TARGET2 is the real-time gross settlement system (RTGS) for the Eurozone. It is operated by the European Central Bank (ECB) and is used by banks to process large-value euro payments in real-time. Beyond the SWIFT Customer Security Programme (CSP), these are the recommended Target2 security requirements:
- Compliance with regulations: Adhere to the relevant laws, regulations, and standards such as the EU General Data Protection Regulation (GDPR), the Payment Services Directive 2 (PSD2), and the Network and Information Systems (NIS) Directive, plus SWIFT CSP’s self-reporting mechanism.
- Security policies and procedures: Develop and implement comprehensive cybersecurity policies and procedures, covering aspects like risk management, incident response, and disaster recovery.
- Risk assessment: Conduct regular risk assessments to identify, evaluate, and mitigate potential vulnerabilities in the organization’s infrastructure, systems, and processes.
- Access control: Implement robust access control measures to ensure that only authorized personnel can access sensitive information and systems.
- Data encryption: Encrypt sensitive data, both in transit and at rest, to protect it from unauthorized access or tampering.
- Network security: Establish strong network security measures, including firewalls, intrusion detection and prevention systems, and secure communication protocols.
- Patch management: Regularly update and patch software and hardware to protect against known vulnerabilities.
- Employee training: Train employees on cybersecurity best practices, the importance of following security policies, and how to recognize and report potential threats or incidents.
- Multi-factor authentication: Require multi-factor authentication for access to sensitive systems and information.
- Third-party risk management: Assess the cybersecurity posture of third-party providers and partners and establish contractual requirements for them to maintain appropriate security measures.
- Security monitoring and incident response: Implement continuous security monitoring and establish an incident response plan to detect, contain, and remediate security incidents in a timely manner.
- Regular security audits and testing: Conduct regular security audits and penetration testing to identify and address potential vulnerabilities and ensure compliance with security policies and procedures.
These guidelines are not exhaustive, and TARGET2 customers should consult with the ECB and relevant regulatory authorities for specific cybersecurity requirements that apply to their operations.