The European Central Bank (ECB) has today published the report that presents the results of Deloitte’s independent review of incidents that affected TARGET2 and TARGET2 Securities in 2020.
The Eurosystem’s response accepts Deloitte’s general conclusions and recommendations made in the review and commits to implement them.
The ECB announced the launch of an independent review in November 2020 after an incident, which affected TARGET2 on 23 October 2020, caused an extended outage. In total, five major information technology (not cyber) related incidents occurred in 2020, affecting payment transactions and securities processing of the TARGET Services that are under the responsibility of the Eurosystem and operated by four service-providing national central banks (Deutsche Bundesbank, Banco de España, Banque de France and Banca d’Italia).
The independent review describes the incidents in detail, outlines their consequences for TARGET Services participants and identifies their root causes. It lists weaknesses in several areas, including business continuity management, fail-over and recovery testing, and communication protocols in crisis situations. Based on these findings, the review issues 18 detailed recommendations.
Measures addressing several recommendations have already been agreed or implemented. For example, in 2020 the Eurosystem decided to establish a more comprehensive second line of defence for all the TARGET Services, which has already been partially implemented, and which will be fully operational by the end of 2021. The Eurosystem has also improved its external communication with market participants after dedicated industry workshops that were held in the first quarter of 2021.
The Eurosystem is committed to decisively implement the other recommendations as soon as possible, as also stated in its response. Market participants will be kept informed about the deployment of the measures.