5.10.2010 |
EN |
Official Journal of the European Union |
L 261/6 |
GUIDELINE OF THE EUROPEAN CENTRAL BANK
of 15 September 2010
amending Guideline ECB/2007/2 on a Trans-European Automated Real-time Gross settlement Express Transfer system (TARGET2)
(ECB/2010/12)
(2010/593/EU)
THE GOVERNING COUNCIL OF THE EUROPEAN CENTRAL BANK,
Having regard to the Treaty on the Functioning of the European Union, and in particular Article 127(2) thereof,
Having regard to the Statute of the European System of Central Banks and of the European Central Bank, and in particular Article 3.1 and Articles 17, 18 and 22 thereof,
Whereas:
(1) |
The Governing Council of the European Central Bank (ECB) adopted Guideline ECB/2007/2 of 26 April 2007 on a Trans-European Automated Real-time Gross settlement Express Transfer system (TARGET2) (1) governing TARGET2 which is characterised by a single technical platform called the Single Shared Platform (SSP). |
(2) |
Amendments should be made to Guideline ECB/2007/2: (a) to take into account the updates for TARGET2 release 4.0, in particular to allow participants to access one or more PM accounts using Internet-based access; and (b) to reflect a number of technical changes following the entry into force of the Treaty on the Functioning of the European Union and clarify a few issues, |
HAS ADOPTED THIS GUIDELINE:
Article 1
Guideline ECB/2007/2 is amended as follows:
1. |
Article 1(1) is replaced by the following: ‘1. TARGET2 provides real-time gross settlement for payments in euro, with settlement in central bank money. It is established and functions on the basis of the SSP, through which all payment orders are submitted and processed and through which payments are ultimately received in the same technical manner.’ |
2. |
Article 2 is amended as follows:
|
3. |
Article 6(1) and (2) are replaced by the following: ‘1. Each participating NCB shall adopt arrangements implementing the Harmonised Conditions for participation in TARGET2 that are laid down in Annex II, and the Supplemental and Modified Harmonised Conditions for participation in TARGET2 using Internet-based access that are laid down in Annex V. These arrangements shall exclusively govern the relationship between the relevant participating NCB and its participants in respect of the processing of payments in the PM. A PM account can be accessed using either Internet-based access or via the network service provider. These two methods of accessing a PM account shall be mutually exclusive, although a participant may choose to have one or more PM accounts, each of which will be accessible by either the Internet or the network service provider. 2. The ECB shall adopt the terms and conditions of TARGET2-ECB by implementing Annex II except that TARGET2-ECB shall only provide services to clearing and settlement organisations, including entities established outside the EEA, provided that they are subject to oversight by a competent authority and their access to TARGET2-ECB has been approved by the Governing Council.’ |
4. |
Article 8(1) is replaced by the following: ‘1. The Eurosystem CBs shall provide fund transfer services in central bank money to ancillary systems in the PM accessed through the network service provider or, during the transition period and if applicable, on Home Accounts. Such services shall be governed by bilateral arrangements between the Eurosystem CBs and the respective ancillary systems.’ |
5. |
Article 10(1) is replaced by the following: ‘1. The Governing Council shall specify the security policy and security requirements and controls for the SSP and, during the transition period, for the Home Account technical infrastructure. The Governing Council shall also specify the principles applicable to the security of certificates used for Internet-based access.’ |
6. |
Article 16(2) is replaced by the following: ‘2. The participating NCBs shall by 31 July 2007 or respectively a date to be specified by the Governing Council send to the ECB the measures by which they intend to comply with this Guideline.’ |
7. |
The Annexes to Guideline ECB/2007/2 are amended in accordance with Annex I to this Guideline. |
8. |
Annex V is added to Guideline ECB/2007/2 in accordance with Annex II to this Guideline. |
Article 2
Entry into force
This Guideline shall enter into force two days after its adoption. It shall apply from 22 November 2010.
Article 3
Addressees and implementing measures
1. This Guideline is addressed to all Eurosystem central banks.
2. The participating NCBs shall by 7 October 2010 send to the ECB the measures by which they intend to comply with this Guideline.
Done at Frankfurt am Main, 15 September 2010.
For the Governing Council of the ECB
The President of the ECB
Jean-Claude TRICHET
ANNEX I
1.
Annex I to Guideline ECB/2007/2 is amended as follows:in Annex I, point 7 of the table is replaced by the following:
‘7. Operation |
||||||||||||||||||||||
|
|
|
2.
Annex II to Guideline ECB/2007/2 is amended as follows:
1. |
Article 1 is amended as follows:
|
2. |
Article 4 is amended as follows:
|
3. |
Article 32(4) is replaced by the following: ‘4. The [insert name of CB] shall keep complete records of payment orders submitted and payments received by participants for a period of [insert period required by relevant national law] from the time at which such payment orders are submitted and payments are received, provided that such complete records shall cover a minimum of five years for any participant in TARGET2 that is subject to continuous vigilance pursuant to restrictive measures adopted by the Council of the European Union or Member States, or more if required by specific regulations.’; |
4. |
Article 34(2) is amended as follows:
|
5. |
in Article 38(2), the term ‘Community’ is replaced by the term ‘Union’; |
6. |
Article 39(1) is replaced by the following: ‘1. Participants shall be deemed to be aware of, and shall comply with, all obligations on them relating to legislation on data protection, prevention of money laundering and the financing of terrorism, proliferation-sensitive nuclear activities and the development of nuclear weapons delivery systems, in particular in terms of implementing appropriate measures concerning any payments debited or credited on their PM accounts. Participants shall also acquaint themselves with the network service provider’s data retrieval policy prior to entering into the contractual relationship with the network service provider.’; |
7. |
in Article 40(1), the term ‘SWIFT’ is replaced by the term ‘BIC’; |
8. |
Article 44(2) is replaced by the following: ‘2. Without prejudice to the competence of the Court of Justice of the European Union, any dispute arising from a matter relating to the relationship referred to in paragraph 1 falls under the exclusive competence of the competent courts of [insert place of the seat of the CB].’; |
9. |
in Appendix I, the last three rows of the table in paragraph 2(1) are replaced by the following:
|
10. |
in Appendix V, the last row of the table in paragraph 3 is replaced by the following:
|
3.
Annex III to Guideline ECB/2007/2 is amended as follows:
1. |
the following definitions are replaced:
(*2) OJ L 332, 31.12.1993, p. 1.’ "
|
2. |
Paragraph 1 is replaced by the following:
|
3. |
Paragraph 4 is replaced by the following:
|
4. |
Paragraph 12 is replaced by the following:
|
4.
Annex IV to Guideline ECB/2007/2 is amended as follows:
1. |
Paragraph 9(4) is replaced by the following:
|
2. |
Paragraph 10(4) is replaced by the following:
|
3. |
Paragraph 11(5) is replaced by the following:
|
4. |
Paragraph 12(9) is replaced by the following:
|
5. |
Paragraph 13(3) is replaced by the following:
|
6. |
Paragraph 14(2) is replaced by the following:
|
7. |
Paragraph 14(7)(c) is replaced by the following:
|
8. |
in paragraph 14(12), the second subparagraph is replaced by the following: ‘The AS initiating the payment instruction and the other AS shall be notified on completion of the settlement. If they so request, settlement banks shall be notified of successful settlement via a SWIFT MT 900 or MT 910 message. Participants using Internet-based access shall be informed by a message on the ICM.’; |
9. |
in paragraph 14(13), the second subparagraph is replaced by the following: ‘The AS initiating the payment instruction and the other AS shall be notified on completion of the settlement. If they so request, settlement banks shall be notified of successful settlement via a SWIFT MT 900 or MT 910 message. Participants using Internet-based access shall be informed by a message on the ICM.’; |
10. |
in paragraph 14(17), the second subparagraph is replaced by the following: ‘The AS initiating the payment instruction and the other AS shall be notified on completion of the settlement. If they so request, settlement banks shall be notified of successful settlement via a SWIFT MT 900 or MT 910 message. Participants using Internet-based access shall be informed by a message on the ICM.’; |
11. |
in paragraph 14(18), the second subparagraph is replaced by the following: ‘The AS initiating the payment instruction and the other AS shall be notified on completion of the settlement. If they so request, settlement banks shall be notified of successful settlement via a SWIFT MT 900 or MT 910 message. Participants using Internet-based access shall be informed by a message on the ICM.’ |
ANNEX II
The following Annex V is added:
‘ANNEX V
SUPPLEMENTAL AND MODIFIED HARMONISED CONDITIONS FOR PARTICIPATION IN TARGET2 USING INTERNET-BASED ACCESS
Article 1
Scope
The Conditions set out in Annex II apply to participants using Internet-based access to access one or more PM accounts subject to the provisions of this Annex.
Article 2
Definitions
For the purposes of this Annex, in addition to the definitions laid down in Annex II, the following definitions apply:
— |
“certification authorities” means one or more NCBs designated as such by the Governing Council to act on behalf of the Eurosystem to issue, manage, revoke and renew electronic certificates, |
— |
“electronic certificates” or “certificates” means an electronic file, issued by the certification authorities, that binds a public key with an identity and which is used for the following: to verify that a public key belongs to an individual, to authenticate the holder, to check a signature from this individual or to encrypt a message addressed to this individual. Certificates are held on a physical device such as a smart card or USB stick, and references to certificates include such physical devices. The certificates are instrumental in the authentication process of the participants accessing TARGET2 through the Internet and submitting payment messages or control messages, |
— |
“certificate holder” means a named, individual person, identified and designated by a TARGET2 participant as authorised to have Internet-based access to the participant’s TARGET2 account. Their application for certificates will have been verified by the participant’s home NCB and transmitted to the certification authorities, which will in turn have delivered certificates binding the public key with the credentials that identify the participant, |
— |
“Internet-based access” means that the participant has opted for a PM account that can only be accessed via the Internet and the participant submits payment messages or control messages to TARGET2 by means of the Internet, |
— |
“Internet service provider” means the company or organisation, i.e. the gateway, used by the TARGET2 participant for the purpose of accessing their TARGET2 account using Internet-based access. |
Article 3
Inapplicable provisions
The following provisions of Annex II shall not apply with regard to Internet-based access:
Article 4(1)(c) and (2)(d); Article 5(2), (3) and (4); Articles 6 and 7; Article 11(8); Article 14(1)(a); Article 17(2); Articles 23 to 26; Article 41; and Appendices I, VI and VII.
Article 4
Supplemental and modified provisions
The following provisions of Annex II shall apply with regard to Internet-based access as modified below:
1. |
Article 2(1) is replaced by the following: “1. The following Appendices form an integral part of these Conditions and apply to participants accessing a PM account using Internet-based access: Appendix IA to Annex V: Technical specifications for the processing of payment orders for Internet-based access Appendix IIA to Annex V: Fee schedule and invoicing for Internet-based access Appendix II: TARGET2 compensation scheme Appendix III: Terms of reference for capacity and country opinions Appendix IV, except paragraph 7(b) thereof: Business continuity and contingency procedures Appendix V: Operating schedule” |
2. |
Article 3 is modified as follows:
|
3. |
Article 4(2)(e) is replaced by the following:
|
4. |
Article 8 is modified as follows:
|
5. |
Article 9 is modified as follows:
|
6. |
Article 10 is modified as follows:
|
7. |
Article 11 is modified as follows:
|
8. |
Article 12(7) is replaced by the following: “7. The [insert name of CB] shall make available a daily statement of accounts to any participant that has opted for such service.” |
9. |
Article 13(b) is replaced by the following;
|
10. |
Article 14(1)(b) is replaced by the following:
|
11. |
Article 16(2) is replaced by the following: “2. Participants using Internet-based access shall not be allowed to use the AL group functionality in respect of their Internet-accessible PM account, or to combine that Internet-accessible PM account with any other TARGET2 account they hold. Limits may only be set in relation to an AL group in its entirety. Limits shall not be set in relation to a single PM account of an AL group member.” |
12. |
Article 18(3) is replaced by the following: “3. When the Latest Debit Time Indicator is used, the accepted payment order shall be returned as non-settled if it cannot be settled by the indicated debit time. 15 minutes prior to the defined debit time, the instructing participant shall be informed via the ICM, rather than sent an automatic notification via the ICM. Instructing participant may also use the Latest Debit Time Indicator solely as a warning indicator. In such cases, the payment order concerned shall not be returned.” |
13. |
Article 21(4) is replaced by the following: “4. At the request of a payer, the [insert name of CB] may decide to change the queue position of a highly urgent payment order (except for highly urgent payment orders in the context of settlement procedures 5 and 6) provided that this change would not affect the smooth settlement by ancillary systems in TARGET2 or would not otherwise give rise to systemic risk.” |
14. |
Article 28 is modified as follows:
|
15. |
Article 29 is replaced by the following: “Article 29 Use of the ICM 1. The ICM:
2. Further technical details relating to the ICM to be used in connection with Internet-based access are contained in Appendix IA to Annex V.” |
16. |
Article 32 is modified as follows:
|
17. |
Article 34(4)(c) is replaced by the following:
|
18. |
Article 39(1) is replaced by the following: “1. Participants shall be deemed to be aware of, and shall comply with, all obligations on them relating to legislation on data protection, prevention of money laundering and the financing of terrorism, proliferation-sensitive nuclear activities and the development of nuclear weapons delivery systems, in particular in terms of implementing appropriate measures concerning any payments debited or credited on their PM accounts. Prior to entering into a contractual relationship with an Internet service provider, participants using Internet-based access shall acquaint themselves with that Internet service provider’s data retrieval policy.” |
19. |
Article 40(1) is replaced by the following: “1. Except where otherwise provided for in these Conditions, all notices required or permitted pursuant to these Conditions shall be sent by registered post, facsimile or otherwise in writing. Notices to the [insert name of CB] shall be submitted to the head of the [insert payment systems department or relevant CB unit] of [insert name of CB], [include relevant address of CB] or to the [insert BIC address of the CB]. Notices to the participant shall be sent to it at the address, fax number or its BIC address as the participant may from time to time notify to the [insert name of CB].” |
20. |
Article 45 is replaced by the following: “Article 45 Severability If any provision in these Conditions or Annex V is or becomes invalid, this shall not prejudice the applicabilityof all the other provisions of these Conditions or Annex V.” |
Appendix IA
TECHNICAL SPECIFICATIONS FOR THE PROCESSING OF PAYMENT ORDERS FOR INTERNET-BASED ACCESS
In addition to the Conditions, the following rules shall apply to the processing of payment orders using Internet-based access:
1. Technical requirements for participation in TARGET2-[insert CB/country reference] regarding infrastructure, network and formats
(1) |
Each participant using Internet-based access must connect to the ICM of TARGET2 using a local client, operating system and Internet browser as specified in the Annex “Internet-based participation – System requirements for Internet access” to the User Detailed Functional Specifications (UDFS), with settings defined. Each participant’s PM account shall be identified by an eight- or 11-digit BIC. Furthermore, each participant shall pass a series of tests to prove its technical and operational competence before it may participate in TARGET2-[insert CB/country reference]. |
(2) |
For the submission of payment orders and the exchange of payment messages in the PM the TARGET2 platform BIC, TRGTXEPMLVP, will be used as the message sender/receiver. Payment orders sent to a participant using Internet-based access should identify that receiving participant in the beneficiary institution field. Payment orders made by a participant using Internet-based access will identify that participant as the ordering institution. |
(3) |
Participants using Internet-based access shall use public key infrastructure services as specified in the “User Manual: Internet Access for the public-key certification service”. |
2. Payment message types
(1) |
Internet-based participants can make the following types of payments:
In addition, participants using Internet-based access to a PM account can receive direct debit orders. |
(2) |
Participants shall comply with the field specifications, as defined in Chapter 9.1.2.2 of the UDFS, Book 1. |
(3) |
Field contents shall be validated at the level of TARGET2-[insert country/CB reference] in accordance with the UDFS requirements. Participants may agree among each other on specific rules regarding the field contents. However, in TARGET2-[insert country/CB reference] there shall be no specific checks as to whether participants comply with any such rules. |
(4) |
Participants using Internet-based access may make cover payments via TARGET2, i.e. payments made by correspondent banks to settle (cover) credit transfer messages which are submitted to a customer’s bank by other, more direct means. Customer details contained in these cover payments shall not be displayed in the ICM. |
3. Double-entry check
(1) |
All payment orders shall pass a double-entry check, the aim of which is to reject payment orders that have been submitted more than once by mistake. |
(2) |
The following fields of the message types shall be checked:
|
(3) |
If all the fields described in subparagraph 2 in relation to a newly submitted payment order are identical to those in relation to a payment order that has already been accepted, the newly submitted payment order shall be returned. |
4. Error codes
If a payment order is rejected, an abort notification shall be provided via the ICM indicating the reason for the rejection by using error codes. The error codes are defined in Chapter 9.4.2 of the UDFS.
5. Predetermined settlement times
(1) |
For payment orders using the Earliest Debit Time Indicator, the codeword “/FROTIME/” shall be used. |
(2) |
For payment orders using the Latest Debit Time Indicator, two options shall be available.
(a) Codeword “/REJTIME/”: if the payment order cannot be settled by the indicated debit time, the payment order shall be returned. (b) Codeword “/TILTIME/”: if the payment order cannot be settled by the indicated debit time, the payment order shall not be returned but shall be kept in the relevant queue. Under both options, if a payment order with a Latest Debit Time Indicator is not settled 15 minutes prior to the time indicated therein, a notification shall automatically be provided via the ICM. |
(3) |
If the codeword “/CLSTIME/” is used, the payment shall be treated in the same way as a payment order referred to in subparagraph 2(b). |
6. Settlement of payment orders in the entry disposition
(1) |
Offsetting checks and, if appropriate, extended offsetting checks (both terms as defined in paragraphs 2 and 3) shall be carried out on payment orders entered into the entry disposition to provide quick, liquidity-saving gross settlement of payment orders. |
(2) |
An offsetting check shall determine whether the payee’s payment orders that are at the front of the highly urgent or, if inapplicable, the urgent queue are available to be offset against the payer’s payment order (hereinafter “offsetting payment orders”). If an offsetting payment order does not provide sufficient funds for the respective payer’s payment order in the entry disposition, it shall be determined whether there is sufficient available liquidity on the payer’s PM account. |
(3) |
If the offsetting check fails, the [insert name of CB] may apply an extended offsetting check. An extended offsetting check determines whether offsetting payment orders are available in any of the payee’s queues regardless of when they joined the queue. However, if in the queue of the payee there are higher priority payment orders addressed to other TARGET2 participants, the FIFO principle may only be breached if settling such an offsetting payment order would result in a liquidity increase for the payee. |
7. Settlement of payment orders in the queue
(1) |
The treatment of payment orders placed in queues depends on the priority class to which it was designated by the instructing participant. |
(2) |
Payment orders in the highly urgent and urgent queues shall be settled by using the offsetting checks described in paragraph 6, starting with the payment order at the front of the queue in cases where there is an increase in liquidity or there is an intervention at queue level (change of queue position, settlement time or priority, or revocation of the payment order). |
(3) |
Payments orders in the normal queue shall be settled on a continuous basis including all highly urgent and urgent payment orders that have not yet been settled. Different optimisation mechanisms (algorithms) are used. If an algorithm is successful, the included payment orders will be settled; if an algorithm fails, the included payment orders will remain in the queue. Three algorithms (1 to 3) shall be applied to offset payment flows. By means of Algorithm 4, settlement procedure 5 (as defined in Chapter 2.8.1 of the UDFS) shall be available for the settlement of payment instructions of ancillary systems. To optimise the settlement of highly urgent ancillary system transactions on participants’ sub-accounts, a special algorithm (Algorithm 5) shall be used.
|
(4) |
Payment orders entered into the entry disposition after the start of any of algorithms 1 to 4 may nevertheless be settled immediately in the entry disposition if the positions and limits of the TARGET2 participants’ PM accounts concerned are compatible with both the settlement of these payment orders and the settlement of payment orders in the current optimisation procedure. However, two algorithms shall not run simultaneously. |
(5) |
During daytime processing the algorithms shall run sequentially. As long as there is no pending simultaneous multilateral settlement of an ancillary system, the sequence shall be as follows:
When simultaneous multilateral settlement (‘procedure 5’) in relation to an ancillary system is pending, Algorithm 4 shall run. |
(6) |
The algorithms shall run flexibly by setting a pre-defined time lag between the application of different algorithms to ensure a minimum interval between the running of two algorithms. The time sequence shall be automatically controlled. Manual intervention shall be possible. |
(7) |
While included in a running algorithm, a payment order shall not be reordered (change of the position in a queue) or revoked. Requests for reordering or revocation of a payment order shall be queued until the algorithm is complete. If the payment order concerned is settled while the algorithm is running, any request to reorder or revoke shall be rejected. If the payment order is not settled, the participant’s requests shall be taken into account immediately. |
8. Use of the ICM
(1) |
The ICM may be used for inputting payment orders. |
(2) |
The ICM may be used for obtaining information and managing liquidity. |
(3) |
With the exception of warehoused payment orders and static data information, only data in relation to the current business day shall be available via the ICM. The screens shall be offered in English only. |
(4) |
Information shall be provided in “pull” mode, which means that each participant has to ask to be provided with information. Participants shall check the ICM regularly throughout the business day for important messages. |
(5) |
Only user-to-application mode (U2A) shall be available for participants using Internet-based access. U2A permits direct communication between a participant and the ICM. The information is displayed in a browser running on a PC. Further details are described in the ICM User Handbook. |
(6) |
Each participant shall have at least one workstation with Internet access to access the ICM via U2A. |
(7) |
Access rights to the ICM shall be granted by using certificates, the use of which is described more fully in paragraphs 10 to 13. |
(8) |
Participants may also use the ICM to transfer liquidity:
|
9. The UDFS, the ICM User Handbook and the “User Manual: Internet Access for the Public Key Certification Service”
Further details and examples explaining the above rules are contained in the UDFS and the ICM User Handbook, as amended from time to time and published on the [insert name of CB]’s website and the TARGET2 website in English, and in the “User Manual: Internet Access for the Public Key Certification Service”.
10. Issuance, suspension, reactivation, revocation and renewal of certificates
(1) |
The participant shall request from [insert name of CB] the issuance of certificates to allow them to access TARGET2 [insert CB/country reference] using Internet-based access. |
(2) |
The participant shall request from [insert name of CB] the suspension and reactivation of certificates, as well as the revocation and renewal of certificates, when a certificate holder no longer wishes to have access to TARGET2 or if the participant ceases its activities in TARGET2-[insert CB/country reference] (e.g. as the result of a merger or acquisition). |
(3) |
The participant shall adopt every precaution and organisational measure to ensure that certificates are used only in conformity with the Harmonised Conditions. |
(4) |
The participant shall promptly notify [insert name of CB] of any material change to any of the information contained in the forms submitted to [insert name of CB] in connection with the issuance of certificates. |
(5) |
The participant may have a maximum of five active certificates for each PM account. Upon request, the [insert name of the CB] may, at its discretion, apply for the issuance of further certificates from the certification authorities. |
11. Handling of certificates by the participant
(1) |
The participant shall ensure the safekeeping of all certificates and adopt robust organisational and technical measures to avoid injury to third parties and to ensure that each certificate is only used by the specific certificate holder to which it was issued. |
(2) |
The participant shall promptly provide all information requested by [insert name of CB] and guarantee the reliability of that information. Participants shall at all times remain fully responsible for the continued accuracy of all information provided to [insert name of CB] in connection with the issuance of certificates. |
(3) |
The participant shall assume full responsibility for ensuring that all of its certificate holders keep their assigned certificates separate from the secret PIN and PUK codes. |
(4) |
The participant shall assume full responsibility for ensuring that none of its certificate holders use the certificates for functions or purposes other than those for which the certificates were issued. |
(5) |
The participant shall immediately inform [insert name of CB] of any request and rationale for suspension, reactivation, revocation or renewal of certificates. |
(6) |
The participant shall immediately request [insert name of CB] to suspend any certificates, or the keys contained therein, that are defective or that are no longer in the possession of its certificate holders. |
(7) |
The participant shall immediately notify the [insert name of CB] of any loss or theft of certificates. |
12. Security Requirements
(1) |
The computer system that a participant uses to access TARGET2 using Internet-based access shall be located in premises owned or leased by the participant. Access to TARGET2-[insert CB/country reference] shall only be allowed from such premises, and, for the avoidance of doubt, no remote access shall be allowed. |
(2) |
The participant shall run all software on computer systems that are installed and customised in accordance with current international IT security standards, which as a minimum shall include the requirements detailed in paragraphs 12(3) and 13(4). The participant shall establish appropriate measures, including in particular anti-virus and malware protection, anti-phishing measures, hardening, and patch management procedures. All such measures and procedures shall be regularly updated by the participant. |
(3) |
The participant shall establish an encrypted communication link with TARGET2-[insert CB/country reference] for Internet access. |
(4) |
User computer accounts in the participant’s workstations shall not have administrative privileges. Privileges shall be assigned in accordance with the “least privilege” principle. |
(5) |
The participant shall at all times protect the computer systems used for TARGET2-[insert CB/country reference] Internet access as follows:
|
(6) |
The participant shall ensure that its certificate holders at all times follow secure browsing practices, including:
|
(7) |
The participant shall at all times implement the following management principles to alleviate risks to its system:
|
13. Additional security requirements
(1) |
The participant shall at all times ensure by means of appropriate organisational and/or technical measures that user IDs disclosed for the purpose of controlling access rights (Access Right Review) are not abused, and, in particular, that no unauthorised persons gain knowledge of them. |
(2) |
The participant shall have in place a user administration process to ensure the immediate and permanent deletion of the related user ID in the event that an employee or other user of a system on the premises of a participant leaves the participant’s organisation. |
(3) |
The participant shall have in place a user administration process and shall immediately and permanently block user IDs that are in any way compromised, including in cases where certificates are lost or stolen, or where a password has been phished. |
(4) |
If a participant is unable to eliminate security-related faults or configuration errors (e.g. resulting from malware infected systems) after three occurrences, the SSP-providing CBs may permanently block all the participant’s user IDs. |
Appendix IIA
FEE SCHEDULE AND INVOICING FOR INTERNET-BASED ACCESS
Fees for direct participants
1. |
The monthly fee for the processing of payment orders in TARGET2-[insert CB/country reference] for direct participants shall be EUR 70 per PM account Internet access fee plus EUR 100 per PM account plus a flat fee per transaction (debit entry) of EUR 0,80; |
2. |
There shall be an additional monthly fee for direct participants who do not wish the BIC of their account to be published in the TARGET2 directory of EUR 30 per account. |
Invoicing
3. |
In the case of direct participants, the following invoicing rules apply. The direct participant shall receive the invoice for the previous month specifying the fees to be paid, no later than on the fifth business day of the following month. Payment shall be made at the latest on the tenth working day of that month to the account specified by the [insert name of CB] and shall be debited from that participant’s PM account. |