You are viewing the version of the document as on 2099-07-01.
1This chapter applies to securitisation repositories which are established in the United Kingdom except, for the directions set out in SECN 9.4.1D to SECN 9.4.3D which applies to applicants for registration as a securitisation repository or a trade repository.
1A registered securitisation repository must comply at all times with the conditions for registration.
1Without prejudice to SECN 6.3, a securitisation repository must collect and maintain details of the securitisation. It must provide direct and immediate access free of charge to the following entities to enable them to fulfil their respective responsibilities, mandates and obligations:
1Applicants for registration as a securitisation repository under regulation 14(1) of the Securitisation Regulations 2024 must complete the applications set out in SECN 9 Annex 1D.
1 Trade repositories applying for an extension of registration under regulation 14(2) of the Securitisation Regulations 2024 must complete the applications set out in SECN 9 Annex 2D.
1For the purposes of SECN 9.4.1D and SECN 9.4.2D, the applications must be submitted:
in a durable medium; and
with a unique reference number assigned to each document in the application.
1Securitisation repositories must produce, on a daily basis, a single aggregate end-of-day report for all securitisations reported to them, excluding any reported securitisation that has been rejected in accordance with SECN 9.5.4R(7). That report must be based on the most recent reported information and must include at least the following information:
the unique identifier assigned in accordance with SECN 11.12.1R;
the International Securities Identification Number (ISIN) codes of the tranches, bonds or subordinated loans of the securitisation, where available;
the sum of the current principal balances of all tranches, bonds or subordinated loans of the securitisation, in GBP, using the exchange rates published on the website of the Bank of England for the previous working day;
the securitisation name;
whether the securitisation is an ABCP transaction, an ABCP programme or a non-ABCP securitisation;
whether the securitisation structure type is type ‘M’ for a Master Trust as reported in field SESS9 of SECN 11 Annex 14R or type ‘s’ for all other securitisations;
whether the securitisation risk transfer method is ‘T’ for a true sale as reported in field IVSS11 of SECN 11 Annex 12R, ‘S’ for a synthetic securitisation as reported in field SESV11 of SECN 11 Annex 14R, or ‘ABCP’ for ABCP transactions or ABCP programmes;
the name and legal entity identifiers (LEI) of the originator, sponsor and SSPE;
the most recent interest payment date in ISO 8601 date format;
the timestamp, in ISO 8601 date and time (UTC) format, to the nearest second, of the most recent data submission received by the securitisation repository or, where there are multiple data submissions referenced against the same data cut-off date, the timestamps, in ISO 8601 date and time (UTC) format, of the earliest and most recent data submissions with the same data cut-off date;
the data cut-off date, in ISO 8601 date format, of the most recent data submission received by the securitisation repository;
the number of data submissions received by the securitisation repository that are referenced against the same data cut-off date set out in (k);
the data completeness score referred to in SECN 9.5.3R of the most recent data submission received by the securitisation repository;
for non-ABCP securitisations, the country of establishment of the originator or original lender;
for ABCP transactions or ABCP programmes, the country of establishment of the relevant sponsor of the ABCP programme;
the country in which the majority of the underlying exposures is located, in terms of underlying exposure current principal balance; and
the most prevalent type of the underlying exposures in the securitisation, in terms of current principal balance.
For the purposes of (n), where the securitisation’s underlying exposures are a combination of exposures from multiple originators or original lenders, the country of establishment of the originator or original lender must be the country of establishment of the originator or original lender that has the largest amount of exposures in terms of current principal balance in the securitisation.
Securitisation repositories must make the end-of-day report available in extensible markup language (XML) format.
Timestamps referred to in SECN 9.5.2R must not diverge by more than 1 second from the UTC issued and maintained by one of the timing centres listed in the latest Bureau International des Poids et Mesures (BIPM) Annual Report on Time Activities.
1 Securitisation repositories must calculate a data completeness score for each data submission by using the scoring matrix set out in Table 1 of SECN 9 Annex 3R and the following inputs:
Where:
denotes the total number of fields in a data submission containing the respective ‘No Data Option’ values that are reported in accordance with SECN 11.10.3R.
N denotes the total number of fields in the data submission where any ‘No Data Option’ values (ND1 to ND4) are permitted to be reported in accordance with SECN 11.10.3R.
For the purposes of calculating the data completeness score, fields completed using the format ‘ND4-YYYY-MM-DD’ must be understood as ‘ND4’.
1Securitisation repositories must verify the completeness and consistency of information reported to them by verifying the following:
the name of the reporting entity, as reported in field IVSS4 of SECN 11 Annex 12R or in field IVAS3 of SECN 11 Annex 13R; and
whether the submission item code, as reported in Table 3 of SECN 11 Annex 1R, is correct.
With regard to the information referred to in SECN 6.2.1R(1), SECN 6.2.1R(5), SECN 6.2.1R(6) and SECN 6.2.1R(7), securitisation repositories must also verify the completeness and consistency of information by:
verifying whether the information reported complies with the structure and format of the templates set out in SECN 12 Annex 2R to SECN 12 Annex 15R;
comparing the information reported:
across different fields for the same data cut-off date and the same underlying exposure, investor report, inside information or significant event information item;
across different underlying exposure, investor report, inside information or significant event information items for the same field and the same data cut-off date;
across the same underlying exposure, investor report, inside information or significant event information items for the same field and different data cut-off dates; and
across similar securitisations;
verifying whether the data cut-off date of the information reported and the timestamp of the submission comply with SECN 11.11; and
verifying that the ‘No Data Options’ set out in SECN 11.10.3R are only used where permitted and do not prevent the data submission from being sufficiently representative of the underlying exposures in the securitisation.
For ABCP transactions and ABCP programmes, references in (2) to ‘underlying exposures’ must be construed as references to ‘underlying exposure types’.
Securitisation repositories must verify the completeness and consistency of the documentation made available to them under SECN 6.2.1R(2) by requesting from reporting entities a written confirmation of the following:
that all items referred to in Table 3 of SECN 11 Annex 1R and required to be made available pursuant to SECN 6.2.1R(2) have been provided to the securitisation repository; and
that the documentation is consistent with the actual arrangements and features of the securitisation.
Securitisation repositories must request the written confirmation referred to in (3) within the following timeframes:
within 5 working days of the first issuance of securities under the securitisation or, for ABCP transactions or ABCP programmes, within 5 working days of the first issuance of securities under the relevant ABCP programme;
every 12 months from the dates of the requests referred to in (a); and
within 5 working days of a new document being made available pursuant to SECN 6.2.1R(2).
A securitisation repository that has not received a written confirmation within 14 days of the date of any request referred to in (3) must request the reporting entity to provide it with the written confirmation within 14 days.
A securitisation repository must verify whether the STS notification referred to in SECN 6.2.1R(4), which has been made available to that securitisation repository, complies with the structure and format of the templates set out in SECN 2 Annex 4R, SECN 2 Annex 5R and SECN 2 Annex 6R.
A securitisation repository must reject a submission of information that is incomplete or inconsistent pursuant to (1), (2) and (5), except for (2)(b)(iii) and (2)(b)(iv). The securitisation repository must assign submissions rejected pursuant to this paragraph to one of the rejection categories set out in Table 2 of SECN 9 Annex 3R.
The securitisation repository must notify the entities referred to in SECN 9.3 without undue delay of the following:
that the submitted information is incomplete or inconsistent pursuant to (2)(b)(iii) and (2)(b)(iv); and
that the securitisation repository has not received the written confirmation referred to in (3).
Within 1 hour of the receipt of the information referred to in SECN 6, securitisation repositories must provide reporting entities with detailed feedback on the results of the verifications performed under (1), (2), (3) and (6), including any rejection category assigned pursuant to (7). That feedback must also include at least the following:
the unique identifier of the securitisation assigned in accordance with SECN 11.12.1R;
the item code(s) referred to in Table 3 of SECN 11 Annex 1R; and
the submission timestamp, in ISO 8601 date and time (UTC) format, to the nearest second, of the information reported.
By 19.00.00 UTC each Monday, securitisation repositories must produce a report on all information rejected by it since 19.00.00 UTC on the previous Monday. That report must include at least the following items:
the unique identifier of the securitisation assigned in accordance with SECN 11.12.1R;
the securitisation name;
the ISIN codes of the tranches or bonds or subordinated loans of the securitisation, where available;
the name and LEI of the originator, sponsor and SSPE;
the timestamp, in ISO 8601 date and time (UTC) format, to the nearest second, of the submitted information;
the submission item code referred to in Table 3 of SECN 11 Annex 1R;
the rejection category referred to in Table 2 of SECN 9 Annex 3R and the specific circumstances for assigning that rejection category; and
any explanation(s) provided by the reporting entity before 17.00.00 UTC on the Monday of the report publication date as to why the reported information is incomplete or inconsistent, or as to why the written confirmation referred to in (3) has not been provided.
1The details of information referred to in SECN 9.3.1R are the following:
all information received by the securitisation repository from reporting entities in accordance with SECN;
the end-of-day report referred to in SECN 9.5.2R, the data completeness score referred to in SECN 9.5.3R and any information resulting from the verifications carried out pursuant to SECN 9.5.4R; and
all formulae and calculation and aggregation methods used to produce the information referred to in (1) and (2).
1Access to the information referred to in SECN 9.5.5R must be granted on request. The request for access must include the following information:
the name of the requesting entity;
the contact person at the requesting entity;
the type of requesting entity, as referred to in SECN 9.3, that requests access;
the names of the persons at the requesting entity who will have access to the requested information;
credentials for secure SSH File Transfer Protocol connection as required by SECN 9.5.7R(2);
whether the request is an ad hoc or predefined periodic request;
the identification of the information requested based on any combination of the criteria in (4); and
any other technical information relevant to the requesting entity’s access.
For the purposes of (1), securitisation repositories must:
designate a person or persons responsible for liaising with the entities referred to in SECN 9.3.1R;
publish on their website the terms and conditions for accessing the information and the instructions for submitting a request for accessing that information;
provide access only to the information specified in the request for access; and
as soon as possible, but no later than 30 days following a request to set up access to that information, establish the technical arrangements necessary to enable the entities referred to in SECN 9.3.1R to submit requests to access that information.
Access to the information referred to in SECN 9.5.5R must be granted within the following timeframes:
no later than 19.00.00 UTC on the day to which the report relates for an ad hoc or predefined periodic request for an end-of-day report as referred to in SECN 9.5.2R;
no later than 12.00.00 UTC on the first day following the day of receipt of the request for access where the information concerns a securitisation that has either not yet been priced or has not yet matured or has matured less than 1 year before the date on which the request was submitted;
no later than 3 working days following the day of receipt of the request for access where the information concerns a securitisation that has matured more than 1 year before the date on which the request was submitted; and
no later than 3 working days following the day of receipt of the request for access where the information concerns several securitisations falling under both (b) and (c).
securitisation type:
non-ABCP securitisation; or
securitisation structure type: either
‘M’ for Master Trust as reported in field SESS9 of SECN 11 Annex 14R; or
‘S’ for all other securitisations;
securitisation risk transfer method: either type ‘
‘T’ for true sale as reported in field IVSS11 in SECN 11 Annex 12R;
‘S’ for synthetic as reported in field SESV11 in SECN 11 Annex 14R; or
‘ABCP’ for ABCP transactions or ABCP programmes;
securitisation item code;
securitisation underlying exposure type;
securitisation underlying exposure section;
securitisation investor report template section;
securitisation inside information or significant event information template section;
identifier:
unique identifier;
transaction identifier;
ISIN;
new or original tranche/bond identifier;
new or original underlying exposure identifier;
new or original obligor identifier;
originator LEI;
sponsor LEI;
SSPE LEI;
original lender LEI; or
collateralised loan obligation (CLO) manager LEI;
geography:
geographic region; or
governing law;
date and time:
currency:
tranche/bond currency; or
underlying exposure currency denomination.
Securitisation repositories must make the following information available using XML format:
the information referred to in SECN 6.2.1R(1) and SECN 6.2.1(4) to SECN 6.2.1(7); and
the information produced by securitisation repositories in accordance with SECN 9.5.2R and SECN 9.5.4R, with the exception of written confirmations received under SECN 9.5.4R(3).
1Securitisation repositories must use electronic signature and data encryption protocols to receive data from reporting entities or other securitisation repositories and to transfer data to the entities referred to in SECN 9.3.
For the purposes of (1), securitisation repositories must establish and maintain a secure machine-to-machine interface and make that interface available to the reporting entities and the entities referred to in SECN 9.3. That interface must make use of the SSH File Transfer Protocol.
Securitisation repositories must use standardised XML messages to communicate through the interface referred to in (2) and make the information set out in SECN 9.5.6R(5) available to the entities referred to in SECN 9.3.
1Securitisation repositories must record the following:
verifications pursuant to SECN 9, and any other validation carried out by the securitisation repository;
the written confirmations received by the securitisation repository referred to in SECN 9.5.4R(3);
the results provided by the securitisation repository to the reporting entity pursuant to SECN 9.5.4R(9);
any explanation provided by the reporting entity as to why the submitted information is incomplete or inconsistent, or as to why there is no written confirmation as referred to in SECN 9.5.4R(10)(h);
in a reporting log, the details of any corrections or cancellations submitted by the reporting entity; and
any other information produced or submitted pursuant to SECN.
Each record must be retained for 10 years following the termination of the securitisation to which that record relates.
The reporting log referred to in (1)(e) must include the unique identifier of the securitisation, the item code, the timestamp of the affected submission, the timestamp of the changes and a clear description of the changes to the submitted information, including the previous and new contents of that information.
1For the purposes of SECN 9.6, the following definitions apply:
‘user’, in relation to a securitisation repository, means any of the following:
any entity listed in SECN 9.3;
any reporting entity in relation to that securitisation repository; or
any other client of the securitisation repository who uses core securitisation services provided by the securitisation repository;
‘core securitisation services’ means services for which registration as a securitisation repository is required under SECN;
‘ancillary securitisation services’ means services provided by a securitisation repository that are directly related to and arise from the delivery of core securitisation services provided by that securitisation repository;
‘ancillary non-securitisation services’ means services that are neither core securitisation services nor ancillary securitisation services; and
‘senior management’ means the person or persons who effectively direct the business of the securitisation repository, and the executive member or members of its board.
For the purposes of SECN 9.6, the following expressions have the meaning given to that expression in Article 2 of EMIR:
‘group’;
‘parent undertaking’;
‘subsidiary’;
‘capital’;
‘board’.
1An application for registration as a securitisation repository must identify the applicant and the activities that the applicant intends to carry out for which registration as a securitisation repository is required.
For the purposes of (1), the application must contain the following:
the corporate name of the applicant, its legal address within the United Kingdom and the corporate name and legal address of any subsidiaries and branches of the applicant;
the applicant’s LEI registered with the Global Legal Entity Identifier Foundation;
the uniform resource locator (URL) of the applicant’s website;
an excerpt from the relevant commercial or court register showing the place of incorporation and scope of business activity of the applicant, or some other form of certified evidence of the place of incorporation and scope of business activity of the applicant, valid in either case as at the date of the application for registration as a securitisation repository;
the securitisation types (ABCP transaction or non-ABCP securitisation), risk transfer methods (traditional securitisation or synthetic securitisation) and underlying exposure types (residential real estate, commercial real estate, corporate, leasing, consumer, automobile, credit card or esoteric) for which the applicant wishes to be registered;
whether the applicant is authorised or registered by the PRA or the FCA in the United Kingdom and, if so, any reference number(s) relating to the authorisation(s) or registration(s);
the articles of incorporation or equivalent terms of establishment and, where relevant, other statutory documentation stating that the applicant is to conduct core securitisation services;
the name and contact details of the person(s) responsible for compliance, or any other staff involved in compliance assessments for the applicant, in relation to its provision of core securitisation services;
the name and contact details of the contact person for the purposes of the application;
the programme of operations, including the location of the main business activities of the applicant;
any ancillary securitisation or ancillary non-securitisation service that the applicant provides or intends to provide; and
any information on any pending judicial, administrative, arbitration or any other litigation proceedings, irrespective of their type, that the applicant may be party to, particularly as regards tax and insolvency matters and where significant financial or reputational costs may be incurred, or any non-pending proceedings that may still have any material impact on securitisation repository costs.
On request, the applicant must provide the FCA with additional information during the examination of the application for registration where such information is needed for the assessment of the applicant’s ability to comply with the applicable requirements of SECN and for the FCA to duly interpret and analyse the documentation to be submitted or already submitted.
Where an applicant considers that a requirement under SECN does not apply to it, it must clearly indicate that requirement in its application and explain why that requirement does not apply.
1An application for registration as a securitisation repository must contain a chart detailing the organisational structure of the applicant, including that of any ancillary securitisation services and of any ancillary non-securitisation services.
The chart referred to in (1) must include information about the identity of the person responsible for each significant role, including the identity of each member of its senior management and of persons who effectively direct the business of any subsidiaries and branches.
1An application for registration as a securitisation repository must contain information regarding the applicant’s internal corporate governance policies and the procedures and terms of reference which govern its senior management, including the board, its non-executive members and, where established, committees.
The information referred to in (1) must describe the selection process, appointment, performance evaluation and removal of senior management.
Where the applicant adheres to a recognised corporate governance code of conduct, the application for registration as a securitisation repository must identify the code and provide an explanation for any situations where the applicant deviates from that code.
1An application for registration as a securitisation repository must contain detailed information about the internal control system of the applicant, including information regarding its compliance function, risk assessment, internal control mechanisms and the arrangements of its internal audit function.
The detailed information referred to in (1) must contain:
the applicant’s internal control policies and the procedures to ensure the consistent and effective implementation of those policies;
any policies, procedures and manuals for monitoring and evaluating the adequacy and effectiveness of the applicant’s systems;
any policies, procedures and manuals for controlling and safeguarding the applicant’s information processing systems; and
the identity of the internal bodies in charge of evaluating any internal control findings.
An application for registration as a securitisation repository must contain the following information with respect to the applicant’s internal audit activities:
where there is an internal audit committee, its composition, competences and responsibilities;
its internal audit function charter, methodologies, standards and procedures;
an explanation of how its internal audit function charter, methodology and procedures are developed and applied, taking into account the nature and extent of the applicant’s activities, complexities and risks; and
a work plan for the internal audit committee for the 3 years following the date of application, focusing on the nature and extent of the applicant’s activities, complexities and risks.
1An application for registration as a securitisation repository must contain the following information on the policies and procedures put in place by the applicant to manage conflicts of interest:
policies and procedures with respect to the identification, management, elimination, mitigation and disclosure of conflicts of interest without delay;
a description of the process used to ensure that the relevant persons are aware of the policies and procedures referred to in (a);
a description of the level and form of separation that exists between the various business functions within the applicant’s organisation, including a description of:
the measures taken to prevent or control the exchange of information between functions where a risk of a conflict of interest may arise; and
the supervision of those whose main functions involve interests that are potentially in conflict with those of a client; and
any other measures and controls put in place to ensure the policies and procedures referred to in (a) with respect to conflicts of interest management and the process referred to in (b) are followed.
An application for registration as a securitisation repository must contain an up-to-date inventory, at the time of the application, of existing and potential material conflicts of interest in relation to any core or ancillary securitisation services as well as any ancillary non-securitisation services provided or received by the applicant and a description of how those conflicts are, or will be, managed. The inventory must include conflicts of interest arising from the following situations:
any situation where the applicant may realise a financial gain or avoid a financial loss to the detriment of a client;
any situation where the applicant may have an interest in the outcome of a service provided to a client, which is distinct from the client’s interest in that outcome;
any situation where the applicant may have an incentive to prioritise its own interests or the interests of another user or group of users rather than the interests of the client to whom a service is provided; and
any situation where the applicant receives or may receive an incentive from any person other than the client, in relation to a service provided to the client, in the form of money, goods or services, but excluding incentives by way of commission or fees received for the service.
Where an applicant is part of a group, the inventory must include any existing and potential material conflicts of interest arising from other undertakings within the group and how those conflicts are being managed and mitigated.
1An application for registration as a securitisation repository must contain:
a list of the names of each person or entity who directly or indirectly holds 5% or more of the applicant’s capital or of its voting rights or whose holding makes it possible to exercise a significant influence over the applicant’s management; and
a list of any undertakings in which a person referred to in (a) holds 5% or more of the capital or voting rights or over whose management they exercise a significant influence.
Where the applicant has a parent undertaking or an ultimate parent undertaking, the applicant must:
identify the LEI registered with the Global Legal Entity Identifier Foundation and the legal address of the parent undertaking or the ultimate parent undertaking; and
indicate whether the parent undertaking or ultimate parent undertaking is authorised or registered and subject to supervision and, when this is the case, state any reference number and the name of the responsible supervisory authority.
1An application for registration as a securitisation repository must contain a chart showing the ownership links within the applicant’s group, including between the ultimate parent undertaking, parent undertaking, subsidiaries and any other associated entities or branches.
The undertakings in the chart referred to in (1) must be identified by their full name, legal status, legal address and LEI registered with the Global Legal Entity Identifier Foundation.
1Policies and procedures that are to be provided as part of an application for registration as a securitisation repository must contain the following:
evidence that the board approves the policies and that senior management approves the procedures and is responsible for the implementation and maintenance of those policies and procedures;
a description of how those policies and procedures are communicated within the applicant’s organisation, how compliance with those policies and procedures is ensured and monitored on a day-to-day basis, and who is responsible for compliance with those policies and procedures;
any records indicating that staff members (including those operating under any outsourcing arrangement) are aware of those policies and procedures;
a description of the measures to be taken in the event of a breach of those policies and procedures;
a description of the procedure for reporting to the FCA any material breach of the policies or procedures which may result in a breach of the conditions for registration; and
a description of the arrangements for notifying the FCA promptly of any planned material changes to the applicant’s information technology systems, before their implementation.
1An application for registration as a securitisation repository must contain the following regarding the applicant’s policies and procedures for ensuring compliance with SECN:
a description of the roles of the persons responsible for compliance and of any other staff involved in the compliance assessments, including a description of how the independence of the compliance function from the rest of the business is ensured;
the internal policies and procedures designed to ensure that the applicant, including its managers and employees, complies with SECN, including a description of the role of the board and senior management; and
where available, the most recent internal report on compliance with SECN prepared by the persons responsible for such compliance or by any other staff involved in such compliance assessments within the applicant’s organisation.
1An application for registration as a securitisation repository must contain the following:
a copy of the remuneration policy for senior management, board members and staff employed in the risk and control functions of the applicant; and
a description of the measures put in place by the applicant to mitigate the risk of over-reliance on any individual employee.
An application for registration as a securitisation repository must contain the following information about the applicant’s staff members involved in the provision of core securitisation services:
1a general list of staff members directly employed by the applicant, including their role and qualifications per role;
a specific description of the information technology staff members directly employed to provide core securitisation services, including the role and the qualifications of each individual and written evidence of the information technology experience of at least 1 staff member responsible for information technology matters;
a description of the roles and qualifications of each individual who is responsible for internal audits, internal controls, compliance, risk assessments and internal reviews;
the identity of staff members and the identity of staff members who are operating under any outsourcing arrangement; and
details of training provided to staff members on the applicant’s policies and procedures as well as on the securitisation repository business, including any examination or other type of formal assessment required for staff members regarding the conduct of core securitisation services.
1An application for registration as a securitisation repository must contain the following financial information:
a complete set of financial statements of the applicant, prepared in conformity with:
UK accounting standards as defined by section 464 of the Companies Act 2006;
where the financial statements of the applicant are subject to an audit of annual accounts or consolidated accounts insofar as required by the law of the United Kingdom, the financial statements must contain the audit report on the annual and consolidated financial statements;
where the applicant is audited, the name and the national registration number of the external auditor.
Where the financial information referred to in paragraph (1) is not available, an application for registration as a securitisation repository must contain the following information about the applicant:
a pro-forma statement demonstrating proper resources and expected business status in the 6 months following registration as a securitisation repository;
an interim financial report where the financial statements are not yet available for the period of time required under the acts specified in paragraph (1); and
a statement of financial position, such as a balance sheet, income statement, changes in equity and of cash flows, a summary of accounting policies and other explanatory notes required under the acts specified in paragraph (1).
An application for registration as a securitisation repository must contain a financial business plan, containing different business scenarios for the provision of core securitisation services over a minimum 3-year reference period and including the following information for each scenario:
the expected revenue from each of the following categories of service provided by the applicant, stated separately for each category:
core securitisation services;
ancillary securitisation services;
core trade repository services of centrally collecting and maintaining the records of derivatives under EMIR;
ancillary trade repository services that directly relate to and arise from centrally collecting and maintaining the records of derivatives under EMIR;
core trade repository services of centrally collecting and maintaining the records of securities financing transactions under the Securities Financing Transactions Regulation;
ancillary trade repository services that directly relate to and arise from centrally collecting and maintaining the records of securities financing transactions under the Securities Financing Transactions Regulation;
combined ancillary services that directly relate to and arise from each of the following combinations of service:
both core securitisation services and core trade repository services of centrally collecting and maintaining the records of derivatives under EMIR;
both core securitisation services and core trade repository services of centrally collecting and maintaining the records of securities financing transactions under the Securities Financing Transactions Regulation; and
both core trade repository services of centrally collecting and maintaining the records of derivatives under EMIR and core trade repository services of centrally collecting and maintaining the records of securities financing transactions under the Securities Financing Transactions Regulation; and
any ancillary non-securitisation services, whether or not provided in the United Kingdom, that are subject to registration and to supervision by a public authority;
the number of securitisation transactions that the applicant expects to be made available to users listed in SECN 9.3; and
the fixed and variable costs for providing core securitisation services.
The different business scenarios identified in the financial business plan must include a base revenue scenario, positive and negative variations of at least 20% from that base revenue scenario, and positive and negative variations of at least 20% from the base expected number of securitisation transactions identified in the financial business plan.
An application for registration as a securitisation repository must contain the audited annual financial statements of any parent undertaking for the 3 financial years preceding the date of the application, where available.
An application for registration as a securitisation repository must contain the following information about the applicant:
a description of any future plans for the establishment of subsidiaries and the location of those subsidiaries; and
a description of planned business activities, including business activities of any subsidiaries or branches.
1An application for registration as a securitisation repository must contain the following information about information technology resources:
a detailed description of the information technology system used by the applicant to provide core securitisation services, including a description of which information technology system will be used for which securitisation type and underlying exposure type as referred to in SECN 9.6.2D(2)(e);
the relevant business requirements, the functional and technical specifications, the storage capacity, the system scalability (both for performing its functions and handling increases in information to process and access requests), the maximum limits on the size of data submissions made in accordance with SECN 9.6, the architectural and technical design of the system, the data model and data flows and the operations and administrative procedures and manuals;
a detailed description of user facilities developed by the applicant in order to provide services to users;
the investment and renewal policies and procedures on information technology resources of the applicant, including the review and development cycle of the applicant’s systems and versioning and testing policies;
a document describing in detail how the applicant has implemented the reporting templates, via an extensible markup language (XML) schema, set out in the annexes to SECN 12, the annexes to SECN 2.7 and any additional XML messages, using the specifications made available by the FCA; and
the policies and procedures for handling any changes to the reporting templates set out in the annexes to SECN 12.
1An application for registration as a securitisation repository must contain:
a detailed description of the procedure and of the resources, methods and channels that the applicant will use to ensure the timely, structured and comprehensive collection of data from reporting entities, including a copy of any reporting manual to be made available to reporting entities;
a description of the resources, methods and channels that the applicant will use to ensure direct and immediate access to the information referred to in SECN 11.3 to SECN 11.9 to the entities listed in SECN 9.3, including a copy of any user manual and internal procedures that are needed for obtaining such access; and
a description of the procedures that the applicant will use to calculate the data completeness scores referred to in SECN 9.5.3R and a description of the resources, methods and channels that the applicant will use to ensure direct and immediate access to those data completeness scores to the entities listed in SECN 9.3 in accordance with that section, including a copy of any user manual and internal procedures that are needed for obtaining such access.
The detailed description referred to in (1)(a) must:
distinguish between automated and manual resources, methods, and channels; and
where any of the resources, methods or channels are manual:
describe how those resources, methods or channels are scalable, as referred to in SECN 9.6.14D(2); and
describe the specific procedures put in place by the applicant to ensure that those resources, methods and channels comply with SECN 9.6.24D.
1Where an applicant for registration as a securitisation repository, an undertaking within the applicant’s group, or an undertaking with which the applicant has an agreement relating to core securitisation services, offers, or plans to offer, ancillary securitisation services or ancillary non-securitisation services, the application for registration must contain:
a description of the ancillary securitisation services or ancillary non-securitisation services that the applicant, or the undertaking within its group, performs or plans to perform, and a description of any agreement that the applicant may have with undertakings offering any such services, as well as copies of those agreements; and
the procedures and policies that will ensure the necessary level of operational separation in terms of resources, systems, information and procedures between the applicant’s core securitisation services and any ancillary securitisation or ancillary non-securitisation services, irrespective of whether that service is provided by the applicant, an undertaking within its group, or any other undertaking with which it has an agreement.
1An application for registration as a securitisation repository must contain the following information in respect of each member of the senior management:
a copy of the member’s curriculum vitae, including the following information to the extent relevant in assessing the adequacy of the member’s experience and knowledge for the purposes of performing their responsibilities:
an overview of the member’s post-secondary education;
the member’s employment history with dates, identification of positions held and a description of the functions occupied; and
any professional qualification held by the member, together with the date on which that qualification was acquired and the status of any membership in a relevant professional body;
detailed information on knowledge and experience on securitisation matters and on information technology management, operations and development;
details regarding any criminal convictions in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement, in particular in the form of an official certificate, if available;
a declaration signed by the member that states whether they:
have been convicted of any criminal offence in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement;
have been subject to any adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority or government body or agency or are the subject of any such proceedings which are not concluded;
have been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or for impropriety or fraud in the management of a business;
have been part of the board or senior management of an undertaking whose registration or authorisation was withdrawn by a regulatory body;
have been refused the right to carry on activities which require registration or authorisation by a regulatory body;
have been part of the board or senior management of an undertaking which has gone into insolvency or liquidation, either while the member was connected to the undertaking or within a year of the member’s ceasing to be connected to the undertaking;
have been part of the board or senior management of an undertaking which was subject to an adverse decision or penalty by a regulatory body;
have been otherwise fined, suspended, disqualified, or been subject to any other sanction in relation to fraud or embezzlement or in connection with the provision of financial or data services, by a government or regulatory or professional body; and
have been disqualified from acting as a director, disqualified from acting in any managerial capacity, or dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice; and
a declaration of any potential conflicts of interests that the member may have in performing their duties and how these conflicts are managed.
1An application for registration as a securitisation repository must contain:
the policies and procedures pursuant to which different types of user will report and access the information centrally collected, produced and maintained in the securitisation repository, including any process for users to access, view, consult or modify the information maintained by the securitisation repository, as well as the procedures used to authenticate the identity of users accessing the securitisation repository;
a copy of the terms and conditions which determine the rights and obligations of the different types of user in relation to information maintained by the securitisation repository;
a description of the different categories of access available to users;
a detailed description of the access policies and procedures to ensure that users have non-discriminatory access to information maintained by the securitisation repository, including:
any access restrictions;
variations in access conditions or restrictions across reporting entities and across the different entities listed in SECN 9.3; and
how the access policies and procedures ensure that access is restricted to the least possible extent and which procedures exist to question and reverse a restriction or denial of access;
a detailed description of the access policies and procedures pursuant to which other service providers have non-discriminatory access to information maintained by the securitisation repository where the relevant reporting entity has provided its written, voluntary and revocable consent, including:
any access restrictions;
variations in access conditions or restrictions; and
how the access policies and procedures ensure that access is restricted to the least possible extent and which procedures exist to question and reverse a restriction or denial of access; and
a description of the channels and mechanisms to publicly disclose to potential and actual users the procedures by which those users may ultimately access the information maintained by the securitisation repository and to publicly disclose to potential and actual reporting entities the procedures by which they may ultimately make available information via the applicant.
The information referred to in (1)(a) to (d) must be specified for each of the following categories of user:
staff and other personnel affiliated with the applicant, including within the same group;
originators, sponsors and SSPEs (as a single category);
the entities listed in SECN 9.3;
other service providers; and
each other category of user identified by the applicant (with the information specified separately for each such category).
1An application for registration as a securitisation repository must contain a description of the following:
the applicant’s pricing policy, including any existing discounts, rebates and conditions to benefit from such reductions;
the applicant’s fee structure for providing core and ancillary securitisation services, including the estimated cost of each of those services, along with the details of the methods used to account for the separate cost that the applicant may incur when providing core securitisation services and ancillary securitisation services, as well as the fees charged by the applicant for transferring information to another securitisation repository and for receiving information transferred from another securitisation repository; and
the methods used by the applicant to make the information referred to in (1) and (2) publicly available, including a copy of the fee structure separated according to core securitisation services and, where these are provided, ancillary securitisation services.
1An application for registration as a securitisation repository must contain:
a detailed description of the resources available and procedures designed to identify and mitigate operational risk and any other material risk to which the applicant is exposed, including a copy of any relevant policies, methodologies, internal procedures and manuals drawn up for that purpose;
a description of the liquid net assets funded by equity to cover potential general business losses in order to continue providing core securitisation services as a going concern;
an assessment of the sufficiency of the applicant’s financial resources to cover the operational costs of a wind-down or reorganisation of the critical operations and services over a period of at least 9 months;
the applicant’s business continuity plan and a description of the policy for updating that plan, including:
all business processes, resources, escalation procedures and related systems which are critical to ensuring the core securitisation services of the applicant, including any relevant outsourced service and the applicant’s strategy, policy and objectives for the continuity of those processes;
any arrangements in place with other financial market infrastructure providers, including other securitisation repositories;
the arrangements to ensure a minimum service level of the critical functions and the expected timing of the full recovery of those functions;
the maximum acceptable recovery time for business processes and systems, taking into account the deadlines for reporting laid down in SECN 6.2 and the volume of information that the applicant needs to process within the quarterly period;
the procedures to deal with incident logging and reviews;
a periodic testing programme, ensuring that sufficient tests will be carried out to cover an adequate range of possible scenarios, in the short and medium term, including but not limited to system failures, natural disasters, communication disruptions, loss of key staff and inability to use the premises regularly used and providing for the tests to identify how hardware, software and communications respond to potential threats, together with the results and follow-up actions resulting from any tests and those systems that have been shown to be unable to cope with the specific scenarios being tested;
the number of alternative technical and operational sites available, their location, the resources of those sites when compared with the main site and the business continuity procedures in place in the event that alternate sites need to be used;
information on access to a secondary business site to enable staff to ensure continuity of core securitisation services if a main office location is not available;
plans, procedures and arrangements for handling emergencies and ensuring safety of staff;
plans, procedures and arrangements to manage crises, to coordinate the overall business continuity efforts and to determine their timely (within the recovery time objective set by the applicant) and effective activation, mobilisation and escalation capabilities;
plans, procedures and arrangements to recover the applicant’s system, application and infrastructure components within the recovery time objective set by the applicant; and
details on staff training on the operation of the business continuity arrangements, and individuals’ roles in that regard, including specific security operations staff ready to react immediately to a disruption of services;
a description of the arrangements for ensuring the applicant’s core securitisation services in case of disruption and the involvement of its users and other third parties in those arrangements;
a description of the applicant’s arrangements for publishing on its website and promptly informing the FCA and other users of any service interruptions or connection disruptions as well as the time estimated to be needed to resume regular service; and
a description of the applicant’s arrangements permitting its staff to continuously monitor in real time the performance of its information technology systems.
An application for registration as a securitisation repository must include a copy of policies and procedures to ensure the orderly transfer of information to other securitisation repositories and the redirection of reporting flows to other securitisation repositories.
1An application for registration as a securitisation repository must demonstrate that, where an applicant arranges for activities to be performed on its behalf by third parties, including by undertakings with which it has close links, the applicant ensures that the third party has the ability and the capacity to perform those activities reliably and professionally.
The application for registration as a securitisation repository must specify or contain all of the following:
a description of the scope of the activities to be outsourced, as well as the detail and extent to which those activities are outsourced;
a copy of the relevant service level agreements, with clear roles and responsibilities, metrics and targets for every key requirement of the applicant that is outsourced, the methods employed to monitor the service level of the outsourced functions and the measures or actions to be taken in the event of service level targets not being met;
a copy of the contracts governing those service level agreements, including the identification of the third-party service provider;
a copy of any external reports on the outsourced activities, where available; and
details of the organisational measures and policies with respect to outsourcing and the risks posed by it as specified in (4).
The application for registration must demonstrate that the outsourcing does not reduce the applicant’s ability to perform senior management or management body functions.
The application for registration as a securitisation repository must contain information sufficient to demonstrate how the applicant remains responsible for any outsourced activity and a description of the organisational measures taken by the applicant to ensure the following:
that the third-party service provider is carrying out outsourced activities effectively and in compliance with applicable laws and regulatory requirements and that the third party service provider adequately addresses identified failures;
the identification by the applicant of risks in relation to outsourced activities and the adequate periodic monitoring of those risks;
that there are adequate control procedures with respect to outsourced activities, including effective supervision of those activities and of their risks within the applicant; and
the adequate business continuity of outsourced activities.
For the purposes of (4)(d), the applicant must provide information on the business continuity arrangements of the third-party service provider, including the applicant’s assessment of the quality of those business continuity arrangements and, where needed, any improvements to those business continuity arrangements that have been requested by the applicant.
Where the third-party service provider is supervised by a regulatory authority, the application for registration must also contain information demonstrating that the third-party service provider cooperates with that authority in connection with outsourced activities.
1An application for registration as a securitisation repository must contain proof of the following:
that its information technology systems are protected from misuse or unauthorised access;
that its information systems are protected against attacks; ‘information systems’ means a device or group of interconnected or related devices, one or more of which, pursuant to a programme, automatically processes computer data, as well as computer data stored, processed, retrieved or transmitted by that device or group of devices for the purpose of its or their operation, use, protection and maintenance;
that unauthorised disclosure of confidential information is prevented; and
that the security and integrity of the information received by it under SECN is ensured.
The application must contain proof that the applicant has arrangements in place to identify and manage the risks referred to in (1) in a prompt and timely manner.
With respect to breaches in the physical and electronic security measures referred to in (1) and (2), the application must contain proof that the applicant has arrangements in place to do the following in a prompt and timely manner:
notify the FCA of the incident giving rise to the breach;
provide the FCA with an incident report, indicating the nature and details of the incident, the measures adopted to cope with the incident and the initiatives taken to prevent similar incidents; and
notify its users of the incident where they have been affected by the breach.
1An application for registration as a securitisation repository must contain a description of the policies and procedures the applicant has put in place to:
authenticate the identity of the user accessing the applicant’s systems;
authorise and permit the recording of information received by the applicant under SECN for the relevant securitisation;
comply with SECN 9.5.2R to SECN 9.5.4R;
verify and highlight duplicate submissions; and
identify information not received by it where there is an obligation to make that information available under SECN 6.2.
The application must also contain documentation providing several detailed example test cases, including graphics, that demonstrate the applicant’s ability to comply with the obligations set out in (1). With regard to (1)(c), several detailed example test cases must be provided for each of the verifications listed in SECN 9.5.4R.
1With respect to information produced by the applicant pursuant to SECN 9.5, an application for registration as a securitisation repository must contain a detailed description of the procedures put in place by the applicant to ensure that it accurately makes available the information received from reporting entities, without itself introducing any errors or omitting information.
1An application for registration as a securitisation repository must contain a detailed description of the internal policies, procedures and mechanisms that prevent:
any use of the information maintained by the applicant for illegitimate purposes;
the disclosure of confidential information; and
the commercial use of information maintained by the applicant where such use is prohibited.
The description referred to in (1) must contain a description of the internal procedures on staff permissions for using passwords to access the information, specifying the staff purpose and the scope of the information being viewed and any restrictions on the use of information.
Applicants must provide the FCA with information on the processes to keep a log identifying each staff member accessing the information maintained by the applicant, the time of access, the nature of the information accessed and the purpose.
1An application for registration as a securitisation repository must contain the following information:
the record-keeping systems, policies and procedures that are used in order to ensure that the information made available by a reporting entity under SECN by means of the applicant is recorded and maintained by the applicant in accordance with Article 80(3) of EMIR, as applied by regulation 14(3) of the Securitisation Regulations 2024;
a detailed description of the record-keeping systems, policies and procedures that are used in order to ensure that information made available by a reporting entity under SECN by means of the applicant is modified appropriately and in accordance with relevant legislative or regulatory requirements; and
information about the receipt and administration of information made available by a reporting entity under SECN by means of the applicant, including a description of any policies and procedures put in place by the applicant to ensure the following:
the timely and accurate recording of the information received;
the record-keeping of all information received that relates to the receipt, modification or termination of a securitisation transaction in a reporting log;
that the information is maintained both online and offline; and
that the information is adequately copied for business continuity purposes.
The application for registration must also include the applicant’s policies and procedures to promptly record, and maintain for at least 10 years following the termination of the securitisation, the verifications, validations and information produced by the applicant under SECN 9.5.
1An application for registration as a securitisation repository must contain proof of payment of the registration fees referred to in FEES.
1Any information submitted to the FCA during the registration process must be accompanied by a letter signed by a member of the board of the applicant and a member of the applicant’s senior management, attesting that the information submitted is accurate and complete to the best of their knowledge, as of the date of submission.
The information must also be accompanied, where relevant and available, with the relevant corporate legal documentation certifying the accuracy of the application information.
1An application under regulation 14(2) of the Securitisation Regulations 2024 for an extension of registration for the purposes of SECN 6 must contain the information and documentation required by the following provisions:
(a) SECN 9.6.2D, except SECN 9.6.2D(2)(d);
SECN 9.6.5D, except SECN 9.6.5D(2)(d);
SECN 9.6.25D(2); and
Information and documentation required by any provisions of SECN 9.6 that are not covered by (1) must be included in an application only insofar as there is a difference in the content of that particular information or documentation as at the time when the application is made, compared with the content as last provided to the FCA most recently before that time under Chapter 1 of Title VI of EMIR or Chapter III of the Securities Financing Transactions Regulation, as applicable.
For the purposes of this section, references in SECN 9.6.2D(3), SECN 9.6.2D(4) and in SECN 9.6.3D to SECN 9.6.28D to an application for registration must be taken to include reference to an application for an extension of registration.
|
Table 1: General information |
|
Date of application |
|
Corporate name of the securitisation repository |
|
Place of incorporation and scope of business activity |
|
Legal entity identifier (LEI) registered with the Global Legal Entity Identifier Foundation |
|
Legal address of the securitisation repository |
|
Legal address of any subsidiaries of the securitisation repository |
|
Legal address of any branches of the securitisation repository |
|
Uniform resource locator (URL) of the securitisation repository’s website |
|
The securitisation types, risk transfer methods and underlying exposure types for which the applicant repository is applying to be registered |
|
If the applicant is authorised or registered in the United Kingdom, the reference number related to the authorisation or registration |
|
Name of the person(s) responsible for the application |
|
Contact details of the person(s) responsible for the application |
|
Name of the person(s) responsible for the securitisation repository compliance (or any other staff involved in compliance assessments for the securitisation repository) |
|
Contact details of the person(s) responsible for the securitisation repository compliance, or any other staff involved in compliance assessments for the securitisation repository, in relation to its provision of core securitisation services |
|
Name of any parent undertaking |
|
LEI registered with the Global Legal Entity Identifier Foundation of any parent undertaking |
|
Legal address of any parent undertaking |
|
Table 2: Document references For all information required in SECN 9.6, except SECN 9.6.2D(2)(a), (b), (c), (e), (f), (h) and (i) and SECN 9.6.7D(2) |
|||
|
Provision of SECN 9.6.1D to SECN 9.6.29D containing the information requirement to which the document relates |
Unique reference number of document |
Title of the document |
Chapter, section or page of the document where the information is provided or reason why the information is not provided |
|
Table 1: General information |
|
Date of application |
|
Date of registration of the applicant as a trade repository |
|
Corporate name of the securitisation repository |
|
Legal entity identifier (LEI) registered with the Global Legal Entity Identifier Foundation |
|
Legal address of the securitisation repository |
|
Legal address of any subsidiaries of the securitisation repository |
|
Legal address of any branches of the securitisation repository |
|
Uniform resource locator (URL) of the securitisation repository’s website |
|
LEI registered with the Global Legal Entity Identifier Foundation |
|
The securitisation types, risk transfer methods and underlying exposure types for which the applicant repository is applying to be registered |
|
If the applicant is authorised or registered in the United Kingdom, the reference number related to the authorisation or registration |
|
Name of the person(s) responsible for the application |
|
Contact details of the person(s) responsible for the application |
|
Name of the person(s) responsible for the securitisation repository compliance (or any other staff involved in compliance assessments for the securitisation repository, in relation to its provision of core securitisation services) |
|
Contact details of the person(s) responsible for the securitisation repository compliance (or any other staff involved in compliance assessments for the securitisation repository) |
|
Table 2: Document references (For all information required in SECN 9.6 with the exception of SECN 9.6.2D(2)(a), (b), (c), (f), (h), (i) and SECN 9.6.7D(2) |
|||
|
Provision of SECN 9.6.1D to SECN 9.6.29D containing the information requirement to which the document relates |
Unique reference number of document |
Title of the document |
Chapter, section or page of the document where the information is provided or reason why the information is not provided |
|
Table 1: Data completeness scoring matrix |
|||||
|
Input 1: Percentage of fields entered as ‘ND1’ |
|||||
|
Input 1 = 0 % |
0 % < Input 1 ≤ 10 % |
10 % < Input 1 ≤ 30 % |
Input 1 > 30 % |
||
|
Input 2: Percentage of fields entered as “ND2”, “ND3”, or “ND4-YYYYMM- DD” |
Input 2 = 0 % |
A1 |
B1 |
C1 |
D1 |
|
0 % < Input 2 ≤ 20 % |
A2 |
B2 |
C2 |
D2 |
|
|
20 % < Input 2 ≤ 40 % |
A3 |
B3 |
C3 |
D3 |
|
|
Input 2 > 40 % |
A4 |
B4 |
C4 |
D4 |
|
|
Table 2: Rejection categories |
|
|
Rejection categories |
Reason |
|
Schema |
The submission of information has been rejected because of a non-compliant schema. |
|
Permission |
The submission of information has been rejected because the reporting entity has not been granted permission to report on behalf of the originator, sponsor or SSPE |
|
Logical |
The submission of information has been rejected because the item code does not match the available values in Table 3 of SECN 11 Annex 1R. |
|
Business |
The submission of information has been rejected because the data submission does not comply with one or more content validations. |
|
Representativeness |
The submission of information has been rejected pursuant to SECN 9.5.4R(7). |
