An application for registration as a securitisation repository shall contain a detailed description of the internal policies, procedures and mechanisms preventing:
any use of the information maintained by the applicant for illegitimate purposes;
disclosure of confidential information;
the commercial use of information maintained by the applicant where such use is prohibited.
The description referred to in paragraph 1 shall contain a description of the internal procedures on staff permissions for using passwords to access the information, specifying the staff purpose and the scope of the information being viewed and any restrictions on the use of information.
Applicants shall provide the FCA with information on the processes to keep a log identifying each staff member accessing the information maintained by the applicant, the time of access, the nature of the information accessed and the purpose.