Page 50 - ITU-T Focus Group Digital Financial Services – Interoperability
P. 50
ITU-T Focus Group Digital Financial Services
Interoperability
48. The RPE should not unduly restrict any participant’s usage of interoperability. Therefore, the RPS should
examine the rules and procedures set by the RPE, and undertake any necessary action in the event of any
restriction or discrimination.
LEGAL RISK
Principle 3: Interoperability agreements should have a well-founded, clear, and transparent legal basis that is
enforceable in all relevant jurisdictions and provide adequate protection to the participating RPEs.
Key issues:
3.1 The legal framework (laws, regulations, rules and procedures) underpinning an interoperability agreement
should provide a high degree of certainty for every aspect relating to interoperability.
3.2 The rules, procedures, and contracts governing the agreement should be clear, understandable, and
consistent with relevant laws and regulations. They should be readily available as appropriate for all
parties with a legitimate interest.
3.3 The rules, procedures, and contracts governing the agreement should be complete, valid, and enforceable
in all relevant jurisdictions. There should be a high degree of certainty that actions taken under such rules
and procedures will not be stayed, voided, or reversed.
3.4 The agreement should be consistent with the applicable regulatory frameworks.
3.5 In cross-border interoperable systems, risks arising from any potential conflicts of laws across jurisdictions
should be identified and mitigated.
49. Payments processed via interoperable systems may be subject to higher legal risks, compared with those
processed in a single system. Conflicts may arise if it is not clear which are the specific laws, regulations, rules,
or procedures applicable to payments processed via interoperable systems. In exceptional circumstances (e.g.,
the default of a participant in one of the systems), uncertainties or conflicts could arise if the rules governing
interoperability do not clearly specify the procedures to be followed.
50. Conflicts may also arise when the legal basis, in particular the contracts, do not clearly define the rights
and obligations of the RPEs participating in an interoperability agreement. Conflicts can stem from differences
in laws and regulations defining rights and obligations, finality, and irrevocability, and settlement finality. In
order to safeguard the protection of customers’ assets, RPEs should determine appropriate liability regimes
to minimize the potential loss for their customers. Legal risks should also be mitigated in case interoperability
involves a settlement agent that temporarily holds the funds transferred between one RPE and another in a
transitional account.
OPERATIONAL RISK
Principle 4: RPEs participating in an interoperability agreement should carefully assess the operational risks
related to the interoperability.
Key issues:
4.1 The scope of information security policy of RPEs that participate in interoperable systems should cover
all aspects relating to interoperability.
4.2 Operational arrangements for interoperability should be agreed to by the RPEs and communicated to all
relevant parties.
4.3 RPEs should ensure that their risk management capacity is sufficiently scalable and reliable in order for
them to comply with the operational requirements of interoperability both at the current and projected
peak volumes of activity and to achieve the agreed service level objectives.
4.4 Interoperability should be appropriately tested and monitored, and incidents should be logged and
followed up. RPEs participating in interoperable systems and all parties involved should agree on business
continuity plans that preserve interoperability under even extreme adverse circumstances.
40
