CHAPTER I AUTHORISATION (Article 61(2) of Directive 2014/65/EU)
This Regulation applies to persons.
This Regulation applies to persons.
Where a term is defined in Directive 2014/65/EU that term shall apply for the purposes of this Regulation except where (2) or (3) applies;
Subject to (3), where a term is defined in the Data Reporting Services Regulations 2017, that definition shall apply for the purposes of this Regulation.
Where a term it is defined in article 2 of Regulation 600/2014/EU, as amended by the Markets in Financial Instruments (Amendment) (EU Exit) Regulations 2018, that definition shall apply for the purposes of this Regulation.
‘Information system’ means a device or group of inter-connected or related devices, one or more of which, pursuant to a programme, automatically processes computer data, as well as computer data stored, processed, retrieved or transmitted by that device or group of devices for the purpose of its or their operation, use, protection and maintenance.
‘Computer data’, for these purposes, means a representation of facts, information or concepts in a form suitable for processing in an information system, including a programme suitable for causing an information system to perform a function.
An applicant seeking authorisation to provide data reporting services shall submit to the competent authority the information set out in Articles 2, 3 and 4 and the information regarding all the organisational requirements set out in Chapters II and III.
A data reporting services provider shall promptly inform the competent authority of any material change to the information provided at the time of the authorisation and thereafter.
An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation a programme of operations referred to in regulation 7 of the Data Reporting Services Regulations 2017. The programme of operations shall include the following information:
information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical and legal resources allocated to its business activities;
information on the compliance policies and procedures of the data reporting services provider, including:
the name of the person or persons responsible for the approval and maintenance of those policies;
the arrangements to monitor and enforce the compliance policies and procedures;
the measures to be undertaken in the event of a breach which may result in a failure to meet the conditions for initial authorisation;
a description of the procedure for reporting to the competent authority any breach which may result in a failure to meet the conditions for initial authorisation;
a list of all outsourced functions and resources allocated to the control of the outsourced functions;
A data reporting services provider offering services other than data reporting services shall describe those services in the organisational chart.
An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.
The information set out in paragraph 1 shall include:
a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body;
a description of the reporting lines and the frequency of reporting to the senior management and the management body;
a description of the policies and procedures on access to documents by members of the management body.
An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation the following information in respect of each member of the management body:
name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details;
the position for which the person is or will be appointed;
a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the responsibilities;
criminal records, notably through an official certificate, or, where such a document is not available, a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member has been convicted of any criminal offence in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement;
a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member:
has been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority or government body or is the subject of any such proceedings which are not concluded;
has been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or for misconduct or fraud in the management of a business;
has been part of the management body of an undertaking which was subject to an adverse decision or penalty by a regulatory authority or whose registration or authorisation was withdrawn by a regulatory authority;
has been refused the right to carry on activities which require registration or authorisation by a regulatory authority;
has been part of the management body of an undertaking which has gone into insolvency or liquidation while the person held such position or within a year after which the person ceased to hold such position;
has been otherwise fined, suspended, disqualified, or been subject to any other sanction in relation to fraud, embezzlement or in connection with the provision of financial or data services, by a professional body;
has been disqualified from acting as a director, disqualified from acting in any managerial capacity, dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice;
An indication of the minimum time that is to be devoted to the performance of the person's functions within the data reporting services provider;
a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed.