This document is an excerpt from the EUR-Lex website
Document 32025R1355
Regulation (EU) 2025/1355 of the European Central Bank of 2 July 2025 on oversight requirements for systemically important payment systems (ECB/2025/22) (recast)
Regulation (EU) 2025/1355 of the European Central Bank of 2 July 2025 on oversight requirements for systemically important payment systems (ECB/2025/22) (recast)
Regulation (EU) 2025/1355 of the European Central Bank of 2 July 2025 on oversight requirements for systemically important payment systems (ECB/2025/22) (recast)
ECB/2025/22
OJ L, 2025/1355, 14.7.2025, ELI: http://data.europa.eu/eli/reg/2025/1355/oj (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)
In force
ELI: http://data.europa.eu/eli/reg/2025/1355/oj
|
Official Journal |
EN L series |
|
2025/1355 |
14.7.2025 |
REGULATION (EU) 2025/1355 OF THE EUROPEAN CENTRAL BANK
of 2 July 2025
on oversight requirements for systemically important payment systems (ECB/2025/22)
(recast)
THE GOVERNING COUNCIL OF THE EUROPEAN CENTRAL BANK,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 127(2) thereof,
Having regard to the Statute of the European System of Central Banks and of the European Central Bank, and in particular Article 3.1, Article 22 and Article 34.1, first indent, thereof,
Whereas:
|
(1) |
Regulation (EU) No 795/2014 of the European Central Bank (ECB/2014/28) (1) has been substantially amended several times (2). Following the review by the Governing Council of the application of the Regulation under Article 24 thereof, further amendments are to be made. Therefore, the Regulation should be recast in the interests of clarity. |
|
(2) |
The fo3urth indent of Article 127(2) of the Treaty and the fourth indent of Article 3.1 of the Statute of the European System of Central Banks and of the European Central Bank (hereinafter the ‘Statute of the ESCB’) empower the Eurosystem to promote the smooth operation of payment systems. |
|
(3) |
The Eurosystem promotes the smooth operation of payment systems, inter alia, by conducting oversight. |
|
(4) |
The Committee on Payments and Market Infrastructures (CPMI), previously known as CPSS, and the Technical Committee of the International Organization of Securities Commissions (IOSCO) issued principles for financial market infrastructures. The CPMI-IOSCO recommends implementing these principles to the fullest extent allowed by the national legal and regulatory frameworks. To ensure the efficiency of the oversight of payment systems, the European Central Bank (ECB) implemented these principles, by means of Regulation (EU) No 795/2014 (ECB/2014/28), which applies to both large-value payment systems and retail payment systems of systemic importance. |
|
(5) |
This Regulation applies to payment systems operated both by central banks and by private operators. That said, the CPMI-IOSCO principles acknowledge that there are exceptional cases where they are applied differently to payment systems operated by central banks due to requirements laid down in relevant law, regulation, or policy. Given that the Eurosystem has public policy objectives, responsibilities and an institutional set-up defined in the Treaty and the Statute of the ESCB, Eurosystem systemically important payment systems (SIPS) may be exempted from certain requirements under this Regulation. In particular, Eurosystem SIPS should be exempted from specific requirements on governance, wind-down plans, equity and liquid assets, collateral and investment risks, which cover the same areas as the respective requirements formally adopted by the Governing Council. These exemptions are specified in several provisions of the Regulation. |
|
(6) |
In line with the principle of proportionality, the Governing Council identifies a payment system as a SIPS, if it meets specific criteria as set out in this Regulation. Furthermore, a payment system can be identified as a SIPS on the basis of a flexible methodology that takes into account qualitative aspects such as the size of a payment system, its complexity and substitutability. |
|
(7) |
The Governing Council identifies a SIPS operator for each SIPS. The identified SIPS operator is accountable vis-à-vis the competent authority for the compliance of the SIPS with the oversight requirements under this Regulation. A SIPS operator should be a legal entity in the euro area that is responsible for operating a SIPS. Exceptionally, the Governing Council may on a case-by-case basis also identify as a SIPS operator a branch that is established in the euro area and that is a legally dependent part of a legal entity established outside the euro area. Against this background, the definition of ‘SIPS operator’ should be extended accordingly. |
|
(8) |
As a result of the exceptional designation of a branch as a SIPS operator, the applicable requirements of this Regulation regarding the composition, roles, skills and responsibilities of the management of a legal entity identified as a SIPS operator should likewise apply to the management of a branch that is identified as a SIPS operator, and the managing directors who constitute the branch management should also be members of the management as defined in Article 9(11)(b). Further, where a branch is identified as a SIPS operator, the relevant competent authority, when assessing the compliance of the SIPS with the requirements of this Regulation, may take into account, where necessary, any actions and frameworks established at the level of the legal entity and related to the SIPS and/or the SIPS operator. |
|
(9) |
Where necessary, for the purposes of efficient oversight, including minimising duplication of effort and reducing the burden on the SIPS and the relevant authorities, the competent authority should cooperate with other authorities. Where a branch is identified as a SIPS operator, the relevant competent authority should also cooperate with the authority responsible for the oversight or supervision of the legal entity of which the branch is a legally dependent part. |
|
(10) |
The business activity of a SIPS may fluctuate over time. In order to ensure the integrity of the SIPS identification framework, while as far as possible maintaining continuity and avoiding frequent reclassifications of payment systems, a payment system ceases to be identified as a SIPS if it does not meet the criteria for identification as a SIPS in two consecutive verification reviews. However, maintaining the SIPS status over such a period of time may not be appropriate if it is unlikely that the system would fulfil the criteria qualifying it as a SIPS in the next verification exercise. Consequently, the possibility of an earlier reclassification based on a case-by-case evaluation is also possible. |
|
(11) |
This Regulation sets out clearly defined procedures to ensure that due process guarantees are respected both before and after the Governing Council adopts a decision identifying a payment system as a SIPS. |
|
(12) |
The ECB has recourse to the national central banks to carry out ESCB tasks to the extent deemed possible and appropriate. In the case of each SIPS, the relevant Eurosystem central bank is designated as the competent authority for assessing the compliance of that SIPS with the oversight requirements under this Regulation. In the case of a SIPS of pan-European importance, the oversight is carried out by the ECB as the designated competent authority. However, in the case of such a SIPS, where there is a proven, long-standing oversight relationship between it and a national central bank over the previous five years, two Eurosystem central banks, i.e. the national central bank with which the long-standing oversight relationship has been established, and the ECB, are designated as competent authorities. |
|
(13) |
The requirements laid down in this Regulation are proportionate to the specific risks and exposures of SIPS. The provisions of this Regulation also take into consideration the experience and findings of the oversight assessments conducted on the basis of Regulation (EU) No 795/2014 (ECB/2014/28) in the past years, as well as the recent technological and regulatory developments in the European Union, including the adoption of Regulation (EU) 2022/2554 of the European Parliament and of the Council (3). |
|
(14) |
The efficiency and soundness of a SIPS requires compliance with applicable national laws and clear rules, procedures and contracts under which it operates. Compliance with the law refers to the legal systems of all countries in which a SIPS operator is established and/or operates and in which the SIPS’s participants are established and/or operate. |
|
(15) |
The efficiency and soundness of a SIPS also depends on the clarity and appropriateness of its governance arrangements, which must be clearly documented. The governance arrangements of a SIPS should ensure that the Board has the benefit of advice from an objective and independent risk committee in relation to its risk-related responsibilities. Furthermore, in order to ensure the integrity of the members of the Board and the Management, and where applicable the Branch Management, a SIPS operator should consider any record of the members in respect of convictions or penalties for breaches of the applicable commercial law, insolvency law, financial services law, anti-money laundering law and counter-terrorist financing law and breaches of professional duty as well as for fraud. |
|
(16) |
Furthermore, a sound and evolving framework to comprehensively manage legal, credit, liquidity, operational, general business, custody, investment and other risks is essential to identify, measure, monitor and manage the entire range of risks that arise in the operation of a SIPS or are borne by a SIPS operator. This also holds true for the soundness and resilience of a SIPS operator’s collateral framework, participant default rules and procedures and business continuity plans. |
|
(17) |
For the purposes of the comprehensive management of operational risks and in view of the increasing deployment and use of technological means in the operation of a SIPS, as well as the increased threat from cyber attacks and damage that a successful cyber attack could cause to the functioning of a SIPS, a SIPS operator should have in place a cyber resilience strategy and framework with adequate procedures, processes and controls to manage cyber risk effectively and ensure a high level of cyber resilience. The requirements relating to such a cyber resilience strategy and framework should be based on the Cyber resilience oversight expectations for financial market infrastructures (4) with the purpose of rendering some key expectations legally binding for SIPS operators. Moreover, it is essential that a SIPS operator periodically tests the effectiveness of the SIPS controls and systems by performing threat led penetration testing in accordance with the European Framework for Threat Intelligence-based Ethical Red Teaming (TIBER-EU) (5) (hereinafter the ‘TIBER-EU framework’). Where a SIPS operator is a branch, the competent authority may accept testing performed by the legal entity of which the branch is a legally dependent part, if it can be deemed a comparable exercise to a TIBER-EU test, and if it captures also the effectiveness of the branch’s relevant controls and systems. |
|
(18) |
Further, in view of the increased use of outsourcing and the risks that such practices might create for the efficiency and safety of a SIPS, a SIPS operator should always retain responsibility for the outsourced functions, operations and/or services. Furthermore, it should have in place contractual arrangements and frameworks that ensure that any risks arising from outsourcing are adequately assessed and mitigated by the SIPS operator before entering into such an arrangement and during the duration of the outsourcing. Moreover, in the case of outsourcing of critical functions, operations and/or services exit plans should exist that ensure the continued smooth functioning of the SIPS in the event that an outsourcing arrangement is discontinued. Intragroup arrangements are not inherently less risky than outsourcing to third parties. Hence, while recognising the potential benefits resulting from intragroup arrangements, the requirements regarding outsourcing should also apply to intragroup arrangements that constitute outsourcing. |
|
(19) |
The reduction of systemic risk requires, inter alia, settlement finality and therefore a SIPS operator should use its best efforts to achieve the SIPS’s designation under Directive 98/26/EC of the European Parliament and of the Council (6). Intraday or real time settlement is also advisable if compatible with the SIPS general business model and necessary to enable the SIPS operator and participants to manage their respective credit and liquidity risks. |
|
(20) |
Objective, risk-based, and publicly disclosed criteria for participation in a SIPS, permitting fair and (subject to acceptable risk control standards) open access to a SIPS, promote the safety and efficiency of the SIPS and of the markets it serves, while not restricting free provision of services to a disproportionate extent. |
|
(21) |
Provisions of this Regulation requiring a SIPS operator to collect, process and transmit data should be without prejudice to any applicable rules on protection of data of participants or customers. |
|
(22) |
An overall efficient and effective SIPS, with clearly defined, measurable and achievable goals and objectives, is best equipped to meet the needs of the SIPS participants and the markets it serves. |
|
(23) |
The possibility for competent authorities to request corrective measures to remedy or avoid repetition of non-compliance with this Regulation, and the possibility for the ECB to impose effective, proportionate and dissuasive sanctions for infringements of this Regulation are essential elements in implementing the CPMI-IOSCO principles to the fullest extent allowed under the Treaty and the Statute of the ESCB. While corrective measures may only be imposed for infringements of this Regulation, there could be situations that merit initiating the procedure for the imposition of such measures on the grounds of suspected non-compliance, giving a SIPS operator the opportunity to be heard and to provide explanations before an infringement is established. In cases where the SIPS operator is a branch, the corrective measures or sanctions should be imposed on the branch. |
|
(24) |
A SIPS operator that is newly identified as such by a decision made pursuant to this Regulation should not be required to comply with the oversight requirements set out in this Regulation during the period of one year from the date on which it is notified of that decision. This is to allow time for the newly identified SIPS operator to familiarise itself with those oversight requirements and to implement them, |
HAS ADOPTED THIS REGULATION:
PART I
SUBJECT MATTER, SCOPE AND DEFINITIONS
Article 1
Subject matter and scope
This Regulation sets out the process and criteria for the identification of a payment systems as a SIPS and imposes oversight requirements on SIPS operators.
Article 2
Definitions
For the purposes of this Regulation, the following definitions apply:
|
(1) |
‘payment system’ means a formal arrangement between three or more participants, not counting possible settlement banks, central counterparties, clearing houses or indirect participants, with common rules and standardised arrangements for the execution of transfer orders between the participants; |
|
(2) |
‘financial market infrastructure’ (FMI) means a multilateral system among participating institutions, including the system operator, used to clear, settle, or record payments, securities, derivatives, or other financial transactions; |
|
(3) |
‘Eurosystem SIPS’ means SIPS owned and operated by a Eurosystem central bank; |
|
(4) |
‘collateral’ means an asset or third-party commitment that is used by a collateral provider to secure an obligation vis-à-vis a collateral taker. Collateral includes both domestic and cross-border collateral; |
|
(5) |
‘investment risk’ means the risk of loss faced by a SIPS operator or participant when the SIPS operator invests its own or its participants’ resources, e.g. collateral; |
|
(6) |
‘SIPS operator’ means:
|
|
(7) |
‘competent authority’ means:
|
|
(8) |
‘branch’ means an undertaking that has no legal personality and forms a legally dependent part of an existing entity; |
|
(9) |
‘the Board’ means: (a) in a unitary board system, the single board of a SIPS operator; (b) in a dual board system, the supervisory or equivalent board of a SIPS operator, appointed in accordance with national law; and (c) where a branch is identified as a SIPS operator, the board of the legal entity of which the branch is a legally dependent part; |
|
(10) |
‘the Management’ means executive directors, e.g. in a unitary board system, the members of the Board of the SIPS operator who are engaged in the daily management of the SIPS and any other executive officers appointed by the Board who are engaged in the daily management of the SIPS or, in a dual board system, the members of the management board of the SIPS operator and any other executive officers appointed by the Board or by the management board who are engaged in the daily management of the SIPS; |
|
(11) |
‘the Branch Management’ means, in cases where a branch is identified as a SIPS operator, the managing directors formally appointed to be responsible for the branch and to whom the conduct of the daily management of the SIPS is duly delegated; |
|
(12) |
‘relevant authorities’ means authorities who have a legitimate interest in accessing information from a SIPS to fulfil their statutory requirements, e.g. resolution authorities and supervisors of major participants; |
|
(13) |
‘legal risk’ means the risk arising from the application of law or regulation, usually resulting in a loss; |
|
(14) |
‘credit risk’ means the risk that a counterparty, whether a participant or other entity, will be unable to fully meet its financial obligations when they fall due or at any time in the future; |
|
(15) |
‘liquidity risk’ means the risk that a counterparty, whether a participant or other entity, will have insufficient funds to meet its financial obligations when they fall due, although it may have sufficient funds to do so in the future; |
|
(16) |
‘operational risk’ means the risk that deficiencies in information systems or internal processes, human error, management failures, or disruptions caused by external events, third parties or outsourced functions, operations and/or services will result in the reduction, deterioration or breakdown of services provided by a SIPS; |
|
(17) |
‘general business risk’ means any potential impairment of the financial position of the SIPS as a business concern as a consequence of a decline in its revenues or an increase in its expenses, such that expenses exceed revenues and result in a loss that must be charged against capital; |
|
(18) |
‘custody risk’ means the risk of incurring a loss on assets held in custody in the event of a custodian’s or sub-custodian’s insolvency, negligence, fraud, poor administration or inadequate record keeping; |
|
(19) |
‘cyber risk’ means the combination of the probability of cyber incidents occurring and their impact; |
|
(20) |
‘outsourcing’ means an arrangement in any form between the SIPS operator and a third party or intragroup entity under which that third party or intragroup entity undertakes functions, operations and/or services that otherwise would have been undertaken by the SIPS operator; |
|
(21) |
‘systemic risk’ means the risk of a participant or the SIPS operator not meeting their respective obligations in a SIPS will cause other participants and/or the SIPS operator to be unable to meet their obligations when they become due, potentially with spillover effects threatening the stability of or confidence in the financial system; |
|
(22) |
‘corrective measure’ means a specific measure or action, regardless of its form, duration or gravity, that is imposed on a SIPS operator by a competent authority to remedy, or avoid a repetition of, non-compliance with the requirements of Articles 8 to 27 and Article 29; |
|
(23) |
‘settlement bank’ means a bank holding accounts with regards to payments, where the discharge of obligations arising from a payment system takes place; |
|
(24) |
‘indirect participant’ means a legal entity that does not have direct access to the SIPS’s services and is typically not directly contractually bound by the relevant SIPS’s rules, and whose transfer orders are cleared, settled and recorded by the SIPS through a direct participant. An indirect participant has a contractual relationship with a direct participant. The relevant legal entities are limited to:
|
|
(25) |
‘transfer order’ means a transfer order as defined in Article 2, point (i), first indent, of Directive 98/26/EC (11); |
|
(26) |
‘cross-border collateral’ means collateral for which, from the perspective of the country in which the assets are accepted as collateral, at least one of the following is foreign: (a) the currency of denomination; (b) the country in which the assets are located; or (c) the country in which the issuer is established; |
|
(27) |
‘financial obligations’ means legal obligations arising, within the SIPS, between participants or between participants and the SIPS operator, as a consequence of transfer orders being entered into that SIPS; |
|
(28) |
‘cyber incident’ means any observable occurrence in an information system, including the networks that enable the transfer of information and communication, that (a) jeopardises or adversely affects cybersecurity; or (b) violates the security policies, security procedures or acceptable use policies, whether resulting from malicious activity or not; |
|
(29) |
‘direct participant’ means a legal entity that has a direct access to the SIPS’s services on the basis of a contractual relationship whereby it is bound by the relevant SIPS’s rules, is allowed to send transfer orders to that system and is capable of receiving transfer orders from it; |
|
(30) |
‘cybersecurity’ means the preservation of confidentiality, integrity and availability of information and/or information systems, including the networks that enable the transfer of information and communication; |
|
(31) |
‘business day’ means a business day as defined in Article 2, point (n), of Directive 98/26/EC; |
|
(32) |
‘cyber threat’ means any circumstance with the potential to exploit one or more vulnerabilities and that could adversely impact cybersecurity; |
|
(33) |
‘outsourcing service provider’ means a third party or intragroup entity that undertakes functions, operations and/or services in the context of an outsourcing arrangement; |
|
(34) |
‘cross-border payment’ means a payment between participants established in different countries; |
|
(35) |
‘independent director’ means, in a unitary board system, a non-executive member of the board or, in a dual board system, a member of the supervisory or equivalent board, who has no business, family or other relationship that raises a conflict of interests regarding the SIPS or SIPS operator, their controlling shareholders, their management or their participants, and who has had no such relationship during the two years preceding their membership of the Board; |
|
(36) |
‘recovery plan’ means a plan developed by a SIPS operator to re-establish the smooth operation of a SIPS; |
|
(37) |
‘orderly wind-down plan’ means a plan developed by a SIPS operator for the orderly closure of a SIPS; |
|
(38) |
‘relevant stakeholders’ means participants, FMIs that have an impact on the risk in a SIPS, and, on a case-by-case basis, other affected market actors; |
|
(39) |
‘emergency situation’ means an event, occurrence or circumstance that has the capacity to lead to the loss of or disruption to a SIPS’s functions, operations and/or services, including interfering with or preventing final settlement; |
|
(40) |
‘material’ qualifies a risk, a dependency and/or a change which may affect the ability of an entity to perform or provide services as expected; |
|
(41) |
‘liquidity provider’ means a provider of cash under Articles 10(3), 11(5), 13(1), 13(9) and 13(11) or assets under Article 13(4), including a SIPS participant or external party; |
|
(42) |
‘credit exposure’ means an amount or value at risk that a participant will not settle for full value, either when due or at any time thereafter; |
|
(43) |
‘deferred net settlement system’ (DNS system) means a system in relation to which settlement in central bank money takes place on a net basis at the end of a predefined settlement cycle, e.g. at the end of, or during, a business day; |
|
(44) |
‘affiliate’ means a company that controls, or is controlled by, or is under control with, the participant. Control of a company is defined as (a) ownership, control or holding of 20 % or more of a class of voting securities of the company; or (b) consolidation of the company for financial reporting purposes; |
|
(45) |
‘market risk’ means the risk of losses, in both on- and off-balance sheet positions, arising from movements in market prices; |
|
(46) |
‘wrong-way risk’ means risk arising from exposure to a participant or issuer when the collateral provided by that participant or issued by that issuer is highly correlated with its credit risk; |
|
(47) |
‘nostro agent’ means a bank used by the participants in a SIPS for settlement; |
|
(48) |
‘custodian bank’ means a bank holding and safeguarding the financial assets of third parties; |
|
(49) |
‘extreme but plausible market conditions’ means a comprehensive set of historical and hypothetical conditions, including the most-volatile periods that have been experienced by the markets the SIPS serves; |
|
(50) |
‘one-sided payment’ means a payment involving only one funds transfer in one currency; |
|
(51) |
‘two-sided payment’ means a payment involving two funds transfers in different currencies in an exchange-for-value settlement system; |
|
(52) |
‘intended settlement date’ means the date that is entered into SIPS as the settlement date by the sender of a transfer order; |
|
(53) |
‘principal risk’ means the risk that a counterparty will lose the full value involved in a transaction, i.e. either the risk that a seller of a financial asset will irrevocably deliver the asset, but not receive payment, or the risk that a buyer of a financial asset will irrevocably pay for, but not receive the asset; |
|
(54) |
‘services and utility provider’ means a third party or intragroup entity that provides a process, service, utility or activity, or parts thereof, to a SIPS operator; |
|
(55) |
‘threat intelligence’ means any information that has been aggregated, transformed, analysed, interpreted or enriched to provide the necessary context for decision-making to mitigate the impact of a cyber incident or cyber threat; |
|
(56) |
‘sub-outsourcing’ means a transfer by an outsourcing service provider to another third party or intragroup entity of the obligation to provide functions, operations and/or services; |
|
(57) |
‘concentration risk’ means the risk arising from an exposure to individual or multiple providers of outsourced services which creates a degree of dependency on such providers so that the unavailability, failure or other shortcoming in the service of such provider may adversely affect the SIPS and/or the SIPS operator, including by jeopardising its ability to operate and provide its services, and/or jeopardise the financial stability of the Union as a whole. |
PART II
IDENTIFICATION CRITERIA AND PROCESS
Article 3
Identification criteria and decision
1. A payment system shall be identified as a SIPS if:
|
(a) |
it is eligible to be notified as a system pursuant to Directive 98/26/EC by a Member State whose currency is the euro or its operator is established in the euro area, including establishment by means of a branch, through which the system is operated; and |
|
(b) |
at least two of the following occur over a calendar year:
|
An identification exercise shall be performed on an annual basis.
2. Notwithstanding paragraph 1, the Governing Council, exercising sound and reasoned judgement, may also decide under paragraph 3 that a payment system shall be identified as a SIPS in either of the following cases:
|
(a) |
where such a decision would be appropriate taking into account the nature, size and complexity of the payment system; the nature and importance of its participants; the substitutability of the payment system and the availability of alternatives to it; and the relationship, interdependencies, and other interactions the system has with the wider financial system; |
|
(b) |
where a payment system does not meet the criteria set out in paragraph 1 solely because the criteria established in point (b) of paragraph 1 occur over a period of less than a calendar year and it is plausible that the payment system will continue to meet the criteria when assessed in the next verification review. |
3. The Governing Council shall adopt a reasoned decision identifying the payment systems that are subject to this Regulation, their respective operators and competent authorities. This list shall be maintained on the ECB’s website and updated after each change.
4. A decision adopted under paragraph 3 shall remain in force until it has been repealed. Verification reviews of payment systems that have been identified as SIPS shall be carried out on an annual basis to verify that the payment systems continue to meet the criteria for being identified as SIPS. A decision adopted pursuant to paragraph 3 shall be repealed if:
|
(a) |
in two consecutive verification reviews it is verified that a SIPS has not met the criteria set out in paragraph 1 and/or paragraph 2; or |
|
(b) |
in one verification review it is verified that a SIPS has not met the criteria set out in paragraph 1 and/or paragraph 2 and the SIPS operator demonstrates, to the satisfaction of the Governing Council, that the SIPS is unlikely to meet those criteria prior to the next verification review. |
5. The payment system operator shall have the right to request a review by the Governing Council of the decision identifying the payment system concerned as a SIPS within 30 days of receipt of that decision. The request shall include all supporting information and shall be addressed in writing to the Governing Council. A reasoned decision by the Governing Council in response to such request shall be notified in writing to the payment system operator. The written notice shall inform that operator of its right of judicial review in accordance with the Treaty. If no decision has been taken by the Governing Council within two months of the request, the review shall be deemed rejected.
Article 4
Written notice of the initiation of the process to identify a payment system as a SIPS
The ECB shall notify the payment system operator of its intention to initiate a process under Article 3 in view of the identification of that payment system as a SIPS. The written notice shall state all material facts and legal grounds regarding a possible identification of the payment system concerned as a SIPS.
Article 5
Right of access to files during the process to identify a payment system as a SIPS
Upon receipt of the written notice referred to in Article 4, the payment system operator shall be entitled to access the ECB’s files, documents or other material that serve as a basis for the identification of that payment system as a SIPS. This right shall not extend to information deemed to be confidential in relation to the ECB, a national central bank, or other third parties, including other Union institutions or bodies.
Article 6
Right to be heard during the process to identify a payment system as a SIPS
1. In the written notice sent by the ECB in accordance with Article 4, the payment system operator shall be given a fixed time limit within which it may express in writing any objections, views and comments regarding the facts and legal grounds presented in the written notice. This time limit shall be no less than 30 working days starting from the receipt of the written notice by the payment system operator.
2. The ECB may give the opportunity to the payment system operator, upon its request, to express its views in an oral meeting. Written minutes of the meeting shall be prepared and signed by all parties. A copy of the minutes shall be provided to all parties.
3. Notwithstanding paragraph 2, the ECB may issue a decision identifying a payment system as a SIPS without giving the payment system operator the opportunity to express its views, objections or comments on the facts and legal grounds presented in the written notice sent by the ECB, provided this is considered necessary to prevent significant damage to the financial system.
Article 7
Motivation of the decision identifying a payment system as a SIPS
1. The ECB decision that identifies a payment system as a SIPS shall be accompanied by a statement of the reasons for that decision. The statement of reasons shall contain the material facts and legal grounds on which the ECB’s decision is based.
2. Subject to Article 6(3), the ECB shall base the decision referred to in paragraph 1 of this Article only on facts and legal grounds on which the payment system operator has been able to comment.
PART III
REQUIREMENTS IMPOSED ON SIPS OPERATORS
Article 8
Legal soundness
1. A SIPS operator shall assess whether the applicable law in all relevant legal systems provides a high degree of certainty for and supports each material aspect of the activities of its SIPS.
2. A SIPS operator shall establish SIPS rules and procedures and enter into contracts, which are clear and consistent with the applicable law in all relevant legal systems.
3. A SIPS operator shall be able to specify the applicable law, rules, procedures and contracts for the operation of a SIPS to the competent authority, participants, and, where relevant, participants’ customers, in a clear and understandable way.
4. A SIPS operator shall take measures to ensure that its rules, procedures, and contracts are enforceable in all relevant legal systems, and that the actions it takes under such rules, procedures and contracts will not be voided, reversed, or subject to stays.
5. A SIPS operator conducting business in more than one legal system shall identify and mitigate the risks arising from any potential conflict of laws.
6. A SIPS operator shall use its best efforts to ensure the SIPS’s designation under Directive 98/26/EC.
Article 9
Governance
1. A SIPS operator shall have documented objectives which place a high priority on the safety and efficiency of the SIPS. The objectives shall explicitly support financial stability and other relevant public interest considerations, in particular open and efficient financial markets.
2. A SIPS operator shall have effective and documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements shall be made available to the competent authority, owners and participants. The SIPS operator shall make abridged versions thereof available to the public.
3. The Board’s roles and responsibilities shall be clearly defined. The Board’s roles and responsibilities shall include all of the following:
|
(a) |
establishing clear strategic aims and objectives for the SIPS; |
|
(b) |
establishing documented procedures for the SIPS’ functioning, including procedures to identify, address and manage conflicts of interest of its members; |
|
(c) |
with the exception of Eurosystem SIPS, ensuring the effective selection, monitoring, and, where appropriate, removal of members of Management; |
|
(d) |
with the exception of Eurosystem SIPS, establishing appropriate compensation policies, consistent with best practices and based on long-term achievements. |
4. Except for Eurosystem SIPS, the Board shall review both its overall performance and the performance of its individual Board members at least annually.
5. The Board’s composition shall ensure integrity, and, except in the case of a Eurosystem SIPS, an appropriate mix of technical skills, knowledge and experience both of SIPS and of the financial market in general, allowing the Board to fulfil its roles and responsibilities. The composition shall also take into account the allocation of competences in accordance with national law. Except for Eurosystem SIPS, and if permitted by national law, the Board shall include non-executive board members, including at least one independent director.
6. The Board shall establish and oversee a documented risk-management framework, which shall:
|
(a) |
include the SIPS operator’s risk tolerance and risk appetite policy; |
|
(b) |
assign responsibilities and accountability for risk decisions; |
|
(c) |
address decision making in crises and emergencies; |
|
(d) |
address internal control functions. |
The Board shall establish a risk committee to assist it in discharging its risk-related responsibilities. The risk committee shall advise the Board on the SIPS’s risk management.
The Board shall ensure that there are three clear and effective lines of defence (operations, risk management and internal audit), which are separate from each other and have sufficient authority, independence, resources and access to the Board.
7. The Board’s approval shall be required for decisions that have a significant impact on the SIPS’s risk profile and for the key risk documents governing the SIPS’s operations. As a minimum, the Board shall approve and annually review the comprehensive risk management framework referred to in Article 10(1), the recovery and orderly wind-down plan and the capital plan referred to in Articles 10(4) and 18(6) respectively, the frameworks on credit and liquidity risk referred to in Articles 11(1) and 13(1) respectively, the collateral framework that governs the management of risks referred to in Article 12, the SIPS’s investment strategy referred to in Article 19(4), the operational risk framework and the associated business continuity plan referred to in Articles 20(1) and 20(6) respectively, the cyber resilience framework and strategy referred to in Article 21(1), and the outsourcing framework referred to in Article 22(4).
8. The Board shall ensure that major decisions affecting the SIPS’s technical and functional setup, rules and overall strategy, in particular, with regard to the choice of a clearing and settlement arrangement, operating structure, scope of products cleared or settled, and use of technology and procedures, appropriately reflect the legitimate interests of the SIPS’s relevant stakeholders. The relevant stakeholders and, where appropriate, the public shall be consulted reasonably in advance on such decisions.
9. The role and responsibilities of the Management, and where applicable, the Branch Management, as well as the reporting lines within the Management, and where applicable the Branch Management, and the reporting lines between the Management and the Board, and where applicable the Branch Management and the board of the legal entity of which the branch is a legally dependent part, shall be clearly defined. The Management’s composition, and where applicable the Branch Management’s composition, shall ensure personal integrity and an appropriate mix of technical skills, knowledge and experience both of SIPSs and of the financial market in general, allowing them to fulfil their responsibilities for the operation and risk management of the SIPS operator.
10. The Management, under Board direction, and where applicable the Branch Management, under the direction of the board and the management of the legal entity of which the branch is a legally dependent part, shall be responsible for ensuring all of the following:
|
(a) |
that the SIPS operator’s activities are consistent with its objectives, strategy and risk tolerance; |
|
(b) |
that internal controls and related procedures are appropriately designed, executed and overseen in order to promote the SIPS operator’s objectives; |
|
(c) |
that internal controls and related procedures are subject to regular review and testing by well-trained and sufficiently staffed risk-management and internal-audit functions; |
|
(d) |
their active involvement in the risk-control process; |
|
(e) |
that sufficient resources are allocated to the SIPS’s risk-management framework. |
11. Where a branch is identified as a SIPS operator:
|
(a) |
the exercise of the tasks required for ensuring compliance with this Regulation shall be duly delegated to the Branch Management; and |
|
(b) |
all managing directors who constitute the Branch Management shall also be members of the management of the legal entity of which the branch is a legally dependent part. |
For the purpose of point (b) ‘members of the management’ means, in a unitary board system, the members of the Board engaged in the daily management of the legal entity and any other executive officers appointed by the Board who are engaged in the daily management of the legal entity or, in a dual board system, the members of the management board and any other executive officers appointed by the Board or by the management board who are engaged in the daily management of the legal entity.
12. A SIPS operator when ensuring compliance with the requirements on integrity under paragraphs 5 and 9 shall consider whether the members of the Board and the Management, and where applicable the Branch Management, of a SIPS operator have a record in respect of convictions or penalties for breaches of the applicable commercial law, insolvency law, financial services law, anti-money laundering law and/or counter-terrorist financing law and breaches of professional duty as well as for fraud.
Article 10
Framework for the comprehensive management of risks
1. A SIPS operator shall establish and maintain a sound risk-management framework to comprehensively identify, measure, monitor and manage the range of risks that arise in or are borne by the SIPS. It shall review the risk-management framework at least annually. The risk-management framework shall:
|
(a) |
include the SIPS operator’s risk-tolerance policy and appropriate risk-management tools; |
|
(b) |
assign responsibility and accountability for risk decisions; |
|
(c) |
address decision-making in emergency situations relating to a SIPS, including developments in financial markets potentially having an adverse effect on market liquidity and the stability of the financial system in any Member State whose currency is the euro where the SIPS operator or one of the participants are established. |
2. A SIPS operator shall provide incentives to participants and, where relevant, their customers to manage and limit the risks they pose to and bear from the SIPS. With regard to participants, such incentives shall include an effective, proportionate and dissuasive financial penalties regime or loss-sharing arrangements, or both.
3. A SIPS operator shall review the material risks the SIPS bears from and poses to other entities, including, inter alia, FMIs, settlement banks, liquidity providers and service providers, as a result of interdependencies at least annually. The SIPS operator shall develop risk-management tools that are robust and proportionate to the identified level of risk.
4. A SIPS operator shall define the SIPS’s critical functions, operations and services. The SIPS operator shall identify specific scenarios that may prevent it from being able to provide these critical operations and services as a going concern and shall assess the effectiveness of all options for recovery and, with the exception of Eurosystem SIPS, an orderly wind-down. It shall review the SIPS’s critical operations and services at least annually. Based on this assessment, a SIPS operator shall prepare a viable plan for the SIPS’s recovery and, except for Eurosystem SIPS, an orderly wind-down. The recovery and orderly wind-down plan shall contain, inter alia, a substantive summary of the key recovery and orderly wind-down strategies, a restatement of the SIPS’s critical operations and services, and a description of the measures needed to implement the key strategies. A SIPS operator shall, where applicable, provide the relevant authorities with the information needed for the purposes of resolution planning.
Article 11
Credit risk
1. A SIPS operator shall establish a robust framework to measure, monitor and manage its credit exposures to the SIPS participants and credit exposures among participants arising from the SIPS payment, clearing and settlement processes.
2. A SIPS operator shall identify all sources of credit risk. The measurement and monitoring of credit exposures shall take place throughout the day, using timely information and appropriate risk management tools.
3. In the case of a DNS system, the SIPS operator shall ensure that:
|
(a) |
financial obligations are established no later than the moment at which a transfer order is included in the calculation of the net settlement positions accessible to each participant; and |
|
(b) |
sufficient resources are held to cover the resulting credit exposures in accordance with paragraphs 4 and 5 at the latest at the moment referred to in point (a). |
4. A SIPS operator, including of a DNS system with a settlement guarantee, that in the course of SIPS operations incurs credit exposure vis-à-vis the SIPS participants, shall cover credit exposure to each participant using collateral, guarantee funds, equity (after deduction of the amount dedicated to cover general business risk) or other equivalent financial resources.
5. A SIPS operator, including of a DNS system with no settlement guarantee, but in which the SIPS participants face credit exposures arising from the SIPS payment, clearing and settlement processes, shall have in place rules or contractual arrangements with these participants. The rules or contractual arrangements shall ensure that the SIPS participants provide sufficient resources, as referred to in paragraph 4, to cover credit exposures resulting from the SIPS payment, clearing and settlement processes in relation to the two participants which, together with their affiliates, have the largest aggregate credit exposure.
6. A SIPS operator shall establish rules and procedures to address losses directly resulting from defaults by one or more participants on their obligations to the SIPS. These rules and procedures shall address the allocation of potentially uncovered losses, including the repayment of any funds a SIPS operator may borrow from liquidity providers. They shall include the SIPS operator’s rules and procedures concerning the replenishment of any financial resources used by the SIPS during a stress event, to the level laid down in paragraphs 4 and 5.
Article 12
Collateral
1. A SIPS operator shall only accept the following assets as collateral:
|
(a) |
cash; and |
|
(b) |
assets with low credit, liquidity and market risks, i.e. assets for which the SIPS operator can demonstrate to the competent authority based on an adequate internal assessment that they meet all of the following conditions:
|
In performing the internal assessment of points (i) to (vi), the SIPS operator shall define, document and apply an objective methodology.
2. A SIPS operator shall establish and implement policies and procedures to monitor the credit quality, market liquidity and price volatility of each asset accepted as collateral. A SIPS operator shall monitor on a regular basis, and at least annually, the adequacy of its valuation policies and procedures. Such review shall also be carried out whenever a material change occurs that affects the SIPS’s risk exposure. A SIPS operator shall mark-to-market its collateral at least on a daily basis.
3. A SIPS operator shall establish stable and conservative haircuts and shall test them at least annually and take into account stressed market conditions. Haircut procedures shall be validated by personnel other than those who created and applied the haircut procedures at least annually.
4. A SIPS operator shall take measures to avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects.
5. A SIPS operator that accepts cross-border collateral shall identify and mitigate the risks associated with its use and ensure that the cross-border collateral can be used in a timely manner.
6. A SIPS operator shall use an effective and operationally flexible collateral management system.
7. Paragraph 1 shall not apply to Eurosystem SIPS.
Article 13
Liquidity risk
1. A SIPS operator shall establish a comprehensive framework to manage liquidity risks posed by the SIPS’s participants, settlement banks, nostro agents, custodian banks, liquidity providers and other relevant entities. The SIPS operator shall provide the participants with adequate tools to effectively manage their liquidity and shall monitor and facilitate the smooth flow of liquidity in the system.
2. A SIPS operator shall put in place operational and analytical tools which enable it to identify, measure and monitor settlement and funding flows, including the use of intraday liquidity, on an ongoing and timely basis.
3. A SIPS operator operating a DNS system shall ensure that:
|
(a) |
financial obligations are established no later than the moment at which a transfer order is included in the calculation of the net settlement positions accessible to each participant; and |
|
(b) |
sufficient liquid resources are held in accordance with paragraphs 4 to 7 at the latest at the moment referred to in point (a). |
4. A SIPS operator shall hold, or ensure that participants hold, sufficient liquid resources at all times as from the moment financial obligations are established, in all currencies in which it operates, to effect same-day settlement of financial obligations in a wide range of potential stress scenarios. Where appropriate, this shall include intraday or multiday settlement. The stress scenarios shall include:
|
(a) |
the default, under extreme but plausible market conditions, of the participant which, together with its affiliates, has the largest aggregate financial obligation; and |
|
(b) |
other scenarios in accordance with paragraph 12. |
5. A SIPS operator settling one-sided payments in euro shall hold, or ensure that participants hold, sufficient liquid resources, in accordance with paragraph 4, to effect timely settlement of financial obligations in the event of a default of the participant which, together with its affiliates, has the largest aggregate financial obligation as determined by paragraph 4(a), in any of the following ways:
|
(a) |
in cash with the Eurosystem; or |
|
(b) |
in eligible collateral as defined in the collateral framework of the Eurosystem laid down in Guideline (EU) 2015/510 of the European Central Bank (ECB/2014/60) (12) and Guideline ECB/2014/31 of the European Central Bank (13) provided that the SIPS operator can demonstrate that such collateral is readily available and convertible into cash on a same-day basis using prearranged and highly reliable funding arrangements, including in stressed market conditions. |
6. A SIPS operator settling one-sided payments in euro shall hold, or ensure that participants hold, additional liquid resources, in accordance with paragraph 4, point (b), in the ways referred to in paragraph 5 or with a creditworthy commercial bank in one or more of the following instruments:
|
(a) |
committed lines of credit; |
|
(b) |
committed foreign exchange swaps; |
|
(c) |
committed repos; |
|
(d) |
assets meeting the requirements of Article 12(1), which are held by a custodian; |
|
(e) |
investments. |
7. All of these instruments must allow cash to be available within a timeframe that allows the completion of same-day settlement. In particular, the SIPS operator must be able to demonstrate that non-cash instruments are readily available and convertible into cash on a same-day basis using prearranged and highly reliable funding arrangements, including in stressed market conditions.
The SIPS operator shall be prepared to demonstrate to the competent authority, based on an adequate internal assessment, that the commercial bank is creditworthy.
A SIPS operator settling two-sided payments, or one-sided payments in currencies other than euro, shall hold, or ensure that participants hold, sufficient liquid resources, in accordance with paragraph 4, in the ways referred to in paragraph 6.
8. Where a SIPS operator supplements the resources referred to in paragraph 4 with other assets, these assets shall be likely to be marketable or acceptable as collateral (for, e.g. lines of credit, swaps, or repos) on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed under extreme but plausible market conditions. Where a participant supplements the resources referred to in paragraph 4 with other assets, the SIPS operator shall ensure that these other assets meet the requirements set out in the first sentence of this paragraph. Assets shall be presumed to be likely to be marketable or acceptable as collateral if the SIPS operator has taken into account the rules and practices of the relevant central bank on the eligibility of collateral.
9. A SIPS operator shall not assume that emergency central bank credit will be available.
10. A SIPS operator shall carry out due diligence to verify that each provider of the SIPS’s liquid resources, as referred to in paragraph 4:
|
(a) |
has sufficient and up-to-date information to understand and to manage the liquidity risks associated with the provision of cash or assets; and |
|
(b) |
has the capacity to provide cash or assets as required. |
The SIPS operator shall review its compliance with the due diligence obligation at least annually. Only entities with access to credit from the central bank of issue shall be accepted as liquidity providers. The SIPS operator shall regularly test the SIPS’s procedures for accessing its liquid resources.
11. A SIPS operator with access to central bank accounts, payment services or securities services shall use these services, where practicable.
12. A SIPS operator shall, through rigorous stress testing, determine the amount and regularly test the sufficiency of its liquid resources to satisfy the requirements under paragraphs 4 and 5. In conducting stress testing, the SIPS operator shall consider a wide range of relevant scenarios, including one or more participant defaults on the same day and on two or more subsequent days.
When such scenarios are considered, the design and operation of the SIPS shall be taken into account and all entities that might pose material liquidity risks to the SIPS shall be examined, including settlement banks, nostro agents, custodian banks, liquidity providers and linked FMIs. Where appropriate, the scenarios shall cover a multiday period.
13. A SIPS operator shall document its reasons for holding, and shall have appropriate governance arrangements relating to, the cash and other assets maintained by it or by participants. It shall establish clear procedures for reporting the results of its stress tests to the Board and shall use these results to evaluate the adequacy of and make adjustments to its liquidity risk-management framework.
14. A SIPS operator shall establish clear rules and procedures enabling the SIPS to effect same-day and, where appropriate, timely intraday and multiday settlement of financial obligations following the default of one or more of its participants. These rules and procedures shall:
|
(a) |
address unforeseen and potentially uncovered liquidity shortfalls; |
|
(b) |
aim to avoid the unwinding, revocation or delay of same-day settlement of financial obligations; |
|
(c) |
indicate how to replenish the cash and other assets used by the SIPS during a stress event, to the extent required pursuant to paragraphs 4 to 6. |
Article 14
Final settlement
A SIPS operator shall establish rules and procedures to enable final settlement to take place no later than the end of the intended settlement date.
Article 15
Money settlements
1. A SIPS operator settling one-sided payments in euro shall ensure that final settlement takes place in central bank money. A SIPS operator settling payments for other SIPS shall endeavour to enable such other SIPS to settle even in emergency situations.
2. A SIPS operator settling two-sided payments or one-sided payments in currencies other than euro shall ensure that final settlement takes place in central bank money where practicable and available.
3. If central bank money is not used, a SIPS operator shall ensure that money settlements take place using a settlement asset with little or no credit and liquidity risk.
4. If a settlement takes place in commercial bank money, the SIPS operator shall monitor, manage, and limit credit and liquidity risks arising from the commercial settlement banks. In particular, the SIPS operator shall establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. The SIPS operator shall also monitor and manage the concentration of credit and liquidity exposures to the SIPS’s commercial settlement banks.
5. If a SIPS operator conducts money settlements on its own books, it shall minimise and strictly control its credit and liquidity risks.
6. If a settlement takes place in commercial bank money, a SIPS operator’s legal agreements with any commercial settlement banks shall state clearly:
|
(a) |
when transfers on the books of individual settlement banks are expected to occur; |
|
(b) |
that transfers are to be final when effected; |
|
(c) |
that funds received shall be transferable as soon as possible, at least by the end of the day. |
Article 16
Payment versus payment
A SIPS operator using a payment versus payment mechanism shall eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs. This rule shall be followed regardless of whether settlement takes place on a gross or net basis and when finality occurs.
Article 17
Participant-default rules and procedures
1. A SIPS operator shall establish a definition of participant default in the SIPS rules and procedures, which shall include, as a minimum, a participant’s failure to meet its financial obligations when they fall due, as a result, inter alia, of operational reasons, breach of agreement, or the commencement of insolvency proceedings against such participant. A SIPS operator shall distinguish between automatic and discretionary default. In the case of discretionary default, the SIPS operator shall specify which entity shall exercise that discretion. It shall review this definition at least annually.
2. A SIPS operator shall have default rules and procedures that enable it to continue to meet its obligations in the event of a participant default, which address the replenishment of resources following a default. The rules and procedures shall define, as a minimum, all of the following:
|
(a) |
the actions that a SIPS operator can take when a default occurs; |
|
(b) |
whether taking such actions is automatic or discretionary and the means by which that discretion is exercised; |
|
(c) |
potential changes to a SIPS operator’s normal settlement practices to ensure timely settlement; |
|
(d) |
the management of payments at different stages of processing; |
|
(e) |
the probable sequencing of actions; |
|
(f) |
the roles, obligations and responsibilities of the relevant parties, including non-defaulting participants; |
|
(g) |
other mechanisms to be activated to limit the impact of a default. |
3. A SIPS operator shall be prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. A SIPS operator shall ensure, inter alia, that: (a) it has the operational capacity, including sufficient well-trained personnel, to implement the procedures outlined in paragraph 2 in a timely manner; and (b) the SIPS’s rules and procedures address documentation, information and communication needs, and, when more than one FMI or authority is involved, coordination.
4. A SIPS operator shall publicly disclose the key aspects of the rules and procedures outlined in paragraph 2, including, as a minimum, all of the following:
|
(a) |
the circumstances in which action shall be taken; |
|
(b) |
who shall take those actions; |
|
(c) |
the scope of the actions which shall be taken; |
|
(d) |
the mechanisms to address a SIPS operator’s obligations towards non-defaulting participants. |
5. A SIPS operator shall test and review the SIPS rules and procedures outlined in paragraph 2 at least annually or after any material changes to the SIPS affecting those rules and procedures. A SIPS operator shall involve SIPS participants and relevant stakeholders in such testing and review.
Article 18
General business risk
1. A SIPS operator shall establish robust management and control systems to identify, monitor and manage general business risks, including losses resulting from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses.
2. A SIPS operator shall maintain a viable recovery and, except for Eurosystem SIPS, orderly wind-down plan as required under Article 10(4).
3. A SIPS operator shall determine, based on its general business risk profile and the time required to achieve a recovery and/or orderly wind-down of its critical operations and services, the amount of assets required to implement the plan referred to in paragraph 2. This amount shall be no less than that represented by six months of current operating expenses.
4. To cover the amount referred to in paragraph 3, a SIPS operator shall hold liquid net assets funded by equity, e.g. common stock, disclosed reserves or other retained earnings, to enable it to continue operations and services as a going concern. These assets shall be in addition to resources held to cover participant default or other risks covered under Articles 11 and 13. Equity held under international risk-based capital standards may be included to avoid duplicate capital requirements.
5. Assets as referred to in paragraph 4 held to cover general business risk shall be of sufficient liquidity and quality to be available in a timely manner, and shall be segregated from the SIPS operator’s assets used for daily operations. The SIPS operator shall be able to realise assets held to cover general business risk with little, if any, adverse price effect, to enable it to continue operations and services as a going concern if it incurs general business losses.
6. A SIPS operator shall establish a viable capital plan for raising additional equity if its equity falls close to or below the amount referred to in paragraph 3.
7. Paragraphs 3 to 6 shall not apply to Eurosystem SIPS.
Article 19
Custody and investment risks
1. A SIPS operator shall hold its own and participants’ assets with supervised and regulated entities (hereinafter the ‘custodians’) that have accounting practices, safekeeping procedures and internal controls that fully protect these assets against the risk of loss in the event of a custodian’s or sub-custodian’s insolvency, negligence, fraud, poor administration or inadequate recordkeeping.
2. A SIPS operator shall have timely access to its assets and the assets provided by the participants.
3. A SIPS operator shall evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each.
4. A SIPS operator shall establish its investment strategy, which shall be consistent with its overall risk-management strategy and fully disclosed to the participants. It shall review the investment strategy at least annually.
5. A SIPS operator’s investments under its investment strategy shall be secured by, or be claims on, high-quality obligors. A SIPS operator shall define the criteria for high-quality obligors. Investments shall be in instruments with minimal credit, market and liquidity risks.
6. Paragraphs 3 to 5 shall not apply to Eurosystem SIPS.
Article 20
Operational risk
1. A SIPS operator shall establish a robust framework with appropriate systems, policies, procedures and controls to identify, monitor and manage operational risk.
2. A SIPS operator shall review, audit, and test systems, operational policies, procedures and controls periodically and after significant changes.
3. A SIPS operator shall establish service level and operational reliability objectives and policies designed to achieve those objectives. It shall review the objectives and policies at least annually.
4. A SIPS operator shall ensure that a SIPS has, at all times, scalable capacity to handle increases in payment volumes that occur due to stress events, and that it can achieve its service level objectives.
5. A SIPS operator shall establish comprehensive physical and information and communication technology (ICT) security policies, processes and system policies, as well as resilient information systems, that adequately identify, assess and manage all potential vulnerabilities, threats, incidents and risks in an ICT environment. It shall review the policies at least annually.
6. A SIPS operator shall establish a business continuity plan that addresses events posing a significant risk of disrupting the SIPS’ operations. The plan shall include the use of a secondary site and be designed to ensure that critical information technology systems can resume operations within two hours of those events. The plan shall be designed in such a way that the SIPS is always able to settle all payments due by the end of the business day on which the disruption occurs. The SIPS operator shall test the plan and review it at least annually.
7. A SIPS operator shall identify critical participants based, in particular, on payment volumes and values and their potential impact on other participants and the SIPS as a whole, in the event of a significant operational problem experienced by such participants.
8. A SIPS operator shall identify, monitor, and manage the risks that critical participants, other FMIs, and services and utility providers might pose to the SIPS’ operations.
9. For the purposes of this Article, references to ‘risk’ include the risks specified in Articles 21 and 22.
Article 21
Cyber risk
1. A SIPS operator shall establish a comprehensive cyber resilience framework with appropriate governance measures that enables it to effectively and efficiently manage cyber risks, and a cyber resilience strategy that takes into account the risk tolerance and risk appetite of the SIPS operator.
2. The cyber resilience framework referred to in paragraph 1 shall ensure at least:
|
(a) |
the identification and classification of key roles, including accountability for decision-making within the organisation, processes, operations, services, and information assets that support the SIPS’s critical operations and services in order to ensure that appropriate measures are in place for their protection and timely recovery in the event of a cyber attack; |
|
(b) |
the adequate protection of the SIPS from cyber risks, including by implementing effective security controls and conducting control activities on the functioning and security of main ICT systems, processing or storing sensitive information; |
|
(c) |
the timely and appropriate detection of any cyber incident or signs of it, including through the monitoring of anomalous activities; |
|
(d) |
the response to and recovery from any cyber incident or any adverse event in a timely and appropriate manner, enabling the SIPS to resume critical operations rapidly and in a way that limits any damage to the SIPS. |
3. A SIPS operator shall establish a testing programme to regularly test the operational effectiveness of all processes, procedures and controls of the cyber resilience framework referred to in paragraphs 1 and 2. As part of this testing programme, the SIPS operator shall conduct TIBER-EU threat-led penetration tests involving the use of techniques to simulate an attack on the SIPS’s critical functions and underlying systems as set out under the TIBER-EU framework.
Where a branch is identified as a SIPS operator, the competent authority may take into account the results of a penetration test performed by the legal entity of which the branch is a legally dependent part if such penetration test can be deemed a comparable exercise to a TIBER-EU test, and if it also captures the effectiveness of the branch’s relevant controls and systems.
4. A SIPS operator shall ensure that its Board and Management, and where applicable the Branch Management, as well as the staff of the SIPS operator have a sound understanding of cyber resilience and a sound level of situational awareness of the cyber threat environment within which it operates through an effective threat intelligence process and information sharing within its organisation and with other interconnected entities across the financial system.
5. A SIPS operator shall have in place appropriate systems, policies, procedures and controls that enable it to assess and gain understanding of the effectiveness of the implementation of its cyber resilience strategy and framework.
6. A SIPS operator shall have procedures in place to ensure that at least any major cyber incidents that negatively impact the SIPS, including incidents originating with the SIPS participants and third-party service providers, are reported to: (a) the Board, the Management, and, where applicable, the Branch Management; and (b) the competent authority. A SIPS operator shall have in place processes of continuous learning and improvement related to cyber security. These processes shall include, for instance, ensuring that the cyber resilience framework considers threat developments as well as reviews of cyber incidents with lessons learned.
Article 22
Outsourcing
1. A SIPS operator shall remain at all times responsible for compliance with this Regulation in respect of any outsourced functions, operations and/or services related to the operation of the SIPS.
2. A SIPS operator shall ensure that outsourcing does not undermine the SIPS operator’s ability to comply with the requirements under this Regulation and does not result expressly or by implication in the delegation of the SIPS operator’s responsibility for compliance with the requirements of this Regulation to the outsourcing service provider.
3. A SIPS operator when outsourcing to a third party or an intragroup entity shall have in place written contractual arrangements between itself and the outsourcing service provider. The provisions of the contractual arrangements shall at least:
|
(a) |
ensure that the SIPS operator can comply with its obligations arising from this Regulation, other applicable laws, regulatory requirements and contracts; |
|
(b) |
include a clear and precise description of the outsourced functions, operations and/or services, of the functions of the outsourcing service provider and also of the allocation of the rights and obligations of the parties to the contractual arrangements; |
|
(c) |
ensure the rights of the relevant competent authority to exercise its powers under Article 29(1), point (a), of this Regulation and, in the case of outsourcing related to the SIPS critical functions, operations and/or services as identified in Article 10(4), also ensure the rights of the relevant competent authority to exercise its powers under Article 29(1), points (b) and (c), of this Regulation. |
|
(d) |
specify whether sub-outsourcing of the SIPS critical functions, operations and/or services is permitted and the conditions that would apply in such cases, and which shall ensure the compliance of the SIPS operator with the requirements of this Regulation; |
|
(e) |
ensure the right of the SIPS operator to terminate the contractual arrangement in case of significant breaches of laws, regulations or contractual terms and if the compliance with the requirements under this Article cannot be ensured. |
4. A SIPS operator shall have a comprehensive outsourcing framework in place to effectively identify, monitor and manage the risks arising from any outsourcing and throughout its whole lifecycle. The SIPS operator shall also have in place an outsourcing strategy that takes into account the risk tolerance of the SIPS operator.
5. The outsourcing framework referred to in paragraph 4 shall enable the SIPS operator to at least:
|
(a) |
assess any risks that may arise from outsourcing, including any concentration risks and risks related to sub-contracting, before the signing of any contractual arrangement; |
|
(b) |
identify and manage effectively the risks related to any outsourcing of the SIPS critical functions, operations and/or services; |
|
(c) |
ensure the assessment of any conflict of interests related to the outsourced functions, operations and/or services; |
|
(d) |
exercise audit rights necessary to assess the related outsourcing risks and to comply with its regulatory obligations. This shall include a plan for audits and inspections on the outsourcing service provider related to the SIPS critical functions, operations and/or services. |
6. A SIPS operator shall ensure that outsourcing does not impair the effectiveness and soundness of the SIPS operation and the soundness of its systems, policies, internal controls and related procedures.
7. In the case of outsourcing related to the SIPS critical functions, operations and/or services as identified in Article 10(4), a SIPS operator shall develop and maintain an exit strategy that does not result in disruption to the SIPS operations.
8. The Eurosystem shall develop non-binding guidance addressed to SIPS operators on the requirements related to outsourcing. Such guidance shall be made available by the ECB on its website.
Article 23
Access and participation criteria
1. A SIPS operator shall establish and publicly disclose non-discriminatory access and participation criteria to the SIPS’s services for direct and, where relevant, indirect participants and for other FMIs. It shall review the criteria at least annually.
2. The access and participation criteria referred to in paragraph 1 shall be justified in terms of the safety and efficiency of the SIPS and the markets it serves, and be tailored to and commensurate with the SIPS’s specific risks. In compliance with the principle of proportionality, a SIPS operator shall set requirements that restrict access to the minimum possible extent. If a SIPS operator denies access to an applying entity, it shall give reasons in writing, based on a comprehensive risk analysis.
3. A SIPS operator shall monitor participants’ compliance with the SIPS’s access and participation criteria on an ongoing basis. A SIPS operator shall establish non-discriminatory procedures to facilitate the suspension and orderly termination of a participant’s right of participation where the participant fails to comply with the criteria and shall publicly disclose relevant key aspects of such procedures. It shall review the procedures at least annually.
Article 24
Tiered participation arrangements
1. For the purpose of risk management, a SIPS operator shall ensure that the SIPS’s rules, procedures and contractual arrangements allow it to gather information about indirect participation in order to identify, monitor and manage any material risks to the SIPS arising from participation. This information shall, as a minimum, cover the following:
|
(a) |
the activity that direct participants conduct on their own behalf and on behalf of indirect participants in proportion to the activity at system level; |
|
(b) |
the number of indirect participants that settle via individual direct participants; |
|
(c) |
the volumes and values of payments in the SIPS originating from each indirect participant; |
|
(d) |
the volumes and values of payments referred to in point (c) in proportion to those of the direct participant through which the indirect participant accesses the SIPS. |
2. A SIPS operator shall identify material dependencies between direct and indirect participants that might affect the SIPS, taking into account the information referred to in paragraph 1.
3. A SIPS operator shall identify indirect participants who pose material risks to the SIPS and the direct participants through which they access the SIPS with a view to managing these risks.
4. A SIPS operator shall review the risks arising from tiered participation arrangements at least annually. It shall take mitigating action when needed to ensure that the risks are properly managed.
Article 25
Efficiency and effectiveness
1. A SIPS operator shall have a process to identify and meet the needs of the markets the SIPS serves, in particular, with regard to:
|
(a) |
choice of a clearing and settlement arrangement; |
|
(b) |
operating structure; |
|
(c) |
scope of products cleared or settled; |
|
(d) |
use of technology and procedures. |
2. A SIPS operator shall have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations and business priorities.
3. A SIPS operator shall have established mechanisms for the regular, at least annual, review of the requirements laid down in paragraphs 1 and 2.
Article 26
Communication procedures and standards
A SIPS operator shall use or accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement and recording.
Article 27
Disclosure of rules, key procedures and market data
1. A SIPS operator shall adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures shall also be publicly disclosed.
2. A SIPS operator shall disclose clear descriptions of the system’s design and operations, as well as the SIPS operator’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the SIPS.
3. A SIPS operator shall provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the SIPS’ rules and procedures and the risks they face from participating in the SIPS.
4. A SIPS operator shall publicly disclose the SIPS’s fees at the level of individual services it offers as well as its discount policies. The SIPS operator shall provide clear descriptions of priced services for comparability purposes.
5. A SIPS operator shall complete and disclose publicly responses to the CPMI-IOSCO Disclosure framework for financial market infrastructures. It shall update its responses following material changes to the system or its environment, but at least every two years. A SIPS operator shall also, at a minimum, disclose basic data on transaction volumes and values.
Article 28
General obligation to comply
1. SIPS operators shall have one year from the date on which the decision of the Governing Council in accordance with Article 3(3) has been notified to them to comply with the requirements laid down in this Regulation.
2. SIPS operators shall cooperate, on a continuous basis, with the competent authority, and ensure compliance of the SIPS they operate with the requirements set out in Articles 8 to 27 and Article 29, including in terms of the overall effectiveness of their rules, procedures, processes and frameworks. SIPS operators shall further cooperate with the competent authority to facilitate the broader objective of promoting the smooth operation of payment systems at systemic level.
3. Where a branch is identified as a SIPS operator and compliance with an obligation under this Regulation requires or depends on the involvement of the legal entity of which the branch is a legally dependent part, the obligation shall be understood as an obligation on the branch to demonstrate compliance vis-à-vis the competent authority through the actions and processes at the level of the relevant legal entity.
PART IV
COMPETENT AUTHORITIES
Article 29
Powers of a competent authority
1. A competent authority shall have the power to:
|
(a) |
obtain, at any time, from a SIPS operator all of the information and documents necessary to assess compliance with the requirements under this Regulation or to promote the smooth operation of payment systems at systemic level. The SIPS operator shall report the relevant information to the competent authority without undue delay; |
|
(b) |
require a SIPS operator to appoint an independent expert to perform an investigation or independent review on the operation of the SIPS. The competent authority may impose requirements concerning the type of expert to be appointed, the content and scope of the report to be produced, the treatment of the report, including disclosure and publication of certain elements, and timing for the production of the report. A SIPS operator shall inform the competent authority how the imposed requirements have been satisfied; |
|
(c) |
conduct on-site inspections or delegate the carrying out of on-site inspections. Where the proper conduct and efficiency of an inspection so requires, the competent authority may carry it out without prior announcement. |
2. Decision (EU) 2019/1349 of the European Central Bank (ECB/2019/25) (14) specifies the procedure and conditions for the exercise by a competent authority of the powers set out in this Article.
Article 30
Organisation of oversight activities
1. A competent authority may carry out continuous and/or ad hoc oversight activities to assess the compliance by a SIPS operator with the requirements set out in Articles 8 to 27 and Article 29 or to promote the smooth operation of payment systems at systemic level.
2. A competent authority shall seek to reach cooperation arrangements with other relevant authorities as necessary. In the exceptional case where a branch is identified as a SIPS operator the competent authority shall seek a cooperation arrangement with the authority responsible for the oversight or supervision of the legal entity of which the branch is a legally dependent part.
Article 31
Confidentiality
Information shared by a SIPS operator with a competent authority on a confidential basis may be shared by that competent authority within the European System of Central Banks (ESCB). Such information shall be treated as confidential by the members of the ESCB, in accordance with the duty of professional secrecy laid down in Article 37.1 of the Statute of the ESCB.
PART V
CORRECTIVE MEASURES AND SANCTIONS
Article 32
Corrective measures
1. Where a SIPS operator has not complied with this Regulation or where there are reasonable grounds for suspecting that a SIPS operator has not complied with this Regulation, the competent authority may initiate a procedure to impose a corrective measure, in which case, the competent authority shall:
|
(a) |
give written notice to the SIPS operator of the nature of the non-compliance or suspected non-compliance; and |
|
(b) |
give the SIPS operator the opportunity to be heard and to provide explanations. |
2. Taking into account the information provided by the SIPS operator, the competent authority may impose corrective measures on the SIPS operator to remedy the non-compliance and/or avoid repeating it. Where the SIPS operator is a branch, the corrective measures shall be imposed on the branch.
3. The competent authority may impose corrective measures immediately if it finds that the non-compliance is serious enough to require immediate action. It shall provide reasons for its decision.
4. A competent authority other than the ECB shall inform the ECB of its intention to impose corrective measures on a SIPS operator without undue delay.
5. Corrective measures may be imposed independently of or in parallel to sanctions imposed under Council Regulation (EC) No 2532/98 (15).
6. The rules and procedure provided for in Decision (EU) 2017/2098 of the European Central Bank (ECB/2017/33) (16) shall apply to the imposition of the corrective measures pursuant to this Article.
Article 33
Sanctions
1. In the case of an infringement of this Regulation, the ECB may impose sanctions on the SIPS operator. Where the SIPS operator is a branch, the sanctions shall be imposed on the branch.
2. Sanctions imposed pursuant to paragraph 1 shall be in accordance with Regulation (EC) No 2532/98 and Regulation (EC) No 2157/99 of the European Central Bank (ECB/1999/4) (17). The amount of the sanctions shall be calculated in accordance with Decision (EU) 2017/2097 of the European Central Bank (ECB/2017/35) (18).
PART VI
REVIEW OF APPLICATION OF THIS REGULATION
Article 34
Review
The Governing Council shall review the general application of this Regulation by no later than two years following the date on which it enters into force, and thereafter every three years, and assess whether it needs to be amended.
PART VII
REPEAL AND FINAL PROVISIONS
Article 35
Repeal
1. Regulation (EU) No 795/2014 (ECB/2014/28) is hereby repealed.
2. References to the repealed Regulation shall be construed as references to this Regulation and shall be read in accordance with the correlation table set out in Annex II.
Article 36
Final provisions
1. This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
2. This Regulation shall be binding in its entirety and directly applicable in the Member States in accordance with the Treaties.
Done at Frankfurt am Main, 2 July 2025.
For the Governing Council of the ECB
The President of the ECB
Christine LAGARDE
(1) Regulation (EU) No 795/2014 of the European Central Bank of 3 July 2014 on oversight requirements for systemically important payment systems (ECB/2014/28) (OJ L 217, 23.7.2014, p. 16, ELI: http://data.europa.eu/eli/reg/2014/795/oj).
(2) See Annex I.
(3) Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011 (OJ L 333, 27.12.2022, p. 1, ELI: http://data.europa.eu/eli/reg/2022/2554/oj).
(4) Available on the ECB’s website at www.ecb.europa.eu.
(5) Available on the ECB’s website at www.ecb.europa.eu.
(6) Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems (OJ L 166, 11.6.1998, p. 45, ELI: http://data.europa.eu/eli/dir/1998/26/oj).
(7) Regulation (EU) No 575/2013 of the European Parliament and of the Council of 26 June 2013 on prudential requirements for credit institutions and amending Regulation (EU) No 648/2012 (OJ L 176, 27.6.2013, p. 1, ELI: http://data.europa.eu/eli/reg/2013/575/oj).
(8) Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349, ELI: http://data.europa.eu/eli/dir/2014/65/oj).
(9) Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market, amending Directives 2002/65/EC, 2009/110/EC and 2013/36/EU and Regulation (EU) No 1093/2010, and repealing Directive 2007/64/EC (OJ L 337, 23.12.2015, p. 35, ELI: http://data.europa.eu/eli/dir/2015/2366/oj).
(10) Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the taking up, pursuit and prudential supervision of the business of electronic money institutions amending Directives 2005/60/EC and 2006/48/EC and repealing Directive 2000/46/EC (OJ L 267, 10.10.2009, p. 7, ELI: http://data.europa.eu/eli/dir/2009/110/oj).
(11) Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems (OJ L 166, 11.6.1998, p. 45, ELI: http://data.europa.eu/eli/dir/1998/26/oj).
(12) Guideline (EU) 2015/510 of the European Central Bank of 19 December 2014 on the implementation of the Eurosystem monetary policy framework (ECB/2014/60) (OJ L 91, 2.4.2015, p. 3, ELI: http://data.europa.eu/eli/guideline/2015/510/oj).
(13) Guideline ECB/2014/31 of the European Central Bank of 9 July 2014 on additional temporary measures relating to Eurosystem refinancing operations and eligibility of collateral and amending Guideline ECB/2007/9 (OJ L 240, 13.8.2014, p. 28, ELI: http://data.europa.eu/eli/guideline/2014/528/oj).
(14) Decision (EU) 2019/1349 of the European Central Bank of 26 July 2019 on the procedure and conditions for exercise by a competent authority of certain powers in relation to oversight of systemically important payment systems (ECB/2019/25) (OJ L 214, 16.8.2019, p. 16, ELI: http://data.europa.eu/eli/dec/2019/1349/oj).
(15) Council Regulation (EC) No 2532/98 of 23 November 1998 concerning the powers of the European Central Bank to impose sanctions (OJ L 318, 27.11.1998, p. 4, ELI: http://data.europa.eu/eli/reg/1998/2532/oj).
(16) Decision (EU) 2017/2098 of the European Central Bank of 3 November 2017 on procedural aspects concerning the imposition of corrective measures for non-compliance with Regulation (EU) No 795/2014 (ECB/2017/33) (OJ L 299, 16.11.2017, p. 34, ELI: http://data.europa.eu/eli/dec/2017/2098/oj).
(17) Regulation (EC) No 2157/99 of the European Central Bank of 23 September 1999 on the powers of the European Central Bank to impose sanctions (ECB/1999/4) (OJ L 264, 12.10.1999, p. 21, ELI: http://data.europa.eu/eli/reg/1999/2157/oj).
(18) Decision (EU) 2017/2097 of the European Central Bank of 3 November 2017 on the methodology for calculating sanctions for infringements of the oversight requirements for systemically important payment systems (ECB/2017/35) (OJ L 299, 16.11.2017, p. 31, ELI: http://data.europa.eu/eli/dec/2017/2097/oj).
ANNEX I
Repealed Regulation with list of the successive amendments thereto
(referred to in recital 1)
|
Regulation (EU) No 795/2014 of the European Central Bank of 3 July 2014 on oversight requirements for systemically important payment systems (ECB/2014/28) |
|
|
Regulation (EU) 2017/2094 of the European Central Bank of 3 November 2017 amending Regulation (EU) No 795/2014 on oversight requirements for systemically important payment systems (ECB/2017/32) |
|
|
Regulation (EU) 2021/728 of the European Central Bank of 29 April 2021 amending Regulation (EU) No 795/2014 on oversight requirements for systemically important payment systems (ECB/2021/17) |
|
ANNEX II
Correlation table
|
Regulation (EU) No 795/2014 (ECB/2014/28) |
This Regulation |
|
Article 1(1) Article 1(2) Article 1(3) Article 1(3-a) Article 1(3a) Article 1(3b) Article 1(4) Article 2 Article 2a Article 2b Article 2c Article 2d |
Article 1 Article 3(3) Article 3(1) Article 3(2) Article 3(4) Article 3(5) Article 28(2) Article 2 Article 4 Article 5 Article 6 Article 7 |
|
Article 3 Article 4(1) to (5) Article 4(6) Article 4(7) — Article 4(7a) Article 4(8) — — Article 5 |
Article 8 Article 9(1) to (5) Article 9(11) and (12) Article 9(6) and (8) Article 9(7) Article 9(9) Article 9(10) Article 9(13) Article 9(14) Article 10 |
|
Article 6 Article 7 Article 8 Article 9 Article 10 Article 11 Article 12 Article 13 Article 14 Article 15 — — Article 16 Article 17 Article 18 Article 19 Article 20 |
Article 11 Article 12 Article 13 Article 14 Article 15 Article 16 Article 17 Article 18 Article 19 Article 20 Article 21 Article 22 Article 23 Article 24 Article 25 Article 26 Article 27 |
|
— Article 21 Article 21a — Article 21b Article 22 Article 23 Article 24 — Article 25(1) and (3) Article 25(2) — |
Article 28(3) Article 29 Article 30(1) Article 30(2) Article 31 Article 32 Article 33 Article 34 Article 35 Article 36 Article 28(1) Annex I |
|
— |
Annex II |
|
|
|
ELI: http://data.europa.eu/eli/reg/2025/1355/oj
ISSN 1977-0677 (electronic edition)