Regulation (EU) No 909/2014 of the European Parliament and of the CouncilDangos y teitl llawn

Section 4 U.K. Prudential requirements

Article 42U.K.General requirements

A CSD shall adopt a sound risk-management framework for comprehensively managing legal, business, operational and other direct or indirect risks, including measures to mitigate fraud and negligence.

Article 43U.K.Legal risks

1.For the purpose of its authorisation and supervision, as well as for the information of its clients, a CSD shall have rules, procedures, and contracts that are clear and understandable for all the securities settlement systems that it operates and all other services that it provides.

2.A CSD shall design its rules, procedures and contracts so that they are enforceable in all relevant jurisdictions, including in the case of the default of a participant.

3.A CSD conducting business in different jurisdictions shall take all reasonable steps to identify and mitigate the risks arising from potential conflicts of law across jurisdictions.

Article 44U.K.General business risk

A CSD shall have robust management and control systems as well as IT tools in order to identify, monitor and manage general business risks, including losses from poor execution of business strategy, cash flows and operating expenses.

Article 45U.K.Operational risks

1.A CSD shall identify sources of operational risk, both internal and external, and minimise their impact through the deployment of appropriate IT tools, controls and procedures, including for all the securities settlement systems it operates.

2.A CSD shall maintain appropriate IT tools that ensure a high degree of security and operational reliability, and have adequate capacity. IT tools shall adequately deal with the complexity, variety and type of services and activities performed so as to ensure high standards of security, and the integrity and confidentiality of the information maintained.

3.For services that it provides as well as for each securities settlement system that it operates, a CSD shall establish, implement and maintain an adequate business continuity policy and disaster recovery plan to ensure the preservation of its services, the timely recovery of operations and the fulfilment of the CSD’s obligations in the case of events that pose a significant risk of disrupting operations.

4.The plan referred to in paragraph 3 shall provide for the recovery of all transactions and participants’ positions at the time of disruption to allow the participants of a CSD to continue to operate with certainty and to complete settlement on the scheduled date, including by ensuring that critical IT systems can promptly resume operations from the time of disruption. It shall include the setting-up of a second processing site with sufficient resources, capabilities and functionalities and appropriate staffing arrangements.

5.The CSD shall plan and carry out a programme of tests of the arrangements referred to in paragraphs 1 to 4.

6.A CSD shall identify, monitor and manage the risks that key participants in the securities settlement systems it operates, as well as service and utility providers, and other CSDs or other market infrastructures might pose to its operations. It shall, upon request, provide [F1the competent authority] with information on any such risk identified.

It shall also inform the competent authority F2... without delay of any operational incidents resulting from such risks.

7.[F3The Bank of England may make] regulatory technical standards to specify the operational risks referred to in paragraphs 1 and 6 and the methods to test, to address or to minimise those risks, including the business continuity policies and disaster recovery plans referred to in paragraphs 3 and 4 and the methods of assessment thereof.

F4...

F4...

Article 46U.K.Investment policy

[F51.A CSD must hold its financial assets at any one or more of the following kinds of institution:

(a)central banks;

(b)credit institutions with permission to accept deposits under Part 4A of FSMA;

(c)CSDs and third-country CSDs recognised by the competent authority;

(d)third-country financial institutions that are subject to and comply with asset protection and prudential rules considered by the competent authority to be at least as stringent as those laid down in Directive 2013/36/EU UK law and Regulation (EU) No 575/2013, and which the CSD assesses as having—

(i)robust accounting practices;

(ii)safekeeping procedures;

(iii)internal controls which ensure the full protection of those financial assets; and

(iv)low credit risk based upon an internal assessment by the CSD; or

(e)third-country CSDs which comply with asset protection rules considered by the competent authority to be at least as stringent as those laid down in this Regulation, and which the CSD assesses as having—

(i)robust accounting practices;

(ii)safekeeping procedures; and

(iii)internal controls which ensure the full protection of those financial assets.]

2.A CSD shall have prompt access to its assets, where required.

3.A CSD shall invest its financial resources only in cash or in highly liquid financial instruments with minimal market and credit risk. Those investments shall be capable of being liquidated rapidly with minimal adverse price effect.

4.The amount of capital, including retained earnings and reserves of a CSD which are not invested in accordance with paragraph 3 shall not be taken into account for the purposes of Article 47(1).

5.A CSD shall ensure that its overall risk exposure to any individual [F6institution of a kind referred to in paragraphs 1(b) to 1(e)] with which it holds its financial assets remains within acceptable concentration limits.

6.[F7The Bank of England may make] regulatory technical standards specifying the financial instruments that can be considered to be highly liquid with minimal market and credit risk as referred to in paragraph 3, the appropriate timeframe for access to assets referred to in paragraph 2 and the concentration limits as referred to in paragraph 5. Such draft regulatory technical standards shall, where appropriate, be aligned to the regulatory technical standards adopted in accordance with Article 47(8) of Regulation (EU) No 648/2012.

F8...

F8...

Article 47U.K.Capital requirements

1.Capital, together with retained earnings and reserves of a CSD, shall be proportional to the risks stemming from the activities of the CSD. It shall be at all times sufficient to:

(a)ensure that the CSD is adequately protected against operational, legal, custody, investment and business risks so that the CSD can continue to provide services as a going concern;

(b)ensure an orderly winding-down or restructuring of the CSD’s activities over an appropriate time span of at least six months under a range of stress scenarios.

2.A CSD shall maintain a plan for the following:

(a)the raising of additional capital should its equity capital approach or fall below the requirements laid down in paragraph 1;

(b)ensuring the orderly winding-down or restructuring of its operations and services where the CSD is unable to raise new capital.

The plan shall be approved by the management body or an appropriate committee of the management body and updated regularly. Each update of the plan shall be provided to the competent authority. The competent authority may require the CSD to take additional measures or to make any alternative provision where the competent authority considers that the CSD’s plan is insufficient.

3.[F9The Bank of England may make] regulatory technical standards specifying requirements regarding the capital, retained earnings and reserves of a CSD referred to in paragraph 1.

F10...

F10...