 Good morning, good afternoon, good evening, and welcome to the 10th episode of the Insights on Digital Financial Services during COVID-19 webinar series organized by the ITU. We hope that you, your family, your friends, and your colleagues are all keeping healthy and safe. My name is Bilal Jamosi, I'm the Chief of the Study Groups Department at the Telecommunications Standardization Bureau of the ITU. And it's a great privilege for me to introduce today's webinar on interoperability and resiliency requirements for digital payment systems. Before I introduce the panelists, I'll provide some general information concerning the logistics of today's webinar. All the presentations will be available after the webinar on the website of the event. I am pleased to inform you that we have captioning in French for the webinar today. All questions from participants will be taken at the end of all presentations during the Q&A session. Participants can submit their questions by typing in the Q&A window at the Q&A icon at the bottom of the screen. When submitting a question through the Q&A window, I invite participants to type first the name of the panelist to whom the question is addressed, followed by the question. If the question is addressed to all the panelists, please simply type your question. The webinar is being recorded and the recording will be available on the webinar webpage later this week. Let me introduce our panelists. The speakers will take the floor in the following order. Ms. Dorothy Delort from the World Bank Group, followed by Mr. Kevin Butler, University of Florida. Mr. Anant Notial, GSNA. Mr. Salah Khan from UPU. Mr. Abhinav Pratap Singh from Indian Post. In this episode, we will examine the interoperability issues and resiliency requirements for digital payment systems in emerging economies and the impact during COVID-19. Interoperability is deemed to be one of the crucial characteristics of financial and ICT infrastructure for effectively supporting financial inclusion and the widespread availability of digital financial services or DFS. Whereas the widespread availability of digital solutions for savings, credit and payment provides people with access to financial services, payment interoperability enables these targeted people to transfer their money to any other individual without having to resort to multiple transaction accounts. The ITU focus group on digital financial services identified in 2016, a number of recommendations that authorities can use to promote interoperability for DFS. For instance, DFS authorities and providers should collaborate to achieve safe and commercially viable DFS interoperability. Authorities can promote interoperability through engagement with DFS providers and other key stakeholders. Financial authorities could take the lead on DFS interoperability strategies and policies working with other authorities as required and engaging with providers and other key stakeholders. When working to implement interoperability, financial authorities should clarify the role of various public and private sector stakeholders, include all relevant stakeholders in the process and leverage existing coordination structures where possible. For their part, DFS providers should pair primarily the responsibility for interoperability risk management. They should identify and effectively mitigate relevant risks and ensure that accountability for risk mitigation is properly addressed in the scheme's rules. In the previous two episodes of the webinar, the issue of cyber crimes and financial scams targeting digital financial services were discussed, highlighting the growing complexity of cyber risks. Digital financial service providers and payment service providers should undertake necessary steps to enhance their cyber resilience capabilities with the objective of limiting the escalating risk that cyber attacks and threats pose to availability and normal business operation. In this context, the resilience of digital payment infrastructure to anticipate, withstand, contain and rapidly recover from a cyber attack is critical and also quite complex due to the role and interdependency of different stakeholders in the ecosystem. And when we overlay on top of financial market infrastructure organizations or FMIs, the mobile payment ecosystem, it is indeed a high intricate ecosystem. Such threats and risks should be carefully managed to minimize the impact to the stability of the payment system. The level of operational resilience of FMIs, including cyber resilience, can be a decisive factor in the overall resilience of the financial system and the broader economy. Under the Financial Inclusion Global Initiative or FIGI, the security infrastructure and trust working group, led by the ITU, developed the DFS Security Assurance Framework, which identified a number of threats and vulnerabilities at the level of the network infrastructure and DFS applications and security control measures that can be implemented by DFS providers and application service providers. The cybersecurity work stream led by the World Bank under the Security Infrastructure and Trust Working Group developed a methodology with the European Central Bank to operationalize the CPMI-ISCO guidance on cyber resilience for FMIs, which could be used by FMI to comply with the guidance and by authorities, supervisors and overseers to assess their FMIs against the guidance, hence enhancing the overall cyber resilience of financial market infrastructure critical for financial stability and financial inclusion. Now, ladies and gentlemen, it's time to turn to our speakers. I will now be inviting our speakers in turn to make their presentations. Each speaker has about 15 minutes for the presentation, and our first speaker is Ms. Dorothy Delort from the World Bank Group. Dorothy, you have 15 minutes, please. Thank you very much, Bilal. Good morning, good afternoon, ladies and gentlemen. It's my pleasure to be speaking to you today about interoperability and resiliency for digital payment systems. The World Bank works a lot on critical foundations for digital payments and financial inclusion, and because these critical foundations will allow to build a strong digital payment ecosystem, the objective that we pursue in our work on this foundation are safety and efficiency of the national payment system. So safety is directly related to resiliency, of course, and within efficiency, you will see that interoperability is a critical component. So in order to work on this, to establish these foundation or critical enablers for digital payments, we'll work on both the legal and regulatory framework, the technical infrastructure, as well as public policies and private sector commitment. Based on this foundation can be established catalytic pillars, such as transaction account and design of payment product, access point, or digitalization of large value recurrent payment stream. All of these within the objective of universal access to and frequent usage of transaction accounts. So how does the World Bank work on this critical foundation? We do it with a wide scope of tools. They go from data and analytics. I'm sorry, we could hear the translator speaking. So let me resume, such as the global FinTechs. We do it with also a lot of research, diagnostic, especially at country level where we do national payment system strategy or digital financial service strategies, FinTech strategies, and through our landing role, where by which we finance the critical infrastructure or the changes that are needed in order to establish a safe and efficient payment system. Next please. Next slide please. But our work is also on a number of product technology and access mode. So now that when you work on interoperability and resiliency for national payment system, for financial market infrastructure, we also have to take into account innovations in payment. And this innovation can affect a product and this is the case for central bank digital currency, open banking, instant payment, super apps, stable coins or electronic wallets. These technology affect underlying technologies such as the data analytics, biometric, cloud computing, contactness technology, DLT, digital ID, Internet of Things. And so all of these changes to products, to technologies to access mode have to be taken into account when working on a diagnostic and on recommendation for the national payment system or national financial inclusion strategies. Next please. So in order to achieve these goals of safe, efficient, cost effective, inclusive payment system supported by a safe and efficient financial market infrastructure. We use standards that have been developed by standard setting bodies, the CPMI and IOSCO. So the committee for payment and market infrastructure and the similar committee for securities system. And these principle for financial market infrastructures can be categorized into nine broad categories. They include a number of key considerations and recommendation in order to improve general organization, such as legal basis, governance, risk management, but also they include specific recommendation for credit risk and liquidity risk for settlement risk. And general business risk and a very important one operational risk. They also include specific principle related to access, efficiency and transparency. Next please. So these PFMI, these principle for financial market infrastructure include a number of key consideration and recommendation that will foster interoperability. Interoperability has to be based on the legal framework and system rules. In order to have non bank payment service providers, you have to have legal framework that will allow non banks payment system provider to exist in the market that will set the rules for regulation, but also licensing supervision and oversight of these non bank payment service providers. These non bank payment service providers have to be given access to critical infrastructure in order to foster interoperability and this is for that we have recommendation in the principle 18, 19 and 20. It is also key that governance of financial market infrastructure take into account the need of all stakeholders and this will greatly contribute to interoperability. We see that in many countries, interoperability cannot be achieved because some stakeholders are not adequately represented in the governance of critical financial market infrastructures. The central bank has also a key catalyst role to play and one of these Catholic role include involve creating the condition for cooperation and dialogue with the stakeholders, especially on the issue of interoperability. Next, please. As far as resiliency, I would like to insist on the fact that there's more than pure just operational reliability into resiliency. Resiliency starts by a legal resiliency and a strong legal basis, especially for the settlement. Because if you don't have these strong legal basis for the settlement and the settlement can be challenged, then there's no possible resiliency for the financial market infrastructure for payment system and then for payment services. There's also what I would call an organizational resiliency. Again, it has to do with the way governance is organized and the way the risk management framework is organized. There's also a financial dimension to resiliency and it's credit risk or liquidity risk, but also general business risk. A payment system in order to be resilient as to have enough funding to be able to manage this operation for at least six months. So this is the general business risk resilience, but what I would like to focus on more specifically is obviously operational resilience and part of it will be cyber resilience. Next, please. Next. So for operational risk, I will go very quickly, but the PFMI include a number of key consideration in order to identify the plausible sources of operational risk, both internal and external, mitigate the impact through the use of appropriate systems, policies, procedures and controls. Systems should be designed to ensure a high degree of security and operational reliability and should have adequate scalable capacity. Business continuity management should aim for timely recovery of operations and fulfillment of the FMI obligations, including in the event of a wide scale of major disruption. And in the context of COVID, we see that these principles have been in a way tested, especially operational risk because of the potential unavailability of critical staff, because also of these critical staff might not be able at the level of the payment system itself, but also at the level of the participants. So a number of payment system operators and central bank have had to take specific measures in order to address the risk to operational resiliency that came with the COVID-19 crisis. Next, please. So you, some of the key consideration, the key consideration are quite detailed for principle 17, but it should be kept in mind that the philosophy of the PFMI is not to be prescriptive on, especially how to achieve the objective that are set in the principle, but give some flexibility to the payment system operator and to the supervisors as to how these objectives might be achieved. Next, please. I would like now to zoom more specifically on cyber resilience. And I find this graph quite interesting because it does put into perspective the respective space that are within risk management occupied by business continuity, cyber resilience, information security and information technology. And right now I would like to focus on cyber resilience, which is just a specific aspect of operational reliability, and which include cyber security. Next, please. Next, please. Can we have the next slide please. So the CPMI Ayosco, which is the main standard setting body for a financial market infrastructure felt it was needed to complement the PFMI by a specific guidance on cyber resilience for financial market infrastructure. And the guidance is structured in chapters defining five main risk management categories, which are governance, identification, protection, detection and recovery, and free general component that should be considered when talking about cyber resilience. And these general components are testing, situational awareness, learning and evolving, and all together they constitute the cyber resilience guidance. The problem with that guidance is that it's quite high level and generic and we felt within the Fiji cyber resilience for FMI work stream that there was a need for a more specific tool or methodology to operationalize this CPMI Ayosco guide cyber guidance. And that's when we worked with the European Central Bank, which has developed a cyber resilience oversight expectation in order to provide system operators and authorities, both supervisors and overseers with a more detailed elaboration on how to implement the guidance. And so the crow provide good practices, which can be referred to when giving feedback to FMI for an authority and can be taken into in, they do take into consideration the industry best practices already set out in different frameworks such as the NIST framework or the COVID. And, and next please, because payment system and financial market infrastructure are very different from one country to another, or even within the same country with different level of sophistication, free levels of expectation have been defined based on the level of sophistication of the system. Next please, these three levels are evolving level, advancing level and innovating level for the most sophisticated system. And I will just Next please, I would just suggest that you have a look either on the Fiji website or on the World Bank or European Central Bank website for the crow, because for each category. They are very detailed Suggestion recommendation technical ones for governance for identification of protection detection response and recovery testing. And in a way, they provide a very efficient tool in order to assess and improve the cyber resilience of a payment system on which will be built the payment services and especially the digital payment services for country. And I will stop here because I've reached the end of my time. Thank you very much. I'll be happy to take the questions later. Over to you Bill. Thank you very much Dorothy for sharing with us very important information on the critical foundation for safety and efficiency Of the digital payment system. Also the principles for the minor financial market infrastructure in terms of fostering interoperability and resiliency and including the non bank service providers. And also for highlighting the principle 17 on the operational risk and the CPMI Ayosco and how Fiji is working towards helping implement that Our next speaker is Kevin Butler from the University of Florida. Kevin, you have 15 minutes please go ahead. Great. Okay. Thank you. Thank you, Bill. And thank you to everybody for joining. So I'm going to be talking today about Let me just get my Started up here. So can you see my screen. You can see my slides. I'm going to talk about improving resilience in the DFS ecosystem with the security assurance framework. So the coven we don't see your slides yet. Oh, you don't sharing. Yes. Okay, let me get that sorted out for you very quickly. Okay, share screen. Okay. Can you see them now. Now I can. Thank you. Excellent. Okay, so the coven 19 pandemic has created an unprecedented An unprecedented strain on the world economy. We've seen drastic changes in day to day life in the way that In the services that we use and we're dealing with large scale effects and in many ways coven 19 is exacerbating existing inequalities. So mobile devices themselves can play unique role in maintaining connectivity and providing valuable services to users Through services as diverse as helping to contain the spread of coven through contact tracing to the use of digital financial services and in many ways a DFS is very well situated as a means of dealing with the pandemic and means that It mitigates the need for physical travel of physical remittance and increases safety from those standpoints. The DFS ecosystem, however, is a uniquely vulnerable to a variety of threats. And this is based on three primary reasons. One is the interconnectedness of the system entities. The second is the reliance on the numerous parties involved in the DFS and the third is that the mobile ecosystem itself is increasingly complex, both in terms of the devices that are being used in their capabilities and the operating systems that these devices use, which are again becoming increasingly complex and lead to increased attack surfaces. So what I want to talk about today is a security framework in the context of digital financial services and a natural question you may be asking is why a security framework where how does a security come into play when we're talking about resilience When dealing with large scale threats like as an example COVID. So let's look at what the differences are between resilience and security because they're not identical but they do share a lot of things in common. Resilience is really about the ability to withstand and recover from operational hardships. So as Dorothy mentioned business continuity planning, ensuring redundancy, identifying attack surfaces, the ability to restore operations. Generally when we think about security, we think about specifically the protection of computing infrastructure. We're talking about cybersecurity here. Protection of computing systems and data against primarily malicious adversaries. So I'll say that thinking strictly about security and a security policy that only considers protection against malicious attack will not in itself be Provide resilience. So if you have a cybersecurity policy. That's a great starting point but in it not in itself is not necessarily going to be a full framework for For resilience. However, if you have a security management framework, a security assurance framework that allows you to assess risk and to that provides a means for identifying and developing processes then Then you have a structure in place that will by virtue of having a means of developing risk assessment strategies and Processes in mind to deal with these sorts of issues you will also get the benefits of developing resilience as a result. So I want to talk about the security assurance framework. The security assurance framework has been developed under the financial inclusion global initiative or Fiji's Security infrastructure and trust working group and it aims to bridge the knowledge gap and recommends a structured methodology for risk management. So the framework can be used in a variety of ways. It has its goals are multifaceted. For example, By having a framework in place it allows the DFS ecosystem to enhance customer trust and confidence. It clarifies roles and responsibilities for each stakeholder within the ecosystem. It allows the the identification of security threats and vulnerabilities within the ecosystem. It establishes security controls for end to end security and it allows for strengthening of management practices with respect to security risk management in a manner that's inclusive to all shareholders in this in particular, all of these points in particular allow for increasing a resilience of the ecosystem as well. There's a URL here on the bottom the DFS security assurance framework, you can go to this to this link and again these will be available afterwards as well these slides so you can write it down now or look at this later. And you will find a copy of the security assurance framework which I encourage you to read at your leisure. So let me talk about some concepts that are important to understand so that you are able to so that we're on a common page with regards to the terms that we're using when talking about the framework. These three terms come up often a vulnerability is a weakness in a system that can be exploited by an adversary and a threat is the specific means by which that vulnerability is exploited. Finally the risk is the consequence of a threat being successfully deployed. Now when we develop the security assurance framework, we use the it's you tease recommendation x 805, which provides a foundation for with regards to security eight very eight different security dimensions are defined in order to address security, ranging from access control and authentication to data integrity and privacy. Now the elements of a DFS ecosystem, there are many and this is a very high level overview. If you want a more granular view of the various elements of the ecosystem I'd encourage you to look at the document. But at a high level, and the parts that are of particular focus from our from our standpoint are three fold the user, the mobile network operator and the digital financial service provider. The user is the target audience for DFS who uses a mobile money application on a mobile device in order to access the DFS ecosystem. And this can be through a feature phone through us SD or interactive voice response or SMS or can be on a smartphone using an application. The MNO provides the communication infrastructure from wireless links through the provider network. And this is all aspects of that mobile infrastructure from the base station to the operator services. And then the DFS provider handles the application components and interfaces with payment systems and third party providers. So the way that we assess risk is based on the deeming cycle of plan, do, check and act. So the PDCA phases. And as Dorothy mentioned with regards to the crow the this idea of a feedback loop is essential when dealing with security resilience. Now, the goal of our methodology is to monitor and review depending on the stakeholder. So as an example, a regulator may review the controls, as well as the audits that are provided by the DFS provider. And based on based on that information, changes can be made accordingly. The context, every system is different. So the individual context is going to be necessary in order to have effective risk assessment evaluation and analysis. But having a standardized framework allows for the individualization that can be used for any particular context. Now, in summary, the threats to the ecosystem. We've identified, I believe it's 17 different threats. Maybe more actually, but on a high level the we've with the framework we've examined these threats as they are as they apply to various stakeholders within the DFS ecosystem from the user through the device through the MNO the DFS provider and third party and again there's others that we talk about in the in the document itself. We've developed 118 different controls that can be used as a means of mitigating and addressing the threats that are laid out here and Incidentally, under each of these stakeholders you'll see examples of threats and the numbers and parentheses refer to the section in the report where we where we discuss those issues. So let me talk about an example threat denial of service or DOS. It's one example of the standardized threats that we consider and it's mentioned in section 8.7 of the document. Denial of service attacks can be characterized as attacks designed to prevent services within the DFS ecosystem from being offered. Now, one important Take away and D denial of service is particularly related to resilience because denial of service isn't always caused by malice. It looks like an attack, but it's not always because of an attack can be the result of service over subscription. For example, a sudden and massive rise in usage and certainly in COVID we've seen that with particular service providers are seeing a very large uptakes in In in in usership in a very small amount of time and depending on whether timeframe is the results can be Almost indistinguishable from an actual attack. Now the affected entities that we examine in the context of DFS are the mobile network operator and the DFS provider. So let me talk And in order to keep this on time. I'm only going to talk about the MNO so we have as an example The risks of vulnerabilities and controls from the perspective of the mobile network operator From the standpoint of the risks we have an inability to perform transactions due to a service outage And transaction failure due to high delays. These are the consequences of a successful denial of service. Now the the vulnerability what makes this possible is a network failure due to insufficient network capacity Or due to maintenance or implicit design of the of the infrastructure and the security dimension the it ux 805 security dimension that comes into play here is availability. So the controls that we've That we've specified in the document our controls 22 and 23 The mobile network operator should take steps to ensure network hive and availability in order to allow access to DFS services through ussd sms and the internet And the control 23 it says that the mobile network operator should perform technical capacity tests simulating different transactions based on customer numbers expected growth expected number of transactions and expected peak periods to ensure continued system performance Now the document itself is designed to provide actionable controls again because every context is individual We go to varying levels of specificity with regards to the controls but the information will allow MNOs and DFS providers to set up and ensure that their their their infrastructure is secure if these are followed So in summary, the security assurance framework is designed to provide guidance to stakeholders within the DFS ecosystem and it's not designed to be a static document because technical advice changes because the state of technology changes in the state of security changes The document is meant to be a living one where security advice will evolve as new access technologies vulnerabilities and threats are discovered And especially with regards to resilience, a systematic approach to developing processes and controls that are informed by threats and risks against the DFS ecosystem will assure the resilience of the DFS ecosystem. So this document can be a means of assuring that your system and your infrastructure in ecosystem are developed to be resilient against attackers both both malicious attackers and threats to the ecosystem such as what we've seen with COVID. So with that, I'm happy to, well, we'll be taking questions after our panel but thank you for your time. I appreciate the opportunity to talk with you all today Thank you very much Kevin Butler University of Florida for really introducing to us the security assurance framework and the three components, the user, the MNO, the DFS provider and giving us an example of some of the controls that need to be in place and thank you for the reference to the X805 security dimensions and those are, as you mentioned, the security framework is an important element of providing resiliency or it's a foundational element to provide it. So we'll come back later as you mentioned for questions and answers. I'd like now to move to our next speaker, Mr. Anant from GSMA, you have 15 minutes please Thank you very much Belal. Can you hear me clearly firstly and are you able to see me? Yes you are. Let me share my screen. Are you able to see my slides? Yes, I can put it in a slide mode and please go ahead Perfect, excellent. Well, thank you once again for giving me the opportunity to present today. Just by way of a quick introduction, I'm not familiar with the GSMA, I work at the GSMA which is the GSM Association, it's an industry body for mobile operators globally and within the GSMA, I work in a team called the mobile money team, we work with the 279 or mobile money services available globally and even within that I work specifically in the inclusive tech lab which is a technical facility that sits within the GSMA mobile money team and we work directly with mobile operators and digital financial service providers on technical projects to further develop and to goals. The overall context in which we got involved in the topic today is that the mobile money industry is growing rapidly and that's what I've got here on the first slide. For over a decade the industry has been driving financial inclusion, opening access to digital transactions and giving people the tools to better manage their financial lives. Today there are over one billion registered mobile money accounts globally spread across 290 mobile money deployments that are live in 95 countries. The rapid rise of mobile money has of course been accompanied by an increasing emphasis on the need for account to account interoperability. Now in some markets service providers have proactively adopted interoperability either by a bilateral connection or through an intermediary drawn by the promise of commercial and strategic advantage. In others the government or the regulator has taken a more active role and created a central infrastructure that players have been encouraged to join. And in even other places regional interoperability projects are underway with regional associations promoting centralized assets to bring about a more interconnected financial ecosystem. And beyond this other market developments such as the launch of a mobile industry led scheme and the provision of industry assets by philanthropic organizations really complete what is today a quite complex picture on the different ways in which interoperability can be achieved. Now faced with this wide array of potential routes into interoperability for a provider of financial services in emerging markets. I think the term that was used by Dorothy in the earlier presentation was non-bank payment service providers. I work for such non-bank payment service providers essentially in the mobile money industry. It can be a very difficult choice to assess which technical model is the best one to adopt for interoperability in their market. And as the mobile money team and the GSMA we work with members who constantly ask us what do you think is the right approach for our market. And that is why the GSMA inclusive tech lab recently produced a report that addresses that question. And that's what you've got here on your screen on the left side. It's called the many paths to mobile money interoperability selecting the right technical model for your market. Now before I proceed further maybe just a line to say the connection between this piece of work and the topic of today's discussion is that indeed one of the factors that we have identified in this report towards the end which I will share with you is the resilience of the interoperability model. And that is adopted the technical model. We call it robustness in our report. So there is a place where the work that we've done the primary reason for which was to inform our own industry as to which technical model it should adopt for interoperability and how they should make that decision overlaps with the topic that we are discussing today which is resilience is extremely important in interoperable solutions. But we'll come to that in just a second. If coming back to the report, we adopted a very simple methodology to unlock the question of which model is the right one for a particular DFSP. We do this by defining five core components that we think are the foundation of building blocks of any interoperable solution. And these are up on your screen right now. We basically call them connection, settlement, governance, pricing and business model, and dispute resolution mechanisms. Now, this is a subjective exercise that I'm sure there are people who would like to think of interoperability along the lines of some other foundational elements. But, you know, this is the best way that we could think of to distill all interoperability models down to their core fundamentals and very briefly connection refers to the interconnection layer between participants that enables the exchange of information and the execution of contracts. Settlement, of course, refers to the flow of real money between participants to reflect the transactions executed between them. Governance, as, again, in Dorothy's presentation, talks about how the participants of that particular interoperability model make decisions regarding it. And that is indeed one of the sticking points when it comes to the adoption of interoperability in many markets because as we heard many systems do not take into account the needs of all stakeholders. Pricing in business model is self-explanatory, simply refers to the levers that can be used to generate the revenue for the long-term sustainability of the interoperability model. And finally, dispute resolution mechanism, of course, refers to how participants can resolve disputes between them. So, if we take these as the five fundamental components of any interoperability solution from technical point of view, then there are, under each one of these broad components, there are a number of potential options. And again, this is a broad characterization that we've got here. Hello. I think I heard maybe the French translation. So the broad characterization of these five fundamental components, in front of each one of them, there are a number of options. So under connection, you can either have a bilateral connection between the players themselves one-to-one, or you can have some sort of centralized hub. That's obvious. In terms of settlement, again, we use terminology here that perhaps payments purists might think that's not quite accurate. But either you can park the money with your counterparts before the transaction is done, and that is called pre-funding-based, or you can settle after the transactions have been executed. That is called clearing-based in our model here. Governments can either be full or partial. You can actually have full control over the solution if you actually owe me, or you can have partial control over it. In terms of business model, you can do a number of things to charge for an interoperable solution. You can have a processing fee if there is a hub. You can have interchange between players. And of course, you can even, we don't recommend it, but you can even put a charge or surcharge in clients for interoperable transactions. And finally, dispute resolution can either be consensus-based or arbitration-based. Before I move to the next slide, maybe just worth pointing out here that these options under each component are not independent of the options available under other components. They are interdependent. For example, if under connection, which is the first core component, the choice that is exercised in the market is, let's say, a hub-based model. Then under governance, the participants in that market will, by definition, have reduced control unless they own that hub themselves. So the option that is exercised under one component will influence the options that are available to you under other components. Now let me move on very quickly to showcase here. What happens when you match different permutations and combinations of those various options under the five core components? You come up with a number of different scenarios. But what you've got here on the slide are the four viable technical models for interoperability. There are essentially four ways in which you can get the DSPs in a market to be interoperable based on artwork. You can either have the classic bilateral model. That's the first one on the top left. Now you can have what we call an aggregated led model, the second of the four models. The third one, because we are from the mobile money industry, we call the mobile money hub model. But that's basically a hub model, but where the hub is owned by the industry itself. And then the fourth one is a global payments hub model, where you've got a hub in the middle, but it's owned by somebody else, not by the DSPs themselves. So there are four broad models that are characterized for technical interoperability in our report. And each one of these models has a distinct technical architecture. So if you look on the left of the slide, I haven't bored you with the various sort of technical diagrams, which are very, you know, welcome you to leave this report after this presentation. But on the left, you basically got the three technical diagrams of these models, the bilateral, the aggregated model. And for hub models, whether it's mobile money led or a global payments hub, basically the architecture technically is the same. And that technical architecture, the important point of the slide is that the model you go for will have an architecture. That architecture is going to have an impact in terms of, of course, technical parameters on top, but also commercial and business parameters. So on your screen on the top you see the technical side, the impact will be on things like API design and protocols, account identification, processing capacity and scalability. The amount of time that's available for a transaction to be completed. What is the implication of that for markets for most customers are dealing on a ussd session. And what is the breakdown risk, I think as, as Kevin pointed out, what we mean here by breakdown risk is indeed not just the, not just the chance of a system breaking down, but your ability to get back from that. We are actually leaving here, we were referring to the resilience, not just security. And then on the commercial and business implications, of course, the capex in the office of a system will depend entirely upon, you know, what kind of technical architecture in the ground for time to market, how long does it take to get it up, prefunding and liquidity requirements can vary with the systems and indeed also the dynamics with other stakeholders. Are you able to actually really, really engage with other players connected to that system or are you restricted with the system in the middle. And how long does it take for you to connect them. This is just just an overview of the many parameters that are impacted by your choice of technology for becoming interoperable, which is not one way as we identified in this report. There are many ways. And finally coming to the end of our analysis we produced a high level. And I emphasize that it's a high level qualitative assessment of the four broad technical models that we have identified in our report and tried to assess from a mobile money provider's perspective again because that is those are the stakeholders we work with, which, what are the strengths and weaknesses of these different models. And again, I put on big letters on the right side. The key point here is that there is no right or one answer. All models have pluses and minuses. And what we try to do is to provide providers of financial services and emerging markets and non bank providers, particularly with a kind of toolbox so that they can assess different options and make an informed decision, rather than simply be pushed in the direction of one model or the other. And I'll simply mention the overall D SMA position on interoperability before ending, which is, you know, we believe that interoperability is extremely important. Of course, we echo the sentiments of earlier presentations on the importance of people being able to send and receive money and all the rest of that, but we also feel that for its long term sustainability, it's extremely important that interoperability is led by the market. It's timing and method must be determined by the players that are providing financial services and marketing, but they are the ones who best understand how this is going to be system in the long term. So that is the overall view that the GSMA has on interoperability. I'm very, very grateful that you allow us to share our research with you. Despite the fact that we have been fairly high level in our analysis, if you want to ask me later, do I have a view on which model is the best one I do. And if you ask me that question, I will leave you an answer later. So I'll just leave you with that. If you want to know more about this report, please feel free to get in touch with us at the GSMA inclusive tech lab, and we'd be very happy to tell you more about it. So I'm going to stop sharing my screen there. And belong, that is the end of my presentation. Thank you very much, Anant, for sharing with us the GSMA interoperability model. You mentioned the connection, the settlement, the governance, the pricing or business model and the dispute resolution with the various options, if you will, in terms of addressing those points. I also retain some very interesting numbers that stress the need for interoperability, the 279 mobile money providers worldwide, the billion mobile money accounts, the 22 billion in circulation, and the 2 billion or so processed payments per day. So that clearly indicates that this is really at massive scale worldwide, and it highlights the importance of interoperability and the resilience of that system. Indeed, and may I correct myself a little bit. It's 290 mobile money services. I made a mistake when I said 299, 290, so that number grows every year. Thank you. Very good. Thank you for that correction. I'd like now to move to our next speaker, Mr. Notial. Sorry, our next speaker is Mr. Salah Khan from UPO. Mr. Khan, you have 15 minutes, please. Thank you. I'll just share my screen here. Right. Thank you for giving us the opportunity to speak on this very important topic. And I quickly wanted to introduce the topic before handing it over to my colleague. And what I really want to get at is that the polls around the world in the last time we checked actually caters to over a billion people around the world, providing all kinds of services from savings to money transfers to remittances to loans where it's allowed. And having this broad network and reach around the world actually provides the governments an opportunity to leverage the infrastructure and the capabilities of the post to provide services during these times of uncertainty and during the pandemic. And we're seeing across the world that the posts are classified as essential services. And, you know, while people are being forced to stay at home, the post is actually bringing a number of these financial services to the doorstep of the people and offering a lifeline to those who are stuck at home. Leveraging what we know are their trusted relationship with communities and the physical reach the post is making an obvious partner to governments around the world. And examples of that is available on our website. There's a link at the end of the presentation that you can all go and visit. And what we're seeing is that remittances are increasing through the post. People are accessing cash at their homes, delivered by postpersons, pensions are being delivered. So the post is essentially providing a resilient mechanism for linking the formal financial system to the people who are at home. And one of the best examples that we have is from India Post and I would like to hand over to my colleague, Mr Singh, who's an AGG at the Department of Post in India to sort of explain how the India Post is making a difference here. I've now over to you. Thank you. Thank you, Mr. Khan. Good, good morning. Good afternoon. Good evening to everyone. I just start my video and my visible. Yes, please go ahead. Yeah. So I would thanks for this opportunity, first of all, to present the digital payment system in India, which actually is a living example of, you know, interoperability and resilience, especially as Mr Khan mentioned in times of COVID, you know how post postal operators across the world have been classified as essential services provider and how they have been sort of been a bulk work against in in these times. So my presentation would involve a bit of digital financial inclusion journey of financial inclusion in India and how sort of treating digital financial infrastructure a public good and how it sort of has brought in fold. A lot of people who would otherwise have been left. I mean outside the ambit of financial inclusion and how India Post Payment Bank I mean India Post through India Post Payment Bank has tapped into this. This framework and how we have built a resilient and interoperable. I mean services banking network across India. Mr Khan pointed out postal financial services network comprises of almost 1.96 billion accounts and most of the postal operators they provide money transfers remittances bill payments and go into person payments. However, only 8% of the postal operators operate as a full fledged bank. The role of postal postal operators in financial inclusion is huge and also financial inclusion as a developmental goal. You know it's very important because there is strong correlation between the number of bank accounts and GDP per capita and studies have proven that. And also, and because of this financial inclusion has been have been included integrated into seven of the 17 sustainable development goals of United Nations. It is a, as I mentioned, I mean almost there are, even with the lead that I mean the world has seen in terms of fintechs and financial technologies. There are even now 1.7 billion people who are still financially excluded out of which more than a billion are women. So there is a, I mean there are a lot of gender disparity in terms of financial inclusion and digital financial inclusion is what can help. I mean it can help us in bringing down the costs of including these people within the financial framework. So as I mentioned, I mean postal operators because of the trust that they enjoy among the communities in which they work and also how I mean the way they can mitigate the accessibility and availability challenges. They can be a major player in terms of financial digital financial inclusion. So just a bit about India Post India Post has almost 160 years legacy. It is the world's largest postal network with 155,000 post offices, which are connected through a secure VPN network and also each of these access points are connected through a poor banking system. Additionally, post office India Post has been providing saving schemes and these and it has more than 360 million savings account with the saving mobilization of more than 8 trillion rupees. However, there was it was felt that in order to provide the latest financial technologies and the digital payment services to the last mile, especially the rural and rural areas. It is important to have a payment payment technology setup and for which India and India posted applied for a license for a payments bank and which it got and now we have an entity called India Post payment bank. So I would take you through the journey of I mean the critical enablers for digital financial inclusion in India. So actually in 2008, there are only one in four Indians had a bank account. Now, if we if the regulator I mean if the regulators would have gone through the normal traditional banking, it would have taken them 47 years to take this coverage to 80%. However, because of the interplay of regulator and the regulated entity as I would sort of I mean display in the next slide. This whole journey I mean almost 90% of Indians now have an account and it has been a shiny example of how regulator and entities can come together to achieve scalable financial inclusion. So, in 2008, the regulator in India, which is result Bank of India, the central bank, it basically adopted a bank led model for financial inclusion where it it mandated banks to open physical branches in rural areas. Secondly, it went ahead and sort of mandated simple basics in savings bank account for all the for the people in rural areas, which actually enabled almost 380 million citizens to open a bank account. Which was a almost and this actually enabled 90% of Indians now to have a bank account. Secondly, it created differentiated by category of differentiated banks, amongst which a small finance bank and payments bank and India Post payments bank is one of the differentiated banks that have been set up under this category. Thirdly, it sort of enabled banks to operate through banking correspondence who are basically access points of banks, not physical brick and mortar branches, but they are, they can operate as an interoperable setup where they can be, I mean on boarded by multiple banks and provide services of various. This was accompanied by a large scale digitization of of Indian populace for instance, right now we have more than a billion mobile phone users, more than 500 million smartphone users and by the end of December, 2020, we would have more than 640 million internet users. This has actually enabled a lot of digital financial inclusion to penetrate even in the rural areas. One of the major enabler in this journey has been provision of digital ID. So for instance in 2008, not only one in 25, I mean, less than a sort of 125th Indian have had digital identity, which was a critical sort of Enabler, I mean critical element for opening a bank account or for having a getting into the financial system. So Indian government basically, you know, started the largest biometric program in terms of other, which is a unique identity program. And today, I mean from that situation in 2008 today we have more than 126 billion Indian citizens, having a digital biometric identity. Now this identity as I would later on touch upon this enabled a lot of other products to be developed on top of this other innovation and which had actually, you know, enabled digital financial inclusion in a big way. Other digital initiatives would, for instance, Indian government started a framework mission called digital India mission through which it in a sort of sort to build capacities at the last mile in terms of providing point of sale machines and other infrastructure and providing some series to have that. So, in terms of the fintech innovations that have sort of had played a major role is Jandhan, Adhar and mobile Trinity. So basically, a combination of having a lot of bank accounts, along with authentication mechanism in terms of Adhar and access to those accounts through mobile. This has enabled these are having a major building block for the digital financial system in India. India stack as I would delve on in the next slide I mean it has provided a presence less paperless and cashless platform to bring India's population into the digital age, which is India stack, by the way is in largest open API in the world. Tapping into all this I mean government of government to person payments have actually taken. I mean, have been authenticated in a much more sort of better way and that through direct benefit transfers by directly transferring the government to pay a person payments directly into the bank account and authenticated by Adhar government of India has more or less saved roughly $23 billion over the years. So, so about India stack India stack is basically an open access API built on the premise that digital infrastructure is a public good. Now, majority of the digital payment system that had existed a previous to this work peer to peer. So they were closed loop payment systems. Because of India stack, we could create an open loop system, which was switch based and therefore interoperable and scalable. I will go into each of these layers. And also, because of the stack architecture I mean, which being modular and layered it has actually enabled enabled I mean created a payment system, which is characterized by interoperability. So each platform here each layer is actually designed within the regulatory system so one of the points. I mean, I mentioned by Dorothy was that these payment the systems that are created they should be well regulated for them to be resilient and actually each of these systems are created within the regulatory framework. And therefore, and when combined they provide a low cost scalable products, which provide better service experience. So, the first layer is the presence list layer, which is actually enabled through the other digital ID project that I had mentioned previous to I mean in my previous slide. So, as I mentioned, enabled several innovative digital platforms, which are built at public good. allows authentication of identity on demand without the need for physical presence of the person. And it has enabled lowering of transaction costs and without the need for every player to come and build a separate infrastructure. And it is built as a public good, which is available for others to API access for tapping into the system. The second layer, which is built on top of the presence is layer which is our layer is paperless layer. So basically, one of the use cases is a KYC, which is used for authentication of of an account folder or a customer. Paperless layer stores and retrieves information digitally. So it sits on top of the presence is layer and it has enabled paperless opening of accounts. So, yeah, and that can be a multiple types of accounts with a mobile account, or I mean a mobile SIM card can be purchased through a KYC done through other authentication or a bank account. So, for instance, in India, recent startup, I mean built on huge customers customer base, just because of this EKYC operations in within a I mean one or two I mean they were able to onboard roughly 200 million customers. So, EKYC was launched in 2012 and since then there have been almost 8.4 billion authentication that have been carried out through this platform so this has been one of the major use cases of India stack. And it has drastically reduce the transaction cost for performing an authentication for instance initially I mean prior to this India stack, the average cost of doing an EKYC was roughly $15, which has been brought down to seven cents. So, it has sort of, you know, enabled the, I mean a lot of people to come into the digital fold without a prohibitive watch. The EKYC acts as a foundational KYC for so because for registering the EKYC one needs to be present physically, but after that there is no need for a physical presence, and it can be the second factor authentication by insurance providers or by securities providers can be carried out without the physical presence of the person. Another layer is the cashless layer and one of the products that have been developed is Unified Payment Interface, which is an instant real time payment system, which has been developed by National Payments Corporation of India, which is a body which has been, which is owned by RBI and other 56 other commercial banks. So, it is a very good example of how regulator and the regulated entities combine and sort of create a public good, which would otherwise not have been possible. Now this UPI, what this has done is that it has created, I mean, a sort of virtual payment address for each customer and it functions 24-7. So, it's a platform which functions 24-7 and it has an interoperable architecture. So, a person needs to have only one mobile app and it can manage money across banks and across financial service providers. Today, more than 155 banks are live on UPI with more than 1.3 billion monthly transactions happening worth 2.61 trillion rupees. It can be compared to the number of car transactions that happen monthly in India, which is roughly in the range of 7 to 800 million. UPI has actually been a boon for digital retail payments, which are small amount of payments, not bulk payments, but retail payments. And because of the low costs, it is very popular. One other thing that UPI has done that it has an open entry system, but it is regulated. So, even those who are not sort of within the framework, I mean, not financial service provider do come into, I mean, can be part of this UPI system. With the help of the financial service providers. The last layer is the consent layer. So, all these three layers generate a lot of data. Now, this digital data which is obtained after, can be obtained at marginal cost and it is a non-rival good. So, it can be used by many entities without loss of content. In the consent layer, the philosophy is that the user is given the sort of empowered with his data. So, previously the data that was siding in silos is now brought about through account aggregator, which is again a regulated data fiduciary entity, regulated by RBI. And this entity acts as a consent manager for the transfer of data from the customer to various entities. And the entity themselves cannot see the data. So, as I mentioned, this India stack has actually created interoperable system, which is platform level interoperable. And also the regulations of having banking correspondents and product suits like AAPS, IMPS has created an agent level interoperability. And also the various regulators coming together, the mobile operator, mobile regulator, insurance regulator, they have created a customer level interoperability. Within this India stack framework. As mentioned, because of being a regulated system, it is a resilient infrastructure. Now I would come to India Post Payment Bank. I mean, as I mentioned, one of the major challenges in spite of the banking network was of accessibility. And India Post Payment Bank, the moment it was launched, I mean, with 200,000 postmen operating as doster banking providers, in one go it has sort of multiplied the rural banking infrastructure by 2.5 times and reduced the banking network distance to bank from 10 kilometers to 5 kilometers. It has leveraged technology and physical reach of India Post to provide banking services and a bouquet of banking services at the doster. The products that are being offered through India Post Payment Bank are mostly technology focused products which are enabling ease of banking and also, as I mentioned, with the help of UPI and other AAPS which is other enabled payment system. India Post has created an interoperable architecture interoperable banking network through which services of any bank can be accessed at the doorstep with the help of a postman. So this is the basic paraphernalia of what how interoperable banking is provided a doorstep or mobile phone connected with a biometric device where biometric authentication is done and linked bank account can be accessed for cash withdrawal, deposits, money transfers and balance inquiries. So, as I mentioned, I mean, in the COVID times during lockdown, a lot of other financial service providers were not able to work, whereas government of India had transferred huge amount of cash transfers to people and to help them, you know, type through this time. As you can see over the April, May and June with the lockdown period in India and the transaction the industry by transactions had also almost tripled and also the IPPB the India Post Payment Bank transactions almost multiplied by 10 times but actually it is a sort of reflection on the resiliency of the infrastructure and the scalability of the architecture that is created that we could very easily provide. I mean, these volumes, without, without much problem. Now, the way forward, I think as to treat of, as I mentioned digital financial infrastructure as a public good because the cost can be prohibitive, especially the switch based infrastructure and then expand or interoperability across regulators which can be insurance providers, mobile operators and other regulators and also create redundancy within the payment infrastructure. So, in spite of the fact that this India stack is doing pretty well, and the NPCI which is the entity right now dealing with the cash transfer layer. The Reserve Bank of India the central bank has already floated proposals for onboarding other payment service providers who can build parallel systems. So in order to build in resiliency. One of the major things is to develop smart and digital smart digital financial products or which can be actually leave I mean operated by the rural population or the person who is not very digitally literate. And also one of the other things is to build capacity at the last mile so that these financial products that we are building. I mean they can be sort of accessed by people at the last mile especially for a country of you know, geography of India. So that would be, this is a picture of a QR card, the IPV QR card. So I'll be available for questions after this. Thank you. Thank you very much, Mr Khan and Mr Singh for sharing with us the example of the first of all the overall UPU and the Postal Service reach worldwide and in a very concrete example in India. Of course how the Indian Government and country has been able to quickly scale up to 360 million savings account and digital financial transactions based on the India stack that you clearly shared with us. Ladies and gentlemen that ends the presentations now we're moving into the questions and answer section of our episode today. I see that some questions have already been provided on the Q&A chart. There is a question for Dorothy. Excellent presentation, very detailed coverage. Can you please elaborate a bit further on what is the right time for overseers to use CORE for assessment of FMIs? And there is a question for Mr Abhinav, how is security and resilience integrated in the India stack? So maybe I'll start with Abhinav since you're describing the India stack and see if you can quickly address the question on how security and resilience is integrated. So, thank you, Billa. So as I mentioned, I mean, as I mentioned, the India stack, each of the layers within the India stack is sort of regulated within a regulatory framework. So and each of them have very high security, I mean, follow very high security protocols, and I mean, even independent and there is only API access that can and that is enabled for each of those layers. So each of these layers are again controlled independently by multiple pairs. For instance, the Aadhaar layer is controlled by UIDAI. Similarly, the presence less layer, EKYC is controlled by METI, the Ministry of Electronics Information Technology in India. The cashless layer is controlled by a regulated entity called NPCI, the National Payments Corporation of India, and the consent layer, which is basically account aggregators, is again a layer which is controlled by RBI. So each of these layers are independently handled by multiple regulators and within the security framework, which actually results in resilience of the whole system. Okay. Very good. Thank you. I understand Dorothy had to leave to another call so she's not available to answer the question but would be, we would be happy to follow up offline for the the requester. We have about seven minutes left in our webinar today. I'd like to ask Anant, maybe a quick question you mentioned in your presentation that you have your preferred model. So having studied all these different technical models of interoperability, is there one that you would say is better than others in for financial service providers in emerging markets? I hope I don't get into trouble for this, because all of these models are supported by very driven people who want the best for the industry, but of course, once they suggest a model, they take a position on it. So I'm going to say it and let's see what happens tomorrow. But I think I just want to emphasize it's a hard question to answer because it's like asking, is there a good way to build a bridge? And of course, you know, depending on what kind of traffic you're expecting and where you want to build the bridge, it depends on what the conditions are, that will determine what kind of bridge you're going to have. You're going to have a big bridge, a rope bridge, or you can have a cantilever bridge. So it's, it's that kind of question. But despite that, I'm going to give you a clear answer for at least my part of the world. You know, people that we work with but before that maybe I can just identify you should always look at four things. When you're discussing what kind of interoperability model is best for you, you obviously got to look at cost. You know, if you're going to go for a system that is much more expensive than what you can afford, that's obviously not a, it's a non starter. You've got to also look at scalability. I think this question came up in both the presentations of Dorothy and Kevin as well, I think. So if the system is going to be useful, tomorrow you should be able to use it for for connecting with many more players and the initial set that you get for using that system. You need to be robust. And this comes down to the whole resilience question we're having today if the system for whatever reason has a breakdown, you should be able to get back up and running with that. And finally, the point about governance, you know, enough has been said about it, you need to be comfortable that you're in control of this. If you ask these questions and you come to an answer that should tell you what bridge you should build. Now, the players that we work with in the markets where we were. You know, I, you can, you can go for all of these models, you know, the bilateral model, the aggregated model, the global payments model, but really, we feel that if there was a hub that was owned by the industry. A mobile money industry led how we do believe that that is the best model provided they can get it up and running. Not overly complicated in getting getting off to off the blocks. And there are a few initiatives like that right now there is an industry scheme that has been launched by leading mobile operators empty and then an orage called mobile, which is short for mobile wallet interoperability. These initiatives if they if they rescale would be the best funds for our stakeholders but we don't know whether they are going to be successful we are working with our players, but that is that would be our preferred model if everything went right. Now, let's see what some people say about my answer, but that's my answer. Very good. Thank you very much. Given the timeframe. I'd like now to move to you to wrap up the the episode. I'd like to offer all the panelists maybe one minute in terms of wrap up and final comments. I'll start with Kevin, Kevin Butler. Yes. Okay, thank you. Thanks for the opportunity to talk today and thanks to all of the panelists. I learned something during this and I hope that all of our attendees did as well to echo John's points about interoperability I think interoperability resilience are critical elements of the DFS ecosystem and we can provide a general guidance in terms of developing a framework everybody's situation is going to be individual and every ecosystem looks a little different from others so it is a longstanding challenge when we've got individually developed solutions that are designed with a particular context in mind and trying to ensure that they interoperate with others that are built with different design parameters and ensuring interoperability but that is one of the great modern challenges and the results, especially as we see now with COVID and the increased role at digital transactions and digital payments for having a seamless experience for users and having the ability to interoperate with others is critical to our future growth and development. Okay, thank you Kevin. Mr Khan. Thank you Bilal. I just wanted to end this by highlighting the fact that there is a broader set of ecosystem players in the DFS space and that includes the post. We are actively working to make sure that the governments recognize that because the polls and in most of the cases are actually part of the government and provide a fantastic level of services, both social and financial to vulnerable populations and people who are in difficult circumstances. So as you would have seen from the in your post presentation, the scalability to reach the accessibility and the amount of solutions that the post can provide is absolutely fantastic. So we continue to make sure that we highlight these examples and we bring our stakeholders to the table and make sure that the policymakers are aware and able to leverage the postal sector players and I invite all the participants to visit our page. You'll find a link at the end of my presentation to see exactly what the posts are doing in terms of social and financial services in reaching out to these populations. And thank you very much to my colleagues at IT for organizing this and for having us on the panel. Thank you very much Bilal. Thank you Mr Khan. Thank you for joining us from Bern today. And I'd like to invite Mr Singh for any final comments before we close. Thank you. So as I mentioned, and I would drop on what Mr Khan was saying that the post can be a major player in terms of providing financial inclusion, especially digital financial inclusion and in assisted mode as we have just showed. And also there's a huge potential for having an interoperable payment system which is operated as public good, which can be accessed by multiple players. Because as I mentioned the cost of having a switch based and open loop systems can be prohibitive and within that if we can have such a system within regulatory framework, where multiple entities can come together and break the silos. I mean it can work wonders as it has done in the case of India. As I mentioned, I mean something that could have taken around 47 years for us to achieve. I mean India has done that in last eight to nine years. So and so again I would say I mean as I was saying during the way forward in my way forward slide that there's a there's a requirement for various regulators to come together and build up on this further. So thank you. Thank you for the opportunity and thank you for all the participants and all the panelists here for giving. Thank you very much. Thank you very much. I'd like now to thank all the panelists and participants for joining today's webinar. I'd also like to thank my colleagues at TSP, VJ, Gifty Arnold, and the whole team that made the preparations and made this webinar series possible. We will be back in September for more episodes. For the month of August, we will have a prerecorded webinar on tracking crypto Ponzi schemes. The information will be made available on the insights DFS webinar website and on social media. With that, I'd like to thank you again for your participation. Wish everyone a nice day or good night and declare this webinar closed. Thank you.