An application for registration as a trade repository shall contain the internal policies, procedures and mechanisms preventing any use of information maintained in the prospective trade repository:
for illegitimate purposes;
for disclosure of confidential information;
not permitted for commercial use.
The internal policies, procedures and mechanisms shall include the internal procedures on the staff permissions for using passwords to access the data, specifying the staff purpose, the scope of data being viewed and any restrictions on the use of data, as well as detailed information on any mechanisms and controls in place to effectively manage potential cyber-risks and to protect the data maintained from cyber-attacks.
Applicants shall provide the FCA with information on the processes to keep a log identifying each staff member accessing the data, the time of access, the nature of data accessed and the purpose.
Status: Please note you should read all Brexit changes to the FCA Handbook and BTS alongside the main FCA transitional directions. Where these directions apply the 'standstill', firms have the choice between complying with the pre-IP completion day rules, or the post-IP completion day rules. To see a full list of Handbook modules affected, please see Annex B to the main FCA transitional directions.