Regulation (EU) No 909/2014 of the European Parliament and of the CouncilDangos y teitl llawn

Section 4 Prudential requirements

Article 42General requirements

A CSD shall adopt a sound risk-management framework for comprehensively managing legal, business, operational and other direct or indirect risks, including measures to mitigate fraud and negligence.

Article 43Legal risks

1.For the purpose of its authorisation and supervision, as well as for the information of its clients, a CSD shall have rules, procedures, and contracts that are clear and understandable for all the securities settlement systems that it operates and all other services that it provides.

2.A CSD shall design its rules, procedures and contracts so that they are enforceable in all relevant jurisdictions, including in the case of the default of a participant.

3.A CSD conducting business in different jurisdictions shall take all reasonable steps to identify and mitigate the risks arising from potential conflicts of law across jurisdictions.

Article 44General business risk

A CSD shall have robust management and control systems as well as IT tools in order to identify, monitor and manage general business risks, including losses from poor execution of business strategy, cash flows and operating expenses.

Article 45Operational risks

1.A CSD shall identify sources of operational risk, both internal and external, and minimise their impact through the deployment of appropriate IT tools, controls and procedures, including for all the securities settlement systems it operates.

2.A CSD shall maintain appropriate IT tools that ensure a high degree of security and operational reliability, and have adequate capacity. IT tools shall adequately deal with the complexity, variety and type of services and activities performed so as to ensure high standards of security, and the integrity and confidentiality of the information maintained.

3.For services that it provides as well as for each securities settlement system that it operates, a CSD shall establish, implement and maintain an adequate business continuity policy and disaster recovery plan to ensure the preservation of its services, the timely recovery of operations and the fulfilment of the CSD’s obligations in the case of events that pose a significant risk of disrupting operations.

4.The plan referred to in paragraph 3 shall provide for the recovery of all transactions and participants’ positions at the time of disruption to allow the participants of a CSD to continue to operate with certainty and to complete settlement on the scheduled date, including by ensuring that critical IT systems can promptly resume operations from the time of disruption. It shall include the setting-up of a second processing site with sufficient resources, capabilities and functionalities and appropriate staffing arrangements.

5.The CSD shall plan and carry out a programme of tests of the arrangements referred to in paragraphs 1 to 4.

6.A CSD shall identify, monitor and manage the risks that key participants in the securities settlement systems it operates, as well as service and utility providers, and other CSDs or other market infrastructures might pose to its operations. It shall, upon request, provide competent and relevant authorities with information on any such risk identified.

It shall also inform the competent authority and relevant authorities without delay of any operational incidents resulting from such risks.

7.ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the operational risks referred to in paragraphs 1 and 6 and the methods to test, to address or to minimise those risks, including the business continuity policies and disaster recovery plans referred to in paragraphs 3 and 4 and the methods of assessment thereof.

ESMA shall submit those draft regulatory technical standards to the Commission by 18 June 2015.

Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.

Article 46Investment policy

1.A CSD shall hold its financial assets at central banks, authorised credit institutions or authorised CSDs.

2.A CSD shall have prompt access to its assets, where required.

3.A CSD shall invest its financial resources only in cash or in highly liquid financial instruments with minimal market and credit risk. Those investments shall be capable of being liquidated rapidly with minimal adverse price effect.

4.The amount of capital, including retained earnings and reserves of a CSD which are not invested in accordance with paragraph 3 shall not be taken into account for the purposes of Article 47(1).

5.A CSD shall ensure that its overall risk exposure to any individual authorised credit institution or authorised CSD with which it holds its financial assets remains within acceptable concentration limits.

6.ESMA shall, in close cooperation with EBA and the members of the ESCB, develop draft regulatory technical standards specifying the financial instruments that can be considered to be highly liquid with minimal market and credit risk as referred to in paragraph 3, the appropriate timeframe for access to assets referred to in paragraph 2 and the concentration limits as referred to in paragraph 5. Such draft regulatory technical standards shall, where appropriate, be aligned to the regulatory technical standards adopted in accordance with Article 47(8) of Regulation (EU) No 648/2012.

ESMA shall submit those draft regulatory technical standards to the Commission by 18 June 2015.

Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.

Article 47Capital requirements

1.Capital, together with retained earnings and reserves of a CSD, shall be proportional to the risks stemming from the activities of the CSD. It shall be at all times sufficient to:

(a)ensure that the CSD is adequately protected against operational, legal, custody, investment and business risks so that the CSD can continue to provide services as a going concern;

(b)ensure an orderly winding-down or restructuring of the CSD’s activities over an appropriate time span of at least six months under a range of stress scenarios.

2.A CSD shall maintain a plan for the following:

(a)the raising of additional capital should its equity capital approach or fall below the requirements laid down in paragraph 1;

(b)ensuring the orderly winding-down or restructuring of its operations and services where the CSD is unable to raise new capital.

The plan shall be approved by the management body or an appropriate committee of the management body and updated regularly. Each update of the plan shall be provided to the competent authority. The competent authority may require the CSD to take additional measures or to make any alternative provision where the competent authority considers that the CSD’s plan is insufficient.

3.EBA shall, in close cooperation with ESMA and the members of the ESCB, develop draft regulatory technical standards specifying requirements regarding the capital, retained earnings and reserves of a CSD referred to in paragraph 1.

EBA shall submit those draft regulatory technical standards to the Commission by 18 June 2015.

Power is delegated to the Commission to adopt the regulatory technical standards referred to in the first subparagraph in accordance with Articles 10 to 14 of Regulation (EU) No 1093/2010.