In order to address the potentially detrimental effect of poorly designed remuneration structures on the sound management of risks and on the control of risk-taking behaviour by individuals, there should be an express obligation for management companies of undertakings for collective investment in transferable securities (UCITS) to establish and maintain, for those categories of staff whose professional activities have a material impact on the risk profiles of the UCITS that they manage, remuneration policies and practices that are consistent with sound and effective risk management. Those categories of staff should include any employee and other member of staff at fund or sub-fund level who are decision takers, fund managers and persons who take real investment decisions, persons who have the power to exercise influence on such employees or members of staff, including investment advisors and analysts, senior management and any employees receiving total remuneration that takes them into the same remuneration bracket as senior management and decision takers. Those rules should also apply to investment companies that have not designated a management company authorised pursuant to Directive 2009/65/EC. Those remuneration policies and practices should apply, in a proportionate manner, to any third party which takes investment decisions that affect the risk profile of the UCITS because of functions which have been delegated in accordance with Article 13 of Directive 2009/65/EC.

Provided that management companies of UCITS and investment companies apply all the principles governing remuneration policies, they should be able to apply those policies in different ways according to their size, the size of the UCITS that they manage, their internal organisation, and the nature, scope and complexity of their activities.

While some actions are to be taken by the management body, it should be ensured that where, according to national law, the management company or investment company has in place different bodies with specific functions assigned, the requirements directed at the management body or at the management body in its supervisory function should also, or should instead, apply to those bodies, such as the General Meeting.

Guaranteed variable remuneration should be exceptional because it is not consistent with sound risk management or the pay-for-performance principle and should be limited to the first year of engagement.

The principles regarding sound remuneration policies should also apply to payments made from UCITS to management companies or investment companies.

The Commission is invited to analyse what the common costs and expenses of retail investment products in the Member States are, and whether further harmonisation of those costs and expenses is needed, and to submit its findings to the European Parliament and to the Council.

The provisions on remuneration should be without prejudice to the full exercise of fundamental rights guaranteed by the Treaty on European Union (TEU), the Treaty on the Functioning of the European Union (TFEU) and the Charter of Fundamental Rights of the European Union (the Charter), to general principles of national contract and labour law, applicable legislation regarding shareholders’ rights and involvement and the general responsibilities of the administrative and supervisory bodies of the companies concerned, as well as to the right, where applicable, of the social partners to conclude and enforce collective agreements, in accordance with national law and practice.

In order to ensure the necessary level of harmonisation of the relevant regulatory requirements in different Member States, additional rules should be adopted laying down the tasks and duties of depositaries, designating the legal entities that may be appointed as depositaries and clarifying the liability of depositaries in the event that the assets of the UCITS are lost in custody or in the case of depositaries’ improper performance of their oversight duties. Such improper performance may result in the loss of assets but also in a loss of the value of assets, if, for example, a depositary fails to act on investments that are not compliant with fund rules.

It is necessary to clarify that a UCITS should appoint a single depositary having general oversight over the assets of the UCITS. Requiring that there be a single depositary should ensure that the depositary has an overview of all the assets of the UCITS and both fund managers and investors have a single point of reference in the event that problems occur in relation to the safekeeping of assets or the performance of oversight functions. The safekeeping of assets includes holding assets in custody or, where assets are of such a nature that they cannot be held in custody, verification of the ownership of those assets as well as record-keeping for those assets.

In performing its tasks, a depositary should act honestly, fairly, professionally, independently and in the interest of the UCITS and of the investors of the UCITS.

In order to ensure a harmonised approach to the performance of depositaries’ duties in all Member States irrespective of the legal form taken by the UCITS, it is necessary to introduce a uniform list of oversight duties that are incumbent on depositaries in relation to UCITS with a corporate form (an investment company) and UCITS in a contractual form.

In order to prevent fraudulent cash transfers, no cash account associated with the transactions of the UCITS should be opened without the depositary’s knowledge.

Any asset held in custody for a UCITS should be distinguished from the depositary’s own assets, and should at all times be identified as belonging to that UCITS. Such a requirement should confer an additional layer of protection for investors in the event that the depositary defaults.

In addition to the existing duty of safekeeping of assets belonging to a UCITS, assets that are capable of being held in custody should be differentiated from those that are not, to which record-keeping and ownership verification requirements apply instead. The group of assets that can be held in custody should be clearly differentiated, since the duty to return lost assets should apply only to that specific category of assets.

The assets held in custody by the depositary should not be reused by the depositary, or by a third party to which the custody function has been delegated, for their own account. Certain conditions should apply to the reuse of assets for the account of the UCITS.

It is necessary to lay down the conditions for the delegation of the depositary’s safekeeping duties to a third party. Delegation and sub-delegation should be objectively justified and subject to strict requirements in relation to the suitability of the third party entrusted with the delegated function, and in relation to the due skill, care and diligence that the depositary should employ to select, appoint and review that third party. For the purpose of achieving uniform market conditions and an equally high level of investor protection, such conditions should be aligned with those applicable under Directive 2011/61/EU. Provisions should be adopted to ensure that third parties to which safekeeping functions have been delegated have the necessary means to perform their duties and that they segregate the assets of the UCITS.

A third party to which the safekeeping of assets is delegated should be able to maintain an omnibus account, as a common segregated account for multiple UCITS.

Where custody is delegated to a third party, it is also necessary to ensure that the third party is subject to specific requirements on effective prudential regulation and supervision. In addition, in order to ensure that the financial instruments are in the possession of the third party to which custody was delegated, periodic external audits should be performed.

In order to ensure consistently high levels of investor protection, provisions on conduct and on the management of conflicts of interest should be adopted and should apply in all situations, including in the case of a delegation of safekeeping duties. Those rules should in particular ensure a clear separation of tasks and functions between the depositary, the UCITS and the management company or the investment company.

It is necessary to specify and clarify the UCITS depositary’s liability in case of the loss of a financial instrument that is held in custody. The depositary should be liable, where a financial instrument held in custody has been lost, to return a financial instrument of an identical type or the corresponding amount to the UCITS. No discharge of liability in the case of loss of assets should be envisaged, except where the depositary is able to prove that the loss is due to an external event beyond its reasonable control, the consequences of which would have been unavoidable despite all reasonable efforts to the contrary. In that context, a depositary should not be able to rely on internal situations such as a fraudulent act by an employee to discharge itself of liability.

Where the depositary delegates custody tasks and the financial instruments held in custody by a third party are lost, the depositary should be liable. In the case of loss of an instrument held in custody, a depositary should return a financial instrument of an identical type or the corresponding amount, even if the loss occurred with a third party to which the custody has been delegated. The depositary should be discharged of that liability only where it is able to prove that the loss resulted from an external event beyond its reasonable control and with consequences that were unavoidable despite all reasonable efforts to the contrary. In that context, a depositary should not be able to rely on internal situations such as a fraudulent act by an employee to discharge itself of liability. No discharge of liability, be it regulatory or contractual, should be possible in the case of loss of assets by the depositary or a third party to which the custody has been delegated.

Every investor in a UCITS should be able to invoke claims relating to the liability of its depositary directly or indirectly through the management company or the investment company. Redress against the depositary should not depend on the legal form of the UCITS (corporate or contractual) or the legal nature of the relationship between the depositary, the management company and the unit-holders. The right of unit-holders to invoke depositary liability should not lead to a duplication of redress or to unequal treatment of the unit-holders.

Without prejudice to this Directive, a depositary should not be prevented from making arrangements to cover damages and losses to the UCITS or to the unit-holders of the UCITS. In particular, such arrangements should not constitute a discharge of the depositary’s liability, result in a transfer or any change to the depositary’s liability nor should they impinge on investors’ rights, including redress rights.

The Commission is invited to analyse in which situations the failure of a UCITS depositary or a third party to which the safekeeping functions have been delegated could lead to losses to UCITS unit-holders which are not recoverable under this Directive, to analyse further what kind of measures could be adequate to ensure a high level of investor protection, whatever the chain of intermediation between the investor and the transferable securities affected by the failure, and to submit its findings to the European Parliament and to the Council.

It is necessary to ensure that the same requirements apply to depositaries irrespective of the legal form of the UCITS. Consistency of requirements should enhance legal certainty, increase investor protection and contribute to the creation of uniform market conditions. The Commission has not received any notification that the derogation from the general obligation to entrust assets to a depositary has been used by an investment company. Therefore, the requirements laid down in Directive 2009/65/EC regarding the depositary of an investment company should be considered to be redundant.

While this Directive specifies a minimum set of powers that competent authorities should have, those powers are to be exercised within a complete system of national law which guarantees respect for fundamental rights, including the right to privacy. For the exercise of those powers, which may amount to serious interferences with the right to respect for private and family life, home and communications, Member States should have in place adequate and effective safeguards against any abuse, including, where appropriate, prior authorisation from the judicial authorities of a Member State concerned. Member States should allow competent authorities to exercise such intrusive powers to the extent necessary for the proper investigation of serious cases where there are no equivalent means for effectively achieving the same result.

Access to telephone records and data is necessary for the detection of, and imposition of sanctions for, infringements of the requirements of this Directive or its implementing measures. In order to introduce a level playing field in the Union in relation to access to telephone and existing data traffic records held by a telecommunications operator or the existing recordings of telephone conversations and data traffic held by UCITS, management companies, investment companies, depositaries or any other entities regulated by this Directive, competent authorities should, in accordance with national law, be able to require existing telephone and existing data traffic records held by a telecommunications operator, in so far as permitted under national law, and existing recordings of telephone conversations as well as data traffic held by UCITS, management companies, investment companies, depositaries or any other entities regulated by this Directive, in those cases where a reasonable suspicion exists that such records relating to the subject-matter of the inspection or investigation may be relevant to prove infringements of the requirements laid down in this Directive or its implementing measures. Access to telephone and data traffic records held by a telecommunications operator should not encompass the content of voice communications by telephone.

A sound prudential and conduct of business framework for the financial sector should rest on strong supervisory, investigatory and sanctions regimes. To that end, competent authorities should be equipped with sufficient powers to act and should be able to rely on equal, strong and deterrent penalties regimes for the infringements of this Directive. A review of existing powers to impose sanctions and their practical application aimed at promoting convergence of sanctions across the range of supervisory activities was carried out in Commission Communication of 8 December 2010 on reinforcing sanctioning regimes in the financial services sector. Competent authorities should be empowered to impose pecuniary penalties which are sufficiently high to be effective, dissuasive and proportionate, in order to offset expected benefits from behaviour which infringes the requirements laid down in this Directive.

Even though nothing prevents Member States from laying down rules for administrative and criminal sanctions for the same infringements, Member States should not be required to lay down rules for administrative sanctions for the infringements of this Directive where they are subject to national criminal law. In accordance with national law, Member States should not be obliged to impose both administrative and criminal sanctions for the same offence, but they could do so if their national law so permits. However, the maintenance of criminal rather than administrative sanctions for infringements of this Directive should not reduce or otherwise affect the ability of competent authorities, for the purposes of this Directive, to cooperate with competent authorities in other Member States or to access or exchange information with those competent authorities in a timely manner, including after any referral of the relevant infringements to the competent judicial authorities for criminal prosecution. Member States should be able to decide not to lay down rules for administrative sanctions for infringements which are subject to national criminal law. The option for Member States to impose criminal sanctions rather than, or in addition to, administrative sanctions should not be used to circumvent the sanctions regime in this Directive.

In order to ensure a consistent application across Member States, when determining the type of administrative penalties or measures and the level of administrative pecuniary penalties, Member States should be required to ensure that their competent authorities take into account all relevant circumstances.

In order to strengthen their dissuasive effect on the public at large and to inform them about infringements which may be detrimental to investor protection, sanctions should be published, save in certain well-defined circumstances. In order to ensure compliance with the principle of proportionality, sanctions should be published on an anonymous basis where publication would cause a disproportionate damage to the parties involved.

In order to enable ESMA to strengthen consistency in supervisory outcomes further in accordance with Regulation (EU) No 1095/2010, all publicly disclosed sanctions should be simultaneously reported to ESMA, which should also publish an annual report on all sanctions imposed.

Competent authorities should be entrusted with the necessary investigatory powers, and should establish effective mechanisms to encourage reporting of potential or actual infringements. Information on potential and actual infringements should also contribute to the effective performance of ESMA’s tasks in accordance with Regulation (EU) No 1095/2010. Communication channels for the reporting of those potential and actual infringements should therefore also be established by ESMA. Information on potential and actual infringements communicated to ESMA should be used only for the performance of ESMA’s tasks in accordance with Regulation (EU) No 1095/2010.

This Directive respects the fundamental rights and observes the principles recognised in the Charter as enshrined in the TFEU.

In order to ensure that the objectives of this Directive are attained, the power to adopt acts in accordance with Article 290 TFEU should be delegated to the Commission. In particular, the Commission should be empowered to adopt delegated acts to specify the particulars that need to be included in the standard agreement between the depositary and the management company or the investment company, the conditions for performing depositary functions, including the type of financial instruments that should be included in the scope of the depositary’s custody duties, the conditions subject to which the depositary may exercise its custody duties over financial instruments registered with a central depository and the conditions subject to which the depositary should safekeep the financial instruments issued in a nominative form and registered with an issuer or a registrar, the due diligence duties of depositaries, the segregation obligation, the conditions subject to and circumstances in which financial instruments held in custody should be considered to be lost, and what is to be understood by external events beyond reasonable control, the consequences of which would have been unavoidable despite all reasonable efforts to the contrary. The level of investor protection provided by those delegated acts should be at least as high as that provided by delegated acts adopted under Directive 2011/61/EU. It is of particular importance that the Commission carry out appropriate consultations during its preparatory work, including at expert level. The Commission, when preparing and drawing up delegated acts, should ensure a simultaneous, timely and appropriate transmission of relevant documents to the European Parliament and to the Council.

Since the objectives of this Directive, namely to improve investor confidence in UCITS by enhancing requirements concerning the duties and the liability of depositaries, the remuneration policies of management companies and investment companies, and by introducing common standards for the sanctions applying to the main infringements of this Directive, cannot be sufficiently achieved by the Member States, but can rather, by reason of their scale and effects, be better achieved at Union level, the Union may adopt measures, in accordance with the principle of subsidiarity as set out in Article 5 TEU. In accordance with the principle of proportionality, as set out in that Article, this Directive does not go beyond what is necessary in order to achieve those objectives.

Directive 2009/65/EC should therefore be amended accordingly,