The Eurosystem’s oversight of payment systems
Payment systems, which enable the safe and efficient flow of electronic payments from payer to payee and between financial institutions, are largely invisible. Like the supply of electricity, it is taken for granted that payments will be processed smoothly without the mechanism being noticed.
The same way that power grids, transport networks and information and communication systems maintain vital functions both for the economy and for the individual lives of every single citizen, payment systems are important not only for the stability and efficiency of the financial sector, the transmission of the monetary policy of central banks and the functioning of economy as a whole, but also for public trust and confidence in the currency. If payments do not run smoothly, the ability of each and every one of us to pay bills for rent and utilities, to receive salaries and pensions and to buy goods and services would be affected.
While the primary responsibility for taking appropriate measures to ensure the proper functioning and security of their systems lies with the system operators (be they private or public entities), central banks have an interest in ensuring that prudent design, risk management and good governance arrangements are in place. In fact, promoting the smooth operation of payment systems is one of the statutory tasks of the European System of Central Banks (ESCB), which comprises the European Central Bank (ECB) and the national central banks of all EU Member States. The Statute of the ESCB and the Treaty on the Functioning of the EU are the legal basis of the Eurosystem’s oversight mandate, which covers payment and securities clearing and settlement systems as well as payment instruments and schemes.
In its role as payment systems overseer, the Eurosystem aims to ensure the safety and efficiency of individual payment systems and of the payments ecosystem as a whole. Payment systems are viewed not only as stand-alone entities but also as a part of the wider ecosystem. Given the extensive interlinkages and interdependencies, the safety and efficiency of the financial ecosystem depends not only on the resilience the individual systems, but also on their interconnections with their participants, their service providers and other systems.
Eurosystem lays down oversight requirements and expectations for the system operators in oversight regulations, standards, guidelines and policies. Information collected from the operators is assessed against the applicable oversight requirements. Overseers follow a risk-based approach, i.e. they focus on specific risks that are particularly relevant for the ecosystem and the respective players. This is achieved through continuous interaction between the overseer and the operator. Where changes are deemed necessary, these are induced through, for example, moral suasion, public statements and the power to issue binding regulations and sanctions.
The Eurosystem’s oversight of payment systems is based on the internationally accepted CPMI-IOSCO Principles for financial market infrastructures (PFMI). These were adopted as the standards for Eurosystem oversight of all types of financial market infrastructures (FMIs) in the euro area under the Eurosystem’s responsibility. The oversight of payment systems covers both publicly (central bank) owned and private sector owned large-value and retail payment systems.
In the application of oversight requirements for payment systems, the Eurosystem primarily distinguishes between systemically important payment systems (SIPS) and non-SIPS. In the euro area SIPS are subject to the SIPS Regulation, which is also based on the PFMI principles. The SIPS Regulation is even more stringent than the previously applicable oversight standards and allows for sanctions and corrective measures for system operators in the case of non-adherence.
On the basis of the SIPS Regulation, the European Central Bank (ECB) initially identified four systemically important payment systems in the euro area. These included the two large-value payment systems, TARGET2 (operated by the Eurosystem) and EURO1 (privately owned and operated by EBA CLEARING), and two privately owned retail payment systems, STEP2-T (operated by EBA CLEARING), and CORE(FR) (operated by STET). They were identified by a combination of at least two of the following four criteria: the total value of payments settled, market share, cross-border relevance and provision of services to other infrastructures. The Eurosystem regularly reviews this list, including the classification of non-SIPS. Eurosystem central banks with primary oversight responsibilities for one or more of these payment systems regularly assess their compliance with the SIPS Regulation.
Besides SIPS, there are 38 non-systemically important payment systems in the euro area. The retail systems in this category are further differentiated into prominently important retail payment systems (PIRPS), i.e. retail payment systems that reach a certain market share in a euro area country, and other retail payment systems (ORPS). Like SIPS, non-SIPS are subject to Eurosystem oversight, but, depending on their importance, have to adhere only to subsets of the PFMI.
The 2019 annual review of the classification of payment systems reconfirmed the systemic importance of the four payment systems already identified as SIPS. In addition, the Mastercard Clearing Management System operated by Mastercard Europe was identified as a new SIPS owing to its large market share of euro-denominated payments and its cross-border relevance.
Going forward, the Eurosystem will continue to promote the safety and efficiency of payment systems, monitor technical and other developments and adapt oversight requirements as needed. The coronavirus (COVID-19) pandemic has had a major impact on oversight priorities and has led to close monitoring of the situation both at system level and at the level of individual overseen entities. In addition, there is increased focus on the risks posed to FMIs by third-party providers and the oversight framework is being reviewed to address current market developments based on technological innovations, such as distributed ledger technology (DLT) and stablecoins. Further areas of attention include the risk of payment fraud and, of course, ensuring a high level of cyber resilience in line with the Eurosystem’s cyber resilience strategy.