Business continuity and contingency
TARGET2 is a systemically important payment system and a service relevant for the Eurosystem’s statutory tasks of promoting the smooth operation of payment systems, implementing monetary policy and maintaining financial stability.
Operational centres in different locations
Operational risk management
Considerable attention was paid to operational risk management aspects in the system’s design and development phase. A comprehensive risk management framework was developed for TARGET2. This Information Security Management System is based on the internationally recognised standard ISO/IEC 27002:2005.
Business continuity management programme
Given its cross-system and cross-participant interdependencies, a failure in TARGET2 could easily spread across financial markets and ultimately have systemic implications beyond the euro area. In order to adequately address this risk, particular emphasis was placed on the implementation of an effective business continuity management programme.
Different locations of the operational centres
To ensure a high level of resilience and thus the availability of the system in all circumstances, TARGET2 was established on the basis of a “two regions – four sites” principle. This means that its operational facilities are located in two distinct regions of Europe, and in each region there are two separate operational centres in locations with different risk profiles. Both regions are permanently staffed, and responsibility for live operations is periodically rotated between the regions.
As the system operator, the Eurosystem aims to ensure that, in the event of a failure in the primary region, operations can be resumed in the secondary region within two hours. In the event of such a failure, the operational day will be completed with a maximum delay of two hours.
Business continuity procedures, contingency procedures and crisis management arrangements are all tested at regular intervals.
In the unlikely event that business continuity and resilience measures are not sufficient, the Eurosystem has developed contingency procedures in close cooperation with the user community. These ensure that the systemically important business continues, i.e. (very) critical payments, in the event that a TARGET2 entity (a bank, an ancillary system, a central bank or the Single Shared Platform) suffers an operational problem.
Most contingency measures include the participation of the central banks, which will assist their TARGET2 participants. The means and procedures which the participant needs to follow to send payment transactions to its central bank are nationally agreed and differ from one national TARGET2 component to another. Please contact your National Service Desk for more details.
Various contingency procedures can be activated depending on the source and the impact of the failure:
Img 1: Failure at Target2 participant
- If a TARGET2 participant suffers an operational problem, the back-up functionality can be activated by its central bank, allowing the participant to send payments through the Information and Control Module (ICM) (see image 1).
- If a TARGET2 participant no longer has access to the ICM, its central bank can “act on its behalf” and enter payments for this participant (see image 1).
Img 2: Failure at NSD
- If a TARGET2 participant and its central bank do not have access to the ICM, the Single Shared Platform (SSP) itself can act “on behalf” of the central bank which wants to enter payments “on behalf” of a TARGET2 participant which has an operational problem (see image 2).
Img 3: Failure at SWIFT
- If the SWIFT network is out, the central banks can communicate through a central bank contingency network with the SSP. In the extremely unlikely event that the contingency network fails at the same time as SWIFT, the SSP operators can still enter payments “on behalf” of the central banks which want to enter payments “on behalf” of their TARGET2 participants (see image 3).
Img 4: Failure at SSP
- If the Single Shared Platform is out, the Eurosystem can activate the Contingency Module (CM), which operates from another infrastructure and another region and has a different risk profile to that of the SSP. The CM is accessible only for central banks which will enter (very) critical payments “on behalf” of their TARGET2 participants (see image 4).
- In any scenario the Eurosystem crisis managers may decide to delay the closing of the TARGET2 business day if they consider this in the interest of the smooth functioning of TARGET2, e.g. an operational failure and delay at a major ancillary system (AS), or during or after an SSP outage to allow for backlog processing (see image 4).
Given that an operational failure by a participant could potentially have an adverse impact on the smooth functioning of TARGET2 as a whole, the Eurosystem’s risk management framework also includes measures focusing primarily on the security and operational reliability of critical participants. These critical participants need to comply with and test detailed business continuity and contingency and information security requirements.
The concepts of critical participants and (very) critical payments, and the various contingency procedures are defined and described in length in the Information Guide for TARGET2 users.