The European Central Bank (ECB) has today published an action plan to address the recommendations of an independent review mandated by the ECB’s Governing Council in November 2020, following the five major incidents that affected TARGET2 and TARGET2 Securities in 2020. The action plan also addresses recommendations issued by the Eurosystem oversight function and the Internal Audit Committee in relation to these incidents.
In December 2020 the ECB appointed Deloitte to conduct an independent review of the five major IT-related incidents (which were not cyber-related). In July 2021 the ECB published the results of Deloitte’s review and the Eurosystem’s response, in which the Eurosystem accepted the general conclusions and recommendations of the review and committed to addressing them as soon as possible.
The action plan consists of six workstreams: Change and release management, Business continuity management, Fail-over and recovery tests, Communication protocols, Governance, and Data centre and IT operations. Measures addressing several recommendations have already been agreed or implemented in the course of 2021, while most of the remaining ones will be implemented by the end of 2022. The measures will benefit all TARGET services, including TARGET Instant Payment Settlement (TIPS). Market participants will be kept informed about their deployment.