Payments NZ Limited Submission on FMI Standards

Financial Market Infrastructures Standards: Exposure Draft Payments NZ Limited submission 18 November 2022

Submission to the Reserve Bank of New Zealand Page 2 of 43 Introduction

1. This submission is made by Payments NZ Limited (Payments NZ). It is made in response to the Reserve Bank’s publication (on 23 September 2022) of the exposure drafts of the standards for financial market infrastructures (FMI), for the purposes of the Financial Market Infrastructures Act 2021 (the FMI Act).
2. The Reserve Bank has indicated that the High Value Clearing System (HVCS) and Settlement Before Interchange (SBI), governed by Payments NZ, are likely to be designated as systemically important FMIs under the FMI Act.
3. The FMI Standards are based on the Principles for financial market infrastructures (PFMI) published by BIS and IOSCO in April 2012. In particular, each FMI Standard largely embodies each principle in the PFMI together with the key considerations in the PFMI. An integral aspect of the proposed FMI Standards is the change in the nature of the obligation, from “should” as used in the PFMI to “must”. It appears that this has been done to create legally binding requirements. However, we have difficulty understanding how this will work in practice when a particular requirement does not, or cannot, have application in the circumstances of the FMI. This arises frequently in the case of Payments NZ. It seems to us that there needs to be provision for some sort of formal carve out process or mechanism in the implementation arrangements, when matters don’t have application to an FMI.
4. The submission takes the form of general commentary. followed by responses to the specific questions that are raised in the Cover Note to the consultation. Application of PFMI
5. Payments NZ is a rules body. It does not own or operate payments infrastructure, which arises with the other types of FMI1 covered by the legislation. Payments NZ is captured by virtue of the definition of “operator” in section 2 of the FMI Act. This includes a person who is wholly or partly responsible to the FMI’s participants for maintaining or administering the FMI’s rules. An operator is also a person providing or managing services under the FMI (i.e. having actual involvement in payments infrastructure).
6. The Reserve Bank has previously said that the standards should not require operators to do something they cannot do (when talking about tailoring to FMIs where the operator controls the rules of the FMI but not the underlying infrastructure). The Reserve Bank has also said that it will work with rule-making bodies to ensure any standards applying to such entities are appropriate. We welcome these affirmations on the part of the regulator, as also what is said in paragraph 7.11 of the Cover Note. 1 Per the definition of FMI in section 2 of the FMI Act, extending to a central securities depository, a securities settlement system, a central counterparty, a trade depository (or a combination of these).

Submission to the Reserve Bank of New Zealand Page 3 of 43 7. Because Payments NZ is purely a rules body, a number of the proposed FMI standards will not apply to it, or will only have partial application. 8. We consider that the following will not apply to us, in their entirety: • FMI Standard 4: Credit Risk, • FMI Standard 5: Collateral, • FMI Standard 6: Margin, • FMI Standard 7: Liquidity Risk, • FMI Standard 10: Physical Deliveries, • FMI Standard 11: Central Securities Depositories, • FMI Standard 12: Exchange of Value Settlement Systems, • FMI Standard 14: Segregation and Portability, • FMI Standard 16: Custody and Investment Risks, • FMI Standard 17B: Critical Service Providers, • FMI Standard 17C: Cyber Resilience, • FMI Standard 19: Tiered Participation Arrangements, • FMI Standard 20: FMI Links. 9. We consider that the following will only have partial application: • FMI Standard 9: Money Settlements, • FMI Standard 15: General Business Risk. 10.

11. Based on the nature of our role (as a rules body only), we do not believe we have critical service providers and hence do not consider that FMI Standard 17B has application to us. We signalled this in the consultation that took place on the section 14 notice (at the start of the year). We do note that both SBI and HVCS (as systems) have critical service providers (namely ESAS and SWIFT) but Payments NZ does not ‘operate’ these systems and does not have arrangements with these critical service providers in relation to the services they provide (our rules require settlement to occur in ESAS as a designated system with the benefits that arise because of this).
12. Similarly, because we are a rules body, we do not consider that the requirements that arise in relation to cyber resilience under FMI Standard 17C should apply to us. They would have much greater relevance to critical infrastructure providers and to financial institutions, but not to Payments NZ when we are only administering rules and are not holding assets. We have emphasised proportionality in previous submissions and, essentially, the need to have regard to the nature of the activities of the FMI.

Submission to the Reserve Bank of New Zealand Page 4 of 43 13. In broad terms, we believe we already have a strong alignment (i.e. observance) with the Pillar II matters that are reflected in the proposed FMI Standards - in terms of our rules, in terms of our governance structures and in how we operate. There has always been a conscious effort on our part to meet the expectations of the PFMI. Indeed, our constitutional objective is to promote interoperable, innovative, safe, open and efficient payment systems (which mirror the safety and efficiency objectives of the PFMI). All significant rule changes over the years have been referred to the Reserve Bank for “no￾objection” letters and the Company seeks a legal opinion which confirms that the rules will be valid, binding and enforceable. We also assess rules changes against the PFMI. We have taken great store from all of this and we have received acknowledgement from the Reserve Bank on the progress we have made towards harmonisation with the international standards e.g. when Part 5 of the rules (on compliance) was introduced. As things stand at the present time, we believe we are compliant with the bulk of the Pillar II matters where it is needed 14. As to the Pillar III matters, we did have reservations about the need for these, on top of the Pillar II matters. That said, we believe we do fulfil the expectations concerning contingency plans where matters apply to us. We do not have critical service providers and cyber has very limited application to us in our circumstances. We will be able to comply with the new obligations in FMI Standards 23A and 23B (disclosing compliance with the FMI Standards, notifying the regulator). 15. Critical infrastructure such as ESAS, SWIFT, the switches and the schemes are part of the wider payments ecosystem. They do not fall under our jurisdiction. We are limited to acting under our rules and we do not have the ability to go beyond them. We do not have the ability to extend our reach beyond our participants from what is provided for in our rules. 16. For the sake of completeness, it is worth recording that both the HVCS and SBI operate using a decentralised model, and there is no clearing house. All direct settlement participants connect directly with the Reserve Bank’s ESAS system via SWIFT. HVCS participants are members of the AVP CUG (owned by the Reserve Bank) and SBI/BECS participants are members of the SBI CUG (owned by Payments NZ). Designation and implementation 17. We note that a transition period is planned to commence in early 2023 and that the end of this is expected to align with the coming into force of designations on 1 August 2023. 18. There is a lot that needs to be done if the 1 August 2023 date is to be achieved. Section 29 of the Act requires the designation notice to specify the documents that set out the FMI’s rules (whether the documents are referred to by name or description). We do not yet know how this is going to be approached by the Reserve Bank, at least in a formal way. There has been an indication in an earlier Cabinet Paper that the documents would be

Submission to the Reserve Bank of New Zealand Page 5 of 43 limited to material aspects of the designated FMI’s functions. This was accompanied by a statement that the joint regulators would not get involved in aspects of the rules that should be left to private contractual arrangements. 19. Based on these statements, it appears to us that the whole rule set of Payments NZ is not likely to be considered for designation. It will be limited to the systemic matters in the rules, leaving operational and product matters outside the scope of the section 29 notice. A segregation of our rules along these lines would make sense to us. 20. Our rule set is voluminous running to some 1600 pages. The rules for SBI straddle two clearing systems and are split between clearing and settlement requirements (on the one hand) and what are essentially operational requirements for products (on the other hand). In general terms, content which can be regarded as being systemically important is blended together with content that is not. 21. This means that it is going to take time to restructure the rules in order for them to be fit for designation, in particular, in terms of identifying the ones that need to be specified (i.e. described) in the designation notice. This contrasts somewhat to the clearly defined (and settled) rule sets that we see in place for ESAS, NZClear, CLS Bank and NZCDC. It is worth recording also that given the highly technical nature of the payments system and the ongoing evolution of products and services for payments, the rules for payments can and do change significantly and much more frequently. 22. It would be helpful to have definitive guidance on the approach of the Reserve Bank, and what will be needed to be done by us to prepare for the designation of our rules. Apart from the considerable work that will be needed on this, there is the process of designation itself which will take time given the statutory requirements that arise under the legislation. There was consultation on a section 14 notice at the beginning of the year but we have heard nothing further on this. And of course the FMI Standards themselves have to be settled taking into account submissions received, and any further time that may be needed by other FMIs to adopt any of the standards. 23. We would be pleased to meet with the Reserve Bank to discuss our submission in more detail, or to discuss the implementation of the FMI Act more generally. Steve Wiggins Chief Executive Payments NZ Limited

Submission to the Reserve Bank of New Zealand Page 8 of 43

Submission to the Reserve Bank of New Zealand Page 9 of 43

Submission to the Reserve Bank of New Zealand Page 12 of 43

Submission to the Reserve Bank of New Zealand Page 14 of 43

Submission to the Reserve Bank of New Zealand Page 15 of 43

Submission to the Reserve Bank of New Zealand Page 16 of 43

Submission to the Reserve Bank of New Zealand Page 22 of 43

Submission to the Reserve Bank of New Zealand Page 24 of 43

Submission to the Reserve Bank of New Zealand Page 26 of 43

Submission to the Reserve Bank of New Zealand Page 27 of 43

Submission to the Reserve Bank of New Zealand Page 29 of 43

Submission to the Reserve Bank of New Zealand Page 31 of 43

Submission to the Reserve Bank of New Zealand Page 32 of 43

Submission to the Reserve Bank of New Zealand Page 34 of 43

Submission to the Reserve Bank of New Zealand Page 41 of 43

Submission to the Reserve Bank of New Zealand Page 42 of 43 Consultation Questions: FMI Standards Q1. What transitional arrangements do you think are necessary for the implementation of the FMI Standards? Are there any particular standards that will be difficult to comply with ahead of the proposed commencement date of 1 August 2023? Payments NZ believes that it observes, or broadly observes, the relevant PFMIs However, we will need to work with the Reserve Bank in relation to our assessment of compliance with the relevant standards. We also note that section 29 of the Act requires the designation notice to specify the documents that set out the FMI’s rules (whether the documents are referred to by name or description) and we do not yet know how this is going to be approached by the Reserve Bank. It will be important for the Reserve Bank to maintain close contact with all the FMIs (where designation is being contemplated) through-out the transition period. Q2. Is the overseas-equivalence framework appropriate? We do not have any comments to make on this. Q3. Do you agree with our proposal in section 7.5 of this paper for certain requirements to cover the failure of the FMI’s two largest participants? This does not appear to have relevance to Payments NZ and we do not have any comments to make on this. Q4. Do you agree with the approach outlined above in sections 7 and 8? If you do not agree, what alternative approaches would be reasonable? Responses as follows: • 7.1 “Must” in place of “Should”: we think a formal carve out process or mechanism is needed when matters do not, or cannot, apply to an FMI, • 7.2 Obligations on the operator: noted, • 7.3 Legal opinion: we believe a negative assurance opinion would be more appropriate especially as we get legal opinions on rule changes on an ongoing basis, • 7.4 Cyber: noted but we do not believe the cyber resilience standard has very much relevance to us when we are purely a rules body and we do not hold assets, • 7.5 Two largest participants: as noted above, we do not believe this has relevance to us, • 7.6 and 7.7 Where there is Reserve Bank involvement: noted, • 7.8 to 7.10 Obligations, Language, Ordering/Numbering: noted, • 7.11 Application to rule setting bodies: we support the tailoring of the standards where the operator controls the rules of the FMI but not the underlying infrastructure. We note that an operator only needs to comply with a standard if it is relevant to them – this seems logical. We were unable to find the additional material in the guidance to provide clarity for rule-setting bodies,

Submission to the Reserve Bank of New Zealand Page 43 of 43 • 7.12 TRs: not relevant to us, • 7.13 Assurance engagement: we have recorded ourselves as being Partly Observed against this item, • 8 Pillar III Standards: As noted above, we do not believe that the cyber resilience standard has very much relevance to us. We do not believe we have critical service providers. We can comply with FMI Standard 23A: Disclosing compliance with the FMI Standards. Although not mentioned in paragraph 8, we can also comply with FMI Standard 23B: Notifying the regulator. Q5. Do you have any feedback on the proposed approach as against the statutory prerequisites and, for the RBNZ, the Financial Policy Remit? We do not have any comments to make on this. Q6. Do you have any other comments or feedback on the documents? Please refer to our submission.