LogoRegulatory Alerts
2024-05-17

Submission of Peso Real-Time Gross Settlement (RTGS) Payment System Attestation Report

The Peso RTGS Management Committee mandates all system participants to submit an annual Attestation Report certifying continued compliance with the Peso RTGS Rules. The report must cover operational, financial, and risk management areas for the period ending 31 December 2023, with the initial submission due on 28 June 2024. Subsequent reports are required annually by the last banking day of January.

Bangko Sentral ng Pilipinas logo

Philippines

Bangko Sentral ng Pilipinas

Click to view thumbnail

THE PESO REAL-TIME GROSS SETTLEMENT MANAGEMENT COMMITTEE MEMORANDUM NO. M-2024-____ To : All Peso Real-Time Gross Settlement Payment System Participants Subject : Submission of Peso Real-Time Gross Settlement (RTGS) Payment System Attestation Report

Pursuant to Section 614 of the Peso RTGS Rules on Reporting Requirements, all participants are required to submit an annual Attestation Report (Attachment 1) certifying that they continue to comply with the terms and conditions on participation in the Peso RTGS Payment System. The Attestation Report covers the following areas for the period 1 January to 31 December 2023:

  1. Laws and Regulations on Payment System
  2. Operational Requirements
  3. Financial Requirements
  4. Risk Management
  5. Collaborative Activities
  6. Reporting Requirements
  7. Data Confidentiality
  8. Sponsorship Arrangements Participants must write N/A under the column “Compliant (C) or Non-Compliant (NC)” in Attachment 2 in response to Compliant State items that do not apply to them. The maiden report is due on 28 June 2024. The deadline for succeeding annual reports is the last banking day of January every year. For compliance. MARY ANNE P. LIM Chairperson ___ May 2024 Electronically signed dtd. 17/05/2024 17

Attachment 1 Attestation Report For the year ended 31 December 20XX I, <NAME OF PRESIDENT OR EQUIVALENT>, < PRESIDENT OR EQUIVALENT>, on behalf of the <INSTITUTION NAME (SHORT NAME)>, hereby certify to the best of my knowledge that <SHORT NAME> complies with the Bangko Sentral ng Pilipinas (BSP) Memorandum No. M-2022-049 dated 22 November 2022 on the Peso Real-Time Gross Settlement (RTGS) Rules, and all policies, guidelines, and advisories supplementing such rules, as shown in Attachment 2, except for: • Non-complied provision 1 • Non-complied provision 2 • Non-complied provision 3 • Non-complied provision 4 Aforementioned requirement/s shall be complied by <DD Month 20XX>. I also certify that all relevant documents in support of the foregoing statements are kept on file and are readily available for verification by the BSP. This attestation issued on XX January 20XX is submitted in compliance with Section 614 of the Peso RTGS Rules. Signed: <SIGNATURE> <NAME OF AUTHORIZED OFFICER> <President or Equivalent> Bank Logo

Attachment 2 Compliant (C) or Non-compliant (NC) Remarks 1 Laws and Regulations on Payment System a b c 2 Operational Requirements a

  • Uses the messaging channels allowed and protocols set by the BSP
  • Updates SWIFT channels registered with the BSP (if applicable)
  • Updates VPN-STP channels registered with the BSP (if applicable)
  • Complies with the payment messaging standard including the mandatory message contents, required by the BSP
  • Ensures that VPN accounts and IP address/es registered with the BSP are active and updated (Annex A), while inactive VPN accounts are requested for deactivation/deletion by the BSP as soon as the concerned VPN users are no longer authorized to access the Peso RTGS system
  • Cleans up and reviews TMS/x user profiles semi-annually at a minimum
  • Makes certain that TMS/x users registered by the BSP or by the participant are active and updated (Annex B) while inactive TMS/x accounts are requested for deactivation/deletion by the BSP as soon as the concerned TMS/x users are no longer authorized to access the Peso RTGS system
  • Assures that TMS/x users access the system in accordance with their approved roles and authorities
  • Assures that all TMS/x users with ‘sender’ role are registered with the BSP
  • Assures that the names of the TMS/x users enrolled by the <INSTITUTION NAME (SHORT NAME: ________________ _________________)> follow the prescribed naming convention
  • Implements operational and/or technical changes required to maintain compatibility of own system with the Peso RTGS system Management of system access and operational requirements Compliant State Complies with laws and regulations on payment systems Aligns its operation with the principles for Financial Market Infrastructures (FMIs), as applicable Possesses the necessary licenses and membership(s) to be able to maintain participation in the payment system Page 1 of 3

Compliant (C) or Non-compliant (NC) Remarks

  • Updates the following documents regularly or upon request by the BSP: i. Secretary’s certificate listing the participant’s authorized signatories ii. Directory iii. Email recipients of advisories iv. Authorized email senders (via the Email Address Registration Form) v. MS Teams site guest accounts (via the MS Teams Site Guest Account Form)
  • Stores/protects smart cards and makes sure that these are non-transferrable
  • Configures TMS/x workstations to enable acceptance of smart cards
  • Renews smart cards at least one (1) month before its expiration date b Information Security Measures
  • Adopts secure mechanisms to prevent unauthorized access to the Peso RTGS system
  • Implements cyber security programs to safeguard the payment system against cyber attacks c Incident Management
  • Reports immediately any problem on system access, report generation, transaction monitoring, receipt of settlement notifications, and other relevant issues after determining that the problem is attributable to external factors based on investigation and support conducted by their IT teams
  • Coordinates with the BSP through available communication channels and makes available any assistance and resource expected on its end in order to contribute to efficient problem resolution 3 Financial Requirements a b c 4 Risk Management a b c Manages its daily liquidity positions and credit exposures to sufficiently cover its payment transactions and cause no settlement failure Adopts policies, procedures, and controls which are aimed at mitigating legal, credit, liquidity, general business, and operational risks Covers not only the risks to itself but also those that it poses to the payment system Avoids scheduling settlements near the close of business as this practice introduces higher risks to the payment system Maintains sound financial condition Informs the BSP of its own financial issues that may affect its ability to settle transactions on a timely basis Compliant State Page 2 of 3

Compliant (C) or Non-compliant (NC) Remarks d e

  • Reviews and tests its BCP at least annually
  • Ensures readiness to switch to alternate/ recovery/ fallback sites
  • Establishes back-up facilities and recovery strategies
  • Adopts a joint BCP with the BSP, if applicable 5 Collaborative Activities a b c 6 Reporting Requirements a b c 7 Data Confidentiality a 8 Sponsorship Arrangements a b c Makes certain that all sponsorship arrangements are covered by a formal contract between the sponsoring and sponsored participants, providing at a minimum the requirements under Section 605 of the Peso RTGS Rules Guarantees that sponsorship risk-mitigating measures are in place Submits the Attestation Report annually or upon request, certifying continued adherence to the terms and conditions of participation Requests manual settlement only in situations allowed by BSP such as when technical or connnectivity issues to the Peso RTGS system arise or a payment has been erroneously credited to any of the settlement accounts of BSP Participates in the testing activities conducted by the BSP, including user acceptance tests and Integrated Business Continuity Exercises (IBCE) Maintains strict confidentiality of all transactions, data, and/or information obtained or drawn in the course of participation in the Peso RTGS Payment System Complies with other reporting requirements of the payment system operator nothing follows Submits the Monthly Monitoring Report on Sponsored Participation on or before the 10th calendar day after the end of the reference month Performs due diligence on sponsored participant/s (Annex C) Compliant State Operates with a resilient, documented, and tested Business Continuity Plan (BCP) Participates in the PhilPaSS plus Forum, user training sessions, or any other PhilPaSS plus stakeholder event Submits client satisfaction surveys biannually or upon request by the BSP Page 3 of 3

PhilPaSSplus VPN Access of <INSTITUTION NAME (SHORT NAME)> as of 31 December 2023 List of active VPN Client accounts REMOTE VPN No. VPN Account Name of User (Last Name, First Name, M.I.) 1 PB_BXYZ_DELACRUZJ Dela Cruz, Juan C. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 add rows/sheets as necessary List of active static public IP addresses SITE-TO-SITE VPN No. IP Address 1 XX.XX.XX.XX 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 add rows/sheets as necessary Annex A

PhilPaSSplus TMS/x Access of <INSTITUTION NAME (SHORT NAME)> as of 31 December 2023 List of active TMS/x user profiles TMS/X USERS No. Username Name of User (Last Name, First Name, M.I.) 1 BXYZDELACJZ Dela Cruz, Juan C. 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 add rows/sheets as necessary Annex B

Sponsored Financial Institutions of <INSTITUTION NAME (SHORT NAME)> in PhilPaSSplus as of 31 December 2023 Sponsored Financial Institutions (FI) No. Name of FI Sponsored Transactions 1 Rural Bank of XXXXX Instapay, PESONet, Check Clearing 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 add rows/sheets as necessary Annex C

Share