OTC over the counter markets, risks and regulatory capital of credit institutions. Public interest institutions, credit institutions.

OTC over the counter markets, risks and regulatory capital of credit institutions.

Public interest institutions, credit institutions.

DOWNLOAD ARTICLE IN PDF

In publication 2019-20,02 we will carry out research on OTC derivative instruments, focusing our studies on EU regulation 648/2012 and regulation 575/2013/EU. Of interest for this research is the obligation established by the Commission for OTC standard contracts to be cleared by a CCP counterpart with regulation 648/2012/EU, and the prudential requirements established for credit institutions and investment firms by Regulation 575/2013/EU. In the appendix we will carry out a feasibility study for a limited public interest institution, a payment institution.

1 - OVER THE COUNTER OTC MARKETS
The general definition of OTC markets shows the following: over the counter markets (OTC markets) are characterized by not having the requisites recognized on regulated markets . These are markets whose trading takes place outside the official stock exchange circuits. OTC markets are therefore the complex of transactions involving the purchase and sale of securities that are not listed on stock exchanges, whose functionality is organized by some players, and whose characteristics of the contracts being traded are not standardized. The listing on unregulated markets (OTC) takes place according to the principle of matching the demand and supply only; therefore their value changes continuously and in a manner that is not correlated with the trend of the world stock exchanges.

The European Commission in various communications of 4 March 2009, 3 July 2009, 20 October 2009, highlighted the need to strengthen the EU regulatory framework for financial services, assessed the role played by derivatives in the financial crisis and the need to guarantee efficient, safe and sound derivatives markets, it have illustrating strategic actions for the future, with particular reference to the measures it intends to take to reduce the risks associated with derivatives.

With the report prepared by a high-level group chaired by Jacques de Larosière and prepared at the request of the Commission and published on 25 February 2009, it was noted that the supervisory framework of the Union's financial sector had to be strengthened to reduce the risk of future financial crises and their seriousness, recommending deep reforms of the supervisory structure of this sector, including the creation of a European System of Financial Supervisors composed of three European Supervisory Authorities, respectively for the banking sector, for the insurance sector and occupational pensions and for the financial instruments and markets sector, and the creation of a European Systemic Risk Board.

Given that derivatives traded off-exchange (OTC derivative contracts) lack transparency, given that they are privately negotiated contracts and the relevant information is normally only accessible to the contracting parties, and that such contracts create a complex network of interdependencies which can make it difficult to determine the nature and level of risks incurred, so there is a clear uncertainty, the same that in the financial crisis has led to a reduction of economic security in times of tension on the markets, thus creating risks to financial stability. With Regulation 648/2012, the European Commission sets the conditions to mitigate these risks and improve the transparency of derivative contracts. At the Pittsburgh summit on 26 September 2009, the G20 leaders decided that by the end of 2012 all standardized OTC derivative contracts will have to be cleared by a central counterparty (CCP) and OTC derivative contracts will have to be reported to repertories of trading data, clear actions aimed at increasing the economic security of the parties to the OTC. In June 2010, the G20 leaders meeting in Toronto reaffirmed their commitment and also committed to accelerate the implementation of strong measures to increase the transparency and regulatory oversight of OTC derivative contracts in a uniform international and non-discriminatory manner.

EU Regulation No. 648/2012 sets bilateral offset and risk management obligations for over-the-counter (OTC) derivative contracts, reporting obligations for derivative contracts and uniform obligations for the exercise of assets; central counterparties (CCPs) and trade repositories. DefinesCCP: a legal entity that interposes itself between the counterparties of contracts traded on one or more financial markets acting as buyer for each seller and as a seller towards each buyer; trade repository: a legal entity that collects and maintains registrations on derivatives centrally.Compensation: the procedure to determine the positions, including the calculation of net bonds, and to ensure the availability of financial instruments or cash, or both, to cover exposures resulting from positions.

The introduction of a clearing obligation and the procedure to determine which CCPs can be used for this purpose may lead to undesired distortions of competition in the OTC derivatives market. For example, a CCP could refuse to offset transactions executed on certain trading venues because it belonged to a competing trading venue. In order to avoid such discriminatory practices, CCPs should agree to offset the operations performed in different trading venues, provided that the latter meet the technical and operational requirements defined by the CCPs, regardless of the basic contractual documentation on which the contractors have concluded the relative operation in OTC derivatives, provided that this documentation complies with market standards. Trading venues should provide CCPs with trading data in a transparent and non-discriminatory manner. The right of access of a CCP to a trading venue should allow agreements whereby multiple CCPs use data streams from the same trading venue. However, this should not lead to interoperability on derivatives clearing or creating liquidity fragmentation.

2 - OTC COMPENSATION OBLIGATION
The regulation 648/2012/EU with the rule of article 4 paragraph 1 establishes the obligation of compensation:
1. The counterparties compensate all OTC derivative contracts belonging to a class of OTC derivatives declared to be subject to the clearing obligation in accordance with Article 5 (2) of the said Regulation if such contracts simultaneously satisfy the following two conditions:
(a) have been concluded according to one of the following methods:
i) between two financial counterparties,
ii) between a financial counterparty and a non-financial counterparty meeting the conditions set out in Article 10 (1) (b);
iii) between two non-financial counterparties fulfilling the conditions set out in Article 10 (1) (b), or
iv) between a financial counterparty or a non-financial counterparty fulfilling the conditions set out in Article 10, paragraph (1) (b), and a subject established in a third country which would be subject to the clearing obligation if it were established in the Union; or
v) between two subjects established in one or more third countries that would be subject to the clearing obligation if they were established in the Union, provided that the contract has a direct, material and predictable effect in the Union or where that obligation is necessary or appropriate to avoid circumvention of the provisions of this Regulation; and
(b) are stipulated or novated:
i) as from the date on which the clearing obligation commences; or (ii) from the date of the notification referred to in Article 5 (1) but before the date on which the clearing obligation takes effect if the residual duration of the contracts exceeds the minimum residual duration established by the Commission pursuant to Article 5, paragraph 2, letter c).

Article 5 of Regulation 648/2012/EU defines the clearing obligation procedures in the following paragraphs
1. When a competent authority authorizes a CCP to offset a category of OTC derivatives pursuant to Article 14 or 15 , it shall immediately notify ESMA authorization (1°).
In order to ensure the consistent application of this Article, ESMA shall develop draft regulatory technical standards to specify the details to be included in the notifications referred to in the first subparagraph. ESMA shall submit those draft regulatory technical standards to the Commission by 30 September 2012. The Commission shall be empowered to adopt the regulatory technical standards referred to in the second subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.
2. Within six months of receipt of the notification referred to in paragraph 1 or the completion of the recognition procedure referred to in Article 25 (recognition of non-EU countries' CCPs), ESMA shall proceed with a public consultation and having consulted the ESRB (1°) and, where appropriate, the competent authorities of third countries, it prepare and presents to the Commission for approval draft regulatory technical standards specifying it how much follows: a) the category of OTC derivatives that to be subject to the clearing obligation referred to in Article 4; b) the date or the starting dates of the clearing obligation, with indication of any gradual application, and the categories of counterparties to which the obligation applies; and c) the minimum residual maturity of OTC derivative contracts as referred to in Article 4 (1) (b), point (ii).
3. On its own initiative, ESMA, having carried out a public consultation and consulted the ESRB and, where appropriate, the competent authorities of third countries, identify, in accordance with the criteria set out in paragraph 4 (a), (b) and (c), and notify the Commission of the categories of derivatives which should be subject to the obligation the compensation referred to in Article 4, but for which no CCP has yet obtained authorization.
After the notification, ESMA shall issue an invitation to draw up proposals for the compensation of these categories of derivatives.
4. For the general purpose of reducing systemic risk, draft regulatory technical standards for the part referred to in paragraph 2 (a) shall take into account the following criteria: a) the degree of standardization of contractual terms and operational processes of the category of OTC derivatives int eressata; b) the volume and liquidity of the relevant OTC derivatives category; (c) the availability of fair, reliable and generally accepted information for pricing purposes for the relevant OTC derivatives category.
In developing these draft regulatory technical standards, ESMA may take into account the interrelation between the counterparties who use the categories of OTC derivatives in question, the expected impact on counterparty credit risk levels between counterparties and the impact on competition in the Union. In order to ensure the consistent application of this Article, ESMA shall develop draft regulatory technical standards that further specify the criteria referred to in the first subparagraphs (a), (b) and (c). ESMA shall submit those draft regulatory technical standards to the Commission by 30 September 2012. The Commission shall be empowered to adopt the regulatory technical standards referred to in this paragraph, third subparagraph, in accordance with Articles 10 to 14 of the Regulation (EU) n. 1095/2010.
5. The draft regulatory technical standards for the part referred to in paragraph 2 (b) shall take into account the following criteria: a) the expected volume of the relevant OTC derivatives category; b) the existence of more than one CCP which already compensates the same category of OTC derivatives; c) the capacity of the CCPs involved to manage the expected volume and the risk deriving from the offsetting of the relevant OTC derivatives category; d) the type and number of counterparties active in the market or expected, for the relevant OTC derivatives category; e) the period of time necessary for a counterparty subject to a clearing obligation to prepare a mechanism to offset OTC derivative contracts through a CCP; (f) risk management and the legal and operational capacity of the various counterparties active in the market for the category of OTC derivatives concerned and affected by the clearing obligation pursuant to Article 4 (1).
6. If a category of contracts OTC derivative no longer has a CCP authorized or recognized for their compensation under this Regulation, it is no longer subject to the clearing obligation referred to in Article 4. Paragraph 3 of this Article shall apply.

(1°) NOTE: based in Paris, the European Securities and Markets Authority (ESMA) was created in 2010 to safeguard the stability of financial markets and resolve the shortcomings European financial supervision. The Regulation (EU) no. 1095/2010 of the European Parliament and of the Council, of 24 November 2010, establishing the European Supervisory Authority (European Securities and Markets Authority), amending decision no. 716/2009/EC and repealing the Commission Decision 2009/77/EC, creates the ESMA, a European Authority which strengthens the coordination between national financial market regulatory authorities and ensures the uniform application of Community financial legislation in countries of the European Union (EU). Aesfem develops regulatory technical standards based on EU financial legislation. It also has the power to issue guidelines and recommendations on the application of European legislation. Its task is to promote transparency, simplicity and equity in the markets to protect consumers of financial products. Among its tasks, it monitors financial assets and analyzes consumer trends. Under certain strict conditions, it may temporarily prohibit or restrict financial assets that pose a threat to market stability. The ESMA can investigate a violation of the law by a national authority. This occurs when the latter fails to ensure that a financial market participant complies with European law. Within two months, ESMA can issue a recommendation requiring the national authority to take the necessary measures to comply with European law. Thus, the European Commission can formulate a formal opinion. If failure to comply with the national authority persists, the ESMA can directly take a decision against a single financial market participant under certain strict conditions. This decision prevails over previous decisions taken by the national authority. Aesfem is part of the European financial supervisory system, created in 2010 and which includes three other supervisory bodies: 1) AEAP: the European Insurance and Occupational Pensions Authority based in Frankfurt. 2) ABE: the European banking authority based in London. 3) CERS: the European Systemic Risk Board based in Frankfurt.

With the rule of article 10 paragraph 1, EU regulation 648/2012 establishes that when a non-financial counterparty assumes positions in OTC derivative contracts and these positions exceed the netting threshold, it fulfills the following obligations:
a) notify immediately to ESMA and to the competent authority referred to in paragraph 5 exceeding the threshold; b) becomes subject to the clearing obligation pursuant to Article 4 for future contracts if the moving average at thirty business days of its positions exceeds the threshold; and (c) compensate for all future contracts within four months of the date on which it becomes subject to the clearing obligation.
The same article in paragraph 2 establishes that a non-financial counterparty has become subject to the clearing obligation pursuant to paragraph 1 point (b), and which subsequently demonstrates to the authority designated pursuant to paragraph 5 that the moving average at thirty working days of its positions does not exceed the set-off threshold, is no longer subject to the clearing obligation referred to in 4. Paragraph 3 of the same article sets out provisions for the calculation of the positions of a non-financial counterparty in OTC derivatives, in particular it states that in the calculation the non-financial counterparty includes all OTC derivative contracts entered into by itself or other entities non-financials of the group to which the non-financial counterparty belongs for which it is not objectively measurable ability to reduce risks directly related to the non-financial or group counterparty's commercial or cash-financing business.
The obligations arising from the application of EU regulation 648/2012 for non-financial counterparties vary depending on whether they are qualified or less: qualified has the obligation of compensation, risk mitigation and reporting. Unqualified has the obligation to report and implement some of the risk mitigation techniques. Companies assume the qualified counterparty status if the average portfolio value for each category of derivative contracts, calculated in a period of thirty working days, exceeds the following predefined thresholds, identified by type of derivatives:
€ 1 billion for OTC derivative contracts on credit and shares,
€ 3 billion for OTC derivative contracts on: interest rates, foreign currencies and all other OTC derivatives that do not fall under the previous types.

Reliable data are needed to define the categories of OTC derivative contracts to be subject to the clearing obligation, the thresholds and and non-financial counterparties of systemic importance. Therefore, for regulatory purposes, a uniform reporting requirement on derivatives should be introduced at Union level. An ex-post reporting obligation is also required, to the greatest extent possible, for both financial and non-financial counterparties, in order to provide comparative data to ESMA and to the competent authorities concerned.

An intra-group transaction (Article 3 of EU Regulation 648/2018) is an operation between two companies that are integrally incorporated in the same consolidation and subject to adequate centralized assessment procedures , measurement and control of risks. Such undertakings shall adhere to the same institutional protection system as set out in Article 80 (8) of Directive 2006/48/EC, or, in the case of credit institutions related to the same central body, referred to in Article 3 (1) of the aforementioned directive, both are credit institutions or one is a credit institution and the other a central body (central subject responsible for the risk control of a credit institution). OTC derivative contracts may be recognized within financial or non-financial groups as well as mixed groups of financial and non-financial corporations and if they are considered an intra-group transaction for a counterparty, such contracts should also be considered as such for the other counterparty of the contract. It is recognized that intragroup transactions may be necessary to aggregate risks within a group structure and that therefore intragroup risks they have an their own specificity. Since making these transactions subject to the clearing obligation could reduce the efficiency of these intragroup risk management processes, it may be appropriate to derogate from this obligation for intra-group transactions, provided that there is no increase in systemic risk (general risks). Consequently, if useful to mitigate the infragroup counterparty credit risks, for such transactions it would be advisable to replace the CCP compensation with an adequate exchange of guarantees.

However, some infragroup transactions could be exempted, in some cases on the basis of the decision of the competent authorities, from the collateralisation obligations provided that the respective risk management procedures are sufficiently robust, robust and consistent with the level of complexity of the transactions and there are no impediments hindering the rapid transfer of own funds or repayment of liabilities between counterparties. These criteria and the procedures that the counterparties and competent authorities concerned must follow in applying the exemptions should be specified in the regulatory technical standards adopted in accordance with the ESA-establishing regulations (2°). Before drawing up draft regulatory technical standards, the ESAs should prepare an assessment of the potential impact on the internal market, on financial market participants and in particular on the operations and structure of the groups concerned. All the technical rules applicable to guarantees exchanged in intercompany transactions, including the exemption criteria, should take into account the pre-eminent specificities of such transactions, the differences between financial and non-financial counterparties and the respective purposes and methods for using derivatives.

Paragraph 2 of article 4 of the EU regulation number 648 of 2012 establishes that OTC derivative contracts that constitute infra-group transactions as described in article 3 are not subject to the obligation to set-off, without prejudice to risk mitigation techniques pursuant to Article 11.
It also establishes that the exemption referred to in the first subparagraph shall only apply:
a) if two counterparties established in the Union and belonging to the same group have previously notified in writing to their competent authorities their intention to avail itself of the exemption for the OTC derivative contracts entered into among them. Notification takes place at least thirty calendar days before the exemption is exercised. Within thirty calendar days following receipt of the notification, the competent authorities may object to the exemption exercise if the transactions between the counterparties do not meet the conditions set out in Article 3, without prejudice to the competent authority's right to object after expiry of this period, thirty day if the conditions in question are no longer satisfied. In the event of disagreement between the competent authorities, ESMA may assist them in seeking an agreement in accordance with the powers conferred on it pursuant to Article 19 of Regulation (EU) No 1095/2010;
(b) OTC derivative contracts entered into between two counterparties belonging to the same group and established in a Member State and in a third country, if the counterparty established in the Union has been authorized by its competent authority to apply the exemption within thirty calendar days of the notification of the counterparty established in the Union, provided that the conditions set out in Article 3 are fulfilled. The competent authority shall inform ESMA of this decision.

(2°) NOTE: On 23 September 2009, the Commission adopted three proposals for regulations establishing the European System of Financial Supervision and creating three European Supervisory Authorities (ESAs) with the task of contributing to the uniform application of Union law and the development of common standards and practices of high quality regulation and supervision. The ESAs include the European Supervisory Authority (European Banking Authority) (EBA) established by Regulation (EU) no. 1093/2010 of the European Parliament and of the Council, the European Supervisory Authority (European Insurance and Occupational Pensions Authority) (AEAP) established by Regulation (EU) no. 1094/2010 of the European Parliament and of the Council and the European Supervisory Authority (European Securities and Markets Authority) (ESMA) established by Regulation (EU) no. 1095/2010 of the European Parliament and of the Council. The ESAs will play a crucial role in safeguarding the stability of the financial sector. It is therefore essential to guarantee at all times that the work they carry out is of high political priority and that adequate resources are allocated to them.

With the EU regulation 648/2012, the counterparties are considered as belonging to the same consolidation at least when they are both merged into a consolidation within the meaning of Article 1 of Council Directive 83/349/EEC repealed by Directive 2013/34/EU (object of study in publication 2019-20,01) or on the basis of International Financial Reporting Standards (IFRS) adopted pursuant to Regulation (EC) no. 1606/2002 of the European Parliament and of the Council or, for a group whose parent company is headquartered in a third country, on the basis of accounting standards generally accepted by a third country recognized as equivalent to IFRS in accordance with Regulation (EC) n. 1569/2007 of the Commission or accounting standards of a third country whose use is permitted pursuant to Article 4 of Regulation (EC) No 1569/2007, or when both are covered by the same consolidated supervision pursuant to Directive 2006/48/EC, a directive governing access to the activity of credit institutions and its exercise, as well as the prudential supervision of such institutions. The counterparties are both considered to belong to the same consolidation even in the condition in which both are covered by the same consolidated supervision pursuant to Directive 2006/49/EC of the European Parliament and of the Council, which establishes the capital adequacy requirements and which apply to investment firms and credit institutions, defines the related calculation rules and rules for their prudential supervision for the purposes of Regulation 648/2012/EU and with reference to the exemption of the obligation to offset OTC contracts when deemed to be intra-group transactions between two consolidated companies (pursuant to Article 4 paragraph 2 of Regulation 648/2012/EU), is considered consolidated group an group with a parent company in a third country and subject to the same consolidated supervision as the competent authority of a third country established as equivalent to that governed by the principles set out in Article 143 of the Directive 2006/48/EC or in Article 2 of Directive 2006/49/EC (both Directives have been repealed by Directive 2013/36/EU). With the regulation 1606/2002/CE the commission has as its objective the adoption and use of international accounting principles in the Community to harmonize the financial information presented by the companies referred to in article 4 of the same, in order to guarantee a high the level of transparency and comparability of financial statements and thus the efficient functioning of the Community market of capital and the internal market. Regulation 1569/2007/EC establishes a mechanism for determining the equivalence of accounting standards applied by issuers of third country securities, establishing the conditions under which the Generally Accepted Accounting Principles of a third country can be considered equivalent to International Financial Reporting Standards (hereinafter IFRS) and introduces a mechanism for determining such equivalence.

The European Commission with Regulation 648/2012/EU defines rules that allow the establishment of a CCP in any Member State. No Member State or group of Member States should be discriminated, directly or indirectly, as a location for clearing services. Nothing in this Regulation should limit or prevent a CCP of a jurisdiction from compensating a product named in the currency of another Member State or a third country. It lays down rules that restrict the authorization of a CCP to hold an initial minimum capital, considering it appropriate that the capital, including undistributed profits and CCP reserves, be at any time proportionate to the risk arising from the activities of the CCP, in order to ensure that it is adequately capitalized in order to cope with credit, counterparty, market, operational, legal and commercial risks that are not already covered by specific financial resources and can proceed, if necessary, to restructuring or liquidation ordered of its activities. As the regulation introduces, for regulatory purposes, a legal obligation of compensation through specific CCPs, it is essential to ensure that these are safe and sound and comply at all times with the rigorous organizational, professional and prudential requirements set by this regulation. In order to ensure uniform application of this Regulation, these requirements should apply to the clearing of all financial instruments processed by the CCP.

The European Commission considers it necessary, for harmonization and regulatory purposes, to ensure that counterparties only use CCPs that meet the requirements set by this Regulation. These requirements should not prevent Member States from adopting or continuing to apply additional requirements for CCPs established in their territory, including certain authorization requirements under Directive 2006/48/EC. However, the imposition of such additional requirements should not affect the right of CCPs authorized in other Member States or recognized in accordance with this Regulation to provide clearing services to the direct participants and their clients established in the Member State introducing the additional requirements, in that the aforementioned CCPs are not subject to these requirements and are not required to comply with them. By 30 September 2014, ESMA should draw up a report on the impact of the application of additional requirements by the Member States.

With the Regulation (EU) 648/2012, the European Commission establishes the set of implementing rules on the authorization and supervision of CCPs, considering it an essential corollary of the obligation to offset OTC derivative contracts. It establishes that the competent authorities retain responsibility for all aspects of the authorization and supervision of CCPs, including the responsibility for verifying compliance by the applicant CCP with this Regulation and with Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on the definitive nature of the regulation in payment systems and securities settlement systems, given that national competent authorities are best placed to assess the day-to-day functioning of the CCP, to carry out regular checks and to adopt if necessary, suitable measures. When a CCP risks insolvency, the responsibility for public finance action may fall mainly on the Member State in which the CCP is established. Consequently, the powers for the authorization and supervision of CCPs should be exercised by the competent authority of that Member State. However, given that the direct participants of a CCP can be established in different Member States and will be the first to be affected by the failure of the CCP, it is essential that all the competent authorities and ESMA participate in the authorization procedure and supervision. This will avoid divergent national measures or practices and the creation obstacles to the proper functioning of the internal market. Furthermore, no proposal or measure by a member of a college of supervisors should discriminate, directly or indirectly, a Member State or a group of Member States as the seat of clearing services in any currency. ESMA should participate in each college in such a way as to ensure the consistent and correct application of this Regulation. ESMA should involve other competent authorities of the Member States concerned in the preparation of recommendations and decisions.

Regulation 648/2012/EU underwent minor modifications by the Directive 2015/849/EU amending article 25, paragraph 2, letter d) point replaced by the following: d) the CCP has its headquarters or is authorized in a country third, whose national anti-money laundering and counter-terrorist financing system does not present, in the Commission's opinion, in accordance with Directive (EU) 2015/849 of the Parliament and of the Council, strategic weaknesses posing significant threats to the Union's financial system. Previous amendments were made by Regulation 575/2013 on prudential requirements for credit institutions and investment firms that it added at the Title IV, the Chapter 4, in relation the calculation of the hypothetical capital KCCP necessary for the determination of the exposure value of a institution (QCPP) for the pre-funded contribution from the guarantee fund of a Central Counterparty.

3 - CAPITAL OF SURVEILLANCE AND PRUDENTIAL REQUIREMENTS FOR CREDIT INSTITUTIONS
. In recent years, the EU has implemented a substantial reform of the financial services regulatory framework aimed at strengthening the resilience of institutions (credit institutions and investment firms) operating in the EU financial sector and based to a large extent on standards agreed at worldwide with international partners. The reform package included regulation (EU) no. 575/2013 (Capital Requirements Regulation or CRR), Directive 2013/36/EU (Capital Requirements Directive or CRD) on prudential requirements and supervision of institutions, Directive 2014/59/EU (rehabilitation and resolution directive of banks or BRRD, harmonized rules for all European countries aimed at preventing and managing the crises of banks and investment firms) and Regulation (EU) no. 806/2014 (Single Resolution Mechanism Regulation or SRM, an EU-wide system for the resolution of insolvent financial institutions and includes rules on capital requirements, on the protection of depositors, on the prevention and management of bank failures). These measures were adopted in response to the financial crisis that broke out in 2007-2008 and reflect internationally agreed standards. Despite having made the financial system more stable and resilient to the many types of possible shocks and future crises, the reforms do not yet fully address all the problems identified. In response, the European Parliament and the Council, on 23-11-2016, presented in Brussels the proposal to amend Directive 2013/36/EU (Capital Requirements Directive or CRD), a proposal that is part of a legislative package also including amendments to the regulation (EU) no. 575/2013 (Capital Requirements Regulation or CRR), of Directive 2014/59/EU (Bank Resolution and Resolution Directive, BRRD) and of Regulation (EU) no. 806/2014 (Single Resolution Mechanism Regulation or SRM). Currently, in the year 2018, the Directive 575/2013/EU and the 2013/36/EU Directive of interest for the studies of this publication remain in force.

Regulation 575/2013/EU contains, inter alia, the prudential requirements for entities closely related to the functioning of the banking and financial services markets and which aim to guarantee the financial stability of the operators in these markets, as well as a high level of protection of investors and depositors. The same regulation is intended to make a decisive contribution to the proper functioning of the internal market.

Directives 2006/48/EC and 2006/49/EC, although to a certain extent harmonized the provisions of the Member States on prudential supervision, provide for a significant number of options and possibilities for Member States to impose more stringent those provided for by those directives. This results in disparities between national rules, which could hinder the cross-border provision of services and the freedom of establishment and thereby create obstacles to the proper functioning of the internal market. For reasons of legal certainty and the need for a level playing field within the Union, a single set of rules for all market participants is a key element for the functioning of the internal market. With the adoption of Regulation 575/2013/EU, all institutions are subject to the same rules throughout the Union, which also reinforces confidence in the stability of institutions, especially in times of stress; the same regulation reduces the complexity of regulation and costs for compliance with the law, in particular for institutions operating on a cross-border basis, and helps to eliminate distortions of competition.

Small and medium-sized enterprises (SMEs) play a key role in creating economic growth and securing employment. The recovery and future growth of the Union economy depends to a large extent on the availability of capital and funding to enable SMEs established in the Union to make the necessary investments to adopt the new technologies and equipment needed to increase their competitiveness. The limited number of alternative sources of financing has made SMEs established in the Union even more sensitive to the impact of the banking crisis. It was important to close the current gap on SME financing and ensure an adequate flow of bank loans to SMEs in the current context; in fact, the EU regulation 575/2013 reduces the capital coverage of credit institutions with a support factor equal to 0,7619. With the provision of article 502 of the same regulation, the provisions are defined so that credit institutions can effectively use the capital requirements reduction, deriving from the application of the support factor, for the sole purpose of ensuring an adequate flow of loans to established SMEs in the Union. Institutions shall report to the competent authorities every three months on the total amount of exposure to SMEs, the total amount,including any default exposures (3°) due to the istitution or its parent companies and its subsidiaries by the debtor client or group of related debtor customers, excluding potential receivables or credits secured by residential property, which must not exceed 1.5 million of EUR. The competent authorities shall periodically monitor the total amount of credit institutions' exposures to SMEs and the total amount of the capital deduction.

(3°) NOTE: in finance is defined as default situation (insolvency) the technical inability of an issuer to comply with the contractual clauses provided for in the financing regulations. For example, it is the situation in which a state incurs when it declares insolvency or bankruptcy (sovereign insolvency). The default can be formal or substantial: formal, where an issuer does not comply with certain hedging or capital ratios such that the loan could undergo a significant change in its creditworthiness; substantial when an issuer is not physically able to pay the interest or repayment installments of the capital at the natural expiry of each.
Default after Basel 2. The Basel 2 agreement changed the definition of default of the taxable person in an important and objective way. Default exposures include: non-performing loans, substandard loans, restructured loans, overdue and/or overdrawn credits. 
Suffering: exposure to a counterparty in a state of insolvency (even without judicial assessment) or in a comparable situation, regardless of loss forecast formulated by the bank and by the presence of collateral.
Uncontrolled: exposure to a counterparty in temporary difficulty (defined on the basis of objective factors) that is considered to be exceeded in a reasonable period of time. 
Refurbished credit: exposure in which a bank or a pool of banks, due to the deterioration of the economic and financial situation of the debtor, has, have changed the original conditions of the loan (rescheduling of terms, reduction of the interest rate), resulting in the emergence of a loss. 
These include expired credits and, or those exceeding for which: 1) the debtor is late on a credit obligation to the bank or banking group for over 90 days; 2) the "relevance" threshold is equal to 5% of the exposure (the overdraft). For retail exposures, banks may adopt a default definition at the level of individual transactions, limited to overdue or overdrawn credits, if consistent with their management practices. For corporate loans, the cross-default clause applies, ie insolvency on a credit line causes the default of all claims against the debtor. The following changes to the original contractual conditions do not lead to default: a) rescheduling of receivables and granting of extensions; b) extensions, renewals or extensions of credit lines. These changes must not depend on the deterioration of the economic-financial conditions of the debtor or must not give rise to a loss.
Rescheduling is a way of restructuring the debt, that is a change in the conditions of the loan, by a State or a company that is no longer able to meet its obligations to creditors. The rescheduling provides for the extension of the deadlines for reimbursements. The other two ways of restructuring the debt may instead concern and modify the interest rate applied or the principal through a haircut, or a cut in the nominal value of the securities in the portfolio.

Regulation 575/2013/EU establishes uniform rules concerning the general prudential requirements that institutions subject to supervision pursuant to Directive 2013/36/EU (authorized by the Authority) satisfy with regard to the following elements:
a) requirements with regard to own funds relating to credit risk, market risk, operational risk and settlement risk, which are fully quantifiable, uniform and standardized (we will examine the risks in the paragraph "risks for credit institutions");
b) requirements limiting large exposures;
c) liquidity requirements relating to liquidity risk elements; fully quantifiable, uniform and standardized (which have a weighting factor of 100% since 2018);
d) reporting obligations under subparagraphs a), b) and c) and financial leverage; e) public disclosure obligations.
This regulation does not define publication obligations for the authorities competent in the field of prudential regulation and supervision of institutions referred to in Directive 2013/36/EU, obligations fully contained in the same Directive 2013/36/EU and therefore that they would have been unnecessarily repeated; it also does not prevent institutions from applying stricter prudential requirements, therefore, from holding own funds and their excess components or from applying stricter measures than those set out in this regulation. Said rules for the application of prudential requirements both on an individual basis and on a consolidated basis of credit institutions.

Of interest for this research is part two of the regulation on own funds and the definition of Tier 1 capital made up of the sum of the primary capital of class 1 and of the additional capital of class 1. In accordance with the CBVB decision, approved by the GHOS the January 10, 2011, all the Tier 1 capital instruments and all the Tier 2 capital instruments of an institution may be fully deducted on a permanent basis or fully converted into Tier 1 capital at the time the institution it is not profitable. The necessary legislation to ensure that own funds instruments are subject to the additional loss absorbing mechanism is incorporated into Union law as an integral part of the institutions' reorganization and resolution requirements.

With Article 26 of Regulation 575/2013/EU, the European Commission establishes rules for the definition of primary capital of class 1 (of greater interest for this paragraph), rules that define the elements of primary capital of class 1:
a) capital instruments, provided that the conditions set out in Article 28 or, where applicable, Article 29 are met;
b) share premiums for the instruments referred to in point (a);
c) retained earnings;
d) other accumulated income statement components;
e) other reserves;
f) funds for general banking risks.
Elements referred to in letters c) to f) are recognized as primary capital of class 1 only if they can be used without restriction and without delay by the institution to cover risks or losses at the time they occur.
Profits not distributed, letter c), may include interim or year-end earnings before that the institution adopt a formal decision confirming the final result for the reference year only with the prior authorization of the competent authority. The competent authority shall grant the authorization if the following conditions are met:
(a) the profits have been verified by persons independent of the body responsible for auditing the accounts of the institution itself;
b) the has shown satisfactorily, in the opinion of the competent authorities, that the amounts of these profits are net of all foreseeable charges and dividends.
A verification of the interim or final year profits of the institution satisfactorily guarantees that these profits have been valued in accordance with the principles set out in the applicable accounting framework (principles of international accounting: Regulation (EC) No. 1606/2002 - Regulation (EU) No. 2016/1905 - Regulation (EU) No. 2016/2067).
Competent authorities shall assess whether the emissions of Tier 1 capital instruments meet the criteria set out in Article 28 or, where applicable, in Article 29. With regard to subsequent issues to 31 December 2014, institutions classify capital instruments as primary instruments of class 1 capital only with the prior approval of the competent authorities, which may also consult the EBA. As regards capital instruments, with the exception of State aid, which the competent authority considers classificating as primary capital instruments of class 1, but with regard to which the EBA considers it materially complex to establish compliance with the criteria set out in Article 28 or, where applicable, Article 29, the competent authorities shall explain their motivations to the EBA. On the basis of information from each competent authority, EBA shall develop, update and publish a list of all forms of capital instruments of each Member State which are eligible to be considered primary class 1 capital instruments. The EBA has drawn up this list and published it for the first time by 1 February 2015.
EBA may after the review process referred to in Article 80 (continuous review of the quality of own funds instruments issued by institutions) and when there is significant evidence of the non-compliance of these instruments with the criteria set out in Article 28 or, where applicable, in Article 29, decide to remove from the list instruments that do not constitute State aid issued after 31 December 2014 and can spread a communication about it. Develops draft regulatory technical standards to specify the meaning of "foreseeable" when determining whether foreseeable charges and dividends have been deducted. He presented the draft regulatory technical standards to the Commission to which the power to adopt the regulatory technical standards is delegated pursuant to Articles 10 to 14 of Regulation (EU) No 1093/2010.

Article 27 defines the conditions for the Tier 1 capital instruments issued by the institutions, defined as such under the applicable national law and with the requirements to be considered by the relevant competent authorities, mutual societies, cooperatives, savings institutions or similar bodies. Article 28 defines the conditions for capital instruments to be considered primary capital instruments of class 1. Article 36 paragraph 1 defines the elements of primary capital that must be deducted such as losses for the year, intangible assets, deferred tax assets that are based on future profitability, the negative amounts resulting from the calculation of expected losses for institutions that calculate risk weighted exposure amounts using the internal rating method (IRB approach, paragraph "Risks for a credit institution"), the assets of pension funds with benefits, defined in the financial statements the institution's, and the other elements indicated in letter e) to l): the applicable amount of the Tier 1 capital instruments of financial sector entities held by the institution directly, indirectly and synthetic way, both when the institution does not have a significant investment in these subjects and when l investment is significant; j) the amount of items to be deducted from additional Tier 1 items in accordance with Article 53 which exceeds the institution's Tier 1 additional capital, (restrictions on the cancellation of distributions on additional Tier 1 instruments and items that could hinder the recapitalization of the institution, capital increase); k) the amount of the exposure of the following elements, which have the requisites to receive a risk weighting factor of 1250%, when, as an alternative to the application of a risk weighting factor of 1250%, the entity deducts the amount of the exposure from the amount of Tier 1 capital items: - qualifying holdings outside the financial sector; ii - positions towards securitization (4°), in accordance with Article 243 (1) (b), Article 244 (1) (b) and Article 258 ( credit derivatives with a weighting factor of 1250%); iii - transactions with non-contextual settlement, in accordance with Article 379, paragraph 3; iv - positions in a basket for which an institution is not in a position to establish risk weightings under the IRB approach, in accordance with Article 153 (8); v - equity exposures within the framework of the internal models method, in accordance with Article 155 (4) (possible exposure for equity-related loss, weighted for the related risk); l) any tax relating to the elements of primary Tier 1 capital which can be expected at the time it is calculated, with the exception of cases where the institution consequently adapts the amount of Tier 1 capital elements, to the extent that such taxes reduce the amount up to which these items may be used to cover risks or losses; (between the following paragraphs of the regulation, are defined the activities of the EBA and of the Commission on the elements deductible from the primary capital of class 1). The following articles define detailed provisions for the deduction of capital elements from primary capital of class 1, including thresholds for exemption from the deduction of tax assets that depend on future profitability and derive from temporary differences and the instruments of primary capital of class 1 of the subject in the financial sector in which the institution which holds them has a substantial investment. The primary capital of class 1 of an institution consists of the elements of primary capital of class 1 after the adjustments, deductions and exemptions provided for in articles 32 to 49 of regulation 575/2013/EU, with applied the exceptions of article 79. Article 79 defines provisions for temporary exceptions to the deduction from own funds of an institution when it holds capital instruments or has granted subordinated loans (the repayment of which is subject to the full repayment of all other creditors), where applicable, as primary class 1 capital, additional class 1 instruments or class 2 instruments in a financial sector entity on a temporary basis and the competent authority considers that such detentions exist for the purposes of a financial assistance operation for the purpose of reorganization and rescue of the subject, the competent authority may, on a temporary basis, derogate from the provisions on deduction which would be applicable to such instruments.

NOTE (4°): The securitization process consists of the transformation of an undivided financial asset, for example a credit, into a divided and salable asset: assets and/or liabilities, assets and/o debts from individuals or loans of a company (usually a bank) defined as technically originator, through which emissions are built with the transformation of the asset or debt / credit (securitization) into bonds, ("paper"). For example, suppose the bank has a number of real estate loans among its assets; the bank may decide to securitise them, that is, to issue securities that are guaranteed by mortgages. These securities are then sold to private or institutional investors, and so the bank recovers some money lent to borrowers: the funds that the bank gets can be used to expand its business. Securities, like normal bonds, have a maturity and an interest rate, and the debt service is linked to repayments and interest payments by the original borrowers. The bank, in addition to the advantage of mobilizing those assets that are not liquid, reduces or eliminates the risk associated with the related mortgages, reducing the own funds bound for capital requirements to cover the related risk: the risk is passed on to investors. Securitizations have different ways of transferring risk. In the case of mortgages, for example, they loosen the relationship between lender and borrower and can therefore lead, as happened in America in the case of subprime, to a too easy concession of real estate loans. Among the reforms aimed at mitigating this problem is the imposition of an obligation to maintain in the financial statements of the institution that securitizes a portion of the securitized securities, so as to align the interests of investors with those of the issuer. The English term subprime refers to loans that, in the US financial context, are granted to a subject that can not access to market interest rates, as it has had previous problems in its debtor history; in the face of greater risk, the mortgage it is burdened by a higher interest rate and higher charges. The technique is a modern elaboration of the idea of Johan Palmstruch in 1647; idea that gave rise to the modern system of central banks (debt factories) and commercial banks, as we know them today. The dynamics that constitute the securitization activities can synthetically be described as follows: a subject, called originator, collects a certain number of credits on the market (for example, interest on mortgages). The originator will subsequently transfer the credits to a Special Purpose Vehicle (SPV) and will enter its availability. The SPV will receive, from that moment on, the payments for interest and for the repayment of the capital, made by those who have signed mortgages. The SPV, to finance itself, will issue bonds that are subscribed by investors who have a surplus (excess) of liquidity. These bonds are structured in tranches, and each of them is assigned a rating for the weighting of the related risk. Ordered starting from the least risky, which consequently coincides with the less profitable, the tranches can be distinguished in: senior tranches, tranchesmezzanine, tranches equity, trances constituting the well-known senior securities, mezzanine securities, equities & securities, available in the bond market (stock exchange). The payment of the tranches takes place in cascades, that is, the less risky tranches are paid first (senior) and then the most risky tranches (mezzanine and equity). The subdivision in tranches allows the distribution of risk: senior, less risky tranches that guarantee lower interests may be subscribed by parties with little risk appetite; the equity tranches will allow greater speculation by the investor, provided that he has a greater risk appetite. The interest paid by the borrowers of the underlying loans will be used to pay the interest expense of the bonds. Securitization allows a bank to transform assets by definition non-liquid (like a mortgage) in activity liquid. This is done because by transferring the financing to the SPV, it will be obtained. the consideration in cash (obviously giving the right to the repayment of the capital and the interest of the loan by the contractor), increasing its liquidity & agrave; and being able to also replicate the process, then grant further mortgages and subsequent securitization of the same. The Special Purpose Vehicle is normally not required to respond to any failure of the originator.

In Chapter 3 of Title I, from Article 52 to Article 55 of Regulation 575/2013/EU, the additional Tier 1 capital is defined, consisting of additional Class 1 items after deductions of the elements specified in the section 2, articles from 56 to 60; in Section 1 of Chapter 3, Title I, additional Tier 1 capital elements and instruments are also defined. Section 2 of the same title defines the provisions for additional elements and instruments to be deducted from Tier 1 additional capital; in the definition of additional Tier 1 capital, any exemptions established by Article 79 are applied.

Chapter 4, title I, section 1 defines the elements and instruments of class 2; in the following section 2 the elements to be deducted are defined (articles from 62 to 70). The Tier 2 capital of an institution consists of the class 2 items after the deductions defined in Article 66 of Article 70 and the application of Article 79.

EXAMPLE: that the Tier 1 primary capital items may consist of equity instruments and related share premiums issued by the institution, entirely paid and not purchased or financed by the institution (shares issued directly by the institution). We may consider, as an example, additional Tier 1 capital items the equity instruments not directly issued by the institution (or if issued directly by the institution that do not comply with the conditions of articles 28 and 29), fully paid up, the purchase of which is not carried out by the institution or financed by it, or subsidiaries; (a company in which the institution holds a direct or a controlling interest of 20% or more of the voting rights or capital of the enterprise). The additional Tier 1 capital instruments are of a lower class than the class 2 instruments in case of insolvency of the institution, furthermore the additional elements also include the issue price premium of the same instruments. We may consider Tier 2 capital items the equity instruments and related surcharges issued by the subsidiaries or issued by the institution and not considered class 1 according to the conditions imposed by Articles 28 and 29 of Regulation 575/2013/EU or additional class 1 according to the conditions imposed by Article 52 of the same regulation, fully paid where both the institution and its subsidiaries do not acquire the equity instruments (shares issued by financial subsidiaries, in which the institution controls 20% or more directly or through a control bond); it includes subordinated loans and subordinated loans fully paid up and which are not allocated by them (institution and relative subsidiaries). In Tier 2 capital items and for institutions that are authorized to calculate risk weighted exposures using the IRB method, generic credit risk adjustments may be included, gross of tax effects, up to 1.25% of the amounts of risk weighted exposures calculated according to the IRB method; for the same institutions, the positive amounts, gross of the tax effects, resulting from the calculation of the expected loss amounts, referred to in Articles 158 and 159 up to 0.6% of the risk weighted exposure amounts calculated in accordance with IRB method. Articles 158 and 159 of Regulation 575/2013/EU establish provisions for the calculation and treatment by type of exposure of expected loss amounts; for this example: institutions subtract losses from value adjustments on general loans. At the end of the example it should be noted that the additional Tier 1 capital instruments can also be converted into primary class 1 instruments upon the occurrence of an activating event defined in Article 54, with a clear reference to the instruments directly issued by the institution in compliance article 28 (1) (a), unless a merger exists between the institution and a subsidiary with the prior authorization of the authority competent; for example securities convertible into shares.

The definition of own funds is contained in Article 72 of Regulation 575/2013/EU: the own funds of an institution consist of the sum of its capital of class 1 and class 2. With the article 78 conditions are enacted for the institution to reduce own funds on the authorization of the supervisory authority, for to repurchase fully or partially or to repay, also in advance, instruments of primary capital of class 1, additional instruments of class 1 or instruments of class 2. The Article 79 defines the possibility of temporary derogations from the deduction of equity instruments from own funds. The EBA shall monitor the quality of the own funds instruments issued by institutions (Article 80) throughout the Union and shall immediately inform the Commission when there is significant evidence of the non-compliance of these instruments with the criteria referred to in Article 28 or, where applicable, in Article 29. The competent authorities shall transmit without delay, upon the request of EBA, all information that the latter considers relevant with respect to the new capital instruments issued, in order to enable EBA to monitor the quality of the instruments of own funds issued by institutions throughout the Union. The notification with which EBA informs the European Commission contains the following: a detailed explanation of the nature and extent of the identified deficiency, a technical opinion on the action of the Commission that the EBA deems necessary, significant developments in the EBA methodology for stress tests on the solvency of institutions. Provides technical advice to the Commission on any significant change deemed necessary to define own funds as a result of any of the following factors: developments affecting market rules or practices, changes in the relevant legal or accounting rules, significant developments in the EBA methodology for stress tests on the solvency of institutions. By 31 January 2014, EBA provided technical advice on the possible treatment of unrealized gains measured at fair value, beyond the inclusion in primary capital of class 1 without adjustments. These recommendations have taken into account developments that have affected international accounting standards and international agreements regarding prudential rules for banks.

The European Commission with Articles 82 to 88, Title II of Regulation 575/2013/EU, issues provisions concerning minority holdings and Tier 1 capital instruments and Tier 2 capital instruments issued by subsidiaries; with Article 89, it issues provisions on risk weighting and the prohibition of qualifying holdings outside the financial sector. In paragraph 1 of Article 89, it is established that a qualified holding, the amount of which exceeds 15% of the institution's eligible capital, in a single undertaking which is not one of the following, is subject to the provisions of paragraph 3, of the same article:
(a) a financial sector entity;
(b) an undertaking other than a financial sector entity carrying out activities which the competent authority considers to be one of the following: (i) direct extension of the financial sector banking; ii) auxiliary banking services; iii) leasing, factoring, management of mutual funds, management of "IT services" or similar activities.
Paragraph 2 of the same article establishes that the total amount of qualifying holdings that an institution holds in companies (even if for each individual undertaking does not exceed 15%) other than those referred to in paragraph 1 (a) and (b), which exceeds 60% of its eligible capital is subject to the provisions of paragraph 3.
In paragraph 3 the requirements a) and b) which the authorities apply to the qualifying holdings of the institutions referred to in paragraphs 1 and 2 are established:
a) for the purposes of calculating the capital requirement, in accordance with part three of the regulation (capital requirements), institutions shall apply a risk weighting factor of 1250% (5°) at the higher of the following amounts: (i) the amount of qualifying holdings referred to in paragraph 1 that exceeds 15% of the eligible capital; (ii) the total amount of qualifying holdings referred to in paragraph 2 that exceeds 60% of the eligible capital of the institution;
(b) the competent authorities prohibit institutions from holding the qualified holdings referred to in paragraphs 1 and 2 on whose amount exceeds the allowable capital percentages referred to in those paragraphs. The competent authorities publish the choice made between a) and b).
In accordance with Article 16 of Regulation (EU) no. 1093/2010, the EBA has the task of issuing guidelines that specify the following concepts: a) the activities that constitute the direct extension of banking activity; b) the auxiliary activities of banking activity; c) similar activities.

NOTE (5°): as we will see in the paragraph "risks for a credit institution" the weighting factor intervenes in the calculation of capital requirements and goes to reduce, or increase as in the case of weighting of 1250%, the amount of the institution's exposure to the financial activity in question; the total of the weighted exposure value whose weighting factors are determined using the IRB method based on internal ratings or standardized method, adopted by Regulation 575/2013/EU is used for the calculation of the capital requirements defined by Article 92 of the same regulation as will be illustrated below.

With reference to paragraph 3 letter a of Article 89, the rule in Article 90 establishes an alternative to the risk weighting of 1250% which allows institutions to deduct amounts exceeding the limits specified in paragraphs 1 and 2 of Article 89 , from the elements of primary capital of class 1 pursuant to Article 36 (1) (k). Article 91 defines the shares in companies that can be excluded from the calculation of the eligible capital, in particular in paragraph 1 establishes that the shares in enterprises not referred to in Article 89 (1) (a) and (b) are not included in the calculation of the limits of the eligible capital referred to in that article if one of the following conditions is met: (a) such shares are held on a temporary basis in the course of a financial assistance operation, in accordance with Article 79; b) the holding of such units constitutes a position in irrevocable commitments held for five working days or less; c) such shares are held in the name of the entity and on behalf of others. In paragraph 2, it is established that the quotas not classified as financial fixed assets referred to in Article 35 (2) of Directive 86/635/EEC shall not be included in the calculation referred to in Article 89 ( the term "financial fixed assets" means, in the case of credit institutions, investments in associated companies and securities intended to serve the company's business in a lasting manner).

In Title I, Chapter 1 and Articles 92 to Article 106 of interest for this publication, the Commission issues provisions on generic capital requirements, in particular it defines in paragraph 1 of Article 92 and subject them to Articles 92 and 93, own funds requirements:
institutions always meet the following own funds requirements:
a) a class 1 primary capital ratio of 4.5%;
b) a class 1 capital ratio of 6%;
c) a total capital ratio of 8%.
In paragraph 2 it establishes that institutions calculate their capital ratios as follows:
a) the class 1 primary capital ratio is the institution's class 1 primary capital expressed as a percentage of the total risk exposure amount;
b) the Tier 1 capital ratio is the institution's Tier 1 capital expressed as a percentage of the total risk exposure amount;
c) the total capital ratio is the institution's own funds expressed as a percentage of the total risk exposure amount.
The article also establishes disposition for the calculation of the total amount of exposure to risk; exceptions are defined, for example the exposure relating to the assets of the credit institution's trading book can be excluded from the calculation of the total exposure when the amount of such assets does not exceed 5% of total assets on average and the amount of 15 million euros, moreover, the entity of the assets held in the trading portfolio of the institution must in no case exceed 6% of the total assets and the amount of 20 million euros. In the same title of the regulation it is established that the initial capital required in a business continuity situation and therefore in an entity's own funds can not become less than the initial capital required at the time of authorization.

For public interest entities that only provide payment services, payment institutions (of greater interest for the studies carried out in this research), the initial capital is defined by the EU directive 2015/2366 (amending Directive 2013/36/EU) with Article 7 and which sets 3 thresholds for initial capital:
a) when the payment institution provides only the remittance services of money, its capital is never less than EUR 20 000; b) when the payment institution provides payment services payment order arrangement, its capital is never less than EUR 50 000;
c) when the payment institution provides any of the following payment services listed, its capital is never less than EUR 125 000:
1. Services that allow cash to be deposited on a payment account and all the operations required for the management of a payment account.
2. Services that allow cash withdrawals from an account of pa as well as all the operations required for the management of a payment account.
3. Execution of payment transactions, including the transfer of funds, to a payment account at the user's payment service provider or to a other payment service provider: a) execution of direct debits, including one-off direct debits; b) execution of payment transactions by payment cards or similar device; c) execution of credit transfers, including standing orders.
4. Execution of payment transactions when funds are part of a credit line granted to a payment service user: a) execution of direct debits, including one-off direct debits; b) execution of payment transactions by payment cards similar device; c) execution of credit transfers, including permanent orders.
5. Issuance of payment instruments and/or agreement on payment transactions.
A payment institution may also register information services on the accounts.

Member States must take the necessary measures to prevent the multiple calculation of the items eligible for own funds when the payment institution belongs to the same group as another payment institution, credit institution, investment firm, asset management company or insurance, even when a payment institution is hybrid and performs activities other than the provision of payment services. Where the conditions for waiving individual compliance with the own funds requirements are met (requirements defined in Article 7 of Regulation (EU) No 575/2013), Member States or their competent authorities shall have the right not to apply Article 9 of this Directive for payment institutions included in the consolidated supervision of the parent credit institution in accordance with Directive 2013/36/EU (Directive determining the legal basis for access to the activities of credit institutions, investment firms and relative vigilance).

The same Directive 2015/2366/EU establishes that the own funds of the payment institutions are not lower than the higher amount between the initial capital indicated above (Article 7) or the amount of own funds calculated using the methods indicated below and defined Article 9 of the same directive (with the exception of those offering only money remittance services and payment arrangement services). Article 9 defines three methods for calculating own funds, method A, method B, method C, which are added to the initial capital defined in Article 7; the institute will apply one of the three methods according to the decision by the competent authorities according to the national implementing legislation of the 2015/2366/EU directive.

Method A
The amount of the own funds of the payment institutions is at least 10% of the general fixed costs of the previous year. The competent authorities have the right to adapt this obligation in case of a substantial change in the activity of a payment institution compared to the previous year. When, at the date of calculation, the previous period of activity of the payment institution is less than one full year, this coverage is equal to 10% of the corresponding general fixed costs of the prevailing business plan, subject to any adjustment prescribed by the competent authorities.

Method B
The amount of the own funds of the payment institutions is at least equal to the sum of the following elements multiplied by a ticking factor k, defined below, where the volume of payments (PV) represents one-twelfth of the total amount of payment transactions executed by the payment institution in the previous year:
a) 4.0% of the share of PV up to EUR 5 million plus
b) 2, 5% of PV share above EUR 5 million and up to EUR 10 million plus
c) 1% of PV share above EUR 10 million up to EUR 100 million, plus
d) 0.5% of the share of PV above EUR 100 million and up to EUR 250 million plus
e) 0.25% of the share of PV above EUR 250 million of EUR.

Method C
The amount of the own funds of the payment institutions shall be at least the product of the relevant indicator referred to in point (a) for the multiplication factor referred to in point b), then multiplied by the graduation factor k defined below.
a) The relevant indicator is the sum of the following elements: i) interest income; ii) interest expenses; iii) income for commissions and rake-off; and iv) other operating income. Each element is included in the sum with its own positive or negative sign. Income from extraordinary or irregular items is not used in the calculation of the relevant indicator. Expenditure related to the outsourcing of services rendered by third parties may reduce the relevant indicator if it is borne by a supervised company in accordance with this Directive. The relevant indicator is calculated based on the observation on an annual basis carried out at the end of the previous year. The relevant indicator is calculated on the previous year. However, the own funds calculated on the basis of the C method are not less than 80% of the average value of the relevant indicator for the three previous years. If audited data are not available, company estimates may be used.
b) The multiplication factor shall be: i) 10% of the share of the relevant indicator up to EUR 2,5 million; (ii) 8% of the share of the relevant indicator from EUR 2,5 million to 5 million; (iii) 6% of the share of the relevant indicator between EUR 5 million and EUR 25 million; iv) 3% of the share of the relevant indicator from EUR 25 million to 50 million; v) 1.5% above EUR 50 million.

K FACTOR
2. The graduation factor k to be used in methods B and C is equal: a) to 0.5 when the payment institution lends only payment services remittance of money; b) to 1 when the payment institution provides one or more payment services in addition to money remittance services, payment order arrangement services, account information services.

The competent authorities, based on an assessment of the risk management processes, the loss prevention database and the internal control mechanisms of the payment institution, may require the payment institution to hold up to 20% higher own funds. with respect to the amount that would result from the application of the chosen method A, B or C, or allowing the payment institution to hold lower own funds up to 20% compared to the amount that would result from the application of the chosen method.

Directive 2015/2366/EU establishes provisions for protection requirements (Article 10), in particular Member States or competent authorities require payment institutions that provide payment services to protect all funds received from users of payment services or through another payment service provider for the execution of payment transactions, according to one of the following methods:
a) the funds are never confused with the funds of a any natural or legal person other than payment service users on whose behalf the funds are held and, if they are held by the payment institution and not yet delivered to the payee or transferred to another payment service provider within the first day subsequent to the day on which the funds have been received, are deposited in a separate account of a credit institution or invested in safe, liquid and low-risk assets as defined ite by the competent authorities of the home Member State; and are isolated in accordance with national law in the interest of payment service users from payment claims from other payment institution creditors, particularly in the event of insolvency;
b) the funds are covered by an insurance policy or some other comparable guarantee, obtained from an insurance undertaking or a credit institution not belonging to the same group to which the payment institution belongs, for an amount equivalent to that which would have been segregated without of the insurance policy or other comparable guarantee, payable if the payment institution is not able to fulfill its financial obligations.
The payment institution also protects the percentages of funds that will be used for future payment transactions ( for example, the remaining amount is to be used for services other than payment services). If this percentage is variable or unknown in advance, Member States shall allow payment institutions to protect a representative percentage that is presumed to be used for payment services, provided that such representative percentage can reasonably be estimated on the basis of historical data and deemed appropriate by the competent authorities.

4 - RISKS FOR CREDIT INSTITUTIONS
The provisions of Regulation 575/2013/EU respect the principle of proportionality with particular regard to the diversity of entities in terms of size and scope of operations and range of activities. Compliance with the proportionality principle also implies, rating procedures recognized for retail exposures, are as simple as possible such as the standard method or the internal rating method ("IRB approach"). Member States should ensure that the requirements defined in this Regulation are proportionate to the type, scale and complexity of the risks associated with the business model and the activities of the institution. The European Commission should ensure that the delegated acts and implementing acts, regulatory technical standards and implementing technical standards are consistent with the principle of proportionality so as to ensure that this regulation is applied proportionally to the diversification of institutions and the range of their activities. EBA should therefore ensure that all regulatory and implementing technical standards are formulated in such a way as to respect and be consistent with the principle of proportionality.

4.1 - Introduction
Financial risk affects company liquidity, an important variable for the balance between incoming and outgoing monetary flows, in fact it is also definable as the indefinite (or volatile) variability of investments, including potential losses and unexpected gains. The risk is always present in the market, and based on its perception on the part of the investors the relative trust in the investment is determined. Savers perceive the risk when it manifests itself in the form of loss. Closely related to the perception and assessment of financial risk is the expected return from the investment: the higher the risk, the more the investor requires a return, return or premium for the high risk. Financial risk takes on different dimensions, at different levels. The main distinction is between generic risk and specific risk, valid for all types of investments. There are other differences typical of the various asset classes, such as that between equity risk and bond risk. With reference to the latter, it is possible to identify the risk component associated with the issuer of the security and that linked to interest rates (market risk). Other types of risk involve investments in foreign currencies, country risk, often on the front pages of newspapers, including non-financial ones. As we see in the following paragraphs at this, institutions also have other risks to consider.
Generic and specific: the global economic situation, the ups and downs of stock exchanges and the inefficiencies that characterize the financial system in its complex feed the so-called generic risk, also called systematic because in fact can not be eliminated. It represents that part of the variability of the value of investments that depends on the fluctuations of the markets, which have an impact on any title regardless of its quality. For example, if the stock market is falling, it is very likely that such a scenario will also impact on the performance of my stock. On the contrary, we speak of a specific risk when the "dangers" derive from the peculiar characteristics of the single security and therefore of the issuer. If the latter were in difficulty, we could run into a failure to distribute dividends or reduce the value of the investment, for example linked to a massive sale on the stock market by shareholders. If the generic risk is not avoidable, it is possible to counteract the effects of the specific risk by resorting to so-called diversification. This reduces the exposure, and therefore the link, to the performance of the individual stock, counterbalancing it with that of other investments in the portfolio.
Shares and bonds. An action, in the finance, is a representative title of a share of the ownership of a public limited company. The owner is called a shareholder (in English, the shareholder), while all the shares of the company are called share capital; for the owners of the same there is no guarantee of remuneration of the amount originally invested. The subjects (even legal) investing in shares are aware that, when they decide to resell them, the price may be higher but lower than the initial one, causing an investment return or a loss. The value of the action depends on many factors such as the performance of the market in general and the sector to which it belongs (generic risk), variables linked to the issuer (specific risk): ability to generate profits and cash flows, dividends distributed to shareholders, capital strength, competitiveness with respect to competitors, increase in the market shares of the related company production activities, quality of management. All elements that are difficult to evaluate even for those in the industry. For these reasons, it may help to invest in the stock market through instruments able to diversify the risk on dozens (if not hundreds) of securities, domestic and international.
Bonds. Investment in securities bonds are considered more secure than equities, does not mean that it is totally risk free. Who buys a fixed income security knows the rate of return (the exact amount of the coupon in the case of a fixed rate and the parameter with which the coupon will be determined in the event of a floating rate) and the expiry date in which it will get back the nominal value of the invested capital. It can not be ruled out that over time the issuer (State or company) may have difficulties that prevent the payment of interest. More serious events are that the issuer could incur bankruptcy and, on expiry, do not honor the return of capital. The events related to Argentina in 2001, to Cirio and Parmalat securities, to the issues of the American investment bank Lehman Brothers or to the government bonds of Greece show that it is not just a matter of theory. To reduce the risks above, investment funds can be used which reduce the negative impact in the short term and compensate them over the medium term. For example, whoever invested his assets on July 18, 2008 in Lehman Brothers bonds (that is, a few weeks before his bankruptcy), three years later would have found himself practically without anything (or, at best, with a possible repayment of 15-20 euros per 100 nominal, realizing a loss between 80% and 85%). If, on the other hand, he had bet on a fund invested in Investment Grade corporate bonds, he would have benefited from a net average gain of 9.9% after three years. A mutual fund is a financial instrument comparable to a large piggy bank where the resources of small and large savers converge. The management of the "piggy bank" is entrusted to an investment management company that offers the advantage of a professional investment service to all savers who otherwise, having a small capital available or lacking the necessary skills, could not afford it. The manager of a fund invests in various types of assets such as cash, bonds, shares and real estate. The decision on what to buy depends on the investment objective of the fund. Diversify your investment portfolio by cushioning negative events such as the risks above.
Source: processing on the Banca Fideuram Fondi Index. Corporate Investment Grade bonds in euros.

Issuer: The issuers of securities and equities do not all have the same reliability, which is reflected in the quality of their bonds. The issuer risk of an obligation is linked to the issuer's ability to pay interest and repay its debt. When the subject (state, bank, company, etc.) that issued the bond is not in a position to liquidate the interest and / or to repay the capital, the debtor is considered insolvent. There are independent specialized agencies, among the most famous Moody's and Standard & Poor's (S&P), which help to evaluate the quality of bonds. Attributing the so-called ratings, they estimate the creditworthiness of an issuer, that is, its ability to honor debts contracted in the promised times and ways. Below, in descending order by quality, the main classifications used.

Interest rate. There are two general aspects to be considered for bond investments:
1) the value of the obligation a variable rate tends to vary little over time.
2) the value of the Fixed rate bonds vary in the opposite direction to the trend in interest rates, if the latter rise, the bond price falls and vice versa.
Very often, to assess the risk of bonds and bond funds and to facilitate comparisons , the concept of duration is used which represents the financial duration of a security (or, if it is a fund, the sum of all securities in the portfolio), ie its residual life weighted with the coupon flow that will pay in the future . Expressed in years or days, duration is a measure of bond risk. As the value increases, the volatility of the stock increases and therefore the risk of fluctuating its price over time as interest rates change; for floating rate bonds, it assumes a low value. As a result, their volatility is reduced even in the presence of moderate rate fluctuations. The fixed rate bonds, whose coupon remains identical regardless of the trend in rates, have a longer duration compared to government securities or floating rate bonds; they therefore have greater volatility and a more marked reaction in the event of changes in interest rates in the sale price of the security. The duration of a bond portfolio (as in the case of an investment fund) is equal to the weighted average duration of the individual securities that comprise it. Through the duration indicator it is possible to obtain a measure of the volatility of the reference stock. This is a value that is regularly reported in the tables of bonds issued in financial newspapers and on specialized websites. Let us assume that we own one thousand bonds worth each euro 108 (the total value is therefore equal to 108,000 euro), with a volatility of 5.5%; in the event of a 1% change in interest rates, applying the simplified formula (value of the security before the increase in interest rates x percentage rate increase x volatility) we obtain 5.94% (108 x 0.01 x 0.055 = 0.594 = 5.94%). It means that, if interest rates increase by 1%, the price of the bond in my possession (which moves in the opposite direction to the market rates) will go down 5.94% (in our case would result in a loss of about 6,415 euro), and vice versa if the rates decreased by one percentage point. This estimate is approximate, but can be considered a reliable indicator to assess the possible impact of changes in interest rates on the securities (or the fund) in its possession.
Currency Exchange. There are many instruments on the market in currencies of other countries, developed nations (US dollar, British pound sterling, etc.) and developing countries (Brazilian real, Mexican peso, etc.). In addition to the risks mentioned at the superior points linked to securities, the currency exchange risk that is potentially decisive for the final result of the investment in securities must be considered, which can generate an appreciation but also a depreciation of the investment. In fact, when you buy a stock from another country, eg in a currency other than the euro, you must make a euro currency exchange in the currency of the country where you is issued the security (in the case of an obligation also coupons). If the currency of the country where the security was issued has been re-evaluated on the single European currency, it will add performance to the investment and vice versa if it has lost value. Although in the medium to long term, currency rates tend to reflect the real strength of the economy of the country to which they refer, in the short term the dynamics of the financial markets are such that it is difficult to foresee the evolution of the exchange currency. The DIY investment in foreign currency securities is therefore far from easy. The use of investment funds also in this case can be effective thanks to the possibility of diversifying the currency risk, with costs that are more contained than those incurred for an administered deposit. The administrative deposit is a banking instrument made available by the intermediary to buy shares, also via the web and to carry out other transactions linked to the life of the securities purchased on the stock exchanges, the most important being the New York Stock Exchange. The bank will manage the securities for you by collecting dividends, coupons and repayment of principal upon maturity.
Source: processing of Banca Fideuram, JPMorgan and Sole 24 Ore data; period 19/07/2010 - 19/07/2011.

4-2 Risk classification
In the upper sections of this paragraph we have placed interest in a generic risk analysis from the consumer's point of view; below we will pay attention to the risks to which a credit institution is exposed, classifying them in application of Regulation 575/2013/EU.

1) credit risk (includes counterparty risk, ie the risk that the counterparty of an operation will is in default before the definitive settlement of the financial flows of an operation); the credit risk together with market risk and operational risk became very topical following the Basel agreements, international agreements between the governors of the central banks of the ten most developed countries in the world, the so-called G10. The credit risk of customers, according to these agreements, must be calculated by the banks to guarantee the stability and solidity of the banking system. The credit risk (or risk of insolvency) is the risk that in the context of a credit operation the debtor does not even partially fulfill his obligations to repay the capital and/or to pay interest to his creditor. The New Basel Accord (Basel II) provides guidelines on which credit institutions must comply. First, Basel II defines that the credit risk includes the following variables: the risk of default, measured by the probability of default (PD), refers to the risk of a certain client of the financial institution; the probability of default of a counterparty over the time horizon of a year.
Exposure at the time of default (Exposure At Default, EAD): the value of risk assets on and off financial statements (guarantees issued and commitments), represents the sum of the values of all exposures to the debtor. For the latter, a specific credit conversion factor (Credit Conversion Factor,CCF) the ratio between the currently unused portion of a credit line that could be used, and which would then result in an exposure in the event of default, and the currently unused portion of the credit line, where the size of the credit line credit is determined by the pre-established limit, unless the non-pre-established limit is higher.
The risk of recovery, measured by the Loss Given Default (LGD), refers to the severity of the loss in case of default, is the ratio between the loss suffered on an exposure due the default of a counterparty and the amount remaining at the time of default or the expected value of the ratio between the loss relating to the default and the amount of exposure at the time of default, EAD; for the loss, the recovered flows and the direct and indirect costs connected to the recovery of the receivables are taken into account, which must be discounted using an appropriate interest rate.LGD = F (EAD, CCF).
The effective maturity (Maturity, M): the mean, of the remaining contractual durations, for a given exposure, each weighted for the related amount.
The adjustment for the degree of fractionation of the portfolio (granularity, G): correction to be made to the total of activities risk-weighted for include the level of asset diversification in the calculation system.
The weight of risk ( RW) is used. the "weight" of credit risk, on which the institution will have to weighting assets (risk weighting). It is function of the PD, LGD and M variables (in addition to any corrections due to the variable G), and it is calculated by assigning to each customer a risk coefficient, calculated according to one of the three following methods: standard approach (in line with Basel I (1988); the only change concerns the weighting according to the external rating (assigned by rating agencies) that goes from 20 for the best ratings up to 150 for the worst ones). RW = Y (PD, LGD, M).
Internal rating based approach or IRB (internal risk calculation approach), based on the calculation of internal ratings (assigned by a bank corporate function according to internal data and methods). Depending on the complexity of the procedures for calculating ratings, two IRB methods are distinguished: IRB foundation approach (basic IRB method, for asset classes which are included in retail exposures, for example: unsecured exposures that fall within the retail portfolio "retail" and for which a more weighted weight is applied compared to the ordinary one for unrated credit),
IRB advanced approach (advanced IRB method, for asset classes, other than retail exposures, for example: Bodies) of the public sector, banks and other financial companies, non-financial corporations, short-term exposures, exposures to collective investment schemes, UCIs). In the advanced method, banks can directly use their own estimates, as well as PD, also for loss in case of default (LGD), maturity (M) or the CCF credit conversion factor; in the basic method, only the probability is default (PD).
At the end of the credit risk measurement process, we proceed to associate the weight of risk with a given rating, according to a table of correspondences: e.g. a risk of 0% corresponds to a rating of AAA, of 100% up to BBB-, of 150% under BBB- etc. The goal is determine the risk-weighted asset (risk-weighted asset), ie how much is the risk to which the bank is responsible exposed and which must be covered cautiously. Technically, the risk determines the absorption of regulatory capital (regulatory capital). For the purposes of assessing the creditworthiness of a company, a considerable quantity is evaluated of information about: financial statements, company organization, budget and business plan, trespassing in current accounts, outstanding payments, delays in payment of installments, etc.

2) Market risk, in finance, is the probability of obtaining a return different from the expected one from trading in financial instruments. In particular, it represents the potential loss or gain of a position or a portfolio of securities, over a specific time horizon, following changes in market variables, based on which are distinguished:
Interest rate risk - the risk of loss deriving from adverse movements in the interest rate;
Exchange rate risk - the risk of loss deriving from adverse movements in the exchange rate of foreign currencies;
Share risk - the risk of loss deriving from from adverse movements on stocks and / or stock indices;
Commodity risk - the risk of loss deriving from adverse movements in the price of raw materials.
The perception of market risk that occurs when a financial crisis occurs , the uncertainty increases which in turn generates emotionality and therefore irrational behavior. Experience shows that, during the fall of market quotations, uncertainty causes an increase in the daily fluctuations in share prices. The magnitude of these fluctuations is volatility and is the most common measure of market risk.

3) Operational risk is the risk of losses deriving from processes, personnel and inadequate or insufficient internal systems, or due to external events (attacks, natural disasters, government crises that contribute to modify, at least temporarily, the prices of some listed assets). This definition of operational risk was formulated in the context of the New Basel Accord on capital requirements (Basel 2) which included a specific minimum capital ratio for this type of risk both to give banks greater incentives to develop methods for measuring and operational risk management systems, both to ensure that they have sufficient capital margins to deal with them. In fact, following the progressive deregulation and globalization of financial services (with a view to achieving a single regulation for the SEA European economic area), associated with the development of financial technology, the need emerged for banks to protect themselves not only against typical risks such as credit risk, interest rate and market risk but also other types that do not fall under these definitions. Some examples of operational risk are attributable to human resources such as the risk of manual errors in data processing, negligence, inefficient maintenance of internal controls and backup systems, abuse of confidential information, undue transactions carried out on behalf of the bank, recycling of money of illicit origin. Another primary source of risk concerns the use of information systems whose increasing dependence on banking makes them particularly vulnerable to problems such as programming errors, interruptions and malfunctions of information systems, loss and mismanagement of data and procedures. back-ups, failures and intrusions of external systems. Historically, banks have always faced these risks by adopting control mechanisms within them. Subsequently, with the evolution of the banking system, methods specifically aimed at managing operational risk were developed, similar to the approach used for credit and market risks. The methodological approaches proposed to calculate this requirement are:
the Basic Indicator Approach: the capital requirement for operational risk is determined by the product between the brokerage margin (6°), item 120 of the IAS financial statements, and an alpha coefficient of 15%.
The Traditional Standardized Approach: the capital requirement is determined by multiplying the intermediation margin divided by business line for the respective beta coefficient differentiated according to the specific business line. The Basel Committee has identified 8 business lines that collect the intermediation margin of financial intermediaries according to the technical form of the associated products and / or the market segment they are addressed to. (Financial services for the company 18%, Negotiation and sales 18%, retail brokerage 12%, commercial banking services 15%, retail banking services 12%, payments and regulations 18%, trust management 15%, asset management 12%).
The Advanced Measurement Approach: determines the capital requirement based on internal models. One of these is the Loss Distribution Approach which determines the Operational VaR on the basis of the impact and frequency distributions of each operational risk identified.
The use of one of these three approaches is authorized by the supervisory authority on terms that financial institutions are working to implement systems of governance of this type of risk gradually more complex and structured. The use of advanced approaches will therefore allow banks to obtain a lower capital requirement against a more effective risk governance system.

(6°) NOTE: in economics, an intermediary (also known by the English term broker) is a person (physicist) or a group of people (business agency, agency representative ) that organizes transactions between a buyer and a seller, earning a commission when the deal is concluded. Classically it is distinguished between the intermediary and the mediator, meaning that the former acts in representation of the interests of one or more of the parties, but not all, while the second, whose role is mediating, is impartial representative of all the parties. If an intermediary can have significant relations with the parties he represents, the mediator, on the other hand, could not have it, at risk and otherwise he will fall in the conflict of interests. Also the contracts with which the interposition is legitimate are distinguished in most of the legal systems in which they are typified: the intermediary operates in terms generally attributable to mandate relationships, while the mediator receives the task of mediation. Both figures are legally classified as auxiliaries of commerce.

4) Concentration risk: risk arising from exposures to counterparties, including central counterparties, groups of related counterparties and counterparties operating in the same economic sector, in the same geographic region or carrying out the same activity or dealing with the same goods, as well as the application of credit risk mitigation techniques, including, in particular, the risks deriving from indirect exposures, such as, for example, against single suppliers of guarantees;
5) risk country: risk of losses caused by events occurring in a country other than from the country of orignine of the institution. The concept of country risk is wider than that of sovereign risk as it refers to all exposures regardless of the nature of counterparties, be they natural persons, companies, banks or public administrations;
6) risk of transfer: risk that an intermediary, exposed to a person who finances in a currency other than that in which he / she perceives his / her principal sources of income, realizes losses due to difficulties of the debtor to convert his / her currency in the currency in which the exposure is denominated;
7) basic risk: in the context of market risk, the basic risk represents the risk of losses caused by non-aligned changes in the values of positions of sign opposite, similar but not identical. For example, the "risky" countries are divided into six risk classes, with weighting percentages of 15, 20, 25, 30, 40 and 60 percent respectively of the nominal value of the loans;
8) interest rate risk deriving from assets other than trading: risk deriving from potential changes in interest rates. Intermediaries must be provided with effective rules, processes and instruments for managing interest rate risk deriving from assets other than those allocated to the trading portfolio. The exposure to interest rate risk is measured with reference to the assets and liabilities of the units of the entity operating in Italy and abroad, included in the banking book;
9) liquidity risk: the risk of not being able to meet its payment obligations due to incapacity is to raise funds on the market (funding liquidity risk) and to dispose of its assets (market liquidity risk);
10) residual risk: the risk that the techniques recognized for the mitigation of credit risk used by the intermediary are less effective than expected;
11) risks deriving from securitisations: risk that the economic substance of the securitization transaction is not fully reflected in risk assessment and management decisions;
12) risk of excessive leverage: the risk that a particularly high level of indebtedness with respect to the endowment of own resources will make the intermediary vulnerable, making it necessary to take corrective measures to its own business plan, including the sale of assets with the recognition of losses that could entail value adjustments also on the remaining assets;
13) strategic risk: the current or prospective risk of a fall in profits or capital deriving from changes in the operating context or wrong business decisions, inadequate implementation of decisions, lack of responsiveness to changes in the competitive environment;
14) reputation risk: the current or prospective risk of a decline in profits o the capital deriving from a negative perception of the intermediary's image by customers, counterparties, intermediary shareholders, investors or supervisory authorities.

In the investment activities of an institution, in the relevant investment portfolio, for each line the types of risks and the related exposure amount are identified, multiplied by the sum of the weightings, calculated using the standard or IRB basic and advanced internal method; determine the total value of the exposure of the weighted investment line. The sum of the weighted exposure values for all the institution's investment lines is necessary for the determination of the capital requirement. The total value of the weighted exposure obtained, (relative to the entire portfolio of the institution), is compared to own funds, a ratio that can not be less than 8%; it must also be compared to the primary capital of class 1 with the condition that it must not be less than 4.5% and finally must be compared to the capital of class 1 which must not be less than 6% as seen in the previous paragraph of this publication. Regulation 575/2013/EU defines the provisions for identifying the risks of an investment and for calculating the relative weighting.

4-3 Prudential supervision
The main objectives of Regulation 575/2013 and Directive 2013/36/EC can be summarized in the following three points:
1) the effective pursuit of objectives of prudential regulation, for an accurate measurement of the risks of financial intermediaries and a capital endowment strictly proportional to the effective degree of risk exposure of each intermediary. Encourage the improvement of management systems and risk measurement techniques; enhance the disciplinary role of the market, through specific disclosure obligations to the public.
2) The amendments made by Directive 2013/36/EC and Regulation (EU) no. 575/2013 to the legislative framework on prudential supervision provide for the extension of banking regulation to financial intermediaries, contributes to strengthening the sound and prudent management of intermediaries and the stability of the financial sector as a whole; moreover, the Community legislation allows the prudential treatment envisaged for exposures to banks and investment firms to be applied to exposures to financial intermediaries that: a) are authorized to operate and are supervised by the same Supervisory Authority which authorizes the banks; b) are subject to prudential requirements comparable for robustness to those applied to banks and investment firms; 3) The implementation of the principle of proportionality through a system of modular rules, taking into account the peculiarities of intermediaries in terms of operational, dimensional and organizational complexity as well as of activities carried out. To this end, different rules are envisaged in some areas operating and the is incentivized, more generally, application of the provisions consistent with the specific characteristics of each intermediary. In fact, the regulations introduce rules that differ for some profiles from those envisaged for banks in order to take into account the typical characteristics of financial intermediaries.

Prudential regulation is based on "three pillars" provided for by the Basel regulations and by European regulations. In particular, the former introduces a capital requirement to address the typical risks of financial activities (credit, counterparty, market and operational); to this end, alternative methods for calculating capital requirements with different levels of complexity are envisaged; in risk measurement and organizational and control requirements. The second pillar requires intermediaries to adopt a strategy and a process to check capital adequacy, both current and future, remitting to the Supervisory Authority the task of verifying the reliability and consistency of the related results and adopting, where the situation requires it, the appropriate corrective measures. The third pillar introduces public disclosure requirements regarding capital adequacy, exposure to risks and the general characteristics of the related management and control systems. The scope of the regulation also provides for consolidated rules; in this case, some prudential institutions are applied only at consolidated level and not even at the level of individual members of the group. Own funds represent the first garrison for the risks associated with the activity of financial intermediaries and the main benchmark for prudential institutions and for the assessments of the Supervisory Authority. The discipline dictates how to determine own funds, the criteria and the limits for the calculation of the items that compose them, as seen in the previous paragraph. For credit risk, different methods for calculating the requirement are provided: the Standardized method, the internal rating method (Internal Rating Based, IRB), which in turn is subdivided into a basic IRB and an advanced IRB. The use of IRB methodologies for calculating the requirement is subject to the authorization of the supervisory authority. As seen above under Regulation 575/2013/EU under both methods, it provides a "support factor" that allows intermediaries to reduce the weight of capital requirements for exposures to small and medium-sized enterprises (SMEs), to purpose of favoring the inflow of credit to this category of subjects, given their fundamental role in creating economic growth and guaranteeing employment in the single market. In the same regulation specific rules are laid down for credit risk mitigation techniques (Credit Risk Mitigation, CRM) and for securitization transactions. The CRM identifies the eligibility requirements - legal, economic and organizational - and the methods for calculating risk reduction. With regard to the "traditional" and "synthetic" securitization transactions, the effects for the assignors are regulated, above all in terms of the exclusion of the securitized assets from the calculation of the requisites, and the prudential treatment for the intermediary purchasers. The counterparty risk relates to the risk that the counterparty of a transaction involving financial instruments is in default before the settlement of the same and can be considered a particular type of credit risk, the counterparty risk standard focuses on the rules for quantification the value of exposures, and refers to that of credit risk for the indication of weighting factors. Within the counterparty risk on the banking book, a requirement is envisaged to monitor the risk of negative changes in the creditworthiness of counterparties, other than central counterparties, of OTC financial derivative instruments and, where relevant, SFT transactions (STF means in a broad sense any type of transaction where the securities are used to lend money and vice versa. By way of example, repurchase agreements, securities lending, and sell / buy back transactions are included. In each of these, the ownership of the securities changes temporarily, in exchange for cash, and then reversed again at the end of the operation.). With reference to market risks, the requirement is aimed at dealing with losses that may arise from operations on the markets relating to financial instruments, currencies and commodities. They can be determined according to a standard methodology or based on internal models, subject to compliance with organizational and quantitative requirements and with the approval of the supervisory authority. Regulation 575/2013/EU identifies and determines the treatment of the various types of risk with reference to the trading portfolio for regulatory purposes (position and concentration risks) and to the entire financial statements of the intermediary (exchange rate risk, settlement risk and position in commodities). The standardized methodology adopts a building block approach for the calculation of the requirement (following paragraph); internal models are based on a daily control of risk exposure, calculated through an approach based on statistical procedures ("value at risk" approach), to be integrated with other forms of risk measurement and control. Regulation 575/2013/EU provides a specific capital requirement for operational risk with the aim of increasing the management controls and control over the intermediaries. There are different methods for determining the requirement: the Basic method (Basic Indicator Approach, BIA), in which the requirement is calculated by applying a single regulatory coefficient to the indicator of the company's operating volume, identified in the intermediation margin; the standardized method, subject to authorization by the Supervisory Authority, which provides for different coefficients for the various business lines in which the business activity is divided; Advanced methods (Advanced Measurement Approach, AMA), also subject to authorization by the Supervisory Authority, in which the amount of the requirement is determined through internal models, based on operational loss data and other evaluation elements collected and processed intermediary. The overall capital requirement is determined as the sum of the requirements related to the individual types of risk (building block). The provisions on risk concentration respond to the need to limit the risks of instability of intermediaries involved in the granting of loans of a significant amount compared to the eligible capital. Consistent with the community regulations, limits are set with reference to the extent of the risks that can be assumed towards the client or the group of connected customers. The regulation of the "second pillar" requires financial intermediaries to acquire processes and instruments (Internal Capital Adequacy Assessment Process, ICAAP) to determine the level of internal capital adequate to deal with any type of risk, even if different from those covered by the overall capital requirement ("first pillar"), in the context of an exposure assessment, current and future, that takes into account the strategies and the evolution of the reference context. The discipline identifies the phases of the process, the periodicity, the main risks to be evaluated, providing for some of them indications on the methodologies to be used. The responsibility of the ICAAP process is placed on the corporate bodies. The intermediaries report to the supervisory authority on an annual basis the fundamental characteristics of the process, the exposure to risks and the determination of the capital deemed appropriate to deal with them through a structured report. The latter also contains an ICAAP self-assessment that identifies areas for improvement, any shortcomings in the process and the corrective actions that are expected to be implemented.

The SREP (Supervisory Review and Evaluation Process) is instead the process by which the Supervisory Authority, after having analyzed the overall situation of the intermediary, proceeds to formulate an overall opinion on the intermediary and to activate, where necessary, the appropriate corrective measures. This process takes place, as a rule, through the comparison with intermediaries and the use of the system of analysis and assessment of supervised entities adopted by the Supervisory Authority. The comparison between Supervision and intermediaries allows the former to gain even more in-depth knowledge of the ICAAP process and the methodological assumptions underlying it, to intermediaries to illustrate the motivations to support their valuations in terms of capital adequacy. The Supervisory Authority, if necessary, adopts the appropriate corrective measures, of an organizational and patrimonial nature, identifying among the various instruments available the most appropriate in relation to the specific case. In the context of prudential regulation (Article 1, letter e of Regulation 575/2013/EU) specific public disclosure obligations ("third pillar") are set up to facilitate a more accurate assessment of capital strength and risk exposure intermediaries. Regulation 575/2013/EU establishes quantitative and qualitative information that intermediaries must publish. Based on the proportionality principle, intermediaries commensurate the details of the information to their organizational complexity and to the type of operations performed. The regulation identifies the frequency of publication, the relative exceptions, as well as the checks to be carried out on the information to be made to the public.
Source: Maragoni Mario, Bank of Italy supervisor, Bank of Italy Circular 288 3 April 2015 (https://www.bancaditalia.it).

5 - RISK FOUNDATION
We will refer to the weighting that a credit institution calculates in the case of granting a credit (financing), of greater interest for the research carried out in this publication. Credit granting by credit institutions is based on customer assessment, quality assurance and credit risk; in particular, the credit institution calculates the risk weighting factor to which it is exposed by granting the credit to the customer to define the regulatory capital. With the first agreement signed in Basel in 1988, a capital ratio of 8% is defined, to be calculated on the value of the loan disbursed. The regulatory evolution with the new Basel 2 agreement led to the transformation of the calculation of the Supervisory Capital: even if the percentage to be set aside remained unchanged at 8%, a closer correlation between assets and risks was introduced. The risk assessment methods have changed significantly, now more sophisticated and objective. Already in the previous agreement there was a sort of weighting of the operations, but they were completely standardized and in exclusive function of the type of subject requesting the credit; with the second agreement, an evaluation based on creditworthiness is introduced. With the new agreement, on the other hand, total loans, which must be taken as a basis for calculation, are obtained by multiplying each loan in advance by a weighting factor that takes into account the risk characteristics of the specific transaction. The total capital ratio of 8% is therefore applied to total weighted investments. Compliance with the capital ratios defined in Article 92 of Regulation 575/2013/EU is based on the application of the following formula:
CAPITAL COEFFICIENT = regulatory capital to be set aside / weighted commitments = 8%
The European Commission with the supervisory provisions defined in Regulation 575/2013/EU considers that not all credit institutions will be able to promptly change their IT systems in the short term, thus providing for different evaluation systems, more or less advanced , depending on the needs of the institution: a standard method and an IRB method, in turn distinguished in base and advanced. The regulation provides that the transfer of an institution from the application of the standard method to the IRB method must be authorized by the supervisory authority. The weighting factors on which the rating systems are based are
Rating: it is the judgment on creditworthiness (quality/risk) and expresses the assessment of the reliability of the financed subject on the basis of quantitative, qualitative and performance information (indebtedness of a subject towards credit institutions). The subject will be assigned a specific rating class, which is automatically associated with a specific PD (probability of default);
Probability of default (PD = Probability of default): is the probability that the financed subject is in default (default) over the next 12 months. Loss in the event of default (LGD = Loss given default): the presumed loss percentage in the event of default, compared to the total credit granted net of any recoveries;
Exposure in the event of default (EAD = exposure at default): is the probable quote of exposure at the time of insolvency;
Expiry (M = Maturity): this is the residual duration of the loan.
The weighting factors for a single loan to the company may be used for the purpose of calculating capital requirements for a fraction or for a multiple of the financing itself. This means that, for the same amount of capital invested (ie credit granted), an institution (bank) may find itself in a position to allocate higher quotas to regulatory capital than the exposure, in the case of high risk (the weighted use for the multiplier will higher than the same employment value), or lower than the exposure, in the case of low risk (the weighted use for the multiplier will be lower than the same employment value). Higher regulatory capital implies lower resources for the bank to be dedicated to loans and, consequently, a reduction in bank profitability and, at the same time, a worsening of the conditions for access to credit for businesses (pricing). With reference to the regulatory capital requirements defined by Article 92 of Regulation 575/2013/EU, the weighted exposure amount (the amount of credit granted multiplied by the weighting factor) binds regulatory capital, capital of the entity obtained from the sum of the capital of class 1 and class 2, for an amount equal to 8% of the exposure,
binds the primary capital of class 1 for an amount of 4.5% of the exposure,
binds the capital of class 1 for an amount of 6% of the capital of class 1.

SISTEMA STANDARD (S.R.B. STANDARD RATE BASE APPROACH). Il sistema standard prevede che i fattori di ponderazione del rischio siano tutti formulati da soggetti esterni all'istituto di credito. Il rating viene valutato da agenzie indipendenti accreditate, dette ECAI (7°) ("External Credit Assessement Institution"), mentre PD, LGD, EAD e M sono fissati dall'Autorità di Vigilanza sulla base della categoria giuridica economica di appartenenza dell'impresa richiedente il finanziamento, delle sue dimensioni aziendali, delle caratteristiche tecniche della operazione di finanziamento, ecc. Gli enti creditizi che adottano questo sistema segmentano i loro crediti in categorie prudenziali e ad ognuna corrisponde una ponderazione del rischio fissa. A tal proposito si illustra lo schema predisposto dalle due maggiori agenzie esterne, Standard e Poor's e Moody's, nel quale sono riportate le categorie di rischio che vanno da AAA per le imprese meno rischiose a BB/B3 per quelle che presentano un'elevata rischiosità.

NOTE (7°): External Credit Assessment Agencies, "External Credit Assessment Institution (ECAI)", have been established with the new Capital Agreement defined by the Basel Committee for Banking Supervision ("Basel 2"). These are specialized institutions in possession of certain requirements such as credibility and independence, as well as objectivity and transparency in the assessment of the creditworthiness of the customers of those financial institutions that have not yet implemented an internal rating system (IRB) but who have adopted the method Standardized for the calculation of the capital requirement. Banks can avail themselves of the valuation of an ECAI also in the context of the IRB method, but only limited to positions with securitizations. On 18 January 2006 the Committee of European Banking Supervisors (CEBS) approved the guidelines for the recognition of ECAIs and subsequently the supervisory authorities of the Member States issued provisions for the recognition of the agencies. In particular, this recognition and mapping (reconciliation of ratings to weighting coefficients) is the responsibility of the supervisory authority. This information, an updated list of recognized ECAIs and their mapping, can be found on the official website of the supervisory authorities; (for Italy, the Bank of Italy website). Article 135 of Regulation 575/2013/EU establishes in paragraph 1 that in order to determine the risk weight of an exposure necessary for the calculation of regulatory capital, an external credit assessment can only be used if it is been issued by an ECAI or if it has been endorsed by an ECAI pursuant to Regulation (EC) No 1060/2009. In paragraph 2, the EBA shall publish on its website the list of ECAIs in accordance with Article 2 (4) and Article 18 (3) of Regulation (EC) No 1060/2009.

The following figure shows the pre-established weighting coefficients related to the rating assigned to companies by external companies:

Article 122 of Regulation 575/2013/EU determines the risk weighting factor for exposures to companies, for which a credit assessment of a selected ECAI is available. The weighting ratios for "corporate" customers are four: 20% 50% 100% 150%, based on the rating that the company requesting the loan receives from ECAI. Article 123 of the same regulation defines the conditions for exposures considered at retail level and for which a weighting factor of 75% can be applied, for example when it concerns exposures to natural persons or small or medium-sized enterprises ( SMEs) or the exposure is part of a significant number of exposures with similar characteristics, so that the risks associated with it are substantially reduced. Schematically, the standard methodology works as follows:
EXPOSURE X COEFFICIENT FROM EXTERNAL RATING X 8% = FINANCIAL REQUIREMENT
The Basel Committee has also prepared a "simplified standard method" with the objective of assistance to credit institutions and supervisory authorities; this method, which does not want to be an alternative risk assessment system, provides simplified options for the calculation of risk weighting. Among the various innovations introduced by the new Basel agreement, acquire particular importance the risk mitigation tools that allow, in the standard method, to reduce the PD (probability of default), thus improving the rating of the customer and, consequently, the conditions of access to credit; credit risk mitigation techniques (Credit risk mitigation: CRM). They are represented by ancillary credit contracts or by other instruments and techniques that determine a reduction in credit risk, recognized when calculating capital requirements. Regulation 575/2013/EU, from article 111 to article 133, establishes the weighting values for all types of risks classified for debtor and relative class of merit.

Advanced "IRB" system (internal rating-based advanced). The internal rating-based advanced, is structured as a completely independent method in which the risk assessment of the client is totally carried out by the credit institution. The credit institution will have to have rather complex systems that will allow it to calculate internally all risk variables: PD, LGD, EAD and M. In order for banks to carry out the actions envisaged by this calculation system they must obtain a certification, that will be & agrave; granted by the Supervisory Authority of the country of origin. Also in the advanced IRB system a broader category of risk mitigation instruments is recognized; however, their presence allows the institution, in addition to reducing the PD, to opt for a possible reduction in LGD. Some requirements for the admission of risk mitigation instruments vary, but the company still has greater flexibility even in the context of criteria validated by the Supervisory Authority.
Source: Trade Industry Handicrafts and Agriculture of Macerata, (Gov. Italy).

6 - APPENDIX
In this appendix we will carry out a feasibility study for a capital company whose objective is to realize the investment program concerning the provision of payment services, then the start-up of the activity "Payment Institute".

6 – 1  Introduction

The object of the investment program initiated by the legal entity HTN (limited liability company) is the provision of remote payment services in application of Directive 2002/65/EC for the distance marketing of financial services. In detail HTN will propose the only payment services platform defined as a web payment account to make money transfers from the payer to the payee, (credit transfers, Direct inter-bank, transfers in the SEPA area), excluding credit cards (including prepaid cards) , debit cards, disbursement of loans: in particular, with the exclusion of ancillary services, then granting loans in close relation to the payment services provided and within the limits and with the procedures established by the Supervisory Authority, provide operational or closely related services, such as the provision of guarantees for the execution of payment transactions, exchange services (only for the medium term), custody and recording and processing of data, and the management of payment systems. The provision of services will take place exclusively in electronic mode via the Internet network and there will therefore be no commercial office with the provision of financial services related to cash but only payment services relating to electronic money (it is therefore excluded the management of the coin in banknotes from activity). HTN is a consolidated company of the HTNET Group, and will provide the web payment account (hereinafter indicated with the web account) exclusively to the consolidated companies of the Htnet Group and its members in the medium to long term and therefore will provide a limited number of services during this period. Since the consolidated companies of the HTNET Group are controlled in the majority by the same Holding, the volume of payment transactions that customers will have to carry out with the deposited funds will be known and the control procedures provided for in Directive 2015/849/EU they will be simplified.

L The feasibility of the business plan is identified by investments in bonds considered to be safe with the deposited funds of the corporate group to which they belong, in compliance with Directive 2015/2366/EU and Regulation 575/2013/EU. The entire staff of the IP Institute is composed of the members and administration of the Group. The web channels used arehttp://www.nomeIstituto.eu.

With respect to the management of the business, the business object of the investment program of the legal entity HTN, the correct proportionality is highlighted with the workforce, being the main customers of the IDP the consolidated companies and members the Group; the administration of HTN assumes the same role for the consolidated companies of the Group so the management of payment services is simplified since the payment transactions are always known to the Administration, a dynamic that simplifies the management of cash availability to cover the same transactions and simplifies the quantification of investments in bonds, the main objective of the open institute.

6 – 2  Description of the lines of development of operation

The purpose and objectives of the company are identified in the provision of payment services, the web account, to consolidated of the htnet group to reduce the costs and losses caused by financial services provided by third parties (delays, costs, low interest rate for deposit funds reflected on the balance sheet of the Group and shareholders) to the consolidated companies of the group. Among the objectives we exclude the interest for the revenue caused by the provision of the web account, being the business development aimed at investing in bonds the funds deposited on web accounts provided from the consolidated companies. The type of customer served is corporate, the outlet market while having national potential (internet) is limited to the provision of the web account within the corporate Group. The distribution channels used for the web account are exclusively internet, from the commercial proposal to the activation and supply (more information on the methods of delivery in paragraphs 6-5 and 6-6 of the appendix).

6 – 3 Forecast report on technical profiles and capital adequacy

Forecast on the performance of business volumes

The forecasts on the performance of business volumes for the first three years are illustrated in the estimated financial statements for the first three years of activity annexed to the present application (which are summarized in the summary statements deriving from the forecast budgets at the end of this paragraph). They will be caused exclusively by the investments envisaged for the deposited funds of the customers (government bonds) and by the investments made with the Tier 1 capital of the Payment Institution, therefore the proceeds deriving from the provision of the account in question are excluded. (The revenues from the cost of selling the web account are negligible). The identified number of customers allows us to revise an increasing volume of activity since 2019 and caused by the cession of the VASP operator activities (AGCOM ministerial authorization) of the institute to the Consolidated Vas Adv which will increase its balance sheet in cash and cash equivalents from the filiation relationship with the first telecommunications operator for Italy; an increase in the volume of business is estimated for an average annual amount of about 2 million of Euro. In a long period, 10 years, an increase in the balance sheet of an amount equal to the current balance sheet of the potential HTN institute is expected. The activities of the well-established Vas Adv are scheduled for a period of around 15 years. For a summary of the volume of business, see the following paragraphs of this paragraph.

Qualitative and quantitative evolution of the loan portfolio and the related write-down forecasts, taking into account the average risk of the geographical areas/settlement markets and the customer classes served

The company will not provide services related to financing transactions for customers, and the management of the loan portfolio is excluded from its activity, including the need for operational requirements in this regard and for all types of credit operations. The payment services referred to in point 4 of Annex I of Directive 2015/2366/EU are excluded from the activity program, as indicated in paragraph 6-1; with the exception of the currency exchange rate after the medium term with the relative registration to the Supervisory Board which for Italy is the OAM. The identification of the customers illustrated in paragraph 6-1 and 6-2 of the present integrated activity program (market analysis), allows to define a served customer class whose business purpose pursued has the same interest as the institution: increase the assets of the owners of the HTNET Group during the years, and therefore the interests of the relative shareholders. Dynamics that allow to implement well-defined decision-making processes, exempt from risks of any kind as the business management of the same subjects in compliance with the legislation of the Member State, Italy, is controlled by the same administration of the IP (Payment Institute) as the interests, being the same majority partner administration of the consolidated companies and owner of the Group Holding Company.

The structure and development of economic needs and revenues

Economic needs: the structure of the economic needs is identified in the costs of running the business, the employees of the company, Administration, members of the Group, Monocratic Control Body (cost of the internal auditor in compliance with Directive 2006/43/EC), cost of the external auditor, costs of realization and management of the own infrastructure (descriptive reports of the project in following paragraphs and paragraph 6-6), costs of outsourcing of the service provided, web account (considering the indirect tax costs of the work), consulting costs. Further costs are identified in marketing activities for the start-up phase of the opening payment institution, which are exclusively and exclusively for the Group brand and not for the provision of services beyond the customers identified in the paragraphs above. The web shopping center will clearly indicate to consumers that the payment institution provides the financial services platform exclusively to the corporate group to which it belongs, producing an increase in good for users of the services and downloads of the same Group, indirect in terms of quality increase caused by the reduction of production costs obtained with the launch of the IDP activity. A significant economic requirement (needs) is identified in bond investment instruments (bonds through the Monte Titoli entity) with deposit funds (shareholders and consolidated) and with own funds of the same Institute. The economic investment requirements in bonds initially and for the first 3-5 years are quantified in no more than 5 million. For further details, please refer to the forecast financial statements attached to the request, instance of public authority, (which is summarized in the summary table derived from the financial statements at the end of this paragraph). Structure costs and outsourcing services are added for the provision of the web account. The following is a summary of the economic requirements for the first three years expressed in Euro.

YEARS	Marketing - Management	Structure	Outsourcing	Bonds
2019	100.000,00	250.000,00	50.000,00	4.400.000,00
2020	5.000,00	10.000,00	10.000,00	0
2021	5.000,00	1000,00	10.000,00	0

The development of economic needs obviously involves the investment in bonds that will gradually increase from the fourth year of activity up to the point of investing the entire capital of the institution and the maximum percentage of deposit funds in compliance with the supervisory provisions envisaged from paragraphs 7, 8, 9 of Directive 2015/2366/EU. There are no further cost items relating to masonry works for offices both for the type of activity (remote financial services) and because the company operates in the Internet value-added services sector (VASP operator) since 15 years and for this reason uses the current operational offices with particular reference to the current registered office.

Revenues: the revenue structure is identified in investments made in bonds, government securities considered to be less exposed to risk, given a generally higher creditworthiness of issuers. 5 million of the IP (payment institution) class 1 capital is invested in bonds over a period of three years, as regards funds for third party deposits, considering the low risk of losses due to the low legal interest rate on deposit funds, (costs for IP) even under stress conditions with an increase of 200 points, the first investments will be implemented starting from the end of the third year of IP activity because it is estimated to reach an amount appropriate to the purpose (funds to deposit of the consolidated Vas Adv) . Therefore, the revenues will have a structure composed of the interest rate that will produced by the bonds and the gains obtained in the exercise of the sale of the securities in periods when the purchase price is rising, when the sale allows a profit even at the expense of loss of a semester of the interest yielded by the bonds. The risk of a reduction in capital gains should not be ruled out, therefore a careful analysis will be carried out between the minimum nominal value of the bonds and the maximum value reached in the various periods: 1 year, 3 years, 5 years trying to carry out the purchase at the most favorable moments considering the expiration date for each bond in order to guarantee a fluctuation of the price of the securities, sufficient to increase capital gains.

For the preparation of the forecast financial statements and the summary statement of revenues below, the government bond bond BTP-1FB33 5.75% (Italian State) selected with the criteria described above for investments and the Government bond obligation is analyzed. BTP TF 3.25% ST46 EUR (Italian State). The analysis carried out with the above criteria shows feasibility for the purchase of the second security (BTP TF 3.25% ST 46 EUR) because it can be purchased, for a sufficient period of time for the transaction, at a price not much higher with respect to the issue and redemption value (nominal value) so as to show the feasibility of revenue in the change in the capital gain.

Since it is forecast it will be considered that several bonds will be followed before the purchase for the time necessary to comply with the above criterion and chosen to maintain a rate, as the result of the investment, on average 3.25% with a withholding tax of 12, 50%. For the estimated budget an active interest rate of 3.25% and a purchase cost of the bonds will be adopted, the selling price of the last period, equal to € 105.00 and the sale of the bonds will be simulated in the third year for a sales price estimated at € 112.50 (the purchase takes place in the year 2019 by the end of April and the sale in September of the year 2021); estimates presumed by a brief analysis of the trend of the last 5 years, the trend of GDP and the similarity of variation in the price of the share with the variation in the gross domestic product. For purchases of the following years, since it is difficult to predict the minimum cost, the same cost will be considered (considering the possibility of purchasing a different security).

In the medium term, the institute will be able to diversify the securities platform by applying the differentiated fluctuation criteria: in the investment phases, take into account fluctuations with respect to the securities purchased in order to moderate them over the same time interval (have X/2 securities over the period specific are upward and X/2 securities that in the same period are down). Below is the trend of 5-year bonds, used to define the revenue structure.

Government Bond BTP-1FB33 5.75% - Italy

Date of enjoyment: 01/02/2002 - redemption value 100.00 € - issue price 101.15 € - The bonds yield deferred gross annual interest, payable half-yearly on 1 February and 1 August of each year starting from 1 August 2002, equal to 5.75% of the nominal value of the loan.

The title above shows the risk of fluctuations in the sales price which causes changes in capital gains and possible losses.

Government Bond BTP TF 3.25% ST46 EUR - Italy

Date of enjoyment: 01/09/2014 - redemption value 100.00 € - issue price 99.707 € - The bonds yield deferred gross annual interest, payable half-yearly on March 1 and September 1 of each year, equal to 3 , 25% of the nominal value of the loan.

The following is a summary forecast of the turnover and capital gains relating to the first three years of activity of the potential HTN payment institution with reference to the criteria defined above.

YEARS	Capital gains	Active rate	Passive rate	Revenue (°)
2019	0	3,25%	0,1%	136.188
2020	0	3,25%	0,1%	136.188
2021	523.800	3,25%	0,1%	136.188

(°) In the following table the revenues are gross of withholding taxes and gross of IRES and IRPEG taxes on capital gains. Considering that the Institute will not invest the common funds (of the consolidated companies) for the first three years, it applies a 0.1% customer rate; the contractual covenant on interest after the third year of activity may change.

Product distribution costs and pricing policy ("pricing policy")

Considering the number of five customers identified, service distribution costs will not be incurred and a fixed annual cost of € 500.00 will be adopted as a price policy, including all transactions for the individual web account. The criterion adopted for determining the annual cost of the web account is a summary analysis of the costs proposed for corporate web bank accounts in the remote financial services market. Despite not having distribution costs, costs will be incurred for brand marketing activities through web ads.

Scheduled investments and related financial hedges

The most interesting planned investments, and therefore the economic requirements of greatest interest for the economic feasibility of the opening payment institution as illustrated in the points above, concern the bonds for a total amount of 5 million in the first three years exclusively charged to the own funds of the institute with the objective of resettle in the stock market for the purchase and sale of securities as investment instruments, gradually and proportionate to the growth of the experience: know-how acquired over the years. The following are further planned company and structural investments and related financial hedging.

Additional scheduled investment: from the Group's cash holdings for the consolidated HTN, over € 500,000.00 of funds deposited in the company in electronic money to be used for investment and immediate availability are expected. Being the company reality of the existing group for about 15 years, they are only necessary

·        funds for the purchase of the IT system plus hardware equipment for the management and provision of financial services (attached financial services system to the request, for the public authority);

·        outsourcing costs for web payment account operations functions, "name" service providers.

·        funds for web marketing activities essentially aimed at increasing the brand's value for the launch of the payment institution business and in particular for the increase in quality that will cause on Group's products and services; (will cause a reduction in costs used to increase the quality of services).

The HTN Administration makes available the entire own funds of the same company to cover the costs of start-up and management of the first years of activity and the amount of the regulatory capital (higher than the application of 10% of the costs invested in the first year of activity, and well above the minimum capital requirement calculated with the B method, also with hypotheses of increase requests up to 20%).

Forecasting statements relating to the balance sheet, income statement and cash flow statement prepared according to the accounting standards applicable to financial intermediaries (IAS).

Synthetic exposure derived from the forecast balance sheets. The amounts are expressed in euros.

The open institute reports the retained earnings that at the end of the year 2018 is expected to be 17,303,997 over the share capital (plus legal reserve) of 360,000 which remains unchanged.

BALANCE SHEET ITEMS OF THE ACTIVE	2019	2020	2021
Cash desk and disposability mony	13.981.741	13.073.664	17.865.157
Financial assets measured at fair value with impact on the income statement: c) other financial assets that are necessarily measured at fair value	4.190.400	4.190.400	0
Early tax assets	26.000	26.000	0
TOTAL ACTIVE	17.198.141	17.290.064	17.865.157

LIABILITIES AND EQUITY ITEMS	2019	2020	2021
Financial liabilities designated at the fire value	4.190.400	4.190.400	0
Deferred tax liabilities	26.000	23.600	0
Capital	360.000	360.000	360.000
Reserves	13.113.597	12.621.741	16.904.064
Profit (loss) for the year	(491.856)	91.923	601.093
TOTAL LIABILITIES AND NET ASSETS	17.198.141	17.290.064	17.865.157

ECONOMIC ACCOUNT FINANCIAL INTERMEDIARIES, VOICES	2019	2020	2021
Interest income and similar income	136.688	136.688	660.488
Interest expense and similar charges	2.000	3.500	9.000
Other operating income and expenses	(609.000)	(25.000)	(16.000)
PROFIT (LOSS) OF THE CURRENT ACTIVITY AT THE GROSS OF TAXES	(474.312)	111.688	635.488
Income taxes for the year of current operations	17.544	19.765	34.395
PROFIT (LOSS) OF THE CURRENT ACTIVITY TO NET OF TAXES	(491.856)	91.923	601.093
PROFIT (LOSS) OF THE YEAR	(491.856)	91.923	601.093

Active

Section 1 - Cash and cash equivalents - Item 10 Composition of item 10 "Cash and cash equivalents"

Money in electronic, EURO currency.

Section 2 - Financial assets measured at fair value with impact on the income statement - Item 20

In drawing up the forecast balance sheet for the years 2019-2020 the following simplification logic is applied: the sale price of the securities valued at the end of the financial statements for 2019 and 2020 is assumed to be equal to the nominal value of € 100.00 . Not knowing the real selling price of the securities and being a future event, even if it could be estimated at a value different from the nominal value, (however uncertain) and not being a data that influences the dynamics exposed in the instance, the simplification of above to simplify the calculations. Further simplification used concerns the tax not deducted of 12.5% on the difference of issue (difference between the repayment value and the issue price of the security) from the purchase amount of government bonds because it does not cause changes in the calculations as it will not be added to the deed of sale in the year 2021 of the same securities.

2019: Number of bonds purchased for the financial year 2019 Government bond BTP TF 3,25% ST46 EUR: 9523 - sale price 105,00 € - date of enjoyment: 01/09/2014 - redemption value 100,00 € - price of issue € 99.707 - The bonds yield deferred gross annual interest, payable half-yearly on 1 March and 1 September of each year, equal to 3.25% of the nominal value of the loan. Sales price at 12/31/2019 € 100.00 € - Total number of securities purchased in the financial year 2019: € 4,400,000.00 in 41904 securities.

2020: No purchases of securities are made.

2021: In the year 2021, after the month of September, 41904 government bonds were sold BTP TF 3.25% ST46 EUR - sale price € 112.50 - total revenue € 4.714.200 - capital gain € 523.800 - Tax for 12.50% 65,475 from which the "deferred tax assets" credit of 26,000 euros is offset and the tax reduction caused by the costs of the financial year 2021 equal to 4,880 euros - Tax on the capital gain of 39,275 euros (from which deductible tax is deducted par to 4,880.00 euros) - Total tax for the year 2021, 34,395 euros.

Activities based on third party funds

No investments are made in bonds with third-party funds for the first three years of activity in compliance with the business plan filed with the Supervisory Authority, Bank of Italy for the EU Member State, Italy.

PAYMENT SERVICES:

Quantitative information - Client liquidity with banks

	2019
	Balance at the end of the financial year	Maximum balance in the period	Average balance
Institute	2.200.000	3.000.000	2.500.000
	2020
	Balance at the end of the financial year	Maximum balance in the period	Average balance
	3.700.000	4.300.000	3.300.000
	2021
	Balance at the end of the financial year	Maximum balance in the period	Average balance
Institute	5.200.000	6.200.000	4.500.000

Amount of payment accounts

Conti di pagamento	2019
	Balance at the end of the financial year	Maximum balance for the year	Average balance
- With balance exceeding € 100 - With a balance of less than or equal to € 100	2.200.000	3.000.000	2.500.000
	2020
	Balance at the end of the financial year	Maximum balance for the year	Average balance
	3.700.000	4.300.000	3.300.000
	2021
	Balance at the end of the financial year	Maximum balance for the year	Average balance
- With balance exceeding € 100 - With a balance of less than or equal to € 100	5.200.000	6.200.000	4.500.000

Type of operation	2019
	Amount of transactions	Number of operations	Commissions perceived	Expenses recovery
Arranged by customers	1.031.250	7	(°)	0
Received from customers	3.231.250	4	(°)	0
	2020
	Amount of transaction	Amount of transaction	Commissioni percepite	Expenses recovery
Arranged by customers	1.031.250	7	(°)	0
Received from customers	2.531.250	3	(°)	0
	2021
	Amount of transaction	Number of operations	Commissions perceived	Expenses recovery
Arranged by customers	1.031.250	7	(°)	0
Received from customers	2.531.250	3	(°)	0

(°) All-inclusive formula with a single monthly fee: all transactions included in the fixed monthly fee.

Break-even point

In the third year of activity, in September the break-even between invested costs (plus business costs) and total revenues was achieved. Based on the estimated financial statements that are compiled with the data obtained from the market analysis (study of historical data and market trends for interest obligations) by the technician regularly enrolled in the Order of Engineers, in compliance with this program of activities, it is highlighted the important data at the end of the third year: a profit after tax of € 201,160.00; profit after tax, investment costs and operating costs.

Composition and evolution of own funds;

Provenance and composition of funds: commercial activity carried out in the value-added internet services of the consolidated HTN for 15 years, activities whose economic dynamics have allowed the business relationship in filiation with the first telecommunications operator for Italy (ITC) (Group controlled by the same with reference to the contract and use of resources). The entire balance sheet, funds in electronic money deposited in the company, of the consolidated HTN derives from the relationship of filiation with the same operator. During the filiation relationship the HTN (as well as the consolidated Vas Adv from 2010 and for the next long period of activity, the only VASP operator of the group since 2019) collects by means of wire transfers with filiation mode (°) and therefore without financial intermediary from the first operator ITC, the entire balance sheet, liquid assets of the opening Institute in application of Article 3 letter n of Directive 2015/2366/EU and Article 2359 of the Civil Code of the Member State of the European Union, Italy, in the configuration of control external of the same ITC operator on the HTN (and consolidated Vas Adv) by virtue of certain contractual restrictions. Contract for the provision of the pay-call financial service 899 inwhich the ITC operator did not provide the only pay-call financial service 899 pursuant to Article 3 letter l of Directive 2015/2366/EU and subsequent amendments of the year 2017 in implementation of the European Directive 2015/2366/EU that the Member States of the European Union must have adopted by January 13, 2017. The evolution of the company balance sheet that in the initial phase of activity will be exclusively composed of the own funds of the institute in electronic money it will be caused by investments in bonds that will affect it for the first years of activity quantified in the higher points; in the following, additional capital growth is expected due to investments in securities made with with in funds to deposit of third parties (a percentage of them) deriving from the deposited funds of the consolidated company and shareholders.

_{_________________________________________________________________________}

(°)Transfer, filiation mode: Pursuant to Article 1 paragraph 2 letter f of Regulation (EU) No. 260/2012, currently in force (in 2018), hereby defined transfer mode between filiations for payment transactions which transfer electronic money pursuant to Article 2, point 2, of Directive 2009/110/EC of the European Parliament and of the Council of 16 September 2009 on the initiation, exercise and prudential supervision of the business of electronic money institutions, except where such transactions do not give rise bank transfer or direct debit to a payment account and a payment account identified by the BBAN or the IBAN; considered to the provisions of Article 3 (n) of Directive 2015/2366/EU for payment transactions between subsidiaries.

Evolution of own funds: to the current balance sheet (entirely composed of own funds in electronic money), the revenue obtained from the investments of the funds deposited by the consolidated and shareholders will be added over the medium term. In percentage points we expect to achieve a stable annual growth factor of 5% (500 points). At the end of the long term (over 10 years, around 15) the open institute will merge with some consolidated companies of the Group (subject to authorization by the Supervisory Authority), mergers aimed at increasing the Institute own funds.

Calculation of mandatory minimum requirements, highlighting risk-weighted assets - estimate of capital requirements for significant risks assessed as part of the internal self-assessment process of capital adequacy (ICAAP) (Regulation 575/2013/EU, Directive 2015/2366/EU)

Introduction: from the company dynamics resulting from the activity program (investment program) you intend to realize, a certain risk is clearly identified: the temporal fluctuations in the selling price of the bonds which will cause a change in capital gains and possible losses for the year (in addition to operational risks, security and authentication of payment services, paragraph 6-6); for this reason we will have to measure the risk with respect to the cash availability that the sale of the bonds will be able to produce. In order to avoid situations that induce the sale of the bonds at times when the price is downward (selling at a loss), only the estimated percentage not used by the customers in payment transactions will be invested in the deposit funds. In the specific case, given that the consolidated companies and shareholders of the Group managed by the same administration as the institute, the risk of the solvency of the cash desk can be considered only in a stress test of the ability to coverage of the institution through own funds. The operative domain allows to define two variables (both variables depend on the time dimension): the price of the bonds, the quantification of the amount to be covered with own funds; the price of each security multiplied by the number of securities quantifies the turnover of the sale from which the total amount of deposit funds to be subtracted, less the amount of the same funds not invested in bonds (calculation made at time t). In the event of losses, the minimum opening capital of the Institute must always be added, in addition to the amount of the regulatory capital defined by the minimum capital requirement calculated using method B, also with the hypothesis of increase requests up to 20 %. For the first three years and in safety it will have to be € 200,000.00 (increased amount of both 20% and rounded up for further security). For the following years we estimate a value of at least € 250,000.00 which comes for security reasons to € 500,000.00 composed of the share capital of € 300,000.00 fully paid up, the legal reserve of € 60,000.00 and a reserve of dedicated balance sheet of € 140,000.00 (in essence the amount remains deposited in a liquid company in electronic money).

At this point it is useful to propose some clarifications on the calculation of weighting factors that are based on the exposure of an institution. With reference to Article 111 of Regulation 575/2013/EU, the exposure among other deductions includes the reductions made to own funds and therefore is not considered exposure if it is to be deducted from own funds. For this reason, the institution in investing its own funds in securities will not have to weight any risk, moreover with reference to the investments that it may implement in the medium term in application of the supervisory provisions applied to the payment institutions and with reference to the protection of the funds (article 10 of Directive 2015/2366/EU) will be able to invest in safe government securities considered with a weighting factor of 0% (because exposures to the central administration financed in the same currency of the administration and because defined by the competent authority of the State Member of origin, Italy, low-risk liquid assets). For a more general logic and with reference to capital instruments and exposures in covered bonds, exposures that institutions can assume with the funds to deposit third parties (excluding payment institutions and electronic money institutions) Article 129 and Article 133 of Regulation (EU) 575/2013 define the weighting factors in consideration of the various possible economic dynamics; always for the latter (institutions) the application of article 92 that defines the regulatory capital in paragraph 3 letter a establishes the rules for determining the most ordinary exposures of institutions, while the letters b to f defines less common exposures and certainly of interest for larger institutions, exposures for which a further multiplying factor of 12.5 is foreseen on the sum of the exposures determined by the points from b to f.

Given that the investments made with the mutual funds will produce a capital gain, in case of sale of the bonds that can take negative values ​​in some moments and therefore losses, the own funds will have to cover the negative changes. Two criteria will be adopted: the study of payment transactions carried out by customers (in the specific case in extreme security being known by management) that allows to limit investment in bonds only to mutual funds that the customer will not use for payment transactions (for a long period) and limit the same investments to the ability to cover the negative changes of the institution with own funds. In case of sale of the securities purchased with mutual funds (deposit funds) at times of price reduction, which under stress simulation are considered invested in bonds for 80%, the institute will have to guarantee with its own funds a complete coverage of losses caused by the sale of securities purchased with funds deposits (third-party funds) at the specific moment of price reduction. In this specific case, the institute has only one of the consolidated companies of the Group to which it belongs, as the most interesting customers who will produce mutual funds suitable for business objectives in the short to medium term; to extrapolate the criteria and therefore in the case of several customers, the coverage through own funds (considering equal percentage points of loss for the sale of titles purchased with own funds to cover losses caused by the sale of titles purchased with funds for third party deposits, in times of decline) must guarantee at least 20% of the mutual funds (losses due to negative price changes). It remains an extreme event because the study of payment transactions carried out by customers excludes that all customers exceptionally use all the funds deposited for payment transactions at the same time of decline for the securities. The model presented is based on the estimate of the minimum sale value of the last 5-year bond applied as the value for determining the minimum coverage capacity of the institution with its own primary funds for the financial year. This is a simulation of stress because as explained in the following points of the paragraph the monitoring of the protection of funds, will monitor daily securities purchased and securities that can be bought in the future in order to allow the administration to intervene on the changes (sale). The communication methods take place through the electronic transmission of the file containing the screens of the observed data close to the intervention values, with indication of the name of the garrison and date of the communication; the file thus supplied will constitute the news of the start of the protection measures. To limit losses due to unexpected sales of securities, margins of 5% higher than the purchase value for securities purchased with value close to the issue value intended for the institution's possession for long periods are defined for the discount phases; margins of 1% are defined for securities purchased at a price different from the issue cost and aimed at generating capital gains destined therefore for a short possession. The administration will carry out continuous studies of the companies of interest that issue bonds, securities also of other nations (England, United States, France, Germany) ...., With attention, to the dynamics of the business activities or the national gross product of a nation, political stability, forecasts, data from the National Institute of Statistics and others (expansion of the long-term purchase market).

Analytical method: definition of the control inequality, single currency (Euro), pursuant to Article 3 of Regulation 575/203 / EU.

i= title purchased with third party deposit funds (each natural number from 1 to n corresponds to a type of security)

h= title purchased with own funds (each natural number from 1 to k corresponds to a type of security)

 

 

With  always greater (factor of increase of at least 1,2) than the supervisory capital required by the prudential disciplines of the directive (EU) 2015/2366, articles 7,8 and 9 and of the regulation (EU) 575/2013 (part two and part three with exclusion of the sections that do not affect the economic dynamics of this payment institution).

The model can be applied at a time t + Δt where the Δt represents the short period in which it is desired to extend the control calculation of the risk margin; in this case, the economic quantities to be included are the economic forecast values in the short term.

Analytical method: definition of the control inequality, multi-currency, in application of Article 3 of Regulation 575/203 / EU.

Matrix definition of bond securities with third-party funds

 matrix of dimensions [w x m] containing the platform of securities in which third party funds are invested and where w the variety of securities purchased in the same currency, and m the varieties of currencies in which the investments in securities are made; the elements of the lines make up the various bonds purchased in different currencies (i), the columns make up the various bonds purchased in the same currency (j).

the element  is defined as the product of the number of securities of the same type i for the sale price at time t.

 is the column matrix whose [m]  elements are constituted by the monetary conversion factors valued at time t of the [m] currency in Euro and therefore for the securities purchased in Euro it assumes value 1.

The product between the matrix  and the column matrix  provides the column array  i cui [m] elementi rappresentano l'insieme di titoli acquistati con fondi di deposito di terzi nei vari paesi con valuta diversa dalla valuta del paese di origine dell'Istituto, Euro per l'Italia e i cui importi sono convertiti nella stessa valuta, Euro:

Then the resulting column matrix  has for elements  the total amount at time t of the bonds of the same currency purchased with the third party deposit funds whose amount is converted into Euro currency;

defined with  the column matrix whose [m] elements  are the total amounts of deposit funds in foreign currency j not invested, from which it results that total third party funds at time t are

With  total deposit funds at time t, sum of the funds invested in securities and conversion of the amounts resulting in Euro (for those in a different currency) with non-invested third-party funds converted into Euro by the various currencies.

By indicating with  the total funds for third-party deposits resulting from the accounting entries and therefore without changes due to fluctuations in the sale price of the securities, it is possible to define the control inequality as follows:

CONTROL DISEQUACTION:

Where  represent the own funds the Institute of payment that can be used to cover losses that could cause the risks of exposure (market risk with regard to price fluctuations in securities and currency exchange, operational risk, security and access), therefore the own funds that can be used for the regulatory capital defined by the EU regulation 575/2013, and is calculated as follows:

defined  matrix of dimensions [q x m] containing the platform of securities in which the own funds of the institute are invested and where q the variety of securities purchased in the same currency and m the varieties of currencies in which the investments in titles are made; the elements of the lines make up the various bonds purchased in different currencies (h), the columns make up the various bonds purchased in the same currency (j), the element  is defined as the product of the number of securities of the same type h for the sale price at time t..

Defined  the column matrix whose [m] elements  are made up of the conversion factors at time t of the various currencies in Euro and therefore for the securities in Euro it assumes value 1;

the product between the matrix  and the column matrix  provides the column matrix  whose [m] elements represent the set of securities purchased with the Institute own funds in the different countries and to different currency, respect to the currency of the institution's country of origin, Euro for Italy, and whose amounts are converted into the same currency, Euro:

Then the resulting column matrix  has for  elements the total amounts at time t of the bonds of the same currency purchased with the institute's funds, amounts converted into euros. Defined with  the row matrix whose elements  are the total amounts in currency j of the funds of the institution not invested, you get it that the funds at t time can be used to cover risks are

The Institute own funds,  (converted n Euro), are bound by the supervisory provisions applied to the institutions of payment by the aforementioned Supervisory Authority and therefore will never be less than the capital requirement from these determined, that determines the capital regulatory of the institution (EU directive 2015/2366, articles 7,8 and 9) for which a increase factor of at least 1,2 is applied. The instrumental elements that make up regulatory capital, as reported in the study of the paragraphs above, are defined by Regulation (EU) 575/2013.

In conclusion the explicit "control inequality" for investments in multi currency becomes:

once replaced

The model can be applied at a time t + Δt where the Δt represents the short period in which it is desired to extend the control calculation of the risk margin; in this case, the economic quantities to be included are the economic forecast values in the short term.

The market risk, in finance, is the probability of obtaining a return different from the expected one from trading in financial instruments. In particular, it represents the loss or potential gain of a position or a portfolio of securities, over a specific time horizon, following changes in market variables, on the basis of which they are distinguished:

Interest rate risk - the risk of loss resulting from adverse movements in the interest rate;

Exchange rate risk - the risk of loss arising from adverse movements in the exchange rate of foreign currencies;

Equity risk - the risk of loss arising from adverse movements in equities and / or equity indices;

Commodity risk - the risk of loss resulting from adverse movements in the price of raw materials.

The three pillars (credit, counterparty, market and operational): the prudential regulation is based on "three pillars" provided for by the Basel regulations and by European regulations. In particular, the former introduces a capital requirement to address the typical risks of financial activities (credit, counterparty, market and operational); to this end, alternative methods for calculating capital requirements are provided, characterized by different levels of complexity in the measurement of risks and organizational and control requirements; the second requires intermediaries to adopt a strategy and a process to check capital adequacy, both current and future, remitting the Supervisory Authority to verify the reliability and consistency of the related results and to adopt, where the situation requires it, the appropriate corrective measures; the third introduces public disclosure requirements regarding capital adequacy, exposure to risks and the general characteristics of the related management and control systems. For the institution HTN, the business dynamics illustrated above allow only the market and operating risks to be taken into consideration, extrapolating the extreme simulation and therefore of stress to the fluctuations of the sale prices of the securities: the requisite to absorb market and operational risk is the first pillar; the risk of concentration and "credit" risk relating to the sale to purchase of loans, loans is excluded).

It should be considered that the HTN institute does not carry out financing activities, investment programs, also with reference to the type of authorization requested from the Supervisory Authority, the only risks to which it could be exposed are market risks; therefore, transfer risks are also excluded. It must be considered that in application of the above criteria, the market risks in the specific case are only studied in a simulated dynamic and stress because even in a simulated dynamic (without stress of the system adopted) and therefore an increase in the number of customers who have deposit funds at the institution (services provided: web account) market risks are close to zero, negligible and do not deserve attention. Under stress conditions (in fact obtainable only in violation of the same prudential criteria and internal regulations) to study the market risks caused by fluctuations in the price of securities.

With reference to market risks, the requirement is aimed at covering the losses that may derive from operations on the markets relating to financial instruments, currencies and commodities and with reference to operational risk the requirement is aimed at facing losses deriving from inadequacy o from the dysfunction of procedures, human resources and systems, or from exogenous events, including legal risk due to disputes with customers and/or suppliers. For the institute internal methods are applied to face the market and operational risks illustrated in the upper point of this paragraph. The "second pillar" regulation requires financial intermediaries to acquire processes and instruments (Internal Capital Adequacy Assessment Process, ICAAP) to determine the level of internal capital that is adequate to deal with any type of risk, even if different from those covered by the overall capital requirement ("First pillar"), in the context of an exposure assessment, current and future, that takes into account the strategies and the evolution of the reference context. The discipline identifies the phases of the process, the periodicity, the main risks to be evaluated, providing for some of them indications on the methodologies to be used. The responsibility for the ICAAP process is set by the corporate bodies, therefore specifically by the Sole Director of  the institute. The total capital requirement adopted to HTN coincides with own funds.

The prudential control process complies with the proportionality principle, according to which: 1) the corporate governance systems, the risk management processes, the internal control mechanisms and the determination of the capital deemed appropriate for the coverage of risks must be commensurate with the characteristics, operational, dimensional and organizational complexity of the intermediary; 2) the frequency and intensity of the SREP take into account the systemic importance, the characteristics and the degree of problematic of the intermediaries, the institute.Pursuant to Article 99 paragraph 1 of Regulation 575/2013 / EU and Regulation 680/2014 Article 1, the institute will report its own funds requirements and financial information every three months, and the requirements for liquidity and stable funding requirements pursuant to Article 415 of Regulation (EU) No 575/2013 and will report data on the income statement and balance sheet every 12 months.

The prudential control process takes place at an individual level (the intermediary does not belong to a consolidated group of intermediaries), and in line with the proportionality principle will have a quarterly periodicity and if the market fluctuations or the increase in the services provided will require further checks, may reach a monthly frequency.

Third Pillar: in the context of prudential regulation, specific public disclosure obligations ("third pillar") are placed, aimed at favoring a more accurate assessment of the financial soundness and exposure to risks of intermediaries. The regulation provides quantitative and qualitative information that intermediaries must publish. Based on the proportionality principle, intermediaries commend the details of the information to their organizational complexity and to the type of operations performed. The regulations identify the frequency of publication, the relative exemptions, as well as the checks to be carried out on the information to be made to the public. For the HTN institute, it is sufficient, in addition to all the information on the services provided, to publish the share capital, the balance sheet and the quarterly report (even if semi-annual if sufficient) describing the risks assumed and the coverage capacity of the Institute in the delivery web channel; (profits will not be distributed, however minimum percentages, for the entire life cycle of the Institute, which is not determinable, therefore an available capital requirement that increases over time).

Types of risks: country risk is the risk of losses caused by events occurring in a country other thanItaly. The concept of country risk is broader than that of sovereign risk associated with the performance of public securities, as it refers to all exposures regardless of the nature of counterparties, be they natural persons, businesses, banks or public administrations (risk that affects the economic dynamics of HTN in the long term). The following risks, even under stress simulation, are not configurable: transfer risk, basic risk, concentration risk, transfer risk, interest rate risk deriving from assets other than trading, residual risk, risks deriving from securitisations, risk of a excessive leverage, strategic risk, reputational risk; the valuation of liquidity risk is useful, which will have two components of the mutual funds used by customers for payment transactions and securities transformed into cash to cover payment transactions. The hypothesised events require, in the extreme case, that the every garrison the institute, do not carry out their work for many days and the administration, become untraceable for a long time. Considering that the customer who bring greater economic interest to the institute and therefore deposit funds is the consolidated VASP operator of the Group, having the same administration of the Institute and producing the interests of the same subjects (shareholders), the tools and processes for calculating the mandatory requirements, the measurement and risk weighting are completely performed by the model illustrated in the introduction of the this point (including the analytical model), in application of the second pillar (ICCAP). For the management of operational, security and authentication risks(Chapter 5 of Directive 2015/2366 / EU, Articles 95 to 98), attention is hereby given to illustrating the prevention, control and mitigation mechanisms of operational risk envisaged by the same articles that result content (limited number of customers, number of expected payment transactions not excessive) and with regard to outsourcing, it will be adopted as an additional solution to reduce the losses due to the operational risks, safety and access, adequate insurance taken out by the supplier against the same risks. The infrastructure the institute must, be considered, as illustrated in paragraph 6-6, which causes an increase in operational risk, which is in any case limited considering the limited volume of payment transactions and the internal double check procedure for each individual payment transaction (similar to the procedure of double revision adopted in the scientific publishing sector) aimed at the elimination of human errors in case of refusal both of accreditation as not compliant for example to the unique identifier or data of the payer (and possibly of the beneficiary) both for debit transactions such as credit transfers or direct debits due to incomplete data or errors in the unique identifier. The controls are performed with the help of computer systems that automatically perform up to 50% of the procedures: comparison of the data with those present in the systems adopted with the help of an external supplier; (paragraphs 6-5 and 6-6). Payment transactions are divided into two groups, less than € 15,000.00 and higher than this amount (including related transactions that exceed this amount). When lower, continuous controls are identified in the correctness of the data for customers with whom a relationship of trust and knowledge of financial dynamics is established, when higher and for new customers are added thecontinuous controls of prevention of the financial system against illicit uses such as recycling; with regard to this last point, each new customer is checked against all payment transactions for the first year (in the event of suspicion, continuous control extends at least two years) and subsequently exposed to monthly periodic checks for payment transactions at the below € 15,000.00 while still checking transactions above this amount (even if the amount is exceeded by several transactions that are connected: same payer, same beneficiary). The periodic checks have the objective of verifying any changes in the financial dynamics of the client (activities, sources of income and any other useful information). For each new client, checks will be carried out on the origin of funds used for payment transactions and as the institute only provides a continuous relationship (web account), the intensity of the controls will only fade after having achieved a high degree of knowledge on the activity carried out by the payment account user. However, checks and therefore periodic investigations will be carried out to identify any variations on the activities carried out by the users of the payment accounts; in addition to the obvious customer identification activities (electronic identification as indicated in paragraphs 6-5 and 6-6), investigations will be carried out on the user's administrative documentation, income tax return, documents attesting the origin of funds used in payment transactions, deposited financial statements, and if necessary, accounting entries for payment transactions deemed to be suspect. Initial investigations will be conducted on the potential new customer by querying all available electronic sources (institutional websites of the State, web information) and crossed with the information provided by the client in filling out the forms when requesting activation of the web account. All the controls described here will take place in application of the directive (EU) 2015/849, with the distribution of the necessary resources as illustrated in paragraph 6-4. Regarding this last point, in consideration of the limited size of the institute and the limited number of payment transactions (financial statements, Annex G), the functions to the garrison for security in charge of overseeing the use of the financial system through the services provided, the control of fraudulent access to electronic payment accounts, the control of the regularity of payment transactions and the control for the prevention of money laundering and terrorist financing are carried out by the same human resource which, in the project dimensions, is an optimal solution for the reduction of errors in the performance of control procedures, being a dynamic possible for the small size and number of operations; the same employee in the performance of his duties is found to have a more complete knowledge of the parties involved in the payment transaction and not the relative dynamics that generate the same payment. In a dynamic of enlargement, of an increase in the size of the institution and therefore of the number of customers and the number of transactions, in the control scheme illustrated above, it will be necessary to add an adequate monitoring unit with a fixed subdivision of the web accounts that to be control by distributing the number fairly based on the operational capacity of the garrison. Employees of the Institute will be bound by contract to the code of ethics attached to the application filed for the public authority and exposed to controls and disciplinary measures internal provided for in the employment contract. The institution binds its own funds in observance of regulatory capital, as illustrated at the end in paragraph 6-4 to address operational, security and access risks, in addition to the own funds required for the regulatory capital required by the control inequality defined in the points higher than this paragraph in application of Article 3 of Regulation 575/2013/EU.

6 - 4  Report on the organizational structure

The paragraph contains a report on the organizational structure, based on the legislative framework. The report is accompanied by regulations concerning the main company processes (eg internal regulations, credit)

Considering the size of the opening institute, the number of financial services provided (web account) web banking account for credit transfers and deposits (direct debits for bills payment), given the limited number of customers, mainly consolidated and partners of the Group, the Manager Corporate Anti-Money Laundering (RAA) and identified in the Administration and members who will also perform the functions of staff; among the experiences we highlight the studies and research carried out in the field of scientific publishing research. For the management of the flow of information, specific software will be used as accredited supplier (outsourcing) in the sector of credit institutions, entities of public interest (including the management of the Single IT Archive); further information in paragraph 6-6, "Computer security, software and hardware systems".

For the above reasons, given that it is a very small intermediary, the volume of payment transactions, the number of customers making payment transactions, considering that only the consolidated group VASP operator will have funds to deposit greater interest in the entrepreneurial objectives of the Institute, illustrated above, given the very small size of the workforce in application of the proportionality principle, the a. "Body with strategic supervision function" - d. "Corporate bodies" - e. "Business function" - f. "Corporate control functions" - g. "Anti-money laundering function" are entrusted and carried out by the administration. - b. "Body with management function":  the tasks of management of the year, the execution of management guidelines decided by the Administration, are entrusted to the members, through revocable power of attorney, which since 2006 have gained professional experience in the implementation of the management delegated by the administration, (same as the institute ) for the consolidated companies of the Htnet Group; the supervisory powers of the supervisory body will be entrusted to the shareholders who do not have delegations or roles in the administration, shareholders with qualified quotas both in the Group and in the Institute.  

The offices set forth in this paragraph can not be subject to conflicts of interest because the interests of the institution are the interests of the consolidated customers of the company filing group (no intermediaries) and therefore of the shareholders. To be considered that the shareholders do not assume positions for which the requirements of independence in the workforce can be configured, the only hypothesis of conflict could arise between the two functions strategic supervision and management function (same members of the consolidated Group, customers of the Institute) . In this regard, effective organizational and administrative provisions will be maintained and applied in order to take all reasonable steps to avoid that conflicts of interest negatively affect the interests of the shareholders as follows: monthly documented meetings in which the same shareholders can inform themselves of any changes in the strategies and methods of implementation of the same through the management adopted for the current year. In the case and, as expected, the institute remains in the stable dynamic, the meetings could be postponed annually. If the above provisions are not sufficient to ensure, with reasonable certainty, that the risk of damaging the interests of members with administrative powers, as members of the group, will be informed by the supervisory body clearly in the meeting before to act on their behalf, on the general nature and / or sources of conflicts of interest as well as the measures taken to mitigate the risks involved. The actions of the corporate bodies will always be documented through a report prepared in the periodic meetings with an illustration of the decision-making process, with the related motivations that determine them, in order to allow a control on the management actions and decisions taken. Compliance with the civil law regarding the interests of directors remains unchanged.

c. "Organ with control function": Considering that the financial intermediaries registered in the Register provided for by the Public Authority are public-interest entities, pursuant to Directive 2006/43/EC which the member states have adopted by 29 June 2008 (Chapter X, Articles 39 to 43) and of regulation (EU) 537/2014, they are equipped with a control body which is monocratic for this institution. The appointment and related communication to the Public Authority, (for the Member Country Italy: Bank of Italy) of the single-checking control body as amended by Article 3 of the Articles of Association of the corporate object attached to the application (Annex A), will be carried out within thirty days from receipt of the authorization to exercise the activity. A trusted auditor will be chosen among the Group's trusted consultants (non-member or with other roles in the Htnet Group), who will be responsible for the audit (internal audit).

The body with the control function, respecting the powers of the other bodies and in collaboration with them, then the senior management and the management body: oversees compliance with the laws, regulations and by-laws, on proper administration, on the adequacy of the intermediary's organizational and accounting structures (with access to the minutes of the meetings and close participation in the same). It monitors the completeness, adequacy, functionality and reliability of the internal control system (attachments of the meeting minutes kept by the institute); ascertaining the effectiveness of the structures and functions involved in the control system and the appropriate coordination between them, it will have privileges of access to the managerial system of the platforms that perform the Institute's financial operations for only reading and access to the records accounting of the company, institute, being able therefore to supervise on the correspondence of the ICAAP process (superior paragraph) and requirements established by the normative, will estimate the degree of adequacy and the regular functioning of the main organizational areas. In meetings it can promote corrective actions of the shortcomings and irregularities detected. The observations, proposals and verification activities of the body with control function will be adequately documented and kept. Participation in the meetings of the control body, privileged access to the management system (web accounts administration, accounting records), access to the minutes and related attachments of the periodic meetings allow the body with control function to monitor the operation and 'observance of the organizational and management models that the intermediary adopt to prevent major offenses and violation of internal regulations. During the periodic meetings, the aspects relating to the crimes that may be committed within the financial activity of the institution as well as from the implementation of the investment program, in which it is evident, in application of the principle of proportionality (dimensions and type of operation of the institute) will be analyzed, that the phases at risk are the violation of access to web accounts for fraudulent uses (only theft of credentials to users) and the use of the financial system by third parties, for offenses such as recycling and terrorist financing. As explained at the end of paragraphs 6-3 and paragraphs 6-5 and 6-6, fraudulent use is almost impossible, therefore in meetings as well as a verification of the absence of events that may cause changes in the management of financial services compared to to the present program, attention will be paid to the recycling control procedures and every time the hypothesis of making changes with respect to the events occurred since the last meeting will be evaluated to increase the effectiveness and efficiency of the controls illustrated at the end of paragraph 6-3. Resources economic are allocated from the opening of the institute to the outsourcing of information resources beyond the costs of access to institutional sites where present. During the periodic meetings, the possible need to devote additional financial resources, for example for implementation of information flows with new systems or platforms available on the market, will be evaluated. The body with the control function for the performance of its duties, being able to have adequate information flows from other corporate bodies and control functions, will maintain coordination with these latter functions and with the person appointed to audit the accounts, at the purpose of increasing the degree of knowledge on the progress of company management, also making use of the findings of the assessments carried out by these functions and subjects. Promptly informs the Supervisory Authority (Bank of Italy) of all acts or facts, of which it becomes aware in the exercise of its duties, that may constitute an irregularity in the management or an infringement of the rules governing the activity of the intermediary. The interaction between the activity of the body with control function and the supervisory activity contributes to the strengthening of the overall supervisory system on the intermediary. With reference to the subject charged with the statutory audit of the accounts (external audit) in application of Directive 2006/43/EC, herein of Article 42, paragraph 1 letter a, in consideration of Directive 2013/34/EC, article 34 paragraph 1, Directive amending Council Directive 2006/43/EC (78/660/EEC and Council Directive 83/349/EEC and repealing Directive 84/253/EEC), a professional qualified for statutory auditing will be appointed with reference to to the norms indicated, external to the institute's organs.

The functions of the supervisory body are entrusted to the control body. The control body will oversee the operation and compliance with the organizational and management models adopted by the institute that are suitable for preventing offenses and as indicated above will propose any necessary updates. The current size of the workforce and the organizational structure of the prospective institution do not require further control models beyond those described in this activity program, since the key controls necessary for the protection of the financial system from offenses, control over compliance with regulations, the procedures for using the administrative system and for the management of payment services are defined, in which is possible to identify hypotheses of violations in the protection of sensitive, financial and administrative data of clients (only reading functions are available to the exclusion of administrative body that has access to all functions). Internal disciplinary measures are envisaged based on the entity of the offense committed, for example, for privacy violation, the procedures established by the EU regulation 2016-679 will be carried out by the administrator and the disciplinary system will be applied to the author of the damage violation caused, in case of violations that may affect the professional orders of belonging of the subjects who hold positions in the bodies of the institute and always by the administrator will be forwarded reports to the order of membership (in case the violation affects the administrator the notification will be made by the control body). The control body with the purpose of proposing and introducing changes to the model adopted for appropriate prevention will monitor the dynamics that can lead to offenses through the entire platform of the institution accessible only in reading mode in which all the activities carried out are archived for and within the Institute; will have the duty to detect any illicit actions and to communicate them to the administrator for the implementation of the disciplinary systems suitable to prevent the reiteration. In addition to the supervisory body and in carrying out the management, operational and management functions, the shareholders will also carry out the same controls in order to create a cross-system in which a dynamic that is particularly exposed to illicit (even negligence) or a unlawful action committed to the detriment or interest of the entity, it can hardly escape. In the event of an increase in the number of customers, in the long run, which would imply the increase of the workforce, the following additional criterion for prevention will be adopted: only subjects belonging to a professional body recognized as such by the Ministry of Justice will be hired, as part of the company management (information engineering, economy). The subordinate functions carried out by the collaborators will allow this institution, payment institution, to determine the activities in which crimes could be committed, specific protocols will be provided to plan the formation and implementation of the decisions of the entity in relation to crimes to by prevent, with periodical meetings of the administration and the control body. The entire staff of the prospective institution is obliged to provide information to the supervisory body on any wrongdoing of which it becomes aware or of situations that could cause offenses. The control body guarantees the anonymity of the signaling device. The appropriate financial resources to prevent the commission of crimes and in the case of the choice of collaborators (ranking system based on the candidates' credentials) will be charged to the Institute's own funds. The increase in the cost of labor due to the selection of professionals will be attributed to operating revenues and if necessary to own funds. It will be adopted as a disciplinary system for those responsible for the unfounded reports the compensation of the malice caused to the reported and to it reimbursed; for example, the reported employee will be compensated for the amount equal to the pay deducted for the days of suspension that he would have if had committed the unlawful fact is unfounded; for more serious events compensation will be made with recourse to civil justice; unlawful acts considered serious may also constitute just cause for dismissal. All sanctioning measures taken for disciplinary violations will occur in accordance with the Statute of Workers' Rights for the member state in which the Entity is based, Italy.

It should be noted that the Institute's top management in determining the address functions of the management and in performing the other roles envisaged in the following activity program, makes use of the valuable advice of prominent representatives in the field of business management consulting, the control, revision, banking economy, and relevant legislative aspects; makes use of invaluable advice on legal, constitutional and civil law matters and any other matter may concern the Italian law code and the European Community Law through the consultants of the HTNET Group who have been collaborating for a long time with high direction of the institute.

The additional functions indicated below will be included in the activities of the management body:h. "Important operational functions", an operational function for which at least one of the following conditions is verified: o an anomaly in its execution or its non-execution can seriously compromise: i. the financial results, soundness or continuity of the activity of the financial intermediary; or ii. the intermediary's ability to comply with the conditions and obligations deriving from its authorization or to the obligations set forth in the regulations or concerns operational processes of the corporate control functions or has a significant impact on the management of corporate risks. It is important to define in detail the important operational function aimed at controlling the activities carried out with the institute's mutual funds and own funds (protection for the protection of deposited funds) which highlights the role of the shareholders with management powers, in charge of control price fluctuation of the securities and the methods of communication that, in compliance with the prudential provisions, communicate with the administration in the manner indicated in the previous paragraph; the remaining necessary business functions will be carried out by the Administration with the support of the members.

i. "Risk management process" the set of rules, procedures, resources (human, technological and organizational) and control activities aimed at identifying, measuring or evaluating, monitoring, preventing or mitigating, as well as communicating to hierarchical levels appropriate all risks assumed or assumable in the various segments, and with reference to the risk assessment of the last paragraph of the top paragraph (paragraph 6-3), taking into account, of an integrated logic and also the reciprocal interrelations and with the evolution of the context external is entrusted to the management, the Administration of the Institute, having acquired from the first years of activity through the holding company (engineering company) of the Group relevant experience in techniques to perform market analysis aimed at feasibility studies of investment programs in application of the historical data survey method and the method of forecasting the possible evolution of the data the market of interest (simulations of different scenarios to identify the different consequences with the identification of the maximum and minimum impact on the economy of the activity).

The functions of "outsourcing" for the provision of the service of the web account will be entrusted to the accredited supplier in the sector (sole supplier for outsourcing). Attached to the application (request for the Supervisory Authority) a copy of the service offered by the supplier with all the technical and management information of the service. The outsourced function consists in providing the web server system remotely through which the institution can provide the web account and therefore the administration system for the management and opening of the accounts that make up the web account service, a system that sanctions controls, management and consultancy for the compilation, for data collection that feed the AUI (data collected during the anti-money laundering prevention controls in compliance with the directive 849/2015 / EU subject of studies of previous publications, publication 2018-19.04), allows HTN to provide financial services in compliance with the proposed functional, safety and quality characteristics; equipped with functions to scan access in order to identify attempts to unauthorized access to accounts, the list of all payment transactions performed by account, subject, date, amounts and any other parameter is necessary to improve the quality services provided and the related security. The service provided by the selected provider (Full Outsourcing) for outsourcing is provided in a totally controlled manner by the Institute in the sense that every activity, event generated in the web account delivery system, can be caused either by the end customer or by the HTN institute. The set of daily controls carried out by the Institute in the fulfillment of the supervisory provisions (end of paragraph 6-3 and paragraph 6-5) provide direct and daily control of the level of security guaranteed by the supplier for outsourcing: safety hardware equipment and IT structure.

The characteristics of the information system in relation to its operational dimension and the information needs of the corporate bodies to make informed decisions consistent with the corporate objectives adopt the following procedures: automatic operations performed by the software supplied by the same provider of the outsourced services for the execution of payment transactions (computer structure and hardware for the web account), production models of acts made and viewed before their use, programs for the preparation of financial statements, institutional sites with support functions for business management, data base (dating ) of all the information concerning both the activities of the Institute and the Group, organized by functions, names, subject and unique identification codes. Being information generated during ordinary business activities will be verified before re-use to identify any errors that the IT systems would not have detected in automatic mode. For information security, the protection of sensitive data can be found in paragraph 6-6: Computer Security web infrastructure. The EDP manager is the same Director of the Institute with experience in the production of workstations and servers (assembled) complete with operating systems and software applications of third parties, with own brand from 2004 to 2011, programming, dating, programming experiences web, javascript matured over the years 2006 to date for the corporate Group, data center security, ability to analyze log files to identify suspicious situations (attempts at unauthorized access). For the emergency and business continuity plan, refer to the paragraph: Computer security, web infrastructure.

The administrator of the potential HTN Institute with strategic supervision function promotes the internal dialectics and the effective functioning of the corporate governance system; the same does not play an executive role or performs, even in fact, management functions, roles entrusted to the Group's shareholders who have managerial powers; the small size must be considered and it will therefore perform internal control functions.

The compliance function (responsible) to assess the adequacy of internal procedures with respect to the objective of preventing the violation of mandatory rules (laws and regulations) and self-regulation (statutes, codes of conduct, self-regulatory codes) applicable to the financial intermediary , is carried out by the Administrator starting from the bureaucratic phase for the authorization of the Supervisory Authority of the subject HTN. To this end, the administrative body (strategic supervision) continuously identifies the rules applicable to the financial intermediary and the activities provided by it and measures / assesses the impact on the company processes and procedures; apply, where necessary, during the start-up phase, organizational and procedural changes aimed at ensuring adequate monitoring of the risks of non-compliance with the identified standards, verify in advance and subsequently monitor the effectiveness of the suggested organizational adjustments for the prevention of non-compliance risk. The director adopts as a consultancy process the new know-how deriving from the edition division of the business group (scientific edition) in all matters in which the risk of non-compliance assumes importance.

The Director performs the function of protecting and increasing the value of the Institute for the benefit of its stakeholders, supporting the objectives through the preparation of the methodological framework for monitoring all future activities (therefore, evolution and widening of the choice for the supply market: securities ), continuous improvement of the decision-making process by evaluating the results obtained with the instructive tools adopted for previous decisions that if sufficient will be deemed reliable otherwise improved (a large number of tools to support decisions is a cause of consumption of resources so the selections if adequate must be kept at the expense of a policy of continuous increase and variation of the tools to support decisions). Of course they must be added if not adequate for new types of interventions and therefore new types of decisions: events present in addition to the start-up phases of an entrepreneurial activity, in the phases of expansion of the outlet market types, changes in management models, and therefore rare events. The management risk, will be kept separate from the operational functions for risk management, including the latter, in operational management.

The administrator, exclusively in the role of the office, will provide the institute with a consulting and guarantee based on 25 years of work (Federico II University, Mechanical Engineering, 15 years of design activity, market analysis, business plan, finance facilitated, telecommunications, consolidated business management, professional scientific edition, project manager); assists the organization in pursuing its objectives through a systematic professional approach, which generates added value as it aims to evaluate and improve the processes of control, risk management and Corporate Governance; (function that in general in the financial institutions can also be performed by the direction).

Accounting information system, methods and keeping of accounting records, and protection of deposit funds.

The accounting information system adopted ensures a high degree of reliability. It allows the correct and timely recording of all company operations and management events, in order to provide adequate and up-to-date information on company operations and the evolution of risks. In particular, they make it possible to reconstruct the activity of the financial intermediary on any date, usually for each of the services provided (the web account only). The data will be stored in a suitable granularity to allow appropriate analyzes and aggregations on the company's operations. The software of the selected supplier will be adopted through the market analysis performed for the design of the investment program, object of the present business plan. Institutions establish and maintain appropriate accounting records: distinctly for each client, the sums of money received to be recorded in the payment accounts; and of the assets in which the sums received were invested. These evidences indicate, among other things, the depositaries of the financial instruments in which the sums of money received from the clients may be invested, according to the provisions of paragraph 6-3. The evidence will be updated on a continuous basis and promptly, so as to be able to reconstruct at any time the position of each customer with certainty and will be regularly reconciled with the statements produced by the depositaries.

The sums of money received from customers and recorded in the payment accounts from the institution will be protected in compliance with the European directive (EU) 2015/2366 (Article 10, paragraph 1, letter b); they will be invested in qualified debt securities deposited with authorized depositaries; invested in units of harmonized mutual investment funds whose management regulations provide only for investment in qualified debt securities or money market funds. The institution applies the protection requirements under this point to sums received from customers and recorded in payment accounts that are not delivered to the payee or transferred to another payment service provider by the first business day following the day on which the funds have been received. In the event that the sums of money received from customers and recorded in the payment accounts are usable for payment transactions, the methods of protection of the sums of money indicated above only apply to the percentage of the sums of money to be used for future payment transactions . If this percentage is variable or unknown in advance, the institution estimates a representative percentage that is presumed to be used for payment services, provided that this representative percentage can reasonably be estimated on the basis of historical data; periodically, the institute verifies the congruity of this percentage with respect to the effective use of the sums of money made by the customers. Being the only customers of the opening institution, the consolidated companies of the Group (and related shareholders) administered by the same administration of the HTN institute, the percentage of funds used for future payment transactions is perfectly known. The institute will communicate to the Supervisory Authority for Italy, where it is based: the decision to apply the aforementioned methods of protection only to a percentage of the sums of money received from customers with the related reasons for this decision and the modalities with where this percentage has been determined and will communicate at least annually, the results of the checks carried out in relation to the appropriateness of the determined percentage.

Conclusion: as indicated in the request made to the Supervisory Authority, the institution will manage the payment transactions of the subsidiary Group in which it is consolidated and therefore even if from the summary tables of the economic needs are payment transactions of 5 million in three years, the growing own funds of the Institute should be considered that will remain deposited in the Institute for future payment transactions or will be gradually invested in secure bonds for certain amounts of more than 3 million from the first year, and therefore limited regime is to be excluded even if it is a small institution.

6 - 5 List and characteristics of payment services

The payment institution will provide the payment services indicated in paragraph 6-1 that allow the customer to enter into a contract with the HTN institute for the opening of a bank account (articles 1852 and 1834 of the civil code of the Italian Republic ), for management and execution of payment transactions (credit transfers) with the exclusion of credit agreements, loans in any form (Articles 1842 and 1813 of the Civil Code of the Italian Republic): hereinafter referred to as web account in application of the Directive 2002/65/EC for the distance marketing of financial services. The services provided with the web account financial instrument will be managed with the Full Outsourcing system of the accredited national supplier selected through articulated market analysis, the same supplier for the system outsourcing service including the IT and hardware infrastructure that allows the provide the web account; the Full Outsourcing system for the management of the bank account (web account) includes all the functions related to the management, activation, compilation and data collection for the AUI (data collected during the anti-money laundering controls in compliance with the directive 849/2015/EU subject of studies in publication 2018-19,04) including advice and support for all phases of the web account service, starting from the phase following the customer procurement (functions carried out through specialized high quality software). This is an all-encompassing solution, for the specific needs of the potential HTN institute. It should be noted that in application of the principle of proportionality for the institution, and of the levels and numbers of outsourced processes (management of the infrastructure for payment services, storage, support and advice through advanced software in addition to the activities carried out by the Administration of training) risks deriving from outsourcing are excluded; to consider the stipulation of adequate insurance of the supplier to reduce the impact of operational risk, access and of security that could derive from the supply.

For all the services activated and therefore the related contracts and attachments will be managed and stored by the institute with computerized systems for archiving, processing; contracts and documents relating to discontinued web accounts (including backups of all operations performed by the user) will be retained for a period of 10 years.

The IT system will not allow overflow and will not allow the execution of a payment transaction without the authorization of the payer, the user of the web account, which will have to enter the password DISPOSITIVE. In synchronization with the insertion of the dispositive password, the system generate the confirmation message, which the user receives in the manner illustrated in the next point and which he must use to confirm the start of the payment execution process; only after further confirmation the institute considers the execution instruction received. The data for access to the web area of ​​use and management of the web account, the dispositive password, the further confirmation of the payment transactions and the access signals via sms that the user receives as indicated in the following point, constitute in the complex a strong authentication procedure, in compliance with the new security provisions provided for in Articles 97 and 98 of Directive (EU) 2015/2366 and in compliance with the final guidelines on the security of EBA internet payments issued pursuant to Article 16 of the Regulation (EU) n. 1093/2010 of the European Parliament and of the Council, dated 24 November 2010. The dispositive password is known only to the user and to the system that automatically checks the correct insertion before allowing the payment transaction, the institute can to verify the correct insertion or reports of repeated attempts to insert it (same for the authentication procedure for access to the web account). In case of loss, the user of the web account must activate the security procedure to reset a new password; after completing the verification and security procedures by the management body and contacting the EDP manager, he will receive a new password that will allow the creation of the new password dispositive using the web system, unlike the access data (password or identifier) that can be recovered through a less complex procedure. always behind controls carried out by the management department and responsible for EDP; also in this case provisional access credentials will be provided that the user will have to change at the first access. The main difference is that the Institute can access the web account and possibly suspend a payment transaction but can not perform operations for which the dispositive password is required (it is known only to the customer) unless the monthly fee is credited; also direct debits (bill payment) ordered by the customer and to be confirmed through the device password (event in which the user has to set the maximum credit amount) can only be blocked by the management body in case of anomalies, requests of the customer (both semi-automatic using the web account blocking form, or executable by the web account autonomously within the times foreseen by contract and always using the password dispositive). The maximum amount for direct debits can be changed by the user always by means dispositive password; the system does not allow charges greater than the maximum amount. The institute oversees the regularity of all operations carried out by the client. In case of theft of the access credentials or of the dispositive password, the user must follow the simple procedure provided for by contract and indicated in the web account usage guides to request the suspension of all functions of the web account, request that if it occurs within the 24 hours after the theft of the credentials guarantee zero losses (as better illustrated below). Therefore no deductible will be applied for unauthorized transactions, not possible (the customer can not perform unauthorized operations). With reference to Directive (EU) 2015/2366, if the payment service user does not violate the provisions of Article 69 of the Directive, and excluding that he acted with intent or gross negligence, the first point of the paragraph will be applied 1 of article 73 of the same directive, charging the user for unauthorized payment transactions for an amount not exceeding € 50; the third point of paragraph 1 of article 73 (same directive 2015/2366 / EU) is applied if the user does not fulfill the obligations of article 69. For contract the user must report the loss or theft of the data for access to the web account within 24 hours, at the Institute considering that the notifications received after 8.00 pm and up to 8.00 am of the following day are considered received from 8.00 am; furthermore, considered to Article 69 paragraph 2 of Directive (EU) 2015/2366, it is the user's responsibility to keep the data important for security separate, at least separate the email for further confirmation by the device password and credentials to access the web account, which excludes the possibility that the user may lose or suffer a theft of security data without realizing it. In order to reduce risks, the user can set limits on the maximum amount of individual transactions and on the maximum daily amount, in addition strong authentication will be applied as defined by the same directive (EU) 2015/2366 article 4 point 30 and related requirements, Articles 97, paragraphs 1 and 2; the user will receive at the e-mail address indicated by him, the notice for each payment request sent to the institute a few moments after the transmission for the final confirmation (further confirmation) and will receive in the same e-mail notification of every request for accreditation received promptly upon receipt at the institute (the e-mail address may be changed by the user at no additional cost as indicated in the following point).The payment transaction can be sent to the institution only after the insertion of the dispositive password that is known only to the user of the web account, whose execution will take place only after further confirmation by the user in the manner described in the following point. The sophisticated systems adopted by the institute will perform these last functions in automatic mode. The management of the security of direct debits and similar to credit transfers, the user after receiving the notice of direct debit activation request by the institution in the email for operational communications and agreements made with the counterparty, must access the web account and enter the dispositive password, as well as setting the maximum credit limit; the execution of the procedures for activating direct debits can be carried out by the institute only after the user has further confirmed the payment transaction requested through the confirmation communication received in the operative email following the insertion of the device password. In case of loss or theft of all data (login credentials, device password, change of pec address and mobile phone number), the user with signature with active digital identity will have to fill in the forms again for the mobile phone number and pec subscribed with digital signature and forward them to the institution as indicated in the contract and in the web guides after following the web account blocking procedures in case of theft; the e-mail for further confirmation of payment transactions, must be entered by the user, once the data recovery procedures have been completed. The web account allows the user to update all data relating to him, such as any change of domicile, renewal of the identification document used to activate the account and others; operations that require the dispositive password.

Illustration of the control mechanisms for security and access during activation and in the operational phase of the web account

The user can request activation of the payment account through the web channel in which he will insert an email address, where he will receive all the electronic documentation in pdf format that he will have to fill in and forward to the pec address of the institution indicated in the documentation. address that the user must use for subsequent requests to modify data deemed important for security in case of theft or loss, such as the mobile phone number, the user's e-mail address and the e-mail for operational communications (confirmation of payment transactions); after access to the web account, the user can change all data except for the pec legal email address, from the management panel. The legal e-mail address must be in the institutional sites as registered in the person who activates the account (signer with advanced digital signature), so if personal to the person, if legal entity to the company and the signer with advanced digital signature of the activation documents must correspond to the legal representative indicated always in the institutional sites. Once the control and verification procedures have been completed, the institute activates the account giving communication to the user in the legal mail indicated in the signed documents with an advanced digital signature and certified by an accredited body; will receive with the same communication the authentication credentials that the user will have to change at the first access. From the dedicated web panel, the user will ask the system to generate the first device password that is automatically received from the server at the pec address (mail legal); the code sent in this way is known only to the recipient, he can always change it periodically using the last available password dispositive in his possession. In case of loss it will have to fill in the appropriate pdf document that has received with the initial documentation and forward it to the institute's mail pec indicated in the activation documentation (for the password recovery pdf document it can always download the request through the web channel); the form must be sent from the last legal e-mail address communicated at the institution from the user if it has been modified with respect to that indicated at the signing of the contract. To eliminate the risks of fraud, the payment transactions requested by the user to the institution, through the web account (semi automatic) will be processed by the same institute only after the user has confirmed via the communication received in the email address also not legal e-mail indicated in the initial documents signed or set by the web account management panel; the received communication contains a confirmation link that allows the system and in automatic mode, to start the procedures for the execution of the requested operation within the time agreed by contract (48 hours) after it is opened (clicked). The communication is automatically forwarded by the system as soon as the user of the web account confirms the payment transaction by entering the device password. For the protection of only the financial and sensitive data of the user from unwanted access (theft of the only data to access the web account), the system will communicate via sms to the user every access made to the account at the time it takes place. For the reasons described here the email pec, necessary for the activation of the web account, generation of the dispositive password even in case of loss, change of the mobile phone number, spread pec e mail ordinary for operational communications, are considered important data for the security and can only be modified with the direct intervention of the Institute (responsible for supervising the verification and safety procedures by the management body and contacting the EDP manager); the request for modification of the data considered important for safety (even just one of the three) must be forwarded to the institute through the pec indicated in the activation documents (the mail legal pec) or subsequently modified by means of the legal mail change form (forwarded to the institute with the new mail legal the user's). The electronic form in pdf to be filled must be signed with the advanced digital signature active of the contract underwriter. The mobile phone number must also be updated by the Institute, if the user has changed the number before the change of e-mail legal and can not intervene from the panel manager of the web account for loss or theft data, being necessary for to complete the change pec. Through the web account the user can make payment transactions for the transfer of funds (virtual currency, electronic) direct debits, or receive credit funds (always virtual currency, electronic) by bank transfer with IBAN, BBAN, (also BIC, SWIFT) in compliance with Regulation (EU) 260-2012 and credit transfers without IBAN, (BBAN, BIC, SWIFT) for debits pursuant to Article 1, paragraph 2, letter f (excluding direct debits). Credit transfers will be carried out in the SEPA area, Credit Transfer (SCT) in compliance with the times described above, 48 hours; for bank transfers without IBAN (BBAN, BIC, SWIFT), higher time may be required on a case-by-case basis. In compliance with the above-described dynamics, a continuous and unrestricted level of service is guaranteed, verifying the adequacy of the client's needs in their use, substantially quality surveys and a periodic analysis of the control procedures adopted in order to eliminate inertia in the execution of payment transactions and where possible to reduce the time (competent body: super strategic vision); the reliability and availability of the service is also guaranteed through the controls performed by the administration of the institution as illustrated at the end of paragraph 6-3 and in the mechanisms above this point.

In the monthly cost of sale of financial services, the web account will not be applied to the customer the stamp duty of € 32.20 due by natural persons; the same will happen for the current accounts of legal entities whose stamp duty is equal to 100 euros a year, regardless of the average annual balance.

The withholding tax applied by the prospective Institute on the credit interests accrued in the current account is 26% in application of the tax laws in force in the Member State of the European Union in which the Institute, Italy is based. There is no capitalization for the client in application of the legal interest rate that does not reach 1%.

The cost of the web account is a fixed monthly fee both for individuals and legal entities equal to € 40 per month and does not include additional costs for payment transactions; from the web account it will be possible to charge and receive funds in electronic money considering that the open Payment Institute will provide only remote financial services: web account. Payment transactions may be canceled by the payer within 24 hours of placing the order and will not be executed before 48 hours (pursuant to Article 78 of Directive 2015/2366 / EU). The payment transaction can be credited to the user's account within 24 hours of receipt of the funds (credit notification by the payer's service provider) on the account of the institution, in which case the credit date corresponds to the date in which the institution took possession of the funds.

The methods for crediting the monthly cost of the web account are made automatically from the user's deposit funds at the beginning of each month and within 15 days of opening for the first month. In case of unavailability of funds the web account is suspended without further costs. The customer for the reactivation will only have to top up the account (transfer sufficient funds to cover the monthly cost of the web account), alternatively it remains suspended until the user communicates a request for withdrawal from the contract stipulated in the manner indicated therein; (request to be forwarded to the e-mail legal address of the institute) (°).

I servizi saranno forniti in conformità alla direttiva 2007/64 / CE e successive modifiche apportate dalla direttiva europea (UE) 2015/2366 (articoli da 38 a 94).

Interbank network

The RNI protocol is also an international standard adopted by European banks for the secure exchange of financial data. The outsourcing service includes the transmission infrastructure and therefore access to the national interbank and European network, so as to follow an illustration regarding only the implementation of own infrastructure for the provision of the service "web account", which that will be realized place later when starting the Institute activity.

The open institute will interface to the RNI, the transmission infrastructure of the Italian payment system, through an accredited Network provider, an RNI Service Provider. The national provider of access to the network that with its own telematic network, is a Network Service Provider of the National Interbank Network (RNI) on which the SITRAD (Interbancario System of Networks for Data Transmission) is based, the convention that allows the transmission for via data transmission and information flows connected with the execution of banking and financial transactions on an international scale. The provider's network, through the RNI, links the Data Processing Centers of the Supervisory Authority, of the banking institutions, of the Ente Poste, of consortia, of Application Centers, of Mobiliar Intermediary Companies (SIM), post-trading and international market operators.

Data transmission takes place through the Suite Messaging Services which manages the communication between the participants in the convention through messaging services in a B2B logic. The provider, provider, ensures the transport of interbank devices and information flows ensuring reliability of execution, security and confidentiality of data. Through the RNI the open institute will exchange with the other intermediaries Banks, IDPs, IMEs, exchange inter-bank transactions in electronic with each other with the application centers and with the other European and world networks (SWIFT). The transport services that make up the Suite Messaging Services are: FTS-File Transfer, MSS-Message Switching, Trans-TRS, Fast & Lite-FLS, Web Service-WST. Through the network architecture of the RNI provider the Suite Messaging Services is able to simplify the integration of user applications, relieving them from the need to manage the complexity of transport processes (retry, status management, monitoring, etc). In fact, the communication of the various messaging services with the user applications connected to a domain takes place thanks to the use of the Gateway of the RNI provider (EAS / FAS / Smart Integrator Standard) installed at the public interest institutions, then the open IDP Institute. The Messaging Services Suite adopted by the Institute consists of the access service to user domains, with which the RNI provider allows its customers to access through a single network infrastructure managed to different communities (RNI, T2S, EBA STEP2 , Instant Payment, ...); the network of the provider on which it is based enjoys all the advantages of a "managed end-to-end network". A managed point-to-point network where all the components are provided, installed and managed by the provider means first of all minimizing the complexity of the access infrastructure to the advantage of a greater focus on business objectives. Messaging Services will be independent by design of transported contents, and can be used for the transport of all international standard protocols such as RNI and ISO. Ultimately it is a solution that has the following advantages: peer-to-peer infrastructure to ensure data security and confidentiality, reduction of data transfer costs thanks to the compression of native data, notarization and time stamp for a formal transmission control data, guaranteed data delivery, the gateways provided by the provider support multiple operating systems (IBM Mainframe, Linux, AIX, HP UNIX), a single point of contact for all requests for assistance to the customers of the RNI provider., complete with management and service monitoring for 24 hours a day, 365 days a year. Some of the main strengths of the Messaging Services Suite are underlined: the automated management of the Disaster Recovery procedures through the backup nodes the compression integrated in the network infrastructure in order to process the least possible number of bytes, the availability more interfaces for different application environments. The solution is independent of the type of hardware and software adopted, thus safeguarding its investments and technological independence, as well as providing access to the main interbank auxiliary services such as the Supervisory Authority's Central Unit and the Computerized Fraud Prevention System Payment cards.

The provider of access to the RNI network will provide the Institute with access to the Payment Node and the connection to the "Payment Node-SPC" platform compliant with the AgID specifications. The service inherits all the features of the RNI provider network, in particular it uses the Web Service Transport-WST, to which it adds functions to transparently exchange SOAP messages with the "Payment Node-SPC". In order to ensure compliance with AgID specifications, the service provides counterparty identification, data transmission encryption and message tracking.

Complaints management, reports, incident management, ADR procedures, outsourcing controls management

The outsourcing system, such as the web channel for access to the service provided (web account), allows the forwarding of electronic complaints that will be handled by the institute and the competent body according to the type of request sent by the customer. Complaints and reports may be forwarded through the references available from the website of the institute or from the web account management platform; the procedures for processing complaints include the reception phase in which the urgency is assessed with priority for security issues that are processed promptly at a few hours, instead the reports and complaints of an operating nature are processed within 24 hours and within seven days all the others. Any complaints or serious security and operational incidents are notified without delay to the Supervisory Authority via certified digital communication; if the incident affects or could affect the financial interests of its payment service users, the institution shall inform its users of the incident without delay and of all available measures taken to mitigate its adverse effects. It must be considered that the use of the dispositive password known only to the user and generated automatically by the system at his request does not allow improper use of the financial system of the Institute unless theft, theft that would not produce the effects hoped by the ill-intentioned in how much any attempt of operation is tried by the institute (hypothesized at the moment unaware of the theft) only after further confirmation by the user through the confirmation email that receives for each use of the dispositive password, to add that the latter receives a SMS notification when access to the web account occurs, therefore the damages in all the hypothetical dynamics of security breaches and accesses are minimal and null in application of the intervention times of the institute in the area of ​​reports on accesses and violations (suspension of access, change of credentials, verification of data of the parties involved and every other action it became necessary for the specific happened). The administrative systems of the institute and for the management of financial services (web account) have the same level of protection to which is added an ad hoc network of connection with the infrastructure considered immune from any type of violation, in addition the theft of credentials does not it would be enough to access and then you get to an optics in which the institution should be stolen everything that according to the illustrations in paragraph 6-6 still would not be able to access: they should be combined, devices to access the protected network, password access to the protected network , password access to managerial systems, passwords to operate, constituting as a whole a security mechanism that can only be used by senior management. The most serious operational incidents that can be hypothesized have a very limited existence domain both in number and extent of the damage with a minimal impact on the Institute and none on the users of the payment services provided, as deducible from the entire reading of this project (activity program, attachment B of the application for the Public Authority): the proportionality principle distributes the company functions to the Management Body, the strategic Supervisory body and the control body, allowing a continuous dialogue through a telematic communication system, exchange of electronic documents by means of dedicated documents and periodic meetings, computerized information systems outsourced (outsourcing provider), control of automatic data when present in the directories of the web structure for the provision of services and information system outsourced, double continuous control of the administration, both for the correct execution of the operations of payment that for the controls provided for by Directive 849/2015/EU, centralized management of company functions by means of software with remote management, automatic data collection of each operation and communication performed during payment transactions, wide availability of information provided by the supplier 'Outsourcing. Furthermore, the institute will join the Financial Banking Arbitrator (application of article 102 of the 2015/2366/EU directive for Italy), as an alternative dispute resolution procedure (ADR) not exceeding € 100,000.00 , for the member state in which the institute is based, Italy. There are no limits for matters relating to the ascertainment of rights, obligations and powers. For disputes over € 100,000.00 and in accordance with the Regulation (EU) Number 1215-2012, Chapter II, Section 4, Articles 17 to 19 and in application of Article 19, is chosen as the place of jurisdiction, the forum ofSalerno, Italy. The cumulation of checks indicated in the higher points of this paragraph and at the end of paragraph 3 constitute a mechanism for controlling the outsourced web account service, including IT systems, and information services (same outsourcing provider) which eliminates the material possibilities of to jeopardize the quality of internal control of the payment institution and the ability of the competent authorities to monitor and document that the payment institution fulfills all the obligations set out in Directive (UE) 2015/2366; furthermore, they ensure that outsourcing does not result in the delegation of responsibility by senior management and that the relationship and obligations of the payment institution towards its payment service users under the same directive are not altered, that compliance with the conditions that the payment institution must satisfy in order to be authorized and to retain such authorization in accordance with this title is not jeopardized, and that none of the other conditions to which the authorization of the payment institution was subjected has been deleted or modified. Finally, the daily control of the log file for access to the managerial area of outsourced services allows for a direct and daily control on the verification of the level of security guaranteed by the outsourcing provider: security of hardware equipment and IT structure; an effective strategy of regulatory compliance and risk management is guaranteed, even with recourse to adequate insurance coverage of operational risk by the supplier.

6 - 6 Computer security, software and hardware systems

The administrative department (as administrative body of the Payment Institute) having technical skills with reference to the Group's IT network carried out simulations of the operation of a section of the network (work station - server - hosting) aimed at the security of data relating to services financial instruments simulating volumes of data to be managed and archived generic. With the project goal of reaching an operating level capable of filling also a natural disaster situation, system errors, and possible data loss, the new headquarters of the Hosting Industry, the current supplier of the corporate Group to which it belongs, is chosen as the location with which it has been established a relationship of trust of almost two decades, locations free from flood risks, and most of natural disaster, beyond standards and certifications of control and security of data that demonstrate for the supplier a level well beyond the highest safety standards both in the internal (European) and external (international) markets. These are all-inclusive locations with high quality standards, both technical, network, environment control, continuity, physical access, maintenance, layout, innovation, technical features for physical and remote security at every level.

In compliance with the report on the synthetic activity program approved by resolution of 21 June 2017 and subsequently supplemented by the Administrator for the authorization request to the Supervisory Authority for the Member State of the European Union Italy, the Bank of Italy will be adopted the double solution, outsourcing of financial services, own IT infrastructure.With reference to the design choice adopted, sufficient to guarantee the parameters of environmental control and continuity of electricity in the location of the infrastructure and outsourcing (market analysis in progress for the choice of the potential supplier for outsourcing), the tests focused on data backup solutions. Given that from the first tests performed the encrypted backup provided interruptions in the operation of the equipment, variable discontinuity with both the complexity of the encryption and the frequency of the backup, is therefore excluded for an unencrypted backup solution, (unencrypted backup files ), with the possibility of reaching continuous backup frequencies. It should be noted that continuity will be an adoptable solution only after the last tests that can be carried out to the completed and operational infrastructure (therefore after the authorization, object of the report). The problems to be solved are of two levels: data security (unencrypted backup files), transmission of backups between two distinct and separate locations. The first level is fulfilled through the use of VPN connections, installed upstream of the firewall structure that the different locations of the hosting provider are equipped with (housing services, locations, which in turn are located downstream of their redundant firewall complex algorithms with twin SonikWall twin firewalls (complex devices supplied for telecommunications operators), a solution that guarantees data protection during transmission (the upstream firewall structure is equipped with a device for the establishment of sophisticated encrypted data transmission links also known as VPN professional).

The second level of problem is solved by the installation of a second VPN with access control (user, complex password), between the backup server and the access work station (for the administrative body); in this way three levels of security, access to the work station, access to the VPN and access to the server must be overcome. VPNs created through the use of two sophisticated devices provided for telecommunications operators in a remote location at the two locations (Payment Institute infrastructure infrastructure and Backup infrastructure) will have encrypted RSA-Rijndael backup (1024 bits) with double public key RSA (asymmetric) for cryptography and with security control Passphrase (password for decryption); read note (°). In this way, in case of problems with the work station, it will be possible to install the VPN in any private work station to restore access to the backup server.

_{_________________________________________________________________________}

(°) In cryptography, the acronym RSA indicates an asymmetric cryptographic algorithm, invented in 1977 by Ronald Rivest, Adi Shamir and Leonard Adleman, which can be used to encrypt or sign information. In 1976 Whitfield Diffie and Martin Hellman, American cryptologists, were the first to publish a system based on the creation of an "asymmetric" cipher composed of "public keys"; although a few years earlier, James H. Ellis, Clifford Cocks, and Malcolm J. Williamson of the English secret service had already thought of it, the news was covered by military secrecy and was only disclosed in 1997. The cryptography system is based on existence of two distinct keys, which are used to encrypt and decrypt. If the first key is used for encryption, the latter must necessarily be used for decryption and vice versa. The fundamental question is that, although the two keys are dependent on each other, it is not possible to go back from one to the other, so that even if one of the two keys is known, one can not go back to the other, ensuring in this way the integrity of cryptography. To create a public cryptographic system with an asymmetric cipher it is important that a user independently creates both keys, called "direct" and "inverse", and only publishes one. In this way we create a sort of "telephone directory" available to all users, which groups all the direct keys, while the inverse ones will be kept secret by the users who created them and used by them only when they receive an encrypted message with the respective public key of the "list" by a certain sender, thus obtaining the necessary conditions for the security of the system.

Backups of VPN connections and all administrative passwords will be stored in a device separate from the work stations and stored in a safe; the RSA decryption key will be stored on a second device separate from the work stations and stored in the second safe; read note (°).

_{_________________________________________________________________________}

(°) The reverse key is provided by the administrative body, the direct key is installed on the backup server used by the backup infrastructure to encrypt backup files. The backup system used is the differential that occurs after the first full backup in sync with the creation of each new data.

The result and business continuity even in the extreme case of natural disaster of the operational headquarters of the payment institution coinciding with the registered office (for the first years of activity) because it will be enough to have the two password storage devices and RSA encryption key in order to restore within an hour sufficient operational capacity from reserved positions.

The backup file allows a rapid recovery of data in a short time and, in the event of disasters, the move to outsourcing services thus allowing customers of the opening Payment Institute to be able to use financial services even in critical conditions. The security plan adopted in the extreme case of a natural disaster involves a time for the restoration of financial services in emergency mode, not exceeding one day, (about half a day). The solution is optimized with respect to the cost and the results obtainable, through an emergency link provided to customers within a few hours (in extreme cases of natural disaster) having full service contract operations with slight changes to the simple web interface of use . There are two domains with allocation infrastructure located in different places (different regions). For the web emergency access the user will use the same security certificate installed on the computer during the activation of the services and the same access credentials; after login it will have to reset the passwords (both access and use) to be able to operate; the operation will not be repeatable and must be performed at the first access, otherwise the system will block the credentials automatically requesting the intervention of the administrative body for the restoration. Obviously the transition from the standard platform to the outsourced emergency platform will take place with the assistance of the Payment Institute.

The management of the server infrastructure located at the hosting provider will have the same access system as the backup server infrastructure, except for the two additional firewalls upstream of the firewall structure of the same provider, as they would be unnecessarily redundant due to the fact that the servers possess standard access Web sites. The administrative body can manage the administrative services of the structure through remote access from reserved work stations with three levels of security; the passwords of the first (work station) and third level (server) will be updated periodically. The adopted server incorporates a device for self-powered satellite localization and a device for tampering, moreover, after completion of work, all access from the front panel is deactivated and can only be used with remote access. The server is placed in the hall of the supplier with a high level of security and interfaces with devices via the internal network to be accessible and therefore outside the structure of the same provider will not work in any way, can not be hacked remotely and can not be manipulated; in addition, the self-powered satellite locator allows continuous detection of the server and any movement. Complementing the security is the encryption of data system that without the appropriate remote access information is only encrypted data that can not be used and inaccessible (data saved in backup in another structure for the business continuity of the Htn Institute to which is added the outsourcing of the web account).

The control accesses for payment transactions available for organizational resources, in accordance with the legislative novella for which one of the many updating activities carried out by the administrative body in the appendix is reported, have ordinary procedures with semi-complex users and passwords because they will not allow any modification or operations but only the reading of data related to payment transactions (identification data, unique identification number, regularity, potential attempts to access fraudulent system, complaints and reports of users) and must inform the administrative body for each type of potential intervention becomes necessary. The password of the control web account will be updated by the administration for each location with frequency from one day to three days to be established in operating conditions.

Evaluations were made for the choice of the best solution of the communication system between the administrative body and the resources of the organizational structure; the best result is potentially provided by a system of communication to written messages between the work stations of the organizational resources and the work stations of the administrative body that, together with the telephone system of the organizational structure, constitutes the information exchange system, recording in chronological order and identification of each written communication. The information will be exchanged via a message system (written and recorded) using the telephone system for information exchange of lesser importance. The software system of the IT infrastructure will include data storage and information functions with different levels of storage (administrative body, organizational resources) and different groups for the composition of information and archived data constituting a valuable resource for the AUDIT EDP controls.

The institute carried out the tests focusing on the evaluation of the management capacity of the IT structure that, together with the organizational resources, will be able to provide for the functions of line controls, the operational capacity in the performance of the control functions and the provision of services avoiding direct participation of the administrative body in the provision of services.

The server software system adopted for the provision of the chosen payment services (web payment account) is accessible to the user upon the installation of the certificate on the computer from which he / she accesses access credentials (user and password) received in the manner indicated in the paragraphs previous one. The user must set a new password on first access and must define a second password for use; the guidelines issued pursuant to Articles 96 and 97 of Directive 2015/2366 will be applied. All reports including any complaints are executable from the website in the contact section. All communications addressed to the institute by the users can be read by the operational and administrative resources, without the possibility of eliminating both incoming and outgoing mail, a function that is possible only for the administrative body, excluding the legal mail pec of the institute that it is read only by the Group's administrative department.

The management and administrative system of the IT infrastructure chosen for the provision of payment services allows the organizational resources to carry out checks on payment transactions of payment service users, carrying out security oversight activities and checking any anomalies, attempts fraudulent access that will be communicated to the administrative body for possible interventions. They perform the functions necessary to complete payment orders made by users after access in the manner described above and after confirmation of the operation by entering the second password that allows transactions to be carried out from the web payment account and further confirmation through the e-mail received in the second e-mail address indicated by the user confirming the start of the payment transaction; the order is taken into office by the Institute only after the payer has completed the security procedures indicated in the previous paragraph (with reference to the opening of the confirmation link) and has a 24-hour availability for the cancellation due to data changes, error correction. After 24 hours and completed checks on the regularity of the operation, correctness of data and other provisions of the regulatory framework for financial services (controls for the prevention of money laundering, verification of beneficiary data, unique identification number, the accompanying data transfers of funds), the transfer of funds is forwarded to the beneficiary institution (or bank) within the next 24 hours (total time for the execution of payment transactions as a system configuration parameter is 48 hours). The same checks are carried out by the same organizational resources for the transfers of funds received from the users of the payment services of the institution. Through the internal information system the organizational resources communicate to the administrative body any anomaly, that intervention required as a result of the improvement procedures and checks of the payment orders for transfer funds received or sent by the users.

Fonts for research: Treaty on the functioning of the european union | REGULATION (EU) No 648/2012| REGULATION (EU) No 575/2013 | Regulation 1095/2010/EU, European Supervisory Authority |REGULATION (EU) 1092/2010, ESRB | Directive 2006/48/EC, credit institutions | REGULATION (UE) 1093/2010, European Banking Authority (ABE) | REGULATION (EC) No 1606/2002, adoption international accounting | REGULATION (EU) 1094/2010, EU Insurance Occupational Pensions (EIOPA) | Regulation 1606-2002-EC,application of international accounting standards.pdf |REGULATION (EC) No 1569/2007, mechanism equivalence accounting standards | Directive 2006/49/CE, capital adequacy | Directive 2013/36/EU, repealing 2006/48 and 2006/49 | Proposal to amend Directive 2013/36/EU | Regulation (EU) No 1093/2010 | Directive 2015/2366/EU, Institute of payment | Regulation EC 1060/2009 | DIRECTIVE (EU) 2015/849,EN | Article 2359 Civil code Italy |Regulation (EU) No 260/2012, technical and business requirements for credit transfers and direct debits in eur | Direttiva 2009/110/EC, electronic money | Article 2477 Civil code Italy | DIRECTIVE 2013-34-EU,amending direective 2006/43/EC | Directive 2006/43/EC | Regulation (EU) 537/2014 |Article 1852 Civil code, Italy | Article 1834 Civil code Italy | Article 1842 Civil code Italy | Article 1813 Civil code Italy | Article 1825 Civil code Italy | Regulation (EU) 680/2014 |