ISO/TR 6083:2022

TECHNICAL ISO/TR
REPORT 6083
First edition
2022-12
Best practices for an internal BPoS
handbook
Bonnes pratiques pour un manuel interne de BPoS
Reference number
© ISO 2022
All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may
be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on
the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below
or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii
Contents Page
Foreword .iv
Introduction .v
1 Scope . 1
2 Normative references . 1
3 Terms and definitions . 1
4 Fundamental content structure of a BPoS handbook . 2
5 Key elements are listed in the BPoS description . 2
5.1 General . 2
5.2 Information regarding a BPoS description. 3
5.2.1 Key elements . 3
5.2.2 Suggestion for describing a key element in a BPoS handbook . 3
5.3 Information describing the BPoSP . 3
5.3.1 Key elements . 3
5.3.2 How to describe key elements in the BPoS handbook . 4
5.4 Information describing the credentials of a BPoS . 5
5.4.1 Key elements . 5
5.4.2 Suggestions on how to describe the key element in the BPoS handbook . 5
5.5 Information describing the financial characteristics of a BPoS . 5
5.5.1 Key elements . 5
5.5.2 Suggestions on how to describe a key element in the BPoS handbook . 6
6 Key elements added in BPoS handbook .10
6.1 General . 10
6.2 The version of the content of the BPoS handbook . 11
6.2.1 Content of description . 11
6.2.2 Purpose of description . 11
6.2.3 Suggestions for description . 11
6.3 Roles of departments and BPoSP staff involved in BPoS . 11
6.3.1 Content of description . 11
6.3.2 Purpose of the description . 11
6.3.3 Suggestions for description . 11
6.4 Applications involved in BPoS . . .12
6.4.1 Content of description .12
6.4.2 Purpose of the description .12
6.4.3 Suggestions for description .12
6.5 L egal documents involved in the BPoS .12
6.5.1 Content of description .12
6.5.2 Purpose of the description .12
6.5.3 Suggestions for description . 13
6.6 Bylaws involved in the BPoS . 13
6.6.1 Content of description .13
6.6.2 Purpose of the description . 13
6.6.3 Suggestions for description . 13
6.7 Formats and examples of files and forms . 13
6.7.1 Content of description .13
6.7.2 Purpose of the description . 13
6.7.3 Suggestions for description . 13
6.8 Approach for collecting customer comments and suggestions .13
6.8.1 Content of description . 13
6.8.2 Purpose of the description . 13
6.8.3 Suggestion for description . 14
Bibliography .15
iii
Foreword
ISO (the International Organization for Standardization) is a worldwide federation of national standards
bodies (ISO member bodies). The work of preparing International Standards is normally carried out
through ISO technical committees. Each member body interested in a subject for which a technical
committee has been established has the right to be represented on that committee. International
organizations, governmental and non-governmental, in liaison with ISO, also take part in the work.
ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of
electrotechnical standardization.
The procedures used to develop this document and those intended for its further maintenance are
described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the
different types of ISO documents should be noted. This document was drafted in accordance with the
editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. ISO shall not be held responsible for identifying any or all such patent rights. Details of
any patent rights identified during the development of the document will be in the Introduction and/or
on the ISO list of patent declarations received (see www.iso.org/patents).
Any trade name used in this document is information given for the convenience of users and does not
constitute an endorsement.
For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and
expressions related to conformity assessment, as well as information about ISO's adherence to
the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see
www.iso.org/iso/foreword.html.
This document was prepared by Technical Committee ISO/TC 68, Financial services, Subcommittee SC 8,
Reference data for financial services.
Any feedback or questions on this document should be directed to the user’s national standards body. A
complete listing of these bodies can be found at www.iso.org/members.html.
iv
Introduction
The key elements and attributes of banking products or services (BPoS) are described in ISO 21586.
The majority of providers of banking products or services (BPoSP) today are banks. The challenge of
describing a BPoS is understanding all of the BPoS attributes from the customer's perspective as well as
from the BPoSP’s perspective, as the same BPoS attribute might be understood differently by a BPoSP
or a customer.
In general, each individual BPoSP has its unique governance architecture as well as internal rules
and standards to help manage and support the delivery of BPoS to customers. The banking industry
is deeply dependent on information and communications technology (ICT) to manage BPoS, with its
many similar functions and configurations. To fulfil all the requirements of supervision, innovation and
market competition, BPoS are rapidly and continuously evolving, making the knowledge and operating
skills of BPoSP staff crucial.
The purpose of this document is to provide best practices on how to write a BPoS internal handbook
based on ISO 21586. It aims to help BPoSP staff to “translate” existing BPoS into an ISO 21586 form and
support customer-facing BPoSP staff in responding to customer requests in a consistent and unified
way.
A well-organized BPoSP handbook has the following characteristics:
— the structure is consistent;
— the information is kept up-to-date and accurate;
— contents are in accord with actively sold BPoS;
— the wording is clear and concise;
— the information is made available to staff and customers of a BPoS via various distribution channels.
This document provides a general framework for a BPoS handbook, including the governance,
architecture, rules, standards and ICT applications. This model helps to ensure a consistent and
integrated service to customers, lower the cost of training BPoSP staff, improve the quality of both
customer services and BPoSP operations and increase customer satisfaction.
In applying ISO 21586 to a BPoS handbook, it is possible to tailor and expand key elements. Feedback to
ISO/TC 68/SC 8 and the reasons for those adaptations are welcomed.
v
TECHNICAL REPORT ISO/TR 6083:2022(E)
Best practices for an internal BPoS handbook
1 Scope
This document provides best practices for writing a banking products or services (BPoS) handbook.
It is applicable to any providers of banking products or services (BPoSP) that issue and operate BPoS.
NOTE 1 A BPoS handbook is edited by either product managers or personnel in charge of key elements
mentioned in this document, based on their role and responsibility within the BPoSP.
NOTE 2 Whether ISO 21586 has been formally introduced, this document is useful as existing BPoS contain
the key elements listed in ISO 21586.
2 Normative references
There are no normative references in this document.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
ISO and IEC maintain terminology databases for use in standardization at the following addresses:
— ISO Online browsing platform: available at https:// www .iso .org/ obp
— IEC Electropedia: available at https:// www .electropedia .org/
3.1
application
application system
system for collecting, saving, processing and presenting data by means of a computer
Note 1 to entry: The term application is generally used when referring to a component of software that can be
executed. It consists of one or more components, modules or subsystems.
[SOURCE: ISO/IEC/IEEE 24765:2017, 3.167, modified — Definition revised and example removed.]
3.2
BPoS description
description of a BPoS issued by the BPoSP to customers
Note 1 to entry: The description of the BPoS is as per the requirements of ISO 21586.
3.3
BPoS handbook
aggregated information provided to the BPoSP staff (3.4) explaining all aspects of a specific BPoS
Note 1 to entry: The general BPoSP business process also acts as a BPoS delivery process to customers. This
process can be supported by an application or is a fully manual process.
Note 2 to entry: The handbook is written from the BPoSP’s perspective.
3.4
BPoSP staff
person who represents the BPoSP, deals with BPoS-related business and serves customers
4 Fundamental content structure of a BPoS handbook
The fundamental structure of a BPoS handbook is as follows:
a) All contents of the BPoS description are included.
Any key element mentioned in the BPoS description is stated in the BPoS handbook in more detail,
including any in-depth information that BPoSP staff require to better address customer questions.
EXAMPLE 1 According to the BPoS handbook, a suitable customer can only be an accredited investor. The
handbook lists criteria for an accredited investor with explanations and examples. Additionally, it contains
information about the rights, obligations and responsibilities of an accredited investor.
b) Different perspectives are considered in the description of all key elements.
Some key elements described in this clause are from the perspective of the BPoSP management or,
alternatively, from the BPoSP operations perspective.
EXAMPLE 2 It is possible that the risks of a BPoS are viewed differently by the customer than by the BPoSP. A
positive risk for one is often negative for the other.
c) The complete process of any specific BPoS within the BPoSP is explained.
The full life cycle of a BPoS, as well as every role of the BPoSP involved, is described, including any
conditions for changes within each stage of the process.
d) Operational processes and user instructions are referenced for relevant applications and required
roles.
The operational steps and requirements supporting the BPoS are described.
e) Trade secrets and sensitive information are excluded and are subject to internal governance.
It is possible to divide a specific BPoS into several topics or sets of information. Specific sets are
distributed to any BPoSP staff without restriction as internal information. Certain sets, however,
including trade secrets and sensitive information are generally isolated into separate documents.
f) The BPoS handbook is made available in an electronic form.
If possible, the key elements are retrieved from a single source of information in a BPoS handbook. There
are filters to show only relevant content for the reader and respective roles. The data are available for
different types of devices. A user-friendly interface is of great importance.
NOTE 1 Sourcing all key elements from a single source improves consistency and reduces costs.
NOTE 2 Only the content relevant for each specific role is displayed.
5 Key elements are listed in the BPoS description
5.1 General
The information shown in Clause 5 and Clause 6 is identical to the information described in ISO 21586.
However, the perspective of this description is BPoSP-staff-oriented to support BPoSP staff in offering
better customer service.
This document supplements the information in ISO 21586. The contents of each item already defined in
the BPoS description are excluded from this document.
5.2 Information regarding a BPoS description
5.2.1 Key elements
A BPoS description consists of two elements.
a) Essential information.
The key elements for the BPoS identifier are its full commercial name, its abbreviated commercial
name and its professional name, all of which are used to designate a BPoS. Each key element is used
independently and identifies the same BPoS.
b) Auxiliary information.
Only one key element, the version of the description as per ISO 21586:2020, 6.2.1.2, belongs to this type
of information. Without this key element, the correctness and accuracy of a BPoS is outdated.
5.2.2 Suggestion for describing a key element in a BPoS handbook
5.2.2.1 BPoS identifier
The BPoS identifier is the unique identifier of the BPoS. The BPoS handbook characterizes a BPoS
identifier as follows:
a) An identification method for the specific BPoS as the key element is provided. The identifier is an
optional element. It helps improve the general understanding. A note is made on how similar BPoS
are identified but also differentiated, to ensure the correct identification and to clarify potential
misidentifications.
b) Certain identification rules might not resonate with customers, in which case a suggestion on how
to relay the information and a reasoning for the customer is provided.
5.2.2.2 The full and abbreviated commercial name of the BPoS
It is important that the full and abbreviated commercial name of each BPoS listed in the BPoS handbook
is identical to the corresponding entries in the BPoS description.
5.2.2.3 The professional name of the BPoS
The inclusion of two aspects regarding the professional name description of a BPoS in the BPoS
handbook is crucial to ensure the full understanding of the BPoS:
a) terminologies used in the professional name;
b) the method of understanding and classifying characteristics of the BPoS by analysing the
professional name.
NOTE The professional name of a BPoS helps with understanding the BPoS, as it contains all aspects of a
BPoS from the financial business perspective.
5.3 Information describing the BPoSP
5.3.1 Key elements
Key elements are used to describe the BPoSP. Unlike the key elements of a BPoS designation, each key
element listed here describes a particular aspect of the BPoSP.
Not all aspects describing the BPoSP are listed in ISO 21586, so voluntary key elements of significant
features can be added when needed. However, BPoSP staff can be informed of any voluntary key
elements in the BPoS description prior to its addition.
5.3.2 How to describe key elements in the BPoS handbook
To ensure consistency, all key elements mentioned in 5.3.1 are retrieved from a single source of
information. It is important that the definition and description of each key element is accurate and has a
clear distinction between similar or related BPoS.
The pre-existing knowledge of readers, such as account managers, bank tellers and customer-service
colleagues, is fundamental to relevant key elements. Such knowledge ensures that BPoSP staff can
confidently describe the BPoS and address customer questions. No assumptions over pre-existing
knowledge or pre-acquired background information are made, regardless of the reader's role or
function, and any necessary information is included accordingly.
It is beneficial to include the following aspects:
a) The purpose, structure and rules defined in the ISO 17442 series, as well as the issuing organization
of the LEI code. Additionally, some general information about the LEI, such as overviews and
descriptions found on reliable websites.
EXAMPLE www .gleif .org/ en/ .
b) The purpose and the assignment rules as defined in ISO 20275 for the ELF code, as well as laws and
regulations implied by the ELF code.
c) The full name and commonly used abbreviation(s), as well as the logo, of the BPoSP. If the name or
abbreviation can be easily mistaken for another, a distinction helps to avoid misunderstandings
between BPoSP staff and customers.
d) All telephone numbers available to customers, including specific businesses using a different phone
number than the general and customer service numbers and differences between incoming and
(alternating) outgoing numbers. In addition, suggestions on how customers deal with each possible
situation.
e) All BPoSP websites and links, including information regarding how to access the website as
suggested:
1) When specific websites are leveraged to process different businesses, each website, as well as
the relevant businesses, is listed.
2) Each specific network domain name is written out together with additional information to
ensure only the correct address is used.
3) When both HTTP and HTTPS protocols are usable, HTTPS is suggested along with a reasoning.
4) When multiple languages are supported, the list of available languages is provided.
5) If a digital certificate or a digital token is used to access the website, a breakdown is included
of how the digital certificate or token can be obtained and downloaded into its carrier, how the
digital certificate or digital token is used to access the website and how to teach customers its
safe use.
f) All available email addresses for customer questions. Some additional information is given:
1) When email addresses are leveraged to process specific businesses, each email address and the
relevant business are listed.
2) If client communication includes email and a website, it is helpful if differences and special
features of each communication channel are listed and defined.
3) When multiple languages are supported, the list of supported languages is provided.
g) The verification approach of official instant messages from a BPoSP by customers themselves.
5.4 Information describing the credentials of a BPoS
5.4.1 Key elements
Key elements described in ISO 21586:2020, 6.2.3 are all used to d
...