The integrity and performance of the NPP is safeguarded by minimum technical, operational and security obligations that must be met by participating financial institutions and organisations. Some of these may further be deemed ‘Mandatory Compliance Requirements’ by the NPPAL Board, meaning they are fundamental to platform performance and security, enforceable through non-compliance charges.

 

Designated:  November 2019
Technical Connectivity and Security Requirements:

Full Participants, Clearing Participants and Connected Institutions must ensure NPP Componentry (including relevant back office componentry) complies with all minimum technical and security standards, and upgraded to the latest NPP Releases.

Effective Compliance Date:  1 January 2020
PayID Alias resolution:

Full and Clearing Participants who use the PayID Addressing Service must support payments being made to all PayID types.

Effective compliance date: 1 January 2020

 

Availability:

All Participants are expected to be available 24/7 to receive and respond to NPP Payments and messages and meet Basic Infrastructure service availability performance levels.

Effective compliance date: 4 December 2020
Resilience:

All Participants’ and Connected Institution’s Back Office Systems relevant to the operation of the NPP must be built in a way that enables another site to automatically take over processing of NPP services during an event of total failure of a single site.

Effective compliance date: 4 December 2020

 

Business Reference Data Tables activation:

NPP Participants and Connected Institutions must complete the download and activation of new Business Reference Data Tables in their back office systems applications within agreed timeframes as outlined in NPP procedures.

Effective compliance date: 4 December 2020
Designated: October 2019
Addressing service enumeration controls:

NPP Participants must have Addressing Service (PayID) enumeration controls in place to prevent fraudulent or improper use of Addressing Service data by end users, including excessive PayID registration attempts and ‘lookups’ that are not associated with payments.

Effective compliance date: 11 December 2019.
Receiving and passing NPP business service data to a payee customer:

Payee Participants are obliged to receive structured data elements contained in an NPP message for superannuation, payroll, tax and e-invoicing payments and to pass on that data in its entirety to their Payee customers.

Effective compliance date: 4 December 2020.

 

Mandated Payments Service – minimum debtor requirements:

A suite of requirements (to be set out in a new Part 17 of the NPP Regulations), designed to enable Payer Participants to support their customers establishing authorised payment arrangements or ‘mandates’ on their account in readiness for the introduction of the Mandated Payments Service.

Effective compliance date is scheduled for 3 December 2021.