PFMI Principles
The 24-principle CPMI-IOSCO framework that every systemically important clearinghouse, CSD, and payment system must satisfy — covering legal basis, settlement finality, money settlement, operational resilience, and disclosure.
Definition
The Principles for Financial Market Infrastructures (PFMI) are the regulatory standards that define what it means to be a safe and efficient financial market infrastructure. Published by CPMI and IOSCO in April 2012, they establish the 24 minimum requirements that every systemically important financial market infrastructure must satisfy to be permitted to operate at scale. Every CCP, CSD, and designated payment system that clears, settles, or records a financial transaction in a CPMI-IOSCO member jurisdiction — including NSCC, DTC, Euroclear, Clearstream, LCH, and CME Clearing — is assessed against this framework by its national regulator and is expected to document its adherence in an annual public disclosure.
PFMI — key principles for settlement infrastructure
PFMI — key principles for settlement infrastructure
| Principle | Core Requirement | Digital Settlement Test |
|---|---|---|
| P1 — Legal Basis | Settlement must be enforceable under applicable law in all relevant jurisdictions | Smart contract settlement requires jurisdictional analysis and legal opinions in each operating market |
| P8 — Settlement Finality | Clear and certain final settlement, at minimum by end of value date | On-chain finality must be protocol-defined, unambiguous, and legally irrevocable — not probabilistic by default |
| P9 — Money Settlements | Settle in central bank money where practical; strictly control risk from commercial bank money | USDC must demonstrate HQLA reserve backing, redemption liquidity, and regulatory oversight equivalent to Principle 9 controls |
| P15 — Business Risk | Maintain liquid net assets sufficient to cover potential losses from business disruption | Digital rail operators must hold adequate capital regardless of transaction volume or fee revenue |
| P17 — Operational Risk | Very high availability; recovery within two hours per CPMI-IOSCO operational risk guidance; tested contingency plans | Validator client diversity, smart contract audits, and protocol upgrade governance required |
| P23 — Disclosure | Publish annual disclosure framework documenting adherence to all 24 principles | DLT protocol disclosures must cover equivalent governance, legal, financial, and operational risk fields |
The PFMI replaced earlier CPSS-IOSCO recommendations that governed CCPs and securities settlement systems separately, consolidating them into a unified framework applicable to all five categories of systemically important infrastructure: central counterparty clearinghouses (CCPs), central securities depositories (CSDs), designated payment systems, securities settlement systems, and trade repositories. The 24 principles are organized across major risk dimensions — legal foundation (Principles 1–3), credit and liquidity risk (Principles 4–7), settlement (Principles 8–10), default management (Principles 12–14), operational and business risk (Principles 15–17), access (Principles 18–20), efficiency (Principles 21–22), and transparency (Principles 23–24).
Principle 8: Settlement Finality
Principle 8 is the PFMI's most operationally consequential requirement for post-trade operations teams. It requires that an FMI provide clear and certain final settlement — at a minimum by end of the value date, but preferably intraday or in real-time. Finality in the PFMI sense is legal and unconditional: once a transfer is final, it cannot be reversed even in the event of a participant insolvency. This distinguishes Principle 8 finality from operational settlement confirmation, which may be revocable under certain conditions. An FMI must define its finality point precisely — in its rules, its disclosure framework, and its legal documentation — and the relevant legal framework must support irrevocability at that point under the laws of all applicable jurisdictions.
In the United States, DTC processes settlement intraday, but Principle 8 legal finality occurs when end-of-day net settlement is completed and net credits and debits become irrevocable at the close of the settlement cycle. SEC Rule 17Ad-22(e)(8) specifically operationalizes this requirement for US clearing agencies, making the PFMI Principle 8 standard enforceable under US securities law. In the European Union, the Settlement Finality Directive (98/26/EC) provides the statutory framework that makes transfer orders entered into designated systems irrevocable once the system's defined finality point is reached, even if a participant subsequently enters insolvency proceedings.
Principle 9: Money Settlements and the stablecoin question
Principle 9 requires FMIs to settle monetary obligations in central bank money where practical and available. The rationale is the credit risk of the settlement bank: commercial bank money carries the risk that the institution holding the funds fails before the settlement is completed. Where central bank money is not available — primarily in markets where central bank access is restricted to direct participants — the FMI must minimise and strictly control the credit and liquidity risks arising from commercial bank money settlement.
Principle 9 was written within the two-tier monetary architecture of central bank and commercial bank money. Stablecoin settlement rails sit outside this architecture and require explicit regulatory assessment. From a strict PFMI perspective, a stablecoin is treated as a private claim rather than central bank money — closer to commercial bank money in risk terms, and potentially carrying additional issuer credit risk and redemption liquidity risk that an FMI using it for settlement must strictly control. The three material Principle 9 factors for any stablecoin settlement system seeking regulatory recognition are: the credit risk of the issuer, the liquidity and composition of reserve assets, and the enforceability of redemption rights. Proposed stablecoin legislation such as the GENIUS Act — requiring full reserve backing and redemption liquidity for payment stablecoins — is directly responsive to the Principle 9 standard for non-central-bank money settlement.
Principle 17: Operational Risk
Principle 17 requires FMIs to have robust operational systems and controls, and to maintain tested contingency plans for recovery or orderly wind-down. Critical systems must achieve very high reliability and be designed for adequate, scalable capacity. CPMI-IOSCO operational risk guidance further specifies that FMIs should be capable of resuming critical operations within two hours following a disruptive event — a recovery time objective (RTO) that has become the institutional benchmark for FMI operational resiliency. Backup facilities must be geographically separated from primary systems and capable of meeting the RTO independently. FMIs must also conduct periodic testing of their contingency plans, demonstrate that they can operate without interruption during extreme market stress, and maintain clear governance over technology change management.
The SIFMU designation and US implementation
In the United States, Dodd-Frank Title VIII translates PFMI adherence into domestic law through the SIFMU designation administered by the Financial Stability Oversight Council (FSOC). A designated SIFMU is subject to enhanced prudential standards, primary regulator oversight, consultative Federal Reserve review, and access to Federal Reserve credit facilities. For SEC-registered clearing agencies, the enhanced standards are codified in SEC Rule 17Ad-22(e) — the covered clearing agency standards — which operationalize the PFMI principles into specific US regulatory requirements, including the Cover 2 financial resource standard, mandatory recovery and wind-down planning, and annual review of governance and risk frameworks. Current US SIFMUs include NSCC, DTC, FICC, OCC, CME Clearing, LCH, and ICE Clear Credit.
PFMI and DLT-based settlement infrastructure
CPMI and IOSCO have published guidance applying the PFMI to crypto-asset and stablecoin arrangements — including specific July 2022 guidance on systemically important stablecoin arrangements — under the principle of "same risk, same regulation": digital settlement systems performing equivalent economic functions should be held to equivalent regulatory standards. This guidance establishes the PFMI as the active regulatory lens for evaluating institutional DLT settlement infrastructure globally. A DLT-based settlement system seeking regulatory recognition must demonstrate compliance with the 24 principles in the context of its specific architecture: legal basis, settlement finality model, money settlement risk controls (including the private claim status of any stablecoin used), governance of validator sets, smart contract upgrade procedures, and public disclosure are all subject to Principle-by-Principle assessment. The PFMI Disclosure Framework — the annual public documentation template — is increasingly treated by regulators as the evidentiary standard for institutional production readiness, distinguishing credible institutional DLT settlement infrastructure from proof-of-concept systems.
PFMI — framework structure
Devancore Glossary · devancore.com
How it works
1. Legal basis assessment (Principle 1)
The PFMI compliance pathway begins with legal certainty. Under Principle 1, an FMI must rest on a legally sound, clear, transparent, and enforceable framework covering every aspect of its activities in all relevant jurisdictions. For a traditional CCP or CSD, this means its rulebook, netting agreements, and finality provisions must be legally valid and enforceable in each jurisdiction where it operates and where its participants are incorporated. A clearing member insolvency in one jurisdiction must not be able to unwind completed settlements — the legal framework must protect finality even in insolvency.
For a DLT-based settlement system, Principle 1 requires legal opinions on smart contract enforceability, the legal status of on-chain asset transfers as legally recognized property transfers, and the jurisdiction of node operators. The legal analysis is not presumptively favorable for any DLT architecture and requires active engagement with the applicable legal framework in each jurisdiction.
2. Credit and liquidity risk framework (Principles 3–7)
An FMI must maintain a comprehensive risk management framework that identifies, measures, monitors, and manages all material risks. Credit risk management (Principle 4) requires the FMI to measure and monitor credit exposure to participants intraday and daily, and to limit exposures using collateral, margin, and netted positions. Collateral (Principle 5) must be high-quality and liquid; haircuts must be calibrated to reflect the credit and liquidity risk of each collateral type. Margin (Principle 6) — for CCPs — must cover the potential future exposure of each member at a high confidence interval, typically 99% or 99.5%, using a validated risk model. Liquidity risk (Principle 7) requires the FMI to maintain sufficient liquid resources to meet its obligations under extreme but plausible market conditions — including the simultaneous default of its largest liquidity providers.
3. Settlement finality and money settlement (Principles 8–9)
The settlement tier is the core of the PFMI's operational requirements. Under Principle 8, the FMI must achieve legal finality — irrevocable and unconditional transfer — at a defined point in the settlement cycle, with the finality point documented in its rules and supported by the applicable legal framework. End-of-day finality is the minimum standard; intraday or real-time finality is preferred. Under Principle 9, money settlements must use central bank money wherever practical. Where central bank money is unavailable, the FMI must implement and publicly disclose the controls that minimise credit and liquidity risk from commercial bank settlement. The two principles operate together: an FMI that achieves Principle 8 finality in Principle 9 central bank money provides the strongest settlement guarantee.
4. Operational risk and resiliency (Principle 17)
Principle 17 requires documented operational risk management, business continuity planning, and tested contingency procedures. Critical systems must achieve very high reliability and be designed for adequate, scalable capacity. CPMI-IOSCO operational risk guidance further specifies a recovery time objective of no later than two hours following a disruptive event. Additional requirements include geographically separate backup facilities capable of meeting the RTO independently; annual testing of business continuity plans; and governance procedures over technology change management that include pre-implementation risk assessment. FMIs are also expected to identify and manage the operational risks posed by their participants and critical service providers — including settlement banks, custodians, and technology vendors — whose failure could affect the FMI's own operational continuity.
5. The PFMI Disclosure Framework
Each covered FMI must complete and publicly publish the CPMI-IOSCO Disclosure Framework — a standardized template covering all 24 PFMI principles. The disclosure documents, principle by principle, how the FMI's rules, governance, and risk management satisfy the requirements, with quantitative data where specified. Regulators use the Disclosure Framework as the primary reference for understanding an FMI's risk architecture; clearing members and counterparties use it for due diligence. Annual updates allow regulators to track material changes to the FMI's design or risk profile. The Disclosure Frameworks published by NSCC, DTC, FICC, OCC, and CME Clearing are publicly available on each FMI's website and constitute the most detailed public documentation of US clearing and settlement infrastructure risk.
6. SIFMU designation and enhanced US oversight
In the United States, the PFMI compliance pathway culminates in SIFMU designation by the FSOC under Dodd-Frank Title VIII, if the FMI is assessed as systemically important. Designation triggers enhanced prudential standards, primary regulator oversight, consultative Federal Reserve review, and access to Federal Reserve credit facilities. For clearing agencies, SEC Rule 17Ad-22(e) operationalizes the PFMI into enforceable US requirements and is the primary regulatory instrument through which SIFMU compliance is assessed and examined. FMIs that do not meet the Rule 17Ad-22(e) standards face regulatory remediation, operational restrictions, or — in extreme cases — revocation of registration.
PFMI compliance pathway for FMIs
Devancore Glossary · devancore.com
PFMI compliance pathway for FMIs
Devancore Glossary · devancore.com
In Devancore™
Devancore PFMI principle alignment
Devancore Glossary · devancore.com
Devancore PFMI principle alignment
Devancore Glossary · devancore.com
Devancore's architecture is designed to support PFMI-compliant settlement workflows across both traditional and digital rails — treating each PFMI principle not as an external compliance checklist but as an architectural design constraint that shapes how positions are updated, how finality is recognized, and how operational risk is managed.
Principle 8 — Settlement Finality monitoring
Devancore models finality explicitly for every settlement rail, distinguishing between the three finality models that PFMI Principle 8 encompasses in practice: conditional finality (CSD batch settlement, NSCC CNS netting), deterministic finality (DTC DvP end-of-day credit, internal ledger transfers), and protocol-defined finality (on-chain settlement on proof-of-stake networks). Each rail carries its finality type as a first-class attribute. When settlement is confirmed, Devancore evaluates whether that confirmation constitutes legal finality under Principle 8 criteria — or whether it is provisional and subject to batch completion. The ABOR position updates only on confirmed finality, not on provisional settlement confirmation. When a conditional settlement fails to convert to final, Devancore surfaces a finality-blocked event with timestamp and rail context, blocks any pending collateral release tied to that settlement, and routes the affected position to the exceptions queue.
Principle 9 — Money settlement governance
Devancore treats digital asset settlement as private claim settlement subject to the Principle 9 credit and liquidity risk control requirements — not as central bank money equivalent. For USDC-denominated settlement, issuer credit risk and reserve composition are tracked as settlement risk metadata: proof-of-reserve attestations and the liquidity of backing assets are disclosed attributes of each settlement event, not assumed constants. The credit risk of the issuer is monitored continuously, not assessed once at onboarding. For hybrid settlement structures — where traditional DvP settles the securities leg and USDC settles the cash leg — Devancore reconciles both legs independently against their respective finality standards, confirming that the exchange-of-value meets the Principle 12 DvP requirement that delivery and payment be simultaneous. This is the "strictly controlled" credit and liquidity risk framework Principle 9 requires for non-central-bank money settlement.
Principle 17 — Operational risk reduction
By automating the post-trade lifecycle — trade enrichment, settlement instruction generation, affirmation monitoring, and reconciliation — Devancore eliminates the manual batch processing steps that are the primary source of operational risk in traditional middle and back-office workflows. Automated exception detection operates continuously rather than in scheduled batch cycles, providing the intraday operational visibility that Principle 17 resiliency standards require. For firms subject to PFMI-aligned prudential standards — including clearing members of NSCC and DTC — Devancore's operational risk metrics (affirmation rates, settlement fail rates, DK rates, exception resolution times) provide the real-time operational performance data that regulators use to assess whether a firm's operational risk profile is consistent with PFMI Principle 17 expectations.
PFMI disclosure support
For regulated FMIs, custodians, and clearing members completing PFMI-aligned internal assessments or regulatory disclosures, Devancore provides a structured audit trail of settlement events, finality classifications, reconciliation outcomes, and operational performance metrics across the full trade lifecycle — the data foundation for Principle 23 disclosure and for demonstrating PFMI-compliant settlement practices in regulatory examination.