Outdated browser

You are using an outdated browser. DNB.nl works best with:

04 June 2018 Supervision Supervision label Q&A


Based on the Regulation on oversight of the smooth operation of the payment system that entered into force in late 2015 and is based on Section 3:17(2), operning words and under e, of the Financial Supervision Act (Wet op het financieel toezicht –Wft) and Section 26b of the Decree on Prudential Rules for Financial Undertakings (Besluit prudentiële regels Wft – Bpr), DNB is responsible for the oversight of banks, payment institutions and electronic money institutions that carry out 60 million or more non-cash payments every year. The Regulation lays down the requirements these institutions must consider in setting up their operational management so as to ensure the smooth operation of the payment system. Since the entry into force of the Regulation, we have received questions from the sector on its interpretation and application. That is why we have prepared a Q&A document to help institutions interpret the Regulation correctly.


Detailed explanation of several concepts of the Regulation

Which payment methods come under the scope of the Regulation?
All payment methods that are used in mass non-cash retail payments come under the scope of the Regulation. We expect banks, payment institutions and electronic money institutions to be able to effectively manage all types of payments. From a risk-based supervision perspective, the focus of our supervision is on iDEAL and payment terminal transactions as time-critical payments, and on the functionalities used to submit credit transfers and urgent payments (online or via mobile banking) as non-time-critical payments. Credit cards also come under the scope of the Regulation, but are not part of our primary focus due to their relatively limited use. We evaluate our risk-based supervision activities on a regular basis.

What are mass non-cash retail payments?

We apply the same definitions as those used in payment system statistics – see our Manual on Payments statistics.

The Regulation relates to non-cash retail payments, with the requirements applying to transactions initiated by private individuals. The Manual makes a distinction between private and business payment accounts, based on how individual banks register their private and business customers.

What is meant by a transaction within the Netherlands?

Transactions within the Netherlands are domestic transactions. According to the Manual, this involves transactions initiated by a payer or payee, where the payment service providers of both the payer and the payee have their registered office in the Netherlands. Domestic transactions are transactions between payment accounts held with payment service providers that are based in the Netherlands – the country of residence of the payer and the payee is not relevant in this respect.

Availability standards

Which forms of unavailability must be included in the availability data?

The purpose of availability data is to provide insight into actual availability. This means all forms of unavailability must be included, also in the event of disruptions, incidents and calamities. An analysis of the causes of unavailability is an important part in our assessment of the reasonableness and fairness of unavailability under the Regulation.

When is the peak demand period?

According to the Regulation, the peak demand period is the part of a day before 0.30 a.m. and after 6 a.m. An exception applies for iDEAL, due to the high intensity of transactions for this product between 0.30 and 1.00 a.m. The peak demand period for iDEAL has therefore been set as the part of a day before 1 a.m. and after 6.30 a.m. 

Which systems should institutions include in determining their availability data?
The availability standard applies to all systems in the chain for which the institution bears responsibility. An institution's responsibility for transaction processing starts the moment it receives a payment transaction.

What are the rules for publishing availability data?

Institutions must, as a minimum, publish their availability data for iDEAL and POS terminal transactions during both peak demand and low demand periods. They must publish them as weighted three-month averages, expressed as a percentage with two or more decimals. The data must be updated by the twelfth business day of each month, so as to ensure that these averages relate to the past three full calendar months. The institution must specify the date of publication or the three-month period to which the averages relate. The data published must remain available until four more sets of three-month averages have been published.

Availability standard for debit card transactions

In the event of disruptions in debit card transactions, a stand-in functionality is often deployed. Must the number of debit card transactions that is rejected during a stand-in due to stand-in limit breaches be included in the unavailability data?
The Regulation defines availability in terms of hours per quarter and not in numbers of transactions per quarter.

How should the availability for POS terminal transactions be calculated?
Unavailability in POS terminal transactions is defined as the period during which both the institution and the stand-in functionality are unavailable. A formula to calculate availability data for POS terminal transactions is provided below.

Formule die gebruikt kan worden op de beschikbaarheid te berekenen

Availability standard for iDEAL

How should the availability for iDEAL be calculated?
The availability data for iDEAL can be calculated using the following approach:

Aanpak berekening beschikbaarheidscijfers voor iDEAL

Explanatory notes:

  • BiDEAL = the availability of iDEAL expressed as a percentage. There is a separate BiDEAL for peak demand periods and for low demand periods: BiDEAL p and BiDEAL l. Both figures are published on a monthly basis and relate to the availability figures over the past three months.
  • T = the time in minutes over the past three months.
    T(p) is 18.5 * 60 times the number of days in the past three months (each day has a 18.5-hour peak demand period, i.e. between 6.30 a.m. and 1 a.m.).
    T(l) is 5.5 * 60 times the number of days in the past three months (each day has a 5.5-hour low peak demand period, i.e. between 1 a.m. and 6.30 a.m.).
  • Σ(O) = the sum of the time in minutes over the past three months that the issuing domain was unavailable, broken down by peak demand period and low demand period. This sum includes all total unavailabilities and weighted partial unavailabilities. O is a unit of time.

Partial unavailability is included in Σ(O) according to the following formula:

Formule bij gedeeltelijke onbeschikbaarheid
  • SRstandard = the standard success rate in a disruption-free period over the past three months. This is the normal percentage of consumer-initiated iDEAL transactions leading to a successful payment. Banks can use their own acquiring reports (the success rates for each issuer can be derived from this) as a source for determining the success rate standard.
  • SRrealised = the success rate measured during a partial disruption. If a bank has a better method for calculating partial unavailability (and is able to substantiate this), it is of course free to use this.

What is the minimum measurement accuracy for iDEAL?
The minimum measurement accuracy is at least 1 measurement per minute. Institutions must be able to demonstrate that they are using an effective measurement method.

Maximum recovery time

Does the maximum recovery time requirement of 2 hours also apply to scheduled maintenance for changes and contingency tests?
The maximum recovery time requirement of 2 hours for non-critical payment orders relates to the possibility to initiate a payment order regardless of the channel (online, mobile banking or any other channel) and regardless of the cause of unavailability, so it also applies to scheduled maintenance for changes and contingency tests as well as to incidental disruptions or calamities. In assessing breaches of this requirement, we will in any event address (i) total unavailability for non-time-critical payment orders, (ii) the number of breaches of the maximum recovery time, (iii) the duration of such breaches and (iv) the specific circumstances of these breaches.

Subsidiary companies

Do subsidiaries also have to comply with the Regulation?
If a subsidiary or brand effects non-cash payment transactions under the licence of its parent company, this subsidiary company or brand must also comply with the Regulation. The transactions of the subsidiary count towards the total number of non-cash transactions of the parent company.

Do subsidiary companies also have to publish their availability data?
Subsidiaries can publish their own availability data on their own website, or the data can be incorporated in the availability data of the parent company. If the parent company does not have its own customers, the data must be published at the subsidiary level.


  • Banks
  • Collective investment schemes
  • Electronic money institutions