THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2015/2365 of the European Parliament and of the Council of 25 November 2015 on transparency of securities financing transactions and of reuse and amending Regulation (EU) No 648/2012, and in particular Article 5(7) thereof,
Rules should be laid down specifying the information to be provided to the European Securities and Markets Authority (ESMA) as part of an application for registration or extension of registration as a trade repository.
Establishing a comprehensive and sound framework for registration and extension of registration of trade repositories is essential for the achievement of the objectives of Regulation (EU) 2015/2365 and for the efficient provision of repository functions.
The rules and standards for the registration and the extension of registration of trade repositories for the purposes of Regulation (EU) No 2365/2015 should build on pre-existing infrastructures, operational processes and formats which were introduced with regard to reporting derivative contracts to trade repositories, in order to minimise additional operational costs for market participants.
Experience in applying the provisions of Commission Delegated Regulation (EU) No 150/2013 supplementing Regulation (EU) No 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories with regard to regulatory technical standards specifying the details of the application for registration as a trade repository has proved that the provisions for registration of trade repositories under Regulation (EU) No 648/2012 constitute a sound basis to build the framework for registration of trade repositories under Regulation (EU) 2015/2365. In order to further strengthen that framework, this Regulation should reflect the evolving nature of the industry.
Any application for registration as a trade repository should contain information on the structure of its internal controls and the independence of its governing bodies, in order to enable ESMA to assess whether the corporate governance structure ensures the independence of the trade repository and whether that structure and its reporting routines are sufficient to ensure compliance with the requirements for trade repositories set out in Regulation (EU) 2015/2365. Detailed information on the relevant internal control mechanisms and structures, the internal audit function as well as the audit work plan should be included in the application for registration in order to enable ESMA to assess the way in which those factors contribute to the efficient functioning of the trade repository.
Although trade repositories which operate through branches are not considered separate legal persons, separate information on branches should be provided in order to enable ESMA to clearly identify the position of the branches in the organisational structure of the trade repository, assess the fitness for duty and appropriateness of the senior management of the branches, and evaluate whether the control mechanisms, compliance and other functions in place are robust enough to identify, evaluate and manage the branches' risks in an effective manner.
For the purpose of enabling ESMA to assess the good repute, experience and skills of the prospective trade repository's board members and senior management, an applicant trade repository should provide relevant information on those persons such as the curricula vitae, details regarding any criminal convictions, self-declarations of good repute and declarations of any potential conflicts of interests.
Any application for registration should contain information which demonstrates that the applicant has the necessary financial resources at its disposal for the performance of its functions as a trade repository on an on-going basis and effective business continuity arrangements.
Article 5(2) of Regulation (EU) 2015/2365 requires trade repositories to verify the completeness and correctness of data reported under Article 4 thereof. In order to be registered or be granted an extension of registration under Regulation (EU) 2015/2365, trade repositories should demonstrate that they have established systems and procedures which ensure their ability to verify the completeness and correctness of the details of the securities financing transactions (SFTs).
The use of common resources within a trade repository between SFT reporting services on the one hand and ancillary services or derivative reporting services on the other may lead to contagion of operational risks across services. Whereas the validation, reconciliation, processing and recordkeeping of data may require an effective operational separation to avoid such contagion of risks, practices such as a common front-end of systems, a common access point to data for authorities or the use of the same staff working in sales, compliance, or a client services helpdesk may be less prone to contagion and hence do not necessarily require operational separation. Trade repositories should therefore establish an appropriate level of operational separation between the resources, systems or procedures used in different business lines, including where those business lines comprise the provision of services subject to other Union or third country legislation, and ensure that detailed and clear information on the ancillary services, or other business lines that the trade repository offers outside its core activity of repository services under Regulation (EU) 2015/2365, is provided to ESMA in the application for registration or extension of registration.
The soundness, resilience and protection of the information technology systems of trade repositories are essential to ensure compliance with the objectives of Regulation (EU) 2015/2365. Accordingly, trade repositories should provide comprehensive and detailed information on those systems to allow ESMA to assess the soundness and resilience of their information technology systems. Where the provision of repository functions is outsourced to third parties, either at the level of the group or outside the group, the trade repository should provide detailed information on the relevant outsourcing arrangements to allow the assessment of compliance with the conditions for registration, including information on any service level agreements, on metrics and on how those metrics are effectively monitored. Finally, information should be provided by trade repositories on the mechanisms and controls that they put in place to effectively manage potential cyber-risks and to protect the data they maintain from cyber-attacks.
Different types of users can report, access or modify the data maintained by the trade repository. The characteristics, as well as the rights and obligations of the different types of users should be clearly defined by the trade repository and should be provided as part of the application for registration. The information provided by the trade repositories should also clearly identify the different categories of access available. To ensure the confidentiality of data, but also its availability to third parties, a trade repository should provide information about how it ensures that only the data for which the relevant counterparties have provided their explicit, revocable and discretionary consent is made available to third parties. Finally, the trade repository should provide information in its application on the channels and mechanisms used to publicly disclose information on its access rules in order to ensure an informed decision by its service users.
The fees associated with the services provided by trade repositories are essential information for enabling market participants to make an informed choice and should therefore form part of the application for registration as a trade repository.
Given that market participants and authorities rely on the data maintained by trade repositories, strict and effective operational and record-keeping arrangements should be clearly described in a trade repository's application for registration. To demonstrate how the confidentiality and protection of data maintained by the trade repository is preserved as well as to allow for its traceability, a specific reference regarding the set-up of a reporting log needs to be included in the application for registration.
To achieve the objectives of Regulation (EU) 2015/2365 regarding the transparency of SFTs, trade repositories should demonstrate that they apply the procedure for terms and conditions of access in accordance with Commission Delegated Regulation (EU) 2019/357, that the integrity of the data provided to authorities is ensured and that they are in a position to provide access to the data in accordance with the relevant requirements included in Commission Delegated Regulation (EU) 2019/358.
The effective payment of the registration fees by trade repositories at the time of application is essential to cover ESMA's necessary expenditure relating to the registration or extension of registration of a trade repository.
A simplified application procedure for the extension of registration should be established to allow those trade repositories already registered under Regulation (EU) No 648/2012 to have that registration extended under Regulation (EU) 2015/2365. To avoid any duplicate requirements, the information to be provided by the trade repository as part of an extension of registration should include detailed information on the adaptations necessary to ensure it complies with the requirements under Regulation (EU) 2015/2365.
This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority to the European Commission pursuant to the procedure in Article 10 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority).
ESMA has conducted open public consultations on these draft regulatory technical standards, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010,
HAS ADOPTED THIS REGULATION: