Professional Documents
Culture Documents
1
1. INTRODUCTION................................................................................1
2. OBJECTIVE........................................................................................1
3. SCOPE ................................................................................................2
4. APPLICABILITY ................................................................................2
5. DEFINITION........................................................................................2
6. LEGAL PROVISIONS.......................................................................3
PART B : OPERATIONAL REQUIREMENTS.............................................4
7. PRINCIPLE 1: ESTABLISH ADEQUATE GOVERNANCE AND
OPERATIONAL ARRANGEMENTS ...............................................4
8. PRINCIPLE 2: ENSURE PROPER RISK MANAGEMENT IS IN
PLACE ..................................................................................................5
9. PRINCIPLE 3: ENSURE THAT THE RISKS OF USING E-
MONEY, AND RIGHTS AND RESPONSIBILITIES OF ALL
STAKEHOLDERS ARE CLEARLY DEFINED AND
DISCLOSED ........................................................................................8
10. PRINCIPLE 4: ENSURE PRUDENT MANAGEMENT OF
FUNDS..................................................................................................9
11. PRINCIPLE 5: ENSURE TIMELY REFUND OF STORED
VALUE IN THE E-MONEY ............................................................. 11
12. PRINCIPLE 6: IMPLEMENT ADEQUATE MEASURES TO
PREVENT THE USE OF E-MONEY FOR MONEY
LAUNDERING, AND ENSURE COMPLIANCE WITH OTHER
REQUIREMENTS ............................................................................ 11
13. OTHERS............................................................................................ 12
PART C : SPECIFIC REQUIREMENTS FOR LARGE E-MONEY
ISSUERS… .................................................................................... 13
Appendix I .................................................................................................. 14
Appendix 2................................................................................................. 15
Appendix 3................................................................................................. 16
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 1/17
PART A : OVERVIEW
1. INTRODUCTION
1.3 There are two types of e-money schemes, i.e. small scheme and
large scheme, which is determined by the purse size and the
outstanding e-money liabilities.
2. OBJECTIVE
3. SCOPE
4. APPLICABILITY
4.2 E-money issuers are required to adopt the principles and the
minimum standards in this Guideline, taking into consideration the
nature, size and complexity of their e-money schemes.
5. DEFINITION
5.1 For the purpose of this Guideline, the following terms are defined
as follows:
5.1.1 E-money is defined in the Payment Systems (Designated
Payment Instruments) Order 2003 as a payment
instrument, whether tangible or intangible that:
i. stores funds electronically in exchange of funds paid to
the issuer; and
ii. is able to be used as a means of making payment to
any person other than the issuer.
5.1.3 User refers to any person to whom the e-money has been
issued or any person who uses the e-money to make
payments for purchases of goods and services.
5.1.6 Purse limit means the maximum monetary value that can
be stored in an e-money instrument.
6. LEGAL PROVISIONS
1
Average outstanding e-money liabilities for the month.
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 4/17
Operational risk
8.2 Operational risk arises from the potential for loss due to
inadequate or failed internal processes, people and systems,
external factors, and fraud.
vii. The system has the capacity to provide timely and accurate
audit trail and statistical information and reports;
Security risk
8.5 Security vulnerabilities in e-money system can pose significant
threat to the integrity of e-money scheme as they increase the risk
of fraud, such as counterfeiting.
8.6 Mitigation measures include, but are not limited to, the following:
(c) Authentication
The process of authentication is to validate the claimed
identity of the user. A variety of authentication tools and
methods can be adopted by e-money issuers to
authenticate the users and merchants of its e-money
system.
(d) Non-repudiation
Non-repudiation is a process to ensure that electronic
messages are not being repudiated by its sender or
receiver.
Outsourcing risk
8.7 An issuer that outsource the operational activities of e-money
should ensure regular due diligence on the outsourcing service
provider is carried out. It should also periodically review the
suitability and performance of the service providers. The
outsourcing arrangements should include the following:
8.8 Issuers are also required to comply with the conditions stipulated
in Appendix 3.
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 8/17
2
Principle 4 is applicable to issuers that are not licensed institutions.
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 10/17
(c) The funds may only be invested in high quality liquid ringgit
assets which are limited to deposits placed with licensed
institutions; debt securities issued or guaranteed by the
Federal Government and Bank Negara Malaysia; Cagamas
debt securities, and other instruments as may be specified
by the Bank;
(d) Any revenue earned from the investment of the funds in the
trust account may be used only for 10.2 (b) above unless the
funds are in excess of the total outstanding e-money
liabilities;
(g) The issuer shall submit to the Bank a copy of the trust deed
upon the establishment of the trust account.
(a) The funds in the deposit account can only be used to refund
users and make payment to merchants; and
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 11/17
(b) The funds shall not be invested in any form of assets other
than as bank deposits. Any revenue earned from the deposit
may be used only for 10.3 (a) above unless the funds are in
excess of the total e-money liabilities.
10.4 Issuers should top up in a timely manner the funds in their deposit
or trust accounts if their outstanding e-money liabilities are greater
than the funds in those accounts.
11.2 The sum refunded should be made without any additional cost
other than what is necessary to complete the refund transaction,
and must be done in not more than a month from the date the
claim is made.
13. OTHERS
Prohibition
(i) issue the e-money at a discount, i.e. issue e-money that has
a monetary value greater than the sum received;
13.2 Merchants and reload agents who are also users of e-money
should maintain a separate user account for making payments for
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 13/17
Submission Requirements
13.3 An issuer of e-money shall submit to the Bank:
(i) Its annual audited financial statements not later than three
months after its financial year end, and any other information
required by the Bank; and
3
Monthly average of outstanding e-money liabilities in the preceding six months.
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 14/17
Appendix I
Appendix 2
Appendix 3
(b) Approval from the Board of Directors to outsource the function must
be obtained and documented;
(c) Issuers must ensure that the outsourcing service provider must
provide a written undertaking to the issuer to comply with the
secrecy provision pursuant to section 73 of the PSA;
(d) Issuer must enter into a service agreement with the outsourcing
service provider. The service agreement should contain the
following:
(iii) clearly stipulated that the issuer reserves the right to terminate
the services of the outsourcing service provider if it fails to
comply with the conditions imposed.
(f) Regular testing and review of the work done by the outsourcing
service provider must be conducted. The outsourcing service
provider must also provide regular reports to the management of
issuer pertaining to the progress of the work conducted;
(g) The external and internal auditors of issuer must be able to review
the books and internal controls of the outsourcing service provider.
Any weaknesses highlighted during the audit must be well-
documented and promptly rectified especially where such
BNM/RH/GL 016-3 Payment Systems Policy Guideline on Electronic Money (E- Page
Department Money) 17/17
(h) Issuer m u st also have a contingency plan in the event that the
arrangement with the outsourcing service provider is suddenly
terminated. This is to mitigate any significant disruption in the
operation of the e-money scheme. The contingency plan must be
reviewed from time to time to ensure that the plan is current and
ready for implementation in the event of sudden termination of the
service provider. The contingency plan must also be approved by
the Board of Directors of the issuer.