CPSS-IOSCO SELF-ASSESSMENT PUBLIC DISCLOSURE FOR FASTER PAYMENTS SCHEME LIMITED (FPSL) 2014

Faster Payments Scheme Limited 2 Thomas More Square London E1W 1YN CPSS-IOSCO SELF-ASSESSMENT PUBLIC DISCLOSURE FOR FASTER PAYMENTS SCHEME LIMITED (FPSL) 2014 Responding institution: Jurisdiction: Authority regulating Date of Disclosure: For further information, please contact: Faster Payments Scheme Limited UK (English Law) Bank of England 16 th July 2014 companysecretary@fasterpayments.org.uk EXECUTIVE SUMMARY Faster Payments Scheme Limited (FPSL) is a Financial Market Infrastructure (FMI), designated under the Banking Act 2009 as a systemically important payment system. It is a not-for-profit, limited by guarantee company whose Members are direct settling participants in the Scheme which delivers a world-class instant payments capability to the UK payments market. Faster Payments was launched in May 2008 and delivers Near Real Time (NRT) payment services to meet the existing and future needs of the Members, their agency banks, corporates, government and retail customers. It achieves this by exploiting a shared infrastructure, delivering a highly reliable service and continuously innovating. FPSL is responsible for the operation and strategic development of the Faster Payments Service. It also provides administration of the Scheme and ensures Member and Supplier compliance with relevant internal Rules, Procedures, service levels and external regulation. The Faster Payments Service (FPS) provides, as its name suggests, a faster payment process than was previously available in the UK. The Scheme is composed of a group of banks and building societies called Members. Faster Payments currently has ten Members and over 250 financial institutions use agency arrangements to offer services to their customers. There are two main service levels in Faster Payments: 1) For payments where the customer is present, either using Internet or telephone banking, FPS provides a Near Real Time payment process. Customers making payments can be told, within a few seconds, that their payment will or will not be made. This is assured by exchanging a message with the beneficiary Member to check that the account exists and is open for credits. The beneficiary customer will receive the funds shortly thereafter. 2) For payments where the customer is not present, e.g. Standing Orders, the paying Member originates the payment on the due date and the beneficiary receives the funds via Faster Payment s NRT system, i.e. same-day or better. The majority of Standing Orders are sent and accepted by 06:00 am. History The Faster Payments Scheme commenced operations on 27 May 2008, when it was one of the first NRT retail payment systems in the world. At the end of 2008 the average daily volume and value was around half 1

a million payments with an aggregate value of 200 million. The Scheme has grown markedly since launch and since the start of 2012 Faster Payments have processed all internet-banking payments and Standing Orders in the UK. In the year up to the end of April 2014, the Scheme processed over 1 billion payments to a value of more than 800bn. Faster Payments has not only become established in the UK payments landscape, but also provides a platform for further innovation in the UK payments market. Major projects for Faster Payments include helping Members and the Payments Council to enable mobile payments and providing automated redirection of payments for customers switching their current account. The government acknowledges that the Faster Payments Scheme is of critical importance to the UK financial system and has confirmed that it meets the criteria for recognition set out in Part 5 of the Banking Act 2009. Accordingly, the Faster Payments Scheme is regulated by the Bank of England. Faster Payments Scheme has a clearly defined set of rules and legal agreements (governed by English law) and has been designated (and continues to meet designation requirements) under the Settlement Finality Directive. Faster Payments processing is conducted in the UK only, although some participants are incorporated outside of the European Union. FPSL Risk Profile FPSL manages a number of risk categories through its Risk Management Framework, the most inherently significant risks being: Cyber / Security Risk Direct Participant Operational Risk Third Party Supplier Failure Risk Legal / Regulatory Risk The consequences of a significant central processing outage or of a failure of the settlement process (including member failure to meet settlement obligations) are severe enough to be afforded a range of controls to prevent the risk occurrence. These include service levels and monitoring, secure messaging, secure dual site processing and strict change control. To mitigate settlement risk, Faster Payments Members net settlement positions are limited using hard debit caps. The caps are partially collateralised as a requirement of the Scheme s Liquidity and Loss Share Agreement (LLSA). If a Member institution fails to settle, the LLSA also requires surviving Members to provide liquidity to meet any shortfall in the settlement obligations of the failed Member (up to the value of the largest Member). Surviving Members are subsequently partially refunded through liquidation of the failed Member s collateral. It is in the Scheme s 2014 Operating Plan that all collateral will be fully prefunded in cash by the end of 2014 eliminating any credit risk of default. Self Assessment Methodology This self-assessment has been undertaken by the FPSL Risk Management and Assurance Unit using a risk based assessment methodology. The following steps were undertaken: a) Initial review of the 24 principles from the CPSS-IOSCO Disclosure and Assessment Methodology and their associated key considerations to scope the assessment. b) Through a review of documentation and discussions with the Bank of England, agreement was made as to the scope and applicability of each principle and consideration. c) The Risk Unit then considered the status of FPSL s observance to each of the principles and examined the risks to the Scheme inherent within each applicable principle. 2

d) The Risk Unit then reviewed existing mitigating controls in place at the time of the assessment and assessed the effectiveness of these controls. e) The responses made were documented in a report and independently audited. f) The final report was submitted to the Bank of England and Management Actions were tracked by FPSL Audit and Finance Committee. In support of this disclosure, Faster Payments have presented to the Bank of England a report that sets out FPSL s adherence to all principles and considerations. The self-assessment methodology described above was conducted as a second line Risk Unit activity, challenging first line management response and incorporating third line assurance via an independent internal audit. All gaps identified in the control framework are either in the process of remediation or are planned for remediation through defined Management Actions. This disclosure has been presented in its entirety to the FPSL Audit and Finance Committee and then to the FPSL Board. Their feedback has been incorporated in the final disclosure. Matters relevant to other committees for their consideration will be delegated in due course for monitoring and future mitigation decisions. II SUMMARY OF MAJOR CHANGES SINCE THE LAST UPDATE OF THE DISCLOSURE The significant changes from the December 2014 public disclosure include: Governance within the Scheme has been further strengthened through the appointment of a third Independent Non-Executive Director (INED). This director will take over the Chair of the Audit and Finance Committee by the start of 2015 (Principle 2 relates). FPSL has further enhanced its Enterprise Risk Management Framework through; development of a Risk Appetite Statement a (Principles 3, 4, 15 and 17 relate). The Board Member voting protocol has been changed to better represent the interests of smaller Members by the movement to a one director one vote model. With the addition of a third INED, the public interest veto of the independent directors has been strengthened by requiring a majority (>50%) of independent director votes, to be cast in favour for a public interest vote to be passed. The Articles of Association have been amended to explicitly state integrity and financial stability in the Scheme s Statement of Purpose. III GENERAL BACKGROUND History At its introduction in 2008, the Faster Payments Scheme was the first new payment system delivered in the UK since 1984, when the CHAPS Clearing System was launched. The Faster Payments Scheme is designed to enable electronic payments, typically made via the internet or phone, to be processed in seconds rather than days. FPS can trace its creation from May 2005 when the Payment Systems Task Force, a stakeholder group chaired by the Office of Fair Trading, announced the introduction of a new service that would reduce clearing times on phone, internet and standing order payments. The banking industry committed to develop a system whereby payments would clear quickly and efficiently. In October 2005, the contract to provide the central infrastructure for this new service was awarded to Immediate Payments Limited (IPL), a joint venture 3

company set up by Voca Limited and Link Interchange Limited. In 2007, the two organisations merged to form VocaLink Limited. The new Faster Payments Scheme and infrastructure was launched on 27 May 2008 when banks rolled out the service to their customers. The Faster Payments Scheme runs alongside existing payment schemes in the UK such as CHAPS and Bacs. The responsibility for the day-to-day operation and management of the service is undertaken by FPSL although from November 2009 until 29th February 2012 this role was conducted by CHAPS Clearing Company Limited. VocaLink currently hold the contract to supply the central infrastructure for FPS. Since the beginning of 2012, the UK Payment Services Regulations have required all payments to reach the recipients account no later than the working day after the originator was debited. As a consequence, by 2012 Faster Payments was able to reach over 99.9% of UK customers. Faster Payments Scheme Limited (FPSL) FPSL is responsible for the day-to-day operations and management of the service and is a Member-based company. The current Members of the Scheme Company are: Barclays Bank PLC Citibank N.A. Clydesdale Bank PLC The Co-operative Bank PLC Northern Bank (formerly Danske Bank) HSBC Bank PLC Lloyds Bank PLC Nationwide Building Society The Royal Bank of Scotland Group Santander UK PLC In addition, over 250 institutions access FPS via agency arrangements through one or more Members. 4

How does the Faster Payments work? Who Can Use the Faster Payments? Users of the Faster Payments can be divided into participants from the financial service community that use the central infrastructure directly and those indirect users that use the service through another financial institution. Institutions can become participants in Faster Payments, either as Members, Direct Agencies, Third-Party Beneficiaries or as Corporates. All these participants are able to submit payments into the service, either singly and/or in bulk files, depending on what type of participant they are, using their own direct connection to the service. Key Parties and Processes in Faster Payments The System Operator FPSL, the system operator, is an inter-bank organisation responsible for administering Faster Payments. The role as System Operator is to: Provide Members with the infrastructure for the exchange and settlement of Faster Payment Messages and manage the operational process. Define, agree and ensure compliance to Scheme Rules, Security Codes of Conduct, Procedures, and other reference documents. Ensure that the suppliers to the Scheme comply with their contractual obligations and by doing so monitor, measure and manage Member and Supplier compliance and performance in order to promote the highest levels of integrity evidenced against internal and external audit and oversight. Members FPSL Members are banks or building societies, which have settlement accounts at the Bank of England suitable for the settlement of FPS payments. All Members connect directly to the FPS Central Infrastructure. The detailed Membership criteria are defined on the FPSL website, for example, Members must install a Bank of England Enquiry Link facility. Faster Payments Members may sponsor Directly Connected Agencies, Bureaux, Corporates and File Input Module (FIM) only Agencies. 5

Bank of England (RTGS) The Bank of England acts as the settlement agent and as the trustee for the collateral posted under the LLSA. The System is settled in the Bank of England s Real Time Gross Settlement System (RTGS) system in the same way as other clearings (such as Bacs and Cheque and Credit Clearing). RTGS sends Faster Payments Scheme Members advices of the amounts to be settled via the Enquiry Link system. Direct Agency A Direct Agency is a financial institution which connects directly to the FPS Central Infrastructure but does not settle payments at the Bank of England. A Direct Agency is sponsored by a Member who authorises all debits and credits to and from Direct Agencies in near real time. A Direct Agency that is wholly owned by a Member may also sponsor Agencies, Corporates and Bureaux. Indirect Agency An Indirect Agency, such as a small bank or building society, sends and receives messages via a Member on its own behalf or on behalf of its customers, which themselves may be financial institutions. Third Party Beneficiaries A Third Party Beneficiary is an organisation such as a credit card company or utility company that has a collection account with a Member. It is identified by one or more sort codes unique to the Third Party Beneficiary. Responding Third Party Beneficiaries are directly connected to the Central Infrastructure and operate a 24/7 service for payment receipt. Non-Responding Third Party Beneficiaries receive advice of payments, but, unlike a Responding Third Party Beneficiary, do not need to acknowledge receipt of such payments, and do not need to be connected to the Central Infrastructure 24/7. Corporates Corporates are customers of a Member or an Indirect Agency which sponsors them to have direct access to Faster Payments via Direct Corporate Access (DCA) for sending payments. No facilities are provided for Corporates to receive payments directly from Faster Payments. The Corporates Sponsoring Member (and Direct Agency or Indirect Agency where appropriate) authorises each file of payments from that Corporate. Each file contains payments drawn on a single account. Corporates submit payments in Standard 18 format; the DCA module translates them into a Faster Payments Scheme-specific format of ISO 8583. Bureaux Bureaux submit files on behalf of Corporates. Each file contains payments from a single Corporate drawn on a single account. A submission may contain files drawn on different sponsors. Customers Personal and corporate customers of Members and Agencies may make and receive payments through FPS according to their contract with their Member or Agency. General organisation of Faster Payments Scheme Limited (FPSL) FPSL has clearly defined governance arrangements, through Membership Agreements and the Company s Memorandum & Articles of Association. The latter sets out the governance arrangements for Members and Directors: Participation and Membership criteria Composition, execution and reporting of General Meetings Member voting rights, including proxies and resolution arrangements Director s powers, appointment and removal process Establishment and functioning of committees 6

FPSL operates a number of Board sub-committees to ensure good governance of the scheme, attended by representatives from Members. Legal and Regulatory Framework FPSL has legal agreements in place with all relevant stakeholders (Members, VocaLink and Bank of England as Settlement Service Provider). All contracts are drawn up on behalf of Faster Payments Scheme Limited by professional lawyers. FPSL also has a contract with the Payments Council. All FPSL legal agreements contain a number of clauses which are commonly used in outsourcing agreements, for example: Governing Law (English law) Records Retention (six full years plus current calendar year from date of creation) Confidentiality and security Supplier personnel Warranties and undertakings External intervening threats Assignment, transfer and subcontracting Relief events (from failure to perform obligations) Regulatory compliance (with Bank of England Oversight) Insurance FPSL Scheme Rules and Procedures are designated under English law. FPSL Risk Committee regularly monitors regulatory developments to ensure the company remains compliant. System Design and Operations Payment Types The System supports the following payment types; all are credit (push) payments; FPS does not support debit (pull) payments: Single Immediate Payments (SIPs) Forward Dated Payments (FDPs) 7

Standing Order Payments (SOPs) DCA Corporate Bulk Payments (DCAs) Return Payments Scheme Return Payments The latter two payment types are generated by the Receiving Member and the Central Infrastructure retrospectively. These return payments relate to payments that cannot be applied to an eligible account or cannot be processed on to the receiving bank. Clearing Timetable The system clears 95% of Single Immediate Payments (SIPs) and Forward Dated Payments (FDPs) 24 hours a day, 7 days a week, 365/6 days a year in Near Real Time (NRT). The remaining 5% relate to payments being made to non-current accounts or sent to agency banks that may not operate 24/7. These payments are applied to the beneficiary account within timescales compliant with Payment Services Regulations. Standing Order Payments (SOP s) are cleared only on Working Days which are defined as Monday to Friday s excluding English Bank Holidays. SOPS are always cleared within a single working day, so that the Originating Customer is debited on the same day that the Beneficiary Customer is credited. In most cases, Standing Orders are cleared by 06:00. Settlement Risk As a Deferred Net Settlement (DNS) System, Settlement Risk is managed utilising Multilateral Net Sender Caps (MNSCs) that are currently supported by a lodgement of collateral at the Bank of England. The MNSCs are under the control of the Scheme. As mentioned above, all payments are processed through the system as single payments notwithstanding that they might have been entered into the system as a file. The Central Infrastructure maintains a Multilateral Net Settlement Position for each Member (MNSP). The MNSP equals the total payments of all Members and its sponsored Participants have received and accepted, less the total value of all payments it, and its sponsored Participants, have submitted and have been accepted. As payments pass through, MNSPs are updated by debiting the sender Member Position and crediting the receiving Member Position subject to there being adequate headroom in the position to complete the debit transaction. Members utilise a Net Sender Threshold, which alerts them electronically if they are within a configurable percentage of their MNSC. This threshold is controlled by the Member. Settlement within the System occurs three times per day on Working Days as defined above. The cut off times for settlement are currently; 07:00, 12:45 and 15:30. This is configurable both in the number of intra Working Day settlements and in the timing of the settlements. Where there are one or more non-working Days between the last settlement of a Working Day and the first settlement of the next Working Day, a Settlement Cycle can span several days. When a Settlement Cycle ends, it is cut-off and a new Settlement Cycle starts. Therefore for practical purposes a Settlement Cycle starts at one settlement cut-off and ends at the next settlement cut-off. Shortly after settlement cut-off, the Central Infrastructure sends a SWIFT MT298 settlement message to the Bank of England, and also sends an Unsolicited Message (USM) to each Member informing them of their MNSP (how much the Member is obliged to pay or due to receive in the settlement). After a configurable period the Bank of England settles, and returns a settlement complete message to the Central Infrastructure, 8

which informs Members that settlement is complete in an Unsolicited Message. All Members settle or no Members settle; there is no partial settlement. IV: SUMMARY OF KEY POINTS ARISING FROM ASSESSMENT OF EACH PRINCIPLE Principle 1. Legal basis An FMI should have a wellfounded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. 2. Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. 3. Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Summary The FMI has a sound legal basis which is supported by a legal opinion from Scheme Members and its in-house legal team. Although the strict enforceability of the Rules, Procedures and contracts cannot be tested unless a party should choose to challenge the condition in the courts, FPSL is as confident as it can be as to their enforceability. The Rules, Procedures and contracts are also based on other payments schemes as a precedent. FPSL has clear and transparent governance arrangements which follows best practice and promotes the safety and efficiency of the FMI. Improvements include over the last 18 months the appointment of three Independent Non-Executive Directors as Chairman of the FPSL Board,Chair of the Risk Committee and from 2015 Chair of the Audit and Finance Committee.. The job descriptions of the Independent Non- Executive Directors have an explicit reference to Financial Stability. The Articles of Association have been amended to explicitly state integrity and stability in the Scheme s Statement of Purpose. The FPSL website has full details of Governance arrangements. A fully documented Enterprise Risk Management (ERM) Framework is being operationally embedded to support the identification, measurement, management, monitoring and reporting of risk within a risk management cycle. This includes Risk Policies, Appetite Statements and Limits. FPSL has defined a clear plan to embed the policies and processes and to foster a risk management culture. To support this, an Internal Audit has been conducted to identify further gaps and to support tracking of improvements. The ERM framework is being embedded throughout 2014. Scenario testing, development of recovery and wind-down plans and the embedding of the ERM Framework are further strengthening FPSL s compliance. 4. Credit risk An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its FPSL manages Credit Risk within settlement as a key element of the wider ERM Framework and it is monitored through a dedicated Settlement Risk Committee. Collateral is held and managed by the Bank of England on behalf of FPSL. Cash prefunding of Net Settlement Caps (NSC) is being developed which will eliminate credit risk within settlement by the end of 2014. 9

Principle Summary credit exposure to each participant fully with a high degree of confidence. 5. Collateral An FMI that requires collateral to manage its or its participants credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. 7. Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. 8. Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. 9. Money settlements An FMI should conduct its money settlements in central bank money where practical and FPSL retains responsibility for the collateral risk but the Bank of England, through a Deed of Charge between it and the Members, manages collateral on behalf of FPSL, setting the requirements haircuts and limits and undertaking collateral valuation. FPSL monitors collateral bi-monthly through the Settlement Risk Committee and FPSL obtains copies of the holdings of each Member, by nominal value and haircutted value ( Adjusted Market Value ) on a daily basis. Prefunding in cash is targeted for the end of 2014 to create a cash based collateral system that will further strengthen compliance to this Principle. The ERM Framework contains suitable liquidity safeguards and management tools. These are documented and enforced in the Liquidity and Loss Settlement Agreement (LLSA). The payment system is denominated in Sterling only and the central infrastructure manages liquidity risk through a Net Sender Cap (NSC) mechanism. Settlement Risk Committee manages liquidity risk via reviews of eligible collateral, NSC s and contingency processes for management of liquidity, settlement and participant default. FPSL conduct stress testing and regularly reviews the breadth and depth required for further stress and scenario testing. Prefunding in cash is targeted for the end of 2014 to create a cash based collateral system that will eliminate liquidity risk within the system. Settlement is materially compliant with all Monday to Friday transactions lodged up to 3:30pm settled on the same day. Transactions lodged after 3:30pm or over the weekend are annotated as same value date, cleared immediately, but settled in the next day or the next Monday as appropriate. FPSL do not believe this settlement arrangement represents a material financial stability risk and it is only due to the Bank of England RTGS opening hours which are under review. All money settlements are conducted and denominated through the Central Bank in Sterling. 10

Principle Summary available. If central bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising from the use of commercial bank money. 13. Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. The Liquidity and Loss Sharing Agreement (LLSA) and Scheme Rules define requirements and Procedures regarding defaults, use of collateral, calls for liquidity and renegotiating and replenishing resources. Key points: Scheme Rules published on the FPSL website are reviewed annually. The Bank of England is required to notify FPSL of any Member defaults. Procedures are made available to Members / suppliers and other relevant parties e.g. Bank of England. Contingency processes to manage Member failure to settle and the LLSA being invoked are tested annually through a procedural test with Members and Bank of England RTGS. 15. General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. As part of FPSL s Enterprise Risk Management Framework, the identification and management of general business risk is embedded within the strategic planning processes. In addition, a risk register is maintained to track and manage identified risks through the Risk Committee. Reporting of financial controls and contingent reserves is managed through the Audit and Finance Committee. The Scheme has added to its reserves to ensure there are sufficient resources to continue operations and services as a going concern if losses materialise or funding from Members is delayed. The Scheme has developed a recovery/wind down plan and the Scheme Rules already provide adequate assurance for funding of FPSL operational continuity. Existing reserves are held in cash and in the event of Member default, or reserves falling close to minimum requirements, additional calls on Members are possible. 16. Custody and investment risks An FMI should safeguard its own and its participants assets and minimise the risk of loss on and delay in access to these assets. An FMI s investments should be in instruments with All FPSL assets are held in regulated entities, subject to the Financial Services Compensation Scheme, currently offering 85,000 relief in the event of default. The custodian banks accounting practices and procedures are supervised and monitored with annual audit statements available under their publicly disclosed financial statements. Company reserve funds (all cash) are held in these Member commercial banks and are administered separately from the operating funds (also held in cash). They are monitored by the Scheme s 11

Principle minimal credit, market, and liquidity risks. Summary Finance / Accounting function. The Audit and Finance Committee review financial reports quarterly. Participants assets are held and administered by the Bank of England in eligible (listed) collateral, which are reviewed regularly by the Settlement Risk Committee. 17. Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI s obligations, including in the event of a wide-scale or major disruption. Through FPSL s robust ERM policies, processes and procedures (see Principle 3) operational risks are: Identified and assessed though defined risk management methodologies such as Risk and Control Self-Assessments of suppliers and Members. Captured in a consistent format within risk registers. Monitored and reported though risk reports and monthly operational risk KPI s to the Risk Committee. Monitored for operational suppliers through appropriate supplier SLAs within contracts on availability and capacity. This framework is supported by the following elements: Roles and responsibilities for the management of operational risk are clearly defined and delegated by the Board to the Risk Committee in their Terms of Reference. Service management is provided by VocaLink using ITIL standards and monitored by SLA reporting in the VocaLink contract and an annual ISAE3000 Audit. Scheme contingency arrangements are managed through operational incident management procedures. Business continuity and disruption planning is in place, covering impact on Scheme and stakeholders. Plans are tested regularly and processes are documented. Security requirements are documented in the Security Policy and the Security Code of Conduct (SCoC) document. Assurance is provided through supplier contracts and Member self-certification. Compliance is monitored through the Operations Committee. Human Resources (HR) is managed through appropriate HR policies and procedures which are documented in a staff manual. This includes policies on staff reliability, succession planning, operational rotation of duties and skills training. Internal Audit is conducted through an independent function. Audit plans are agreed annually and key findings and recommendations are managed and tracked by the Audit and Finance Committee. The Audit and Finance Committee monitor assurance activities (including Internal Audit) and provide independent assurance to the Board on operational risk capabilities. 12

Principle 18. Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Summary FPSL strongly supports and encourages increased participation in the Scheme. To promote this, FPSL has an on-boarding manager and the FPSL website provides clear guidance on the criteria and requirements of participation. To ensure fair and open access for participation, FPSL Scheme Rules are reviewed by the Board and external legal counsel. To strengthen governance around access, three independent non-executive directors have responsibility for ensuring fair and open access for participation. In addition, Member appointed directors are excluded from the new Member decision process. Members on-going compliance to Scheme requirements are managed by FPSL through: Member self-certification to availability and security standards Incident Management Procedures Scheme review of regulatory compliance requirements Maintenance of settlement account status Allocation and use of valid sort codes Within Scheme Rules and Procedures, the following processes are documented: The Membership application process Orderly on-boarding Rules and exit Procedures Member Default Procedure Formal projects are set up for effecting Member entry and exits, including those arising from the impact of mergers and acquisitions of direct participants. Scheme Rules have been published on FPSL s website and detailed information on costs, risks of Membership and technical specifications are available to prospective participants under NDA (Non-Disclosure Agreement). 19. Tiered participation arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. The current risk exposure (materiality) from tiered indirect participation is judged to be relatively small, compared to direct Member participation. What risk exists is monitored through the Scheme Risk Committee. Members are obligated under the Scheme Rules to ensure agency bank payment processing is compliant with Scheme requirements. Tiering analysis is performed on transaction volumes and values from indirect agencies on an annual basis. Changes to the risk profile are monitored and discussed with sponsoring Members. Scheme Procedures and Rules determine how agency relationships are conducted, pertinent to the risks to the FMI. Operational risks associated with indirect participants are managed by the Operational Committee. 21. Efficiency and effectiveness Operational effectiveness objectives are set primarily in the company strategy. The on-boarding manager also provides advice on the requirements for prospective participants. Additional advice is taken 13

Principle An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Summary from the Payments Council customer fora and Electronic Scheme Affiliates to ensure end customer demands are met. Operational efficiency and effectiveness objectives are set out in Scheme Rules and Procedures and in supplier contracts in the form of Service Level Agreements (SLAs). Changes to objectives are driven by incident reports and operational reporting of performance against SLAs and KPI s, highlighting areas for potential change. Monthly KPI reviews, SLAs, operational reports and major incident reports are all used to determine change requirements. Development Committee have the remit for ensuring Scheme design / operating structure meets market, legislative and participant requirements and the Development Committee Terms of Reference has been amended to specifically address the needs of the market. In addition, the recently appointed independent non-executive director s remit includes liaison with the external market and the participants in meeting the customer requirements. Progress against the strategic development objective is monitored through the Development Committee and other committees, with progress against such objectives reported to the Board for quarterly review, appraisal and direction. 22. Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. FPSL uses Multi-Protocol Label Switching (MPSL) standards to interconnect FPS Members and direct agencies through a real-time switch provided by a major UK telecoms provider. Communications between the Bank of England and VocaLink used to effect settlements are conducted through SWIFT. Corporates submit payment files by secure internet connection direct to VocaLink. Indirect participants connect with direct Members via a range of services, with direct Members submitting payments on their behalf direct to VocaLink. Direct Participants based outside the UK connect to VocaLink direct through UK based Points of Presence. Scheme procedures ensure that BIC/IBAN references are attached to cross-border transactions The Scheme uses the ISO 8583 international messaging standard. DCA corporate participants submit payment files to VocaLink via Standard 18 for subsequent conversion to ISO 8583 and onward transmission. SWIFT formats are used between the Bank and VocaLink for settlement transactions. 23. Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable The Scheme publically disclose the following documents: Company Articles of Association Scheme Rules Trend Data on Volumes and Values Fee Structure* Governance structure Compliance to CPSS IOSCO principles summary *while there is no membership fee there are costs associated with 14

Principle participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Summary Membership which are set out on the website. Detailed procedural documentation such as the Security Code of Conduct and technical specifications are available to Members, potential Members, suppliers and any participants nominated by Members under NDA. The Bank of England is also provided copies of all documents. These documents are all reviewed annually (including for clarity) by FPSL, Members and VocaLink. Full details of available documents are included in Appendix A. Clarity of the Rules and Procedures is also addressed by discussion at committees, in the on-boarding process for new Members, via incident management reviews and the annual Member self-certification process. Financial obligations of the participating Members are determined and provided to Members under the annual budgeting process. The annual budget process is managed by the Audit and Finance Committee and the Board signs off the budget. 15

APPENDIX A: LIST OF PUBLICLY AVAILABLE RESOURCES How Faster Payments Works What Type of Payments can be made through Faster Payments? History/Timeline Statistics Governance FPSL Remit Board of Directors Committee Structure Stakeholders & Regulatory Regime Risk & Compliance Membership FPS Scheme Rules Bank Reference Data for FPS Functional Specification (PN7723) Under NDA Bank Reference Data - Member's Guide (PN5005) Under NDA Deed of Charge Under NDA External Interface Specification Under NDA Faster Payments Member, Agency and Scheme Guide (IPL00115) Under NDA FPS Customer Reference Data Functional Specification (IPL00471) Under NDA FPS EISCD Technical Specification (PN7677) Under NDA FPS Procedures Under NDA FPS Reference data manual - Member and scheme agency guide (IPL00114) Under NDA FPS Security Policy Under NDA Functional Specification Under NDA Industry Sorting Code Directory Procedures Under NDA Liquidity and Loss Sharing Agreement Under NDA Membership Agreement Under NDA Security Code of Conduct Under NDA Settlement Service Provider Agreement Under NDA Validating account numbers UK modulus checking (PN6111) Under NDA Articles of Association Consumers Benefits of Faster Payments Transaction Limits Sort Code Checker Mis-directed Payments Press Releases 16