Access to European Union law
<a href="https://eur-lex.europa.eu/content/help/eurlex-content/experimental-features.html" target="_blank">More about the experimental features corner</a>
Choose the experimental features you want to try
EUR-Lex
Access to European Union law

This document is an excerpt from the EUR-Lex website

You are here
Use quotation marks to search for an "exact phrase". Append an asterisk (*) to a search term to find variations of it (transp*, 32019R*). Use a question mark (?) instead of a single character in your search term to find variations of it (ca?e finds case, cane, care).
Search tips
Need more search options? Use the Advanced search

Summaries of EU Legislation

Systemically important payment systems (SIPS)

SUMMARY OF:

Regulation (EU) 2025/1355 on oversight requirements for systemically important payment systems (ECB/2025/22)

Regulation (EC) No 2157/1999 on the powers of the European Central Bank to impose sanctions (ECB/1999/4)

Decision (EU) 2019/1349 on the procedure and conditions for exercise by a competent authority of certain powers in relation to oversight of systemically important payment systems (ECB/2019/25)

Decision (EU) 2017/2098 on procedural aspects concerning the imposition of corrective measures for non-compliance with Regulation (EU) No 795/2014 (ECB/2017/33)

Decision (EU) 2017/2097 on the methodology for calculating sanctions for infringements of the oversight requirements for systemically important payment systems (ECB/2017/35)

WHAT IS THE AIM OF THE REGULATIONS AND THE DECISIONS?

  • Regulation (EU) 2025/1355 sets out the process and criteria for the identification of a payment system as a systematically important payment system (SIPS) and imposes oversight requirements on SIPS operators.
  • Regulation (EC) No 2157/1999 sets the powers of the European Central Bank (ECB) to impose sanctions for infringements in the field of oversight of SIPS (see summary: Powers of the European Central Bank to impose sanctions).
  • Decision (EU) 2019/1349 sets out the procedure and conditions for the exercise by competent authorities of certain enforcement powers in relation to the oversight of SIPS.
  • Decision (EU) 2017/2098 lays down the procedure for imposing corrective measures on SIPS operators for non-compliance with Regulation (EU) 2025/1355.
  • Decision (EU) 2017/2097 sets out the methodology to be followed by the ECB in calculating the amount of sanctions to be imposed by the ECB on a SIPS operator for infringements of Regulation (EU) 2025/1355.

KEY POINTS

Pursuant to the Treaty on the Functioning of the European Union and the Statute of the European System of Central Banks and of the ECB, the Eurosystem promotes the smooth operation of payment systems1 by conducting oversight.

Under Regulation (EU) 2025/1355, the Governing Council of the ECB adopts reasoned decisions identifying which payment systems are SIPS on the basis of:

  • certain quantitative thresholds; or
  • a flexible methodology that takes into account qualitative aspects such as the nature, size and complexity of the payment system, the nature and importance of its participants and the substitutability of the payment system.

The process to identify a payment system as a SIPS is clearly set. A review and identification exercise is done by the ECB on an annual basis and the list of SIPS is maintained on the ECB’s website.

The Governing Council of the ECB identifies a SIPS operator2 for each SIPS. The identified SIPS operator is accountable vis-à-vis the competent authority3 for the compliance of the SIPS with the oversight requirements under Regulation (EU) 2025/1355.

A SIPS operator must have in place a cyber-resilience strategy and framework in line with the relevant requirements. Moreover, a SIPS operator must always retain responsibility for the outsourced functions, operations and/or services and must have in place appropriate contractual arrangements and frameworks.

SIPS operators are required to:

  • ensure that the legal frameworks in which they operate provide a high degree of certainty for their activities;
  • have documented objectives prioritising their system’s safety and efficiency;
  • have effective and documented governance arrangements with clear and direct lines of responsibility and accountability for their Board and management;
  • establish robust frameworks to manage risks and to address collateral and settlement finality in line with the requirements of the regulation.

SIPS operators must:

  • establish and maintain a sound framework to comprehensively identify, measure, monitor and manage risks, including liquidity, credit, general business, custody and investment, and operational and cyber risks, that may arise in or are borne by the SIPS;
  • accept as collateral only cash or assets with low credit, liquidity and market risks that fulfil certain conditions;
  • establish rules and procedures to enable final settlement to take place no later than the end of the intended settlement date and to enable it to continue to meet its obligations in the event of a participant default, which address the replenishment of resources following a default;
  • set up procedures for ensuring money settlement;
  • hold their own and participants’ assets with supervised and regulated bodies (known as custodians) that are competent to fully protect those assets;
  • determine their own investment strategy, secured by high-quality obligors4;
  • set up and publicly disclose non-discriminatory access and participation criteria, which are reviewed at least annually, for their services;
  • have a process in place to identify and meet the needs of the markets they serve;
  • adopt clear and comprehensive rules and procedures that are fully disclosed to participants;
  • prepare recovery plans to re-establish smooth operation;
  • prepare orderly wind-down plans for their orderly closure;
  • maintain sufficient capital and liquid assets to cover general business risks;
  • perform annual stress tests on liquidity and collateral frameworks;
  • adopt a cyber-resilience framework and strategy;
  • test the cyber resilience of controls and systems through the TIBER-EU threat-led penetration testing framework;
  • report major cyber incidents.

Where a SIPS operator has not complied with the regulation:

  • the competent authority may impose corrective measures5 within two years after the finalisation of the assessment to remedy the non-compliance and/or avoid repeating it (pursuant to ECB Decision (EU) 2017/2098); and/or
  • the ECB may impose sanctions (pursuant to Council Regulation (EC) No 2532/98 and European Central Bank Regulation (EC) No 2157/1999 on the powers of the ECB to impose sanctions), in which the amount of the sanctions will be calculated in accordance with Decision (EU) 2017/2097.

In accordance with Decision (EU) 2019/1349, for oversight purposes, competent authorities can:

  • require SIPS operators to: (a) provide all information and documents necessary for the efficient and effective conduct of the oversight functions; (b) appoint an independent expert to investigate or review the SIPS operation;
  • carry out continual and/or ad hoc oversight to ensure SIPS operators comply with all the requirements;
  • cooperate with other authorities.

Decision (EU) 2017/2097 sets out the methodology to be followed by the ECB for calculating the amount of the sanctions (fines or periodic penalty payments) to be imposed on the SIPS operators for infringements of the relevant oversight requirements. That decision sets the baseline amount of a sanction to 50 % of the sum of the following amounts:

  • 1 % of turnover, and
  • 0.0001 % of the value of payments processed.

The decision also lays down the limits to the amount of sanctions and the duration of the periodic penalty payments to be imposed.

FROM WHEN DO THE REGULATIONS AND THE DECISIONS APPLY?

  • Regulation (EU) 2025/1355 has applied since .
  • Regulation (EC) No 2157/1999 has applied since .
  • Decision (EU) 2019/1349 has applied since .
  • Decisions (EU) 2017/2098 and (EU) 2017/2097 have applied since .

Since then they have been amended to reflect the developments.

BACKGROUND

Payment systems play an important role in the stability and efficiency of the financial sector and the euro-area economy as a whole. Largely invisible, they ensure the safe flow of electronic payments from payer to payee and between financial institutions.

In accordance with the general Principles for Financial Market Infrastructures, SIPS should be subject to effective oversight because of their potential to trigger systemic risks6 if insufficiently protected against the risks to which they are exposed. In addition, competent authorities need sufficient powers and resources to fulfil their respective tasks, including taking corrective action.

The ECB considers a payment system as systemically important if disruption within it could trigger disruption among participants or in the wider financial system. In addition to a handful of systemically important payment systems, there are around 40 non-systemically important ones in the euro area.

For more information, see:

KEY TERMS

  1. Payment system. A formal arrangement between three or more participants with common rules and standardised arrangements for the execution of transfer orders between the participants.
  2. SIPS operator. The legal entity or, exceptionally, the branch (being a legally dependent part of a legal entity established outside the euro area) established in the euro area that is legally responsible for operating a SIPS.
  3. Competent authority. The European Central Bank or a Eurosystem national central bank with primary oversight responsibility.
  4. Obligor. Someone who owes or undertakes a contractual obligation to another.
  5. Corrective measure. A specific measure or action, regardless of its form, duration or gravity, that is imposed on a SIPS operator by a competent authority to remedy, or avoid a repetition of, non-compliance with the applicable requirements.
  6. Systemic risk. The risk of a participant or the SIPS operator not meeting their respective obligations in a SIPS, causing other participants and/or the SIPS operator to be unable to meet their obligations when they become due, potentially with spillover effects threatening the stability of or confidence in the financial system.

MAIN DOCUMENTS

Regulation (EU) 2025/1355 of the European Central Bank of on oversight requirements for systemically important payment systems (ECB/2025/22) (recast) (OJ L, 2025/1355, ).

European Central Bank Regulation (EC) No 2157/1999 of on the powers of the European Central Bank to impose sanctions (ECB/1999/4) (OJ L 264, , pp. 21–26).

Successive amendments to Regulation (EC) No 2157/1999 have been incorporated into the original text. This consolidated version is of documentary value only.

Decision (EU) 2019/1349 of the European Central Bank of on the procedure and conditions for exercise by a competent authority of certain powers in relation to oversight of systemically important payment systems (ECB/2019/25) (OJ L 214, , pp. 16–24).

See consolidated version.

Decision (EU) 2017/2098 of the European Central Bank of on procedural aspects concerning the imposition of corrective measures for non-compliance with Regulation (EU) No 795/2014 (ECB/2017/33) (OJ L 299, , pp. 34–37).

See consolidated version.

Decision (EU) 2017/2097 of the European Central Bank of on the methodology for calculating sanctions for infringements of the oversight requirements for systemically important payment systems (ECB/2017/35) (OJ L 299, , pp. 31–33).

last update

Top