Танилцуулга / Засаглал
Засаглал
Оператор entity, participant tier, onboarding процесс, шимтгэлийн бүтэц, маргаан шийдвэрлэх процедур, Mongolbank reporting cadence, termination — бүгд PLAN/10-GOVERNANCE.md-аас.
1. Оператор entity
PayGrid LLC (TBD — preliminary structure):
Stakeholders (proposed)
| Stakeholder | Holding | Үүрэг |
|---|---|---|
| Mongolbank | 25% | Oversight + observer |
| Founding wallet operators (consortium) | 60% | Gerege Wallet, Most Money, Pocket, M+ |
| Founding banks (consortium) | 15% | Khan, Golomt, TDB |
Board
- 1 Mongolbank-аар appointed (regulatory)
- 3 Wallet representatives
- 1 Bank representative
- 1 Independent (industry expert)
2. Participant tier-үүд
Direct Participant
Banks, large EMI. Direct Mongolbank settlement данс эсвэл approved sponsor-аар. Full PayGrid API access. Alias-ыг чөлөөтэй register хийнэ.
Annual fee: 100M ₮
Per-tx fee: variable
Sponsored Participant
Wallets, NBFI, smaller EMI. Settlement-аас sponsor bank-аар. Standard PayGrid API access. Alias quota-той.
Annual fee: 25M ₮
Per-tx fee: variable
Test Participant
Sandbox-only, production traffic байхгүй. Self-onboarding. Test data-аар хязгаарласан.
Annual fee: 0 ₮
3. Onboarding процесс
-
Application
Submit business reg, EMI/banking license, KYC of officers, technical contact, security contact, expected use cases + volume estimate.
-
KYB review (~2 долоо хоног)
PayGrid operations team verifies legitimacy. Sanctions screening on entity + officers. Background check.
-
Technical onboarding
X-Road client cert (if needed), mTLS client cert for PayGrid, JWT signing key (HSM-generated), HMAC secret for webhook signing, sandbox access.
-
Sandbox testing — mandatory 30 хоног
End-to-end test cases (per 13-TEST-VECTORS), webhook delivery test, failure mode test, performance test.
-
Production go-live
Contract sign + Mongolbank notification. Production cert issued. Limit ramp: Day 1 = 10M ₮/day, Week 2 = 100M, Month 2 = unlimited. 90 хоног нягт monitor.
Total onboarding time: 3-4 сар for new participant.
4. Merchant onboarding
Merchant нь өөрсдийнхөө PSP-д бүртгэгдэнэ — PayGrid биш.
Wallet/Bank/NBFI хийдэг үйл ажиллагаа
- KYB (business registration verify)
- AML screening
- Sanctions check
- PEP check
- Tax compliance verify
PSP merchant-руу олгоно
- PSP-issued IBAN (or bank account)
- PayGrid alias (
cafemonkey@gerege) - Static QR + PayLink generator
- Daily settlement schedule
- eBarimt VAT integration
PayGrid-д бүртгэгдэнэ
POST /v1/aliases (with PSP-signed attestation JWS)
PayGrid stores ONLY:
─ alias → IBAN → PSP mapping
─ KYC level metadata
─ Merchant category code (MCC)
─ Status (active/blocked/revoked)
PayGrid does NOT store:
✗ Merchant business name (only hash)
✗ Merchant owner identity
✗ Merchant transaction history (PSP retains)
5. Шимтгэл бүтэц
Per-transaction fees
| Type | Sender pays | Receiver pays | PayGrid revenue |
|---|---|---|---|
| P2P (User → User across PSPs) | 0 ₮ | 0 ₮ | ~50 ₮ per-message (paid by sending PSP) |
| P2M (User → Merchant) | 0 ₮ | ≤ 0.3% (cap 3,000 ₮) | 0.10% (rail) + per-msg + annual fees |
P2M fee split: 0.10% debtor PSP (acquiring) + 0.10% creditor PSP (issuing) + 0.10% PayGrid (rail).
Annual membership
- Tier 1 Participant: 100M ₮/жил
- Tier 2 Participant: 25M ₮/жил
- Sandbox: 0 ₮
Mongolbank-mandated fee transparency
- Бүх шимтгэл MN + EN-аар paygrid.mn-д нийтлэгдсэн
- Update-аар Mongolbank notification + 30 хоногийн notice
6. Маргаан шийдвэрлэх
Per-tx dispute стэйж
- PSP-PSP bilateral resolution (5 ажлын өдөр)
- PayGrid arbitration (10 ажлын өдөр)
- Mongolbank arbitration (final, ~30 хоног)
Жишээнүүд
| Dispute | Resolution |
|---|---|
| User claims unauthorized payment | PSP investigates SCA log; if Bank's e-ID Mongolia signature valid → user liable. If signature invalid → bank reimburses. |
| Merchant didn't deliver goods | Not PayGrid's concern (commercial dispute, off-platform). |
| Payment to wrong alias | Confirmation of Payee should have caught; if user ignored warning → user liable. |
| Operator error (PayGrid bug) | PayGrid liability fund covers. |
| Settlement delay > 1 цаг | PSP penalty + alert. |
7. Sanctions / fraud handling
Real-time screening
FRM screens every payment against:
─ OFAC SDN list (US)
─ EU sanctions list
─ UN sanctions list
─ Mongolbank consolidated sanctions list
Match → hard block + alert + audit log
Periodic refresh
- Daily refresh of sanctions lists
- Re-screen all aliases
- If existing alias matches new sanctions → revoke + notify PSP + audit
SAR (Suspicious Activity Report)
PayGrid suspicious pattern илрүүлэх — structuring, unusual velocity, geo anomaly, cross-PSP aggregation. Action:
- Flag for ML review
- Generate SAR
- Submit to Mongolian FIU within 24-72 цаг
- Notify originating PSP (suspect нь PSP биш бол)
8. Mongolbank reporting
Daily report
- Total volume per PSP
- Total tx count
- Largest tx
- SAR count
Monthly report
- Aggregated metrics
- Sanctions hits + dispositions
- Settlement reconciliation
- Dispute statistics
Annual report
- Audited financials
- Operational risk assessment
- Governance changes
- Roadmap updates
Бүх report-аас e-ID Mongolia-аар sign хийгдэнэ (PayGrid signing identity).
9. Termination
Voluntary withdrawal (60-хоногийн notice)
- Stop accepting new payments
- Settle outstanding obligations
- Revoke aliases (or transfer to another PSP if portable)
- Audit final accounts
- Sign termination agreement
Involuntary termination
Triggers: Sanctions / regulatory non-compliance · Operational instability (repeated outages) · Failure to maintain pre-funded balance · Fraud / criminal activity.
Process: Immediate suspension → 30-хоног investigation → hearing → final decision (Mongolbank approval required).
10. Open API + Developer portal
paygrid-developer.paygrid.mn:
─ OpenAPI 3.x specs
─ Postman collections
─ SDK documentation
─ Sandbox playground
─ Integration tutorials
─ Webhook tester
─ API key management (sandbox)
API rate limits:
Sandbox: 100 req/sec free
Production: per participant tier
Public API access (read-only):
─ Alias resolve (with rate limit)
─ Public participant directory
─ System status / SLA metrics
11. Compliance + audit
| Audit | Frequency | Body |
|---|---|---|
| Penetration test | Quarterly | Independent firm |
| Code security audit | Quarterly | Internal + external |
| SOC 2 readiness | Annually | Internal |
| SOC 2 Type II | Annually | Big 4 firm |
| ISO 27001 (target) | Phase 3+ | ISO certification body |
| ETSI 319 411-2 audit | Annually | ETSI-approved auditor |
| Mongolbank financial | Annually | Mongolbank or designated |
| Vulnerability scan | Continuous | Snyk / Dependabot |
12. Даатгал (Phase 3+)
- Cyber liability: 500B ₮
- Errors & omissions: 200B ₮
- Operational risk: 100B ₮
- Settlement default: PayGrid liability fund (capitalized 1B+ ₮)
Эх сурвалж: PLAN/10-GOVERNANCE.md.
Дараагийн хуудас: Стандартууд →