As access to SEPA settlement infrastructure opens up, direct SEPA participation has become a viable option not just for credit institutions, but also for non-bank payment service providers. In our previous article, we explored how the regulatory landscape has evolved over the past few years, reshaping eligibility rules for SEPA participation and unlocking new opportunities for financial institutions. In this follow-up, we take a closer look at the regulatory and non-technical requirements institutions must meet to become direct SEPA participants.

We start with credit institutions (CIs), which already operate under established banking frameworks, before turning to shared requirements across all types. Finally, we examine the additional obligations that apply specifically to payment and electronic money institutions (PIs and EMIs).

Requirements for credit institutions

Credit institutions are well-positioned to become direct SEPA participants, given they are licensed under national and EU-level banking supervision frameworks, such as the Capital Requirements Regulation (CRR) and the Capital Requirements Directive (CRD IV). This means that they already meet a range of regulatory and operational requirements, making their application to CSMs less complicated.

First, all CIs hold a main cash account (MCA) or a dedicated RTGS account with their national central bank, which enables them to settle in central bank money. They already have access to ECB-operated infrastructures, due to their license and connection to a certified network service provider (NSP). Banks also have established compliance with anti-money laundering (AML) and counter-terrorist financing (CFT) regulations, which is embedded into the CRR and the CRD IV.

Operationally, CIs are privileged too – they already adhere to capital, liquidity, and internal risk governance standards, making it more likely to pass the CSM applications. Below we cover some of the most critical.

Capital ratios: under the Capital Requirements Regulation (CRR), CIs must maintain specific minimum levels of capital, measured as a percentage of their risk-weighted assets (RWA) – though in practice banks tend to hold more than these minimums due to capital buffers.

Liquidity coverage: CIs maintain robust liquidity frameworks that are supervised by central banks. These primarily come in the form of having sufficient high-quality liquid assets (HQLA) to withstand stress scenarios, as well as being able to maintain a stable funding profile relative to their asset composition over a 1-year horizon. They also benefit from the ability to use intraday credit (ICL) that they receive from their national central bank, which acts on behalf of the Eurosystem.

Internal risk governance: The CRR and CRD IV require CIs to implement robust internal governance frameworks, which range from board oversight and fit assessments for key stakeholders, to risk management systems and internal controls. All of these processes are later critical to maintaining direct SEPA access.

Common requirements for CIs, PIs and EMIs

Regardless of license type, all financial institutions must set up the right infrastructure and connectivity, while meeting a shared set of requirements to gain and retain their direct SEPA participant status.

1. Establishing the right infrastructure

Institutions seeking direct SEPA access must first ensure their infrastructure is equipped to meet the stringent criteria set by CSMs and their central banks. Core obligations include:

Settlement in central bank money: to guarantee finality of settlements and mitigate counterparty credit risks, direct SEPA participants must settle transactions exclusively in central bank money via systems like TARGET2 or TIPS. This process must comply with ECB policies and the Settlement Finality Directive (SFD). Participants must also maintain a main cash account (MCA) at their national central bank. While CIs already do this, it's new for PIs and EMIs.

Real-time reconciliation and status reporting: institutions must also ensure real-time updates of payment and settlement statuses with ISO 20022 messaging standards. Additionally, monitoring tools capable of detecting and flagging failed or delayed settlements instantly are required.

Anti-fraud and exception handling: although the EPC Rulebooks don't mandate specific tools, participants must have implemented real-time fraud detection, sanctions screening and exception handling procedures. This includes flagging or rejecting suspicious transactions according to AML/CFT requirements. 

Contingency infrastructure: all financial institutions must establish geographically separate disaster recovery sites with live mirroring. To maintain access to TIPS/RT1 during outages, they will also need backup NSPs (e.g. SWIFTNet + SIA / NEXI) or have geographically separated connections with a single NSP (e.g. two independent Swift lines from different data centres). Furthermore, fallback protocols – predefined flows to reroute, queue, or cancel payments – are essential during major incidents.

2. Connecting via a certified NSP

Connectivity to central bank payment systems (e.g., TARGET2, TIPS) and certain CSMs (e.g., RT1) must be established through a certified network service provider. The NSPs currently in operation are SWIFTNet and SIA/Nexi.

Each provider has distinct onboarding lead times, technical documentation requirements and security compliance standards, which range from PKI infrastructure and hardware security module (HSM) integration to fallback obligations.

3. Applying to and onboarding with a CSM

Accessing SEPA schemes as a direct participant starts with aligning with both the EPC Rulebooks for all schemes (SCT, SCT Inst, and SDD) and CSM-specific rulebooks. Each CSM sets its own admission criteria, meaning both CIs and PIs / EMIs must undergo specific onboarding and technical certification tailored to that CSM.

For example, EBA Clearing’s RT1 demands a "Capacity Opinion”, which is a formal statement certifying that the institution's infrastructure can handle RT1 volumes. Applicants must also maintain continuous TARGET / TIPS access, and adhere to EBA Clearing's rulebooks. In the case of license revocation, insolvency, or serious operational breaches, RT1 can well suspend access and exclude the institution from its system.

Similarly, the Eurosystem’s TIPS has its own participation criteria, which include holding a TARGET-compliant dedicated cash account (DCA) and passing TARGET2-related technical prerequisites. Like RT1, and indeed all CSMs, participants must support instant payments around the clock, every day.

Additional requirements for PIs and EMIs

Like CIs, PIs and EMIs must demonstrate technical and operational readiness to become direct SEPA participants. However, for direct SEPA participation, PIs and EMIs face additional regulations and limitations – particularly around safeguarding, liquidity, and central bank interaction. These have been heavily influenced by the regulatory updates we covered in our previous article.

It is important to note that, since 9 April 2025, PIs and EMIs have been eligible to access central bank-operated payment systems such as TARGET2 and TIPS, in line with the Eurosystem’s July 2024 policy and as formalised in ECB Decision (EU) 2025/222.

Specific supervisory requirements

Under the Eurosystem's July 2024 “Policy on access by non-bank payment service providers to central bank-operated payment systems and to central bank accounts” PIs and EMIs are subject to specific annual obligations, beyond what is required of CIs.

Based on the policy and related regulatory commentary, we can state the following three core explicit requirements for PIs and EMIs:

• Operational and risk management self-assessment: each year, non-bank participants must submit an annual self-assessment demonstrating their preparedness in areas such as operational continuity, liquidity management, internal governance frameworks, and incident‑handling protocols

• Notification of license status changes: any changes to licensing status (e.g. suspensions, revocations) must be reported immediately to relevant central bank authorities – reflecting the requirement under Article 35a(2) of PSD2 as amended by the IPR

• Confirmation of adherence to liquidity and safeguarding policies: PIs and EMIs must confirm annually that they comply with Eurosystem restrictions around settlement account balances and assure that their safeguarding occurs only via third-party credit institutions, not central bank accounts

These measures reflect the Eurosystem’s stated objective to monitor non-bank participants more actively, given their relatively short track record in settlement system participation.

Safeguarding via third-party credit institutions

PIs and EMIs are explicitly prohibited from using their central bank accounts to safeguard customer funds, per the Eurosystem’s July 2024 policy.

While such safeguarding was previously allowed under arrangements in systems like Bank of Lithuania’s CENTROlink – which has long acted similarly to a commercial central bank, providing safeguarding services and SEPA payment processing – this model has started to be phased out. In the case of CENTROlink, it has stipulated that it will no longer allow customers to safeguard customer funds on settlement accounts from April 2025.

Today, safeguarding must take place at licensed third-party credit institutions. These institutions typically offer dedicated safeguarding accounts under EMD2-compliant arrangements, separating client funds from operational liquidity.

Summary

Direct SEPA participation has shifted from a bank-only model to one open to all regulated financial institutions. But openness doesn’t mean simplicity.

All participants – be it CIs, PIs, or EMIs – must meet a common set of regulatory and operational criteria that span four main areas: infrastructure readiness, network connectivity, application, onboarding, and post-certification oversight. This is a process that requires active engagement with the EPC and the CSMs even after the onboarding.

CIs may meet many of these requirements by default, due to their banking license, access to intraday credit, and existing supervisory frameworks – they already have most of the infrastructure set-up. But for PIs and EMIs, direct participation introduces an entirely new operational posture, with the added complexity that comes from safeguarding in separate institutions while adhering to the EPC’s liquidity requirements and not having access to specific central bank services.

Overall, direct participation, especially for PIs and EMIs is not a step to take lightly, as valuable as it may be for some. It’s a sizable undertaking, that requires a lot of groundwork, just for terms of regulatory and non-technical requirements.