Banking (prudential standards) determination No. 3 of 2005 Prudential Standard APS 610 Prudential Requirements for Providers of Purchased Payment Facilities (Cth)

Case
No judgment structure available for this case.

Banking (prudential standards) determination No. 3 of 2005

Prudential Requirements for Providers of Purchased Payment Facilities

Banking Act 1959

I, John Francis Laker, Chair of APRA, under paragraph 11AF(1)(a) of the Banking Act 1959 (the Act), DETERMINE Prudential Standard APS 610 Prudential Requirements for Providers of Purchased Payment Facilities in the form set out in the Schedule.

This prudential standard comes into force on the day it is registered on the Federal Register of Legislative Instruments.

Dated  16 November 2005

[Signed]

………………………

John Laker

Chair

Interpretation

In this Notice

APRA means the Australian Prudential Regulation Authority.

ADI has the meaning given in section 5 of the Act.

Note1  An ADI that does not comply with a standard may be issued with directions by APRA under paragraph 11CA(1)(a) of the Act. Non-compliance with a direction is an offence attracting a penalty of up to $27,000 for each day that the offence continues. Officers of the ADI may also be criminally liable (see section 11CG).


Schedule

Prudential Standard APS 610 Prudential Requirements for Providers of Purchased Payment Facilities comprises the following 6 pages.


Prudential Standard APS 610

Prudential Requirements for Providers of Purchased Payment Facilities

Objective and key requirements of this Prudential Standard

This Prudential Standard aims to ensure that those authorised deposit-taking institutions (ADIs) that have obtained an authority to provide purchased payment facilities (PPFs) are subject to prudential requirements commensurate with their risk profile.  These ADIs form a class of ADI known as purchased payment facility providers (PPF providers).  They are not authorised to conduct general banking business.

This Prudential Standard sets out those ADI prudential standards which do not apply to PPF providers, as well as additional requirements applying to PPF providers that have stored value at risk. 

The key requirements of this Prudential Standard for PPF providers with stored value at risk are:

·    a minimum Tier 1 capital requirement that is the larger of the following two figures:

  1. the minimum start-up capital as determined by APRA; or

  2. five per cent of stored value liabilities.

    ·    a PPF provider with stored value at risk must hold at all times high quality liquid assets equal to its stored value liabilities; and

    ·    a PPF provider with stored value at risk must meet certain operational risk requirements.

    Details on these requirements and the application of ADI prudential standards are contained below.

    Authority and application

    1.This Prudential Standard is made under section 11AF of the Banking Act 1959 (Banking Act).

    2.It applies to authorised deposit-taking institutions (ADIs) that have obtained an authority under section 9 of the Banking Act to conduct banking business as defined by Regulation 3 of the Banking Regulations 1966.  These ADIs form a class of ADIs called purchased payment facility providers (PPF providers).

    Inoperative ADI prudential standards

    3.All PPF providers are exempted from the operation of certain ADI prudential standards.  The inoperative ADI prudential standards are set out in the following table (Table 1):

Exempted Prudential Standard (APS No.) APS Title Exemption
APS 110 Capital Adequacy All PPF providers
APS 111 Capital Adequacy: Measurement of Capital All PPF providers
APS 112 Capital Adequacy: Credit Risk All PPF providers
APS 113 Capital Adequacy: Market Risk All PPF providers
APS 120 Funds Management and Securitisation All PPF providers
APS 210 Liquidity All PPF providers
APS 220 Credit Quality All PPF providers
APS 221 Large Exposures All PPF providers
APS 222 Associations with Related Entities All PPF providers

Applicable ADI prudential standards

4.In the interests of clarity, the following table (Table 2) sets out those ADI prudential standards, or proposed ADI prudential standards, that apply (or will apply) to all ADIs including PPF providers:[1]

[1] Note: Draft versions of proposed ADI prudential standards are available online at cellpadding="0" cellspacing="0"> Applied Prudential Standard (APS No.) APS Title Application APS 231 Outsourcing All ADIs APS 232 Business Continuity Management All ADIs APS 310 Audit and Related Arrangements for Prudential Reporting All ADIs APS 510 (proposed) Governance All ADIs APS 511 (proposed) Governance (Non-Operating Holding Companies) All ADIs APS 520 (proposed) Fit and Proper Requirements All ADIs

Definition of stored value and stored value liabilities

5.Stored value refers to the balance of funds represented on PPF devices or PPF accounts held by beneficiaries for purposes of making payments.

6.Stored value liabilities are the aggregate liabilities of a PPF provider to beneficiaries to complete payments made with PPF devices or PPF accounts, and the outstanding obligations to payees for payments made but not yet settled.

Prudential requirements for PPF providers with stored value at risk

7.The remainder of this Prudential Standard sets out requirements that apply to all PPF providers with stored value at risk.

Stored value at risk

8.A PPF provider is deemed to not have stored value at risk if the PPF provider can satisfy APRA that:

(a)      the PPF provider does not itself have any stored value liabilities; or

(b)     the PPF provider has stored value liabilities but:

(i)the funds received in exchange for stored value on PPF devices or in PPF accounts are deposited in an account held with an ADI until settlement to payees occurs; and

(ii)the PPF provider has no operational control of this account; and

(iii)no creditors aside from the beneficiaries or payees of the stored value can have legal recourse to the assets held in this account in the event the PPF provider becomes insolvent or is wound-up.

Responsibility for capital adequacy

9.The Board of Directors (the Board) of a PPF provider has the duty to ensure that the PPF provider maintains an appropriate level of capital commensurate with the level and extent of risks to which the PPF provider is exposed from its activities.

10.To this end, the PPF provider must:

(a)    have adequate systems and procedures in place to identify, measure, monitor and manage the risks arising from its activities to ensure that capital is held at a level consistent with the PPF provider’s risk profile; and

(b)   maintain and implement a capital management plan, consistent with the overall business plan, for managing its capital levels on an ongoing basis.  The plan must set out:

(i)the PPF provider’s strategy for maintaining capital resources over time, for example, by outlining its capital needs for supporting the degree of risks involved in the PPF provider’s business, how the required level of capital is to be met, as well as the means available for sourcing additional capital where required; and

(ii)actions and procedures for monitoring the PPF provider’s compliance with minimum capital adequacy requirements, including the setting of trigger ratios to alert management of, and avert, potential breaches to the minimum capital required by APRA.

Minimum capital adequacy requirements

11.A PPF provider must, as a minimum, have at all times Tier 1 capital equal to:

(a)      the minimum start-up capital as determined by APRA [Note: minimum start-up capital is ordinarily a condition on authorisation for PPF providers with stored value at risk.  See the Guidelines on Authorisation of Providers of Purchased Payment Facilities]; or

(b)     5 per cent of total outstanding stored value liabilities

whichever is the larger figure.

12.Examples of Tier 1 capital include paid-up ordinary shares, general reserves and retained earnings.  Prudential Standard APS 111 Capital Adequacy: Measurement of Capital and Guidance Note AGN 111.1 Tier 1 Capital detail the criteria instruments must meet to be classified as Tier 1 capital.

13.A PPF provider must continuously monitor its stored value liabilities.  If a PPF provider is unable to do so, it must determine if paragraph 11(b) applies by using the highest value of stored value liabilities held over the preceding 6 month period, measured in a manner approved by APRA.

Liquidity and asset requirements

14.A PPF provider must hold at all times high quality liquid assets equal to its stored value liabilities.  High quality liquid assets must be free from encumbrances (except where approved for a prudential purpose by APRA).  Eligible assets include:

(a)      cash;

(b)     securities eligible for repurchase transactions with the Reserve Bank of Australia;

(c)      bank bills and CDs issued by ADIs provided the issue is rated at least ‘investment grade’ (reference should be made to Guidance Note AGN 113.3 The Standard Method on what constitutes investment grade);

(d)     deposits (at call and any other deposits readily convertible into cash within two business days) held with other ADIs; and

(e)      any asset approved by APRA (subject to any conditions imposed by APRA) as a high quality liquid asset for the purposes of this standard.

Operational risk

15.The Board and senior management of a PPF provider must develop, implement and maintain a risk management framework to address operational risk. 

16.Operational risk may be defined as the risk of financial loss resulting from inadequate or failed internal processes, people and systems or from external events.  A PPF provider may determine a definition of operational risk appropriate to the size, business mix and complexity of its activities and operating environment.  This definition of operational risk should be clearly understood throughout the PPF provider to ensure that this risk is effectively identified and managed. 

17.The management of operational risk should include, but is not limited to, the risks associated with:

(a)      the integrity of transaction data and timely processing of transactions;

(b)     appropriate back-up and disaster recovery plans and facilities, including resilient critical processing systems (see Prudential Standard APS 232 Business Continuity Management (APS 232));

(c)      regular testing of business continuity and disaster recovery arrangements (see APS 232);

(d)     outsourcing risk management to any third-party and related service providers (see Prudential Standard APS 231 Outsourcing);

(e)      internal and external fraud risk management, which should include the following elements:

(i)risk identification and assessment;

(ii)internal controls and mitigation strategies;

(iii)segregation of duties at both an operational level and in relation to functional reporting lines;

(iv)financial accounting controls; and

(v)staff training and awareness;

(f)      controls against information security and physical security risks; and

(g)      compliance obligations regarding relevant laws and regulations, for example those relating to licensing requirements under the Corporations Act 2001.

18.The PPF provider should have in place effective management information systems and monitoring mechanisms to assist with early detection and correction of deficiencies in procedures for managing operational risk.

19.PPF providers should consider the imposition of a limit on the amount of stored value that can be loaded, stored or paid on a device or account purchased from the PPF provider.  APRA will closely examine any facility that allows a purchaser to load, store, or pay sizeable amounts of money to ensure that the integrity of the facility is not compromised.  Where a PPF provider is involved with this type of facility, the entity should ensure that it has in place adequate systems for the identification of purchasers and the recording and tracing of transaction data. 

20.A PPF provider must not be involved in providing PPFs that do not have a reasonable limit on the amount that can be loaded, stored or paid on a device or account, or provide an audit trail of purchaser and transaction information.  Australia’s anti-money laundering regulator and specialist financial intelligence unit is the Australian Transaction Reports and Analysis Centre (AUSTRAC), and a PPF provider needs to be compliant with all anti-money laundering requirements, including customer due diligence, as administered by AUSTRAC.

Notification requirements

21.A PPF provider must inform APRA immediately of:

(a)      any breach of the minimum capital adequacy requirements (see paragraph 11) and any potential breach of these requirements (e.g. breaches of trigger ratios set under paragraph 10(b)(ii)), including remedial actions taken/planned to deal with the problem; or

(b)     any breach of its minimum liquidity holdings, or concerns over the adequacy of its liquidity holdings.


Actions
Download as PDF Download as Word Document


Cases Citing This Decision

0

Cases Cited

0

Statutory Material Cited

0