Compliance, operational robustness and resilience
A SEPA-compliant infrastructure
STEP2 complies with
- the four criteria for SEPA-compliant infrastructures defined by the ECB (processing capabilities, interoperability, reachability, choice of banks)
- the EPC Scheme Rulebooks and Implementation Guidelines for the SEPA Credit Transfer Scheme as well as for the SEPA Direct Debit Core and B2B Schemes
The STEP2-T system, on which the STEP2 SEPA Services are running, is designated under the Settlement Finality Directive (SFD) and settles in central bank money in TARGET2.
Following the identification of the STEP2-T system as a systemically important payment system under the ECB Regulation on oversight requirements for SIPS in August 2014 (SIPS Regulation), work geared at establishing compliance with these new requirements resulted in the submission of a self-assessment to the Overseer regarding each of the aspects to be covered in relation to the 17 Articles of the SIPS Regulation.
Resilience and business continuity
The STEP2 platform is a highly resilient processing system with full disaster recovery features and operational procedures that are regularly practised with the user community. It provides the following key benefits:
- A scalable processing engine: the STEP2 Services are based on a highly efficient and robust processing engine capable of handling all the SEPA traffic if needed.
- A highly experienced operator: the technical provider of STEP2 is SIA, one of the largest financial processors in Europe. The SIA processing environment offers state-of-the-art technology with exceptional resilience features.
- Three processing sites: the primary site maintained by SIA runs in cluster configuration with data sharing facility and a power distribution layout that has a fully radial configuration. The second processing site, also maintained by SIA, is equivalent to the primary site and works in a synchronous mode, meaning that all data is replicated in real time. A third processing site, which ensures business continuity in case of a regional disaster, was put in place by SIA and IBM and activated in January 2014.
- Three operations centres for system monitoring: EBA CLEARING runs three separate operations centres in different countries. Two of these independent sites operate in parallel mode during the processing day. The three sites are engaged in a regular rotation of shifts and ensure a constant monitoring of the different STEP2 Services.
- Customer support for operations-related queries and emergency situations: the Investigations and Customer Support Unit (ICU) is EBA CLEARING’s single point of contact for all operations-related queries.
- The Company also has several channels and tools in place for incident and crisis communication. While the common language is English, customer support is additionally provided in other languages by the multilingual staff.
- Crisis simulation exercises: hese exercises are organised by EBA CLEARING and SIA on an annual basis. Their main objective is to test the functionality of the disaster recovery arrangements, both in terms of file sending/receiving and connectivity to participants’ workstations.
- ISO 27001 certification: since January 2013, EBA CLEARING’s Information Security Management System, which is geared at managing and securing the Company’s information assets, has been certified as ISO 27001-compliant. In 2018, the Company’s Information Management System was re-certified to the new ISO 27001:2013 standard.