Guidelines

The Bank will issue guidelines that are objective, transparent and proportional to the risk profile of all payment system operators and payment service providers. Payment service providers must ensure that their operations adequately and appropriately apply the standards set out in the Guidelines established by the Bank. More specifically, payment service providers must ensure that the application of the Guidelines is commensurate with the nature, size, complexity and degree of risk associate with their operations. Credit Unions authorized by the Bank as payment service providers must comply with the higher standard between these Guidelines and those issued by the FSC.

Anti-Money Laundering/Combating the Financial of Terrorism and Proliferation (AML/CFT/CPF)

Money laundering is defined as the act or attempted act to disguise the source of money or assets derived from criminal activity. Emerging money laundering typologies reflect increasing use of payment services in money laundering and fraudulent activities. The AML/CFT Guideline outlines the Bank’s expectations for minimum standards to be used for developing an effective program that minimises ML/FT/PF risks and potential costs. It forms an integral part of the Bank’s assessment of the AML/CFT/CPF function. 

Corporate Governance

Corporate governance refers to the processes, structures and information used for directing and overseeing the management of the entity. A good governance framework sets out the structure for the division of power in the organisation and establishes mechanisms for achieving accountability between the Board of Directors, Senior Management and shareholders, while protecting the interests of relevant stakeholders. The Corporate Governance Guideline outlines the  minimum standards payment service providers are expected to develop and implement for an effective and transparent governance framework. 

Market Conduct 

Market conduct refers to the manner in which a firm designs its products and services, as well as manages its prices and relationship with customers and the public. This includes the clear disclosure of all fees and charges, ensuring that customers are fully informed and able to make informed financial decisions. The Market Conduct Guideline outlines the Bank’s expectations for the minimum standards to engage in fair, transparent and ethical market conduct. 

Operational Risk

Operational risk may be defined as the risk of loss resulting from inadequate or failed processes, people and systems due to internal or external events including fraud, damage to physical assets, business disruptions, system failures and legal risk. Due to the potential exposure to extreme losses, the management of operational risk is critical to protecting the national payment system. The Operational Risk Guideline outlines the Bank’s expectations for the minimum standards required to manage operational risk, including risk identification, assessment, monitoring and control. 

Outsourcing

Outsourcing is defined as the use of a third party (affiliate or unrelated entity) to perform activities on a continuing bases, that would normally be undertaken by the entity itself. This may be evidenced by an initial transfer of an activity (or part thereof) from one third-party service to another, sometimes referred to as “sub-contracting”. Section 36 (1) of the NPSA requires entities to request written authorisation form the Bank, prior to outsourcing any aspect of the operation of its system or the provision of its payment service. The Framework for Supervising Payment Service Providers sets out the Bank’s expectations for the minimum requirements for the authorisation of outsourcing arrangements. 

Safeguarding Customer Funds 

Safeguarding customer funds serves to ensure that customers have reliable access, without delay, to their funds held by a payment service provider, in the event it is unable to meet its financial commitments; and to protect customer funds against financial loss in the event of insolvency. In accordance with Section 53 (2) of the NPSA, funds received in exchange for electronic money shall not be treated as a deposit; and must be safeguarded by holding funds in a trust or custodian account; and through insurance or comparable guarantee from an insurer or a bank. The Guideline for Safeguarding Customer Funds outlines the Bank’s expectations for the minimum standards for segregating  customer funds for the purpose of electronic money exchange from all other funds. 

Technology & Cyber Risk 

Cyber resilience is critical to maintaining a safe and efficient delivery of products and services across the national payment system. Failure of systems can prevent users from accessing payment services and result in significant consequences, including financial and reputational damage as well as disruption to the national payment system. The Technology & Cyber Risk Management Guideline outlines the Bank’s expectations for minimum standards required for establishing a robust technology and cyber risk management framework; protecting customer data; and enhancing security, reliability and resilience.