Executive Board’s assessment
If society is to function properly, its financial infrastructure must be well-functioning and enable payments. Norway has an efficient and secure payment system. Operations are stable and payments can be made swiftly at low economic cost and in ways that are adapted to users’ needs.
The threat landscape has worsened over time, however, and scenarios must be considered where even well-protected systems could become unavailable. Technological advances in financial market infrastructures (FMIs) are also occurring rapidly. Looking ahead, new services and new market entrants may challenge established systems and structures, such as mobile payments in shops, domestic and cross-border instant payments, new payment institutions and new payment arenas such as crypto markets. In addition, central settlement infrastructure also needs to be updated in order to meet future needs.
If Norway’s financial infrastructure is to remain efficient and secure, it must be developed further.
Cooperation with Nordic and European central banks provides the best long-term settlement system solutions
Norges Bank’s settlement system is the core of the Norwegian payment system. The system is efficient and stable, with reliable continuity solutions. At the same time, maintaining an efficient and secure settlement system becomes more demanding with stricter security and contingency requirements. The number of settlement service providers to choose from is limited. The other Nordic countries have joined or are considering joining TARGET, the Eurosystem’s settlement platform. Norges Bank also considers that cooperation with Nordic and European central banks will best serve the settlement system in the long term. Through cooperation, the settlement system will become better equipped to ensure stable operations, protect against attacks and further develop new functions and services. In January 2025, Norges Bank initiated formal discussions with the European Central Bank (ECB) on Norwegian participation in T2. T2 is the core system for settling payments in TARGET services, with functionality similar to Norges Bank’s current settlement system. A final decision will be made once necessary clarifications have been addressed.
A well-functioning system for instant payments is a key component of an efficient payment system. In November 2024, Norges Bank signed an agreement with the ECB on Norwegian participation in TARGET Instant Payment Settlement (TIPS). This means that Norges Bank will use the Eurosystem’s technical platform to settle instant payments, which paves the way for new services such as cross-currency instant payments and new domestic instant payment services.
Even if Norges Bank participates in both T2 and TIPS, it will still be responsible for central bank settlement in NOK. At the same time, participation in the pan-European settlement platform ensures that the Norwegian settlement system is developed to the same extent as in Nordic and European countries.
National control of the payment system must be sufficient
National control means that the authorities have sufficient control capability and freedom of action to maintain critical functions, even in the event of crises or conflicts. Norges Bank is tasked with promoting a secure payment system and contributing to contingency arrangements. A key part is continuously assessing necessary measures for maintaining sufficient national control of critical payment system functions. This must be monitored systematically and in a scheduled manner. Norges Bank will engage in dialogue on this matter with the Ministry of Finance, Finanstilsynet (Financial Supervisory Authority of Norway) and the financial industry.
National control also involves international cooperation. Key payment system functions and services, such as cross-border payments and FX transactions, are essentially international. International cooperation and contributions from experts in other countries can strengthen the operation of and developments in the Norwegian payment system. In some crisis scenarios, available operational or contingency arrangements in other countries can help maintain critical functions in Norway.
Payment system contingency arrangements must be enhanced
The security and contingency arrangements of individual entities are the payment system’s first line of defence. Each entity is responsible for implementing necessary measures based on an assessment of vulnerability and risk. Given the current heightened threat landscape, the possibility that even well-protected systems could become unavailable must be taken into account. To be able to handle such serious situations, contingency arrangements must be enhanced.
A working group appointed by the Ministry of Finance has recently published a report with recommended measures to enhance contingency arrangements in the digital payment system. A number of the measures have also been recommended by the government-appointed Payment Commission. Enhancing contingency arrangements for point-of-sale (POS) payments by expanding the backup solution for BankAxept and establishing an independent backup solution for basic banking services are measures that could have a significant impact on overall contingency arrangements. However, contingency arrangements will not be enhanced until the measures have been implemented. Norges Bank has initiated a process to establish an independent backup solution for its settlement system and will contribute in following up other recommendations in collaboration with the Ministry of Finance, Finanstilsynet and the financial industry.
Enhancing contingency preparedness among the general public and at points of sale is also needed. Sound contingency arrangements among the general public reduce vulnerability for both individuals and the payment system as a whole. Consumers should have alternative means of payment available, including multiple types of payment cards, accounts with different banks and cash. Merchants should make sure that they are able to accept different forms of payment, even when their ordinary cash register systems fail.
The provision of cash services is vulnerable
The vast majority of payments are made digitally, and a secure and efficient payment system is primarily ensured through robust digital solutions. However, even though cash usage is low, cash still plays an important role in the payment system. Cash is crucial for contingency considerations and is the only way to make payments in the event of a complete failure of electronic payment systems. Furthermore, cash is important for individuals who do not have the skills or opportunity to use digital payment solutions.
For cash to fulfil its functions, it must be available and easy to use for the general public and the business sector. Consumers’ right to pay using cash has been strengthened, which is important for ensuring that cash can continue to fulfil its functions. Moreover, Norwegian banks have a legal obligation to ensure satisfactory cash services for their customers in both normal and contingency situations.
However, the provision of cash services today is vulnerable and has certain weaknesses. Most cash handling services are carried out by non-bank entities. Banks’ obligations apply regardless of a well-functioning service provider market, and banks must therefore be prepared to step in and find other solutions to maintain an adequate supply if these entities reduce their services.
Mobile payments must include various payment channels
Mobile payments are rising rapidly and now account for three out of ten payments at physical points of sale (POS). Having the opportunity to choose to pay with a mobile phone is beneficial for users. The extensive use of new mobile payment services indicates that users find them efficient and secure.
Different payment cards and various types of bank transfers should be available as underlying payment solutions to promote competition, cost efficiency and contingency preparedness. For national security considerations, it is particularly important that BankAxept is an available alternative.
Potential systemic risk from cryptoassets must be mitigated
Based on market size, cryptoassets do not pose a threat to financial stability today. At the same time, there are signs of closer interconnections between cryptoasset markets and the traditional financial system internationally. Among other things, this includes cryptoassets packaged into traditional financial instruments, which can be combined with leveraging. This makes cryptoassets more accessible to investors. Stablecoins are emerging and are often backed by traditional financial assets. Such interconnections can be a source of systemic risk. New US regulation of stablecoins and other cryptoassets may contribute to volume growth and increased systemic risk ahead. The EU’s new Markets in Crypto-Assets Regulation (MiCAR), which will also be transposed into Norwegian law, helps counter overall systemic risk from cryptoassets. However, MiCAR does not cover all sources of systemic risk. Regulatory developments will be necessary to counter both systemic risk and threats to the functionality of the monetary and payment system stemming from the emergence of cryptoassets.
Tokenisation is worth looking into
Norges Bank is assessing whether a central bank digital currency (CBDC) is an appropriate instrument to ensure access to a means of settlement trusted by all, even in new payment arenas, and whether a CBDC will facilitate responsible innovation and improve payment contingency arrangements. In addition to retail CBDCs, used by the general public, the Bank is researching wholesale CBDCs to be used as a means of settlement between banks and others with an account at the central bank. Tokenisation in payment and financial systems has received increasing attention in the ongoing phase of Norges Bank’s CBDC research. Tokenisation is a process in which an asset is represented as a digital unit – a token – on a ledger based on distributed ledger technology (DLT). Tokenisation may streamline the financial infrastructure but also entails risk. Facilitating settlement in central bank money can contribute to more efficient and secure transactions in tokenised assets, such as tokenised bank deposits. Norges Bank is currently conducting experimental testing of technology related to tokenisation and central bank settlement. This phase of Norges Bank’s study is scheduled to be completed in 2025.
The Executive Board
28 May 2025
1. An efficient payment system
The Norwegian financial infrastructure is efficient and stable. Payments can be made swiftly and safely at low economic cost. Important milestones have recently been reached in the further development of the infrastructure.
Today’s Norwegian infrastructure is among the most digitalised in the world, with stable operations and few disruptions. Payment methods have undergone major changes in recent years and developments are progressing at a rapid pace. This section discusses some of the main aspects of payment operations and the recent development of key components in the financial infrastructure.
Norges Bank’s settlement system
Norges Bank’s settlement system (NBO) is the core of the Norwegian payment system, and all electronic payments made in NOK are ultimately settled between banks in this settlement system. Norges Bank is the operator of NBO.
The current settlement system is efficient, and operations were stable through 2024 without material deviations. Daily settled payments averaged NOK 350 billion. At the end of 2024, banks had NOK 38 billion in deposits at Norges Bank.
Technological advances and changes in the settlement systems in Norway’s neighbouring countries have made it necessary to initiate work on the next generation settlement system in Norway. In February 2025, Norges Bank announced the commencement of formal discussions with the European Central Bank (ECB) to address remaining clarifications surrounding Norwegian participation in the Eurosystem’s settlement platform, T2. In 2024, Norges Bank decided to establish a new service for instant payments in NOK, and on 28 November the Bank signed an agreement with the ECB to use the Eurosystem’s instant payment platform: TARGET Instant Payment Settlement (TIPS). Norges Bank’s work on the next generation settlement system is discussed in more detail in “Next generation settlement system”.
An important milestone in the further development of the settlement system is the transition to the new ISO 20022 payment messaging standard. The standard was implemented for gross payments in March 2025 and will also be used for net payments in NBO by the end of November 2025. The messaging format that will be used in NBO ahead has been developed in collaboration with the banking industry, the central banks of Sweden and Iceland and settlement system service providers. The transition to ISO 20022 was carried out simultaneously for the settlement systems in Denmark, Norway and Sweden. The format opens up for payment messages with more detailed information than before and facilitates cross-border standardisation across different FMIs. For more details on NBO, see Norges Bank’s settlement system - Annual Report 2024.
Norwegian interbank clearing system
The Norwegian interbank clearing system (NICS) is the banks’ joint system for receiving and clearing interbank payment transactions before they are settled with finality in NBO. Norges Bank has awarded the licence to operate NICS to the financial industry’s infrastructure company Bits AS (Bits), and Norges Banks supervises NICS.
NICS’ operations are stable, with a high degree of availability. There were two severe operational disruptions in NICS in 2024, but the incidents were resolved, and settlement was completed the same day. In 2024, daily settled payments in NICS averaged NOK 405 billion.
Bits has entered into an agreement with Mastercard Payment Services Infrastructure (Norway) AS (MPSI) for the technical operation and management of NICS. Bits is the system owner and is responsible for the system, including the parts outsourced to MPSI. In 2024, MPSI took over full responsibility for NICS operations from Nets, which has operated NICS for several years. Norges Bank imposed conditions for this transition. For example, the physical infrastructure, including data centres, local network infrastructure and similar components, will remain in Norway. In addition, a contingency arrangement including physical infrastructure has been established in Sweden.
Securities settlement and central counterparties
Securities settlement in NOK involves the delivery of securities in accounts at the central securities depository (CSD) and payments made via designated accounts in NBO. To eliminate settlement risk, the seller’s transfer of securities is coordinated with the buyer’s payment through the systems of Norges Bank and the CSD. The Norwegian CSD is operated by Euronext Securities Oslo (ES-OSL). At the end of 2024, the total value of registered securities amounted to NOK 8 020 billion and the number of investor accounts stood at 1 601 089.
ES-OSL is part of a corporate group that includes several other CSDs. Euronext is undertaking a modernisation project aimed at increasing harmonisation across different CSDs and jurisdictions. The solution under development is designed to align with the ECB’s securities settlement platform, T2S. In collaboration with other authorities and the banking industry, Norges Bank is planning to initiate an assessment of potential participation in T2S for the settlement of securities transactions in NOK. This will entail dialogue with other authorities and the financial industry.
In Norway, as in other countries, securities settlement takes place a few days after the trade is agreed upon. To protect against potential counterparty issues during the period leading up to settlement, many trades are settled through a central counterparty (CCP). 1 This applies, for example, to all equity trades on Oslo Børs. The use of CCPs results in positions that must be settled in the Norwegian securities settlement system.
The CCPs most commonly used by Norwegian participants are Cboe Clear Europe (CCE), SIX x-clear, Euronext CCP and LCH Ltd, of which the latter is particularly widely used. In April 2024, the EU adopted an amendment to the regulation to reduce the EU’s dependence on third country CCPs, such as in LCH Ltd in the UK. One of the amendments requires major market participants to use CCPs domiciled in the EU. 2 For the time being, only the largest Norwegian participants will be comprised by the requirements.
FX settlement
In an FX transaction, the parties exchange two currencies with each other. This market is dominated by the largest international banks. In a traditional FX settlement, there is a risk that the counterparties may fail to fulfil their part of the agreement. To reduce the risk associated with FX settlement, the US FX settlement bank CLS was established in 2002, and this bank currently settles FX transactions in 18 currencies3. CLS holds an account at Norges Bank for the settlement of FX transactions involving NOK.
In 2024, banks’ daily trades averaged NOK 832 billion, of which cleared payment obligations to CLS amounted to an average of NOK 25 million (purchased NOK less sold NOK).
CLS has delivered highly reliable services for many years. Due to technical upgrades and the addition of new settlement member banks in recent years, the number of disruptions among CLS participants has increased, but this trend now appears to have been reversed.
Electronic retail payment services
Electronic retail payment services include payments using bank deposits via payment instruments such as payment cards and account-to-account (A2A) transfers.
Finanstilsynet (Financial Supervisory Authority of Norway) is responsible for supervising and overseeing retail payment services systems and regularly publishes reports on the condition of these systems. Norges Bank monitors developments in the use of different means of payment and payment instruments in retail payment services and publishes an annual report on this segment. Retail Payment Services 2024 provides details on developments up to and including 2024.
A key development is strong growth in the number of mobile payments. While such payments have been available in Norway for over a decade, it is only now, in 2025, that usage appears to be increasing significantly. This topic is discussed further in “Mobile payments in shops are on the rise”.
Banknotes and coins
Norges Bank is responsible for meeting public demand for cash in both normal times and times of crisis by supplying banks with cash.
In 2024, the amount of cash in circulation averaged just over NOK 38.5 billion, which is slightly lower than in previous years, reflecting less seasonal variation than before. Cash as a share of narrow money (M1) is 1.4%, placing Norway among the countries with the lowest percentage of cash. However, the amount of cash in circulation does not indicate how often this cash is used for payments. To shed light on this, Norges Bank conducts an annual survey of a sample of Norwegian households. The 2025 survey shows that the public uses cash for 2% of their payments. See Retail Payment Services 2024 for more detailed information about cash usage.
Although cash usage in Norway is extremely low in a global context, cash still serves important functions in the payment system. Currently, there are no alternative means of payment or payment instruments that fulfil all the functions that cash has related to contingency preparedness, financial inclusion and privacy. This topic is discussed in more detail in “Cash still plays an important role in the payment system”.
2. A secure payment system
The financial infrastructure is robust and meets strict security, testing and continuity requirements. Nevertheless, there will always be vulnerabilities, and over time the threat landscape has become more aggressive. Contingency arrangements must therefore be further strengthened.
This section highlights some of the key priorities in Norges Bank’s security and contingency preparedness work in the financial infrastructure
Strengthening contingency arrangements
The security and contingency arrangements of individual entities are the payment system’s first line of defence. Both the authorities and private financial infrastructure operators have a high awareness of risk, vulnerabilities and the necessity of systematic contingency planning. There are strict security and testing requirements, and backup solutions are required. Exercises are conducted regularly, and participants are quick to share information with each other about incidents and threats. Such efficient collaboration promotes good incident management and increases financial infrastructure resilience. Incidents and attacks have rarely developed into severe negative consequences.
At the same time, more serious scenarios that make even well-protected systems unavailable must be taken into account. Europe is now facing the gravest security policy situation since the Second World War, with armed conflict in Ukraine and escalating rivalry between the major global powers. National threat assessments from the Norwegian National Security Authority (NSM), the Norwegian Policy Security Service (PST) and the Norwegian Intelligence Service (NIS) highlight the increased likelihood of sabotage of critical infrastructure and sophisticated cyberattacks from both organised criminals and hostile nation states with significant resources. Climate change increases the probability of natural disasters that can destroy critical infrastructure. Contingency arrangements must therefore be strengthened to deal with more serious scenarios.
Vulnerabilities in the financial infrastructure
Complexity and interdependencies
The financial infrastructure comprises many components that are both interdependent and dependent on underlying infrastructure such as electricity supply and electronic communication. If critical components fail, this can have a rapid major impact on the system as a whole. As a result of the complexity in the number of systems and interdependencies, with associated complex supply chains, the number of potential attack surfaces also increases.
Critical components in financial infrastructure, electronic communication and electricity supply are generally well protected, and backup solutions are in place. But in crisis situations such as war, sabotage or natural disasters, one or more components may nevertheless become unavailable over an extended period. The risk associated with such extreme incidents has risen and the system must be strengthened to mitigate them.
Attractive targets for attack
As holders and managers of substantial assets, banks, key market participants and financial market infrastructures (FMIs) in the Norwegian financial system are attractive targets for various threat actors.
Digital profit-motivated crime is on the rise, and organised crime constitutes a substantial threat to financial institutions and their customers. Armed robbery is currently less common than before, but robbery still occurs. However, instead of banknotes and coins, criminals steal card information, identities and access, as well as sensitive and valuable data. A more tense security policy landscape also means that complex threats, where state and criminal actors collaborate, occur more frequently. Technological advances, such as artificial intelligence, are providing attackers with new tools.
Outsourcing and concentration risk
In recent years, the financial sector’s use of outsourced services has increased. In parallel, the advantages of economies of scale in the operation of IT systems and external expertise have led to the consolidation of IT and data centre service providers in the financial sector.
Outsourcing can lead to better, more cost-efficient and more resilient financial market infrastructures (FMIs). At the same time, a higher degree of outsourcing and concentration constitutes a vulnerability. Many entities use the same software, hardware and system platforms. Among other things, cloud services are becoming more widespread, and the market is dominated by a few multinationals. Dependence on only a few key providers is also the case for a number of critical functions in the Norwegian financial infrastructure. In pace with the rise in market concentration in the provider market, providers’ corporate structures have become more complex and often consist of a number of subcontractors that may be subject to regulation in different jurisdictions. This makes it difficult for authorities and system operators to maintain an overview of providers’ risk exposure in technological security, personnel security and regulatory changes in providers’ home countries.
The Government has, in the White paper on total preparedness1 presented on 10 January 2025 and deliberated by the Storting (Norwegian parliament) on 6 May 2025 and in the National Security Strategy that was presented on 8 May 20252, clearly signalled the need to strengthen contingency arrangements across all sectors. Norway’s work to strengthen total preparedness, including preparedness in the payment system, is well underway. A working group appointed by the Ministry of Finance has recently published a report including recommended measures to strengthen contingency arrangements in the digital payment system. A number of these measures have also been recommended by the Payment Commission appointed by the Norwegian government. The recommendations are discussed in “Contingency arrangements in severe crises”.
Cash is still an important part of the total preparedness of the payment system and is the only alternative should electronic payment solutions fail completely. This is also reflected in “A practical guide to payment preparedness”. However, for cash to fulfil its function in a contingency, it must be available and easy to use in a normal situation as well. This topic is discussed in further detail in,“Cash still plays an important role in the payment system”.
The Lysne III Committee on national control
The Committee defines the government’s national control as:
- Control capability of making effective decisions through, for example, regulation, ownership and agreements
- Freedom of action to carry out decisions as independently as possible from foreign actors and influence.
The Lysne III Committee has focused on making specific proposals on how the government can ensure national control of critical digital communications infrastructure. As stated in the government’s white paper on total preparedness, the Committee’s work has transfer value to other sectors that manage critical infrastructure:
“The Committee will provide the Government with a basis for assessing how we can safeguard and strengthen national control of critical infrastructure, for example through ownership. This also has transfer value to other sectors that manage critical infrastructure, critical value chains and security of supply. It is important for the Government to have a good knowledge base in order to ensure adequate national control of critical infrastructure across different sectors.”
According to the Committee’s analyses, the approach to national control of critical digital infrastructure has so far been on an individual and case-by-case basis. One of the Committee’s recommendations is to establish and maintain an overall strategic vision for Norway’s national control of critical digital infrastructure and an analysis of the gap between the current situation and the strategic vision. This will make the Government’s approach to national control more systematic and planned. The recommendation can also apply to the financial sector.
Safeguarding national control of critical functions
Key financial infrastructure functions and services, such as cross-border payments and FX trades are essentially international. International cooperation and contributions from experts in other countries can strengthen both the operation of and developments in the Norwegian financial infrastructure. In certain crisis scenarios, available operational or contingency arrangements in other countries can help maintain critical functions in Norway.
At the same time, foreign ownership, outsourcing services abroad and dependence on key resources from other countries are elements that can weaken national control, particularly in a crisis or conflict situation. This issue has recently been considered by the Electronic Communications Security Committee (Lysne III Committee) (see “The Lysne III Committee on national control”). The Committee submitted its report to the Ministry of Digitalisation and Public Governance on 28 February 2025.3
Norges Bank will promote a secure payment system and contribute to contingency arrangements. The assessment of whether the authorities have sufficient national control of critical payment system functions is a key part of this. In line with recommendations from the Lysne III Committee, the development and continuous updating of an analysis of national control of critical payment system functions will provide a more comprehensive basis for assessing the need for measures. Norges Bank will contribute to systematic and planned assessments of national control, and maintain dialogue with the Ministry of Finance, Finanstilsynet (the Financial Supervisory Authority of Norway) and the financial sector on this topic in line with strategic priorities in the National Security Strategy.
Operations, security and preparedness in the FMIs are the responsibility of the system owner, regardless of whether or not the service has been outsourced. When multiple tiers of subcontractors have been used, the responsibility extends to the entire provider chain. To fulfil this responsibility, system owners must have sufficient expertise and capacity to manage and control deliveries from their providers. When providers are located abroad, greater effort is needed to gain sufficient insight into their operations and risk exposure in technological security, personnel security and regulatory changes in providers’ home countries. System owners should also have realistic exit strategies for changing providers without disrupting services in instances where operating conditions change in the provider’s home country. These topics will be prioritised in Norges Bank’s dialogue with entities that are subject to the Bank’s oversight and supervision.
Collaboration, exercises and raising awareness
Awareness of a more aggressive threat landscape is generally high in the financial sector, and close cooperation between the authorities and the domestic and international financial sector is an important contribution to incident management and preparedness. The same can be said for regular exercises.
In its white paper on total preparedness, the government announces that it will establish a new council structure for the ministries’ work related to preparedness planning and status assessments in civilian sectors. The aim of the new structure is to improve the ability to maintain the continuity of critical functions, uncover cross-sectoral dependencies and prevent and handle incidents, among other things.
Financial services are defined as one of seven critical functions. For each critical area of society, the responsible ministry must ensure that there are capable preparedness councils in place consisting of relevant participating agencies, private businesses and organisations.
For financial infrastructure, a body has already been established with a mandate that covers most of the objectives in the Government’s new council structure: The Financial Infrastructure Crisis Preparedness Committee (BFI)4. The BFI was established by Norges Bank’s Executive Board in 2000. Since 2010, the BFI has been chaired by Finanstilsynet, which has also served as the secretariat and calls Committee meetings. The Ministry of Finance, Norges Bank and a number of key FMIs participate in the Committee.
Exercises conducted through bodies such as the BFI and others help to increase participants’ understanding of their own and others’ procedures and roles, while also strengthening collaboration. Regular and open dialogue about individual experiences and current challenges helps foster knowledge-sharing among all participants in the financial infrastructure. Highly publicised incidents such as NotPetya, SolarWinds and CrowdStrike highlight the potential for the rapid spread of both operational errors and targeted attacks. Such incidents emphasise that defending against adverse incidents requires strong collaboration and swift information sharing across organisations, sectors and countries.
Exercises also contribute to hardening systems. Vulnerabilities and deficiencies in systems and processes are often detected during testing, providing an opportunity to address these issues before they can be exploited or cause significant disruptions. By challenging systems through exercises, it is possible to prevent prolonged periods of stable operations with few serious incidents leading to reduced vigilance, de-prioritisation of security measures and limited practical experience in activating and using contingency solutions.
Exercises also help to foster a strong security culture. Insider threats, such as rogue employees or mistakes made by employees are particularly difficult to detect and cannot be fully addressed through technological defences. Personnel security and a robust security culture at all levels are essential for preventing, detecting and managing such threats. Norges Bank will follow up on this topic in particular in dialogue with financial sector participants in connection with oversight, supervision and testing in the period ahead.
Advanced threat-led penetration testing
The European TIBER framework provides guidelines for testing financial institutions’ ability to detect, defend against and manage advanced cyberattacks5. Finanstilsynet and Norges Bank are together responsible for the Norwegian implementation of this framework, which was established in October 2021. Active testing began in 2022. Norges Bank has established a dedicated TIBER Cyber Team to assist organisations that wish to perform tests under the TIBER framework with planning, coordinating involved entities, conducting risk assessments, executing and evaluating the tests.
Security tests under the TIBER framework are demanding and expose critical functions, systems and processes within each organisation to realistic attack scenarios carried out by red team attackers. These attacks are based on plausible threat scenarios developed based on assessments conducted by the Norwegian intelligence service, the Norwegian Police Security Service (PST), the Norwegian National Security Authority (NSM) and Nordic Financial CERT (NFCERT). The organisations that are tested own the test results. This is important as the tests may reveal sensitive information related to business operations.
At the same time, sharing insights from these tests enables the payment system as a whole to strengthen its defences. To facilitate this, Norges Bank established the TIBER-NO Forum, where participants can confidentially exchange information and experiences related to TIBER testing in a secure environment for discussing relevant and sensitive issues. The execution of these tests and the sharing of knowledge and experiences both during and after testing significantly strengthens the resilience of individual systems and the financial infrastructure as a whole.
In 2024, Norges Bank completed a TIBER test on its own settlement system, NBO. No critical vulnerabilities were identified, and the system is well-equipped to handle advanced cyberattacks. Nevertheless, areas of improvement were discovered, and Norges Bank has implemented measures to further enhance its systems and processes. This forms part of Norges Bank’s ongoing work on cyber security and risk management, aiming to uphold the highest standards of security and protection.
Testing under the TIBER-NO framework has so far been voluntary. However, with the introduction of the new Act on digital operational resilience in the financial sector (the EUs Digital Operational Resilience Act (DORA) transposed into Norwegian law), threat-led penetration testing (TLPT) will become mandatory for the most significant entities.
Experiences from TIBER testing
To date, seven TIBER tests have been completed, with more underway. Three of the completed tests were cross-border tests of bank branches in Norway. Through testing, Norges Bank has benefitted from general insights into the security of the financial infrastructure. By sharing these insights, others can benefit and address potential vulnerabilities within their own operations before they can be exploited by threat actors.
All organisations routinely perform penetration testing, but none have previously conducted threat-based penetration testing at the level of the TIBER framework. TIBER is a far more comprehensive and demanding method, but it is also significantly more valuable for strengthening cybersecurity. The overall security level is high, especially in systems exposed to the internet. However, security inside outer defences is not always as robust, and many are vulnerable to individuals inside the organisation escalating their access beyond authorised levels.
Another key insight is that organisations invest heavily in security technology, but this investment is not always well adapted to their specific IT environment. This weakens their ability to detect warning signals of cyberattacks. Furthermore, testing revealed concentration risk related to the widespread use of the same security service providers and similar security software. This may lead to difficulties if a service provider’s customers are impacted by an attack at the same time.
The tests also show that human weaknesses can still be exploited through attack methods such as phishing emails. When combined with weak internal work processes, this provides attackers with opportunities.
In addition, there is a clear trend that resilience is inversely proportional to the number of systems an organisation operates. With a large number of systems, the attack surface is large, but security resources are often not scaled proportionally to the size of the attack surface.
Awareness of long-term trends
Not all threats are directly aimed at the financial infrastructure, nor are all vulnerabilities immediate. Some challenges evolve slowly, and trends can also create opportunities (see box).
Long-term challenges and opportunities must be addressed on multiple fronts, not least through effective collaboration and open dialogue between authorities and private entities.
Innovation is beneficial to the payment system, but it must be responsible. In most cases, private stakeholders are best placed to drive innovation and develop new, user-friendly solutions. However, unregulated markets and entities do not always sufficiently take into account societal considerations. Effective collaboration between authorities and private entities is crucial in maintaining an efficient and secure payment system over time.
An example of such collaboration is Norges Bank’s initiative to establish the Norwegian Payment Forum6 in 2024, involving participants from other authorities, the financial sector and other key stakeholders. The Payment Forum is an arena to exchange information and discuss measures and strategies that contribute to the long-term development of the payment system in Norway and internationally. The Forum held its first meeting in June 2024. Matters discussed so far have included Norges Bank’s work on the next generation settlement system, research into a Norwegian central bank digital currency (CBDC), the EU’s work on a digital euro and the implications for Norway, as well as digital identity and financial inclusion.
For many years, Norges Bank has been researching whether a CBDC should be introduced in Norway. A key question has been how to have a precautionary approach to developments that could entail opportunities for or threats to an efficient and secure payment system in NOK. The research is exploring whether a CBDC is a suitable instrument in new payment arenas for ensuring access to a means of settlement in which everyone can have confidence, while fostering responsible innovation and improving payment contingency arrangements. A measure in the project has been the establishment of a technological sandbox where Norges Bank and banks can together test different solutions in practice. This topic is discussed in more detail in “Tokenisation and central bank money”.
One such new payment arena is the increasing prevalence of cryptoassets and stablecoins. An increasing number of interconnections between cryptoassets and traditional finance increases systemic risk associated with cryptoassets. The way in which these assets are regulated will significantly impact the risk they will represent over time. This topic is discussed further in “Stronger interconnections between cryptoassets and traditional finance”.
Long-term challenges
Technological advances: Technological advances occur rapidly, while developments in structures, the design and the regulation of the established financial infrastructure takes time. Although NOK is legal tender in Norway, it is not prohibited to agree on other means of settlement for a transaction. Alternative payment systems and means of payment that are attractive in terms of ease of use and that gain sufficient public trust can quickly become widespread. Multinationals could assume a dominant role in the payment system – even in Norway. This could make safeguarding national societal interests challenging and set the terms for how Norway’s payment system functions.
National centres of expertise: In pace with the outsourcing of an increasing number of support and core services, the operation and development of these services are increasingly based abroad. Even for systems and services located in Norway, critical tasks are often performed by specialists from other countries. This is not unusual in a small open economy, and in most cases, expertise from strong centres of expertise from abroad adds significant value to the Norwegian financial infrastructure. However, if national centres of expertise become too small over time and if distance to the operation and development of critical systems increases, the ability to manage and control service delivery may be weakened.
Confidence in the public sphere: Norway is one of the world’s most digitalised societies, with widespread, high confidence in central IT systems and the entities responsible for them. However, confidence can disappear quickly. Operational incidents that lead to service disruptions or leaks of sensitive information can undermine confidence in systems and institutions. For trust-dependent institutions – such as banks – the potential spread of misinformation on social media presents a potent and potentially destructive weapon of attack. Disinformation or misinformation generally erodes trust in public information. Similarly, card fraud, scams, identity theft, extortion and fear of illegal surveillance can diminish confidence. A loss of confidence may lead more people opting out of using efficient digital solutions.
In focus
Next generation settlement system
It has become necessary to explore the future design of Norway’s settlement system due to technological advances and changes in the settlement systems of Norway’s neighbouring countries. Norges Bank therefore launched a study of the next generation settlement system as part of the Bank’s strategic goals for the period between 2023 and 2025. The overall assessment is that collaboration with Nordic and other European central banks is the best choice to ensure the secure and stable operation of the settlement system in the long term.
The next generation of Norges Bank’s settlement system (NBO) will comprise two separate services, NBO RTGS and NBO INST (see Chart A.1).
Chart A.1: Next generation settlement system

NBO RTGS
NBO RTGS will become Norges Bank’s standing facilities and interbank settlement service. Banks’ accounts with central bank money in NBO and accrued interest on deposits and loans are key monetary policy and liquidity management instruments for Norges Bank. All electronic payments in NOK are ultimately settled between banks in NBO RTGS.1 This is the case for normal payments for households and firms, large payments in financial and FX markets and payments involving the public sector.
For NBO RTGS, Norges Bank has launched a project to make the settlement system more component-based, which means dividing a system into smaller units that can be developed, maintained and updated independently. This provides a number of advantages, including greater flexibility, simpler maintenance and the ability to adjust more swiftly to new needs or technological advances. The measures include isolating functions that are unique to Norges Bank, such as those used to implement monetary policy and liquidity management and the establishment of a national contingency solution for NBO. In addition to strengthening contingency arrangements, the measures will also simplify the transition to a new settlement system in the future.
Predictability is important for providing appropriate framework conditions for further financial-sector development of payment and settlement services. Norges Bank has assessed two alternatives for the future NBO RTGS: acquiring a new dedicated platform for NBO, as is in place today, or connecting to a common platform through the Eurosystem’s T2, as the other Nordic countries are now doing. As neighbouring central banks have decided to migrate to T2, Norges Bank will no longer have the option of working with them in following up service providers and further developing a dedicated platform.
The Bank’s current assessment is that collaboration with other central banks is the best long-term choice. This would make the Bank better equipped to ensure stable operations, protect the settlement system against attacks and further develop new features and services.
Norges Bank has initiated formal discussions with the European Central Bank (ECB) and thus commenced a process with a mutual exchange of information for necessary clarifications. Among other things, more information is needed for addressing certain remaining questions related to security and contingency arrangements. Designing an appropriate model for smaller banks’ participation in T2 is also necessary.
For Norges Bank, T2 participation would mean that Norges Bank retains control of NOK settlement, as well as liquidity management and monetary policy. Ensuring national control also means that the authorities have sufficient control capability and freedom of action to maintain critical functions in the event of crises or conflicts. T2 contingency arrangements are comprehensive and will, together with the establishment of a national contingency solution, provide a resilient settlement system. Norges Bank will engage in dialogue with the Ministry of Finance and the Norwegian National Security Authority on this matter.
Norges Bank works closely with Riksbanken and Nationalbanken to ensure a common approach to the development of the settlement system. This collaboration provides opportunities for knowledge-sharing and the harmonisation of payment solutions across countries.
The next generation settlement system and T2 participation have been circulated for public comment. The financial industry and other stakeholders were asked for input about participation in the Eurosystem’s common T2 platform. The Bank was particularly interested in feedback on functionality and the implementation project, as well as on opportunities and innovation that participation in T2 may provide. The submission deadline for consultation responses was 16 May 2025. Norges Bank has received eight consultation responses, and these are published on the Bank’s website (in Norwegian only). Submissions will be considered in the Bank’s further work and in the involvement of the financial industry and other market participants.
A final decision will be made once the necessary clarifications have been addressed. Norges Bank aims for the decision basis to be ready in the course 2026.
NBO INST
NBO INST will become Norges Bank’s instant payment settlement service with around the clock availability. Instant payments ensure that payees receive money directly into their accounts seconds after payments are made – 24/7/365.
Norges Bank has decided to establish NBO INST as a new service for instant payments in NOK and signed an agreement with the European Central Bank (ECB) to participate in TARGET Instant Payment Settlement (TIPS) on 28 November 20242. Participation in TIPS3 means real-time gross interbank settlement, ie each transfer is settled individually in central bank money on the Eurosystem’s platform.
The implementation project for NBO INST has now been established. The project includes the establishment of instant payments in NOK and the migration of existing participants from NICS Real, the current instant payment solution. The instant payment service is scheduled to become operational in the first half of 2028.
In cooperation with the financial industry, Norges Bank will plan for the transition to the new settlement service to be implemented at the lowest possible risk for all parties involved. It is appropriate to assess other services, such as cross-currency instant payments, participation for new types of market participants and the development of new instant payment services for firms and the public sector.
The NBO INST service for instant payments will be competitively neutral, secure and efficient and facilitate faster and more efficient money transfers to and from users in other Nordic and European countries.
An important focus area for the Eurosystem is cross-border and cross-currency payments (see box below). This supports the G20’s targets for enhancing the efficiency and security of global payment systems. Like the central banks of Sweden and Denmark, Norges Bank is considering implementing such payment solutions in NOK. Cross-currency instant payments will promote a more integrated payment infrastructure between Norway, the Nordic countries and the rest of Europe, while also potentially strengthening competition and payments innovation.
The EU Instant Payment Regulation (IPR) is expected to be transposed into Norwegian law. Upon transposition, the regulation will require that both settlement and payment systems allow for new types of market participants, such as payment and e-money institutions. This may foster innovation and the development of new services that can meet future market needs.
Cross-border payments in the Eurosystem
In October 2024, the ECB launched initiatives to improve cross-border and cross-currency payments1. These initiatives can be classified into two work streams:
Implementing cross-currency settlement services in TIPS: This will allow payments originating in one currency to be settled in another currency - in central bank money. Initially, three currencies: the euro, the Swedish krona and the Danish krone will join the initiative, which could expand to include other currencies onboarded to TIPS in the future.
Exploring possible links between TIPS and other real-time settlement systems: Among other things, this includes joining the multilateral network of instant payment systems, Project Nexus, led by the Bank for International Settlements (BIS), and establishing a bilateral link with India’s Unified Payments Interface (UPI).
The ECB emphasises advantages such as reduced costs, increased speed and transparency of cross-border payments, including remittances. More attractive cross-border payments in participant country currencies also strengthen monetary sovereignty as interlinking prevents currency substitution and the domination of the market by a few global payment institutions.
At the same time, difficult challenges must be overcome, including harmonising standards and regulating in multiple jurisdictions. Proper governance and oversight structures, including ensuring compliance with anti-money laundering requirements and countering the financing of terrorism, must also be established. Analysis and evaluation of the benefits and challenges are a part of the exploratory work being conducted by the Eurosystem.
1 See ECB (2025a).
TARGET Services
The European Central Bank (ECB) defines the Eurosystem as a collaboration between EU member countries that use the euro. The Eurosystem has established and operates TARGET Services.
TARGET Services include the following :
- T2, which consists of a real-time gross settlement (RTGS) component and a central liquidity management system (CLM) component
- TIPS, the system for real-time gross settlement
- T2S, the securities settlement platform
The central banks of EEA countries that are non-EU members are allowed to participate in TARGET.
There are currently 20 central banks that use the Eurosystem’s (T2) settlement system in EUR, and since April 2025, these also include Danmarks Nationalbank for settlement in Danish krone.
TIPS is a market infrastructure service launched by the Eurosystem in November 2018. It enables payment service providers to offer fund transfers to their customers in real time and around the clock, every day of the year. TIPS settles instant payments in central bank money and processes payments in EUR, SEK, and, as of April 2025, also in DKK.
At the top of TARGET’s governance structure is the Governing Council, in which only euro area countries participate. The Market Infrastructure Board (MIB) is responsible for the operation and development of Target Services. Central banks participating with their own currencies hold two MIB seats. Like the central banks in Sweden (the Riksbank) and Denmark (the Nationalbank), Norges Bank will participate in the Non-Euro Currency Steering Group, which puts forth matters to the MIB.
Contingency arrangements in severe crises
The threat landscape has worsened over time, and the eventuality that even well-protected systems and continuity solutions could become unavailable must be taken into account. Contingency arrangements must be strengthened to deal with more serious situations.
In order to pay for goods and services, the payment system must function. Economic activity will come to a halt if payments cannot be made. As payments are now primarily made electronically, a disruption to parts of the electronic payment system will quickly have major ramifications.
The Norwegian payment system is secure, efficient and stable, with few disruptions. Continuity and contingency arrangements are in place for critical functions and systems, and these arrangements are subject to regular testing. A worsening threat landscape means that Norway must be prepared for more extreme scenarios where even well-protected services critical to society become unavailable. Internationally, there have been examples of serious incidents in most parts of the payment system, from cash register and card terminal systems at points of sale (POS) to banks’ customer systems and key clearing and settlement systems. Norway must be prepared that such incidents could also impact Norway.
In recent years, the authorities have launched several initiatives to explore whether and, if so, how contingency arrangements in the payment system should be strengthened:
- In 2023, the Government appointed a commission to explore how society can ensure secure and simple payments for all, including an assessment of the need to strengthen contingency arrangements. The Payment Commission submitted its report in November 20241.
- In 2023, the Ministry of Finance issued a mandate to a working group comprising representatives from the banking industry and the authorities to consider the need to strengthen contingency arrangements in the digital payment system. The working group submitted its assessments in February 20252.
The Payment Commission and the working group have recommended several measures to strengthen the ability of the payment system to function also in a serious crisis. The proposed measures aim to strengthen contingency preparedness throughout the payment value chain: at points of sale, at banks, in clearing and settlement systems and in households. If the recommended measures are implemented, alternatives would be established for the most common form of payments for almost the entire payment value chain (Chart B.1).
Chart B.1: Backup solutions for all links in the payment chain

Source: Norges Bank
Points of sale would then have alternative solutions to send payments and be able to use different communication infrastructures. There would be a backup solution for basic banking services, as well as backup solutions for clearing and settlement. Norges Bank supports the recommendations of the working group.
Some of the key measures recommended by the Payment Commission and the working group are described below.
Enhanced contingency arrangements at points of sale
Firms, in particular those that sell basic necessities, should consider having contingency arrangements in place in the event of card terminal or cash register failure or disruption to their regular communication infrastructure. There are a number of ways in which points of sale can prepare for such incidents, and some retailers already have alternative solutions in place to deal with incidents where ordinary payment solutions become unavailable. One such arrangement is having alternative cash register systems, another is having contingency terminals from an alternative provider and a third is having agreements in place for the use of alternative methods to communicate with the underlying payment infrastructure (terminals with mobile broadband access, satellite communication options etc). The firms themselves have an interest in maintaining operations. Sound contingency preparedness among firms will be in addition to the contingency arrangements already integrated in the payment system.
Expanded continuity and contingency solutions for card payments
Maintaining the public’s opportunity to pay by card is key to ensuring that they have access to basic necessities. Currently, backup solutions for BankAxept cards ensure that the public can pay for basic necessities for a full week in the event of communication disruptions between points of sale and the underlying payment infrastructure. So far, the solution has proven sufficient to handle almost all incidents. Since the solution was introduced in 2021, the balance of risks has shifted, and it must be assumed that extreme weather events that impact communication locally and regionally will occur. Both the working group and the Payment Commission have proposed a further expansion of BankAxept’s backup solution for basic necessities and to take into account situations where systems or communication will be down for more than a week.
Independent contingency arrangements for the banking system
Banks hold the public’s savings and current funds and make them available for use. Banks perform a critical role in society and are subject to strict requirements relating to security and contingency and the testing of continuity and disaster preparedness solutions. Banks work to reduce their risk and ensure that their services remain available. Major operational service disruptions are few and far between among Norwegian banks.
However, cyberattacks are becoming increasingly sophisticated and attacks on firms’ backup copies are also increasing. There have been examples internationally where banking data has been encrypted, which can also happen to Norwegian institutions.
Some countries have implemented measures to handle outages in banks’ core systems (see box below). Two contingency arrangements are particularly relevant in such situations (Chart B.2): One is establishing an independent data vault into which banks report information on customers’ deposits and loans. The data vault should be completely separate from banks’ regular systems to prevent the same incident from also making these data unavailable and could be a shared resource for the banking sector. The other measure is establishing independent solutions that can continue the operation of account and payment solutions for banks that experience severe operational disruptions (for example as a result of a cyberattack).
Chart B.2: A backup solution for banks

Source: Norges Bank
Contingency arrangements for banks and payments in various countries
In 2022, Finland implemented a new Act for arrangements to ensure supply chain security in the financial sector. The Act describes two separate systems for enhanced contingency arrangements for payments: one independent solution for contingency interbank clearing and settlement, and one solution which includes daily account reporting solutions and independent contingency arrangements for basic banking services, including giro and card payments. The solutions have been operational since the implementation of the Act.
In Denmark, a system for offline card payments for basic necessities was recently implemented, supported both in the national Dankort card system and in some international card systems. In Sweden, offline card payments are possible to some extent, and the industry is working with the authorities to implement more extensive support for offline card payments for basic necessities.
In the Baltics, offline Visa card payments have been possible in Estonia since 2024, while a similar solution was introduced in Latvia through a new Act which took effect on 1 January 2025.
Iceland, like Sweden, Finland and the Baltics, has no national card system like BankAxept in Norway. In order to ensure that digital payments can be made if card systems are unavailable, efforts are underway to establish a Request to Pay (RTP) solution for use at points of sale. This will be an account-to-account payment solution and thus not use card networks.
Ukraine has established a concept called Power Banking. This currently consists of around 2400 geographically distributed branches of many different banks that are equipped with backup power sources and communication channels. These branches provide basic banking services to customers, irrespective of which bank they use
In 2015, a number of financial institutions, service providers and national trade associations in the US founded the organisation Sheltered Harbor. Sheltered Harbor provides standards and processes for how financial institutions can create independent contingency arrangements for their core services, in particular for maintaining account access and payments in a scenario where the firm’s regular systems and continuity solutions become unavailable. Sheltered Harbor also certifies the solutions introduced by the firms. Unlike Finland, where solutions are owned by the authorities and participation is mandatory, Sheltered Harbor does not provide any set solutions, certification is voluntary and the authorities do not require firms to join up.
Enhanced preparedness for interbank systems
Clearing and settlement are two of the key subsystems in the payment system. As a result of a disruption or failure in these systems, payment services could come to a halt and could rapidly lead to major consequences for society.
Today, contingency arrangements have been established for these systems, but they may also become unavailable in some situations. To further ensure that payments can be cleared and settled even in more extreme situations, additional contingency arrangements should be established.
Norges Bank has begun work to establish such an independent contingency arrangement for Norges Bank’s settlement system. It is important that independent solutions are also in place for payment clearing.
Preparedness among households
Sound contingency arrangements among banks and other payment system participants are the first line of defence in dealing with disruptions and serious incidents affecting electronic payment services. But households can also play a part in limiting the consequences of electronic payment infrastructure failure.
Households should have multiple payment methods, including multiple types of payment cards, some available cash and accounts in several banks. Households that use mobile phones for payments should in addition have a BankAxept card. In some instances, current contingency arrangements for card payments require authorisation using a physical card.
Norges Bank has updated its advice on payment preparedness, which now specifically recommends having a BankAxept card available, see Norges Bank’s web page on payment preparedness. Similar advice can also be found at Norwegian Directorate for Civil Protection (DSB) Safe everyday life.
The availability of cash in the event of failure in electronic solutions
Norwegian banks’ obligation to ensure satisfactory cash services also applies in the event of failure in electronic payment solutions. In-store cash services (KiB) have become a significant part of banks’ cash services, but KiB does not function when BankAxept’s back-up solution kicks in. This means that a large part of the ordinary cash supply will be disrupted in situations where the backup solution is in use.
The deposit and withdrawal of cash in the KiB solution should therefore be facilitated in a very severe crisis, also when the expanded BankAxept backup solution is in use. This will increase availability and make cash circulation more efficient in a contingency.
Alternative ID solutions
Both for reasons of preparedness and to ensure that everyone has access to basic banking services, it is important that there are alternatives to BankID for identification needed for online banking login and in connection with payment authentication.
Cash still plays an important role in the payment system
Even though cash usage is low, cash has key functions in the payment system. Cash is crucial for contingency considerations and for financial inclusion, but for it to fulfil its functions, it must be sufficiently available and easy to use.
Developments over time have shown that this is not ensured by the market alone, and that regulation is therefore necessary. Norwegian banks are under statutory obligation to provide satisfactory cash services to their customers in both normal and contingency situations. Furthermore, consumers’ right to pay cash has been strengthened.
Cash has important characteristics
At present, there are no alternative means of payment or instruments that can match all the functions of cash related to, among other things, contingency arrangements, financial inclusion and privacy.
Cash is physical and both a means of payment and a payment instrument in one.1 Cash can be stored and used independent of third parties or electronic systems, and settlement is immediate and final upon receipt. This means that cash can also be used for payments in situations where the electronic payment system fully or partly fails. Cash is also important in terms of financial inclusion as it does not require digital literacy, bank account access or electronic instruments.
In addition, cash provides the general public with access to central bank money. Among other things, this means that cash is without credit risk, and the ability to exchange deposit money into cash at parity has traditionally been viewed as supporting confidence in deposit money. As an alternative to deposit money and electronic payment solutions, cash provides additional options in the payments market and may have a disciplinary effect on providers of electronic payment solutions.
Cash is also unique in that it has legal tender status (cf Section 3-5(1) of the Central Bank Act). This means that, unless another means of payment is agreed upon in advance, creditors and debtors have a mutual obligation to accept banknotes and coins as settlement for a claim. Section 2-1 (3) of the Financial Contracts Act provides special provisions on consumers’ right to pay cash (for more details, see the section on the right to pay with cash).
Furthermore, the physical characteristics of cash provide a higher degree of privacy as it leaves no digital trace. Making cash payments also allows some users to better handle their personal finances.
Since cash is physical, it is primarily suited for payments at physical points of sale or in other settings where payers and payees meet in person and the amounts are moderate. These types of payments can be significant for participation in everyday life and are considered an important part of being able to make payments in contingency situations. Norges Bank and the Norwegian Directorate for Civil Protection (DSB) therefore recommend that the population keep some cash, preferably in small denominations, as part of their contingency arrangements for payments.2
Cash usage in Norway is low
The value of cash as a share of M1 (the value of the general public’s means of payment holdings) has declined over a long period. Thirty years ago, cash accounted for over 17% of M1 but accounted for approximately 1.4% in 2024. This is very low in a global context. Nominal values have also shown a decline over the past ten years. In 2024, the value of cash in circulation was 23% lower than in 2015. The “cash paradox” that is common in many other countries, which is when the amount of cash in circulation increases even though cash payments decline, has not been observed in Norway.
In 2024, the amount of cash in circulation averaged just above NOK 38.5bn. In addition to a decline in the average amount for the year, seasonal variations have been less pronounced in recent years. However, the amount of cash in circulation does not provide an indication of how often cash is used for payments. To shed light on this, Norges Bank conducts an annual survey where a sample of Norwegian households are asked about recent payments. In 2025, this survey showed that 2% of respondents reported using cash for their most recent payment. This makes Norway one of the countries with the lowest cash usage in the world. (For more detailed information on this subject, see Retail Payment Services 2024.)
Norges Bank and banks are responsible for ensuring that cash is available
Norges Bank is responsible for meeting the general public’s demand for cash both in normal times and in crisis situations, by supplying banks with cash from five central bank depots across Norway. To address more severe crisis scenarios, Norges Bank has modified and strengthened its cash contingency arrangements in recent years, inter alia in terms of both volume and geographic distribution of cash. For more detailed information about Norges Bank’s cash handling activities, see Setlar og Myntar Årsrapport [the Notes and Coins Report] (in Norwegian only).
Banks are responsible for the further distribution of cash to their customers. Section 16-4 of the Financial Institutions Act stipulates: “Banks shall, in accordance with customer expectations and needs, accept cash from customers and make deposits available to customers in the form of cash”. This duty means ensuring that private individuals are sufficiently able to withdraw and deposit cash, and that businesses must be able to access change and to deposit cash revenue. This includes both sufficient geographical availability and other necessary functionality. Section 16-7 of the Financial Institutions Regulation stipulates that this obligation also applies when demand for cash has increased as a result of disruptions in electronic payment systems. The obligation applies to all Norwegian banks and can be met under the auspices of the banks themselves or through an agreement with other cash service providers (cf Section 16-8 of the Financial Institutions Regulation).
The provision of cash services is vulnerable and has certain weaknesses. Norges Bank has previously pointed out that the situation is not satisfactory for business customers with large volumes of cash.3
In-store cash services (KiB), a service for cash deposit and withdrawal available in approximately 1450 of NorgesGruppen’s grocery stores, now accounts for a substantial portion of banks’ cash services. The solution requires the use of a BankAxept card and PIN code and depends on functioning POS terminals and electronic systems. The KiB services are largely adequate for most consumers but are only available to BankAxept cardholders. The solution also fails to meet business sector needs for change and larger volume deposits.
The cash handling companies Nokas and Loomis play a key role in the cash supply chain. They account for most cash handling between central bank depots and public services. They also provide their own cash services in the form of ATMs, night safes and other cash handling services directly with the business sector, which includes providing change and collecting cash revenue and ensuring that business customers can deposit their cash revenues into their bank accounts.
The fact that most cash handling processes and cash services are carried out by entities that are not legally obligated to do so constitutes a vulnerability. The responsibility of banks to supply cash applies regardless of a well-functioning service provider market. Consequently, banks must be prepared to establish other solutions to meet their obligations if these entities were to reduce or discontinue their services.
A more preferable situation would be if banks were to collectively secure satisfactory cash services across Norway, so that cash could fulfil its functions without detailed regulation. In Norges Bank’s view, if banks do not find satisfactory solutions themselves, more detailed regulation should be drawn up.
Focus on contingency situations
In Norway, payments are primarily processed digitally, and electronic contingency arrangements are the first line of defence in the payment system. However, cash also remains an important part of overall payment system contingency arrangements.
BankAxept has a backup solution that kicks in, for example, when POS communication fails. It is a weakness in terms of contingency preparedness that KiB services do not function when the BankAxept backup solution kicks in.4 This means that a large part of the ordinary cash supply is disrupted when POS terminals are off line, making it difficult to obtain cash for purchases in shops that are not part of the backup solution.
In NOU (Official Norwegian Reports) 21:2024, the Payment Commission recommends that in severe crises situations, it should be possible to deposit and withdraw cash through the KiB solution even when the BankAxept backup solution is in use. Norges Bank agrees that this could be a useful solution in such situations. At the same time, banks’ obligation to supply cash services also applies in less severe crisis situations.
Cash’s ease of use
In 2024, the Storting (Norwegian parliament) passed legislative amendments to the provisions of the Financial Contracts Act relating to consumers’ right to pay with cash. The amendments were largely clarifications of existing rules but are also considered to have strengthened this right.
According to the amendments, consumers will be able to pay with cash at points of sale where a business regularly sells goods or services to consumers, provided that goods or services can be paid for with other means of payment at the point of sale or in the immediate vicinity. Exceptions are made for sales of goods from vending machines, sales in unmanned sales premises and sales in premises to which only a limited group of persons have access. Furthermore, an amount limit of NOK 20,000 has been set. Separate provisions have also been adopted, so that separate rules can apply for passenger transport services.
The amendments also provided a legal basis for imposing infringement fines. In line with this, the Ministry of Children and Families has amended assessment regulations so that from 1 May 2025, businesses risk infringement fines in accordance with these regulations if they refuse to accept cash payments from customers.
Norges Bank is of the opinion that the clarification was important for ensuring that cash can continue to fulfil its functions in the period ahead, and that the amendments were appropriate given current circumstances and needs. The amendments emphasise the need for cash services at retail outlets.
Cash payment should remain free of charge
Norges Bank is generally of the opinion that merchants and users should be incentivised to choose the most cost-efficient solutions, for example by presenting consumers in a payment situation with the costs of the various payment instruments. However, there are various factors and considerations that complicate whether to charge fees at the time of payment.
According to the Payment Commission in NOU (Official Norwegian Reports) 21:2024, cash payments should remain free of charge at the time of payment because of different considerations such as those related to financial inclusion. Not everyone has access to the digital payment system, meaning that their only choice of payment instrument is cash. Furthermore, the Commission points out that the consideration of cash’s role in a contingency situation must be given weight. The Commission also points out that the Financial Contracts Act imposes restrictions on merchants’ ability to charge payment fees.
Norges Bank supports the Commission’s assessments and conclusion that cash payments should continue to be free of charge. In particular, charging fees seems unreasonable for carrying out ordinary purchases in a contingency situation where cash is the only option. Costs related to the contingency role of cash in society should be distributed among all users, regardless of the means of payment they otherwise use on a day-to-day basis.
1 A means of payment is a claim that is transferred between buyer and seller as payment for goods and services. There are currently two main means of payment: cash, which is a claim on Norges Bank, and bank deposits (deposit money), which are claims on banks. Electronic money (e-money) is a third means of payment. Payment instruments are the tools used to transfer means of payment. These can be divided into three main groups: cash (which in turn is also a means of payment), payment cards and bank transfers.
2 The recommendations for individual contingency arrangements are presented in “A practical guide to payment preparedness” and on Norges Bank’s website (in Norwegian only).
3 See Norges Bank (2021).
4 See further discussion of BankAxept’s backup solution in “A practical guide to payment preparedness”.
Mobile payments in shops are on the rise
It was possible to use a mobile phone to make payments in shops in Norway as early as 10 years ago. It is not until 2025, however, that mobile payments appear to be taking off in earnest. Over the course of 2024, several new mobile payment solutions were adopted, and more bank customers gained access to existing solutions. In 2024, Norwegian banks’ own card system, BankAxept, also became available for mobile payments. Three out of ten payments at points of sale (POS) terminals are now made using mobile phones. The high use of new mobile payment services indicates that users find them efficient and secure. Different payment cards and bank transfers should be available as underlying payment solutions as this promotes competition, cost efficiency and contingency preparedness.
The first mobile payment solutions at points of sale came to Norway in 2014. Usage increased when Apple Pay and Google Pay were launched in 2018. In spring 2025, mobile payments accounted for 30% of payments at points of sale (POS) in Norway (Chart D.1).1
Chart D.1 Payment methods at points of sale
Percent of the number of payments

Source: Norges Bank
Mobile payment is a payment method. Payments made using a mobile phone use an underlying payment instrument, ie either a payment card or a bank transfer. Mobile payments at points of sale (POS) can be either terminal-based or web-based.
- Terminal-based mobile payments are made through card terminals using contactless technology, ie near-field communication (NFC2), in the same way as with physical cards. Two well-known terminal-based solutions are Apple Pay and Vipps NFC (see below).
- Another type of mobile payment involves a direct connection to the payment service provider over the internet (instead of communicating with the payment service provider via a physical card terminal). Trumf Pay and Coopay from two Norwegian grocery chains are examples of web-based solutions.3
Norges Bank’s payment statistics provide an overview of all payments made at card terminals. The statistics distinguish between payments made with physical cards and payments made with other mobile devices such as phones, watches and wristbands. In 2024, other mobile devices, primarily mobile phones, accounted for 279 million payments or 12% of total card terminal payments.
The payment statistics do not provide information on the number of web-based mobile payments at POS terminals. In the statistics, these are part of regular online purchases. Nevertheless, combined data from the payment statistics and the surveys suggest that web-based mobile payments also account for a significant number of payments.
New in mobile payments
Several launches in 2024 are likely to lead to increased use of mobile payments ahead:
- In August, Trumf Pay was launched. This is a web-based mobile payment platform for payments made at Norgesgruppen’s shops. The solution combines mobile payment with Norgesgruppen’s customer loyalty program. Payment is initiated as either a card payment (BankAxeptt) or as a bank transfer, depending on the payer’s bank. Customers of participating banks account for well over half of all bank customers in Norway.
- On 9 December, Vipps launched its NFC contactless payment solution. Vipps NFC is a terminal-based solution and payment cards are the underlying payment instrument. The solution is the first outside of Apple Pay to make use of NFC technology in iPhones for payments. Identical to Apple Pay, payment is made by tapping the phone on the card terminal. Vipps NFC is also available for users with mobile phones other than iPhone. The solution is now available for an estimated 70% of Norwegian bank customers. Some Nordic banks are among the market participants that, for the time being, do not offer Vipps NFC.
- The day after Vipps launched its solution, DNB and Eika Gruppen made Apple Pay available to their customers. These banks did not wish to offer Apple Pay until Apple opened its NFC technology to third-party payment solutions from providers such as Vipps. DNB and Eika Gruppen have long provided similar solutions for other systems on mobile phones, such as Google Pay and Samsung Pay. Due to the launch of Apple Pay for DNB and Eika, most Norwegian bank customers have access to the solution. SpareBank 1 customers will be offered the solution from summer 2025.
Underlying payment instruments used for mobile payments
Chart D.2 shows payments made with cards issued in Norway by card network and function. BankAxept is the debit card system of Norwegian banks. International cards is a collective term for cards issued by Norwegian banks and other issuers under licence from international card networks such as Visa and Mastercard. Until recently, BankAxept has primarily been used for payments made with physical cards at domestic points of sale. International cards can also be used for online purchases, mobile payments and payments abroad.
In millions of transactions

BankAxept had a dominant position in the market when most card payments were made with physical cards at POS terminals in Norway. Over time, online shopping payments, mobile payments and payments abroad have made up an increasing share of card payments. In 2024, payments made with BankAxept accounted for 49% of payments made with Norwegian cards.
Over the course of 2024, a number of mobile payment solutions opened up for payments with BankAxept, but there are also a number of banks that have not integrated BankAxept into the different solutions:
- Since May 2024, the DSS banks (a collaboration of independent savings banks, now part of Lokalbank-alliansen) have worked to add co-badged cards in Apple Pay for their customers. DNB and Eika Gruppen did the same in December 2024. When co-badged cards in mobile phones are used at card terminals, the merchant selects the card payment network, but the payer can override the merchant’s selection. Most of these payments are likely made through the BankAxept network as this is the least expensive option for the merchant in many cases.
- Trumf Pay offers several payment options. Payments can be made through the BankAxept’s electronic network (eBetaling), directly from bank accounts or through a Trumf credit card (own network). Trumf Pay does not support international cards. Many of the payments in the solution are made with BankAxept.
- BankAxept was made available in Coopay from February 2025. Previously, only international cards have been used in this solution.
- Vipps NFC only supports BankAxept cards. There are plans to include international cards in Vipps NFC before summer 2025 to enable the solution to be used abroad.
- Other terminal-based solutions, such as Google Pay and Samsung Pay, only support international cards.
What does the growth of mobile payments mean for efficiency in the payments market?
It has been a few years since mobile payments cornered the peer-to-peer (P2P) transfer market. Mobile payments are also likely to achieve a dominant position in the POS payment market further out.
An efficient payment system carries out payment transactions swiftly, safely, cost-efficiently and tailored to users’ needs. Having options is beneficial for users as they can then choose the payment method that best serves their needs, such as paying by plastic cards, cash or mobile phones. The high use of the new mobile payment solutions indicates that users find them efficient and secure. Users may also prefer different payment instruments (eg different types of payment cards and bank transfers) as they can cover different needs.
Most payments in shops – using either plastic cards or mobile phones – are now made via different card networks. For many points of sale, for example in the grocery sector, BankAxept is often the least costly payment option. The fact that mobile apps integrate BankAxept into their payment solutions therefore promotes cost efficiency.4 For other points of sale, trading structures may differ, and international cards may be the least costly and the most preferred payment option.5 In Norges Bank’s most recent cost survey, BankAxept had considerably lower overall economic costs per payment than international cards.6 Instant payments – where the funds are made available to the payee in seconds – and other types of bank transfers may be additional payment options.
The availability of multiple card networks and underlying payment instruments with different features is important for meeting user needs and for competition and helps to keep costs low. This also increases the resilience of the payment system if one of the solutions were to face difficulties.
Mobile payments may become so widespread that the general public no longer carries physical cards. As current back-up solutions at points of sale are based on physical BankAxept cards, mobile payments would not work in cases where terminals become disconnected. A payer without a physical card is therefore more vulnerable to disruptions. Mobile phones can also deplete their batteries and be vulnerable to other malfunctions.
It is positive that shops can select a preferred solution in co-badged cards, in line with regulation. Payers must have real opportunities to override solutions chosen.7 At the same time, there is room for improvement. For the time being, there are few payment channels that use bank transfers, including those in real-time. Participants in the mobile payments market should provide more underlying payment channels. Furthermore, not all banks have facilitated mobile payments with BankAxept.
1 Results from annual surveys conducted by Norges Bank. Points of sale include shops, restaurants, vending machines, hairdressers, transportation services etc. See also Norges Bank (2025a).
2 Near Field Communication
3 See Norges Bank (2024b), Section 3 for more details.
4 BankAxept also plays an important role as a back-up system and cash service provider (see further discussion in “Contingency arrangements in severe crises”).
5 At the same time, international cards from for example Visa and Mastercard are necessary in a number of areas. Online shopping and card payments abroad mainly use these systems.
6 Norges Bank (2022). The survey included data from 2020.
7 See Norges Bank (2024b).
Stronger interconnections between cryptoassets and traditional finance
Based on market size, cryptoassets do not pose a threat to financial stability today. However, an increasing number of interconnections between cryptoassets and traditional finance increases systemic risk associated with cryptoassets. New US regulation of stablecoins and other cryptoassets may contribute to volume growth and increased systemic risk ahead. The EU’s new Markets in Crypto-assets Regulation (MiCAR), which will also be transposed into Norwegian law, helps counter overall systemic risk from cryptoassets. However, the Regulation does not cover all sources of systemic risk. Regulatory development will be necessary to counter systemic risk and threats to the functions of the monetary and payment systems stemming from the emergence of cryptoassets.
Increased systemic risk posed by cryptoassets
Following the announcement of the result of the presidential election in the US in November 2024, the prices of many cryptoassets increased markedly and the price of bitcoin reached record highs (Chart E.1). Prior to the election, Donald Trump had announced plans for a Strategic Bitcoin Reserve1 and a more accommodative regulatory regime for the cryptoasset industry.
Daily data, 1 May 2024 – 20 May 2025

Sudden appreciation of cryptoassets has often been followed by sudden depreciation. The absence of a shared understanding of fundamental values may promote self-reinforcing expectations of depreciation. There are often spillovers of market shocks. An example of this is the collapse of the algorithmic stablecoin USD Terra in spring 2022, which was a contributing factor in the fall in prices of other cryptoassets and the bankruptcies of several market participants.2
Systemic risk in connection with cryptoassets is, among other things, associated with such self-reinforcing price volatility combined with correlated and often leveraged investment behaviour.3 Emerging interconnections between cryptoassets and traditional finance increase the risk of contagion from cryptoasset markets to financial markets. Even though the value of cryptoassets is relatively small compared with traditional finance, market growth and increasing interconnections with traditional finance can in time threaten financial stability.
Increased availability of services and products provides exposure to cryptoassets
Cryptoassets are accessible through controlling cryptographic keys in ledgers based on decentralised technology.4 Should control of the keys be lost to another party, it may be impossible or very difficult to reverse transactions.5 The emergence of professional key storage providers has made it easier for institutions to hold cryptoassets and offer cryptoasset products. The concentration of such storage providers may constitute a systemic vulnerability.
Products which package cryptoassets into highly liquid traditional financial products increase their accessibility. Some firms, such as the US firm Strategy Inc, has adopted a business model which entails holding Bitcoin or other cryptoassets on their balance sheets, often leveraged. Buying shares in such companies gives exposure to cryptoassets without having to buy cryptoassets.
Exchange-traded funds (ETFs) make cryptoassets more easily accessible. On 10 January 2024, the US Securities and Exchange Commission approved a number of spot Bitcoin ETFs.6 These ETFs rose sharply in value (Chart E.2).
Chart E.2 Total net assets in spot Bitcoin ETFs in the US
In billions of USD. Daily data, 10 January 2024 – 20 May 2025 (lhs) and their share of total Bitcoin market value (rhs).
Sources: Sosovalue.com and Coingecko.com
Institutional investors accounted for 27% of all owners of such Bitcoin funds at the end of 2024.7 Similar funds for other cryptoassets have subsequently been approved.
ETFs increase systemic risk beyond increased exposure. The accessibility of ETFs facilitates short-term speculation, and there may be systemic risk related to price differences between ETFs and underlying assets. ETFs have enabled the creation of new derivative products with cryptoassets as underlying assets. Derivative markets enable market participants to be exposed to fluctuations in the value of cryptoassets in new ways that may contribute to systemic risk8 and that may be particularly attractive for hedge funds.9 The derivatives market is several times larger than the spot market.10
Stablecoins may contribute to spill-over of systemic risk to traditional financial markets
Stablecoins are cryptoassets that seek to achieve a stable value relative to a reference asset. The stablecoins with the highest market value use USD as a reference asset.
Stablecoins generally serve as a store of value and a means of payment in the cryptoasset economy. Some stablecoins also serve as speculative investment assets by enabling leveraging11 or by offering returns, either directly or indirectly.
The applications of stablecoins are evolving. In countries without well-functioning monetary and payment systems, stablecoins have roles related to value storage and money transfers.12 Many stablecoin providers have an ambition to take on a more important role in traditional payments. Stablecoins are programmable and are bearer instruments. Such characteristics may prove useful in new payment areas such as payments on the internet of things and payments conducted by AI agents.13
The largest stablecoins on the market (USDT and USDC) are backed by traditional assets and bank deposits (Chart E.3). These stablecoins comprise the four largest stablecoins by market value.14 Should confidence in one of these stablecoins be lost, creating a run to redeem it, there could be systemic consequences.
Chart E.3 Market value developments of some stablecoins
In billions of USD
Source: Coingecko.com
In the US, the Trump administration has announced that regulations will be drafted to support stablecoins backed by US dollars, and that this will bolster the US dollar’s role as an international currency.15 There are several proposals for stablecoin regulation, but it is unclear for the time being which regulation will receive sufficient political support to be enacted.
Stablecoin systems have also emerged that aim to decentralise minting and control, such as DAI and USDe, shown in Chart E.3. DAI uses a decentralised stabilisation mechanism where the users themselves mint stablecoins against cryptoassets and, to an increasing extent, use tokenised traditional assets as collateral.16 USDe is based on users themselves minting stablecoins against cryptoassets that are used to invest in derivatives. Stability is to be maintained by using derivatives to neutralise risk.
Decentralised stabilisation mechanisms may be particularly vulnerable to loss of confidence, eg as a result of automated divestment of secured funds if they are no longer sufficient to secure the value of stablecoins. This vulnerability may pose a systemic risk, in particular if such stablecoins are increasingly backed by tokenised traditional assets or if they were to achieve a systemic role.
Banks’ cryptoasset exposure is likely to increase ahead
Banks may be directly exposed by holding cryptoassets on their balance sheets and by being issuers of cryptoassets such as stablecoins. It has been reported that US banks are considering issuing stablecoins both collectively and individually.
Banks may also be exposed if they offer loans backed by cryptoassets and/or have borrowers who earn income mainly from cryptoassets. Vulnerabilities related to banks’ cryptoasset exposure came into evidence, mainly in the US, in connection with the fall in the value of cryptoassets in the second half of 2022, and resulted in the winding down of several banks with such exposure.17
The new regulation of cryptoasset markets may lead to the emergence of cryptoasset participants with a legitimate need for banking services and facilitate banks themselves offering services relating to cryptoassets. Banks’ exposure to cryptoasset market risk will therefore probably increase globally, and this may to some extent also apply to Norwegian banks. If some Norwegian market participants wish to offer stablecoins denominated in NOK, some of the reserves will probably be held in accounts with Norwegian banks, see discussion of the regulation below. Banks’ investment units may find it profitable to increasingly offer and recommend cryptoasset investments.18 If so, this may impact the reputation of these banks, and in principle entail a risk that banks recognise losses on their balance sheets to reduce reputational loss.
New European cryptoasset market regulation reduces systemic risk
The European Markets in Crypto-Assets Regulation (MiCAR)19 fully entered into force in the EU on 30 December 2024. In March 2025, the Norwegian Ministry of Finance presented a bill to the Storting to transpose MiCAR in Norwegian law.20 MiCAR balances a number of potentially conflicting purposes, including regulatory predictability for market participants, investor protection, innovation and financial stability.
The Regulation is aimed at cryptoasset market participants, comprising issuers of cryptoassets and cryptoasset service providers, including cryptoasset marketplaces, storage services and consulting services. The Regulation sets general disclosure and documentation requirements21 for cryptoassets that are issued and traded. Requirements are also set for how different types of service providers must store, manage and segregate customer assets. It is also required that providers implement measures to prevent conflicts of interest. Certain types of market abuse, such as insider dealing, are subject to specific provisions.
Although many of the rules primarily protect investors and market integrity, they also contribute to financial stability. Correct information to users helps prevent investors from taking risk that can develop into systemic risk. Rules that help safeguard users’ assets may prevent loss of confidence and panic behaviour from triggering systemic effects. Rules to prevent conflicts of interest and market manipulation help counter value fluctuations that result from such behaviour and that may lead to systemic consequences.
MiCAR subjects two subcategories of cryptoassets to specific regulation: e-money tokens22 and asset-referenced tokens.23 Both categories are stablecoins.24 E-money tokens and asset-referenced tokens that can be classified as “significant”, ie that they may become systemically important, are subject to further regulatory requirements, and the European Bank Authority (EBA) is the supervisory authority.
Although MiCAR promotes financial stability, there may be elements of MiCAR that contribute to increased systemic risk. The Regulation may increase the legitimacy of cryptoassets and cryptoasset market participants, which could contribute to increased investment and household and corporate exposure. Rules providing users with the right to redeem stablecoins for fiat currency may amplify mass redemptions. Once confidence is lost, users may compete to be the first to redeem while there are still reserves. Rules providing for transparency, eg rules requiring the periodic publication of information relating to stablecoin reserves, may in some cases trigger panic behaviour if they significantly change investors’ expectations.25
Other financial regulatory legislation is still important in countering systemic risk
MiCAR helps reduce risk for individual investors. However, investors are generally free to seek exposure to cryptoassets.26 The exposure of market actors can be influenced by other regulations. Banking regulations, in particular capital requirements, govern banks’ exposure to cryptoassets.
In addition, MiCAR does not regulate market participants’ use of cryptoassets. For example, MiCAR in itself does not prevent the use of stablecoins in systemically important transactions. Regulatory requirements governing money used for systemically important transactions could ensure that investment-grade assets are used for such transactions. 27
MiCAR does not cover all cryptoassets. Cryptoassets that fall under other pan-European financial legislation, for example because they qualify as financial instruments or deposits, are not covered by MiCAR. For example, if a stablecoin can be categorised as a financial instrument, it will be regulated by the securities regulations, and if it in reality is a tokenised bank deposit, it will be regulated by banking regulations. These regulations have their own provisions designed to safeguard financial stability. However, it will be necessary to consider whether these regulations as a whole are fit to counter systemic risk related to cryptoassets.
MiCAR does not cover lending services related to cryptoassets, and these services are not necessarily covered by other regulations. Such services may contribute to systemic risk. The EU Commission will assess the feasibility and necessity of regulating such services.28
Regulation to counter systemic risk from decentralised activities is still important
Some types of issuance and some service providers may fall fully or partly outside the scope of MiCAR.29 Issuance may fall outside the MiCAR regulation if there is no known issuer. This will apply in the event of decentralised issuance, such as for Bitcoin. 30
Decentralised services may also fall outside the scope of MiCAR. This may constitute a regulatory gap that will create risk within the remit of the central bank. For example, some types of stablecoin may fall outside the rules governing e-money tokens or asset-referenced tokens because they have no identifiable issuer as this decentralised process performed by the users themselves. For such stablecoins, only service providers are regulated. However, these stablecoins may still be traded in decentralised marketplaces in a manner which falls outside the scope of MiCAR (see Table E.1). In principle, these stablecoins can therefore grow relatively large and gain systemic importance.
Table E.1 What stablecoins are regulated by MiCAR?
Decentralised issuance |
Centralised issuance |
|
---|---|---|
Traded on a decentralised service |
Potentially falling outside the scope of MiCAR |
Issuer regulated by MiCAR |
Traded on a centralised service |
Service provider regulated by MiCAR |
Both issuer and service provider regulated by MiCAR |
Source: Norges Bank
The EU Commission will assess developments within decentralised finance and the need for regulation. The need for regulatory measures to limit risk, including systemic risk, within the central bank’s areas of responsibility must be subject to continuous assessment.31
New tasks for the central bank
Under MiCAR, the European banking and securities authorities EBA and ESMA32 and the respective national financial supervisory bodies are the regulatory and supervisory authorities. The Regulation has a bearing on the areas of responsibility of central banks and assigns some tasks to the ECB and national central banks, both as regards authorisations and day-to-day supervision and monitoring. The central bank is to be consulted about the assessment of authorisations. No authorisation for asset-referenced tokens should be granted if the central bank finds that, out of consideration for a well-functioning payment system, monetary policy or monetary sovereignty, such tokens should not be issued.33 Such assessments will constitute a new task for Norges Bank when MiCAR is transposed into Norwegian law. Norges Bank is exploring its room for manoeuvre under MiCAR and what assessment criteria the Bank should apply when performing these tasks.
1 Following the presidential election, a working group was formed to consider the establishment of a national stockpile of cryptoassets. In the White House (2025), it was announced that a reserve would be established from cryptoassets confiscated by the authorities, and that budget-neutral strategies for further bitcoin exposure would be explored.
2 See Norges Bank (2023) and Azar et al. (2024). See also Østbye (2023).
3 There are many descriptions and assessments of different systemic risk channels related to cryptoassets. These are connected to the wealth effects of the fall in the value of cryptoassets and how some cryptoassets, in particular stablecoins, may become subject to fire sales and redemptions when confidence is lost, and their resulting contagion effects. See inter alia Norges Bank (2024b) and Azar et al. (2024).
4 Also often referred to as distributed ledger technology.
5 There is risk inherent in holding such keys, and sound management mechanisms are required for institutions. This risk often materialises in practice, see Chainalysis (2025).
6 Previously, only futures-based ETFs were approved.
7 See Coinbase (2025).
8 Derivatives markets enable a greater degree of exposure to value fluctuations than direct participation in spot markets.
9 In some cases, hedge funds may increase systemic risk, eg in connection with shorting, see Kumar et al. (2012).
10 See Coinbase (2024).
11 Stablecoins backed by cryptoassets are also a leveraging instrument in leveraged exposure to cryptoassets. Cryptoassets are used as collateral to issue stablecoins that are used to buy new cryptoassets that in turn are used as collateral.
12 See Chainalysis (2025).
13 See inter alia Coinbase (2024).
14 These make up the bulk of the market.
15 See the White House (2025).
16 Tokenisation of traditional assets means that they can be traded in blockchains and be integrated in decentralised finance. A number of assets have been tokenised. US government debt and retail loan portfolios, including US residential mortgages, are among the largest asset groups. Tokenisation of traditional assets may result in a number of gains that are described in more detail in “Tokenisation and central bank money”.
17 Silvergate Bank, which was voluntarily liquidated in March 2023, had offered loans backed by cryptoassets. The bank had also offered a payment network to participants in the cryptoasset markets and account management for such participants, including the FTX trading platform, which filed for bankruptcy and involved serious fraud. Silvergate Bank suffered credit losses and a dramatic withdrawal of deposits by cryptoasset market participants. Signature Bank and Silicon Valley Bank, which were also wound up and liquidated in March 2023, had different links to cryptoasset market participants. Stablecoin provider Circle held a large share of its reserves in accounts with Silicon Valley Bank, and the stablecoin USDC experienced a temporary devaluation until it became clear that the authorities would guarantee deposits. This shows that risk contagion can also be transmitted from banks to cryptoasset markets. The uncertainty surrounding the value of Circle’s stablecoin led to a fall in the value of cryptoassets backed by this stablecoin in decentralised finance, see inter alia Azar et al. (2024).
18 See eg E24 (2025), announcing that DNB is considering establishing a crypto fund.
19 Regulation (EU) 2023/1114.
20 See Norwegian Government (2025e).
21 Including white papers.
22 Cryptoassets are a form of e-money as they are claimed to have a stable value relative to one official currency (referred to as e-money tokens).
23 Asset-referenced tokens, which are claimed to have a stable value relative to other assets, rights or combinations thereof, such as official currencies and various investment objects.
24 Stablecoins are not defined in the regulation and may include more than these two types. The minting of certain types of stablecoins is not covered by MiCAR for various reasons, see “Other financial regulatory legislation is still important in countering systemic risk”.
25 See eg Ahmed et al. (2024).
26 Under MiCAR Article 94 (z) the competent authorities can “request any person to take steps to reduce the size of its position or exposure to crypto-assets”. However, it is not clear when and to what extent this provision can be applied.
27 Such rules are based on principles prepared by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO).
28 It follows from MiCAR Article 142 that the EU Commission shall assess the feasibility and necessity of regulating such services by 30 December 2024. EBA-ESMA (2024) has assessed the development and identified risks. The report from the EU Commission is scheduled to be published in the first half of 2025.
29 See Recital 22 of MiCAR.
30 In such cases, service providers will be responsible for providing documentation.
31 See Norges Bank 2024b.
32 At the European level, the EBA is the lead authority. ESMA assumes some roles, including in terms of the preparation of secondary regulations/technical standards, as a consulted authority and in the preparation of a central register of service providers.
33 Asset-referenced tokens cannot lean on established regulations, unlike e-money tokens. Although asset-referenced tokens are comparable to some types of (indexed) funds, they also represent something fundamentally new, in particular if they are to fulfil monetary functions. If they fulfil monetary functions, they could pose a new threat to countries’ monetary units and present new challenges in the conduct of monetary policy. As they may be based on values/indices where one cannot invest directly in assets that have the same value (as e-money tokens can), they may also constitute new channels of systemic risk.
Tokenisation and central bank money
Over several years, Norges Bank has explored whether central bank digital currency (CBDC) should be introduced in Norway. In addition to retail CBDCs that are used by the general public, the Bank is researching wholesale CBDCs that can be used as a means of settlement between banks and others with an account at Norges Bank. Tokenisation in the payment system and financial industry is an important topic in the study. Tokenisation creates opportunities but also entails risk. Tokenisation is expanding internationally but is still at a relatively modest level, with the majority of applications outside of traditional finance. If the use of this technology becomes more widespread, ie if banks tokenise bank deposits, it will be important to facilitate the settlement in central bank money of transactions that use tokenised money and other assets. Facilitating central bank settlement may in itself influence how tokenisation evolves. Norges Bank is currently exploring tokenisation and is conducting experimental testing of technology related to tokenisation and central bank settlement. The ongoing phase of Norges Bank’s study is scheduled to be completed this autumn and will provide a decision basis for and an assessment of whether Norges Bank should work to introduce some form of CBDC.
Central bank digital currencies
The Norwegian krone must be an attractive and secure means of payment now and in the future. Norges Bank is assessing whether a Norwegian central bank digital currency (CBDC) is a suitable instrument to ensure access to a means of settlement trusted by all, not just in the traditional payment system but also in new payment arenas. Norges Bank is also evaluating whether the introduction of CBDC will contribute to innovation in the payment system and improve contingency arrangements.
CBDC is electronic money issued by the central bank in the official unit of account. There are two main variants of CBDC: retail CBDC and wholesale CBDC. A retail CBDC will be generally accessible to the public on par with cash and bank deposits and should be possible to use at retail level, for example at points of sale, between private individuals and for online shopping.
A wholesale CBDC is tokenised central bank reserves and would only be available to banks and other institutions in the financial sector that have an account at the central bank (see further discussion of tokenisation below). Wholesale CBDC could be used for payment settlement in the same way that central bank reserves are used in the current interbank system, but in a different technological form. A wholesale CBDC can be a complement to regular settlement to settle transactions involving tokenised money and other assets.
Tokenised bank deposits are an example of tokenised money. The exploration of tokenised bank deposits is in an initial phase internationally. This could potentially be secure and efficient money that provides opportunities for new functionalities. However, there are a number of legal, technical and economic factors that must be clarified. For example, there is the issue of whether the regulation that governs ordinary bank deposits will be fit for purpose, including the regulation of deposit guarantees. It must also be clear on which bank the recipient of tokenised bank deposits has a claim, and banks’ customer procedures must be of at least the same standard as those used for traditional bank deposits.
The introduction of a CBDC would be an extensive and resource-intensive process. A retail CBDC in particular will raise complex issues that must be resolved before it can be determined that such money should be introduced. Norges Bank needs to carefully assess which problems can be addressed and whether other measures are more appropriate.
So far, only a few central banks have issued retail CBDCs, all of which are in developing countries and emerging markets. The ECB is probably the advanced economy central bank that has made the most progress in retail CBDC. One of the arguments for introducing a digital euro is that it would reduce dependence on payment service providers based outside of Europe and would thus strengthen European autonomy in a period of heightened geopolitical uncertainty.1 The ECB has yet to make a final decision on whether a digital euro should be introduced. Introducing a digital euro would also require the EU to make legislative amendments.
The fifth phase of Norges Bank’s research on CBDCs is scheduled to be completed this autumn and will provide a decision basis for and an assessment of whether the Bank should work to introduce a form of CBDC.
Developments in the payment and financial system may affect the need to introduce a form of CBDC. Important topics in the Bank’s evaluation include: Which gains and problems can tokenisation in the financial sector lead to, and how can the settlement of payments and trades from tokenised platforms be conducted risk-free with a CBDC. This article highlights some aspects of tokenisation and central bank settlement and discusses Norges Bank’s experimental testing.
Tokenisation
Tokenisation means that an asset is represented as a digital unit – a token – in a ledger based on blockchain technology.2 Tokens and blockchains are best known from cryptocurrencies, but the technology can also be used to record and transfer the ownership of traditional assets such as securities, bank deposits and property. Before this can happen, bank deposits, securities and Norway’s property register (the Cadastre) must be tokenised and recorded on the blockchain so that transactions can be conducted digitally and be traceable. Tokens can be a digital mirror image of an existing asset or be issued as a new asset on a blockchain.
Blockchains may be public or private. In public blockchains, all participants with access to (nodes in) the blockchain can verify transactions and ownership to the assets recorded there. The consensus mechanism with decentralised updates of the ledger should remove the need for confidence in a central market participant. This has been an important factor in the development of some cryptocurrencies.
A central bank must ensure that only it can issue a CBDC. This is comparable to printing banknotes or minting coins, which, in Norway, under the Central Bank Act, is the sole right of Norges Bank. The central bank will therefore be in control of a CBDC system, while banks and other payment system providers can provide CBDC-related customer services.
The use of tokenisation is still very limited in the traditional payment system and financial industry. However, there are signs of increased activity internationally, and many central banks and international bodies such as the Bank for International Settlements (BIS) are exploring opportunities provided by the technology and the associated role of central banks.3
Tokenisation creates new opportunities
What are the advantages of the use of tokenisation and blockchain technology in the payment system and financial industry? Does this technology have characteristics that preclude realising benefits through the improvement of current payment solutions and technology?
Tests and analyses are being conducted in many central banks, firms and international organisations to identify benefits and the challenges of using blockchain technology, but this is still in an early phase. Much of the testing is based on the design of existing payment functions and services, such as in connection with cross-border payments and securities settlement.
One of the most important benefits of tokenised assets is programmability through the use of smart contracts. Smart contracts are programs that perform automated transactions when predefined conditions are met. Automation can reduce the need for intermediaries and enhance the efficiency of processes such as securities and FX trading.
Smart contracts can also facilitate atomic settlement, in which a transaction is only completed if, and only if, both/all parties fulfil their obligations. This can be a robust and efficient way of achieving delivery versus payment and payment versus payment. Other conditions, in addition to payment and delivery, such as anti-money laundering checks, may also be programmable.
Blockchains can also be used to carry out real-time transfers 24/7. This can improve the control of the parties to a trade or money transfer over settlement time and can in some cases increase efficiency and reduce credit and liquidity risk, in particular when trading across time zones. It can be argued that the same benefits can be achieved by using other real-time-based solutions, such as instant payments in Vipps. By linking together real-time solutions of different currencies – as is being explored in TIPS – carrying out cross-border instant payments will also become possible (see see the In focus article “Next generation settlement system”). However, a blockchain will also enable the automated execution of financial transactions across different types of money and other financial assets.
As a technology shift towards tokenisation will be extensive, the introduction of this technology will only be justifiable once new and far more efficient payment and financial services can be developed. On the other hand, minor improvements to existing services are unlikely to be sufficient. Gains will likely become apparent once innovation has matured and developments have progressed significantly further; for example through the linking of payment functions to other functions, so that the overall user experience and benefits are improved and the number of parties and systems involved in a transaction is reduced. A near-sighted perspective may obstruct the use of a technology that could have significant long-term potential.
Experimental testing in Norges Bank
Norges Bank has established a technological sandbox to test the properties of different forms of CBDCs and other tokenised assets. The sandbox consists of two ledgers or registers and a bridge for transferring tokens between them. This structure facilitates the testing of retail CBDCs in one ledger and wholesale CBDCs in the other, as well as the interaction between the two forms of CBDCs in various types of transactions.
The structure also makes it possible to simulate tokens in one ledger as wholesale CBDC and the tokens in the other as tokenised bank deposits, securities or other tokenised assets. This enables the testing of various forms of transfer or trading in tokenised assets with settlement in tokenised wholesale CBDCs.
None of the tests performed by Norges Bank entail the use of real money, securities or other assets. The purpose of the testing is to identify technological benefits and challenges.
Banks and other external parties can participate by connecting to the sandbox from their own test systems or by using elements in Norges Bank’s sandboxes. By connecting to the sandboxes, they can develop and test different tokenisation solutions for their own assets, as well as transactions that include settlement using tokenised central bank reserves.
Settlement of transactions on tokenised platforms
Interbank settlement of transactions from tokenised platforms in central bank money can be carried out in several ways: One is by the central bank establishing a separate blockchain of tokenised central bank reserves where such transactions are settled (a wholesale CBDC). Such a solution is included in Norges Bank’s testing. Another alternative is to adapt the existing settlement system and conduct settlement in traditional central bank reserves by amending the existing RTGS systems.
In autumn 2024, the Eurosystem concluded a phase of testing both types of solutions, and a decision has been made to continue the tests in 2025.4 In January 2025, Norges Bank initiated formal discussions with the ECB on the use of its infrastructure for central bank settlement (T2) for settling payments in NOK, see the In focus article “Next generation settlement system”. If Norway chooses to participate in T2, the Eurosystem’s future settlement solutions for transactions from tokenised platforms would become available in Norway.
Developments within tokenisation
To date, tokenisation and blockchain technology have mainly been used outside of traditional finance. The technology has particularly been used as a basis for cryptocurrencies, with the intention partly being to establish an ecosystem or infrastructure that is independent of any central entity such as a bank, central bank or other firm or government body. In theory, the technology enables anyone to verify ownership of assets in the system and control transfer of ownership. The market value of cryptocurrencies has proved rather volatile, and cryptocurrencies do not normally have a responsible issuer that the currency is a claim on. This is part of the balance of risks facing cryptocurrency investors. The decoupling from traditional finance also creates challenges in exchanging between cryptocurrencies and traditional currencies and vice versa.
Stablecoins differ from cryptocurrencies in that they normally have an issuer and they are based on an intention to maintain a stable value against a reference currency, normally USD (see the In focus article “Stronger interconnections between cryptoassets and traditional finance”). Like cryptocurrencies, they are based on blockchain technology. Stablecoins are primarily used as a store of value and a means of payment in the ecosystem surrounding cryptocurrencies and other cryptoassets.
The range of applications for stablecoins may be under development. The programmability and other characteristics of blockchain technology may entail an advantage of stablecoins in some new payment areas. A number of stablecoin providers are aiming to play a larger role in traditional payments and finance. Some private market participants have, for example, started testing trading in tokenised securities where stablecoins are used as a means of settlement.
The limited scope of tokenisation so far may be partly due to an unclear balance of risks. The risk may be significant, not only with respect to whether value will be maintained in turbulent times. There are still unresolved legal issues related to whether ownership of a token on the blockchain also provides indisputable ownership of the asset itself. Such issues must be resolved in order for transactions involving tokenised assets to become widely used in the regulated part of the financial system. Furthermore, several cases of fraud on trading platforms for tokenised assets indicate that security must be tightened.
Access to a means of settlement in which the market has confidence, such as central bank reserves, could be an important factor in the spread of tokenisation and smart contracts in the financial system. However, a central bank that considers tokenisation and the introduction of a CBDC must clarify the potential consequences for eg liquidity management and the conduct of monetary policy for example, and whether the benefits of such a technological shift exceed the costs. In other words, clarification is needed beyond the technological aspects.
The central bank would benefit little from being the sole participant in the financial infrastructure to introduce tokenised solutions. Realising potential benefits from tokenisation will require restructuring several elements in the financial ecosystem, which will impact many stakeholders. Potential benefits and costs of tokenisation will largely be realised outside the central bank.
What’s next?
Norges Bank has invited the Norwegian financial industry and other stakeholders to engage in this topic and participate in testing and experimentation in our technological sandboxes dedicated to core CBDC infrastructure. The collaborations that have been established have provided useful insight, but there is still room for more participants in the testing phase.
The Norwegian financial industry has a long and sound tradition of leading the way in the development and implementation of new technology in payment services and financial infrastructure. Progress has been made from working together on a shared infrastructure that facilitates competition among service providers.
The use of tokenised technology in the financial and banking system and the potential introduction of a form of CBDC would entail significant restructuring and costs. Benefits could partly be achieved from shorter transaction chains and a reduction in the number of involved functions and parties.
When a foundation of sound solutions, products and services already exists, and market participants have established business models, it may be hard to see the value of seeking completely new ways of designing the payment system. Nevertheless, it may be sensible to explore the unknown to avoid being left behind by innovations that one has not made the effort to understand.
In many ways, Norges Bank’s study of CBDC is precisely about how we can take a precautionary approach to developments that could entail opportunities for innovation but also threaten an efficient and secure payment system in NOK.
1 See eg Cipollone (2025).
2 See Waller (2023). A blockchain is a ledger or computer system designed for decentralised operation. The units in the ledger are managed through cryptographic codes.
3 See eg BIS and CPMI (2024), BIS (2023), Di Ioiri, Kosse and Mattei (2024) and Bank of England (2024).
4 See ECB (2025b).
Annexes
Tables1
1 Tables showing developments in retail payment services are published in Retail Payment Services 2024
Table 1 Average daily turnover in clearing and settlement systems (transactions)
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
|
---|---|---|---|---|---|---|---|---|---|---|---|
NICS |
|||||||||||
NICS Gross |
624 |
772 |
980 |
1 021 |
1 567 |
1 859 |
2 028 |
2 278 |
2 483 |
2 419 |
2 458 |
NICS Net (million) |
8.7 |
9.1 |
9.5 |
9.9 |
10.5 |
11.1 |
10.1 |
9.7 |
10.0 |
10.0 |
9.7 |
NICS Real1 |
333 255 |
510 180 |
583 183 |
588 816 |
582 349 |
||||||
NBO |
|||||||||||
Total number of transactions |
1 367 |
1 565 |
1 835 |
1 958 |
2 555 |
2 745 |
2 935 |
3 175 |
3 540 |
3 782 |
4 595 |
RTGS Gross transactions excl. NICS |
592 |
658 |
700 |
793 |
841 |
859 |
930 |
828 |
898 |
1 182 |
1 The daily average for NICS Real is calculated using the number of calendar days.
Table 2 Average daily turnover in clearing and settlement systems (in billions of NOK)
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
|
---|---|---|---|---|---|---|---|---|---|---|---|
NICS |
262.8 |
285.9 |
284.1 |
297.0 |
315.3 |
323.2 |
347.0 |
351.7 |
408.7 |
417.5 |
406.5 |
NICS Gross |
140.9 |
160.1 |
158.7 |
163.3 |
175.2 |
176.0 |
196.1 |
189.3 |
232.4 |
236.2 |
220.2 |
NICS Net |
121.9 |
125.8 |
125.4 |
133.7 |
140.1 |
147.2 |
150.6 |
162.0 |
175.8 |
180.9 |
185.7 |
NICS Real |
0.2 |
0.4 |
0.4 |
0.4 |
0.4 |
||||||
NBO |
198.0 |
219.3 |
221.2 |
235.8 |
247.6 |
259.3 |
458.1 |
327.4 |
338.6 |
355.0 |
350.0 |
NICS Gross |
140.8 |
157.5 |
156.1 |
159.0 |
172.2 |
158.0 |
178.5 |
169.7 |
203.0 |
204.9 |
204.1 |
RTGS Gross transactions excl. NICS |
42.5 |
46.0 |
40.4 |
42.1 |
57.3 |
81.7 |
261.5 |
136.8 |
114.0 |
123.5 |
119.0 |
NICS Net |
10.8 |
11.9 |
12.4 |
13.1 |
13.3 |
13.5 |
13.4 |
14.6 |
12.1 |
15.8 |
19.0 |
NICS Real1 |
0.0 |
0.0 |
0.0 |
0.0 |
|||||||
VPO and Oslo Clearing2 |
3.9 |
3.8 |
3.7 |
4.2 |
4.8 |
6.0 |
4.7 |
6.2 |
9.5 |
10.8 |
9.7 |
VPO |
3.9 |
3.8 |
3.6 |
4.2 |
4.8 |
6.0 |
4.7 |
6.2 |
9.5 |
10.8 |
9.7 |
Oslo Clearing3 |
0.1 |
0.0 |
0.0 |
0.0 |
0.0 |
0.0 |
0.0 |
0.0 |
- |
- |
- |
Table 3 Number of participants in clearing and settlement systems (at year-end)
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
|
---|---|---|---|---|---|---|---|---|---|---|---|
Norges Bank’s settlement system (NBO): Banks with an account in Norges Bank |
131 |
129 |
129 |
124 |
127 |
129 |
122 |
118 |
118 |
111 |
104 |
Norges Bank’s settlement system (NBO): Banks with retail net settlement in Norges Bank |
21 |
22 |
22 |
21 |
21 |
21 |
21 |
21 |
21 |
20 |
19 |
DNB |
97 |
94 |
94 |
93 |
92 |
90 |
87 |
86 |
83 |
82 |
76 |
SpareBank 1 SMN |
11 |
11 |
11 |
11 |
10 |
10 |
10 |
9 |
8 |
7 |
6 |
Norwegian Interbank Clearing System (NICS) |
130 |
128 |
128 |
125 |
124 |
122 |
119 |
118 |
114 |
111 |
103 |
Source: Norges Bank
Norges Bank’s responsibilities
Norges Bank is tasked with promoting financial stability and an efficient and secure payment system.1 In this context, the payment system comprises any means, systems or instruments that can be used to execute or facilitate payment transactions, with cash, deposit money and other means of payment. This is a broader definition than the definition in the Payment Systems Act (see box).
Norges Bank fulfils its responsibilities by, among other things:
- Overseeing the payment system and other financial infrastructure and contributing to contingency arrangements.
- Supervising interbank systems.
- Providing for a stable and efficient system for payment, clearing and settlement between entities with accounts at Norges Bank.
- Issuing banknotes and coins and ensuring their efficient functioning as a means of payment.
As operator, Norges Bank ensures efficient and secure operating platforms and sets the terms for the services the Bank provides. As supervisory authority, Norges Bank sets requirements for licenced interbank systems. Through its oversight work, Norges Bank urges participants to follow principles and standards for best practice and to make changes that contribute to maintaining an efficient and secure financial infrastructure. An efficient payment system carries out payment transactions swiftly, at low costs and tailored to users’ needs.
Financial infrastructure
The financial infrastructure can be defined as a network of systems, called financial market infrastructures (FMIs), that enable users to perform financial transactions. The infrastructure must ensure that cash payments and transactions in financial instruments are recorded, cleared and settled and that information on the size of holdings is stored.
The financial infrastructure consists of the payment system, the securities settlement system, central securities depositories (CSDs), central counterparties (CCPs) and trade repositories.
Virtually all financial transactions require the use of the financial infrastructure. Thus, the financial infrastructure plays a key role in ensuring financial stability. The costs to society of a disruption in the financial infrastructure may be considerably higher than the FMI’s private costs. The financial infrastructure is therefore subject to regulation, supervision and oversight by the authorities.
Norges Bank’s use of instruments in different areas will vary over time and be adapted to developments in the payment system and the financial infrastructure. Norges Bank is tasked with advising the Ministry of Finance when measures should be implemented by bodies other than the Bank in order to fulfil the purpose of central banking activities.
Norges Bank’s approach to financial market infrastructure supervision and oversight
Norges Bank is the licensing and supervisory authority for the part of the payment system called interbank systems (Table 1). These are systems for clearing and settling transactions between credit institutions. If a licensed interbank system is not configured in accordance with the Payment Systems Act or the licence terms, Norges Bank will require that the interbank system owner rectify the situation. The purpose is to ensure that interbank systems are organised in a manner that promotes financial stability. Norges Bank may grant exemptions from the licensing requirement for interbank systems considered to have no significant effect on financial stability.
Oversight entails monitoring FMIs, following developments and acting as a driving force for improvements. This work enables Norges Bank to recommend changes that can make the payment system and other FMIs more secure and efficient. Norges Bank oversees the payment system as a whole and key FMIs are subject to a permanent and regular oversight (Table 1).
Table 1 FMIs subject to supervision or oversight by Norges Bank
System |
Instrument |
Operator |
Norges Bank’s role |
Other responsible authorities |
|
---|---|---|---|---|---|
Interbank systems |
Norges Bank’s settlement system (NBO) |
Cash |
Norges Bank |
Supervision (Norges Bank’s Supervisory Council) and oversight |
Supervision: Norwegian National Security Authority |
Norwegian Interbank Clearing System (NICS) |
Cash |
Bits |
Licensing and supervision |
Supervision: Norwegian National Security Authority |
|
DNB’s settlement system |
Cash |
DNB Bank |
Licensing and supervision |
Licensing and supervision of the bank as a whole: Finanstilsynet and Ministry of Finance |
|
SpareBank 1 SMN’s settlement system |
Cash |
SpareBank 1 SMN |
Oversight |
Licensing and supervision of the bank as a whole: Finanstilsynet and Ministry of Finance |
|
CLS |
Cash |
CLS Bank International |
Oversight in collaboration with other authorities |
Licensing: Federal Reserve Board Supervision: Federal Reserve Bank of New York. Oversight: Central banks whose currencies are traded at CLS (including Norges Bank) |
|
Securities settlement systems |
Euronext Securities Oslo’s central securities depository (CSD) business |
Securities and cash |
Euronext Securities Oslo and Norges Bank |
Oversight |
Licensing and supervision of Euronext Securities Oslo: Finanstilsynet |
LCH’s central counterparty (CCP) system |
Financial instruments |
LCH |
Oversight in collaboration with other authorities |
Supervision: Bank of England Oversight: EMIR College and Global College (including Norges Bank) |
|
Cboe Clear Europe’s central counterparty system |
Financial instruments |
Cboe Clear Europe |
Oversight in collaboration with other authorities |
Supervision: De Nederlandsche Bank Oversight: EMIR College (including Norges Bank) |
Norges Bank assesses the FMIs that are subject to supervision and oversight in accordance with principles drawn up by the Committee on Payments and Market Infrastructures (CPMI) and the International Organization of Securities Commissions (IOSCO).2 The CPMI is a committee comprising representatives of central banks, and IOSCO is the international organisation of securities market regulators. The objective of the principles is to ensure a robust financial infrastructure that promotes financial stability.
A number of the FMIs that Norges Bank supervises or oversees are also followed up by other government bodies. The oversight of international FMIs that are important for the financial sector in Norway takes place through participation in international collaborative arrangements.
Finanstilsynet (Financial Supervisory Authority of Norway) supervises systems for payment services. These are retail systems, which the public has access to, such as cash, card schemes and payment applications. The Central Bank Act from 2019 clarifies that Norges Bank’s oversight covers the payment system as a whole, including retail systems that Finanstilsynet supervises. The preparatory works for the Central Bank Act state that in its oversight of the payment system, Norges Bank should be able to make appropriate use of Finanstilsynet’s assessments of retail systems, especially with regard to their security.
The EU Central Securities Depository Regulation (CSDR) imposes a number of tasks on Norges Bank which supplement Norges Bank’s responsibilities for overseeing Euronext Securities Oslo under the Central Bank Act. Finanstilsynet is the competent authority for Euronext Securities Oslo under the CSDR, while Norges Bank is a relevant authority.
A detailed description of the FMIs supervised or overseen by Norges Bank is provided in Norway’s financial system 2024.3
Definitions in the Payment Systems Act
Payment systems are interbank systems and systems for payment services.
Interbank systems are systems for the transfer of funds between banks with common rules for clearing and settlement.
Systems for payment services are systems for the transfer of funds between customer accounts in banks or other undertakings authorised to provide payment services.
Securities settlement systems are systems based on common rules for clearing, settlement or transfer of financial instruments.
References
Ahmed, R., Aldasoro, I., & Duley, C. (2024) Public information and stablecoin runs. Bank for International Settlements, Monetary and Economic Department.
Azar, P., Baughman, G, Carapella, F., Jacob Gerszten, Arazi Lubis, Juan Pablo Perez-Sangimino, David E. Rappoport W et al. (2024) "The financial stability implications of digital assets." Federal Reserve Bank of New York Economic Policy Review 30, no. 2 (2024): 1-48.
Bank of England (2024) “The Bank of England’s approach to innovation in money and payments”. Discussion Paper, 30 July 2004.
BIS (2023). Chapter III. Blueprint for the future monetary system,: improving the old, enabling the new. Annual Economic Report 2023.
BIS and CPMI (2024) Tokenisation in the context of money and other assets: concepts and implications for central banks. Report to the G20.
Cipollone, P. (2025) “Harnessing the digital future of payments: Europe’s path to sovereignty and innovation”, speech.
Di Iori, A., Kosse, A. and I. Mattei (2024) “Embracing diversity, advancing together – results of the 2023 BIS survey on ventral bank digital currencies and crypto”. BIS Papers 147.
EBA-ESMA (2025) Joint EBA-ESMA Report on the recent developments in crypto-assets (Article 142 of MiCA).
ECB (2025a) Annual Report 2024.
ECB (2025b) Eurosystem expands initiative to settle DLT-based transactions in central bank money, press release February 2025.
Chainalysis (2025) The Chainalysis 2025 Crypto Crimes Report.
Coinbase (2024) 2025 Crypto market outlook, Coinbase Institutional.
E24 (2025) DNB vurderer å starte kryptofond [DNB considers starting a cryptofund]. (in Norwegian only)
ESRB (2019) “Can ETFs contribute to systemic risk?” Reports of the Advisory Scientific Committee.
Finanstilsynet (2025) Financial Infrastructure Crisis Preparedness Committee (BFI).
Kumar, K. B., Dixon, L., & Clancy, N. (2012) “Hedge Funds and Systemic Risk”. Rand Corporation.
Norges Bank (2021) Financial Infrastructure Report 2021.
Norges Bank (2023) Financial Infrastructure Report 2023, May 2023
Norges Bank (2024a) Norway’s Financial System 2024.
Norges Bank (2024b) Financial Infrastructure Report 2024, June 2024
Norges Bank (2024c) Press release of 29 November 2024: Norges Bank signs instant payment settlement agreement with the ECB.
Norges Bank (2025a) Retail payment services 2024.
Norges Bank (2025b) TIBER.
Norges Bank (2025c) “Betalingsforum” [Payment forum] (in Norwegian only).
Norwegian Government (2024) Official Norwegian Reports (NOU) (2024) Trygge og enkle betalinger for alle [Simple and secure payments for all]. (in Norwegian only)
Norwegian Government (2025a) Meld. St. 9 (2024–2025) Total preparedness – Norwegian civil society equipped to deal with crisis and war.
Norwegian Government (2025b) National Security Strategy.
Norwegian Government (2025c) “Nasjonal kontroll med kritisk digital kommunikasjonsinfrastruktur – målbilde og virkemidler” [National control of critical digital communications infrastructure - vision and instruments] (in Norwegian only).
Norwegian Government (2025d) “Arbeidsgruppe foreslår tiltak for å styrke beredskapen i betalingssystemet" [Working group proposes measures to enhance payment system preparedness] (in Norwegian only).
Norwegian Government (2025e) “Prop. 55 LS (2024–2025)” [Proposition to the Storting: LS (2024-2025)] (in Norwegian only).
The block (2024) 2025 Digital Assets Outlook Report,
Waller, C.J. (2023) Innovation and the future of finance, Speech.
White House (2025) Strengthening American leadership in digital financial technology, Executive Order 23 January 2025.
White House (2025b) establishment of the strategic bitcoin reserve and United States digital asset stockpile, Executive Order 6 March 2025.
Østbye P. (2023) Hvem er ansvarlig for ustabile stablecoins? [Who is responsible for unstable stablecoins?], Bankplassen blogg, December 2023 (in Norwegian only).
A practical guide to payment preparedness
Norway’s payment system is efficient and stable, and we expect payment methods to work smoothly. However, even though the system is highly secure and backup solutions are effective, disruptions may still occur. You should therefore have several means of payment available to ensure that you can pay for what you need.
1. Have multiple payment cards
You should have multiple and different types of payment cards. In situation s where one particular payment card solution does not function, you will then be able to pay with one of your other cards. Commonly used payment card networks in Norway include BankAxept, Visa and Mastercard.
You should have at least one physical BankAxept card as some of the current contingency arrangements for payments are limited to this type of card. Payment cards in apps on mobile phones or other digital devices will not necessarily function in a contingency. Physical payment cards are also reliable contingency solutions if you lose your mobile phone or have a drained battery.
2. Keep some cash on hand
We advise you to have some cash on hand. You will be able to use cash even if all electronic payment systems fail. However, it may be difficult to obtain cash if the solutions for withdrawing cash do not function or if a large number of people try to withdraw cash from banks or ATMs at the same time.
How much cash you should have available depends on the amount of emergency supplies you have at home and what else you may potentially need in an emergency. We recommend that you have smaller denominations of cash as merchants may have limited change when cash usage increases.
3. Have accounts in several banks
You should hold accounts in more than one bank, with some deposits in each account. This will enable you to make payments even if the systems in your primary bank are unavailable.
Chart V.1 Several means of payment
The banking system and payment system are well-protected
Well-protected systems and sound contingency solutions implemented by banks and other key participants in the payment system ensure robust banking services. Disruptions and adverse incidents are rare occurrences but, unfortunately, can never be completely ruled out.
Norwegian banks are solvent and liquid. Furthermore, your bank deposits are secured under the deposit guarantee scheme, up to NOK 2 million per member bank. Fear of bank deposit loss is therefore not a reason for you to enhance your payment preparedness.
Payment preparedness increases the likelihood that you can make essential payments when you need to, even if parts of the payment system are unavailable.
More good advice on individual emergency preparedness
The Norwegian Directorate for Civil Protection (DSB) emphasises the importance of household preparedness and how this is important for individuals and society as a whole. DSB’s guidance is based on households being self-sustained for one week during events that entail a failure in utilities, the internet or other critical infrastructure. By being prepared, you can help to keep yourself and your loved ones safe, at the same time as you relieve pressure on Norway’s overall defences. In a crisis, municipalities and emergency agencies can prioritise those who cannot manage without help.
Visit dsb.no/en/Safe-everyday-life/Self-preparedness/ for more advice on how to prepare for a crisis or an emergency.
Ongoing regulatory work
The financial sector is subject to a number of regulations, many of which are part of EU legislation and apply to Norway under the European Economic Area (EEA) Agreement. New regulations are being introduced and are expected to help improve FMI resilience in Norway. This is an overview of the ongoing key initiatives.
The Digital Operational Resilience Act (DORA) is a regulation adopted by the EU to strengthen ICT resilience in the financial sector, both operationally and in the event of cyberattacks.
DORA has been adopted by the EU as a regulation and entered into force on 17 January 2025. It was transposed into the EEA-agreement on 20 February 2025. A proposition (for consent) was presented by the government on 7 March 2025 including a bill on the Digital Operational Resilience Act. It has not yet been decided when the DORA Act will enter into force in Norway. Finanstilsynet’s website provides an updated overview of information on DORA in Norway (in Norwegian only).
The Markets in crypto-assets regulation (MiCA) has been fully implemented in the EU since 30 December 2024. On 7 March 2025, the Ministry of Finance submitted a white paper to the Storting (Norwegian parliament). The proposition includes a proposed new Act on cryptoassets (the Cryptoassets Act) to transpose the regulation EU (2023/1114) on markets in cryptoassets into Norwegian law. The regulation establishes a common European framework for cryptoasset markets and services. The regulation includes common European rules for the issuance, public offering and admission to trading of cryptoassets, as well as rules on the provision of services related to cryptoassets and on cryptoasset market abuse. The Storting deliberated the matter on 13 May 2025.
The Critical Entities Resilience (CER) Directive (in Norwegian only) is considered EEA-relevant and is expected to be transposed into Norwegian law further out. The introduction of CER will impose requirements on entities upon which the financial sector is dependent and help strengthen financial sector resilience. CER will be transposed into national legislation in all EU countries by 18 October 2024. No position memo has been published so far for Norway. CER will likely simplify and improve the opportunities of owners of Norwegian FMIs to govern and control foreign providers.
NIS 2 (in Norwegian only) “The Directive on measures for a high common level of cybersecurity across the Union” (the NIS 2 Directive). The NIS 2 directive was adopted in the EU on 14 December 2022 and replaced NIS 1 in member countries in 2024. NIS2 entails a substantial expansion of NIS1, with stricter requirements related to security, supervision, sanctions and reporting. NIS2 is considered to be EEA-relevant and is expected to become transposed into Norwegian law.
In its white paper on total preparedness, the government announced that it will present a draft bill for a new Act on fundamental security for undertakings that are important for society. The Act must be viewed in the context of work to prepare the implementation of the directives on the security of networks and information systems (the NIS 2 Directive) and critical entities resilience (the CER Directive). The new Act will set common requirements for the fundamental security of undertakings critical to the functioning of society in times of peace, crisis and war.
The new electronic communications Act (in Norwegian only) entered into force on 1 January 2025. The Act entails the expansion of adequate security requirements for electronic communication providers to comprise data centre operators, and the introduction of a duty to register information related to ownership and about which services are provided. A clearer framework for the data centre industry may help to improve the resilience of the financial infrastructure.
New Act relating to digital security (Digital Security Act) (in Norwegian only) was adopted by the Storting in December 2023. The EU NIS Directive (NIS 1) has been adopted as Norwegian law through this Act. The Act sets requirements for digital security and the notification of incidents for entities that play a key role in maintaining vital societal and economic functions. The Act is wide-ranging and may help to enhance cross-sectoral resilience. The Act has not yet entered into force.
New Act relating to investment control (in Norwegian only) was recommended in Official Norwegian Reports (NOU) 2023:28) “Investeringskontroll – En åpen økonomi i usikre tider” [Investment control – An open economy in uncertain times] (in Norwegian only) on 4 December 2023. The Norwegian Investment Control Committee recommended the establishment of a notification scheme for foreign investment in security-sensitive sectors, to be regulated by a new separate investment control Act. This will result in a better overview of foreign investment and may help improve risk assessments.
The Norwegian Security Act was amended on 1 July 2023. The purpose of the amendments to Section 10 on ownership control is to strengthen the control of acquisitions that may be contrary to national security interests, for example a number of acquisitions will be subject to the notification duty.