Decision on Payment System Oversight

Pursuant to Article 44 paragraph 2 point 3 of the Central Bank of Montenegro Law (OGM 40/10, 46/10, 06/13) and Article 162 paragraphs 3, 4 and 6 of the Payment System Law (OGM 62/13), the Central Bank of Montenegro Council, at its meeting held on 10 November 2014, passed the following DECISION on payment system oversight I. BASIC PROVISIONS Article 1 This decision regulates the Central Bank of Montenegro (hereinafter: the Central Bank) oversight of the payment system’s operations by carrying out the activities aimed at providing and promoting safety and efficiency of the functioning of payment systems, for the purpose of maintaining financial system stability. Article 2 Payment systems’ operations oversight shall be performed by assessing their compliance with the principles for the payment system functioning set forth in this decision (hereinafter: the Principles for payment system functioning) on the basis of international standards and principles, in particular, the Principles for Financial Market Infrastructures which were determined in April 2012 by BIS Committee on Payment and Settlement Systems (CPSS) and the International Organization of Securities Commissions (IOSCO) (hereinafter: the Principles for financial market infrastructures). Article 3 When assessing the compliance of the payment system’s operations with individual principles for payment system functioning, the Central Bank shall take with due consideration key determinants for the assessment of the compliance with such principle set forth in the Principles for the payment system functioning and documents for their implementation as well as with the regulations and documents of the European Central Bank on oversight requirements for systemically important payment systems and oversight framework for non￾systemically important payment systems.

II. PRINCIPLES FOR PAYMENT SYSTEM FUNCTIONING Article 4 Principles for payment system functioning shall be as follows: Principle 1: Legal basis A payment system should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Principle 2: Governance A payment system should have governance arrangements that are clear and transparent, promote the safety and efficiency of the payment system, and support the stability of the financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Principle 3: Framework for the comprehensive management of risks A payment system should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Principle 4: Credit risk A payment system should effectively measure, monitor, and manage its credit exposure to participants and those arising from its payment, clearing, and settlement processes. A payment system should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. Principle 5: Collateral A payment system that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. A payment system should also set and enforce appropriately conservative haircuts and concentration limits. Principle 6: Liquidity risk A payment system should effectively measure, monitor, and manage its liquidity risk. A payment system should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the payment in extreme but plausible market conditions. 2

Principle 7: Settlement finality A payment system should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, a payment system should provide final settlement intraday or in real time. Principle 8: Money settlements A payment system should conduct its money settlements in central bank money where practical and available. If central bank money is not used, a payment system should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money. Principle 9: Payment versus payment If a payment system settles transactions that involve the settlement of two linked obligations, it should eliminate principal risk by using payment versus payment mechanism and ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs. Principle 10: Participant-default rules and procedures A payment system should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the payment system can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Principle 11: General business risk A payment system should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Principle 12: Custody and investment risks A payment system should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. A payment system’s investments should be in instruments with minimal credit, market, and liquidity risks. Principle 13: Operational risk A payment system should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the payment system’s obligations, including in the event of a wide-scale or major disruption. 3

Principle 14: Access and participation requirements A payment system should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Principle 15: Tiered participation arrangements A payment system should identify, monitor, and manage the material risks to the payment system arising from tiered participation arrangements. Principle 16: Efficiency and effectiveness A payment system should be efficient and effective in meeting the requirements of its participants and the markets it serves. Principle 17: Communication procedures and standards A payment system should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Principle 18: Disclosure of rules, key procedures, and market data A payment system should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the system. All relevant rules and key procedures should be publicly disclosed.

III. COMPLIANCE ASSESSMENT OF THE PAYMENT SYSTEM OPERATIONS Article 5 The operation of the systemically important payment systems should be complied with all principles for the functioning of the payment systems. The operation of non-systemically important payment systems should be complied with individual principles for functioning of the payment system, which are determined by principles and documents under Article 3 herein for such type of the payment system. Article 6 On the basis of the assessment of the payment system compliance with each principle from the Principles for payment system functioning, the Central Bank shall assign rating of the assessment of the compliance of such payment system as follows: 4

• Compliant: The system is fully compliant with individual principles for payment system functioning. Any identified gaps and shortcomings are not issues of concern and are minor, manageable and of a nature that the payment system could consider taking them up in the normal course of its business.
• Largely compliant: The system is largely compliant with individual principles for payment system functioning. The assessment has identified one or more issues of concern that the payment system should address and follow up on in a defined timeline.
• Partly compliant: The system is partly compliant with individual principles for payment system functioning. The assessment has identified one or more issues of concern that could become serious if not addressed promptly. The payment system should accord a high priority to addressing these issues.
• Not compliant: The system is not compliant with individual principles for payment system functioning. The assessment has identified one or more serious issues of concern that warrant immediate action. Therefore, the payment system should accord the highest priority to addressing these issues.
• Not applicable: The principle for payment system functioning does not apply to the type of payment system being assessed because of the particular legal, institutional, structural or other characteristics of the payment system. Article 7 Depending on the level of the assessment of compliance of payment system with individual principles for payment system functioning and overseeing the operations of such payment system, the Central Bank shall initiate changes in the payment system and undertake other appropriate activities for the purpose of providing adequate compliance of the payment system with such principle. IV. METHODOLOGY FOR THE ASSESSMENT OF THE PAYMENT SYSTEM’S OPERATIONS COMPLIANCE Article 8 The assessment of the compliance of the payment system’s operations with the Principles for functioning of payment system shall include: 5

1. Preparation of the compliance assessment of payment system’s operations,
2. Assessment of the level of compliance of payment system’s operations, and
3. Drafting of the compliance assessment report of payment system’s operations. Article 9 Preparation for compliance assessment of the payment system’s operation shall include in particular:

• Identifying the payment system to be assessed;
• Defining type of compliance assessment of the payment system;
• Notifying the payment system operator of the type of compliance assessment to be undertaken and its implementation plan;
• Providing payment system operator with a questionnaire for the purpose of gathering information and other documents pertaining the system functioning specifying the deadlines for the completion and return of the questionnaire. Article 10 Central Bank’s staff authorised by the Central Bank shall perform the compliance assessment of the payment system’s operations. By way of derogation from paragraph 1 above, the Central Bank may authorise other relevant institutions for performing the compliance assessment of the payment system’s operation which operator is the Central Bank, and for performing individual tasks during the overseeing of the payment system’s operations the Central Bank may authorise also persons not employed by the Central Bank. Article 11 The Central Bank shall perform the compliance assessment of the payment system’s operations with the Principles for the functioning of the payment systems as follows:

1. On-site – through direct insight in the payment system’s operations, and/or

2. Off-site – through monitoring and analysing information, statistical data, reports and other documents relating to the payment system functioning, and which are submitted by the payment system operator to the Central Bank upon its request. Article 12 The assessment of the compliance of the payment system’s operations with the Principles for the functioning of the payment systems may be: 6

3. partial, when the assessment of the compliance of the payment system functioning is undertaken in relation to one or more principles for the payment system functioning, and

4. full, when the assessment of the compliance of the payment system functioning is undertaken in relation to all principles for the payment system functioning. Article 13 The Central Bank shall notify the payment system operator on the planned on￾site insight in the payment system operations, as a rule, 10 business days prior to the commencement of the assessment. Notwithstanding paragraph 1 above, if the Central Bank assesses from the report, information or other documents that there are irregularities in the payment system operations that may be important for the safety and stability of the functioning of the financial system, it may commence on-site insight in the operations of such payment system without prior notification. Article 14 A payment system operator shall enable authorised persons of the Central Bank undisturbed insight in the documentation and functioning of the information technology and computer database of the payment system and it shall provide, upon the request of the authorised persons, hard and/or electronic copies of certain documents. Article 15 Report shall be made on the completed assessment of the compliance of payment system’s operations with the principles for functioning of payment systems (hereinafter: the Assessment Report). The Assessment Report shall contain in particular:

• a brief description of the payment system subject to the assessment (type of the system, number and category of the system’s participants, key statistical data concerning the payment system functioning, and the like);
• type of the completed compliance assessment of the payment system operations;
• sources of information used for the assessment;
• assessment of the level of compliance of the payment system operations;
• description of potential irregularities, and
• recommendations to be considered and implemented by the payment system operator depending on the level of compliance with each of the principles. 7

The Assessment Report shall be confidential and it shall not be published partially or fully without the authorisation of the Central Bank. Article 16 A payment system operator may submit to the Central Bank comments on the Assessment Report within eight business days following that of its reception. The Central Bank may check directly statements of the payment system operator contained in the comments on the Assessment Report and if it deems necessary, it shall draw up amendments to the report against which payment system operator may submit comments within three days following that of their reception. The Central Bank shall discuss objections obtained within eight days following that of the reception thereof and it shall notify in writing payment system operator on accepting or denying such comments and shall draw up final Assessment Report. Article 17 The Central Bank shall submit the final Assessment Report to the payment system operator subject to the assessment. Upon delivery of the Assessment Report, the Central Bank shall hold consultations with the payment system operator concerning the plan of activities and deadlines for the implementation of the recommendations. The Central Bank shall follow up the activities on the implementation of recommendations from the Assessment Report based on information and documents on their implementation submitted by the payment system operator. Upon the expiry of deadline for the implementation of the recommendations, the Central Bank shall check if the respective recommendations have been implemented and shall draw up the report thereof. V. FINAL PROVISION Article 18 Decision on the manner of the payment system supervision (OGM 24/09) shall be repealed with effect from the date of entry into force of this decision. 8

9 Article 19 This decision shall enter into force on the eighth day following that of its publication in the Official Gazette of Montenegro and it shall apply from 1 January 2016.

THE COUNCIL OF THE CENTRAL BANK OF MONTENEGRO CHAIRMAN G O V E R N O R, Decision number: 0101-4014/63-11 Podgorica, 10 November 2014 Milojica Dakić, m.p.