Compliance, operational robustness and resilience

STEP2 complies with 

• the four criteria for SEPA-compliant infrastructures defined by the ECB (processing capabilities, interoperability, reachability, choice of banks)
• the EPC Scheme Rulebooks and Implementation Guidelines for the SEPA Credit Transfer Scheme as well as for the SEPA Direct Debit Core and B2B Schemes

The European Central Bank designated STEP2-T as a Systemically Important Payment System (SIPS) under the ECB Regulation on oversight requirements for SIPS in August 2014. STEP2-T accordingly is subject to and complies with the highest oversight requirements.

The STEP2-T System, on which the STEP2 SEPA Services are running, is also designated under the Settlement Finality Directive (SFD) and settles in central bank money in TARGET. 

EBA CLEARING publishes a Disclosure Report detailing the compliance of STEP2-T with the SIPS Regulation and the Principles for Financial Market Infrastructures. Read the report.

STEP2 is a highly resilient processing system with full disaster recovery features and operational procedures that are regularly practised with the user community. It provides the following key benefits: 

• A scalable processing engine: the STEP2 Services are based on a highly efficient and robust processing engine capable of handling all the SEPA traffic if needed. 
• A highly experienced operator: the technical provider of STEP2 is Nexi Payments, one of the largest financial processors in Europe. The Nexi Payments processing environment offers state-of-the-art technology with exceptional resilience features. 
• Three processing sites: the primary site maintained by Nexi Payments runs in cluster configuration with a data sharing facility and a power distribution layout that has a fully radial configuration. The second processing site, also maintained by Nexi Payments, is equivalent to the primary site and works in a synchronous mode, meaning that all data is replicated in real time. A third processing site, which ensures business continuity in case of a regional disaster, was put in place by Nexi Payments and IBM and activated in January 2014. 
• Three operations centres for system monitoring: EBA CLEARING runs three separate operations centres in different countries. Two of these independent sites operate in parallel mode during the processing day. The three sites are engaged in a regular rotation of shifts and ensure a constant monitoring of the different STEP2 Services. 
• Customer support for operations-related queries and emergency situations: the Investigations and Customer Support Unit (ICU) is EBA CLEARING’s single point of contact for all operations-related queries.
• The Company also has several channels and tools in place for incident and crisis communication. While the common language is English, customer support is additionally provided in other languages by the multilingual staff. 
• Crisis simulation exercises: these exercises are organised by EBA CLEARING and Nexi Payments on an annual basis. Their main objective is to test the functionality of the disaster recovery arrangements, both in terms of file sending/receiving and connectivity to participants’ workstations. 
• ISO 27001 certification: since January 2013, EBA CLEARING’s Information Security Management System, which is geared at managing and securing the Company’s information assets, has been certified as ISO 27001-compliant. In 2022, the Company’s Information Management System was re-certified to the new ISO 27001:2013 standard.