Reports consist of recurring reports on Danmarks Nationalbank’s areas of work and activities. Here you will find Danmarks Nationalbank’s annual report, among other documents. Reports are targeted at people who need a status and update on the past period.
Oversight of the financial infrastructure 2023
Danmarks Nationalbank oversees the systems and solutions in the Danish financial infrastructure that enable the public and businesses to exchange payments and securities. In this report, Danmarks Nationalbank presents the conclusions from its oversight operations in 2023.
Key messages
Why is it important?
On an average banking day, payments totalling kr. 699 billion are sent through the systems that make up the Danish payments infrastructure, and it is crucial for the economy that payments and securities can be exchanged without problems. That’s why Danmarks Nationalbank oversees secure and efficient working of the payments infrastructure and lives up to international standards in this area. This helps fulfil one of Danmarks Nationalbank’s main purposes, which is to contribute to safe and efficient payments.
Main chart
Danmarks Nationalbank oversees the central systems and solutions in the payments infrastructure
Denmark has a safe and efficient payments infrastructure
The payments infrastructure in Denmark consists of a number of interconnected systems that enable consumers, businesses and financial entities to exchange payments and securities with each other. Every day, almost kr. 700 billion worth of payments are sent through the payments infrastructure, and it is crucial for the economy that the systems function without disruptions and breakdowns so that payments for goods and services can be made easily and efficiently.
That is why Danmarks Nationalbank oversees that the payments infrastructure is well-functioning, secure and efficient. Danmark Nationalbank oversees that the key systems in the infrastructure comply with the high security and efficiency requirements of international standards, including requirements for cyber resilience. The oversight includes the most important payment solutions (see box 2).
The Danish payments infrastructure is described in box 1.
Box 1
The payments infrastructure in Denmark
Every banking dayB1-1, on average, kr. 699 billion worth of payments are sent through the Danish payments infrastructure, corresponding to around a quarter of GDP.
Danmarks Nationalbank's payment system, Kronos2, plays a key role in the infrastructure both for the settlement of large, time-critical payments between banks (interbank payments) and by virtue of Danmarks Nationalbank’s role as settlement bank for the other payment and settlement systems.
Retail payments are payments between consumers, businesses and public authorities, e.g., using payment cards, mobile phones and account-to-account transfers. Once payments are initiated and handled through a series of intermediaries, they end up, depending on the type of payment, being settled and reconciled in the Sumclearing, the Intradagclearing or the Straksclearing systems, which are the financial sector’s retail payment systems. Settlement is subsequently effected through Kronos2 in accounts at Danmarks Nationalbank. The retail payment systems are owned by Finance Denmark.
Securities transactions may be entered into in different ways: on the stock exchange, through a multilateral trading platform or over the counter via a bank or broker. The settlement of transactions in Danish-issued securities is handled by the central securities depository, Euronext Securities Copenhagen (ES-CPH). Securities transactions between banks and their customers are settled via ES-CPH’s own settlement system (ES-CPH settlement), while securities transactions between banks and other financial institutions are settled via the pan-European system TARGET2-Securities (T2S), owned by the European Central Bank (ECB) and the national central banks in the euro area. As a central securities depository, ES-CPH is responsible for keeping continuous records of the holdings of all Danish-issued securities on behalf of investors, and transfers of securities in accounts on T2S are subsequently reflected in accounts in ES-CPH’s systems.
Foreign exchange transactions are settled through CLS, an international system for settlement of foreign exchange transactions, currently in 18 connected currencies, including Danish kroner. Danmarks Nationalbank makes accounts available to banks settling transactions through CLS. Participants reserve liquidity for CLS settlement by transferring funds to these accounts. CLS is owned by a number of large international banks.
The three retail payment systems and ES-CPH settle their participants’ net positions in Kronos2, where the participants have accounts. Net positions are calculated by offsetting participants’ claims and obligations in the respective systems. This so-called netting reduces the participants’ liquidity needs significantly compared to a situation where all payments are settled individually. For example, netting reduces the liquidity needed for settlement of retail payments from kr. 47 billion to kr. 10 billion daily, corresponding to a reduction of 79 per cent.
Settlement inT2S also takes place using netting. The liquidity for settlement in T2S is transferred from the participants’ cash accounts at Danmarks Nationalbank. Netting reduces the participants’ need to reserve liquidity from kr. 196 billion to kr. 18 billion, which corresponds to a 91 per cent reduction.
Chart
Payment flows, kr. billion, average per banking day in 2023
Note:
* The majority of trades in ES-CPH are transactions in which no money is exchanged between the parties in Kronos2
Box 2
Danmarks Nationalbank’s oversight
Danmarks Nationalbank oversees that payments and financial transactions in Denmark can be completed safely and efficiently. Its oversight comprises the core systems and solutions in the Danish payments infrastructure:
- Kronos2 (interbank payments)
- The Sumclearing, the Intradagclearing and the Straksclearing (retail payments)
- Euronext Securities Copenhagen’s settlement system (securities transactions)
- Dankort, Betalingsservice and account-to-account transfers (the most important payment solutions)
- International systems relevant in Denmark (TARGET Services and CLS).
Danmarks Nationalbank’s oversight is based on international standards and guidelines and is described in Oversight Policy 2023 (link).
Oversight is coordinated with the Danish Financial Supervisory Authority’s work in this area. This collaboration is designed to ensure that duplicate regulatory controls are avoided, skills are utilised in the respective authorities and relevant information is shared. Danmarks Nationalbank also works closely with the authorities responsible for oversight of the international systems relevant to Denmark.
The infrastructure is safe, efficient and stable
Danmarks Nationalbank’s oversight shows that the Danish payments infrastructure is safe and efficient.
The central systems and solutions comply to a high degree with the requirements of international standards for organisation, risk management and crisis management. The owners of the systems and solutions generally have a high level of maturity in their ongoing work with operational stability and cyber resilience and are continuously working to further strengthen these areas.
Operational stability was generally high throughout 2023, and disruptions to the exchange of payments and settlement of securities transactions in Denmark are rare. However, there were a few issues with the timely settlement of payments in 2023. Danmarks Nationalbank´s oversight has been following upwith the owners of the systems to ensure that the follow-up on incidents is satisfactory.1
The infrastructure is resilient, but must be prepared for security breaches
The Centre for Cyber Security (CFCS) assesses that the threat from cybercrime is very high, and the best hackers are continuously becoming more specialised and sophisticated in their methods. The cyber threat landscape is described in more detail in box 3.
The May 2023 attack on critical energy infrastructure in Denmark, when cyber criminals successfully penetrated the systems of 22 energy companies, showed how serious the cyber threat is. According to SektorCERT2, the attack seemed very well prepared and there were indications that a state-sponsored actor may have been involved.3 SektorCERT believes that without its sensor network to detect the attacks, and close collaboration across the energy sector, the attack could have had major consequences for society.
Box 3
The cyber threat to the Danish financial sector remains very high
The Centre for Cyber Security (CFCS) assesses that the threat from cybercrime to the Danish financial sector is very high.B3-1 As a result of the war in Ukraine, on 31 January 2023, the CFCS raised its assessment of the threat from cyber activism to High. Tensions between Russia and the West have resulted in a high level of activity among pro-Russian cyber activists, who carry out attacks against targets within a wide range of NATO member countries, including Denmark.
The CFCS assesses that the threat from destructive cyberattacks against Danish targets is low. However, the nature of the cyber threat can quickly change if the security situation deteriorates further. State-sponsored players have the capacity to carry out advanced cyberattacks. So far, there has been no willingness to carry out attacks of this type against Denmark, but that may change. However, the CFCS considers it likely that state-sponsored hacker groups are preparing to carry out destructive cyberattacks against critical infrastructure in Denmark, including through cyberespionage.B3-2
Because the threat level is high, continuous efforts to ensure the security of the payments infrastructure is essential to protect financial stability and the economy as a whole. The owners of the systems in the infrastructure maintain a strong and constant focus on cyber security, and the infrastructure is generally well equipped to prevent and protect itself from cyberattacks.
Working to protect systems from cyberattacks should be a key part of the strategy and management focus of organisations. Cyber security is a key element of the risk management of the systems, which requires management and boards to be closely involved in the work. Work on cyber security for some of the systems in 2023 included compliance with the requirements of the DORA4 regulation and the NIS 25 directive, designed to help strengthen supply chain management and the security operation centres (SOCs) set up to deal with specific cyberattacks.
Even with all the effort put into cyber security, it is not possible to fully protect against attacks. In 2023, the owners of the systems in the infrastructure continued to work on developing their systems and crisis management plans to handle the consequences of cyberattacks that could not have been prevented.
According to international guidelines for cyber resilience6, crisis management planning must include specific plans for how to deal with serious cyber incidents. The plans must address the ability to safely recover key IT systems and to continue critical business operations while recovery is ongoing. Furthermore, it should be regularly tested whether the plans are sufficient for handling extreme, but plausible, cyberattack scenarios.
This is a large and costly task for the systems that must be continuously prioritised. Danmarks Nationalbank’s oversight focuses on ensuring that the systems continue to improve, develop, and test cyber resilience to be able to handle developments in the cyber threat landscape.
In this regard, Danmarks Nationalbank has also carried out assessments according to the international guidelines for cyber resilience of ES-CPH in 2020 and of the Retail Payment Systems in 2022. Danmarks Nationalbank followed up on compliance with the remaining open recommendations for these systems in 2023.
Finally, the Danmarks Nationalbank has had an in-depth dialogue with Nets and MPS on the impact of the new ECB standard, PISA7, on Dankort and Betalingsservice. PISA, which includes stricter requirements for the crisis management, business continuity and general risk management of organisations, will apply from 1 January 2024.
Cross-sector collaboration continues to develop to strengthen cyber resilience
Financial sector actors work closely across the sector to protect themselves against cyber threats; see box 4. In 2023, the owners of the systems and solutions in the infrastructure have continued to contribute to this work.
Box 4
Joint work in the FSOR, RGA and NFCERT
The Financial Sector Forum for Operational Resilience (FSOR) brings together authorities and key private sector players in the financial sector in a collaborative forum that works to increase the sector’s operational resilience, including resilience to cyberattacks. Read more in the FSOR’s annual report for 2023 (link).
Danmarks Nationalbank acts as chair and secretariat for the forum, which – in addition to the systems and solutions in the infrastructure – includes banks, data centres, pension and insurance companies, relevant authorities and Nordic Financial CERT.
The Risk Forum for Interdependencies (RGA in Danish) is a cooperative forum between the organisations responsible for the central payment and settlement systems in the infrastructure, i.e., Danmarks Nationalbank (interbank payments), Euronext Securities Copenhagen (securities transactions), Finance Denmark (retail payments) and e-nettet (communication network). The RGA identifies and addresses interdependencies and operational risks across the central systems and networks in the infrastructure. The work of the RGA is coordinated with the FSOR.
The Nordic Financial CERTB4-1 (NFCERT) is a member-driven, non-profit organisation that aims to strengthen the Nordic financial industry’s resilience to cyberattacks and enable Nordic financial institutions to respond quickly and effectively to cyber security threats and online crime. NFCERT collects and shares information about cyber threats and cyberattacks.
The owners of the central systems and solutions in the Danish payments infrastructure use the work of the Financial Sector Forum for Operational Resilience (FSOR) to support their own work to prevent cyber attacks and manage cyber incidents. This is done by discussing risks, sharing knowledge, and implementing joint mitigation initiatives.
The FSOR’s Crisis Management has been established to ensure coordinated action across the financial sector in the event of a crisis that may threaten financial stability. The FSOR’s Crisis Management supplements the members’ own crisis management plans as well as the National Operational Staff (NOST). In June 2023, the FSOR conducted a test of the crisis management plan.
In the Risk Forum for Interdependencies (RGA), the owners of the central systems have continued to work on joint plans that support a controlled shutdown of the critical infrastructure in the event of operational incidents, such as a serious cyberattack. The system owners have updated the associated risk assessments and finalised plans for controlled shutdown and reopening in a number of scenarios.
Also, the central systems and solutions in the infrastructure all participate in the joint Nordic sector cooperation for collecting and sharing information about cyber threats and cyberattacks, Nordic Financial CERT (NFCERT). Participation in NFCERT ensures compliance with international standards for participating in this type of cross-sectoral information sharing.
TIBER-DK has tested critical players in the financial sector
Finally, the owners of the systems in the payments infrastructure participate in Danmarks Nationalbank’s TIBER-DK test programme8. In TIBER-DK, Danmarks Nationalbank coordinates threat-based tests of the cyber resilience of critical actors in the financial sector, including the owners of the systems in the payments infrastructure, where advanced cyberattacks are simulated in actual production environments. TIBER participants share lessons learned from the TIBER tests with each other to further strengthen cyber resilience.
Internationalisation of infrastructure
The payments infrastructure in Denmark is increasingly based on international systems, and several system owners are part of international groups.
Preparations for the migration of the settlement of payments in Danish kroner from Kronos2 to the pan-European system, TARGET Services, continued according to plan in 2023, where a number of tests were successfully completed. The migration is scheduled for Easter 2025; see box 5. Danmarks Nationalbank participates in the oversight of TARGET Services, performed in cooperation with the ECB and the other Eurosystem central banks.
ES-CPH has continued to phase out the settlement of securities transactions in Danish kroner and euros from the local ES-CPH settlement platform and after the second half of 2024 settlement of securities transactions via the local ES-CPH settlement will only take place in Swedish kronor or as so-called free-of-payment (FoP) trades.9 ES-CPH aims to completely phase out the use of ES-CPH settlement by the end of 2027, after which all securities transactions will be settled in T2S.
The system owners that are part of international groups were also further integrated into the organisations of the parent groups in 2023. ES-CPH has worked towards further integration into the Euronext Securities group, including work on a common platform for corporate actions10, called CA4U. Nets and MPS have also implemented a number of the Nexi Group’s and Mastercard Group’s systems, policies and processes for IT security and risk management, among other things. Danmarks Nationalbank’s oversight focuses on how integration in international groups is implemented and managed on an ongoing basis.
Interbank payments and the central settlement of payments in Danish kroner
Payments between financial institutions are called interbank payments. These are payments that are typically characterised by being time-critical and high value. Interbank payments in Danish kroner are settled in Danmarks Nationalbank’s payment system, Kronos2.
Kronos2 is an RTGS system. RTGS stands for real-time gross settlement. This means that payments in Kronos2 are settled individually and instantly.
Kronos2 is the core of the Danish payments infrastructure (see Box 1). In addition to interbank payments, monetary policy operations and net positions from i.a. retail payment systems are also settled, and liquidity is transferred to settle euro payments, securities transactions and foreign exchange transactions that take place in other systems.
Use
Most Danish banks and mortgage credit institutions participate in Kronos2 and have an account with Danmarks Nationalbank, in the same way as private individuals have an account with a commercial bank. There are 73 participants in Kronos2. In addition to Danish banks and mortgage credit institutions, branches of foreign banks also participate.
In 2023, interbank payments in Kronos2 totalled kr. 95.8 billion on average per banking day, which is a decrease of approx. 6 per cent from 2022, but still higher than the previous three years (see table 1).
The sale of certificates of deposit has decreased significantly between 2021-2023. This is because Danmarks Nationalbank removed the cap on participants’ current account balances in March 202111. This means that participants no longer need to transfer any excess liquidity from their current account to certificates of deposit on a daily basis. Danmarks Nationalbank sold certificates of deposit worth an average of kr. 6.8 million per banking day in 2023. In 2023, monetary policy lending averaged kr. 20k per banking day (kr. 0.0 billion in table 1)
There was a decrease of almost 40 per cent in participants’ reservation of liquidity for settlement of securities in ES-CPH’s settlement system in 2023. This is because an increasing proportion of securities transactions involving the exchange of Danish kroner between participants are settled on T2S.12
Table 1
Transactions in Kronos2, average per banking day
|
Kr. billion, current prices |
2019 |
2020 |
2021 |
2022 |
2023 |
|
Interbank payments |
87.4 |
87.6 |
88.7 |
101.5 |
95.8 |
|
- Of which customer payments |
14.0 |
14.0 |
16.6 |
20.7 |
19.8 |
|
Monetary policy operations |
48.4 |
34.5 |
6.1 |
0.3 |
0.01 |
|
- Of which sales of certificates of deposit |
48.4 |
33.3 |
5.6 |
0.0 |
0.01 |
|
- Of which monetary policy lending |
0.0 |
1.3 |
0.5 |
0.3 |
0.0 |
|
Reservation of liquidity for settlements |
115.1 |
113.8 |
106.1 |
97.9 |
75.8 |
|
- Of which to the Sumclearing, the Intradagclearing and the Straksclearing |
40.5 |
39.9 |
40.6 |
40.1 |
32.9 |
|
- Of which to ES-CPH settlement |
46.4 |
41.2 |
38.3 |
35.2 |
21.2 |
|
- Of which to CLS |
28.2 |
32.8 |
27.2 |
22.5 |
21.7 |
|
Net positions settled |
16.3 |
16.6 |
17.0 |
17.9 |
17.9 |
|
- Of which in the Sumclearing, the Intradagclearing and the Straksclearing |
8.3 |
8.3 |
9.3 |
10.0 |
9.8 |
|
- Of which in ES-CPH settlement |
1.0 |
0.9 |
0.8 |
0.2 |
0.01 |
|
- Of which in CLS |
7.0 |
7.3 |
6.8 |
7.7 |
8.1 |
|
Transfers to T2S (Reservation of liquidity for settlements)* |
21.2 |
22.2 |
22.1 |
18.6 |
18.0 |
Note:
* Participants’ transfers from Kronos2 to T2S are made to reserve liquidity in accounts on T2S for the settlement of securities transactions. This corresponds to the reservation of liquidity that takes place on accounts in Kronos2 to settle retail payments, securities transactions and foreign exchange transactions. Once the settlements of securities transactions on T2S have been completed, the money is transferred back from T2S to the participants’ accounts in Kronos2 every day.
Source:
Danmarks Nationalbank.
Operational reliability
The operational stability of Kronos2 was generally satisfactory in 2023. However, there were four incidents during the year where Danmarks Nationalbank and the participants did not have access to Kronos2 for short periods of time.
For example, there was an incident in the spring where Danmarks Nationalbank and the participants had no access to Kronos2 for around two hours. As a result of the incident, no payments could be made to the CLS settlement. The Kronos2 incident caused a delay in the settlement of transactions in several currencies. CLS had to temporarily remove Danish kroner from the CLS settlement in order to complete the settlement of the transactions that did not include Danish kroner. The settlement of securities transactions and retail payments was also delayed as a result of the Kronos2 incident, resulting in delayed payment of excess tax to some taxpayers
The incidents were caused by errors in connection with system updates. To reduce the risk of similar incidents in the future, Danmarks Nationalbank has been in dialogue with the suppliers responsible for the operation of Kronos2, and procedural measures have been taken. The bank’s oversight has assessed that the follow-up on the incidents was satisfactory.
Problems with T2S affected Danish participants and settlement in Danish kroner in August. T2S was slow to exchange liquidity and collateral with Kronos2. This meant that securities that should have been released to individual participants were retained as collateral on T2S. In two cases, Danmarks Nationalbank had to postpone the monetary policy day due to the problems on T2S, and one settlement in ES-CPH was delayed. The ECB’s oversight, together with the national central banks, followed up on the issues on T2S.
Liquidity
Participants continued to have ample liquidity in 2023 to execute payments in Kronos2 – both interbank payments and payments resulting from settlement instructions from the connected payment and settlement systems (the retail payment systems, ES-CPH and CLS); see chart 1.
Chart 1
Available liquidity versus liquidity needs of Kronos2 participants in 2023
Note:
The participants’ disposable liquidity consists of deposits in their main accounts with Danmarks Nationalbank as well as their opportunity to borrow funds on an intraday basis against collateral.
Source:
Danmarks Nationalbank.
A stress test analysis of liquidity in Kronos2 has been performed based on data from August 2018 to December 2022. Overall, the analysis shows that the payment settlement and participant liquidity are resilient to different types of stress. The liquidity in Kronos2 has been tested in a scenario in which a major participant is affected by an operational incident that results in that participant not being able to send payments in Kronos2. The conclusion from the test was that the participants who should have received the payments have such ample liquidity that the effect on the rest of the payment settlement was limited and can be mitigated with contingency procedures. By conducting regular stress tests, Danmarks Nationalbank fulfils the requirement in CPMI-IOSCO’s13 Principles for Financial Market Infrastructures (PFMI) to perform stress tests of the liquidity in the system.
International standards
Danmarks Nationalbank’s oversight performed an assessment of Kronos2’s compliance with the PFMI in 2021.14 Most of the identified improvement potentials were realised in 202215. What remains outstanding is the issue of conducting tests of Danmarks Nationalbank’s own crisis management plan and the sector’s joint crisis management plan (the FSOR’s Crisis Management) at the same time. Danmarks Nationalbank reviewed staffing needs in different activation scenarios in 2023, to clarify how resources should be distributed between the activated crisis management plans. A sector test of the FSOR’s Crisis Management is planned in 2024, using a scenario in which both Danmarks Nationalbank’s and the FSOR’s crisis management plans are activated.
In 2018, CPMI published a strategy with recommendations on how central payment systems can reduce the risk of payments fraud by focusing on endpoint16 security. CPMI’s strategy aims to prevent criminal transactions which, in a worst-case scenario, could threaten financial stability or weaken confidence in the financial system. Danmarks Nationalbank’s oversight has assessed Kronos2’s compliance with CPMI’s endpoint security strategy. The overall conclusion is that the bank complies with some of the recommendations in the strategy. Among other things, the bank sets requirements for the endpoint security of the largest participants and continuously oversees that only people with a work-related need can send and change payment instructions. In addition, protective measures in Kronos2 in relation to endpoint risks are reviewed annually. To fully comply with the strategy, an annual process must be established in which Danmarks Nationalbank, together with the participants, analyses risks related to endpoints and reviews protective controls to better understand and mitigate risks in the ecosystem surrounding the bank’s RTGS system. In addition, the joint crisis response should be tested against a fraud scenario.
Cyber resilience
Users of the SWIFT network must comply with SWIFT’s Customer Security Programme (CSP), which applies mandatory security controls aimed at strengthening cyber resilience. Danmarks Nationalbank complies with SWIFT’s CSP. Danmarks Nationalbank used an external assessor to assess compliance to more closely follow SWIFT’s standard model for implementing the SWIFT CSP in 2023.
The bank continues to focus on optimising the management of operational risks. Among other things, additional resources have been added dedicated to working with cyber security requirements.
A forum has also been established in the first line of defence with participation from the business and IT sides, which jointly assesses and prioritises tasks and risks. The work of this forum feeds into the existing risk management structure.
In 2023, Danmarks Nationalbank mapped and assessed existing measures to recover a stable and secure operation of Kronos2 in the event of extreme but plausible events, such as power failure, fire or cyberattacks. For Kronos2, there are several measures to support the goal of a maximum recovery time of two hours after a major incident. For example, Kronos2 runs on two active data centres, all important components are duplicated, and in the event of critical incidents with downtime at both data centres, Danmarks Nationalbank has an isolated Extreme Contingency Facility (ECF) for the settlement of critical payments. Together with expanded use of the Intradagclearing, this fallback solution could contribute to protect the central settlement of payments in its entirety. Danmarks Nationalbank’s ability to restore operations in Kronos2 is supported by crisis management plans and processes that are continuously tested.
The ECF solution is tested annually with participants and connected payment and settlement systems. In the 2023 test, several new test measures were included to make the test more realistic than before. In the test, participants had to make payments to the CLS settlement via ECF and settle payments in the Intradagclearing. The purpose of including Intradagclearing in critical incident situations is to enable more payments to be executed than can be settled in ECF alone. Another important part that was tested was the transition from Kronos2 to ECF and back to Kronos2.
In addition, Danmarks Nationalbank has established a procedure for partial activation of the ECF. In the future, ECF can be used to settle particularly time-critical payments in cases where Kronos2 is unavailable but is expected to be back in normal operation within a short timeframe. The background for the establishment of the partial activation of the ECF was the incident described above, when non-payment to the CLS settlement led to settlement delays in several currencies.
System updates
No major system updates were made to Kronos2 in 2023.
Work continues on the planned migration of settlement in Danish kroner from Kronos2 to the pan-European system, TARGET Services, in Easter 2025 (see box 5).
Box 5
Danish kroner on TARGET Services in 2025
Based on a preliminary analysis and dialogue with the financial sector, Danmarks Nationalbank decided in 2020 to migrate the settlement of Danish kroner from Kronos2 to the pan-European system, TARGET Services. TARGET Services comprise the centralised system for the settlement of interbank payments (T2), the securities settlement system, (T2S) and the instant payment settlement system (TIPS). The migration is scheduled for Easter 2025.
Securities transactions in Danish kroner have been settled on T2S since 2018. After the migration to T2 and TIPS in 2025, all settlement in Danish kroner will be centralised on TARGET Services.
In continuation of the pre-analysis that resulted in the decision to migrate the settlement in Danish kroner from Kronos2 to TARGET Services, in early 2021 Danmarks Nationalbank initiated an implementation programme called TARGET DKK.
The programme is implemented in close collaboration and coordination with the ECB and the operator 4CB (the four central banks in Germany, France, Italy and Spain). The bank is also working closely with the Danish financial sector and the other system owners in the payments infrastructure.
The programme continues to follow the overall plan, which includes several phases and milestones. The testing phase started on schedule when Danmarks Nationalbank began testing the systems in July 2023 in the so-called central bank test. The central bank test is an important preparation for the sector’s user test in 2024. Another crucial preparation for this is testing the sector’s connection to TARGET Services, which was carried out in autumn 2023 – also successfully.
Detailed planning and other preparations for migration and go-live will be completed in 2024. This includes Danmarks Nationalbank’s affiliation agreement with the Eurosystem, which was signed in March 2024, and the bank’s terms and conditions for accounts, which have been updated and sent to account holders for signing during the autumn.
Retail payments
When Danish citizens and businesses make purchases and pay bills, Dankort, international payment cards17, MobilePay, Betalingsservice (direct debit) and account-to-account transfers via online banking are among the most commonly used payment solutions. Transactions with these and other electronic payment solutions totalled an average of kr. 32.3 billion per day in 2023.18
Danmarks Nationalbank oversees Dankort and Betalingsservice. Account-to-account transfers are also subject to oversight by Danmarks Nationalbank as part of the oversight of the retail payment systems. Danmarks Nationalbank regularly considers whether targeted oversight of other payment solutions is needed if the importance of these has become more prominent in the Danish market.
Dankort
Danmarks Nationalbank’s oversight of Dankort is aimed towards Nets, which is the system owner of Dankort.
As part of the European Nexi Group, Nets has carried out various activities during 2023 to further integrate with the group.19 This includes implementing the group’s cyber security framework, crisis management policies, monthly reporting of IT security KPIs to management level and introducing a new IT risk assessment system.
The Nexi Group has also organised itself with a CISO for the Nordic region focusing on compliance with local requirements, including a Danish security policy for Nets as a supplement to the group policy.
Danmarks Nationalbank has followed these changes and has emphasised the need for clarity about which systems and related business functions Nets’ IT risk assessments concern.
In 2023, Danmarks Nationalbank was also in close dialogue with Nets in regard to crisis management planning for Dankort, including monitoring, incident management, plans and emergency procedures, tests, and Nets’ maturity in relation to handling common cyber scenarios.
In recent years, there has been a significant decline in the use of Dankort. From 2018 to 2023, the number of Dankort transactions decreased by 31 per cent, and in the same period, the value of Dankort transactions decreased by 19 per cent (see charts 2 and 3).20
Chart 2
Number of Dankort transactions
Source:
Nets.
Chart 3
Value of Dankort transactions
Source:
Nets.
The decline in the use of Dankort is mainly due to increased use of VISA and Mastercard, which in turn is partly due to the increased use of these cards to make mobile payments via Apple Pay, which was introduced in Denmark in October 2017.21
Currently, only Danske Bank offers its customers the option to pay with Dankort in Apple Pay. To strengthen Dankort’s position, Nets has made it a requirement that when a card issuer/bank enables the use of a card co-badged with Dankort in a Wallet solution, the Dankort network must also be usable. For example, a bank issuing a VISA/Dankort where the VISA network can be used in Apple Pay will be obliged to ensure that the Dankort network can also be used in Apple Pay by 1 January 2025.
Nets has also demanded that the Dankort logo cannot be used when the VISA part of the card is used in Apple Pay. It must be clearly stated on the receipt if a payment was made with Dankort.
Dankort – operational reliability
Dankort operations were generally satisfactory in 2023. During the year, there were three major incidents that have had an impact on Dankort.
The first was due to incorrect handling of a new certificate. Consequently, it was not possible to perform two-factor authentication22 of Dankort payments online for an extended period of time. A significant number of transactions were therefore rejected.
The second incident was due to an incorrect setting, which for a limited number of cardholders and shops resulted in the inability to use Dankort and the failure to settle and credit Dankort transactions on the shops’ accounts.
Nets has also become aware of a general problem with late submission of Dankort transactions for settlement and accounting, which has meant that in some cases stores have received payments for sales to customers a day later than usual, e.g., for sales from Black Friday. Nets has implemented an interim solution and is working on a future solution to strengthen the handling of retail Dankort revenue so that delays in settlement and accounting do not recur.
Danmarks Nationalbank has been in dialogue with Nets about the processing and follow-up on the above issues.
Dankort – fraud
Fraud with Dankort is low. It totalled kr. 26.7 million in 2023, corresponding to 0.08 per mille of total Dankort payments. However, fraud with Dankort has increased compared to 2022, when it was 0.06 per mille.23 It’s back to roughly the same level as in 2019 now, i.e., before COVID-19 and the social restrictions that followed in 2020-2021.24
The majority of fraudulent behaviour is related to theft or loss of cards. Fraud of this kind totalled kr. 21 million in 2023, while fraud in online shopping25 amounted to kr. 5.7 million.
Betalingsservice
Danmarks Nationalbank’s oversight of Betalingsservice is aimed towards Mastercard Payment Services Denmark A/S (MPS), the system owner of Betalingsservice.
The system behind Betalingsservice was moved from Nets’ to MPS’ production environment at Kyndryl’s data centre in 2023. Kyndryl is now contractually and operationally a direct supplier to MPS of the system and services that form the core of Betalingsservice.26 However, Nets’ services will continue to play a role for some time yet in connection with certain functions related to Betalingsservice.
MPS has been working on its supplier management framework and outsourcing risk management for Kyndryl. This includes assessments of operational risks after the move to Kyndryl’s data centre, strengthened contract follow-up and the establishment of an Exit Strategy & Plan between MPS and Kyndryl.
MPS has also continued to focus on integration and harmonisation with the Mastercard Group, including risk management and security. Among other things, work has been done to update the MPS Security Framework based on stakeholder requirements, legislation and relevant standards that the framework should reflect.
Betalingsservice – operational reliability and fraud
There have been no breakdowns or other significant incidents in Betalingsservice in 2023. Operational stability was high. There was no fraud in Betalingsservice in 2023.
International standards
Danmarks Nationalbank intensified its dialogue with Nets and MPS in 2023 on the impact of the new ECB standard, PISA, on Dankort and Betalingsservice. Formally, Danmarks Nationalbank has determined and announced that PISA will apply from 1 January 2024.
While PISA fundamentally continues the core elements of the previous standards, it is more explicit in some areas. This particularly applies to:
- the organisational framework/governance for cyber resilience
- the definition of and follow-up on specific projects and activities to fulfil risk management and security objectives.
- assessments of business and operational risks, including risks due to clearing and settlement
- the work regarding cyber scenarios in crisis management.
Due to PISA and the generally increased risk from cyber attacks, Danmarks Nationalbank has also asked Nets and MPS to report on their respective crisis response in the event of a cyber attack with far-reaching consequences, with a description of current and planned measures.
Danmarks Nationalbank will follow up on Nets’ and MPS’ compliance with the PISA requirements for Dankort and Betalingsservice in 2024.
Clearing and settlement of retail payments
The Sumclearing, the Intradagclearing and the Straksclearing – also known as the retail payment systems – are the financial sector’s systems for clearing and settlement of Danish retail payments. The systems are owned by Finance Denmark, managed by e-nettet and supplied by Mastercard Payment Services Denmark A/S, MPS.
In the Sumclearing, payments made with cards, payment cards and Betalingsservice (direct debit) are settled once a day on banking days. In the Intradagclearing, account-to-account transfers such as online banking transfers, salary payments and government payments are settled five times a day on banking days. The banks’ net positions – corresponding to the sum of payments to and from their customers – are calculated in the systems at fixed times. The net positions are sent to Danmarks Nationalbank’s RTGS system Kronos2, which exchanges the amounts between the banks. The payments are then posted to the customers’ accounts at the banks.
In the Straksclearing, credit transfers are completed in a matter of seconds, 24 hours a day, seven days a week. This is possible because the banks reserve liquidity in Kronos2 for the transfers in advance. The actual interbank exchange of liquidity takes place six times a day on banking days. The Straksclearing system is used primarily for online banking transfers and payments via MobilePay.
Use
At the end of 2023, there were 45 direct participants in the retail payment systems and 22 indirect participants, which settle via a direct participant. The value of transactions in the systems averaged kr. 47.1 billion per banking day in 2023 (see table 2). Overall, this is a decrease of approx. 2 per cent per banking day, mainly due to the fact that the value of the transactions settled in the Intradagclearing has decreased compared to the previous year.
Table 2
Value of transactions in the Sumclearing, Intradagclearing and Straksclearing, average per banking day
|
Kr. billion, current prices |
2019 |
2020 |
2021 |
2022 |
2023 |
|
Sumclearing |
19.2 |
18.7 |
20.5 |
21.3 |
21.2 |
|
Intradagclearing |
20.8 |
21.9 |
23.9 |
25.0 |
24.0 |
|
Straksclearing |
1.4 |
1.6 |
1.7 |
1.8 |
1.9 |
|
Total |
41.4 |
42.2 |
46.1 |
48.1 |
47.1 |
Source:
Mastercard Payment Services Danmark A/S (MPS).
The number of transactions in the Straksclearing has increased over the past three years, following an unchanged level from 2019-2020 during the COVID-19 pandemic (see chart 4).
Chart 4
Number of transactions in the Intradagclearing and the Straksclearing, 2019-2023
Source:
Mastercard Payment Services Danmark A/S (MPS).
In recent years, there has been an increase in misuse and fraud with account-to-account transfers27, also known as ‘credit transfers’. Finance Denmark has, among other things, set up a special Fraud Task Force to map the criminals' processes, methods and systems as well as make recommendations for improvements in the fight against digital fraud. In 2024, Danmarks Nationalbank’s oversight will follow Finans Danmark's continued work in this area. 28
Operational reliability
Overall, the operation of the retail payment system was generally satisfactory in 2023. However, there have been several cases during the year where minor technical issues at the data centres have resulted in some customers being unable to complete a payment via the Straksclearing for short periods of time. As a follow-up to the issues, Finance Denmark has been in dialogue with the data centres and includes the results of the follow-up in the risk management.
There have also been several cases of delayed deliveries of transaction files from MPS to the data centres in the Intradagclearing. The issues, which occurred following a major system change at MPS, have now been resolved.
Finally, in 2023 there were a few minor incidents of various kinds that affected settlement in the Sumclearing and the Intradagclearing. Danmarks Nationalbank’s oversight monitors the development of events for all three retail clearings and has reviewed the above sequence of events. Danmarks Nationalbank’s oversight found that the system owner’s handling and follow-up on the incidents was satisfactory.
Liquidity
The banks reserve liquidity on accounts at Danmarks Nationalbank for settlement of their net positions in the Sumclearing and the Intradagclearing. If a participant does not reserve sufficient liquidity, its settlement will be postponed, and new net positions will be calculated for the other participants, who thereby risk not receiving the expected liquidity.
Most of the banks use the retail payment system’s automated liquidity management tools, but there was one case in 2023 when a participant was postponed due to lack of liquidity. The postponement occurred in connection with the participant’s withdrawal from the retail payment systems. Based on the incident, the procedure between the clearing systems and Danmarks Nationalbank regarding this has been strengthened.
In the Straksclearing, there is no liquidity risk between the participants. This is because the Straksclearing is a real-time settlement system in which the participants reserve liquidity in advance in the form of collateral for the payments to be settled via their accounts. If sufficient liquidity has not been allocated, the payments are rejected.
International standards
In the spring of 2022, Danmarks Nationalbank completed an assessment of the retail payment systems’ compliance with the CPMI-IOSCO Cyber Guidance (Cyber Guidance). The assessment showed that the retail payment systems have a high maturity level and comply with the Cyber Guidance in most areas. However, there were a few key areas where the retail payment systems did not fully comply with the international guidelines. In 2023, Finance Denmark reached important milestones in its work on Danmarks Nationalbank’s recommendations to strengthen their work in these areas.
Cyber resilience
Finance Denmark is continuously working to strengthen the cyber resilience of the clearing systems and have in 2023 worked on an updated cyber strategy for the retail payment systems. Danmarks Nationalbank assesses that the overall objectives of the strategy reflect Finance Denmark’s role as an owner of critical financial infrastructure and support compliance with the requirements of CPMI-IOSCO’s Cyber Guidance.
Finance Denmark has also formulated a policy for crisis management and business continuity in the retail payment systems. The policy sets out the framework and requirements for the crisis management to ensure that the operations of the clearing systems can be restored/maintained within set timeframes after liquidity, technical and cyber-related incidents, including in extreme but plausible cyber scenarios. As the clearing and settlement of retail payments is a collaborative effort between a number of players, the policy also defines the roles and responsibilities of these.
In collaboration with MPS, Finance Denmark has conducted tabletop exercise of the recovery of critical IT systems after extreme cyber attacks. The results from these tests feed into the further work on cyber resilience and business continuity.
Another element of Finance Denmark’s work with cyber resilience is the Cyber Security Handbook for the retail payment systems. The handbook sets requirements for the IT security of the data centres and the participating banks, which must evaluate and report their compliance with these requirements annually. Finance Denmark’s follow-up on participant reporting for 2023 shows a high average safety level with a slight improvement compared to 2022. Finance Denmark concludes that there are still weaknesses in some areas and has recommended that the data centres and banks work on concrete improvements, which will then be followed up upon in interdisciplinary forums and bilaterally with the individual banks and data centres.
Finance Denmark has been conducting cyber security assessments based on the Cyber Security Handbook since December 2021. An updated version of the handbook was introduced in December 2022 and the reporting for 2023 is based on the updated version.
MPS’ purchase of the operation of the retail payment systems
MPS purchased the areas of Nets’ infrastructure that include operation of the retail payment systems in 2021 and has since then – in close coordination with Finance Denmark – worked to move the operation of the clearings to its own infrastructure. The relocatation is divided into several migration phases. Operation of the Sumclearing was relocated in 2023 from Nets’ production environment at Kyndryl to MPS’ production environment at Kyndryl. The relocation of the Intradag and the Straksclearing from Nets’ data centres in Norway to new MPS data centres in Norway and Sweden was planned for Q1 2024 but has been delayed. The data centre relocation will be closely coordinated between the system owner, MPS and Danmarks Nationalbank’s TARGET project.
The future retail payments infrastructure
Migration from Kronos2 to Target Services in 2025 (see box 5) will also impact the settlement of Danish retail payments: In March 2023, a unified Danish sector decided that the Sumclearing and the Intradagclearing will be connected to TARGET Services, while instant payments will be settled directly in TIPS, the ECB’s instant payment system on TARGET Services, from 2025.
In regards to the connection to TARGET Services and the transition to TIPS, it has been decided to simultaneously transition to the payment schemes managed by the Nordic Payments Council (NPC). The NPC payment schemes define rules and practices for retail payments based on the European Payment Council’s (EPC) rulebooks and guidelines, with some adaptations to the context of local payment landscapes in the Nordics.
NPC was established in 2018 as an independent non-profit organisation by the four Nordic banking associations29, including Finance Denmark. The NPC’s main purpose is to harmonise payment standards in the Nordic region, and that work continues across the Nordic banks.
At the request of the participating banks, Finance Denmark has previously worked on raising the amount threshold in the Straksclearing from the current kr. 500,000. In dialogue with Danmarks Nationalbank, Finance Denmark has decided to postpone any further work on this until after the transition to the NPC rules.
Work with the future retail payments infrastructure is anchored in a sector programme under Finance Denmark’s Board of Directors, and a steering committee has been set up with broad sector representation. The programme is run by e-nettet in close collaboration with Finance Denmark and is coordinated with Danmarks Nationalbank.
Securities settlement
Securities transactions can be concluded in different ways: on the stock exchange, through a multilateral trading facility or bilaterally between the parties through a bank or a stockbroker. After the trades have been concluded, there must be final settlement, i.e., where money and securities are exchanged between the participants.
The central securities depository Euronext Securities Copenhagen (ES-CPH30) handles the settlement of securities transactions, and changes in the holdings of securities are registered in the participants’ accounts in ES-CPH.
Securities transactions between banks and other financial institutions are initially settled on accounts in the pan-European system TARGET2-Securities (T2S), which handles the settlement process on behalf of ES-CPH. Movements of securities on accounts in T2S are subsequently mirrored on accounts in ES-CPH’s systems. Legally, the final settlement of trades in Danish-issued securities only takes place when the relevant securities accounts in ES-CPH are updated. The settlement of the money side also takes place on accounts in T2S. Every day, participants therefore transfer liquidity to their settlement accounts in Danish kroner in T2S. Transactions between banks and their customers are still settled in ES-CPH’s own settlement system (ES-CPH settlement).
ES-CPH also handles periodic payments, issuances, redemptions, etc.31 and is the only company in Denmark authorised by the Danish Financial Supervisory Authority to issue and hold securities.
Use
ES-CPH has 91 participants, of which 37 are foreign market participants, including 4 CCPs32. 37 of the ES-CPH participants also have an account in Kronos2 so they can transfer liquidity to their settlement account on T2S. It is also possible to transfer liquidity to T2S DCAs via a Kronos2 participant without being a Kronos2 participant.
In 2023, an average of approx. 84,700 trades per day in Danish kroner were settled through ES-CPH, which is a decrease of approx. 7 per cent from 2022 (see table 3 and chart 5). This is mainly due to a decrease in the number of trades in investment fund certificates. The value of the settled trades averaged approximately kr. 226 billion per banking day, which is a decrease of approximately 11 per cent from 2022 (see table 3 and chart 6). This is mainly due to a decrease in the value of bond trades.
Table 3
Number and value of securities transactions
|
|
|
|
|
Investment fund certificates |
||||
|
Year, |
Number of transactions, thousand |
Value, |
Number of transactions, thousand |
Value, |
Number of transactions, thousand |
Value, |
Number of transactions, thousand |
Value, |
|
2018 |
65.5 |
168.5 |
2.6 |
119.0 |
29.4 |
40.8 |
33.5 |
8.8 |
|
2019 |
67.0 |
223.1 |
4.2 |
180.7 |
33 |
34.8 |
29.8 |
7.6 |
|
2020 |
90.5 |
231.5 |
3.8 |
178.1 |
49.0 |
43.5 |
37.7 |
9.9 |
|
2021 |
101.7 |
226.4 |
3.9 |
163.6 |
49.1 |
51.0 |
48.7 |
11.8 |
|
2022 |
91.3 |
255.4 |
5.2 |
194.6 |
39.6 |
51.3 |
46.5 |
9.5 |
|
2023 |
84.7 |
226.3 |
4.6 |
165.0 |
39.8 |
53.1 |
40.4 |
8.2 |
Source:
ES-CPH.
Chart 5
Number of securities trades
Source:
ES-CPH.
Chart 6
Value of securities trades, monthly average
Source:
ES-CPH.
The market value of securities held in ES-CPH increased during 2023 by approximately 9.8 per cent (see chart 7). The increase is primarily due to an increase in the value of the issued shares.
Chart 7
Market value of securities held in ES-CPH
Source:
ES-CPH.
Settlement efficiency
The settlement efficiency measures the proportion of trades settled on time, i.e., within two days of the trading day.33
Chart 8 shows the settlement efficiency for ES-CPH’s settlement on T2S and for ES-CPH’s own system. It is a positive sign that the high level of the settlement rate has been maintained in 202334.
Chart 8
Settlement efficiency
Source:
ES-CPH.
Operational stability
The operational stability in the settlement of Danish securities transactions in the ES-CPH settlement in 2023 has been satisfactory and without major incidents. During the year, there have been a few minor incidents that have had a limited impact on operations.
International standards
Danmarks Nationalbank oversees that the settlement of Danish securities transactions in ES-CPH and T2S complies with the international standards for financial market infrastructures, in particular the CPMI-IOSCO Principles for Financial Market Infrastructures (PFMI).
Danmarks Nationalbank's oversight of ES-CPH is coordinated with the Danish Financial Supervisory Authority, which oversees compliance with the requirements of EU legislation, including CSDR35. Danmarks Nationalbank’s oversight touches on many of the same elements covered by the CSDR, which is why a close coordination between the authorities is needed. In this regard, Danmarks Nationalbank participates in the Danish Financial Supervisory Authority‘s annual evaluations of whether ES-CPH fulfils the CSDR.
The oversight of T2S is carried out in collaboration with all the central banks connected to the platform, with the ECB as the main overseer and coordinator (see the section on payments and securities settlement in euro).
Cyber resilience
ES-CPH is continuously working to improve the cyber resilience of its systems and has a high level of maturity in this area. Danmarks Nationalbank is following this work closely.
As part of efforts to strengthen cyber resilience, ES-CPH implemented the Euronext Group’s system for mapping and managing information assets and configurations in 2023. Among other things, the system supports ES-CPH in ensuring comprehensive crisis management planning. In 2023, ES-CPH has also worked to ensure compliance with the Digital Operational Resilience Act (DORA)36, which applies from January 2025.
In 2020, Danmarks Nationalbank finalised an assessment of ES-CPH’s compliance with the CPMI-IOSCO Cyber Guidance for cyber resilience. The assessment showed that ES-CPH complies with the Cyber Guidance in most areas. Within a few key areas, Danmarks Nationalbank has issued recommendations to ES-CPH for how to strengthen cyber resilience. Three of the 16 recommendations remain open.37
System updates
ES-CPH worked on a number of system changes to further integrate ES-CPH into the Euronext Group in 2023.
This includes a new, modernised platform for handling corporate actions such as periodic payments, issuances and redemptions, called CA4U. CA4U is expected to be launched in June 2024 and will bring further automation, transparency and standardisation to the handling of corporate actions across the markets in which the Euronext Group operates.38 CA4U will contribute to ES-CPH’s compliance with the SCoRE standards, which set requirements for how securities are used as collateral. Compliance with the SCoRE standards39 is a prerequisite for the use of euro-denominated securities issued by ES-CPHs in the Eurosystem’s new collateralisation system, ECMS40, which is scheduled to be operational from November 2024.
Finally, in 2023, ES-CPH continued to work on phasing out the use of the ES-CPH settlement. In 2022, trade settlement in euros was phased out and from November 2024, settlement in Danish kroner will also be phased out. From then on, all settlement in the two currencies where money is exchanged between participants will take place in T2S. Settlement of securities transactions via the local ES-CPH settlement will then only take place in Swedish kronor or as so-called free-of-payment (FoP) trades.41 ES-CPH aims to completely phase out the use of ES-CPH settlement by the end of 2027, after which all securities transactions will be settled in T2S.
Payments and securities settlement in euro
Danish banks use TARGET Services to settle payments and securities transactions in euro. Payments are settled in T2 (formerly TARGET2)42, the pan-European RTGS system. In T2, participants can also transfer liquidity for settlement in other euro systems, including T2S (TARGET2Securities). T2S is the pan-European system for the settlement of securities transactions.43
TARGET Services is owned by the European Central Bank (ECB) and the national central banks of the Eurozone and operated by the 4CB (the four central banks of Germany, France, Italy, and Spain) with the ECB as coordinator.
The oversight of TARGET Services is carried out in cooperation with the ECB’s oversight function and the other central banks connected to T2 or T2S. Danmarks Nationalbank participates in the joint oversight headed by the ECB, which takes place in working groups with the participation of the national central banks.
Use
In total, there are around 1,000 banks that use T2 to process payments, including 17 Danish banks and branches of foreign banks. Danish participants made interbank payments worth an average of EUR 10.2 billion per day in 2022.44 Danish participants mainly use T2 to execute intra-group payments and payments to foreign participants. Exchange of euro mostly takes place with participants in Finland, Germany, France, and Belgium.
There is a total of 24 CSDs operating in 23 EU countries connected to T2S, including ES-CPH. A bank may settle securities transactions via T2S as either a direct participant, if the bank has a T2S settlement account, or as an indirect participant via a direct participant’s access.
A Dedicated Cash Account for T2S settlements is set up through one of the central banks in the EU, including Danmarks Nationalbank. 11 Danish participants hold a Dedicated Cash Account for T2S settlements via Danmarks Nationalbank for payment in or receipt of euro in connection with T2S settlement. Other Danish participants may have set up a T2S settlement account via other EU central banks.45
Operational stability
The operational stability of the local components of T2 for which Danmarks Nationalbank is responsible was satisfactory in 2023
In August, problems on T2S affected Danish participants and settlement in Danish kroner (see the section on ‘Interbank payments and the central settlement of payments in Danish kroner’). The ECB’s oversight has followed up on the problems together with the national central banks.
Back in 2020, there were five serious IT-related incidents (not cyber incidents) that affected the settlement of payments and securities transactions on T2 and T2S. As a follow-up to the incidents, the ECB developed an action plan with a broad set of actions in areas such as change management, business continuity and governance to address recommendations from an external investigation and from the ECB’s oversight and internal audit. The vast majority of the actions in the action plan have been realised. Danmarks Nationalbank participates in the ECB’s follow-up on the action plan under the auspices of the joint oversight of TARGET Services.
International standards
In October 2023, the ECB launched a comprehensive assessment of T2 and TIPS against the SIPS (Regulation on oversight requirements for systemically important payment systems) and an assessment of T2S against the CPMI-IOSCO principles for financial market infrastructures.
Work continues on the recommendations from the Cyber Resilience Oversight Expectations (CROE) assessment of T2S, which was finalised in 2022.
System updates
The consolidation of T2, T2S and TIPS on the same technical platform, TARGET Services, was completed in March 2023. The former RTGS system, TARGET2, has been replaced with T2, which meets new market requirements, including the ISO20022 message format. The consolidation also contributes to an increased optimisation of the participants’ liquidity management across all Target Services.
Settlement of foreign exchange transactions
Globally, the foreign exchange market is the largest of all financial markets in the world in terms of turnover. Central banks, financial institutions, companies, and private individuals all need to buy or exchange currency in order to, for example, purchase goods abroad. Foreign exchange transactions in which Danish kroner are bought or sold against another currency can either be settled via correspondent banks or through the international foreign exchange settlement system (CLS).
When settling through correspondent banks, the two payments in a foreign exchange transaction are not settled simultaneously, which exposes the parties involved to a settlement risk. If the payments in different currencies need to be exchanged across time zones, the payments can be many hours or days in progress, which entails a significant settlement risk. Settlement risk is the risk that one party to a foreign exchange transaction make payment as agreed but does not receive the purchased currency, which may result in significant losses and potentially lead to systemic consequences.
Settlement risk can be reduced by settling both sides of a currency transaction simultaneously46 (payment-versus-payment, PvP), which is possible in CLS. CLS currently settles foreign exchange transactions in 18 connected currencies, including Danish kroner, euro, and US dollar. Only foreign exchange transactions in which both currencies in the transaction are connected to CLS can be settled in CLS. Every day, foreign exchange transactions totaling more than 6.5 trillion US dollars on average are settled in CLS.
Settlement risk can also be reduced by bilateral netting of mutual payment obligations before a settlement. CLS offers a bilateral netting calculation service in 120 currencies, which provides users with a comprehensive overview of their net payment obligations. Netting reduces the settlement risk in foreign exchange transactions, as netting reduces the amounts that are to be exchanged between the parties to foreign exchange transactions.
Danmarks Nationalbank participates in joint oversight of CLS together with central banks for the other connected currencies (see box 7).
Box 7
Oversight of CLS
Oversight of CLS is carried out by a joint CLS Oversight CommitteeB7-1, which is a forum for collaboration between the central banks of the participating currencies, through which they can handle their national oversight responsibilities. Danmarks Nationalbank participates in this work, which is led by the US Federal Reserve, which is also the supervisory authority for CLS. Danmarks Nationalbank’s oversight is focused on matters of importance to the settlement of transactions in Danish kroner.
Oversight of CLS is based on the CPMI-IOSCO principles for safe and efficient payment systems (Principles for Financial Market Infrastructures, PFMI). CLS published its most recent description of how the system complies with CPMI-IOSCO’s principles in September 2022.B7-2
Use
The Danish krone is the 20th most traded currency in the world.47 For Danish kroner, approximately 90 per cent of all foreign exchange transactions with Danish kroner as one leg of the transaction are settled in CLS.48 In 2023, the average daily value of transactions in Danish kroner in CLS was kr. 330 billion. This is an increase of around 3 per cent compared to 2022 (see chart 9).
Danish banks and companies can settle foreign exchange transactions via CLS. One Danish bank participates directly in CLS settlement. There are four direct participants who make pay-ins in Danish kroner to the CLS settlement and offer indirect participation. A number of Danish banks and companies make use of this.
Chart 9
Value of commerce infrastructure in CLS
Source:
CLS Bank.
Operational reliability and liquidity
In 2023, the Danish participants reserved sufficient liquidity for CLS settlements.
CLS settlement takes place during a relatively short defined window during the day where all RTGS systems of the participating central banks are open simultaneously across time zones. Pay-ins and pay-outs related to CLS are made via the connected central banks’ RTGS systems. For Danish kroner, this is via Kronos2. The operational reliability of CLS is therefore dependent on the reliability of the connected RTGS systems. Due to the interdependencies between CLS and the RTGS systems of the 18 associated currencies, an incident in one RTGS system can propagate to other systems.
A single incident in Kronos2 affected CLS settlement in 2023. Danmarks Nationalbank and the participants did not have access to Kronos2 for a few hours. Among other things, a consequence of the incident was that no pay-ins in Danish kroner could be sent to CLS settlement. This led to delays in the settlement of transactions in several major currencies. In order not to affect CLS settlement further, Danish kroner were temporarily removed from the settlement. Danmarks Nationalbank has implemented measures to help prevent the incident from happening again. See also the section ‘Interbank payments and the centralised settlement of payments in Danish kroner’.
The analysis consists of a Danish and an English version. In case of doubt as to the correctness of the translation, the Danish version will prevail.
Editing completed on 31 March 2024