Payment Systems Oversight in Austria

Payment systems oversight is among the core functions of the Eurosystem (ESCB). Article 105 para. 2 of the Maastricht Treaty and Article 3 of the ESCB Statute state that “…the basic tasks to be carried out through the ESCB shall be […] to promote the smooth operation of payment systems.” In fulfilling this task, the Eurosystem is to ensure the security and efficiency of payment systems as well as the security of payment instruments. For this purpose, the European Central Bank (ECB) was empowered to issue regulations under Article 22 of the ESCB Statute, which grants regulatory power to the ECB in legal areas which are related to payment systems but do not affect other substantial legal areas.

However, the ECB has not made use of this regulatory power to date. Instead, the implementation of supervisory criteria developed by the ECB Governing Council is left to the national central banks (NCBs) as much as possible to ensure that specific national circumstances are accounted for in supervisory practice wherever possible.

Against this backdrop, the Austrian legislature granted the OeNB supervisory power over Austria’s payment systems in the Federal Act on the Oesterreichische Nationalbank (Article 44a NBG) on April 1, 2002.

In its statement¹) of June 2000, the Governing Councilof the ECB explained that promoting the smooth functioning of payment systems is a core function of central banks and is directly linked to its responsibilities for monetary policy and financial stability. Secure and efficient payment and clearing systems are a crucial instrument in the smooth implementation of monetary policy measures and contribute to both the stability of the financial system and public confidence in the euro.

For this reason, the Eurosystem carefully observes developments in the field of payment and clearing systems, provides payment and clearing services itself and ensures that the systems it operates as well as those operated by the private sector comply with the objectives and standards defined by the Governing Council. The enforcement of this joint oversight policy is ensured by the NCBs for those payment systems which fall under their jurisdiction. In general, supervisory standards²) are not passed until the corresponding public consultation procedures have been carried out.

Up to now, supervisory functions have covered large-value payment systems, certain types of retail payment systems³), e-money systems as well as securities clearing and settlement systems in euro area countries. In areas not yet specifically covered by the common oversight policy⁴), policies defined at the NCB level apply within the framework of the common policy.⁵)

As close cooperation between payment system oversight and banking supervision contributes to the overall strategy of reducing risk in the financial system⁶), the ECB and the NCBs of the Eurosystem and of the non-participating Member States signed a memorandum of understanding with EU banking supervisory authorities which accounts for specific institutional circumstances as well as the supervisory framework of the Eurosystem. As regards large-value payment systems, this agreement provides for the exchange of information between NCBs and the banking supervisory authorities in order to ensure the solidity and stability of the systems and their members.

In addition to TARGET, a system which links the RTGS systems of the central banks, five other large-value payment systems are in operation in the Eurosystem. These are the Euro Clearing System (EURO1) of the Euro Banking Association (EBA), Euro Access Frankfurt (EAF) in Germany, Paris Net Settlement (PNS) in France, Servicio de Pagos Interbancarios (SPI) in Spain and Pankkien On-line Pikasiirrot ja Sekit-järjestelmä (POPS) in Finland.

According to the framework established by the Governing Council of the ECB in early 2003, these systems are required to fulfill the "Core Principles for Systemically Important Payment Systems (SIPS)."⁷) This also includes a requirement under which central banks are to ensure that the systemically important payment systems they operate comply with the principles.

Continuous Linked Settlement (CLS)

Continuous Linked Settlement (CLS) is a system designed for the simultaneous, final and irrevocable settlement of foreign exchange transactions and was developed by the market in response to the need to reduce settlement risk in foreign exchange trading. In September 2002, CLS went into operation in seven major currencies⁸), and one year later four additional currencies were added to the system.⁹) After the US dollar, the euro is the second most frequently used currency in the CLS system, accounting for approximately one fourth of all gross payments handled by the system. The ECB is involved in overseeing the system and also provides settlement services itself for CLS. The lead overseer responsible for CLS is the Federal Reserve System.

Society for Worldwide Interbank Financial Telecommunication (SWIFT)

SWIFT is a cooperative which is owned by the financial industry and operates a worldwide network that facilitates the transmission of payments and financial messages between financial institutions. The ECB also participates in the oversight of SWIFT in cooperation with the G-10 central banks and the lead overseer, the Banque Nationale de Belgique. In addition to SWIFT’s resistance to crises, its migration to new network generations is an important item on the overseers’ agenda.

In correspondent banking relationships, banks provide payment services and other related services for one another, especially in cross-border transactions. In the EU, euro correspondent banking is concentrated among just a few market participants.¹⁰) However, as correspondent banking only accounts for a fraction of total payment flows in euro (the vast majority of payments are handled by interbank funds transfer systems such as TARGET), the Eurosystem does not see any immediate systemic risk in this high level of concentration at present. In any case, the Eurosystem monitors developments in this field carefully. 

In June 2003, the Governing Council of the ECB  adopted the "Oversight Standards for Euro Retail Payment Systems“ based on the Core Principles for Systemically Important Payment Systems (SIPS). In the application of these standards, three categories of payment systems are distinguished: "systemically important payment systems," "payment systems of prominent importance" and "other payment systems." All of the core principles mentioned above apply to systemically important retail payment systems, whereas only a selection of six core principles are required for systems of prominent importance. Other payment systems generally only have to fulfill national standards.

The ECB’s supervisory approach with regard to e-money was published in the "Report on Electronic Money"¹¹)  and the “Electronic Money System Security Objectives” (EMSSO) report.¹²) The security objectives in the EMSSO report will be used by the Eurosystem to assess the overall reliability and technical security of e-money systems and should increase public confidence in these systems. Moreover, these objectives will also make a contribution to creating a level playing field for competition. E-money systems are evaluated on the basis of these standards by the NCBs.

The increased use of new communication technologies and the need to provide specific payment mechanisms in e-commerce have created opportunities for new intermediaries to simplify the transmission and processing of payment instructions. At the same time, banks have also developed new ways of allowing customers to access their accounts and to make electronic payments. In this context, the ECB provides a forum for cooperation between stakeholders and offers analyses and statistics to support market initiatives for the development of more efficient and secure payment mechanisms.

To meet these objectives, in May 2003 the ECB reactivated the electronic Payment Systems Observatory (ePSO), which was originally set up in 2000 under the aegis of the European Commission. The ePSO project comprises a website which supports information sharing on innovative electronic payment systems and instruments (www.e-pso.info) and contains an electronic discussion forum, a detailed overview of e-payment systems and articles on current topics of interest.

The future oversight activities of the ESCB with regard to payment services provided via the internet and mobile networks will focus on the security of specific instruments and systems.

To limit its own risk in the settlement process, the Eurosystem assesses the EU securities settlement systems approved for the settlement of its credit operations on a yearly basis. The assessment criteria used in this context are covered in the report "Standards for the Use of EU Securities Settlement Systems in ESCB Credit Operations," which was endorsed by the European Monetary Institute (EMI) in November 1997.

Cooperation with the Committee of European Securities Regulators 

In 2001, the Governing Council of the ECB approved a framework for cooperation between the ESCB and the Committee of European Securities Regulators (CESR) in the field of securities clearing and settlement systems. This framework established a working group consisting of representatives from each central bank in the ESCB and from each securities regulator in the CESR.  The group’s activities primarily focused on creating European standards for clearing and settlement systems based on the recommendations of the Committee on Payment and Settlement Systems and the International Organization of Securities Commissions (CPSS-IOSCO).

In 2003, the working group completed a consultative report which defined 19 standards for enhancing the security, stability and efficiency of securities clearing and settlement systems in the EU. The report is based on a functional approach, that is, the standards are meant to be applied to all relevant functions in securities clearing and settlement operations without regard to the legal status of the institutions fulfilling these functions.

Therefore, the future ESCB-CESR standards will apply to securities market infrastructures, in particular to central counterparties as well as national and international central securities depositories. In addition, the report indicates that some standards will also apply to important custodian banks which are intensely involved in clearing and settlement.

Since April 2002, the OeNB has fulfilled all of the requirements defined for national payment systems oversight authorities within the Eurosystem. The OeNB’s interpretation of its mandate under Austrian law as well as the implementation measures taken are meant to fulfill both Austrian and European requirements. In its supervisory activities, the OeNB also attempts to maintain a maximum of transparency in compliance with the IMF Code of Good Practices on Transparency in Monetary and Financial Policies (IMF, March 2000).

The OeNB’s payment oversight activities are based on Articles 44a and 82a of the Federal Act on the Oesterreichsiche Nationalbank (NBG, or Nationalbank Act).¹³) In addition to defining the OeNB’s legal mandate to review system stability, Article 44a specifies the OeNB’s authority to issue regulations, perform inspections,and impose sanctions. This articles also defines the mechanisms necessary to avert conflicts of interest within the OeNB. Article 82a of the Nationalbank Act governs the sanctions which the OeNB can impose on organizations which fail to fulfill the disclosure and reporting requirements set forth in Article 44a.

Under Article 44a para. 4 of the Nationalbank Act, a payment system is defined for oversight purposes as follows:"…any system in accordance with Article 2 of the Finalitätsgesetz (Settlement Finality Act), BGBl. Part I No. 123/1999, as well as any commercial framework for the electronic transfer of funds among at least three participants." 
Oversight activities are primarily aimed at operators (§44a para. 5: "A payment systems operator … shall be deemed to be any person or entity engaged in commercial activities and assuming, for the purpose of making direct or indirect profits, the primary responsibility for the design of the payment system, its structures and processes as well as for its operational soundness and technical safety") as well as participants in some cases (§ 44a para. 6: "Participants in a payment system … shall be deemed to be any person or entity engaged in commercial activities and cooperating, for the purpose of making direct or indirect profits, in the transfer of funds within, from or to a payment system").

In addition to the OeNB’s own RTGS system (ARTIS) within the TARGET system, the following payment systems and securities clearing/settlement systems are currently subject to payment systems oversight:¹⁴)

Payment System	Operator
MaestroPOS	Europay Austria Zahlungsverkehrssysteme GmbH
Maestro Bankomat	Europay Austria Zahlungsverkehrssysteme GmbH
EasyPay	Hobex AG
VISA Electron	VISA-SERVICE Kreditkarten AG
Online	Western Union International Bank GmbH
VISA	VISA-SERVICE Kreditkarten AG
MasterCard	Europay Austria Zahlungsverkehrssysteme GmbH
Diners Club	AirPlus Air Travel Card Vertriebsges.mbH
American Express	American Express Bank Ltd.
Quick, @Quick	Europay Austria Zahlungsverkehrssysteme GmbH
paysafecard	paysafecard.com Wertkarten AG
VISA Electron Prepaid	VISA-SERVICE Kreditkarten AG
Maestro Traveller	Europay Austria Zahlungsverkehrssysteme GmbH
Maestro SecureCode	Europay Austria Zahlungsverkehrssysteme GmbH
paybox	paybox austria AG
bill-it-easy	montax payment services gmbh
Securities Clearing/Settlement System	Operator
CCP.A Terminmarktsystem	CCP Austria Abwicklungsstelle für Börsen Geschäfte GmbH
CCP.A Kassamarktsystem	CCP Austria Abwicklungsstelle für Börsen Geschäfte GmbH
Wertpapiersammelbank	Oesterr. Kontrollbank

(as of August 2006)

Oversight of system participants focuses on one hand on infrastrucureproviders  which provide systemically important services for Austrian payment systems, as well as Austrian direct participants in payment systems not governed by Austrian law. At present, the the following participants are subject to oversight:

Provider of Infrastructure	Company Name
FDA (former APSS)	FIRST DATA AUSTRIA GMBH
SGI	Scientific Games International GmbH
mPay24	mPAY24 GmbH
QENTA	QENTA paymentsolutions Beratungs und Informations GmbH
VIVIEUM	Viveum Zahlungssysteme GmbH
Payment Systems not Governed by Austrian Law	Austrian Participant
RTGSplus	Erste Bank der österr. Sparkassen AG
EURO1	Bank Austria-Creditanstalt AG
EURO1	Erste Bank der österr. Sparkassen AG
EURO1	Raiffeisen Zentralbank Österreich Aktiengesellschaft
STEP1	Allg. Sparkasse Oberösterreich Bank AG
STEP1	Bank Austria-Creditanstalt AG
STEP1	Bank für Kärnten und Steiermark AG
STEP1	Bank für Tirol und Vorarlberg AG
STEP1	Dornbirner Sparkasse AG
STEP1	Erste Bank der österr. Sparkassen AG
STEP1	Oberbank AG
STEP1	Oesterr. Volksbanken AG
STEP1	Raiffeisenlandesbank Oberösterreich reg. Gen.m.b.H.
STEP1	Raiffeisen-Landesbank Tirol AG
STEP1	Raiffeisen Zentralbank Österreich Aktiengesellschaft
STEP1	Steiermärkische Bank und Sparkassen – Bank Styria AG
STEP2	Oesterr. Nationalbank
STEP2	Bank Austria-Creditanstalt AG
STEP2	Raiffeisen Zentralbank Österreich Aktiengesellschaft
SIC	Dornbirner Sparkasse AG
SIC	Erste Bank der österr. Sparkassen AG
SIC	Oberbank AG
SIC	Bank für Tirol und Vorarlberg AG
SIC	Bank Austria-Creditanstalt AG
SIC	Raiffeisen Zentralbank Österreich Aktiengesellschaft
SIC	Raiffeisenlandesbank Oberösterreich reg. Gen.m.b.H.
SIC	BAWAG-PSK
SIC	Vorarlberger Landes-Hypothekenbank AG
EURO-SIC	Bank für Tirol und Vorarlberg AG
EURO-SIC	Dornbirner Sparkasse AG
EURO-SIC	Raiffeisen Zentralbank Österreich Aktiengesellschaft

(as of August 2006)

As in the oversight approach of the Eurosystem, the OeNB would only use its authority to issue regulations under Article 44a para. 3 of the Nationalbank Act¹⁵) in cases of actual market failure. Instead, payment systems oversight is regarded as an instrument to support the self-regulation of market forces (i.e. a catalyst) and primarily focuses on the efficiency and security of payment systems as well as their availability as a transmission channel for monetary policy. As a result, the OeNB relies on cooperation with market participants and mainly bases its oversight activities on evaluating the information to be provided under Article 44a para. 7 of the Nationalbank Act.¹⁶)

In June 2002, after consulting with Austrian market participants, the OeNB defined guidelines and supervisory principles for payment systems operating in Austria¹⁷) and for the types of system participation relevant to oversight activities. 

The guidlines define the minimum information necessary to ensure that reports are complete, while the supervisory principles support the evaluation of these reports. With due attention to the fundamental principles of the Eurosystem, the objectives cover the following areas:

• "Legal system security"  (Objective: The legal basis of each payment system should be defined clearly and be enforceable vis-à-vis all parties involved), 
• "Financial system security"  (Objective: All parties involved should be aware of the credit and liquidity risks arising from the operation of the system, settlement should be carried out quickly, and the assets used for settlement should not involve credit or liquidity risk), and 
• "Organizational and technical system security"  (Objective: To ensure the confidentiality and the integrity of the payments handled by a system, the operator should use state-of-the-art IT security measures, and the system should ensure a high level of availability and operational security).               

Operators and participants are to document their compliance with the supervisory principles by submitting the appropriate evidence. Suitable evidence includes the following:

• Information on fundamental system structures and the environment in which they are deployed, 
• Information on internal system checks, 
• Presentation of expert opinions from certified inspection agencies regarding the fulfillment of reported security levels, and 
• Presentation of the legal regulations and contracts underlying the operation of the system.               

Should the evaluation of evidence point to substantial deficits with regard to the supervisory principles, it is necessary to determine a means of remedying those defects in cooperation with the relevant system operators or participants.¹⁸)

When evaluating evidence in the area of "Organizational and technical system security," the OeNB makes use of its option (specified in Art. 44a para. 9 Nationalbank Act) of using the services of external experts (as defined in Art. 52 of the Act on General Administrative Procedure).

In particular, experts from the "Secure Information Technology Center- Austria (A-SIT)" are used for this purpose. A-SIT was established in May 1999 as a nonprofit association by the Austrian federal government (represented by the Federal Ministry of Finance), the OeNB and the Graz University of Technology.¹⁹) Its activities focus on managing evaluations, monitoring technology, advising institutions and raising public awareness. In addition to its headquarters in Vienna, A-SIT has a location in Graz at the Institute for Applied Information Processing and Communications (IAIK) at the Graz University of Technology. The association’s close ties to the Graz University of Technology – and thus to state-of-the-art technology – are highly conducive to gaining insight and experience which is useful to payment system operators as well as the OeNB.

A-SIT’s capacity as an external expert comprises reviews of reports and evidence for their content and plausibility. These expert reports are subsequently included in the OeNB’s overall inspections.

In addition to the reviews based on oversight principles, which are usually carried out at fairly long intervals, the OeNB has also had an instrument since early 2004 which supports continuous oversight activities by monitoring of the ongoing operations of payment systems and participants.

These monitoring activities are handled by the ZAST (payment system statistics) system, to which quantitative information (number/value of payments handled) as well as qualitative information (collateral and liquidity management, technical difficulties, etc.) are to be reported. Article 44a para. 7 of the Nationalbank Act specifies the reporting obligations for these statistics.²⁰)

ZAST is divided into five modules (ARTIS, payment systems operators, infrastructure operators, participants and securities trading/clearing/settlement systems). Monthly reports are required for all systems recognized under Article 2 of the Finalitätsgesetz (Act on Settlement Finality in Payment and Securities Settlement Systems; Settlement Finality Act), BGBl. Part I No. 123/1999, while all other reporting parties are required to submit quarterly reports.

Disruptions in payment systems can have a negative impact on financial market participants and (due to the "domino effect") ultimately endanger the stability of the overall financial system as well. Maintaining financial stability thus requires the reliable operation of clearing and settlement systems.

Therefore, the Eurosystem pays special attention to issues related to payment systems oversight. As an integral part of the Eurosystem, the OeNB – in fulfillment of its legal mandate as the authority responsible for payment systems oversight in Austria – ensures that the systemic safety of Austrian payment systems and the relevant participants meet the legal, financial, organizational and technical standards required by the Eurosystem. The OeNB thus makes a substantial contribution to the stability of the financial system in the euro area.

"Payment Systems Oversight"

Art. 44a.

(1) The Oesterreichische Nationalbank shall be in charge of performing payment systems oversight. Payment systems oversight involves monitoring the systemic safety of payment systems. The mandate of the OeNB shall cover

1. operators of payment systems governed by Austrian law;
2. participants, established in Austria, in payment systems governed by Austrian law;
3. participants, established in Austria, in payment systems not governed by Austrian law.

(2) Systemic safety within the meaning of this federal act shall be any and all measures to be taken by operators of, and participants in, a payment system that serve to ensure a sound management of the legal, financial, organizational and technical risks associated with the operation of, or participation in, a payment system.

(3) According to paragraph 1 and with due regard to the tasks and scope of the payment systems concerned, the Oesterreichische Nationalbank shall be empowered to designate, by way of regulation, as legally binding in the field of supervision the content of recommendations of the ECB and the Basel Committee on Payment and Settlement Systems that constitute international principles applicable to the systemic safety of payment systems.

(4) A payment system within the meaning of this federal act shall be deemed to be any system in accordance with Article 2 of the Finalitätsgesetz (Settlement Finality Act), BGBl. Part I No. 123/1999, as well as any commercial framework for the electronic transfer of funds among at least three participants.

(5) A payment systems operator within the meaning of this federal act shall be deemed to be any person or entity engaged in commercial activities and assuming, for the purpose of making direct or indirect profits, the primary responsibility for the design of the payment system, its structures and processes as well as for its operational soundness and technical safety.

(6) Participants in a payment system within the meaning of this federal act shall be deemed to be any person or entity engaged in commercial activities and cooperating, for the purpose of making direct or indirect profits, in the transfer of funds within, from or to a payment system.

(7) The operators of a payment system shall provide the Oesterreichische Nationalbank, at its request, with information on:

1. the measures they have taken with a view to ensuring the systemic safety of the payment system, and
2. the type and volume of the payments processed through the payment system,

and shall submit the relevant documentation. If the required information is not or only inadequately provided by an operator within an appropriate period, the Oesterreichische Nationalbank, threatening sanctions under paragraph 11, shall order the provision of information by setting a new deadline for submission.

(8) Participants in a payment system shall provide the Oesterreichische Nationalbank, at its request, with information on:

1. the measures they have taken with regard to a safe participation in the payment system, and,
2. in the case of participation in a payment system not governed by Austrian law, the type and volume of the payments processed by them through this payment system, and shall submit the relevant documentation.

(9) If the information collected under paragraphs 7 or 8 is inadequate or if there are reasonable doubts as to the correctness or completeness of the information and documentation, the Oesterreichische Nationalbank shall be empowered to request appropriate explanations and have its own auditors carry out on-site inspections, assisted by experts under Article 52 of the Allgemeines Verwaltungsverfahrensgesetz (Act on General Administrative Procedure). Without prejudice to the reasons for exclusion listed in Article 53 paragraph 1 of the Allgemeines Verwaltungsverfahrensgesetz, such experts must not be engaged in any activities for operators of, or participants in, payment systems. In agreement with the Finanzmarktaufsicht (FMA — Financial Market Authority), on-site inspections may also be carried out by auditors of the FMA on behalf of and for the account of the Oesterreichische Nationalbank.

(10) If an operator or participant does not comply with the regulations issued by the Oesterreichische Nationalbank in accordance with paragraph 3, the Oesterreichische Nationalbank, threatening sanctions under paragraph 11 or 12, shall call upon this operator or participant to remedy these shortcomings within an appropriate period.

(11) If the operator of a payment system does not comply with or only inadequately complies with the duty to provide information under paragraph 7 or if a request to remedy shortcomings in accordance with paragraph 10 is not or onlyinadequately complied with, the Oesterreichische Nationalbank may, with the consent of the Finanzmarktaufsicht, prohibit the operation of the payment system or revoke the recognition of the system in accordance with Article 2 paragraph 1 item 3 of the Finalita‹tsgesetz, if this is deemed appropriate to the type and gravity of the violation and if the required lawful situation cannot be attained otherwise. 

(12) If, notwithstanding a threat of sanctions, the participant of a payment system does not comply with or only inadequately complies with a request to remedy shortcomings in accordance with paragraph 10, the Oesterreichische Nationalbank may prohibit the participation in a payment system, if this is deemed appropriate to the type and gravity of the violation and if the required lawful situation cannot be attained otherwise.

(13) Participants in a payment system that are not domiciled in Austria are obligated to comply with the information duties only to the extent that this does not contradict the law of their country of domicile.

(14) The Oesterreichische Nationalbank shall be empowered to publish the content of a supervisory measure imposed under paragraphs 11 or 12 in the Amtsblatt zur Wiener Zeitung (Official Gazette) or in another official publication circulating nationwide, if this is necessary in the interest of systemic safety or of payment system clients and justified by the type and gravity of the unlawful behavior. 

(15) The Oesterreichische Nationalbank shall demonstrably take those organizational measures that are needed to avoid conflicts of interest due to its own economic activities. In particular, information stemming from supervisory activities shall be limited to the competent staff.


Art. 82a.

(1) Whoever fails to comply or complies only inadequately with the information and presentation duties laid down in Article 44a shall be guilty, unless the act constitutes an offense falling into the jurisdiction of the courts, of an administrative offense which shall be punishable by a fine of up to 2,000 euro.

(2) Whoever, notwithstanding the prohibition contained in Article 44 a paragraph 10, operates a payment system or, notwithstanding the prohibition in Article 44 a paragraph 12, participates in a payment system shall be guilty, unless the act constitutes an offense falling into the jurisdiction of the courts, of an administrative offense which shall be punishable by a fine of up to 7,000 euro.