TARGET2 is a systemically important payment system and a service relevant for the Eurosystem’s statutory tasks of promoting the smooth operation of payment systems, implementing monetary policy and maintaining financial stability.
Considerable attention was paid to operational risk management aspects in the system’s design and development phase. A comprehensive risk management framework was developed for TARGET2. This Information Security Management System is based on the internationally recognised standard ISO/IEC 27002:2005.
Given its cross-system and cross-participant interdependencies, a failure in TARGET2 could easily spread across financial markets and ultimately have systemic implications beyond the euro area. In order to adequately address this risk, particular emphasis was placed on the implementation of an effective business continuity management programme.
To ensure a high level of resilience and thus the availability of the system in all circumstances, TARGET2 was established on the basis of a “two regions – four sites” principle. This means that its operational facilities are located in two distinct regions of Europe, and in each region there are two separate operational centres in locations with different risk profiles. Both regions are permanently staffed, and responsibility for live operations is periodically rotated between the regions.
As the system operator, the Eurosystem aims to ensure that, in the event of a failure in the primary region, operations can be resumed in the secondary region within two hours. In the event of such a failure, the operational day will be completed with a maximum delay of two hours.
Business continuity procedures, contingency procedures and crisis management arrangements are all tested at regular intervals.
In the unlikely event that business continuity and resilience measures are not sufficient, the Eurosystem has developed contingency procedures in close cooperation with the user community. These ensure that the systemically important business continues, i.e. (very) critical payments, in the event that a TARGET2 entity (a bank, an ancillary system, a central bank or the Single Shared Platform) suffers an operational problem.
Most contingency measures include the participation of the central banks, which will assist their TARGET2 participants. The means and procedures which the participant needs to follow to send payment transactions to its central bank are nationally agreed and differ from one national TARGET2 component to another. Please contact your National Service Desk for more details.
Various contingency procedures can be activated depending on the source and the impact of the failure:
Given that an operational failure by a participant could potentially have an adverse impact on the smooth functioning of TARGET2 as a whole, the Eurosystem’s risk management framework also includes measures focusing primarily on the security and operational reliability of critical participants. These critical participants need to comply with and test detailed business continuity and contingency and information security requirements.
The concepts of critical participants and (very) critical payments, and the various contingency procedures are defined and described in length in the Information Guide for TARGET2 users.