Governance: recognised payment system operators

Purpose

On 29 September 2016 the Bank of England (‘the Bank’) published a consultation paper (CP) seeking views on a proposal to introduce a code of practice (‘the code’) and supervisory statement (SS) on the governance of recognised operators of payment systems (RPSO), being those payment systems specified by order as recognised systems under section 184 of the Banking Act 2009 (‘the Act’). The Bank proposed, however, that the code will not apply to a recognised payment system that is operated by a recognised clearing house (RCH) or central securities depository (CSD), given they are or will be subject to other requirements (eg EMIR and CSDR).

This Policy Statement (PS) summarises the responses to the consultation and sets out the final code (Annex 1) and SS (Annex 2) on governance.

References in this PS to ‘Articles’ relate to Articles of the code.

Introduction

The Bank has decided to develop a code for payment system operators that have been recognised by HM Treasury under the Act. The code will provide transparency on the minimum requirements that all RPSOs to which the code applies must meet. The code is being issued under section 189 of the Act; this means that it will be binding on RPSOs to which it applies. If a RPSO fails to comply with its requirements, the Bank may take enforcement action against the RPSO. The Bank’s enforcement powers are set out in the sections 196-202A of the Act.

The Bank has also decided to introduce a SS to complement the code. The SS will set out in more detail how the Bank expects RPSOs to which the code applies to comply with the provisions in the code. Unlike the code, the provisions in the SS will not in themselves be binding although they will provide RPSOs with guidance as to how the Bank will assess compliance with the code. Consequently, a RPSO may demonstrate that they meet the requirements of the code in some other way, if appropriate to its business.

This PS sets out responses to the Bank’s CP on Part 1 of the code which concerns governance and related issues only. This part provides transparency on the minimum requirements that all RPSOs to which the code applies must meet when designing and operating their governance frameworks. It will also provide clarity for RPSOs undertaking or planning governance changes as to what the Bank’s expectations are. We confirm that the code will be implemented on 21 June 2018.

The Bank may develop further parts of the code and additional SS in the future to set out requirements and expectations in other areas. These will be subject to consultation.

Approach

Good governance is critical to successfully managing risk and controls in payment systems and RPSOs need effective governance structures in place to provide leadership and drive change in pursuit of their objectives.

The Committee on Payment and Settlement Systems^{footnote [1]} and the International Organization of Securities Commissions Principles for financial market infrastructures (PFMI) form the basis for this code. The Bank has also taken into account the UK Corporate Governance Code, Prudential Regulation Authority (PRA) governance requirements, EU requirements on other FMIs and lessons learned from the Bank’s own supervisory assessment of governance in some RPSOs. As a result, in some areas, and in line with many other jurisdictions, the Bank sets more specific requirements or provides more detailed guidance to RPSOs than is contained within the PFMI. This extra detail is predominantly contained within the SS.

In 2012, the Bank adopted the PFMI as a published set of principles to which recognised payment systems operators are to have regard, pursuant to section 188 of the Act, and these will continue to apply.

Once the code is implemented, the Bank will no longer expect independent non-executive directors (INEDs) to have an explicit veto for public interest reasons, given that the composition of the board should ensure independence, and the board in its entirety would be expected to perform the function of systemic risk manager.

Response to consultation and final code and supervisory statement

We received thirteen responses to the consultation (from the six RPSOs, the INEDs of another PSO; five banks and one trade association). Respondents supported the introduction of the code and were broadly supportive of the proposals in the CP. The majority of comments related to points of detail or clarification. These comments and our responses are set out below.

Systemic risk manager

Background

The code sets out that a RPSO to which the code applies must be a systemic risk manager. The PFMI state that an RPSO’s governance arrangements should promote the safety and efficiency of the payment system and support the stability of the broader financial system.^{footnote [2]} The SS sets out in more detail what the Bank expects a systemic risk manager to deliver. This includes considering how RPSOs’ actions may impact financial stability and the management of the end-to-end risks, including operational risk and financial risk. The code also sets out that a RPSO to which the code applies must have objectives that support financial stability and the board must establish and approve the risk management framework.

Responses

Respondents generally supported the proposals with some suggesting various changes which we considered. The most material changes to the code are outlined below:

• One respondent questioned whether, in draft Article 2.2, it was appropriate to give equal weight to safety and efficiency. In response, we have amended the code and the SS, reflecting the concept of ‘safety and efficiency’ (which is derived from the PFMI (Principle 2)) in the SS and expanding Article 2.1 of the code to retain the reference to financial stability within the code, reflecting the Bank’s mission.
• One respondent suggested that the code should state that the board must ensure that it has a clear understanding of the end-to-end risks within the payment systems. We agree with this and have included it in Article 2.3(1).

In relation to the SS, we received two substantive comments:

• One respondent asked for clarification of our expectations in relation to indirect participants. The SS says that references to ‘participants’ refers to direct participants and indirect participants ‘where relevant’. The Bank considers that a RPSO, in determining the scope of its responsibilities as a systemic risk manager, should consider the impact of indirect participants on the resilience of the system, and where indirect participants can affect the resilience and smooth running of the system the RPSO should seek to manage and mitigate those risks in a proportionate way. We therefore propose to make no change.
• One respondent proposed that the expectation that RPSOs undertake ‘end-to-end testing of the payment system’ should be modified to say ‘appropriate end-to-end testing’. We expect RPSOs to apply all of the code and SS in an appropriate, reasonable and proportionate way and we therefore do not consider it necessary to specify it in this particular section.

One respondent recommended keeping the SS under review and expanding on it over time if required. We agree with this recommendation and will review the SS in light of experience.

Governance arrangements

Background

The code sets out expectations for what a RPSO’s governance arrangements should include. The SS provides further clarity on some of these expectations, particularly with regard to board responsibilities and committees. This includes that the board is the ultimate decision-making body and, while it can delegate decisions, it remains accountable for them.

Responses

Respondents generally supported the provisions and sought minor clarifications and additions as set out below. One respondent stressed the importance of the funding model of a RPSO to the effectiveness of the governance arrangements. We acknowledge the point being made, but concluded that this was not best addressed in this part of the code. However we have amended Article 3.2 to state that RPSO governance arrangements must include a description of the means by which the RPSO is financed.

One respondent stressed the importance of a company vision, mission statement and/or set of values in a RPSO’s governance arrangements. We agree that these are ways in which RPSO governance arrangements might fulfil certain requirements of our code. However, we do not consider that this has to be prescribed within the code and do not feel that further elaboration is required in the SS.

Paragraph 6 (bullet 3) of the SS as drafted stated that ‘Major decisions should be clearly disclosed to relevant stakeholders and, where relevant, the public’. One respondent proposed adding that major decisions should also be disclosed to corporate service users. Another respondent proposed that in addition to disclosing major decisions, a RPSO should be required to consult before making significant changes (eg changes to rules, business plan). The provision as drafted reflected the language of the PFMI Principle 2, Key Consideration 7 and it was not our intention to set additional expectations in this area. Consequently we have removed this provision from the SS and clarified upfront in the SS that the PFMI continue to apply.

Composition of the board

The code sets out the Bank’s requirements on the composition of the board, including that the board must be independent and appropriately balanced. The SS clarifies what the Bank considers to be a sufficiently balanced and independent board, including that a minimum of a third of the RPSO’s board comprise independent non-executive directors (INEDs) and that the board contains at least one executive director and two INEDs.

However, the Bank recognises that some other governance standards, including the PRA’s, expect that half of a board should be independent. The CP therefore specifically asked for views on whether the SS should set expectations that a minimum of half of the RPSO’s board be independent, rather than a third.

Responses

The majority of respondents supported the approach set out in the SS, although one respondent favoured a minimum of half the board being INEDs and several opposed the SS specifying any minimum ratio. One respondent expressed concern that given its business model, having a third of the board as INEDs could dilute and weaken the governance arrangements. Several of the respondents emphasised the importance of a balanced and appropriately skilled board and, in particular, a few noted the importance of the contribution of the Participant Directors.

In light of these responses, we propose to retain the expectation in the SS that a minimum of a third of the board will be INEDs. We consider that this will enable RPSOs to balance the need for independence and expertise and, in particular, reflects the fact that many RPSO boards contain three constituencies (Executive, Participant and INED). This provision sits within the SS and not the code. Consequently, if an RPSO considers that this is not appropriate to its business model, it has the option of demonstrating that it can meet the requirements of the code through an alternate structure.

One respondent asked for clarification of the term ‘INED’. Our decision not to define an INED is consistent with the approach taken in the PRA rulebook. However, we have noted in the SS that an RPSO may wish to take account of the UK Corporate Code, which includes guidance on factors to consider in assessing independence, but an RPSO should ultimately make its own assessment of whether a potential INED is suitably independent.

One respondent suggested that the SS should state that the Risk Director and Finance Director should sit on the board. We agree that in some cases it would be appropriate for one or both of these role holders to act as board directors and we consider that this is compatible with our current expectation which states that ‘at least one member of the executive’ sits on the board.

We received several comments in relation to our expectations of board sub-committees.

• One respondent asked for clarification of whether the provisions in the SS relating to the combination of executive directors, non-executive directors and INEDs on board committees apply to board committees. This was not our intent and we have clarified the SS accordingly.
• One respondent commented that a minimum of one INED should attend and chair any board sub-committee. We considered this and concluded that, in order to ensure appropriate independence from the executive, all board committees should be chaired by a non-executive director, but not necessarily an INED in all cases.
• One respondent questioned the proposal that only board members should have voting rights on board sub-committees, arguing that this could result in the loss of specialist input to a board sub-committee. We have considered this and concluded that we will not retain this proposal. However, a RPSO and all committee members should understand that anyone sitting on a board committee is acting in the interest of the RPSO only and not, for example as a representative of a participant.

In light of these comments we have made the following changes:

• We have clarified in the code and SS whether the provisions apply to the board only or to the board and its committees.
• We have removed the requirement that only board directors have voting rights on board sub-committees.
• We have added provisions to the SS which specifically address board committees. These include the following:
  • Members of a board sub-committee should understand that they are acting solely in the interests of the RPSO (paragraph 8, bullet 3).
  • A board committee should be chaired by a non-executive director and committees which address governance or the assessment of risks should be chaired by an INED (paragraph 14).
  • A risk committee should have mechanisms to reflect the systemic risks to the ecosystem through participant membership or some other mechanism (paragraph 15).

One respondent expressed concern that specifying that a senior INED is responsible for holding the chair to account is too prescriptive and could dilute collective board responsibility. We have amended to SS so that it now states, in the section on performance management, that there should be appropriate mechanisms to review the performance of the chair including an accountable person, who should be a senior INED.

The Executive

The code sets out that the board must ensure that the executive have appropriate skills and experience and act appropriately.

Responses

Respondents generally agreed with these provisions except that a few questioned whether it was appropriate to require that the board ‘ensure that the members of the executive… are provided with the appropriate information’. We agree that this was incorrect and have amended this so that it states that the board must ensure that the executive provides the board with appropriate information.

Conflict of interest

The code sets out that the board must have a procedure to identify and manage conflicts of interest. The SS sets out examples on the types of conflict that can arise.

Responses

Respondents supported these proposals and made no comments. We are making no changes.

Performance management

The code sets out that the board must review its performance at least annually, in addition to seeking regular independent performance assessments, and there must be procedures for managing the performance of the executive.

Responses

Two respondents asked for clarification of the requirement for a ‘regular’ review of board effectiveness. We consider that an RPSO should determine how frequently this is required and we do not propose to set a more prescriptive requirement. We have therefore made no change.

Records

The code requires that governance arrangements, policies and procedures should be documented and kept up to date.

Responses

Respondents supported these proposals and made no comments. We are making no changes.

Firms subject to supervision by multiple regulators

We consulted on the basis that the code and SS will apply to all RPSOs (excluding those operated by a RCH or a CSD). Where RPSOs are supervised by authorities in other jurisdictions, for financial stability purposes, the CP indicated that the Bank expects the RPSO to abide by the code and discuss the applicability of the SS to their situation with us.

Some RPSOs are regulated by multiple entities including the Payment Services Regulator (PSR). The CP therefore indicated that the Bank would expect RPSOs to consider, and be able to demonstrate if required, how their governance arrangements also take into account the objectives and requirements of other regulators such as the PSR, in the case of RPSOs that are also designated under the Financial Services (Banking Reform) Act 2013.

Responses

Respondents were generally content with the proposed approach but there were a few specific comments.

Of the RPSOs supervised by the Bank, one (CLS) operates on a cross-border basis and is overseen by other authorities with financial stability objectives similar to those of the Bank, using an oversight regime which is based on the PFMI, and which involves close co-operation with overseas authorities including the Bank. Three respondents questioned the applicability of the code to such a RPSO. We have reflected on this feedback and carefully considered this from a general policy perspective and assessed the specific case in respect of CLS.

Taking account of Responsibility E of the PFMI,^{footnote [3]} we have concluded that the existing model for the supervision and oversight of CLS is an example of effective international co-operation. Authorities in the United States, led by the Federal Reserve Bank of New York, have responsibility for direct oversight of CLS along with the central banks of the18 participating currencies, in the CLS supervisory college. We engage directly with the US authorities and also participate in college activity.

Having discussed this matter with the Federal Reserve Bank of New York, we believe that the requirements of the code are consistent with, and would not conflict with, their supervisory approach. However, we recognise the point raised by respondents that national authorities placing a RPSO under more than one set of requirements which are designed to achieve the same outcome may be inefficient and, in some cases, could lead to materially different and potentially conflicting requirements.

The Bank has statutory requirements and supervisory functions which apply to a recognised payment system whether or not it operates wholly or partly in relation to persons or places outside the United Kingdom (section 182 of the Act). In respect of a RPSO based overseas, we do not consider that these requirements and functions require us to bring such a RPSO within the scope of the code in circumstances where we consider that: the RPSO is subject to a domestic regime for supervision or oversight with the objective of promoting financial stability and which implements the PFMI; and arrangements for international co-operation are in place that enable us to discharge our statutory requirements and supervisory functions in respect of the RPSO.^{footnote [4]} We will assess this for any overseas RPSO on an ongoing basis. Our current assessment is that these criteria are currently met with respect to CLS and therefore we do not propose to apply the requirements of the code to CLS at this point.

Separately, one respondent suggested that a passage of the draft SS which referred to the disclosure of major decisions should be aligned with PSR requirements (PSR GD6) which relates to the confidentiality of legally privileged or competitive information. We have decided to remove this provision from the SS because its inclusion in the draft SS reflected PFMI Principle 2: Key Consideration 7 and did not therefore set any new expectations on RPSOs. We have added some explanatory text early in the SS confirming that the PFMI continue to apply and that the SS is not intended to be a substitute for reading and having regard to the PFMI.

UK payments landscape

Transitional period for compliance

The Bank notes that the Payment Strategy Forum (PSF) issued its final strategy document on 29 November 2016 which, among other things, recommends consolidation of three retail payment system operators (Bacs Payment Schemes Ltd, Faster Payments Scheme Ltd and Cheque and Credit Clearing Company Ltd) into a single legal entity (referred to as the ‘new PSO’ below). On 4 May 2017, the new PSO Delivery Group published its report on this consolidation. It is expected that this consolidation will occur by no later than 31 December 2017. The Bank expects that any new PSO will be a RPSO and will therefore fall within the scope of these requirements and expectations. The timeframe for implementation of this code takes this into account.

Responses

Several respondents made the point that the consolidation of retail interbank payment systems into the new PSO required careful consideration and that the Bank’s expectations should be aligned with this change. Some of these respondents raised questions over whether the transition period was sufficient. We believe that the twelve-month transition period is reasonable and appropriate. The Bank will continue to liaise directly with affected RPSOs on how to manage their transition and our expectations during the transition period. We also note that there are RPSOs not directly affected by the scheme consolidation to whom the code will also apply.

One respondent argued that if we were to require a minimum number of INEDs then there should be a transitional period of five years. As indicated above, the detailed provisions on the composition of the board sit within the SS rather than the code and we therefore do not consider that a five-year transitional period is required.

The code will come into force on 21 June 2018.

The Bank expects that RPSOs begin to self-assess their compliance and put in place transition plans to ensure that they meet the requirements of the code, including having made any necessary changes, by the coming into force date. The supervisors at the Bank will discuss these transition plans with their respective RPSOs. A RPSO that is newly recognised would have twelve months from the date of recognition to comply with the requirements of the governance part of the code.

Other matters

Having had regard to the public sector equality duty under the Equality Act 2010, the Bank does not consider this package to have any implications for equality matters.

The code and SS are based on best practice drawn from international principles and commonly used UK standards. It is compatible with the Bank’s financial stability objective in that it facilitates robust governance which prioritises systemic risk management.

Responses

One respondent queried whether the Bank had undertaken adequate cost-benefit analysis of the extent to which there was overlap with existing legal or regulatory requirements and the costs and benefits of the new requirements.

The provisions of the code and SS are based on the PFMI. In addition, we reviewed relevant provisions of the UK Corporate Governance Code, European Regulations (EMIR and CSDR) and the PRA rulebook to ensure that we were consistent to the extent appropriate. We also consulted with other relevant regulators such as the PSR and overseas regulators. We are consequently satisfied that the requirements of the code reflect commonly applicable standards and are consistent with other relevant regulatory regimes. In relation to the SS, these provisions represent guidance and set out how we expect RPSOs will comply with the requirements of the code. However, a RPSO may demonstrate that it complies with the code in an alternative way if the particular circumstances of that RPSO make the expectations set out in the SS inappropriate or unduly burdensome. The expectation that RPSOs have at least a third of their board comprising INEDs is the only expectation with potentially a material cost, depending on a RPSO’s current board composition. That said, independence of the board is essential to good governance and, therefore, the Bank believes that this is a reasonable and proportionate expectation. Some RPSOs already meet these expectations, with others requiring only minimal changes.

List of non-confidential respondents to the consultation

Bacs Payment Schemes Ltd

Barclays Bank plc

CHAPS Co

CLS Bank International

Faster Payments Scheme Ltd

HSBC Bank Ltd

The Independent Directors of the Cheque and Credit Clearing Company Ltd

Link Scheme Ltd

Lloyds Banking Group

Payments UK

The Royal Bank of Scotland plc

Santander UK plc

Visa Europe Ltd

Annexes