THE WORLD BANK GROUP THAILAND ASSESSMENT OF OBSERVANCE OF THE CPSS-IOSCO June 2019 PRINCIPLES FOR FINANCIAL MARKET INFRASTRUCTURES— BAHTNET AND TSD Prepared By This Detailed Assessment Report was prepared in the Finance, Competitiveness, context of a joint IMF-World Bank Financial Sector and Innovation Global Assessment Program (FSAP) mission in Thailand Practice, World Bank during November 2018, led by Alejandro Lopez Mejia, Group IMF and Brett Coleman, World Bank, and overseen by the Monetary and Capital Markets Department, IMF, and the Finance, Competitiveness, and Innovation Global Practice, World Bank Group. Further information on the FSAP program can be found at www.worldbank.org/fsap. THAILAND CONTENTS EXECUTIVE SUMMARY __________________________________________________________________________ 7 I. INTRODUCTION _______________________________________________________________________________ 9 A. Methodology and Information used for the Assessment_______________________________________ 9 B. Overview of the Payment, Clearing, and Settlement Landscape _______________________________ 10 II. KEY FINDINGS AND RECOMMENDATIONS ________________________________________________ 25 A. Key Findings and Follow up for BAHTNET ____________________________________________________ 25 B. Key Findings and Follow up for TSD___________________________________________________________ 29 C. Key Findings and Follow up for Authorities ___________________________________________________ 34 D. Recommendations for BAHTNET _____________________________________________________________ 36 E. Recommendations for TSD ____________________________________________________________________ 37 F. Recommendations for Authorities_____________________________________________________________ 40 G. Authorities’ Response to the Assessment _____________________________________________________ 40 III. DETAILED ASSESSMENT REPORTS _________________________________________________________ 42 A. BAHTNET assessment against the PFMI _______________________________________________________ 42 B. BOT responsibilities __________________________________________________________________________ 177 C. TSD assessment against the PFMI ____________________________________________________________ 201 D. SEC responsibilities __________________________________________________________________________ 290 FIGURES Figure 1: Payment, Clearing, and Settlement Systems in Thailand _______________________________ 10 Figure 2: BAHTNET evolution since the last FSAP (2007) ________________________________________ 11 Figure 3: Volume and value of transactions in BAHTNET ________________________________________ 12 Figure 4: BAHTNET governance structure ________________________________________________________ 13 Figure 5: BAHTNET participants (63 as of November 2018) ______________________________________ 14 Figure 6: Intraday Liquidity Facilities (ILF) ________________________________________________________ 15 Figure 7: Distribution of BAHTNET transactions during the day__________________________________ 16 Figure 8: Securities clearing and settlement infrastructure _______________________________________ 19 Figure 9: DvP 1 settlement for OTC bond trades_________________________________________________ 20 Figure 10: Exchange-traded securities- transaction flow and settlement_________________________ 21 Figure 11: Cooperation between BOT and other regulators on FMIs_____________________________ 24 2 THAILAND TABLES Table 1: Number of participants (October 2018) _________________________________________________ 17 Table 2: Total value of securities held in custody ________________________________________________ 18 Table 3: Volume and value of OTC trades _______________________________________________________ 22 Table 4: Volume and value of exchange trades __________________________________________________ 22 Table 5: Ratings Summary of BAHTNET__________________________________________________________ 29 Table 6: Ratings Summary of the TSD ___________________________________________________________ 34 Table 7: Ratings Summary of the Authorities ____________________________________________________ 35 3 THAILAND Glossary AG BAHTNET Advisory Group API Application Program Interface BAHTNET Bank of Thailand Automated High value Transfer Network BCM Business Continuity Management BCP Business Continuity Plan BOT Bank of Thailand BOTAC Bank of Thailand Audit Committee BOTB Bank of Thailand Board BOT-CMF Bank of Thailand-Collateral Management Facilities BOT-RMS Bank of Thailand-Risk Management System CCP Central Counterparty CCPMP Cross Currency Payment Matching Processor COSO ERM COSO Enterprise Risk Management CPMI Committee on Payments and Market Infrastructure CSA Control Self-Assessment CSD Central Securities Depository CSS Central Settlement System DA Derivatives Act DC Data Center DvP Delivery Versus Payment DLT Distributed Ledger Technology ECH Electronic Clearing House EFS Electronic Financial Services EMEAP Executives' Meeting of East Asia and Pacific Central Banks ERMD Enterprise Risk Management Department FMI Financial Market Infrastructure FMOG Financial Markets Operations Group FX Foreign exchange HKICL Hong Kong Interbank Clearing Limited HKMA Hong Kong Monetary Authority HSBC Hongkong and Shanghai Banking Corporation HTTPS Hyper Text Transfer Protocol Secure IAD Internal Audit Department ICAS Imaged Cheque Clearing and Archive System ILF Intraday Liquidity Facilities IOSCO International Organization of Securities Commissions ISIN International Securities Identification Number ISMS Information Security Management System IT Information Technology ITD Information Technology Department IWT Industry Wide Test 4 THAILAND KC Key Consideration KPI Key Performance Indicator KRI Key Risk Indicator MAI Market for Alternative Investments MFT Multilateral Funds Transfer MOU Memorandum of Understanding NITMX National ITMX ORFT Online Retail Funds Transfer OTC Over-The-Counter PBD Payment and Bond Department (BAHTNET operator) PDP Potential Debit Position PFMI CPSS-IOSCO Principles for Financial Market Infrastructures POC Proof Of Concept PKI Public Key Infrastructure technology PS Payment System PSA Payment Systems Act PSC Payment Systems Committee PSD Payment Systems Policy Department (BAHTNET regulator) PSSVFO Payment Systems and Stored Value Facilities Ordinance (Hong Kong) PTI Post Trade Integrate system PvP Payment versus Payment RCSA Risk Control Self-Assessment RDL RTGS-DVP Linkage Repo Repurchase Agreements RMC Risk Management Committee RMD Risk Management Department ROC Risk Oversight Committee RPO Recovery Point Objective RTGS Real-Time Gross Settlement System RTO Recovery Time Objective SEA Securities Exchange Act SEC Securities and Exchange Commission SET Stock Exchange of Thailand SFI Specialized Financial Institutions SI Settlement Institution SIPS Systemically Important Payment Systems SLA Service Level Agreement SOE State-Owned Enterprises SRS Securities Requirement for Settlement SSS Securities Settlement System STP Straight Through Processing SWIFT Society for Worldwide Interbank Financial Telecommunication SWIFT BIC SWIFT Bank Identifier Code 5 THAILAND SWIFT CSP SWIFT Customer Security Program SWIFTNet SWIFT Network TBA Thai Bankers’ Association TCH Thailand Clearing House Co., Ltd. ThaiBMA Thai Bond Market Association THB Thai Baht currency TSD Thailand Securities Depository Co., Ltd. UAT User Acceptance Test USD US Dollar currency USD CHATS US Dollar Clearing House Automated Transfer System VA Vulnerability Assessment VAR Value at Risk VPN Virtual Private Network 6 THAILAND EXECUTIVE SUMMARY Thailand has a well-developed payment, clearing, and settlement infrastructure. BAHTNET (Bank of Thailand Automated High Value Transfer Network) is the real-time interbank gross payment and settlement system, and the backbone of the infrastructure where the final payments of various markets are settled. It is operated by the Bank of Thailand (BOT). The Thailand Securities Depository (TSD) is the sole central securities depository and the securities settlement system for government securities, corporate bonds, and equities. The Thailand Clearing House (TCH) is the other financial market infrastructure which acts as the central counterparty (CCP) for bonds, equities, and derivatives transactions traded on the respective exchanges. The TSD and the TCH are fully owned subsidiaries of the Stock Exchange of Thailand (SET). BAHTNET has a high degree of compliance with the Principles for Financial Market Infrastructures (PFMI) and is a sound system. It is subject to comprehensive and transparent risk management frameworks comprising clear policies and guidelines, governance arrangements, and operational systems including regularly tested default and business continuity procedures. All transactions once settled in BAHTNET are deemed final and irrevocable, as well as bankruptcy remote. There are areas where the level of compliance of BAHTNET with the PFMI could be further improved. It is recommended that the operator of BAHTNET verifies that participants comply with the BOT Notification on Regulations on the maintenance of reserve requirements for specialized financial institutions (SFIs) and do not post their own debt or equity securities as collateral. BAHTNET should consider concentration limits to avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effect. The current Intraday Liquidity Facilities (ILF) require that participants post collateral at the beginning of the day in order to get sufficient intraday liquidity. It is recommended that BOT include in its next generation of BAHTNET where the balance on the account would automatically trigger access to collateral for intraday liquidity. The TSD is also largely compliant with the PFMI and operates in a sound manner. It is regulated under the provisions of the Securities Exchange Act (SEA) and provides for finality and irrevocable settlement of securities transactions. Custody risk is mitigated through sound accounting, audit, and reconciliation procedures. Delivery-versus-payment one (DvP 1) model is used for the settlement of over-the-counter (OTC) government and corporate bond trades. The settlement of exchange trades (bonds, equities, and derivatives) is conducted in a guaranteed mode with the TCH acting as a CCP for both the securities and funds leg; with the TSD carrying out the securities settlement based on the net securities clearing file received from TCH. The TSD is not exposed to any default risk of the depositors as TCH as the CCP bears all counterparty credit and liquidity risks for both the securities and funds legs. The compliance of TSD with certain Principles could be enhanced further. It is recommended to strengthen and establish greater clarity in the legal framework with regard to protecting the 7 THAILAND securities balances of depositors and customers held in TSD’s name, in the event of TSD’s bankruptcy, and to clearly establish the beneficial ownership rights of securities belonging to depositors and investors. The scope of the risk management framework should be made more comprehensive by explicitly recognizing the general business and investment risks that TSD is exposed to. In this regard, TSD should hold the investments of its assets in its own name rather than in the name of SET to ensure that proper segregation of investments is carried out and its assets are not used for setting off claims of its parent. The high-level recovery and wind-down plan should be enhanced by taking into account the additional guidance provided by the international standard setters – the Committee on Payments and Market Infrastructures (CPMI) and International Organization for Securities Commissions (IOSCO) – and should contain details of a set of recovery tools that are comprehensive and effective in terms of reliability and timeliness, with a sound legal basis, and have a documented operational plan. 8 THAILAND I. INTRODUCTION Assessor and objectives 1. This report contains the assessments of BAHTNET and TSD based on the PFMI. The assessment was undertaken in the context of the International Monetary Fund and World Bank Financial Sector Assessment Program (FSAP) of Thailand in November 2018. The assessors were Gynedi Srinivas and Dorothee Delort of the World Bank’s Payment Systems Development Group. The assessors would like to thank the Thai counterparts for their excellent cooperation and generous hospitality. 2. The objective of the assessment was to identify potential risks related to the FMIs that may affect financial stability. While safe and efficient FMIs contribute to maintaining and promoting financial stability and economic growth, they may also concentrate risk. If not properly managed, FMIs can be sources of financial shocks, such as liquidity dislocations and credit losses, or a major channel through which these shocks are transmitted across domestic and international financial markets. Scope of the assessment 3. The scope of the assessment includes two main FMIs as well as the authorities in Thailand responsible for regulation, supervision, and oversight of FMIs. BAHTNET and TSD are assessed against all relevant principles of the PFMI. The authorities, the BOT and the SEC, are assessed using the responsibilities for authorities of FMIs. A. Methodology and Information used for the Assessment 4. The information used in the assessment includes relevant national laws, regulations, rules, and procedures governing the systems and other available material. Other available material included annual reports; self-assessments; responses to the WB questionnaire; websites from the regulators, overseers, supervisors, operators, and stakeholders; and other relevant documents. In addition, discussions were held with regulators, overseers, and supervisors, i.e., the BOT and SEC. The assessment also benefited from discussions with the SET, TSD, and main stakeholders. 5. At the request of the World Bank, the FMIs and authorities conducted self-assessments. The BOT prepared a self-assessment of BAHTNET system, whereas TSD conducted a self-assessment for the TSD system. Both self-assessments were based on the PFMI. The self-assessments included an assessment of the responsibilities of the Thai authorities. 6. The assessment is based on information available in November 2018. Information available after November 2018 has not been considered in determining the assessment ratings. 9 THAILAND B. Overview of the Payment, Clearing, and Settlement Landscape 7. Thailand’s payment, clearing, and settlement infrastructure consists of a consolidated set of systemically important FMIs, as well as retail payment systems (see Figure 1). The BAHTNET is the interbank payment system and the backbone of the infrastructure in which the ultimate payments of various markets are settled in central bank money. The retail payment systems settling in BAHTNET are: i) ICAS (the Image Cheque Clearing and Archive System); ii) NITMX (the National Interbank Transaction Management and Exchange Co., Ltd.), which is used for bulk payments, PromptPay, and to switch ATMs and local debit cards; iii) PCC (the Processing Center Co., Ltd.); and iv) TPN (the Thai Payment Network). Figure 1: Payment, Clearing, and Settlement Systems in Thailand Source: BOT, November 2018 10 THAILAND BAHTNET 8. BAHTNET is the real-time gross settlement (RTGS) system which is owned and operated by the BOT. The BOT has been operating Thailand’s large-value payment system, BAHTNET, since May 24, 1995. The BOT has continually been improving BAHTNET (see Figure 2) to: i) respond to changing business needs and technology innovation; and, ii) strengthen its compliance with international standards. For example, the BOT has implemented a link with the TSD system for Delivery Versus Payment of government bonds, equity, and corporate bonds and a link with the Government Fiscal Management Information System (GFMIS) to facilitate government agencies’ revenue submission and budget disbursement through BAHTNET. In 2014, a link was established with the US Dollar Clearing House Automated Transfer System (USD CHATS) overseen by the Hong Kong Monetary Authority (HKMA) to eliminate settlement risk. In practice, this link is used by BAHTNET participants as an alternative solution for their correspondent banking arrangements. BOT is already considering the next generation of the BAHTNET system, such as the introduction of the ISO 20022 standard and a Proof Of Concept (POC) for the use of Distributed Ledger Technology (DLT). Figure 2: BAHTNET evolution since the last FSAP (2007) Source: BOT, November 2018 11 THAILAND 9. In 2017, the transactions settled in BAHTNET represented THB 890 trillion, 58 times Thailand’s GDP. The volume and value of transactions have been growing steadily over the past five years (see Figure 3). Figure 3: Volume and value of transactions in BAHTNET Source: BOT, November 2018 10. All transactions settled in BAHTNET are deemed final and irrevocable. The Payment Systems Act, which took effect on April 16, 2018 provides an explicit basis for settlement finality in its section 9. In case of bankruptcy, clearing and settlement through BAHTNET will be processed under the rules of the system and shall not be revoked, reversed, modified, stopped, or set aside. 11. BAHTNET operates daily from 8:30 a.m. to 5:30 p.m., except on bank holidays. It offers: (i) Bilateral funds transfers (interbank transfers, third party transactions, government transactions, and BOT money market transactions); (ii) Multilateral Funds Transfers (for the settlement of equities, cheque clearing (ICAS), and retail payment systems NITMX); and (iii) Exchange of value (through the links with TSD and USD CHATS for, respectively, securities and USD settlement). BAHTNET uses two networks for communication, the SWIFT Network (SWIFTNet) and BOTNET/X. 12 THAILAND 12. The governance and risk management structure of BAHTNET is organized according to the three lines of defense approach (see Figure 4). It is operated by the BOT’s Payment and Bond Department, in the Information Technology Group, reporting to the Deputy Governor in charge of Corporate Support Service and Banknote Management. The oversight function, on the other hand, is exercised by the Payment Systems Policy Department, in the Payment Systems Policy and Financial Technology Group, reporting to the Deputy Governor in charge of Financial Institutions Stability. The Payment Systems Committee (PSC), established under the BOT Act and chaired by BOT Governor, is the BAHTNET board. It formulates the strategy for the development of the National Payments System and the policies for its safety and efficiency. It is composed of BOT high-level executives, representatives from the Government and the industry (including the President of the Thai Bankers’ Association), and independent experts. Figure 4: BAHTNET governance structure Source: BOT, November 2018 13. Participants in the BAHTNET are banks and nonbanks that have a current or settlement account with the BOT. Financial institutions, SFIs, Government agencies, securities companies, clearing houses, securities depositories, and payment service providers (supervised according to the Payment Systems Act) have to meet risk-based, legal, financial, and operational requirements according to the BAHTNET Regulations and BOT Notifications. There are only direct participants, some operating their own workstation to connect to the system and some direct participants (called 13 THAILAND associate) using the workstation of another participant, but all bound by BAHTNET’s rules and agreements (see Figure 5). The BOT reviews the participant access criteria every two years. BAHTNET has also clear exit criteria, covering terminations of participation at the initiative of the participant or the BOT. Figure 5: BAHTNET participants (63 as of November 2018) Source: BOT, November 2018 14. The BOT provides intraday credit through the Intraday Liquidity Facilities (ILF) to participants facing temporary liquidity shortages through intraday repo in BAHTNET (see Figure 6). BAHTNET accepts as eligible collateral: (i) Treasury bills, debt restructuring bills, and government bonds; (ii) Bonds or debt securities issued by SOEs and SFIs; or (iii) BOT bonds and saving bonds. The collateral is valued on a daily marked-to-market basis, with haircuts. If a participant fails to repurchase the collateral at the end of the day, the ILF is converted into an overnight loan with a penalty. The larger participants 1 must post at the beginning of the day collateral representing 10percent of the average value of their transactions in BAHTNET during the same two weeks period of the previous month. BOT also requires participants involved in Multilateral Funds Transfer (settlement of retail payments) to reserve collateral (Securities Requirements for Settlement, SRS) against the exposure from net clearing positions. 2 Participants can use 20percent of their collateral posted for SRS to get liquidity through the ILF. 1 Financial institutions with a daily average value of transactions greater than THB 500 million. 2 Calculated based on 1-year historical data. 14 THAILAND Figure 6: Intraday Liquidity Facilities (ILF) Source: BOT, November 2018 15. BAHTNET includes several features to facilitate liquidity management, including a queuing mechanism, gridlock resolution, 3 throughput guidelines, and differentiated pricing. Payment orders in a BAHTNET participant’s centralized queue are processed using the bypass FIFO (first in, first out) rule. Participants can change the priority of transactions in the queue. BAHTNET requires the main participants to submit at least 30percent of their transactions by noon, and at least 70percent by 3 pm. To further encourage participants to submit their transactions early in the day, there are three times zones with increasing fee rates. The distribution of transactions during the day shows that these mechanisms effectively contribute to an efficient management of the liquidity in BAHTNET. 3 The system continuously searches the queue for a combination of transactions with a positive net position, and these transactions are executed simultaneously on a gross basis. 15 THAILAND Figure 7: Distribution of BAHTNET transactions during the day Source: BOT, November 2018 16. BAHTNET has a detailed, documented, and well-tested framework for the management of operational risk, with clearly assigned roles and responsibilities, processes, and controls reviewed by the internal audit department and external auditors. 4 The Payment and Bond Department (PBD), the BAHTNET operator, conducts Control Self-Assessments (CSA) focusing on operational risk and reports to the Enterprise Risk Management Department (ERMD). The sources of operational risk are identified every year in accordance with BOT Regulation on Measures of Operational Risk Incident. BOT has developed key risk indicators (KRI) to monitor risks, assess their severity, and assist in response and prevention. A Service Level Agreement has been established with the IT Department. BAHTNET has ample scalable capacity to handle increasing stress volumes; the transaction capacity is about 15,000 transactions per hour, while the actual number of transactions processed is about 16,000 per day (in 2017). BAHTNET applies relevant international and industry standards for physical and information security, is certified ISO/IEC 27001, and requires participants to be certified. Every change to the system goes through an impact analysis and is managed according to the Change Management System (CMS). 4 2016: Deloitte (BAHTNET system stability: IT governance, business continuity, software quality assurance); 2017: IBM (cyber-attack test), ACIS (penetration test), Deloitte (cyber security framework, vulnerability assessment and penetration test); 2018: BSI (re-certification ISO 27001), Deloitte (penetration test). 16 THAILAND The TSD central securities depository and securities settlement system 17. The TSD is the sole CSD and securities settlement system (SSS) operating in Thailand and acts as a registrar for common and preferred stocks. The TSD is regulated by the Securities Exchange Commission and is governed under the provisions of the Securities Exchange Act, and other relevant general laws such as the Civil and Commercial Code of Thailand. It is a fully owned subsidiary of the SET and was established on November 16, 1994, with a registered capital of THB 200 million. It commenced operations on January 1, 1995. 18. Government and corporate securities are immobilised and dematerialised and held in book-entry form with TSD. TSD acts as the securities registrar and CSD/SSS for corporate securities, while the BOT is the registrar for Government securities with TSD only performing the CSD/SSS function. The customers are also provided with the option of converting their dematerialised holdings into physical securities if they so desire. Securities can, however, be cleared and settled only through book-entry transfer with the physical securities having to be dematerialised. In addition, TSD also provides a Securities Borrowing and Lending (SBL) platform for TCH. It is the International Securities Identification Number (ISIN) issuer for securities in Thailand. As part of its registrar activities, it undertakes corporate actions. It provides a service for payments of dividends electronically through e-dividend service and an investor portal for customers. 19. The TSD has a total of 111 participants (i.e., depositors). The depositors of the TSD comprise: the BOT; securities companies; banks; life and/or non-life insurers; juristic persons such as mutual fund trustee, issuer of depositary receipts, representative of debenture holders, and custodian of securities; and issuers. The details of the depositors are given in Table 1. Table 1: Number of depositors (October 2018) Brokers Commercial Custodian Others Total banks banks 40 20 13 38 111 Source: TSD, November 2018 20. The total value of the securities held in custody by TSD across different asset classes is given in Table 2. 17 THAILAND Table 2: Total value of securities held in custody Description Value in Baht trillion (as on October 31, 2018) Equity 15.89 Government bonds 8.20 Corporate bonds 2.13 Total value of securities deposited 26.22 Source: TSD, November 2018 21. All securities transactions settled in TSD are deemed final and irrevocable. The legal basis for settlement finality is established under Section 228 of SEA and clause 57 of No. Tor Thor 5 32/2559. The transfer of securities is done by TSD either when it receives such a transfer instruction from its depositor’s or when it receives a settlement file from the securities clearing house (TCH). Dematerialization and immobilization of securities is covered under Sections 223-228 of the SEA. The legal basis also provides for segregation of the proprietary assets of the depositors from the holdings of their customers, under Section 223 of the SEA and TSD Regulation, Chapter 400, clause 401. Such customer assets cannot be used to secure or settle obligations other than those of the customer. Customer assets are protected from the bankruptcy of the depositor under Section 111/1 of the SEA. 22. Government and corporate bonds are traded on the OTC market as well as the Thailand Bonds Exchange (TBX). Equities are traded through the SET and Market for Alternative Investment (MAI), depending on their listing requirements. The TCH acts as the CCP for all exchange-traded securities. The clearing and settlement infrastructure is depicted below. 5 Regulation. 18 THAILAND Figure 8: Securities clearing and settlement infrastructure Source: TSD, November 2018 23. The OTC bond trades for government and corporate securities are settled on a DvP 1 mode on a T+0 basis. Settlement of the funds leg takes place in central bank money in the BAHTNET system. The securities are delivered only after the funds transfer confirmation is received from BAHTNET by TSD. Final settlement of the funds leg in respect of OTC and exchange-traded securities happens in central bank money in BAHTNET, while the securities are settled in TSD under both modes. 19 THAILAND Figure 9: DvP 1 settlement for OTC bond trades Source: TSD, November 2018 24. The exchange-traded securities are settled on a DvP 3 mode on a T+2 basis. TSD as the Securities Settlement System (SSS) does not bear any participant default risk as all the trades are guaranteed by the TCH as a CCP. The counterparty credit and liquidity risks are borne by the TCH, with TSD only executing the securities transfers based on the instructions of TCH on a free-of- payment basis. To minimize settlement fails on the value date, the securities settlement account balances are verified at 13.30 hours; and in the event of any shortfall in the balances, the securities borrowing and lending (SBL) facility is evoked by TCH in line with its rules and regulations. Based on the outcome of the SBL process, a revised file is sent by TCH to TSD at 14.00 hours. TSD debits the seller’s account and credits the TCH securities account. The securities are held in the TCH account till such time as TSD receives an instruction from TCH to debit its securities account and transfer the securities to the buyer’s account. TCH sends this debit instruction to TSD only after the funds leg has been settled. This is done by 14.15 hours. The transaction flow for the settlement of exchange-traded securities is given in Figure 10. 20 THAILAND Figure 10: Exchange-traded securities- transaction flow and settlement Source: TSD, November 2018 25. The details of the volume and value of trades settled in the OTC and exchange markets are given in Tables 3 and 4. 21 THAILAND Table 3: Volume and value of OTC trades Year Government Bond Corporate Bond No of Volume Value (THB No of Volume Value (THB Transactions (Million million) Transactions (Million million) shares) shares) 2015 102,147 52,449.67 54,785,993.85 913 20.28 21,265.09 2016 108,620 80,970.39 85,651,243.72 969 21.72 24,508.20 2017 117,860 90,853.66 95,641,617.79 1,186 20.71 21,669.96 2018 103,057 83,250.49 85,231,952.94 704 9.74 10,156.24 (October) Source: TSD, November 2018 Table 4: Volume and value of exchange trades Year SET MAI Volume Value (THB Volume Value (THB million) million) 2015 926,326 1,015,442 103,005 65,890 2016 870,398 1,146,649 97,006 62,461 2017 710,021 998,866 112,413 56,539 2018 (October) 700,694 1,150,506 68,225 33,266 Source: TSD, November 2018 (Note: There have not been any trades on TBX since 2013) 26. Since November 2017, TSD does not permit any debit balances in the securities accounts. Securities transactions are settled only when there are sufficient balances of securities in the account. Trades with insufficient balances are kept in “pending settlement” status. TSD provides an omnibus account structure and a segregated account structure to its depositors. The proprietary assets of the depositor are segregated in a separate account distinct from the omnibus customer holdings of that particular depositor. Similarly, securities earmarked for settlement are moved into separate settlement proprietary and omnibus settlement accounts. 27. TSD has a separate board of directors comprising five members. The president of SET is the chairman of the board along with two other senior executives. Two capital market experts are 22 THAILAND appointed as independent non-executive board members. The TSD board is empowered by its charter which is aligned to SET’s corporate governance standards and the relevant sections of SEA. The responsibilities of the board are to ensure the safe and efficient functioning of the TSD to serve the interests of all stakeholders in the capital markets and in contributing to financial stability. To draw upon its synergies under the SET umbrella, the SET board is responsible for the internal audit, risk management, and investment functions on behalf of the TSD board. Regulation, supervision, and oversight of FMIs 28. FMIs are subject to an explicit and unambiguous regulatory and oversight framework with well disclosed laws and policies. The authorities have clearly defined and publicly disclosed the criteria used to identify FMIs that are subject to regulation, supervision, and oversight by BOT (BAHTNET) and SEC (TSD and TCH). The authorities apply the PFMI in their regulation, supervision, and oversight of the FMIs under their respective jurisdictions. In addition, the BOT discloses its policies publicly with respect to BAHTNET, while SEC’s objectives are publicly disclosed on its website. The information is made available in English in addition to Thai. Both authorities have publicly stated their support and adoption of PFMI in their public policy statements. 29. The BOT and SEC cooperate in the regulation, supervision, and oversight of the FMIs in Thailand (see Figure 11). The authorities signed on June 27, 2017, a memorandum of understanding (MoU). The MoU acknowledges each authority’s statutory responsibilities towards the oversight, supervision, and regulation of the FMIs under their respective jurisdictions. In addition, the BOT has signed a MoU with HKMA for the oversight of the BAHTNET-USD CHATS link. The authorities hold periodic as well as ad-hoc meetings. 23 THAILAND Figure 11: Cooperation between BOT and other regulators on FMIs Source: BOT, November 2018 24 THAILAND II. KEY FINDINGS AND RECOMMENDATIONS A. Key Findings and Follow up for BAHTNET General organization (Principle 1-3) 30. The BOT has a well-founded, clear, transparent, and enforceable legal and regulatory framework governing the operations of BAHTNET and its participants' rights and obligations. The BOT Act (B.E. 2485, C.E. 1942), the Payment Systems Act (B.E. 2560, C.E. 2017), and the relevant regulations articulate the legal basis for BAHTNET to participants and the public in a clear and understandable way. The rules and regulations are enforceable and in accordance with the relevant acts. The Payment System Act, effective since April 16, 2018, provides an explicit basis for settlement finality (section 9), collateral protection (section 10), and default management (section 8). The BOT Regulation for Electronic Financial Services covers BAHTNET services, ILF, and SRS. BOT has articulated its legal basis by placing the relevant acts and regulations on its payment systems webpage. The FSAP team suggested to get a legal opinion to verify the enforceability of the netting arrangements in judicial and administrative insolvency proceedings and avoid the unwinding of net positions of retail payment systems. The BOT legal services provided a legal opinion stating that multilateral netting is covered in case of SIPS. 31. The BOT has an explicit commitment towards payment systems stability, as stated in section 7 of the BOT Act. The BAHTNET Services Regulation (B.E. 2549, C.E. 2006), article 2, mentions that BAHTNET reduces risks by settling transactions with finality and irrevocability through Real Time Gross Settlement system. BAHTNET has a sound, comprehensive, well documented, and tested framework for the management of risks. Risk management decisions related to BAHTNET are taken by or reported to the PSC, the ultimate decision-making body. The ERMD provides guidelines for the BAHTNET risk management framework, and the internal Audit department audits the operation of BAHTNET. A consultative committee of participants in BAHTNET, the BAHTNET Advisory Group (AG), has been established. The committee meets at least twice a year to discuss various issues relating to risk management, business procedures, standardization of IT systems, and fees. When the BOT changes its major policies with respect to payment and settlement systems, it must notify the relevant institutions in advance and collect their opinions. The revised policy changes are placed on the website of the BOT and are also notified to the participants. The changes are also reflected in the oversight report placed on the website of the BOT. 32. The BOT has clearly identified the risks borne by BAHTNET and implemented policies, procedures, and controls, which are reviewed annually or in case of a change in the system, to monitor and manage those risks. Other systems, such as the securities settlement system and the retail payment systems, conduct their ultimate settlements in BAHTNET. The BOT recognizes that any operational disruptions in BAHTNET could cause risks to the participants and other FMIs, leading to increased credit and liquidity risks. Operational disruptions in TSD could be a potential source of risk to BAHTNET since the collaterals used for ILF are deposited at the TSD. BAHTNET has developed 25 THAILAND early warning indicators to monitor potential liquidity issues of its participants and offers participants real-time monitoring tools. The BOT has identified scenarios that may potentially prevent the system from being able to provide its critical operations, and the business continuity plan (BCP) is reviewed annually. It is recommended to further develop coordinated scenarios that deal with the simultaneous disruption of more than one FMI. Credit and liquidity risk management (Principle 4-7) 33. While the BOT’s exposure to credit risk is limited as it provides intra-day credit to participants on a fully collateralized basis, the collateral framework could be enhanced. The collateral management system is operated through a link with TSD, which keeps the securities that the BOT accepts as collateral. The assets that are accepted as collateral are subject to a daily mark- to-market, haircuts are determined 6 by calculating value at risk at a 95 percent level of confidence, and the haircut policy is reviewed on a yearly basis. Procyclicality is limited by the design of the haircut methodology. 7 However, BAHTNET accepts as collateral bonds or debt securities issued by SOEs and SFIs, and there is currently no feature to verify that participants do not post their own debt or equity securities as collateral. BAHTNET doesn’t have concentration limits to avoid concentrated holdings of certain assets where this would impair the ability to liquidate such assets quickly without significant adverse price effects. There is a need to review several aspects of the collateral framework, to include a rule preventing participants to pledge their own securities as collateral, to implement concentration limits, and to have annual independent validation of the haircut procedures. In addition, it is recommended to explore what would happen to assets held by BAHTNET in case of non-availability or insolvency of TSD and that BAHTNET addresses it appropriately as part of its risk management framework. 34. Liquidity risk in the BAHTNET system is minimized due to the provision of an ILF by the BOT to the participants. BAHTNET provides several efficient tools to monitor and manage liquidity, such as queuing mechanisms, gridlock resolution, Securities Requirements for Settlement of net settlement files, and throughput guidelines. The differential pricing fees mechanism also contributes to smoothening payment flows throughout the operating hours of BAHTNET. It is suggested to review the relevance of the requirement that larger participants should post at the beginning of the day collateral representing 10percent of the average value of their transactions in BAHTNET. The reason for this recommendation is that such a requirement would not be needed from a risk management point of view if BAHTNET had an automated collateral management system, and it might represent an opportunity cost for the participants. Settlement (Principle 8-9) 35. Settlement of payment transfers in BAHTNET is achieved in real-time and in central bank money, and payments once settled are final and irrevocable. BAHTNET provides for finality 6 By the Enterprise Risk Management Department 7 The data cover a long historical time span that includes several periods of stress. 26 THAILAND of settlement. Articles 40 and 41 of the BAHTNET Regulation explicitly define the point at which settlement is deemed final and irrevocable as the time when funds are debited from the sending institution’s account and credited to the receiving institution’s account. BAHTNET Regulation also clearly defines in article 39 that an unexecuted transfer order can be canceled by a participant upon request to BAHTNET and with the consent of the beneficiary institution. BAHTNET prohibits the unilateral revocation of accepted and unsettled orders. Exchange-of-value settlement systems (Principle 12) 36. Delivery versus payment (DVP) and payment versus payment (PVP) settlement mechanisms are being used for the settlement of securities and foreign exchange transactions respectively in BAHTNET. There are two exchange-of-value settlements in BAHTNET, the DvP link between BAHTNET and TSD for government securities and equity settlement and the PvP link between BAHTNET and the USD CHATS regulated and overseen by HKMA. Securities traded on the exchange are settled using a DvP model 3 8 arrangement, OTC securities on a DvP model 1. 9 For the Thai Baht vs. US Dollar transactions, the settlement in USD is done in commercial bank money and the finality of the linked obligations is achieved simultaneously upon completion of settlement in BAHTNET and USD CHATS. The adoption of these forms of settlement has led to the elimination of principal risk. Default management (Principle 13) 37. The BOT has clear rules and procedures defining a default and is well prepared to implement the default rules and procedures. These rules are reflected in the Payment Systems Act(sections 8 and 10) and the BOT “Procedures for members of highly important payments system to enter business rehabilitation or bankruptcy proceedings”. These rules and procedures are publicly available on the BOT webpage. General business and operational risk management (Principle 15-17) 38. The BOT has developed and implemented a comprehensive operational risk management framework, covering technology, risk factors, human resources, monitoring, control, and periodic testing. PBD, the BAHTNET operator, conducts Control Self-Assessments (CSA) focusing on operational risk and reports to the ERMD. It has a recovery time objective (RTO) of two hours, with a recovery point objective of zero data loss, and the target system availability is set at 99.9percent for 2018. The BOT has a secondary site with real time data replication and is setting up a third site with a different geographical risk profile. 10 BOT has developed KRIs to monitor risks, assess their severity, and assist in response and prevention. 8 Securities and funds are settled on a net basis. 9 Securities and funds are settled on a gross basis. 10 BOT also has a procedure for BAHTNET Offline in case all three sites would be unavailable. 27 THAILAND 39. BAHTNET BCP is developed in line with the relevant regulations and deals with adequate potential scenarios. 11 These are found to be adequate in tackling operational risk and ensuring the continuity of operations of BAHTNET. Even though annual market-wide testing is organized, it is suggested to adopt a holistic approach taking into account a disaster scenario when the operations of more than one FMI are disrupted. Custody risk is adequately managed since BAHTNET doesn’t invest the collateral and holds it at TSD, an FMI regulated and supervised by SEC. 40. BOT applies the CPMI-IOSCO Guidance on cyber resilience for financial market infrastructures (June 2016) to BAHTNET to enhance its cyber resilience. The five primary risk management categories and three overarching components 12 have been incorporated in BAHTNET’s cyber resilience framework, including with a Cyber Security Incident Response Plan (CSIRP), and a strong collaboration with other relevant agencies (such as ThaiCERT) and EMEAP central banks. BOT conducts CSIRP testing periodically and has a team dedicated to cyber threat intelligence, vulnerability assessments and penetration tests are run by external entities on an annual basis. Access (Principle 18-19) 41. BAHTNET has fair and open access criteria for participation, which comprehensively considers each participant’s risk management capability, the stable and efficient operation of BAHTNET, and the possibility of systemic risk. Access criteria are detailed in BAHTNET Regulations and BOT Notifications and cover legal, financial, and operational requirements; they are justified and commensurate with BAHTNET’s specific risks. There are only direct participants 13 in BAHTNET, bound by the rules of the system. Efficiency (Principle 21, 22) 42. The operational objectives stipulated in the relevant regulations on BAHTNET have been fulfilled. BAHTNET provides real-time gross settlement in central bank money, is operationally sound, and facilitates the settlement of other major retail payments. BAHTNET is operated efficiently, observing a cost recovery pricing policy. The system is designed to meet the needs of the participants and the financial markets, and participants are consulted on a regular basis through the BAHTNET Advisory Group, annual satisfaction surveys, trainings, user acceptance, and industry wide tests. 43. BAHTNET uses internationally accepted communication procedures and standards. BAHTNET uses two networks, the SWIFT Network and BOTNET/X. It also uses two types of messages, SWIFT Fin messages and BAHTNET XML standards, to allow non-SWIFT-members participants to 11 Natural disaster, riot, epidemic, emergency announce of special holiday, BAHTNET total system failure, cyber attack 12 The risk management categories are: governance; identification; protection; detection; and response and recovery. The overarching components are: testing; situational awareness; and learning and evolving. 13 Some of the direct participants are called associate if they don’t have their own workstation 28 THAILAND communicate via BAHTNET web service. The initiative to migrate to ISO 20022 message standards is considered for the next generation of the system. Transparency (Principle 23) 44. The BOT promotes a transparent disclosure framework for BAHTNET. BAHTNET regulation and its sub-regulations are disclosed through the website of the BOT, and, to facilitate participants’ understanding of BAHTNET, the BOT provides them with manuals and guidebooks. The BOT uses the disclosure framework published by the CPSS-IOSCO in December 2012. Ratings summary 45. BAHTNET has a high level of compliance with the PFMI and operates in a very sound manner. The ratings of BAHTNET against the PFMI are reflected in Table 5. Table 5: Ratings Summary of BAHTNET Assessment category Principle Observed Principle 1, 2, 3, 4, 7, 8, 9, 12, 13, 15, 16, 17, 18, 21, 22, 23 Broadly observed Principle 5 Partly observed - Not observed Not applicable Principle 6, 10, 11, 14, 19, 20 and 24 B. Key Findings and Follow up for TSD General organization (Principle 1-3) 46. The legal basis for the TSD is generally sound and enforceable. The SEA and Tor.Thor 14 32/2559, TSD Regulations Chapters 100-800, in conjunction with the relevant provisions of the Civil Code and Commercial Code, provide for: enforceability of transactions; protection of customer assets in the event of the bankruptcy of the depositor; immobilization and dematerialization of securities; settlement finality; delivery versus payment )DvP) for the settlement of securities transactions; and bankruptcy remoteness of collateral. There’s a high degree of certainty that the TSD regulations, procedures, and contracts are enforceable in the Thai jurisdiction. 14 Regulation issued by Capital Market Supervisory Board of SECSET. 29 THAILAND 47. There is room to improve the legal framework to extend protection to the securities balances of depositors and customers held in TSD’s name in the event of its bankruptcy. Under section 225 of the SEA, when TSD accepts the deposit of securities, it records the securities balance under its own name and holds such securities balances for the depositor or for any customer. The fate of these securities balances and their protection and treatment under bankruptcy court proceedings in the event of TSD going bankrupt would need to be established with greater clarity. An expert legal review of the provisions in the SEA and other relevant laws covering the above aspects should be undertaken and suitable amendments to the existing statutes may be carried out based on the outcome of such a review”. The TSD may also obtain expert legal opinion as to whether the concept of netting has a sound statutory basis in the existent legal framework. Based on such review, amendments may be introduced to provide a comprehensive statutory basis for netting. 48. The governance arrangements of the TSD are transparent, and the roles and responsibilities of its board and management are clearly described and publicly available. Two independent non-executive directors with capital market expertise are appointed to the board. The TSD board submits all approvals to the SEC directly and is independent of the SET board in this respect. The TSD board reviews and approves the risk management framework of the TSD on an annual basis. The TSD Board should seek a set of documented guidelines for operationalizing the recovery and orderly wind-down plan. These guidelines should also include measures to mitigate general business and investment risk. The guidelines should be reviewed and endorsed by the TSD Board. The governance arrangements could be improved by submitting the board’s annual review of its performance to the SEC. Such a measure would enable the regulator to monitor the performance of the TSD board and ensure that it is adhering to the charter of the board and is fulfilling its mandate. 49. The risk management framework requires business departments of TSD to identify, monitor, and manage their risks as outlined in the enterprise-wide risk management framework of the SET. In addition to this bottom-up approach, the TSD board decides on risk management limits. The risk management framework is reviewed on an annual basis by the TSD board and the risk management department (RMD) of the SET reports to it on a quarterly basis. Internal audit of the SET assesses the implementation of the risk management framework and reports to the TSD board. The risk management framework scope should be widened to include a greater focus on recovery and orderly wind-down plans, general business and investment risk. The risk management framework explicitly mentions strategic, operational, and compliance risks and lays down a set of measures to mitigate these. While there is a high-level recovery and wind-down plan, detailed effective recovery tools in line with the guidance provided by the standard setters (the CPMI and IOSCO) should be adopted. A set of documented operational guidelines should be drawn up including arrangements that ensure critical services continue to be provided, and that the winding down is carried out in an orderly manner including for instance, transferring critical operations and services to an alternate entity. Such a plan should be endorsed by the TSD board, including measures to mitigate general business and investment risk and should be tested on a periodical basis. The lack of such a plan is an issue of concern, given that TSD is the sole CSD and SSS in Thailand. 30 THAILAND Credit and liquidity risk management (Principle 4-7) 50. The TSD is not exposed to any credit and liquidity risks in its role as an SSS and CSD. In the settlement of OTC bond market trades, DvP model 1 is used. In the case of exchange trades securities settlement, TSD carries out the securities settlement on a free-of-payment basis, with TCH as the CCP ensuring that the final settlement of the securities occurs only after the funds leg is settled. TSD as a CSD does not allow any debit balances in the securities accounts and hence mitigates credit risk. TSD is further not exposed to any financial risks in the securities borrowing and lending program, as it is only a service provider with TCH undertaking the securities borrowing and lending program with the market participants on this platform. Settlement (Principle 8-10) 51. Securities settlements are final as soon as the settlement account has been debited or credited. The settlement occurs in real time during the settlement day in respect of OTC bond trades and at a designated time in respect of exchange trades. The SEA, ToR.Thor 32/2559, and TSD regulations ensure the finality of settlement against any insolvency proceedings following the settlement. 52. The TSD conducts its money settlements for the OTC bonds market in central bank money. Investors are provided with physical securities on demand and after a due process. Securities can, however, be cleared and settled only through book-entry transfer with the physical securities having to be dematerialised. Central securities depositories and exchange-of-value settlement systems (Principle 11, 12) 53. Custody risk is mitigated by several factors. These include: sound accounting processes, end-of-day reconciliation of balances, a comprehensive system of procedures for creation and deletion of securities in the CSD, prohibiting overdrafts and debit balances in securities accounts, internal audit examination, and an overall SET group insurance also covering custody risk. The TSD eliminates principal risk by applying the DVP 1 model arrangement for the settlement of the OTC bond market trades and by ensuring conditional final settlement of one obligation upon the final settlement of the other. Default management (Principle 13, 14) 54. The TSD is not exposed to any financial default risk of its depositors in its functioning. Operational default of a depositor is mitigated through the measures outlined in its business continuity plans. A depositor can be terminated or suspended by TSD after following due processes as laid down in the SEA and TSD regulations, which are transparent and publicly available. 31 THAILAND General business and operational risk management (Principle 15-17) 55. The TSD has a system in place to identify potential general business risks. Quarterly progress reports are prepared on TSD’s businesses, and financial performance are submitted to the TSD board for its review and monitoring. Progress reports on roll-out of new products are also submitted. The TSD has sufficient liquid net assets funded by equity so that it can continue operations and services as a going concern if it incurs general business losses. Assets held to cover general business risk are of sufficient quality and liquidity. While there is a high-level recovery and wind-down plan, a set of documented operational guidelines should be drawn up linking the size of its liquid net assets and the length of time required to maintain its critical operations and services. Such guidelines should also include detailed measures for raising and infusing additional capital. The lack of such a plan is an issue of concern, given that TSD is the sole CSD and SSS in Thailand. The plan should be endorsed by the TSD board and tested on a periodical basis. 56. TSD’s own assets are invested in high-quality liquid assets by the Investment Committee of the SET board which undertakes this task on behalf of SET and its subsidiaries. However, these investments are held in the name of SET and not in TSD’s name. TSD should hold the investments of its assets in its own name rather than in the name of SET to ensure that proper segregation of investments is carried out and its assets are not used for setting off claims of its parent. Further, such assets of TSD should be clearly segregated from the securities balances of its depositors and customers. In addition, TSD should draw up a detailed plan outlining its ability to quickly liquidate its investments with little, if any, adverse price effect and test the same on a periodic basis. 57. The TSD has an operational risk management framework in place consisting of systems, policies, procedures, and controls to identify, monitor, and manage operational risks. This is made part of the enterprise-wide risk management (ERM) framework of the SET Group with the RMD of the SET responsible for its implementation. The RMD of SET reports to the TSD board and to the risk management committee (RMC) of the SET Board. Its procedures ensure scalable capacity adequate to handle increasing volumes. Operational reliability targets have been set at 99.95percent of system availability. ISO 27001 for IT security and ISO 23001 for business continuity management have been implemented. Policies for physical and information security policies are in place. A BCP is in place, as well as a secondary site. The BCP is tested on an annual basis with all relevant stakeholders, including the BOT and TCH. The RTO is two hours. Cyber security measures include carrying out penetration tests. TSD is adopting the best practices outlined in the CPMI- IOSCO Report “Guidance on cyber resilience for financial market infrastructures”. 58. It is recommended to include specific scenarios and carry out periodic tests to ensure completion of securities settlement taking into account interdependencies between TSD, BAHTNET, and TCH. TSD should identify direct and indirect effects on its ability to process and settle transactions in the normal course of business and manage risks that stem from an external operational failure of connected FMIs. These scenarios should also capture the effects transmitted through its depositors, which may be participants in BAHTNET and TCH. TSD should also identify, monitor, and manage the risks it faces from and poses to BAHTNET and TCH. 32 THAILAND Access (Principle 18-20) 59. The access criteria of the TSD allow for fair and open access to its services based on reasonable risk-related participation requirements. The TSD has publicly disclosed its access criteria and the procedures facilitating the suspension and orderly exit of a depositor that no longer meets the participation requirements. Each individual depositor’s performance and compliance is monitored on an ongoing basis by a designated TSD staff member. 60. TSD has a link with TCH to facilitate the settlement of exchange-traded securities. TSD is not exposed to any credit or liquidity risk due to the link arrangement. Link-related operational risks are mitigated through regular IT auditing to monitor compliance and subjecting the link arrangement to BCP and DR testing. Efficiency (Principle 21, 22) 61. The TSD has arrangements in place to consult its depositors on a regular basis and address their needs in the design of its services. Depositors are consulted before making any changes either to the policies or to the systems through focus group meetings, including the fees for TSD services. A customer satisfaction survey is also carried out periodically. The TSD board monitors on a quarterly basis the implementation of the business plan, incidents and their management, and operational reliability of the systems. 62. The TSD uses both domestic and internationally accepted communication procedures and standards to ensure effective communication between it and its depositors. These include: (i) web browser via HTTPS through a secured network; (ii) API messaging allowing depositors to send service instructions to TSD and receive responses; and (iii) SWIFT messages for confirmation and notification for OTC bond settlement and corporate actions information. ISIN standards are used for identification of securities. Transparency (Principle 23, 24) 63. The TSD publicly discloses its rules, regulations, and fee structure. System design details are shared with the depositors in user manuals. The TSD in August 2018 updated its responses to the CPMI-IOSCO Disclosure Framework for FMIs, which enables depositors to assess the risks they incur by participating in the CSD/SSS. The TSD website also contains statistics. The TSD provides training and information to its depositors. Fees are also publicly disclosed. Ratings summary 64. The TSD is broadly compliant with the PFMI and operates in a sound manner. Its compliance with certain Principles could be enhanced further. The ratings summary of the TSD is given in Table 6. 33 THAILAND Table 6: Ratings Summary of the TSD Assessment category Principle Observed 2, 4, 5, 7, 8, 9, 10, 11, 12, 13, 18, 20, 21, 22, 23 Broadly observed 1, 17 Partly observed 3, 15,16 Not observed - Not applicable 6, 14, 19, 24 C. Key Findings and Follow up for Authorities 65. BAHTNET is subject to appropriate and effective regulation, supervision, and oversight by BOT. In 2013, the PSC, under the BOT Act mandate, identified BAHTNET as a Systemically Important Payment Systems (SIPS) and started using the PFMI to oversee BAHTNET. The Payment System Act clearly defined and publicly disclosed the criteria used to identify important payment systems including SIPS, and BAHTNET was designated as a SIPS subject to the regulation and oversight of BOT. The BOT Act and the Payment System Act give BOT the powers to collect information, perform assessments, induce change, or enforce corrective action in order to effectively carry out its responsibilities. 66. The powers of the SEC are laid down in the SEA and the Derivatives Act (DA) and are considered sufficient. Amendments to the SEA since the previous FSAP have enhanced the powers of the SEC to regulate and supervise TSD and TCH. The TCH and TSD are required to report to the SEC on any material changes in their computer systems and in their financial conditions relating to clearing, settlement, and depository services to ensure that the overall business operations of their services are conducted in a safe and efficient manner. Powers to conduct onsite examinations and impose sanctions are spelt out in the statutes and the regulations – the SEA, DA, and Tor.Thor.32/2559. The staff and funding resources of the SEC are adequate to discharge its responsibilities as a supervisor and regulator. 67. It is recommended that SEC review and increase the frequency of its onsite examinations to two years from three years and undertake ad-hoc onsite examinations as necessary. The SEC should also advise the FMIs to undertake periodic self-assessments against all relevant principles as part of a comprehensive review of an FMI’s safety and efficiency, or when major policy and system changes or new products and services are introduced. These self-assessments should be reviewed by SEC. 68. The authorities disclose the main laws and policies on FMIs. The BOT discloses its policies publicly with respect to BAHTNET. The SEC’s objectives are publicly disclosed on its website. The 34 THAILAND information is made available in English in addition to Thai. Both authorities have publicly stated their support and adoption of PFMI in their public policy statements. 69. The BOT and SEC appropriately cooperate in the regulation, supervision, and oversight of the FMIs in Thailand. The authorities have executed a MoU .The MoU acknowledges each authority's statutory responsibilitiestowards the oversight , supervision, and regulation of the FMIs under their respective jurisdictions. The MoU outlines the sharing of information between the authorities on issues relating to the safe and efficient functioning of the FMIs .The MoU facilitates (i) communication between the two regulators on policies and development plans with respect to BAHTNET, TCH, and TSD; (ii) legal, regulatory, and system changes which may impact the market or other FMIs; (iii) monitoring of financial risk related to a participant’s liquidity problem; (iv) planning onsite assessments and sharing of information; (v) incident handling and crisis management to control systemic risk resulting from interdependencies between the FMIs; and (vi) system-wide BCP testing covering all the FMIs. The cooperation includes formal meetings which are usually held on an annual basis, supplemented by ad-hoc meetings in urgent situations such as market stress or system failure that could impact other FMIs. Contact persons of SEC and BOT are identified. The ratings summary of the authorities is given in Table 7. Table 7: Ratings Summary of the Authorities Assessment category Responsibility Observed A, B, C, D, E Broadly observed - Partly observed - Not observed - Not applicable - 35 THAILAND D. Recommendations for BAHTNET List of Prioritized Recommendations Issues of Concern Relevant Comments and Principle and Other Gaps or Recommended Action Parties Priority Shortcomings 5 BAHTNET accepts as collateral There is a need to include BOT Short-term, high bonds or debt securities issued in BAHTNET a rule priority by SOEs and SFIs, and there is preventing participants currently no feature to verify that from pledging their own participants do not post their securities as collateral. own debt or equity securities as collateral. 5 BAHTNET doesn’t have There is a need to BOT Short-term, high concentration limits to avoid implement concentration priority concentrated holdings of certain limits in BAHTNET. assets where this would impair the ability to liquidate such assets quickly without significant adverse price effects. 5 Haircuts are determined by There is a need for an BOT Short term, ERMD by calculating value at risk independent review and medium priority (VaR) at a 95percent confidence test of the haircut level. The data cover a long methodology. historical time span that includes several stressed periods. Volatilities of collateral values are calculated as inputs of the haircuts, based on the number of days required for liquidating the collaterals. The BOT continuously reviews volatilities of collaterals’ values and adjusts the haircuts to reflect any new stressed period. 7 Larger participants have to post It is suggested to develop BOT Medium-term, at the beginning of the day an automated collateral medium priority collateral representing 10% of management system 36 THAILAND List of Prioritized Recommendations Issues of Concern Relevant Comments and Principle and Other Gaps or Recommended Action Parties Priority Shortcomings the average value of their where the account transactions in BAHTNET balance would trigger the because there is no automated mobilization of collateral, collateral management system. to limit the opportunity cost for participants. 5 The bankruptcy remoteness of It is recommended to BOT, SEC Medium priority, BAHTNET collateral securities explore what would medium term balances held in TSD’s name happen to assets held by could be questioned: when TSD BAHTNET in case of accepts the deposit of securities, default of TSD. it records the securities balance under its own name and holds such securities balances for the depositor or for any customer who is the beneficial owner of securities. 17 There are strong It is suggested to adopt a BOT, SEC Medium priority, interdependencies between holistic approach short term BAHTNET, TSD, and TCH, which considering various should be incorporated more in disaster scenarios where the BCP scenarios. the operations of more than one FMI would be disrupted. E. Recommendations for TSD List of Prioritized Recommendations Issues of Concern Relevant Comments and Principle and Other Gaps or Recommended Action Parties Priority Shortcomings 1 In the event of TSD Introduce specific provisions in TSD, SEC, Medium term, going bankrupt, there the SEA and other relvant laws Ministry of High priority are no statutory to afford protection of Finance, provisions protecting depositors' and customers' Ministry of the securities balances securities balances in the event Law of participants and of TSD going bankrupt. 37 THAILAND List of Prioritized Recommendations Issues of Concern Relevant Comments and Principle and Other Gaps or Recommended Action Parties Priority Shortcomings investors as all securities are held in TSD’s name. 1 It is not very evident Undertake an expert legal review TSD, SEC, Medium term, how the beneficial of the provisions in the SEA and Ministry of High priority ownership rights of other relevant laws and introduce Finance, securities balances suitable amendments based on Ministry of belonging to depositors the review. Law and investors are clearly established in the extant legal framework. 1 Clarity on legal basis of Conduct an expert legal review TSD, SEC, Medium term, netting is required of extant statutory provisions Ministry of High priority and introduce suitable Finance, amendments if required based Ministry of on the review. Law 2 TSD board undertakes TSD board to submit annual TSD, SEC Short term, an annual review of its review of board’s performance to Medium priority performance, which, is the SEC for its review and not submitted to the monitoring. regulator. 3, 15 Risk management (i) Include a greater focus on TSD, SEC Short term, High framework does not recovery and orderly wind-down priority explicitly cover general plans; and include measures to business and investment mitigate general business and risk; detailed effective investment risk in the scope of recovery tools, the risk management framework. documented (ii) Adopt and apply the set of operational guidelines, recovery tools provided by the and measures for raising standard setters; and infusing additional (iii) Draw up a set of documented capital are not part of operational guidelines linking the the high-level recovery size of liquid net assets and the and wind-down plan. length of time required to maintain critical operations and services; (iv) Include detailed measures for raising and infusing additional capital. (v) Revised risk management framework incorporating the 38 THAILAND List of Prioritized Recommendations Issues of Concern Relevant Comments and Principle and Other Gaps or Recommended Action Parties Priority Shortcomings above elements to be reviewed and approved by TSD board. 16 TSD’s investments are (i) TSD should hold the TSD Short term, high held in the name of SET investments of its assets in its priority and not in its name. own name to ensure that proper segregation of investments is carried out and its assets are not used for setting off claims of its parent; (ii) TSD assets should be clearly segregated from the securities balances of its depositors and customers; (iii) TSD should draw up a detailed plan outlining its ability to quickly liquidate its investments with little, if any, adverse price effect and test the same on a periodic basis. (iv) The liquidation plan should be reviewed and approved by the TSD board. 17 BCP does not appear to (i) TSD should identify both direct TSD, SEC, Short term, high include contingency and indirect effects on its ability BOT priority plans to complete to process and settle transactions securities settlement on account of an external transaction in the event operational failure of connected of operational failures of FMIs; connected FMIs, and (ii) Capture depositor failure common participants. effects which may be participants in all three FMIs; (iii) TSD should also identify, monitor, and manage the risks it faces from and poses to BAHTNET and TCH. 39 THAILAND F. Recommendations for Authorities List of Prioritized Recommendations Issues of Concern Recommended Relevant Comments and Responsibility and Other Gaps Action Parties Priority or Shortcomings B On-site Increase the frequency of SEC Short term, high examinations of onsite examinations of TSD to priority TSD by SEC are once in two years; conduct ad- conducted once hoc inspections on need basis. every three years. B SEC does not have SEC to start the process of SEC Short term, high a practice of reviewing the annual priority reviewing the performance report of the TSD performance of board to ensure the Board is the TSD board. fulfilling its mandate. B FMIs are not Authorities to advise the FMIs SEC Medium term, carrying out to undertake periodic self- medium priority periodical self- assessments and review them assessments. G. Authorities’ Response to the Assessment 70. Bank of Thailand (BOT) and Securities and Exchange Commission (SEC) appreciate the comprehensive and positive assessments on Thailand’s implementation on PFMI and the constructive dialogues during the FSAP mission. We would like to express our appreciation to PFMI FSAP assessors for the assessment. The assessment provided us with opportunity to review Thailand’s regulatory and supervisory framework in respect of FMIs, and allowed for identification of area for further improvement. 71. Regarding BAHTNET assessment, the BOT has taken into consideration the assessors’ recommendations on collateral framework to include in BAHTNET a rule preventing participants from pledging their own securities as collateral and to implement concentration limits in BAHTNET. Currently, we are in the process of improving collateral framework as suggested to prevent specific wrong-way risk and establish the concentration limits. By taking into account the risk profile of all eligible asset types accepted in BAHTNET, the internal discussion with Money Market Department and Risk Management Department concludes that guaranteed SOE bonds are equivalent to government bond in terms of risk. Therefore, it comes to a conclusion that the concentration limits will be implemented for non-guaranteed SOE bonds only. However, for other asset types, we will closely monitor and may consider establishing concentration limits if they are 40 THAILAND likely to create overall concentration risk. Moreover, we will establish the methodology validation team to perform an independent review and test of the haircut methodology. 72. The assessors suggested the BOT to develop an automated collateral management system where the account balance would trigger the mobilization of collateral, to limit the opportunity cost for participants. We will conduct an impact analysis on this change and consult further with related stakeholders. The analysis will take into account the impact on both the BOT and participants in terms of opportunity cost and risk management. 73. To further strengthen the business continuity plan (BCP), we have discussed about operating from the backup sites during the normal working day to fulfill the assessors’ suggestion to adopt a holistic approach considering various disaster scenarios where the operations of more than one FMI would be disrupted. The scenario will include usage of the offline procedure for higher resiliency in the future. 74. The BOT welcomes the assessors’ recommendations, which are in line with our action plan, such as enhancing collateral framework, and strengthening the BCP for FMIs. We aim to continue to strengthen our supervisory framework in line with international best practice, and to further promote stability and development of the FMI in Thailand. 75. Regarding TSD assessment, the SEC has been continuously developed and put in place to benchmarking itself against international standards, and best practices. To comply with the recommendation from FSAP in 2008, the SEC has undertaken several actions to strengthen the legal basis, improve regulations and operations to meet the SSS requirements. Since the PFMI issued in April, 2012, the SEC has reviewed its legislative framework, changed the regulations, and published policies to comply with the PFMI, and also engaged TCH and TSD in reviewing area where PFMI has imposed new or strengthened requirements; and where appropriate to consider improvements to TSD and TCH risk management policies, governance arrangement, and technology systems. 76. The SEC acknowledges the overall assessment that TSD is broadly compliant with the PFMI, and operates in a sound manner. The SEC thoroughly considers all useful recommendations made by the assessors as to reinforce TSD operational policies and practices, and further improvement of SEC responsibilities. The action plans in response to the recommendations have been developed to ensure highly legal basis, and successive implementation to the PFMI requirements. 77. For the specific area of netting arrangement, the assessors recommended to obtain expert legal opinion as to whether the concept of netting has a sound statutory basis in the existent legal framework. We would like to note for clarification that the Civil and Commercial Code and Bankruptcy Act provides legal support of bilateral netting transaction, and the SEA provides enforceable and legal binding on novation process or counterparty obligation of the clearinghouse in accordance with the clearinghouse’s rules. Therefore, there is high degree of legal certainty for bilateral netting arrangement, which has currently used by TCH for clearing the 41 THAILAND transactions traded on SET. If, in the future, clearinghouses in Thailand want to use multilateral netting, then expert legal opinion should be obtained before implementation. III. DETAILED ASSESSMENT REPORTS A. BAHTNET assessment against the PFMI Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key consideration 1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. Description The material aspects of BAHTNET’s activities that provide a high degree of legal certainty to achieve finality, irrevocability, and to mitigate systemic risks that could pose to the country’s payment systems are as follows: Designation of BAHTNET as Highly Important Payment System Section 44 of the Bank of Thailand Act B.E. 2485 (1942) and the amendments (BOT Act) empowers the BOT to establish and operate the payment systems including conduct any activities in accordance with the rules and regulations specified by the BOT to maintain payment system stability. The Payment Systems Committee (PSC) is established under Section 28/12 of the BOT Act to formulate the policies relating to payment systems under the BOT supervision and interbank clearing system with an aim to maintain the country’s payment system efficiency and stability. The PSC is also responsible for monitoring and overseeing payment systems operated by the BOT. In the PSC meeting No. 3/2556 (2013), BAHTNET is designated as a highly important payment system since it serves as the country’s payment system infrastructure for high value interbank payment system among participants, which, if disrupted, could pose systemic risk to the country’s payment systems. BAHTNET is designated as a highly important payment system under the Payment Systems Act B.E.2560 (PSA) which has clear provisions on settlement finality protection as well as collateral asset protection for transactions settled through BAHTNET. This is to ensure that settled 42 THAILAND transactions will not be affected from the “zero hour rule” and are irrevocable, in the event of a participant’s insolvency. Moreover, the BOT is empowered by Section 7 of the PSA to oversee the highly important payment system and to establish rules and regulations to ensure that the system is operated in an efficient, safe and sound manner, including: • Operating procedure as well as rules and regulations regarding settlement finality • Participation access criteria • Right, obligation and responsibility of important payment system operator and participants • Risk management framework • Security framework • Contingency plan • Other matters that the BOT stipulates Authorization of Participants The BOT, as the BAHTNET operator, has set out regulations to specify both access and exit criteria for participants. Financial institutions or other institutions that would like to participate in the system must meet the qualifications as specified in the BAHTNET regulation and notifications. They have to comply with other requirements such as having appropriate computer systems and business continuity plan (BCP) in line with the acceptable standards as well as having dedicated staffs or relevant experts available to participate in a training or testing arranged by the BOT. The Letter of Agreement for BAHTNET Service Usage signed by participants legally binds participants with the BAHTNET’s rules, regulations and operating procedures as specified by the BOT. Moreover, in order to obtain the rights to access BAHTNET functions, participant institutions are required to sign Letter of Agreement to get permission from the BOT to have access to the Electronic Financial Services (EFS), the BOT’s financial platform. Settlement Finality As an RTGS, funds are immediately transferred to the receiving institution’s account as specified in the payment instruction when there is sufficient funds in the sending institution’s account. When funds transfer is complete, the transaction is deemed final and irrevocable. Participants cannot revoke the transaction after settlement to ensure that systemic risk will not be posed into the system. Settlement finality is achieved according to Article 40 and 41 of the BAHTNET regulation. Moreover, Section 9 of the PSA provides a comprehensive legislative framework for settlement finality protection. It is stipulated that any funds 43 THAILAND transfer order, clearing or settlement instruction submitted to BAHTNET before the court’s rehabilitation order or the court’s receiving order can continue to be processed until the end of day in accordance with the systems’ rules and regulations. Such transactions are deemed final and irrevocable. Netting BAHTNET also provides Multilateral Funds Transfer (MFT) function that allows a number of simultaneous debit/credit funds transfers for daily settlements through Central Settlement System (CSS), which is a sub-system in BAHTNET. The settlement agents (i.e. NITMX, TSD) can submit MFT instructions for settlement of net clearing positions from retail payment systems. The MFT transaction is deemed final and irrevocable. The net clearing positions from retail payment systems are enforceable as it is a result of clearing process, which is done by a payment system provider regulated under the PSA. The "Clearing" means the calculation of the balance of creditor’s or debtor’s into the final net position of the members of such Payment System Provider. So netting arrangement is recognized under the definition of “Clearing” in PSA. MFT submitted into BAHTNET is regulated under the BOT regulation and notifications as follows: • BOT Notification for Multilateral Funds Transfer Service (Sor Ror Khor. 7/2551) • BOT Notification for Multilateral Funds Transfer Service (first amendment) (Sor Ror Khor. 2/2556) • BOT Notification for Multilateral Funds Transfer Service (second amendment) (Sor Ror Khor. 2/2558) • BOT Notification for Multilateral Funds Transfer Service (third amendment) (Sor Ror Khor. 5/2558) • BOT Regulation for Securities Requirement for Settlement (SRS) (Sor Ror Khor. 1/2557) Besides, netting is recognized under Thailand’s Civil and Commercial Code B.E. 2486 (1943) as counterparties who have obligations are subject to netting contract that they agree to do, in particular, the netting derived from interbank transactions of securities, equities or retail payments. Intraday Liquidity Facilities (ILF) The BOT provides intraday liquidity which is fully collateralized, given that participants can sell their eligible securities in the form of repurchase 44 THAILAND transactions to the BOT at the beginning of the day to obtain the ILF. By the end of day, participants are required to buy back their securities. Should participants fail to buy back their securities, the ILF will turn to overnight loans with penalty rates. And should participants fail to buy back securities by noon of the next business day, participants will lose the right to buy back and the BOT will seize their securities. ILF aims to ensure sufficient liquidity to smooth daily settlements in BAHTNET. Both direct and associate participants who are financial institutions under the BOT’s supervision are allowed to use ILF to support their liquidity management. As ILF is an repo-transaction, it needs legal binding between parties. ILF is regulated under the BOT regulations and notifications as follows: • BOT Regulation for Intraday Liquidity Facilities (ILF) No. Sor Ror Khor. 2/2552 • BOT Regulation for Intraday Liquidity Facilities (ILF) (Amendment 1) No. Sor Ror Khor. 2/2556 • BOT Regulation for Intraday Liquidity Facilities (ILF) (Amendment 2) No. Sor Ror Khor. 1/2558 • BOT notification for other institutions that could use ILF service No. Sor Ror Khor. 6/2552 • BOT notification for guideline for qualify bonds used for ILF service (Amendment 1) No. Sor Ror Khor. 3/2558 • BOT notification for fee and fine related to ILF service No. Sor Ror Khor. 6/2559 • BOT notification for required proportion of ILF to maintain during the day No. Sor Ror Khor. 7/2559 Moreover, Section 10 of the PSA provides protection over collaterals that participants reserve for ILF or SRS or any other activities in BAHTNET in case of participant default. Specifically, these collaterals will not be subject to liquidation for paying other debtors so that the BOT can make a claim on these collaterals in the amount equal to the participant’s obligations to BAHTNET. Arrangement for DvP The DVP linkage is between the BOT and TSD/TCH for government securities and equity settlement. For OTC securities transaction, after participants send their instructions to be matched in the Post Trade Integrate (PTI) system of the SET, TSD will 45 THAILAND hold those securities and send the funds transfer request to BAHTNET in order to effect the cash leg settlement simultaneously on gross basis. For equity settlement, TSD will hold equity and TCH will send Multilateral Funds Transfer (MFT) to BAHTNET in order to effect cash leg settlement derived from net position of equity trading. The settlements are done on net basis and the transactions are deemed final and irrevocable to ensure that systemic risk will not be posed into the system. For the DvP linkage, securities/equity leg is considered final and irrevocable as stipulated in Clause 57 of the Notification of the Capital Market Supervisory Board No. Tor Thor. 32/2559 Re: Rules, Conditions, and Procedures for Operation of Securities Clearing Houses and Central Securities Depositories (http://capital.sec.or.th/webapp/nrs/data/7025se.pdf) Furthermore, the transactions will be regulated by Article 405.2 (Validity of a Transfer of Securities) of Chapter 400 (Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities) of the TSD Rule Book. (https://www.set.or.th/set/notification.do?idLv1=5) For cash leg, the settlement is deemed final and irrevocable as stipulated in the BOT Notification for Linkage Service for Securities Settlement (Linkage Service for Securities Settlement) Arrangement for PvP The PvP linkage for Thai Baht - US Dollar settlement is between BAHTNET and the HKMA’s USD CHATS for Thai Baht - US Dollar settlement. Once the Thai Baht payment instruction sent to BAHTNET is matched with the US Dollar payment instruction sent to USD CHATS, both transactions will be simultaneously settled in the RTGSs and the transactions are deemed final and irrevocable to ensure that that FX settlement risk is properly mitigated. In addition to relevant domestic jurisdictions, there is one oversea jurisdiction involved in PvP linkage between BAHTNET and Hong Kong’s USD CHAT for FX settlement. The PvP – US Dollar transaction is deemed final and irrevocable according to the HKMA’s legal framework as stated in the Payment Systems and Stored Value Facilities Ordinance (PSSVFO - Chapter 584 of the Laws of Hong Kong). The PvP – Thai Baht transaction is deemed final and irrevocable according to the BOT Notification for Linkage between BAHTNET and USD CHATS for FX settlement No. Sor Ror Khor. 4/2557 (Article 5.2.4). 46 THAILAND In addition, the MOU on cooperative oversight between the BOT and HKMA addresses material aspects of BAHTNET’s activities via the linkage, including responsibilities, cooperation, communication, incident handing and crisis management. For example, when an incident such as operation or network disruption occurs, the incident’s root cause will be analyzed and information regarding the cause, resolution and prevention methods will be shared with the other authority. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/BN_R egulation/BAHTNET%20Notification/No_SorRohKho_4_2557.pdf) (http://www.gld.gov.hk/egazette/pdf/20162020/egn201620202777.pdf) Participant Default If a participant appeals or is appealed to the court for rehabilitation, Section 8 of the PSA stipulates that the participant promptly notify the BOT and the BOT will notify other participants in accordance with the rules and procedures prescribed by the BOT. The BOT regulations and notifications related to participant default also stipulate actions to be taken by the BOT and the defaulting participant. Additionally, Section 9 of the PSA requires that, in case of participant bankruptcy, transactions submitted by that participant before the court’s bankruptcy order can continue to be processed until the end of day in accordance with the systems’ rules and regulations. These transactions are deemed final and irrevocable. (Participant Default Regulation) Additional Information Authority of the BOT to operate payment systems The BOT’s responsibilities as the BAHTNET regulator and operator are specified in the BOT Act in: • Section 7 and 8(6) - Authority to operate and conduct any activities to maintain payment system stability • Section 17(4) – Authority to establish committees to designate the policy for each aspect of financial services including payment systems • Section 28/11 and 28/12 – Authority to establish Payment Systems Committee (PSC) • Section 44 and 45 – Responsible to support the establishment of payment systems (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/L aw_E01_Bot.pdf ) 47 THAILAND Applicability of BAHTNET regulations By virtue of Section 5, 28, and 40 of the BOT Act, BAHTNET regulation B.E. 2549 (2006) was issued to facilitate services available therein so as to ensure common understanding among all concerned towards the operational process in the BAHTNET system. (BAHTNET regulation) Others Contracts and agreement between the BOT and BAHTNET participants are binding under Thailand’s Civil and Commercial Code B.E. 2486 (1943) – Contract and Agreement BAHTNET is subject to Thai laws as described in Q.1.1.1. For settlement of Thai Baht – US Dollar transaction via the Payment Versus Payment linkage between BAHTNET and HKMA’s USD CHATS, the transactions are deemed final and irrevocable: the Thai Baht leg is considered final in Thailand as specified by the PSA, while US Dollar leg is considered final in Hong Kong as specified by the HKMA’s Payment Systems and Stored Value Facilities Ordinance. The PSA and legal framework related to BAHTNET as mentioned in Q.1.1.1 and Q.1.1.2 provides a high degree of legal certainty for each material aspect of BAHTNET’s activities. For legal basis on netting arrangement and settlement finality, please see below. 1. The legal basis that supports enforceability of netting arrangement in BAHTNET is governed under Section 9 of the PSA. Finality of MFT is enforced under Article 13 of the BOT Notification for Multilateral Funds Transfer Service (Sor Ror Khor. 7/2551) which specifies that MFT instructions via the Central Settlement System are complete once the BOT debits or credits funds to deposit accounts of the sending / receiving institutions according to the amount specified in the MFT instructions. 2. The legal basis that supports finality of BAHTNET transactions is governed under the following provisions: • Settlement finality is achieved in accordance with Article 40 and 41 of the BAHTNET regulation which specifies that funds transfer via BAHTNET are complete once the BOT debits funds from an account of the transferring institution and credits funds to an account of the receiving institution. When funds transfer is completed, the transferring institution cannot revoke the transfer. In addition, Section 9 of the PSA stipulates settlement finality to transactions 48 THAILAND settled in BAHTNET. In case of participant’s bankruptcy, the transactions submitted by that participant before the court’s bankruptcy decision can continue to be complete until the end of day. These transactions are deemed final and irrevocable. Key consideration 2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description BAHTNET rules and regulations are issued by the BOT. Participants have to sign the Letter of Agreement for BAHTNET Service Usage to legally bind themselves by the rules, regulations and procedures as specified by the BOT. Relevant laws and regulations mentioned in Q.1.1.1 are clearly stated and understandable with definitions and concepts of the terms, and are legally in effect according to the domestic legal framework. Furthermore, relevant regulations and notifications are written in a clear and transparent format which includes objective of the regulations/notifications, legal power, amendment or cancellation of the previous regulations/notifications (if any), scope, content, transitional provisions (if any) and effective date, respectively. Prior to release of a regulation or notification, the BOT will arrange consultation session with stakeholders including the BAHTNET AG (Advisory Group) and participants’ representative to elaborate the objectives of the relevant regulation and take comments and concerns from the participants to further improve the regulation or notification. In addition, the BOT will arrange a consultation session with the internal Legal Department to obtain legal opinion before proposing the final draft of regulation or notification to seek final approval from top management. After that, the BOT will disclose and publish the regulation or notification on the BOT website (www.bot.or.th), as well as circulate the letter to all participants. Modifications of relevant rules and regulations are promptly notified to participants through circular letters and are published on the BOT website. During the drafting of rules, procedures and contracts, the BOT regularly consults with the internal Legal Department to seek legal opinion in order to ensure consistency with relevant laws and regulations. Moreover, the BOT hosts meetings and hearing sessions with participants to obtain their comments and concerns before issuing the regulations. The Internal Audit Department is also responsible for reviewing the rules, procedures and contracts to be in line with the BOT’s responsibilities. 49 THAILAND After hearing sessions with participants, rules, procedures and contracts will become in effect when they get approval by the BOT’s top management. The approval processes are as follows: 1) For new regulations or notifications, the final draft will be reviewed and approved by the BOT Governor. 2) For circular letter and operating guidelines, the final draft will be reviewed and approved by PBD senior director. Key consideration 3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description Please see answer to Q 1.2.1. Key consideration 4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description Enforceability of rules, procedures and contracts BAHTNET participants are subject to Thai laws. The BOT seeks legal advice from the internal Legal Department and arrange hearing sessions when drafting the rules, procedures and contracts as well as consult the industry before putting them into effect. For linkage with other jurisdiction, the rules, procedures and contracts related to its operations are enforced under that jurisdictions’ laws. For example, the rules and procedures to process PvP transaction in THB is subject to the BOT notification No. Sor Ror Khor. 4/2557, whereas the rules and procedures to process PvP transaction in USD is subject to the provision as stated in the HKMA’s Payment Systems and Stored Value Facilities Ordinance (PSSVFO). There is no circumstance that BAHTNET’s actions under its rules, procedures or contracts could be voided or reversed since they are enforced under relevant laws. Moreover, to achieve a high degree of certainty, the enacted Payment Systems Act contains provisions about oversight and supervision information for payment systems and services, especially the section about payment finality. The PSA has come into effect since 16th April 2018. No court has ever held any of the BAHTNET activities under its rules and procedures to be unenforceable. Also, there has been no precedent transactions settled in BAHTNET being challenged in a court. 50 THAILAND Key consideration 5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description At present, BAHTNET is not conducting business in multiple jurisdictions, with only bilateral linkage with Hong Kong jurisdiction. In 2014, the BOT signed the license agreement with HKMA for usage of the THB Cross Currency Payment Matching Processor (CCPMP) to facilitate the matching of PvP transaction between BAHTNET and USD CHATS. Furthermore, in 2017, the formal MOU was signed by the BOT and HKMA for FX settlement via linkage with USD CHATS. The MOU addresses all material aspects of BAHTNET’s activities in the context of responsibilities, cooperation, communication, incident handling and crisis management. The MOU also facilitates the BOT and HKMA to have dialogue and share information for conducting cooperative oversight of the linkage with an aim to ensure safety, reliability and efficiency of the PvP link. Key conclusions The BOT Act, the Letter of Agreement for BAHTNET Service Usage signed by participants to comply with BAHTNET regulations, and the PSA articulate the legal basis for the material aspects of BAHTNET activities. The rules and regulations are revealed to participants and the public in a clear and understandable manner. They are enforceable and are in accordance with relevant laws. BAHTNET rules, procedures and contracts have never been subject to any judicial controversy and have not been voided or unenforceable by any jurisdiction. For the PvP linkage with the HKMA, the rules, procedures and contracts related to its operations are enforced under each jurisdictions’ laws. The Payment Systems Act has come into effect since April 16, 2018. It consists of provisions about oversight and supervision information for payment systems and services, with the explicit provision on payment finality and protection of collaterals in case of participant default. Assessment of Observed Principle 1 Recommendations The FSAP team suggested to get a legal opinion to verify the enforceability and of the netting arrangements in judicial and administrative insolvency comments proceedings and avoid the unwinding of net positions of retail payment systems. The BOT legal services provided a legal opinion stating that multilateral netting is covered in case of SIPS. 51 THAILAND Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations Description As a central bank, the BOT has main responsibilities to maintain financial stability, financial institution system stability as well as payment system stability according to Section 7 of the BOT Act. On payment system stability, BAHTNET is established with the objectives to serve as a financial market infrastructure for Real-Time Gross Settlement (RTGS) of interbank large value funds transfer to support financial activities and promote payment systems stability. It is owned, operated and overseen by the BOT under segregation of responsibilities and accountabilities of Payment System and Bond Department and Payment Systems Policy Department. BAHTNET places high priority on safety and efficiency. The performance and its smooth operations are assessed against the operational objectives of target system availability, which are approved by the Payment Systems Committee (PSC) on an annual basis. Recently, BAHTNET’s target availability was at 99.80% (2017) and 99.90% (2018). The system availability is required to report to the PSC at every meeting. Additionally, BAHTNET set its Recovery Time Objective at 2 hours without any information loss (Recovery Point Objective = 0). The BOT continuously monitors and keeps record for effectiveness of the system by using KPI scoring. The cost and pricing policies are reviewed every 2 years or when there are significant changes to the BAHTNET environment. The PSC has placed high priority on safety and efficiency of the BAHTNET by designating BAHTNET as a systemically important payment system and requiring its compliance with the Principles for Financial Market Infrastructures (PFMI). Besides, the Risk Management Framework for BAHTNET has been established and approved by the PSC. Payment and Bond Department (PBD), an operator of BAHTNET, is required to adopt the Framework to establish internal risk management framework. PBD has to regularly report operational availability performance and major incidents to the PSC which acts as the FMI’s board. 52 THAILAND As BAHTNET is owned and operated by the BOT, it is clear that BAHTNET is established and operated to support financial stability since it is one of the BOT’s responsibilities. BAHTNET has disclosed information to its participants regarding measurable and quantifiable efficiency in terms of target system availability and recovering times for the system as well as operation cost which is reviewed on a regular basis. In addition, BAHTNET and its participants regularly exercise the BCM/BCP testing under various scenarios such as major disasters, political unrests, epidemic in order to be well-prepared and achieve recovery time objective during emergency events. For safety and soundness, BAHTNET operators have implemented several policies to ensure that the system meets security standard as follows: a. Compliance with IT & Cyber framework including practices and guidelines which are in line with relevant domestic laws and international standards. b. Utilization of Public Key Infrastructure technology (PKI) which consists of private and public key for authentication of both senders and receivers. This technology would ensure data confidentiality, data integrity and non-repudiation. In addition, the BOT has undertaken Vulnerability Assessment by having external auditors identify problems and weaknesses of BAHTNET along with performing External Penetration Testing on a yearly basis. Key consideration 2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description Governance arrangements Oversight and operational functions related to BAHTNET are under separated line of command in order to achieve balance of power as well as to ensure a clear and transparent responsibilities and accountability. At present, there are two departments under separate groups in the Bank of Thailand having responsibilities related to payment systems as follows: Payment and Bond Department (PBD) Its main responsibilities are managing day-to-day operations and risks associated with BAHTNET operations including related systems and ICAS. PBD is also responsible for enhancing the systems and infrastructure to serve changing business needs and for establishing the risk management 53 THAILAND process in accordance with the Risk Management Framework approved by the PSC. PBD is under the Information Technology Group which reports to Assistant Governor for IT Group and Deputy Governor for Corporate Support Service and Banknote Management, respectively. In addition, for policy issues related to risk management, efficiency and safety of BAHTNET, PBD has to seek approval from the PSC. As mentioned before, operational availability performance and major incidents are required to regularly report to the PSC which acts as the FMI’s board. Payment Systems Policy Department (PSD) Its main responsibilities are formulating the payment system policies and regulations for key infrastructures and services in the payment systems as well as overseeing BAHTNET which is a systemically important payment system and other payment systems. PSD is under Payment Systems Policy and Financial Technology Group which reports to Assistant Governor for Payment Systems Policy and Financial Technology Group and Deputy Governor for Financial Institution Stability, respectively. The payment systems oversight policies including risk management framework formulated by PSD have to seek approval from the PSC which acts as the Oversight board. In addition, the payment systems stability report is presented to the PSC on a semi-annual basis. The governance arrangements are documented and composition of the committees and organization structures are disclosed publicly on the BOT’s website. BAHTNET provides accountability to owners, participants and relevant stakeholders through the Determination of its rights and duties which is 54 THAILAND clearly articulated in title 3 of BAHTNET regulation. The information is publicly available on the BOT’s website. The PSC, which is the FMI’s board, is empowered by the BOT Act to formulate policies concerning the payment systems that are under the BOT supervision and the clearing systems between financial institutions, and to monitor the BOT’s operations according to Section 28/12. Moreover, the BOT is responsible to ensure system availability, allow fair and open access as well as take into consideration the needs of participants and the market. Therefore, in order to engage with the industry, the BOT has established BAHTNET Advisory Group (AG) comprising representatives from Thai Bankers’ Association, the Association of International Banks, Specialized Financial Institutions (SFI), and the Thailand Securities Depository Co., Ltd. (TSD). The BOT arranges meetings with AG at least twice a year and conducts surveys to seek comments from all participants regarding changes in the system. The PSC governance arrangement is disclosed to the public on the BOT’s website (www.bot.or.th) under About BOT  Organization and executives/ Committee section. Boards’ arrangement and objectives are stated in the BOT Act which is published on the BOT’s website. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf) Key consideration 3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description Roles and responsibilities of the board The PSC, which is the FMI’s board, is responsible for formulating policies concerning the payment systems that are under the BOT supervision and the clearing system between financial institutions to ensure security and effectiveness according to Section 28/12 of the BOT Act. Furthermore, the PSC is responsible for monitoring the BOT’s operations under Section 8(6) which are to establish or support establishment of a payment system. The PSC also needs to act upon the PSC Governance Framework, which was approved by the PSC in the PSC meeting no. 2/2560, to promote good 55 THAILAND governance. The Framework specifies the PSC responsibilities in 3 parts as follows: 1) Formulation of strategic development plan for payment systems landscape 2) Oversight of payment systems stability 3) Oversight of payment systems and services In sum, the PSC is responsible for overseeing payment systems under BOT supervision as well as stipulating a clear and understandable oversight policy for payment systems. As the FMI’s board, the PSC is responsible for overseeing BAHTNET and ensuring BAHTNET’s compliance with the PFMI. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf ) The procedures for the PSC’s function as the FMI’s board to oversee payment systems under the BOT supervision are clearly documented in the PSC Governance Framework as follows: • Stipulate and set a clear and understandable oversight policies for the payment systems • Monitor oversight of the payment systems regulated by the BOT The PSC or FMI’s board has to act upon the regulations as stipulated in the Responsibilities and Governance Framework to address and manage member conflicts of interest as follows: • The BOT’s Rule with regard to Code of Ethics for Payment Systems Committee in Performing Duties in accordance with Laws B.E. 2553 (2010) o 4.4 Members ought to segregate personal matters from duties, and set public conscience as priority and over personal interest. • The BOT’s Rule with regard to Preventing Interest for Payment System Committee in Performing Duties in accordance with Laws B.E. 2553 (2010) o 4.4.2.1 Members shall avoid having an interest arisen from performing duties, both directly and indirectly. o 4.4.2. 5During performing duties, if any members find that they themselves may have an interest or a conflict of interest, they must disclose an interest or a conflict of interest to the committee. 56 THAILAND The Responsibilities and Governance Framework are disclosed to all of PSC members as well as relevant parties such as PSD. The Framework will be reviewed upon a significant change. Presently, there is a secretary team to facilitate functioning of the PSC. The secretary team provides important information to support the PSC tasks such as proposing key issues regarding the new payment roadmap or new policies on payment systems for consideration. Moreover, there are 2 more committees that support the PSC’s task to oversee BAHTNET as follows: • The Risk Oversight Committee (ROC) which is responsible for reviewing BAHTNET’s Control Self-Assessment (CSA) with respect to the Enterprise Risk Management Framework established by Enterprise Risk Management Department (ERMD). • The Bank of Thailand Audit Committee (BOTAC) which is responsible for reviewing the internal audit assessment of BAHTNET. Details of the risk management governance structure is shown in Q.2.6.4. The PSC’s performance is reported to the Bank of Thailand Board (BOTB) on a quarterly basis according to Section 28/12 of the BOT Act. Although there is no performance review on each individual member of the PSC, in practice, the non-executive committee members, who are experts in the area of payment systems or related areas, have actively provided important information and made comments on various subjects in each meeting. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf ) Key consideration 4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of non-executive board member(s) Description To ensure that the PSC has appropriate skills to fulfil its multiple roles, members of the PSC consist of the BOT high-level executives and representatives from the banking industry, business and government sector. The BOT Governor serves as the PSC Chairman, while Deputy Governor for Financial Institutions Stability, who has responsibility to oversee payment systems including BAHTNET, is assigned by the Governor to act as a Deputy-Chairman. Other committee members include Deputy Governor for Corporate Support Service and Banknote Management, President of the Thai Bankers’ Association, independent experts appointed by the BOT Board from business and government sector. 57 THAILAND There is three-year tenure for each member of the PSC, with an opportunity for only one time re-appointment. Current independent experts are from the Federation of Thai Industries, Comptroller General's Department, the largest player in the government sector, and IT expert. On incentives, Section 23 of the BOT Act stipulates that Chairman and the committee members shall receive meeting allowance or other remuneration as specified by the Minister. The meeting allowance and remuneration shall be deemed to be expenses of the BOT’s operations. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf ) As mentioned before, the PSC, which is responsible for overseeing the payment systems and services under the BOT supervision, acts as the FMI’s Board. The PSC receives monthly allowance as well as meeting allowance for each meeting, which is held every other month. Some independent committees, such as President of the Thai Bankers’ Association (TBA), implicitly gain side benefits that the banking industry has safe and sound BAHTNET operations in place to serve for funds transfer transactions. The independent committee members also have an opportunity to induce change to serve needs of the industry they represent. Yes, there are 4 non-executive or independent committees out of 7 members which are: 1) Representative from the Federation of Thai Industries or the Thai Chamber of Commerce which can express needs of real sector 2) Representative from Comptroller General's Department which is the largest player from the government sector 3) IT expert which has strong background in the payment industry Another non-executive committee member, appointed by their position as the PSC permanent committee member according to the BOT Act, is President of the Thai Bankers’ Association. According to Section 28/11 of the BOT Act, members of the Payment Systems Board shall comprise the BOT Governor, as Chairman, 2 Deputy Governors determined by the Governor; one of which shall be assigned by the Governor to be a Deputy-Chairman and 4 outside independent committee members, including President of the Thai Bankers’ Association and 3 experts selected by the BOT Board. The reason for including these independent committee members in the PSC is for the benefit of driving development and implementing strategy for Thailand’s payment industry. 58 THAILAND The appointment criteria for independent board members are specified in the BOT’s Rule with regard to Nomination, Consideration, and Selection of Experts to be Members of Payment Systems Committee B.E. 2552 (2009), given that the candidates are Thai citizen, having adequate expertise, knowledge and experience in the field related to payment systems. In addition, they must not have prohibited characteristics such as: • being or having been a political official unless vacating from the office for not less than 1 year; • being a director or having a position in a financial institution or any juristic person established by any specific law, except for a position specified by law; • being a director or an executive or a person with power of management or having significant interest in the juristic person having interest over the BOT’s business. The list of both executive and independent board member is publicly disclosed on the BOT website (www.bot.or.th) under the Committee section. Key consideration 5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description Roles and responsibilities of management Roles and responsibilities of management are clearly stipulated in Section 28/13 of the BOT Act: the Governor shall be responsible for the management and administration of the BOT’s operations to attain the objectives prescribed under Section 7, including payment system stability. Moreover, Section 8 empowers the BOT to transact businesses to attain the objectives to maintain payment system stability by establishment or supporting establishment of a payment system such as BAHTNET and ICAS. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf ) Day-to-day operations and BAHTNET risk management are under responsibility of PBD, for which specific matters concerning BAHTNET such as functionality change and incidents are reported to Assistant Governor for IT, Deputy Governor for Corporate Support Service and Banknote Management and, if necessary, escalated to the Governor. 59 THAILAND Roles and objectives of management are clearly set in the BOT Act as mentioned in Q.2.5.1. Furthermore, the BOT Board has established the Governor’s Performance Evaluation Committee comprising 3 external experts who are members of the BOT Board to assess the Governor’s performance in accordance with Bank of Thailand Board Order No. Tor. 8/2560. Assessment of individual management and staffs are conducted against KPIs which are set twice a year. Roles and responsibilities of the Governor are stipulated in Section 28/13 of the BOT Act. The Governor shall be appointed by His Majesty the King upon the recommendation of the Cabinet and must have knowledge and professional skill in the field of economics or banking and finance as stipulated in Section 28/15. According to the BOT’s Rule on Organization Structure B.E. 2561, the Governor has delegated the operation function to PBD under IT Group. Senior director as the PBD head is appointed among executives with ample experience and knowledge concerning payments, finance and IT. PBD head is responsible for managing day-to-day operations of BAHTNET including risk management. PBD staffs are required to possess appropriate knowledge, expertise or experience related to payment system, money market and financial system to operate BAHTNET smoothly and to ensure high availability, safe and resilience operations of the system. Also, they must have the ability to analyze and establish a roadmap for further improvement of the system as well as project management skill. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf ) The management will be removed according to the criteria below: Governor Under Section 28/19 of the BOT Act, in addition to the retirement from office on the expiration of the term prescribed under Section 28/18, the Governor shall vacate upon: • Death; • Resignation; • Possessing qualifications or restrictions contravening the provisions of Section 28/17 such as being more than 60 years of age, having been adjudged as an incompetent person, being declared bankrupt or being a director in a financial institution; 60 THAILAND • Being removed by the Cabinet upon the recommendation of the Minister due to wrongful misconduct or dishonest performance of duties; • Being removed by the Cabinet upon the recommendation of the Minister or by the proposal of the Minister upon the recommendation of the BOTB due to gross incompetence in the performance of duties or incapability, provided that explicit reason shall be specified in the order. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAssets/ Law_E01_Bot.pdf) BAHTNET Management According to Section 6 of the BOT Order on Human Resource Management (HRM), the HRM Committee chaired by the Governor has the authority to make decision on suspension or dismissal of an employee who breaks the discipline or is disqualified as a BOT employee such as lack of capability to perform such role. Key consideration 6 The board should establish a clear, documented risk-management framework) that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board. Description Risk management framework PBD has developed the comprehensive BAHTNET Risk Management Framework in accordance with the Risk Management Framework for Payment Systems based on international standards e.g., ISO 30001 for risk management process and COSO Enterprise Risk Management (COSO ERM) for risk response and control. The Framework is also aligned with the BOT’s bank-wide Risk Management Framework. Approved by the PSC in 2018, the Framework provides clarity and details on the BAHTNET risk policy, risk governance, risk management as well as risk appetites and is subject to an annual review or when there are significant changes. The Framework address the tolerance policy by identifying the tolerance level for each type of risk. PBD has the authority to make a decision during crises and emergencies, where the person responsible to make a decision varies upon the impact level. For example, extension of cut-off time due to 61 THAILAND liquidity problem of a participant can be authorized by PBD director, while, liquidity problem that may affect the public can be authorized by the senior director and escalated to the higher executive. Authority and independence of risk management and audit functions The Risk Management Framework is reviewed by PSD and approved by the PSC on an annual basis. PBD has the responsibilities to monitor day-to-day operations and manage risks arising from BAHTNET’s operations as well as implement internal policies and procedures to ensure that the activities are consistent with the goals and objectives. There are 3 departments that involve in risk management of BAHTNET as follows: 1) Payment Systems Policy Department (PSD) as a regulator of BAHTNET 2) Enterprise Risk Management Department (ERMD) as a second line of defense 3) Internal Audit Department (IAD) as an auditor of the BOT ad a third line of defense. Generally, PBD continuously monitors and manages risks in the system and, if necessary, reports to the PSC according to the line of command (see Q.2.2.1). PBD also reports critical incidents affecting availability of BAHTNET to the PSC. As a regulator of BAHTNET, PSD closely monitors risk management of BAHTNET by setting bilateral agreement with PBD in order to obtain information related to risk management such as incident report, KRI or information on liquidity problem. Additionally, PSD requires PBD to conduct self-assessment against the PFMI standard every 2 years. As a second line of defense, ERMD has the responsibilities to monitor risks of all departments in the BOT including BAHTNET system as well as establish the Enterprise Risk Management Framework as a guideline to manage all risks. PBD is required to conduct Control Self-Assessments (CSA) by adopting the ERM framework established by ERMD on annual basis and submit to ERMD. The CSA result will be respectively escalated to the Enterprise Risk Management Committee (ERMC), chaired by the Governor, and the Risk Oversight Committee (ROC), chaired by outside expert, if the result concerns the stability of BAHTNET. 62 THAILAND IAD performs the third line of defense by providing assurance, based on the highest level of independence, on effectiveness of risk management and internal controls. The audit program and scope will either target the high risk area identified from the CSA (Risk matrix/ risk mapping) or will look upon legal compliance. IAD will conduct on-site examination according to the 3-year audit plan approved by the BOT Audit Committee (BOTAC). In this regard, PSD may coordinate a joint examination with IAD, where the audit result will be reported to the BOTAC accordingly. The BOT has adopted the Three Lines of Defense Model which is the internationally accepted model for risk management. In the Three Lines of Defense Model, management control or PBD as BAHTNET operator is the first line of defense in risk management; the various risk control and compliance and over-sight functions or tasks conducted by ERMD are the second line of defense; and IAD provides independent assurance as the third line. Each of these three “lines” plays a distinct role within the BOT’s governance framework. Moreover, the BOT continuously keep the Risk Management Framework up to date through an annual review. Key consideration 7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. 63 THAILAND Description Identification and consideration of stakeholder interests In order to identify and take into account interests of participants, the important mechanism is to set up consultation forum with the industry. The BOT has established the BAHTNET Advisory Group (AG) comprising representatives from the Thai Bankers’ Association, Association of International Banks, Specialized Financial Institutions (SFI), and Thailand Securities Depository Co., Ltd. (TSD). The BOT and BAHTNET AG use this forum to exchange views on: • business and technology • major decisions on design and overall strategy • new initiatives on system development • rules and regulations / practical guidelines • new policies or measures Any development of new features or functions will be discussed with the AG to ensure that the new initiatives meet the needs of participants and the market and are in line with the international standards. The AG consultative meeting is held at least annually or occasionally as it deems necessary. In addition, the BOT conducts a survey to assess impact of proposed changes and gather views of participants before finalizing its decision. The views of direct and indirect participants as well as other relevant stakeholders are collected through consultative meetings with the AG. When there are major changes in BAHTNET policies, the BOT will notify participants in advance to gather their opinions before finalizing its decision. In an event of a dispute between participants and BOT as operator of BAHTNET, the matter will be identified and submitted to the arbitrators. Resolution of the dispute will proceed according to the law on arbitration. Each party will appoint one arbitrator, and the two arbitrators will together appoint an independent outsider as a neutral arbitrator. The BOT will notify stakeholders when there are significant issues or major decision regarding payment systems policies via e-mail, meeting with stakeholders as well as publish such information on the BOT website. In the past, during implementation of the 3rd payment systems roadmap, a payment systems seminar was held to disclose major policies to relevant stakeholders as well. 64 THAILAND Key conclusions Governance arrangements of BAHTNET are clear and transparent, thereby promoting safety and efficiency of BAHTNET as stipulated in Section 7 of the BOT Act, and support stability of the overall financial system, other relevant public interest considerations, and relevant stakeholders. BAHTNET has been established, owned, operated and overseen solely by the BOT. The oversight and operation function related to BAHTNET are under separate line of command to ensure clear and transparent responsibilities and accountability. Two departments having direct responsibilities related to BAHTNET include (1) PBD which is responsible for operation function and (2) PSD which is responsible for oversight function. In addition, committees for operational management and oversight comprise skilled and experienced executive/non-executive members and clearly segregated. The BOT has adopted the Three Lines of Defense Model which is the internationally accepted model for risk management. In the Three Lines of Defense Model, PBD as BAHTNET operator is the first line of defense in risk management, the various risk control and compliance over-sight functions or tasks conducted by ERMD are the second line, and IAD provides independent assurance as the third line. Assessment of Observed Principle 2 Recommendations and comments Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description Risks that arise in or are borne by the FMI Primary risks arise in RTGS service are as follows: 1. Operational risk arises from operational defect, corruption, mistake, inadequate or inappropriate operational procedures, staffs, IT systems or external factor including accident, natural disaster, human threats as well as cyber threats that affect efficiency of BAHTNET and stability of the payment systems. 65 THAILAND 2. Liquidity risk arises when participants cannot meet fund transfer obligations temporarily since they cannot liquidate their assets on time or cannot find sufficient source of fund. 3. Credit risk arises when a counterparty cannot meet its full fund transfer or settlement obligation either when due or anytime in the future or when the BOT provides intraday credit to participants against collateral. 4. Legal and compliance risk arises when BOT operations are not supported by any legal framework or operations do not comply with the legal framework, regulations or contracts, resulting in severe impact. This includes the case where participants do not understand or do not comply with relevant regulations and laws, thereby affecting BAHTNET operations. 5. Reputational risk occurs when the public have negative attitude toward the BOT, leading to loss of the BOT’s credibility. 6. General business risk arises from inappropriate revenue and cost management as well as inappropriate pricing policies. 7. Systemic risk arises when an individual or multiple participants cannot fulfill their settlement obligations, creating a chain impact to other participants, thereby adversely affecting the payment systems and financial system as a whole. In addition, there are other risks such as Custody risk (occurs when the custodian cannot efficiently manage the deposit assets which may cause damage to such assets) and Investment risk (occurs when unexpected loss arising from using collateralized securities for further investment). However, these risks are not relevant or have low impacts to central bank that is an FMI operator. Payment Systems Policy Department (PSD) has initiated the Risk Management Framework for Payment Systems based mainly on the international standards such as PFMI, ISO 30001 and COSO Enterprise Risk Management (COSO ERM). The Framework approved by the PSC is used as a guideline for the payment systems to effectively manage risks arising from the operations. The main part of the Framework elaborates risk management process which includes steps and tools to effectively identify, assess, monitor, and manage risks arising in the payment systems. Any other risks that may arise from operating a payment system such as reputation risk are also covered under the Framework. These risks are only suggested as a minimum, the operators may consider to include additional risks in their risk management policies to encompass risks as deemed appropriate or may exclude those which are not relevant. Payment and Bond Department (PBD), as an operator of BAHTNET, has adopted the Risk Management Framework for the payment systems and 66 THAILAND the BOT Enterprise Risk Management Framework in order to establish the BAHTNET Risk Management Framework. The BAHTNET Risk Management Framework clearly specifies comprehensive risk management policy, risk governance, risks identified in BAHTNET (as shown in Q.3.1.1), risk appetite, risk management process including identification, assessment, response and control, monitoring and reporting. Approved by the PSC, the BAHTNET Risk Management Framework has identified risk management policy as “BAHTNET shall provide services which are continuous, efficient, stable, secure and in line with the international standards”. The risk management process starts from identification and assessment of risks arising from both external factors and within the organization. The identified risks will then be assessed using risk matrix methodology by considering their likelihood and impact. After the assessment, the high rating risks will be prioritized and mitigation measures will be established and applied to such risks. Accordingly, several controls are applied to residual risks in order to contain them at acceptable level. BAHTNET operators utilize several tools for risk monitoring such as Early Warning Indicator, Key Risk Indicator, Control Self-Assessment, internal and external auditor. Reporting lines are also accurately described in the BAHTNET Risk Management Framework. BAHTNET Risk Management Framework is subject to annual review by PBD and the result will be reported to the PSC. BAHTNET operation team is responsible for monitoring day-to-day operations through a monitoring screen which shows essential real time information for risk monitoring such as transaction queue (insufficient fund), current account balance and intraday liquidity usage/remaining. BAHTNET operators can monitor detailed information of each participant in real time basis. There is also a dedicated liquidity monitoring screen which shows total liquidity exposures of all participants, allowing BAHTNET operators to detect liquidity problem in real time so that they can immediately coordinate with relevant participants to solve the problem in time. In addition, BAHTNET has a suspicious transaction detection function that allows the system to suspend suspicious transaction and notify relevant parties. Furthermore, PBD has developed Early Warning Indicator system (EWI) as a system to automatically monitor liquidity problem of BAHTNET participants. The EWI system comprises indicators which are designed to 67 THAILAND identify liquidity problem in accordance with BAHTNET activities such as participants’ failing to buyback ILF securities by the end of day or causing a delay in cheque MFT settlement. Liquidity problem indicated by the EWI will be treated differently depending on the type of problem and its severity. For the highest severity case, the problem will be reported to PBD director and escalated to higher executive according to line of command for further resolution . The BOT conducts simulation run to assess risks that may arise from operational issue such as major participants’ IT Breakdown or collateral value deterioration that affects the system as a whole. These stressed scenarios are conducted to analyze the impact of risks and to assess the risk management measures engaged in the system. Moreover, BAHTNET provides continuous real time information to participants in order to help them manage their risk exposures in the system. In particular, participants are able to monitor their transactions’ status, queuing facility and the balance or movement of their deposit and settlement accounts on a real time basis. The systems mentioned in Q.3.1.3 provide comprehensive information and measurement tools in aggregating exposures in the BAHTNET system, especially the liquidity monitoring system which helps BAHTNET operators to detect aggregated risk on a real time basis. Risk management policies According to the Framework, payment systems under the BOT’s oversight shall establish a payment system risk governance board to be responsible for risk policy approval, reviewing, management and monitoring. The PBD’s Control Self-Assessment (CSA) working group, chaired by senior director of PBD, is responsible for reviewing and monitoring risks arising from operations within the department including BAHTNET. The working group will also review BAHTNET Risk Management Framework annually or upon significant changes in the system. Risk management systems To serve both internal and external requirement, BAHTNET will develop new functions for risk management system from time to time. In practice, PBD will arrange the BAHTNET Advisory Group meeting at least twice a year in order to take into account new requirements from BAHTNET participants, change in market practices or foreseen risks arising from 68 THAILAND BAHTNET operations. In addition, the BOT holds an annual meeting with all participants to communicate important matters on rules and regulations, development plan and any changes related to BAHTNET. Furthermore, the BOT keeps updated on global trends and new policies regarding payment systems, technologies as well as security standard in order to improve the Risk Management Framework. For example, the BOT conducted a study and discussed with participants on the benefits of applying ISO 27001 to ensure the system safety. In 2017, the BOT officially required all participants’ workstation to be certified with ISO 27001 by 2018. In line with the Risk Management Framework approved by the PSC, PBD has developed the BAHTNET Risk Management Framework and conducted Control Self-Assessment, a method used to help identify residual risks as described in Q.3.1.1 and new risks (if any). The risk mapping/risk matrix is applied to measure variations of risk level comparing to the previous year. Effectiveness of the risk management policy, procedures and systems is achieved when the level of risk is at low/medium level or lower than the risk level in the previous year. The result will be reported and reviewed by Enterprise Risk Management Department. In addition, the PSC has specified three indicators for measuring effectiveness of BAHTNET, comprising System Availability, Recovery Time Objective (RTO) and Recovery Point Objective (RPO). Effectiveness of the risk management policies would induce smooth operation of BAHTNET, thus achieving the aforementioned performance indicators. Moreover, to ensure the effectiveness, PDB is required to conduct BAHTNET self-assessment against PFMI every two years, and the result is reviewed by PSD. The risk management policy, procedures and systems are subject to annual review or when there are significant changes in the system. (Please see Q.3.1.5) Key consideration 2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. 69 THAILAND Description The BAHTNET system provides participants an access to real-time information for monitoring their performance as well as assessing risks through the BAHTNET Web Portal. This tool allows participants to manage the risks by monitoring incoming and outgoing transactions status, queued transactions, current/settlement account balance, intraday liquidity balance and securities holding to be used as collaterals. Participants can also request for cancellation if their transactions are pending in the queue because of insufficient funds in the accounts. Pending transactions in queue can also be reprioritized for settlement. In addition, participants are able to set rule to temporarily block suspicious outgoing or incoming transactions and will receive a warning when the system detects those suspicious ones. The risk management policies and procedures of BAHTNET are provided to all participants in the form of regulation and users’ manual in written documents and are published on the BOT’s website. The regulation lays out provisions on the type of risk exposures and risk management procedures with the objective to enable participants to have a clear understanding of the system’s impact on each risk that may incur through participation in the system. Therefore, participants can strengthen their internal arrangement to manage and mitigate the risks identified in the users’ manual with respect to BAHTNET operations. The BOT provides the Through-put guideline and time-zone fee incentive to participants so as to encourage them to submit their transactions as early as possible, especially before noon, to avoid critical congestion during the closing hours which may cause operational and liquidity risk. Details of the fee scheme are as follows: Fee Times SWIFT Web Portal 8:30 – 12:00 5 THB 8 THB 12:00 – 16:00 10 THB 16 THB 16:00 – 17:30 200 THB 200 THB 70 THAILAND In response to the Through-put guideline, participants typically settle 30% of their funds transfer value, a large portion of their transactions, by 12.00 pm. and settle the other 70% of their funds transfer value by 3.00 pm. Moreover, if Settlement Agent submits Multilateral Funds Transfer (MFT) 1 instructions after the designated submit time, the BOT will charge the Settlement Agent 1,000 Baht per minute beginning from the first minute after the designated “Submit Time” until the submission finishes according to BOT notification No. Sor.Ror.Khor 5/2550. This is to avoid liquidity risk that may arise due to many MFT instructions postponed and effected settlements at the same time later in the day. Source: https://bot.or.th/English/PaymentSystems/Payment_Regulation/BAHTNET %20Notification/ 9_No_SorRohKho_5_2550.pdf According to BAHTNET Regulation, participants are required to establish their own risk management policy to manage and contain the risks that may impose to BAHTNET. Furthermore, the BOT provides tools for participants and annually conducts a training session for participants regarding usage of BAHTNET web portal screens and functions to ensure that they have comprehensive understanding of the real-time information that they can access for managing and containing the risks. In addition, the BOT usually consults participants prior to development of any new functions including risk management function. Key consideration 3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. Description Material risks The Risk Management Framework as mention in Q3.1.2, approved by the PSC, has identified all potential material risks including risks that BAHTNET bears from and poses to other entities as a result of interdependencies. PSD reviews the Framework on annual basis to ensure possible material risks are identified. 71 THAILAND The material risk that BAHTNET bears from and poses to other entities as a result of interdependencies is mainly operational risk which may arise from the linkage between BAHTNET and TSD for Delivery Versus Payment against securities/equity and linkage with HKMA for Payment Versus Payment between THB and USD. Operational disruptions of the linkage could lead to liquidity shortage and settlement failure, which could result in a loss to participants and the payment system as a whole. However, for day-to-day operation, these risks are monitored by BAHTNET Operator through real-time monitoring tools. As THB legs of inter-connected DvP and PvP transactions are settled through BAHTNET, the relevant risks such as credit risk, liquidity risk are monitored and measured by the same risk management policies and systems similar to other transactions in BAHTNET. In addition to risk management tools which are used in BAHTNET daily operations, the best practices of settlement models are adopted to mitigate risks arising from the linkages as explained below. Principal risk For settlement of government securities transactions through the linkage with TSD, the principal risk is eliminated by adopting DvP model 1 arrangement, for which both securities and cash legs are simultaneously settled on a gross basis. On the other hands, settlement of equity transaction is adopted by DvP model 3 arrangement, for which both securities and funds are simultaneously settled on a net basis. For THB/USD FX transaction, the PvP mechanism is applied to eliminate principal and settlement risk, given that THB is debited in a sending bank’s account and credited to a receiving bank’s account in BAHTNET, whereas USD is debited from the sending bank’s account and credited to the receiving bank’s account in USD CHATS simultaneously. Operational risk To maintain operational reliability of the linkage, the BOT has established the operational procedures with the linked FMIs to ensure that the communication and relevant system are secured. Moreover, the operational procedures clearly define responsible persons and actions to be taken in case of disruption, and the testing with TSD and Hong Kong Interbank Clearing Limited (HKICL) are conducted on a yearly basis. In addition, since the BOT has an MOU with Securities Exchange Commission which oversees TSD as well as an MOU with HKMA which 72 THAILAND oversees USD-CHATS, the oversight information can be exchanged to address the risks that may arise from interdependencies. As inter-connected transactions are processed through BAHTNET, risks are monitored and measured by the same risk management policies and systems similar to other transactions in BAHTNET. In other words, the assessment and review process are in line with the normal process. (Please see Q.3.1.6) Key consideration 4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description Scenarios that may prevent an FMI from providing critical operations and services According to the policy on Business Contingency Plan (BCP), the BOT identifies scenarios that may potentially prevent BAHTNET from providing critical operations and services as follows: 1) Disaster (fire, flood, earthquake), 2) Political Unrest (coup d'etat, protest, terrorism), 3) Epidemic (flu, bird flu) In case that there is disruption to BAHTNET, the system operations will be transferred to a back up site which has synchronous data copy scheme with the primary site. In addition, the second backup site outside metropolitan area was established last year. According to Q.3.4.1, these scenarios mainly focus on operational risk which may cease the BAHTNET service. Other related risks such as credit or liquidity risk are already addressed by the mechanism and measures implemented in the system. At present, there are 2 BCPs for disaster/political unrest and the BCP for epidemic. Both BCPs covers details as follows: • Responsible persons • Work location • Use of resource and tool • Migration plan • Communication procedure 73 THAILAND The recovery plan of BAHTNET is designed to enable critical system to resume operations within 2 hours after disruptive events are acknowledged. This plan enables BAHTNET to facilitate or complete settlement by the end of day even in extreme circumstances that may impact system’s operational reliability. On key recovery, BAHTNET is designed to enable critical operations and services to resume operations within 2 hours. Besides, the BOT has the backup site located 35 kilometers away from the primary site. The primary backup site has identical hardware, software and network as the primary site. It is a hot backup, which means all transactions in the production environment are mirrored to the backup site in real time and loss of transaction data cannot occur. In this regard, the backup site has the ability to continue operations for a long period of time until the primary site is recovered. Apart from that, there are communication lines, which are serviced by different providers. BAHTNET’s recovery plan is subject to an annual review. The update will be done upon major changes in BAHTNET’s functionalities or IT. Key conclusions The BOT has initiated the Risk Management Framework for all payment systems under the BOT’s supervision. With regard to the Risk Management Framework, BAHTNET has developed the robust risk management policies, procedures and system that enable BAHTNET to manage the risks associated with its operations effectively. BAHTNET’s participants have real-time access to information that enable them to manage the risks they may face in as well as the risks they may pose to BAHTNET. Rules and procedures are effectively enforced to ensure ongoing compliance by participants. BAHTNET continuously analyzes the risks arising from interdependencies with other FMIs. In the case of the link with Hong Kong USD CHATS for FX settlement and TSD for DvP settlement, BAHTNET has a robust framework for management of operational risk, including comprehensive business continuity arrangements. Assessment of Observed Principle 3 Recommendations and comments 74 THAILAND Principle 4. Credit risk An FMI should effectively measure, monitor, and manage its credit exposure to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two largest participants and their affiliates that would potentially cause the largest aggregate credit exposures to the CCP in extreme but plausible market conditions. All other CCPs should maintain, at a minimum, total financial resources sufficient to cover the default of the one participant and its affiliates that would potentially cause the largest aggregate credit exposures to the CCP in extreme but plausible market conditions. Key consideration 1 An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. Description Credit Risk Due to the RTGS characteristics, BAHTNET is designed to eliminate credit risk posed by participants upon the system or operators. Funds transfer transactions will be completed only if the sender’s account has sufficient funds to cover transaction amount. For securities settlement, the securities leg and cash leg will be simultaneously settled in DVP model 1. So, the system does not pose credit risk to participants. Even though the BOT does not face credit risk from settlement process in BAHTNET, the BOT may face credit risk arising from lending interest- free intraday liquidity through Intraday Liquidity Facilities (ILF) to participants or activating Securities Requirement for Settlement (SRS) measure in case that participants fail to buy back their collateralized securities by the end of day. Thus, the BOT may face both current and potential future credit exposure as described below. Credit exposures Current exposures occur when the BOT extends liquidity facilities to participants which are obliged to buy back their collateralized securities either from using ILF or activating SRS by the end of day in order to avoid carrying over current exposures to the next day. In the event that participants are unable to partially or fully buy back their collateralized securities at the end of day, those securities will become overnight loan. Participants are still allowed to repurchase those securities until noon of the next day at the same price plus penalty rate. 75 THAILAND Potential future exposures occur when participants fail to buy back their overnight loans and the BOT permanently seize their collaterals in order to liquidate to cover its loss. Residual exposures can occur due to fluctuations in the securities market values. In this regard, the BOT has put in place measures to mitigate such potential future exposure as elaborated in Q.4.2.3. Apart from these measures, the securities selection mechanism for partial buy back in the system also helps reduce potential future exposures as securities which are less liquid will be repurchased first, for example, collateralized securities with large amount of unit and small par value. BOT Framework to Manage Credit Risk The BOT has established BAHTNET’s credit risk framework, focusing on collateralize scheme, mark-to-market and prudent haircut policy in order to minimize credit risk as follows: 1) Intraday Liquidity Facilities (ILF) The BOT provides interest-free intraday liquidity to participants against eligible collaterals. Participants are required to reserve securities that meet the requirements to make a repurchase transaction with the BOT in order to obtain intraday liquidity. Haircut rates are applied to the accepted securities that will be used as collaterals, depending on type and maturity of the securities as determined in the BOT Notification for the BOT’s Purchase Prices of Debt Instruments in Connection to the Provision of Intraday Liquidity Facilities for Financial Institutions (Sor Ror Khor. 7/2552). At the end of day, participants have to buy back the full amount. If participants fail to buy back full amount of their securities, the remaining amount will be converted to overnight loan and will be charged with penalty. The participants are required to buy back the remaining securities before noon of the next working day. If the participants still fail to do so, the BOT will permanently seize the collaterals, for which fee and penalty will also be applied. These securities will be liquidated in the market to cover the loss. Note that ILF is available for commercial banks and specialized financial institutions only. Banks whose daily average value of funds transfer above 500 million THB and above are required to maintain securities for ILF equivalent to or not less than 10 percent of the average value of their funds transfers in BAHTNET during the same fortnight of the previous month. 76 THAILAND 2) Securities Requirement for Settlement (SRS) The BOT provides Securities Requirement for Settlement (SRS) facility to mitigate settlement risk of MFT 15 in case that participants have insufficient funds to complete the settlement. Under SRS, participants are required to pledge collateral against the exposures from net settlements from retail payment such as cheque clearing and interbank retail funds transfer. Securities pledged shall not be less than the Potential Debit Position (PDP) value as calculated by the BOT twice a year. If participants have insufficient account balance for a settlement within a specified time, it is considered that such participants agree to sell those debt securities to the BOT with repurchase agreement as specified in the BOT Regulation Notification.No. Sor Ror Khor 7/2557. The process for buy back and the measure on remaining overnight collaterals are similar to that of ILF. (Source: Sor Ror Khor 7/2557) As per Q.4.1.1, the type of securities that can be used as collateral as well as haircut policy for BAHTNET are derived from the BOT’s standing facilities policy originally set by Enterprise Risk Management Department and Financial Markets Department. The policy is subject to an annual review. Haircuts are determined by calculating value at risk (VaR) at 95% level of confidence. The data cover a long historical time span which includes several stressed periods. Volatilities of collateral values are inputs of the haircut calculations, based on the number of days required for liquidating the collaterals. The haircut policy is reviewed on a yearly basis. The BOT continuously reviews volatilities of the collaterals’ values and adjust the haircuts to reflect any new stressed period. Haircut sufficiency is incorporated into the haircut derivation process by using the data from historical peak periods. The BOT reviews the volatility data annually to validate whether a new historical peak occurs. And whilst Risk Management Department designs the haircut procedures, the Risk Management Committee validates the procedures annually. Thus, the 15 The MFT refers to instructions that the settlement agent submits through the Central Settlement System for settlement of different types of payment transactions between the funds transferring/funds receiving institutions in BAHTNET system, which shall result in the instructions to simultaneously debit funds from and to credit funds to deposit accounts according to net balances of the funds transferring/funds receiving institutions, according to the rules set by the BOT. (Source: Sor Ror Khor 7/2551) 77 THAILAND credit risk management framework of BAHTNET including accepted type of securities and haircut policy are reviewed on a yearly basis. (Please refer to Q.5.2.3) (Source: https://www.bot.or.th/Thai/FinancialMarkets/MonetaryOperations/Lendi ngFacility/Pages/default.aspx Type of accepted securities is elaborated in the Sor Ror Khor 1/2558 The Haircut policy is stated in the BOT Notification No. Sor Ror Khor 7/2552) Key consideration 2 An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. Description As described in Q.4.1.1, there is no credit risk in the system as a result of the settlement process. However, the BOT faces current credit exposures from providing ILF and SRS to participants. Potential future exposures also occur when participants fail to buy back their collateralized securities and the BOT has to liquidate those securities to cover its loss. The BOT daily measures and monitors credit risk via BAHTNET by comparing the price that participants sell to the BOT with participants’ funds remaining in their accounts, using real-time calculation. The real- time information whether participants have sufficient funds to repay their securities posed as collaterals in the morning or any time during the day will be on a display. Furthermore, BAHTNET operators can access and monitor cash and securities account information of all participants in the system on a real- time basis. BAHTNET will mitigate residual exposures that might occur due to extreme price volatility by applying robust haircuts which are subject to an annual review. Note that SRS mechanism has never been triggered since its launch in 2014 as participants always have sufficient funds for MFTs. Tools to control sources of credit risk As an RTGS facilitates DvP and PvP mechanism including intraday liquidity facilities, BAHTNET does not pose credit risk to its participants. As explained in Q.4.1.1, BAHTNET’s credit risk comes from participants’ failure to buy back their collateralized securities by the end of day. 78 THAILAND Stipulation on type of accepted securities and haircut policy are the tools that the BOT uses to mitigate credit risk. 1) Type of accepted securities BAHTNET does not set a limit for intraday credit provision since only high quality and liquid securities are accepted as eligible collaterals and the collaterals are subject to prudential haircuts. Examples of high qualities securities are stated in Article 7 of the BOT Regulation No. SorRorKhor 1/2558 regarding collateral for settlement as follows: • Treasury bills, Debt Restructuring bills, government bonds • Bonds or debt securities issued by state enterprises or banks established under special laws as specified by the BOT for which the Ministry of Finance provides a guarantee for principal and interests • BOT bonds or BOT saving bonds 2) Haircut policy As mentioned in Q.4.1.1, the BOT buys participants’ collaterals by applying the marked-to-market price with haircuts so as to absorb potential credit risk. As described in Q.4.1.2, the haircut policy for BAHTNET is derived from the BOT’s standing facilities policy which is originally issued by Enterprise Risk Management Department and Financial Markets Department. Haircuts are determined by calculating value at risk (VaR) at 95% level of confidence. The data cover a long historical time span that includes several stressed periods. Volatilities of collateral values and the number of days required for liquidating collaterals are inputs of haircut determination. Measurement for effectiveness of these tools Enterprise Risk Management Department and Financial Markets Department continuously review volatilities of collateral values and adjust the haircuts to reflect any new stressed period. Sufficiency of haircuts is incorporated in the haircut derivation process by using the data from historical peak periods. The BOT reviews the volatility data annually to validate if a new historical peak occurs. And 79 THAILAND whilst Risk Management Department designs the haircut procedures, the Risk Management Committee validates the procedures annually. Heretofore, the haircut policy helps absorb the impact from price fluctuations. Furthermore, to ensure the effectiveness of this tool, haircuts are reviewed annually as required in the haircut policy. )Source: Sor Ror Khor 1/2557) https://www.bot.or.th/Thai/FinancialMarkets/MonetaryOperations/Lendi ngFacility/Pages/default.aspx) Key consideration 3 A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS payment system or DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. Description Coverage of exposures to each participant Although the BOT does not maintain financial resources to cover credit exposures in BAHTNET, BAHTNET requires its participants to pledge their securities as financial resources to cover BAHTNET’s exposure from providing ILF and SRS. The requirement of financial resources for ILF and SRS are derived from historical transfer value of gross-settlement and net settlement, respectively. Please see Q.4.1.1 for more details. Extent of Coverage The current and potential future exposures are fully covered with a high degree of confidence as the BOT only accept the highest-quality collaterals such as government bonds, BOT bonds, and SOEs bonds and prudent haircuts are applied depending on the type and maturity of securities. These policies aim to maintain the BOT’s ability to liquidate and reduce the need for procyclical adjustments, thus, ensuring high degree of confidence. Frequency of Evaluation Sufficiency of financial resources depend on the policies on type of accepted securities and strictness of haircut policy. Evaluation of both policies are on annual basis as described in Q.4.1.2. 80 THAILAND Credit Exposure BAHTNET is a real-time gross settlement system for which transactions are processed and settled continuously upon availability of funds in participants’ accounts. BAHTNET also facilitates settlement of net position from clearing houses which calculate net debit and net credit position of relevant parties. In this regard, BAHTNET participants may face credit exposures arising from the Multilateral Funds Transfer (MFT) transactions if participants with net debit position have insufficient funds in their accounts, which results in failure of MFT settlement and may also cause systemic risk in the system. BAHTNET provides the mitigation measure, specifically, the SRS, as well as monitoring system to its participants. Credit exposure will be measured when participants are required to adopt the SRS. BAHTNET also provides operators with monitoring screen which displays participants’ net debit positions and account positions on a real-time basis. Credit Exposure Calculation Credit exposures arising from MFT can be mitigated as follows: 1) SRS is the measure that the BOT provides for participants to manage exposures from multilateral net settlement through BAHTNET. This measure requires participants to maintain eligible securities at the BOT as collaterals for settlement. The required amount of eligible securities must be in line with each participant’s Potential Debit position (PDP) calculated from historical MFT data. This measure aims at reducing settlement risk and ensuring that, at least, the net settlement through BAHTNET is conducted within a specified time, even though one particular member with the highest debit position cannot carry out its settlement. 2) Potential Debit position (PDP) means the highest potential debit position on the settlement of each transferring/receiving institution, calculated by the method specified by the BOT. The PDP formula are described in the BOT Notification No. SorRorKhor 7/2557 – Article 1 as shown below. Highest potential debit position = μ – 2.6 × σ According to the formula: 81 THAILAND • The highest potential debit position of each transferring or receiving institution, with 99.9% confidence interval, is equal to an average deducted by the product of 2.6 and standard deviation. • Mean (μ) means the average daily settlement positions for the previous 12-month period, one month before the starting day of the maintenance period. • Standard deviation means the standard deviation of daily settlement positions for the previous 12-month period, one month before the starting day for the maintenance period. • In case where the highest deficit position calculated under the first paragraph is greater than the highest deficit position, on a daily basis, during the 12-month period for such calculation, the BOT shall use such deficit position as the highest potential debit position of the transferring or receiving institution in place of the calculated value. (Source: Sor Ror Khor 1/2557) (Source: Sor Ror Khor 7/2551) (Source: Sor Ror Khor 7/2557) For DNS payment systems and DNS SSSs in which there is no settlement guarantee Not Applicable since BAHTNET is an RTGS which does not maintain financial resources to guarantee settlement among participant. Key consideration 4 A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. 82 THAILAND Description Coverage of current and potential future exposures to each participant Not Applicable Risk profile and systemic importance in multiple jurisdictions Not Applicable Additional financial resources Not Applicable Supporting rationale and governance arrangements Not Applicable Key consideration 5 A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. Description Stress testing Not Applicable Review and validation Not Applicable 83 THAILAND Key consideration 6 In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward- looking stress scenarios in a variety of extreme but plausible market conditions. Description Not Applicable Key consideration 7 An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. Description Allocation of credit losses According to the BOT Regulation No. SorRorKhor 2/2552, if participants are unable to buy back their collaterals by 12.00 pm. on the next business day, credit loss is explicitly addressed by the regulation in that participants have no rights to buy their collaterals back. Payment and Bond Department will dispose these collaterals to FMOG at the market price on the selling date, charging or paying the marginal difference to cover price fluctuation effect. After that, FMOG can liquidate these collateral in the market. Thus, collaterals that participants are required to deposit at the BOT as ILF collaterals can cover credit loss that the BOT may face without replenishing other’s financial resource or borrowing from liquidity providers. (Source: Sor Ror Khor 2/2552) Key conclusions BAHTNET is designed to provide Real Time Gross Settlement (RTGS) mechanism in order to mitigate credit risk between participants. Fund transfer via the BAHTNET system is accomplished only if participants have adequate funds in their deposit accounts at the BOT. 84 THAILAND The BOT, as provider of Intraday Liquidity Facilities, may expose to credit risk arising from failure of participant to repay their ILF at the end of day. For MFT settlement, the BOT also provides the Securities Requirement for Settlement (SRS) facility to mitigate credit risk which may incur among participants. In this regard, credit risk is addressed by the collateralized scheme, marked-to-market and prudential haircut policy. Assessment of Principle Observed 4 Recommendations and comments Principle 5. Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key consideration 1 An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. Description The BOT’s policy is to accept only the highest quality collaterals for intraday liquidity facilities provision in BAHTNET as well as applies prudential hair-cuts to these collaterals. In addition, the BOT requires only repurchase agreements (repos) as a mechanism to provide intraday liquidity for BAHTNET participants. Debt instruments that are accepted as collateral include BOT bonds, government bonds, State-owned Enterprises (SOEs) bonds, and debt instruments as prescribed in the BOT Regulation for Intraday Liquidity Facilities (ILF) (Second Amendment) (Sor Ror Khor. 1/2558) which are the subset of eligible debt instruments stated in the BOT Regulation for Borrowing from the BOT via Repurchase Agreement (FMOG 1/2561). The rationale behind this approach is that when participants are unable to buy back the collaterals by noon of the next day, PBD can sell those collaterals to FMOG to cover loss from lending ILF. Furthermore, on an exceptional basis, the BOT can issue a notification to broaden the type of accepted eligible bonds which is not in the FMOG’s eligible debt instruments list. (Source: Sor Ror Khor. 1/2558) BAHTNET monitors posted collaterals to ensure that they meet the acceptance criteria. When participants transfer their securities to the BOT for use of liquidity facilities of BAHTNET, these collaterals will be verified 85 THAILAND against the eligible collateral list as specified by the BAHTNET regulation for ILF. Eligibility of posted securities will be rechecked again every time before conducting a repo transaction and granting ILF to participants. The BOT’s collateral acceptance criteria focus on the issuers of debt instruments; at present only the highest quality collaterals issued by the BOT, Ministry of Finance and SOEs are accepted. In addition, the BOT regularly reviews the list of eligible issuers and collaterals. The BOT shall purchase debt instruments from financial institutions with repurchase contract in accordance with the conditions as follows: 1) The BOT shall purchase debt instruments at the price stipulated by the BOT. 2) The BOT shall charge compensation for purchase of debt instruments at the rate stipulated by the BOT. 3) The BOT shall purchase only debt instruments which can be marked to market. 4) Each lot of debt instruments purchased by the BOT shall be the instruments that meet the conditions and have face value not less than the level stipulated by the BOT. 5) For debt instruments pledged as securities for cheque-clearing credit balance in accordance with the BOT Regulation on Cheque Clearing System, the BOT shall purchase such debt instruments upon completion of returned cheque-clearing round, or purchase those debt instruments for settlement of returned cheque-clearing round only. Financial institutions shall maintain sufficient number or ratio of debt instruments for intraday liquidity facilities as stipulated in the BOT Regulation for BAHTNET services B.E.2549 (2006). Financial institutions that have daily average value of funds transfer over 500 million Baht are required to maintain an ILF capacity in the amount not less than 10 percent of the average value of their funds transfer in BAHTNET over the same fortnight of the previous month. Please see the BOT Regulation for Intraday Liquidity Facilities (ILF) (Sor Ror Khor. 2/2552) and the BOT Regulation for Fees and Charges on BAHTNET Services (Sor Ror Khor. 3/2556) for more information. (Source: BAHTNET Regulation) The BOT mitigates possible specific wrong-way-risk by limiting acceptable collaterals to be mainly government bonds, BOT bonds, and SOEs bonds. 86 THAILAND These bonds’ values do not have explicit correlation with financial institutions’ credit quality, thus, default of a financial institution should not affect the value of these collaterals. In other words, there is low likelihood of wrong-way risk. Key consideration 2 An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. Description Valuation practices Collaterals are valued on a daily marked-to-market basis, with haircuts. The BOT does not exercise discretion in valuing assets as the BOT accepts only collaterals which can be marked to market based on the market prices published by the Thai Bond Market Association (ThaiBMA). Haircutting practices Haircuts are determined by calculating value at risk (VaR) at 95% confidence level. The data cover a long historical time span that includes several stressed periods. Volatilities of collateral values are calculated as inputs of the haircuts, based on the number of days required for liquidating the collaterals. The BOT continuously reviews volatilities of collaterals’ values and adjust the haircuts to reflect any new stressed period. Haircut rates vary depending on securities types and maturities as specified in the BOT Notification for the Bank of Thailand’s Purchase Prices of Debt Instruments in Connection to the Provision of Intraday Liquidity Facilities for Financial Institutions (Sor Ror Khor. 7/2552) as shown below. Haircut Rates Debt instrument type Haircut (percent) according to remaining time to maturity 0–5 >5 – 10 > 10 – 20 > 20 years years years years Treasury bill, Debt Restructuring 1 1.5 2.5 3 Government Bond (R-bill), government bond1, BOT bond1 Bond or debentures issued by a 1.5 3 4.5 5.5 government institution or state- owned enterprises or financial institutions established under a specific law, as the BOT deems appropriate 87 THAILAND 1 For floating rate government bonds and floating rate BOT bonds with variable interest rates, the haircuts in the 0-5 year remaining time to maturity shall be applied. (Source: https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ILFR egulation/ILF%20Notification/2-1_6-7-8-9-10-12-2552_Disclaimer.pdf) Sufficiency of haircuts is incorporated in the haircut derivation process by using the data from historical peak periods. Furthermore, the BOT reviews volatility data on a yearly basis to validate whether a new historical peak occurs. And whilst Risk Management Department designs the haircut procedures, the Risk Management Committee validates the procedures annually. Key consideration 3 In order to reduce the need for pro-cyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. Description The BOT designs the haircut procedures with an aim to reduce procyclical adjustments. Therefore, the highest historical volatility occurred during the period of market stress will be used to ensure that the haircuts are generally steady through changing market conditions. Key consideration 4 An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. Description BAHTNET does not limit concentrated holdings of certain assets. There is no need for concentration limit since the accepted collaterals have low credit, liquidity and market risk. BAHTNET can, therefore, liquidate the collaterals quickly without any significant adverse price effects. Key consideration 5 An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. Description Not Applicable Key consideration 6 An FMI should use a collateral management system that is well- designed and operationally flexible. Description Collateral management system design In 2016, the BOT and Thailand Securities Depository Co., Ltd. (TSD) jointly enhanced the RTGS-DVP Linkage (RDL) in order to upgrade the infrastructure to the latest technology as well as improve the information sharing and collateral management system. 88 THAILAND Financial Institutions have to maintain securities accounts at TSD to transfer, deposit and withdraw securities via Post Trade Integration) PTI) system. The BOT also maintains BOT-CMF account (Securities account of the BOT for managing collateral 1 ) at TSD. In order to transfer securities to conduct transactions with the BOT, financial Institutions can transfer their securities from their accounts at TSD to BOT-CMF account by indicating the type of ‘Sub-account of debt instruments as collateral for settlement 2 in the BOT’s subsystem. After securities transfer at TSD is complete, the sub-account of debt instruments as collaterals for settlement will be simultaneously updated and participants can use the securities in their sub-accounts to conduct the transactions with the BOT. At present, there are 3 transaction types which are intraday liquidity facilities (ILF), repurchase (RP) and securities requirements for settlement (SRS). Securities account Structure - Securities account of the BOT for managing collateral is a securities account of the BOT opened at the TSD in order to hold debt instruments on behalf of BAHTNET participants to facilitate the usage of collateral in the system or and undertaking of transactions with the BOT. - Sub-account of debt instruments as collateral for settlement is a sub-account of debt instruments of each BAHTENT participant which the collaterals maintained under this sub-account will be used for ILF and SRS or used for undertaking End-of-day Repurchase transaction (RP) with the BOT. The BOT shall manage and monitor collaterals via BOT-EFS Internal. At the end of day, collaterals’ outstanding in BOT-CMF will be reconciled before 89 THAILAND the BAHTNET system closes. Financial Institutions who maintain securities accounts at TSD can manage and monitor their own collateral via Post Trade Integration) PTI) system at TSD and via BOT-EFS External at the BOT, for example, they can transfer debt instruments from their securities accounts at TSD to their sub-account of debt instruments as collateral for settlement. Operational flexibility The collateral management system was well-designed and operationally flexible to ensure smooth operations during any of stressed conditions. The BOT and TSD have established the operational procedures for the system. Moreover, the BCP is established and tested annually. Key conclusions The BOT only accepts limited types of bond which having low credit risk and high liquidity such as BOT bonds, government bonds and SOEs bonds. In addition, the BOT may broaden the range of eligible collateral when financial institutions face temporary shortage. BAHTNET accepts as collateral bonds or debt securities issued by SOEs and SFIs, and there is currently no feature to verify that participants do not post their own debt or equity securities as collateral. Collateral value is marked-to-market on a daily basis with prudential haircut applied, depending on type and maturity of the securities. Haircuts are determined by calculating VAR at 95% confidence level to mitigate the need for procyclical adjustment by considering historical statistics that include several stressed periods. The BOT reviews volatility data on a yearly basis to ensure that haircuts are still appropriate. BAHTNET doesn’t have concentration limits to avoid concentrated holdings of certain assets where this would impair the ability to liquidate such assets quickly without significant adverse price effects. The BOT and TSD have established the operational procedures and BCP to ensure that the collateral management system has smooth operations during stressed conditions, with an annual BCP test. Assessment of Broadly observed Principle 5 Recommendations and There is a need to review several aspects of the collateral framework, to comments include a rule preventing participants to pledge their own securities as collateral, to implement concentration limits, and to have annual independent validation of the haircut procedures. In addition, it is recommended to explore what would happen to assets held by BAHTNET in case of non availability or insolvencydefault of TSD. 90 THAILAND Principle 6. Margin A CCP should cover its exposure to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Key consideration 1 A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. Description Description of margin methodology Credit exposures Operational components Key consideration 2 A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. Description Sources of price data Estimation of prices Key consideration 3 A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single- tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more-granular levels, such as at the sub-portfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for destabilising, procyclical changes. Description Initial margin model Closeout and sample periods Procyclicality and specific wrong-way risk 91 THAILAND Key consideration 4 A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and unscheduled, to participants. Description Key consideration 5 In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall risk-management systems. Description Portfolio margining Cross-margining Robustness of methodologies Key consideration 6 A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting – and at least monthly, and more-frequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. Description Backtesting and sensitivity analysis Margin model performance Key consideration 7 A CCP should regularly review and validate its margin system. Description Key conclusions Assessment of Non applicable Principle 6 Recommendations and comments 92 THAILAND Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key consideration 1 An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. Description By the design of BAHTNET which is Real Time Gross Settlement (RTGS) System, funds transfer transactions will be settled one by one only if there is sufficient balance in participants’ accounts. Therefore, there is no liquidity risk exposed from its operation. Unsettled transactions in queue will be cancelled by the system at the end of day. Liquidity risk in BAHTNET arises from failed obligations between participants due to insufficient balances to complete the instructions when due. Initial sources of liquidity in BAHTNET come from participants’ opening balances in Deposit/Settlement Account and the maturity of money market placements with the BOT. Besides, the BOT provides variety of tools and mechanisms to manage liquidity risk and ensure sufficient liquidity in the system as follows: 1. Queuing Mechanism to facilitate transactions with insufficient liquidity to be queued in the system and immediately proceed when there is sufficient fund in sending banks’ accounts. The queuing mechanism design allows sending institutions to assign priority within their own queues of transactions through their workstation. Unsettled payment instructions that are still in queue at the end-of-day will be flushed from the system, and must be re- entered by sending participants the next day. In practice, such situation rarely occurs since there are other liquidity provision mechanisms to BAHTNET participants, especially for commercial banks, so that there is sufficient liquidity for settling the transactions. Furthermore, BAHTNET specifies cut-off time prior to the end of day to allow participants to manage their liquidity effectively and maintain desired overnight balances in their accounts before closing. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Regulation/E_BAHTNET2549_Finish.pdf) 93 THAILAND 2. Gridlock Resolution to reduce liquidity needs for settling transactions. This mechanism aims at solving a situation when several transfer instructions among several participants cannot be executed due to insufficient funds in one or more accounts. When instructions from various institutions stand in their queues and form a loop of funds transfers, the system will search for the group of instructions that, if executed, will result in a positive net position for each of the transferors. When these instructions are found, the system will off-set all related transactions and post them to each account simultaneously. This helps reduce liquidity needs in the system. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Regulation/E_BAHTNET2549_Finish.pdf) 3. Intraday Liquidity Facilities (ILF) to provide liquidity against eligible collaterals. The BOT provides fully collateralized intraday facilities. Both direct and associate participants who are financial institutions under the BOT’s supervision are allowed to use the facility to support their liquidity management. This facility is, however, not available to participants who are nonfinancial institutions such as securities companies and government agencies. During the day, ILF is provided free of interest. The outstanding amount at the end of day is treated as an overnight loan and will be charged a penalty rate, which is policy rate (one-day repurchase rate) plus 0.5 percent per year. Financial institutions that have daily average value of funds transfer greater than 500 million Baht are required to maintain an ILF capacity not less than 10 percent of the average value of the funds transfers in BAHTNET during the same fortnight of the previous month. Collaterals used for intraday liquidity include government bonds and securities guaranteed by the government denominated in THB. These collaterals are marked-to-market daily and are subject to prudential haircuts, depending on maturity of each class of bonds. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ ILFRegulation/ILF%20Regulation/1_Sor%20Ror%20Khor%202-2552- EN-VK-ok_Disclaimer.pdf) 94 THAILAND (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ ILFRegulation/ILF%20Regulation/1.2_Sor%20Ror%20Khor%201-2558- EN-VK-ok_Disclaimer.pdf) 4. Securities Requirements for Settlement (SRS) to provide liquidity to mitigate settlement risk of MFT transactions. In addition to ILF, the BOT requires participants involved in Multilateral Funds Transfer (MFT) to reserve collaterals against the exposure from net clearing positions from retail payments that are settled through BAHTNET such as cheque clearing and interbank retail funds transfer. To ensure that participants have sufficient liquidity to settle their net debit positions, they are required to reserve collaterals not less than their highest Potential Debit Positions (PDP), calculated based on historical net debit position of their net settlement. These collaterals include government bonds and securities guaranteed by the government denominated in THB. Collaterals are marked-to-market daily and are subject to prudential haircuts, depending on maturity of each class of bonds. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ SRS_Regulation/SRS%20Regulation/1- 1_BOT_Regulation_No._SorRorKhor_1-2557_27-10-14+DOC.pdf) 5. Pricing incentive to encourage early submission of participants’ funds transfer orders into the system during operation hours by charging fee based on time-zone difference. BAHTNET fee is determined by the transaction settlement time during the day. This pricing incentive aims to encourage participants to submit funds transfer instructions early in the day in order to facilitate transactions settlement more efficiently. There are three time zones with ascending fee rates; 8:30–12:00 with the lowest charge; 12:00– 16:00, and 16:00–17:30 with the highest charge. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Regulation/E_BAHTNET2549_Finish.pdf) 6. Throughput guideline to encourage early submission of participants’ funds transfer orders into the system during operation hours. The BOT requires participants that transact greater than 500 million Baht per day to submit at least 30 percent of the expected total value of transactions that day or the average 95 THAILAND value during the same fortnight of the previous month by noon, and at least 70 percent by 15:00. This requirement aims to facilitate smooth operations of the settlement process and avoid heavy congestion of instructions and liquidity management problems, particularly in the afternoon. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Regulation/E_BAHTNET2549_Finish.pdf) Even though BAHTNET itself does not require liquidity to complete its operation as explained in Q.7.1.1, the BOT requires participants with have daily average value of funds transfer greater than 500 million Baht to maintain Intraday Liquidity Facilities (ILF) at least 10% of their daily funds transfer value in BAHTNET or 10% of the average value of their funds transfers in BAHTNET during the same fortnight of the previous month. In sum, ILF facilitates continuously and smoothly funds transfer orders’ settlement throughout operation hours. More details are elaborated in Q.7.1.3. In this regard, the BOT has stipulated participants to maintain debt instruments according to the Bank of Thailand Regulation on Purchase of Debt Instruments under Repurchase Contract for Intraday Liquidity Facilities (ILF) and Securities Requirements for Settlement (SRS). ILF and SRS are provided in THB against high quality collaterals pledged at the BOT by participants. So, the size of liquidity needed in the system is represented by the value of those collaterals, net of prudential haircut. Since BAHTNET is owned and operated by the BOT which is the issuer of THB currency, there is no liquidity risks derived from other relevant currencies. In 2016, the BOT provided ILF approximately 400 billion Baht per day. In case of stress scenarios, the BOT can consider to provide liquidity as follows: 1. In case that the BOT deems necessary to provide liquidity in BAHTNET as stated in Section 44 of the BOT Act, the loan granting process must be in accordance with rules, procedures and conditions prescribed by the PSC. On granting loan for intra-day liquidity, the BOT may consider charging interest or remuneration or calling for collateral. 96 THAILAND 2. In addition, under Section 42 of the BOT Act, the BOT may consider providing financial assistance to financial institutions that have liquidity problem, provided that the problem is deemed to endanger the stability of economic and monetary system as a whole. In this regard, the BOT can use these financial institutions’ shares or properties as collaterals for granted loans, in accordance with rules, procedures and conditions prescribed by the Financial Institutions Policy Committee. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAs sets/Law_E01_Bot.pdf) Potential aggregate liquidity risk that the BOT takes into account comprises the value of ILF provided and the value of participants’ debit position in Multilateral Funds Transfer (MFT) transactions as follows: • Intraday Liquidity Facilities (ILF) BAHTNET monitors collaterals that are posted in the system to ensure they meet the acceptance criteria. Eligibility of posted securities will be rechecked every time before conducting a repo transaction and before granting ILF to participants. The BOT’s collateral acceptance criteria focus on the debt instrument issuers; at present only the highest quality collaterals issued by the BOT, Ministry of Finance and State-Owned-Enterprises are accepted. The BOT regularly reviews the list of eligible issuers and collaterals as well. ILF is fully collateralized, where collaterals are marked-to-market and are subject to prudential haircut policy which is originally set by Enterprise Risk Management Department and Financial Markets Department. In this regard, financial institutions that have daily average value of funds transfer greater than 500 million Baht are required to maintain an ILF capacity not less than 10 percent of their daily funds transfer value or 10% of the average value of the funds transfers in BAHTNET during the same fortnight of the previous month. Total amount of ILF provided to participants can be considered as part of potential aggregate liquidity risk that may incur in the system. Please see the BOT Regulation for Intraday Liquidity Facilities (ILF) (Sor Ror Khor. 2/2552) for more information. 97 THAILAND (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ ILFRegulation/ILF%20Regulation/1_Sor%20Ror%20Khor%202-2552- EN-VK-ok_Disclaimer.pdf) Securities Requirements for Settlement (SRS) As participants’ net positions from MFT transactions are considered as part of potential aggregate liquidity risk that may incur in the system, SRS measure is put in place to ensure that participants have sufficient liquidity to settle their net debit positions as mentioned in Q.7.1.1 (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Notification/BOTNotificationNo58_2551_ 220908_MFT_Notification.pdf) Key consideration 2 An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. Description Operational Tools BAHTNET provides real-time operational monitoring tools to identify, measure, and monitor settlement and funding flows as follows: • BAHTNET provides real-time monitoring tools for BAHNET’s operators to monitor the funds flow via account balances and account movements of all participants including their queued transactions submitted to the system. Moreover, the recent liquidity dashboard summarizing necessary liquidity information enhances better liquidity monitoring, management and provide a warning feature. • BAHTNET provides real-time monitoring tools for participants to actively monitor their funds flow, liquidity balances and transaction information in real-time via BAHTNET web station. For transactions in queue, participants can change the priority of their transfer orders as well as set the urgency for a particular transfer order to be executed before any other transfer orders in the queue. They can also cancel transfer orders upon consent of their counterparties. Analytical tool: The BOT uses simulation tools to analyze fund flow and settlement behavior of participants in the BAHTNET system. Liquidity stress in the BAHTNET system may arise from operational issues such as IT breakdown of some major participants or collateral value deterioration that affects the system as a whole. These stress scenarios are conducted to analyze the consequences and to determine 98 THAILAND relationship between participants in the BAHTNET system. Moreover, a reverse stress test is conducted in order to determine the maximum intraday liquidity needed by participants and ensure that the level of maintained liquidity is consistent with the payment behavior. Key consideration 3 A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. Description Not applicable • BAHTNET is an RTGS and settled in THB only. It does not need to determine the amount of liquid resources in all relevant currencies to effect the same day settlement or multiple of payment obligations. Instead, the amount of liquidity requirement of participants is a major concern. A reverse stress test is conducted in order to determine a participant’s daily maximum requirement for intraday liquidity. The potential largest stress scenario is when a participant needs to cover all of its obligation using its own source of funds, which are funds in account balance and ILF, without any incoming funds from others. Key consideration 4 A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. Description Not Applicable 99 THAILAND Key consideration 5 For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. Description Not applicable Key consideration 6 An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the availability of emergency central bank credit as a part of its liquidity plan. Description Size and composition of supplemental liquid resources Not applicable Availability of supplemental liquid resources Key consideration 7 An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. 100 THAILAND Description Use of liquidity providers Not applicable Reliability of liquidity providers Key consideration 8 An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. Description Not applicable since BAHTNET operates on central bank money. Please see principle 9. Key consideration 9 An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk-management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. Description Stress test programme Not applicable since BAHTNET is an RTGS which does not require liquidity resource to operate. Instead, simulations and studies are conducted to determine sufficiency of participants’ sources of liquidity. Stress test scenarios Review and validation 101 THAILAND Key consideration 10 An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Description Same day settlement Not Applicable since BAHTNET is an RTGS which is not responsible for liquidity shortfalls of defaulting participants. Replenishment of liquidity resources Key Conclusions BAHTNET is Real Time Gross Settlement (RTGS) System which settles funds transfer transactions one by one only if there is sufficient balance in the participants’ accounts, therefore there is no liquidity risk exposed from its operation. Moreover, BAHTNET is an RTGS owned and operated by the BOT which is in a position to meet THB liquidity requirements of all participants in the system at all points for settling their transactions. Liquidity of the BAHTNET system is provided by many tools and mechanism including Intraday Liquidity Facilities (ILF), Securities Requirements for Settlement (SRS), Queuing Mechanism, Gridlock Resolution, Pricing incentive and Throughput guideline. In addition, information for liquidity management and transaction details are available for BAHTNET participants on a real-time basis. The analysis is also conducted to identify liquidity need of participants. Assessment of Observed Principle 7 Recommendations and comments 102 THAILAND Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key consideration 1 An FMI’s rules and procedures should clearly define the point at which settlement is final. Description Point of settlement finality Each funds transfer transaction will be completed and considered final and irrevocable at the point which will be described as follows: BAHTNET: According to Article 40 and 41 of BAHTNET Regulation, the transaction is deemed final and irrevocable when funds is debited from sending institution’s account and credited to receiving institution’s account as specified in the transfer order. After the settlement is completed, the sending institution cannot revoke the transaction. (Source: BAHTNET Regulation) RDL (RTGS-DvP Linkage): According to the BOT Notification for Linkage service for securities settlement between BOT and TSD, Article 4.3, the transaction is deemed final and irrevocable when funds is debited from sending institution’s account and credited to receiving institution’s account as specified in the sending institution’s request for funds settlement and BOT has already accordingly notified the TSD. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/B N_Regulation/BN_Regulation/BAHTNET%20Notification/7_Notification_ RDL.pdf) CSS (Central Settlement System): According to the BOT Notification for Multilateral Fund Transfer No. Sor Ror Khor. 7/2551, Article 13, the transaction is considered final and irrevocable when the funds is completely transferred from the net-debit sending institution’s account to the net-credit receiving institution’s account as specified in the MFT instruction. After the settlement is completed, the institution cannot revoke the transaction. (Source: Sor Ror Khor. 7/2551) Note: CSS is a system served for net settlement of retail payment transactions among BAHTNET participants undertaken through Multilateral Fund Transfer (MFT) function by debiting a number of net- 103 THAILAND debit sending institutions' accounts and simultaneously crediting a number of net-credit receiving institutions' accounts such as settlement of inter-bank cheque clearing. Moreover, all of the sending institutions need to have sufficient funds at the designated time in order for the settlement to take place. In case one of the participants faces the liquidity shortage resulting in failing to settle MFT, the BOT will utilize the collaterals held for Securities Requirement for Settlement (SRS) to mitigate settlement risk. PvP: According to the Notification for Linkage between BAHTNET and USD CHATS for FX settlement No. Sor Ror Khor. 4/2557 Article 5.2.4, the PvP transaction is deemed final and irrevocable when the funds in Thai Baht leg is debited from sending institution’s account and credited to receiving institution’s account in BAHTNET and the funds in US dollar leg is debited from sending institution’s account and credited to receiving institution’s account in USD CHATS simultaneously. Once the PvP processes mentioned are completed, the transfer for Thai Baht leg is deemed to be final and irrevocable. The sending institution cannot revoke the transaction. (Source: Sor Ror Khor 4/2557) The relevant regulations as specified above are disclosed to all of BAHTNET’s participants and public through BOT website. Currently, the Payment Systems Act has been enacted which laid out the oversight and supervision framework for payment systems and services, and especially address the essence of payment finality. Moreover, Section 9 of the Payment System Act states that in the case where the court has issued the order accepting the petition for business reorganization or the order for receivership of a member, the transactions that were completed through the country’s major clearing and settlement system before the court’s decision shall be final and irrevocable. This is to ensure the high degree of legal certainty that finality will be achieved. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E40_Payment.pdf) During the process of enacting the Payment Systems Act, BOT has obtained a well-reasoned legal opinion from the Office of the Council of State, the Legal Department and the National Legislative Assembly in 104 THAILAND order to ensure high degree of legal certainty in all Thai relevant jurisdictions. Finality in the case of links a) Finality in the case of SSS There are two types of Exchange-of-Value settlement in BAHTNET. The first linkage is the DvP linkage between the BOT and the TSD for government securities and equity settlement. The second one is the PvP linkage between BAHTNET and the HKMA’s USD CHATS for foreign exchange settlement. For securities transactions, the principal risk can be eliminated by applying a DvP model 1 arrangement which securities and funds are settled on a gross basis. For equity transactions traded via exchange, a DvP model 3 arrangement which securities and funds are settled on net basis will be applied. For FX transaction between THB/USD, the PvP mechanism is applied to eliminate principal and settlement risk. To ensure that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, the BOT has implemented relevant rules and regulations as follows: (1) DvP Linkage between the BOT and the TSD 1.1 RTGS-DvP linkage for securities settlement The TSD initiates the securities settlement transaction from their side by earmarking the securities in seller’s account and sending a request for cash settlement to the BAHTNET. As stipulated in Article 4.3 of the BOT Notification for Linkage service for securities settlement between the BOT and the TSD, the cash leg transaction is deemed final and irrevocable when funds transfer order is debited from sending institution’s account and credited to receiving institution’s account as specified in the transfer order on settlement date. As soon as the funds transfer is completed, the BOT will notify the TSD and TSD will complete settlement of securities leg accordingly (DvP model 1- Gross-Gross). (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/B N_Regulation/BAHTNET%20Notification/7_Notification_RDL.pdf) 1.2 DvP Arrangement for equity settlement For equity settlement, the BOT adopt DvP model 3 (Net-Net) which TCH will submit the MFT transactions to BAHTNET system to effect cash leg of equity settlement. Once the MFT is settled, the funds transfer is considered final and irrevocable as stipulated in the BOT Notification 105 THAILAND No. Sor Ror Khor. 7/2551, Article 13. The BOT will notify the TCH when the funds transfer is completed. (Source: Sor Ror Khor. 7/2551) In the case of securities/equity transfer between participants, the TSD will transfer the ownership of securities/equity after receiving confirmation from the TCH that the funds has been completely transferred. Once the TSD transferred the ownership of securities/equity, that transfer transaction is considered final and irrevocable as stipulated in Notification No. Tor. Tor. 32/2559 Regulation and procedure for the TCH and the TSD, Article 57, Paragraph 2. Furthermore, the TSD also states in the rule book that the TSD will transfer ownership of securities/equity after receiving settlement confirmation from the TCH and the transaction will be deemed final and irrevocable as stipulated in regulation Chapter 400: Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities, Article 405.2: Validity of a Transfer of Securities. (https://www.set.or.th/set/notification.do?idLv1=5) (2) PvP Linkage between BAHTNET and USD CHATS for FX settlement The PvP transaction is deemed final and irrevocable when the funds in Thai Baht leg is debited from sending bank’s account and credited to receiving’s account in BAHTNET and the funds in US dollar leg is debited from sending bank’s account and credited to receiving’s account in USD CHATS simultaneously, as stipulated in the BOT Notification for Linkage service for FX settlement between BAHTNET and USD CHATS, No. Sor Ror Khor. 4/2557 - Article 5.2.4. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/B N_Regulation/BAHTNET%20Notification/No_SorRohKho_4_2557.pdf) For US Dollar leg, the PvP transaction is deemed final and irrevocable as stipulated in Payment Systems and Stored Value Facilities Ordinance : PSSVFO (Chapter 584 of the Laws of Hong Kong) (http://www.gld.gov.hk/egazette/pdf/20162020/egn201620202777.pdf) In addition, BAHTNET is operated and overseen by the BOT whereas securities settlement system is operated by the TSD and overseen by the SEC. In this regards, the BOT and the SEC have shared oversight information for both regular and irregular events according to the MOU on cooperative oversight for DvP linkage. For cross-border linkage, USD CHATS is operated by HKICL and overseen by the HKMA. Both central 106 THAILAND banks have also shared oversight information on its RTGS according to the MOU on cooperative oversight for PvP linkage. b) For CCP - not applicable Key consideration 2 An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. Description Final settlement on the value date Final settlement in BAHTNET is completed individually on a real time transaction-by-transaction basis on the value date only. In case that there is insufficient funds in sending institution’s account, the transfer order will be placed in queue until the sending institution has adequate funds in its account, according to Article 44 of BAHTNET regulation. However, if the sending institution still does not have sufficient amount of funds at the end of the value date resulting in failure to execute its transfer order at the closing time, the sending institution will receive a rejection message from the system. (Source: BAHTNET Regulation) Intraday or real-time final settlement BAHTNET has never postponed the settlement to the next working day as the system is designed to operate and settle within the settlement date. Moreover, BAHTNET has never operated in a way that was not contemplated by its rules, procedures or contracts. However, in case of emergency such as unexpected special holidays occurred from major disasters or political unrests, the forward value date transactions will be invalid, participants have to resend the transactions to the system on the first business date after the special holiday, likewise the DVP transaction. Practically, BAHTNET will be operated on the first day of unexpected holiday to ensure that participants could manage their transactions promptly. In addition, in order to ensure the smooth settlement of PVP transaction through PVP linkage, BOT and HKICL has a communication BCP arrangement for unpredictable ad hoc holidays that may occur from major disasters, political unrests and epidemics. Both operators will send broadcast messages to inform all participants in their RTGS in order to prepare transactions for the next business date. Moreover, both central banks have assigned the contact persons to handle the incident when it occurs. 107 THAILAND BAHTNET provides the real-time final settlement as stated in BAHTNET Regulation as follows: According to Article 2 of BAHTNET regulation, BAHTNET, as a financial infrastructure serving for Real-Time Gross Settlement (RTGS) of large value funds transfer between financial institutions or other organizations maintaining deposit accounts at the BOT, was designed to mitigate settlement risk amongst financial institutions as well as to facilitate efficient, fast and secure transfers for third-parties. Additionally, all of the funds transfer transactions that are completed in BAHTNET are considered final and irrevocable. Moreover, BAHTNET participants are allowed to monitor or print the status of their transfer order on a real-time basis in respect of Article 37 of BAHTNET regulation. (Source: BAHTNET Regulation) BAHTNET provides Multilateral Funds Transfer (MFT) settlement on designated time which is bilaterally agreed with Clearing Houses. This function allows a number of simultaneous debit/credit funds transfers for daily settlements. These settlements are net positions of retail transactions sent by settlement agents i.e. NITMX, TCH, and BOT. Once the MFT is completely settled, all of the transactions involved are consider final and irrevocable, according to the BOT Notification on Multilateral Fund Transfer (Sor Ror Khor. 7/2551), Article 2 and 13. BOT reserves the right as deem appropriate to change the submit time and settlement time for MFT to prevent any disruptions that may occurred. (Source: Sor Ror Khor. 7/2551) For settlement of MFT transaction, participants can use liquidity from their accounts or ILF to complete settlement similar to a gross transaction. In case one of the participants faces the liquidity shortage resulting in failing to settle MFT, the transfer order will be placed in queue. Moreover, SRS 16 measure may be activated to ensure that the net settlement through BAHTNET will be completed within the specified 16 Securities Requirement for Settlement (SRS) refers to the facility for settlement risk mitigation in case that a member has insufficient funds to complete settlement of Multilateral Funds Transfer (MFT) transaction. By this measure, members are required to pledge collateral against the exposure arising from net settlement from retail 108 THAILAND timeframe even if the participants with the highest debit amount do not have sufficient funds to settle the MFT. Key consideration 3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Description For BAHTNET, if a transaction is considered final, it is irrevocable. However, if the participant knows that the funds was sent to the wrong receiving institution, such participant needs to send message requesting the receiving institution to transfer back that funds. Moreover, BAHTNET defines the point at which participants can cancel (not revoke) their unsettled payments, transfer instructions or other obligations as follows: Cancellation of the incomplete transfer order (Article 39 of BAHTNET regulation) • When the sending institution sends the transfer order to the BOT, the transfer order could be cancelled upon a request to BAHTNET operator under 2 conditions (1) a consent from the receiving institution and (2) BOT has not yet executed that transfer order by crediting funds into the receiving institution’s account. The cancellation process is subject to relevant rules and regulations specified by BOT. In addition, BAHTNET prohibits the unilateral revocation of accepted and unsettled payment since it needs consent from both sending institution and receiving institution for the cancellation. (Source: BAHTNET Regulation) There are two cases where unsettled transactions can be cancelled as follows: • Cancellation for the transfer orders that are in queue (Article 63 and 68 of BAHTNET regulation) • Once the transfer order submitted to BAHTNET but the sending’s institution does not have adequate funds in its account, these transfer orders will be put in queue waiting for sufficient funds for further settlement. • - BAHTNET participants could notify the BOT to suspend or cancel transfer order that is waiting in queue, according to relevant rules and regulations as specified by BOT. payment such as cheque clearing and interbank retail funds transfer. Securities pledged shall not be less than the maximum possible negative balance. 109 THAILAND Moreover, an instruction or transfer order accepted and placed in the queue by the system will be cancelled if there is a court order for bankruptcy or winding up of that particular default participant. Cancellation of forward date value transfer orders submitted in advance (Article 69 of BAHTNET regulation) Participants are allowed to submit the transfer orders in advance within the period of time specified by BOT. They are allowed to cancel the transfer order submitted to the queue in advance in accordance with the rule and regulation as prescribed by BOT. The BOT will strictly maintain the normal operating hours of BAHTNET system. The BOT may decide to extend operating hours upon the request from participants in accordance with the criteria as specified in Article 31 and 32 of BAHTNET regulation. BOT reserves the right to disapprove the request to avoid impacts on the rest of service users. The consideration result will be notified to all involved parties. The BOT will consider extending the normal operating hours, upon acknowledging of some justifiable reasons and necessities, i.e., (1) Any participants lack sufficient liquidity, or wait for funds transfer from other participants, or (2) Disruption in any participants, resulting in some unprocessed transactions, or (3) Participants must submit funds transfer order on a particular day in order to avoid impacts on the funds receiving institution. (Source: BAHTNET Regulation) All of the regulations and notification are disclosed to the participants as well as public on the BOT’s website (www.bot.or.th) under Payment Systems Notification & Circulars for BAHTNET system section. Key conclusions Settlement of funds transfers in the BAHTNET is achieved in real-time and considered final and irrevocable. The transaction settled in the BAHTNET is protected under Section 9 of the Payment Systems Act and could not be cancelled or revoked. Moreover, final settlement through BAHTNET is completed only within the value date. For DvP, the transaction is deemed final and irrevocable when funds transfer order is transferred from sending institution’s account to receiving institution’s account and accordingly notified the TSD. 110 THAILAND For PvP, once both currencies, Thai Baht and US Dollar, are transferred from the sending institution’s account to the receiving institution’s account, the transfer in Thai Baht is deemed to be final and irrevocable. In this regard, the formal MOU with the HKMA was established to address all of the concern issues especially the point of finality for both sides. The participants can suspend or cancel a transfer order which is placed in the queue in respect of the rules and regulations as specified by the BOT. Revocation and cancellation can only be done with the consent of the receiving’s institution. Assessment of Observed Principle 8 Recommendations and comments Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimize and strictly control the credit and liquidity risk arising from the use of commercial bank money. Key consideration 1 An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Description BAHTNET conducts money settlements through central bank money by requiring participants to maintain current or settlement accounts with the BOT as prescribed in Article 3 of BAHTNET regulation. At present, BAHTNET conducts settlement denominated in Thai Baht only according to Article 1 of BAHTNET regulation. (Source: BAHTNET Regulation) Key consideration 2 If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. Description BAHTNET uses central bank money for settlement except in the case of PvP transaction which US Dollar leg will use commercial bank money for settlement via the linkage with USD CHATS (USD Clearing House Automated Transfer System). Money settlements via USD CHATS are effected through accounts on the books of HSBC, which is appointed by the HKMA to perform the USD settlement institution function in Hong Kong. 111 THAILAND HSBC is under the prudential supervision of the HKMA which taking risk- based approach. This is to ensure that risks arising from the commercial bank settlement has been closely identified, monitored and managed. Moreover, the HKMA is responsible to oversee USD CHATS in order to ensure the credit and liquidity exposures in the system are properly addressed. For cross-border linkage, the sharing of oversight information between the BOT and the HKMA both regular and irregular events is undertaken according to the MOU on cooperative oversight arrangement to ensure the compliance of the system as well as the operations and stability of the settlement bank. Key consideration 3 If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. Description BAHTNET uses central bank money for settlement. Key consideration 4 If an FMI conducts money settlements on its own books, it should minimize and strictly control its credit and liquidity risks. Description Not applicable Key consideration 5 An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Description Not applicable Key conclusions Money settlement in BAHTNET is conducted in Thai Baht via central bank money in order to mitigate credit and liquidity risk. In the case of PVP transaction, the US Dollar leg will use commercial bank money for settlement in USD CHATS. The HKMA is responsible to oversee USD CHATS system to ensure the compliance of the system as well as the operations and stability of the settlement bank. Assessment of Observed Principle 9 112 THAILAND Recommendations and comments Principle 10: Physical Deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Key consideration 1 An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. Description Key consideration 2 An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. Description Key conclusions Assessment of Non applicable Principle 10 Recommendations and comments Principle 11: Central Securities Depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Key consideration 1 A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains. Description Safeguarding the rights of securities issuers and holders Prevention of the unauthorised creation or deletion of securities Periodic reconciliation of securities issues Key consideration 2 A CSD should prohibit overdrafts and debit balances in securities accounts. Description Key consideration 3 A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. Description 113 THAILAND Key consideration 4 A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. Description Key consideration 5 A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. Description Key consideration 6 A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks. Description Key conclusions Assessment of Non applicable Principle 11 Recommendations and comments Principle 12: Exchange-of-value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 1 An FMI that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis and when finality occurs. Description BAHTNET and the linked FMIs adopt the best practice for exchange-of- value settlement which is DvP (model 1 and 3) for securities settlement and PvP for THB-USD Fx settlement to eliminate principal risk. The length of time between blocking and final settlement of the linked obligations differs across settlement models. Details are as follows: • Delivery versus Payment (DvP) linkage for securities settlement For OTC securities settlement which adopts DvP model 1, finality of the linked obligations is nearly simultaneous. TSD initiates a DvP transaction by earmarking securities in the seller’s account and send funds transfer order to BAHTNET accordingly. As soon as the funds transfer instruction is complete in BAHTNET, the BOT will confirm TSD through 114 THAILAND the linked system, and TSD will transfer securities from the seller account to the buyer account simultaneously. Finality occurs when funds are transferred into the seller account, while securities are transferred to the buyer’s securities account completely. Under the TSD’s and BAHTNET’s rules, such settlement transaction becomes valid, and may not be revoked. As TSD will block the securities in the seller account, the seller asset is protected from a claim by other parties. If the payment cannot be complete within the day, TSD will release the securities blocking at the end of day. The blocked assets during the settlement process of DvP model 1 are safeguarded from a third party claim in accordance with Section 402.02 of the Regulation of TSD (Chapter 400). For securities traded through the exchange, DvP settlement model 3 has been adopted to eliminate principal risk, for which TCH acts as CCP and SSS for securities. Settlement finality for obligations on securities and cash legs are described as followed: • Selling members Selling members must maintain securities in the settlement account by 1:30 p.m. TCH shall request TSD to transfer those securities to TCH settlement account, which will be blocked until delivery time. Once the delivered securities are transferred to TCH account, the delivery of securities of the selling member shall be deemed final. After that, TCH will submit an MFT transaction to BAHTNET and wait for cash settlement. Cash obligation for the selling member will be final when the payment is made from TCH account to the selling member account by 2.05 pm. Therefore, for the seller, the length of time between blocking of securities and cash receipt is about 35 minutes. • Buying members Buying members will make a payment to TCH by 2.00 pm and cash obligation of the buying members shall be deemed final at this point. Securities will be delivered to the buying members after acknowledgement of cash transfer in BAHTNET which will be no later than 2.15 pm. Therefore, for the buyer, the length of time between delivery of cash to TCH and receipt of securities is 15 minutes. The length of time that securities are hold in TCH account until transferring of such securities into the buyer account is about 45 minutes. 115 THAILAND For equities settlement which adopts DVP model 3, assets are safeguarded from a third party claim during the settlement process by the legal basis for segregation and application of the customer’s assets pursuant to Section 223/3, Section 224 of Securities and Exchange Act B.E. 2535 (SEA), whereas enforceability of the final settlement shall be irrevocable following Section 510.02 (for payment) and Section 511 (for securities delivery) of the Regulation of TCH (Chapter 500). Besides, Section 111/1 of the SEA states that when a securities business operator becomes a debtor by judgment or a debtor under receivership, the customer asset shall not be regarded as asset subject to seizure or attachment in the civil case and shall not be regarded as bankruptcy asset which may be distributed among creditors of a securities business operator in bankruptcy. This provision also applies to the case of clearinghouse insolvency as prescribed in Section 223/5 of the SEA. (Source: Securities and Exchange Act B.E.2535, Regulation of TSD Chapter 400 Regulation of TCH Chapter 500) Payment versus Payment (PvP) linkage for FX settlement Likewise, when Thai Baht and US Dollar funds transfer orders are matched, BAHTNET and USD CHATS will respectively hold Thai Baht and US Dollar in the sending banks’ accounts. After that, each RTGS will check funds availability and effect the funds transfers simultaneously as soon as sufficient funds has been confirmed from both sides. Finality of the linked obligations is achieved simultaneously upon completion of settlement in BAHTNET and USD CHATS. Key conclusions DvP model 1 and 3 are applied for the settlement of securities and equity, respectively, in central bank money, whereas PvP settlement mechanism is applied for foreign exchange settlement. Adoption of these forms of settlement has led to elimination of principal risk. For DvP model 1, finality of fund and securities occurs almost simultaneously. For DvP model 3, finality occurs upon completion of securities transfer and cash settlement. The length of time between blocking securities and final fund transfer to the seller account is about 35 minutes. On the other hands, it takes about 15 minutes to deliver securities to the buyer account after TCH receives funds transfer from the buyer. 116 THAILAND Assessment of Observed Principle 12 Recommendations and comments Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration 1 An FMI should have default rules and procedures that enable the FMI to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description Participant default rules and procedures The BOT has rules and procedures that clearly define an event of default for both financial and operational default. These rules and procedures contain actions that needed to be taken by the BOT to minimize further impact to non-defaulting participants as well as management of defaulting participants. Details are as follows; Financial default BAHTNET is an RTGS system which settles in central bank money; funds transfer is settled by funds held in participants’ settlement or current account at the BOT with immediate finality. Therefore, participants are normally able to meet their financial obligations if funds are available in their accounts. However, there may be cases where participants face liquidity shortage due to insufficient funds in their accounts. These will not be considered as an event of default because participants can still meet their final obligations by using liquidity risk management tools and mechanisms provided by the BAHTNET system such as ILF, queuing and gridlock mechanism. According to Article 8 of the Payment System Act, B.E. 2560 (2017), the BOT Regulation for Highly Important Payment System’s Participant Default Rules and Procedure, and the BOT Notification for BAHTNET’s Participant Default Rules and Procedures, participants default related to financial problem is defined as any participant who files a petition or has filed a petition for business reorganization and the court has issued the order accepting the petition, or who has been filed for bankruptcy or has been under a receivership order by the court under the Bankruptcy Act, B.E.2483 (1940). 117 THAILAND (From this point onward, all these participants subjected to aforementioned context shall be denoted as defaulting participant.) Operational default For operational default, the events of default may occur as a result of operational disruptions, for example telecommunication problems, electrical power failures and cyber-attacks, thereby preventing participants from communicating with BAHTNET. Participants default rules and procedures regarding operational problems are stated in Title 10 of Emergency management of the BOT Regulation for BAHTNET services B.E.2549 (2006) and Principle 17: Operational Risk. a) the actions that the FMI can take when a default is declared Financial default In order to prevent an impact to non-defaulting participants, once a participant knows the hearing date for its bankruptcy lawsuit, the BOT Regulation on Highly Important Payment System’s Participant Default Rules and Procedures requires that such participant shall immediately notify the date and time of hearing to the BOT in order that, on the hearing date, the BOT shall temporarily suspend service to such participant as well as cancel all pending transactions from the designated time to the time of adjudication. According to Article 8 of the Payment System Act, B.E. 2560 (2017) and the BOT Regulation on Highly Important Payment System’s Participant Default Rules and Procedures, any defaulting participant shall notify Payment and Bond Department (PBD) after an acknowledgement of the Court’s bankruptcy order. BAHTNET Operation Team will permanently revoke BAHTNET service to that participant. In addition, all relevant parties will be informed by BAHTNET Operation Team regarding the participant upon acknowledgement of the hearing date and Court’s bankruptcy order. Operational default According to the BAHTNET Regulation, defaulting participant is required to notify BAHTNET Operation Team upon disruption as soon as possible (Article 75). BAHTNET Operation Team may suggest the defaulting participant to trigger its contingency plan (Article 74) in order to use other arrangements to transfer funds such as backup channel (Article 76) or funds transfer order’s letter (Article 77). In 118 THAILAND addition, BAHTNET Operation Team reserves the right to consider minimizing impacts and risks to the system such as changing service hours, instructing the opening/closing of the system or temporarily terminate BAHTNET services for such participant. b) the extent to which the actions are automatic or discretionary Financial & Operational default The actions are discretionary. BAHTNET Operation Team will take actions after getting notification from defaulting participant as stated in a). c) changes to normal settlement practices There are no changes to normal settlement practices for financial and operational default. d) the management of transactions at different stages of processing Financial default After acknowledgement of defaulting participant, the BOT will temporarily suspend all of its incoming and outgoing transactions. All settled transactions are final and irrevocable. Awaiting transactions are managed differently as follows: Gross-basis transaction (Including cash leg for DvP and PvP): • BAHTNET Operation Team will cancel awaiting transactions, including forward-date transactions, in-queue transactions or transactions related to BATHNET’s participant who is adjudged bankrupt at the time of Court’s order, in accordance with the BOT Notification for BAHTNET’s Participant Default Rules and Procedures. Multilateral Funds Transfer transaction (MFT): • The BAHTNET Operation Team will cancel awaiting MFT transaction and request the settlement agents to resubmit new MFT transaction to exclude the defaulting participant in accordance with the BOT Notification for BAHTNET’s Participant Default Rules and Procedures. 119 THAILAND Operational default BAHTNET will prevent the defaulting participant from using BAHTNET services as described in a), thus no new transaction will be submitted to the BAHTNET system. e) the expected treatment of proprietary and customer transactions and accounts The BAHTNET system does not have direct relationship with its participants’ customers, thus the treatment for proprietary and customer transactions and accounts of the defaulting participant is not covered in the BOT Regulation and the Notification for BAHTNET’s Participant default rules and procedures. f) the probable sequencing of actions Financial default BAHTNET Operation Team will take the following actions upon acknowledgement of participant who is subject to bankruptcy lawsuit. 1) Notify all relevant parties including BOT’s internal departments, external parties and BAHTNET’s participants. 2) Temporarily revoke BAHTNET service, inactive defaulting participant’s account including cancel awaiting transactions related to that participant. 3) Permanently revoke BAHTNET service in case of participant is ruled as bankrupt under the court’s order. 4) The defaulting participant’s property shall be processed to debtor’s estate according to the steps of bankruptcy execution as stated by the BOT Notification for BAHTNET’s Participant Default Rules and Procedures. Operational default BAHTNET Operation Team may suggest defaulting participant to take action to mitigate impact as described in a). If BAHTNET Operation Team observes that a participant frequently faces operational default 120 THAILAND and may create systemic risk to the system, the sequence of actions are as follows: 1) BAHTNET Operation Team will inform all relevant parties and temporarily terminate BAHTNET service to such participant. 2) The participant is required to submit rectification plan within 1 month after its service user is revoked. 3) In case of permanent revocation, the participant must follow the instructions as stipulated in the Article 89 of BAHTNET regulation including returning the BOT’s application (if any) and manual, eliminating the BOT’s application from its workstation. g) the roles, obligations and responsibilities of various parties, including non-defaulting participants BAHTNET Operation Team Defaulting Non-defaulting Participant participants  Notify all non-defaulting Notify Stop sending new participants including BAHTNET transactions with relevant authorities Operation and receiving  Temporarily revoke Team transactions from BAHTNET service for the immediately the defaulting defaulting participant  Inactivate the defaulting upon participant participant’s account acknowledgem  Cancel awaiting and ent of the forward-date transactions hearing date related to the defaulting participant h) the existence of other mechanisms that may be activated to contain the impact of a default? Besides the aforementioned procedures, there are no others mechanisms to be activated to mitigate impact to non-defaulting participants. Not applicable. The BOT does not maintain any financial resources to cover losses from the defaulting participant. Use of financial resources Key consideration 2 An FMI should be well prepared to implement its default rules and procedures, including any appropriate discretionary procedures provided for in its rules. 121 THAILAND Description Yes, the BOT has internal plans in place for the event of default. The BOT has defined roles, responsibilities and procedures of participants and relevant parties in the Notification and Guidelines for BAHTNET’s Participant Default Rules and Procedures as described in KC.13.1. Furthermore, the BOT’s internal procedures are also defined in the BAHTNET Operational Guidelines, covering such issues as - Handling the defaulting participant’s transactions and asset - Communication between the BOT and relevant parties - Sequencing of actions for BAHTNET Operation Team For BAHTNET’s participants and relevant stakeholders, BAHTNET Operation Team shall notify them through broadcast message in the BAHTNET system and others communication channels as specified in the BOT Regulation on Highly Important Payment System’s Participant Default Rules and Procedures. PBD, the BAHTNET operator, will inform Payment Systems Policy Department (PSD), BAHTNET Regulator, regarding default of participant. Accordingly, PSD will inform other regulators of the linked FMIs who has entered into the Memorandum of Understanding (MOU) with the BOT for cooperative oversight. The Notification in the event of any defaulting participant is subject to an annual review by all relevant parties including BOT’s internal departments, external parties and BAHTNET’s participants. The plans are approved by Senior Director of Payment and Bond Department. Key consideration 3 An FMI should publicly disclose key aspects of its default rules and procedures. Description The BOT discloses key aspects of default rules, which include a) to d), in the BOT Regulation and Notification for BAHTNET’s Participant Default Rules and Procedures on the BOT website and sends the circular letter to all relevant parties. For e), the BAHTNET system does not have direct relationship with its participants’ customers, thus the mechanisms for addressing the defaulting participant’s obligations are not covered in the BOT Regulation and Notification for BAHTNET’s Participant default rules and procedures. Key consideration 4 An FMI should involve its participants and other stakeholders in the testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. 122 THAILAND Description Financial default The BOT Regulation on Highly Important Payment System’s Participant Default Rules and Procedures is subject to an annual testing, for which participants and connected FMIs are also required to participate by following the details specified in test plan document. The BOT will conduct the testing with all relevant parties and follow up the test result, whereas revision and adjustment of procedure is executed accordingly. The test results are reported to Senior Director of PBD and all relevant parties. Operational default According to Article 74 of the BOT Regulation for BAHTNET services B.E.2549 (2006), BAHTNET participants are responsible for their BCP testing and are required to report their test results to the BOT at least annually. In addition, the BOT conducts its BCP testing with all relevant parties on a yearly basis. The test results are reported to Assistant Governor and all relevant parties. Potential participant default scenarios and procedures covered by the tests are categorized into financial default and operation default. Financial default Since the BOT Notification for BAHTNET’s Participant Default Rules and Procedures has been published in 2018, the annual testing covers all scenarios as stipulated in the procedure including all transaction types and involve all relevant parties. The BOT will review and evaluate the test result with all relevant parties and will adjust the procedure to be more practical accordingly. Operational default According to Article 74 of the BOT Regulation for BAHTNET services B.E.2549 (2006), the BOT will conduct annual BCP drill with participants. The details of BCP testing are described in Principle 17: Operational Risk. Key conclusions According to the BOT Regulation and Notifications for BAHTNET’s Participant Default Rules and Procedures by virtue of the Payment Systems Act, B.E. 2560 (2017), the BOT shall cancel awaiting transactions including forward-date transactions, in-queue transactions or transactions related to defaulting participant and shall notify to all 123 THAILAND relevant parties. Such defaulting participant shall not participate in any transaction with the BOT nor with other relevant parties. The BOT Notifications for BAHTNET’s Participant Default Rules and Procedures has been annually discussed, reviewed, tested and notified to all relevant parties before being published on the BOT website. Assessment of Observed Principle 13 Recommendations and comments Principle 14. Segregation and Portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. Key consideration 1 A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. Description Customer protection from participant default Customer protection from participant and fellow customer default Legal basis Key consideration 2 A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. Description Key consideration 3 A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. Description Key consideration 4 A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any 124 THAILAND constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. Description Key conclusions Assessment of Non applicable Principle 14 Recommendations and comments Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialize. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration 1 An FMI should have robust management and control systems to identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description Generally, a central bank has no business risk. Therefore, key considerations under this principle do not apply with FMIs that are owned and operated by central bank according to CPMI-IOSCO’s publication on Application of the "Principles for Financial Market Infrastructures" to central bank FMIs. BAHTNET system is developed and operated by the BOT to be the financial infrastructure of the country with the purposes of enhancing the efficiency as well as mitigating settlement risks of financial institutions and preventing systemic risk to the financial system according to Section 44 of the Bank of Thailand Act. However, the BOT has adopted cost-recovery policy for BAHTNET fee structure. In this regard, the BOT may still expose to general business risk arising from inappropriate revenue and cost management. This concern has been included in the BAHTNET Risk management framework. The pricing policy is approved by the Payment Systems Committee (PSC) )4 /B.E. 2560) underlining that revenue has to cover operating cost. The pricing policy will be reviewed every 2 years or following significant changes. 125 THAILAND Regarding ongoing monitoring, the BOT analyses BAHTNET’s general business risk by considering increasing and decreasing trends of the transactions together with the present fee scheme every 6 months. According to the latest analysis, the current pricing policy can be achieved. Key consideration 2 An FMI should hold liquid net assets funded by equity (such as common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. Description Not applicable Key consideration 3 An FMI should maintain a viable recovery or orderly wind-down plan and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk-based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description Recovery or orderly wind-down plan Not applicable Resources Key consideration 4 Assets held to cover general business risk should be of high quality and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description Not applicable Key consideration 5 An FMI should maintain a viable plan for raising additional equity should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description Not applicable Key conclusions The BAHTNET system was developed to be the fundamental financial infrastructure for enhancing performance and mitigating risks and cost of funds transfer for financial institutions. Since the BOT owns and operates the BAHTNET system, there is no business risk. 126 THAILAND However, since the BOT has adopted cost-recovery policy for BAHTNET fee structure, general business risk may arise from inappropriate revenue and cost management. This concern has been included in the BAHTNET Risk management framework. Assessment of Observed Principle 15 Recommendations and comments Principle 16. Custody and Investment Risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description BAHTNET does not use custodians. There are 2 type of assets used to transact in BAHTNET, cash and securities. Both assets are used for operational purpose in the BAHTNET system only. Cash accounts are safeguarded by the BOT as participants are required to open current/settlement accounts at the BOT for transferring and receiving funds in BAHTNET as well as to obtain intraday liquidity facilities against collaterals. For securities to be used as collaterals in BAHTNET, the BOT opens and holds securities accounts (BOT Collateral Management Facilities: BOT-CMF) on behalf of participants at TSD which is the central securities depository in Thailand. TSD is regulated by the SEC to ensure the robust accounting practices and procedures complied with international standards. In addition, the BOT has a securities sub- account system which is directly linked with the BOT-CMF to facilitate participants’ management of collaterals. At the end of day, to ensure the integrity of accounting and safekeeping procedures, the BOT and TSD will reconcile securities account after closing the systems. Should there be some errors, the BOT and TSD will coordinate to investigate and rectify accordingly. Key consideration 2 An FMI should have prompt access to its assets and the assets provided by participants, when required. Description The BOT opens BOT-CMF accounts on behalf of BAHTNET participants at TSD, securities under BOT-CMF are safeguarded by the Securities 127 THAILAND and Exchange Act. (Section 225) and the Regulation of TSD (Chapter 400) For securities in sub-accounts of BAHTNET participants, they are safeguarded by the BOT Regulations depending on the type of sub- account as described in Principle 5. (http://www.sec.or.th/EN/SECInfo/LawsRegulation/Documents/actandr oyal/1Securities.pdf) https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter 400_310316_EN.pdf) BAHTNET participants are required to deposit securities in BAHTNET for Intraday Liquidity Facilities (ILF) and Security Requirement for Net Settlement (SRS). The BOT will buy these securities in repurchase transaction, where ownership of those securities will be transferred to the BOT. At the end of day, participants are supposed to buy back their securities and the ownership will be transferred back to the participants. In case participants fail to buy back their securities at the end of day until 12.00 p.m. on the next business day, participants’ right to buy back securities will end as prescribed in Sor Ror Khor 2/2552- Article 20 while the ownership is still with the BOT. (Source: Sor Ror Khor 2/2552) For securities used as Security Requirement for Net Settlement (SRS), Sor Ror Khor 1/2557 – Title 5, Article 17 stipulates that if participants’ deposits are deficient to settle their transactions within the specified time, the participants have given consent to sell their securities to the BOT in repurchase transaction for settling their obligations under the buy-back agreement. Similar to ILF, If participants fail to buy back their securities by 12.00 p.m. on the next business day, participants’ right to buy back securities will end as prescribed in Sor Ror Khor 1/2557-Title 5, Article 20 while the ownership is still with the BOT. (Source: Sor Ror Khor 1/2557) At present, the above regulations help to ensure the BOT’s prompt access to the assets, including securities in the event of participant default. Furthermore, the Payment Systems Act enhance the BOT’s 128 THAILAND prompt access to participants’ assets and separation of assets and liabilities. Section 10 of the Payment System Act states that, in the event of participant default, any funds or securities which participants have deposited at the BOT as collaterals in BAHTNET for ILF or SRS will be protected from allocating to other creditors of participants as stipulated in the Bankruptcy Laws. The BOT will be empowered to seize those collaterals for settlement. The residual collaterals, if any, will be transferred to debtors’ property of estate. Note that there is no asset held with a custodian in another time zone or legal jurisdiction. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAs sets/Law_E40_Payment.pdf) Key consideration 3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. Description Not applicable Key consideration 4 An FMI’s investment strategy should be consistent with its overall risk-management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high- quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description Investment strategy According to Application of the Principles for Financial Market Infrastructures to central bank FMIs, PFMI is not intended to constrain central bank policies on the investment strategy or disclosure of that strategy. Therefore, this key consideration is not applicable since BAHTNET does not implement investment strategy on any participants’ assets. BOT investment strategy is consistent with reserve management policy. Risk characteristics of investments Key conclusions BAHTNET does not keep assets with a custodian bank except TSD which is an FMI regulated by the SEC. TSD provides a system for the BOT to have prompt access to assets kept at TSD. Cash and securities assets used in BAHTNET are for operational purpose in the system only. In the event of participant default, Article 10 of the Payment System Act has a provision to empower the BOT to have prompt access to 129 THAILAND those assets and protect them from allocating to other creditors of the defaulting participant. In addition, there is no investment policy implemented for those assets. Assessment of Observed Principle 16 Recommendations and comments Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide- scale or major disruption. Key consideration 1 An FMI should establish a robust operational risk-management framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description Identification of operational risk Presently, policies and processes for identifying, monitoring and managing risks arising from BAHTNET operation are identified in the BAHTNET Risk Management Framework. In the early stage, BAHTNET adopted the BOT Risk Management Framework which was originally designed to provide guidelines for risk management to all departments and functions in the BOT including BAHTNET. As BAHTNET operator, PBD is responsible for establishing Control Self-Assessment (CSA) focusing on operational risk and reporting to Enterprise Risk Management Department (ERMD) every year. Therefore, BAHTNET operational risk is identified by conducting CSA. Plausible sources of operational risk had been identified in accordance with BOT regulation No. Tor. 39/2558 – the Measures of Operational Risk Incident - Section 3 Appendix A, which describes plausible sources of operation risk as follows; ­ Process: Operational risk is identified as lack of or error of the internal process. 130 THAILAND ­ People: Operational risk is identified as insufficient or human error related areas as well as operation by people that leads to harm. ­ System: Operational risk is identified as insufficient or error of the system. ­ External Event: Operational risk is identified as change in external circumstance including social, politics and environment that leads to harm. The risk appetite statement is set out for stating tolerance level of each identified risk. After the introduction of PFMI, BAHTNET self-assessment against PFMI was conducted and the assessment result suggested that risk management framework should be formulated to be in line with the standard. Accordingly, BAHTNET Risk Management Framework has been established and approved by the Payment Systems Committee (PSC) in April 2018. The Framework encompasses all aspects of risk related to BAHTNET system, including operational risk. In this regard, operational risk management practices in the Framework are similar to those conducted in the past. The PSC has approved BAHTNET Risk Management Policy which states that “BAHTNET shall provide services which are continuous, efficient, stable, secure and in line with international standards”. Risk identification must be conducted every year due to changes of several factors such as new technology, introduction of new business function or cyber threat. Therefore, operational risks vary over the years, depending on the situation at that time. Normally, sources of operational risk which were identified can be categorized into 3 groups comprising 1) Operational related risk - such as inadequate monitoring system or process 2) Personnel related risk – such as inadequate training for staff or control of fraud 3) Technical related risk – such as hardware or software failure, network or utilities interruption 131 THAILAND Risks related to these 3 groups can incur from both internal, i.e. BAHTNET operator and BOT IT staff, and external parties, which are utility service providers or participants. On single points of failure, BAHTNET system was designed to have high availability and equipped with state-of-art technologies to avoid having single points of failure and to ensure high degree of operational reliability. All BAHTNET hardware and related network components are redundant and data are replicated to the backup site in real-time manner. KRIs are used to monitor identified operational risk with high risk rating (with exceptionally high likelihood or impact). Furthermore, BAHTNET operation team is responsible for monitoring day-to-day operation through BAHTNET monitoring screens which show essential information related to operational risk in a real-time basis. Relevant monitoring screens for operational risk management comprise 1) System Monitoring Dashboard – a dashboard for monitoring overall status of system components 2) Queue Monitor – for monitoring throughput of BAHTNET transaction 3) Web connection – for monitoring connection between BAHTNET system and participants’ work stations 4) Non-acknowledge message – for monitoring SWIFT confirmation messages that do not receive acknowledgement from SWIFT network 5) Suspicious Transaction -a tool for detecting and handling unusual or suspicious transactions. Incidents that occur in BAHTNET will be recorded and analysed for further prevention and resolution in BOT-Risk Management System (BOT-RMS). Moreover, BAHTNET is audited by both internal and external auditors on an annual basis. The BOT’s IT department is responsible for preventive monitoring of IT infrastructure and resource usage of hardware and applications, with real-time notification. BAHTNET operation team and IT infrastructure team have established a number of working procedures including checklist for normal daily operation as well as emergency situation. These systems, policies and procedures are well documented in both soft file and hard copy both 132 THAILAND at the main and secondary site. Operation status of BAHTNET is reported to executives every day. Management of operational risk Operational risk is identified and assessed by conducting CSA. High- level risks will be closely monitored and reported to relevant parties to ensure that operational procedures are implemented appropriately. In this regard, measures will be developed to maintain risk at an acceptable level. These steps are summarized and included in the BAHTNET Risk Management Framework as follows: 1) Risk identification and risk assessment 2) Risk response and control 3) Risk monitoring 4) Risk Reporting The BOT employs the risk management process and control in accordance with the international framework such as Lines of Defense. Process and control are audited by external auditors from time to time such as PWC in 2007,2010 and Deloitte in 2016. Furthermore, BAHTNET system was certified by the ISO/IEC 27001: 2013 in ISMS in 2015 where the surveillance audit is required on an annual basis. Moreover, re-certification audit is also required for certificate renewal every three years. In 2017, the BOT officially mandates all participants’ workstations to be certified with ISO 27001 by the end of 2018. This helps ensuring that policies, process and controls are designed and implemented appropriately and in line with accepted international standards. Policies, processes and controls The BOT employs the BOT Rule on Human Resource Management B.E. 2556 as its human resources policies in order to hire, train and retain qualified personnel. The BOT Rule on Human Resource Management B.E. 2556 is set by the BOT Committee to ensure working stability for employees and to establish the employment framework between the BOT and employees such as recruitment, appointment, promotion, training, scholarships, punishment, welfare, etc. BAHTNET team has implemented several HR policies in order to prevent and mitigate operational risk arising from personnel. The 133 THAILAND qualification for hiring BAHTNET operators is mutually agreed by PBD and HR department; a newcomer has to follow a job training process for one month so that he or she has inclusive understanding for all tasks of BAHTNET team. New comer will be assigned to work as a buddy with an experienced operator to ensure that operations are done correctly and accurately. Consequently, all BAHTNET procedures can be performed by any operator. Currently, BAHTNET operation team does not face high turnover rate. According to the BOT’s HR policies, all employees are subjected to give a one-month notice before resignation, where the BOT reserves the right to retain the leaving employee up to 3 months from the informed date in case that the resignation will affect the BOT operation. Furthermore, BOT Regulation No. Tor. 39/2558 – the measures of Operational Risk Incident is applied to mitigate personnel risk as follows. BOT Regulation No. Tor. 39/2558 – the measures of Operational Risk Incident: operational risk relating to personnel is mentioned in this regulation. For example, insufficient human resource, human error, etc. To prevent fraud, each BAHTNET operator is given only authorization at the minimum level to perform the assigned tasks. In addition, “dual control” approach is adopted, for which any task has to be completed by two persons. Operators are allowed to rotate themselves to related department in order to enhance their knowledge, which will positively affect operational efficiency. Note that the system always record usage history and logs of each operator. Risks arising from implementing new functions or changes may vary from misunderstanding or miscommunication of the requirements between relevant stakeholders during the development process, lack of understanding or training for using new functions or interruption caused by implementation of new functions, all of which adversely affect smooth functioning of BAHTNET. Every change has to be recorded in the change management system by PBD which is approved by PBD and ITD management. PBD and ITD will report ongoing project status to the Payment System Sub Committee on a quarterly basis. In order to mitigate risks arising from changes and major projects, the BOT places a high priority on the project and change management process, comprising planning, development and testing phases as follows: 134 THAILAND Planning Project’s detail, impact and activities are analysed as well as coordinated with related parties. Project activities are planned thoroughly before obtaining an approval from the Payment System Sub Committee. Accordingly, working teams are set up to be responsible for the project development, consisting of representatives from PBD and ITD. Developing The development process is mainly responsible by ITD with several ongoing discussions with the PBD to ensure that functions are developed in accordance with the business requirements. Testing This can be divided into 4 phases which are 1) System Integration Test (SIT): conducted by ITD to ensure that the new function works individually and compatible with existing functions 2) User Acceptance Test (UAT): conducted by PBD to verify correctness of the new function compared to business requirements 3) Industry Wide Test (IWT): conducted by PBD and BAHTNET participants in order to get used to the new function and test with real business cases. Training is also provided to participants during this phase to create good understanding of the new function. In addition, Performance and Disaster Recovery Test are conducted together by IT and PBD to ensure that the new function can be operated on both the primary and secondary site, ensuring high degree of reliability and availability. 4) Project value realization: After 6 months of change and project implementation, project value realization is conducted to evaluate user satisfaction, system efficiency and related statistics by means of a survey with participants. The result will be reported to the Payment System Sub Committee for project closure approval accordingly. Key consideration 2 An FMI’s board of directors should clearly define the roles and responsibilities for addressing operational risk and should endorse the FMI’s operational risk-management framework. Systems, operational policies, procedures, and controls should be 135 THAILAND reviewed, audited, and tested periodically and after significant changes. Description Roles, responsibilities and framework Roles and responsibilities for BAHTNET operational risk management are defined according to PBD line of management. The PSC, which acts as an FMI board, is responsible for annually reviewing and endorsing the Payment System Risk Management Framework and BAHTNET Risk Management Framework, which contains risk reporting practices, to achieve clear responsibilities and accountabilities. Review, audit and testing Operational policies and procedures will be reviewed and tested following all significant changes in the system such as introducing a new function. As stated in Q.17.1.6, the BOT will arrange the Industry Wide Test (IWT) with participants before implementation. Operational procedures and controls will be annually audited by Internal Audit Department. In addition, the BOT conducts an annual drill on BCP with participants, normally during the last quarter of each year. Participants are also required to conduct internal test of their BCP at least once a year as prescribed in BAHTNET Regulation, the result must be submitted to the BOT. Process and control are audited by external auditors from time to time. The recent external audit on BAHTNET was conducted in 2016, for which the audit scope comprised the following 1) IT Governance 2) Business Continuity Management 3) Network and Server Management 4) Software Quality Assurance Furthermore, BAHTNET system was certified by the ISO/IEC 27001: 2013 in ISMS in 2015 where a surveillance audit is required on an annual basis. The scope includes 1) Daily operation of BAHTNET team 2) Physical security 3) Incident 136 THAILAND 4) Rights 5) Management of classified information 6) Understanding on policy and security objective 7) Compliance on related regulation Moreover, re-certification audit is required for certificate renewal every three years. Key consideration 3 An FMI should have clearly defined operational reliability objectives and should have policies in place that are designed to achieve those objectives. Description BAHTNET’s operational objective is annually defined by the PSC. Currently, the objective is the target availability, for which the Recovery Time Objective is set at 2 hours without any information loss (Recovery Point Objective = 0), and the target system availability is set at 99.9 percent for 2018. Apart from being reviewed by and reported to the PSC, BAHTNET availability target is published in the annual Payment System Report. Note that PBD and ITD have signed the BAHTNET Service Level Agreement (BAHTNET SLA), which is in accordance with the target availability approved by the PSC. The operational reliability objectives are stated in Q.17.3.1. High degree of operational reliability can be achieved by: • Recovery Time Objective: The 2 hours recovery time is the viable objective for resuming operation by activating the backup site in an extreme circumstance which are tested annually. • Recovery Point Objective: The systems are designed with a real- time data redundancy with RPO set to 0 to ensure that all transactions can be resumed seamlessly after the recovery. • System Availability: Critical business functions are identified and prioritized in BAHTNET SLA, which will be used to calculate the system downtime. The policies to achieve BAHTNET operational reliability objectives are designed as follows: Daily operation checklist and BCP are established to specify actions, communication, procedures and responsibilities to be taken in case of contingency. Additionally, the BOT has set up the secondary site 35 kilometers away from the main site, with similar hardware, software and real-time data replication to ensure continuous operation in case 137 THAILAND of natural disaster or system failure. This will enable, in the case that operation cannot be resumed at the primary site, the system to resume its operation within 2 hours by migrating BAHTNET system to operate on the backup site. In this regard, the Service Level Agreement (SLA) has been established between PBD and ITD for providing recovery service to BAHTNET system within 2 hours. In addition, an annual disaster recovery drill is conducted every year to ensure that the operational reliability objectives can be achieved. Key consideration 4 An FMI should ensure that it has scalable capacity adequate to handle increasing stress volumes and to achieve its service-level objectives. Description According to the current design of BAHTNET, the transaction capacity is set to 15,000 transactions per hour, whereas the actual number of transaction processed through BAHTNET is approximately 16,000 transactions per day in 2017. BAHTNET operation team is responsible for tracking the number of processed transactions in order to generate the statistic report for capacity improvement planning. Normally, the volume stress test is conducted on the testing environment every time there is a change or new function implemented in the system. . ITD will adjust programs or system configurations to meet the agreed transaction capacity accordingly . So far, the result shows that the system can still handle peak time capacity with excess capacity available. The capacity planning is done every year. PBD and ITD are both responsible for monitoring the system capacity in a different perspective. PBD has a real-time monitoring tool to keep track of the number of transactions against the maximum capacity. ITD will monitor BAHTNET capacity through a resource utilization monitoring tool. In case that the capacity is near its maximum capacity (or above the agreed threshold), there will be an alert notification to relevant persons to monitor closely. PBD will try to figure out the situation whether it can be addressed by using business solution. If a business solution is not viable, PBD and ITD will cooperatively explore the solution to be in line with current business needs. Key consideration 5 An FMI should have comprehensive physical and information security policies that address all potential vulnerabilities and threats. Description Physical security 138 THAILAND Restricted area access According to Section 3 of BOT Notification No. 56/2560 of Security Department, PBD and ITD are required to identify the restricted areas in cooperation with Security Department. Accordingly, the management of both departments have the obligation to define and manage the access rights of their responsible restricted areas. Data center Criteria for establishing data centers are specified internally by ITD including the location, structure and zoning, access control, environmental control, working procedures, emergencies handling, monitoring and data tape elimination. Furthermore, the data centers are required to follow Notification of ITD No. Tor. 3/2560 regarding IT security measures as follows: - Section 7: Topic 1 - Requirements for the maintenance of physical security for the data center and computers; To ensure that physical access to data center and equipment inside is protected from unauthorized access which may result in a breach of information of IT system security. For example, the location of data center shall not be easily known and should be difficult to access by a third party. - Section 7: Topic 2 – Requirement for the maintenance of security for computers; to ensure that there are damage protection measures for the BOT’s computers, along with measures to prevent stored information from unauthorized access. For example, the Data Center Team shall ensure that there is a fire control system which operates automatically when there is a fire without causing harm to equipment and staff. ITD is responsible for project or change management that are related to BAHTNET physical security such as data centers. Sources of physical vulnerabilities are identified following the recommendation of leading international technology consultants before implementing the project or change to ensure that plausible source of physical vulnerabilities and threats are handled properly. As the computer centers are located at the BOT’s Head Office building and restricted area, both data centers (DCs), the primary and backup site, have strong restriction for physical access, for which security systems are monitored and controlled by Security Department. On DC facility’s infrastructure, there was an assessment on DC by external expert, HP Critical Facilities Service, in 2011. 139 THAILAND As mentioned in Q.17.2.4, BAHTNET is certified by the ISO/IEC 27001: 2013 in ISMS, for which the scope of surveillance includes physical security of BAHTNET System. The facility’s infrastructure was surveyed to identify the DC Tier level, based on the Uptime Institute Tier definitions, for which the result indicated that both DCs were classified corresponding to TIER III. Last year, the BOT implemented 2-factor authentication by using Biometrics technology in every data center. Information security Plausible sources of information security vulnerabilities and threats are addressed in the BOT policies and process on an ongoing basis as explained below. Referred to BOT Notification ITD No. Tor. 3/2560, which is in line with related external and internal laws and regulations such as Computer- Related Crime Act, Electronic Transactions Act and BOT Regulation on Security Policy, IT security measures are stated as follows: - Section 5: Topic 1 – Setting the policy on information access control; To ensure that there is a guideline on the control and restriction of access to information at all levels, for example, management and Product Managers have the duties and responsibilities to ensure that there is appropriate segregation of duties amongst staffs to prevent any one staff from gaining absolute right such that damage is incurred to the BOT.. - Section 5: Topic 2 –Managing access by users; To ensure that there is management and restriction of access to information at all levels. The management and Product Managers have the duties and responsibilities to oversee the request for usage, modification and revocation of user accounts. - Section 5: Topic 3 – Responsibilities in password protection; BOT staffs are responsible for protecting and keeping their own password confidential. By design, the password must be updated regularly. - Section 5: Topic 4 – Managing application access; The system must be protected from unauthorized access by setting the methods for accessing IT systems and the procedures for user authentication so that access to IT systems is secure and suitable. 140 THAILAND Process for addressing the plausible sources of information security vulnerabilities and threats: • PBD and ITD are responsible for project or change management that are related to BAHTNET information security such as implementing new applications or features. Sources of information vulnerabilities are identified in the planning process before implementing the project or change to ensure confidentiality, integrity and availability of data. The BOT strictly follows IT security measures to ensure safety of Information technology usage, covering the following areas: 1) General usage of information technology 2) Usage of computer and computer peripheral 3) Usage of computer network and computer system 4) Usage of computer software 5) Usage of fundamental IT system 6) Usage and disclosure of information 7) Usage of personal owned device with the BOT’s system (BYOD@BOT) Information security policies, processes, controls and testing are appropriately complied with related external and internal laws and regulation following Q.17.5.3. Key consideration 6 An FMI should have a business continuity plan that addresses events posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description Objectives of business continuity plan BAHTNET’s business continuity plan (BCP) reflects the objectives, policies and procedures which allow for rapid recovery and timely resumption of critical operations following a wide-scale or major disruption as shown below. BAHTNET BCP is a framework to mitigate/limit potential damage from emerging events. Scenarios are defined and evaluated following 141 THAILAND different disruptive events such as disaster, unrest and epidemic. Operation checklists in case of emergencies are also prepared to ensure a rapid recovery within the 2-hour timeframe, so that the BOT can resume daily operation with the least relevant effect. Objectives of the BCP are summarized as follows: ­ Define solutions and framework to handle the consequences. ­ Specify responsibilities of the BOT and participants clearly and implement when an incident occurs. ­ Collaborate smoothly between participants and relevant BOT departments. ­ Readiness preparation such as human resource, back-up applications ERMD will conduct an annual enterprise disaster recovery drill and PBD will conduct an annual disaster recovery drill with the participants and connected FMIs including TSD and HKMA. In addition, disaster recovery test is conducted every time there is a change or new function implemented in the system. Design of business continuity plan The BOT has developed a contingency plan to cope with a wide range of incidents and failures. The plan deals with different levels of software and hardware defects and disruptions in various communication networks. Various scenarios and staff roles are analysed, including disruptions in telecommunication and electrical power, and disruptions in contact with important external parties. Moreover, rules and procedures for decision-making processes are worked out under the plan, and there is a clear division of staff responsibility in various emergency situations and follow-up responsibilities. The BCP of BAHTNET system was designed in accordance with the 2- hour recovery objective which includes IT and Business activities. The decision to activate the BCP was designed in accordance with the recovery capability of IT system which was tested annually. So far, the test result showed that the IT system migration can be recovered approximately within 1.30 hours, thus leaving room for BAHTNET operators to verify functionality of the recovered system. As mentioned in Q.17.4.1, the maximum processing capacity of BAHTNET is 15,000 transactions per hour, while the transaction 142 THAILAND processed through was approximately 16,000 transactions per day in 2017. Therefore, BAHTNET is capable of handling average number of daily transactions within slightly above 1 hour. BCP documents are in place for every role of staff such as IT system administrators, IT application administrators, IT operators, IT strategy team, business users and the management. The documents are required to be up-to-date at all times. BCP execution is conducted regularly to ensure that every party can effectively follow the procedures and is ready when the disaster happens, as well as to ensure that the backup system runs smoothly. Following this, participants are required to join the test which includes back-up site testing for all members. This is to ensure that the two-hour recovery time can be achieved. In case of crisis, the call tree will be activated. BAHTNET System was designed by having redundant hardware and network components both at the main and secondary site, while data are also replicated to the secondary site in a real-time manner, thus the Recovery Point Objective is 0. Data verification is conducted after the recovery to identify status of the latest transaction of each participant. However, in case there is a missing transaction during disruption, participants and the BOT will cooperatively figure out to ensure that all transactions are identified and smoothly resume their operation Crisis Management Procedures of the BOT address the need for effective communication both internally and externally with key stakeholders and the authorities as follows: ­ BOT Regulation No. Tor. 15/2551 – The Measures of Business Continuity Plan of the BOT indicates the responsibilities of BOT executives for command and responsibilities of relevant departments for operation. The procedures and processes for handling the incidents that affect BOT performance are also included. BAHTNET BCP, both business part and IT part - Emergency contacts (Call Tree) and communication procedures of relevant parties are clearly identified in BAHTNET BCP. Lines of authority for decision making are also stated and specified for each scenario. 143 THAILAND Secondary site BAHTNET BCP incorporates use of the secondary site to ensure that the secondary site has sufficient resources, capabilities, functionalities and appropriate staffing arrangements as well as locates in a sufficient geographic distance from the primary site as described below. As mentioned in Q.17.6.3, BAHTNET System is designed to have its hardware and database at the primary data center (DC1) and the secondary data center (DC2) with identical capacity, replaceable and redundancy. Consequently, BCP was designed by categorizing disruptive events for switching operation from the primary site (DC1) to the secondary site (DC2), such as absolute disruption of the BAHTNET system, occurrence of an emergency incident or a disaster’s damaging primary data center. Generally, IT staffs remotely monitor the secondary site and are assigned to station at the secondary site once a week. The secondary site is geographically diverse as it is located in a different province which is 35 Kilometres away from the main site. In this regard, BAHTNET operation team are not required to routinely station at the secondary site as it takes only 1 hour to travel. Currently, normal operation is switched from DC1 to DC2 once a year, however, the BOT plans to increase the frequency of this practice in the near future. Currently, the BOT has established another data center (DC3) which is located in the North eastern region of Thailand in order to obtain higher resilience. PBD has studied a possibility of having an alternative system or practice in case of complete unavailability of BAHTNET system. Currently, PBD is in the process of implementing BAHTNET Offline as an alternative arrangement which will be available in Q3/2019. Review and testing The BOT conducts cooperative testing with BAHTNET participants and other FMIs in case of disaster, unrest and epidemic every year. The scenarios are set differently each year to test the process and the recovery timeframe back to normal. Off-site work is also tested in case of Mobile Office to support the operation in emergency incidents to become more flexible. 144 THAILAND BAHTNET participants, including TSD, are required to involve in BAHTNET’s annual BCP drill and contingency arrangements. Participants are able to provide feedback and suggestion regarding the tested BCP drill as well as review and test their own BCPs according to the description below. BAHTNET participants have to arrange internal BCP test at least once a year and report the result to the BOT (According to BOT Regulation BN – Article 74). Internal BCP test should apply one of these following incidents; ­ Case 1 : Migrate to DR site ­ Case 2 : Discontinuity of the system ­ Case 3 : Network error ­ Case 4 : Staff replacement ­ Case 5 : SWIFT Network error (for SWIFT members) The BOT arranges a cooperative testing every year on Annual Clearing Contingency Drill with HKMA, the USD CHATS service provider. Key consideration 7 An FMI should identify, monitor, and manage the risks that key participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description Risks to the FMI’s own operations Risks related to BAHTNET operation are identified comprehensively in the BAHTNET Risk Management Framework including risks arising from participants, the linked FMIs and utility providers as follows: • Risk arising from key participants: BAHTNET has identified the top sending banks in BAHTNET system via liquidity monitoring as key participants of BAHTNET since these parties may create a widespread impact to other participants, if disrupted, and may cause operation delay or cut-off time extension. Accordingly, the BOT has prepared a contingency plan for these key participants. Key participants may be identified by the numbers of customers that rely on a particular direct participant for processing 3rd party funds transfer transaction in BAHTNET which may create dependency on liquidity and operation. PBD has, from time to time, conducted analysis on this arrangement and closely monitored participants who have high dependency. • Risk arising from other FMIs: Disruption of linkage with other FMIs such as CSD Link with TSD may interrupt all transactions 145 THAILAND related to securities settlement and prevent day-end reconciliation process. In this case, the BOT and TSD will follow the contingency procedures in order to analyze the cause and promptly notify the other party via telephone and email, apply for service time extension and resolve the difficulty; other parties’ coordinator shall be promptly notified via telephone and email. Risk arising from utilities and network service such as disconnection of network or power outage. The BOT has implemented several measures to prevent risk arising from disruption of utilities such as redundancy of networks or power sources (there are 2 network equipment and 2 sources of power supply per site, with over 4 network providers). In addition, penalty is set out in a contract between the BOT and network providers in case the service is unavailable for a certain period. Not applicable since BAHTNET does not outsource any of its service. Risks posed to other FMIs The BOT regularly monitors linkages with other FMIs in order to timely respond to operational risk arising from disruption of BAHTNET which may pose to other FMIs, including linkage with TSD and HKMA. In addition, the BOT requires connected FMIs to have their BCPs arranged and conducted an annual drill with the BOT to ensure timely recovery from their backup site in case of disruption The BOT has designed a framework for communication and cooperative problem solving with TSD and HKMA. 1. Measures between the BOT and TSD (Section 5.10 Measures for disruption between the BOT and TSD linkage system) ­ When an incident occurs, inform the cause and solving timeframe to the other FMI immediately via phone or e-mail respectively. ­ If the problem cannot be solved within the operating hours and there are still pending transactions in the system, the BOT and TSD will mutually consider to extend the operating hours and inform related parties accordingly. ­ If the problems are solved, the BOT or TSD will immediately inform the other FMI via phone. 2. Communication BCP USD-THB PvP Link 146 THAILAND ­ Part 1: Extend the Cut-off Time of USD-THB PvP Link ­ Part 2: Disconnect the USD-THB PvP Link between THB CCPMP and Gateway during the Announced PvP Service Suspension Period and back to former channel. ­ Part 3: Ad Hoc Holidays in Thailand Key conclusions The BOT provides comprehensive policies, procedures, and controls for BAHTNET system in order to monitor and mitigate operational risk. These policies, procedures, and controls are well documented and tested regularly. BAHTNET risk management policy and processes are specified in the BAHTNET Risk Management Framework. Identified plausible sources of operational risk include those arisen internally and externally as well as risks that bear from and pose to participants and other FMIs. BAHTNET operational reliability objective is defined and approved by the PSC, for which the system can be recovered within 2 hours following the disruption without data loss (RPO = 0). The target availability of BAHTNET is reviewed annually and set to 99.9% for year 2018. Business Continuity Plans are comprehensive, taking into account all related aspects (including business and IT perspective) and are tested regularly including the BOT internal test, BAHTNET participants’ test, TSD test and cooperative test between the BOT, TSD and participants. The DR sites and all back-up procedures are available to support immediately in case of emergency incidents. Assessment of Observed Principle 17 Recommendations and comments Principle 18. Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description Participation criteria and requirements Criteria and requirements for BAHTNET participants are elaborated in BAHTNET Regulations and BOT Notifications which includes financial, operational and legal requirements. 147 THAILAND Legal and Financial requirements The Regulations and Notifications specifies type of institutions that are allowed to become BAHTNET participants. These intuitions have to comply with the regulations, legal and financial requirements specified by relevant authorities and the BOT will not impose additional legal or financial requirements. BAHTNET participation criteria are as follows: 1. Being financial institutions in accordance with the Financial Institutions Business Law. 2. Being state-owned Specialized Financial Institutions established under specific laws. 3. Being government agencies, internal departments of the BOT or other juristic persons established under specific laws which transfer or receive high-value of funds transfer. 4. Being securities companies, clearing houses or securities depositories in accordance with the Securities and Exchange Law. 5. Being payment system business providers under supervision which provide retail funds transfer systems for systems users or card network systems in accordance with the Payment Systems Law. 6. Being payment service business providers under supervision in accordance with the Payment Systems Law which transfer or receive high-value of funds transfer. All entities must have prior approval by the BOT to open current or settlement accounts for funds transfer via BAHTNET. Moreover, entities under item 1.4-1.6 are subject to the BOT consideration whether they are sound for the payment systems as a whole both in terms of efficiency and stability. (Source: Guidelines for opening an account at the BOT) Operational requirements the operational requirements for participants are specified as follows: 1. The juristic persons that wish to request authorization from the BOT to use BAHTNET services shall have computer systems and Business Continuity Plan (BCP) that meet the generally accepted standards in case there is an event which prohibits normal operations of BAHTNET. 2. The juristic persons are required to maintain the availability of personnel to operate BAHTNET or experts in relevant fields who are ready to attend user training and testing as required by the BOT prior to commencing BAHTNET services. 148 THAILAND (Source: Access Criteria for Juristic Person to Participate as BAHTNET Service User - Sor.Ror.Khor. 4/2561) Related legal frameworks: - BAHTNET participants which are financial institutions under Financial Institutions Businesses Act B.E. 2551 (2008) or Specialized Financial Institutions (SFIs) will be regulated by the BOT. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E24_Institution_Sep2011.pdf) -BAHTNET participants which are payment system business providers or payment service business providers under Payment Systems Act B.E. 2560 (2017) will be regulated by the BOT. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E40_Payment.pdf) ­ - BAHTNET participants which are securities companies, clearing house or securities depository under Securities and Exchange Act B.E.2535 will be regulated by the SEC. (http://www.sec.or.th/EN/SECInfo/LawsRegulation/Documents/actandro yal/1Securities.pdf) The criteria and requirements for participating in BAHTNET allow for fair and open access. The BOT allows not only financial institutions but also other types of entities as prescribed in the Notification to become BAHTNET participants with an aim to promote effectiveness and stability of the overall payment systems. These entities must have prior approval by the BOT to open settlement accounts for funds transfer via BAHTNET system. (Source: Guidelines for opening an account at the BOT) There are 2 types of participants, namely, direct participants and associate participants. Direct participants are able to send and receive funds transfer, and perform other functions using their own workstation subsystem, which is directly connected to BAHTNET. Associate participants have an account at the BOT, but do not have their own workstation subsystem. They will rely on direct participants to perform funds transfer and other functions on behalf of them. Normally, associate participants are institutions which have small transfer volume/value in BAHTNET, thus they do not want to have high investment cost from becoming direct participants. Note that both 149 THAILAND direct and associate participants are subject to the same access criteria when applying to participate in the system. Access to trade repositories Not applicable since BAHTNET is considered as Systemically Important Payment Systems (SIPS) not Trade Repositories (TR). Key consideration 2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. Description Justification and rationale of participation criteria BAHTNET participation requirements aim at enhancing safety and efficiency of the BAHTNET system as well as stability of the payment systems as a whole. Therefore, the BOT allows financial institutions and specialized financial institutions which are supervised by the BOT, government agencies as well as legal entities under supervision of relevant authorities that the BOT deems appropriate to have access to BAHTNET services. In addition, there are operational requirements to ensure safety and efficiency of BAHTNET as described in Q.18.1.1. No, there are no non-risk based requirements. Participant requirements for BAHTNET are risk based as described in the access criteria in Q.18.1.1. Least restrictive access Both direct and associate participants are subject to the same access criteria as prescribed in BAHTNET Regulations (Title 2 - BAHTNET Access Criteria) and BOT Notification No. Sor.Ror.Khor. 4/2561 Access Criteria for Juristic Person to Participate as BAHTNET Service User. They must obtain approval from the BOT to become BAHTNET participants. The PSC has stipulated that the access requirements be reviewed every two years or when there is a policy change, where the updated access criteria are subject to the PSC approval. 150 THAILAND Furthermore, to ensure that the access criteria do not place too much restrictive requirements, the BOT conducted a study on other central banks’ access criteria as well as discussed with relevant stakeholders such as BAHTNET AG, new potential players which the BOT deems appropriate to have access to BAHTNET services. After the study, the BOT revised the access criteria accordingly. Disclosure of criteria All of the regulations and notifications related to criteria and requirements for participation including Guidelines for Opening an Account at the BOT are publicly disclosed on the BOT website (www.bot.or.th) under the Payment Systems Notification & Circulars for BAHTNET system section. Hard-copy documents are circulated to all BAHTNET participants. Key consideration 3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description Monitoring compliance BAHTNET Operation Team manages the access criteria and requirements and detailed information of participants. The team is also responsible for examining and monitoring BAHTNET participants’ ongoing compliance by performing an annual review on access criteria and requirements of all participants as prescribed in 18.1.1. Besides, BAHTNET participants will be requested to submit their BCPs and organize a drill of the contingency plan annually in order to ensure participants’ compliance with operational requirements. BAHTNET participants are subject to on-site and off-site examination for their legal and financial requirements by the BOT supervisors in accordance with the following regulations: - BAHTNET participants which are financial institutions under Financial Institutions Businesses Act B.E. 2551 (2008) and Specialized Financial Institutions (SFIs) will be monitored by the BOT Supervision Group. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E24_Institution_Sep2011.pdf) 151 THAILAND - BAHTNET participants which are payment system business providers or payment service business providers under the Payment Systems Act B.E. 2560 (2017) will be monitored by Payment Systems Policy Department. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E40_Payment.pdf) - BAHTNET participants which are securities companies, clearing house or securities depository under the Securities and Exchange Act B.E.2535 will be monitored by the SEC. (http://www.sec.or.th/EN/SECInfo/LawsRegulation/Documents/actandro yal/1Securities.pdf) BAHTNET Operation Team will receive information regarding risk profile of participants from relevant supervisors. The procedure was established internally with the Supervision Group to ensure that the supervisors will notify BAHTNET Operation Team to conduct enhanced surveillance when participant’s risk profile is deteriorated. For example, BAHTNET Operation Team will closely monitor liquidity sufficiency as well as EWI indicators. Generally, Supervision Group will monitor participants which are financial institutions under 3 aspects; 1) financial condition and performance, 2) risk management and 3) information technology management and operation. (https://www.bot.or.th/English/FinancialInstitutions/Policy/Pages/default .aspx) For other legal entities such as securities company or licensed electronic payment business providers, BAHTNET Operation Team will closely monitor those whose risk profile deteriorates and coordinate with the SEC or the examiners under Payment Systems Policy Department respectively to take necessary actions according to related laws and regulations. Suspension and orderly exit The BOT will monitor participants’ compliance with BAHTNET’s participation requirements and will instruct temporary termination of services under the following cases: 152 THAILAND - Inability to comply with the BOT regulations - Frequent disruptions in BAHTNET Workstation or equipment that links to the BAHTNET system - Inappropriate security system in BAHTNET Workstation - Being under complete custodianship as ruled by Thai or foreign court - In a default situation as stipulated in the BOT Regulation for Highly Important Payment System’s Participant Default Rules and Procedure The procedures for managing suspension and orderly exit of a participant that breaches, or no longer meets the participation requirements are stated in Article 83 – 88 (Title 12 – Termination of Services) of BAHTNET Regulation. In addition, participant who wants to terminate BAHTNET services, either temporarily or permanently must notify the BOT at least 30 days in advance, for which the BOT may consider to terminate its services to a participant who does not observe its regulations or poses risks to the system. Lastly, the procedures for suspension or orderly exit which the BAHTNET participant needs to act upon, according to Article 89 – 90 of the BAHTNET Regulation, are for example: - Eliminate the BOT’s application programs in the participant’s Workstation Subsystem - Maintain confidentiality pertaining to use of BAHTNET despite the service termination - For a participant which is a SWIFT member, whenever there is a termination of all services of BAHTNET, that participant’s membership of the CUG will also be terminated. Besides, BAHTNET itself also has the mechanism to prevent participants from accessing BAHTNET service after termination by blocking all access channels that the participants could enter into the system. (Source: BAHTNET Regulation) In an event of default, the BOT will manage the suspension and orderly exit of the participant as described in Principle 13. BAHTNET Regulation Title 12 – Termination of Services related to the procedures for managing suspension and orderly exit of participant is disclosed to the public on the BOT Website (www.bot.or.th) under 153 THAILAND Payment Systems Notification & Circulars for BAHTNET system section. (Source: BAHTNET Regulation) Regulation and Notification related to an event of default are also disclosed on the BOT Website under Payment Systems  Payment Systems Notification & Circulars  Related Regulation Payment System. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/R elatedRegulation_PaymentSystem/Pages/default.aspx) Key Conclusions BAHTNET has fair and open access criteria with an aim to promote risk management capability, system stability and efficiency as well as financial stability. The BOT examines and monitors BAHTNET participants’ ongoing compliance by performing an annual review on access criteria and requirements of all permitted participants. The access criteria, requirements and procedures for facilitating suspension and orderly exit of a participant are clearly defined and are available to the general public on the BOT website Assessment of Observed principle 18 Recommendations and comments Principle 19. Tiered Participation Arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Key consideration 1 An FMI should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements. Description Tiered participation arrangements Currently, all BAHTNET participants are bound by BAHTNET rules and regulations to open and hold the current account or settlement account. Thus, tiered participation arrangements does not exist in BAHTNET as all participants are recognized as direct participant. There are 2 categories of direct participant consisting of “Direct participant” and “Associate participant” as follows: 154 THAILAND 1. Direct participant is a member who received the BOT’s permission to use BAHTNET services. 2. Associate participant is a member who received the BOT’s permission to use BAHTNET services’ via other direct participant’s BAHTNET Workstation Subsystem. The transactions will be sent and received by an affiliated direct participant on its behalf 17. This could be classified into 2 categories as follows; 3. Associate participant with the BOT which are Secondary Mortgage Corporation and the BOT’s internal departments such as Finance & Accounting Department and Accounting & Supply Department 4. Associate participant with parent institution which is a securities company that uses its parent bank’s workstation for BAHTNET usage. In this case there is only one participant namely Tisco Securities Company Limited who uses Tisco Bank Public Company Limited’s workstation for BAHTNET usage. As mentioned above, there is no tiered participation arrangements in the system. Both direct and associate participants are required to open their own current or settlement accounts in BAHTNET according to the Guidelines for Opening an Account at the BOT. They also have to comply with the BOT Regulations related to BAHTNET in order to identify, monitor, and manage any material risks. Guidelines for Opening an Account at the BOT https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/B N_Regulation/Others/5-2_Guidelines2-EN-VK- ok_Guidelines%20for%20Opening%20an%20Account%20at%20the%20 Bank%20of%20Thailand_Disclaimer.pdf Currently, there are 63 BAHTNET participants comprised of 59 direct participants and 4 associate participants. Although BAHTNET does not have indirect participant, BAHTNET provides 3rd party funds transfer service for individual customers, corporates or other financial institutions whose payment transactions are processed through direct participants. The majority of 3rd party transactions are from subsidiaries of direct participants. These arrangement may create dependency on liquidity of direct participant. 17 This is due to the fact that the associate participants usually have only a few transactions such as less than 10 transactions per month. Therefore, the BOT allows them to rely on direct participant’s workstation to avoid investment cost on their own BAHTNET workstation. 155 THAILAND BAHTNET operation team conducts analysis on risk arising from 3rd party funds transfer service every 6 months by gathering basic information regarding traffic on BAHTNET. Both direct and associate participants are monitored and regulated under BAHTNET regulations, thereby having equal binding under the Rights and Obligations of the BAHTNET participants. The BOT closely monitors associate participants via either their current or settlement accounts held at the BOT to ensure no material risks can arise from such arrangements. Risks to the FMI Not applicable since BAHTNET does not have tiered participation arrangements. Key consideration 2 An FMI should identify material dependencies between direct and indirect participants that might affect the FMI. Description Not applicable since BAHTNET does not have indirect participants. Key consideration 3 An FMI should identify indirect participants responsible for a significant proportion of transactions processed by the FMI and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the FMI in order to manage the risks arising from these transactions. Description Not applicable Key consideration 4 An FMI should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate. Description Not applicable Key conclusions All BAHTNET participants are bound by BAHTNET rules and regulations to maintain or open account with the system. There is no tiered participation arrangement in BAHTNET as all participants are recognized as direct participants. Assessment of Not applicable Principle 19 Recommendations and comments 156 THAILAND Principle 20. FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link- related risks. Key consideration 1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. Description Key consideration 2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description Key consideration 3 Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high quality collateral and be subject to limits. Description Key consideration 4 Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. Description Key consideration 5 An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. Description Key consideration 6 An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. Description Key consideration 7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description Linked CCP default Collective link arrangements (three or more CCPs) Key consideration 8 PS CSD SSS CCP TR ● 157 THAILAND Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfil its obligations to its own participants at any time. Description Exposures and coverage of exposures Management of risks Information provided to participants Key consideration 9 A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Description Key conclusions Assessment of Not Applicable Principle 20 Recommendations and comments Principle 21: Efficiency and effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key consideration 1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard to choice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description As one of the key financial infrastructures for Thailand, BAHTNET was designed to provide interbank funds transfer services and smooth settlement supporting financial and capital markets’ transactions to serve the participants’ needs as well as to maintain financial stability. Besides interbank funds transfer services, BAHTNET provides third party funds transfer, capital market settlement and retail payment settlement, as well as PvP settlement between THB and USD as a choice for participants to mitigate FX settlement risk. To ensure that BAHTNET services take into account the needs of participants and the market, the BOT has established a consultation forum with the industry, specifically, the BAHTNET Advisory Group (AG). BAHTNET AG comprises representatives from Thai Bankers’ Association, the Association of International Banks, Specialized Financial Institutions 158 THAILAND (SFIs), and Thailand Securities Depository Co., Ltd. (TSD). All meeting minutes are circulated to all BAHTNET participants after each meeting. The BOT and BAHTNET AG use this forum to exchange views on the feasibilities of: - Adoption of new business and technology - New initiatives on system development - Rules and regulations / practical guidelines - New policies or measures Any development of new features or functions will be discussed with the AG to ensure that the new initiatives meet the needs of participants and the market and are in line with the international standards. AG consultative meeting is held occasionally as deemed necessary or at least annually. Specific working groups under the AG may be set up to tackle particular topics as necessary. An additional mechanism to collect participants’ requirements is an industry survey and hearing sessions to get views and feedbacks from all participants. When there is a new initiative or system development due to change in payment environment or new edge of technology, the BOT will discuss with relevant stakeholders including the AG as well as other central banks to exchange views and insights. Moreover, the BOT will host hearing sessions to discuss and inform participants of the implementation plan and timeline, facilitate training and industry wide testing, and collect feedback to ensure the system development will be in line with the participants’ needs. Apart from BAHTNET participants, the needs of other stakeholders are taken into account such as requirements from the linked systems or government agencies. Executive meetings between the BOT and TSD are held annually in order to discuss development plans, cooperation and impact to the other system. The BOT also meets with the government agencies (i.e. the Comptroller’s General Department) in order to take into account development requirements from the government policies. The BOT also provides an annual service satisfaction survey to all participants to evaluate not only the quality and stability of the system but also the service of BAHTNET in order to collect requirements and 159 THAILAND improve the service to meet the needs of participants and the market in the future. Key consideration 2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities. Description By virtue of Section 7 of the Bank of Thailand Act, the BOT is responsible for maintaining monetary stability, financial institutions system stability, and payment systems stability. Moreover, by virtue of Section 44, the BOT shall establish or support the establishment of payment systems including clearing system between institutions and management of such system for an efficient, safe and sound payment systems. Therefore, BAHTNET is established as a financial infrastructure to serve Real-Time Gross Settlement (RTGS) of large value funds transfer between financial institutions or other organizations. BAHTNET was designed to mitigate settlement risk among financial institutions that maintain deposit accounts at the BOT as well as to facilitate efficient, fast and secure transfers for third-parties. BAHTNET was designed to operate with high level of availability, targeting at 99.9% where the system availability performance is reported to the PSC regularly. The target recovery time is approximately 2 hours (Recovery Time Objective -RTO) without any information loss (Recovery Point Objective = 0). To ensure that the goals and objectives are achievable, the BAHTNET system was designed to have high availability and equipped with state- of-the art technologies to avoid having single point of failure and ensure high degree of operational reliability. All BAHTNET hardware and related network components are redundant and data is replicated to the backup site in real-time manner. BAHTNET has informed its participants of the measurable and quantifiable efficiency in terms of time to process transactions or time to recover the system in a service downtime. BAHTNET and its participants regularly participate in BCM/BCP testing for various scenarios such as major disasters, political unrests, or epidemics in order to be well- prepared and achieve recovery time in an emergency event. For safety and soundness, BAHTNET has implemented multiple policies to ensure that the system meets security standard as follows: 1) Comply with IT & Cyber framework including practices and guidelines in line with related domestic laws and international 160 THAILAND standards such as ISO27001, SWIFT CSP and Internal security guidelines. 2) Undertaken Vulnerability Assessment by having external auditor to identify problems and weaknesses of BAHTNET along with performing the External Penetration Testing on a yearly basis. Since the latest infrastructure upgrade of BAHTNET, the annual system availability target is always achieved and higher than 99.9%. For the mechanisms, please see Q.21.2.2. Key consideration 3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description BAHTNET is reviewed regularly on an annual basis for its safety and efficiency. The system’s activities and payment process are monitored throughout the day, using variety of automated tools, graphs and manual checks. For safety standard, BAHTNET has received ISO/IEC 27001:2013 certificate for Information Security Management System (ISMS) where an annual surveillance audit is required. Moreover, re-certification audit is required for certificate renewal every three years. BAHTNET also receives external audit on Information System covering IT governance, business continuity management, network and server management and software quality assurance. Moreover, all transactions in BAHTNET can be tracked back from receivers to senders (end-to-end). BAHTNET keeps logs on the status of transactions at each stage in the transaction life cycle. Each transaction has a unique transaction ID number which provides an audit trail for future enquiry. Incidents and disruptions are adequately logged and rules are in place for operational follow-ups in accordance with the Computer - Related Crime Act. Computer-Related Crime Act B.E.2550  Computer-Related Crime Act B.E.2560 (unofficial) For efficiency, there is a tool to keep continuous record of resource utilization for both hardware and software. If the utilization’s threshold is reached, there will be a real-time message to alert relevant staffs to take action accordingly. Besides, BAHTNET will generate an incident report of resource utilization which will be used for performance and capacity assessment on a yearly basis. 161 THAILAND In term of pricing, currently, the BOT implements a cost recovery pricing policy, which means that the fees charged to participants must cover the cost for BAHTNET’s operations and maintenances. These costs are derived from operating and overhead expenses associated with BAHTNET. Additionally, BAHTNET provides intangible values to the overall economy, serving as the backbone financial market infrastructure for interbank settlement. Therefore, both tangible and intangible values are taken into consideration in monitoring BAHTNET’s cost and pricing structure. In order to ensure financial efficiency, the BOT conducts a review of cost and pricing structure every two years or upon changes that have an impact on BAHTNET. The latest review was conducted on 2017. the operational cost recovery objective was achieved and revenue was above operating cost. Other efficiency metrics : BAHTNET is the RTGS system which the credit risk is eliminated and the settlement occurs in the central bank money. The system also facilitates settlement of other major retail payments. In addition, robust communication procedures with all relevant parties have been established to ensure smooth communication during normal and crisis situation. Key conclusions BAHTNET has an arrangement in place to consult with participants on a regular basis in order to address their needs in the view of design and development of its operations and services. In addition, BAHTNET has established mechanisms for regular review of its safety and efficiency such as participants’ feedback, KPI scoring for measuring effectiveness and ensure system availability as targeted. The annual system availability target has been achieved and higher than 99.9%. Moreover, BAHTNET adopts cost recovery pricing policy which is reviewed every two years or when there are changes that may impact BAHTNET. In 2017 review, the operational cost recovery objective was achieved and revenue was above operating cost. Assessment of Observed Principle 21 Recommendations and comments 162 THAILAND Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description Communication procedures To achieve efficient payment and settlement system, BAHTNET has adopted an internationally accepted communication standards in order to ensure BAHTNET participants’ abilities to communicate in a timely, reliable, and accurate manner. Communications procedures BAHTNET relies on 2 types of networks to communicate with participants: SWIFT Network (SWIFTNet) and BOTNET/X. (1) SWIFT Network (SWIFTNet) Participants which are SWIFT members communicate with the BAHTNET System in SWIFT format. In this regard, participants can develop their Straight Through Processing (STP) in-house systems to directly link with the BOT. (2) BOTNET/X It is the Virtual Private Network (VPN) that the BOT uses for communicating in the BAHTNET System. The message used to communicate via BOTNET/X is in the BAHTNET XML Format developed by the BOT in accordance with SWIFT format for non- SWIFT member participants. In addition, this is a backup channel for SWIFT member participants in the event that SWIFT is unavailable. There are 2 communication channels for participants to connect with BOTNET/X as follows: • BAHTNET Web Service Channel: All BAHTNET participants are required to use this channel to inquire information such as transaction’s status, account movement, reports etc. 163 THAILAND • Host-to-Host Channel: the BOT uses this channel to link with TSD to facilitate securities settlement as well as funds transfer transactions between government agencies and the Comptroller General’s Department. Communication Procedures for Cross-border BAHTNET has established linkage with USD CHATS of Hong Kong Monetary Authority (HKMA) for Payment versus Payment (PvP) foreign exchange settlement in order to mitigate FX settlement risk for USD/THB transactions. The communication goes through Internet Protocol – Virtual Private Network (IP – VPN) of the international service provider. Transactions in BAHTNET and USD CHATS are matched through the Cross Currency Payment Matching Processor (CCPMP), using proprietary standard developed and owned by HKMA. Communication Standards There are 2 types of message standard adopted in the BAHTNET: (1) SWIFT - SWIFT member participants can use SWIFT FIN Message eg. MT202 for sending funds transfer message or MT103 for sending third party funds transfer via SWIFTNet to the BOT. The BAHTNET System will convert it to BAHTNET XML format for further processing. After completion, the system will convert message back to SWIFT Fin message in order to transmit to participants. (2) BAHTNET XML- Non-SWIFT member participants communicate via BAHTNET Web Service in BAHTNET XML format which can be processed in the system immediately. In addition, SWIFT Bank Identifier Code (SWIFT BIC) is used for identifying participants in the system for both message standard. The BOT has already adopted international standards as described above. In addition, the BOT plans to adopt ISO20022 message standard, which supports regional interoperability, in the BAHTNET system. Key conclusions The BOT has already adopted international standards for both communication procedures, SWIFT Network (SWIFTNet) and BOTNET/X, for the SWIFT-member and non-SWIFT member participants, respectively. For cross-border linkage, the proprietary message standard and procedure are adopted. Assessment of Principle Observed 22 Recommendations and comments 164 THAILAND Principle 23: Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration 1 An FMI should adopt clear and comprehensive rules and procedures that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. Description Rules and procedures Rule and procedures related to BAHTNET system are described in various forms of legal framework including the Payment Systems Act (PSA), several BOT regulations as well as guidelines, rules and procedures on key areas, whereas notifications under relevant regulations provide further information or discipline for participants to comply with. Key areas of BAHTNET system are as follows: BAHTNET Service BOT Regulation on BAHTNET Service specifies rules and rights of BAHTNET participants, including the system’s feature, access and exit criteria, rights and obligation of the BOT and participants, system rules, fees and risk management. In addition to BOT Regulation on BAHTNET Service, related notifications are issued under this regulation to provide more details for each particular area. For example, BOT Notification No. Sor.Ror.Khor. 4/2561 Re: Access Criteria for Juristic Person to Participate as BAHTNET Service User provides more detail about access requirement. BOT Notifications issued under the BOT Regulation on BAHTNET Service are listed below: (1) Fees and Charges on BAHTNET Services (2) Practical Procedure During the Transition Period of the BAHTNET System (3) Code of Conduct in case of SWIFT Network Failure, Cancellation of Funds Transfer and SWIFT Bilateral Key Exchange (4) BAHTNET’s Operation hours and Confirmation of Funds Transfer (5) Access Criteria for BAHTNET Service User (6) Criteria on Intraday Liquidity Facilities and Proportion of funds transfer via BAHTNET 165 THAILAND (7) Multilateral Funds Transfer Service (8) Code of Conduct Multilateral Funds Transfer Instruction of Processing by the BOT in an Event of Difficulty (9) Linkage on Securities Payment Settlement (10) Find on BAHTNET service for Multilateral Funds Transfer (11) Linkage between the BAHTNET and USD CHATS for foreign exchange settlements (12) Requirements on Information Security Management System for BAHTNET Client Computers (13) Access Criteria for Juristic Person to Participate as BAHTNET Service User In addition to the above regulation and notifications, BAHTNET participants are required to comply with the BOT regulation and notification on Electronic Financial Services, which set out requirements for participants who connect with the system provided by the BOT. Intraday Liquidity Facilities BOT Regulation on Purchase of Debt Instrument with Repurchase Agreement to Provide Intraday Liquidity Facilities stipulates rules for purchase of debt instruments for the purpose of intraday liquidity management. The regulation provides details on, for instance, eligible participants for using ILF, type of accepted securities, obligation of participants and the BOT regarding provision of ILF. BOT Notifications issued under this regulation are as follows: (1) Designating other institutions as Financial Institutions under the BOT Regulation on Purchase of Debt Instruments under Repurchase Contract for Intraday Liquidity Facilities (2) Regulations on Purchase of Debt Securities for Being Used as Intraday Liquidity Facilities (3) Fees and Charges Associated with Usage of Intraday Liquidity Facilities (4) Requirement on Intraday Liquidity Facilities and Proportion of Funds Transfer via BAHTNET (5) Purchase of Debt Instrument with Repurchase Agreement to Provide Intraday Liquidity Facilities on a Special Financial Institution Holiday (Case of Emergency) Securities Requirements for Settlement 166 THAILAND BOT Regulation on Measures for Managing Risks from Multilateral Net Settlement through BAHTNET (Securities Requirements for Settlement) stipulates measures for managing risks arising from Multilateral Funds Transfer including relevant parties, calculation of requirement, type of accepted securities, obligation of participants and the BOT. Notifications issued under this regulation are as follows: • Maintenance of Debt Securities According to the Measures for Managing Risks from Multilateral Net Settlement through the BAHTNET • Default management BOT Regulation on Procedures for Members of Highly Important Payment Systems to Enter Business Rehabilitation or Bankruptcy Proceedings stipulates actions to be taken by the BOT, defaulting participant, non-defaulting participants when a participant in Highly Important Payment Systems enters into bankruptcy lawsuit. Notifications issued under this regulation are as follows: • BOT Notification Re: Procedures for BAHTNET Service Users to Enter into Bankruptcy Proceedings Apart from regulations and notifications, other documents in the form of user manuals, training material or meeting document also contain specific details regarding system design and operation. Most of the above information are disclosed to the public, while some documents such as BAHTNET user manual, meeting documents and questionnaires are restricted to members only. Currently, there are two channels for information disclosure as follows: 1. Rules, regulations and guidelines in general are publicly disclosed on the BOT Website (www.bot.or.th) under the topic - payment system  Payment Systems Notification & Circulars  BAHTNET System, Electronic Funds Transfer Service (EFS), Intraday liquidity Facilities (ILF), Securities Requirement for Settlement (SRS). 2. BAHTNET user’s manual, meeting documents and attachments, training documents and annual BCP documents are disclosed only to BAHTNET participants on the BOT Website (www.bot.or.th) under the topic - payment system  Payment System member’s Corner. (with access rights) Recognizing the importance of participants’ engagement at all levels in the issuance of rules and regulations so as to ensure practical 167 THAILAND procedures and comprehensive regulations for the participants, the BOT regularly communicates with BAHTNET participants. Specifically, the BOT has established BAHTNET Advisory Group (AG) comprising representatives from Thai Bankers’ Association, the Association of International Banks, Specialized Financial Institutions (SFIs), and Thailand Securities Depository Co., Ltd. (TSD). The BOT and BAHTNET AG use this forum to exchange views on several topics including practicability of the rules and regulation which were issued or are being drafted. Additional mechanisms are meetings with all participants, focused groups, industry surveys and hearing sessions. The following BAHTNET related rules and regulations contain roles, responsibilities and procedures for the BOT and BAHTNET participants to follow during non-routine events, such as communication procedure, immediate actionable guideline or contact point, in order to ensure a smooth coordination and capabilities to tackle possible disruption. At present, non-routine events and relevant rules or procedures are as follows: (1) Code of Conduct on BAHTNET Services in an Event of Emergency (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /BN_Regulation/Others/5- 1_Code%20of%20Conduct%20on%20BAHTNET%20Services%20in%2 0an%20Event%20of%20Emergency-EN-VK-ok_Disclaimer.pdf) (2) Code of Conduct in case of SWIFT Network Failure, Cancellation of Funds Transfer and SWIFT Bilateral Key Exchange (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /BN_Regulation/BAHTNET%20Notification/3_CodeOfConductInCase OfSWIFT_NetworkFailure_2549_E.pdf) 1st amendment: https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ BN_Regulation/BAHTNET%20Notification/3.1_Sor%20Ror%20Khor%2 09-2551-EN-VK-ok_Disclaimer.pdf) (3) Code of Conduct Multilateral Funds Transfer Instruction for Processing by BOT in an Event of Difficulty (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /BN_Regulation/BAHTNET%20Notification/7.4_Code%20of%20Condu 168 THAILAND ct%20on%20CSS%20in%20an%20Event%20of%20Emergency-EN-VK- ok_Disclaimer.pdf) (4) Purchase of Debt Instrument with Repurchase Agreement to Provide Intraday Liquidity Facilities on a Special Financial Institution Holiday (Case of Emergency) (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /BN_Regulation/BAHTNET%20Notification/7.4_Code%20of%20Condu ct%20on%20CSS%20in%20an%20Event%20of%20Emergency-EN-VK- ok_Disclaimer.pdf) (5) BOT Regulation Re: Procedures for Members of Highly Important Payment Systems to Enter Business Rehabilitation or Bankruptcy Proceedings (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /RelatedRegulation_PaymentSystem/Documents/No_SorRohKho_1_2 561.pdf, https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/ RelatedRegulation_PaymentSystem/Documents/No_SorRohKho_2_25 61.pdf) Disclosure Normally, when there are changes in operating procedures or other issues which affect the regulations, notifications and guidelines, the BOT will follow the process as mentioned in Q 23.1.2. The process is disclosed to all BAHTNET participants in accordance with Article 94 of BAHTNET Regulation. The BOT discloses BAHTNET relevant rules, regulations, notifications, guidelines and key procedures on the BOT Website (www.bot.or.th) under the topic - payment systems  Payment Systems Notification & Circulars  BAHTNET System, Electronic Funds Transfer Service (EFS), Intraday liquidity Facilities (ILF), Securities Requirement for Settlement(SRS). This information is disclosed to the general public. (https://www.bot.or.th/Thai/PaymentSystems/Payment_Regulation/B N_Regulation/Pages/default.aspx) Key consideration 2 An FMI should disclose clear descriptions of the system’s design and operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. 169 THAILAND Description General information of BAHTNET operations are disclosed in BOT Regulation on BAHTNET Service and other BOT Notifications which are publicly disclosed on the BOT website. In addition, the detailed and confidential information regarding BAHTNET system’s design and operations are documented in the BAHTNET user’s manual and the attachments which are available to participants only. In this regard, BAHTNET participants can download from the BOT Website (www.bot.or.th) under topic -- payment system  Payment Systems member’s corner (available in Thai only). The documents comprise, for example, BAHTNET message specification, user manual, configuration, rights assignment and training documents. (Source: member’s corner ) Degree of the BOT’s discretion which can exercise over key decisions is publicly disclosed in BAHTNET Regulation, Title 3 - Rights and Duties of the BOT -- which explains about the BOT’s execution in case of necessary events as per the following Articles. Article 10: In any necessary event, the BOT will be able to take the following actions: (1) Cancel funds transfer order of participants (2) Suspend funds transfer order of participants (3) Suspend debiting of funds from participant’s account (4) Freeze account movement of participants Article 11: The BOT will take responsibility of any damages arisen from normal operations of the BOT, except any of the following events, singly or severally, i.e., (1) Damages from special events, or (2) Damages from any technical disruption in BAHTNET Host Computer, or (3) Damages from anything or system out of BOT’s control, or (4) Force Majeure (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation/BN _Regulation/BAHTNET%20Regulation/E_BAHTNET2549_Finish.pdf) Besides BAHTNET Regulation, the BOT also exercises discretion on BOT Regulation for non-routine events and operation manual of Payment and Bond Department for routine events. In case of a non- 170 THAILAND routine event which disrupts operation, the level of consideration is at the management level with cooperation between Payment and Bond Department and Information Technology Department. The two departments will figure out the solution, and escalate to higher management for decision-making and execution. Rights, obligations and risks incurred through participation in BAHTNET are stated in BAHTNET Regulation, Title 4: Rights and obligations of BAHTNET users, Article 12-28. The essence is as follows: 2. Responsibilities and obligations of potential BAHTNET users before using the service. For example, understanding the BAHTNET Service using Agreement, participating in the training and testing the system, etc. 3. Compliance to BOT regulations and guidelines, including supporting the BOT officers in auditing related system, security measure, internal control, related documents and others as required by the BOT. Details can be summarized as follows: - Rights and obligations of BAHTNET participants as stated in Article 12 – 19: Before using BAHTNET services, participants have to provide the documents as required by BAHTNET regulation, including preparing their systems, programs and BAHTNET Workstation Subsystem for BAHTNET usage as well. Furthermore, participants have to be trained and are responsible for testing their system as well as understand the user’s manual and other operating guidelines. - Risks incurred through participation in BAHTNET as stated in Article 20 – 28: Participants are required to provide measures for security and internal controls as well as prepare evidence and support BOT representatives in auditing related system, security measure, internal control, related documents and others as required by the BOT. (Source: BAHTNET Regulation) Key consideration 3 An FMI should provide all necessary and appropriate documentation and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. 171 THAILAND Description The BOT facilitates its participants’ understanding of the rules, procedures and risks associated with participating in BAHTNET as follows: • According to BAHTNET Regulation (Article 16), BAHTNET users have to participate in training courses which will provide them with knowledge and understanding about BAHTNET functionality and services as well as rules, procedures and risks associated with participating in the system as provided by the BOT. • According to BAHTNET Regulation (Article 17), BAHTNET users are responsible for system testing in the following cases: - When becoming a new member; - When BAHTNET users improve their internal system related to BAHTNET. - When the BOT launches new functionality and services or improve BAHTNET related system. In this case, the BOT will arrange a meeting to inform BAHTNET participants of the progress, provide a training course and conduct testing with the participants. Moreover, participants can download BAHTNET user’s manual and other document from the BOT Website (www.bot.or.th) under topic -- payment system  Payment Systems member’s corner. In addition, participants can also download detailed information about the system such as message specification and validation rules from the BOT-EFS Web Portal, which is a landing page before entering into BAHTNET system. (Source: BAHTNET Regulation , member’s corner) The Letter of Agreement for BAHTNET Service Usage signed by participants aims to ensure that participants understand and are legally bound by BAHTNET rules, regulations and operating procedures as specified by the BOT. Moreover, participants will receive training and testing from BOT operation team before starting to use BAHTNET system. BAHTNET Operation Team will also provide clarification to any enquiries from BAHTNET participants during operating hours. In addition, trainings can be arranged upon participants’ request or when there is a new participant joining the system as well as when new features are implemented. The latest training course was conducted in July, 2017. 172 THAILAND (Source: BAHTNET Regulation) In practice, when participants’ behavior demonstrates a lack of understanding of BAHTNET rules, procedures and risks of participation, Payment and Bond Department will take remedial actions as follows: • Firstly, BAHTNET Operation Team will provide consultation to BAHTNET participant during operating hours. And if the BOT finds that the participant does not comply with the rules as set out in the regulations or notifications, relevant penalty will be applied to such participant such as fines collection. • If there is possibility of risk, the BOT will further communicate with that participant. If the BOT views that such participant will pose risk to the system, the BOT will give a preliminary warning to that participant. If that participant is still unable to comply with the regulations, the BOT will instruct temporary termination of services and that participant is required to propose a clear rectification plan within one month. (Source: BAHTNET Regulation) Key consideration 4 An FMI should publicly disclose its fees at the level of individual services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description Fees of BAHTNET services and discount policies are publicly disclosed in BAHTNET Regulation and on the BOT Website as follows: As per BAHTNET Regulation (Article 7), the BOT will charge fees or fines to BAHTNET users according to the BOT Notifications and designed rates, which are: - BOT Notification No. Sor Ror Khor. 5/2550 – BAHTNET fine in case of Multilateral Fund Transfer (MFT) - BOT Notification No. Sor Ror Khor. 4/2551 – BAHTNET fine in case of Multilateral Fund Transfer (MFT), First Amendment - BOT Notification No. Sor Ror Khor 3/2556 – Fee and fine of BAHTNET - BOT Notification No. Sor Ror Khor. 6/2559 – Fee and fine related to Intraday Liquidity Facilities (ILF) (Source: BAHTNET Regulation) 173 THAILAND All notifications above are available on the BOT Website (www.bot.or.th) under the topic -- Payment Systems  Payment Systems Notification & Circulars  BAHTNET System. (https://www.bot.or.th/English/PaymentSystems/Payment_Regulation /BN_Regulation/Pages/default.aspx) If there are any changes in services and fees, the BOT will circulate a notification and circular letter to all BAHTNET participants to inform details of the changes including the effective date .The notification and circular letter will also be published on the BOT Website. The BOT provides description of priced service as described in BOT Notification No. Sor Ror Khor 3/2556 - Fee and fine of BAHTNET which is adequate for comparing with other similar FMIs. According to BOT Notification No. Sor Ror Khor 3/2556 - Fee and fine of BAHTNET, there are two types of fees that BAHTNET users are charged by the BOT: • Monthly Fee is a monthly service charge which are: • 3,500 Baht for each direct member that has client computer • 500 Baht for each associate member For use of BAHTNET services in fraction of a month, the BOT will charge the fee in full month. Transaction Fee is the service charge per one transaction for each type of services which vary across message channels and categories, as well as the settlement time which is classified into 3time zones. (Source: BOT Notification No. Sor Ror Khor 3/2556 – Fee and fine of BAHTNET) Necessary information on technology, communication procedures and any other factors that affect costs of operating BAHTNET are disclosed to all participants. As the BOT developed BAHTNET to be Thailand’s financial infrastructure, the BOT implements a cost recovery pricing policy, which means that the fees charged to participants must cover the cost for BAHTNET’s operations and maintenances. These costs are derived from operating and overhead expenses associated with BAHTNET. 174 THAILAND Key consideration 5 An FMI should complete regularly and disclose publicly responses to the CPSS-IOSCO disclosure framework for financial market infrastructures. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Description The BOT has published BAHTNET Self-assessment Disclosure Report according to CPSS-IOSCO Disclosure framework for financial market infrastructures in May 2018. (https://www.bot.or.th/Thai/PaymentSystems/Documents/BN%20FSA P%20Disclosure%20Report%20--%2020180516.pdf) PBD will conduct a review on the self-assessment report every two years and publish accordingly. Quantitative information published by the BOT includes the volumes and values of funds transfer in BAHTNET system on the BOT website as follows: • Funds transfer via BAHTNET system Report (Monthly/Quarter/Annual) classified by: • Transaction Type • Sending Institution • Business Type • Settled Time • Amount Range • Payment Systems Annual Report : For Example; • Volumes and values of funds transfer through BAHTNET • Proportion of funds transfer through BAHTNET categorized by transaction types • Daily average of BAHTNET intraday liquidity • BAHTNET’s system availability (Source: BAHTNET Funds Transfer Statistics, Payment Systems Annual Report 2016) Apart from quantitative information above, the BOT also publishes other information related to BAHTNET which are: • List of BAHTNET members • Payment System Annual Report o Payment Systems Oversight o Payment Systems Stability Report • Management of key risks in BAHTNET : 175 THAILAND o Liquidity risk and settlement risk o Operational risk • Oversight activities (Source: Payment Systems Annual Report 2016) BAHTNET discloses this information to the public both in Thai and English on the BOT Website (www.bot.or.th) under the topic -- Payment System. (https://www.bot.or.th/English/PaymentSystems/PSServices/bahtnet/ Pages/default.aspx) Key conclusions BAHTNET rules, regulations and guidelines regarding system, operations, fees and fines, obligations as well as quantitative information are publicly disclosed on the BOT Website. Some detailed information such as system design or message specification are provided to BAHTNET participants only. Furthermore, the BOT has published BAHTNET Self-assessment Disclosure Report according to CPSS-IOSCO Disclosure framework for financial market infrastructures in May 2018. Assessment of Principle Observed 23 Recommendations and comments Principle 24: Disclosure of Market Data by Trade Repositories A TR should provide timely and accurate data to relevant authorities and the public in line with their respective needs. Key consideration 1 A TR should provide data in line with regulatory and industry expectations to relevant authorities and the public, respectively, that is comprehensive and at a level of detail sufficient to enhance market transparency and support other public policy objectives. Description Key consideration 2 A TR should have effective processes and procedures to provide data to relevant authorities in a timely and appropriate manner to enable them to meet their respective regulatory mandates and legal responsibilities. Description Key consideration 3 A TR should have robust information systems that provide accurate current and historical data. Data should be provided in a 176 THAILAND timely manner and in a format that permits it to be easily analyzed. Description Key conclusions Assessment of Principle Not Applicable 24 Recommendations and comments B. BOT responsibilities Responsibility A: Regulation, supervision, and oversight of FMIs FMIs should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority Key consideration 1 What criteria do authorities use to identify FMIs that should be regulated, supervised and overseen? Description The criteria used to identify FMI as Systemically Important Payment Systems (SIPS) are approved by the Payment Systems Committee (PSC) as follows: - Being the sole payment system in a jurisdiction or the principal system; or - Being a payment system that handle high-value payments; or - Being a payment system that used to settle money market transaction and used to effect settlement in other FMIs Since BAHTNET is the only financial market infrastructure that provides real-time gross settlement (RTGS) system for large value funds transfer and settlement of interbank transactions between participants, the PSC has designated BAHT as SIPs and required it comply with PFMI and be subject to regulation, supervision and oversight by the BOT in order to ensure its compliance with the PFMI. Key consideration 2 How are the criteria publicly disclosed? Description Payment Systems Oversight Framework: https://www.bot.or.th/Thai/PaymentSystems/BOTRolePayment/Documen ts/Payment_Oversight_Framework.pdf BAHTNET has been identified as SIPS in respect of the criteria set forth by the PSC as explained in Key consideration 1. 177 THAILAND The BOT, by the PSC, has the power to formulate policies relating to the payment systems, oversee the payment systems including BAHTNET which is identified as FMI. The responsibilities of the PSC are as follows: 1) Formulation of strategic development plan for payment systems landscape 2) Oversight of payment systems stability 3) Oversight of payment systems and services The Payment Systems Acts also defines the BOT’s scope of responsibilities with regards to formulating relevant regulations on operation procedures, access criteria, system operators as well as participants’ right & responsibilities and enforcing necessary measures, risk management, default procedures and other issues as deemed appropriate. As the BOT owns, operates and oversees BAHTNET, the operation and oversight function related to BAHTNET are under separated line of command to achieve balance of power as well as to ensure a clear and transparent responsibilities and accountability. At present, there are two departments under separate groups in the Bank of Thailand responsible for the payment systems as follows: Payment and Bond Department (PBD) PBD is the operator of BAHTNET. Its main responsibilities are managing day-to-day operations and risks associated with the operation of BAHTNET including related systems and ICAS. PBD is also responsible for enhancing the systems and infrastructure to serve changing business needs and establishing risk management process in accordance with the Risk Management Framework approved by the PSC. PBD is under Information Technology Group which reports to Assistant Governor for IT Group and Deputy Governor for Corporate Support Service and Banknote Management, respectively. In addition, for any policy issues related to risk management, efficiency and safety of BAHTNET, PBD has to seek approval from the PSC. Operational availability performance and major incidents are required to regularly report to the PSC which acts as the FMI board. Payment Systems Policy Department (PSD) PSD is the regulator of BAHTNET. Its main responsibilities are formulating the payment system policies and regulations for key infrastructures and services in the payment systems and overseeing BAHTNET which is a 178 THAILAND systemically important payment system (SIPS) and other payment systems. The department is under Payment Systems Policy and Financial Technology Group which reports to Assistant Governor for Payment Systems Policy and Financial Technology Group and Deputy Governor for Financial Institution Stability, respectively. The payment systems oversight policies including Risk Management Framework, formulated by PSD have to seek approval from the PSC which acts as the Oversight board. Payment Systems Stability Report is presented to the PSC on a semi-annual basis. Collaboration with SEC and HKMA As BAHTNET has linkages with other FMIs, the BOT and relevant authorities have signed an Memorandum of Understanding (MOU) and arranged meetings regularly or when it is necessary in order to share relevant oversight information for both regular and irregular events. Contact persons from both authorities are designated to avoid gaps in cooperative oversight of the linkages. For capital market, the BOT and Thailand Securities Depository (TSD) have developed the RTGS-DvP linkage (RDL) system to facilitate Delivery Versus Payment for government securities/big lot equities settlement on RTGS basis (DVP model 1: Gross-Gross). In addition, Thailand Clearing House (TCH) acts as a clearing house or a center for clearing all securities and derivatives traded on the exchange. It submits net position resulting from equities/securities trading to be settled in BAHTNET (DVP model 3: Net-Net). To avoid gaps in oversight of the linkage, the BOT cooperates with the Securities and Exchange Commission (SEC) who is responsible for regulating and supervising TSD and TCH. To strengthen oversight cooperation, the BOT signed an MOU with the SEC in June 2017 in order to collaborate and share information on oversight of the linkage for clearing and settlement facilities. The cooperation aims to promote safety, reliability and efficiency of the linkage as well as to put in place default management in case of participant default. In addition, BAHTNET is linked to USD CHATS of Hong Kong Monetary Authority (HKMA) for use in mitigating foreign exchange settlement risk of financial institutions which may arise from different time zones. The transaction will be settled through the linkage on PvP gross settlement basis. In June 2017, the BOT signed an MOU with HKMA in order to collaborate and share information on conducting cooperative oversight of the PvP linkage as well. 179 THAILAND Key conclusions for BAHTNET is designated by the PSC as SIPS and is subject to compliance Responsibility A with the PFMI. The criteria for SIPS is publicly disclosed in according to the Payment System Oversight Framework. All of FMIs in Thailand are subject to regulation and oversight by either the BOT or the SEC. While, the BOT oversees BAHTNET, the SEC oversees TSD and TCH. In this regards, an MOU between both regulators for cooperative oversight was initiated to exchange relevant oversight information and avoid gaps in regulation of the linked FMIs. Assessment of Observed Responsibility A Recommendations and comments Responsibility B: Regulatory, supervisory, and oversight powers and resources Central banks, market regulators, and other relevant authorities should have the powers and resources to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Key consideration 1 Authorities should have powers or other authority consistent with their relevant responsibilities, including the ability to obtain timely information and to induce change or enforce corrective action. Description Powers or other authority consistent with relevant responsibilities Section 44 of the Bank of Thailand Act B.E. 2485 (1942) and the amendments empowers the BOT to establish and operate payment systems as well as conduct any activities in accordance with rules and regulations as specified by the BOT to maintain the payment system stability. The Payment Systems Committee (PSC) is established under Section 28/12 of the BOT Act to formulate policies relating to payment systems under the BOT supervision and interbank clearing system for the purpose of maintaining the country’s payment system efficiency and stability. The PSC is also empowered to monitor and oversee payment systems operated by the BOT. Furthermore, Section 7 of the PSA empowers the BOT to oversee and enforce necessary measures for BAHTNET by prescribing rules and regulations as follows: (1) System operating procedures, including rules and conditions relating to payment finality (2) Member access criteria 180 THAILAND (3) Rights, obligations and responsibilities of the highly important payment system providers and members (4) Risk management of the system (5) Security measure of the system (6) Emergency management (7) Any other matter as prescribed by the BOT These powers are consistent with relevant responsibilities as identified in Q.A.2.2. (Payment Systems Act) Powers to obtain timely information Section 7 of the PSA empowers the BOT to issue notifications prescribing rules necessary for supervising payment systems. Accordingly, BOT Notification No. Sor Nor Chor. 1/2561 Re: Regulations on Supervision for System Operator of Highly Important Payment System was issued in order to establish requirements for HIPS operators to ensure safe and sound operation such as preparing comprehensive risk management measures or system operating procedures. Important information has to be reported to the PSC such as the system performance and significant development plan. Other information can be requested by the PSC or PSD as deemed necessary for conducting oversight and supervisory activities. As the BOT is an owner, operator and regulator of BAHTNET, there is no constraint in obtaining timely information regarding the system. The Practices for Oversight of Payment Systems Operated by the BOT is developed in order to set clear understanding about information exchange between operator and regulator. According to the Practices for Oversight of Payment Systems Operated by the BOT, PSD may require PBD as an operator to provide any relevant materials on a timely basis such as system availability, cause of disruption of the system, or procedures performed by PBD for emergency event. The PSA also empowers the regulator to obtain information from the BAHTNET Operator in the case of BAHTNET participant default, in that PBD, an operator, is required to immediately notify PSD, the regulator, according to Section 8 of the PSA. The PSC also requires BAHTNET to report important information related to BAHTNET such as system availability and stability to the PSC on a regular basis. (Payment Systems Act) (Practices for Oversight of Payment Systems Operated by the BOT) 181 THAILAND According to the Practices for Oversight of Payment Systems Operated by the BOT, the frequency and channel of information to be provided depends on type of information. For example, information regarding incident that disrupts BAHTNET operation is treated as highly urgent; it will be submitted to the PSD’s management via email immediately. On the contrary, non-urgent information such as Key Risk Indicator (KRI) will be submitted through the BOT’s shared drive on quarterly basis. The list of documents required to be submitted to the regulator as follows: - Information to monitor the system status and its participants: such as incident information which will be reported when incident occurs and system availability information - Information to monitor liquidity shortage in the system: such as liquidity indicator which will be shown real-time in the system - Information to assess risks according to international standards: such as PFMI self-assessment report which will be conducted every two years and control risk-assessment report (CSA) which will be conducted on a yearly basis - Information on significant changes: such as new rules and regulations related to the system and new development plan of the system when changes occur - Other information requested by the regulator: such as internal and external audit reports which will be reported whenever they are conducted and annual disaster recovery drill which will be reported on a yearly basis The full list of documents and their submission frequencies are defined in the Practices for Oversight of Payment Systems Operated by the BOT. In addition, BAHTNET is required to notify PSD immediately when its participant becomes bankrupt as specified under Section 8 of the PSA. (Payment Systems Act) (Practices for Oversight of Payment Systems Operated by the BOT) PSD has the ability to obtain all information regarding the system from PBD with no constraints according to the Practices for Oversight of Payment Systems Operated by the BOT. a) an FMI’s various functions, activities and overall financial condition: PSD could request information related to the system from PBD in all categories as mentioned in Q.B.1.3. PBD has 182 THAILAND responsibility to notify PSD regarding significant changes or new initiatives regarding the system. Collaboration is done in form of internal meeting between PSD and PBD, which will be held on quarterly basis or when necessary. All significant changes will also be discussed with BAHTNET AG and its participants where PSD attends as observer. Survey results and participants’ opinion during BAHTNET AG discussion will also be shared to PSD upon request. In addition, important issues from the discussion will be incorporated in the future development plan which PBD has to submit to PSD according to the Practices for Oversight of Payment Systems Operated by the BOT. b) For example, BAHTNET was designed to operate with high level of availability, targeting at 99.8%. To assess accuracy of the information, the result is reported to the PSC regularly. Moreover, the system availability target will be reviewed, set and approved by the PSC on an annual basis. c) the risks borne or created by an FMI and, where appropriate, the participants: According to the Practices for Oversight of Payment Systems Operated by the BOT, PBD is responsible for reporting PSD as soon as possible when there is an incident which may affect FMI or participants or operation disruptions. The procedures for incident handling between departments for irregular events are defined in the Practices for Oversight of Payment Systems Operated by the BOT. Moreover, PSD can obtain information related to risk management from PBD as follows: 1) BAHTNET Self-Assessment against the PFMI is conducted by PBD and reviewed by PSD as a regulator. PSD may propose suggestions for PBD, the operator, to improve its operation. Follow-up action will take place regularly until the problem is solved. 2) Annual disaster recovery drill summary will be reported to the regulator after the drills for various scenarios, such as flood and political unrest, were tested. 3) Control Self-Assessment (CSA) report will indicate all risks that might occur from FMI or its participants. Moreover, Key Risk Indicator (KRI) status will be reported to PSD on a quarterly basis so that the regulator could oversee and manage risks arising from the system. 183 THAILAND 4) Daily settlement information of MFT transactions will be reported to the regulator on a weekly basis in order to monitor potential settlement risk arising from increased retail payment. PSD has the authority to propose additional measures to reduce risk posed to the payment systems as well as to increase efficiency. d) an FMI’s impact on its participants and the broader economy: PSD can obtain information regarding FMI’s impact on its participants and the broader economy as defined in a) and b) by participating in BAHTNET AG or annual meeting as well as receiving survey result and self-assessment from PBD. e) In addition, PSD uses simulation tools to assess associated risks and analyze fund flow as well as settlement behavior of participants in the BAHTNET system. Liquidity stress in the BAHTNET system may arise from operational risk such as IT breakdown of some major participants or collateral value deterioration which affects the system as a whole. These stress scenarios are conducted to analyze the consequences and to determine relationship between participants in the BAHTNET system. Requested information includes, for example, participant information, amount of daily balance, amount of intraday liquidity and number of transactions. f) an FMI’s adherence to relevant regulations and policies: Internal Audit Department, as the third line of defense, is responsible for auditing BAHTNET system operation and risk management including compliance to the rules and duties of the BOT as prescribed in BAHTNET regulations. The audit result will be reported to the Audit Committee chaired by outside expert. In this regard, PSD has the authority to request for both internal and external audit report from PBD according to the Practices for Oversight of Payment Systems Operated by the BOT. PSD has the power to induce change or enforce corrective action on BAHTNET, should it fail to comply with relevant regulations In addition, PSD will discuss with PBD on issues which may have an impact on BAHTNET. Powers to induce change or enforce corrective action PSD collaborates with Internal Audit Group to discuss the result of both internal and external audit on BAHTNET. Self-assessment conducted by PBD will be assessed again by PSD against the PFMI, for which all gaps that need to be improved as well as the methodology to calculate 184 THAILAND system availability will be reported to the PSC which has the power to induce change. If BAHTNET fails to comply with all Notifications as stipulated under the PSA, the penalty according to Part 6 of the PSA will be imposed. (Payment Systems Act) Key consideration 2 Authorities should have sufficient resources to fulfill their regulatory, supervisory, and oversight responsibilities. Description Resources PSD has been entrusted with the responsibility to oversee BAHTNET. There are 5 staffs in Payment System Stability Team which is dedicated with the responsibilities to regulate and assess BAHTNET, as well as, stipulate and monitor implementation of relevant policies. These staffs are qualified and experienced personnel with knowledge in IT, payment and BAHTNET. They have opportunities to update their knowledge and skills through participating in appropriate ongoing trainings domestically and overseas in order to ensure that they are able to fulfill their responsibilities. Note that there is adequate training funds provided by the BOT. Staff are attended many relevant seminars, for instance, seminars hosted by European Central Bank, Federal Reserve and other regulators in order to update their insights on payment and PFMI. Moreover, collaboration between PSD and the second line of defense (Enterprise Risk Management Department), and between PSD and the third line of defense (Internal Audit Department) in obtaining information related to BAHTNET also help to fulfil the responsibilities. As the system owner, there is no constraint for the BOT as a central bank in term of funding and resources for oversight responsibilities. Currently, there is no constraint on available resources. Staffs who are responsible for overseeing FMI are skilled and experienced personnel with payment system related knowledge. Although some staffs may rotate their roles within the BOT due to the mobility policy, appropriate on-going training programs on payment systems and on-the-job training are provided to newcomers to help them carry out their responsibilities. Besides, there are also staffs who have experience in BAHTNET operation rotating to PSD to carry out BAHTNET oversight responsibility. The BOT assesses resources needed to fulfil regulatory, supervisory or oversight responsibilities by various means as follows: 185 THAILAND - The staff assessment against annual goals takes place every six months to evaluate whether they can fulfil their responsibilities comparing to the workload as indicated by personal Key Performance Indicator. - Periodic review of adequacy of resources and workload. Recruitment, internally or externally, of experienced staffs if needed, organizational restructuring, setting up working team consisting of staffs with various skills from different departments. Legal protections Staff, assigned as Audit Officer under Section 27 of the PSA, will receive legal protection to perform oversight actions such as requesting for information, entering into the business site and seizing all assets related to wrongful business acts. In addition, legal protection is provided to staff carrying out the tasks assigned by the BOT according to the BOT rules on assistance for legal case and protection of staff’s life, body and asset B.E. 2546. (Payment Systems Act) Key conclusions for The BOT has the powers and resources to carry out effectively their Responsibility B responsibilities in regulating, supervising and overseeing the FMIs. A combination of information collection, meetings and on-site audits are used to effectively oversee the FMIs. Assessment of Observed Responsibility B Recommendations and comments Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs. Key consideration 1 Authorities should clearly define their policies with respect to FMIs, which include the authorities’ objectives, roles, and regulations Description Objectives and roles The BOT’s objective and roles are clearly defined in the BOT Act. The BOT’s objective is to maintain stability of the payment systems in Thailand according to Section 7 of the BOT Act. Section 44 of the BOT Act empowers the BOT to establish or support establishment of the 186 THAILAND payment systems. The Payment Systems Committee (PSC) is established under Section 28/11-12 to pursue the roles of formulating policies, overseeing and supervising payment systems under the BOT supervision. Scopes of power and duties of the PSC are defined in the PSC governance framework approved by the PSC as follows: 1) formulating strategies for development of payment systems – creating payment system roadmaps to specify scope of development. The objectives are to promote sustainability, efficiency and safety as well as to be in line with international standards. 2) supervising payment systems stability – setting risk management policies for payment systems including risk appetite as well as providing recommendation on the results of assessments, control and issues of payment systems. 3) supervising payment systems and services – setting clear and transparent supervisory policies as well as monitoring supervision and examination of payment systems and services Regulation Payment Systems Policy Department (PSD) is responsible for supporting functioning of the PSC, therefore the major roles of PSD are to perform oversight and supervision function. PSD relies on both non-legal and legal mechanism to achieve its objectives. For example, PSD may rely on moral suasion to carry out regulatory actions on PBD and the BAHTNET system. The Practices for Oversight of Payment Systems Operated by the BOT is established to create a clear agreement on information exchange between the operator and regulator, for which the Practices are mutually agreed and signed by PSD and PBD. PSD also established Thailand Payment Systems Oversight Framework, which was approved by the PSC, to strengthen regulatory regime for overseeing the important payment systems. The Oversight Framework sets out criteria for designating BAHTNET as systemically important payment system (SIPS), where the designated systems under this regime are required to comply with PFMI standard. Furthermore, Section 7 of the PSA empowers the BOT to issue notifications prescribing rules necessary for supervisory activities. Accordingly, BOT Notification No. SorNorChor. 1/2561 Re: Regulations 187 THAILAND on Supervision for System Operator of Highly Important Payment System is issued to establish requirement for HIPS operators to ensure safe and sound operation such as preparing comprehensive risk management measures or system operating procedures. Critical information are stipulated to be reported to the PSC such as the system performance and significant development plan. Other information will be requested, by the PSC or PSD, when necessary, for the purpose of conducting oversight and supervisory activities. Key consideration 2 Authorities should publicly disclose their relevant policies with respect to the regulation, supervision, and oversight of FMIs. Description Relevant policies with respect to FMIs are stipulated in the BOT Act B.E. 2485 (1942), PSA and Payment Systems Oversight Framework and are publicly disclosed on the BOT website. The FMI assessment report against the PFMI is also disclosed on the BOT website. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAs sets/Law_E01_Bot.pdf ) (Payment Systems Act) (https://www.bot.or.th/Thai/PaymentSystems/BOTRolePayment/Docu ments/Payment_Oversight_Framework.pdf) (https://www.bot.or.th/Thai/PaymentSystems/Documents/BN%20FSAP %20Disclosure%20Report%20--%2020180516.pdf) Moreover, annual payment systems reports which include important statistics, major developments and oversight of BAHTNET are publicly available on the BOT website. Key conclusions for The BOT has clearly defined and disclosed its policies including its Responsibility C objectives, roles, regulations with respect to FMIs in the Act and on the BOT website. Assessment of Responsibility C Recommendations and comments 188 THAILAND Responsibility D: Application of the principles for FMIs Central banks, market regulators, and other relevant authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures and apply them consistently Key consideration 1 Authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures Description The criteria for identifying payment system as Systemically Important Payment Systems (SIPS) which have to comply with relevant PFMI standards were approved by the PSC at the PSC meeting no. 3/2556 on August 6, 2013. The Payment Systems Oversight Framework was established and disclosed to the public so that they know that SIPS are subject to conduct their businesses in compliance with the PFMI. The BOT has adopted relevant PFMI standards and mandated compliance against them for the payment systems under the BOT’s purview since 2013. In this regard, the BOT has designated BAHTNET as SIPS and adopted 18 principles of the PFMI. The self-assessment of BAHTNET against PFMI standards was conducted by PBD, a system operator, and reported to the PSC meeting no. 6/2559 on November 22, 2016. As the payment systems regulator, the BOT has acted promptly upon PFMI. (https://www.bot.or.th/Thai/PaymentSystems/BOTRolePayment/Docume nts/Payment_Oversight_Framework.pdf) Key consideration 2 Authorities should ensure that these principles are, at a minimum, applied to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs Description The PFMI are applied to systems designated by their relevant authorities as systemically important. For the payment systems, BAHTNET is designated as SIPS, and thus subject to the PFMI standards. For the capital markets, TSD is designated by the Securities and Exchange Commission (SEC) as a CSD and SSS in Thailand, and thus subject to the PFMI standards. Likewise, TCH which is designated as a CCP is also subject to the PFMI. Both TSD and TCH are regulated by the SEC. The BOT as a payment system regulator has disclosed the principles for classifying SIPS in the Payment Systems Oversight Framework based on three criteria consisting of 1) Being the sole payment system in a jurisdiction or the principal system, 2) Being a payment system that handles high-value payments or 3) Being a payment system for settling money market transaction and effecting settlement in other FMIs. The payment system that meets the criteria will be required to comply with 189 THAILAND 18 principles of the PFMI. The list of SIPS are defined in the Payment System Oversight Framework. Note that relevant authorities justify their its decision to apply or not to apply the principles to specific FMI based on their set up criteria. (https://www.bot.or.th/Thai/PaymentSystems/BOTRolePayment/Docume nts/Payment_Oversight_Framework.pdf) Key consideration 3 Authorities should apply these principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by the principles Description The BOT consistently applies relevant principles to FMIs under its purview within Thailand which is the only jurisdiction of relevance. If a payment system meets the SIPS criteria as set out in the Payment Systems Oversight Framework, it will be required to comply with 18 principles of the PFMI. For PvP linkage between BAHTNET and USD CHATs, the BOT applies relevant principles to BAHTNET, while, HKMA as the regulator of USD CHATS assesses the system against relevant principles of PFMI as well. The assessment is conducted on a regular basis and the result will be shared in respect of the cooperative oversight MOU. Pursuant to Section 44 and 45 of the Bank of Thailand Act B.E. 2485 (1942), the BOT is responsible for supporting establishment of payment systems. Therefore, BAHTNET has established and operated by the BOT. However, to prevent conflicts of interest arising from its operation and oversight of BAHTNET, the oversight and operation function are under separate line of command to achieve balance of power and to ensure a clear and transparent responsibilities and accountability. At present, there are two major departments under separate groups at the BOT having responsibilities related to payment systems as follows: Payment and Bond Department (PBD) PBD is the operator of BAHTNET. Its main responsibilities are managing day-to-day operations and risks associated with the operation of BAHTNET including related systems and ICAS. Payment and Bond Department is also responsible for enhancing the systems and infrastructure to serve changing business needs and establishing risk management process in accordance with the Risk Management Framework approved by the PSC. PBD is under Information Technology Group which reports to Assistant Governor for IT Group and Deputy Governor for Corporate Support Service and Banknote Management, respectively. 190 THAILAND In addition, for any policy issues related to risk management, efficiency and safety of BAHTNET, PBD has to seek approval from the PSC. Operational availability performance and major incidents are also required to regularly report to the PSC which acts as the FMI board. Payment Systems Policy Department (PSD) PSD is the regulator of BAHTNET. Its main responsibilities are formulating the payment system policies and regulations for key infrastructures and services in the payment systems and overseeing BAHTNET which is a systemically important payment system and other payment systems. The department is under Payment Systems Policy and Financial Technology Group which reports to Assistant Governor for Payment Systems Policy and Financial Technology Group and Deputy Governor for Financial Institution Stability, respectively. The payment systems oversight policies including the Risk Management Framework, formulated by PSD have to seek approval from the PSC which acts as the Oversight board. In addition, the payment systems stability report is presented to the PSC on a semi-annual basis. Apart from that, other committees involving in ensuring safe, sound, and good governance of BAHTNET are Risk Oversight Committee which is responsible for overseeing operational risk arising from BAHTNET operation and Audit Committee which is responsible for overseeing compliance of BAHTNET operation. (https://www.bot.or.th/English/AboutBOT/LawsAndRegulations/SiteAsse ts/Law_E01_Bot.pdf) To ensure that BAHTNET takes appropriate and timely action to the non-observed principles, the PSC will require BAHTNET to propose an action plan and timeline to improve its deficiencies, related rules and regulations improvement or addition risk management measures. To ensure that the plan was thoroughly implemented, the operator is responsible for submitting improvement report to PSD and the PSC, according to the Practices for Oversight of Payment Systems Operated by the BOT. Besides, BAHTNET assessment report will be presented to the PSC on a regular basis, so that the PSC can require that BAHTNET take corrective actions against its deficiencies and PSD will closely monitor the implementation to ensure that the gaps are rectified in accordance with the proposed action plan. Key conclusions for The BOT applies the CPSS-IOSCO principles as the assessment standard Responsibility D to all relevant FMIs under its purview. Moreover, for the FMI that is operated and overseen by the BOT namely BAHTNET, the operation and 191 THAILAND oversight function are under separate departments and line of command to prevent the conflicts of interest. Assessment of Observed Responsibility D Recommendations and comments Responsibility E: Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIs. Key consideration 1 Relevant authorities should cooperate with each other, both domestically and internationally, to foster efficient and effective communication and consultation in order to support each other in fulfilling their respective mandates with respect to FMIs. Such cooperation needs to be effective in normal circumstances and should be adequately flexible to facilitate effective communication, consultation, or coordination, as appropriate, during periods of market stress, crisis situations, and the potential recovery, wind- down, or resolution of an FMI Description Domestic cooperation The FMIs that involve cooperation among domestic authorities are BAHTNET and TSD’s PTI (Post Trade Integration) system as the BOT and TSD have developed the linkage between BAHTNET and PTI to facilitate Delivery Versus Payment for government securities/big lot equities settlement in real time basis. The other FMI that also involves cooperation among authorities is TCH (Thailand Clearing House) which acts as clearinghouse for clearing all securities traded on securities exchanges market. Although BAHTNET and TCH do not have linkage at the system level, TCH is a participant of BAHTNET for settlement of multilateral net position transactions. In conclusion, the involved authorities are the BOT as a regulator of BAHTNET and the Securities and Exchange Commission (SEC) as a regulator of TSD and TCH. International cooperation The FMIs that involve cooperation among international authorities are BAHTNET and USD CHATS as the BOT and HKICL (Hong Kong Interbank Clearing Limited) have developed the PvP linkage for THB/USD 192 THAILAND settlement to mitigate FX settlement risk. The involved authorities are the BOT as a regulator of BAHTNET and Hong Kong Monetary Authority (HKMA) as a regulator of HKICL. To foster efficient and effective communication and consultant in fulfilling each authority’s mandates, the operator of BAHTNET and other FMIs regularly communicate operational matters and the BOT has entered into an MOU with domestic and international authorities as follows: Domestic cooperation The operational procedure between the BOT and TSD has been established in order to ensure efficiency and effectiveness of communication in normal circumstances. Thus, the BOT and TSD regularly communicate with each other during normal circumstance regarding operational matters such as extension of cut-off time or change of participant as stipulated in the procedure. In addition, the BOT and SEC, a regulator of TSD, hold meetings together at least twice a year or when deemed necessary since 2014 to share relevant oversight information. The exchanged information covers such areas as policy formulation and development plan for the linked FMIs, oversight of important associated risks, incident handling and crisis management associated with the linked FMIs and knowledge sharing associated with the linked FMIs. Moreover, the BOT has entered into a Memorandum of Understanding (MOU) on 27th June 2017 to set out the framework for cooperative oversight between the BOT and SEC in respect of regulatory responsibilities for clearing and settlement facilities. International cooperation The operational procedure between the BOT and HKMA/HKICL has been established in order to set out working procedure in normal circumstances such as change of holiday or cut-off time extension. The procedure also indicates normal settlement process of the PvP transaction and its point of finality. In addition, a Memorandum of Understanding (MOU) was signed with HKMA, a regulator of the USD-CHATS, on 8th June 2017 in order to collaborate and share information in conducting cooperative oversight of the PvP linkage with the objective to ensure safety, reliability and efficiency of the system. The area of cooperation includes close communication with the other party on all matters of mutual interest 193 THAILAND concerning the oversight of the PvP Link and sharing relevant oversight information in respect of the link on a regular basis. The meeting between the two authorities will be held as deemed necessary. To be well-prepared for market stress and crisis situation, a business continuity plans (BCP) with the systems related or linked to BAHTNET have been established and updated regularly for smooth operation during irregular situations. The BCP contains operational and communication procedure to address various scenarios including disaster, political unrest and epidemic as mentioned Q.3.4.1. To ensure a seamless communication and cooperation process, the involved parties have conducted a BCP’s rehearsal at least once a year, for which the operational procedures between interconnected system and internal and external communicating and reporting procedure are tested. Domestic cooperation For domestic FMI, TSD is required to participate in a BAHTNET’s annual disruption drill following the BAHTNET regulation. Moreover, the BOT and SEC, as regulators of the linked FMIs, coordinates to exchange information regarding the financial disruption plan to facilitate effective communication, consultation or coordination between the two authorities during periods of market stress, crisis situations and the potential recovery, wind-down or resolution of an FMI. The meeting for discussion is held on a regular basis. International cooperation The BOT and HKICL have established specific operational procedures for contingency situations with high probability including the procedure for extending cut-off time, the communication procedure for disconnecting of the PvP link and the procedure for adhoc holiday. Contact persons relevant to PvP linkage are clearly specified for all relevant parties including HKMA, BOT, HKICL and USD SI (Settlement Institution). All parties will be notified of the contact list update as soon as practicable. Moreover, the BOT and HKMA, as regulators of the linked FMIs, have entered into an MOU to exchange supervisory information including risk assessment report of each FMI against PFMI, material changes to FMI which affect the PvP link and incident handling and crisis management for PvP link. Key consideration 2 If an authority has identified an actual or proposed operation of a cross-border or multicurrency FMI in its jurisdiction, the authority should, as soon as it is practicable, inform other relevant authorities 194 THAILAND that may have an interest in the FMI’s observance of the CPSS- IOSCO Principles for financial market infrastructures. Description There is no FMI that provides multicurrency settlement in Thailand. However, BAHTNET provides cross-border PVP linkage for THB/USD settlement, for which the BOT and HKMA share oversight information on its respective FMI, consult and cooperate as necessary in the event of any incident affecting both FMIs in accordance with the MOU on cooperative oversight for PvP linkage. BAHTNET assessment against PFMI by external assessor will be shared with HKMA upon its completion. The BOT identifies actual or proposed cross-border systemically important FMI through the criteria as defined in the Payment Systems Oversight Framework which was approved by the PSC. The criteria comprise 1) Being the sole payment system in a jurisdiction or the principal system; or 2) Being a payment system that handle high-value payments; or 3) Being a payment system that is used to settle money market transaction and to effect settlement in other FMIs The criteria used to determine whether other relevant authorities should be notified are whether those authorities have direct responsibilities for regulating any FMIs linked to BAHTNET and such FMIs fall within the definition under PFMI. The notification will be provided to relevant authorities if such FMI matches the criteria mentioned in Q.E.2.2. The BOT will send a notification for cooperation with relevant oversea authorities to inform them that such FMI are designated and included in the Cooperative Oversight Scheme. The notification could be sent via e-mail to the contact person as specified in the appendix of the Oversight MOU for the PvP linkage between the BOT and HKMA or via teleconference meeting. The BOT was informed that HKMA has conducted the self-assessment on USD CHATS on 2014 during HKMA visit in December 2014. Prior to implementation of the linked system, the BOT will enquire whether the system that will be linked to BAHTNET is safe, secured and regulated under acceptable standard. After the system has been linked, the BOT will enter into an MOU with the regulator of the linked system. Therefore, the system assessment against PFMI will be exchanged under this agreement accordingly. 195 THAILAND Key consideration 3 Authorities should apply these principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by the principles Description Forms of cooperation Domestic cooperation Cooperation between the BOT and SEC is undertaken via a formal MOU. Both authorities exchange oversight information via e-mail, teleconference, meeting covering such areas as future development plan and financial disruption plan. Moreover, the meeting between the two authorities is held at least twice a year or when necessary. International cooperation Cooperation between the BOT and HKMA is undertaken via a formal MOU. Both authorities exchange relevant oversight information via e- mail, teleconference, executive/staff meeting including the appointment in Executives' Meeting of East Asia and Pacific Central Banks (EMEAP) covering such areas as risk assessment report, detail of material changes and incident handling and crisis management plan. The meeting between the two authorities is held when necessary. Domestic cooperation Cooperation with the SEC are in the form of information exchange, and arranged meetings when deemed appropriate. Meeting for discussion on policy and development plan for linked FMI could be held regularly since both authorities are in Thailand. International cooperation Cooperation with the HKMA are in the form of information exchange, arranged meetings when deemed appropriate, and regular regional meetings among authorities. Most cooperation will be done via e-mail, teleconference or telephone. Meetings will be held upon necessity since each regulator is located in different countries Efficiency and effectiveness of cooperation MOUs for cooperative oversight between BOT and other authorities were established and signed by top executives. These cooperative arrangement with the SEC and HKMA could promote efficiency and 196 THAILAND effectiveness of the cooperation because it clearly sets out the responsibilities of each authority, designated persons, areas for collaboration, communication method and the framework for information sharing including incident handling procedure between the two authorities in case of financial or operation disruption. Key consideration 4 For an FMI where cooperative arrangements are appropriate, at least one authority should accept responsibility for establishing efficient and effective cooperation among all relevant authorities. In international cooperative arrangements where no other authority accepts this responsibility, the presumption is the authority or authorities with primary responsibility in the FMI’s home jurisdiction should accept this responsibility Description For domestic linked FMI, the BOT and SEC is the oversight authority of BAHTNET and TSD, respectively. For international linked FMI, the BOT and HKMA is the oversight authority of BAHTNET and USD-CHATS, respectively. The BOT has accepted responsibility for establishing efficient and effective cooperation among relevant authorities. The MOUs between the BOT and relevant authorities state an intention to exchange necessary information to ensure efficiency and effectiveness in cooperation such as relevant contact persons, working procedure for normal and contingency situation or incident report form which describes cause and solution of sustainable prevention of problems. Domestic cooperation Duties of the BOT and SEC with respect to cooperation as stated in the MOU are as follows: 1) Formulate policy and development plan for the linked FMIs 2) Oversee important risks associated with the linked FMIs 3) Arrange for incident handling and crisis management associated with the linked FMIs to be prepared 4) Exchange information and knowledge regarding oversight for the linked FMIs International cooperation Duties of the BOT and HKMA with respect to cooperation as stated in the MOU are as follows: 197 THAILAND Share relevant oversight information regarding the PvP link as deemed necessary such as risk assessment report, material changes and incident handling and crisis management Ensure that there are no gaps in regulatory supervision of the PvP link and to eliminate any unnecessary duplication of supervisory effort Until now, the meetings or teleconference were held in accordance with the frequency as specified in the MOUs. Key consideration 5 At least one authority should ensure that the FMI is periodically assessed against the principles and should, in developing these assessments, consult with other authorities that conduct the supervision or oversight of the FMI and for which the FMI is systemically important Description Domestic cooperation For BAHTNET, the BOT as a regulator is responsible for assessing BAHTNET as well as ensuring that PBD conduct self-assessment for BAHTNET, while the SEC is responsible to periodically assess TSD’s and TCH’s systems against relevant principles of PFMI. The assessments are conducted on a regular basis or every two years. International cooperation For USD CHATs, HKMA as a regulator is responsible for periodically assessing the system against relevant principles of PFMI. In addition, the BOT and other authorities have agreed to share assessment results of their supervised FMIs. BAHTNET assessment against PFMI by external assessor will be shared with HKMA upon its completion. Domestic cooperation The BOT and SEC share periodic assessments of the FMIs under their responsibility on a regular basis. Both authorities exchange the assessments at the biannual meeting where they could discuss, exchange views and consult face-to-face on details of the assessment. In addition, the authorities may exchange information by e-mail to the contact persons as specified in the oversight MOU. International cooperation The BOT and HKMA share periodic assessments including risk assessments on specific topics that are relevant to the PvP Link of the 198 THAILAND FMIs under their responsibility on a regular basis. Both authorities exchange the assessments via teleconference meeting or by e-mail to the contact persons as specified in the cooperative oversight MOU. Key consideration 6 When assessing an FMI’s payment and settlement arrangements and its related liquidity risk-management procedures in any currency for which the FMI’s settlements are systemically important against the principles, the authority or authorities with primary responsibility with respect to the FMI should consider the views of the central banks of issue. If a central bank of issue is required under its responsibilities to conduct its own assessment of these arrangements and procedures, the central bank should consider the views of the authority or authorities with primary responsibility with respect to the FMI Description Domestic cooperation The BOT focuses on THB for assessing BAHTNET and its related liquidity risk management procedures. International cooperation HKMA focuses on USD for assessing USD CHATS and its related liquidity risk management procedures. The BOT is a central bank issuing Thai Baht which is the only currency used for settling all transactions via domestic FMIs under the BOT and SEC’s oversight responsibilities. It is not applicable to consider the views of other central banks of issue. Key consideration 7 Relevant authorities should provide advance notification, where practicable and otherwise as soon as possible thereafter, regarding pending material regulatory changes and adverse events with respect to the FMI that may significantly affect another authority’s regulatory, supervisory, or oversight interests. Description Domestic cooperation According to the MOU between the BOT and SEC, scope of cooperative arrangement includes advance notification of information on material change of policy or system development plan which may affect the linked system. International cooperation 199 THAILAND According to an MOU between the BOT and HKMA, the BOT and HKMA shall notify each other in advance of any action it proposes to take or any system changes that may have a material effect on the PvP link. Domestic cooperation During a meeting between the BOT and SEC, both authorities discuss, exchange views and consult each other on relevant regulatory actions that might affect each other or financial sector as a whole. International cooperation The BOT and HKMA exchange relevant information on regulatory actions that might affect each other in respect of the PvP linkage. Key consideration 8 Relevant authorities should coordinate to ensure timely access to trade data recorded in a TR. Description Not applicable Key consideration 9 Each authority maintains its discretion to discourage the use of an FMI or the provision of services to such an FMI if, in the authority’s judgment, the FMI is not prudently designed or managed or the principles are not adequately observed. An authority exercising such discretion should provide a clear rationale for the action taken both to the FMI and to the authority or authorities with primary responsibility for the supervision or oversight of the FMI. Description The BOT has never exercised any discretion to discourage the use of an FMI. Key consideration 10 Cooperative arrangements between authorities in no way prejudice the statutory or legal or other powers of each participating authority, nor do these arrangements constrain in any way an authority’s powers to fulfil its statutory or legislative mandate or its discretion to act in accordance with those powers. Description Cooperative MOUs with the SEC and the HKMA clearly recognize each other’s jurisdiction and do not in any way prejudice the statutory or legal powers of either party. Each authority respects other authorities for regulation, supervision and oversight of the FMIs. Key conclusions for Domestic cooperation Responsibility E There is effective cooperation between the BOT and the SEC with regard to safety and efficiency of DvP linkage. BAHTNET is operated and overseen by the BOT, whereas securities settlement system is operated by TSD and overseen by the SEC. In this regards, the BOT and SEC have 200 THAILAND shared oversight information for both regular and irregular events according to the MOU on cooperative oversight for DvP linkage. International cooperation The BOT cooperates with HKMA in the oversight of cross-border linkage for THB/USD settlement. USD CHATS is operated by HKICL and overseen by HKMA. Both central banks have shared oversight information for both regular and irregular events on its RTGS according to the MOU on cooperative oversight for PvP linkage. Assessment of Observed Responsibility E Recommendations and comments C. TSD assessment against the PFMI Principle 1: Legal basis An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material aspect of its activities in all relevant jurisdictions. Key consideration 1 The legal basis should provide a high degree of certainty for each material aspect of an FMI’s activities in all relevant jurisdictions. Description The legal framework provides a high degree of legal certainty for each material aspect of central securities depository functions .TSD is the sole central securities depository in the jurisdiction which provides services such as custody, deposit, withdrawal, transfer, and pledge for all securities under the Securities and Exchange Act (SEA) using a scripless system, with well-defined rules under the SEA supplemented by TSD’s rules .TSD also provides securities settlement services for those debt instruments traded on OTC. Material aspects Enforceability of transaction Customer assets protection Immobilization and dematerialization of securities Settlement finality Delivery versus payment )DVP( Legal basis for each material aspect 201 THAILAND Enforceability of Transaction The contractual arrangement between TSD and depositors are fully enforceable under )1 (Securities and Exchange Act and )2 (Civil and Commercial Code Section 657. The depositors are bound to comply with the depositor duties and responsibilities as stipulated in the membership application forms signed by depositors. The contractual arrangements between TSD and its depositors are fully enforceable under the Civil and Commercial Code Section 657. In particular, each depositor is bound to comply with TSD regulations. Customer assets protection According to section 225 of the SEA, TSD holds securities for the depositor or for any customer who is the owner of such securities. Additionally, securities which are in the name of TSD shall be presumed to be securities held by TSD on behalf of those persons according to type, category and amount as appearing in the list of names prepared by the depositor. Therefore, the customer is legally presumed to be the owner of deposited securities, and the opposing party has the burden of proof to overcome the legal presumption thereby established. Additionally, when TSD is bankrupt, deposited securities are not the property of TSD under section 109(3) of the Bankruptcy Act B.E. 2483 as TSD cannot give directions or order disposal in such securities which are held by TSD for depositors. According to section 303.05 of the Regulation of Thailand Securities Depository (Chapter 300 Depositors) and section 6 of Notification of Thailand Securities Depository Company Limited (Re: Securities Depository Service Hours), the depositor who opens Depository Accounts for each customer or opens for customers shall accurately and completely prepare the list of the owners of securities deposited with TSD within the time prescribed in the notification. These regulations expressly indicate that the customer is the owner of deposited securities. These provisions are seen to be enough to protect the owner of deposited securities when TSD is bankrupt. Dematerialization of securities In accordance with section 225-228 of the SEA, Dematerialization has been arranged after the transfer of securities into central depository system . 202 THAILAND Currently, TSD has been authorized to offer central securities depository services . All types of securities including common stock, preferred stock, warrants, unit trusts, bonds, etc., both listed or unlisted instruments on exchanges, can be deposited with TSD in computerized central depository system .Most of the securities deposited with TSD are those listed on the SET . TSD is obliged to maintain accurate books and records of all securities in its custody. If TSD’s depositor deposits the securities for and on behalf of its customer, such depositor is also required to keep the accurate and up-to-date books and records of its deposited customers at all times . The depositor can record the list of securities owners through the depository system or submit the list to depository system on daily basis. Under section 228, for all securities that have been deposited into TSD system, the transfer of securities within or between the account of the depositor will be done by book entry within TSD scripless system . Finality of settlement The finality of settlement is legally enforceable .Pursuant to Section 228 of SEA and Clause 57of No. Tor Thor. 32/2559 which states that transfer of securities by a CSD may be done only when the CSD receives such request from the member or when the securities clearing house has informed about settlement of securities at the end of each day. Such securities transfer shall be in accordance with the rules or regulations set out by the CSD. Upon recording of a transfer transaction, it shall be deemed that such transfer is lawfully valid. In the case of securities transfer among members who trade securities in the SET, the CSD may proceed with the transfer only when TCH confirms that clearing has been done. Upon recording of a transfer transaction, it shall be deemed that the transfer becomes final (finality of settlement), and the CSD or any involved person may not cancel, amend, or make any change to the transaction. Besides, as required by the SEC regulation, the relevant TSD rule also clearly states the timing of settlement finality and the way finality is achieved . Delivery versus payment )DVP( As required by the SEC regulation, TSD rule clearly states that all securities transactions must be settled on DVP basis. Transfer and Cancellation of a Deposit of Securities. 203 THAILAND https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter 400_310316_EN.pdf Civil and Commercial Code, Section 657 https://www.thailandlawonline.com/civil-and-commercial-code/657- 679-thai-law-on-deposit-money-goods-in-custody (unofficial translation) SEA Section 223/3 and 224 TSD regulation, Chapter 400 Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities. -clause 401 https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter 400_310316_EN.pdf SEC Section 228 Tor Thor. 32/2559 Clause 57 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf TSD’s regulation, Chapter 400 Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities. -clause 402.02 (2)(3) https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter 400_310316_EN.pdf TSD regulation, Chapter 400 Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities. -clause 405.02 Paragraph 2 https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter 400_310316_EN.pdf Key consideration 2 An FMI should have rules, procedures, and contracts that are clear, understandable, and consistent with relevant laws and regulations. Description TSD rules are formulated based on regulated laws, namely the SEA. The procedures of formulating TSD rules and regulations are reviewed by both internal and external entities . The process of depositor hearing is one of the necessary procedures to be carried out in order to make sure that all related parties are consulted .By doing so, the concerns and misinterpretation that the central securities depositors may have, can be addressed, solved or brought back to further discussions, if needed .TSD will inform and make clear to all depositors and related parties of the general concept and detailed contents of the rules and regulations .After the hearing process, TSD 204 THAILAND will then submit the rules and regulations to the SEC for final approval before launching the rules. The internal process includes reviewing and cross checking by legal staff and operation staff .As SET subsidiary, TSD has SET legal department to conduct the necessary legal analysis and, where required, TSD always consults with the relevant agencies to ensure that their regulations are consistent and enforceable under the relevant Thai law. To-date there have not been any inconsistencies identified with the relevant laws and regulations. Tor Thor .32/2559 Clause 36 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Key consideration 3 An FMI should be able to articulate the legal basis for its activities to relevant authorities, participants, and, where relevant, participants’ customers, in a clear and understandable way. Description The laws, regulations, rules and procedures governing the operations and the activities of TSD are public and accessible to depositors .In particular, depositors receive comprehensive documentation covering the rules, requirements, procedures and instruction of TSD prior to the effective date of the regulations .This documentation is also available on request and is accessible on the TSD website . The public authorities ’regulations are also available to the general public on the websites of the Ministry of Commerce )MoC(, the Securities and Exchange Commission )SEC (and the Bank of Thailand )BOT.( https//:www.set.or.th/tsd/th/tsd.html Key consideration 4 An FMI should have rules, procedures, and contracts that are enforceable in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the FMI under such rules and procedures will not be voided, reversed, or subject to stays. Description Enforceability of rules, procedures and contracts CSD activities in Thailand are governed and regulated under provisions of Thai law and regulations .The main laws and regulations are: • The Civil and Commercial Code) :e.g .provisions governing juristic acts and obligations, contracts(; • The Securities and Exchange Act B.E .2535 (as amended) )SEA(; 205 THAILAND • The notifications, rules, and regulations issued by the Stock Exchange of Thailand )SET(, and the TSD; • The agreement between depositors and the TSD as a central securities depository )CSD(; Generally, the contractual arrangements between TSD and its depositors are fully enforceable under the Civil and Commercial code . In addition, the depositors are bound to comply with the depositor duties and responsibilities as stipulated in the membership application forms signed by depositors .In particular, each depositor is bound to comply with TSD regulations . In addition, Section 223/1-223/4 of the SEA provide enforceability of TSD rules to achieve a high degree of certainty that its rules, procedures and contracts will not be voided, reversed, or subject to stay, even in the situation where a petition is filed against a member in a bankruptcy. At present, there is no circumstance causing TSD to cease the enforceability related to their activities or arrangement. Degree of certainty for rules and procedures No court case has yet occurred . Key consideration 5 An FMI conducting business in multiple jurisdictions should identify and mitigate the risks arising from any potential conflict of laws across jurisdictions. Description TSD operates only in Thailand . The Civil and Commercial Code Section 657 https://www.thailandlawonline.com/civil-and-commercial-code/657- 679-thai-law-on-deposit-money-goods-in-custody (unofficial translation) SEA Section 50-55, 199, 223-228/2 Key conclusions The legal basis for the TSD is generally sound and enforceable. There’s a high certainty that the TSD regulations, procedures and contracts are enforceable in the Thai jurisdiction. Assessment of Principle Broadly Observed 1 Recommendations and There is room to improve the legal framework in order to evidently comments afford protection to the securities balances of participants and investors held in TSD’s name, in the event of its bankruptcy. Under section 225 of the SEA, when TSD accepts the deposit of securities, it records the securities balance under its own name and holds such securities balances for the depositor or for any customer. The fate of 206 THAILAND these securities balances and their protection and treatment under bankruptcy court proceedings in the event of TSD going bankrupt would need to be established with greater clarity. Parallelly, there is also a need to clearly articulate how the beneficial ownership rights of securities balances belonging to depositors and investors are recognised under the provisions of section 225 of the SEA. An expert legal review of the provisions in the SEA and other relevant laws covering the above aspects should be undertaken and suitable amendments to the existing statutes may be carried out based on the outcome of such a review. The TSD may also obtain expert legal opinion as to whether the concept of netting has a sound statutory basis in the extant legal framework. Based on such review, amendments may be introduced to provide statutory basis for netting. Principle 2: Governance An FMI should have governance arrangements that are clear and transparent, promote the safety and efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest considerations, and the objectives of relevant stakeholders. Key consideration 1 An FMI should have objectives that place a high priority on the safety and efficiency of the FMI and explicitly support financial stability and other relevant public interest considerations Description TSD is wholly owned by SET. The objectives of TSD are to develop procedures that enable the transfer of securities via book entry and maintain accurate records of such transfers, as well as providing safe custody of such securities, while maintaining safety of the system to prevent fraud with smooth and flawless operations. To move forward, TSD has laid out clear strategies and targets to increase competitiveness and improve capabilities. In 2009, CCP functions with respect of securities and derivatives were transferred from TSD to TCH in order to protect TSD from contagion risk. As a result of the organizational restructuring, at present, TSD is positioned to perform only central securities depository function and securities settlement for OTC bond trades and free-of-payment settlement in respect of exchange- traded securities. To conduct the central securities depository business, TSD has to comply with the SEA and notifications issued by SEC which oblige TSD to take into account financial stability and public interest; eg .segregating client’s asset from participant assets, conducting public hearing forum, disclosing necessary information to preserve public interest, etc. 207 THAILAND In addition, TSD regularly reviews its operational procedures and risk management policies and measures to ensure that it effectively discharges its role as central securities depository. Key consideration 2 An FMI should have documented governance arrangements that provide clear and direct lines of responsibility and accountability. These arrangements should be disclosed to owners, relevant authorities, participants, and, at a more general level, the public. Description Governance arrangements TSD’s governance structure conforms to the SET group’s governance structure. TSD’s board of directors is appointed to overlook all of TSD’s operations including approval of depository rules and regulations for CSD operations. The responsibility and accountability of TSD’s board are determined by the board charter. The reporting line of the management are set up and documented as agreed by SET/TSD’s board and executive management. In addition, to provide fairness and integrity of CSD procedures, SET’s audit committee and SET’s risk management committee review the internal audit as well as risk management policies and procedures of the SET group including that of TSD. Disclosure of governance arrangements TSD is wholly owned by SET .TSD’s code of conduct is also in line with SET group.TSD aims to conduct its business with the principles of good corporate governance in accordance with international standards, applying the principles of good corporate governance of the Organization for Economic and Co-operation Development) OECD (as main principles, supported by principles of good corporate governance for listed companies to enhance the confidence in the organization, transparency in the performance of work and the capability for competitiveness, and to take a leadership role for other organizations in Thai capital market. TSD is committed to conduct business with all stakeholders based on fairness in accordance with relevant laws and standards. TSD recognizes the rights of the stakeholders, ownership and intellectual property of others .TSD also provides the channels for stakeholders to express their constructive opinions or suggestions for improvement .In addition, TSD discloses information to stakeholders transparently, sufficiently 208 THAILAND and appropriately .The treatment of all groups of stakeholders is outlined in the code of conduct of TSD. The names of all board of directors, corporate governance policy and code of conduct for TSD’s directors are publicized on the website. Key consideration 3 The roles and responsibilities of an FMI’s board of directors (or equivalent) should be clearly specified, and there should be documented procedures for its functioning, including procedures to identify, address, and manage member conflicts of interest. The board should review both its overall performance and the performance of its individual board members regularly. Description Roles and responsibilities of the board TSD’s board of directors have the power and responsibility as stated in the Charter of the Board of Director, under the principle of SET’s corporate governance aligning with the SEA and other standards including OECD and PFMI .TSD’s board of directors have the duty to manage the Company’s business in accordance with its objectives, Articles of Association and resolutions of the shareholders ’meetings, while exercising due care and loyalty and bearing in mind the Company’s best interests. Roles and responsibilities of TSD’s board are: Prescribe policy and business plan and supervise TSD in its operations as center for securities depository and related businesses; while having sufficient source of funds and efficient work system. Prescribe clear rules in relation to the provision of service .In an event the rules may affect the business operation or the interests of depositors, TSD shall arrange for the opinion of such persons to be heard. Ensure that there are in place effective internal control systems, and internal audit system. Prescribe scope of policy for risk management including business continuity management and review on a regular basis. Ensure that there is correct and complete information on TSD’s finances and that information is disclosed in accordance with the accounting standard. Prescribe framework for TSD’s investment policy, taking into account the liquidity, investment risk and possible impact on the stability of the settlement system. Arrange for the preparation of rules on good business management, which covers policy on the prevention and management of conflict of interests and prevention of improper use of data to make benefits of oneself. 209 THAILAND Delegate certain powers of undertaking to the management team as appropriate. The TSD Board submits all approvals to the SEC directly and is independent of the SET board in this respect. Policy on conflict of interest To guarantee impartiality in the performance of their duties, the board requires committee members, and advisors of the SET and its subsidiaries including TSD to sign a Letter of Independence when they are appointed to be a board director, committee or given a special task .Wherever they have any direct or indirect interest in the consideration of the matter, they are required to notify the parties concerned in advance of each potential conflict of interest, as well as to abstain from participating or voting in the particular matter under consideration .TSD expects that all employees will act in the interests of the CSD, without favor or preference based on possible direct or indirect personal gain .Under the code of conduct manual, the committee, sub-committee, consultant and employee, who have a stake in a discussed agenda, must declare before voting . Generally, an interested person gives up their voting right. Tor Thor .32/2559 Clause 8 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf In addition, to provide fairness and integrity to all procedures, TSD can appoint committees to consider relevant issues .With respect to the consideration of the offense of a person violating or involved in the violation of the rules of TSD, the sanction of such person and the consideration of the appeal against the sanction order, the board is empowered to appoint a Disciplinary Sub-committee and an Appeal Committee to perform such duties. Moreover, Audit committee and Risk management committee are established by SET to review the internal audit as well as risk management policies and procedures of the SET group including TSD. At present, TSD board has delegated the power to SET committees as follows: Risk Management Committee The committee and the Chairperson of the committee shall be appointed by the SET Board. The Committee shall consist of 4 SET governors (including the SET President) and at least 2 Committee members who are experts in finance, accounting or risk management. 210 THAILAND The duties and responsibilities are as follows; Consider and provide opinions on risk management policy and framework to be presented to the SET Board for consideration and approval Consider and provide opinions on risk appetite and risk tolerance to be presented to SET Board for consideration and approval Acknowledge, consider and provide opinions on risk assessment, guidelines, and risk measurement, including action plans to manage risks at the acceptable level. Monitor and follow up the action plan to continuously manage risks. Provide suggestions on risk management at the corporate level as well as continuously encouraging and supporting improvements, including the development of risk management system within the organization. Report the status of key corporate risks, including the risk management implementation to the Board on a regular basis. Provide opinions and recommendations on hiring independent external party to provide consultation and advice on risk management to risk management department or other related units. Preliminary screening in the appointment of risk management specialist before proposing to the Nomination and Remuneration Committee (NRC) for consideration. Investment Committee The committee consists of six persons. All committee members are SET group’s executives. The SET President is the Chairperson of this committee. The duties are as follows; Monitor economics status, market trends of invested securities and also the soundness of financial institutions that SET Group makes its deposits or investments. In case any significant vulnerability is noticed, a meeting is held immediately with such financial institution. Determine investment policy, analyze risk, and determine asset allocation for SET board approval. Determine investment procedures based on the approved investment policy by SET Board as follows; Determine investment strategy which must be in line with the approved investment policy. Set up investment limit for fixed income securities per issuer and fund deposited per financial institution. Monitor and evaluate investment performance. Consider hiring asset management company to manage investment portfolio Audit Committee 211 THAILAND The Committee and the Chairperson of the Audit Committee shall be appointed by the SET Board. In this regard, the Chairman of the Board shall not be appointed as the Chairperson of the Audit Committee. The Committee shall consist of at least 3 governors of SET all of whom must be independent from the internal management. At least 1 member of the Committee shall have the knowledge, understanding or experience in accounting, finance or auditing. The Committee is responsible for the duties and responsibilities assigned by the SET Board in various matters as shown below: Review that SET Group and the SET Foundation’s financial reports are correct and adequate financial reporting The responsibility of the Committee with regard to risk management and internal control system includes ensuring that the management team has in place risk management procedures in conjunction with the internal control system as well as giving recommendations to ensure that the assets are taken good care of and the financial information is correct and reliable. Risk Management Committee Charter https://www.set.or.th/en/about/overview/files/Risk_Management_Committee _Charter_2018_EN.pdf Audit Committee Charter https://www.set.or.th/en/about/overview/files/Audit_Committee_Charter_201 8_EN.pdf Review of performance TSD board undertakes annual assessment of the board’s performance as a whole and individually and reviews these criteria annually, to ensure that they are in line with good corporate governance practices . Key consideration 4 The board should contain suitable members with the appropriate skills and incentives to fulfill its multiple roles. This typically requires the inclusion of non-executive board member(s). Description Subject to the SEC Notification, TSD’s board retains at least one person as an independent board member .The independent board members shall not be: (i) an executive, staff, employee, consultant of the securities depository or should have held such positions unless the term has ended for at least 2 years as of the date of appointment as independent committee member; 212 THAILAND (ii) be shareholder with controlling power of clearinghouse or central depository; (iii) be unable to provide independent opinion for the operation of central securities depository . Currently, TSD board consists of senior executives from SET and 2 independent experts from the Capital Market. Tor Thor .32/2559 Clause 9,10 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf TSD’s remuneration policy is set in accordance with SET group which is subject to section 177 of the SEA .The remuneration processes are decided transparently and without the board’s involvement .The TSD’s board members receive monthly remuneration in accordance with SET group policy. The annual performance assessment of the chairman and other executive management members are clearly defined, with individual performances being benchmarked against their KPI .Compensation is linked to individual performance, compliance with SET group’s policies, the overall economic environment and historical records. Pursuant to the SEC regulation, TSD’s board currently consists of 3 executive board members and 2 independent board members. Subject to the SEC regulation, the definition of the independent directors is described as a person who shall be able to perform their duties independently in an impartial and fair manner, taking into consideration the public’s benefits and the integrity of the capital market. The names of all TSD board members, including independent directors, are publicized on the website and company annual report. Key consideration 5 The roles and responsibilities of management should be clearly specified. An FMI’s management should have the appropriate experience, a mix of skills, and the integrity necessary to discharge their responsibilities for the operation and risk management of the FMI. Description Roles and responsibilities of management The roles and responsibilities as well as reporting’s line of the TSD management are clearly specified in the organization structure .TSD Board may authorize any person to perform any act to the extent that such 213 THAILAND authorization is not contrary to the rules or regulations, as well as strategy specified by board . As set out in TSD board charter, TSD managing director shall have the duties as follows: • Has primary responsibility for implementing TSD policy; • Oversee the results of company performance regularly; • Be TSD representative to perform juristic acts; • Assign rights and delegate duties to persons within the lawful scope; • Perform any duties according to TSD board’s assignment or the resolution of the shareholder meeting . To ensure that central securities depository operates in an efficient and transparent manner and that its operation promotes integrity of the capital market and complies with the regulations on good governance, pursuant to SEC notifications, TSD appoints executive management who have knowledge of and experience in the capital market or knowledge and experience useful for the operation of the central securities depository. Furthermore, TSD clearly determines their roles and responsibilities and evaluates the performance of these executives. TSD board of directors, appointed by major shareholders (SET), have an authorization to appoint management and remove one(s) if necessary. Tor Thor .32/2559 Clause 8 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf https://www.set.or.th/tsd/en/about/files/TSD_Board_Charter_EN.pdf Key consideration 6 The board should establish a clear, documented risk-management framework) that includes the FMI’s risk-tolerance policy, assigns responsibilities and accountability for risk decisions, and addresses decision making in crises and emergencies. Governance arrangements should ensure that the risk-management and internal control functions have sufficient authority, independence, resources, and access to the board. Description Risk management framework The TSD risk management framework has been established and approved by TSD Board .The framework includes risk management policy, corporate risk appetite and risk tolerance, roles and responsibilities for risk management in every level, process of enterprise risk management as well as examples of risk management measure .In addition, TSD has Business Continuity 214 THAILAND Management )BCM (policy to set guideline for business to resume operation once there is business interruption .This covers emergency response, crisis management plan, business continuity plan and IT disaster and recovery plan . TSD board has established a clear, documented risk management framework that includes 3 key components: Strategic risk Operational risk Compliance risk Apart from these three keys risk as stated in risk management framework, TSD also monitors general business risk and financial risk. In term of financial risk assessment, TSD assesses the risk on annual basis by using risk and control self-assessment (RCSA) framework which incorporates the financial impact on the assessment. After the risk assessment is approved by TSD board, the TSD management team monitors the risk on a continuous basis with the SET’s risk management unit reporting the risk status to TSD’s board on biannual basis. Authority and independence of risk management and audit functions Risk management department of SET is responsible for facilitating enterprise risk management of TSD .This includes assisting TSD to identify, assess, monitor and manage the risk as well as providing opinions and suggestions to ensure that key risks are monitored and managed at acceptable levels and risk management procedures are performed according to the policy framework .The framework is reviewed periodically . Key consideration 7 The board should ensure that the FMI’s design, rules, overall strategy, and major decisions reflect appropriately the legitimate interests of its direct and indirect participants and other relevant stakeholders. Major decisions should be clearly disclosed to relevant stakeholders and, where there is a broad market impact, the public. Description Identification and consideration of stakeholder interests As TSD regulations are approved by the SEC under the SEC Securities Notification, rules or regulations of TSD shall come into force upon approval of the Capital Market Supervisory Board. Before submitting for approval of rule change that may affect relevant stakeholders, TSD must arrange a participant hearing forum, with the direct and the most impacted parties in order to make sure that TSD’s operational design, strategies and decisions are suitable. Rule amendments and stakeholders ’opinions will always be considered by TSD board, before submitting to SEC for approval. 215 THAILAND Tor Thor. 32/2559 Clause 36 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf After the new rules or rules amendments are approved by SEC, TSD will circulate the rules to all parties before effective date. These rules and regulations are also publicly available in TSD website. Key conclusions The governance arrangements of the TSD are transparent and the roles and responsibilities of its board and management are clearly described and publicly available. The Charter of the TSD Board makes an explicit commitment to the PFMI. Assessment of Observed Principle 2 Recommendations The TSD Board should seek a set of documented guidelines for and comments operationalizing the recovery and orderly wind-down plan. These guidelines should also include measures to mitigate general business and investment risk. The guidelines should be reviewed and endorsed by the TSD Board. The governance arrangements could be improved by submitting the Board’s annual review of its performance to the SEC. Such a measure would enable the regulator to monitor the performance of the TSD Board and ensure that it is adhering to the Charter of the Board and is fulfilling its mandate. Principle 3: Framework for the comprehensive management of risks An FMI should have a sound risk-management framework for comprehensively managing legal, credit, liquidity, operational, and other risks. Key consideration 1 An FMI should have risk-management policies, procedures, and systems that enable it to identify, measure, monitor, and manage the range of risks that arise in or are borne by the FMI. Risk-management frameworks should be subject to periodic review. Description Risks that arise in or are borne by the FMI TSD board emphasizes the importance of risk management and has approved risk policies in accordance with SET group’s risk management framework, including but not limited to COSO and ISO31000 .As a CSD, TSD is exposed mainly to operational risks. In order to strengthen the confidence among involved parties as well as preserving integrity of the central depository, TSD has a process for identifying and managing its operational risks .Each department is responsible for evaluating the operational risk of its own unit and reporting to the risk management department of the SET to evaluate the existing 216 THAILAND measures to be able to cover those risks. Risk management policies are then established and periodically reviewed. Besides operational risks, TSD also monitors general business risk and financial risk. In term of financial risk assessment, TSD assesses the risk on annual basis by using risk and control self-assessment (RCSA) framework which incorporates financial impact on the assessment. Currently, TSD board reviews the financial status of TSD on quarterly basis in order to ensure financial soundness of TSD. In terms of investment risk regarding TSD’s own equity, SET investment department is responsible for managing and monitoring such investment. The investment policy is in accordance with SET Group which determined by the SET investment committee. The SET investment committee consists of six persons. All committee members are SET group’s executives. The SET President is the Chairperson of this committee. • TSD has no link with other foreign FMIs. • TSD has only link with TCH, who acts as the sole CCP in Thailand therefore TSD does not have aggregate exposures across the FMI. • Under DvP 1 model arrangement TSD receives funds settlement confirmation from BAHTNET, based on which securities settlement is carried out by TSD. TSD board approves and reviews the risk management framework on an annual basis to effectively manage risks across various functions .Risk management department of SET is responsible for facilitating enterprise risk management of TSD .This includes assisting TSD to identify, assess, monitor and manage the risks as well as providing opinions and suggestions to ensure that key risks are monitored and managed at acceptable level and risk management procedures are performed according to the policy and framework .The framework is reviewed on an annual basis .Risk management department is in charge of reporting the risk status to the TSD board. TSD has managed the key corporate risks in these areas: • Strategic risk arises from making unsuccessful business decision or from a failure to respond to changes in business environment including disruptive technology. • Operational risk incurs from inadequate processes in operations .This also includes risks related to data management, IT security, cyber- 217 THAILAND attack and system failure that may hamper TSD from fulfilling its business objectives. • Compliance risk arises from unintentionally non-compliance with regulations and from changing regulation landscape around the globe. In addition, to ensure that TSD issues sound and efficient risk management framework, Under Clause 11 of No .Tor Thor .32/2559, TSD shall take at least the following actions with respect to risk management: 1) establish a comprehensive written risk management policy framework that covers all risk areas, with approval of its board of directors or the working group assigned by the board of directors; 2) establish risk management measures which are sufficient to effectively prevent and manage risks in different areas; 3) regularly review said policy framework and risk management measures to ensure that they are appropriate . In practice, TSD Board approves the risk framework, and reviews it annually while the risk status is reported to TSD board biannually. Tor Thor .32/2559 Clause 11 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Key consideration 2 An FMI should provide incentives to participants and, where relevant, their customers to manage and contain the risks they pose to the FMI. Description TSD, as a securities depository, is mandated under the SEA to segregate the assets of depositors and the depositor’s clientsWhen . implementing new policies, TSD always engages depositors or participants for their feedback, inputs and makes them aware of the changes in policies and systems that might have an impact on their operations . The participants can then adjust their operational procedures accordingly, without creating any problem to the overall system . In addition, market participants are also obligated to follow TSD rules and regulations to perform the depository-related activities with TSD; failure to do so could result in TSD taking disciplinary actions against such participants . Currently, TSD requires the participants to conduct reconciliation by sending them the daily transactions (Deposit /Withdraw /Transfer /Collateral /Revocation), account balance which can be downloaded at the end of the day, along with corporate action announcement text file at the end of the day. 218 THAILAND Key consideration 3 An FMI should regularly review the material risks it bears from and poses to other entities (such as other FMIs, settlement banks, liquidity providers, and service providers) as a result of interdependencies and develop appropriate risk-management tools to address these risks. Description Material risks TSD regularly reviews the material risks such as for instance, the risk it bears from and poses to BAHTNET for the settlement of funds leg for debt securities settlement .In addition, TSD works closely with technology provider in order to ensure that its infrastructure is secure and efficient. In addition, TSD board reviews the financial status of TSD on quarterly basis. In term of financial risk assessment, TSD assesses the risk on annual basis by using risk and control self-assessment (RCSA) framework which incorporates the financial impact on the assessment. Key consideration 4 An FMI should identify scenarios that may potentially prevent it from being able to provide its critical operations and services as a going concern and assess the effectiveness of a full range of options for recovery or orderly wind-down. An FMI should prepare appropriate plans for its recovery or orderly wind-down based on the results of that assessment. Where applicable, an FMI should also provide relevant authorities with the information needed for purposes of resolution planning. Description Scenarios that may prevent an FMI from providing critical operations and services To ensure the continuity of the critical function when operational problems happen, the Business Continuity Plan )BCP (and Disaster Recovery Plan )DRP (are tested at least once a year to make sure that TSD business operations continue smoothly in the event of a crisis .All scenarios for routine activities, as well as unforeseen incidents are tested in every BCP exercise in order to make all concerned parties realize and know how to tackle the problems. In order to make BCP test more realistic, TSD uses potential incidents or plausible critical events that may arise in its operations and their likely impact in completing or deferring the operations. These plausible scenarios are critically reviewed by operation staff, risk management team and top executives, with an aim to make the BCP exercise a realistic one. The executives also determine whether the recovery of all necessary crucial functions happened as per accepted parameters. 219 THAILAND In case TSD is seen to be no longer viable as an ongoing entity, the recovery and resolution plan shall be triggered. Recovery or orderly wind-down plans Under clause 13 of No .Tor Thor .32/2559, TSD shall establish a plan for recovery or an orderly wind-down, with approval of its board of directors, which contains scenarios, tools, procedures for recovery and guidelines for administration of assets and liabilities. TSD Board has approved a high-level recovery and orderly wind-down plan. Tor Thor .32/2559 Clause 13 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf The plan will be reviewed and updated if the circumstance has been changed. Key conclusions The risk management framework scope should be widened to include a greater focus on recovery and orderly wind-down plans. A set of documented operational guidelines should be drawn up and should be endorsed by the TSD Board, including measures to mitigate general business and investment risk. Assessment of Partly observed Principle 3 220 THAILAND Recommendations The risk management framework scope should be widened to include a and comments greater focus on recovery and orderly wind-down plans. The risk management framework explicitly mentions strategic, operational and compliance risks and lays down a set of measures to mitigate these. While there is a high-level recovery and wind-down plan, detailed effective recovery tools in line with the guidance provided by the standard setters – the CPMI and IOSCO should be adopted. A set of documented operational guidelines should be drawn up including arrangements that ensure critical services continue to be provided, and that the winding down is carried out in an orderly manner including for instance, transferring critical operations and services to an alternate entity. Such a plan should be endorsed by the TSD board, including measures to mitigate general business and investment risk and should be tested on a periodical basis. The lack of such a plan is an issue of concern, given that TSD is the sole CSD and SSS in Thailand. Principle 4. Credit risk An FMI should effectively measure, monitor, and manage its credit exposure to participants and those arising from its payment, clearing, and settlement processes. An FMI should maintain sufficient financial resources to cover its credit exposure to each participant fully with a high degree of confidence. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two largest participants and their affiliates that would potentially cause the largest aggregate credit exposures to the CCP in extreme but plausible market conditions. All other CCPs should maintain, at a minimum, total financial resources sufficient to cover the default of the one participant and its affiliates that would potentially cause the largest aggregate credit exposures to the CCP in extreme but plausible market conditions. Key consideration 1 An FMI should establish a robust framework to manage its credit exposures to its participants and the credit risks arising from its payment, clearing, and settlement processes. Credit exposure may arise from current exposures, potential future exposures, or both. Description TSD, in the OTC fixed income settlement segment, uses DvP model 1 settling transfer instructions for both securities and funds on a trade-by- trade (gross) basis in real-time. Under settlement arrangement framework, TSD will earmark the securities in seller’s account and will only transfer securities from the seller’s account to the buyer’s account after the final transfer of funds from the buyer to the seller is confirmed by BAHTNET. The DvP model 1 mitigates credit risk of TSD. In terms of exchange-traded settlement under DvP model 3, TSD will transfer securities on a free of payment basis in accordance with the securities settlement instructions received from the Thailand Clearing 221 THAILAND House (TCH) only when there are sufficient securities to be transferred. Thus, TSD does not bear any credit exposure. Regulations of TSD, Chapter 400 Securities Account, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities, Clause 405.01 – 405.04 Key consideration 2 An FMI should identify sources of credit risk, routinely measure and monitor credit exposures, and use appropriate risk-management tools to control these risks. Description TSD mitigates credit risk in the settlement of OTC fixed income securities by using DvP model 1. The settlement of the securities leg of the OTC fixed income trades is done in the TSD book entry system only on receipt of confirmation of payment leg from BAHTNETin real time via TSD-BOT linkage .The transaction then becomes final. For the transactions that do not have adequate securities or money for settlement by 16:30, TSD will remind participants to complete the transaction within 17:00. Should there still be any unsettled transactions by 17:00, such transactions are flushed out of the system and TSD may impose a fine on the related participants. In the case of exchange-traded settlement, TSD is instructed by TCH for transferring of securities on a free of payment basis. Currently, DvP model 3 (settle both securities and funds on net basis) is used for exchange-traded settlement. Further, TSD no longer permits debit balances in the securities accounts, thus mitigating any credit risk. Key consideration 3 A payment system or SSS should cover its current and, where they exist, potential future exposures to each participant fully with a high degree of confidence using collateral and other equivalent financial resources (see Principle 5 on collateral). In the case of a DNS payment system or DNS SSS in which there is no settlement guarantee but where its participants face credit exposures arising from its payment, clearing, and settlement processes, such an FMI should maintain, at a minimum, sufficient resources to cover the exposures of the two participants and their affiliates that would create the largest aggregate credit exposure in the system. Description Coverage of exposures to each participant Since OTC fixed income transactions are settled on a DvP 1 basis in real- time, TSD is not exposed to any future potential exposure. Should there 222 THAILAND be unsettled transactions, such transactions are flushed out of system by 17:00 hours. In terms of settlement of exchange traded transactions, TSD transfers securities on instructions of TCH on a free of payment basis. TSD is not exposed to any potential future exposure. For DNS payment systems and DNS SSSs in which there is no settlement guarantee Key consideration 4 A CCP should cover its current and potential future exposures to each participant fully with a high degree of confidence using margin and other prefunded financial resources (see Principle 5 on collateral and Principle 6 on margin). In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should maintain additional financial resources to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. All other CCPs should maintain additional financial resources sufficient to cover a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would potentially cause the largest aggregate credit exposure for the CCP in extreme but plausible market conditions. In all cases, a CCP should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount of total financial resources it maintains. Description Coverage of current and potential future exposures to each participant Not applicable to TSD as SSS. Risk profile and systemic importance in multiple jurisdictions Additional financial resources Supporting rationale and governance arrangements Key consideration 5 A CCP should determine the amount and regularly test the sufficiency of its total financial resources available in the event of a default or multiple defaults in extreme but plausible market conditions through rigorous stress testing. A CCP should have clear procedures to report the results of its stress tests to appropriate decision makers at the CCP and to use these results to evaluate the adequacy of and adjust its total financial resources. Stress tests 223 THAILAND should be performed daily using standard and predetermined parameters and assumptions. On at least a monthly basis, a CCP should perform a comprehensive and thorough analysis of stress testing scenarios, models, and underlying parameters and assumptions used to ensure they are appropriate for determining the CCP’s required level of default protection in light of current and evolving market conditions. A CCP should perform this analysis of stress testing more frequently when the products cleared or markets served display high volatility, become less liquid, or when the size or concentration of positions held by a CCP’s participants increases significantly. A full validation of a CCP’s risk-management model should be performed at least annually. Description Stress testing Not applicable to TSD as SSS. Review and validation Key consideration 6 In conducting stress testing, a CCP should consider the effect of a wide range of relevant stress scenarios in terms of both defaulters’ positions and possible price changes in liquidation periods. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward- looking stress scenarios in a variety of extreme but plausible market conditions. Description Not applicable to TSD as SSS. Key consideration 7 An FMI should establish explicit rules and procedures that address fully any credit losses it may face as a result of any individual or combined default among its participants with respect to any of their obligations to the FMI. These rules and procedures should address how potentially uncovered credit losses would be allocated, including the repayment of any funds an FMI may borrow from liquidity providers. These rules and procedures should also indicate the FMI’s process to replenish any financial resources that the FMI may employ during a stress event, so that the FMI can continue to operate in a safe and sound manner. Description Allocation of credit losses Not applicable to TSD as SSS. TSD does not face any credit risk due to TSD will transfer securities only when get payment confirmation from Bank of Thailand in term of OTC fixed income (DvP Model 1) or 224 THAILAND transferring instruction from TCH in term of exchange-traded securities (DvP model 3). Since TSD does not bear any losses from defaulting participants, TSD does not have to set up the financial resource to cover such losses. Replenishment of financial resources Key conclusions The TSD is not exposed to any credit risk in its role as a SSS and CSD. In the settlement of OTC bond market trades DvP model 1 is used. In the case of exchange trades securities settlement TSD carries out the securities settlement on a free-of-payment basis, with TCH as the CCP ensuring that the final settlement of the securities occurring only after the funds leg is settled. TSD as a CSD does not allow any debit balances in the securities accounts and hence mitigates credit risk. Assessment of Observed Principle 4 Recommendations and comments Principle 5. Collateral An FMI that requires collateral to manage its or its participants’ credit exposure should accept collateral with low credit, liquidity, and market risks. An FMI should also set and enforce appropriately conservative haircuts and concentration limits. Key consideration 1 An FMI should generally limit the assets it (routinely) accepts as collateral to those with low credit, liquidity, and market risks. Description TSD does not require any collateral from its participants as the current settlement framework has eliminated the risk from credit exposures of its participants. TSD uses DvP model 1 for the settlement of OTC bond trades. Under settlement arrangement framework, TSD will earmark the securities in seller account and will only transfer securities from the seller to the buyer after the final transfer of funds from the buyer to the seller is confirmed by Bank of Thailand. The DvP 1 model of settlement for OTC fixed income trades eliminates any credit risk and exposure to TSD. Thus, TSD is not required to collect any collateral from participants. In term of exchange-traded settlement, TSD will transfer securities as free of payment in accordance with the securities settlement instructions from the Thailand Clearing House (TCH). Since credit exposures are borne by TCH, TSD has no need to collect the collateral. 225 THAILAND Key consideration 2 An FMI should establish prudent valuation practices and develop haircuts that are regularly tested and take into account stressed market conditions. Description Valuation practices Not applicable to TSD as TSD does not require any collateral from its participants. Haircutting practices Key consideration 3 In order to reduce the need for pro-cyclical adjustments, an FMI should establish stable and conservative haircuts that are calibrated to include periods of stressed market conditions, to the extent practicable and prudent. Description Not applicable to TSD as TSD does not require any collateral from its participants. Key consideration 4 An FMI should avoid concentrated holdings of certain assets where this would significantly impair the ability to liquidate such assets quickly without significant adverse price effects. Description Not applicable to TSD as TSD does not require any collateral from its participants. Key consideration 5 An FMI that accepts cross-border collateral should mitigate the risks associated with its use and ensure that the collateral can be used in a timely manner. Description Not applicable to TSD as TSD does not require any collateral from its participants. Key consideration 6 An FMI should use a collateral management system that is well- designed and operationally flexible. Description Collateral management system design Not applicable to TSD as TSD does not require any collateral from its participants. Operational flexibility Key conclusions TSD does not accept any collateral from its partiicpants. Assessment of Observed Principle 5 Recommendations and comments 226 THAILAND Principle 6. Margin A CCP should cover its exposure to its participants for all products through an effective margin system that is risk-based and regularly reviewed. Key consideration 1 A CCP should have a margin system that establishes margin levels commensurate with the risks and particular attributes of each product, portfolio, and market it serves. Description Description of margin methodology Credit exposures Operational components Not applicable Key consideration 2 A CCP should have a reliable source of timely price data for its margin system. A CCP should also have procedures and sound valuation models for addressing circumstances in which pricing data are not readily available or reliable. Description Sources of price data Estimation of prices Not applicable Key consideration 3 A CCP should adopt initial margin models and parameters that are risk-based and generate margin requirements sufficient to cover its potential future exposure to participants in the interval between the last margin collection and the close out of positions following a participant default. Initial margin should meet an established single-tailed confidence level of at least 99 percent with respect to the estimated distribution of future exposure. For a CCP that calculates margin at the portfolio level, this requirement applies to each portfolio’s distribution of future exposure. For a CCP that calculates margin at more- granular levels, such as at the sub-portfolio level or by product, the requirement must be met for the corresponding distributions of future exposure. The model should (a) use a conservative estimate of the time horizons for the effective hedging or close out of the particular types of products cleared by the CCP (including in stressed market conditions), (b) have an appropriate method for measuring credit exposure that accounts for relevant product risk factors and portfolio effects across products, and (c) to the extent practicable and prudent, limit the need for destabilising, procyclical changes. Description Initial margin model Closeout and sample periods 227 THAILAND Procyclicality and specific wrong-way risk Not applicable Key consideration 4 A CCP should mark participant positions to market and collect variation margin at least daily to limit the build-up of current exposures. A CCP should have the authority and operational capacity to make intraday margin calls and payments, both scheduled and unscheduled, to participants. Description Not applicable Key consideration 5 In calculating margin requirements, a CCP may allow offsets or reductions in required margin across products that it clears or between products that it and another CCP clear, if the risk of one product is significantly and reliably correlated with the risk of the other product. Where two or more CCPs are authorised to offer cross-margining, they must have appropriate safeguards and harmonised overall risk-management systems. Description Portfolio margining Cross-margining Robustness of methodologies Not applicable Key consideration 6 A CCP should analyse and monitor its model performance and overall margin coverage by conducting rigorous daily backtesting – and at least monthly, and more-frequent where appropriate, sensitivity analysis. A CCP should regularly conduct an assessment of the theoretical and empirical properties of its margin model for all products it clears. In conducting sensitivity analysis of the model’s coverage, a CCP should take into account a wide range of parameters and assumptions that reflect possible market conditions, including the most-volatile periods that have been experienced by the markets it serves and extreme changes in the correlations between prices. Description Backtesting and sensitivity analysis Margin model performance Not applicable Key consideration 7 A CCP should regularly review and validate its margin system. Description Not applicable Key conclusions Assessment of Principle Not applicable 6 Recommendations and comments 228 THAILAND Principle 7: Liquidity risk An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market conditions. Key consideration 1 An FMI should have a robust framework to manage its liquidity risks from its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other entities. Description TSD uses DvP model 1 for settling OTC bond trades. Transfer instructions for both securities and funds are settled on a trade-by-trade (gross) and in real-time. Under the current settlement framework, TSD will only transfer the earmarked securities upon the confirmation of funds transfer from Bank of Thailand. The use of DvP model 1 framework helps TSD to eliminate liquidity risk. Under the exchange-traded securities settlement, which uses DvP model 3, TSD will transfer securities on a free of payment basis in accordance with the securities settlement instructions received from the Thailand Clearing House (TCH). The counterparty credit and liquidity risks are borne by TCH. Thus, there is no liquidity risk for TSD. Key consideration 2 An FMI should have effective operational and analytical tools to identify, measure, and monitor its settlement and funding flows on an ongoing and timely basis, including its use of intraday liquidity. Description Liquidity risk is mitigated through the use of DvP 1 model. Key consideration 3 A payment system or SSS, including one employing a DNS mechanism, should maintain sufficient liquid resources in all relevant currencies to effect same-day settlement, and where appropriate intraday or multiday settlement, of payment obligations with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, the default of the participant and its affiliates that would generate the largest aggregate payment obligation in extreme but plausible market conditions. Description Liquidity risk is mitigated through the use of DvP 1 model. Key consideration 4 A CCP should maintain sufficient liquid resources in all relevant currencies to settle securities-related payments, make required variation margin payments, and meet other payment obligations on time with a high degree of confidence under a wide range of potential stress scenarios that should include, but not be limited to, 229 THAILAND the default of the participant and its affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. In addition, a CCP that is involved in activities with a more-complex risk profile or that is systemically important in multiple jurisdictions should consider maintaining additional liquidity resources sufficient to cover a wider range of potential stress scenarios that should include, but not be limited to, the default of the two participants and their affiliates that would generate the largest aggregate payment obligation to the CCP in extreme but plausible market conditions. Description Sufficient liquid resources Not applicable to TSD as SSS. Risk profile and systemic importance in multiple jurisdictions Key consideration 5 For the purpose of meeting its minimum liquid resource requirement, an FMI’s qualifying liquid resources in each currency include cash at the central bank of issue and at creditworthy commercial banks, committed lines of credit, committed foreign exchange swaps, and committed repos, as well as highly marketable collateral held in custody and investments that are readily available and convertible into cash with prearranged and highly reliable funding arrangements, even in extreme but plausible market conditions. If an FMI has access to routine credit at the central bank of issue, the FMI may count such access as part of the minimum requirement to the extent it has collateral that is eligible for pledging to (or for conducting other appropriate forms of transactions with) the relevant central bank. All such resources should be available when needed. Description Size and composition of qualifying liquid resources Liquidity risk is mitigated through the use of DvP 1 model. Availability and coverage of qualifying liquid resources Key consideration 6 An FMI may supplement its qualifying liquid resources with other forms of liquid resources. If the FMI does so, then these liquid resources should be in the form of assets that are likely to be saleable or acceptable as collateral for lines of credit, swaps, or repos on an ad hoc basis following a default, even if this cannot be reliably prearranged or guaranteed in extreme market conditions. Even if an FMI does not have access to routine central bank credit, it should still take account of what collateral is typically accepted by the relevant central bank, as such assets may be more likely to be liquid in stressed circumstances. An FMI should not assume the 230 THAILAND availability of emergency central bank credit as a part of its liquidity plan. Description Size and composition of supplemental liquid resources Liquidity risk is mitigated through the use of DvP 1 model. Availability of supplemental liquid resources Key consideration 7 An FMI should obtain a high degree of confidence, through rigorous due diligence, that each provider of its minimum required qualifying liquid resources, whether a participant of the FMI or an external party, has sufficient information to understand and to manage its associated liquidity risks, and that it has the capacity to perform as required under its commitment. Where relevant to assessing a liquidity provider’s performance reliability with respect to a particular currency, a liquidity provider’s potential access to credit from the central bank of issue may be taken into account. An FMI should regularly test its procedures for accessing its liquid resources at a liquidity provider. Description Use of liquidity providers Liquidity risk is mitigated through the use of DvP 1 model. Reliability of liquidity providers Key consideration 8 An FMI with access to central bank accounts, payment services, or securities services should use these services, where practical, to enhance its management of liquidity risk. Description The payment of OTC fixed income settlement is carried out in Bank of Thailand’s system )BAHTNETin ( real time via TSD-BOT linkage. Key consideration 9 An FMI should determine the amount and regularly test the sufficiency of its liquid resources through rigorous stress testing. An FMI should have clear procedures to report the results of its stress tests to appropriate decision makers at the FMI and to use these results to evaluate the adequacy of and adjust its liquidity risk- management framework. In conducting stress testing, an FMI should consider a wide range of relevant scenarios. Scenarios should include relevant peak historic price volatilities, shifts in other market factors such as price determinants and yield curves, multiple defaults over various time horizons, simultaneous pressures in funding and asset markets, and a spectrum of forward-looking stress scenarios in a variety of extreme but plausible market conditions. Scenarios should also take into account the design and operation of the FMI, include all entities that might pose material liquidity risks to the FMI (such as settlement banks, nostro agents, custodian banks, liquidity providers, and linked FMIs), and where 231 THAILAND appropriate, cover a multiday period. In all cases, an FMI should document its supporting rationale for, and should have appropriate governance arrangements relating to, the amount and form of total liquid resources it maintains. Description Stress test programme Liquidity risk is mitigated through the use of DvP 1 model. Stress test scenarios Review and validation Key consideration 10 An FMI should establish explicit rules and procedures that enable the FMI to effect same-day and, where appropriate, intraday and multiday settlement of payment obligations on time following any individual or combined default among its participants. These rules and procedures should address unforeseen and potentially uncovered liquidity shortfalls and should aim to avoid unwinding, revoking, or delaying the same-day settlement of payment obligations. These rules and procedures should also indicate the FMI’s process to replenish any liquidity resources it may employ during a stress event, so that it can continue to operate in a safe and sound manner. Description Same day settlement The payment of OTC fixed income settlement is carried out in Bank of Thailand’s system )BAHTNETin ( real time. TSD shall settle the securities leg on receipt of confirmation of funds transfer Bank of Thailand as laid out in TSD Regulation, Clause 405.02. Replenishment of liquidity resources TSD does not use its own liquidity for effecting settlement. Key Conclusions Liquidity risk is mitigated through the use of DvP 1 model. Assessment of Observed Principle 7 Recommendations and comments 232 THAILAND Principle 8: Settlement finality An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where necessary or preferable, an FMI should provide final settlement intraday or in real time. Key consideration 1 An FMI’s rules and procedures should clearly define the point at which settlement is final. Description Point of settlement finality According to TSD’s rules Chapter 400, depositor shall transfer the securities in accordance with the regulations and procedures as follows: Free of Payment 1. In the case of submission of the request form to TSD -TSD shall transfer or take the transfer of securities within the business day, if the application is sent to the TSD before the cut of time . In the case of recording through the system connected with TSD )online (Securities :the transferee shall acknowledge the transfer then the securities transfer shall be effective. Bond with/without settlement) RTGS :(TSD shall transfer or take the transfer of the debt instruments based on the information submitted to TSD by the transferor or transferee, in accordance with the regulations and procedures prescribed by TSD .The taking of transfer of the debt instruments shall become effective in real time. Validity of a transfer of securities The transfer of securities shall be valid when TSD records transaction in the securities account of the depositor, except the securities transfer from a Thai share to a foreign share that shall become valid when the registrar of the securities issuer notifies TSD with respect that the transfer transaction shall be in the same depositor and shall keep documents or evidence related to the transfer and make these available for TSD to inspect at all times. In the case of a securities transfer with settlement, TSD shall record the transaction in the securities account of the depositor when it receives confirmation of the settlement from the TCH for exchange-traded securities or BOT for OTC traded debt instruments .With respect to the following settlement services: 1. Exchange-traded transactions The TSD will transfer securities in the clearing member’s settlement account using the book entry through the TSD’s 233 THAILAND securities depository system according to the information from TCH .The depositors are responsible for maintaining the securities in their securities in settlement account at the amount sufficient for their securities delivery obligations as indicated in the TCH report by 1.30 p.m .on the settlement date )T+2(, the depositor will receive the securities in their securities depository account after being instructed by TCH . 2. OTC Fixed income traded transactions The settlement of OTC fixed income trading can be done by delivery against payment )DvP(, the securities will be settled in TSD book entry system while payment will be carried out in BOT’s system )BAHTNET (via TSD-BOT real-time gross settlement linkage) RTGS .(TSD will record the transaction in the securities account when it receives confirmation of the settlement from the Bank of Thailand .The transaction then becomes final. When the transfer of securities becomes valid, the depositor may not revoke such transaction. TSD Regulations, Chapter 400 Securities Account, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities -clause 405.01 –405.04 https//:www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter40 0_310316_EN.pdf In the case of the transfer of debt instruments without settlement )Deliver Free /Receive Free )DF/RF((, TSD shall transfer, or take the transfer, of the debt instruments based on the information submitted to TSD by the transferor and transferee . In securities transfer with settlement )DVP/RVP (for Fixed Income settlement, TSD shall record such transaction in the securities account of the depositor when it receives confirmation of the settlement from the Bank of Thailand via a linkage system with the Bank of Thailand system )RTGS .(Transaction submitted in the value date will be processed on a real-time basis. When the transfer of securities becomes valid, the depositor may not revoke such transaction.Thus, any transaction occurring before insolvency is deemed final and irrevocable .For those transactions that are not settled at the time of insolvency, the Bank of Thailand will freeze the fund transfer instruction and no transaction will take place in the RTGS system. 234 THAILAND For on exchange trade transaction, TSD will transfer securities in the clearing member’s settlement account using the book entry through the TSD’s securities depository system according to the information from TCH as according to section 223/4 of SEC, clearing member of TCH has to settle the obligations prior to the insolvency with TCH. Currently, TSD’s business is undertaken only in Thailand and the relevant legal framework provides a high degree of legal certainty. https://www.sec.or.th/EN/SECInfo/LawsRegulation/Documents/actandroya l/1Securities.pdf Finality in the case of links For on exchange trade transaction, TSD will transfer securities in the clearing member’s settlement account using the book entry through the TSD’s securities depository system according to the information from TCH as according to section 223/4 of SEC, clearing member of TCH has to settle the obligations prior to the insolvency with TCH. Key consideration 2 An FMI should complete final settlement no later than the end of the value date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should consider adopting RTGS or multiple-batch processing during the settlement day. Description Final settlement on the value date In Thailand, government bonds are traded through the OTC market on DvP 1 basis in real time .The settlement of securities take place by book entry in the depositor’s account at TSD and the settlement of cash is carried out through a real time link to BAHTNET system )RTGS .(The RTGS system is available throughout the day between 9:00 – 5:00 p.m. For Exchange-traded transactions The TSD will transfer securities in the clearing member’s settlement account using the book entry through the TSD’s securities depository system according to the information from TCH .The depositors are responsible for maintaining the securities in their securities in settlement account at the amount sufficient for their securities delivery obligations as indicated in the TCH report by 1.30 p.m .on the settlement date )T+2(, the depositor will receive the securities in their securities depository account after being instructed by TCH . No deferral of final settlement to the next business day has yet occurred. Intraday or real-time final settlement 235 THAILAND TSD provides finality for bond settlement with the RTGS system that allows real time finality .In the event that the participant does not have the available securities or the available cash, the settlement will not take place .The following procedure is followed: 1. TSD checks the availability of the seller’s securities account .If the seller’s securities account has sufficient to deliver, TSD will lock the securities equal to the amount of matched instruction .The securities are transferred to buyer as soon as receiving confirmation of cash settlement from BAHTNET system. 2. If there is insufficient cash availability in the account with BOT, the transaction is routed to the queuing system .If the transaction is cancelled from BAHTNET, and on receiving such information from BAHTNET, TSD system will remove the block previously put on the seller’s securities account . Exchange-traded transactions The TSD will transfer securities in the clearing member’s settlement account using the book entry through the TSD’s securities depository system according to the information from TCH .The depositors are responsible for maintaining the securities in their securities in settlement account at the amount sufficient for their securities delivery obligations as indicated in the TCH report by 1.30 p.m .on the settlement date )T+2(, the depositor will receive the securities in their securities depository account after being instructed by TCH . Key consideration 3 An FMI should clearly define the point after which unsettled payments, transfer instructions, or other obligations may not be revoked by a participant. Description If payment conformation is not received from BAHTNET, securities are not transferred by TSD. BAHTNET provides TSD with the details of cancelled transactions. Therefore, there is no unilateral revocation of payment or securities transfer in the settlement system . As for the exchange traded settlement, TSD only transfers securities according to TCH instructions since the payment leg is handled by TCH. For exchange trade transaction, the deals are not revocable unless the member, who wishes to change or cancel its trades, has received the consent of the counterparty member and obtained an approval from the exchange in accordance with the REGULATION OF THE STOCK 236 THAILAND EXCHANGE OF THAILAND Re: Trading, Clearing and Settlement of Securities in the Exchange B.E. 2555 (2012), item 34 https://www.set.or.th/dat/content/rule/en/01_BorSor-Saw01- 00_TradingClearingandSettlementofSecuritiesintheExchangeBE2555_ 2012_Eff16055.pdf Key conclusions The SEA, ToR.Thor 32/2559 and TSD Regulations ensure the finality of settlement against any insolvency proceedings following the settlement. Assessment of Observed Principle 8 Recommendations and comments Principle 9: Money settlements An FMI should conduct its money settlements in central bank money where practical and available. If central bank money is not used, an FMI should minimize and strictly control the credit and liquidity risk arising from the use of commercial bank money. Key consideration 1 An FMI should conduct its money settlements in central bank money, where practical and available, to avoid credit and liquidity risks. Description The funds leg of the OTC fixed income trades are settled in central bank money in BAHTNET. TSD will transfer securities only on receipt of confirmation of funds transfer from BAHTNET. The transaction then becomes final and irrevocable. For exchange trade transaction, TSD will transfer securities on a free of payment basis according to TCH’s instruction. Key consideration 2 If central bank money is not used, an FMI should conduct its money settlements using a settlement asset with little or no credit or liquidity risk. Description The funds leg of the OTC fixed income trades are settled in central bank money in BAHTNET. Key consideration 3 If an FMI settles in commercial bank money, it should monitor, manage, and limit its credit and liquidity risks arising from the commercial settlement banks. In particular, an FMI should establish and monitor adherence to strict criteria for its settlement banks that take account of, among other things, their regulation and supervision, creditworthiness, capitalisation, access to liquidity, and operational reliability. An FMI should also monitor and manage the concentration of credit and liquidity exposures to its commercial settlement banks. 237 THAILAND Description Not applicable Key consideration 4 If an FMI conducts money settlements on its own books, it should minimize and strictly control its credit and liquidity risks. Description TSD does not conduct any money settlement on its own books. Key consideration 5 An FMI’s legal agreements with any settlement banks should state clearly when transfers on the books of individual settlement banks are expected to occur, that transfers are to be final when effected, and that funds received should be transferable as soon as possible, at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its participants to manage credit and liquidity risks. Description Not applicable Key conclusions The TSD conducts its money settlements for the OTC bonds market in central bank money. Assessment of Observed Principle 9 Recommendations and comments Principle 10: Physical Deliveries An FMI should clearly state its obligations with respect to the delivery of physical instruments or commodities and should identify, monitor, and manage the risks associated with such physical deliveries. Key consideration 1 An FMI’s rules should clearly state its obligations with respect to the delivery of physical instruments or commodities. Description There have been no cases of physical delivery under CSD system as it is a scripless system .Nevertheless physical securities certificates can be withdrawn from CSD system .Instruments that can be withdrawn are all type of securities including Equity , Corporate Bond and Government Bond .The withdrawal of physical securities certificates is a Free of Payment transaction. Investor who would like to receive physical securities certificates can contact their brokers or custodians to request for a securities withdrawal .TSD will check whether the depositors have sufficient number of securities .After that, TSD will deduct the securities balance from the depositors ’accounts and request the securities registrar to issue the securities certificate with the name of shareholders. Obligations and responsibilities regarding the withdrawal of physical securities certificates are specified by Rules and Regulations that are 238 THAILAND available to all depositors and the public .In addition, TSD also publishes the withdrawal procedures on its website. TSD regulation, Chapter 400 Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities. -clause 404 https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter40 0_310316_EN.pdf Key consideration 2 An FMI should identify, monitor, and manage the risks and costs associated with the storage and delivery of physical instruments or commodities. Description After the securities registrar issue the physical securities certificate, the same is kept in a vault storage .Only an authorized person of the depositor can collect the physical securities certificates. The cost of maintaining the storage is also reflected in the withdrawal fee imposed by TSD . Instruments that could be kept in a Vault storage are all type of securities including Equity , Corporate Bond and Government Bond. TSD only facilitate withdraw of securities certificate by the owner .The withdrawal of physical securities certificates is a Free of Payment transaction. Key conclusions Investors are provided with physical securities on demand and after a due process. Securities can however be cleared and settled only through book-entry transfer with the physical securities having to be dematerialised. Assessment of Observed Principle 10 Recommendations and comments Principle 11: Central Securities Depositories A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Key consideration 1 A CSD should have appropriate rules, procedures, and controls, including robust accounting practices, to safeguard the rights of securities issuers and holders, prevent the unauthorised creation or deletion of securities, and conduct periodic and at least daily reconciliation of securities issues it maintains. 239 THAILAND Description Safeguarding the rights of securities issuers and holders • TSD is the sole CSD in Thailand, with both fixed income instruments and equity being deposited in the TSD system. Besides, TSD is also a registrar for all common stocks listed in the Stock Exchange of Thailand as well as other products for example preferred shares, Infrastructure Fund, DW, warrants, etc. and for some of fixed- income securities i.e. corporate bond. • TSD rules have clear procedures for implementing CSD systems .To safeguard the rights of securities issuers and holders, TSD maintains the definitive record of legal ownership for a securities holder through the laws and regulations .Thus, once upon request, the participants submit the list of securities holders to TSD, such list will be recorded as legal shareholders of the particular securities. In respect of the deposit of securities of the customers in the depository account, the depositor can open such depository account for each customer separately. Reconciliation process will be done between (1) CSD and depositors and (2) CSD and registrars on daily basis to ensure the integrity of issue. To prevent any unauthorized access to the system, TSD maintains a comprehensive system of internal controls and procedures for depository functions as well as other operational risk system controls that are reviewed by SET’s Internal Audit group .Only authorized participants who have the right to access the system can make changes to the securities kept in their own accounts and - cannot access another participant’s accounts. All participant data or information is kept confidential, except when requested for retrieval by an authority permitted under the law. CSD System, identified as a critical system by SET’s Internal Audit group is audited at least once a year. The annual audit plan is developed by using risk base approach and approved by Audit Committee then by TSD board. The annual audit Plan and the Audit Results must be reported to SEC. Prevention of the unauthorised creation or deletion of securities TSD has implemented procedures to securely manage the creation and deletion of securities in TSD system .Proper accurate and timely documentation is required as well as the strict validation and 240 THAILAND authorization with pre-specified procedures has been put in place for any creation and deletion of securities via deposit and withdrawal including credit to or debit from TSD book-entry system by securities registrar’s instructions. Periodic reconciliation of securities issues In addition, TSD performs internal reconciliation with TSD registrar system on daily basis. TSD maintains and reconciles outstanding balances of securities with a depositor on a daily basis, by specifying in the rules that a depositor has to notify TSD immediately or by the beginning of next business day, if any discrepancy or error of data or information that TSD has sent to them has been found, so that the problems will be investigated and solved as soon as possible. Reconciliation process will be done between (1) CSD and depositors and (2) CSD and registrars on daily basis to ensure the integrity of issue. The securities to be deposited with TSD are securities where its issuer has a securities registration system which is connected with the securities depository system of TSD so that the record of securities holders is able to be informed and reconciled on the closing date of register. TSD Regulation Chapter 400 Securities Account, Deposit, Withdrawal, Transfer and Cancellation of Deposit of Securities - clause 403.01(4) https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter40 0_310316_EN.pdf Key consideration 2 A CSD should prohibit overdrafts and debit balances in securities accounts. Description TSD has robust and prudential procedures in place to ensure the stringent prohibitions of overdrafts and debit balances in depositor’s securities account in TSD system. For book-entry transfer, TSD has also established the process together with system validation in order to guarantee that securities transfer can be executed only if available outstanding balance in securities account of transferor is sufficient for such a transfer to be executed. TCH and TSD have implemented “Pending Settlement” method for settlement in case of securities shortage since 6th November 2017. 241 THAILAND Therefore, TSD no longer permits debit balances in CSD system. CSD transfers securities only when there are sufficient balances for transfer. TSD Regulation Chapter 400 Securities Account, Deposit, Withdrawal, Transfer and Cancellation of Deposit of Securities - clause 402.02 https://www.set.or.th/dat/content/rule/en/04_TSD_RegulationsChapter40 0_310316_EN.pdf Key consideration 3 A CSD should maintain securities in an immobilised or dematerialised form for their transfer by book entry. Where appropriate, a CSD should provide incentives to immobilise or dematerialise securities. Description TSD keeps securities in dematerialized form. At the end of 1st quarter 2018, the scripless portion accounted for 92% of total listed shares. TSD keeps securities in dematerialized form and applies only book-entry in the settlement and securities transfer. Physical form of securities certificate is still held by some groups of shareholders, but in a relatively small portion . TSD provides an incentive to keep securities in dematerialized form, such as opening of accounts for the deposit of securities of a shareholder who has no depository account with TSD depositor and charging depository fee for deposit of certificate which is much cheaper than the withdrawal fee for a physical security .The initial offering or new share offering is induced to be fully dematerialized. Key consideration 4 A CSD should protect assets against custody risk through appropriate rules and procedures consistent with its legal framework. Description According to TSD rules, securities kept in the TSD system will be protected against custody risk .To prevent any discrepancy of record keeping, TSD conducts daily reconciliation with depositors, as well as monitoring and sending the confirmation of all transactions from settlement and transfer .The movement of securities has to be recorded and statements as prescribed by depositor’s client order have to be kept .Thus, all securities balances are reconciled. In terms of control, TSD has hierarchical level of management and monitoring and applies four-eye principle for the transcations .There is a delegation of power of implementation to the securities kept in the system .Moreover, the access to the TSD system is classified into sub groups, each group having different authority, such as inquiry, entry, authorized levels, etc. 242 THAILAND Securities kept in TSD are also protected by relevant laws, such as civil and commercial code, the SEC laws. For example, the securities kept for clients must be clearly segregated from depositor’s assets. According to the SEA, TSD keeps the securities in the depository system under depositor’s accounts and holds the securities on behalf of those persons as appeared in the list of names prepared by the depositor. The procedures of formulating TSD rules and regulations are reviewed by both internal and external entities. The internal process includes reviewing and cross checking by legal staff and operational staff. As SET subsidiary, TSD has SET legal department to conduct the necessary legal analysis and, where required, TSD always consults with the relevant agencies to ensure that their regulations are consistent and enforceable under the relevant Thai law. Tor Thor. 32/2559 Clause 36 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Pursuant to Clause 36 of No .Tor Thor .32/2559, proposed amendments to the rules of central securities depository shall come into force upon approval of the Capital Market Supervisory Board, which will consider the suitability of the amendments based on the impact of stakeholders, fairness, and transparency. SET has an insurance for the entire group to cover any operational risks and their businesses against negligence claims due to mistakes or failure to perform. Key consideration 5 A CSD should employ a robust system that ensures segregation between the CSD’s own assets and the securities of its participants and segregation among the securities of participants. Where supported by the legal framework, the CSD should also support operationally the segregation of securities belonging to a participant’s customers on the participant’s books and facilitate the transfer of customer holdings. Description To comply with international standards and all necessary related rules and regulations i.e .the SEC Act and rules issued by SEC, TSD has robust system and operational procedures to ensure that securities are segregated. The principle that TSD applies includes: )1 (Segregation of the assets of TSD from depositors; )2 (Segregation of the assets of depositors from those of any other depositors; 243 THAILAND (3) Segregation of the assets of depositor from those of the depositor’s clients; Depositors are strictly required to segregate their proprietary holdings from their clients’ assets, TSD has provided 2 choices of preferences for depositors to keep their clients’ assets in TSD system; )3.1 (Omnibus Structure, through which depositor is able to hold securities that belong to different clients of that depositor in one depository account during the intraday. At any case, the depositor must submit the securities balance of each client account to TSD on daily basis. )3.2 (Segregated Structure, through which depositor is able to segregate the securities of any of the depositor’s clients separately within TSD system .Segregated Structure has been more encouraged as it will drive greater extent to economic of scales, more straight through processing (STP) and less human intervention . Once a record date has been given, the SEC Act states that the depositors must supply the name list of securities holders, all the securities will then be recorded under the actual owners ’names . The facilitation of securities transfer between depository accounts in the same depositor or between depositors has also been arranged which the validity and irrevocable matters of securities transfer are also mentioned in the rules . Key consideration 6 A CSD should identify, measure, monitor, and manage its risks from other activities that it may perform; additional tools may be necessary in order to address these risks. Description Since 2009, CCP functions with respect of securities clearing have been transferred from TSD to TCH in order to protect TSD from contagious risk. As a result of the organizational restructuring, at present, TSD is positioned to perform central securities depository function and securities settlement system for OTC bond and exchange trade transaction. In addition TSD provides the following services: • Registrar • System Provider for SBL and ETF • ISIN issuing Key conclusions Custody risk is mitigated through sound accounting processes, end-of- day reconciliation of balances, comprehensive system of procedures for creation and deletion of securities in the CSD, prohibiting overdrafts and 244 THAILAND debit balances in securities accounts, internal audit examination and an overall SET group insurance also covering custody risk. Assessment of Observed Principle 11 Recommendations and comments Principle 12: Exchange-of-value settlement systems If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of one obligation upon the final settlement of the other. Key consideration 1 An FMI that is an exchange-of-value settlement system should eliminate principal risk by ensuring that the final settlement of one obligation occurs if and only if the final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a gross or net basis and when finality occurs. Description TSD applies delivery versus payment )DVP (in the settlement mechanism, which mitigates principal risk. For OTC fixed income settlement, two linked obligations need to be completed are securities and payment .TSD system accounts for securities settlement, whereas the central bank BAHTNET system accounts for the settlement of the funds leg .Securities are withheld or blocked in depository account of the seller when TSD receives a settlement instruction, while central bank system )RTGS (processes the payment instruction .Once payment is completed, RTGS will confirm to TSD system through real-time linkage .TSD will then transfer the securities from seller account to buyer account after receipt of confirmation of payment. In addition, the Bank of Thailand also requires that the banks who wish to trade government bonds with the Bank of Thailand must use the real time gross settlement )RTGS (system to settle the bonds via book-entry in TSD system on gross basis. The finality of securities transferred are clearly defined in TSD regulations. When TSD receives the settlement instruction, TSD will block that securities in seller account but not yet transfer. Thus, this will protect the seller asset from other parties. If the payment is complete, TSD will transfer the securities within 1 minute. If the payment cannot be completed within that day, TSD will release the securities blocking at the end of day. 245 THAILAND For exchange traded transactions, TSD will settle according to TCH ’ instructions .The normal time to complete the settlement after receiving the instructions from TCH is 15 minutes. Key conclusions TSD mitigates principal risk by applying DVP 1 model arrangement for the settlement of the OTC bond market trades, by ensuring conditional final settlement of one obligation upon the final settlement of the other. Assessment of Observed Principle 12 Recommendations and comments Principle 13: Participant-default rules and procedures An FMI should have effective and clearly defined rules and procedures to manage a participant default. These rules and procedures should be designed to ensure that the FMI can take timely action to contain losses and liquidity pressures and continue to meet its obligations. Key consideration An FMI should have default rules and procedures that enable the FMI 1 to continue to meet its obligations in the event of a participant default and that address the replenishment of resources following a default. Description Participant default rules and procedures TSD’s rule defines conditions in which TSD may terminate the depository member when a depository member will no longer be able to meet their obligations, or when the depositor is unable to operate its business as it was ordered to suspend business operation or is under receivership or is bankrupt or is under liquidation for dissolution. Upon the termination order, the depositor can no longer use TSD system to transfer the securities or conduct the OTC bond settlement transactions. In addition, they must submit the records of the list of securities owners to TSD in accordance with the rules and within the period prescribed by TSD, so that TSD can compile and submit the same to the registrar of the securities issuer for use in support of the application for securities certificates. If the depositor cannot provide the list of securities owners or does not contain complete or accurate information as prescribed by TSD, thereby causing damage to TSD or the securities owners, the depositor shall be responsible for the damage incurred. Regarding exchange traded transactions, according to section 223/4 of SEA, depositors who are also the member of Clearing house must compete the settlement of trading transactions which occurred before the insolvency. 246 THAILAND In case the depositor encounters a problem with its system, the depositor should its back up site. If the backup site of the depositor also has problems, the depositor must immediately contact TSD and request the TSD for using the TSD’s back up site. TSD will prepare the backup site to allow depositor to continue its transactions. In the event of lack of physical access to the main site, TSD will use the back-up site for its operations. In case there are any system issues, the operational hours are extended. TSD communicates with all depositor members via e-mail. Regulations of TSD, Chapter 300 Depositor, Clause 305.02 – 305.03 Use of financial resources TSD does not face any credit or liquidity risk as TSD will transfer securities only when payment confirmation is received from Bank of Thailand for OTC fixed income trades using DvP Model 1, or transfer instructions from TCH for exchange-traded securities on a free of payment basis. TSD’s own financial resources are not used during the settlement process in the case of both OTC and exchange-traded securities. Key consideration An FMI should be well prepared to implement its default rules and 2 procedures, including any appropriate discretionary procedures provided for in its rules. Description Resignation by a depository member would be approved by the Managing Director of TSD. In case of termination of a depository member, the recommendation for the same would be submitted to the TSD Board for approval. Upon termination of a depository member, TSD will inform all the depository member via electronic mail and update the list of the depository member’s on TSD’s website. Key consideration An FMI should publicly disclose key aspects of its default rules and 3 procedures. Description The process of depositor termination is well announced in the TSD rules and posted on the TSD website. As described earlier, TSD will transfer all securities deposited in the depositor accounts and then close all accounts under that particular depositor name. Events that may cause a depositor to be terminated as being a depositor are as follows: 247 THAILAND 1. the depositor is not qualified as a person permitted to be a depositor; 2. the depositor fails to pay any fees or expenses to TSD for two consecutive periods; 3. the depositor is unable to operate its business as it was ordered to suspend business operation or is under receivership or is bankrupt or by other similar reasons; and 4. the depositor is under liquidation for dissolution. TSD board has the necessary powers with regard to the termination of a depositor in the above circumstances. After the termination, TSD will transfer all securities deposited in the depositor accounts and then close all accounts under that particular depositor name. TSD communicates with all depositor members via e-mail. TSD Crisis management When a BCP incident occurs, all depositor members are notified via e-mail. Regulations of TSD, Chapter 300 Depositor, Clause 305.02 Key consideration An FMI should involve its participants and other stakeholders in the 4 testing and review of the FMI’s default procedures, including any close-out procedures. Such testing and review should be conducted at least annually or following material changes to the rules and procedures to ensure that they are practical and effective. Description TSD’s depositor termination process mainly involves the transfer of securities and the closing of the depository accounts. These functions are normally tested during the BCP exercise every year. Key conclusions The TSD is not exposed to any financial default risk of its participant in its functioning. Operational default of a participant is mitigated through the measures outlined in its business continuity plans. A participant can be terminated or suspended by TSD after following due processes as laid down in the SEA and TSD Regulations, which are transparent and publicly available. Assessment of Observed Principle 13 Recommendations and comments 248 THAILAND Principle 14. Segregation and Portability A CCP should have rules and procedures that enable the segregation and portability of positions of a participant’s customers and the collateral provided to the CCP with respect to those positions. Key consideration 1 A CCP should, at a minimum, have segregation and portability arrangements that effectively protect a participant’s customers’ positions and related collateral from the default or insolvency of that participant. If the CCP additionally offers protection of such customer positions and collateral against the concurrent default of the participant and a fellow customer, the CCP should take steps to ensure that such protection is effective. Description Customer protection from participant default Customer protection from participant and fellow customer default Legal basis Not applicable Key consideration 2 A CCP should employ an account structure that enables it readily to identify positions of a participant’s customers and to segregate related collateral. A CCP should maintain customer positions and collateral in individual customer accounts or in omnibus customer accounts. Description Not applicable Key consideration 3 A CCP should structure its portability arrangements in a way that makes it highly likely that the positions and collateral of a defaulting participant’s customers will be transferred to one or more other participants. Description Not applicable Key consideration 4 A CCP should disclose its rules, policies, and procedures relating to the segregation and portability of a participant’s customers’ positions and related collateral. In particular, the CCP should disclose whether customer collateral is protected on an individual or omnibus basis. In addition, a CCP should disclose any constraints, such as legal or operational constraints, that may impair its ability to segregate or port a participant’s customers’ positions and related collateral. Description Not applicable Key conclusions Assessment of Not applicable Principle 14 249 THAILAND Recommendations and comments Principle 15: General business risk An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets funded by equity to cover potential general business losses so that it can continue operations and services as a going concern if those losses materialize. Further, liquid net assets should at all times be sufficient to ensure a recovery or orderly wind-down of critical operations and services. Key consideration An FMI should have robust management and control systems to 1 identify, monitor, and manage general business risks, including losses from poor execution of business strategy, negative cash flows, or unexpected and excessively large operating expenses. Description To ensure that TSD has appropriate risk management, TSD board approves the risk management framework through the process of reviewing the recommendations made by the risk management committee. In addition, TSD board also monitors the implementation of strategic plans related to key objectives in each aspect, including new services .These include reviewing the regular business progress and financial status reports submitted to the TSD board on a quarterly basis . TSD board also monitors the ongoing operations of TSD to ensure that these are being performed according to the approved TSD risk management framework. In terms of funds needed for general business operations, TSD evaluates the amount of funds needed based on 6 months of operation expenses by using the last year’s expense amounts and including the projected cost and investment for the next year plan. The required amount will be compared to the retained earnings in order to ensure that TSD has adequate funds for operations throughout the year. In terms of strategic risk, the SET Board will approve the overall SET’s strategic plans including TSD’s plans. The risk management of SET will monitor the status of SET’s strategic plans to evaluate the impact. The risk management of SET also reports the status of strategic risk to the Risk Management Committee on a quarterly basis. TSD monitors and manages its general business risks as follows: Key Staff risk :To mitigate loss of key staff, a report on the key tasks being carried out by such staff is submitted to the executives in addition to 250 THAILAND cooperation among the operational staffFurther ., an operations manual is in place which is regularly updated to ensure operational capability and standard of service .Mandatory vacation and rotation of duty among staff are implemented to manage the staff dependency. Fraud risk: To prevent fraud in its daily operations, hierarchical management and control have been set up to manage risks and maintain service standards .TSD implements policies and procedures for preventing fraud including establishing codes of conduct and robust operational controls. In addition, SET has set up its control system over TSD’s general business risks that may arise from general business operations .The SET internal audit team, reports directly to SET audit committee, takes an important role in auditing business operations by using continuous auditing program which mainly focuses on the securities depository activities such as the deposit /withdrawal/transfer of securities, fee calculation, segregation of duty, authority to access data, etc . Moreover, risk management department of SET also monitors and assesses potential impact of missing the key strategic plan . TSD reports its financial statement and the progress of the plan to TSD Board on a quarterly basis. Key consideration An FMI should hold liquid net assets funded by equity (such as 2 common stock, disclosed reserves, or other retained earnings) so that it can continue operations and services as a going concern if it incurs general business losses. The amount of liquid net assets funded by equity an FMI should hold should be determined by its general business risk profile and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of its critical operations and services if such action is taken. Description TSD’s equity is adequate for continuity of its operations and services as required by SEC’s regulations. TSD is required to have sufficient equity to cover more than 6 months of operating expenses which are invested in high quality and sufficiently liquid assets. TSD’s equity is managed under SET investment policies. SET’s investment policies permit SET and its subsidiaries to invest in the following instruments: • government bonds • bank deposits • corporate bonds • mutual funds 251 THAILAND • property funds • foreign investment funds • gold funds Moreover, to ensure the soundness of TSD financial status, monthly financial statements are monitored by TSD executives based on the key performance parameters focusing on both operating cost and income for evaluating the corporate expense trend. In addition, the financial statements are reported to TSD’s board on a quarterly basis. Tor Thor. 32/2559 Clause 12,13 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Under SEC’s regulations, TSD is required to have sufficient equity to cover more than 6 months of operating expenses and the same is invested in high quality and sufficiently liquid assets. In determining the amount of liquid net assets funded by equity, TSD will take into account historical data based on the recent financial statements as well as projections for the next year. Since TSD’s equity is managed by SET, SET’s investment policies permit SET and its subsidiaries to invest in the following instruments: • government bonds • bank deposits • corporate bonds • mutual funds • property funds • foregin investment funds • gold funds In case TSD suffers from losses which might lead to financial difficulties, TSD executives may take precaution measures by recalling its equity managed by SET’s Investmet Committee. . In case TSD is facing financial difficulties and its recovery plan is triggered, TSD will take measures to rectify the liquidity problems as follows: • to adjust its business strategy, business model or organizational structure (in case the matter requires TSD board’s approval, the meeting is normally held every 2 months); and/or • to dispose its non-core businesses, which might take approximately 6 months to conclude the buyer(s); and/or to receive financial assistance or capital injection from SET, its major shareholder (SET’s board meeting is held monthly). 252 THAILAND Tor Thor .32/2559 Clause 12,13 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf SET’s investment policies (page 119 of SET’s annual report): https://www.set.or.th/en/about/annual/files/annual_report_2017_en.pdf Key consideration An FMI should maintain a viable recovery or orderly wind-down plan 3 and should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum, an FMI should hold liquid net assets funded by equity equal to at least six months of current operating expenses. These assets are in addition to resources held to cover participant defaults or other risks covered under the financial resources principles. However, equity held under international risk- based capital standards can be included where relevant and appropriate to avoid duplicate capital requirements. Description Recovery or orderly wind-down plan In connection with TCH’s clearing and settlement, TSD performs securities depository function which is a part of crucial market infrastructure. Accordingly, SET, TCH, and TSD have developed a business continuity plan for the Thai capital market. Under the plan, both business and technology aspects are taken into consideration to ensure that TSD can continuously provide services to the Thai capital market. This business continuity plan must be tested with related parties at least once a year. TSD’s recovery and wind-down plan framework has been approved by TSD board. Resources The SEC requires TSD, as a central depository, to have sufficient financial resources for the proper performance of its operation. While operating under the SET group, TSD’s equity is sufficient to cover more than 6 months of operational expenses and is invested in high quality and sufficiently liquid assets. According to financial statement as of 31 December 2017, TSD’s total equity is about THB 854 million, equity 200 million and retained earnings 654 million. The TSD retained earnings are sufficient to cover more than 6 months of operational expenses, amounting to approximately at THB 370 million. Moreover, as SET subsidiary, any losses arising from TSD current business has also been covered by SET group’s insurance. Tor Thor. 32/2559 Clause 12,13 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf 253 THAILAND Key consideration Assets held to cover general business risk should be of high quality 4 and sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses under a range of scenarios, including in adverse market conditions. Description TSD’s equity is invested in high quality assets. As an affiliated company, the investment will be managed by SET’s investment committee. The committee has set up investment principles that classify types of securities taking into account both liquidity and market risks. For instance, according to SET group’s investment policy, TSD’s equity should be invested only in government bond and high grade (A- up) corporate bond to maintain quality of assets. All TSD’s equity is managed by a fund manager appointed by SET investment committee. It is the fund manager’s fiduciary duty to liquidate client’s assets as needed into cash with best effort to minimize loss of value in adverse market conditions which SET investment team uses this performance as one of the criteria in the fund manager selection. SET’s investment policies (page 119 of SET’s annual report): https://www.set.or.th/en/about/annual/files/annual_report_2017_en.pdf Key consideration An FMI should maintain a viable plan for raising additional equity 5 should its equity fall close to or below the amount needed. This plan should be approved by the board of directors and updated regularly. Description TSD has reviewed and also projected budget in advance in accordance with future business plan on an annual basis. Moreover, based on estimated budget, TSD has also determined that it has sufficient level of equity to cover more than 6 months of operational expenses. As a sole utility provider for CSD service and SSS for debt products, TSD implicitly has a monopoly power to determine its fees in order to allow its business to operate smoothly. However, TSD has never adjusted the service fees without the consideration of participants’ opinion and the competitiveness of Thai capital market. In practice, in case of a shortfall in equity, TSD also has plans to mitigate such business risk by asking for: • SET’s allowance to adjust dividend payout ratio to SET. • SET board’s approval to support additional funds in case that the funding shortfall is considered as a significant amount. • To receive financial assistance or capital injection from SET, its major shareholder (SET’s board meeting is held monthly). 254 THAILAND As financial status of TSD is reported to TSD board on quarterly basis, TSD board will consider the necessity of raising funds before submitting the request for SET’s board approval . Key conclusions The TSD has a system in place to identify potential general business risks. Quarterly progress reports on TSD’s businesses, and financial performance are submitted to the TSD board for its review and monitoring. Progress reports on roll-out of new products are also submitted. The TSD has sufficient liquid net assets funded by equity so that it can continue operations and services as a going concern if it incurs general business losses. Assets held to cover general business risk are of sufficient high quality and liquidity. There is a high-level recovery and wind-down plan. Assessment of Partly Observed Principle 15 Recommendations Investment of assets held to cover general business risk are made in the and comments name of SET and not TSD. This is an issue of concern. While there is a high- level recovery and wind-down plan, detailed effective recovery tools in line with the guidance provided by the standard setters – the CPMI and IOSCO should be adopted. A set of documented operational guidelines should be drawn up including arrangements that ensure critical services continue to be provided, and that the winding down is carried out in an orderly manner including for instance, transferring critical operations and services to an alternate entity. The operational guidelines should also take into the size of the liquid net assets and corelate the same to the length of time that these assets can enable TSD to maintain its critical operations and services. The plan should also include detailed measures for raising and infusing additional capital. Such a plan should be endorsed by the TSD board, including measures to mitigate general business and investment risk and should be tested on a periodical basis. The lack of such a plan is an issue of concern, given that TSD is the sole CSD and SSS in Thailand. The plan should be endorsed by the TSD Board and should be tested on a periodical basis. Principle 16. Custody and Investment Risks An FMI should safeguard its own and its participants’ assets and minimise the risk of loss on and delay in access to these assets. An FMI’s investments should be in instruments with minimal credit, market, and liquidity risks. Key consideration 1 An FMI should hold its own and its participants’ assets at supervised and regulated entities that have robust accounting practices, safekeeping procedures, and internal controls that fully protect these assets. Description As the only CSD in Thailand, TSD provides a depository-related service only for securities and not other assets of its depsoitors in the CSD system. As for TSD’s own assets, TSD, as a subsidiary of SET, pursues 255 THAILAND SET group cash and investment pooling policy .SET and its subsidiaries, including TSD, keep all their investment assets in custodian banks which are regulated and designated as qualified commercial banks by Bank of Thailand. The custodian banks are selected and reviewed by SET Investment committee and are pre-screened by the procurement committee, which comprise of staff from SET investment unit, TSD and TCH .The criteria of custodian bank selection are mainly based on technical and financial aspects such as the effectiveness of fund transfers, the system linkage with BAHTNET )Bank of Thailand Automated High-value Transfer Network (and service fee etc . For the ongoing monitoring, SET investment team will monitor the performance of custodian on regular basis and conduct the inspection on an annual basis. To ensure that TSD’s own assets are well protected, TSD only keeps the investment assets in the qualified entities .All cash is kept in the regulated banks which are reviewed and designated as qualified banks . The eligible banks are supervised by the Bank of Thailand. The SET investment team also regularly monitors the performance of the custodian and asset management companies who are appointed to manage SET group assets and conducts an annual inspection. Key consideration 2 An FMI should have prompt access to its assets and the assets provided by participants, when required. Description TSD’s assets are invested by SET mainly in deposits, government and corporate bonds. TSD investments are alos made in private funds and mutual funds. For mutual funds, TSD will invest only in the fund which has daily liquidity with next-day settlement (T+1). Key consideration 3 An FMI should evaluate and understand its exposures to its custodian banks, taking into account the full scope of its relationships with each. Description Investment Department evaluates applications from all service providers in the industry. Decisions are made from the group of representatives from Investment, Risk management, TCH, TSD and Finance & accounting department to evaluate applications according to predefined selection criteria. Selection criteria are as follows • Minimum criteria: Credit rating higher than AA- (national rating), BIS ratio higher than minimum requirement from Bank of Thailand. 256 THAILAND • Selection criteria: Focus mainly on efficiency of operational processes related to custodian including order management, settlement, record keeping and asset keeping. Investment Department also conducts an in-depth due diligence exercise annually to evaluate and review whether the criteria above are met. TSD’s equity is invested in high quality assets .TSD’s investment asset is kept with the well-performed custodian bank .As an affiliated company, the investment will be managed by SET’s investment committee which also evaluates the financial soundness and operation efficiency of the custodian bank on a regular basis. Key consideration 4 An FMI’s investment strategy should be consistent with its overall risk-management strategy and fully disclosed to its participants, and investments should be secured by, or be claims on, high- quality obligors. These investments should allow for quick liquidation with little, if any, adverse price effect. Description Investment strategy Investment and risk policy are approved by SET’s Board of Directors. Investment guidelines and operation framework are approved by SET’s Investment Committee (IC). The IC consists of SET president as a chairperson, and the committee consists of CFO and group head from product and market division, TCH, and market supervision division. TSD’s assets are mainly invested in deposits, government and corporate bonds. TSD also invests through private fund and mutual fund. For mutual fund, TSD will invest only in the fund which has daily liquidity with next-day settlement (T+1). TSD’s own investment is consistent with the overall risk management strategy set out by the parent company, the Stock Exchange of Thailand . SET’s investment portfolio, which is managed by the investment committee, operates under investment policies and strategic asset allocation as approved by the SET board .The policies and strategic asset allocation are reviewed quarterly .SET monitors the investment risk status of its portfolio and reports such status to the board and risk management committee monthly to ensure that risk remains within acceptable levels . Risk characteristics of investments 257 THAILAND The committee has set up investment principles that classify types of securities to be invested based on their liquidity and market risks. Under SET investment policy, TSD’s investment risk is managed by diversifying into several financial instruments and limiting the proportion given to each financial institution and issuer to ensure that the exposure affecting investment results will be limited .SET board will approve the asset allocation which set the maximum investment proportion in each asset class. In terms of risk monitoring, the value-at- risk technique is used to ensure that the aggregate total portfolio risk is within the limit. SET and its subsidiaries invest in the following instruments: • mutual funds • government bonds • bank deposits • money market funds and • Corporate bonds with at least an “A-” credit rating. All TSD’s own investments are managed by fund manager appointed by SET investment committee) SET IC .(To ensure liquidity and mitigate price impact from market movement, SET IC has approved investment guidelines and benchmarks which allow fund manager to investment mainly in government bonds .It is fund manager’s fiduciary duty to liquidate client’s assets as needed into cash with best effort to minimize loss of value in adverse market conditions. SET investment team uses this performance as one of the criteria in the fund manager selection. Key conclusions TSD’s own assets are invested in high quality liquid assets by the Investment Committee of the SET Board which undertakes this task on behalf of SET and its subsidiaries. Assessment of Partly Observed Principle 16 Recommendations TSD’s assets are invested in the name of SET and not in TSD’s name. and comments TSD should hold the investments of its assets in its own name rather than in the name of SET to ensure that proper segregation of investments is carried out and its assets are not used for setting off claims of its parent. Further, such investments and assets of TSD should be clearly segregated from the securities balances of its participants and investors. In addition, TSD should draw up a detailed plan outlining its ability to quickly liquidate its investments with little, if any, adverse price effect and test the same on a periodical basis. 258 THAILAND Principle 17: Operational risk An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate their impact through the use of appropriate systems, policies, procedures, and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate, scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI’s obligations, including in the event of a wide-scale or major disruption. Key consideration An FMI should establish a robust operational risk-management 1 framework with appropriate systems, policies, procedures, and controls to identify, monitor, and manage operational risks. Description Identification of operational risk TSD board approves the risk management framework including the operational risk management framework .This framework specifies policies, roles and responsibilities of all levels, procedures and controls in mitigating operational risk . Risk management process has been implemented according to specified tasks such as event identification, risk assessment, risk response, and control activities .The framework also specifies controls of risks arising from people, process, technology and external factors .TSD uses risk and control self-assessment )RCSA (as a tool for operational risk management. TSD analyzes, evaluates, monitors and manages operational risk, which results from errors in using people, internal processes, technology and/or external factors .All functional areas assess their risks and adequacy of the internal controls that have been in place through a risk and control self- assessment )RCSA .(Action plans are then formulated and monitored on a regular basis .Realizing the necessity to provide efficient services to the market, TSD emphasizes on monitoring and managing risks that may affect crucial IT systems .This includes standard procedures of incident management, root cause analysis and solution-finding in order to provide continuous services. The RCSA will summarize these into a risk matrix (likelihood and impact) and submit it to the TSD board. To mitigate human error, TSD uses segregation of duties (maker / checker) and performs reconciliation of the total size of the issue and shares issued between its system and Registrar. The operations team has regular meetings to share and learn and get information about the project, development, customer feedback etc. 259 THAILAND IT systems have been designed and implemented with full redundancy in every system components to ensure no single point of failure. Management of operational risk Management identifies and assesses risk in accordance with criteria established by the business units involved .Management also provides measures to manage the risk within an acceptable level, as well as monitoring and reporting on the risk status .In addition, management regularly reviews the adequacy and efficiency of mitigation measures to ensure that TSD can handle incidents in a timely manner. For a resilient and seamless operational implementation, operational manuals, roles and responsibilities of staff, hierarchical management, code of authorization, self-auditing )entry and authorized by different users(, as well as timely internal and external audit are usedP .rocedures are in place to make sure that all operational risks are monitored. These documents are kept at TSD share point. In addition, SET group, including TSD, also implements mandatory annual leave for all staff to ensure that the replacement staff are able to carry out the tasks as laid down in the operations manual. Incident management process has been setup and implemented across SET Group. The process is illustrated below. Policies, processes and controls The risk management unit )RMU (of SET regularly monitors and reports the risk status to the management and TSD’s board and reports 260 THAILAND performance of risk management to the RMC and audit committee quarterly . TSD’s operational risk is part of corporate risk profile of SET group .SET internal audit department )“IA”( always performs an annual continuous audit of TSD’s operations, especially those issues related to fee collection on depository and registrar services .In addition, the IT audit of the systems is also required to be conducted once a year. In terms of operational systems, the RMU continues to promote risk management culture among SET executives and employees .The operational system has been well-designed according to business needs while keeping robustness and resiliency of the system which the business continuity management systems of SET group has established based on ISO 22301. For the staff, by conducting RCSA, TSD has assessed its risk arising from “People ”into 4 ways :human error, loss of key personnel, fraud and data breach, which allows TSD to determine its risk acceptance level and corrective measures .Besides, there are user manuals, code of authorization, and skill development training courses to enhance staff capabilities and mitigate the effects of high personnel turnover or key- person risk .Incident report and timely audit are also processed to ensure performance excellence. Additionally, TSD service is certified ISO27001 compliant, which serves to ensure that operational practices and controls surrounding IT 261 THAILAND infrastructure, equipment, and staff are in line with global IT security standards. Key Responsibility by Process: Process Responsible by Requirement Business User Plan IT & Business User Change Impact Analysis IT & Business User CAB Approve IT Design and Development IT Test IT & Business User Release IT Prepare for Close & Close Business User Key consideration An FMI’s board of directors should clearly define the roles and 2 responsibilities for addressing operational risk and should endorse the FMI’s operational risk-management framework. Systems, operational policies, procedures, and controls should be reviewed, audited, and tested periodically and after significant changes. Description Roles, responsibilities and framework Appointed by the SET Board, the Risk Management Committee has been established at the level of the whole exchange and its affiliates, including TSD It lays down .general risk policies applicable to the business and performance of the whole group of companies . 262 THAILAND The Risk Management Department of SET regularly monitors and reports the risk status to the management and TSD’s board and reports on risk operations to the Risk Management Committee and Audit Committee quarterly .In addition, the Risk Management Department continues to promote risk management culture among SET group executives and employees. TSD’s board focuses on the importance of risk management and approved risk management framework to effectively manage enterprise wide risk. The framework defines the roles and responsibilities for addressing every type of risks including operational risk . Systems, procedures and controls are reviewed by all risk owners periodically and after significant changes In 2017, TSD’s board has endorsed the operational risk management framework as a guideline of doing its business .The framework will be reviewed yearly .SET’s Risk management department is in charge of reporting the risk status to the TSD’s board. Review, audit and testing Realizing the importance of sufficiency and suitability of internal control at every level, the SET board has strongly supported management in setting up transparent working processes considering the segregation of duty, checks and balances, and control, as well as establishing a monitoring system to ensure that management’s corrective actions have been implemented .In addition, delegation of authority has been clearly determined and documented .The board appointed an audit committee to supervise and review SET group’s internal control system to ensure conformity with international standards. The internal audit department, an independent function, reports directly to the Audit Committee on audit matters, and to the SET president on administrative matters .The internal audit department is an important body to review, monitor and assess the operational work and its risks across all the SET group including TSD .The annual audit plan is approved by TSD board at the beginning of the year. As prescribed by the general risk policy of the risk management, the internal audit is responsible for auditing and evaluating the adequacy and effectiveness of the internal control systems according to SET’s annual audit plan, which has been developed using a risk-based approach .The audit findings and report following the audit findings have to be directly reported to the Audit Committee. 263 THAILAND The external audit is also an important body to evaluate and give managerial advice to the executives for any operational risk that may be faced by TSD. Under SET group, methodologies for systems development and program changes, specifying approval, testing and sign-off requirements, are used for applications developments or maintenance of existing programs . Changes to system software are authorized and widely tested with related parties for acceptance before launch. The external audit plays an important role in evaluating and giving managerial advice to the executives for any operational risk that may arise to the TSD especially for the issues that tend to have conflict of interest if it has to be audited by the persons in organization .For instance, SET normally uses external audit to do the penetration test in order to find the weaknesses of IT system. Key consideration An FMI should have clearly defined operational reliability objectives 3 and should have policies in place that are designed to achieve those objectives. Description TSD’s operational objective is to provide efficient and high standard depository services to the equities and bonds. Incident reports and audits findings are processed in a timely manner to ensure performance excellenceTSD .' s systems arewell-designed according to business needs while keeping robustness and resiliency of the system . To achieve these objectives, documentation such as user manuals, code of authorization are created. These documents are kept at TSD intranet . In addition, TSD encourages staff in all level to attend skill development training courses to ensure capabilities of TSD’s staff . System availability target has been identified at 99.95% and reported to the management on monthly basis. The actual system availability during period of 2015-2018 is 100%. To fulfill these objectives, TSD has implemented operational reliability procedures, i.e:. - Providing efficient and user- friendly system for depositors,with high capacity to support high volume of transactions. - Alternate sites to overcome any disastrous events, such as natural disasters, political upheaval, contagious diseases cyber security, etc., while smoothing regular businesses 264 THAILAND - Timely and regular testing of business continuity plans, with depositors, banks, BAHTNET, software vendors, etc. - Incident report and evaluation to determine and remedy any root causes - Upgrading any obsolete software, hardware to maintain its robustness - Backing up significant and historical reference of data, information, transactions, logs of all occurrence in depository system. Trained staff are available to achieve these objectives, with monitoring by the management, under a robust governance and legal framework, guiding the standards of operations. Key consideration An FMI should ensure that it has scalable capacity adequate to 4 handle increasing stress volumes and to achieve its service-level objectives. Description It is a standard IT process of SET group to run load test and stress test whenever there is a major change in the system, including TSD system . The process is to ascertain that the system is able to process higher volumes without any deterioration of performance standards. TSD systems meet international standards and offer state-of-the-art, speedy and safe technology to handle all transactions and rising levels of business activities . In addition, SET Group has made Service Level Agreement (SLA) with IT providers including network provider, system software provider and hardware provider to ensure that service availability target is met. IT operation monitors and reports to the executives on monthly basis on the result of workload capacity .The warning maximum limit at about 80 percent of the hardware capacity has been set up to give warning alarm to review the related system .IT audit will be conducted to ensure the appropriateness of the testing and monitoring. IT and TSD operations unit hold regular meeting to discuss about issues and system capacity as well. Key consideration An FMI should have comprehensive physical and information 5 security policies that address all potential vulnerabilities and threats. Description Physical security IT security policies have been implemented for all systems in the SET group including TSD’s depository system .The IT security guideline has been approved by Chief IT Officer .In addition, the group focuses on 265 THAILAND upgrading the operational level of its IT professionals according to global best practice in terms of information security )ISO 27001 (and reducing the risk of various threats to make the business run smoothly according to IT management standards )ISO 20000 .(This helps increasing efficiency and service to reduce operational cost and increase customer satisfaction .TSD uses international IT governance guidelines to develop applications for working system operations, determine IT security policy, and review work procedures to strike a balance between control and flexibility. Physical access controls are in place for all sensitive sites. Unauthorised personnel are denied access. The sites specified for special purpose, such as an alternate site for business continuity plan or disaster recovery plan, are prepared to control the accessibility .Only identified staff are assigned to run operations. Working areas for TSD system are separate from outsiders’ areas .The use of computer and its facilities are to be password logged-in, or automatically logged out when not being used for a certain period. Access control policies are established and access control software and monitoring procedures do exist to prevent inadvertent or unauthorized access to systems software, application programs and data. Information security Information, transactions, records of TSD activities can be accessed only by authorized personnel with user/password of their ownP .ersonnel are assigned a limited scope of access to each group of function .No entry to other functions is allowed. Data leakage prevention has been established by IT security for preventing any leak of data by monitoring the copying, retrieving, deleting of data. System or software developed by outside vendors has to comply with the SET security policy as well as being tested not to be harmful to the main functions. Information and records are backed up in a secured means of data storage, and stored in safe place on a daily bais in a timely manner. Critical systems including TSD systems are designed to be closed network systems, where members and participants can access only through proprietary network. 266 THAILAND Computer firewall has also been setup to protect TSD system from outside attempts to get access without permission. Automatic expiry of system users ’passwords is set in order to make sure that no unintentional user can learn to access the system data. Before deploying TSD system in production, it is mandatory to perform pilot testing with external parties in the production-like environment to ensure that the system will be able to run smoothly in production. Annual penetration tests are conducted across all TSD internet domains to identify and close any potential loopholes that could be exploited. Penetration test results and follow-up actions are reported to TSD board accordingly. Key consideration An FMI should have a business continuity plan that addresses events 6 posing a significant risk of disrupting operations, including events that could cause a wide-scale or major disruption. The plan should incorporate the use of a secondary site and should be designed to ensure that critical information technology (IT) systems can resume operations within two hours following disruptive events. The plan should be designed to enable the FMI to complete settlement by the end of the day of the disruption, even in case of extreme circumstances. The FMI should regularly test these arrangements. Description Objectives of business continuity plan As the important market infrastructure in the Thai capital market, the SET group including TSD realize the vital role to provide continuity of service for all core functions: trading, clearing and depository .Business Continuity Plan )BCP (exists to facilitate resumption of critical business functions in the event of a disaster .The Business Continuity Plan not only covers the loss of premises, critical persons, failure of information communication and technology, vital records, but also the arrangement to accommodate participants in case of loss of their site . To ensure continuity of services, there are a number of designated BCP staff who will work at the backup site. BCP test also includes commuting BCP staffs from main site to backup site. All necessary facilities and equipment including IT systems have are at the backup site. The Disaster Recovery Plan (DRP), is designated as part of the BCP plan. It focuses on the ability of system site failover from main site to backup site and alternate backup site during the day. Recovery Time Objective (RTO) 267 THAILAND have been set and tested in DRP to ensure that the system will be up and running at backup site within 2 hours. Both BCP and DRP test involves all TSD related parties such as depositors, custodian banks, settlement banks, Bank of Thailand and TCH. Backup site location is not publicly disclosed. Only SET Group staff are allowed to access the premise. Design of business continuity plan A business continuity plan, designed to provide reasonable assurance that processing of critical applications can continue, exists and is tested at least annually .There are backup facilities to enable the SET group to implement the plan. Data and software are backed up daily and stored in a secure off-site location .Back-up data communications capabilities for critical links exist and are tested regularly with related parties. Environmental control systems and an emergency power supply )generator (are in place at the data center .There is also an uninterruptible power supply )UPS.( The BCP assumes various necessary scenarios, with other related functions such as the banking system, the Bank of Thailand payment facilities and member connectivity . The assumption for BCP test each time has been set up for rehearsal covering plausible incidents, from natural disaster to specific failure of electrical power supply, prolonged network failure /downtime, or contagious disease spread over to one half of workforce .If the test of alternate site and back-up operational IT has been implemented, it is targeted that all data and transactions of critical functions will be recalled back to normal operation by no later than 2 hours .From the recent DRP test result, the TSD system can be recalled within 30 mins. For data resumption, all exchange’s main functions, including TSD, are all simultaneously backed up, enabling all transactions and data to commit real-time recovery .By the end of each day, data will be restored . 268 THAILAND Data reconciliation process has already been set with brokerage firms, custodian banks, depositors and TCH at the end of day. This includes the reconciliation of balance and transaction. TSD has set up call tree as the procedure for internal communication in disruption period and addressed a designated person to inform the situation with external party . The manual process has been designed as the last resort to ensure that TSD can continue its function as a security depository and registrar per depositors ’and shareholders ’request by keeping the manual at TSD intranet and providing request form for shareholders on TSD website so that all important documents can still be accessed during the period of disruption. Secondary site The SET group operates its own computer systems, at both primary and alternate sites .The alternate sites will be ready to be used for IT system, office supply and facilities. Its location is distant enough from the primary site and still accessible to the BCP team. TSD has set up call tree as the procedure for internal communication in disruption period and addressed a designated person to inform the situation with external party. The manual process has been designed as the last resort to ensure that TSD can continue its function as a security depository and registrar per depositors’ and shareholders’ request by keeping the manual at TSD intranet and providing request form for shareholders on TSD website so that all important documents can still be accessed during the period of disruption. Review and testing The SET group including TSD test the business continuity plan )BCP (with related parties, brokers, clearing members, depositors, settlement banks and the Bank of Thailand annually. The BCP test includes having alternative sites to handle and support operations in case of disruptive events .The BCP test covers the readiness of IT systems, operational staff, premises and facilities to perform all critical business functions such as trading, surveillance, clearing & settlement and depository functions, in order to seamlessly provide services to members / participants .The test 269 THAILAND is designed to be able to test the production and / or back-up run with the concerned parties ’backup and / or production, or vice versa .After the BCP testing, risk management department is responsible for reporting the test results to TSD Board. Moreover, internal audit department provides an independent view of their observation of BCP testing. Key consideration An FMI should identify, monitor, and manage the risks that key 7 participants, other FMIs, and service and utility providers might pose to its operations. In addition, an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs. Description Risks to the FMI’s own operations Risks that depositors may pose to its operations are mitigated by regular test of business continuity plan and disaster recovery plan .The test involves all related parties including depositors, brokerage firms, custodian banks, settlement banks, Bank of Thailand, TCH and telecommunication providers. Currently, TSD has not outsourced to any external service provider. Risks posed to other FMIs At present, TSD has linkage with TCH who acts as CCP and Bank of Thailand for the settlement of funds leg for DvP 1 transactions. TCH which is a SET subsidiary uses the same Business continuity arrangement as TSD .While the Bank of Thailand and SET group, TSD and TCH also conduct the BCP test together every year. IT systems have been designed and implemented for full redundancy in every system component to ensure no single point of failure. Backup site and all necessary facilities and equipments have already been prepared and ready for use when BCP is activated. Key conclusions The TSD has an operational risk management framework in place consisting of systems, policies, procedures, and controls to identify, monitor, and manage operational risks. This is made part of the enterprise-wide risk management (ERM) framework of the SET Group with the risk management department (RMD) of the SET responsible for its implementation. The RMD of SET, reports to the TSD Board and to the risk management committee (RMC) of the SET Board. Its procedures ensure scalable capacity adequate to handle increasing volumes. Operational reliability targets have been set at 99.95% of system availability. ISO 27001 for IT security and ISO 23001 for business continuity management have been implemented. Policies for physical and information security policies are in place. A BCP is in place, as well as a 270 THAILAND secondary site. The BCP is tested on an annual basis with all relevant stakeholders including the BOT and TCH. The RTO is 2 hours. Cyber security measures include carrying out penetration tests. Assessment of Broadly Observed Principle 17 Recommendations It is recommended to include specific scenarios and carry out periodical and comments tests to ensure completion of securities settlement taking into account interdependencies between TSD, BAHTNET and TCH. TSD should identify both direct and indirect effects on its ability to process and settle transactions in the normal course of business and manage risks that stem from an external operational failure of connected FMIs. These scenarios should also capture the effects transmitted through its participants, which may be participants in BAHTNET and TCH. TSD should also identify, monitor, and manage the risks it faces from and poses to BAHTNET and TCH.Further, if any infrastructure and resources of SET are being shared by TSD, the same should be segregated for exclusive use by TSD. Principle 18. Access and participation requirements An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair and open access. Key consideration 1 An FMI should allow for fair and open access to its services, including by direct and, where relevant, indirect participants and other FMIs, based on reasonable risk-related participation requirements. Description Participation criteria and requirements TSD has only direct participants. TSD allows fair and open access to its services and has publicly announced the depositor admission criteria in its websites, under the rules and regulations . TSD will request the applicant to submit the required legal documents and also the license that applicant obtained from their own regulator to verify if they meet the regulations applicable to depositors. In general, a depositor must have a system that can be connected to TSD’s system and must be a person who is permitted to be a depositor by TSD which TSD’s rule has clearly defined as follows: (1) the Bank of Thailand; (2) securities companies; (3) financial institutions under the law governing financial institution businesses; 271 THAILAND (4) life or non-life insurers under the law governing life or non-life insurance; (5) juristic persons operating a business as a mutual fund trustee, representative of debenture holders, custodian of securities, and issuer of depository receipts; (6) juristic persons operating a business as a depository center; (7) juristic persons operating a business as a clearing house; (8) juristic persons operating a business as a bank established under a foreign law and having no branch office or representative in Thailand; (9) juristic persons issuing securities/underlying securities of other securities and keeping in custody the securities they issued and the underlying securities; (10) juristic persons having an agreement to execute the following acts: )10.1 (sell, distribute, dispose, transfer or exchange securities to a buyer or transferee related to the aforementioned juristic person as its staff member, employee, securities holder or other persons with similar characteristics, and such juristic person is assigned to be a custodian of the securities of the buyer or the transferee under any one of the conditions which TSD deems appropriate that services provided by TSD shall be used; and )10.2 (provide loan to the buyer or the transferee for the purpose of buying or taking the transfer of securities under )10.1(; (11) juristic persons established by a specific law; and (12) other juristic persons as prescribed by TSD. TSD Regulation, Chapter 300 Depositors - clause 301 https://www.set.or.th/dat/content/rule/en/(03)Chapter300Depositors_Ef f20170906.pdf Access to trade repositories Not applicable. Key consideration 2 An FMI’s participation requirements should be justified in terms of the safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk control standards, an FMI should endeavour to set requirements that have the least-restrictive impact on access that circumstances permit. Description Justification and rationale of participation criteria 272 THAILAND Membership criteria such as legal requirements, operational capability and IT readiness are laid down in order to make sure that a depositor is not inducing any risk to TSD and is regulated in order to ensure investors ’asset protection. All participation requirements are risk-based and take into account legal, fianncial, operational and IT requirements. Any entity meeting these criteria is eligible to become a depsoitor. All TSD depositors subject to the same access criteria. Least restrictive access The access requirements are determined by TSD board and are approved by SEC to ensure fairness .TSD will review the depositor admission rules when: 1. rules are no longer applicable or necessary; 2. there is a significant change to TSD service . In addition, when TSD finds that a participant is disqualified due to the revocable of licenses from the relevant regulator (TSD is notified by regulators), TSD will revoke system access from the depositor and followed by the termination of depositor. Disclosure of criteria The criteria of TSD depositor as well as the roles and responsibilities are given in the rules and regulations and also disclosed in TSD website. Key consideration 3 An FMI should monitor compliance with its participation requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a participant that breaches, or no longer meets, the participation requirements. Description Monitoring compliance TSD has a procedure of checks and balances with the depositors on every business day. TSD rules state that it is the depositor’s obligations to check the accuracy of the information on the balance of securities and the conduct of transactions in the report delivered by TSD to the depositor .In case where any information is inaccurate, incomplete, or not up-to-date, the depositor shall notify the TSD of the matter within 273 THAILAND the next business day of the date the depositor is aware of such inaccuracy . In term of IT risk, depositors must configure their system as per TSD standards .Based on the configuration, depositors will be able to access services they requested only. In addition, IT staff monitors the status of connection regularly. Apart from above, TSD rules indicate other duties of depositors such as the need to comply with the law on securities and exchange, to submit any information as requested by TSD and to pay fees, fines, or other expenses as prescribed by TSD etc. In case a breach has been found, TSD has the right to penalize such as warning, limiting the scope of use of TSD’s services, temporary suspension and also termination of participation. TSD has dedicated staff to support the depostiors, to respond to depositors’s queries, and to ensure that the depositors have followed the rules. TSD Regulation, Chapter 300 Depositors - clause 303.02 )2)-(4( https://www.set.or.th/dat/content/rule/en/(03)Chapter300Depositors_Ef f20170906.pdf Notification of TSD Re :System Connected to TSD https://www.set.or.th/dat/content/rule/en/TSDNotificationresystemcon nectedtoTSD_EN.pdf Suspension and orderly exit If any depositor is in violation of or non-compliance with Securities and Exchange Act, SEC’s regulations, TSD’s rules, circular letters or orders, TSD may impose any of the following penalties: (2) warning; (3) probation; (4) fine; (5) limitation of the scope of its use of TSD’s services; (6) temporary suspension of the provision of TSD’s services; (7) termination of being a depositor; and (8) any act that TSD deems as inappropriate. 274 THAILAND In the event that a depositor is terminated, TSD discloses the order to terminate due to any of the following events to the depositor: (1) is not qualified as a depositor; (2) fails to pay any fees or expenses to TSD for two consecutive periods; (3) is unable to operate its business as it was ordered to suspend business operation or is under receivership or is bankrupt or by other similar reasons; and (4) is under liquidation for dissolution. In this regard, when TSD suspends or terminates a depositor, TSD will inform the penalty of membership to such depositor and others, as well as publicly announce the penalty through appropriate channels. As Termination as a depositor are from 2 feasible causes below, TSD will use different procedures to manage the termination as follows: (1) upon request of the depositor, which depositor is required to notify TSD in advance, withdraw or transfer all of its securities account and TSD will then inform the termination and close all securities accounts of such depositor. (2) by the order of TSD, which depositor is required to submits/records the list of securities owners to TSD so that TSD would communicate to the registrar to issue securities certificate . TSD Regulation, Chapter 300 Depositors - clause 305 https://www.set.or.th/dat/content/rule/en/(03)Chapter300Depositors_Ef f20170906.pdf Key Conclusions The access criteria of the TSD allow for fair and open access to its services based on reasonable risk-related participation requirements. The TSD has publicly disclosed its access criteria and the procedures facilitating the suspension and orderly exit of a participant that no longer meets the participation requirements. Each individual participant’s performance and compliance is monitored on an ongoing basis by a designated TSD staff member. Assessment of Observed principle 18 Recommendations and comments 275 THAILAND Principle 19. Tiered Participation Arrangements An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation arrangements. Key consideration 1 An FMI should ensure that its rules, procedures, and agreements allow it to gather basic information about indirect participation in order to identify, monitor, and manage any material risks to the FMI arising from such tiered participation arrangements. Description Tiered participation arrangements Risks to the FMI Not applicable Key consideration 2 An FMI should identify material dependencies between direct and indirect participants that might affect the FMI. Description Key consideration 3 An FMI should identify indirect participants responsible for a significant proportion of transactions processed by the FMI and indirect participants whose transaction volumes or values are large relative to the capacity of the direct participants through which they access the FMI in order to manage the risks arising from these transactions. Description Not applicable Key consideration 4 An FMI should regularly review risks arising from tiered participation arrangements and should take mitigating action when appropriate. Description Not applicable Key conclusions Assessment of Not applicable Principle 19 Recommendations and comments 276 THAILAND Principle 20. FMI Links An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link- related risks. Key consideration 1 Before entering into a link arrangement and on an ongoing basis once the link is established, an FMI should identify, monitor, and manage all potential sources of risk arising from the link arrangement. Link arrangements should be designed such that each FMI is able to observe the other principles in this report. Description TSD has no link with foreign FMIs. TSD has only link with 1 local FMI, namely TCH, who acts as the sole CCP in Thailand. The rationale for established the link is to facilitate the securities settlement in Thailand since TSD is the sole CSD in Thailand. Arrangements have been established among the links. All material perspectives have been addressed in legal agreements under Thai law for examples, duties and liability, operational process, services schedule, reporting, fee and confidentiality etc. Finality of securities settlement has also been clearly stated in the rules and regulations: • TSD shall transfer securities in accordance with clearing report prepared by TCH and within the securities delivery period designated by TCH. • The transfer of securities shall be valid when TSD has correctly, based on TCH’s report, delivered securities of the depositor or the depositor’s customer who has the duty to deliver securities to TCH; and delivered such securities from TCH to the depositor or the depositor’s customer who is entitled to take such delivery; • TSD shall record such transaction in the securities account of the depositor when receiving confirmation of the settlement from TCH. • When the transfer of securities becomes valid, the depositor may not revoke such transaction; • Regular IT audit includes monitoring compliance of the link; • BCP and DRP test cover the link between TSD and TCH in order to mitigate operational risk. • TSD has no exposure to any credit risk and liquidity risk due to the link. 277 THAILAND • Regulation Chapter 400 Securities Accounts, Deposit, Withdrawal, Transfer and Cancellation of a Deposit of Securities • Agreement between TSD and TCH Key consideration 2 A link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the FMIs involved in the link. Description TSD has only link with 1 FMI in Thailand, namely TCH, who acts as the sole CCP in Thailand. Thus, the entire legal basis for the link is based on Thai law. Key consideration 3 Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. Any credit extensions between CSDs should be covered fully with high quality collateral and be subject to limits. Description Not applicable as TSD does not link with other CSD. Key consideration 4 Provisional transfers of securities between linked CSDs should be prohibited or, at a minimum, the retransfer of provisionally transferred securities should be prohibited prior to the transfer becoming final. Description Not applicable as TSD does not link with other CSD. Key consideration 5 An investor CSD should only establish a link with an issuer CSD if the arrangement provides a high level of protection for the rights of the investor CSD’s participants. Description Not applicable as TSD does not link with other CSD. Key consideration 6 An investor CSD that uses an intermediary to operate a link with an issuer CSD should measure, monitor, and manage the additional risks (including custody, credit, legal, and operational risks) arising from the use of the intermediary. Description Not applicable as TSD does not link with other CSD. Key consideration 7 Before entering into a link with another CCP, a CCP should identify and manage the potential spill-over effects from the default of the linked CCP. If a link has three or more CCPs, each CCP should identify, assess, and manage the risks of the collective link arrangement. Description Linked CCP default Collective link arrangements (three or more CCPs) N/A – Applicable to CCP only Key consideration 8 Each CCP in a CCP link arrangement should be able to cover, at least on a daily basis, its current and potential future exposures to the linked CCP and its participants, if any, fully with a high degree of confidence without reducing the CCP’s ability to fulfil its obligations to its own participants at any time. Description Exposures and coverage of exposures 278 THAILAND N/A – Applicable to CCP only Management of risks Information provided to participants Key consideration 9 A TR should carefully assess the additional operational risks related to its links to ensure the scalability and reliability of IT and related resources. Description N/A – Applicable to TR only Key conclusions TSD has a link with TCH to facilitate the settlement of exchange traded securities. TSD is not exposed to any credit or liquidity risk in this link arrangement, as the settlement of exchange traded securities is done by TSD on a free-of-payment basis, with TCH as the CCP bearing the counterparty credit and liquidity risks. Link related operational risks are mitigated through regular IT audit to monitor compliance and subjecting the link arrangement to BCP and DR testing. Assessment of Observed Principle 20 Recommendations and comments Principle 21: Efficiency and effectiveness An FMI should be efficient and effective in meeting the requirements of its participants and the markets it serves. Key consideration 1 An FMI should be designed to meet the needs of its participants and the markets it serves, in particular, with regard tochoice of a clearing and settlement arrangement; operating structure; scope of products cleared, settled, or recorded; and use of technology and procedures. Description In order to serve depositors ’needs, TSD carefully considers the requirements, necessity and demand for operational systems or procedural implementation with depositors before the launch .By setting a session to conduct a focus group, such as through professional clubs /association vendors forum and hearing session from the whole group of depositors, TSD can get views, requirements and problems to be considered for the development. Meeting with depositors are regularly arranged on quarterly basis or more frequently if there are major developments. The review of the efficiency and effectiveness of plans and procedures are also undertaken by surveying through customer satisfaction 279 THAILAND surveys . From the survey, TSD can note concerns from depositors and the level of seriousness .These statistics and issues will then be raised to executives to handle policy issues. Most of comments and suggestions are always useful for improving the process through executives ’meetings, in various forms of committees, such as business development, strategic risk management, governance, product development, etc. Systems and services that TSD provides are • Scripless system for the participant to transact their securities business; • DVP 1 model of settlement for OTC Bond (Corporate and Government Bond) trades. • Exchange traded settlement – free of payment transfer done by TSD based on TCH settlement instructions. • Platform for o creation and redemption ETF units o SBL services to facilitate the CCP settlement coverage. • As the member of ANNA, TSD issused ISIN and CFI* for Thai capital market. • Registrar services to issuers and investors The consideration on issue of depositor’s needs also includes service fees and costs that will affect the industry .The basics for laying down fees charged to depositors will be based on reasonable and competitive costs . In addition, data on depository services, the progress of business development plan and major incident event will be reported to TSD Board on quarterly basis in order to ensure efficiency and effectiveness of services operated. For example 21 transactions were flushed out of the system during 2016-2018 as compared to the total number of settled settlement transactions during 2016-2018 at 332,396. TSD surveys customer’s needs annually, and also gets the feedback from member through every session of the focus group. 280 THAILAND Once TSD has received the feedback, the analysis and summary will be further processed and then proposed to TSD management team (the meeting has been set-up on monthly basis) and TSD Board (the meeting has been set-up on quarterly basis). After that, a member meeting is arranged to report the result and the solutions in response to the comments and recommendations. Key consideration 2 An FMI should have clearly defined goals and objectives that are measurable and achievable, such as in the areas of minimum service levels, risk-management expectations, and business priorities. Description As a sole central depository in Thailand, TSD aims to provide services with effectiveness, promote continuing development and match its service towards i.e. international standard, business priorities, sound risk management and appropriate technology. The Charter of the TSD Board provides explicit references to the PFMI https://www.set.or.th/tsd/en/about/files/TSD_Board_Charter_EN.pdf To ensure the effectiveness on the imposing the fee, TSD always conduct comparative study with international markets and consider it together witht the cost. In case it is necessary to raise the existing or introduce new fee, TSD will discuss first with the focus group and then bring it to the member hearing if it is possible, TSD will propose to the TSD Board for the approval and modify the rules regarding the fee and also inform SEC before the implementation. TSD has a long-term, medium-term and short-term goal regarding its objectives. Each year, TSD communicates the plan with depositors, proposes and consults in detail. Depositors can raise issues of their concerns and TSD will incorporate their comments before posting a timeline. Once all plans are listed out, TSD will prioritize them based on priority and TSD resources, then request for depositor’s requirements and develop the service. During the development time, depositors will get updated regularly. Before launching new service, depositors will test with TSD to ensure that all system involving in the process work smoothly. The TSD’s system availability is set at 99.95%. Key consideration 3 An FMI should have established mechanisms for the regular review of its efficiency and effectiveness. Description TSD conducts customer satisfaction survey annually from depositors’ top management and staff level. The survey comprises of two types of service: 281 THAILAND • Securities depository • Counter service In each service, there is 6 measurements. • Overview • Operational system • Quality of service • Information dispersion • Staff service • Others: Open-ended questions/recommendations The review of the efficiency and effectiveness of plans and procedures are undertaken by surveying through customer satisfaction surveys . From the survey, TSD can note concerns from depositors and the level of seriousness .These statistics and issues will then be raised to executives to handle policy issues, if necessary. The comments and suggestions are always useful for improving the process through executives ’meetings, in various forms of committees, such as business development, strategic body, risk management, governance, product development, etc. In addition, data on depository services, the progress of business development plan and major incident event will be reported to TSD Board on quarterly basis in order to ensure efficiency and effectiveness of services operated. Key conclusions The TSD has arrangements in place to consult its participants on a regular basis and address their needs in the design of its services. Participants are consulted before making any changes either to the policies or to the systems through focus group meetings, including the fees for TSD services. A customer satisfaction survey is also carried out periodically. The TSD Board monitors on a quarterly basis the implementation of the business plan, incidents and their management and operational reliability of the systems. Assessment of Principle Observed 21 Recommendations and comments 282 THAILAND Principle 22: Communication procedures and standards An FMI should use, or at a minimum accommodate, relevant internationally accepted communication procedures and standards in order to facilitate efficient payment, clearing, settlement, and recording. Key consideration 1 An FMI should use, or at a minimum accommodate, internationally accepted communication procedures and standards. Description Communication procedures At present, communication channels between TSD and relevant parties are conducted via four main channels: 1. Web browser via HTTPS –web-based application on a secured network where depositor can send any transactions/receive confirmations to/from TSD; 2. SET portal allows member to send or receive files to/from TSD*; 3. API message allows depositor to send service instruction to TSD and receive message response; 4. SWIFT message –channel for depositor to send instruction and receive confirmation/notification for OTC bond settlement and receive corporate actions information through SWIFT network. Apart from this, there is also a specific linkage to the central bank’s BAHTNET system for real-time gross settlement transactions. *SET portal functions similarly with web application but has capacity to support the transfer of file with large size . No cross-border operation has been undertaken by TSD. Communication standards For reference data perspectives, TSD has also adopted International Securities Identification Number (ISIN)* for identification of securities deposited in TSD system and Bank Identifier Codes (BIC) for the identification of counterparties in order to communicate with depositors. TSD provides SWIFT communication for depositors who prefer international channel/standard. Local depositors have options to upload bulk transactions into CSD system or to use API message in 283 THAILAND proprietary standard format with CSD based on their system preferences. *TSD is also ANNA (Association of National Numbering Agencies) member to provide the services of accepting registration information of financial instruments such as shares, bonds and derivatives, and then issuing the codes that uniquely identify these instruments. Key conclusions The TSD uses both domestic and internationally accepted communication procedures and standards to ensure effective communication between it and its participants. These include: (i) web browser via HTTPS through a secured network; (ii) API messaging allowing depositors to send service instruction to TSD and receive message response; and (iii) SWIFT messages for confirmation/notification for OTC bond settlement and corporate actions information. ISIN standards are used for identification and numbering of securities. Assessment of Observed Principle 22 Recommendations and comments Principle 23: Disclosure of rules, key procedures, and market data An FMI should have clear and comprehensive rules and procedures and should provide sufficient information to enable participants to have an accurate understanding of the risks, fees, and other material costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly disclosed. Key consideration An FMI should adopt clear and comprehensive rules and procedures 1 that are fully disclosed to participants. Relevant rules and key procedures should also be publicly disclosed. Description Rules and procedures Documents comprised TSD’s rules and procedures are fully disclosed to participants: • Rules • Announcement • Circulation • Contractual agreements • Handbooks and guides • General information • Statistics 284 THAILAND Before the enforcement date, they are circulated to all depositors in advance .The information is disclosed in the TSD website : www.set.or.th/tsd .These also include hearing presentation, general information, news and public relations relating to CSD . TSD provides some specific information such as user manuals, test scenarios, test result reports, circular letters to depositors through internal web portal or emails . Username and password is needed to retrieve such information . To ensure that TSD rules and procedures are clear and comprehensive, the process for formation or changing its rules is reviewed by both internal and external entities .TSD sets regular meetings with depositors to communicate new plans, regulatory changes, new system launching, and also gather views and comments from them .TSD has sometimes conducted meetings with some focused groups, who have significant impact from rule change, to make sure that they can serve requirements. The internal process includes reviewing and cross checking by legal staff and operation staff . As SET subsidiary, TSD has SET legal department to conduct the necessary legal analysis and, where required, TSD always consults with the relevant agencies to ensure that its regulations are consistent and enforceable under the relevant Thai law . Apart from this, according to clause 36 of SEC regulation )No .Tor Thor . 32/2559(, proposed amendments to the rules of securities depository shall come into force upon approval of the Capital Market Supervisory Board who will consider the suitability of the amendments based on the investor protection, fairness, transparency, and any risk related to post- traded service . Tor Thor .32/2559, Clause 36 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Statistics https://www.set.or.th/tsd/en/download/statistic.html Disclosure TSD rules and notifications provide the procedures that TSD will undertaken under non-routines events which are notified to its depositors through the circulars and are available on TSD website. 285 THAILAND The emergency situations affecting the operation (ie. natural disaster, incident due to policy of government / regulatory agency, problems in the processing system of the communication system and other events that may affect the TSD’s depository system), and actions of TSD upon occurrence of such event (ie. stop providing services, change the procedures and conditions, amend or cancel particular transactions in the depository system, etc.) have been clearly defined. In addition, TSD has stated its responsibility for the outcome of actions for resolving the emergency situations and its remedial actions so that the depositor is aware of the impacts and risks that it may have to bear from the consequence of TSD actions under such event. TSD regulation, Chapter 600 Securities Depository System Disruptions https://www.set.or.th/dat/content/rule/en/06_TSD_RegulationsChapter60 0_240815EN.pdf TSD regulation, Chapter 300 (Securities Depository) Depositors https://www.set.or.th/dat/content/rule/en/(03)Chapter300Depositors_Eff2 0170906.pdf Key consideration An FMI should disclose clear descriptions of the system’s design and 2 operations, as well as the FMI’s and participants’ rights and obligations, so that participants can assess the risks they would incur by participating in the FMI. Description System designs and operations are described in document form as a user manual .Depositors will receive from direct email or can retrieve from web portal for future references .To be a depositor, an applicant has to take a test and will be trained for the process and procedures, where TSD can evaluate risks or impacts from its operational system. With respect to securities depository, TSD has disclosed the degree of discretion it can exercise over key decisions that directly affect the operation of the system, depositors’ right and responsibility in its rules. In case where TSD takes any appropriate acts under its rules and procedures for the purpose of resolving the situation, the depositor shall neither claim a compensation for any damage which is or might be caused by such action, nor do anything which is an opposition to or non- cooperation with TSD in this regard. In applying for becoming a TSD depositor, applicant agrees to abide and comply with TSD rules defining their rights and obligations. 286 THAILAND TSD regulation, Chapter 600 Securities Depository System Disruptions https://www.set.or.th/dat/content/rule/en/06_TSD_RegulationsChapter60 0_240815EN.pdf TSD regulation, Chapter 300 (Securities Depository) Depositors https://www.set.or.th/dat/content/rule/en/(03)Chapter300Depositors_Eff2 0170906.pdf Key consideration An FMI should provide all necessary and appropriate documentation 3 and training to facilitate participants’ understanding of the FMI’s rules and procedures and the risks they face from participating in the FMI. Description TSD has set up regular training courses to members every time there is a major change or launching new services, including procedural implementation .The training is widely conducted for all concerned parties and depositors who have direct concern on the change. Depositors are able to recheck their understanding to the regulations, procedures from the TSD’s simplified version of some rules .The intensive training to members is set up, if necessary, for their full understanding and ability to proceed .Any regulatory announcements are well prescribed into the format of guidelines, timetable, step-by-step process, making it easy to follow. Each depositor has been assigned responsible TSD staff person .In case a depositor needs a clarification on rules, procedures and risks, depositor can contact the main staff .When question arises, TSD will provide clarification promptly . Where depositors breach the TSD rules due to lack of understanding or human error, TSD may issue a warning letter or impose fine to such depositor in order to emphasize depositor duties, raise the awareness of cost arising from such mistake, and recommend good practices according to TSD rules .If necessary, one-on-one meeting might be set- up to help clarify the understanding on rules and notifications, find root cause as well as the procedure to prevent the breach. Key consideration An FMI should publicly disclose its fees at the level of individual 4 services it offers as well as its policies on any available discounts. The FMI should provide clear descriptions of priced services for comparability purposes. Description TSD has publicly disclosed their fees, fines and associated expenses charging to depositors in the websites. For the process of fee change or fee setting for new service, TSD conducts a hearing meeting and depositors must agree for the fee before they are implemented. If any 287 THAILAND exclusive discounts or specific fees in some special cases will be used, they must be proposed to the board for approval before launching. Notification of Thailand Securities Depository Company Limited Re: Fees and Expenses in Relation to Depositors https://www.set.or.th/dat/content/rule/en/TSD_Depository_Notification_F eesDepositors_Nof23122015Eff04012016EN.pdf All fees and fines are to be reviewed and approved by the TSD board before launching. TSD has compared the relevant costs to determine competitive prices. TSD provides enough information of fees and expenses related to TSD via its notification for depositors so they are able to compare the fees across similar FMIs. Notification of Thailand Securities Depository Company Limited Re: Fees and Expenses in Relation to Depositors https://www.set.or.th/dat/content/rule/en/TSD_Depository_Notification_F eesDepositors_Nof23122015Eff04012016EN.pdf Key consideration An FMI should complete regularly and disclose publicly responses to 5 the CPSS-IOSCO disclosure framework for financial market infrastructures. An FMI also should, at a minimum, disclose basic data on transaction volumes and values. Description TSD has disclosed its CPSS-IOSCO disclosure framework for the PFMI both qualitative and quantitative in English language version on TSD website and annual report. The update to the CPSS-IOSCO disclosure framework will be carried out on a regular basis. https://www.set.or.th/tsd/th/files/TSDdisclosureforPFMI_2018_v2.pdf Apart from the rules and regulations disclosed on TSD website, public are provided information on the description of business services of CSD, development plans, and significant statistics such as number/value of securities deposited in the securities depository system, number of companies/securities/shareholders in the securities registration system, number of investors/securities under e-dividend service, etc .This information is disclosed in annual report, both in Thai and English version . 288 THAILAND ISIN code and CFI (Classification of Financial Instruments) code issued by TSD has been provided on TSD website and updated on the daily basis . Participant name list has been also provided the website and updated as soon as the profile takes effect. Key conclusions The TSD publicly discloses its rules, regulations and fee structure. System design details are shared with the participants in user manuals. The TSD in August 2018 has updated its responses to the CPMI-IOSCO Disclosure Framework for FMIs, which enable participants to assess the risks they incur by participating in the CSD/SSS. The TSD website also contains statistics. The TSD provides training and information to its participants. Fees are also publicly disclosed. Assessment of Observed Principle 23 Recommendations and comments Principle 24: Disclosure of Market Data by Trade Repositories A TR should provide timely and accurate data to relevant authorities and the public in line with their respective needs. Key consideration 1 A TR should provide data in line with regulatory and industry expectations to relevant authorities and the public, respectively, that is comprehensive and at a level of detail sufficient to enhance market transparency and support other public policy objectives. Description Not applicable Key consideration 2 A TR should have effective processes and procedures to provide data to relevant authorities in a timely and appropriate manner to enable them to meet their respective regulatory mandates and legal responsibilities. Description Not applicable Key consideration 3 A TR should have robust information systems that provide accurate current and historical data. Data should be provided in a timely manner and in a format that permits it to be easily analyzed. Description Not applicable Key conclusions Assessment of Not applicable Principle 24 Recommendations and comments 289 THAILAND D. SEC responsibilities Responsibility A: Regulation, Supervision, and oversight of FMIs FMIS should be subject to appropriate and effective regulation, supervision, and oversight by a central bank, market regulator, or other relevant authority Key consideration 1 Authorities should clearly define and publicly disclose the criteria used to identify FMIs that should be subject to regulation, supervision, and oversight. Description The criteria to identify clearinghouse who acts as central counterparty )CCP( and central securities depository )CSD( in Thailand are defined in the Securities and Exchange Act) SEA(, Derivatives Act )DA.( Under section 219 and 220 of the SEA, a central securities depository means a center where services for the deposit and withdrawal of securities including related services for the purpose of account clearing are provided. No person shall operate the business of a central securities depository unless a license has been obtained from the SEC . A clearinghouse means a center where services for the settlement of traded securities including related services are provided .No person shall operate the business of a clearing house unless a license has been obtained from the SEC . Under section 3 of the DA, a derivative clearinghouse means any center or network where services for clearing and settlement of obligations under derivatives are provided as an ordinary course of business, and has been licensed or registered under this Act, excluding any center or network with the characteristics as specified in the notification of the SEC. Any obligations either as a counterparty or through novation in a securities trading agreement or a derivative transaction by the clearinghouse, if undertaken in accordance with the clearinghouse’s rules as approved by the Capital Market Supervisory Board, shall be legally binding and enforceable by law. All relevant laws and regulations are published and available on the SEC website . SEA Section 219, 220,223/1 DA Section 4, 80 290 THAILAND http//:www.sec.or.th/EN/Pages/home.aspx Key consideration 2 FMIs that have been identified using these criteria should be regulated, supervised, and overseen by a central bank, market regulator, or other relevant authority. Description The Thailand Clearing House Co., Ltd) TCH (acts as a CCP for exchange-traded securities and derivatives transactions, and a securities settlement system )SSS (for securities traded on SET, and the Thailand Securities Depositories Co., Ltd )TSD( acts as a CSD for all securities, and SSS for debt securities traded on over-the-counter market. The SEC uses criteria in key consideration 1 .to identify CCP, SSS, and CSD that should be regulated. The SEC is responsible for the supervision of CCP, SSS, and CSD, and establishes a clear basis to ensure compliance with the rules which aim at the proper functioning, integrity, and transparency of FMIs .BOT is responsible for supervision on payment system including the funds leg for securities transactions .Both SEC and BOT provide their oversight framework in the website .The SEC regulatory and supervisory framework adopting the PFMI is available at https://www.sec.or.th/TH/MarketProfessionals/secondarymarket/Docu ments/FMI.pdf. The SEC exercises close and continuous oversight and supervision over TCH/TSD based on the Principles for Financial Market Infrastructures )PFMI( to ensure safety, efficiency, transparency of the clearinghouse, and depository function .The powers are laid down in Section 223 of SEA. Further, Section 19 of SEA, empowers SEC office with Section 264 of SEA empowering staff of SEC to carry out supervision. Scope of the responsibilities of the SEC includes : 1) Licensing requirements to ensure fit and proper organization and management a) Securities :A securities clearinghouse and depository must apply for licenses for conducting the businesses .However, no licenses are required for the SET or a company held by SET with not less than 75 %of total shares to operate such businesses . Such company must be approved by the SEC board before launching the activities . 291 THAILAND b) Derivatives :A derivative clearinghouse must have qualification as prescribed in the notifications such as minimum capital and financial resources, director qualification, capability in undertaking the business operation. 2) Making regulations for supervising CCP/CSD services 3) Approving TCH/TSD ’s rules and practices before coming into effect. 4) Regular off-site monitoring on risk management and system security 5) Periodic assessment against the international standards and on-site inspection to ensure observance of the principles 6) Take appropriate and timely actions to remedy the deficiencies within the time frame consistent with the impact of risk, concerns, and other issues associated with identified gaps. SEA Section 153)2( Khor .Dor .21/2552 http://capital.sec.or.th/webapp/nrs/data/4764se.pdf The SEC carries out ongoing monitoring of the performance of the FMI against the international standards, and conducts a gap analysis . If a gap is identified, it will be reported to the high-level management to explore the ways to close the gap .The comments from last FSAP are also taken into policy consideration .For example, the SEC has amended the SEA: 1. to enhance power of the SEC to regulate the clearing house and the central securities depository undertaken by the SET by requiring the TCH/TSD to comply with the SEC regulations, which in the past TCH/TSD were not subjected to comply with . 2. To protect customer assets in case of brokerage firms or TCH’s participants bankruptcy . The SEC regularly communicates with the TCH/TSD/SET board of directors both formally and informally to encourage them to take appropriate actions to close the gap such as the elimination of debit balance in depository system . Moreover, upon the MoU, there is a formal communication between the SEC and the BOT at least once a year on policies, regulation, and exchange of information to avoid any gaps which may occurs . Key conclusions for The criteria to identify clearinghouse who acts as central counterparty Responsibility A )CCP( and central securities depository )CSD( in Thailand are defined in the Securities and Exchange Act) SEA(, Derivatives Act )DA .(Entities identified as securities clearing houses and securities depositories 292 THAILAND under the SEA are under the supervision and regulation of the SEC. TSD and TCH are subject to appropriate supervision and regulation by SEC. The SEC has publicly disclosed its adoption of PFMI in carrying out the supervision and regulation of the two FMIs. Assessment of Observed Responsibility A Recommendations and comments Responsibility B: Regulatory, supervisory, and oversight powers and resources Central bank, market regulators, and other relevant authorities should have the powers and resource to carry out effectively their responsibilities in regulating, supervising, and overseeing FMIs. Key consideration1 Authorities should have powers or other authority consistent with their relevant responsibilities, including the ability to obtain timely information and to induce change or enforce corrective action. Description The SEC has oversight powers over the clearinghouse (CH) and CSD as follows: Issues Securities Derivatives Making regulations Section 223 of SEA Section 76 of DA Approval of CH/CSD’s SEC’s regulations Section 89 )Section rules )Tor .Thor .32/2559 63( no.36( Report submission by SEC’s regulations SEC’s regulations TCH/TSD such as )Tor .Thor .32/2559 ) Tor .Thor .31/2559 financial statement, no.27,32,41,48 / no.20,35,37,42/ system test, BCP, stress Sor .Thor .29/2539 no.4( Sor .Thor .30/2559 test, crisis management no.4( Onsite inspection Section 264) 1 (of SEA Section 103) 1( of DA Taking actions in case of Section 292 of SEA Section 116 of DA failure to comply with SEC’s regulations regulations Taking actions in case of Section 186 of SEA, Section 79,88,89 )65( severe event that impact SEC’s regulations of DA TCH/TSD system )Tor .Thor .32/2559 no.39( 293 THAILAND *In the previous FSAP in 2008, the SEC did not have the legal powers to directly regulate and supervise CSD and CH which are SET’s subsidiaries. TSD and TCH were not required to comply with SEC regulations, but only required to submit their rules for approval. Consequently, the SEC has amended Section 224 of the SEA to enhance oversight powers over SET’s subsidiaries which perform CSD and CH functions. The law and regulations as prescribed allow the SEC to obtain the information in a timely manner and without any constraints. The SEC requires TCH to submit A monthly report on stress test result, financial adequacy and margin requirement, default settlement . A prompt report on use of financial resources via email, and explanation of the reason the situation occurs within 3 days A quarterly report on risk management and disciplinary action . Both TCH and TSD are also required to submit A report on the evaluation of its business continuity plan, and system audit every year An annual balance sheet, profit and loss statement and auditor’s reports. An incident management report )such as system failure and cause severe impact (by oral or email urgently and also inform the root cause of such incident in writing within 90 days. The TCH and TSD are required to report to the SEC on any material changes in computer system, and financial conditions relating to clearing, settlement and depository services to ensure that the overall business operations of their services are supervised in an orderly, effective and timely manner . In addition, the competent officer has power to enter into the place of a clearing house /securities depository center or the place where the data is collected or processed during the business hours to examine the operations. In case where there is any change of fact or circumstances, the SEC shall have power to order the clearinghouse and CSD to issue additional rules, or revoke, or amend the existing rules and shall also 294 THAILAND be empowered to order the clearinghouse and CSD to undertake any other action as the SEC deems appropriate . If the derivatives clearing house which contravenes or fails to comply with the rules as prescribed by the SEC, the SEC shall have the power to impose the following sanctions: Probation; Public reprimand; Fine; Restriction of operation; Suspension of the operation so licensed, registered, or approved for a certain period; Revocation of the license, registration, or approval. Apart from requiring TCH and TSD to submit the reports, the SEC also uses mechanisms such as Regular or ad-hoc dialogue with the TCH’s and TSD’s staff, and management Send a letter to the board of directors or management to express any concerns or highlight certain regulatory issues, or issue direction to TCH and TSD to take specific action . SEA :Section 223,224,264)1(,276,186 DA: Section 76,79, 88, 89,103)1(,116, Tor Thor .31/2559 http://capital.sec.or.th/webapp/nrs/data/7024se.pdf Tor Thor .32/2559 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Tor Thor .32/2559 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf SEA :Section 264 DA :Section 103 DA :Section 89) section65 ( Tor. Thor. 32/2559 Clause 39 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf DA :Section 116 )section111 ( Key consideration 2 Authorities should have sufficient resources to fulfil their regulatory, supervisory, and oversight responsibilities. 295 THAILAND Description The SEC has adequate funding and qualified staff to fulfill their responsibility. The fund comes from industry fee, and regulatory fee from the SET. There are 16 staff available to take responsibility for oversight of CCP, SSS and CSD function. Their responsibilities include: overseeing the exchange including FMIs. Normally, offsite monitoring is performed routinely, and it is found that there is low risk in TCH/TSD operations. Therefore, SEC performs onsite inspection not frequently (every 3 years). All staff are supported to take appropriate training or to attend the related course to follow up new developments routinely. The SEC is a governmental organization and is self-funding .It is essential for the SEC to maintain sufficient financial resource to perform regulatory functions, and control expenditure under the budget. In case where SEC operational costs exceeds its current fund, the SEC has a fund set aside to cover this extra cost as another cushion . With regards to manpower, the SEC conducts manpower planning to ensure that the adequate staff levels are maintained .The plan is reviewed regularly . The SEC official has no civil liability except he/she performs duty with gross negligence, or willful misconduct. The Act on liability for wrongful act of official also provides legal protection in this case. The SEC annual report 2017 https://www.sec.or.th/EN/Documents/Information/annualreports/ann 2017.pdf The Act on liability for wrongful act of official B.E .2539 http://www.krisdika.go.th/wps/wcm/connect/e7782a804e34cce9be 73fff7e6da8c7c/Act+on+Tortious+Liability+of+Officials%2C+B.E.+2 539+%281996%29.pdf?MOD=AJPERES&CACHEID=e7782a804e3 4cce9be73fff7e6da8c7c Key conclusions for SEC has the relevant powers and authority under the SEA. These Responsibility B powers enable it to carry out its responsibilities for supervising and regulating FMIs under its jurisdiction. SEA provides SEC with the powers to obtain timely information, to induce change and impose sanctions. SEC has sufficient resources to carry out its supervisory and regulatory role. 296 THAILAND Assessment of Observed. responsibility Recommendations It is recommended that SEC review and increase the frequency of its and comments onsite examinations to two years from three years and also undertake ad-hoc onsite examinations as necessary. The SEC should also advise the FMIs to undertake periodic self-assessments against all relevant principles as part of a comprehensive review of an FMI’s safety and efficiency, or when major policy and system changes or new products and services are introduced. These self-assessments should be reviewed by SEC. In addition, the SEC should ask the board of the TSD to submit its annual performance review report and review the same to see that the board of the TSD is fulfilling its responsibilities as laid down in the Charter of the Board. Responsibility C: Disclosure of policies with respect to FMIs Central banks, market regulators, and other relevant authorities should clearly define and disclose their regulatory, supervisory, and oversight policies with respect to FMIs Key consideration 1 Authorities should clearly define their policies with respect to FMIs, which include the authorities ’objectives, roles, and regulations Description The SEC has articulated its regulation, supervision and oversight policies through the notifications of the capital market supervisory board, and the regulations of the office of the SEC, and various circulars .In addition, the SEC establishes its oversight policies frameworks based on the PFMI standards which include the objectives, roles and responsibilities of the authorities. www.sec.or.th https://www.sec.or.th/TH/MarketProfessionals/secondarymarket/Doc uments/FMI.pdf Key consideration 2 Authorities should publicly disclose their relevant policies with respect to the regulation, supervision, and oversight of FMIs Description The SEC website provides the latest version of oversight framework with respect to CCP, SSS, and CSD which include policy objectives, role, and regulation . If the SEC amends the regulations, the draft regulations being proposed are also available on the website during the public consultation period so that the relevant participants and public can submit their comments. 297 THAILAND https://www.sec.or.th/TH/MarketProfessionals/secondarymarket/Doc uments/FMI.pdf Key conclusions for SEC has publicly disclosed its regulation, supervision and oversight Responsibility C policies through the notifications of the capital market supervisory board, and the regulations of the office of the SEC, and various circulars on its website . Assessment of Observed. responsibility Recommendations and comments Responsibility D: Application of the principles for FMIs Central banks, market regulators, and other relevant authorities should adopt the CPSS-IOSCO principles for financial market infrastructures and apply them consistently . Key consideration 1 Authorities should adopt the CPSS-IOSCO Principles for financial market infrastructures. Description The SEC has adopted the CPSS-IOSCO as principal for oversight and supervision . The SEC Strategic Plan 2015 has affirmed that both TSD and TCH will adhere to the PFMI. https://www.sec.or.th/EN/AboutSEC/Documents/strategyplan2015.pdf The SEC uses these principles as guiding principles for the oversight and supervision of CCP, SSS and CSD .TCH and TSD are required to comply with the SEC regulations that are in line with PFMI. Key consideration 2 Authorities should ensure that these principles are, at a minimum, applied to all systemically important payment systems, CSDs, SSSs, CCPs, and TRs. Description The SEC applies the PFMI to regulate clearinghouse and securities depository. TCH and TSD have been informed by the SEC that they are expected to comply and reflect the application of the PFMI. To facilitate compliance with the PFMI, the SEC has actively engaged the FMIs to discuss how the principles can be best implemented. Key consideration 3 Authorities should apply these principles consistently within and across jurisdictions, including across borders, and to each type of FMI covered by the principles. The SEC applies these principles with TCH who acts as CCP, and traded on SET and TSD who acts as CSD, and SSS for debt securities traded on OTC market. 298 THAILAND The SEC acts as the regulator .TCH acts as CCP, and TSD acts as CSD .Therefore, there is no conflict of interest. If TCH and TSD do not observe all applicable principles, the SEC will order TCH/TSD to change the rule or their operations to improve the functioning of the FMI on appropriate and timely actions to ensure the regulatory objectives are meet .If they do not comply with such order, the SEC may order to act or omit any activity, or impose administrative sanction such as probation, fine, and restriction of the operation . DA Section 89(section65), 116 SEA: Section 292 Tor. Thor. 32/2559 Clause 39 http://capital.sec.or.th/webapp/nrs/data/7025se.pdf Key conclusions for The SEC has adopted the CPMI-IOSCO PFMI for the oversight and Responsibility D supervision of TSD and TCH. Assessment of Observed responsibility Recommendations and comments Responsibility E: Cooperation with other authorities Central banks, market regulators, and other relevant authorities should cooperate with each other, both domestically and internationally, as appropriate, in promoting the safety and efficiency of FMIS. Key consideration 1 Relevant authorities should cooperate with each other, both domestically and internationally, to foster efficient and effective communication and consultation in order to support each other in fulfilling their respective mandates with respect to FMIs .Such cooperation needs to be effective in normal circumstances and should be adequately flexible to facilitate effective communication, consultation, or coordination, as appropriate, during periods of market stress, crisis situations, and the potential recovery, wind-down, or resolution of an FMI. Description To ensure an effective oversight of FMIs in Thailand, cooperation between domestic regulators has been established .The SEC has signed a memorandum of understanding )MoU (with the central bank of Thailand )BOT (in June 2017, as both of them are the regulators of FMIs in Thailand .The BOT is accountable for regulating payment system) BAHTNET(, while the responsibility to supervise CSDs, SSSs and CCPs )TCH and TSD (is belonged to SEC . 299 THAILAND The main objective of the MoU is the sharing of information, exchange view, and performing mutual consultation relating to the FMIs .The cooperation includes formal arrangement which usually has been conducted at least once a year, and ad-hoc arrangement in the urgent situation such as market stress or system failure that may impact other relevant FMIs .Contact persons of SEC and BOT are identified . The MoU facilitates communication between the 2 regulators on: Policies and development plans with respect to BAHTNET, TCH, and TSD Law or regulation change Technology or innovation related to FMI system Oversight of significant risks on linked FMIs such as member’s liquidity problem, plan and result on onsite assessment. Incident handling and crisis management to control systemic risk from interdependencies between the two systems for the orderly functioning of the payment and settlement system such as BCP testing. Key consideration 2 If an authority has identified an actual or proposed operation of a cross-border or multicurrency FMI in its jurisdiction, the authority should, as soon as it is practicable, inform other relevant authorities that may have an interest in the FMI’s observance of the CPSS-IOSCO Principles for financial market infrastructures. Description Not applicable Key consideration 3 Cooperation may take a variety of forms .The form, degree of formalization and intensity of cooperation should promote the efficiency and effectiveness of the cooperation, and should be appropriate to the nature and scope of each authority’s responsibility for the supervision or oversight of the FMI and commensurate with the FMI’s systemic importance in the cooperating authorities ’various jurisdictions .Cooperative arrangements should be managed to ensure the efficiency and effectiveness of the cooperation with respect to the number of authorities participating in such arrangements. Description The management of co-operative arrangement promotes efficiency and effectiveness by specifying contact persons, situations, and period of time for sharing information such as regulatory policy, 300 THAILAND assessment of FMI performance, crisis situations to help each other for achieving regulatory objectives. Key consideration4 For an FMI where cooperative arrangements are appropriate, at least one authority should accept responsibility for establishing efficient and effective cooperation among all relevant authorities .In international cooperative arrangements where no other authority accepts this responsibility, the presumption is the authority or authorities with primary responsibility in the FMI’s home jurisdiction should accept this responsibility. Description The oversight responsibilities are well spelt out in the legal framework .The SEC has oversight responsibilities over TCH and the TSD activities; the BOT has oversight on the financial infrastructure service for real-time gross settlement of large value funds transfer as BAHTNET. At present, there is no written agreement identifying lead authority for cooperative oversight arrangements due to no overlapping in supervisory function with respect to each FMIs .However, if the cause of problem affecting on CCP’s operation arises from TCH itself or the participants in capital market, then the SEC should be primarily responsible as the lead authority .On the other hand, in case where the disruption is the effect from the relevant payment system such as banking sector, it should be the role of BOT to lead the cooperation. Key consideration 5 At least one authority should ensure that the FMI is periodically assessed against the principles and should, in developing these assessments, consult with other authorities that conduct the supervision of oversight of the FMI and for which the FMI is systemically important. Description The SEC periodically assess TCH and TSD against principles of PFMI through off-site monitoring on their risk management, system securities and financial condition (also see the answer of Q.B.1.1 and Q.B.1.3 -B.1.5) as well as conducting on-site assessment as appropriated .Meanwhile, the BOT takes the same roles for BAHTNET. SEC has conducted the on-site monitoring for TCH and TSD last time in 2016 and planned to arrange the next assessment in 2019. During the past, TCH and TSD always aware the importance of its risk management and good administration, as well as having the initiative to enhance their performances to be commensurate with international standards, especially TCH who has arranged various measures to deal with the risk inherited with CCP via appointing its 301 THAILAND sub-risk management committee, performing stress test, making collateral call, etc. Besides, in order to develop their business, SEC, as their regulator, is always provided with regular updates and well informed of what they are doing, what problems they confront, and how they plan to solve them through a consultation process and rule approval. Thus, an annual on-site assessment is not set out as a first priority in monitoring TCH’s and TSD’s performance. The SEC has no policy to conceal the assessment result of the FMIs under its supervision .Pursuant to the MOU, the SEC and BOT will consult and share the assessment on FMI’s supervision at least once a year, and may communicate via phone or e-mail, if it deems necessary. Key consideration 6 When assessing an FMI’s payment and settlement arrangements and its related liquidity risk-management procedures in any currency for which the FMI’s settlements are systemically important against the principles, the authority or authorities with primary responsibility with respect to the FMI should consider the views of the central banks of issue .If a central bank of issue is required under its responsibilities to conduct its own assessment of these arrangements and procedures, the central bank should consider the views of the authority or authorities with primary responsibility with respect to the FMI. Description According to TCH’s rules, the settlement of transactions in SET and TFEX shall be in Thai Baht .However, TCH receives USD, JPY, EUR as the maintenance margin, and only foreign investors can place such margin . The SEC takes the BOT’s view on any currency issues when it assesses the TCH’s settlement arrangement and the liquidity risk management procedures where relevant . Key consideration 7 Relevant authorities should provide advance notification, where practicable and otherwise as soon as possible thereafter, regarding pending material regulatory changes and adverse events with respect to the FMI that may significantly affect another authority’s regulatory, supervisory, or oversight interests . Description To ensure that overall business operation of securities clearing house, central securities depositories and payment system )BAHTNET (is supervised in an orderly, effective and timely manner, material regulatory changes should be informed by relevant authorities .This information is shared with other authorities based on the SEA and MoU . 302 THAILAND The SEC and the BOT would consult each other before changing the regulatory policy .In addition, they conduct public consultation and take feedback from those interested persons. Key consideration 8 Relevant authorities should coordinate to ensure timely access to trade data recorded in a TR. Description Not applicable. Key consideration 9 Each authority maintains its discretion to discourage the use of an FMI or the provision of services to such an FMI if, in the authority’s judgment, the FMI is not prudently designed or managed, or the principles are not adequately observed .An authority exercising such discretion should provide a clear rationale for the action taken both to the FMI and to the authority or authorities with primary responsibility for the supervision or oversight of the FMI. Description The sustainability of TCH and TSD is very important since there is the only one clearinghouse and central depository in Thailand . Therefore, the SEC has stipulated its regulations following the PFMI standard and has implemented the strengthen of oversight to ensure the efficient and orderly market .If it is found out that the regulated entities do not comply with the SEC requirements, the SEC will not exercise its discretion to discourage the use of such FMI, but rather instruct the relevant clearing house or central securities depository to amend, repeal, or revise its existing rules or regulations, or take any action as it deems appropriate . Key consideration 10 Cooperative arrangements between authorities in no way prejudice the statutory or legal or other powers of each participating authority, nor do these arrangements constrain in any way an authority’s powers to fulfil its statutory or legislative mandate or its discretion to act in accordance with those powers. Description The SEC and the BOT fulfil their legislative powers or use their discretions under the corresponding law .Cooperative arrangement between the SEC and BOT are performed to the extent permitted by law .Hence, this does not prejudice the statutory rights of each participating authority. Key conclusions for The BOT and SEC appropriately cooperate in the regulation, Responsibility E supervision, and oversight of the FMIs in Thailand through a MoU. The MoU acknowledges each authority' s statutory responsibilities towards the oversight, supervision, and regulation of the FMIs .under their respective jurisdictionsThe MoU outlines the sharing of information between the authorities on issues relating to the safe 303 THAILAND and efficient functioning of the FMIs .The MoU facilitates (i) communication between the two regulators on policies and development plans with respect to BAHTNET, TCH, and TSD; (ii) legal, regulatory, and system changes which may impact the market or other FMIs; (iii) monitoring of financial risk related to a participant’s liquidity problem; (iv) planning onsite assessments and sharing of information; (v) incident handling and crisis management to control systemic risk resulting from interdependencies between the FMIs; and (vi) system-wide BCP testing covering all the FMIs. The cooperation includes formal meetings which are usually held on an annual basis, supplemented by ad-hoc meetings in urgent situations such as market stress or system failure that could impact other FMIs .Contact persons of SEC and BOT are identified. Assessment of Observed responsibility Recommendations It is recommended that SEC and BOT have bi-annual formal and comments meetings. 304