12 CFR § 7.1026 - National bank and Federal savings association payment system memberships.

§ 7.1026 National bank and Federal savings association payment system memberships.

(a) In general. National banks and Federal savings associations may become members of payment systems, subject to the requirements of this section.

(b) Definitions. As used in this section:

(1) Appropriate OCC supervisory office means the OCC office that is responsible for the supervision of a national bank or Federal savings association, as described in subpart A of 12 CFR part 4;

(2) Member includes a national bank or Federal savings association designated as a “member,” or “participant,” or other similar role by a payment system, including by a payment system that requires the national bank or Federal savings association to share in operational losses or maintain a reserve with the payment system to offset potential liability for operational losses. This definition includes indirect members only if they agree to be bound by the rules of the payment system and the rules of the payment system indicate indirect members are covered;

(3) Open-ended liability refers to liability for operational losses that is not capped under the rules of the payment system and includes indemnifications of third parties provided as a condition of membership in the payment system;

(4) Operational loss means a charge resulting from sources other than defaults by other members of the payment system. Examples of operational losses include losses that are due to: Employee misconduct, fraud, misjudgment, or human error; management failure; information systems failures; disruptions from internal or external events that result in the degradation or failure of services provided by the payment system; security breaches or cybersecurity events; or payment or settlement delays, constrained liquidity, contagious disruptions, and resulting litigation; and

(5) Payment system means “financial market utility” as defined in 12 U.S.C. 5462(6), wherever operating, and includes both retail and wholesale payment systems. Payment system does not include a derivatives clearing organization registered under the Commodity Exchange Act, a clearing agency registered under the Securities Exchange Act of 1934, or foreign organization that would be considered a derivatives clearing organization or clearing agency were it operating in the United States.

(c) Notice requirements—(1) Prior notice required. A national bank or Federal savings association must provide written notice to its appropriate OCC supervisory office at least 30 days prior to joining a payment system that exposes it to open-ended liability.

(2) After-the-fact notice. A national bank or Federal savings association must provide written notice to its appropriate OCC supervisory office within 30 days of joining a payment system that does not expose it to open-ended liability.

(d) Content of notice—(1) In general. A notice required by paragraph (c) of this section must include representations that the national bank or Federal savings association:

(i) Has complied with the safety and soundness review requirements in paragraph (e)(1) of this section; and

(ii) Will comply with the safety and soundness review and notification requirements in paragraphs (e)(2) and (3) of this section.

(2) Payment system with limits on liability or no liability. A notice filed under paragraph (c)(2) of this section also must include a representation that either:

(i) The rules of the payment system do not impose liability for operational losses on members; or

(ii) The national bank's or Federal savings association's liability for operational losses is limited by the rules of the payment system to specific and appropriate limits that do not exceed the lower of:

(A) The legal lending limit under 12 CFR part 32; or

(B) The limit set for the bank or savings association by the OCC.

(e) Safety and soundness procedures.

(1) Prior to joining a payment system, a national bank or Federal savings association must:

(i) Identify and evaluate the risks posed by membership in the payment system, taking into account whether the liability of the bank or savings association is limited; and

(ii) Ensure that it can measure, monitor, and control the risks identified pursuant to paragraph (e)(1)(i) of this section.

(2) After joining a payment system, a national bank or Federal savings association must manage the risks of the payment system on an ongoing basis. This ongoing risk management must:

(i) Identify and evaluate the risks posed by membership in the payment system, taking into account whether the liability of the bank or savings association is limited; and

(ii) Measure, monitor, and control the risks identified pursuant to paragraph (e)(2)(i) of this section.

(3) If the national bank or Federal savings association identifies risks during the ongoing risk management required by paragraph (e)(2) of this section that raise safety and soundness concerns, such as a material change to the bank's or savings association's liability or indemnification responsibilities, the national bank or Federal savings association must:

(i) Notify the appropriate OCC supervisory office as soon as the safety and soundness concern is identified; and

(ii) Take appropriate actions to remediate the risk.

(4) A national bank or Federal savings association that believes its open-ended liability is otherwise limited (e.g., by negotiated agreements or laws of an appropriate jurisdiction) may consider its liability to be limited for purposes of the reviews required by paragraphs (e)(1) and (2) of this section so long as:

(i) Prior to joining the payment system, the bank or savings association obtains a written legal opinion that:

(A) Describes how the payment system allocates liability for operational losses; and

(B) Concludes the potential liability for operational losses for the national bank or Federal savings association is in fact limited to specific and appropriate limits that do not exceed the lower of:

(1) The legal lending limit under 12 CFR part 32; or

(2) The limit set for the bank or savings association by the OCC; and

(ii) There are no material changes to the liability or indemnification requirements applicable to the bank or savings association since the issuance of the written legal opinion.

(f) Safety and soundness considerations.

(1) A national bank or Federal savings association should evaluate, at a minimum, the following payment system characteristics when conducting an analysis required by paragraph (e) of this section:

(i) Does the processing occur on a real-time gross settlement basis or provide reasonable assurance (e.g., prefunding, etc.) that members will meet settlement obligations?

(ii) How does the payment system's rules limit its liability to members?

(iii) Does the payment system have insurance coverage and/or self-insurance arrangements to cover operational losses?

(iv) Do the payment system's rules provide an unambiguous pro-rata loss allocation methodology under its indemnity provisions and does the methodology provide members the opportunity to reduce or eliminate liability exposure by decreasing or ceasing use of the payment system?

(v) Do the payment system's rules provide for unambiguous membership withdrawal procedures that do not require the prior approval of the system?

(vi) Does the payment system have appropriate admission and continuing participation requirements for system participants? Such requirements should address, among other things:

(A) The participants' access to sufficient financial resources to meet obligations arising from participation;

(B) The adequacy of participants' operational capacities to meet obligations arising from participation; and

(C) The adequacy of the participants' own risk management processes.

(vii) Does the payment system have processes and controls in place to verify and monitor on an ongoing basis the compliance of each participant with admission and participation requirements?

(viii) Does the payment system have written policies and procedures for addressing participant failures to meet ongoing participation requirements?

(ix) Are the payment system's rules relating to the system's emergency authorities unambiguous and may they be amended or otherwise altered without prior notification to all members and an opportunity to withdraw?

(x) Is the payment system governed by uniform, comprehensive and clear legal standards in its operating jurisdiction that address payment and/or settlement activities?

(xi) Is the payment system subject to and in compliance (or observance) with the Committee on Payment and Settlement Systems and the Technical Committee of the International Organization of Securities Commissions (CPSS—IOSCO) Principles for Financial Market Infrastructures?

(xii) Is the payment system designated as a systemically important financial market utility (SIFMU) by the Financial Stability Oversight Counsel (FSOC) or is it the international or foreign equivalent?

(xiii) Does the payment system provide members with information relevant to governance, risk management practices, and operations in a timely manner and with sufficient transparency and particularity for the bank to ascertain with reasonable certainty the bank's level of risk exposure to the system?

(xiv) Is the payment system operated by or subject to oversight of a central bank or regulatory authority?

(xv) Is the payment system legally organized as a not-for-profit enterprise or is it owned and operated by a government entity?

(xvi) Does the payment system have appropriate systems and controls for communicating to members in a timely manner about material events that relate to or could result in potential operational losses, e.g. fraud, system failures, natural disasters, etc.?

(xvii) Has the payment system ever exercised its authority under indemnification provisions?

(2) A national bank or Federal savings association should consider, at a minimum, the following characteristics of its risk management program when conducting an analysis required by paragraph (e) of this section:

(i) Does the bank or savings association have appropriate board supervision and managerial and staff expertise?

(ii) Does the bank or savings association have comprehensive policies and operating procedures with respect to its risk identification, measurement and management information systems that are routinely reviewed?

(iii) Does the bank or savings association have effective risk controls and processes to oversee and ensure the continuing effectiveness of the risk management process? The program should include a formal process for approval of payment system memberships as well as ongoing monitoring and measurement of activity against predetermined risk limits.

(iv) Does the bank or savings association's membership evaluation process include assessments and analyses of:

(A) The credit quality of the entity;

(B) The entity's risk management practices;

(C) Settlement and default procedures of the entity;

(D) Any default or loss-sharing precedents and any other applicable limits or restrictions of the entity;

(E) Key risks associated with joining the entity; and

(F) The incremental effect of additional memberships in aggregate exposure to payment system risk?

(v) Does the bank or savings association's risk management program include policies and procedures that identify and estimate the level of potential operational risks, at both inception of membership and on an on-going basis?

(vi) Does the bank or savings association have auditing procedures to ensure the integrity of risk measurement, control and reporting systems?

(vii) Does the program include mechanisms to monitor, estimate, and maintain control over the bank or savings association's potential liabilities for operational losses on an ongoing basis. This should include:

(A) Limits and other controls with respect to each identified risk factor;

(B) Reports generated throughout the processes that accurately present the nature and level(s) of risk taken and demonstrate compliance with approved polices and limits; and

(C) Identification of the business unit and/or individuals responsible for measuring and monitoring risk exposures, as well as those individuals responsible for monitoring compliance with policies and risk exposure limits.

(viii) Does a bank or savings association with memberships in multiple payment systems have the ability to monitor and report aggregate risk exposures and measurement against risk limits both at the sponsoring business line level and the total exposure organizationally?

[85 FR 83730, Dec. 22, 2020]