Call for Experts

ASC X9 TR 60 Risk Assessment Framework for Bank Provided Crypto-Asset Custodial Accounts

Project Description| This work will supplement the Blockchain Risk Assessment Framework Technical Report by targeting bank-provided payment services and activities involving crypto-currencies and/or crypto-assets. Payment services include funds transfer, message transmission, payment processing, payment settlement, store value, and record transactions. These services are performed by banks today, but when a bank elects to operate a node on a blockchain network, exchange crypto-currencies, buy, sell, or issue crypto-assets, or custody related assets, new technical and operational risks should be identified and mitigated. This technical report will describe these risks and document questions to uncover risks associated with these activities.

Project Need| This technical report will start a process to fill these gaps with a framework to assess the risks associated with custodial accounts transferring and holding crypto assets and establish needed standards in this rapidly growing financial product domain.

Stakeholders| Banks, Brokers, government agencies, fintech innovators, cybersecurity experts, academic thought leaders

To participate in the development of this technical report click here.

X9.134 Core Banking: Mobile Financial Services Part 5

Project Description| Part 5 of the suite of standards for mobile banking/payments will include specific requirements applicable to all mobile financial service providers (MFSPs) detailing the approach to a secure deployment and operation of an MFS application for mobile payments to businesses in order to facilitate and promote interoperability, security, and quality of MFS services throughout the U.S. A summary of those requirements, as initially provided by the U.S., through X9 (X9F4) and ISO TC68/SC2 (WG13), chaired by the U.S., includes but is not limited to: (1) security; (2) notice; (3) logging; (4) receipt; and (5) consumer education requirements.

Project Need| A number of considerations have been identified for a mobile payments to businesses American National Standard. In essence, mobile payments to businesses concerns:

• Users who interact directly with Mobile Devices typically initiating transactions using Mobile Financial Services (MFS);
• Mobile Devices that interact with users and the telecommunications infrastructure;
• MFS, developed and managed by MFSPs that provide online transactions to users.

In essence, mobile payments-to-persons concern:

• Users who interact directly with Mobile Devices and initiate transactions using Mobile Financial Services (“MFSs”);
• MFSs, developed and managed by MFSPs, that provide online transactions and/or functions to users.

Stakeholders| Card schemes, financial institutions, non-bank technology providers, application developers, card issuers, acquirers, merchants, end users, and others.

To participate in the development of this standard click here.

ASC X9 TR 54 Framework for Auditing a Blockchain within a Distributed System

Project Description| The use of DLT by financial institutions for various applications, such as issuing letters of credit, reducing manual documentation processes in trading activity, or managing data shared with multiple parties is beginning to emerge. Major financial institutions are partnering together and with consortium groups to investigate the potential for DLT in their operations and business practices. Blockchain alone is not a platform, rather it is often used as a tool within a larger system. For this reason, many standard practices may still apply. However, where a blockchain interacts within legacy systems, or where it introduces a new method for achieving a certain result, auditors need a practical guide to understand what to look for to perform an accurate assessment and request the right data.

Project Need| The technical report aims to be a guide for auditors to understand what to look for in order to perform an accurate assessment and request the right data where a blockchain interacts within legacy systems, or where it introduces a new method for achieving a certain result.

Stakeholders| Auditors, Developers, Banks, Service Providers, Risk Management professionals, Security Professionals, Compliance officers

To participate in the development of this standard click here.

Current Work 

Adoption of ISO 8583 Part 1 and 3

Details coming soon.