FIJ CB Payment Service Provider Rules

Published on: Feb 18, 2025

On Feb. 14, FIJ CB issued payment risk management requirements.

  • FIJ CB issued Payment service provider supervision policy statement no. 1: Minimum requirements for risk management frameworks of licensed payment service providers in Fiji establishing minimum rules for establishment of a risk management framework.
  • Framework Requirements
  • Payment service providers (PSPs) must establish risk management framework covering risk identification, measurement, monitoring, and control systems, board oversight and clear reporting structures, risk culture, strategy alignment, and review.
  • Operational risks including IT, cyber, fraud, agent risk, systemic, financial risks, money laundering/terrorism financing risks, reputational, legal risks, settlement, liquidity risk.
  • Control and Technology Requirements
  • Implement independent risk management function, establish clear segregation of duties, maintain risk registers and reporting mechanisms, conduct regular risk review and audits, report material risk incidents to FIJ CB, and review risk policies annually.
  • Implement robust IT security controls, cybersecurity measures, conduct vulnerability assessments every three years, maintain business continuity and disaster recovery plans, test recovery plans annually, and ensure third-party service provider oversight.
  • Effectiveness
  • Policy effective Mar. 31, 2025, with full compliance required within one year.
Regulators
FIJ CB
Entity Types
Bank; MSB
Reference
PS, 2/14/2025
Functions
AML; Audit; BCS; Compliance; C-Suite; Cyber; Fraud; Operations; Reporting; Risk; Settlement; Technology
Countries
Fiji
Category
State
N/A
Products
Banking; Cards; Payments
Rule Type
Final
Regions
AP
Rule Date
Feb 14, 2025
Effective Date
Mar 31, 2025
Rule ID
243746
Linked to
N/A
Reg. Last Update
Feb 14, 2025
Report Section
International