Article 1U.K.Identification of the third party
1.An application for authorisation as referred to in Article 28(4) of Regulation (EU) 2017/2402 shall contain the following information, to the extent relevant:
(a)the corporate name of the third party and its legal form;
(b)the third party's Legal Entity Identifier (LEI) or, where not available, another identifier required by the applicable national law;
(c)the third party's legal address as well as the addresses of any of its offices within the Union;
(d)the Uniform Resource Locator (URL) of the third party's website;
(e)an excerpt from a relevant commercial or court register, or another form of certified evidence, valid at the date of application, confirming the place of incorporation and the scope of business activity of the third party;
(f)the articles of incorporation of the third party, or other statutory documentation, stating that the third party is to assess the compliance of securitisations against the criteria provided for in Articles 19 to 22 or Articles 23 to 26 of Regulation (EU) 2017/2402 (‘STS compliance’);
(g)the most recent annual financial statements of the third party, including individual and consolidated financial statements, where available, and where the financial statements of the third party are subject to a statutory audit as defined in Article 2(1) of Directive 2006/43/EC of the European Parliament and of the Council(1), the audit report on these financial statements;
(h)the name, title, address, email address and the telephone number(s) of the contact person for the purposes of the application;
(i)the list of Member States in which the third party intends to provide STS compliance services;
(j)the list of types of securitisation for which the third party intends to provide STS compliance services, distinguishing between non ABCP securitisations and ABCP securitisations/programmes;
(k)a description of any services, other than providing STS compliance services, that the third party provides or intends to provide;
(l)a list of parties to whom the third party provides advisory, audit or equivalent services.
2.An application for authorisation shall include the following documentation as attachments:
(a)a list containing the name and business address of each person or entity that holds 10 % or more of the third party's capital or 10 % or more of its voting rights, or the holding of which makes it possible to exercise a significant influence over the third party, together with:
the percentage of the capital and voting rights held, and, where applicable, a description of the arrangements enabling the person or entity to exercise a significant influence over the third party's management;
the nature of the business activities of the persons and entities referred to in point (a);
(b)a list containing the name and business address of any entity in which a person or entity referred to in point (a) holds 20 % or more of the capital or voting rights and a description of that entity's activities.
(c)a completed copy of the table set out in Annex 1.
3.Where the third party has a parent undertaking, the application referred to in paragraph 1 shall state whether the immediate parent undertaking or ultimate parent undertaking is authorised, registered or subject to supervision, and where this is the case, state any associated reference number and the name of the responsible supervisory authority.
4.Where the third party has subsidiaries or branches, the application for authorisation shall identify the names and business addresses of those subsidiaries or branches and shall describe the areas of business activities of each subsidiary or branch.
5.An application for authorisation shall include a chart showing the ownership links between the third party, its parent undertaking and ultimate parent undertaking, its subsidiaries and affiliates, and any other persons and entities associated with or connected with a network as defined in point 7 of Article 2 of Directive 2006/43/EC. The chart shall identify the undertakings by their full name, the LEI or, where not available, another identifier required in accordance with the applicable national law, legal form and business address.
Article 2U.K.Composition of the management body and the organisational structure
1.The application referred to in Article 1 shall include the third party's internal governance policies and the terms of procedure which govern its management body, its independent directors and, where established, the committees or substructures of its management bodies.
2.The application referred to in Article 1 shall identify the members of the management body, including independent directors, and, where applicable, the members of committees or other substructures set-up within that management body. For each member of the management body, including its independent directors, the application shall describe the position held within the management body, the responsibilities allocated to that position and the time that will be devoted to fulfil those responsibilities.
3.The application referred to in Article 1 shall contain a chart detailing the organisational structure of the third party, which clearly identifies the roles of each member of the management body of that third party. Where the third party provides or intends to provide other services than STS compliance services, the organisational chart shall detail the identity and responsibility of the members of the management body in respect of those services.
4.The application referred to in Article 1 shall contain the following information in respect of each member of the management body:
(a)a copy of each member's curriculum vitae, including:
an overview of the member's relevant education;
the member's complete employment history with relevant dates, positions held and a description of the positions occupied;
any professional qualification held by the member, together with the date of acquisition and, where applicable, the status of any membership in a relevant professional body;
(b)details of any criminal convictions, in particular in the form of an official criminal record certificate;
(c)a declaration signed by the member, stating whether he or she:
has been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority, government body, agency or professional body;
has been subject to an adverse judicial finding in civil proceedings before a court, including for impropriety or fraud in the management of a business;
has been part of the management body (board or senior management) of an undertaking whose registration or authorisation was withdrawn by a regulatory authority, government body, or agency;
has been refused the right to perform activities which require registration or authorisation by a regulatory authority, government body, agency, or professional body;
has been a member of the management body of an undertaking that has gone into insolvency or liquidation, either while he or she was part of that undertaking's management body or within a year of him or her ceasing to be a member of that management body;
has been a member of the management body of an undertaking which has been subject to an adverse decision or penalty by a regulatory authority, government body, agency, or professional body;
as a consequence of misconduct or malpractice, has been disqualified from acting as a director, disqualified from acting in any managerial capacity, or dismissed from employment or other appointment in an undertaking;
has been otherwise fined, suspended, disqualified, or been subject to any other sanction, including in relation to fraud or embezzlement, by a regulatory authority, government body, agency, or professional body;
is subject to any current investigation, or pending judicial, administrative, disciplinary or other proceedings, including relation to fraud or embezzlement by a regulatory authority, government body, agency, or professional body;
(d)a signed declaration of any potential conflict of interest that the member may have in performing his or her duties and how those conflicts will be managed, including an inventory of any positions held in other undertakings;
(e)where not already included in point (a), a description of the member's knowledge of and experience in the tasks relevant for the third party's provision of STS compliance services, and in particular, knowledge of and experience in different types of securitisation or securitisations of different underlying exposures.
5.The application referred to in Article 1 shall contain the following, in respect of each independent director:
(a)evidence of the director's independence within the management body;
(b)disclosures of any past or present business, employment or other relationship that creates or might create a potential conflict of interest;
(c)disclosures of any business, family or other relationship with the third party, its controlling shareholder or the management of either, that creates or might create a conflict of interest.
Article 3U.K.Corporate governance
Where the third party adheres to a corporate governance code of conduct for the appointment and role of the independent directors and the management of conflicts of interest, the application referred to in Article 1 shall identify that code and provide an explanation for any deviation by the third party s from that code.
Article 4U.K.Independence and avoidance of conflicts of interest
1.The application referred to in Article 1 shall contain detailed information about the applicant's internal control systems for the management of conflicts of interest, including a description of the third party's compliance function and its risk assessment arrangements.
2.The application referred to in Article 1 shall contain information about the policies and procedures for the identification, management, elimination, mitigation and disclosure of existing or potential conflicts of interest and threats to the independence of the third party's provision of STS compliance services.
3.The application referred to in Article 1 shall contain a description of any other measures and controls applied to ensure the proper and timely identification, management and disclosure of conflicts of interest.
4.The application referred to in Article 1 shall contain an up-to-date inventory of any potential or existing conflicts of interest identified by the third party in accordance with Article 28(1)(f) of Regulation (EU) 2017/2402, and shall include:
(a)a description of any actual or potential conflicts of interest involving the third party, shareholders, owners or members of the third party, members of the management body, managers, staff of the third party or any other natural person whose services are placed at the disposal or under the control of the third party;
(b)a description of any actual or potential conflicts of interest arising from existing or envisaged business relationships of the third party, including any existing or envisaged outsourcing arrangements or from the third party's other activities.
5.The application referred to in Article 1 shall provide details on policies or procedures that aim to ensure that the third party does not provide any form of advisory, audit or equivalent services to the originator, sponsor, or the SSPE involved in the securitisation whose STS compliance the third party assesses.
6.The application referred to in Article 1 shall provide details on the following:
(a)revenue from other non-STS related services provided by the third party, disaggregated into the revenue from non-securitisation-related services and the revenue from securitisation-related services, over each of the three annual reporting periods preceding the date of submission of the application, or where not available, since the incorporation of the third party;
(b)the projected proportion of revenue from STS compliance services compared with the total projected revenue for the forthcoming three years' reference period.
7.The application referred to in Article 1 shall include, where applicable, the following information on the concentration of revenue from a single undertaking or a group of undertakings:
(a)information identifying any undertaking, or any group of economically connected undertakings, that provided more than 10 % of the third party's total revenue over each of the three annual reporting periods preceding the date of the submission of the application, or, where not available, since the incorporation of the third party;
(b)a statement whether an undertaking, or a group of economically connected undertakings, is projected to provide at least 10 % of the third party's projected revenue from the provision of STS compliance services over each of the next three years.
8.Where applicable, the application referred to in Article 1 shall contain an assessment of how a concentration of revenue from a single undertaking or a group of economically connected undertakings identified in paragraph 7 is compatible with the third party's policies and procedures on the independence of the STS compliance services referred to in paragraph 2.
Article 5U.K.Fee structure
1.The application referred to in Article 1 shall contain information on the pricing policies for providing the STS compliance services and shall include all of the following:
(a)pricing criteria and a fee structure or a fee schedule for the STS compliance services for each type of securitisation for which such services are offered (distinguishing non ABCP securitisations from ABCP securitisations and programmes), including any internal guidelines or procedures governing how the pricing criteria are used in order to determine or set individual fees;
(b)details of the methods used to record any specific costs incurred when providing STS compliance services, including additional incidental expenses related to the provision of STS compliance services, including transport and accommodation, and, where the third party intends to outsource parts of its provision of STS compliance services, a description as to how that outsourcing is to be taken into account in the pricing criteria;
(c)a detailed description of any established procedures for the modification of fees or for departing from the fee schedule, including under any frequent use programme;
(d)a detailed description of any established procedures or internal controls which ensure and monitor compliance with the pricing policies, including any procedures or internal controls which monitor the development of individual fees over time and across different customers to which STS compliance services are provided;
(e)a detailed description of any processes for reviewing and updating both the costing system and pricing policies;
(f)a detailed description of any procedures and internal controls for maintaining records relating to fee schedules, individual fees applied, or modifications to the third party's pricing policies.
2.The application referred to in Article 1 shall provide information on the following:
(a)whether the fees are set in advance of the provision of the STS compliance service;
(b)whether prepaid fees are non-refundable;
(c)any operational safeguards aimed at ensuring that contractual agreements between the third party and an originator, sponsor or SSPE for the provision of STS compliance services do not include a contractual termination clause or provide for breach of the contract or non-performance of the contract where the result of the STS compliance assessment demonstrates that the securitisation does not comply with the STS criteria.
Article 6U.K.Operational safeguards and internal processes to assess STS compliance
1.The application referred to in Article 1 shall include a detailed summary of any policies, procedures and manuals on the controls and operational safeguards established to ensure the independence of the third party's assessment of STS compliance and the integrity of its assessment.
2.The application referred to in Article 1 shall contain any information that demonstrates that the third party has established operational safeguards and internal processes to enable it to properly assess STS compliance, including the following:
(a)the number of staff, calculated on a full-time equivalent basis, disaggregated into types of positions within the third party;
(b)details on the policies and procedures established by the third party regarding:
the independence of individual staff members;
the termination of employment contracts, including any measures to ensure the independence and integrity of the STS assessment process associated with the termination of the employment, including policies and procedures related to negotiating future employment contracts with other undertakings for staff directly involved in the STS assessment;
the qualification requirements for staff directly involved in providing STS compliance activities, distinguished by position type;
training and development policies for staff directly involved in the provision of STS compliance services;
the performance evaluation and compensation policies of staff directly involved in STS compliance services;
(c)a description of any measures established by the third party to mitigate the risk of over-reliance on any individual staff members for providing STS compliance services;
(d)the following information where the third party relies, in any STS assessment, on outsourcing or external experts:
details on any policies and procedures with regards to the outsourcing of activities and the engagement of external experts;
a description of any outsourcing arrangements entered into or envisaged by the third party, accompanied by a copy of the contracts governing those outsourcing arrangements;
a description of the services to be provided by the external expert, including the scope of those services and the conditions under which those services should be rendered;
a detailed explanation of how the third party intends to identify, manage and monitor any risks posed by outsourcing and a description of the safeguards put in place to ensure independence of the STS assessment process;
(e)a description of any measures to be used in the event of a breach of any of the policies or procedures referred to in point (b) of paragraph 2 and point (i) of point (d) of paragraph 2;
(f)a description of any policies on the reporting to the competent authority of any material breach of the policies or procedures referred to in point (b) of paragraph 2 and point (i) of point (d) of paragraph 2 or any other fact, event or circumstance which is likely to amount to a breach of the conditions of the authorisation of the third party;
(g)a description of any arrangements established to ensure that the relevant persons are aware of the policies and procedures referred to in point (b) of paragraphs 2 and point (i) of point (d) of paragraph 2, and a description of any arrangement relating to the monitoring, review and updating of those policies and procedures.
3.The application referred to in Article 1 shall contain the following for each securitisation type for which the third party intends to provide STS compliance services:
(a)a description of the STS assessment methodology to be applied, including any procedures and methodology for the quality assurance of that assessment;
(b)a template of the STS verification report to be provided to the originator, sponsor or the SSPE.
Article 7U.K.Format of the application
1.A third party shall allocate a unique reference number to each document it submits to the competent authority as part of its application.
2.A third party shall include a substantiated explanation in its application for any requirement of this Regulation considered non-applicable.
3.The application referred to in Article 1 shall be accompanied by a letter signed by a member of the third party's management body confirming that:
(a)the submitted information is accurate and complete to the best of his or her knowledge, as of the date of the submission of the application;
(b)the applicant is neither a regulated entity as defined in point (4) of Article 2 of Directive 2002/87/EC(2), nor a credit rating agency as defined in point (b) of Article 3(1) of Regulation (EC) No 1060/2009.(3)
Article 8U.K.Entry into force
This Regulation shall enter into force on the twentieth day following its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 5 February 2019.
For the Commission
The President
Jean-Claude Juncker