financial stability work of banking supervision but differs from bank supervision. Mobile payments have gained wider acceptance as an emerging payment method in both advanced and emerging economies. Their rapid diffusion and growth potential have been largely shaped by many factors, including increased deployments worldwide, mobile phone penetration, financial inclusion, and market demand for convenient, faster, and more economical means of payments. Regulatory authorities have been faced with oversight challenges in protecting mobile wallet consumers and the payment system. Such innovations have exposed grey areas in existing laws and regulations and have led to legal reforms and the need to strengthen risk controls in some jurisdictions. They also point to the need to assess and mitigate potential risks, particularly in jurisdictions where oversight arrangements are weak or supervisory capacity is limited. 1 This Assessment Note was prepared by Ranee Jayamaha (Lead Consultant) as one of the outputs on FIRST Initiative Funded on Enabling a Non-Bank Mobile Money Solution Technical Assistance Project (P155693) to Maldives on September 22, 2019. Any follow-up to this note may be referred to Anoma Kulathunga, Senior Financial Sector Specialist, South Asia Finance Competitiveness and Innovation Global Practice (Team Leader) or Amila Indeewari Dahanayake, Economist, South Asia Finance Competitiveness and Innovation Global Practice (co-TTL). 5 Many central banks/monetary authorities have made mobile payment regulations more explicit and are in the process of strengthening their oversight frameworks as part of wider efforts to modernize NPZs. The development of effective oversight frameworks can help maintain public confidence and payment systems stability, particularly in emerging and low-income countries (LICs) where mobile payments are seen as a major tool of financial inclusion. This is especially relevant to the Maldives, given the difficulties in delivering financial services due to its widely spread island population. This may also involve cooperative oversight with other regulatory agencies such as the telecommunications regulator, competition authority, or consumer protection bodies. While commending the efforts of MMA for reforming and spearheading the development of the NPS in the Maldives, the report reiterates the importance of the oversight function of MMA in the context of on-going and future payment system development in the Maldives. It clearly articulates: the urgency of restructuring the already established payment and settlement system oversight unit (PSSOU), the need to revise its responsibilities and functions; the importance of collecting reliable data and statistics; and the importance of conducting spot examinations on the functioning of existing systems and focusing PSSOU’s attention on mitigating emerging risks in payment and settlement systems. The Report also advocates the importance of setting up of a national payment council (NPC) that would help taking the reform process forward in line with international best practice. The preparation of a medium to long term strategy for payment system development in the Maldives should be assigned to NPC. By way of short-term action, the Report re-emphasizes that MMA initiates the following action as a matter of priority. This Report recommends MMA to: (a) discuss with Attorney General (AG) and take the Initiate to get PSB passed by Parliament; (b) establish a NPC (for the time being, by elevating the present MMIC) as an informal body until the PSB is passed by Parliament; (c) restructure the present PSSOU in line with the recommendations of this Report; and (d) request any TA assistance from the World Bank to improve capacity building of the PSSOU of MMA. In the absence of a dedicated legislation for payment and settlement systems, MMA has enabled the entry of non-bank financial service providers and provide payment services by issuing regulations and directions under the MMA Act. This action should be considered as an “out of necessity� interim measure that helped the country to move forward with mobile payment services. 1.0 Introduction and Purpose of Report This report aims at assisting MMA to establish an effective oversight framework to monitor the different payment and settlement systems, payment instruments and payment service providers in the Maldives. The framework for oversight is based on the BIS/IOSCO 24 Principles and analysing the payments development in the Maldives, while emphasizing the importance of overseeing several critical aspects of payment systems which are not within the radar of the present oversight unit. For easy reference, the BIS/IOSCO principles that are specifically on oversight function are set out in Section 1 of this Report. Section 2 discusses the background and the present payment landscape, legal status, and critically review the present oversight arrangement by MMA, its mandate and suggest areas of improvement for an improved and effective oversight function. The oversight function is challenging task and the key to effective oversight is the continuous dialog with all relevant stakeholders in the payment and settlement systems. Section 3 outlines the present and future challenges for PSSOU and provides guidelines to overcome some of the challenges. Section 4 sets out recommendations to be adopted by PSSOU and Section 5 articulates the most urgent tasks that should be undertaken by PSSOU 6 and MMA to ensure an effective oversight on the NPS in the Maldives. The recommendations and immediate tasks outlined in this Report do not aim to discourage innovative and digitized payment services that are aligned or tailor-made financial inclusion programmes – one of the main objectives of the Government of Maldives (GOM) and MMA. Instead, the recommendations are more pragmatic and they advocate the need for maintaining efficient and safe payment systems that require an effective regulatory framework for the development of the payment industry. 1.1 Payment and Settlement Systems Oversight: Objectives 1.1.1 Containment of systemic and other payment risks: by • ensuring efficient and reliable payment services in conformity with legal provisions • ensuring risk minimization and management in the design and operation of payment systems and services • promoting safety, security and soundness of payment systems, payment infrastructures and payment instruments used by the public • maximizing the efficiency of payments, clearing and settlement arrangements and • maintaining public confidence and pursuing public interest and engagement in payment services 1.1.2 Payment and Settlement Systems Oversight: Areas of Monitoring: • Payment instrument base • Legal and regulatory framework • Communication and other payment infrastructure • Institutional framework • Competition in payment services delivery • Criteria for fair or equitable access to payment systems • Efficiency in value transfers (e.g. clearing cycles, post settlement account crediting) • Core competencies in the different payment areas • Consumer protection • Fair competition by service providers 1.1.3 Implementation of a Structured Payment System Oversight and Its Benefits: • Keeping abreast with changes in the risk profile of the payment system and initiating proactive risk management • Regular and periodic performance evaluation leading to timely implementation of corrective measures • Capacity to expeditiously assess payment system development trends against set goals of the country and international trends • Timely assessment of the achievement of objectives • Preventing potential market failures 1.2 International Standards of Oversight In addition to system rules, user guidelines, payment product standards and other regulations issued by multi regulators, central banks and monetary authorities use internationally approved payment system standards to conduct oversight activities. Regarding international standards, most central banks recommend that operators of designated systems comply with the 24 Principles for Financial Market Infrastructures (April 2012) issued jointly by BIS-CPSS/ IOSCO where applicable. These principles 7 are set out on the BIS website as in http://www.bis.org/publ/cpss101a.pdf. MMA’s oversight function of the designated systems as well as critical service providers will also be guided by the five key responsibilities for market regulators and central banks as provided by the same document. All financial market infrastructures operating in the country are expected to comply with the applicable principles unless an operator of a designated system has reasons that the overseer of the payment system deem compelling enough for partial compliance. 1.2.1 The BIS/IOSCO 24 principles: Responsibilities of the regulatory authorities. Responsibility A: FMIs should be subject to appropriate and effective regulation, Regulation, supervision, and supervision, and oversight by a central bank, market regulator, oversight of FMIs or other relevant authority Responsibility B: Central banks, market regulators, and other relevant authorities Regulatory, supervisory, should have the powers and resources to carry out effectively and oversight powers and their responsibilities in regulating, supervising, and overseeing resources FMIs Responsibility C: Disclosure of Central banks, market regulators, and other relevant authorities policies with respect to FMIs should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs Responsibility D: Application Central banks, market regulators, and other relevant authorities of the principles for FMIs should adopt the CPSS-IOSCO Principles for financial market infrastructures and apply them consistently Responsibility E: Cooperation Central banks, market regulators, and other relevant authorities with other authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs These responsibilities call for analysing and examining the design and operations of systems and products; ensuring efficient functioning of different payment systems; infrastructures, payment services provided by both banks and non- bank service providers. The overseer of the payment and settlement system has its focus on the smooth functioning of the payment infrastructure, sharing the same goals of ensuring safety, soundness, reliability and stability of the financial system of a given country, including the effectiveness and efficiency of monetary settlement. Oversight of payment and settlement systems has been recognized as a critical component of central banks’ /monetary authorities’ mandate for maintaining the stability of the financial system and confidence in the domestic currency. This is because of the importance of payment and settlement systems to the exchange of money for goods and services in an economy and to the transmission of monetary policy. In modern financial systems, this exchange involves the use of several financial instruments, payment methods to satisfy the purchasing needs of individuals and institutions in various financial markets operating in one or more currencies. As the volume and values of financial transactions increase, regulatory authorities are compelled to ensure that payment and settlement systems operate efficiently. 8 Oversight Units (OUs) of regulatory authorities should be independent and segregated from payment system operational tasks and should have separate reporting lines. The overseer should ensure that systems operate smoothly, can survive possible failures at individual institutions, and maintain operational and business continuity at all times. The overseer’s scope of work should extend beyond the financial realm and involve non-financial payment service providers. While safety and efficiency of payment systems should be the primary objective, OUs should endeavour to achieve other goals, such as enhancement of financial inclusion and protecting consumer rights. In this context, some of the areas that are not in the present mandate but areas that ought to be, are covered by the payment and settlement oversight unit (PSSOU) in the Maldives are set out below. 1.2.2. Responsibility A: Regulation, supervision, and oversight of FMIs In the interest of the public, and PSSOU in the Maldives should first and foremost identify regulation, supervision it aims to establish and implement as well as designate payment systems for its supervision. In this regard, PSSOU should clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. Criteria may vary across jurisdictions but the criterion is a function of the FMI. SIPS, central depository systems (CSDs), scripless securities settlement systems (SSSs), central counter parties (CCPs) and Trade Repositories (TRs) all of which play a critical role in payment and settlement systems). Other criteria are: (a) number/value of transactions processed, (b) number/type of participants, (c) markets served, (d) market share, (e) interconnectedness with other FMIs and financial institutions, and (f) available alternatives to using the FMI at short notice. 1.2.3. Responsibility B: Regulatory, Supervisory and oversight powers and resources Central Banks /Monetary Authorities should have powers or other authority consistent with the relevant responsibilities, including the ability to obtain timely information and to induce change or enforce corrective action as well as addressing regulatory gaps. OSUs should cover: (a) FMI’s functions, activities, financial condition; (b) risks borne or created by FMI and its participants; (c) FMI’s impact on its participants and the broader economy; (d) FMI’s adherence to regulations and policies. They should also have sufficient resources to fulfil the regulatory, supervisory, and oversight responsibilities. Through qualified and experienced personnel, regular training, and sufficient funding for the oversight activity would be essential. It is necessary for PSSOU in MMA to have a clear organizational structure that uses statutory powers as well as moral suasion. 1.2.4 Responsibility C: Disclosure of policies with respect to FMIS MMA-PSSOU should clearly disclose to the markets and to all stakeholders the purpose of oversight function and the process which is expected to be followed by it. For regular communication, central banks/monetary authorities should use the NPC or a policy committee. In the past, MMA and its regulatory departments adopted the practice of no or least communication with relevant stakeholders, which had proven to be unsuccessful as many of the stakeholders had no idea of what was expected of them and the extent of compliance. Many of them therefore observed regulations in the breach or did not cooperate with MMA. PSSOU should be guided by principle C and disclose its policy, rationale and strategies to all stakeholders and seek their cooperation. 1.2.5 Responsibility D: Adoption and application of the CPSS-IOSCO Principles for FMIs 9 CPSS-IOSCO Principles to be applied, at a minimum, to all SIPS, CSDs, SSSs, CCPs, TRs. Although there is no precise criteria of identifying SIPs, generally it is presumed, that all CSDs, SSSs, CCPs and TRs are SIPS. However, local knowledge would be useful in these instances and PSSOU should first identify who the SIPS are, because of their critical role in the payments industry. It is also important for PSSOU to apply Principles consistently within and across jurisdictions, including cross borders, and to each type of FMI covered by the Principles. Among other tasks, PSSOU should initiate timely and appropriate corrective action in case of non-observance; closely monitor new FMIs and those undergoing changes; MMA being the owner and operator of two of the SIPS (RTGS and CIT) PSSOU should apply principles and standards with same rigor; and consider how best to address possible conflicts of interest and avoid disadvantages to private sector-FMIs. 1.2.6 Responsibility E: Cooperation with other authorities PSSOU should seek cooperation at domestic and international level for fulfilment of respective mandates. PSSOU need to be flexible to deal with situations under any circumstances: (i) in normal times, (ii) in crisis and (iii) for recovery and resolution. PSSOU is obliged to notify other authorities that may have an interest in cross-border or multicurrency payments and settlements. A variety of forms of cooperation can be tailored to the specific case and circumstances but they should be appropriate to each authority’s responsibilities and commensurate with systemic importance. 2.0 The Background: Payment System Development in the Maldives 2.1 Payment and settlement landscape in the Maldives: Currently, the following payment systems, channels and settlement systems are operative in the Maldives: 2.1.1 High value SIPS • The Real Time Gross Settlement (RTGS) for wholesale payment and high value settlements (introduced in 2011 and became fully operational in 2017) • Cheque Imaging and Truncation (CIT) through Automated Cheque Clearing House-ACH (introduced in 2011 and became fully operational in 2017) after all banks joined the system 2.1.2 Other small-scale payment systems: • Small value/retail transaction systems such as the credit cards, ATM/POS transactions, debit cards, e- switches, smartcards, stored valued facilities, electronic wallets • Internet banking platforms, and • Mobile phone banking services (electronic money) provided by banks and mobile money operators (MNOs) since 2016. 2.2 Legal and regulatory framework MMA has the appropriate mandate to guarantee the safe and efficient operations of payment and settlement systems. As enshrined in the MMA Act of 1981, MMA has the statutory responsibility for the payment and settlement systems in the country. Article 4 © of the MMA Act includes among MMA objectives “ to supervise and regulate banking so as to promote a sound financial structure and section 22(Q) of MMA Act states that “the Authority may organize and operate payment and securities settlement systems, and participate in such systems�. Additionally, the Banking Act enables MMA to 10 operate and regulate payment and settlement systems, and to enforce banks’ participation in such systems (Article 37). In 2015, the MMA Act provided MMA with powers to regulate and supervise non-bank financial institutions. Given that many of the innovative and digital financial services are provided by non-banks and payment instruments and services are becoming more complex; and some services are not providing adequate customer protection, it is necessary to pass a dedicated law for payment and settlements and issue regulations under it, rather than using MMA Act for the purpose. Accordingly, in 2016, under the guidance of the World Bank, a draft PSB was submitted to the Attorney General (AG) who suggested some amendments and PSB was resubmitted in March 2017. However, to date, the Parliament has not passed the PSB. Due to this undue delay, MMA is compelled to use provisions in the MMA Act to ensure that the country’s payment and settlement systems are well supervised and customer protection is ensured. There are many regulatory issues and gaps relating to both high value and retail transactions that are not addressed in the MMA Act and other relevant laws. It is fundamental that PSA provides for, among others, concepts such as: a) legal recognition of electronic transfers; b) the netting arrangements; c) collateral arrangements; and d) the legal basis for payment system oversight. While the payment system development unit can play a significant role in addressing legal gaps, it is important that proposed NPC and PSSOU, take necessary action to get PSB passed by the Parliament, ensuring that all payment system stakeholders comply with the new/amended laws, a critical component of effective oversight. 2.3 PSSOU of MMA: The Mandate As with other central banks, MMA carries out an operational role as providers of MMA money for settlement under the RTGS system and also act as the ultimate provider of liquidity to the banking system. Having recognized the importance of the oversight function, in 2015, MMA has established PSSOU under the OFID of MMA. The present mandate has made PSSOU responsible for initiating payment system policies for the consideration of the NPC in addition to its legitimate tasks of undertaking regular payment system surveillance and oversight of different payment and settlement systems, payment instruments, different payment gateways and channels and all payment service providers. The present mandate is summarized below: • Formulating and implementing of national payment systems strategy. • Designing, developing and integrating systemically important payment systems and /or facilitating such implementation • Facilitating and promoting the development and implementation of other systems such as retail payment systems including innovative payment solutions or products • Establishing and governing NPC • Ensuring compliance with international standards and best practice • Licensing, regulating and overseeing payment systems or schemes in the Maldives • Carrying out any other activities/operations necessary to promote safe & efficient payment systems. 2.3.1 The PSSOU Mandate Requires Revision The above mandate would be enough for the Maldives to cope with the current payment system reforms and advancements, but there appears to be a mix up of responsibilities of NPC and PSSOU. The PSSOU should not be held responsible for the first four functions of the present mandate, i. e. Formulating and implementing of national payment systems strategy; designing, developing and integrating SIPs and /or 11 facilitating such implementation; facilitating and promoting the development and implementation of other systems such as retail payment systems including innovative payment solutions or products; and establishing and governing NPC. They are essentially the responsibilities of NPC which has a much wider mandate than that of the PSSOU. The latter can provide data and statistical analysis for decision making and the OFID-payment system development unit can provide secretarial services to NPC. Given the delay in passing the PSB by the Parliament, using its powers under the MMA Act, (under section 38 of the MMA Act), MMA has issued Regulations and or Directives detailing licensing, approval, reporting and oversight requirements for all electronic/mobile money issuance/stored value facilities. PSSOU should have wide powers to effectively promote and monitor not only the present and on-going payment system developments but also complex and sophisticated digital demands from future generations. Similarly, the wide array of payment instruments, interoperable channels and innovative payment infrastructure are likely to bring in new risks, both in retail and high value payment transactions. PSSOU should design risk mitigation measures to deal with unknown risks associated with complex instruments and channels. While commending the efforts of MMA for setting up PSSOU in 2015 with a wide mandate, it may be useful to elaborate the responsibilities of PSSOU and facilitate identification of its role, functions and responsibilities, and to build capacity of the officials involved in overseeing payment systems in the Maldives. Moreover, the present monitoring and oversight process by PSSOU is ad-hoc and there is no orderly or effective monitoring process. Since its inception in 2015, PSSOU has not conducted an effective oversight, except to respond to various requests from financial service providers who seek MMA permission to commence digital and on-line payment services. Hence it is necessary to review the present mandate and clearly indicate the objectives and responsibilities of PSSOU. This requires widening the scope of PSSOU’s oversight mandate. 2.3.2 Widening Scope of Oversight Activities by PSSOU • Payment, clearing and settlement systems: Extend oversite to cover the planned National Payment Switch (NAPS) and Central Counterparties (CCs) as and when they are established by MMA or GOM; securities settlement systems (SSSs) and central depository systems (CDS), e.g. settlement of government bills and bonds, corporate bonds and equities soon, when markets are developed and deepened; • Providers of critical payment services e.g. network service providers (Tele communicators and other companies which provide mobile and other financial services, SWIFT, money transfer systems etc.); • Payment instruments/systems e.g. cheques, payment cards, mobile money transfers, electronic money transfers and ACH direct credit and debits; Cross-border payments, especially, remittance payments; • Markets e.g. Repo market, interbank and forex market, derivatives, treasury bills/bonds etc. • Other non-SIPS deemed necessary by MMA considering their collective effect on the payment and settlement systems in the Maldives and the extent to which their operations will affect public confidence in money and payment system; • Payment service providers: banks, MNOs and any other authorized financial service providers; • Payment Channels: ATMs, POS-transactions, SWIFT, mobile payments and internet payments; and payment gateways; • Payment Instruments: cards, cheques, credit transfers, direct debits, electronic fund transfers by banks and electronic money (E-money) transfers through mobile phone. 12 2.4 Critical Areas of Focus and New Responsibilities for PSSOU: 2.4.1 Determination of a SIP: • A system’s potential of creating significant credit and liquidity disruptions in the economy should it fail to perform as expected • A system’s potential of creating large credit or liquidity exposures relative to counterparties’ financial capacity • A system’s ability to provide settlement for other systems • Whether the system is the only one or one of very few systems for the settlement of a given financial instrument • Whether the system is used in settling transactions between first tier banks and second tier banks • Whether the system settles time-critical transactions and same for critical financial markets • Whether the system settles a high proportion of large-value transactions • Whether the system settles large volumes of small value transactions that cumulatively are of large value 2.4.2 Risk- Based Approach to Oversight Activities The PSSOU will use, as a benchmark, the Principles for FMIs and all identified SIPS should comply with these core principles. Further, in order to encourage payment and settlement system operators to appropriately price their risks and reduce cost to society, an underlying tenet in the MMA’s approach to oversight of SIPS is that risks and costs should be appropriately identified, quantified and allocated. The risk management framework for oversight activities will basically entail the following processes for each payment and settlement system, service provider, instrument or activity that is identified to be of significance for oversight: • Clear identification of risks and sound objectives to manage risks; • Sound governance arrangements for the payment and settlement systems; • Clear and appropriate rules and procedures which will specify the duties/responsibilities and rights of all participants; • Adequate financial, material and human resources for carrying out activities; • Generation of regular reports for analysis by PSSOU and make recommendations to NPC; • Focus on potential threats from money laundering, terrorist financing and cyber-attacks. The following diagram shows the organizational structure of PSSOU with three key functional areas. 13 2.5. Organigram, New Functional Areas for PSSOU DG AG The PSSOU under OFID is responsible for the oversight function of the payment and settlement systems. To effectively discharge these responsibilities, PSSOU should be independent of all operational activities in the payment system arena of MMA. These changes are in line with international best practice, where the policy and oversight department of a central bank is expected to apply the same stringent oversight standards to the systems that are owned and operated by MMA as well. The functions of the office are derived from the objective and will include the following: • Ensure the existence of a sound legal and regulatory and oversight framework for the NPS, payment streams and institutions • Promote good governance for the NPS • Ensure that risks in the payment system are identified and appropriately priced • Promote innovation, competition and financial inclusion in the use of payment products • Ensure compliance on laws, regulation, rules, standards and approved market practices • Maintain database on interbank payment streams in the country • Promote robustness and resilience of the NPS and • Establish relationship with international development and regulatory institutions to promote the safety and efficiency of national and cross border payments Operationally, therefore, PSSOU should have at least three units, namely; policy and development, statistics and research and monitoring and compliance. Their functions and responsibilities are listed below. 2.5.1 Policy and development • Assessing on continuous basis, the adequacy of the regulatory environment for efficient payment delivery, potential risks and making recommendations for review and or amendments where necessary 14 • Scanning the global environment for developments and trends in payment systems, assess their impact on the NPS, and make recommendations for handling emerging risks for management’s consideration • Promoting and facilitating the on-going development of the NPS in accordance with payment system development strategy • Evaluating system-specific oversight rules and procedures to make recommendations to management to reduce risks • Liaising with other regulatory bodies to promote the safety and efficiency of the NPS, e.g. CAM, Capital market authorities • Cooperating with international bodies such as the BIS, World Bank, IMF, and other central banks to promote the development of payment systems in general 2.5.2 Research and Statistics Unit • Identify data of interest and relevance to the MMA’s payment system oversight function • Design data collection formats for the various interbank payment systems and revise existing forms as and when necessary • Establish a system for collecting data on timely basis • Collect data on the cost of using the various interbank payment systems • Maintain an up-to-date database on the NPS • Provide statistical and analytical support for policy development and assess whether objectives of payment oversight is achieved • Carry out surveys on payment trends in the Maldives • Write periodic oversight reports for Management’s attention • Initiating the production of a quarterly publication of payment statistics, the extent to which new payment reforms help enhance financial inclusion and future trends in payments 2.5.3 Monitoring and Compliance Unit • Collecting and maintaining a library of information on system design and performance • Monitoring compliance of system operators and participants to regulations, system rules and procedures • Conducting on-site inspections of the facilities of all system operators, including systems owned and operated by MMA • Ensuring the regular testing of business continuity arrangements according to approved testing calendar and all-the-time readiness of contingency systems • Promoting the integrity of paper payment instruments through regular annual and ad hoc inspection of the facilities of accredited security printers • Coordinating participants on self-assessment of interbank payment systems and Producing compliance reports on the NPS 2.6 Adoption of Guiding Principles for Oversight Activities Transparency: MMA will publicly declare its oversight policies and standards for various payment and settlement systems. International Standards: relevant internationally recognized standards would be adopted by PSSOU Exercise of Statutory Authority: MMA will use its authority under the relevant laws to compel participants to conduct themselves in the interest of the wider system. 15 Consistency: oversight standards would be applied consistently to comparable payment and settlement systems Cooperation with other regulatory authorities: PSSOU-MMA will cooperate with other relevant central banks and local supervisory authorities including the CAM, Maldives Capital Market authorities and relevant Departments in MMA (e.g. payments and settlement, bank supervision, payments system development unit at OFID , Financial Intelligence Unit etc.) to promote safety and efficiency of the NPS. 2.7 Business Continuity Process (BCP) The robustness and resilience of the NPS will, among others, require the establishment of a functional business resumption system for each payment system operating in the country. Business resumption systems must comply with the minimum requirements indicated below: • Systems should have well-defined business continuity strategies endorsed by management/board of directors. BCP should envisage a variety of plausible scenarios e.g. natural disasters, power outages, terrorist acts. Systems should have secondary sites from which operations can continue seamlessly when the prime site is down • system operators should establish crisis management teams and well-structured procedures to manage crises • BCP should be regularly tested to assess their readiness for unexpected events • PSSOU should inspect the prime and secondary sites established by payment system operators on a periodic basis and make recommendations for further improvement. 2.8 Analysis of Information and Reporting on Oversight Activities For monitoring the systems, instruments and service providers, PSSOU has designed a number of data collection forms. However, current data and information collection are not complete, nor have such data been regularly analysed by the Unit. It is envisaged that PSSOU produces the following reports and pay attention to specific areas that require a continuous feedback on different payment and settlement schemes. For example, the more recently introduced mobile payment arrangements are mainly aimed at enhancing financial inclusion in outer islands and catering to financially excluded segments of the population. In that light, it is important that the PSSOU collects data regularly from MNOs and analyse them on a periodic basis to assess the impact of mobile payment systems on financial inclusion. MMA will report each year on its payment system oversight activities in its Annual Report. These reports will provide a summary of the Unit’s work over the previous year, in particular commenting on any changes in the NPS and MMA’s assessment of the consequences of risks. PSSOU will report to AG and DG on a quarterly basis and such reports will be presented to NPC by DG. From time to time, MMA will also publish detailed analysis of structural and risk issues relating to the NPS in a Quarterly Bulletin. For easy reference, the Quarterly Payments Bulletin of the Central Bank of Sri Lanka for Q3 of 2017 is annexed to this Report. If data and information necessary for analysis is not already collected, it is necessary to make early arrangements to design data collection forms covering the following areas and to undertake field surveys and on-site visits/ spot examinations to verify data and information: • Quarterly reports and statistics on payment and settlement systems • Mid- year reports on payment and settlement systems 16 • End year reports on payment and settlement • Other reports as may be determined from time to time • Initiate action to publish a quarterly payments Bulletin (see attached Quarterly Bulletin of the Central Bank of Sri Lanka) • Monitoring of system operations and their rules and procedures • Questionnaires to gain relevant non-financial information • On-site visits and inspections • Review of self-assessment reports submitted by payment service providers • Exchange of information with other financial regulatory authorities • Dialogue with other relevant bodies and stakeholders • Getting Customer feedback • Getting Legal opinions on unclear areas • Understanding Market practices and review of data and information collection forms • Maintaining minutes of meetings, audit reports of the operators and information from other financial institution regulators (like BSD) • Regular bi-lateral and multilateral discussions In light of the need to collect and build up a comprehensive data base, there is a clear need to review the present data collection forms and introduce relevant amendments to ensure that PSSOU takes informed decisions or recommend same to higher authorities. The PSSOU will now be clear on what to ask for, and what additional tasks they should undertake in providing an effective oversight function. In the course of analysing information on payment and settlement systems, attention should be paid to the following: • Identification of risks and shortcomings/gaps in the design of data collection forms • Issues that require detailed analysis • Review of SIPs against standards and policies • Assessment of changes to a system’s design • Assessment of systems during design • Undertaking periodic surveys to verify and comparison of data and information received for oversight purposes and • Regular contacts with service providers and gathering of additional information 3.0 Challenges to be Faced by PSSOU-MMA 3.1 Lack of an appropriate legal framework to oversee the payment and settlement systems: In light of the increasing risks on payment and settlements, it is essential that the Parliament passes PSB as early as possible thus providing a solid legal backing to the proposed oversight arrangements. In the absence of the PSA Law, MMA is compelled to issue regulations under the MMA Act to regulate third party financial service providers, such as MNOs and other payment service providers. Currently, MMA Act is heavily burdened by issuing numerous regulations for these non-bank financial services providers. 3.2 E-money Issuing Banks and Safety of Customer Funds Operational reliability issues and bankruptcy of issuer is a major challenge in the e-money operations. In the Maldives, amongst many electronic money service providers, only licensed banks and MNOs are 17 permitted to issue electronic/mobile money. The provision of E-money services by licensed banks is considered a part of the core banking operations and they are permitted to engage in such services without additional approvals from MMA. In a strict legal sense, it is debatable whether bank issuers of electronic/mobile money can treat existing customer deposit accounts as valid prepaid accounts. World over, mobile/electronic payment serving banks have been engaged in this practice but if such payment systems are elevated to SIPs, then as is done in many countries, it may be necessary for banks in the Maldives also to resort to segregation of funds, maintain trust fund accounts, and to require basic operational reliability measures to mitigate risks. Perceived and heightened AML/CFT risks, can be addressed effectively through simple measures, e.g. limit transaction size and frequency. PSSOU should be aware of these issues and pay attention to finding risk mitigation measures if they become critical risk factors. Weaker authentication could lead to higher fraud risks. For customer protection, card safety measures such as EMVs, addition of standardised security features for mobile payments, message formats for credit transfers and direct debits should be monitored. Ownership and use of customer data may pose privacy concerns. For this, competitive market conditions should be fostered with a functional approach to regulation. For MNOs, mobile money regulations issued under the MMA Act and customer protection measures are included at the stage of licensing, selecting agent networks, product pricing and above all, custodian arrangement under which customer funds are 100% ring fenced. However, PSSOU need to continuously monitor whether MNOs or their agents issue loans and advances, the extent of over-the-counter- transactions, whether all e-money service providers are registered agents of banks or MNOs; should “independent agents� be allowed to operate as intermediaries between banks and customers or banks and MNOs; the type of customer protection measures that need to be introduced. PSSOU should not allow any other non-agent and non-bank intermediaries to provide e-money services without prior approval from MMA. In this regard, the World Bank has provided MMA with a draft E- money regulation and that will help plug in some of the loose ends in legal and regulatory framework for E-money services. 3.3 Lack of Interoperability in Payment Infrastructure The lack of interoperability of the payment card infrastructure and mobile payments are concerns for both the efficiency of card clearing and settlement and accessing core banking, by mobile customers through apps and accessing private payment gateways. Consequently, the settlement of card transactions is highly inefficient, leading to higher costs, a low number of transactions, and low levels of use by customers. A potential solution could be found if MMA and the banks could coordinate with Visa and MasterCard to introduce domestic settlement in MVR via a local bank. Access to core banking by mobile customers is further hindered by non-cooperative attitude and monopolistic behaviour by banks. Operational capability of MNOs are limited as they cannot facilitate their mobile customers to access their current and savings accounts for third party payments. Due to lack of interoperability, MNO operations in the Maldives are limited and their mobile customers are inconvenienced. This situation has also lead to a number of apps providers to intermediate between mobile customers and banks and, banks and MNOs, a function which is hard to be regulated albeit there is no protection for customers. Similarly, some banks have introduced cash-back POS without any purchases as a form of agent banking services, but at a higher fee. In this regard, enabling the creation of agent banking solutions would help reduce the high costs of banking infrastructure deployment and improve 18 access to payment services. In these circumstances, in the medium term, a national payment switch (NP- Switch) solution or a set of bilateral clearing agreements should be considered based on a reasonable and sustainable cost-sharing formula. This task should be assigned to NPC as and when it is formed. 3.4 Avoidance of Potential Failures 3.4.1 Coordination failures: It is essential to have effective coordination between competing institutions providing payment services to achieve optimal networking of systems and integration. This encourages the introduction of new systems that are more efficient than if there were no coordination. MMA will, as much as possible, should dialogue with participants in the various payment systems to conduct their affairs in a manner that will promote the safety and efficiency of the national payment system. 3.4.2 Maintaining a Level-playing Field and Avoidance of Non-contestable Monopolies Competition can be intense among service providers, all striving to achieve a critical mass. Incentives to unfair competition could be strong, leading to exclusivity and non-interoperability. When, how, and to what extent to impose interoperability is a significant policy issue with relevant implications on schemes’ viability and ability to compete. Authorities should monitor access conditions to the clearing and settlement services/ infrastructure as a possible factor to influence level-playing field and competition. The network effect of payment systems infrastructure often leads to monopolies which may be counter-productive. There is the potential risk of abuse of monopoly power when a payment system service provider fails to introduce cost saving measures as well as invest in new and improved technologies. Currently, these symptoms are developing in the Maldives, because of the dominant role played by the Bank of Maldives (BML) in providing payment services to the outer islands and to “financially excluded� groups. The steps taken by BML cannot be discouraged as no other bank or non- bank service provider has taken steps to serve the financially excluded groups in the widely spread islands. While efforts of BML should be appreciated, it is also important that PSSOU take adequate measures to reduce BML monopoly in the payments industry. This may be achieved through continuous consultation with, and by persuading BML to cooperate with others. NPC should be assigned this task. 3.4.3 Information asymmetry and biased decision making: Lack of transparency in the design of systems and the weaknesses therein, in addition to inadequate information on services for participants and customers, create risks. This is a serious issue in the Maldives due to the wide geographical spread between and among islands. Digitization of financial services and on-line services are picking up but it may take some more time to address these problems. 3.4.4 Underinvestment in safety mechanisms in payment and settlement systems: Participants of the system may fail to internalize the effects of their own failures on other system participants, the financial system and the whole economy and therefore, not take appropriate steps to address inherent risks. PSSOU should persuade these participants, including the systems own and operated by MMA to invest in safe infrastructure and systems. 19 3.4.5. Ignorance and Negligence of Early Identification and Mitigation of Payment and Settlement Risks • Credit risk - the risk that a counterparty within the system will not be able to fully meet its financial obligation either when due or at any time in the future • Liquidity risk - the risk that a counterparty within the system will not have sufficient funds to meet financial obligations as and when expected, although it may be able to do so at some time in the future. • Legal risk – when existing laws or regulations do not support the rules and arrangements of the system, it could create uncertainties leading to unexpected losses resulting in credit and liquidity risks • Operational risk – the risk that human error, failure of software or hardware or breakdown, and cyber-attacks on communication systems may bring about financial losses. • Settlement risk: the risk that a settlement in a value transfer system will not take place as expected • Business risk: the risk of financial failure of a privately owned payment system operator • Systemic risk – the risk that in the event of one party being unable to meet its obligation may be transmitted to other participants in the payment system and so cause significant liquidity and credit crises leading to systemic disruption in the financial system • Replacement risk: the risk that a participant in a clearing and settlement system with respect to an outstanding transaction for completion in a future date will fail to perform on the contract during the life of the transaction • Tiered participation arrangements and risks: According to Basle 24 principles for FMIs, an FMI should identify, monitor, and arrange the material risks to it arising from tiered participation arrangements • Default management risks: An FMI should have effective and clearly defined rules and procedures to manage a participant’s default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. These risks must be understood and identified by payment system operators and participants so that appropriate risk reduction methods can be implemented. PSSOU should be alert to the development of these risks and continuously persuade service providers to address potential risks. 3.5 Other Potential Risks: • Several challenges may be identified which are not of exclusively related to non-banks, rather apply to a more differentiated / sophisticated retail payments landscape also as a result of new entrants / products/new platforms and electronic money transfer systems. The regulator as well as PSSOU may be bewildered by the behaviour of some of the non-bank payment intermediaries but may not know how to regulate them. Continuous alerts and market information would be useful in oversight function • Generations of technology bring in new threats whose implications require time and effort to be fully appreciated, and demand more forward-looking monitoring tools and sufficient technical expertise 20 • Concentration can create the potential for a single point of failure with widespread consequences. The issue is whether authorities have the tools (legal and technical) to identify and possibly address concentration issues • Outsourcing to non-banks may generate uncertainties in the assignment of responsibilities, and scope of authorities’ direct intervention. • Fraud and operational disruptions become major sources of risk in networks that are open to large numbers of participants and users, and integrate various technological components • Self-assessment of adequacy of oversight performance and oversight effectiveness • Overseers have traditionally preferred “soft� oversight instruments: monitoring, moral suasion, assessment against international standards / best practices. 4.0 Establishment and Constitution of NPC To effectively provide policy direction to the payment system oversight function of MMA, it is imperative that a NPC is set up as early as possible. Now that the MNO-led mobile money project has successfully got off ground, the mobile money implementation committee (MMIC), which was appointed to facilitate implementation of the mobile money project can be elevated to the level of an NPC with appropriate authority. The establishment of NPC should be approved by the MMA board. In line with most other countries, the Deputy Governor (DG) of MMA should Chair the NPC. Membership of NPC shall not exceed 12 and will comprise representative each from the departments of Banking, Payments, Banking Supervision and Head of PSSOU; 7-external members drawn from industry representing( the two MNOs, E-money issuing banks, other regulatory bodies, finance and investment, information and communication technology etc.); and the Deputy Governor (representing Governor) as the chairman/chairperson. Members of NPC should be appointed on a rotational basis thus giving an opportunity to have a wide representation from different sections of the industry and all stakeholders. Head of PSSOU should be an independent but an important member of NPC. The Head of payment system development unit of OFID should serve as the secretary of the NPC. The appointed members should be competent and experienced people who can contribute meaningfully to the deliberations of the NPC, which shall meet quarterly and submit quarterly reports to the MMA Board with details of progress made on different aspects of the NPS. However, the MMA Act does not provide for such a body and therefore, the passage of the PSB will be critical for the establishment of NPC in the Maldives. When established, NPC should be assigned with the task of designing the payment system policy and strategy. In doing so, NPC will deal with the following tasks: • Design a forward-looking payment and settlement development strategy for Maldives, taking into consideration the present and future demands for payment services • Design a preliminary plan and get all stakeholders to comment on it as market practitioners are well knowledgeable of service demands of customers. Incorporate their ideas and comments and finalise the strategy thus ensuring that the payments and settlement development strategy is “owned by all stakeholders� • Commence dialogue with all stakeholders of the NPS in the Maldives. MMA will only evoke its statutory powers to compel participants to ‘good behaviour’ when dialogue fails 21 • identification of risks and how they should be managed • Promotion of efficiency in the payment system • Creating conditions for innovation and development • Ensuring healthy competition among payment system participating institutions • Ensuring the existence of structures for consumer protection and dispute resolution • Orderly digitization of financial market activities • Adoption of an appropriate pricing policy for MMA’s payments services 4.1 NATIONAL PAYMENT SYSTEM GOVERNANCE STRUCTURE Governor and MMA Board DG - MMA NPC N P S O (OFID) Policy and Research and Monitoring And Development Statistics Compliance (PSSOU) 4.2 Policy Formulation and Design of Strategy by NPC NPC should have statutory backing and will be spearheading the implementation of national payment policy and strategy and promoting safety and efficiency of payments and settlements. The payments landscape is dynamic and evolving, and attention should always be paid to rapid changes in the payments and settlement space. Together with statistical data and changing trends, policy will be formulated for Management’s approval for the smooth and efficient management of the payment system. NPC should take the lead in this regard. NPC should take the initiative to set up a NAP Switch for Maldives or alternatively to link up payment instruments to a common switch already established in another neighbouring country. The decision should be based on the need for a NAP-Switch and cost considerations. The NPC would be a permanent body for high-level cooperation and consultation. The main function of the NPC would be to advise MMA on improvements to the NPS while ensuring safety and efficiency of payment and settlement services in meeting the present and future payment requirements. Sub- committees can be tasked with the undertaking of analytical work and to present findings and recommendations on specific topics of interest. The terms of reference of the NPC should ensure clear 22 tasks, responsibilities, the appropriate level of representation and efficient decision making. NPC will collaborate with relevant regulatory departments at MMA and with outside bodies such as, the Securities and Exchange Commission (SEC) and CAM to ensure effective implementation of the national payment strategy and oversight of same. 4.3 NPC to Review Pricing Policy of Payment Services Provided by MMA To date, MMA has structured its payment services pricing policy to give precedence to public good considerations over cost recovery. As a result, a cost-recovery objective for the RTGS and ACH has not been defined. MMA only charges each system user an annual fee of about USD 3,000. To recover the systems’ operational costs, MMA should decide on the introduction of a per-transaction fee. This would help recovery of software maintenance costs, leaving MMA the onus to cover only other operational costs, including MMA staff salaries and network charges. Globally, about one third of central banks providing RTGS services practice partial or full recovery of operational costs, while another third also aim to recover investment costs in full or in part. MMA may consider imposing the combination of a per-transaction fee and an annual fee. Taking into account the possibility of replacing cheques with electronic transfers. It is important to note that MMA’s non-charging policy is not matched by a parallel and equal policy of banks that regularly charge their customers for any RTGS and ACH transaction, often even on the receiving side. 5.0 Way Forward and Recommendations The foregoing analysis of the oversight function of MMA clearly articulated the urgency of restructuring the existing PSSOU for effective oversight and establishing a NPC to further the payment and settlement strategy of MMA. These steps would help bring the NPS of Maldives in line with international best practice. Accordingly, MMA should initiate the following action as a matter of priority: • Discuss with AG and ensure that PSB is approved by Parliament as a matter of priority • Restructure the present PSSOU as suggested in this Report • By elevating the present MMIC, establish NPC as an informal body until PSB is passed by Parliament • If considered necessary, request any TA assistance from the World Bank to improve capacity building of the PSSOU of MMA Annex I : Payments Bulletin of the Central Bank of Sri Lanka (please follow the link) . https://www.cbsl.gov.lk/en/publications/other-publications/statistical-publications/payments-bulletin 23