Page 26 - ITU-T Focus Group Digital Financial Services – Recommendations
P. 26
ITU-T Focus Group Digital Financial Services
Recommendations
Title of recommendation Interoperability risk management
Working Group Interoperability
Audience for recommendation DFS providers
DFS providers that establish interoperability should identify, monitor, manage and mitigate its related risks, such
as legal, operational and financial risks, before entering into an interoperability agreement and on an ongoing
basis once the agreement is established. Interoperability schemes should assess the additional risks new partici-
pants might introduce, in order to maintain the integrity of the interoperability scheme, and ensure that scheme
rules address accountability for risks appropriately.
Albeit being an important feature of payment system efficiency, interoperability may also be a significant
source of risk. For this reason, pursuing it requires DFS providers to implement adequate standards addressing
those risks.
DFS providers should conduct an initial risk assessment to evaluate the potential sources of risks arising
from interoperability before entering into interoperability agreements. The type and degree of risk varies
according to the design and complexity of interoperability arrangements and depending on whether one or
more jurisdictions are involved. Interoperability should be designed in such a way that risks are adequately
mitigated.
DFS providers should assess their risk management procedures to ensure that they can effectively manage
the risks that may arise from interoperability. In particular, DFS providers should have robust risk management
procedures to manage the legal, financial and operational risks they are exposed to through other entities, as
well as those it poses to other entities. These procedures should include business continuity plans allowing
for a rapid recovery and resumption of critical activities, or alternative channels for processing cross-system
payments.
Furthermore, DFS providers that participate in interoperable systems should ensure that the risks generated
in one system do not spill over and affect the soundness of the other systems. Particular attention should
be placed on the links connecting the systems and the risks that could be transmitted through such links.
A DFS provider could use another provider to achieve interoperability (e.g. via a switch platform or a
service provider such us a financial intermediary or a network operator). The DFS provider seeking to achieve
interoperability should measure, monitor and manage the risks related to the other provider on an ongoing
basis and provide evidence to the oversight authority that adequate measures have been implemented to
limit and monitor these risks.
The management of risks should be commensurate to the number of parties involved in interoperable
systems. As a result, the risks should be assessed, monitored and mitigated taking into consideration the
number of entities involved in interoperable systems. The payment infrastructure provider should provide
participants with the information necessary to conduct an assessment of the risks associated with the entity
via which interoperability has been established.
20