Article 18 Transparency of access rules

  1. (1)

    An application for registration as a securitisation repository shall contain:

    1. (a)

      the policies and procedures pursuant to which different types of user will report and access the information centrally collected, produced and maintained in the securitisation repository, including any process for users to access, view, consult or modify the information maintained by the securitisation repository, as well as the procedures used to authenticate the identity of users accessing the securitisation repository;

    2. (b)

      a copy of the terms and conditions which determine the rights and obligations of the different types of user in relation to information maintained by the securitisation repository;

    3. (c)

      a description of the different categories of access available to users;

    4. (d)

      a detailed description of the access policies and procedures to ensure that users have non-discriminatory access to information maintained by the securitisation repository, including:

      1. (i)

        any access restrictions;

      2. (ii)

        variations in access conditions or restrictions across reporting entities and across the different entities listed in Article 17(1) of Regulation (EU) 2017/2402;

      3. (iii)

        how the access policies and procedures ensure that access is restricted to the least possible extent and which procedures exist to question and reverse a restriction or denial of access;

    5. (e)

      a detailed description of the access policies and procedures pursuant to which other service providers have non-discriminatory access to information maintained by the securitisation repository where the relevant reporting entity has provided its written, voluntary and revocable consent, including:

      1. (i)

        any access restrictions;

      2. (ii)

        variations in access conditions or restrictions;

      3. (iii)

        how the access policies and procedures ensure that access is restricted to the least possible extent and which procedures exist to question and reverse a restriction or denial of access;

    6. (f)

      a description of the channels and mechanisms to publicly disclose to potential and actual users the procedures by which those users may ultimately access the information maintained by the securitisation repository and to publicly disclose to potential and actual reporting entities the procedures by which they may ultimately make available information via the applicant.

  2. (2)

    The information referred to in points (a) to (d) of paragraph 1 shall be specified for each of the following categories of user:

    1. (a)

      staff and other personnel affiliated with the applicant, including within the same group;

    2. (b)

      originators, sponsors and SSPEs (as a single category);

    3. (c)

      the entities listed in Article 17(1) of Regulation (EU) 2017/2402;

    4. (d)

      other service providers;

    5. (e)

      each other category of user identified by the applicant (with the information specified separately for each such category).