The paying agency’s organisational structure shall allow it to execute the following main functions in respect of EAGF and EAFRD expenditure:
Authorisation and control of payments to establish that the amount to be paid to a beneficiary is in conformity with Union rules, which shall include, in particular, administrative and on-the-spot controls;
Execution of payments of the authorised amount to beneficiaries (or their assignees) or, in the case of rural development, the Union co-financing part;
Accounting to record all payments in the paying agency’s separate accounts for EAGF and EAFRD expenditure, in the form of an information system, and the preparation of periodic summaries of expenditure, including the monthly (for EAGF), quarterly (for EAFRD) and annual declarations to the Commission. The paying agency’s accounts shall also record the assets financed by the Funds, in particular concerning intervention stocks, uncleared advances, securities and debtors.
The paying agency’s organisational structure shall provide for clear assignment of authority and responsibility at all operational levels and for separation of the three functions referred to in the first paragraph, the responsibilities of which shall be defined in an organisational chart. It shall include the technical services and the internal audit service referred to under point 4.
The agency shall ensure that:
Appropriate human resources are allocated to carry out operations and existence of appropriate technical skills as required at different operational levels.
The division of duties is such that no official has responsibility for more than one of the responsibilities for authorising, paying or accounting of sums charged to the EAGF or to the EAFRD, and no official performs any of those tasks without the supervision of a second official.
The responsibilities of each official are defined in a written job description, including the setting of financial limits to his/her authority.
Staff training is appropriate at all operational levels, including fraud awareness, and there is a policy for rotating staff in sensitive positions, or alternatively for increased supervision.
Appropriate measures are taken to avoid a conflict of interests where a person occupying a position of responsibility or a sensitive position with regard to the verification, authorisation, payment and accounting of claims or payment request also fulfils other functions outside the paying agency.
A written agreement must be concluded between the paying agency and that body specifying, apart from the delegated tasks, the nature of the information and the supporting documents to be submitted to the paying agency and the time limit within which they must be submitted. The agreement must enable the paying agency to comply with the accreditation criteria.
The paying agency shall in all cases remain responsible for the efficient management of the Funds concerned. It remains fully responsible for the legality and regularity of the underlying transactions, including protecting the Union’s financial interest, as well as for declaring the corresponding expenditure to the Commission and for preparing the accounts accordingly.
The responsibilities and obligations of the other body, notably concerning the control and verification of the compliance with Union rules, shall be clearly defined.
The paying agency shall ensure that the other body has effective systems for ensuring that it fulfils its tasks in a satisfactory manner.
The other body shall explicitly confirm to the paying agency that it in fact fulfils its tasks and shall describe the means employed.
The paying agency shall regularly review the tasks delegated to confirm that the work performed is of satisfactory standard and that it is in compliance with Union rules.
The paying agency shall adopt the following procedures:
The paying agency shall lay down detailed procedures for the receipt, recording and processing of claims, including a description of all documents to be used.
Each official responsible for authorisation shall have at his/her disposal a detailed checklist of the verifications to be carried out, and shall attest in the supporting documents of the claim that those checks have been carried out. That attestation may be made by electronic means. There shall be evidence of systematic, such as sample, system or plan based review of the work by a senior staff member.
A claim shall be authorised for payment only after sufficient checks have been carried out to ensure compliance with Union rules.
The checks shall include those required by the relevant Regulation governing the specific measure under which aid is claimed, and those required pursuant to Article 58 of Regulation (EU) No 1306/2013 to prevent and detect fraud and irregularity with particular regard to the risks incurred. For the EAFRD, there shall in addition be procedures for verifying that the conditions for the granting of aid, including contracting, have been respected and that all applicable Union and national rules, including those fixed in the rural development program, have been complied with.
The management of the paying agency shall, at an appropriate level, be informed on a regular and timely basis of the results of administrative and on-the-spot checks carried out, so that the sufficiency of those controls may always be taken into account before a claim is settled.
The work performed shall be detailed in a report accompanying each claim, batch of claims or, if appropriate, in a report covering one marketing year. The report shall be accompanied by an attestation of the eligibility of the approved claims and of the nature, scope and limits of the work done. In addition, for the EAFRD there shall be an assurance that the criteria for the granting of aid, including contracting, have been respected and that all applicable Union and national rules, including those fixed in the rural development program, have been complied with. If any physical or administrative checks are not exhaustive, but performed on a sample of claims, the claims selected shall be identified, the sampling method described, the results of all inspections and the measures taken in respect of discrepancies and irregularities reported upon. The supporting documents shall be sufficient to provide assurance that all the required checks on the eligibility of the authorised claims have been performed.
Where documents (in paper or electronic form) relating to the claims authorised and controls made are retained by other bodies, both those bodies and the paying agency shall set up procedures to ensure that the location of all such documents relevant to specific payments is recorded.
The paying agency shall adopt the necessary procedures to ensure that payments are made only to bank accounts belonging either to beneficiaries or to their assignees. The payment shall be made by the paying agency’s bank, or, as appropriate, a governmental payments office, within five working days of the date of charge to the EAGF or to the EAFRD. Procedures shall be adopted to ensure that all payments for which transfers are not executed are not declared to the Funds for reimbursement. If such payments have already been declared to the Funds these should be re-credited to the Funds via the next monthly/quarterly declarations or in the annual accounts at the latest. No payments shall be made in cash. The approval of the authorising official and/or his/her supervisor may be made by electronic means, provided an appropriate level of security over those means is ensured, and the identity of the signatory is entered into the electronic records.
The paying agency shall adopt the following procedures:
Accounting procedures shall ensure that monthly (for EAGF), quarterly (for the EAFRD) and annual declarations are complete, accurate and timely, and that any errors or omissions are detected and corrected, in particular through checks and reconciliations performed at regular intervals.
The accounting for intervention storage shall ensure that the quantities and associated costs are correctly and promptly processed and recorded per identifiable lot and in the correct account at each stage from the acceptance of an offer to the physical disposal of the product, in compliance with the applicable regulations, and ensure that the quantity and nature of stocks at every location may be determined at any time.
Procedures shall be adopted to ensure that:
Payments of advances are separately identified in the accounting or subsidiary records.
Guarantees are obtained only from financial institutions which fulfil the conditions of Chapter IV of this Regulation and which are approved by the appropriate authorities and which remain valid until cleared or called upon, on the simple request of the paying agency.
The advances are cleared within the stipulated time limits and those overdue for clearing are promptly identified and the guarantees promptly called upon.
All the criteria provided for in points (A) to (D) shall apply, mutatis mutandis, to levies, forfeited guarantees, reimbursed payments, assigned revenues etc. which the paying agency is required to collect on behalf of the EAGF and of the EAFRD.
The paying agency shall set up a system for the recognition of all amounts due and for the recording in a single debtor’s ledger of all such debts prior to their receipt. The debtor’s ledger shall be inspected at regular intervals and action shall be taken to collect debts that are overdue.
The information regarding documentary evidence of the authorisation, accounting and payment of claims and handling of advances, securities and debts shall be available in the paying agency to ensure at all times a sufficiently detailed audit trail.
The paying agency shall adopt the necessary procedures to ensure that every change in the Union’s regulations, and in particular the rates of aid applicable, are recorded and the instructions, databases and checklists updated in good time.
International Standards Organisation 27002: Code of practice for Information Security controls (ISO);
Bundesamt für Sicherheit in der Informationstechnik: IT-Grundschutzhandbuch/IT Baseline Protection Manual (BSI);
Information Systems Audit and Control Association: Control objectives for Information and related Technology (COBIT).
The Commission may authorise Member States to certify their information systems security in accordance with other accepted standards if those standards guarantee a level of security at least equivalent to that provided by ISO 27001.
For paying agencies responsible for the management and control of a yearly expenditure not higher than EUR 400 million, the Member State may decide not to apply the provisions of the first subparagraph. Those Member States shall continue to apply the provisions of point (i). They shall inform the Commission of their decision.
The internal control activities shall cover at least the following areas:
Monitoring of the technical services and delegated bodies responsible for carrying out the controls and other functions to ensure a proper implementation of regulations, guidelines and procedures.
Initiating of system changes in order to improve control systems in general.
Reviewing claims and requests submitted to the paying agency as well as other information providing suspicion of irregularities.
Monitoring procedures to prevent and detect fraud and irregularity with particular regard to those areas of CAP expenditure under the paying agency’s competence which are exposed to a significant risk of fraud or other serious irregularities.
Ongoing monitoring is built into the normal, recurring operating activities of the paying agency. At all levels the daily operations and controls activities of the agency shall be monitored on an ongoing basis to ensure a sufficiently detailed audit trail.
The paying agency shall adopt in this respect the following procedures:
The internal audit service shall be independent of the paying agency’s other departments and shall report directly to the paying agency’s director.
The internal audit service shall verify that procedures adopted by the agency are adequate to ensure that compliance with Union rules is verified and that the accounts are accurate, complete and timely. Verifications may be limited to selected measures and to samples of transactions provided that an audit plan ensures that all significant areas, including the departments responsible for authorisation, are covered over a period not exceeding five years.
The internal audit service’s work shall be performed in accordance with internationally accepted standards, shall be recorded in working papers and shall result in reports and recommendations addressed to the agency’s top management.