TITLE IIIU.K. CENTRAL SECURITIES DEPOSITORIES

CHAPTER II U.K. Requirements for CSDs

Section 1 U.K. Organisational requirements

Article 26U.K.General provisions

1.A CSD shall have robust governance arrangements, which include a clear organisational structure with well-defined, transparent and consistent lines of responsibility, effective processes to identify, manage, monitor and report the risks to which it is or might be exposed, and adequate remuneration policies and internal control mechanisms, including sound administrative and accounting procedures.

2.A CSD shall adopt policies and procedures which are sufficiently effective so as to ensure compliance with this Regulation, including compliance of its managers and employees with all the provisions of this Regulation.

3.A CSD shall maintain and operate effective written organisational and administrative arrangements to identify and manage any potential conflicts of interest between itself, including its managers, employees, members of the management body or any person directly or indirectly linked to them, and its participants or their clients. It shall maintain and implement adequate resolution procedures where possible conflicts of interest occur.

4.A CSD shall make its governance arrangements and the rules governing its activity available to the public.

5.A CSD shall have appropriate procedures for its employees to report internally potential infringements of this Regulation through a specific channel.

6.A CSD shall be subject to regular and independent audits. The results of these audits shall be communicated to the management body and made available to the competent authority and, where appropriate taking into account potential conflicts of interest between the members of the user committee and the CSD, to the user committee.

7.Where a CSD is part of a group of undertakings including other CSDs [F1, third-country CSDs] or credit institutions referred to in Title IV, it shall adopt detailed policies and procedures specifying how the requirements laid down in this Article apply to the group and to the different entities in the group.

8.[F2The Bank of England may make] regulatory technical standards specifying at the CSD level and at the group level as referred to in paragraph 7:

(a)the monitoring tools for the risks of the CSDs referred to in paragraph 1;

(b)the responsibilities of the key personnel in respect of the risks of the CSDs referred to in paragraph 1;

(c)the potential conflicts of interest referred to in paragraph 3;

(d)the audit methods referred to in paragraph 6; and

(e)the circumstances in which it would be appropriate, taking into account potential conflicts of interest between the members of the user committee and the CSD, to share audit findings with the user committee in accordance with paragraph 6.

F3...

F3...

Article 27U.K.Senior management, management body and shareholders

1.The senior management of a CSD shall be of sufficiently good repute and experience so as to ensure the sound and prudent management of the CSD.

2.A CSD shall have a management body of which at least one third, but no less than two, of its members are independent.

3.The remuneration of the independent and other non-executive members of the management body shall not be linked to the business performance of the CSD.

4.The management body shall be composed of suitable members of sufficiently good repute with an appropriate mix of skills, experience and knowledge of the entity and of the market. The non-executive members of the management body shall decide on a target for the representation of the under-represented gender in the management body and prepare a policy on how to increase the number of the under-represented gender in order to meet that target. The target, policy and its implementation shall be made public.

5.A CSD shall clearly determine the role and responsibilities of the management body in accordance with the relevant [F4law applicable within the United Kingdom or of any part of the United Kingdom]. A CSD shall make the minutes of the meetings of the management body available to the competent authority and the auditor upon request.

6.The CSD’s shareholders and persons who are in a position to exercise, directly or indirectly, control over the management of the CSD shall be suitable to ensure the sound and prudent management of the CSD.

7.A CSD shall:

(a)provide the competent authority with, and make public, information regarding the ownership of the CSD, and in particular, the identity and scale of interests of any parties in a position to exercise control over the operation of the CSD;

(b)inform and seek approval from [F5the competent authority] of any decision to transfer ownership rights which give rise to a change in the identity of the persons exercising control over the operation of the CSD. After receiving approval from [F5the competent authority], the CSD shall make public the transfer of ownership rights.

Any natural or legal person shall inform without undue delay the CSD and its competent authority of a decision to acquire or dispose of its ownership rights that give rise to a change in the identity of the persons exercising control over the operation of the CSD.

8.Within 60 working days from the receipt of the information referred to in paragraph 7, the competent authority shall take a decision on the proposed changes in the control of the CSD. The competent authority shall refuse to approve proposed changes in the control of the CSD where there are objective and demonstrable grounds for believing that they would pose a threat to the sound and prudent management of the CSD or to the ability of the CSD to comply with this Regulation.

Article 28U.K.User committee

1.A CSD shall establish user committees for each securities settlement system it operates, which shall be composed of representatives of issuers and of participants in such securities settlement systems. The advice of the user committee shall be independent from any direct influence by the management of the CSD.

2.A CSD shall define in a non-discriminatory way the mandate for each established user committee, the governance arrangements necessary to ensure its independence and its operational procedures, as well as the admission criteria and the election mechanism for user committee members. The governance arrangements shall be publicly available and shall ensure that the user committee reports directly to the management body and holds regular meetings.

3.User committees shall advise the management body on key arrangements that impact on their members, including the criteria for accepting issuers or participants in their respective securities settlement systems and on service level.

4.User committees may submit a non-binding opinion to the management body containing detailed reasons regarding the pricing structures of the CSD.

5.Without prejudice to the right of [F6the competent authority] to be duly informed, the members of the user committees shall be bound by confidentiality. Where the chairman of a user committee determines that a member has an actual or a potential conflict of interest in relation to a particular matter, that member shall not be allowed to vote on that matter.

6.A CSD shall promptly inform the competent authority and the user committee of any decision in which the management body decides not to follow the advice of the user committee. The user committee may inform the competent authority of any areas in which it considers that the advice of the user committee has not been followed.

Article 29U.K.Record keeping

1.A CSD shall maintain, for a period of at least 10 years, all its records on the services and activities, including on the ancillary services referred to in Sections B and C of the Annex, so as to enable the competent authority to monitor the compliance with the requirements under this Regulation.

2.A CSD shall make the records referred to in paragraph 1 available upon request to the competent authority F7... and any other public authority which under [F8the law applicable within the United Kingdom or of any part of the United Kingdom] has a power to require access to such records for the purpose of fulfilling their mandate.

3.[F9The Bank of England may make] regulatory technical standards to specify the details of the records referred to in paragraph 1 to be retained for the purpose of monitoring the compliance of CSDs with the provisions of this Regulation.

F10...

F10...

4.[F11The Bank of England may make] implementing technical standards to establish the format of the records referred to in paragraph 1 to be retained for the purpose of monitoring the compliance of CSDs with the provisions of this Regulation.

F12...

F12...

Article 30U.K.Outsourcing

1.Where a CSD outsources services or activities to a third party, it shall remain fully responsible for discharging all of its obligations under this Regulation and shall comply at all times with the following conditions:

(a)outsourcing does not result in the delegation of its responsibility;

(b)the relationship and obligations of the CSD towards its participants or issuers are not altered;

(c)the conditions for the authorisation of the CSD do not effectively change;

(d)outsourcing does not prevent the exercise of supervisory and oversight functions, including on-site access to acquire any relevant information needed to fulfil those functions;

(e)outsourcing does not result in depriving the CSD of the systems and controls necessary to manage the risks it faces;

(f)the CSD retains the expertise and resources necessary for evaluating the quality of the services provided, the organisational and capital adequacy of the service provider, for supervising the outsourced services effectively and for managing the risks associated with the outsourcing on an ongoing basis;

(g)the CSD has direct access to the relevant information of the outsourced services;

(h)the service provider cooperates with the competent authority F13... in connection with the outsourced activities;

(i)the CSD ensures that the service provider meets the standards set down by the relevant data protection law which would apply if the service providers were established in the [F14United Kingdom]. The CSD is responsible for ensuring that those standards are set out in a contract between the parties and that those standards are maintained.

2.The CSD shall define in a written agreement its rights and obligations and those of the service provider. The outsourcing agreement shall allow the CSD to terminate the agreement.

3.A CSD and a service provider shall make available upon request to the competent authority F15... all information necessary to enable them to assess the compliance of the outsourced activities with the requirements of this Regulation.

4.The outsourcing of a core service shall be subject to authorisation under Article 19 by the competent authority.

5.Paragraphs 1 to 4 shall not apply where a CSD outsources some of its services or activities to a public entity and where that outsourcing is governed by a dedicated legal, regulatory and operational framework which has been jointly agreed and formalised by the public entity and the relevant CSD and agreed by the competent [F16authority] on the basis of the requirements established in this Regulation.

F17Article 31U.K.Services provided by parties other than CSDs

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .