Decision on Finality of Settlement in Payment Systems

Based on Article VII of the Constitution of Bosnia and Herzegovina, Article 2, paragraph (3), point c), and Article 7, paragraph (1), point b), and Article 70 of the Law on the Central Bank of Bosnia and Herzegovina ('Official Gazette of BiH', nos. 1/97, 29/02, 8/03, 13/03, 14/03, 9/05, 76/06, and 32/07), the Governing Board of the Central Bank of Bosnia and Herzegovina, at its 6th session held on June 4, 2025, adopts

DECISION on the finality of settlement in payment systems

PART I – INTRODUCTORY PROVISIONS

Article 1. (Subject Matter) This Decision regulates the finality of settlement in the payment system, payment system operators and participants, the operation of the payment system, supervision of the operation of payment systems, consequences of insolvency proceedings against a participant, the applicable law for the rights and obligations of participants against whom insolvency proceedings are conducted, and the rights of the recipient of a guarantee instrument in the event of insolvency proceedings against the provider of the guarantee instrument.

Article 2. (Definitions) (1) For the purposes of this Decision, certain terms have the following meanings:

payment system is a system for the transfer of funds with formal and standardized procedures and common rules for the processing, clearing, and/or settlement of payment transactions;

interoperable payment system is a system whose operator has concluded an agreement with the operator, or operators, of one or more payment systems, which includes the execution of transfer orders between those payment systems. An agreement concluded between interoperable payment systems does not constitute a payment system within the meaning of this Decision;

participant of a payment system is an institution, central counterparty, settlement agent, clearing organization, system operator, and indirect participant;

indirect participant is an institution, central counterparty, settlement agent, clearing organization, or payment system operator that is in a contractual relationship with a participant of the payment system in which transfer orders are executed, which enables the indirect participant to execute transfer orders through the payment system, provided that such indirect participant is known to the payment system operator;

payment system operator is the entity responsible for the operation of the payment system. The payment system operator may also act as a settlement agent, central counterparty, or clearing organization;

institution (establishment) is

a bank or other credit institution, investment company , public body and public trading company,

the Central Bank of Bosnia and Herzegovina, the European Central Bank and national central banks of Member States, payment institution and electronic money institution;

central counterparty is a legal person that intermediates between other contracting parties in contracts traded on one or more financial markets, and becomes the buyer to every seller and the seller to every buyer;

settlement agent is an entity that opens settlement accounts for institutions and/or central counterparties participating in the payment system through which transfer orders within the payment system are executed and, depending on the case, grants credit to those participants for the purpose of settlement;

clearing organization is an entity responsible for calculating the net positions of institutions, central counterparties, and/or settlement agents if they participate in the payment system;

payment institution is a legal person that has obtained permission from the competent authority to provide and perform payment services in Bosnia and Herzegovina;

electronic money institution is a legal person that has obtained permission from the competent authority to issue electronic money in Bosnia and Herzegovina;

investment company is any legal person whose regular activity is providing investment services to third parties and/or performing investment activities on a professional basis within the meaning of the law regulating the securities market;

payment service provider is an entity authorized to provide payment services or perform payment transactions in accordance with the regulation on payment transactions or payment services;

clearing is the conversion of claims and obligations resulting from transfer orders initiated or received by a participant or participants from one or more other participants into a single net claim or a single net obligation, with the consequence that only the net amount is claimed or owed;

settlement account is an account at the Central Bank of Bosnia and Herzegovina or the settlement agent used for the recording of funds and for the settlement of transactions between participants in the payment system;

payment order is an instruction from the payer or payee to their payment service provider, requesting the execution of a payment transaction;

outsourcing is the contractual entrustment to third parties of operational activities of the payment system operator that they would otherwise perform themselves;

payment transaction is the deposit, withdrawal, or transfer of funds initiated by the payer or on their behalf and for their account, or initiated by the payee, regardless of the nature of the obligations arising from the relationship between the payer and the payee;

international payment transaction is a payment transaction in the execution of which two payment service providers participate, one of which is located in Bosnia and Herzegovina and the other in another country;

national payment transaction is a payment transaction in the execution of which the payer's payment service provider and the payee's payment service provider participate, or only one payment service provider located in Bosnia and Herzegovina participates;

funds are banknotes and coins, electronic money within the meaning of the law governing electronic money, and other monetary claims against the payment service provider (book money);

systemic risk is the risk caused by disruption in the operation of the payment system or the inability of participants in the payment system to fulfill their obligations related to the functioning of the payment system, the consequence of which is the inability of other participants in the payment system to fulfill their obligations or the disruption of the security of payment transactions and the financial system as a whole;

working day is the period determined by the rules of operation of the payment system, which covers all events during one business cycle of the payment system, including day and night settlements.

(2) Expressions used in this Decision that have gender significance apply equally to the masculine and feminine gender.

PART II - ESTABLISHMENT AND OPERATION OF PAYMENT SYSTEMS

Chapter I – Concept and Conditions for Establishing the Operation of a Payment System

Article 3. (Payment System) (1) A payment system in Bosnia and Herzegovina is a system through which transfer orders from Article 29 of this Decision are executed, and which meets the following conditions:

it has at least three participants, excluding the operator of that system, the settlement agent, the central counterparty, the clearing organization, or the indirect participant, it has common rules and standardized procedures for the execution, clearing, and settlement of transfer orders between participants, the rules of system operation determine the moment of acceptance and the moment of irrevocability of the transfer order, Bosnian and Herzegovinian law applies to the system, at least one participant has its seat in Bosnia and Herzegovina, it operates in convertible marks or in another currency or in multiple currencies that are converted into each other in the system.

(2) The Central Bank decides whether a system meets the conditions from paragraph (1) of this Article.

Article 4. (Payment System Operator) (1) The payment system is managed by the payment system operator. (2) The payment system operator may be:

the Central Bank of Bosnia and Herzegovina, a bank or other credit institution with its seat in Bosnia and Herzegovina, an electronic money institution with its seat in Bosnia and Herzegovina, a payment institution with its seat in Bosnia and Herzegovina, another legal person with its seat in Bosnia and Herzegovina as a joint-stock company or limited liability company, and a branch of a legal person from another country with its seat in Bosnia and Herzegovina.

(3) The payment system operator may perform other activities if the law governing those activities does not stipulate otherwise.

Article 5. (Duties of the Payment System Operator) (1) The payment system operator is obliged to ensure the daily secure and stable functioning of the payment system. (2) The payment system operator is particularly obliged, proportionate to the type, volume, and complexity of the activities arising from the rules of operation of the payment system, to ensure:

that the payment system has an appropriate, suitable, reliable, and satisfactory information system for performing all functions in accordance with the rules of operation of the payment system, as well as a business continuity plan, an organizational structure with well-defined, clear, and consistent hierarchy of authority and responsibility, including the personnel structure, risk management to which the payment system is exposed or may be exposed, appropriate processes for storage, supervision, and monitoring, and limiting access to sensitive payment data, and compliance of the payment system with internationally accepted principles for payment systems.

(3) The Central Bank may prescribe other obligations for the payment system operator.

(4) The payment system operator is obliged to notify participants of the payment system without delay, immediately upon becoming aware, of any significant operational or security incident that affects or may affect the financial interests of the participants of the payment system, and of all available measures that participants of the payment system can take to mitigate the harmful consequences of the incident.

(5) The payment system operator is obliged to provide the Central Bank with data on participants and indirect participants and data on any changes thereto.

Article 6. (Participants in the Payment System) (1) A participant in the payment system may be:

a payment service provider, the operator of that payment system, another payment system, or the operator of another payment system from Bosnia and Herzegovina or another country, another legal person in accordance with the rules of operation of that payment system, which may be an institution, central counterparty, settlement agent, and clearing organization.

(2) In accordance with the rules of operation of the payment system, one participant may act as a central counterparty, settlement agent, or clearing organization, or may perform all of these activities or only some of them.

(3) A participant of the payment system may participate in the payment system indirectly or directly, through another participant.

(4) Payment service providers with their seat in Bosnia and Herzegovina are obliged to notify the Central Bank as soon as possible about any payment system in which they participate indirectly or directly, and about the operator of that payment system, regardless of whether the system operates on the territory of Bosnia and Herzegovina or another country.

Article 7. (Payment Systems of the Central Bank) (1) The Central Bank establishes payment systems in accordance with the Law on the Central Bank of Bosnia and Herzegovina. (2) The Central Bank is the owner, operator, and settlement agent of the payment systems from paragraph (1) of this Article and adopts the rules of operation for those payment systems.

Article 8. (Permission for the Operation of a Payment System) (1) The Central Bank issues a permission for the operation of a payment system. (2) Exceptionally from paragraph (1) of this Article, the Central Bank does not issue a permission for the operation of:

a payment system that is part of a card payment scheme, a payment system consisting exclusively of one payment service provider, and a payment system for which the Central Bank is the operator, in accordance with Article 7 of this Decision.

(3) The payment system from paragraph (1) of this Article cannot begin operation before the issuance of the permission for operation.

(4) The payment system operator is obliged to notify the Central Bank of the start of the operation of the payment system no later than 30 days before the start of the operation of the payment system and provide data on the name and seat of each participant in the payment system.

(5) The payment system operator from paragraph (2), points a) and b) of this Article is obliged to notify the Central Bank of the intention to start the operation of the payment system, no later than 30 days before the start of the operation of the payment system, and provide the rules of operation of the payment system and data on the name and seat of each participant in the payment system.

Article 9. (Conditions for Issuing Permission for the Operation of a Payment System) (1) A legal person with its seat in Bosnia and Herzegovina that intends to manage a payment system must meet all of the following conditions:

that, given the need to ensure reliable and prudent management of the payment system, the holder of a qualifying holding in the payment system operator is appropriate, which particularly includes good reputation and financial standing, that members of the management board or executive directors of the payment system operator have good reputation and appropriate knowledge and experience for managing the payment system, or that in the case of a payment system operator that, in addition to managing the payment system, engages in other activities, there is a responsible person for conducting business related to the management of the payment system, and that this person has good reputation and appropriate knowledge and experience for managing the payment system, and that members of the management board or executive directors of the payment system operator have good reputation, that the information system of the payment system is appropriate, suitable, reliable, and satisfactory in relation to the performance of all functions provided for by the rules of operation of the payment system, that the rules of operation of the payment system contain all elements from Article 11 of this Decision and that the application of the rules of operation ensures appropriate protection from systemic risk and other risks related to the functioning of the payment system, that, taking into account the need to ensure reliable and prudent management of the payment system, the payment system operator has established an effective and reliable management system that includes a clear management system with well-defined, clear, and consistent lines of authority and responsibilities, an effective procedure for identifying, managing, monitoring, and reporting on all risks to which the payment system is exposed or may be exposed, and appropriate internal control mechanisms that include at least the functions of risk control, internal audit, and compliance of business with regulations and standards, including appropriate administrative and accounting procedures, whereby the aforementioned management system, internal control mechanism, and administrative and accounting procedures are appropriate, proportionate, reliable, and sufficient given the nature, volume, and complexity of the payment system, that it is capable of stable operation with an appropriate organizational, technical, and personnel structure, that the payment system meets all other conditions from Article 17, paragraph 1 of this Decision, and that there are no other reasons that endanger or may endanger the safe and stable operation of the payment system.

(2) The assessment of the appropriateness of the holder of a qualifying holding and the assessment of good reputation from this Article are carried out in accordance with Article 10 of this Decision.

Article 10. (Assessment of Appropriateness and Reputation of the Holder of a Qualifying Holding) (1) In assessing the appropriateness of the holder of a qualifying holding, the following criteria are taken into account:

the reputation of the holder of a qualifying holding, the financial standing of the holder of a qualifying holding, particularly in relation to the type of activities performed by the payment institution in which the holder has a qualifying holding, and the ability of the holder of a qualifying holding to influence the legality of the business of the payment institution.

(2) In assessing good reputation, the following circumstances are taken into account:

whether the person has achieved successful results through their previous professional work, whether the person has been finally convicted or if an investigation has been initiated against them or criminal proceedings are being conducted against them for criminal offenses, whether the person is an accomplice of a person convicted of a criminal offense that is prosecuted ex officio, and whether the person has been finally convicted for misdemeanors provided for by laws governing financial business, if this could call into question the legality, security, or stability of the provision of payment services.

Article 11. (Rules of Operation of the Payment System) (1) The payment system is obliged to operate according to the rules of operation of that payment system. (2) The rules of operation of the payment system regulate standardized procedures and common rules for the processing, clearing, and/or settlement of payment transactions between its participants. (3) The rules of operation of the payment system must contain:

participants in the payment system by type and description of their role in the payment system, conditions for participation and cessation of participation of participants in the payment system, payment transactions that are cleared and/or settled in the payment system, basic principles of clearing and/or settlement of payment transactions, currency, or currencies, with which business is conducted in the payment system, method and conditions for the execution of payment transactions, including the form and content of payment transactions, procedures for informing participants about clearing and/or settlement, method of data protection against misuse, and the moment of acceptance and irrevocability of the transfer order.

(4) The rules of operation of the payment system cannot be changed subsequently without the prior consent of the Central Bank.

(5) The payment system operator submits a request for consent for the amendment of the rules of operation of the payment system to the Central Bank at least two months before their amendment.

(6) Exceptionally from paragraph (5) of this Article, the payment system operator submits a request for consent for the amendment of the rules of operation of the payment system in a shorter period if the amendment of the rules is necessary due to an urgent increase in the level of security of the payment system or for another justified reason.

(7) The Central Bank decides on the rules of operation of the payment system in the procedure for issuing the permission for operation.

Article 12. (Access to Payment Systems) (1) The rules of operation of the payment system governing access to the payment system for payment service providers that are legal persons and who have obtained permission from the competent authority or are entered in the register kept by the competent authority must be objective, non-discriminatory, and proportionate, and cannot restrict access more than necessary to ensure protection from specific risks such as settlement risk, operational risk, and business risk, and to protect the financial and operational stability of the payment system.

(2) Payment systems must not impose any of the following restrictions on payment service providers, users of payment services, or other payment systems:

restrictive rules on actual participation in other payment systems, rules that discriminate among payment service providers who have obtained approval to provide payment services or among registered payment service providers in terms of their rights and obligations as participants of the payment system, and restrictions based on institutional status.

(3) The provisions of this Article do not apply to payment systems that consist exclusively of one payment service provider or of payment service providers belonging to the same group.

(4) A participant of the payment system that has allowed a payment service provider, who is not a participant of that payment system, the possibility of sending payment orders through the payment system, is obliged to provide the same possibility to another payment service provider who requests it from them in an objective, proportionate, and non-discriminatory manner.

(5) A participant of the payment system is obliged to provide a detailed explanation for any rejection of the request from paragraph (4) of this Article.

Article 13. (Conditions for Participation of Payment Institutions and Electronic Money Institutions in Payment Systems Where Finality of Settlement is Performed) (1) A payment institution and an electronic money institution that wishes to participate and participates in a payment system where finality of settlement is performed, in order to preserve stability, integrity, and integrity of the payment system, must continuously have established and documented the following:

measures for the protection of funds of users of payment services, management systems and internal control mechanisms for payment services and/or electronic money issuance services that it provides, including administrative and accounting procedures and risk management procedures, as well as rules for the use of information and communication technology (ICT) services in accordance with regulations governing ICT risk management, a plan for the cessation of business of the payment institution and electronic money institution, or cessation of the provision of payment services, which must be adapted to the size and business model of the payment institution and electronic money institution, and must include a description of mitigation measures that the payment institution and electronic money institution will adopt in the event of cessation of the provision of payment services for the purpose of ensuring the execution of unexecuted payment transactions and the termination of existing contracts.

(2) Measures for the protection of funds of users of payment services from paragraph (1), point a) are:

if the funds of users of payment services are protected by holding them in a special account at banks or by investing in safe, liquid, and low-risk forms of assets in a manner determined by the competent authority of that payment institution and electronic money institution, and this, depending on the case: investment policy that ensures that selected forms of assets are liquid, safe, and low-risk, the number and functions of persons who have access to the account of protected funds, management and reconciliation procedures that ensure that the funds of users of payment services are protected from claims of other creditors of the payment institution and electronic money institution, particularly in the event of opening insolvency proceedings against the payment institution and electronic money institution within the meaning of the provisions on finality of settlement in payment systems, contract or draft contract with the bank, and explicit statement of the payment institution and electronic money institution regarding compliance with the provisions of regulations on payment transactions or payment services related to the protection of funds of users of payment services.

if the payment institution and electronic money institution protect the funds of users of payment services with an insurance policy of an insurance company or a comparable guarantee of an insurance company or bank, it must have established and documented the following measures: confirmation that the insurance policy or comparable guarantee of an insurance company or bank was issued by an entity that is not part of the same group to which the payment institution and electronic money institution belong, detailed reconciliation procedure that ensures that the insurance policy or comparable guarantee is sufficient at all times to fulfill the obligation of the payment institution and electronic money institution to protect funds, duration and conditions for renewing coverage, and a copy of the contract or draft contract on insurance or comparable guarantee.

(3) Management systems and internal control mechanisms for payment services and/or electronic money issuance services that it provides, including administrative and accounting procedures and risk management procedures from paragraph (1), point b), include: risk mapping identified by the payment institution and electronic money institution, including the type of risk and procedures that the payment institution and electronic money institution has established or will establish to assess and prevent such risks, different procedures for the implementation of temporary and permanent controls, including a description of frequency and assigned human resources, accounting procedures for the purpose of keeping records and reporting financial information by the payment institution and electronic money institution, identity of the person or persons responsible for internal control functions, including for temporary and permanent controls and compliance controls, as well as their CVs, identity of every person who performs audit that is not a statutory audit within the meaning of the law governing audit, composition of the management body and, if applicable, supervisory body or committee, the manner in which outsourced functions are supervised and controlled to prevent disruption of the quality of internal controls of the payment institution and electronic money institution, the manner in which branches are supervised and controlled within the internal controls of the payment institution and electronic money institution, and group management, if the payment institution and electronic money institution is a subsidiary of a regulated entity from another country.

(4) Measures from paragraph (2), point b) of this Article must prove that management procedures, internal control mechanisms, and procedures for the use of ICT services are proportionate, appropriate, reliable, and sufficient.

(5) The payment institution and