PFMI Disclosure Report March 2023

Contents:

I. Executive summary

II. Summary of major changes since the last update of the disclosure

III. General background on the FMI

IV. Principle-by-principle summary narrative disclosure

V. List of publicly available resources

• Background of NPCI
• Objectives of NPCI
• About NPCI and Subsidiary Companies
• Governance and Oversight at NPCI & Subsidiary Companies
• PFMI Assessment
• Principle 1: Legal Basis
• Principle 2: Governance
• Principle 3: Framework for the comprehensive management of risks
• Principle 4: Credit Risk
• Principle 7: Liquidity Risk
• Principle 8: Settlement finality
• Principle 9: Money Settlement
• Principle 13: Participant default rules and procedures
• Principle 15: General Business Risk
• Principle 16: Custody and Investment risks
• Principle 17: Operational Risk
• Principle 18: Access and participation requirements
• Principle 19: Tiered participation arrangements
• Principle 21: Efficiency and effectiveness
• Principle 22: Communication procedures and standards
• Principle 23: Disclosure of rules, key procedures, and market data

I. Executive summary :

Financial market infrastructures (FMIs) that facilitate the clearing, settlement and recording of monetary and other financial transactions can strengthen the markets they serve and play a critical role in fostering financial stability. However, if not properly managed, they can pose significant risks to the financial system and be a potential source of contagion, particularly in periods of market stress. FMIs play a critical role in the financial system and the broader economy. In April 2012, the Committee on Payment and Settlement Systems (CPSS) and Technical Committee of the International Organization of Securities Commission (IOSCO) published the report “Principles for Financial Market Infrastructures (PFMI)”, which establishes new international standards for payment systems that are systemically important, central securities depositories, securities settlement systems, central counterparties and trade repositories.

NPCI is a technology Company that connects financial institutions (including banks), merchants, digital partners, businesses and other organizations, enabling them to use electronic forms of payment. Through its core payments processing network, NPCI also facilitates the switching (authorization, clearing and settlement) of payment transactions and delivers related products and services for its customers.

NPCI’s customers are mostly financial and other institutions and typically does not have any contractual agreements directly with end consumers.

NPCI has completed Principles for Financial Market Infrastructure (PFMI) assessment for financial year 2022-23.

II. Summary of major changes since the last update of the disclosure :

Nil

III. General background on the FMI :

General description of the FMI and the markets it serves.

National Payments Corporation of India (NPCI), an umbrella organization for operating retail payments and settlement systems in India, is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association (IBA) under the provisions of the Payment and Settlement Systems Act, 2007, for creating a robust Payment & Settlement Infrastructure in India.

NPCI was incorporated as a “Not for Profit” Company under the provisions of Section 25 of the Companies Act 1956 (now Section 8 of the Companies Act 2013), with an intention to provide infrastructure to the entire banking system in India for electronic payment and settlement systems. NPCI’s focus is on bringing innovations and widening the reach of retail payment system by using technology that will enable greater efficiency in operations.

General organization of the FMI

NPCI was incorporated as a "Not for profit" company under the provision of section 25 of the Companies Act 1956 (now Section 8 of the Companies Act 2013). NPCI is owned by PSU banks, Private Sector banks, co-operative banks, Regional Rural banks, small finance banks. The oversight of governance of NPCI is vested with the Board of Directors. Board Committees of NPCI are as below:

• Management Committee
• Nomination and Remuneration Committee
• Audit Committee
• Risk Management Committee
• Technology and Project Management Committee
• Business Strategy Committee
• Corporate Social Responsibility Committee
• Committee of Independent Directors
• Shareholding Management Committee
• Customer Service Committee

The above Committees oversee different functions of NPCI with overall supervision of the Board. Under the overall supervision and control of the Board, the Managing Director & Chief Executive Officer (MD & CEO) looks after the day-to-day functions of the company. The MD & CEO is supported by Chief Financial Officer, Chief Operating Officer, Chief Risk Officer and various other senior officials.

Legal and regulatory framework

NPCI, pursuant to the Authorization received from the RBI, is engaged in operating retail payment systems in India.

NPCI was incorporated as a “Not for Profit” company under Section 25 of the Companies Act 1956 (now Section 8 of the Companies Act 2013). A new entity, NPCI International Payments Ltd (NIPL) was incorporated under the Companies Act, 2013, as a wholly-owned subsidiary of NPCI, for the purpose of entering into business arrangements with foreign networks for implementation of NPCI’s products in foreign jurisdictions. Similarly, NPCI Bharat Bill Pay Limited (NBBL) was incorporated under the Companies Act, 2013 as a wholly-owned subsidiary of NPCI and the Bharat Bill Payment System (BBPS) business was transferred by NPCI to NBBL.

The Payment and Settlement Systems Act, 2007(hereinafter referred to as the “PSS Act”) designates RBI as the nodal agency for the regulation and supervision of payment systems in India. NPCI and NBBL are Authorized by RBI to operate retail payment systems in India under the PSS Act. Pursuant to this Authorization, NPCI and NBBL are carrying out their respective business operations within the territorial jurisdiction of India. NIPL has been authorized by RBI to enter into agreements with international networks and other entities for enabling implementation of NPCI products in foreign jurisdictions. Accordingly, NIPL carries out its operations within and outside the territories of India.

With respect to jurisdiction mapping, the exclusive jurisdiction of the courts at Mumbai, India is preferred for all product agreements executed by NPCI.

IV. Principle-by-principle summary narrative disclosure :

The general applicability of principles to specific type of FMIs are specified in the Principles for Financial Market Infrastructures (PFMI). Accordingly, not all 24 principles are relevant for NPCI.

Summary of Applicable Principles :

V. List of publicly available resources :

NPCI Website: NPCI - National Payments Corporation of India - Official Website

https://www.npci.org.in/

Board of Directors: Board of Directors | NPCI - National Payments Corporation of India

https://www.npci.org.in/who-we-are/board-of-directors

Management Team: Management Team | NPCI - National Payments Corporation of India

https://www.npci.org.in/who-we-are/management-team

Risk Management: Risk Management @ NPCI | NPCI - National Payments Corporation of India

https://www.npci.org.in/who-we-are/risk-management/risk-management-npci

System Statistics: Statistics of NPCI - National Payments Corporation of India

https://www.npci.org.in/statistics

Principles for Financial Market Infrastructures (PFMI):

https://www.bis.org/cpmi/publ/d101a.pdf

Summary of NPCI’s alignment to the applicable Principles are detailed below:

Background of NPCI :

NPCI is an initiative of Reserve Bank of India (RBI) and Indian Banks’ Association (IBA) for creating a robust Payment & Settlement Infrastructure in India. NPCI has been Authorized by RBI for operating retail payments and settlement systems in India under the provisions of the Payment and Settlement Systems Act, 2007 (PSS Act).

Considering the utility nature of the objective of NPCI, it has been incorporated as a “Not for Profit” Company under the provisions of Section 25 of the Companies Act 1956 (now Section 8 of the Companies Act 2013), to provide infrastructure to the entire banking eco system in India electronic payment and settlement systems. NPCI is focused on bringing innovations to the retail payment systems through introduction of new technology for achieving greater efficiency in operations and widening the reach of payment systems.

Objectives of NPCI :

NPCI’s mission is to touch every Indian with one or other payment services. NPCI’s vision is to be the best payment network Globally.

NPCI has created a robust payments and settlement infrastructure in the country. NPCI has changed the way payments are made in India through bouquet of retail payment products.

NPCI is focused on bringing innovations in the retail payment systems through the use of technology and is relentlessly working to transform India into a digital economy. NPCI is facilitating secure payments solution with nationwide accessibility in furtherance of India’s aspiration to be a fully digital society.

About NPCI and Subsidiary Companies :

NPCI Group Structure

NPCI International Payments Ltd. (NIPL) has been incorporated with an objective of partnering with foreign entities for implementing various NPCI products including RuPay card scheme and UPI outside India.

NPCI Bharat Bill Pay Limited (NBBL) is a one stop solution for variety of payments, such as, electricity, telecom, DTH, gas, water bills, etc. and other repetitive payments like insurance premium, mutual funds, school fees, institution fees, credit cards, fastag recharge, local taxes, housing society payments, etc.

NPCI Board

The Board of Directors of NPCI provides oversight of the strategy and governance to support management in achieving its strategic and business objectives. The Board of NPCI comprise of Independent Directors, RBI Nominee Director, Nominee Directors representing Promoter Banks and Nominee Directors representing Shareholders’ Banks and the MD & CEO.

The Board has delegated the authority to management to design and implement practices and governance that support the achievement of strategies and business objectives through constitution of sub-committees, framing policies and delegation of financial power.

Structure of NPCI Group Board and its committees is exhibited below:

NIPL

NBBL

Governance and Oversight at NPCI & Subsidiary Companies :

NPCI follows the Three Lines of Defence (LOD) which constitutes Business/Operation functions (first LOD), Risk Management function (second LOD) and Assurance (third LOD). This is structured as under:

Additionally, NPCI’s reporting lines demonstrate segregation of Business/Operation, Risk and Audit Functions. All the business functions have functional reporting to MD & CEO.

The Risk Management function has an additional direct reporting to the Risk Management Committee of the Board. This ensures sufficient independence, authority, resources and access to the Board that enables operations of NPCI to be consistent with the risk-management framework.

Audit Function is independent of management functions. Head of Internal Audit reports functionally to Audit Committee of the Board.

The minutes of the Board Meetings of the NPCI subsidiary companies along with the details of significant transactions and arrangements entered into by the subsidiary companies are reported to the Board on a quarterly basis. The financial statements of the subsidiary companies are presented to the Audit Committee and Board.

In terms of Section 139 (5) of the Companies Act, 2013, Statutory Auditor for NPCI & Subsidiary Companies are appointed by CAG. This appointment is done every year. Additionally, CAG conducts Supplementary audit of NPCI and Subsidiary Companies every year. CAG also conducts Annual Compliance audit.

An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions.

Key Consideration 1: The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions.

Material aspects that require high degree of legal certainty for NPCI are as follows:

• Settlement finality and netting
• Default management procedure
• Interoperability

The legal base to above material aspects is provided by The Payment and Settlement Systems Act, 2007.

The relevant jurisdiction for NPCI is India. NPCI in the past has entered into network-to-network agreements with international networks. Such agreements define the rights and obligations of the international network partner and NPCI. After the formation of its subsidiary, NIPL, now such contracts with network partners are entered into by NIPL.

Section 23 of PSS Act, 2007, states that payment or settlement obligations shall be determined in accordance with the gross or netting procedure, as the case may be, approved by the RBI while issuing the Authorization. The SGM Policy states that NPCI performs deferred multilateral net settlement which gets the legal backing from the PSS Act, 2007.

The settlement is considered final and irrevocable as soon as such settlement amount is arrived at through netting procedure. The legal base to above material aspects is provided by The Payment and Settlement Systems Act, 2007.

NPCI has been incorporated as a Not-for-Profit organization under Section 25 of the Companies Act 1956 (now Section 8 of the Companies Act 2013). NPCI has defined Bye laws in the form of Memorandum and Articles of Association which states object clause of NPCI, and other significant activities required for running an organization.

NPCI through its subsidiary NPCI International Payments Limited (NIPL) executed network-to-network arrangements to carry out operations in different jurisdictions. Participant agreement for all products is governed by Indian law and therefore are enforceable in the courts of law of India including arbitration tribunals.

Key Consideration 2: An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations.

Under Section 3 of the PSS Act, RBI is the designated authority for the regulation and supervision of payment systems. Under section 10 of the PSS Act, RBI is authorized to prescribe standards to be complied by the payment systems. NPCI is a payment system company, authorized by RBI. NPCI’s legal framework is clear, understandable, and consistent with the provisions of the PSS Act and the standards prescribed by RBI.

NPCI's legal framework consists of contracts executed with member participants, networks and vendors; other on-boarding documents and procedure guidelines. These documents cover all material aspects of NPCI operations. NPCI has executed agreement with each and every participant. These agreements are in line with the PSS Act, 2007. Additionally, NPCI has documented Settlement Guarantee Mechanism (SGM) and procedural guidelines that states and clearly articulates the operational aspects with respect to rules and procedures.

NPCI undertakes periodic review of its procedural guidelines and incorporates changes as may be necessary to align it with the standards prescribed by RBI. Any change in the procedural guidelines is communicated to the member participants before implementation to ensure that it is understood by the member participants well in advance before the changes are actually implemented. Training sessions are conducted from time to time for member participants to ensure that the member participants have sufficient understanding of NPCI’s products, operating rules and procedures. NPCI also issues circulars, as and when necessary, to inform member participants on various changes in its product or operations. These circulars are part of the rules and regulations of NPCI to be adhered to by member participants.

On a need basis, depending on complexity / criticality of the matter, documents are referred to external legal consultants for their inputs and opinions.

NPCI's legal framework consists of contracts executed with member participants, networks and vendors; other on-boarding documents and procedure guidelines. These documents cover all material aspects of NPCI operations. Such documents for each product / each tie up are drafted in-house in consultation with and approved by all the relevant internal stakeholders. In the course of these discussions, inputs from all internal stakeholders are appropriately incorporated in the draft document thereby ensuring consistency with relevant laws and regulations. NPCI discusses these documents, as well as alterations to existing ones with members in formal forums such as product steering committee meetings, task force meetings etc.

Key Consideration 3: An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way.

Under Section 3 of the PSS Act, RBI is the designated authority for the regulation and supervision of payment systems. Under section 10 of the PSS Act, RBI is authorized to prescribe standards to be complied by the payment systems. NPCI is a Payment System, authorized by RBI. NPCI functions within the above legal and regulatory framework.

The legal basis for activities of NPCI are further articulated in the agreements and other legal documents executed by NPCI with its member participants and in its procedural guidelines. Procedural guidelines are shared with the participants, and product details are published on NPCI’s website for access to public.

Key Consideration 4: An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays.

With respect to rules, procedures and contracts that are enforceable in the local jurisdiction i.e. India, there is a high degree of certainty that its actions will not be voided or reversed in any way as the regulatory framework governing NPCI operations provides certainty to its activities.

In case of contracts entered into with a counterparty incorporated in a jurisdiction other than India (hereinafter referred to as “Foreign Party”), NPCI prefer Indian law, courts/arbitration and jurisdiction in such contracts to ensure certainty that the same are not voided or reversed and are enforceable. Further, NPCI includes appropriate provisions with respect to choice of law and dispute resolution in its agreements to ensure enforceability of the agreement in India and other foreign jurisdictions.

Further, on a need basis, depending on complexity / criticality of the matter, rules, procedures and contracts, are referred to law firms for their inputs and opinions to ensure that the rules, procedures and contracts are valid, effective and enforceable in the relevant jurisdiction. Based on the above grounds, NPCI has a high degree of confidence that the relevant rules, procedures and contracts are enforceable in all relevant jurisdictions.

NPCI has a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Therefore, there is a high degree of certainty that its actions will not be voided, reversed or subject to stays in any way.

The agreements executed by NPCI with its member participants and the procedural guidelines which address the material aspects of payment system operations, including eligibility criteria for on-boarding new member participants, responsibilities and liabilities of member participants, fees and charges, suspension or termination of existing members, enforceability of netting, clearing and settlement procedure, default management procedure (in case of settlement default by any participating member), etc. are binding and enforceable and articulate a clear and enforceable legal basis for securing contractual certainty.

Further, NPCI includes appropriate provisions with respect to the choice of law and dispute resolution in its agreements to ensure enforceability of the agreement in India and other foreign jurisdictions. On a need basis, NPCI seeks opinion from law firms so as to strengthen NPCI’s ability to enforce such agreement.

No such cases where a court in any relevant jurisdiction ever held any of the FMI’s relevant activities or arrangements under its rules and procedural to be unenforceable.

Key Consideration 5: An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions.

NPCI conducts its business primarily in India and therefore, the legal risk to NPCI arising from conflicts of laws is limited. In cases where NPCI enters into agreement with a Foreign Party, NPCI endeavors to mitigate any legal risk arising from conflict of law by opting for common law as the governing law of the agreement (Indian law is also based on common law).

This risk is further alleviated by performing a due-diligence to ensure that the Foreign Party’s home country is a signatory to the New York Convention, 1958 which provides a uniform international framework for dispute resolution to the parties to international commercial agreements and enables the recognition and enforcement of arbitration awards made in other contracting states. Such arbitration awards are binding and enforceable as per the said treaty. Considering arbitration awards passed in countries who have acceded to New York Convention are enforceable in other countries who have also acceded to the said treaty, either Indian arbitration or neutral international arbitration is preferred for dispute resolution mechanism to ensure enforceability of the award in India and other foreign jurisdictions. Accordingly, NPCI includes appropriate provisions with respect to choice of law and dispute resolution in its agreements with Foreign Party and if necessary, NPCI seeks opinion from law firms with respect to NPCI’s ability to enforce such agreement under the Foreign Party’s home jurisdiction.

An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders.

Key Consideration 1: An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations.

NPCI has been established for creating a robust payments and settlement infrastructure in India. NPCI’s vision is to become the best global payment network, excelling in its capabilities and services. NPCI is focused on bringing innovations in the retail payment systems through the use of technology for achieving greater efficiency in operations and widening the reach of payment systems.

NPCI’s strategies are aligned to its objectives and the performance is monitored and reviewed regularly so as to ensure meeting the objectives.

Safety and efficiency are given highest importance set to achieve objectives of NPCI. Standard operating procedures are defined for every process to ensure standardization and consistency.

As part of ERM, NPCI has defined comprehensive Key Risk Indicators (KRIs) with thresholds that enables monitoring of operational and financial performance. These KRIs are monitored, and results are presented to Risk Management Committee and the Board at regular frequency. Risk Management policies are placed before the RMC and the Board as part of the annual review process.

Safety is also ensured by the well-formulated IT Infrastructure complemented by the Information Security Framework. NPCI is compliant to ISO standards such as ISO 27001:2013 - Information Security Management System (ISMS), Privacy Information Management System (PIMS) and PCI DSS v4.0.

Key Consideration 2: An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public.

The Committees constituted by the Board plays a crucial role in the governance structure of NPCI and have been constituted to deal with specific areas / activities as mandated by applicable laws/ regulations and requires regular review. The Board Committees are set up under the formal approval of the Board to carry out clearly defined roles which are performed by Members of the Board, as a part of good governance practice.

The Committees of the Board are listed below:

• Audit Committee
• Risk Management Committee
• Management Committee
• Nomination and Remuneration Committee
• Technology and Project Management Committee
• Business Strategy Committee
• Corporate Social Responsibility Committee
• Committee of Independent Directors
• Shareholding Management Committee
• Customer Service Committee

The Board has authorized the MD & CEO to carry out day-to-day affairs of the Company. The MD & CEO is assisted by a strong team of experienced professionals (functional heads) such as COO, CPO, CTO, CRO, CFO, CISO and others. Functional heads are supported by middle level and other officials to carry out day to day operations of NPCI. The Terms of Reference (TOR) of each of the Board committees is available on NPCI website.

Additionally, NPCI has set up the following committees where external experts help in providing guidance to Management team:

• Technical Advisory Committee
• Innovation Council
• Internal Risk Management Committee
• Internal Audit Committee

The TOR of various committees define duties and responsibilities of the respective committee(s). Management roles, responsibilities and accountability are defined in the function specific policies.

Duties, roles, responsibilities and accountability are documented in TOR and relevant policies. The TOR and other relevant policies are reviewed regularly.

NPCI undertakes accountability towards its shareholders through the Board of NPCI. NPCI seeks approval and provides updates to the Board with respect to business, financials, and other functions. Further, NPCI conducts Annual General Meeting and provides its shareholders the annual financial statements and updates various developments in respect of NPCI’s operations and in certain cases seek necessary approvals that are required in accordance with the Companies Act, 2013.

NPCI enters into contracts with all participants and has well defined procedural and operational guidelines for each of its products. These documents describe roles, responsibility, liability and accountability of NPCI and the participants. Further, the Product Steering Committee has been formed for respective products for product development, product management, roadmap, regulatory compliance and obtain feedback and to address concerns and challenges.

Key function of the NBBL’s Steering Committee is to advise on development and overseeing of the implementation of standards for the bill payment system., through a participative decision-making process.

The annual report of NPCI is shared with shareholders, RBI, and CAG. The annual report provides a complete view of NPCI’s objectives, initiatives taken to achieve those objectives, Financial Results, and other achievements during the year. NPCI complies with periodic submission of regulatory fillings/returns and other statutory requirements.

NPCI publishes annual report to RBI, Shareholders, and Comptroller and Auditor General of India (CAG). Annual Report contains comprehensive information such as Governance Arrangements, Roles and Responsibilities of Board of Directors, Powers delegated to MD & CEO, Code of conduct for Directors, Board Evaluations, Statutory Reports, Financial Statements, etc.

Governance arrangements are disclosed to the public through the company’s website. NPCI discloses the following information on its website:

• Details of Board of Directors
• Details of Board Committees, Innovation Council, Technical Advisory Committee
• Details of Management Team
• Terms of reference of Board Committees
• Risk Management Disclosure
• Cyber Security Disclosure
• AGM transcripts

Key Consideration 3: The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly.

The role of the Board is to provide guidance, supervise and control the functioning of the Company.

Role of the Board of Directors as defined in Handbook on Corporate Governance includes:

• Establish vision, mission, and values.
• Set strategy and structure.
• Delegate to management
• Exercise accountability to stakeholders and ecosystem participants
• Delegation of Operating Powers (DOP)

NPCI has established robust procedures for the functioning of its Board, which includes effective measures to identify, address, and manage conflicts of interest among its members. These procedures are documented in the "Handbook on Corporate Governance for Directors," which serves as a comprehensive guide outlining the processes and principles that govern the Board's functioning.

To ensure transparency and accountability, each director and key managerial personnel is required to provide a declaration to the Board Secretariat department regarding any related party transactions involving themselves or their relatives. This declaration is a vital step in identifying and addressing potential conflicts of interest within the Board.

The "Code of Conduct for Directors," which is part of the Handbook on Corporate Governance for Directors, further details the ethical standards and expectations from the Board members. This code of conduct is publicly available on NPCI's website, accessible to stakeholders and the public, providing clarity on the ethical standards governing the Board's actions.

In the case of independent directors, determination of independence is made on a case-to-case basis, considering all relevant facts and circumstances. Independent directors are required to provide a declaration confirming their independence at the first board meeting they attend and subsequently, at the first meeting of each financial year. This periodic reaffirmation ensures that their independence remains intact.

NPCI's procedures for board functioning, conflict of interest management and related party disclosures are comprehensive, transparent, and are reviewed periodically. These measures uphold corporate governance standards, foster ethical conduct and ensure that the interests of stakeholders are safeguarded.

NPCI has the following Board level committees.

• Audit Committee
• Risk Management Committee
• Management Committee
• Nomination and Remuneration Committee
• Technology and Project Management Committee
• Business Strategy Committee
• Corporate Social Responsibility Committee
• Committee of Independent Directors
• Shareholding Management Committee
• Customer Service Committee

These committees oversee different functions of NPCI with overall supervision of the Board of Directors. Roles and responsibilities, composition, quorum, secretary, authority and review of each committee has been documented in respective Committee’s TOR and corporate governance handbook.

Pursuant to the provisions of the Companies Act, 2013, the Board carries an annual performance evaluation of the Board, its committees, Individual Directors, including Chairman of the Board, MD & CEO. Committee reviews the “evaluation questionnaire(s)” for effective evaluation of performance of the Board and its Committees and individual Directors.

The process of annual evaluation of the Chairman, Independent and Non-Independent Directors, the MD & CEO, the Board as a whole and Board-level Committees are mentioned in the Corporate Governance section in the Annual Report.

In terms of the requirements of the Companies Act, 2013, an annual performance evaluation of the Board is undertaken where the Board formally assesses its own performance with an aim to improve the effectiveness of the Board and the Committees. The evaluation process is focused on the functioning of the Board and Committees, such as, composition of the Board and Committees, experience and competencies, performance of specific duties and obligations, governance related matters, etc. As part of implementing best governance practices, the guidance note issued by SEBI on Board Evaluation of listed entities, is also considered while conducting the evaluation exercise. The Board members from different backgrounds bring different expertise that helps Board discussions to be rich and immensely valuable.

Key Consideration 4: The board should contain suitable members with the appropriate skills and incentives to fulfil its multiple roles. This typically requires the inclusion of non-executive Board member(s).

NPCI accepts nomination of a candidate for Board member position as per relevant work experience and technical skills, where participating banks nominate a candidate. The corporate governance handbook states "possesses relevant expertise and experience" as one of the parameters to be taken into consideration for the appointment of Independent Directors.

The Board is led by a Non-Executive Director and Independent Chairman and the composition of the Board represents an optimal mix of professionals, based on knowledge and experience across various fields, viz. Technology, Strategy, Innovation, Banking, Finance and Accounting, Audit, Risk Management, Consumer Engagement, etc. This helps the Board to discharge its responsibilities and provide effective directions and guidance to the leadership team. The individual profile of the Board of Directors is disclosed on NPCI’s website.

NPCI adheres to the regulations stipulated in the Companies Act, 2013 and its corresponding rules. To attract and retain Board members with the necessary skills and expertise, NPCI offers incentives in the form of opportunity to contribute to public good and nation building activities. NPCI is recognized as a national critical infrastructure and holds a significant role in serving the nation. This gives the Board members pride in being a part of an organization that contributes to nation building. This sense of purpose and societal impact serves as a compelling incentive for the Board members to actively participate and contribute to NPCI's long-term objectives.

The sitting fee is provided to Independent Directors, excluding Nominee Directors, who attend Board meetings and Committee meetings. The specific amount of this fee is determined by the Board and it is subject to the prescribed ceiling specified in the Companies Act, 2013 and rules framed thereunder. The Board of NPCI consist of five Independent Directors, which includes one Non-Executive Chairman.

NPCI defines an independent Board member as a non-executive director who does not have any material or pecuniary relationship or transaction that could potentially compromise their independence of judgment. This definition aligns with the criteria outlined in Section 149(6) of the Companies Act, 2013.

NPCI discloses the names and profiles of its Independent Directors on its website and in the Annual Report. This disclosure allows stakeholders and the public to identify Board members NPCI regards as independent.

Key Consideration 5: The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI.

NPCI maintains success profiles for all its employees. Roles and responsibilities of management are clearly defined in the ‘success profile’. The success profiles are reviewed and updated on a periodic basis to ensure that roles and responsibilities are aligned to NPCI’s overall objective.

The roles and objectives of management at NPCI are established and evaluated through a well-defined process that aligns with the organization's strategic objectives and changing payment ecosystem. This process involves multiple steps to ensure clarity, alignment and continuous evaluation.

The Key Result Areas (KRAs) setting process plays a critical role in defining the roles and objectives of management. The HR Department collaborates closely with the management team to identify key areas of responsibility and establish specific, measurable objectives that contribute to NPCI's overall success. These KRAs are designed to align with the organization's strategic priorities and take into account industry trends and market dynamics.

Managing Director and CEO's KRA is approved based on the action plan decided in the Board's Strategic Action Plan (STRAP) meeting and Nomination and Remuneration Committee. The approved KRA is then cascaded down to CXOs and Functional Heads, ensuring alignment of objectives throughout the organization. The progress on KRAs and action plans outlined in the STRAP is reviewed by the MD & CEO regularly. The Board reviews the performance of the MD & CEO half yearly.

Once the KRAs are established, regular evaluations are conducted to assess the performance of the management team. This evaluation process may include various methods such as performance appraisals, goal progress tracking, feedback sessions and periodic reviews. The HR Department works in close coordination with the management team to gather relevant data to assess the extent to which the established objectives have been met.

Execution of Risk Management:

NPCI’s risk management and operations functions are headed by CXO level officials assisted by team of professionals with high degree of integrity and adequate skill. All employees are screened to meet the requirements as per HR Policy which emphasizes on high degree of integrity, and skill set commensurate with job role.

Oversight and governance of risk management:

NPCI’s risk management team consists senior officials who have expertise in the fields of payment system, technology, risk management functions, regulatory requirements, etc. The Risk Management Committee of the Board guides the team on oversight and governance of risk management.

NPCI has defined ‘Code of Conduct’ and ‘Separation Policy’ for its employees including management. The policy also describes the removal of management following the due process.

Key Consideration 6: The board should establish a clear, documented risk-management framework that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the Board.

NPCI’s Risk Management Committee (RMC), is a designated committee of the Board to ensure robust risk management processes and practices are institutionalized. Risk management function is an independent function that works as second LOD. RMC is responsible for the enterprise level risk management framework, as defined in its charter.

To be aligned with regulatory as well as international leading practices, NPCI has designed the Enterprise Risk Framework/Policy drawing guidance from regulatory guidelines and best industry practices. Framework also includes Enterprise Risk Management (ERM) policy; ERM - Standard Operating Procedure, Settlement Guarantee Mechanism (SGM) policy; SGM- Standard Operating Procedure, Operational Risk Management (ORM) policy; ORM - Standard Operating Procedure, Key Risk Indicators, Risk Appetite, Fraud Risk Management (FRM) policy; FRM - Standard Operating Procedure. These policies have detailed roles and responsibilities of all functions with respect to risk management. This framework applies to organization as a whole and assists in achieving the organizational strategic objectives by bringing a systematic approach for identifying, measuring, analyzing, evaluating, mitigating, monitoring, and reporting risk and control. Some of the risk management measures / functions are listed below:

• Operational Risk Management
• Fraud Risk Management
• Surveillance and Enforcement
• Anti-Money Laundering

NPCI has established a board-approved Enterprise Risk Management Framework to periodically measure and monitor the Key Risk Indicators (KRI) across critical risk categories such as Liquidity Risk, Operational Risk and Business Risk. Each KRI has thresholds and risk tolerance limits, which are monitored, and any breaches are discussed, deliberated, and actioned upon by competent authorities. The ERM Framework/Policy broadly outlines the roles and responsibilities of the Board of Directors, Risk Management Committee, Audit Committee, Internal Risk Management Committees, Chief Risk Officer, Senior Management and employees.

NPCI has constituted an independent risk management function that acts as a second LOD. The Chief Risk Officer (CRO) is the owner of the Enterprise Risk Management Framework, Policy and responsible for risk management strategy developments. The risk management framework is periodically reviewed and approved by the Risk Management Committee (RMC) and thereafter by the Board.

The Chief Risk Officer (CRO) is the owner of the Enterprise Risk Management Framework, Policy and responsible for risk management strategy developments. Risk governance framework provides roles and responsibilities of the Risk Management structure of NPCI, through which authority, accountability, competence for managing risk is gained including adequacy, effectiveness and efficiency of controls. The CRO functionally reports to the Risk Management Committee of the Board.

The roles and responsibilities, authority, reporting lines and resources of the audit function are detailed in NPCI's Audit Policy. Audit function is headed by the Audit Head who functionally reports to Audit Committee of the Board. All internal audit reports are reviewed by the Internal Audit Committee and the key findings are reported to the Audit Committee of the Board.

The Risk Management Committee of the Board guides the Risk Management team to ensure adequate governance surrounding the adoption and use risk management models. The Internal Risk Management Committee, which is NPCI’s internal Committee reviews and recommends adoption of various risk management models.

Key Consideration 7: The board should ensure that the FMI’s design, rules, overall strategy, and major decisions appropriately reflect the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public.

NPCI has multiple payment products and each product has its own steering committee and user groups, consisting of members related to the specific product. For all important matters and key decisions for a product or related services, steering committee and user groups are consulted.

The Steering Committees include members from participant bank, mix of private/public sector banks, payments bank, small finance bank, Regional Rural Banks/Cooperative, Non-bank, Guest invitee, industry experts.

All operating decisions related to the existing products are discussed at the Steering Committee or working group, as applicable. Any major changes to the existing products are discussed at the product steering committees (comprising of key participants) and inputs are taken from the participants for decision making related to such changes.

NBBL’s Steering Committee is chaired by the CEO of NPCI Bharat BillPay Ltd. (NBBL) and the participating members are licensed/approved entities by RBI known as Bharat Bill Payment Operating Units (BBPOUs). The BBPOUs consist of both Banks and Non-Banks.

Key function of the NBBL’s Steering Committee is to advise on development and overseeing of the implementation of standards for the bill payment system., through a participative decision-making process.

NPCI has constituted a Product Steering Committee which has representatives from member banks, non-banks players, RBI authorized payment system providers, special invitees and subject matter experts. The Committee deliberates to reach consensus for implementing new and/or changes to the existing operating procedures including interchange relating to any product. The management takes into account the steering committee’s consensus and feedback while taking / implementing any business decision which impacts the ecosystem. In certain scenarios, the relevant consensus arrived at the steering committee along with the feedback which may be placed before the relevant board level committee for e.g., Risk Management Committee, Business Strategy Committee.

Given the unique structure where the shareholders of NPCI are also part of the Board, in order to prevent conflict of interest with regards to NPCI product pricing proposal, waivers, fee structures, all proposals are deliberated and recommended only by the Committee of Independent Directors.

NPCI’s provides relevant information regarding its products and services on its website for public disclosure. Any decisions of the Board related to product, polices and operational procedures are communicated to participant members through circulars and other channels. These are also updated on the website of NPCI.

All the major decisions by the Board, including strategic decisions, are informed to the regulators either for their approval or information / noting.

An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks.

Key Consideration 1: An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review.

NPCI has identified the following types of risks:

• General Business Risk
• Credit & Liquidity Risk (covering settlement liquidity risk)
• Operational Risk arising from people, process and technology.
• Fraud Risk
• Information Security Risk

NPCI has defined Enterprise Risk Management (ERM) Framework which includes Enterprise Risk Management Policy. As part of ERM framework, NPCI has further defined Settlement Guarantee Mechanism policy, Operational Risk Management (ORM) policy, Fraud Risk Management (FRM) policy, Third Party Risk Management policy, Information Security Policy. These policies help NPCI to identify, measure, monitor and control key risks.

NPCI has adopted three tier risk assessment approach that enables the Board and other stakeholders to identify, analyze and evaluate risks and business opportunities. The three-tier approach is as under:

• Tier 1: Enterprise-wide risk assessment through Risk and Control Self-Assessment (RSCA)
• Tier 2: Quarterly Risk Assessment by analyzing Key Risk Indicators
• Tier 3: Continuous Risk Assessment

NPCI has defined SOPs for executing and operationalization of Risk Management on a day-to-day basis. It includes ERM SOP, ORM SOP, Settlement Risk Management (SRM) SOP, FRM SOP.

The Risk Monitoring tool is used to identify, measure and monitor its range of risk. eFRM tool is used to identify, measure, monitor and manage fraud risk.

Security Incident Event Monitoring tool is used to monitor security events / incidents. Capacity Monitoring tool is used to monitor server capacity. Database Activity Monitoring (DAM) tool is used to monitor database activity. Data Leakage Prevention (DLP) tool is used to prevent data leakage. End Point Security deployed to prevent security to end point devices. Risk Management Team periodically review, make necessary changes in policies and SOPs.

NPCI assess the effectiveness of risk management policies and procedures through periodic review, making necessary changes and presenting the same to the Board for approval. Risk Management function is subject to Audit, which is conducted by independent line of defense.

The effectiveness of Risk Management systems is assessed as per IT and IS policy.

All risk management policies including IS policies and procedures are reviewed and updated at least annually.

Risk Management Policies are approved by the Risk Management Committee and the Board once a year. The day-to-day risk management functions are managed under the supervision and control of Chief Risk Officer assisted by a team of skilled professionals.

Risk Management team regularly reviews various risk parameters considering the fluctuation in risk intensity, changing environments and market practices. For any fluctuation due to risk intensity, changing environments and market practices that requires change in policy or process, such matters are taken up immediately for review in the Internal Risk Management Committee. Thereafter it is referred to the Risk Management Committee of the Board for guidance and directions.

Key Consideration 2: An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI.

NPCI participants have been provided with Fraud Risk Management (EFRM) tool through which participant bank can monitor real time transactions. Through EFRM solution banks can identify, monitor, analyze and report frauds.

For understanding of rules, procedures and risk management, NPCI regularly shares information to its members and if required through meetings and engagements. NPCI conducts regular workshops, training programs and shares training booklets / literature with participant banks.

Information is disclosed on NPCI’s website - risk management governance, risk management framework, objective of operational risk management, objectives of settlement risk management, Highlights of different ISO certifications and objectives of enterprise risk management.

NPCI has enhanced its system and processes for facilitating online dispute management using APIs for interoperable financial transactions routed through NPCI. NPCI creates awareness program through print and television media. NPCI conducts workshops and training programs regularly for the benefit of the participants. These programs and workshops focus on rules and procedures of NPCI.

Through EFRM solution banks can independently identify, monitor, analyze and report frauds or compromised instances. This works as an incentive for the participants for better risk management at their end. NPCI design its policies and systems keeping in mind the requirements of participants also. NPCI shares the Procedural Guidelines and Operating Settlement Guidelines with participants at the time of onboarding which describes the different types of risk and mitigation action. NPCI issues circulars to the participating banks advising them about the potential risks and management thereof, as and when necessary.

Key Consideration 3: An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks.

NPCI identifies material risk based on the nature of the business activity. NPCI, as a result of interdependencies, has identified material risk as follows:

• Settlement Risk and Default Risk.
• Liquidity Risk from banks providing lines of credit.
• Investment Risk and / or Concentration Risk (in banks where investments are made).

Settlement risk is monitored through Settlement Risk Management (SRM) tool. Settlement Guarantee Fund (SGF) is created based on defined formula in the SGM Policy. SGF is monitored on quarterly as per the SGM Policy.

Investment concentration risk is controlled through investment policy whereby thresholds are defined for investments in banks and other forms of financial instruments. These investments are continuously monitored through cash flow / fund flow analysis performed regularly.

Settlement is being monitored automatically using Settlement Risk Management tool. This tool is used to monitor daily, monthly & quarterly settlements. In addition, NPCI has implemented EFRM tool for real time transaction monitoring. Member Banks are on-boarded on EFRM tool for identifying, monitoring, analyzing and reporting frauds.

The effectiveness of various risk management tools is assessed on an ongoing basis. Any fluctuation observed are reviewed through internal process to address the risk as per the policy document.

Key Consideration 4: An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning.

NPCI has conducted thorough analysis with various stakeholders to identify scenarios that may potentially prevent the FMI from providing its critical operations. In view thereof, NPCI has a detailed Orderly Wind-Down (OWD) document which is approved by the Board.

For preparing the OWD, NPCI has taken inputs and recommendations from:

• Working Group on Resolution Regime for Financial Institutions Resolution Framework recommended by RBI, and
• Key Attributes of Effective Resolution Regimes for Financial Institutions by Financial Stability Board (FSB). OWD plan has identified scenarios (illustrative) highlighted as under:
• External scenarios identified such as Regulatory change, Regulatory alert/warning, Judicial interventions, Market conditions, Natural or manmade disasters.
• Internal scenarios identified such as Governance failure/ Mis-management, Fraud, exodus of talent, Technology disruption, critical vendor disputes.

The scenarios are taken from the different stakeholders and relevant department heads. Stress scenarios, triggers and their recovery and resolution processes are identified and documented.

Inputs and recommendations were taken from Working Group on Resolution Regime for Financial Institutions Resolution Framework recommended by RBI & Key Attributes of Effective Resolution Regimes for Financial Institutions by Financial Stability Board (FSB).

For each product specific scenarios or the triggers, recovery or resolution process have also been documented in detail. OWD document highlights product level trigger and timeline for resolution. The document includes scenarios wherever recovery is not possible for the respective trigger.

NPCI has also envisaged product specific real and plausible scenarios and the associated triggers where there are good chances of recovery.

NPCI currently holds liquid net assets funded by equity equal to at least six months of current operating expenses in absence of any additional revenue. Such liquid assets (such as reserves) would help in continuity of critical services of NPCI for a duration of at least 6 months.

Recovery and orderly wind down process is detailed in the OWD document. This document is reviewed and updated by risk management team and submitted to RMC for review and suggestions. Post review by RMC, the OWD document is submitted to Board for approval. Recovery and OWD document is reviewed annually.

An FMI should effectively measure, monitor, and manage its credit exposures to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure to the CCP in extreme but plausible market conditions.

Key Consideration 1: An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both.

Framework for managing credit exposure is defined in SGM policy:

• Risk Assessment of participants: NPCI has established criteria to assess the creditworthiness of participants banks providing LOCs. Additionally, Credit assessment is also performed on ad hoc basis including those due to market information.
• Settlement Guarantee Mechanism (SGM): NPCI has created Settlement Guarantee Fund (SGF). SGF is combination of collaterals from participant bank and Line of credit (LOC) from the banks. The purpose SGF is to mitigate NPCI’s current and future settlement exposures.
• Limit Mechanism: Net Debit Cap (NDC) limits are assigned to participant member banks. Member Banks’s net position (payable or receivable) is computed after every transaction.
• Stress testing: NPCI conducts stress testing exercise on a quarterly basis to assess the resilience of their credit exposure under adverse scenarios.

Settlement Guarantee Mechanism (SGM) is reviewed as follows:

• SGM policy is reviewed annually and approved by the Board.
• The Risk Management team reviews SGF on quarterly basis which is based on throughput approach for the preceding three months’ data.
• Enhancement/revision of banks NDC limit is reviewed and approved by Risk Management Team every quarter.

Key Consideration 2: An FMI should identify sources of credit risk, routinely measure, and monitor credit exposures, and use appropriate risk-management tools to control these risks.

Sources of credit risk at NPCI are identified through SGM Policy and Investment policy.

NPCI has identified following sources of credit risk:

• Settlement obligations by participant member bank.
• Exposure to banks where investments are held.

Exposure through participants:

1. NPCI measures and monitors credit risk with respect to settlement as per rules defined in SGM policy. SGF has been created to compensate the settlement obligation in case of default by any participant. Settlement obligations are monitored at the end of each settlement cycle and are cleared within the defined Turn Around Time (TAT).

Exposure through Investments:

2. Investments made with banks are regularly reviewed by the Investment Committee. As per investment policy, the Investment Committee reviews all existing Investments with respect to Net worth, Credit Ratings and Net-Nonperforming Assets (NNPA) criteria to mitigate risk.

The Board is informed periodically about the performance of all investments. Status report on the investment made during a quarter is reported to the Investment Committee, Audit Committee and Board on a quarterly basis.

1. Settlement risk is controlled through Settlement Risk Management (SRM) tool on a daily basis.

2. Investment concentration risk is controlled through investment policy whereby for various types of investments thresholds are defined. Investments are periodically monitored through cash flow / fund flow analysis. Also, investments are regularly monitored by the Investment Committee.

Key Consideration 3: A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system.

Measures taken to cover exposure in payment system:

1. Settlement Guarantee Fund (SGF): Contribution of 10% of total required SGF is collected in cash or G-Sec (Max up to 50 % of collateral requirement). For the remaining 90% of the SGF, NPCI establishes a Line of Credit arrangement with participant member banks.

These are easily accessible because collaterals are in the form of Cash, G-sec and Line of Credits.

To ensure adequate coverage of current and potential exposures NPCI has set up SGF through Cash, G-sec (as collaterals) and Line of Credits from the banks. These collaterals and Line of Credit provide a high degree of safety and liquidity, in case of settlement obligations.

Key Consideration 4: A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains

Not applicable to Payment System.

Key Consideration 5: A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually

Not applicable to Payment System.

Key Consideration 6: In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions.

Not applicable to Payment System.

Key Consideration 7: An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner.

NPCI addresses credit losses that may arise due to default by their participants by defined set of rules and procedures. NPCI has established default management procedure in Settlement Guarantee Mechanism (SGM) policy, SOP and product procedural guidelines. It includes managing the defaulted participant’s position, use of available collateral to offset losses and allocation of remaining losses among non-defaulting participants.

NPCI has defined default participant procedure in its settlement guarantee mechanism policy as "As soon as moratorium is declared by RBI or shortfall of funds is experienced in RTGS account during scheduled interbank settlement".

NPCI monitors daily breaches whereby HNDP exceeds SGF amount. In case of default by any participant, SGF is invoked. NPCI has also defined the measures for recovery from the defaulting participant (subsequent to utilization of SGF) which includes recovery of defaulted-amount plus charges and penalties, if any.

Loss Sharing Mechanism (LSM) has also been defined in SGM policy which states that in the event of a moratorium or shortfall in settlement account during scheduled interbank settlement, the net obligation of the defaulted member bank shall be borne by the survivor participant banks. In such an instance NPCI will invoke LSM within defined timelines and surviving member banks will contribute towards LSM as and in the manner prescribed in the SGM document.

NPCI will re-create the SGF. 90 % of required SGF shall be procured by way of Line of Credit and remaining 10% shall be contributed of member banks.

An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions.

Key Consideration 1: An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities.

NPCI manages its liquidity risk by way of SGM for domestic settlement.

In the case of international alliance, the international partner prefunds amount equivalent to average of 10 days’ settlement value with designated commercial bank. The availability of funds in such designated account is monitored daily. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

When a participant member bank fails to meet the settlement obligation within the prescribed timeline, the settlement amount becomes a liquidity need for NPCI. Maximum size of the liquidity shall be NDC limit assigned to the member bank.

Associated sources of liquidity risks are:

• Internal Liquidity risk - Managed through Net liquid asset maintained by NPCI.
• External Liquidity Risk - Managed through SGF fund.

NPCI takes into account the liquidity risk posed by an individual entity and its affiliates that play multiple roles by performing scenario stress testing, recalibrating SGF composition, analysis of HNDP, etc.

Key Consideration 2: An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity.

NPCI’s Settlement is being monitored automatically using SRM tool. This tool is being used to monitor settlement obligations on Daily, Monthly & Quarterly basis.

NPCI uses automated tools to monitor and share ‘Net Settlement Report’, Daily Settlement Report, etc. in electronic format.

All settlement files are posted automatically in ‘RTGS account’ of members. Alerts are generated for any failure in posting the settlement file. Though rare, such cases are immediately reviewed, rectified to address reason for failure and reposted in the RTGS.

Key Consideration 3: A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions.

Settlement amount is calculated automatically after every settlement cycle, and details are shared with participant to make available funds to meet settlement obligations. NPCI has implemented same day multiple settlement so as to reduce settlement risk.

NPCI has defined stress testing scenarios including failure of the settlement obligation by any participants. These scenarios are defined with various permutation and combination of stress scenarios. In the case of international alliance, the international partner prefunds amount equivalent to average of 10 days’ settlement value with designated commercial bank. The availability of funds in such designated account is monitored daily. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

The size of liquidity shortfall depends upon settlement obligation for respective settlement cycle. To cover liquidity shortfall SGF is constituted. SGF efficiency is tested with scenarios which is defined in stress test model.

Key Consideration 4: A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions.

Not Applicable to payment system.

Key Consideration 5: For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed.

Composition of Settlement Guarantee Fund (SGF):

• Collateral contribution + Line of Credit (LoC) contribution (Detailed breakup of contribution is in the SRM policy). Certain percentage of collateral can be in the form of Government securities.
• NPCI has established LoC facility from banks and invoke this facility only in the event of settlement default.
• For NIPL: Pre-funding and SGF amount is taken from Network participants in commercial bank in India.

Constitution of liquid resources are in the form of Fixed deposit and bank balance. Above mentioned liquid resources are accessible all the time and can be liquidated immediately.

100% funding arrangements can be converted into cash easily since funding is either in form of cash collaterals, fixed deposits and in form of LoC from banks.

NPCI has identified the potential barriers to access its liquid resources in investment policy.

The settlement guarantee mechanism ensures availability of liquid resources to cover payment obligations on time for domestic settlement. For international alliance, the pre-funding arrangement ensures settlement of payment obligations on time.

Key Consideration 6: An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan.

Not Applicable since NPCI does not hold any supplemental liquid assets.

Key Consideration 7: An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider.

NPCI’s liquidity providers are Member Banks who have contributed Settlement Guarantee Fund through collaterals and select banks which have provided Line of Credit.

All Member Banks who contribute to Settlement Guarantee Fund are RBI authorized PSU Banks, Private Banks. These are banks with good financial standing.

LOC amounts are made available in RTGS account. Thus, these are not exposed to any liquidity risk even under stress conditions.

NPCI’s liquidity providers are Member Banks who have contributed Settlement Guarantee Fund and select banks which have provided Line of Credit. All these banks have access to RTGS of RBI.

NPCI tests timeliness and reliability of settlement procedure on monthly basis by considering multiple test scenarios for its liquid resources.

Key Consideration 8: An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk.

NPCI uses the access to RTGS accounts of participants maintained with RBI to conduct all the domestic settlements to manage domestic liquidity risk. NPCI’s access to RTGS accounts of participants maintained with RBI takes care of the entire liquidity risk for domestic settlements.

Key Consideration 9: An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains.

NPCI performs stress testing every month. NPCI performs stress testing to evaluate efficiency and sufficiency of SGF by analyzing different test scenarios. For International Alliances (i.e., international transactions), stress testing scenario is taken into consideration for pre-funding balance.

NPCI performs Stress Testing by comparing the SGF against various scenarios to gauge the sufficiency. Reporting of stress test scenarios is on monthly basis to IRMC committee (chaired by CRO). Based on the result of stress test, IRMC committee provides insights to review SGF.

Scenarios considered for stress test:

• Top two HNDP banks from PSU category default together.
• Top HNDP Bank from Private sector & Top HNDP bank from PSU category default together.
• One public sector bank, one private sector bank & one Co-operative Bank with highest exposure in respective product defaults.
• The highest exposure bank fails for 2 consecutive settlement cycles.
• All highest exposure banks in respective products fail together.
• The bank where LoC and member contribution is deposited is defaulted.
• All highest exposure banks in respective products fail together.

The test scenarios are based on liquidity risk borne by participants.

NPCI has covered a test scenario to assess the liquidity need i.e. “All highest exposure banks fail to meet settlement obligation” and comparing it to the SGF maintained for such an uncertainty.

NPCI assess the effectiveness and appropriateness of stress test scenarios on an annual basis.

NPCI validates its risk management model on a monthly basis by performing stress testing of settlement guarantee fund. Additionally, NPCI validates its settlement risk through Key Risk Indicator once a quarter.

NPCI's settlement risk management is documented in risk management policy and standard operating procedure. The policy highlights the Settlement Guarantee Fund arrangements, loss sharing mechanism, stress testing, etc.

Key Consideration 10: An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday, and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner.

NPCI is having Settlement Guarantee Mechanism, which enables to settle payment obligations on time to participant banks. Stress Test is performed on available SGF where multiple bank default scenario is tested across various bank categories and results are reviewed to assess sufficiency of SGF.

NPCI settlement process is segregated in multiple settlement cycles which run on periodic intervals in a single day. On completion of settlement cycle, obligations are arrived for each participant through an automated process which are subsequently submitted to participant banks. The settlement obligations are processed to settle the obligation at the end of each settlement cycle in RTGS account.

In the event of a settlement default by a participant, NPCI invokes SGF to complete the settlement obligations of defaulting member bank. Defaulting bank will be debarred across all products until the outstanding dues are cleared.

NPCI replenishes liquidity resources by invoking defined Loss Sharing Mechanism. Invoking LSM and its rules are defined in Settlement Guarantee Mechanism policy.

An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time.

Key Consideration 1: An FMI’s rules and procedures should clearly define the point at which settlement is final.

• The settlement is considered final and irrevocable as soon as such settlement amount is arrived at through netting procedure.
• As a process, settlement files are generated at the end of each settlement cycle and these files are posted in RTGS portal of RBI. Once the settlement is successful, confirmation for the same is received.
• Settlement finality is defined in product procedural guidelines which is also shared with participant member banks.
• NPCI operates a Deferred Net Settlement system on a batch processing basis. NPCI define the point at which Settlement within NPCI is final and there are rules which set out when unsettled payments cannot be revoked by participants. NPCI has mechanisms in place to ensure final Settlement is achieved no later than end of the value date.

NPCI performs deferred multilateral net settlement. Section 23 of Payment and Settlement System Act, 2007 provides a sound legal backing for settlement and netting. Procedural Guidelines also states that PSS Act, 2007 shall be binding on all members of the respective product.

• NPCI generates the settlement file at the end of each settlement cycle (at defined frequency mentioned in PG). Finality is defined in procedural guidelines for participant banks operating in India.
• The Network-to-network arrangement with international alliances specify that the settlement obligations are considered discharged once settlement fund is credited to International Network Partner’s settlement bank account.

Key Consideration 2: An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. A Large Value Payment System (LVPS) or SSS should consider adopting RTGS or multiple-batch processing during the settlement day.

NPCI systems and process are designed to complete final settlement on value date. NPCI has not experienced any deferral of final settlement to next day.

NPCI provides intraday settlement facility where all participants member banks are informed about the final settlement. Settlement files are automatically shared with participant bank through the system after every settlement cycle.

• All the transactions are settled in multiple batch process. The batch process is defined in procedural guidelines.
• If a participant bank has inadequate funds at the time of settlement, the entire batch gets rejected and put on hold. NPCI co-ordinates with the participating Bank to clear the settlement obligation and the settlement is completed.
• If participant bank is unable to fund the account, the entire batch is put on hold, and it does not enter into next batch. Further, shortfall will be managed as per NPCI's Settlement Guarantee Mechanism (SGM).
• The batch transaction would be final as soon as the shortfall is made good by participant bank or shortfall is utilized through SGF.

Key Consideration 3: An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant.

• NPCI has obtained irrevocable authority letter/ mandate from each participating member for final settlement in their RTGS account.
• Settlement is executed in the member banks’ RTGS account maintained with RBI.
• There is no provision to revoke any successful transaction.

Participant banks cannot revoke any unsettled payment instructions. There is no provision to revoke any successful transactions. This information is defined in the procedural guidelines which are shared with all participants.

An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimize and strictly control the credit and liquidity risk arising from the use of commercial bank money.

Key Consideration 1: An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks.

NPCI conducts all the settlement in the RTGS account of members maintained with RBI. For international network partners, the settlement of funds is processed in the International Network Partner’s currency and settlement account.

In the case of international alliance, the international partner prefunds amount equivalent to average of 10 days’ settlement value with designated commercial bank. The availability of funds in such designated account is monitored daily. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

For Domestic transactions -

NPCI conducts all the settlement in the RTGS account of members maintained with RBI.

In the case of international alliance, the international partner prefunds amount equivalent to average of 10 days’ settlement value with designated commercial bank. The availability of funds in such designated account is monitored daily. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

Key Consideration 2: If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk.

For international alliance, the international partner prefunds the amount equivalent to average of 10 days’ settlement value with designated commercial bank. NPCI has put in place a process to ensure that banks with high creditworthiness and competence are accepted for such prefunding arrangements. The availability of funds in such designated account is monitored daily. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

NPCI selects the settlement banks based on creditworthiness and competence of the commercial banks. The Agreement with international alliance partners clearly defines the settlement obligations. Criteria like net worth, operational capabilities, reach, etc. are observed. Such banks are also subject to supervision by RBI.

Key Consideration 3: If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalization, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks.

The settlement banks are selected based on creditworthiness and competence of the commercial banks. The settlement activity with such commercial banks is monitored daily. Criteria like net worth, operational capabilities, reach, etc. are observed. Such banks are also subject to supervision by RBI.

The settlement banks act as a pass through for settlement of funds between international alliance partners and participant members. The international alliance partners maintain dedicated current accounts in its name. Such accounts are prefunded so as to meet settlement obligations. As part of the settlement process, NPCI ensures that settlement obligations are processed at the time of settlement. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation where pre-funding amount is exhausted for daily settlement.

The international alliance partners maintain dedicated current accounts with the settlement bank exclusively for the purpose of settlement. Such accounts are prefunded so as to meet settlement obligations. As part of the settlement process, NPCI ensures that daily settlement obligations are processed at the time of settlement. Additionally, SGF amount is maintained as security deposit with NPCI to cover situation of potential losses or liquidity pressures due to failure of the settlement bank.

Key Consideration 4: If an FMI conducts money settlements on its own books, it should minimize and strictly control its credit and liquidity risks.

NPCI does not conduct money settlements in own books.

Key Consideration 5: An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks.

FMI’s legal agreements with its settlement banks states that, when transfers occur, that transfers are final when effected. The funds received are transferable intraday and are available immediately upon posting settlement entries.

An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations.

Key Consideration 1: An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default.

Financial default –

• Participant’s failure to meet its financial obligations. NPCI rules and procedures define the criteria that constitute financial default, such as, non-payment, insufficient settlement fund, etc.
• NPCI has defined default event in its ‘Settlement Guarantee Mechanism’ policy as "As soon as moratorium is declared by RBI or shortfall of funds is experienced in RTGS account during scheduled interbank settlement".

Operational default –

NPCI defines Operation default in ERM policy as, System outages/downtime, failure to provide timely and accurate information, non-compliance with operational requirements or significant operation disruptions.

Method of identifying default is combination of ongoing monitoring, surveillance and reporting mechanism.

NPCI’s procedural guidelines define key aspects of default of participants, as follows:

• NPCI debars defaulted bank across all products with immediate effect.
• NPCI follows discretionary penalty structure on defaulting member, which is defined in SGM policy document.
• Settlement is performed by using SGF.
• All the approved transactions of defaulting bank will be settled till the time bank is debarred in the system.
• Settlement is performed by using SGF.
• Defaulted bank will be debarred across all products with immediate effect. Settlement is performed by using SGF. Loss Sharing Mechanism (LSM) is invoked. Settlement obligation with penalty is collected from defaulting bank.
• Non defaulting participants - In the event of a moratorium or shortfall in settlement account during scheduled interbank settlement, the net obligation towards the particular defaulted member bank shall be made good as defined in SGM policy if the defaulted member bank is unable to fulfill its settlement obligation on timely manner. The non-defaulting participants shall contribute towards the loss as defined in SGM policy for loss sharing mechanism. Once the defaulted bank is debarred in the system, exposure is contained immediately.

Rules and procedures of NPCI includes provisions that enable it to use financial resources maintained for covering losses in the event of default.

• Authorization and Discretion: The rules and procedures explicitly authorize NPCI to use financial resources. NPCI will invoke Loss Sharing Mechanism within defined timelines.
• Pre-defined Triggers and conditions: The rules and procedures establish predefined triggers or conditions under which the NPCI can access and use its financial resource. Trigger is participant default.

Rules and procedures as per SGM policy address replenishment of resources following a default.

• NPCI uses financial collateral and invoke Line of Credit if participant bank fails to meet settlement obligation within predefined timeline.
• NPCI maintains SGF as pool of financial resource contributed by participants. This fund is designed to absorb losses in the event of participant default.

Rules and procedures as per SGM policy address replenishment of resources following a default.

Key Consideration 2: An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules.

NPCI has defined RASI matrix (Responsible, accountable, support, Informed) in Settlement Risk Management (SRM) operating procedure document, where NPCI define the responsibilities of different department/stakeholders if participant member bank defaults. Various internal stakeholders’ roles and responsibilities are clearly delineated to address default.

Whenever any participant defaults, RBI issues Gazette/press release (circular). Subsequently NPCI follows the communication with rest of the participants for SGF utilization and Loss Sharing Mechanism (LSM).

Dedicated communication channels are in place (including but not limited to) -

• Personalized communication
• Telephonic Communication
• Email communication

Internal plans to address default participants is part of SGM policy and same is reviewed annually and approved by Risk Management Committee of the Board.

Key Consideration 3: An FMI should publicly disclose key aspects of its default rules and procedures.

NPCI has publicly disclosed Key aspects of its default rules and procedure on website.

Risk management section - Settlement risk management www.npci.org.in/who-we-are/risk-management/risk-management-npci

• Circumstances in which action may be taken are defined.
• Authority of who may take those actions are as per the defined internal process.
• Scope of action on participant’s default includes Member contribution, Line of Credit and Loss sharing mechanism which are published on website.
• Settlement Guarantee Mechanism (SGM) and Loss Sharing Mechanism (LSM) to address obligations are defined on website.

Key Consideration 4: An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective.

NPCI performs testing and review of its participant default procedures. Such testing and review are conducted on annual basis or upon any material changes to the rules and procedures. The results of these tests and reviews are shared with the Risk Management Committee and other relevant authorities.

NPCI has defined potential stress test scenarios covering top debit position banks defaulted, top Private Sector Bank/Public Sector Bank defaulted together, default in multiple combinations, such as, highest exposure bank fails in consecutive settlement cycles, etc.

An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialize. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services.

Key Consideration 1: An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses.

NPCI has defined General Business Risk in the Enterprise Risk Management policy as risk related to administration and operation of NPCI.

General business risk refers to any potential impairment of the financial condition of NPCI due to declines in its revenues or growth in its expense, resulting in expenses exceeding revenues and loss. Such impairment may be a due to non-achievement of business plans, poor execution of business strategy, ineffective response to competition, product level losses, etc.

NPCI has defined Key Risk Indicator where NPCI keep track of product wise actual and forecasted revenue, transaction volume and value and other risk indicator.

KRI activity is on quarterly basis and result of it is presented it to Internal Risk Management Committee and Risk Management Committee of Board. NPCI maintains liquid net assets which will help to maintain the operating expenses in case of shortage of funds.

Key Consideration 2: An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken.

NPCI holds liquid net assets so that it can continue operations and services as a going concern if it incurs general business losses. NPCI reviews regularly the liquid net asset it holds as multiple of monthly operating expenses required to continue its operations and services as going concern.

Key Consideration 3: An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resource’s principles. However, equity held under international risk-based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements.

NPCI has developed a plan to achieve a recovery and orderly wind-down. NPCI is adequately funded with amount equal to minimum 6 months of FMI’s current operating expenses through continuous monitoring of operating expenses and revenue.

The resources are clearly identified to differentiate between business risks and losses and participant default. NPCI holds equity under international risk-based capital standards to cover general business risks.

Key Consideration 4: Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions.

Liquid Net Assets includes investment in Government Securities, Corporate FDs, Bank FDs.

NPCI's major liquid net assets are callable in nature and can be converted into cash at short notice with no loss of value. NPCI has a policy to periodically review the quality and liquidity of liquid net assets, to meet its current and projected operating expenses.

The Investment Committee reviews on quarterly basis all investments to ensure availability of liquidity.

Key Consideration 5: An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly.

NPCI has adequate liquid net assets funded by equity to cover at least six months of operating expenses. NPCI has documented plan and process to raise additional equity if equity fall close to or fall below the amount needed.

The Plan to raise additional equity is defined in Capital Planning Process and it is reviewed and updated annually.

The Plan to raise additional equity is approved by the Board. It is placed before the Board along with the agenda for Budget Approval annually. The Process to plan additional equity is documented in the capital planning process document.

An FMI should safeguard its own and its participants’ assets and minimize the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks.

Key Consideration 1: An FMI should hold its own and its participants’ assets at supervised and regulated entities (as custodian) that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets.

Not applicable since NPCI does not offer custodian service as part of its operations.

Key Consideration 2: An FMI (as custodian) should have prompt access to its assets and the assets provided by participants, when required.

Not applicable since NPCI does not offer custodian service as part of its operations.

Key Consideration 3: An FMI (as custodian) should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each.

Not applicable since NPCI does not offer custodian service as part of its operations.

Key Consideration 4: An FMI’s investment strategy should be consistent with its overall risk-management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high-quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect.

Investment strategy:

Investment policy is approved by the Board and it stipulates the norms for investments to ensure that credit risk, Price risk, Interest Rate risk, Liquidity Risk, Arbitrage Risk on investments is minimized. The Investment policy includes:

• Risk Vs Return trade off.
• Overall diversification of risk across investments.

The policy specifies criteria for instruments and eligible entities where investments can be made.

The Investment Committee reviews every quarter all existing and new investment with respect to Net-worth, Credit Ratings and NNPA criteria to ensure investments are with high-quality obligors.

Investment Policy define the limit of investment with overall exposure in liquid funds to any obligor to avoid concentration of credit risk exposures.

NPCI has maintained Fixed Deposits with Public Sector Banks and Large Private sector banks. These investments are callable in nature with assured pre-determined fixed interest rate. Also, the FDs can be quickly liquidated as and when required. The assured return on fixed deposits ensure no adverse price effect.

An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfilment of the FMI’s obligations, including in the event of a wide-scale or major disruption.

Key Consideration 1: An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks.

Identification of operational risk:

Operational Risk Policy and Operational Risk SOP are in place which provide guidelines for identifying the plausible sources of operational risks.

Risk and Control Self-Assessment (RCSA) process enables identification, assessment (including quantifying), evaluation of prevention & control system, acceptance, and mitigation of risks.

NPCI has categorized sources of operational risk broadly into four categories viz.

• People Risk: Risk resulting from dishonesty of personnel within or outside that causes damage to NPCI, high attrition, inadequate backup planning for critical resources.
• Process Risk: Risk resulting from business practice, the introduction of a new product, obtaining/retaining customer information that is noncompliant with regulations, errors in methodology or in the operational process.
• Technology Risk:
  • Business Disruption & System Failure.
  • Redundant/obsolete systems including hardware/software.
  • Risks associated with Licensing of software/application/hardware/Operating Systems.
• External factors:
  • Damage to Physical Assets due to natural disasters, terrorism, etc.
  • Regulatory changes and other external events

NPCI has documented Operational Risk Management policy and Operational Risk Management SOP. NPCI monitors and manages the operational risk through Risk and Control Self-Assessment (RCSA) process. NPCI has deployed tools to monitor and manage operational risk. NPCI has identified operational risk across functions. Risk and controls are documented in Risk Register. Risk assessment, measurement and control evaluation is performed on an ongoing basis through the deployed tool.

NPCI has documented detailed Operational Risk Management policy and Operational Risk Management SOP that acts as a guiding document to identify, assess, measure and monitor operational risks within NPCI. The Policy and SOP have been created considering relevant international, national and industry-level operational risk management standards.

NPCI has defined and documented Human Resource policies viz. recruitment guidelines, learning and development guidelines, retention policy. Succession planning is documented with Key Management Personnel and successors are identified. Background check and feedback relating to integrity and honesty are obtained before hiring any human resources.

NPCI has a Change Management Policy that states the process to be followed for any change related to application and infrastructure. The steps followed for the change management process is as follows:

• System integration testing and user acceptance testing
• IS approval prior to change implementation
• Implementation plan
• Changes can be done for product and business requirements, bug fixes, audit observation and performance enhancements only after approval of Change Management Committee

Change management committee reviews the preparedness, timings, documents submitted, etc. and approve before change implementation.

Key Consideration 2: An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk-management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes.

Roles, responsibilities, and framework

Roles and Responsibilities for Operational Risk Management has been defined in ORM policy which is approved by the Board.

ORM policy states that Board of Directors govern, approve, and periodically review the ORM Framework. The framework includes ORM policy, RCSA framework which are reviewed on annual basis.

All the policies and procedures at NPCI are reviewed at least annually. Internal Audit team independently review and audit all the activities at NPCI based on the Internal Audit plan. Any change at application or infrastructure level are tested in the test environment prior to deployment in production system with the prior approval by the Change Management Committee as prescribed in the Change Management process. Operational Risk Management framework is audited by external auditors as per the Audit Plan.

Key Consideration 3: An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives.

Operational reliability objectives are covered in Business Continuity Management System and BCP Policy. Disruptive events are tracked and their root causes are documented to meet the requirements of security and operational reliability.

BCP ensures a high degree of operational reliability in the face of unexpected events or disruptions. A high degree of operational reliability is achieved through several key measures such as Risk assessment, Business Impact Analysis, Continuity plan, training and testing, Incident management.

NPCI has defined Business Continuity Management System and Business Continuity Plan (BCP) to achieve Operational reliability objectives. Periodic drills are performed to assess effectiveness of BCP drills.

Key Consideration 4: An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives.

Capacity utilization is monitored on daily basis and a report is made available to the respective stakeholders and alert for the same is triggered through BMC tool.

Such situations are addressed by augmentation, expansion or upgrades. Whenever the capacity utilization reaches 60% of the processing volume, enhancement in capacity is initiated to handle higher volume.

Key Consideration 5: An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. Physical security:

Physical vulnerabilities and threats are addressed as per the Information Security Management System (ISMS) policy and Change Management policy.

Physical security is reviewed as per ISO 27001:2013 Information Security Management Systems (ISMS) audit process. NPCI is ISO 27001:2013 certified and it conducts physical and environmental audits annually as per ISO standards.

Information security:

The Information Security Policy includes change management and project management. It defines the process for conducting changes to infrastructure, applications and underlying systems which is reviewed by Risk Management Committee and approved by the Board.

NPCI has defined policies and processes as per ISO 27001:2013, which is the international and industry level standard for information security. As part of ISO standards, controls are established and are periodically tested and reviewed. NPCI's change management policies and processes ensure that changes do not affect the security of the system.

NPCI has a Standard Operating Procedure for conducting vulnerability assessment which is reviewed and approved by Information Security team. Vulnerability assessment and penetration testing (VAPT) exercise is conducted by external vendors. The SOP has defined process and timelines for fixing the observations noted as part of the VAPT exercise. NPCI conducts Vulnerability Assessment (VA) on a quarterly basis and Penetration Testing (PT) on an annual basis.

NPCI has defined policies & processes as per ISO 27001:2013, which is the international and industry level standard for information security. As part of ISO standards, controls are established and are periodically tested and reviewed.

Key consideration 6: An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Objectives of business continuity plan:

Business Continuity Policy (BCP) lays down the process for business continuity management, conducting business impact analysis, defines RTO/ RPO for applications so as to facilitate timely recovery and resumption of critical operations. Business continuity plan is designed to resume operations within defined timeline which is possible under most of the circumstances including disruptive events. RTO for all online (critical) applications are defined.

Business Processes are clearly laid out in the BCP plan. Recovery strategies are defined for each application. Business critical applications have an active-active setup with defined RTO which is tested on a quarterly basis. Based on the BCP, NPCI can complete settlement by the end of the day even in extreme circumstances.

Contingency Plan and Disaster Recovery Plan is covered in ITSCM (IT Service Continuity Management) document. Business continuity plan is designed to resume operations within 2 hours under various circumstances including disruptive events. Critical online applications have a Recovery Time Objective (RTO) of less than 1 hour to minimize data loss. Each application has defined recovery strategies. Additionally, business-critical applications have an active-active setup which is tested quarterly. Even in the unlikely event of any data loss, the Procedure Guidelines describes the process to deal with such event.

NPCI has Crisis management procedure which states the requirement/steps to follow during the pre and post crisis activities. It consists of internal and external stakeholders contact details. It also prescribes the process to contact local authorities at the time of crisis.

NPCI has two data centers which are located in Hyderabad and Chennai and are at sufficient distance from each other. In order to address the criticality, NPCI has implemented robust contingency measures, including procedures, as well as alternative arrangements. These measures ensure uninterrupted processing of time-sensitive transactions, safeguarding the integrity and efficiency of financial operations. IT support staff is available at all locations. Officials with ability and capability to run business processes are available at both the locations.

Both the Data Centers which are located at Hyderabad and Chennai are equally capable to handle the work volumes in disruptive scenario and allow the processing of time-critical transactions without any impact.

BCP plan is reviewed annually or immediately in case of any major change in organization which has an impact on BCP plan. Scheduled drill and surprise drills are conducted to ensure testing for the scenarios related to wide-scale and major disruption.

DR drills are determined on the basis of type of applications and frequency has been defined in the BCP plan. Participants, service providers etc. are involved in drills to review and test the NPCI’s business continuity and contingency arrangements. NPCI perform quarterly drill for business applications and half yearly for internal applications.

Key consideration 7: An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Risks to the FMI’s own operations:

In respect of risk arising from participants and service providers, NPCI monitors third-party risks on regular basis. Third-party risk is managed through Third Party Risk Management policy /procedures.

NPCI regularly monitors Operational Risk. Operational risk is defined in ERM policy as, System outages/downtime, significant operation disruptions etc.

Audits are performed for third party vendors / Application service providers (ASP) annually. Overall cybersecurity aspects and audit standards such as ISO 27001 and PCI DSS are also taken into consideration while performing the review and audit of these service providers so as to ensure reliability and contingency requirements of critical service providers.

NPCI has a robust risk management strategy which are documented in the enterprise level risk management policy. For international alliance, a detailed risk assessment is done to identify, monitor and mitigate risks that may be posed to another FMI.

For interdependent FMIs business continuity arrangements are coordinated at regular frequency.

An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access.

Key Consideration 1: An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements.

NPCI’s has non-discriminatory access and participation criteria for direct and indirect (sub-member) participants.

• Participant should hold valid RBI approval.
• All the members who have RTGS membership with RBI are eligible to become direct member.
• Members who do not have RTGS membership with RBI are eligible to participate as sub-member (through a sponsor bank that is a direct member).

The market segment in which NPCI operates is regulated by RBI. Only entities eligible to operate in specific market segment can seek participation in NPCI (Bank, Non-bank, PPI).

All participating members who have RTGS membership with RBI are eligible to become direct member. Sub-member shall have to participate through a direct member.

All participants need to comply with the Technical Specification Document, Procedural Guidelines, Risk and Compliance Framework. Any entity desirous of participating in NPCI product shall be required to complete all required formalities including certification and on-boarding requirements.

Key Consideration 2: An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavor to set requirements that have the least-restrictive impact on access that circumstances permit.

During onboarding, a participant bank is required to comply with NPCI product specification requirements as mentioned in respective Procedural guidelines.

In order to ensure safety and efficiency, eligibility criteria are required to be met by a participant. NPCI admits participant who meet the necessary standards, operational stability, compliance with NPCI/regulatory guidelines, ISO 20022 certified (XML) messaging system, capacity processing, DR site, etc.

Non-risk-based participation requirements are as follows:

• Regulatory Licensing or authorization: Participant should hold valid RBI approval.
• Anti-Money Laundering (AML) and Know Your Customer (KYC): These requirements mandate that NPCI have process in place to verify the identity of participants.

All classes of participants have same access requirement criteria. Access and participation criteria are defined in procedural guidelines. Procedural Guidelines are reviewed annually.

Product booklet is made available on the website based on which prospective participants who approach NPCI are explained about restrictions and participation criteria.

Key Consideration 3: An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements.

NPCI monitors the compliance with access criteria by participants through ongoing review and periodic compliance statements submitted by participants.

If the risk profile deteriorates for any participant, Qualified Security Assessors (QSAs) empaneled by the NPCI, conduct audits at least once annually. The QSA verifies the following:

• System level Security
• Network / Data Centre Security
• Risk tools to be adequate.
• Procedures and Policies
• Annual Certification process

Participants are required to comply with the Procedural Guidelines. Failure to adhere shall result in suspension and orderly exit of a participant that no longer meets NPCI’s participation requirements.

NPCI’s procedure for managing the suspension and orderly exit of a participant is disclosed through procedural guidelines (PG) shared with all the participants. NPCI’s customers are mostly financial and other institutions.

An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements.

Key Consideration 1: An FMI should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements.

Tiered participation is allowed as sub-member through sponsor bank (Direct Member bank).

NPCI gathers basic information about sub-member participation through its participant onboarding process.

NPCI follows similar processes for direct member banks and sub-member banks. Additional documents required from sub-member banks are:

• Sponsor bank letter
• Tripartite agreement

During on boarding process NPCI collect details relating to Risk Management so as to evaluate its risk arising from the participant.

NPCI collects information, such as, collateral arrangements, risk mitigation measures and risk management capabilities.

NPCI monitors settlement obligations of sub-member banks through direct member bank’s obligation. Settlement of such obligations is the responsibility of Direct member bank only.

There are no material risks arising from the tiered participation arrangement.

Key Consideration 2: An FMI should identify material dependencies between direct and indirect participants that might affect the FMI.

NPCI has identified the dependency between direct members and its sub-members to mitigate settlement risk due to such participants.

Key Consideration 3: An FMI should identify indirect participants responsible for a significant proportion of transactions processed by the FMI and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the FMI in order to manage the risks arising from these transactions.

NPCI has identified following aspects with respect to sub-member participation:

• The financial value of the activity conducted by sub-member participant are within the limit set by sponsor bank which is a direct member. Direct member banks set exposure limit for each of their sponsored sub-member banks. Exposure limits of member bank and sub-member banks are monitored by NPCI.
• Yes.
• The turnover of sub-member participants is within the overall limit available for sponsoring direct participant.
• Transaction values of sub-member participants are within the overall limit set for sponsoring direct participant. Daily settlement obligations of sub-member banks are included in the respective sponsoring direct member bank.

NPCI has identified settlement risk arising from sub-member participants. To manage this risk, the sponsor banks undertake the liability for settlement obligations of its sub-members as per the tripartite agreement entered into with sub-member participant and sponsor banks.

Key Consideration 4: An FMI should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate.

NPCI has predefined limits for direct member and sub-member banks in the system. Whenever settlement transaction value comes close to threshold limits it will automatically be intimated to sponsor banks. NPCI is not exposed to any settlement risk arising from sub-member banks, however, it is closely monitored.

NPCI assigns overall exposure limit to Sponsor bank. Sponsor banks assign a small portion thereof to sub-member banks sponsored by them. NPCI monitors the limit utilization at sponsor bank level to determine the overall exposure arising out of tiered participation arrangement.

The allocated limit is monitored continuously on daily basis and the sponsor bank is informed immediately when there is a breach by tiered participation. The sponsor bank is responsible for settlement obligation of sub-members.

An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves.

Key Consideration 1: An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choose of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures.

NPCI has been established to create robust Payment & Settlement Infrastructure in India. The objectives of NPCI are:

• To provide infrastructure to the entire Banking system in India for physical as well as electronic payment.
• To provide Centralized Clearing and settlement system.
• To bring innovations in the retail payment systems through the use of technology.
• To provide efficiency in operations and widening the reach of payment systems.

NPCI through the various product level ‘Steering Committee’ (where participants are committee members) take into account the needs of the participants and the market it serves.

NPCI ensures to meet the requirements and need of its participant through steering committee meetings and representations.

• NPCI formed steering committee with representative from member banks.
• The committee is constituted to discuss and deliberate on business, operational, and technical issues
• The committee meets once in a quarter to ensures that the product developed and enhancements meet the requirement of the participants and feedback received.
• The pricing of payment system network, revision of services, addition of services is decided and approved by Steering committee.

NBBL ensures to meet the requirements and need of its participant through its steering committee meetings and representations.

The Key function of the NBBL’s Steering Committee is to put in place a Governance Model to advise on development and overseeing of the implementation of standards for the bill payment system., through a participative decision-making process.

Key Consideration 2: An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities.

NPCI’s objective is to provide efficiency in operations, system availability, etc. and widen the reach of payment systems.

NPCI’s core objective is to consolidate and integrate multiple systems with varying service levels into nationwide uniform and standard business process for all retail payments system.

• Promoting digital payments: NPCI aims to encourage digital payments and reduce reliance on cash transactions in India.
• Ensuring secure and reliable payment system: NPCI is maintaining the security and reliability of payment systems managed by it.

NPCI ensures that it has clearly defined goals and objectives that are measurable and achievable through:

• Strategic Planning: NPCI engages in strategic planning exercises to establish goals and objectives.
• Stakeholder engagements: NPCI involves participant banks to gain valuable insights and feedbacks through steering committee and working group meetings.
• Key Performance Indicators: NPCI establishes KPIs through Strategic and Planning document that enable the measurement of progress and evaluation of achieving set goals.

Strategic Action Plan (STRAP) is a mechanism to determine, measure and assess the achievement of goals and objectives. The performance vis-à-vis the set goals and objectives are reviewed by MD & CEO and the Board.

Key Consideration 3: An FMI should have established mechanisms for the regular review of its efficiency and effectiveness.

NPCI utilizes various process and metrics to evaluate its efficiency and effectiveness through:

• Setting Key Performance Indicators (KPIs).
• Internal reviews and audits: NPCI conduct internal reviews and audits to assess its operational efficiency, adherence to policies and procedures, and overall effectiveness.

The monthly review is conducted by the MD & CEO and quarterly by the Board to measure, monitor and evaluate NPCI’s efficiency and effectiveness.

Internal Audit Plan and Audit calendar is defined for entire financial year, and it is based on risk assessment.

An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording.

Key Consideration 1: An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards.

NPCI has adopted internationally accepted guidelines of EMVCo specifications and ISO 8583 messaging protocols and standards. XML or JSON or ISO messaging protocols used for interfacing over secure TCP/IP network are chosen as online and back-office communication standards to facilitates efficient payment, clearing, settlement and recording.

For cross-border operations, NPCI has adopted internationally accepted guidelines procedures and standards.

• NPCI engages in cross-border operations as network-to-network connection.
• For online systems message exchange, ISO 8583 based message protocol is used which is a global standard for card-based authorization.

For offline systems, XML, or ISO file-based specifications are used in back-office systems. SFTP protocol is used for transmission of files.

An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed.

Key Consideration 1: An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed.

• NPCI rules and procedures are covered in product procedural guidelines (PG) / Operational and Settlement Guidelines (OSG)
• NPCI share these documents with existing members as and when it is updated or at the time of onboarding of new participants or on request basis.
• Product specific booklet is updated on NPCI’s website

Internal review: NPCI’s senior management reviews all circulars, procedural guidelines and operating and settlement guidelines to ensure the comprehensiveness of rules and procedures. These procedural guidelines, operating and settlement guidelines are reviewed on annual basis.

Stakeholder Feedback: NPCI seeks feedback from the participants through Steering Committee meetings or direct interaction.

NPCI has provisioned non-routine, though, foreseeable events through:

• Business Continuity and Disaster Recovery Plan.
• Orderly Wind-down Plan document.
• Business Continuity Management System document.
• Contingency Arrangements: Contingency arrangements are contained in Orderly Wind-Down plan.
• NPCI's PG & OSG is comprehensive documents where NPCI has included the rules regarding Default Management System, Settlement Cycle and timings, Grievance Redressal Mechanism, Termination of Services, etc.

NPCI discloses all the information with change in rules and procedures to Participants and wherever required to the regulators. NPCI discloses this information through Circulars and dedicated communication channels. Rules and key procedures to the public are disclosed to public through print media, if found necessary.

Key Consideration 2: An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI.

NPCI’s system design and operations are included in Procedural Guidelines (PG), Operating Settlement Guideline (OSG), System Documentation, User manuals and Guides.

Procedural Guidelines and product operations/process flow is disclosed and shared with all the participants at the time of onboarding or in case of any amendment. Technical Specification Document is shared with the members before onboarding.

Degree of discretions are included in participant agreement executed with them. It states that NPCI reserves the right to add, revise, suspend, in whole, or in part any of the product services at any time in its sole discretion.

Roles, responsibilities, rights and obligations are defined in the Participant Agreement and in Procedural Guidelines. These are shared with participant member banks at the time of On-boarding and on periodic basis.

Key Consideration 3: An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI.

Some of the approaches used are as follows:

• Participant Documentation: NPCI provide comprehensive participant documentation, such as, Procedural Guidelines, User manuals and guides. These documents outline the NPCI’s rules and procedures. The documentation also mentions the risk that participants may encounter and the measures to mitigate such risk.
• Training programs: NPCI provides training programs to help participants understand the FMI’s rules, procedures and associated risk.

Participant understands rules, procedures, and associated risk as NPCI, and participant banks sign a service level agreement. Additionally, Training program, Compliance with FMI requirements, etc. help in understanding rules, procedures, and the risks they face.

NPCI communicates to participant and if required, the same is conveyed through meetings and interactions.

Key Consideration 4: An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes.

NPCI provides a detailed price description of their services to participants through procedural guidelines. NPCI’s customers are mostly financial and other institutions and typically does not have any relationships directly with end consumers.

Participants are notified about the changes in fees. NPCI notifies changes in services and fees through issuance of circulars.

Description of the product and services offered by NPCI are published on its website. The pricing structure are shared with the members. The description allow comparison across similar FMIs. NPCI’s customers are mostly financial and other institutions and typically does not have any relationships directly with end consumers.

At the time of onboarding, NPCI discloses information about their technology and communication procedures to the participant banks. It is communicated through procedural guidelines, system documentation, system design, etc.

Key Consideration 5: An FMI should complete regularly and disclose publicly responses to the CPSS-IOSCO Disclosure framework for financial market infrastructures. An FMI also should, at a minimum, disclose basic data on transaction volumes and values.

NPCI completed assessment of PFMI issued by CPSS-IOSCO in January 2023.

As a practice, NPCI performs this exercise on an annual basis.

NPCI discloses every month following statistical information on its website:

• Monthly metrics: Daily / monthly product statistics (both by value and volume).
• Business / technical declines, uptime, and downtime/incidents at product level.
• Retail Payment Statistics on NPCI Platform.
• Data published on RBI website.

Other disclosure such as member performance, abridged SC meeting minutes, statistics, Circulars, Product/services brief, List of participants, etc. has been disclosed on its website.

NPCI discloses information to the public through on its website, press release, etc. The information disclosed on website is in English language.