An application for registration as a securitisation repository shall contain a detailed description of the internal policies, procedures and mechanisms preventing:
any use of the information maintained by the applicant for illegitimate purposes;
disclosure of confidential information;
the commercial use of information maintained by the applicant where such use is prohibited.
The description referred to in paragraph 1 shall contain a description of the internal procedures on staff permissions for using passwords to access the information, specifying the staff purpose and the scope of the information being viewed and any restrictions on the use of information.
Applicants shall provide the FCA with information on the processes to keep a log identifying each staff member accessing the information maintained by the applicant, the time of access, the nature of the information accessed and the purpose.
Status: Please note you should read all Brexit changes to the FCA Handbook and BTS alongside the main FCA transitional directions. Where these directions apply the 'standstill', firms have the choice between complying with the pre-IP completion day rules, or the post-IP completion day rules. To see a full list of Handbook modules affected, please see Annex B to the main FCA transitional directions.