Annual reporting requirements for licensed interbank systems
Pursuant to Section 2-9 of Act No. 95 of 17 December 1999 relating to payment systems, etc.
The annual report for a licensed interbank system shall contain the information and assessments that Norges Bank deems necessary to ensure that the system has been set up and operates in compliance with relevant rules, including the terms and conditions of the licence.
Unless otherwise agreed, the report shall be signed by the chairman of the board of the licensee. The report shall be submitted to Norges Bank by 1 March of the year following the reporting period.
The report shall contain a brief summary of key matters in the annual report.
2. System description
The report shall describe the main elements of the system.
The description shall state whether elements of the system have been outsourced to service providers.
3. System changes
The report shall contain a description of implemented and planned system changes. The description shall, at the minimum, contain the following elements:
- Material technical system changes carried out in the reporting period.
- Contractual changes, including any new contracts with service providers and agreements with participants.
- Organisational changes.
- Changes in payment routines.
- Participant changes.
- Changes in service provider's organisation that may have an impact on the system.
4. Operating situation
The report shall contain a description of the operating situation. The description shall, at the minimum, contain the following elements:
- Information on system turnover, including an overview of the largest participants (measured by number of transactions and value).
- Licensee's own requirements for stable operations and actual achievement of targets.
- Major disruptions. The licensee shall indicate causes and measures implemented to prevent a recurrence.
- An overview of the number of incidents classified by degree of seriousness. The overview shall show historical developments over several years.
- For private settlement banks, the report shall comment on utilisation of credit lines and any overdrawn amounts.
5. Tests of operating systems and disaster recovery arrangements
The report shall contain a description of implemented tests, exercises and other reviews of operating systems and disaster recovery arrangements, as well as the results of such tests, exercises and reviews.
6. Risk analysis
In the course of the year, the licensee shall perform independent risk assessments of all parts of operations. The risk assessments may be included in the actual report, or be attached as separate documents. Risk analyses submitted to Norges Bank in the course of the year do not need to be attached, but shall be referred to in the report.
7. System capacity and effectiveness
The report shall contain the licensee's assessment of system effectiveness (e.g. costs, speed and user-friendliness).
The report shall contain an assessment of whether the licensee has sufficient resources to perform all aspects of operations (number of employees, employees' qualifications, technical capacity, etc.).
The report shall provide an account of training measures aimed at the system's users and operators.
8. Other matters
The report shall also cover any other matters that may be of interest to the licensing authority.
At the minimum, the following appendices shall be included in the report:
- List of participants and overview of the bank data processing centre(s) each participant uses.
- List of service providers.
- The data underlying any charts in the report.