THE PESO REAL-TIME GROSS SETTLEMENT MANAGEMENT COMMITTEE

MEMORANDUM NO. M-2024-____

014

To : All Peso Real-Time Gross Settlement Payment System Participants

Subject : Submission of Peso Real-Time Gross Settlement (RTGS) Payment

System Attestation Report

Pursuant to Section 614 of the Peso RTGS Rules on Reporting Requirements,

all participants are required to submit an annual Attestation Report (Attachment 1)
certifying that they continue to comply with the terms and conditions on participation in
the Peso RTGS Payment System.

The Attestation Report covers the following areas for the period 1 January to
31 December 2023:

1. Laws and Regulations on Payment System

2. Operational Requirements
3. Financial Requirements
4. Risk Management
5. Collaborative Activities
6. Reporting Requirements
7. Data Confidentiality
8. Sponsorship Arrangements

Participants must write N/A under the column “Compliant (C) or Non-Compliant
(NC)” in Attachment 2 in response to Compliant State items that do not apply to them.

The maiden report is due on 28 June 2024. The deadline for succeeding annual
reports is the last banking day of January every year.

For compliance.

MARY ANNE P. LIM

Chairperson
Electronically signed dtd. 17/05/2024

___
17 May 2024
 Attachment 1

Bank Logo

Attestation Report
For the year ended 31 December 20XX

I, <NAME OF PRESIDENT OR EQUIVALENT>, < PRESIDENT OR EQUIVALENT>, on behalf

of the <INSTITUTION NAME (SHORT NAME)>, hereby certify to the best of my
knowledge that <SHORT NAME> complies with the Bangko Sentral ng Pilipinas (BSP)
Memorandum No. M-2022-049 dated 22 November 2022 on the Peso Real-Time Gross
Settlement (RTGS) Rules, and all policies, guidelines, and advisories supplementing
such rules, as shown in Attachment 2, except for:

• Non-complied provision 1
• Non-complied provision 2
• Non-complied provision 3
• Non-complied provision 4

Aforementioned requirement/s shall be complied by <DD Month 20XX>.

I also certify that all relevant documents in support of the foregoing statements are
kept on file and are readily available for verification by the BSP.

This attestation issued on XX January 20XX is submitted in compliance with Section 614
of the Peso RTGS Rules.

Signed:

<SIGNATURE>
<NAME OF AUTHORIZED OFFICER>
<President or Equivalent>
 Attachment 2

Compliant (C) or
Compliant State Remarks
Non-compliant (NC)

1 Laws and Regulations on Payment System

a Complies with laws and regulations on payment systems
b Aligns its operation with the principles for Financial Market
Infrastructures (FMIs), as applicable
c Possesses the necessary licenses and membership(s) to be able
to maintain participation in the payment system
2 Operational Requirements
a Management of system access and operational requirements
- Uses the messaging channels allowed and protocols set by
the BSP
- Updates SWIFT channels registered with the BSP (if
applicable)
- Updates VPN-STP channels registered with the BSP (if
applicable)
- Complies with the payment messaging standard including
the mandatory message contents, required by the BSP

- Ensures that VPN accounts and IP address/es registered with

the BSP are active and updated (Annex A), while inactive VPN
accounts are requested for deactivation/deletion by the BSP
as soon as the concerned VPN users are no longer authorized
to access the Peso RTGS system

- Cleans up and reviews TMS/x user profiles semi-annually at a

minimum
- Makes certain that TMS/x users registered by the BSP or by
the participant are active and updated (Annex B) while
inactive TMS/x accounts are requested for
deactivation/deletion by the BSP as soon as the concerned
TMS/x users are no longer authorized to access the Peso
RTGS system
- Assures that TMS/x users access the system in accordance
with their approved roles and authorities
- Assures that all TMS/x users with ‘sender’ role are registered
with the BSP
- Assures that the names of the TMS/x users enrolled by the
<INSTITUTION NAME (SHORT NAME: ________________
_________________)> follow the prescribed naming convention

- Implements operational and/or technical changes required

to maintain compatibility of own system with the Peso RTGS
system

Page 1 of 3
 Compliant (C) or
Compliant State Remarks
Non-compliant (NC)

- Updates the following documents regularly or upon request

by the BSP:
i. Secretary’s certificate listing the participant’s authorized
signatories
ii. Directory
iii. Email recipients of advisories
iv. Authorized email senders (via the Email Address
Registration Form)
v. MS Teams site guest accounts (via the MS Teams Site
Guest Account Form)
- Stores/protects smart cards and makes sure that these are
non-transferrable
- Configures TMS/x workstations to enable acceptance of
smart cards
- Renews smart cards at least one (1) month before its
expiration date
b Information Security Measures

- Adopts secure mechanisms to prevent unauthorized access

to the Peso RTGS system
- Implements cyber security programs to safeguard the
payment system against cyber attacks
c Incident Management
- Reports immediately any problem on system access, report
generation, transaction monitoring, receipt of settlement
notifications, and other relevant issues after determining that
the problem is attributable to external factors based on
investigation and support conducted by their IT teams
- Coordinates with the BSP through available communication
channels and makes available any assistance and resource
expected on its end in order to contribute to efficient
problem resolution
3 Financial Requirements
a Maintains sound financial condition
b Informs the BSP of its own financial issues that may affect its
ability to settle transactions on a timely basis
c Manages its daily liquidity positions and credit exposures to
sufficiently cover its payment transactions and cause no
settlement failure
4 Risk Management
a Adopts policies, procedures, and controls which are aimed at
mitigating legal, credit, liquidity, general business, and
operational risks
b Covers not only the risks to itself but also those that it poses to
the payment system
c Avoids scheduling settlements near the close of business as this
practice introduces higher risks to the payment system

Page 2 of 3
 Compliant (C) or
Compliant State Remarks
Non-compliant (NC)

d Requests manual settlement only in situations allowed by BSP

such as when technical or connnectivity issues to the Peso RTGS
system arise or a payment has been erroneously credited to any
of the settlement accounts of BSP
e Operates with a resilient, documented, and tested Business
Continuity Plan (BCP)
- Reviews and tests its BCP at least annually
- Ensures readiness to switch to alternate/ recovery/ fallback
sites
- Establishes back-up facilities and recovery strategies
- Adopts a joint BCP with the BSP, if applicable
5 Collaborative Activities
a Participates in the PhilPaSS plus Forum, user training sessions, or
any other PhilPaSS plus stakeholder event
b Submits client satisfaction surveys biannually or upon request by
the BSP
c Participates in the testing activities conducted by the BSP,
including user acceptance tests and Integrated Business
Continuity Exercises (IBCE)
6 Reporting Requirements
a Submits the Attestation Report annually or upon request,
certifying continued adherence to the terms and conditions of
participation
b Submits the Monthly Monitoring Report on Sponsored
Participation on or before the 10th calendar day after the end of
the reference month
c Complies with other reporting requirements of the payment
system operator
7 Data Confidentiality
a Maintains strict confidentiality of all transactions, data, and/or
information obtained or drawn in the course of participation in
the Peso RTGS Payment System
8 Sponsorship Arrangements
a Makes certain that all sponsorship arrangements are covered by
a formal contract between the sponsoring and sponsored
participants, providing at a minimum the requirements under
Section 605 of the Peso RTGS Rules
b Guarantees that sponsorship risk-mitigating measures are in
place
c Performs due diligence on sponsored participant/s (Annex C)

***nothing follows***

Page 3 of 3
 Annex
AnnexA
A

PhilPaSSplus VPN Access of <INSTITUTION NAME (SHORT NAME)>

as of 31 December 2023

List of active VPN Client accounts List of active static public IP addresses
REMOTE VPN SITE-TO-SITE VPN
No. VPN Account Name of User
(Last Name, First Name, M.I.) No. IP Address
1 PB_BXYZ_DELACRUZJ Dela Cruz, Juan C. 1 XX.XX.XX.XX
2 2
3 3
4 4
5 5
6 6
7 7
8 8
9 9
10 10
11 11
12 12
13 13
14 14
15 15
16 16
17 17
18 18
19 19
20 20
add rows/sheets as necessary add rows/sheets as necessary
 Annex BB
Annex

PhilPaSSplus TMS/x Access of <INSTITUTION NAME (SHORT NAME)>

as of 31 December 2023

List of active TMS/x user profiles

TMS/X USERS
No. Username Name of User
(Last Name, First Name, M.I.)

1 BXYZDELACJZ Dela Cruz, Juan C.

2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
add rows/sheets as necessary
 Annex
Annex CC

Sponsored Financial Institutions of <INSTITUTION NAME (SHORT NAME)> in PhilPaSSplus

as of 31 December 2023

Sponsored Financial Institutions (FI)

No. Name of FI Sponsored Transactions
1 Rural Bank of XXXXX Instapay, PESONet, Check Clearing
InstaPay,
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
add rows/sheets as necessary