Having regard to the Treaty on the Functioning of the European Union,

Having regard to Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012, and in particular point (a) of Article 10(7) and points (b), (c) and (d) of Article 17(2) thereof,


  1. (1)

    The entities referred to in Article 17(1) of Regulation (EU) 2017/2402 should be able to fulfil their respective responsibilities, mandates and obligations. The information provided to those entities by securitisation repositories should therefore be of high quality and should lend itself to an aggregation and comparison across different securitisation repositories in a timely, comprehensive and structured manner. Securitisation repositories should therefore assess whether that information is complete and consistent before making it available to those entities and should provide those entities with an end-of-day report and overall data completeness score.

  2. (2)

    The procedures to verify whether the information reported to securitisation repositories by originators, sponsors or SSPEs is complete and consistent should take into account the variety of securitisation types, features and practices. It is therefore appropriate to provide for verification procedures that include the comparison of the information reported with respect to similar securitisations, such as securitisations sharing the same or related originator, underlying exposure type, structural feature or geography.

  3. (3)

    To ensure the quality of the information reported, verification procedures should also apply to the completeness and consistency of the documentation supporting that information. Given, however, the relative difficulty in verifying completeness and consistency of that documentation, securitisation repositories should request reporting entities to confirm in writing that the underlying securitisation documentation made available by them is complete and consistent. Material updates to documentation already reported should be considered a new securitisation document requiring a written confirmation request.

  4. (4)

    To enable the entities referred to in Article 17(1) of Regulation (EU) 2017/2402 to fulfil their respective responsibilities, mandates and obligations, the details of securitisations to which those entities must have direct and immediate access should be comparable across securitisation repositories in a harmonised and consistent manner. Those details should therefore be provided in Extensible Markup Language (XML) format because that format is widely used in the financial industry.

  5. (5)

    Confidentiality of any type of data exchanged between securitisation repositories and the entities referred to in Article 17(1) of Regulation (EU) 2017/2402 should be ensured. Such exchanges should therefore be carried out through a secure machine-to-machine connection by using data encryption protocols. To ensure minimum common standards, an SSH File Transfer Protocol should be used.

  6. (6)

    Data concerning the latest securitisation underlying exposures, investor reports, inside information and significant event information, as well as indicators of the quality and timeliness of those data, are essential for ongoing monitoring of securitisation investment positions and potential investments, as well as financial stability and systemic risk. The entities referred to in Article 17(1) of Regulation (EU) 2017/2402 should therefore have access to those data on an ad hoc or predefined periodic basis proportionate to their needs for receiving it.

  7. (7)

    Securitisations are complex and heterogeneous and the users accessing information from securitisation repositories are diverse. It is therefore essential that the direct and immediate access to specific datasets and information is facilitated. That access should include access in a machine-readable format where the information relates to data and to all current and historical information on a securitisation stored within a repository. For that purpose, a framework should be created for ad hoc requests that can be combined to obtain specific information. The deadlines by which securitisation repositories should provide data to the entities referred to in Article 17(1) of Regulation (EU) 2017/2402 should be harmonised to facilitate efficient data processing by those entities and securitisation repositories. At the same time, it should be ensured that data are obtained within deadlines that enable the effective fulfilment of the requesting entities’ responsibilities.

  8. (8)

    The entities referred to in Article 17(1) of Regulation (EU) 2017/2402 rely on the data maintained by securitisation repositories, including for comparing current securitisations with past securitisations. Therefore, it is appropriate to specify that repositories should maintain records of a securitisation for 10 years following the termination of the securitisation, pursuant to Article 10(2) of Regulation (EU) 2017/2402 and Article 80(3) of Regulation (EU) No 648/2012 of the European Parliament and of the Council.

  9. (9)

    The provisions in this Regulation are closely linked, since they deal with standards and procedures relating to the collection and processing of information held by securitisations repositories and access to that information. It is therefore appropriate to include those provisions in a single Regulation.

  10. (10)

    This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA).

  11. (11)

    ESMA has conducted an open public consultation on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council,