The Structure and Scope of the PFMI Framework
Short intro: This post explains how the PFMI (Principles for Financial Market Infrastructures) is organized, who must apply it, and how authorities should implement and supervise it in practice. If you haven’t read the introduction, start with What is PFMI? Principles for Financial Market Infrastructures Explained.
Overview: Two complementary pillars
The PFMI framework — published by CPMI and IOSCO — has a clear two-part design:
- 24 Principles that set operational expectations for Financial Market Infrastructures (FMIs).
- 5 Responsibilities that define what authorities (central banks, regulators, supervisors) must do to oversee FMIs effectively.
Together these pillars create a complete oversight architecture: the Principles tell FMIs what good practice looks like; the Responsibilities instruct authorities how to require, assess and enforce that practice.
How the 24 Principles are structured
The 24 Principles are grouped by theme so practitioners and supervisors can focus on related risks and controls. The main thematic groups are:
| Group | Focus |
|---|---|
| Legal & Governance | Legal basis, governance arrangements, and clarity of rules. |
| Risk Management | Credit, liquidity, margin, collateral, and default-management frameworks. |
| Settlement & Finality | Settlement finality, money settlement, and delivery-versus-payment (DvP). |
| Operational Resilience | Operational risk, business continuity, cyber resilience, and incident response. |
| Access & Participation | Eligibility, direct/indirect participation, and rules for tiered arrangements. |
| Transparency & Efficiency | Disclosure, governance transparency, efficiency, and communication with participants. |
Important note — correct ordering of Principles 1–3
It’s common to summarize the first principles as “governance and risk,” but the official ordering in PFMI is important and deliberate:
- Principle 1 — Legal basis: An FMI’s rules, procedures and legal underpinnings must be clear and enforceable in all relevant jurisdictions.
- Principle 2 — Governance: The FMI should have governance arrangements that promote safety and efficiency and support the public interest.
- Principle 3 — Framework for the comprehensive management of risks: FMIs must identify, monitor, and manage financial, credit, liquidity and other material risks.
Putting legal certainty first is intentional: a sound legal foundation enables governance and risk frameworks to operate effectively — especially across borders.
The 5 Responsibilities of authorities (A–E)
Where the 24 Principles are addressed to FMIs, the five Responsibilities are directed at public authorities. They ensure the public sector actively supports and enforces the Principles.
| Responsibility | What it requires |
|---|---|
| A. Regulation, supervision, and oversight | Authorities must have clear legal powers and resources to regulate and supervise FMIs. |
| B. Regulatory cooperation | Domestic and cross-border authorities should cooperate and share information. |
| C. Adoption of the PFMI | Authorities should adopt the PFMI framework consistently and apply it proportionately. |
| D. Transparency and disclosure | Authorities should make their oversight approaches and assessment methodologies public when appropriate. |
| E. Accountability | Authorities should be accountable for their use of the PFMI framework and the outcomes of their oversight. |
Who must apply PFMI — and how scope is determined
The PFMI applies primarily to entities that meet the definition of an FMI: payment systems, CSDs, SSSs, CCPs and trade repositories. However, application is risk- and importance-based:
- Systemically important FMIs are expected to comply fully with PFMI.
- Smaller or less systemically critical arrangements may be subject to a proportionate application depending on their potential impact.
- Cross-border arrangements require special attention to legal enforceability and cooperation between jurisdictions.
Authorities determine scope by assessing systemic importance, the FMI’s interconnectedness, and the potential for spillover effects to the broader financial system.
Practical application — how authorities use the framework
In practice, central banks and supervisors use PFMI to:
- Design oversight checklists and assessment templates.
- Conduct self-assessments and public or confidential Level 2 assessments.
- Inform licensing decisions, recovery and resolution planning, and incident response expectations.
Example: in well-developed markets authorities publish assessment findings and expect FMIs to implement corrective action plans. In many jurisdictions, the PFMI also feeds into regulatory instruments and secondary rules for FMIs.
International adoption and proportionality
Jurisdictions around the world have embedded PFMI into national oversight approaches, while allowing for proportionate application based on local legal frameworks and the size/importance of FMIs. This flexibility is essential to maintain both global consistency and local relevance.
Summary — essential takeaways
- The PFMI is organized into 24 Principles (for FMIs) and 5 Responsibilities (for authorities).
- Principle 1 is Legal Basis — it deliberately precedes governance and risk to ensure enforceability.
- Scope and intensity of application are guided by systemic importance and proportionality.
- Authorities operationalize PFMI through assessments, licensing, and supervisory tools.