Participation requirements and eligibility criteria applicable to P27`s clearing and settlement service
1.1.1 P27 provides a Nordic operating model and payment infrastructure platform for financial and nonfinancial messages as well as clearing and settlement mechanisms. The P27 platform enables instant, batch, domestic and cross-border payments, providing inter alia clearing and settlement services, payment system services and other services relating to clearing and settlement (the “Services”). The Services are regulated by P27’s standard participation agreement (“Participation Agreement”) signed by each Participant (as defined below) that wishes to participate in the Services and has successfully completed the application process. The Services may also be used indirectly by a Reachable Entity (as defined below) that the Participant has listed under its Participation Agreement.
As P27 is a clearing organisation under the supervision of the Swedish Financial Supervisory Authority, P27 is obliged to ensure that all Participants and each of their Reachable Entities (as the case may be), shall at all times fulfil and comply with the participation requirements and the eligibility criteria, respectively.
The application process for becoming a Participant begins with P27 asking the applying entity to respond to a questionnaire relating to the participation requirements and eligibility criteria and the applying entity is requested, where relevant, to provide evidence in order for P27 to assess whether the participation requirements and eligibility criteria are fulfilled. However, in order to provide each entity considering becoming a Participant or a Reachable Entity with relevant information on what participation requirements or eligibility criteria (respectively) the entity must fulfil, P27 has prepared this company note which contains a condensed version of the participation requirements and eligibility criteria.
Although this condensed version includes in all materiality the applicable participation requirements and eligibility criteria, the official and complete version will be provided by P27 upon request or as part of an official application process.
For the purpose of describing the participation requirements and eligibility criteria, the following actors are relevant to acknowledge:
“Liquidity Providing Participating Entity” means a Participant which in relation to a specific currency holds and funds its own settlement account in the relevant central bank and, accordingly, can perform all activities allowed in the system, including using the clearing and settlement services for its own purposes and/or for each of its Liquidity Serviced Participating Entity in relation to the specific currency.
“Liquidity Serviced Participating Entity” means a Participant that relies on the services of a Liquidity Providing Participating Entity for settlement functionalities in relation to a specific currency.
“Participant” means the entity accepted to participate in the payment system services only, or in both the payment system services and the clearing and settlement services (as the case may be), and which participation is based on a contractual relationship with P27.
“Reachable Entity” means a payment services provider, or a credit institution, that can be reached through a Participant by other Participants, and which is registered with P27, but which does not have a contractual relationship with P27.
“Registered Entities” means the Participant’s Reachable Entities and/or Liquidity Serviced Participating Entities (as the case may be), which have been registered in accordance with the procedure set out in Participation Agreement.
2. PARTICIPATION REQUIREMENTS APPLICABLE TO ALL PARTICIPANTS
2.1 Initial requirements
The Participant must be a legal person and be under a national authority’s supervision as a (i)
‘payment services provider’, or (ii) ‘credit institution’.
2.2 Financial requirements
The Participant must meet the capital and liquidity requirements under any regulatory requirements applicable to the Participant.
2.3 Technical requirements
2.3.1 The Participant must be technically able to use and participate in the Services.
2.3.2 The Participant must have sufficiently secure technical systems for accessing the system and using the Services, which shall include the following:
(a) a suitable organisation and framework for management of information and IT security, including cyber security and compliance with applicable requirements under ISO 27001 or similar framework;
(b) sufficient back-up procedures for personnel, data communication, system, and power supply, including resilience provisions and business continuity;
(c) documentation of annually performed risk assessments regarding the stability and functionality of the Services related to the Participant’s use of them, as well as information, IT and cyber security risks;
(d) protection by encryption or other means of data at rest and data in motion;
(e) documentation of annually performed IT security penetration and vulnerability tests;
(f) protection against malicious code, including virus and malware protection;
(g) sufficient procedures and systems to ensure access management and controls;
(h) physical and infrastructure security controls such as perimeter protection, fire protection and water damage protection; and
(i) continuous monitoring capabilities of cyber security threats and anomalies including provisions for incident response.
2.4 Risk management requirements
The Participant must have the risk management procedures that are necessary to ensure the stability and functionality of the Services related to the Participant’s use of them, which shall include at least the following:
(a) appointed persons who are responsible for risk management within the organisation;
(b) a risk framework, including policies and other relevant documentation that have been established to maintain risk management;
(c) a plan for risk management within the organisation;
(d) a procedure for distributing information regarding risk management within the organisation;
(e) established routines to manage and monitor assessed risk, including incident management routines;
(f) a procedure for managing escalating risk and problem situations, including names of recipients of deviation reports; and
(g) an organisation for internal control function, i.e. internal audit, risk control and compliance.
2.5 Account and service requirements
The Participant must:
(a) if it is a payment services provider, provide payment accounts;
(b) be able to identify accounts with IBAN numbers;
(c) be able to be identified by a BIC; and
(d) be able to provide such services and functions necessary to fulfil the relevant rulebooks.
2.6 Organisational requirements
The Participant must organise its business with defined roles, which shall be occupied by personnel (i) who are trained in the Services and the Participation Agreement from an operational perspective in applicable parts, and (ii) who can meet the technical and risk management requirements.
2.7 Specific requirements related to the P27 overflow service
If the P27 overflow service is included in the Participant’s participation subscription form, the Participant must be connected to the relevant clearing and settlement mechanism services and have access to liquidity in an account in such system.
3. PARTICIPATION REQUIREMENTS FOR PARTICIPANTS WITH REGISTERED ENTITIES
3.1 Requirements for providing access to Registered Entities
In order for the Participant to provide access to the Services to any Registered Entity (i.e. a Reachable Entity or a Liquidity Serviced Participating Entity), the Registered Entity must have a written agreement with the Participant, or otherwise be under a legally binding obligation, which compels the Registered Entity to observe and comply with terms and conditions which are materially equal to relevant terms and conditions set out in the Participation Agreement.
3.2 Additional participation requirements applicable to Liquidity Providing Participating Entities
Additionally, if the Participant is a Liquidity Providing Participating Entity it:
(a) must be an institution which, according to Chapter 21, Section 1 of the Swedish Securities Market Act (Sw. Lag (2007:528) om värdepappersmarknaden) and Section 8 of the Swedish Systems for Settlement of Obligations in the Financial Market Act (Sw. Lag (1999:1309) om system för avveckling av förpliktelser på finansmarknaden) has the right to participate in clearing operations and settlement systems;
(b) must be able to settle in the relevant currencies and Services; and
(c) may provide access to the clearing and settlement services by providing liquidity to its Registered Entities provided that it is an entity who may provide such access under Chapter 21, Section 2 of the Swedish Securities Markets Act (Sw. Lag (2007:528) om värdepappersmarknaden).
4. ELIGIBILITY CRITERIA FOR REACHABLE ENTITIES
Each Reachable Entity must fulfil and comply with all participation requirements applicable to all Participants.