Treasury Single Account Rapid Assessment Toolkit Cem Dener Version 2.1 February 2017 https://eteam.worldbank.org/fmis http://www.worldbank.org/publicfinance/fmis Acknowledgements This toolkit was originally developed in response to a request from the Public Sector and Institutional Reform Cluster (ECSP4) of the Europe and Central Asia (ECA) Region for the assessment of Treasury Single Account (TSA) operations in Kyrgyz Republic in October 2012. Its transformation into a generic TSA rapid assessment toolkit was supported by the Governance and Public Sector Management Practice (PRMPS) of the World Bank’s Poverty Reduction and Economic Management (PREM) Network. The toolkit was shared with a number of government officials, and project teams for field testing, and to benefit from additional feedback for possible improvements since then. The author of this technical note, Cem Dener (PRMPS, World Bank), wishes to thank the numerous World Bank staff and government officials commented on the toolkit since its introduction in 2012. This document also benefited from the feedback received from the Financial Management Information Systems (FMIS) Community of Practice (CoP) members. Comments and clarifications from Ms. Megan Gray contributed substantially to the second version of this toolkit. The toolkit will be posted on the FMIS CoP website (https://eteam.worldbank.org/FMIS) for further comments and suggestions, and maintained through regular updates to reflect the changes in TSA practices or country needs in the future. The findings, interpretations, and conclusions expressed in this volume do not necessarily reflect the views of the World Bank. Rights and Permissions This work is available under the Creative Commons Attribution 3.0 Unported license (CC BY 3.0) http://creativecommons.org/licenses/by/3.0. Under the Creative Commons Attribution license, you are free to copy, distribute, transmit, and adapt this work, including for commercial purposes, under the following conditions: Attribution: Please cite the work as follows: Dener, Cem, 2013. Rapid Assessment of Treasury Single Account Operations and Payment Systems. Washington, DC. World Bank. License: Creative Commons Attribution CC BY 3.0 Contents Introduction .................................................................................................................................................. 1 TSA Principles ............................................................................................................................................... 2 TSA Preconditions ........................................................................................................................................ 3 TSA Roles and Responsibilities .................................................................................................................... 5 Reliability and Integrity of TSA Records ...................................................................................................... 5 Methodology ................................................................................................................................................ 6 How to organize the TSA rapid assessment? .............................................................................................. 8 TSA and Payment System Rapid Assessment Questionnaire ..................................................................... 9 Annex 1. References .............................................................................................................................. 19 Annex 2. TSA Rapid Assessment Report Template ................................................................................ 20 Annex 3. Overview of Centralized TSA and Electronic Payment Systems ............................................. 21 Annex 4. Questions on TSA Preconditions and Risks ............................................................................. 23 Annex 5. Sample Documents and Images Related to the TSA Operations and Payment Systems........ 25 List of Tables Table 1: TSA preconditions ……………………………………………………………………………………………………………… 3 Table 2: Roles/responsibilities for key TSA functions ………………………………………………………………………. 5 Table 3: TSA Rapid Assessment Questionnaire ……………………………………………………………………………….. 9 List of Figures Figure A3.1: Centralized TSA Operations and Electronic Payment Systems …………………………………….. 21 Figure A5.1: Standard Payment Order (PO) form used for expenditure and revenue transactions (Kyrgyz Republic) …………………………………………………………………………………………………………………………………………. 25 Figure A5.2: Payment Order (PO) created by the CT through the CB’s RTGS workstation (direct access mode) ……………………………………………………………………………………………………………………………………………… 26 Figure A5.3: Report types available from the CB’s RTGS workstation (direct access mode) …………….. 27 Figure A5.4: Sample report on the RTGS transactions ……………………………………………………………………. 28 Figure A5.5: Message format (MT103, as an expanded version of original SWIFT format) to transfer CT’s payment instructions to the RTGS system ……………………………………………………………………………………… 29 Figure A5.6: Details of a payment instruction from the CB’s ACH monitoring terminal …………………… 30 Figure A5.7: The CB’s monitoring system to manage the daily ACH settlements …………………………….. 31 Figure A5.8: The details of daily ACH transactions …………………………………………………………………………. 32 Rapid Assessment of Treasury Single Account Operations and Payment Systems October 2013 Introduction Treasury Single Account (TSA) is one of the proven practices in improving the payment and revenue collection systems, and carrying out consistent control of public expenditures by centralizing the free balances of government bank accounts. The TSA infrastructure is usually implemented as a part of the Financial Management Information System (FMIS) solutions. This rapid assessment toolkit is designed to assist the government officials in clarifying the current status of TSA operations, and identifying possible improvements in practices/processes, regulations, information security, and payment systems. The key purpose of this exercise is to ensure that Public Financial Management (PFM) reforms supported by ongoing FMIS activities are sufficiently focused on the design of basic TSA processes that improve cash management. Although there may be country specific variations, the TSA operations are usually managed by the Central Treasury (CT) or Accountant General (AG) of the Ministry of Finance. A secure interface between the FMIS and Central Bank (CB) systems is used to automate the TSA operations, based on a specific legal and regulatory framework. The TSA accounts and the interbank payment systems are usually managed by the Central/National Bank. Commercial banks and other government entities may also be involved in the TSA operations. Although this toolkit is focused on a centralized TSA model, the proposed methodology can be applied to decentralized TSA arrangements as well. Also, the institutional structures of the MoF may not include a designated unit (like Central Treasury) responsible for all core functions (receipts, disbursements, reconciliation and cash management). In such cases, this assessment can be performed by all relevant units to clarify the current status, and the MoF management may wish to consider possible improvements in such fragmented structures (for effective separation of duties) as a part of PFM reforms. The toolkit includes 65 questions in five categories as key indicators about the reliability and integrity of TSA operations, and underlying government payment systems. A risk and controls review is embedded in this assessment to analyze the information systems, procedures and operational environment. Several financial and information security audit standards/guidelines were used as references while developing this toolkit (Annex 1), in addition to the knowledge and experiences of the practitioners on the design and implementation of TSA operations in World Bank funded FMIS projects. The scoring of features is included to measure the current status of TSA operations and identify gaps consistently. This assessment questionnaire (checklist) is expected to provide a quick feedback to all stakeholders involved in TSA operations on several key aspects, and the discussions on each of these features to determine the impact of FMIS and TSA on the management of receipts and payments to support cash management improvements is far more important than the scores themselves. The TSA principles and preconditions, rapid assessment methodology, and possible options to perform this assessment are presented in the following chapters. The metrics used in evaluating the current status of TSA operations, and the template that can be used for the preparation of the rapid assessment report, are also explained. Finally, several sample forms are presented as annexes to clarify the type of documents and systems reviewed during such an assessment. 1 TSA Principles The main purpose of TSA implementation is to maximize the use of cash resources through concentration and reduction in float costs. The TSA solutions are designed to capture detailed information about the government’s cash resources and spending on a daily basis. However, it is not enough to simply capture timely information on cash balances and flows, if balances are not immediately available to the Treasury (because of a lack of formal authority, or due to lengthy accounting and transfers/payment processes). Also, the ability to forecast cash inflows and outflows and resultant balances on the TSA is essential in improving cash management. It should be noted that the FMIS platforms can provide reliable information through properly designed TSA interfaces on most of these key aspects. There are a number of ways to implement the TSA depending on country specific conditions (regulations, banking system, electronic payment system (EPS) arrangements, etc.). In many countries, “centralized TSA operation” is preferred to monitor the daily collections and spending promptly and cost effectively (Annex 3). In order to achieve this, a reliable TSA infrastructure1 needs to be established before the implementation of FMIS solutions (it is usually more difficult and costly to introduce TSA after the development of FMIS), based on a mutually agreed TSA Protocol2 (between the CT and the CB). Daily data exchange through secure linkages with the banking system, and the EPS operations is crucial to ensure timely and reliable reporting on all government revenues and expenditures. Coverage of the Central Bank’s branch network is also a key consideration. In centralized TSA model, the Central Bank is expected to provide a number of payment services (disbursements to beneficiaries via RTGS and/or ACH; real-time access to account statements) beyond simply just the custody of the TSA accounts and bulk transfers of funds. In some cases, the Central Bank may be willing to disburse high-value, low-frequency payments via RTGS, but unwilling to process ACH files (e.g. for payroll) or to print cheques. Therefore, the TSA model will likely involve commercial bank distribution accounts for lower-value payments.3 Other banking services that should be considered include: provision of bank statements/online access to transaction data and account balances; foreign currency payments – sourcing the required forex and delivery to the (generally offshore) beneficiary; letters of credit; electronic collections (e.g. point-of-sale, payment gateways for online payments); purchasing or payment card schemes for lower value payments (petty cash, fuel cards, etc.). In some countries the Central Bank may also perform a ‘quasi’ cash management role on behalf of the government, and provide a short-term lending or overdraft facility to Government, and this may complicate negotiations on the TSA arrangements. 1 The term ‘TSA infrastructure’ refers to the structure of bank accounts in the TSA model and the receipt and disbursement flows through these accounts, together with necessary system interfaces and relevant ICT components. It is strongly recommended that this model is decided prior to the configuration of the FMIS, and that the procedures in support of the TSA are implemented alongside the FMIS implementation. 2 Initially, such a protocol may include the design of receipt and disbursement processes based upon an assessment of the banking services required by government, and identify which of those services the Central Bank is able to provide to the government. The protocol can be expanded through an iterative procedure – the proposed receipts and disbursement processes will determine the banking services government requires, which will in turn guide the appropriate TSA model and the structure of bank accounts. Also, the time that will be required to fully negotiate the agreement between the CB and Government covering all aspects should not be underestimated. 3 If the Central Bank is unwilling to provide some or all of these services, then it may be determined that a national or commercial bank is better placed to take custody of the TSA (with appropriate risk management and collateralization to mitigate against the risk of loss of public funds). 2 In general, the Central Treasury (CT) operates the TSA for managing all public expenditures in “client account” mode, where the Central Bank (CB) executes all payments (indirect participation) on behalf of the CT. Alternatively, the CT may become a direct participant of the interbank systems (RTGS4 and ACH5) operated by the CB (“correspondent account” mode), if specific conditions can be met (related to the information security, procedures, authorized personnel, and oversight mechanisms). To monitor the collection of revenues, the CT usually receives daily information from agent (commercial) banks (sometimes through CB), or revenue administration(s) about the details of transactions through interfaces between the FMIS platform and these external systems. TSA Preconditions The Treasury Single Account preconditions are summarized below (Table 1). This table can be used to provide an overview of the current status of TSA as a part of the rapid assessment report. Country specific technical and adaptive (non-technical) challenges can be listed under eight categories to highlight the priorities in developing or improving the TSA infrastructure. Table 1: TSA preconditions # TSA Preconditions Current Status 1 Legal and regulatory requirements for + List existing legislation. Any TSA protocol between TSA operations the CT and CB? - Highlight the areas that need to be improved. 2 Technical requirements / Reliable ICT + List existing CB and CT data centers and ICT infrastructure infrastructure to support secure daily operations. - List all possible improvements. 3 Fully operational interbank settlement + ACH is operational since? RTGS is operational since? systems + Which entity is the operator of these systems? - Improvements in interbank system operations. 4 Interface between the CT/FMIS and the + Status of network connection and TSA interface. CB information systems (RTGS/ACH) - Possible improvements in CT payment center. 5 A comprehensive chart of accounts + Status of unified CoA to support centralized TSA. (CoA) to capture relevant details - Possible CoA improvements for TSA operations. consistently 6 An inventory of existing Bank accounts + Existence of a shared database on participant bank to be used in FMIS and TSA operations accounts managed by CT (and CB). - Any gap in the development of database. 7 Capacity development of TSA users + Adequate MoF/CT capacity. - Additional capacity and training needs. 8 Political support + Manage the participation of agent bank(s) in TSA. - Risks in ensuring high level commitment to TSA. Source: World Bank data. Note: TSA preconditions are based on model the suggested in Pattanayak, 2010. It should be noted that a key consideration is legal authority for opening official bank accounts6 (which is also critical in determining ability to prepare and maintain a reliable inventory of bank accounts). A further 4 RTGS = Real Time Gross Settlement system (see Annex 3). 5 ACH = Automated Clearing House solution (see Annex 3). 6 The IMF paper indicates that these pre-conditions does not refer to Banking and Payment System Laws, but rather to the PFM framework (e.g. that the legal authority for opening official bank accounts is vested in the MoF). 3 consideration is whether the legal framework (which may include procurement laws and regulations) provides for a centralized procurement of banking services by the Treasury. Regarding the ICT infrastructure, this preliminary assessment can be used to identify the constraints to sustainability as well (e.g. the capacity of IT teams to stay abreast of developments and emerging threats; the existence of a maintenance plan for ICT infrastructure and availability of budget funds). The primary information system of the CB is its own Core Banking System. While payment systems (RTGS and ACH) provide reports of transactions, their primary purpose is funds transfer. A key question in the design of the interface between the FMIS and the Central Bank is whether the interface is just between the FMIS and the CB’s Core Banking System (with the CB’s core banking system interfaced to RTGS/ACH), or if there will be a direct interface from the FMIS to RTGS and/or ACH (with the transaction information from these systems reflected back to the CB’s Core Banking System for maintenance of account positions and production of bank statements for Government’s accounts). It is also important to note that, a TSA arrangement has been achieved without a fully automated interface between the FMIS and CB systems in some countries.7 In relation to TSA, the key feature of the Chart of Accounts (CoA) is that any information currently provided through separate bank statements is now to be reported through the CoA classification structure. This must be recognized from the outset in designing the CoA for FMIS. The CoA should support a hierarchical structure to exercise budgetary controls at a higher-level, and manage all expenditures to be accounted for at lower levels. The inventory of bank accounts should cover all accounts, even those that will be closed during implementation of the TSA. The ability of the MoF to construct a comprehensive inventory will rest upon the legal framework, and whether authority to open bank accounts is given solely to the MoF. If a reliable inventory of bank accounts cannot be compiled, this in itself is cause to move ahead with the TSA reform (that there are government bank accounts that are hidden or unknown to the MoF is a key challenge to transparency and suggests weakness in fiscal data). New processes should ensure that funds are not transmitted to hidden or unknown government bank accounts, and only to those accounts that are recognized as part of the TSA structure. The capacity development of the TSA users should commence at the initial stages of reforms, and continue during and after implementation. The political support is a continuous issue through the TSA reform and there should be a communications strategy that sustains political support through the implementation, to overcome resistance due to perceived power arising from control of own bank accounts. As with the protocol with the Central Bank, many of these preconditions may suggest related reforms that could be undertaken to improve TSA arrangements. However, this should not prevent progressing on implementation of cash centralization through TSA solutions. 7 An example of this model is Afghanistan - the paper-instructions printed from FMIS are signed by the Treasurer and submitted to the CB. A checklist of payments is also submitted separately to the CB, and all instructions received are verified against the checklist prior to being processed. While an automated interface is optimum to prevent risk of error, a centralized TSA can still be implemented without such an interface – regular, timely bank reconciliation and follow up on discrepancies are (as in any model) critical. 4 TSA Roles and Responsibilities Regardless of the mode of TSA operations (direct/indirect participation), there should be clear separation of roles and responsibilities for the treasury, banking and accounting functions, as well as the oversight of payments and settlements. Below template can be used to clarify these country specific roles and responsibilities (Table 2) for centralized TSA model, as a part of the rapid assessment report. For decentralized TSA models, other key actors should also be considered (such as revenue collectors and spending agencies, as well as the debt management function if it is outside the CT). Table 2: Roles/responsibilities for key TSA functions Central Treasury/ Central/National TSA Functions vs. Responsibilities Accountant General Bank Treasury operations (management of payments) CT (FMIS) - CT (FMIS) CB (RTGS / ACH) Banking functions (payment controls and settlements) TSA interface interbank systems Accounting (reconciliation and reporting) CT (FMIS GL) CB (GL) Oversight of payments and settlement systems (financial + External Audit CB information security controls) Source: World Bank data Reliability and Integrity of TSA Records The reliability and integrity of TSA operations depend on several key requirements related with the daily recording / reporting of all revenues (receipts) and expenditures (payments):  A bank statement containing all the details about the flow of funds in the TSA should be generated directly by the Central Bank information systems, independently from the Central Treasury (as the organization managing payments). Such bank statements should be available to the CT for automated reconciliation through the FMIS General Ledger (GL) module on a daily basis. If the Central Treasury is a direct participant of the interbank payment systems, there must be absolute assurances that such bank statements are generated directly from the interbank payment systems, and supported by consistent information from the Central Bank GL.  FMIS accounting module (GL) should maintain full cash book records for the TSA bank accounts. All TSA transactions must be accounted for in the FMIS by the appropriate source (e.g. it may be the revenue collectors, rather than the CT, that enter the transactions for revenues deposited to the revenue transit accounts in commercial banks, but then the CT accounts for the sweeping of the balances from these transit accounts to the accounts in the CB).  Each TSA transaction must contain a unique identifier which can be used to link the payment or receipt to the accounting entries in the CT’s FMIS GL. The CT should be able to reconcile the CB statements on the CT’s bank account balances and the FMIS GL data, regularly (daily) and promptly, benefiting from underlying systems.  No manual interventions. All processes (from initiation to final payment and reconciliation) should be automated and run on secure platforms. These requirements must be audited on a regular basis. Some of the key questions related to the TSA preconditions, as well as the risks and controls are listed in Annex 4. 5 Methodology The TSA assessment toolkit is composed of 65 questions grouped under five categories: 1. Legal and regulatory framework of TSA operations (11 questions) 2. TSA processes and interbank systems (25 questions) 3. Capacity and competencies (7 questions) 4. Information security controls (14 questions) 5. Oversight mechanisms (8 questions) A simple rating scale (0 to 4) is used for all questions/statements, and the total score is converted into a grade (0 to 100) as an indication of the country’s performance in TSA operations/payment systems. Rating: 0 = Non-existent (Lack of any recognizable process. Activity not yet planned/established.) 1 = Initial / ad-hoc (Issue recognized. Activity planned and approved for implementation) 2 = Defined process (Activity implemented partially) 3 = Managed and measurable (Activity effectively operational) 4 = Optimized (Activity refined to the level of international good practice) Guidance on Ratings • Rating “4” means that the subject activity related with the interbank payment systems and TSA processes have been refined to the level of international good practice with continuous monitoring and improvements. Information systems: There is an integrated FMIS solution to automate all critical aspects of budget execution, including TSA and performance monitoring, providing tools to improve quality and effectiveness in PFM. • Rating “3” indicates that there are areas in which a country is doing well in interbank payment systems and TSA. It is possible to monitor and measure compliance with procedures and to take action where processes appear not to be working effectively. Processes are under constant improvement. From information systems perspective, FMIS supports the TSA operations fully. • Rating “2” indicates that there are areas for improvement. Government should consider devoting sufficient resources to ensure that improvements can be quickly made and strategies developed for effective implementation of necessary improvements. There are standardized procedures (automation of existing practices) communicated through training. It is, however, left to the individual to follow these processes, and it is unlikely that deviations will be detected. FMIS supports the TSA operations partially (for example monitoring the account balances, without supporting automated payments). • Rating “1” means that the entity has recognized that the issues exist and need to be addressed. There are no standardized processes; instead there are ad hoc approaches that tend to be applied on an individual or case-by-case basis. Government should consider devoting sufficient resources to ensure that improvements can be quickly made and strategies crafted for effective implementation. From information systems perspective, limited capabilities exist for automation of processes. 6 • Rating “0” indicates lack of any recognizable processes. The activity requires immediate attention and clear strategy with high-level political commitment. While it does not necessarily imply from a low rating that a government has poor public financial management (PFM) systems, it usually does indicate a key concern that requires immediate attention. • Rating “n/a” indicates that the activity cannot be measured and scoring is not applicable. In such cases, clarifications should be provided and such activities are not included in the calculation of ratings. Assessment of performance The rating calculations suggested as a part of this assessment are expected to assist countries in determining the strengths and weaknesses in five specific categories listed above. The percentage rating (0 to 100) for each category (except “n/a” scores) is calculated from: ∑ ℎ = ∗ 100 (# ℎ − # "/) ∗ 4 The total rating is calculated by adding all scores (except “n/a”) in all five categories (0 to 100): ∑ = ∗ 100 (65 − "n/a") ∗ 4 The following grades are used to indicate the overall performance based on the total rating: Very Weak below 30% Weak 30% - 49.9 % Average 50% - 69.9 % Good 70% - 89.9% Excellent above 90% The minimum score for an acceptable performance is “Average”, according to above grading scale. Finally, in order to facilitate better understanding, additional information can be provided in the “Comments” column of the questionnaire: • Challenges that the country faces in a particular area; • Source of information (URL) for a specific topic; • Relevant reforms or improvements expected; • Key stakeholders involved; and • Other relevant information. The remaining sections of this report include the description of TSA rapid assessment approach and the list of statements/questions used for verifying the processes and controls8. 8 Control is defined as the policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and undesired events will be prevented or detected and corrected (as defined in CoBIT). 7 How to organize the TSA rapid assessment? This rapid assessment can be performed in two ways:  Self-assessment (usually in two days),  Joint assessment (one week) of the TSA operations through site visits, interactions with related CT and CB units, and a workshop to discuss the results, with support from the World Bank team. In both cases, two dedicated teams from the Central Treasury/MoF and the Central/National Bank (sometimes by inviting the commercial banks and solution providers involved in TSA as well) are expected to meet and review the questions together, collect evidence on specific aspects (legal framework, practices, competencies, information security, and oversight), and assess the situation jointly to produce a mutually agreed assessment report. The World Bank team can join to assist in this process, and provide guidance when necessary. Suggested approach 1. Identify the team members who will take part in the rapid assessment of TSA operations (managers, operational staff, technical specialists, etc.), and designate the team leaders of the MoF/Treasury and Central/National Bank sides (include the list all participants as a part of the rapid assessment report). 2. If there is an ongoing FMIS contract (TSA implementation in progress), the teams are expected to review the functional and technical requirements of the TSA interface and operations, as outlined in the FMIS contract (also attach these requirements to the rapid assessment report). FMIS supplier representatives can be invited to relevant discussions during this process. 3. Depending on the type of assessment (self-assessment or joint assessment) organize a kick-off meeting with the teams to explain the process, introduce the questionnaire, and expected results. Prepare a work plan to perform the assessment and organize necessary meetings, as necessary. 4. Collect necessary information and evidence through interactions with related officials/units. Fill the questionnaire, answering all questions and providing ratings based on the evidence. Note all key findings and relevant evidence in the comments section of each question. 5. Organize a workshop with the participation of all stakeholders involved in the rapid assessment to discuss the findings and recommendations. 6. Following the completion of this review process by going through all 65 questions in the questionnaire, a TSA Rapid Assessment Report can be prepared, benefiting from the template attached in Annex 2 of this guidance note. This TSA rapid assessment is intended as a joint review of several important conditions, which are expected to be substantially met to ensure a fully operational and reliable TSA interface. Most of the technical capabilities can be developed in a relatively short time, as a part of the FMIS implementation. However, high level political commitment is required for the resolution of TSA related adaptive (non-technical) challenges in many economies. 8 TSA and Payment System Rapid Assessment Questionnaire The results of rapid assessment are presented below in five categories. “Comments” column includes the links to relevant web sites, as well as the summary of key findings and deficiencies observed. Table 3: TSA Rapid Assessment Questionnaire Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments 1 Legal and regulatory framework of TSA operations X1 % 1.1 Central Treasury legislation A Please indicate the Central Treasury URL here Clear legal and regulatory framework Q.1 Legal and regulatory framework for FMIS 0…4 + Existing law(s) (ref. no, date, and URL, if published) for Treasury Single Account operations is in place. - Any draft law or plans to prepare? (if not available yet) operations has been established with Q.2 TSA protocol signed between the CT and 0…4 + Existing TSA Protocol (ref. no, date, and URL, if published) appropriate and effective sanctions CB (legally binding). - Any draft Protocol or plans to prepare? (if not available yet) for non-compliance. Q.3 TSA instructions/circulars describing the 0…4 + Existing TSA Instructions (ref. no, date, and URL, if published) details of rev / exp processing are in place. - Any draft Instruction or plans? (if not available yet) Q.4 Legal basis for the operations of Electronic 0…4 + Existing law(s) (ref. no, date, and URL, if published) Payment Center (EPC) is in place. - Any draft law or plans to prepare? (if not available yet) Q.5 Agreement with the CB to maintain CT 0…4 + Existing TSA agreements (ref. no, date, and URL, if published) TSA bank accounts is in place. - Any draft agreement or plans? (if not available yet) Q.6 Agreement with the CT and Agent 0…4 + Existing TSA agreements (ref. no, date, and URL, if published) Bank(s) for TSA operations is in place. - Any draft agreement or plans? (if not available yet) 1.2 Central Bank legislation B Please indicate the Central Bank URL here Clear legal and regulatory framework Q.7 Banking law and regulations are in place 0…4 + Existing law(s) (ref. no, date, and URL, if published) for interbank systems has been - Any draft law or plans to prepare? (if not available yet) established with appropriate and Q.8 Electronic Signature law / regulations are 0…4 + Existing law(s) (ref. no, date, and URL, if published) effective sanctions for non- in place. - Any draft law or plans to prepare? (if not available yet) compliance. Q.9 RTGS law / regulations are in place. 0…4 + Existing law(s) (ref. no, date, and URL, if published) - Any draft law or plans to prepare? (if not available yet) Q.10 ACH (BCS) laws / regulations are in place. 0…4 + Existing law(s) (ref. no, date, and URL, if published) - Any draft law or plans to prepare? (if not available yet) Q.11 Laws/regulations for oversight of payment 0…4 + Existing law(s) (ref. no, date, and URL, if published) & settlement systems are in place. - Any draft law or plans to prepare? (if not available yet) 9 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments 2 TSA processes and interbank systems X2 % 2.1 Segregation of key TSA functions C Segregation of key TSA duties Q.12 Payment management functions are 0…4 + Summarize existing payment management processes (payment management and control, executed by the Central Treasury - Identify deficiencies settlements, and through automated processes supported accounting/reconciliation) is enforced by FMIS. through organizational structures, Q.13 Payment control functions are performed 0…4 + Summarize existing payment control processes user access in the treasury/payment by CT through automated processes - Identify deficiencies systems and procedural documents. supported by FMIS. Q.14 Payment control functions to check 0…4 + Summarize existing processes compliance with the Banking legislation - Identify deficiencies are performed by CB through automated processes supported by CB information systems. Q.15 Accounting functions for TSA operations 0…4 + Summarize existing processes (reconciliation and reporting) are - Identify deficiencies performed by CT through automated processes supported by FMIS. Q.16 Accounting of the TSA operations 0…4 + Summarize existing processes (recording all daily flows and providing - Identify deficiencies daily bank statements) is performed by the CB through automated processes supported by the CB information systems. Q.17 Oversight functions for payment and 0…4 + Summarize existing processes settlement systems (financial + - Identify deficiencies information security controls) are performed by the CB through automated processes. 2.2 Daily recording and reporting of TSA transactions D All TSA transactions related with Q.18 RTGS system is capable of 0…4 + Summarize existing processes budget revenues (receipts) and recording/reporting the details of all TSA - Identify deficiencies expenditures (payments) are recorded payments on a daily basis. and reported through CB payment and Q.19 ACH (BCS) system is capable of 0…4 + Summarize existing processes settlement systems, as well as the CT's recording/reporting the details of all TSA - Identify deficiencies FMIS solution on a daily basis. payments on a daily basis. 10 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments Q.20 CB GL captures all flows in TSA bank 0…4 + Summarize existing processes accounts through their accounting - Identify deficiencies system/GL on a daily basis. Q.21 Agent Banks transfer all revenues to the 0…4 + Summarize existing processes CT's designated TSA bank account at the - Identify deficiencies CB on a daily basis through online connections to RTGS/ACH. Q.22 Central Treasury submits all payment 0…4 + Summarize existing processes requests in required formats through CT- - Identify deficiencies CB TSA interface from a secure electronic payment center through automated processes supported by FMIS on a daily basis. Q.23 CB sends bank statements from the RTGS 0…4 + Summarize existing processes and ACH about the details of all TSA - Identify deficiencies transactions through automated processes on a daily basis. Q.24 CB sends bank statements from the CB 0…4 + Summarize existing processes General Ledger about the flows in TSA - Identify deficiencies bank accounts through automated processes on a daily basis. Q.25 Reconciliation of the CB (and Agent Bank) 0…4 + Summarize existing processes bank statements is performed by the CT - Identify deficiencies through the FMIS General Ledger (GL) module on a daily basis. Q.26 Each TSA transaction must contain a 0…4 + Summarize existing processes unique identifier which can be used to - Identify deficiencies link the payment or receipt to the accounting entries in the CT’s FMIS GL. 2.3 Audit trails E Q.27 "Audit trail" is enabled in CT FMIS 0…4 + Summarize current status databases and effectively used. - Identify deficiencies Audit trails are enabled and effectively used in CB and CT Q.28 "Audit trail" is enabled in CT Electronic 0…4 + Summarize current status information systems Payment Center (EPC) databases (in case - Identify deficiencies of indirect participation) and effectively used. 11 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments Q.29 "Audit trail" is enabled in CB RTGS 0…4 + Summarize current status platform and effectively used. - Identify deficiencies Q.30 "Audit trail" is enabled in CB ACH (BCS) 0…4 + Summarize current status platform and effectively used. - Identify deficiencies Q.31 "Audit trail" is enabled in CB accounting/ 0…4 + Summarize current status GL operations and effectively used. - Identify deficiencies 2.4 Inventory of bank accounts An inventory of existing Bank Q.32 CT FMIS has an inventory of all Bank 0…4 + Summarize current status accounts to be used in FMIS and TSA accounts to be used in TSA operations - Identify deficiencies operations exist and regularly and this is synchronized with the CB updated inventory. Q.33 CB has an inventory of all Bank accounts 0…4 + Summarize current status to be used in TSA operations. - Identify deficiencies 2.5 Transaction level controls All transaction level controls are Q.34 CB has RTGS/ACH payment system 0…4 + Summarize current status performed as a part of the oversight checklists managed through automated - Identify deficiencies role on payments and settlements processes and reports the results of all transactions in well-defined formats (SWIFT). Q.35 RTGS and ACH payment controls include 0…4 + Summarize current status checking the bank accounts against the - Identify deficiencies "black list" maintained by the CB. Q.36 Central Treasury submits all payment 0…4 + Summarize current status orders electronically from FMIS to - Identify deficiencies RTGS/ACH, without any manual intervention. CB disables manual entry mode for CT. 3 Capacity and competencies X3 % 3.1 CT capacity CT units (electronic payment system Q.37 For each TSA related position, there is a 0…4 + Summarize current status and IT) have adequate number of job description specifying the duties of - Identify deficiencies trained staff to manage TSA the position, reporting lines, delegations operations of authority and qualification requirements. 12 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments Q.38 Total number of authorized personnel to 0…4 + Summarize current status manage TSA operations is adequate - Identify deficiencies compared to the volume of transactions and intensity of work. Q.39 The CT staff is experienced in the 0…4 + Summarize current status operation of EPS and can execute TSA - Identify deficiencies transactions on the interbank payment systems securely. 3.2 CB capacity CB units (payment systems and IT) Q.40 For each interbank payment system 0…4 + Summarize current status have adequate number of trained related position, there is a job - Identify deficiencies staff to manage interbank payment description specifying the duties of the systems position, reporting lines, delegations of authority and qualification requirements. Q.41 Total number of authorized personnel to 0…4 + Summarize current status manage payment systems is adequate - Identify deficiencies compared to the volume of transactions and intensity of work. 3.3 ICT infrastructure ICT infrastructure is capable of Q.42 CT data center is well prepared to 0…4 + Summarize current status handling the workload to support full manage all TSA operations and store the - Identify deficiencies scale centralized TSA operations details of all transactions. Q.43 CB data center is well prepared to handle 0…4 + Summarize current status all TSA transactions and store relevant - Identify deficiencies details. 4 Information security controls F X4 % 4.1 CT information security controls Information security controls are Q.44 Authentication and authorization (type of 0…4 + Summarize current status actively used in the CT information digital signature used; storage of the - Identify deficiencies systems digital certificates issued) Q.45 Privileged access (who has privileged 0…4 + Summarize current status access to FMIS and electronic payment - Identify deficiencies center databases) 13 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments Q.46 Data security and integrity (solutions for 0…4 + Summarize current status secure data transfer + encryption of data - Identify deficiencies in transit) Q.47 Network and web application firewalls 0…4 + Summarize current status (solutions for reviewing logs, restricting - Identify deficiencies access) Q.48 Password for all user types 0…4 + Summarize current status - Identify deficiencies Q.49 Physical security (access control and data 0…4 + Summarize current status center security) - Identify deficiencies Q.50 Backup and storage (all transactions for 0…4 + Summarize current status the last 5 years stored actively in - Identify deficiencies databases; older records are archived; who maintains TSA records) 4.2 CB information security controls Information security controls are Q.51 Authentication and authorization (type of 0…4 + Summarize current status actively used in the CB information digital signature used; storage of the - Identify deficiencies systems digital certificates issued). Q.52 Privileged access (who has privileged 0…4 + Summarize current status access to TSA databases and interbank - Identify deficiencies system platforms). Q.53 Data security and integrity (solutions for 0…4 + Summarize current status secure data transfer + encryption of data - Identify deficiencies in transit). Q.54 Network and web application firewalls 0…4 + Summarize current status (solutions for reviewing logs, restricting - Identify deficiencies access). Q.55 Password for all user types. 0…4 + Summarize current status - Identify deficiencies Q.56 Physical security (access control and data 0…4 + Summarize current status center security). - Identify deficiencies Q.57 Backup and storage (all transactions for 0…4 + Summarize current status the last 5 years stored actively in - Identify deficiencies databases; older records are archived; who maintains TSA records). 14 Ref. TSA Assessment Components Q Ref. Questions / Statements Rating Comments 5 Oversight mechanisms G X5 % 5.1 Central Treasury is subject to regular Q.58 Financial/compliance audit of the Central 0…4 + Summarize current status review by internal audit, external Treasury operations - Identify deficiencies audit and by peer auditors. Q.59 IT Audit of the CT information systems 0…4 + Summarize current status (FMIS and electronic payment center) - Identify deficiencies 5.2 CB is subject to regular review by Q.60 Financial/compliance audit of the CB 0…4 + Summarize current status internal audit, external audit and by operations - Identify deficiencies peer auditors. Q.61 IT Audit of the CB information systems 0…4 + Summarize current status (payment systems and accounting) - Identify deficiencies 5.3 IMF Safeguards Assessment is Q.62 The CB governance framework is up to 0…4 + Summarize current status performed regularly as a review of the standards as evidenced by the IMF's - Identify deficiencies the CB's governance framework Safeguards Assessment 5.4 PEFA assessment is performed as a Q.63 The TSA operations and the CT/CB 0…4 + Summarize current status core diagnostic to review the overall practices are reviewed during the PEFA - Identify deficiencies PFM and accountability performance assessment, and related assessments are used to monitor the progress. 5.5 Financial risks and controls are Q.64 The risk and controls report is prepared 0…4 + Summarize current status regularly reviewed and attached to annually, describing the overall - Identify deficiencies the annual financial system reviews assessment of the CT information of the CB and CT. systems, the controls and any deficiencies. Q.65 The risk and controls report is prepared 0…4 + Summarize current status annually, describing the overall - Identify deficiencies assessment of the CB information systems, the controls and any deficiencies. Overall assessment score : XX % 15 Notes: A Regarding Q.1, a key feature to consider would be whether the MoF/Treasury may define standards for systems used in financial management (and the coverage of this approval - are extra-budgetary entities included) and what responsibilities are vested in the accountable officers in Ministries for maintaining effective financial management systems and internal control frameworks (and therefore in an FMIS architecture). What assurances the MoF/Treasury must provide regarding the operations of the FMIS for comfort of these accountable officers in discharging their duties, and conversely, what requirements the accountable officers are charged with for using the FMIS (e.g. maintaining operating system and virus protection updates on all workstations connected to the network that connects to FMIS; network security – firewalls, monitoring and maintenance of logs; not sharing logons and passwords to both the network and the FMIS with anyone else). If there is a secure government-wide network or intranet, these features may be addressed in the membership to this network (which may be managed by an entity other than the MoF/Treasury). However in many countries FMIS implementation is ahead of government-wide secure network and these issues are addressed during FMIS implementation. Q.4 and Q.8: This will impact whether procedures can be fully automated through the system, or the transmission of supporting documents / hard copy authorizations are still needed alongside the messages transmitted within the FMIS and from the FMIS to the paying bank. If the legislation governing electronic transactions and communications is in place (or is in the process of being drafted), the FMIS design and banking interface must conform to this legislation to ensure electronic transmissions are of equal legal standing to a paper-based authorization. For example, if the legislation provides for a public key infrastructure, there may be requirement for the certifying authority to be approved by a central regulatory body and therefore the FMIS must deploy certificates from an approved certifying authority. If there are gaps in the legal support for electronic signatures and no legal basis for public-key based electronic signatures, centralized TSA processes may need to include additional controls to address this. For example, the transmission of the payments file from the Treasury to MoF may involve an additional process where key information about the file (e.g. total value of payments, number of payments and a hash total constructed from the sum of the account numbers in the file) is exchanged through a different route (e.g. e-mail, telephone) between the Treasury and the Central Bank before the Central Bank approves the file to be actioned through the payment system. Q.2 and Q.5: In some cases, these can be covered under a single agreement (the agreement may be developed over time – initially it is important to have an agreement related to the banking services that the CB will or will not provide). B Key clauses in Banking Legislation, Regulations and Circulars that impact the design of the TSA (custody and structure of bank accounts, and receipt and disbursement processes) include: • Law concerning the Central Bank may specify that the CB has custody of Treasury accounts or is banker / fiscal agent to government; • The CB Law may specify that CB profits are passed to Government and that the CB is recapitalized by Government in event of a loss (therefore lower risk if custody of the TSA is with the CB); • The availability of credit from the Central Bank to Government; • The roles and responsibilities of the Central Bank and Government in respect of issuance and servicing of domestic and external debt; • Payment system operating hours; • Cheque Clearing periods; • Clearing periods for electronic transactions (ACH and RTGS); • Time periods for return of invalid transactions (e.g. Credit to invalid customer account in receiving bank); • Handling of mis-directed transactions (e.g. Credit to a valid but incorrect customer account); • Requirement for commercial banks and other financial institutions to report on government accounts, balances and transactions to the MoF/Central Treasury (as noted above, this also impacts the ability of MOF to effectively prepare an inventory of existing bank accounts). 16 C Q.13: Payment control functions are not limited to compliance with budget limits, and other important aspects of public expenditure controls should also be considered (e.g. procurement functions, payroll controls, vendor registration, monitoring imprest bank accounts of spending units). If a Commercial Off-the-Shelf (COTS) package is deployed as the basis for the FMIS, these controls may be relatively sophisticated to configure and maintain. Therefore, the set-up should be clearly documented, and responsibility for maintenance of user roles in the system should be clearly assigned for all controls. Similarly, for locally-developed software, the controls environment must be embedded properly in the software functionality and associated data model. Q.14: Payment control functions performed by the CB are mainly related to checking invalid payments and returns of instructions and the credit value within the time frames specified in legislation / participant rules. Q.15 and Q.16: If the CT is carrying out reconciliations, the CT must be maintaining cashbooks for all TSA bank accounts in the processing of the transactions. In countries where a structure of bank accounts have been used to account for transactions, the maintenance of cash books and reconciliation may be weak (and in some cases, cash books being presented for audit being simply the bank statement with the DR/CRs reversed, as opposed to being maintained). Daily flows must be recorded independently by both the CT and the CB to support reconciliations. Q.17: While oversight of payment systems is generally a function of the Central Bank, in some countries, the institutional framework is that an entity independent of the CB is directly responsible for supervision of financial institutions and/or payment systems oversight (although of course the CB will always be an interested stakeholder). Also, the features available in the national payment systems (as opposed to the automation of the oversight of these systems) will impact the design of TSA processes and policies (e.g. can Government collect from and pay to a mobile-money account with a telecom?). D Q.23: Transaction reports may be provided from the RTGS and ACH, whereas bank statements are generated from the CB’s core banking system. Also, it would be pre ferable that statements are available online, in real-time as opposed to being transmitted daily. Q.25: Please note that the system architecture of some COTS packages is that the bank reconciliation is considered a separate module, or part of the cash management module, as opposed to being within the GL module. It is important to ensure that the cash book records used in the bank reconciliation process are complete for any postings to GL bank assets. E Q.27-Q.31: There are several layers of ‘audit trails’ that would be required to effectively trace any transaction (on the database itself, as well as on FMIS application software and network access logs). This assessment is mainly focused on the ‘audit trails’ on relevant databases. A key question is whether the internal and external auditors are fully apprised of the audit trail (database and software, and also IT audit for the network logs), and able to use this to trace the processing of transactions – in some countries, only the FMIS system administrator understands how to use the audit trail function for tracing transactions (and therefore no one has the ability to trace system administration actions). Another key question is whether government has access (internally or through lo cal/regional firms) to a ‘forensic’ accounting capability that would be able to trace any transaction or data entry made through FMIS. These important aspects should also be noted for a more comprehensive assessment, where applicable. F The information security controls listed in this part are focused on the electronic payment process. In practice, this extends back to the initiation of purchase orders in spending agencies and changes made to payroll/employees (as these are the first stage payments that will be processed through the TSA). As discussed above, where the network for the FMIS has been implemented by the MoF and enables connections to other local networks maintained by the spending agencies, information security controls must be applied across all elements (including the spending agencies networks which the MoF is not directly responsible for maintaining), not just in the CT or CB. G Please note that the IMF Safeguards Assessment is only required in countries that are using fund resources, although is encouraged for countries under a staff-monitored program as well. 17 . 18 Annex 1. References 1. Ali Hashim and Allister J. Moon, “Treasury Diagnostic Toolkit”, World Bank Working Paper # 19, 2004 2. Biagio Bossone and Massimo Cirasino, “The Oversight of the Payments Systems: A Framework for the Development and Governance of Payment Systems in Emerging Economies”, World Bank Report, July 2001 3. BIS-CPSS, “Central Bank Oversight of Payment and Settlement Systems”, Bank for International Settlements (BIS) - Committee on Payment and Settlement Systems (CPSS), July 2005 4. Cem Dener, Joanna Watkins, and William Dorotinsky, “Financial management information systems : 25 years of World Bank experience on what works and what doesn't”, World Bank Study, April 2011 5. COBIT: Control Objectives for Information and related Technology 6. European Court of Auditors, “The Performance Audit Manual”, May 2007 7. European Court of Auditors, “The Financial and Compliance Audit Manual (FCAM)”, May 2012 8. IMF, “Safeguards Assessments of Central Banks” Factsheet, March 2012 9. ITIL: Information Technology Infrastructure Library 10. Public Expenditure and Financial Accountability (PEFA) Framework, May 2006 11. Sailendra Pattanayak and Israel Fainboim, “Treasury Single Account: Concept, Design and Implementation Issues”, IMF WP/10/143, May 2010 12. The World Bank, “Payment Systems Worldwide – Outcomes of the Global Payment Systems Survey 2008”, FPD Payment Systems Development Group, 2009 13. The World Bank, “General Guidelines for the Development of Government Payment Programs”, FPD Payment Systems Development Group, August 2012 19 Annex 2. TSA Rapid Assessment Report Template Following the completion of the review of TSA operations using the questionnaire, a rapid assessment report is expected to be prepared in order to summarize the key findings and share the conclusions and recommendations with relevant officials. The following report template can be used to present the results in a consistent way. Suggested Contents of the TSA Rapid Assessment Report 1. Background (summary of existing TSA operations, if any, or plans to establish TSA) 2. Objectives (expectations from the TSA Rapid Assessment) 3. TSA Preconditions (current status of TSA preconditions, using the template provided) 4. TSA Roles and Responsibilities (using the template provided) 5. Approach (self-assessment or joint assessment, describe the steps followed) 6. Key Findings (summarize the key findings in five categories reviewed) 7. Conclusions (summarize strengths and weaknesses) 8. Recommendations (list specific recommendations to address technical and adaptive challenges) Appendix 1. Officials involved in TSA rapid assessment Appendix 2. List of documents reviewed (provided by the authorities) during TSA rapid assessment Appendix 3. Summary of the TSA requirements included in the FMIS contract (if any) Appendix 4. Sample documents and images obtained from the interbank payment systems (RTGS and ACH) • Standard Payment Order (PO) used for expenditure and revenue transactions (via FMIS). • Payment Order (PO) created by the CT through the CB’s RTGS workstation. • Report types available from the CB’s RTGS workstation. • Sample report on the RTGS transactions. • Message format (MT103, as an expanded version of original SWIFT) to transfer CT’s payment instructions to the RTGS system. • Details of a payment instruction from the CB’s ACH monitoring terminal. • The CB’s monitoring system to manage the daily ACH settlements. • The details of daily ACH transactions. 20 Annex 3. Overview of Centralized TSA and Electronic Payment Systems Treasury Single Account (TSA) implementation arrangements can be broadly grouped under two categories: centralized and distributed. The centralized TSA arrangement is designed to capture all revenue and expenditure transactions through a consolidated structure of bank accounts in a single financial institution, generally the central bank. When the PFM operations are highly decentralized and the budget spending units are allowed to retain separate transaction accounts, the distributed TSA arrangement may help in capturing the flows in these accounts by sweeping the balances into the TSA main account at the end of each day. However, it is relatively difficult to capture the details of transactions in decentralized TSA. Therefore, centralized structures are being established in many countries to improve the efficiency and effectiveness of TSA operations through centralized transaction processing. Advances in web-based applications and rapid expansion of electronic payment systems are the key enablers supporting the centralized TSA operations. Electronic Payment Systems (EPS) or Electronic Funds Transfer (EFT) operates on the basis of two systems: • The clearing house system is where transactions between members of a clearing channel are recorded. • Settlement is the finalization in a transfer of funds, and is the act that discharges the obligations of banks in respect of funds transfers between their depositor accounts. The Central Bank of each country usually acts as the primary settlement agent. Settlement can occur immediately on a gross basis (RTGS) or be delayed on a net basis (ACH). Real Time Gross Settlement (RTGS) systems are funds transfer systems where transfer of money takes place from one bank to another on a ‘real time’ and on ‘gross’ basis (Figure 1). Settlement in ‘real time’ means payment transaction is not subjected to any waiting period. The transactions are settled as soon as they are processed. ‘Gross settlement’ means the transaction is settled on one to one basis without bunching or netting with any other transaction. Once processed, payments are final and irrevocable. In terms of liquidity and systemic risks, high-value payment systems are the most important due to the large value and time sensitive nature of the payments. RTGS solutions are mostly implemented by the central banks. The private sector clearing houses use the Clearing House Interbank Payment System (CHIPS) model. Figure A3.1: Centralized TSA Operations and Electronic Payment Systems Payment TSA statements 3 instructions 6 received MoF Central ACH FMIS Secure VPN Central Treasury Bank RTGS Automatic >> EFT (batch files; XML) << Statements Payment 7 reconciliation TSA 4 message Centralized EPS SWIFT Details of all payments Treasury (and revenues) received from Banking System Network Network the Central Bank daily Approved payment HQ Commercial HQ Commercial 2 request Bank #1 Bank #X Treasury District Offices Direct Comm Bank #1 Comm Bank #X Payment Order and payment to Network Network 1 Invoice submitted 5 beneficiary account Spending Comm. Bank #1 Comm. Bank #X Funds Units Branch Offices Branch Offices Information Source: World Bank data (Dener et.al., 2011). 21 Automated Clearing House (ACH) system is as a low-value payment system. ACH processes large volumes of credit and debit transactions in batches and at low cost. ACH credit transactions include payroll, pension, and annuity payments. ACH debit transactions include consumer bill payments, such as utility bills, phone bills, and insurance premiums. ACH is mainly operated by the central banks. In some countries the ACH systems are privately owned and operated, but authorized and regulated by the central banks. The Society for Worldwide Interbank Financial Telecommunications (SWIFT) is a global telecommunications network. It provides a strict message format for the exchange of financial information between financial institutions. Messages automatically pass through electronic links built between SWIFT and the local electronic clearing systems in different countries. There are two key components to SWIFT: • The SWIFT network, which is used to transmit messages between SWIFT members (banks and other financial institutions); and • The SWIFT standard messaging format which are internationally-recognized standards for banking and financial messages. SWIFT format messages may be deployed in the TSA payment processes (and is recommended as use of international standard formats will ease future changes in software applications used), although may not necessarily be transmitted via the SWIFT network, but via other national payment system networks, or, through a direct link between the FMIS or electronic payment system and the central bank. The SWIFT network, however, will generally be the only method for International Telegraphic Transfers. What is Electronic Payment Center (EPC)? In most cases, the Central Bank (CB) side of the TSA interface is more developed and robust, and the operations are based on well-defined protocols for secure processing of electronic payment requests through clearinghouse and underlying payment systems (RTGS/ACH) usually managed by the CB. Each remote participant of the electronic payment system (e.g., MoF/Treasury, agent banks) should satisfy specific technical and functional requirements for a reliable connection to comply with these requirements and become eligible to use specific software. EPC can be considered as the connection point of this TSA interface on the MoF/Treasury side. It is a secure room (access control and monitoring system; authorized users) hosting the servers/PCs, backup system, and network equipment to connect the MoF side of the TSA interface to the Central Bank systems. In some countries, this secure space is created within the main data center of the MoF as a separate section. In other cases, it may be a small operator and server room located in related organizational unit and securely connected to the main data center. Authorized users of the EPC (usually 3-4 specialists and a manager) are trained by the CB to run a specific software for submitting electronic payment orders to the banking system directly (correspondent mode) or indirectly (client mode) using digital signature/tokens provided. Daily operations are recorded (audit trails) and monitored to ensure that the payment orders received from FMIS are channeled to the CB systems through EPC (no manual interventions), and the statements received from the banking systems are transferred to FMIS for reconciliation on a daily basis (no manual intervention). Thus, EPC is a secure central connection point between FMIS and the CB systems to ensure secure transfer of payment instructions and collecting the results of daily TSA operations electronically. Ideally, all payment orders created by FMIS and submitted through EPC should have a unique identifier, and the CB system should record these transaction IDs. Similarly, all payments executed through RTGS/ACH should have unique IDs and these should be captured back in FMIS database for reconciliation. These unique IDs (one for payment order, one for executed payments) created and captured on both sides of the interface are needed while auditing the systems on both sides to ensure one-to-one match of all records stored in both systems. EPC is also the repository of this information on the MoF side (and they have a backup system to store historic data). 22 Annex 4. Questions on TSA Preconditions and Risks In order to verify the existence of reliable TSA operations and interbank systems, a number of clarifications can be requested from the CT and CB officials during or before this rapid assessment, to be able to complete the questionnaire: 1. How do the CB information systems capture transaction level data of all movements affecting the TSA (for revenues and expenditures)? 2. How does the CB maintain and safeguard transaction level TSA data to be available at any future point for reporting or audit purposes? 3. What procedure will be in place to provide daily bank statements for reconciliation, and who will prepare these? 4. What are the oversight mechanisms established for monitoring the CB banking operations, as well as the CT's treasury/TSA operations (which entity audits treasury and banking operations, and when)? 5. Was there any Information and Communication Technology (ICT) security audit performed on CB and CT information systems by a certified IT auditor recently? 6. Which framework was used in assessing the information systems (COBIT, ITIL, ISO 27001, etc.)? 7. Is "audit trail" enabled in relevant databases during daily operations of the CB and CT? 8. Which information security controls are actively used in the CB and the CT information systems: • Authentication and authorization (type of digital signature used; storage of the digital certificates issued) • Privileged access (who has privileged access to TSA databases and interbank system platforms) • Data security and integrity (solutions for secure data transfer + encryption of data in transit) • Network and web application firewalls (solutions for reviewing logs, restricting access) • Password for all user types • Physical security (access control and data center security) • Backup and storage (all transactions for the last 5 years stored actively in databases; older records are archived; who maintains TSA records) 9. Is there an automated process to reflect all daily transactions (revenues + expenditures) in the FMIS GL (how to trace the CB interbank system transactions in FMIS GL with unique identifiers)? 10. What is the operational status of the CT's electronic payment center (number of authorized MoF/CT officials to execute payments, and oversight mechanism)? 11. Data flow diagrams for processing expenditure and revenue transactions through FMIS and CB information systems for TSA operations (describing various steps to be supported by CT's FMIS, CT's Electronic Payment Center, CB's Access server, CB's RTGS/ACH platforms and the CB's GL). 12. List of all message formats (for RTGS and ACH separately) to be implemented for recording / reporting all budget expenditures and revenues, together with a justification of their purpose. 13. The latest version of the TSA protocol and its attachments (including financial and information security controls). 14. The Action Plan for the implementation of TSA system (incl. responsibilities of the CT/CB and FB). 23 A risk and controls review is also included in this assessment to analyze the Central Bank and the Treasury information systems, procedures and operational environment. Risk factors that were taken into account during in this review include: a) the susceptibility of payment systems and TSA interface to fraud or misappropriation; b) complexity of TSA transactions, or degree of reliance on the system to account and reconcile correctly; c) the degree of manual intervention, and related potential for error involved in the system; d) complexity of user security profiles; e) interfaces with any third party systems; and f) reliance by the business on the continuing availability of the system. Controls: Some of the critical control areas included in this review related with the application based controls, information systems, and ICT infrastructure are listed below: a) Access to CB payment systems and TSA operations (CT’s electronic payment center) are restricted to only those staff whose responsibilities require this access. b) Segregation of key TSA and payment system functions are monitored and evaluated regularly. c) Input validation to ensure data entry is authorized, accurate and complete. d) Regular checks to ensure that all transactions are processed properly. e) Output reviews to ensure the completeness, accuracy and validity of reported information and the adequacy of audit trails. f) Daily transactions are recorded and reported from both sides of the TSA interface (CB and CT information systems) consistently. g) TSA system interfaces are designed and tested to protect the integrity of data exchange. h) TSA applications are fully understood by staff and comply with the legislation. i) TSA applications are routinely monitored and properly evaluated. j) Physical security to provide an environment that protects hardware and software from damage by unauthorized access and environmental effects (e.g. water, extreme temperatures, fire). k) Back up of data and offsite storage for system operation recovery. l) Recovery of computer operations in the event of a disaster. 24 Annex 5. Sample Documents and Images Related to the TSA Operations and Payment Systems Figure A5.1: Standard Payment Order (PO) form used for expenditure and revenue transactions (Kyrgyz Republic) PO unique ID Budget Institution (BI) Code Taxpayer Identifier Payer’s Bank Account Number Social Fund Registration ID PAYER Bank Identification Code (BIC) for CT BENEFICIARY Beneficiary Bank Account Number Amount in Soms Payment Code (Economic Classification) Description 25 Figure A5.2: Payment Order (PO) created by the CT through the CB’s RTGS workstation (direct access mode) 26 Figure A5.3: Report types available from the CB’s RTGS workstation (direct access mode) 27 Figure A5.4: Sample report on the RTGS transactions 28 Figure A5.5: Message format (MT103, as an expanded version of original SWIFT format) to transfer CT’s payment instructions to the RTGS system 29 Figure A5.6: Details of a payment instruction from the CB’s ACH monitoring terminal 30 Figure A5.7: The CB’s monitoring system to manage the daily ACH settlements 31 Figure A5.8: The details of daily ACH transactions 32