oversight and role of new technologies in...
TRANSCRIPT
Oversight and role of new technologies in conducting oversight
Morocco’s experience
The Global Payments Week 3-7 December, 2018
Kuala Lumpur, Malaysia
FMIs in Morocco: Overview and Oversight framework
AGENDA
Monitoring Cyber Risks and incidences
New challenges
2
1
3
OVERVIEW OF MOROCCO
Morocco
Capital: Rabat
Population: 34,2 millions
Currency: Dirham
Urbanization ratio: 61,9%
Rating:Fitch Ratings : BBB-/stable outlook
Standard & Poor's : BBB-/A-3
Internet penetration rate : 63,67%
Mobile penetration rate: 126%Key rate (interest rate): 2,25%
Bank account penetration rate: 56%
Economic Growth: 4%
Gross Domestic Product:109,1 billion $
Inflation rate: 0,2%
Investment ratio : 33,3% of GDP
* Data of 2017. Sources: HCP, ANRT, BAM
FMIs in Morocco: Overview and Oversight framework
AGENDA
Monitoring Cyber Risks and incidences
New challenges
2
1
3
OVERVIEW OF FMIs IN MOROCCO
5
MAROCLEAR (1997)
Central Depository and Securities Settlement System
SRBM (2006)Real Time
Gross Settlement
* Card-based transactions was managed by Interbank Electronic Payment Center (CMI) since 2004
Casablanca Stock Exchange (BVC) (1929)
Securities settlement system
FutureCCPBVC was designated the managing
company of the futures market
SIMT (2004)
Clearing system of retail payment means (excluding cards)
ElectronicPayment Switch (2017) *
Domestic Electronic Switch
Role of Bank Al-Maghrib in financial market infrastructures (FMIs)
ROLE OF BANK AL-MAGHRIB IN FMIs
6
Oversight of Maroclear, BVC and the future CCP isconduct also by the Capital Markets Autority (AMMC)
A memorandum of understanding is beingestablished between both parties to clarify theaspects of oversight of each authority, to avoiddouble control of the post market infrastructures,and to define the practical arrangements for thejoint oversight of this FMIs.
Operator
> Operator of RTGS
Overseer
> Ensure the resilency of FMIs
Catalyst
> Promote and encourage the development ofFMIs and initiate the necessary changes anddevelopments (text reforms, launching initiativesor others).
User
> Use the technical and functional platforms ofretail payment system and the other FMIs likeother members.
LEGAL AND REGULATORY FRAMEWORK
7
Lega
l Fra
mew
ork
> Article 10 of the law on statutes entrusts BAM to ensure
missions:
- The smooth running of payment systems;
- The efficiency of payment systems;
- Security of means of payment.
Multilateral Convention on the supervision of payment systems
January 2009
Cont
ract
ual F
ram
ewor
k > Multilateral Convention on the oversight of payment
systems (signed by ancillary systems in January 2009)
which sets:
- The obligations of operators of payment systems;
- The arrangements for overseeing payment systems;
- Sanctions and other various provisions.
Strengthening the powers of the supervisory authority of BAM and align the Moroccan legislation on international standards in this area
NEW PAYMENT SYSTEM PROJECT LAW
A working group has been established for the drafting of a law on the monitoring of financial markets andissuers of means of payment
The law details the institutional framework , the conditions of exercise , the obligations of the FMI and BAMoversight modalities.
Disciplinary and penal sanctions applied in case of non-compliance with legal and regulatory requirements
8
Maintain public confidence in non-cash means of payment
Developing financial inclusion thanks to the resiliency and modernization of FMIs
Contribute to financial stability: prevention of systemic risk and reduction of contagion risks
FMIs OVERSIGHTOBJECTIVES & MODALITIES
A
B
C
Limitation of this non-risk-based oversight methodology. The need to develop a new approach, through the implementation of a tool to support the rating of FMIs.
OBJECTIVES
01
Notification of systemicimportance to the systemoperator and settingrequirements and obligationsto be met.
CLASSIFICATION OVERSIGHTNOTIFICATION FOLLOWING UP
Classification of paymentsystems according to theirdegree of systemicimportance taking intoaccount the nature andvolume of operations, thenumber of participants,the interdependencebetween this system andother systems.
• Oversight on documents• On-site assessment based
on an annual controlprogram taking into accountthe above parameters:
- Anteriority rule: 3 yearsfor systemic FMIs and 5years for others;
- Taking into accountrecommendations frominternational bodies(BIS, FSAP, ...).
Follow-up the implementationof recommendations andactions plan.
02 03 04
RISK BASED ASSESSMENT TOOL
The assessment tool serves a dual purpose:>Micro-prudential supervision and effective planning of controls.>Evaluation of the pillar "resilience of FMIs" as part of the work on financial stability
RIsk Based Assessment Tool, developed in-house, is inspired by the ORSOMsystem of the FEDand has been validated by the World Bank.
1
9
2
RIBATis basedonfivecategoriesissuedonBISprincipalsfor FMIs:
OrganizationP1: Legal basisP2: GovernanceP3: Framework for comprehensivemanagement of risks
Risk ManagementP4: Credit riskP5: CollateralP6: MarginP7: Liquidity riskP14: Segregation and portabilityP15: General business riskP16: Custody and investment riskP19: Tiered participation arrangementsP20: FMIs links
SettlementP8: Settlement finalityP9: Money settlementP10: Physical deliveriesP11: Central securities depositoriesP12: Exchange of value settlement systemsP13: Participant default rules and procedures
Operational riskP17: risque opérationnel
Market Support, Access and TransparencyP18: Access and participation requirementsP21: Efficiency and effectivenessP22: Communication procedures and standardsP23: Disclosure of rules, key procedures, and market dataP24 : Disclosure of market data by traderepositories
RIBAT
RISK BASED ASSESSMENT TOOL
10
> Evaluation of theimportance of eachessential considerationKC (a principle consistingof a set of KC), on ascale of 1 to 3 with regardto the impact of its non-observation on theresilience of the MFI
> Obtained by the ratingof the conformity ofeach KC constitutingeach domain, weightedby their degree ofimportance (step 0).=>weighted average ofKC ratings.
Methodology of scoring
Evaluation of theimportanceof KCs0 Rating of KCcompliance1
> Rating of KCcompliance on a 1 to 5risk scale based on themonitoring work of MFIsagainst BIS principles(PFMIs).
Rating of domains2 Rating of FMI risks3
> Obtained from thearithmetic mean ofdomain ratings, andbased on expertjudgment.
1: Low
2: Moderate
3: Critical
Low
risk
Hiig
h ris
k
BIS Evaluation Scale Risk scale
Observed 1 (Very low)
Globally observed 2 (Lcw)
Partially observed3 (Moderate)
4 (High)
Not observed 5 (Critical)
> Establishing nextyear’s supervisory plan.> Following an extensivesupervisory approach tosensitive areas.> Submit an annualsynthesis of the RIBATresult to the FMI.
Output4
> Rating of the FMI pillar“Resilience of FMIs” tocontribute to theassessment of risksrelated to financialstability.> This rating representsthe average of domainsratings of the all FMIs.
This rating is validated by an Executive Committee who did not contribute to the oversight.
Financial Stability5
FMIs in Morocco: Overview and Oversight framework
AGENDA
Monitoring Cyber Risks and incidences
New challenges
2
1
3
•12
ROLE OF THE CENTRAL BANK IN CYBER-SECURITY
Paid close attention to the associated risks, particularly those related to cyber-resilienceand transaction security.
Invite the various players in the payments market to reinforce the security of theirinformation systems against cyber attacks and to strengthen the capacities of theirhuman resources and implement strong tools and methods of detection of intrusions.
Identify critical infrastructures to maintain the cyber-resilience of financial marketinfrastructures (FMIs).
DIGITAL TRANSFORMATION IN THE PAYMENT MARKET
NEW PLAYERS
OVERSIGHT OF CYBER-SECURITY
Bring sensitive information systems into compliance with legal and regulatoryrequirements.
Participate to seminars and workshops to share best practices with the banking sectoroperators (Instutions and infrastructures).
LEGAL AND REGULATORY FRAMEWORK OF CYBER-SECURITY National Directive of Information Systems Security
Decree related to protection of sensitive information systems of critical infrastructure (N°2-15-712)
Law No. 09-08 on the protection of individuals with regard to the processing of personal data
Law No. 53-05 relating to electronic exchange of legal data
1
2
3
4
In 2016, BAM was appointed as a coordinator, with the InformationSystems Security Departement, for the banking sector (By Decree)
5
ACTUAL ACHIEVEMENTS
03
Report any Cyber-security incident to ma-Cert ;Ma-Cert: Moroccan Computer Security Incident Response Team within the National DefenseMinistry
Identify its sensitive information systems according to the ISSND principles;Host sensitive Data on the national territory
Classify its SIS based on the « Impact Scale » that is well established by the decree.
Implement a Business Continuity Plan.
Conceive a robust cyber-security framework for risk identification and incident management.
Notified FMIs have to
Based on the decree and the NSSID, Bank Al Maghrib has identifyand notify the FMIs that represent a Vital importance caracter.
02
01
04
05
An infrastructure is critical in case ofone of This conditions :
> It’s the only payment system in thecountry that can operate a certaintransactions
> Gross revenu Payment system (Bigfinancial impact)
> Financial market infrastructure forclearing and setteling market transaction
> Payment system which is releated tomany other systems (Risk of contagion)
15
FMIs in Morocco: Overview and Oversight framework
AGENDA
Monitoring Cyber Risks and incidences
New challenges
2
1
3> Payment Institutions
> National mobile payment solution
> Instant payment
> Crypto-assets regulation
> New digital strategy of Bank Al Maghrib
17
PAYMENTINSTITUTIONS
TherevisedBankinglaw(2015) hasbeenextendedto includenewtypeof paymentservicesproviders:Paymentinstitutions
Advantages
increased competition Lower costs than traditional services
Product diversification Cash reduction Increased awareness offinancial services
Accessto Moroccopaymentschemesfor PaymentInstitutions
The chosen mode of participation in RTGS and SIMT was indirect participation to benefit from lower participation costs andlight requirements and to control the risk related to these payment institutions.
18
m-walletSwitch
Issuer Receiverm-wallet M-payment platform
M-payment platform
Mobile Channels (USSD, Data) Electronic payment channels (type ISO 8583)
Project scope
Routing table
The solution is structured around a decentralized architecture allowing each establishment to independently manage its products and servicesInfrastructure hosting mobile payment in Morocco
Technical specifications
Ensuring interoperability of mobile transactions
Minimizing impact on transaction fees
Minimizing IT impact on banks and payment institutions
Capitalizing on existing infrastructure to launch mobile payment quickly1
2
3
4
A new regulation issued by central bank to insure a smooth functioning of mobile payment
Defining several rules about in particular dispute
management/Incident Management/Marketing …
Defining measures to insure the protection of users of this
payment instrument
Enhancing the existing exchange protocol.
Specific pricing by limiting the fees for mobile payment.
1
2
3
4
NATIONALMOBILE PAYMENT SOLUTION
Specification of technical and functional rules and interfaces
ICO> Not prohibited (exceptChina, Spain, Australia)
Platforms for buying and selling crypto-assets against fiduciary flat money> Are not prohibited
Blockchain / DLT> Several countries recognizethe potential of Blockchain/ DLT
19
SmartContrats>Are not prohibited
Custodyand and storage> Are not prohibited
Mining> Not prohibited (except China)
Crypto-asset tradingplatforms> Are not prohibited
Payment by crypto-assets> Not allowed in mostjurisdiction
CRYPTO-ASSETS REGULATION
Crypto-assetValue Chain
Draw up a road map of theworking group between centralbank and otherauthorities/stakeholders toaddress the following issues :
- Assign a legal qualificationto crypto-assets;
- Reflect/discuss on theappropriate regulation ofCrypto-asset taking intoaccount the entire value chain.
Roadmap for Crypto-assets regulation
INSTANT PAYMENT
Transmission of the payment message and the availability of fundsto the end user in real time, on a 24/ 7basis.
Increase of direct credit New channels Strategy
increase of the number of transfers exchanged via
the GSIMT42.2% of total exchanges
Emergence of new technologies facilitating instantaneous transfers
Credit transfers have been set up as a strategic focus
for central banks
Interbank payment period relatively long
j + 1 for the direct credit
Mot
ivat
ions
Reduction of cash and the substitution, in the long
term, of the check
Implementation of a working group with banks and GSIMT to study the functional, regulatory andtechnical prerequisites for the implementation of instant payment at the domestic level.
A concept note is being developed by GSIMT to determine the technical and financial issues of theproject, legal and regulatory aspects, and the necessary adjustments to the SRBM settlementprocesses.
20
21
NEW DIGITAL STRATEGY OF BANK AL MAGHRIB
A central bank model in terms of digital transformation at the service of its fundamental missions
Automation Agile & smart Opening Purpose driven
> Reengineering supportprocesses to better makeits core business
> Streamline internalprocesses serving theecosystem
> Adopt a more flexibleorganizational andgovernance model
> Open to digital and agilework mode
> Smart proportional riskregulation
> Dialogue and adapt tothe needs of theecosystem
> To work for a smartregulation
> Mobilization ofexternal expertise anda Lab
> Prioritize digitalinitiatives according totheir impact onBAM's fundamentalmissions
> Make digitizationefficient
Culture and Skills
Explore the opportunity of usingdigital innovations such asRegTech and SupTech (whichincludes data collection andanalysis) to improve theeffectiveness of oversight.
22
IT SOLUTION FOR FMIs MONITORING
Data related to the FMIs monitoring arecommunicated to Bank Al Maghrib by email andare developed manually. That involve many riskssuch as:
Delays in submission of data Incomplete data Low quality of data Human error
BAM has included, in its triennial strategic plan 2016-2018, a project to setup an IT solution for FMIs monitoring. The functional specifications of thissolution have already been developed during the first semester of 2018.
To facilitate the collection and management of data qualityand reliability, Bank Al Maghrib is studying the possibility ofdirectly using standardized interfaces such as APIs for theimplementation of this solution.
Current state
Some Advantages of APIs
Allow FMIs to submit high-quality, granular data digitally and automatically to BAM withhigher frequency;
Enable BAM staff to make data validation faster and analysis sharper by generatingcustomized reports for supervisory and policy development purposes in different formatsand near-real time;
API-based compliance reporting can make high-quality financial and data available topower policy simulation engines.
THANK YOU FOR YOUR ATTENTION