NPS Oversight Policy Framework

1 NPSS Oversight Policy Framework NATIONAL PAYMENT & SETTLEMENT SYSTEMS OVERSIGHT POLICY FRAMEWORK FEBRUARY 2019

2 NPSS Oversight Policy Framework Table of Contents Definitions ......................................................................................3 Acronyms and Abbreviations .................................................................4

1. Introduction ...............................................................................5
2. The National Payment System..........................................................6 2.1 Current State of the NPS...........................................................7 2.1.1Financial Market Infrastructures............................................7 2.1.2Retail Payment Systems and Instruments .................................8 2.2 Future Development of the NPS ..................................................8
3. Oversight of the National Payment System...........................................9 3.1 The Objectives of Oversight.......................................................9 3.2 The Scope of Oversight........................................................... 11 3.3 The Instruments of Oversight ................................................... 12 3.3.1Monitoring & Analysis ...................................................... 12 3.3.2Rules & Standards .......................................................... 12 3.3.3Policy, Research & Development......................................... 13 3.3.4Policy dialogue .............................................................. 14 3.4 The Activities of Oversight ...................................................... 14
4. The Organization of the Oversight Function at the Central Bank of Eswatini. 21 4.1 Policy, Research & Development................................................... 21 4.2 Systems Analysis & Monitoring (Administrative) ................................. 21 4.3 Assessment & Compliance........................................................... 22
5. ANNEXURES.............................................................................. 23 A. Principles for Financial Market Infrastructures.................................... 23 B. Responsibilities of central banks, market regulators, and other relevant FMIs authorities ................................................................................. 26 C. General Principles for International Remittance Services ....................... 28 D. Typical Risks in Payment and Settlement Systems ............................... 29
6. REFERENCES ............................................................................. 31

3 NPSS Oversight Policy Framework DEFINITIONS In this Oversight Framework, unless the context otherwise indicates – “Act” means the Central Bank of Swaziland Order 1974; “Bank” means the Central Bank of Eswatini as referred to in the Central Bank of Swaziland Order, 1974; “bank” means a company incorporated in accordance with the provisions of the Companies Act, which is licensed under this Act to conduct banking business as referred to in the Financial Institutions Act; “Banking institution”, means a company authorized to conduct banking business, or deemed to be so authorized; “Designated system” means a system designated by the Bank to facilitate clearing or settlement of transfers of instructions regarding funds, securities or other financial instruments; “Principles for Financial Market Infrastructures” means the Principles adopted by the Bank for International Settlement by which Central Banks measure the objectives of safety and efficiency in payment systems; “Electronic Funds Transfers” means an electronic means by which funds are transferred from payer to beneficiary requiring little or no human intervention; “Payment system” includes systems and/or arrangements for the clearing or settlement of payment obligations, as well as systems or arrangements for the clearing and settlement of securities transactions, foreign exchange transactions, or other transactions, where the system or arrangement also clears and/or settles payment obligations arising from those transactions. “Payment system stream” means the Input and Output data (transactions) for a given ACH

4 NPSS Oversight Policy Framework ACRONYMS AND ABBREVIATIONS Acronym Definition of Acronym ACH Automated Clearing House BIS Bank for International Settlement CBE Central Bank of Eswatini CCP Central Counterparties COMESA Common Market for Eastern and Southern Africa COMESA Common Market for Eastern and Southern Africa Regional Payment and Settlement System CPMI Committee on Payment and Market Infrastructures CPSS-IOSCO Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commission CSD Central Securities Depository FMI Financial Market Infrastructure IMF International Monetary Fund NCSS National Clearing and Settlement System NPC National Payment Council NPS National Payment System OD Oversight Division PFMIs Principles for Financial Market Infrastructures PSOC Payment System Oversight Committee RTGS Real Time Gross Settlement SADC Southern Africa Development Community SAECH Swaziland Automated Electronic Clearing House SIPS Systemically Important Payment System SADC-RTGS SADC Integrated Regional Electronic Settlement System SSS Securities Settlement System SWIPS Systemically Wide Payment System SWIPSS Swaziland Interbank Payment and Settlement System TR Trade Repositories

5 NPSS Oversight Policy Framework

1. INTRODUCTION Payment Systems provide channels through which funds are transferred among financial institutions to discharge the payment obligations arising in the financial markets and across the wider economy. As such, payment systems form a vital part of the economic and financial infrastructure and their efficient functioning contributes to overall economic performance. Payment systems by their very nature and the central role they play in the economy also involve significant exposures and risks for participants and provide a channel for shocks to be transmitted across the financial system. If payment and settlement systems, which facilitate the exchange of money for goods, services and financial assets, are seen as inefficient, unreliable or unsafe, this would erode public confidence in their use. For this reason, as public institutions responsible for preserving public trust in national currencies, and in line with a mandate for financial stability, Central Banks exercise a special form of supervision of payment systems called “oversight”, the aim of which is to ensure that national payment systems operate safely and efficiently. Payment systems comprise the infrastructure for the transfer, clearing and settlement of funds and securities and are essential for effective implementation of monetary policy and smooth functioning of financial markets. Payment systems consist of integrated networks across interlinked institutions, and require technological platforms, institutional and market arrangements for the provision and delivery of payment services to users. They also require legal and regulatory frameworks to support orderly functioning and may operate domestically, or serve users across borders. Networks and platforms for the delivery of retail payments play an important role today in supporting financial access, especially in developing countries. Indeed, modern retail payment technologies are already being used in Eswatini to integrate underserved and non-served segments of the population into the formal financial sector and are central to the achievement of the authorities’ financial inclusion goals. The legal foundation for the oversight of National Payment Systems (NPS) in Eswatini derives from the Central Bank of Swaziland Order 1974 (as amended) which

6 NPSS Oversight Policy Framework mandates the Central Bank of Eswatini (the ‘Bank’ or the CBE) to exercise regulatory and oversight powers over the national payments system (NPS)1 . The CBS Order 1974 should be read together with the National Clearing and Settlement System Act (2011). The purpose of this policy document is to define and disclose the Bank’s policy framework for the oversight of the NPS. In particular, the document presents the oversight objectives and scope, the organizational arrangements for oversight, and the activities, instruments and tools that the Bank will deploy in pursuing the oversight objectives. 2. THE NATIONAL PAYMENT SYSTEM Following the implementation of the Real Time Gross Settlement (RTGS) system2 for large value, time-critical payments, the Bank developed a comprehensive set of strategic objectives for the further development of the NPS in Eswatini (2010). These objectives were articulated within the context of the Vision and Strategy. This national vision was adopted by stakeholders and has guided subsequent initiatives to modernize the financial market infrastructure in the country.

1 Section 3 of the Act lists among the Bank’s objects, ‘promote, regulate and supervise the efficient and secure operation of payment systems’. 2 In a Real-Time Gross Settlement (RTGS) system, the settlement of each payment transaction takes place in “real time”, that is, it is not subject to any waiting period (all payment transactions are settled as soon as they are processed), and transactions are executed on a “gross settlement” basis, that is, they are settled one by one without bunching or netting them with any other transaction. Once processed on an RTGS basis, payments are final and irrevocable. Finally, in a RTGS system settlement is effected through central bank money – the most secure type of money in a country: for a payment to be settled, the settlement institutions involved (on their own behalf or on behalf of their clients) will have to transfer funds in their account with the central bank, from the account of the payer to the account of the payee.

7 NPSS Oversight Policy Framework BOX 1. FINANCIAL MARKET INFRASTRUCTURES3 The term financial market infrastructure (FMI) refers to systemically important payment systems (SIPS), central securities depositories (CSDs), securities settlement systems (SSSs), central counterparties (CCPs), and trade repositories (TRs). When they operate efficiently, FMIs contribute to financial and overall economic stability and development. However, they concentrate risk and can be sources of financial shocks that can be transmitted across domestic and international markets. In 2012, following the global financial crisis, the Bank for International Settlements (BIS) Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commission (CPSS-IOSCO) published new international standards for FMIs, the CPSS-IOSCO Principles for Financial Market Infrastructures (PFMI). The PFMI establish risk management standards that FMIs should observe and responsibilities that the regulatory, supervisory and oversight authorities should fulfill in order to address the risks in FMIs. It is in the fulfillment of these responsibilities that the oversight objectives of safety and efficiency are achieved. 2.1 Current State of the NPS The infrastructure components of the NPS are the following: 2.1.1 Financial Market Infrastructures 2.1.1.1 The RTGS system, called the Swaziland Interbank Payment and Settlement System (SWIPSS) for large value, time critical payments; 2.1.1.2 The Central Securities Depository4 (CSD), which is linked to the SWIPSS to allow the settlement of Government securities transactions on a delivery versus payment basis, thereby mitigating settlement risk;

3 Source: CPSS-IOSCO Principles for financial market infrastructures (2012) 4 The CSD acts as a securities registrar, managing all processes associated with the issue, registration, custody and transfer of securities. The CSD may also operate a securities settlement system, to enable securities to be transferred and settled by book entry either free of payment or against payment.

8 NPSS Oversight Policy Framework 2.1.1.3 The Automated Clearing House (ACH) 5 used to process cheques and electronic funds transfers; 2.1.1.4 The regional payment system developed by member countries of the Southern Africa Development Community (SADC), the SADC Integrated Regional Electronic Settlement System (SADC-RTGS) 6 2.1.1.5 The COMESA regional payment system developed by member countries, Regional Electronic Payment and Settlement System (REPSS) 2.1.2 Retail Payment Systems and Instruments Within the retail payments market7 , mobile and card-based services have been launched and are continually being enhanced to support domestic, regional and international payments. 2.2 Future Development of the NPS With the core infrastructure now in place, the next stage of the NPS reform process will continue this work through further developing the retail payments market, integrating card and mobile payment networks to achieve the widest reach and use of modern, electronic payment services throughout the country and also strengthening the regulatory and oversight framework for electronic payment instruments. These developments will be driven by the following:

5 An automated clearing house (ACH) is a computer-based clearing and settlement facility, which processes the exchange of electronic transactions between participating institutions. ACH transactions can be either debit or credit payments and commonly include direct deposit of payroll and vendor payments, mortgage, insurance and other bill payments. In the ACH, payment orders, typically of small value, are exchanged among financial institutions and are processed and transmitted in batches. Interbank settlement takes place on a multilateral net settlement basis. 6 The South African Reserve Bank is the settlement bank for SADC-RTGS. 7 Retail payments are mainly low-value payments between individuals, and between individuals, companies and public authorities. Although most payment systems processing retail payments may not be ‘systemically important’, they contribute to both the stability and efficiency of the financial system as a whole and public confidence in the domestic currency. In this context, a retail payment system is defined as comprising: the technical infrastructure; participants; instruments; arrangements for clearing and settlement; and business relationship arrangements (such as bank-customer relationships, rules, procedures, the applicable legal framework, and governance arrangements), which, jointly, provide the overall environment within which retail payments are initiated, authorized, processed, cleared, and settled.

9 NPSS Oversight Policy Framework 2.2.1 The Central Bank – in order to ensure that financial, operational and other risks are effectively controlled within the financial system, enhance the implementation of monetary policy, develop financial markets, promote the use of more efficient payment instruments, all of which are central to its mandate for financial stability and support overall economic development and the authorities’ financial inclusion goals; 2.2.2 The banking industry – to enhance efficiency and better manage risk in their treasury operations, introduce more efficient, cost effective and convenient payment instruments and to improve and expand the range of services they provide; 2.2.3 The Eswatini Government – in order to support the modernization of its administrative and financial systems; streamline its payment and revenue collection processes, improve liquidity management in the public sector and to increase access to banking and payment services; 2.2.4 The business sector – that needs a payment infrastructure that serves the entire country and allows them access to a broader range of non-cash payment instruments for greater efficiency in wage payments, bill collection, etc. 2.2.5 Non-financial institution payment service providers – in pursuit of business opportunities; 2.2.5 The public – that requires access to modern electronic payment products and services that are affordable, convenient, reliable and secure. 3. OVERSIGHT OF THE NATIONAL PAYMENT SYSTEM 3.1 The Objectives of Oversight As stated, the objectives of oversight are to ensure the national payment systems operates safely and efficiently. Overseeing the NPS involves putting in place policies and instituting procedures to monitor existing and planned systems and instruments as well as payment service providers, assess them against these objectives and, where necessary, induce change. Through its oversight function, the Bank seeks to ensure that the NPS:

10 NPSS Oversight Policy Framework 3.1.1 Operates smoothly, efficiently, fairly and transparently for all participants and users 3.1.2 Is robust against the risk of transmitting shocks through the economy consequent upon an individual participant’s failure to meet its payment obligations 3.1.3 Continues to operate even in the event of major disruptions to systems or providers, caused by internal or external factors, and 3.1.4 Continually evolves and achieves the level of technological and institutional development necessary to satisfy the payment needs of a growing, open, regional and internationally integrated economy. Box 2. Safety and Efficiency in Payment Systems The concept of efficiency generally refers to the resources required by a system to perform its functions. Applied to payment systems, efficiency entails several aspects. One is the overall effect of the payment system on the cost of exchanging goods, services, and assets (including money) in the economy; a more efficient payment system reduces that cost. An efficient payment system provides its users with speedy, affordable and accessible services. Another aspect of efficiency relates to the resources necessary to operate a system: by introducing specific efficiency solutions, some systems may economize on the use of (costly) liquidity to settle payments, for any given level of settlement risk. Further aspects of payment system efficiency refer to the volume of transactions the system makes possible for any given quantity of money or to the speed of the transmission across the economy of monetary policy impulses. On the other hand, safety is about protecting systems and stakeholders from hazards. In relation to large value transfer systems, safety means containment of the financial and non-financial risks which typically arise within these systems, or are transmitted by them, and which threaten not only to impair the functioning of the systems but to jeopardize the financial stability of the overall economy. Safety requires that systems are secure, reliable, and operate without service interruption or recover operation promptly in the event of interruption. As the scope of central bank oversight extends to retail payment systems and instruments, the concept of safety necessarily broadens and involves other

11 NPSS Oversight Policy Framework aspects, as users’ expectations of payment service quality take center stage. So here safety refers to the protection of user rights, in particular those concerning safeguards of user funds, data integrity and privacy, prevention of fraud and cybercrime, information disclosure and transparency, claim redress and dispute resolution. 3.2 The Scope of Oversight The Bank will oversee the financial market infrastructures which given their systemic importance and interconnectedness could more easily transmit shocks from one participant and from one system to another. The Bank will also oversee the critical channels for the provision of retail payment services which, while not being systemically important, are deemed relevant for the purpose of protecting public confidence in the currency and the monetary system of the country. The Bank’s responsibilities under the law will need to be continuously harmonized and made consistent with its policy stance in relation to the oversight of retail payments. More specifically, the Bank’s oversight activities will cover the following: 3.2.1 Systemically important payment systems, such as the SWIPSS, and the ACH; 3.2.2 Central Securities Depository (CSD) and Securities Settlement Systems (SSS), for the custody and settlement of government bills and bonds and in future, equities, corporate bonds and other capital market instruments; 3.2.3 Regional (foreign currency) settlement systems, e.g. SIRESS, COMESA REPSS; 3.2.4 Retail payment instruments and schemes, such as cheques, electronic cards and cellphone banking; 3.2.5 Providers of critical services, such as the mobile network service provider(s) which are categorized as SWIPS; and 3.2.6 Cross-border retail payment instruments, including remittances. The Bank’s oversight will also cover any other system(s) or instrument(s) as it may deem fit, taking into account their impact on the NPS and the extent to which their operations might affect public confidence in money and the NPS.

12 NPSS Oversight Policy Framework The Bank will also play the role of catalyst in the development of the national payment system. Its actions will be transparent, credible and supportive of a level playing field in the delivery of payment services. This means determining and communicating overall objectives and leaving it up to market players to decide how to achieve them. The Bank will at regular intervals organize discussions between the market players in order to define the best solutions. In the performance of its oversight functions, the Bank will take care not to hamper competition and innovation in an area characterized by continuous technical changes. It will not promote any particular technical solution; it is the responsibility of the market to select or promote a given technical solution. 3.3 The Instruments of Oversight The focus of oversight is risk management. This includes activities and instruments to identify, assess and mitigate risks on a continuous basis. Annexure 3 provides a brief description of the main types of risks inherent in payment and settlement systems. The Bank’s oversight policy framework will include the following instruments: 3.3.1 Monitoring & Analysis The Bank will monitor the functioning of the NPS by screening its operation and risks through access to real-time system information and through regular information and data reporting processes or ad hoc inquiries and consultations with relevant stakeholders. The Bank will analyze NPS weaknesses and the need for improvement or change, and will identify sources of risk and system design deficiencies that might require intervention. 3.3.2 Rules & Standards The Bank will issue regulations and directives intended to induce NPS operators and providers to operate in ways that promote both safety and efficiency. Regulations will be based on functions rather than institutions, and will be proportionate to the risk profile of regulated entities. Regulations will set rules for licensing payment

13 NPSS Oversight Policy Framework service providers and will establish terms and conditions for the provision of payment services and the operation of systems. Regulations will also set rules, inter alia, for the issuance of payment instruments, the use of agents, the outsourcing of services and the protection of user rights. Regulations will support competition and ensure a level playing field for participants. Where NPS operators or service providers fail to comply with the laws and regulations, the Bank will be responsible for administering appropriate sanctions as established under the law. In order to induce NPS providers to have robust procedures in place to handle risks effectively, the Bank will promote the adoption of best practices in line with the principles and standards developed by the international financial community. The oversight instruments that the Bank will utilize will be consistent with the CPSS￾IOSCO Principles for financial market infrastructures – PFMI (Annex 1).8 For the oversight of retail payment systems, the Bank has adopted an appropriate subset of the PFMI, as well as international standards applicable to remittances and best practices implemented by other central banks.9 3.3.3 Policy, Research & Development The Bank will design and/or adopt NPS policies, rules and regulations, and will revise them as and when necessary to make sure that the performance and behavior of payment system operators and providers are consistent with the oversight policy objectives. The Bank will promote research and development activities on NPS related issues. These activities range across several areas; operational, legal, institutional, technological, and developmental areas and will study payment system and payment services developments and provide essential inputs to the determination of the NPS modernization strategy.

8 “Principles for financial market infrastructures”, April 2012: the report of the Committee on Payment and Settlement Systems of the Bank for International Settlements and the Technical Committee of the International Organization of Securities Commissions, (Annex I) [CPSS-IOSCO]. Note the CPSS was renamed the Committee on Payment and Market Infrastructures (CPMI) in 2014. 9 See the “General principles for international remittance services”, Committee on Payment and Settlement Systems and The World Bank, January 2007, here reported in Annex 2, as well as the “Harmonised oversight approach and oversight standards for payment instruments”, European Central Bank, February 2009, and the “Recommendations for the security of Internet payments”, European Central Bank, February 2013.

14 NPSS Oversight Policy Framework 3.3.4 Policy dialogue The Bank will promote an active policy dialogue with all NPS stakeholders, including users. The dialogue will secure a fair representation of all relevant public and private interests involved in NPS activities, and will offer a channel for the Bank to communicate its policy orientation, collect views from stakeholders, and share knowledge within the stakeholder community on NPS issues. The Bank will undertake consultations with NPS stakeholders on policy issues and options so as to enhance its knowledge, raise awareness, and build consensus around policy decisions. The National Payments Council (NPC), which will be established to fulfill responsibilities synonymous to those contemplated for the payment system management body under the law, will be the appropriate institutional forum for the policy dialogue on the NPS10. The Council will provide an important forum for cooperation and forms a key part of the institutional and governance framework for the NPS. It will comprise all relevant stakeholders with an interest or involvement in payment systems matters and operate as a consultative body, providing ongoing support to the CBE to ensure the payment and securities settlement systems are safe and efficient and a suitable array of modern, affordable payment instruments become available to the people of Eswatini. 3.4 The Activities of Oversight The Bank will carry out a broad range of oversight activities focused on verifying that the payment services offered are in compliance both with the law and with prescribed standards. Although the activities are integral to the same policy framework, for illustrative purposes they can be separated into six different categories: (i) licensing, (ii) designation, (iii) continuous activities, (iv) periodic activities, (v) change-driven activities, and (vi) cross-cutting activities. i) Licensing/Authorization The Bank will license or authorize any entity that intends to provide payment services or to operate a system after submission of appropriate documents

10 The Governor of the Bank will chair the National Payments Council and the Bank will serve as the secretariat of the Council.

15 NPSS Oversight Policy Framework and information, as prescribed by regulation. A license or authorization will be granted based on the fulfillment by the applicant of the eligibility criteria prescribed in the regulations. The objective of licensing or authorizing is to bring payment systems operators and service providers within the regulatory ambit of the Bank, and to obtain from them the information necessary for oversight monitoring, analysis and performance assessment. Prior to issuing a license or authorization, the Bank will have to be satisfied that the operator or service provider11 will be capable of managing effectively the risks associated with their activity. The Bank will require information and documentation, which will allow it to make a determination as to the extent to which risk is well managed and systemic risk mitigated and these requirements will be set out in the Payments Systems Regulations12 . ii) Designation The Bank will determine and designate the systems that will be subjected to oversight. The Bank will designate systems that are deemed to be systemically important and instruments that are considered to be critical for public confidence and convenience. Identified systems will be assessed against select standards. The Bank will use the following criteria to determine the eligibility of a payment system for designation, and to identify those systems that will be subjected to oversight: a) The system’s potential to create significant credit and liquidity disruptions in the economy, should it fail to perform as expected; b) The system’s potential to create large credit or liquidity exposures relative to the participants’ financial capacity; c) Whether the system is used to settle other systems; d) Whether the system is the only one used for the settlement of a given financial instrument or particular transaction type;

11 Commercial banks are deemed to be registered payment service providers under the terms of their license. 12 These Payments System Regulations need to be developed and periodically reviewed to remain relevant.

16 NPSS Oversight Policy Framework e) The system settles time-critical transactions; f) The system settles transactions for critical financial markets; g) The system settles a high proportion of large-value transactions; h) The system settles large volumes of small value transactions that cumulatively are of large value; i) The system is the principal retail payment system, settling more than 10 percent of the SWIPSS value. iii) Continuous activities a) System monitoring and analysis The Bank will access real-time information to monitor the operation of the FMIs. The Bank will also prescribe reporting obligations for systems and service providers. Through ongoing monitoring, the central bank should get a good understanding of how interbank systems function and interact, and how the use of non-cash payment instruments is evolving. The Bank will regularly follow the evolution of selected statistical indicators on NPS operations, will run ad-hoc analyses whenever statistical observations reveal significant divergence from trends and/or expected performances, or when unusual circumstances materialize. b) Incident analysis The Bank will analyze NPS incidents. In the event of an incident, the Bank will determine the overall scale of the incident, thereby triggering specific types of investigation and reporting activities. Incidents are classified as “relevant” or “not relevant”, based on the evaluation of factors indicating the impact and consequences of the event. If the incident is judged to be “relevant”, the Oversight Division (OD) of the Bank’s National Payments System Department (NPSD) will examine the action plan proposed by the operator of the affected system both to restore normal operation, if this has been compromised, and to prevent the recurrence of similar incidents in future. The OD will recommend further action if necessary, and will prepare reports on the incidents and the related follow-up action. The OD will meet with system operators on a periodic

17 NPSS Oversight Policy Framework basis, or when circumstances require, to exchange information and to discuss operational issues with particular attention to possible triggers of incidents and related responses. iv) Periodic activities These activities comprise: a) Risk-based planning This task consists of developing an annual work plan to identify and organize periodic oversight activities to be carried out over a specific time horizon. The plan will reflect oversight priorities determined through risk-based analysis, which allows the Bank to identify the NPS infrastructures that require particular attention and dedicate resources on the basis of their risk profile. A key dimension that will feed into risk-based planning is the occurrence of system changes, incidents or crisis events. The oversight annual work plan will be updated as new occurrences alter the risk profiles of NPS infrastructures in any significant way. b) Assessment & Compliance Risk analysis of the financial market infrastructures will be conducted at three different control levels against the PFMI. The first control level will be a responsibility of payment system operators, and will be performed by the operators. The second control level will be a responsibility of the OD, and will be performed by its staff. The third control level will be performed by external independent evaluators, at the request of the Bank. Periodically, the Bank will assess the compliance of the identified systems against the selected standards. Assessments will largely draw on the outcomes of the continuous oversight activities, the impact analysis of payment system changes, and the analysis of incidents. The Bank will also undertake stocktaking exercises and identify specific actions to be taken with regard to existing or planned systems and instruments. The Bank may also request the assistance of international institutions, such as the IMF and World Bank, in the context of their periodic

18 NPSS Oversight Policy Framework assessment programs13. In exercising its legal powers, the Bank will also assess the compliance of systems and service providers with rules and regulations. For this purpose, the Bank will require systems operators and service providers to submit relevant information on a regular basis, or on an ad hoc basis where appropriate, and will conduct regular or ad hoc onsite inspections of NPS operators and payment service providers. The Bank may also request external audits of NPS components for specific assessment purposes. v) Change-driven activities These activities will include the ex-ante and ex-post evaluation of the impact that changes in some of the NPS components might produce, including on their continued compliance with the applicable standards. Changes may relate to the architectural, functional, technical, operational, and legal aspects of the NPS. Changes can be planned and implemented directly by the system operators, or they may be the consequence of regulations or recommendations by the Bank. The Bank will evaluate those changes that are expected to have a significant impact. If changes are deemed to be relevant, the Bank will assess the various related aspects and, if necessary, will propose amendments to the proposed changes. vi) Cross-cutting activities These activities cut across various areas of oversight, including: a) Relationships with other regulators In carrying out its oversight activities the Bank will need to have regular or ad hoc contacts with other regulatory and supervisory institutions through established lines of communications and exchange of information. Protocols of mutual collaboration may be agreed upon between the Bank and other authorities and national agencies in order to define the terms of the collaboration, determine the information flows and design the operational modalities of the cooperative relationship. The most direct and effective lines of

13 For example, this could take place as part of the Financial Sector Assessment Program.

19 NPSS Oversight Policy Framework inter-institutional communication will be established and contact points identified, thereby ensuring that communication channels will be active and open at all times, especially in crisis situations. In Eswatini, the CBE is responsible for the supervision of both bank and non-bank financial institutions and also for the oversight function, so the mechanisms already exist within the Bank for information-sharing and effective cooperation between the functions. Cooperative arrangements with oversight agencies in other jurisdictions will also need to be established. With respect to SIRESS, the CBE participates as a member of the Regional Oversight body, the SADC Payment System Oversight Committee (PSOC). b) External reporting The Bank will release an annual report on its oversight activity during the previous year. The report will provide an overview of the functioning of the NPS, its progress in terms of operation, level of safety and efficiency, new features, instruments and services, relevant problems and solutions adopted to address them. The report will inform on progress in complying with standards, and summarize the results of risk analysis and system assessments. The report will present plans to develop the NPS. A summary of the report should be included in the Bank’s Annual Report and an evaluation of NPS-related developments, risks and oversight findings will be included in the Bank’s Financial Stability Report. A section of the Bank’s website will be dedicated to oversight developments and will be kept up to date.

c) Crisis management In the case of critical events, the following three (3) stages of crisis management are considered in this Oversight Policy Framework: (i) Pre-crisis phase - The Bank will make sure that NPS operators establish, exchange, and maintain complete and correct contact lists with all relevant participants and providers. Drill tests will be conducted periodically to ensure that communications, information flows, and agreed procedures function effectively in emergency situations. The Bank will also ensure at all times the effectiveness of the information sharing

20 NPSS Oversight Policy Framework channels both within the central bank and with other institutions as necessary. (ii) Crisis phase - In the event of a crisis, the Bank will seek to ensure that the NPS operations – in particular its critical functions – are preserved or recovered as soon as possible, by prompting the intervention and cooperation of all the relevant parties involved. The Bank will liaise with all relevant institutions, as circumstances require. In the event of major crises, the Bank, in cooperation with all relevant authorities, will assess the possible impact of the crisis on the financial soundness of NPS participants and determine the action to be taken. (iii) In the event of major (financial or other) crises, the Bank will give the highest priority to the operational performance of the core payment and settlement systems, in particular with respect to their liquidity management and transfer efficiency. Ongoing consultations with system operators will be critical to obtain high-frequency updates on the performance of the systems and their key participants. Flexibility will be ensured in settlement time frames, and in processes and procedures, to enable participants to execute transactions even under critical conditions. (iv) Post-crisis phase: After the crisis, the OD will report on how systems have performed during the crisis, pointing to any weakness or vulnerability that the crisis has manifested, and will propose action plans to resolve them. d) Inducing change The results of NPS assessments and risk analysis, as well as considerations given to NPS development issues and trends, may point to the need for undertaking changes in systems such as, for example, technical and procedural solutions or governance structures. The Bank and NPS stakeholders will seek to agree on solutions and cooperate in implementing any necessary changes. To this end, the Bank will promote and facilitate policy dialogue with stakeholders, with a view to creating consensus over policy choices and changes. The Bank aims to induce change through policy dialogue and moral suasion. However, where deemed necessary, the Bank will exercise its legal authority to achieve its policy priorities. If moral suasion proves to be ineffective, it will invoke its statutory

21 NPSS Oversight Policy Framework powers and issue directives to systems operators, participants, settlement agents, service providers, and payment institutions; impose sanctions; or revoke the authorization/license if warranted. e) Consumer Protection and Ombudsman Industry players and their conduct should be governed by regulations and regulatory framework, which are aimed at promoting safety, efficiency, competition, fair and open access for participation in the various payment systems. Regulation is not meant to stifle innovation but to guide activities within the payment space accordingly. This would protect the industry players, consumers, the instruments and channels from abuse/misuse and further minimize conflicts. Collaborative effort would guarantee that consumers are protected while market innovation is rolled out through dialogues, directives and other means as the Bank would deem fit. The Bank would work with the Ombudsman who is appointed to investigate individual’s complaints against mal￾administration especially that of public authorities. 4. THE ORGANIZATION OF THE OVERSIGHT FUNCTION AT THE CENTRAL BANK OF ESWATINI The Bank is committed to exercising an effective oversight of the NPS and will deploy adequate resources (in terms of number and expertise) in line with Responsibility B of the PFMI. The allocated resources will be commensurate with the relevance of the function. The Oversight Division will exercise three distinct functions:

4.1 Policy, Research & Development  NPS policy development and strategy  Elaboration of statistics  Public reports  Licensing & identification  Secretariat to the National Payments System structures 4.2 Systems Analysis & Monitoring (Administrative)  Real-time monitoring

22 NPSS Oversight Policy Framework  Incident analysis  Risk analysis  Policy application 4.3 Assessment & Compliance  Risk-based planning  Assessments  Offsite and onsite oversight  Change analysis This arrangement creates the necessary separation between the staff responsible for designing rules and regulations, those responsible for licensing payment system operators and providers, and those assessing their performance and compliance, thus minimizing conflict of interest and ensuring the highest level of transparency in the execution of the oversight function. In addition, the oversight responsibilities are separate from, and independent of, the operations and back-office responsibilities undertaken by the Bank as system operator, settlement agent or banker. Such separation eliminates the risk of conflict of interests between the different functions (or the perception thereof), and grants full autonomy to the NPSD in exercising its oversight activities. The separation also ensures consistent and uniform application of the oversight rules and regulations across all NPS infrastructures, including those that in the future might be owned and operated by private sector entities, thus enforcing the principles of fairness and market transparency. The staff responsible for monitoring and assessing payment systems is granted the same level of autonomy that protects the actions of auditors and bank supervisors.

23 NPSS Oversight Policy Framework 5. ANNEXURES A. Principles for Financial Market Infrastructures General organisation Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Credit and liquidity risk management Principle 4: Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. Principle 5: Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also

24 NPSS Oversight Policy Framework set and enforce appropriately conservative haircuts and concentration limits. Principle 6: Margin A CCP should cover its credit exposures to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Settlement Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money. Principle 10: Physical deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Central securities depositories and exchange-of-value settlement systems Principle 11: Central securities depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Principle 12: Exchange￾of-value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Default management

25 NPSS Oversight Policy Framework Principle 13: Participant￾default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Principle 14: Segregation and portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. General business and operational risk management Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Principle 16: Custody and investment risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Access Principle 18: Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Principle 19: Tiered participation arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Principle 20: FMI links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related risks.

26 NPSS Oversight Policy Framework Efficiency Principle 21: Efficiency and effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Transparency Principle 23: Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Principle 24: Disclosure of market data by trade repositories A TR should provide timely and accurate data to relevant authorities and the public in line with their respective needs. B. Responsibilities of central banks, market regulators, and other relevant FMIs authorities Responsibility A: Regulation, supervision, and oversight of FMIs FMIs should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority. Responsibility B: Regulatory, supervisory, and oversight powers and resources Central banks, market regulators, and other relevant authorities should have the powers and resources to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs. Responsibility D: Application of the Central banks, market regulators, and

27 NPSS Oversight Policy Framework principles for FMIs other relevant authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures and apply them consistently. Responsibility E: Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs.

28 NPSS Oversight Policy Framework C. General Principles for International Remittance Services Transparency and consumer protection General Principle 1. The market for remittance services should be transparent and have adequate consumer protection Payment system infrastructure: General Principle 2. Improvements to payment system infrastructure that have the potential to increase the efficiency of remittance services should be encouraged. Legal and regulatory environment: General Principle 3. Remittance services should be supported by a sound, predictable, nondiscriminatory and proportionate legal and regulatory framework in relevant jurisdictions. Market structure and competition: General Principle 4. Competitive market conditions, including appropriate access to domestic payment infrastructures, should be fostered in the remittance industry. Governance and risk management General Principle 5 Remittance services should be supported by appropriate governance and risk management practices. Roles of Remittance Service Providers and Public Authorities Remittance service providers. Remittance service providers should participate actively in the implementation of the General Principles. Public authorities. Public authorities should evaluate what action to take to achieve the public policy objectives through implementation of the General Principles. .

29 NPSS Oversight Policy Framework D. Typical Risks in Payment and Settlement Systems Credit risk The risk that a counterparty will not settle an obligation for full value, either when due or at any time thereafter. In exchange￾for-value systems, the risk is generally defined to include replacement cost risk and principal risk. Financial risk The term covers a range of risks, including liquidity and credit risks, incurred in financial transactions Foreign exchange settlement risk The risk that one party to a foreign exchange transaction will pay the currency it sold but not receive the currency it bought Gridlock A situation that can arise in a funds or securities transfer system in which the failure of some transfer instructions to be executed (because the necessary funds or securities balances are unavailable) prevents a substantial number of other instructions from other participants from being executed. Legal risk The risk of loss because of the unexpected application of a law or regulation, because a contract cannot be enforced, or because laws or regulations do not support the rules of the securities settlement system, the performance of related settlement arrangements, or the property rights and other interests held through the settlement system. Legal risk also arises if the application of laws and regulations is unclear. Liquidity risk The risk that a counterparty (or participant in a settlement system) will not settle an obligation for full value when due. Liquidity risk does not imply that a counterparty or participant is insolvent, as it may be able to settle the obligations at some unspecified time thereafter. Market risk The risk of loss in on- and off-balance sheet positions arising from movements in market prices. Operational risk The risk that deficiencies in information systems or internal controls could result in unexpected losses. These deficiencies could be caused by human error or a breakdown of some

30 NPSS Oversight Policy Framework component of the hardware, software or communications systems that are crucial to settlement. Principal risk The risk that the seller of a security delivers a security but does not receive payment or that the buyer of a security makes payment but does not receive delivery. In this event, the full principal value of the securities or funds transferred is at risk. In the settlement process, this term is typically associated with exchange-for-value transactions when there is a lag between the final settlement of the various legs of a transaction (i.e., the absence of delivery versus payment). Replacement cost risk The risk that a counterparty to an outstanding transaction for completion at a future date will fail to perform on the settlement date. This failure may leave the solvent party with an unhedged or open market position or deny the solvent party unrealized gains on the position. The resulting exposure is the cost of replacing, at current market prices, the original transaction. Reputational risk The risk of loss of confidence in the payment system due to lack of management control, capacity, security, business continuity plans and/or contingency measures. Settlement risk General term used to designate the risk that settlement in a transfer system will not take place as expected. If a party defaults on one or more settlement obligations to its counterparties or to a settlement agent, this can generate both credit and liquidity risk. Systemic risk The risk that the failure of one participant in a transfer system, or in financial markets generally, to meet its required obligations will cause other participants or financial institutions to be unable to meet their obligations (including settlement obligations in a transfer system) when due. Such a failure may cause significant liquidity or credit problems and, as a result, might threaten the stability of financial markets.

31 NPSS Oversight Policy Framework 6. REFERENCES Source: Principles for financial market infrastructures, Bank for International Settlements (2012) CPMI-IOSCO