ESMA Final Report on Draft Technical Standards for CSD Requirements and Internalised Settlement under CSDR

28 September 2015 | ESMA/2015/1457

Final Report Draft technical standards under the Regulation No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (CSDR)

1 Table of Contents Acronyms .............................................................................................................................. 2 1 Executive Summary ....................................................................................................... 3 2 Introduction .................................................................................................................... 4 3 CSD Requirements ........................................................................................................ 6 3.1 Relevant Currencies (Article 12 CSDR)................................................................... 6 3.2 CSD authorisation (Article 17 CSDR)...................................................................... 8 3.3 CSD Participations (Article 18 CSDR) ....................................................................14 3.4 CSD Review and Evaluation (Article 22 CSDR) .....................................................16 3.5 Cooperation arrangements (Article 24 CSDR)........................................................18 3.6 CSD Recognition (Article 25 CSDR).......................................................................19 3.7 Risk Monitoring Tools (Article 26 CSDR)................................................................20 3.8 Record Keeping (Article 29 CSDR) ........................................................................25 3.9 Reconciliation Measures (Article 37 CSDR) ...........................................................30 3.10 Operational Risk (Article 45 CSDR)........................................................................36 3.11 CSD Investment Policy (Article 46 CSDR)..............................................................39 3.12 Article CSD Links (Article 48 CSDR) ......................................................................45 3.13 Access (Articles 33, 49, 52, and 53(2) CSDR)........................................................51 3.13.1 Access of Participants to CSDs (Article 33 CSDR)..........................................51 3.13.2 Access of Issuers to CSDs (Article 49 CSDR).................................................52 3.13.3 Access between CSDs (Article 52 CSDR).......................................................53 3.13.4 Access between a CSD and another Market Infrastructure (Article 53 CSDR) 54 3.14 Authorisation to provide banking types of ancillary services (Article 55 CSDR) ......55 4 Internalised Settlement (Article 9 CSDR).......................................................................56 Annex I: Legislative mandate to develop draft technical standards.......................................62 Annex II: Draft technical standards under CSDR (see separate document) Annex III: Impact assessment (see separate document)

2 Acronyms CCP Central counterparty EC European Commission CP Consultation Paper CSD Central Securities Depository CSDR Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 DA Delegated act to be adopted by the EC DP Discussion Paper ESMA European Securities and Markets Authority ESMA Regulation Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC EU European Union ITS Implementing Technical Standards OTC Over-the-counter RTS Regulatory Technical Standards

3 1 Executive Summary Reasons for publication Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (CSDR) requires ESMA to develop draft technical standards (RTS) and implementing technical standards (ITS) in relation to several provisions of that Regulation. In relation to the draft technical standards ESMA consulted stakeholders on two occasions: the first consultation on a Discussion Paper (DP) was conducted from 20 March to 22 May 2014. The second consultation, which included the proposed draft RTS and ITS, was conducted from 18 December 2014 to 19 February 2015. ESMA launched a third consultation focusing only on the operation of the buy-in process from 30 June to 6 August 2015. Contents This Final Report includes the feedback from the second consultation and the proposed changes made by ESMA in key areas. It covers the draft RTS and ITS on CSD requirements, and the draft RTS and ITS on internalised settlement. For each section, a reference is made to the relevant Article in CSDR and to the relevant technical standards included in the Annexes to this Report. The RTS on settlement discipline will be included in a separate Report. Next Steps Following the submission of the draft technical standards to the European Commission, it has three months to decide whether to endorse ESMA’s draft technical standards. Given the need to analyse the responses received following ESMA’s Consultation Paper on the buy-in process, which closed on 6 August 2015, as well as the need to continue the discussions with the European Commission on the legal feasibility of the options to be considered regarding the entity responsible for the execution of the buy-in the case of transactions not cleared by a CCP, ESMA is delaying the delivery of the RTS on Settlement Discipline.

4 2 Introduction

1. Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (CSDR) requires ESMA to develop draft technical standards (RTS) and implementing technical standards (ITS) in relation to several provisions of that Regulation.
2. The ESMA mandate for drafting technical standards comprises: 4 mandates on settlement discipline, 5 mandates on authorisation, supervision and recognition, 6 mandates on CSD requirements, 4 mandates on access and links and 1 mandate on internalised settlement. This gives a total of 15 mandates, almost 30 if the RTS and the ITS are counted separately.
3. With respect to the draft technical standards, ESMA consulted stakeholders on two occasions: the first consultation was conducted in relation to a Discussion Paper (DP) from 20 March to 22 May 2014 and the second consultation, which included the proposed draft RTS and ITS, was conducted from 18 December 2014 to 19 February
4. ESMA received more than 100 responses from trade associations, market participants, issuers, professional bodies, and national authorities responding to the Consultation Paper.
5. ESMA launched a third consultation focusing only on the operation of the buy-in process from 30 June to 6 August 2015.
6. This Final Report includes the feedback from the second consultation and the proposed changes made by ESMA. It covers the draft RTS and ITS on CSD requirements, and the draft RTS and ITS on internalised settlement. For each section, a reference is made to the relevant Article in CSDR and to the relevant technical standards included in the Annexes to this Report. The RTS on settlement discipline will be included in a separate Report.
7. The ESMA Securities and Markets Stakeholder Group (SMSG) established under Regulation (EU) No 1095/2010 establishing the European Supervisory Authority (ESMA Regulation) was also consulted and was requested to provide an opinion in accordance with Articles 10 and 15 of that regulation. In addition, ESMA consulted the European Banking Authority (EBA) and involved the European System of Central Banks (ESCB) in the drafting of the relevant technical standards where close cooperation was required under CSDR, through a task force composed of an equal number of representatives from central banks and securities regulators.

5 7. This Report also includes an impact assessment, which is the result of: ESMA research; contact with stakeholders; and also input from an external consultant. The latter performed a number of interviews, surveys and research that complemented, in an independent manner ESMA’s own analysis. The most challenging task of the entire exercise was the collection of data, in particular data on costs and notwithstanding the continuous calls for evidence by ESMA in the different consultations, the evidence collected was poor. The impact assessment performed is therefore rather qualitative, with limited quantitative evidence. As noted, this reflects not only the reduced stakeholder feedback on the matter, but also the CSDR timeline, the fact that this is the first time that CSDs are regulated EU-wide, and that certain information is currently not recorded by CSDs and other market participants.

6 3 CSD Requirements 3.1 Relevant Currencies (Article 12) Article 12 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards specifying the conditions under which the Union currencies referred to in point (b) of paragraph 1 are considered to be the most relevant, and efficient practical arrangements for the consultation of the relevant authorities referred to in points (b) and (c) of that paragraph. 8. Under this mandate, ESMA is expected to define the criteria to determine which are the most relevant currencies to be considered for the purposes of ensuring that the central banks in the Union issuing the most relevant currencies in which settlement takes place are consulted by a CSD competent authority in the context of CSD authorisation and supervision. 9. Of the thirteen respondents to the CP question on relevant currencies, three agreed with the ESMA proposal and four considered the question to be either outside ESMA’s scope, or not relevant. The key points raised by the remaining respondents are summarised below. 10. One respondent felt the 5% threshold would be too low for small CSDs, recommending a 10% threshold. Another respondent felt the 5% threshold would lead to a unique role for the BoE due to the importance of Sterling. The respondent felt that the involvement of multiple other authorities could lead to colleges being created, and then a potential situation where the national authority may not be the key decision maker. Several respondents highlighted that the RTS must specify which NCB/ECB represents the Eurosystem in case the euro is a relevant currency. 11. ESMA conducted a simulation exercise with the cooperation of competent authorities and central banks. This exercise was based on 2014 data applied to the 2013 total settlement value figures of the ECB’s Statistical Data Warehouse (SDW). This enabled rough estimations / approximations based on limited data sources, as the SDW does not contain any data on non-EU CSDs (e.g. EEA), which may also be covered by the CSDR data sources, in particular with respect to nominal amounts settled in each currency were not available.

7 12. The exercise showed that with the originally proposed 5% threshold, only EUR and GBP would be considered relevant currencies and the latter only in one ICSD. ESMA considered that this was not the objective of the provision in the CSDR and therefore lowered the originally proposed threshold. 13. In addition, ESMA considered that even very small percentages within a CSD with high settlement volumes could represent a significant amount of settlement activity in a particular currency. Therefore, ESMA defined a second threshold that looks at the total settlement activity in a given currency within the EU, i.e. the central bank of issue perspective. If a relevant portion of that settlement activity is conducted by a CSD, that currency should be considered relevant even if in percentage of the settlement activity within the CSD it represents less than 1%. Given that this second threshold looks at the relevance from a different perspective, i.e. the settlement activity in a currency performed outside the country of issuance of the currency, the two thresholds should have different levels. The reasons are further explained below. 14. It was acknowledged that the possibility of a central bank of issue to manage its currency would be seriously hampered or made impossible if a large part of securities settlement in its currency takes place in a CSD located outside its jurisdiction and the respective central bank would not be designated a relevant authority under the CSDR. 15. Also, a simulation exercise has shown that even the lower threshold of 5% (compared with the total value of DVP settlement by a CSD) will lead to a very restrictive involvement (if any) of Central Banks of issue (CBIs) other than the domestic central bank. In particular it is noted that for some currencies (e.g. DKK, NOK, PLN, SEK) a 5% threshold effectively means that even if 100% of settlement in securities denominated in these currencies takes place in the EU’s largest (I)CSD none of these currency would be considered ‘relevant’ under the previously proposed parameter. It does not appear that such a result would be in line with the legislator’s intention. 16. Finally, the Level 1 text (in line with the PFMIs) gives preference to the settlement in central bank money as this is considered to be of lower risk than settlement in commercial bank money. Where the CSD settles in central bank money, the respective central bank is considered a relevant authority in line with Article 12.1 (c), irrespective of whether the amounts involved are significant or not. Consequently, if the CSD settles in commercial bank money, and thus has a higher risk profile, a ‘broad’ inclusion of the central bank of issue as relevant authority appear appropriate from a risk point of view. 17. Therefore, following a simulation exercise and the considerations above, ESMA concluded that the most relevant currencies referred to in point (b) of Article 12(1) of Regulation (EU) No 909/2014 for an individual CSD shall be identified via at least one out of the following thresholds:

8 (a) the relative share of each Union currency in the total value of the settlement by a CSD of settlement instructions against payment, calculated over a period of one year, provided that each individual share exceeds 1%; and (b) the relative share of settlement instructions against payment settled by a CSD in a Union currency compared with the total value of settlement instructions against payment settled in that currency across all CSDs in the Union, calculated over a period of one year, provided that each individual share exceeds 10%. 18. As regards periodicity and the entity conducting such calculations the ESMA approach is to provide that the calculations should be done on an annual basis by the competent authority of each CSD. 3.2 CSD authorisation (Article 17) Article 17 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the information that a CSD should provide to the competent authority in its application for authorisation, as well draft implementing technical standards to establish standard forms, templates and procedures for the application. 19. Under the Article 17 of CSDR, ESMA is required to specify the information that a CSD should provide to the competent authority in its application for authorisation, as well as the standard forms, templates and procedures for the application. 20. For the identification of the information that the applicant CSD should provide to the competent authority in the application for authorisation, ESMA considered the CRA Regulation and the TR provisions under EMIR and also the current national practices, which ESMA assessed via a survey among supervisors of CSDs. 21. The general industry response to the CP did not raise fundamental objections. The main comments related to the drafting and the content of application for Authorisation, and the information to be delivered to competent authorities. The most significant comments are discussed below.

9 22. As regards Article 2(2)(n) of the draft RTS presented in the CP, one respondent highlighted the need for the article to refer explicitly to all core and ancillary services outsourced by a CSD to a third party since this information is relevant for authorisation purposes. 23. Having regard on the CP feedback, ESMA has amended the TS in this respect (now Article 5 of the draft RTS on CSD Requirements). 24. Several respondents felt the need to refer to a “business line” or “department(s)” rather than a “person” responsible for a CSD’s compliance with its policies and procedures. This would mean an amendment to Article 3(1) (b) of the draft RTS presented in the CP. One respondent felt the entirety of the first paragraph of Article 3 of the draft RTS presented in the CP should be removed from the RTS. 25. Having regard on the CP feedback, ESMA has amended the TS by referring to the job titles of the persons responsible for the approval and maintenance of the policies and procedures. 26. Several respondents suggested replacing “measures” to adopt in the event of a breach of policies and procedures with “types of measures” under Article 3(1) (c) of the draft RTS presented in the CP, suggesting that this would make the provision less burdensome. 27. Having regard to the CP feedback, ESMA deleted the reference to the measures to adopt in the event of a breach of policies and procedures (see Article 6 of the new draft RTS on CSD Requirements). 28. Multiple respondents proposed that ESMA should amend Article 3(2) of the draft RTS presented in the CP, so that it referred to procedures in place for employees to report internally actual or potential infringements of CSDR, and not to the competent authorities. 29. ESMA considers that an application for authorisation should contain a description of the procedures put in place by the applicant CSD in compliance with any mechanism established in accordance with Article 65 of CSDR, to encourage reporting of potential or actual infringements of CSDR to competent authorities.

10 30. Several respondents suggested to modify the RTS provisions relating to information on groups (Article 4(1) of the draft RTS presented in the CP) so that it refers clearly to “other CSDs and credit institutions” rather than to “all other entities in the group” as well as to delete the phrase “or through an undertaking with which the applicant CSD has an agreement” from Article 4(3) of draft RTS so that it is clear that it refers only to entities within the group. 31. In line with the CP feedback, ESMA has clarified the reference to the cases where an applicant CSD is part of a group of undertakings, which includes other CSDs and credit institutions referred to in point (b) of Article 54(2) of CSDR (see Article 8 of the new raft RTS on CSD Requirements). 32. Many responses stated that CSDs should not be subject to specific accounting and financial reporting standards arguing that this goes beyond the Level 1 mandate. 33. Given that ESMA proposes under the technical standards on Risk Monitoring Tools, that a CSD’s financial statement should be prepared on an annual basis and be audited by statutory auditors or audit firms within the meaning of Directive 2006/43/EC, ESMA has kept the reference in the technical standards on CSD authorisation to financial reports including a complete set of financial statements for the preceding three years, and the statutory audit report on the annual and consolidated financial statements within the meaning of Directive 2006/43/EC of the European Parliament and of the Council, for the preceding three years. 34. Additionally, several responses suggested that the CSDR should not oblige already established CSDs to include a business plan in their application. One respondent suggested an alternative measure - to shorten the three-year business plan requirement to one year. 35. ESMA believes that, for the competent authority to be able to assess the viability of a CSD, an application for authorisation should contain a business plan, including a financial plan and an estimated budget that foresees various business scenarios for the CSD services, over a reference period of at least three years. 36. Multiple respondents requested the deletion, or redrafting of Article 5(5)(b) of the draft RTS presented in the CP on establishing resolution plans. In current form the respondents stated the article is not consistent as it is the responsibility of the competent authority (rather than the CSD) to develop and establish this.

11 37. Having regard to the CP feedback, ESMA has deleted the reference to resolution plans (see Article 9 of the new draft RTS on CSD Requirements). 38. Many respondents argued for the deletion of references to risk management procedures point (b) from Article 8(1) of the draft RTS presented in the CP, stating they were not part of general corporate governance. 39. ESMA believe the application should also include a description of the processes to identify, manage, monitor and report the risks to which the applicant CSD is or may be exposed. 40. Several respondents requested the modification of Article 10 of the draft RTS presented in the CP (“Senior management, management body and shareholders” – now article 14 of the draft RTS on CSD Requirements): replacing the words “an adverse decision or penalty” with the word “sanctions” in paragraph (1) (c) (vii) and deleting point (x) of the draft RTS presented in the CP so that all issues related to conflicts of interest are addressed under Article 15 of the draft RTS. An additional suggestion was that a further requirement was included requiring a declaration by the CSD regarding the good repute of senior management. 41. ESMA has taken into account the above mentioned suggestions. 42. Respondents stated that Article 11 of the draft RTS presented in the CP required various modifications, so the information on conflicts of interest is disclosed only to the competent authority. Additionally respondents requested Article 11(2) of the draft RTS presented in the CP should be updated to ensure this only referred to the register of conflicts related specifically to the CSD’s activities. 43. ESMA has taken into account the above mentioned suggestions (see Article 15 of the new draft RTS on CSD Requirements). 44. Multiple CP respondents suggested editing Article 18 on transparency requirements of the draft RTS presented in the CP (Article 22 in the new draft RTS on CSD Requirements) so that information on cost and revenues of ancillary services, taken as a whole, is provided to the competent authority.

12 45. Having regard to Article 34 of CSDR, ESMA proposes that an application for authorisation should include the prices and fees for each core service provided by the applicant CSD and any existing discounts and rebates, as well as the conditions for such reductions, as well as information allowing the competent authority to assess how the CSD intends to comply with the requirements to account separately for costs and revenues. 46. Many respondents stated that Article 20 of the draft RTS presented in the CP should be deleted (concerning the “book entry form” requirement). 47. ESMA has amended the book-entry form requirement so that it refers to information that demonstrates that the applicant CSD is capable to comply with Article 3 of CSDR, i.e. by enabling the recording of securities in book-entry form (Article 24 of the new draft RTS). 48. A number of respondents proposed modifying the title of Article 27 of the draft RTS presented in the CP by replacing the word “Portability” with the words “Transfer of participants and clients’ assets in case of a withdrawal of authorisation” or “Transfer of participants and clients’ assets” (the notion of “portability” being used only in the context of CCPs). In relation to the same article, some respondents proposed modifying the wording to ensure CSD clients are given a choice as to which CSD should hold their assets in the case of such a transfer. 49. ESMA has taken into account the above mentioned suggestion in Article 31 of the new draft RTS. 50. One respondent stated that Article 28 of the draft RTS presented in the CP required amending to clarify that CSDs could rely on legal due diligence undertaken by both internal and external advisors to assess relevant legal risks (see Article 32 of the new draft RTS). 51. Having regard to the CP feedback, ESMA refers in the technical standards to “any legal assessment” on which the measures put in place to identify and mitigate the risks arising from potential conflicts of laws across jurisdictions in accordance with Article 43(3) of CSDR are based.

13 52. Many respondents suggested amending Article 30(2) of the draft RTS presented in the CP so that information on outsourcing agreements in relation to the management of operational risks is required only with respect to the outsourcing of core services. Alternatively, it is proposed that the notion of “material” outsourcing agreements could be introduced in Article 30(2) of RTS. 53. ESMA believes that, in order for the competent authorities to have a comprehensive view of the outsourcing arrangements, the information included in the CSD application for authorisation should cover all outsourcing agreements in accordance with Article 30 of CSDR (see Article 34 of the new draft RTS). 54. Several respondents suggested deleting Article 33 of the draft RTS presented in the CP on the requirement that the application should include detailed descriptions and procedures to be applied in the case of the services that the CSD provides or intends to provide. 55. In order for the competent authorities to have a clear overview of the services a CSD intends to provide, ESMA believes a CSD application for authorisation should include detailed descriptions and procedures to be applied in the case of those services (see Article 7 of the new draft RTS on CSD Requirements). 56. It was suggested by some respondents that Article 34(1) (a) of the draft RTS presented in the CP required amendment so that the procedures mentioned in this provision refer to “material” sources of risk instead of “all potential” sources of risk for the applicant CSD and for its participants arising from a link arrangement. 57. Given that in accordance with Article 48(1), before establishing a CSD link and on an ongoing basis once the CSD link is established, all CSDs concerned shall identify, assess, monitor and manage all potential sources of risk for themselves and for their participants arising from the CSD link and take appropriate measures to mitigate them, ESMA believes the application for authorisation should include procedures for the identification, assessment, monitoring and management of all potential sources of risk for the applicant CSD and for its participants arising from the link arrangement and the appropriate measures put in place to mitigate them (see Article 37 of the new draft RTS). 58. One respondent suggested modifying Article 37 of the draft RTS presented in the CP so that CSDs are not obliged to provide a self-assessment of compliance nor to indicate all material changes (in rules, procedures and documents) at the preliminary draft stage (before their implementation).

14 59. ESMA has deleted that requirement in the TS on CSD authorisation. 60. Several respondents argued that the competent authority should not have the right to request the submission of documents in multiple languages. The respondents implied that translation costs are extremely high and authorities involved in the authorisation process should agree to a single common language to be used, this would require a modification to Article 1(5) of the draft ITS presented in the CP. 61. ESMA considers that information should be submitted in the language indicated by the competent authority. However, in the context of increased cross-border services and given the potential implication in the authorisation of a CSD of authorities from different jurisdictions, ESMA proposes that the competent authority should be able to request the CSD to submit the same information in a language customary in the sphere of international finance (Article 92(5) of the new draft RTS on CSD Requirements). 3.3 CSD Participations (Article 18) Article 18 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the criteria to be taken into account by the competent authorities to approve the participation of CSDs in legal persons other than those providing the services listed in Sections A and B of the Annex. Such criteria may include whether the services provided by that legal person are complementary to the services provided by a CSD, and the extent of the CSD's exposure to liabilities arising from such participation. 62. Article 18(4) determines that an authorised CSD may only have a participation in a legal person whose activities are limited to the provision of services set out in Sections A and B of the CSDR Annex, unless such a participation is approved by its competent authority on the basis that it does not significantly increase the risk profile of the CSD. Participations and ancillary services

15 63. Numerous respondents requested additional clarification on Article 2(1) of the draft RTS presented in the CP (now Article 40 of the new draft RTS on CSD Requirements), confirming that the article does not prevent a CSD from having a participation in an entity that serves several other CSDs. The respondents felt th article should be aligned with CSDR. In ESMA’s view the CSDR text is already sufficiently clear and indeed such restriction is not envisaged. Therefore, should all the other conditions be fulfilled, the participation in such an entity should not be forbidden. ESMA considers that a specific reference to this case is not justified. 64. Respondents mentioned that it needed to be clearly stated in Article 2(1) (c) (i), (ii) and (iii) of the draft RTS presented in the CP that the list of ancillary services is not exhaustive and that other services might be considered as complementary to a CSD’s core and ancillary services. Additionally, respondents pointed out that the list of entities performing the services is not consistent with the provisions of Article 18(4) of CSDR. ESMA finds that a mere list of examples would not be appropriate in the context of a legislative document and it would also fail to ensure harmonisation across the Union. Nevertheless, some amendments were made to clarify the services allowed and the reference to TR services was deleted, since these were considered as part of regulatory reporting services, already included specifically in the CSDR Annex. 65. Some respondents called for a waiver with regard to the requirement for the CSD to provide an independent risk analysis on its participations. Respondents considered this overly burdensome, particularly for cases with low participation values and/or cases related to companies offering services ancillary to CSD activities. ESMA’s understanding is that such exemption should not be granted and no data was received demonstrating that such approach would not be proportionate, notably as regards unbearable costs having in obtaining such analysis vis-à-vis the potential risks of a CSD being negatively impacted by unanalysed participations. ESMA enables, however, an internal assessment made by an internal auditor, provided that it is independent – this should enable CSDs to fulfil the requirements without considerable costs. 66. There were some respondents who requested an exemption to CSDs with banking licenses from having to offer an independent risk analysis. Respondents argued these CSDs are already subject to increased capital requirements under CSDR for ancillary banking service provisions because they fall subject to capital adequacy standards relating to both credit exposure and operating risk. ESMA believes that the same considerations as under the previous paragraph apply here. Different rules from non￾banking CSDS do not seem justified, particularly as the capital requirements argument was not compelling (such requirements are considered due to the banking nature and not the risks arising from participations that are irrespective of the banking nature of a CSD).

16 67. Some respondents indicated that they felt the RTS should take into account cases where CSDs are required to acquire shares in some infrastructures (e.g. SWIFT) if volumes of transactions reach certain thresholds. The respondents felt that CSDs should be allowed participation without fulfilling the entirety of the criteria mentioned in Article 2(1). ESMA did not consider this proposal further having in mind CSDR and the need to avoid undue discrimination. Should such entities be less risky, this will be made evident in the risk assessment but it should not preclude it. 68. With regard to CSDs that are also TRs one respondent felt that the CSD should be allowed to provide TR services as ancillary services. The respondent felt that there was a risk in including TRs in the list of entities and so instead a recital should be included which clarified that TR’s services should not be treated as complementary. ESMA has considered the matter and deleted the reference to TR services, which as noted above, are in any case considered as regulatory reporting services under the Annex to CSDR. 69. The final matter raised by respondents to the CP with regard to CSD participations related to control. Multiple respondents felt that actually assuming control of an entity in which a CSD holds a participation can usually be seen as a way to better control the resultant risks. The respondents stated that these risks, resulting from the participation of the CSD in other entities, should be included by the CSDs in their recovery plans. ESMA agrees that control should be required. This will avoid that the CSD is exposed to risks emanating from a participant entity governed by other shareholders – the CSD would not be dependent on other shareholders. Additionally, it facilitates CSD supervisors to access information and order the appropriate actions to be taken by the CSD at the participated company level. The provision has been amended in that regard. 3.4 CSD Review and Evaluation (Article 22) Article 22 CSDR ESMA shall, in close corporation with the members of the ESCB, develop draft regulatory technical standards to specify: (a) the information that the CSD shall provide to the competent authority for the purposes of a review. (b) the information that the competent authority shall supply to the relevant authorities. (c) the information that the competent authorities shall supply to one another. ESMA shall, in close corporation with members of the ESCB, develop draft implementing technical standards to determine standard forms, templates and procedures for the provision of this information.

17 70. For the RTS under Article 22 of CSDR regarding the review and evaluation of CSDs, ESMA is required to specify: (a) the information that the CSD shall provide to the competent authority for the purposes of a review; (b) the information that the competent authority shall supply to the relevant authorities; (c) the information that the competent authorities shall supply to one another. For the ITS under Article 22 of CSDR, ESMA is required to determine standard forms, templates and procedures for the provision of this information. 71. The main points raised by respondents related to the overall review and evaluation procedure being too burdensome for CSDs. Some respondents felt CSDs should not need to provide self-assessment of overall compliance with CSDR, others argued for an amendment of Article 40 of the draft RTS presented in the CP to clarify that CSDs are only obliged to provide documents that have been materially modified in the review period. 72. Multiple amendments to Article 41 on periodic information of the draft RTS presented in the CP were suggested by respondents to add more flexibility to competent authorities collecting specific documents from CSDs. 73. ESMA believes that it is necessary to ensure that for each review and evaluation under CSDR, the competent authority has access to relevant information on a continuous basis. In order to determine the scope of information to be delivered for each review and evaluation, the provisions of this Regulation should follow the requirements for authorisation with which a CSD has to comply under CSDR. This includes substantive changes to elements already submitted during the process of authorisation, information relating to periodic events and statistical data (see Articles 41 and 42 of the new draft RTS on CSD Requirements). 74. With regard to Article 42 of the draft RTS presented in the CP there were responses relating to the proportionality of the requirement to provide statistical data. 75. ESMA believes that, in order to carry out a comprehensive risk evaluation of a CSD, the competent authority will need to request statistical data on the scope of the CSD’s business activities in order to evaluate the risks related to CSDs operation and to the smooth operation of securities markets. In addition, statistical data would enable the competent authority to monitor the size and importance of securities transactions and settlements within the financial markets as well as to assess the ongoing and potential impact of a given CSD on the securities market as a whole. Having regard to the CP feedback, ESMA has streamlined the statistical data requirements also in line with the substantive provisions under relevant technical standards in accordance with CSDR (Article 43 of the new draft RTS on CSD Requirements).

18 76. Taking into account the possible burden of gathering and processing a vast amount of information related to the operation of a CSD, ESMA proposes that a CSD should submit a report on the CSD’s activities and the substantive changes made during the review period which should include a declaration of overall compliance with the provisions of CSDR and the relevant regulatory technical standards under CSDR, including with respect to each of the substantive change made during the review period (Article 41(2) of the new draft RTS on CSD Requirements). 77. ESMA considers that the documents submitted by a CSD for the review and evaluation should be delivered in a manner that enables the competent authority to identify all the relevant changes made to the arrangements, strategies, processes and mechanisms implemented by the CSD since authorisation or since the completion of the last review and evaluation. 78. For the competent authority to monitor and evaluate the risks to which the CSD is or may be exposed to and which may arise for the smooth functioning of securities markets, ESMA is of the opinion that the competent authority should be able to request additional information on the risks and activities of a CSD. The competent authority should therefore be able to define and request on its own initiative or following a request submitted to it by another authority, any additional information which it considers necessary for each review and evaluation of the activities of a CSD. 3.5 Cooperation arrangements (Article 24) Article 24(8) CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms, templates and procedures for the co￾operation arrangements between competent authorities. 79. Under Article 24(8) of CSDR, ESMA is required to establish standard forms, templates and procedures for the co-operation arrangements between competent authorities, where a CSD provides services in a host Member State, including through setting up a branch.

19 80. Three respondents to the CP question on cooperation arrangements agreed with the existing proposal, eight respondents had no comment. Two respondents required that the same principles and practical/operational supervisory criteria as EMIR and other legislations relating to FMIs should be applied. The same two respondents also suggested that ESMA enforced the extraterritorial applicability of the arrangements. Another respondent stated that there was a need for third country CSDs to provide the same reporting data as EU CSDs. 81. ESMA has streamlined the proposed ITS on cooperation arrangements in line with the substantive provisions under other relevant technical standards under CSDR. 82. With regard to the applicability of the arrangements to third country entities, where relevant, ESMA believes that this could be ensured through contractual arrangements between the EU CSDs and the third country entities, which in turn would be monitored by the EU authorities which would need to cooperate and exchange information with the competent authorities of the third country entities. 3.6 CSD Recognition (Article 25) Article 25 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the information that the applicant CSD is to provide to ESMA in its application for recognition under paragraph 6. 83. Of the 12 responses ESMA received to the question on CSD Recognition, 11 responses expressed full agreement with no further comments. One respondent responded with comments. 84. As noted in the CP, ESMA believes that the development of rules on EU recognition of CSDs should follow the general principle of non-discrimination between EU and non-EU CSDs. This suggests that the definition of the items that a non-EU CSD could provide for EU recognition purposes could be similar to the elements required for the registration of an EU CSD, as defined in Article 17 CSDR, with due adaptations. The adaptations regard the fact that the supervision of the recognised CSD would be performed outside the EU, and ESMA should rely on cooperation with the home supervisor.

20 85. The comments received related to providing more assurance on equivalence and consistency, in particular applying reporting and statistical requirements to third country CSDs. Some comments related to the legal and factual possibility for EU CSDs to provide services in non-EU markets. There were also comments around ESMA acknowledging that EU authorities have no means to impose regulatory measures to ensure compliance with CSDR to third country CSDs. The final comment related to establishing follow up arrangements, rather than a one off self-assessment for CSDs. 86. ESMA notes that some of these comments relate to the way in which equivalence decisions will be adopted by the European Commission and whether any relevant condition would be attached to them, rather than on the information to be provided for the recognition process. It should also be noted that ESMA will be able to request additional information on an on-going basis, through MoUs with third country authorities, in accordance with Article 25(10) of CSDR. 87. ESMA’s approach was to keep its proposals whilst fine-tuning some elements and requiring the applicant CSD to: (a) provide evidence certifying that it is duly authorised and supervised in the relevant third country and that it effectively complies with the legal and supervisory arrangements in that third country (b) clarify the measures that it intends to take to allow its users to comply with the specific national laws of the Member State in which the CSD intends to provide notary or central maintenance services, as referred to in point (d) of Article 25(4) of Regulation (EU) No 909/2014. 3.7 Risk Monitoring Tools (Article 26) Article 26 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards specifying at the CSD level and at the group level: a) the monitoring tools for the risks of the CSDs; b) the responsibilities of the key personnel in respect of the risks of the CSDs; c) the potential conflicts of interest; d) the audit methods; and e) the circumstances in which it would be appropriate, taking into account potential conflicts of interest between the members of the user committee and the CSD, to share audit findings with the user committee.

21 88. The main themes raised by respondents to the CP in relation to risk monitoring tools are summarised in the following points. CCO and CRO 89. Multiple respondents stated that the functions of Chief Compliance Officer and Chief Risk Officer can be fulfilled by the same individual. The profiles/professional qualifications are distinct and in this case even more different than for instance Chief Risk Officer and Chief Technology Officer as the compliance side will have a strong legal background (qualifying law degree/legal practice course) whereas the risk side will have a strong analytical/mathematical/statistical background, and a degree in mathematics/economics. Risks in relation to participants’ clients 90. Several respondents stated that it was important that a legally binding text did not impose unreasonable regulatory expectations on CSDs, due to the fact that CSDs do not incur risks from the clients of their participants and so have no way of exercising control over these clients. ESMA agrees with this reasonability criterion and believes that the proposed approach meets it, whilst not ignoring that CPMI-IOSCO PFMI 17, Key Consideration 7 stresses the importance of understanding risks from multiple angles (“key participants, other FMIs, and service and utility providers”). Responsibility for risks to other entities 91. Additionally respondents reported that CSDs should not be legally responsible for assessing the risks that they pose to other entities. The respondents suggested restricting such a legal requirement to risks to which the CSD itself is exposed. ESMA finds that the requirement should be kept as ignoring the risks that a CSD may pose to other entities, even if these are deemed minimal, could result in wrong incentives or future gaps in identifying risks within the financial system as a whole. This was also recognised in the final part of CPMI-IOSCO PFMI 17, Key Consideration 7 (“an FMI should identify, monitor, and manage the risks its operations might pose to other FMIs”). Data protection and competition concerns 92. Many respondents felt that the requirement to share rules, procedures and contractual arrangements with participants and participants’ clients would create numerous data protection and competition concerns. ESMA agrees with this view and has deleted the respective requirements.

22 Committees and governance 93. A few respondents felt that CSDR did not require establishing audit, remuneration and risk committees, other respondents felt that the composition and functions of these committees needed to be further clarified, or left for the CSD decision making bodies to define. A number of respondents felt that CSDs within groups should not be required to have their own committees and rather could rely upon those used within a group. ESMA agrees that it is proportionate for group structures to share resources effectively provided that the independence, time and dedication of the officers to each role are ensured and that no conflicts of interest exist. The provisions on committees have also been amended for clarity and also taking into account the differences of the role of the risk committee, for instance in a CSD vs. a CCP, albeit not ignoring the need to involve users in the process and independent board members as well. A few respondents stated that the risk committee mandates should not be made public. Others felt that the term “internal control function” was unclear and used in different ways. ESMA finds that at least some information on the committee (mandate) should be made available to participants but there was no intent to mandate the publication of all committee documents and activities. ESMA has amended the provisions on the use of the internal control function, by clarifying that it is the same as the compliance function (the proposed reference is to ‘compliance and internal control function’).

23 94. Multiple respondents stated that Article 5(1) of the draft RTS needed to be amended to confirm the responsibilities of the management body, as the monitor of the senior management to guarantee it performs in line with the objectives proposed by the management body. Additionally these respondents felt it needed to be made clear that the senior management would also be responsible for ensuring the independence and adequate resources of internal control functions. ESMA is aware of the challenges of a possible tension between independence and liability. This is a particular issue as regards independent officers (e.g. CROs, CTOs, CCOs, …) but less of a concern as regards the senior management vs the management body. The challenge in the latter case is the liability of the senior management (that is not eliminated) vs the liability of the management body (as board members retain principal liability, as the highest body of a company – they are also responsible for the appointment of the senior management). In a nutshell, both are liable, in different ways, according to their functions and hierarchy. On the more delicate matter of the senior management being also responsible for ensuring the independence and adequate resources of internal control functions, ESMA believes that the independence of the internal control and similar (CRO, CCO, CTO, …) functions should be ensured at all levels and respected thus by the senior management but also the management body and any other elements of the company. As in many other company cases (including market infrastructures such as CCPs and TRs), the management body is ultimately responsible for the results of the policies that it approves and any non-compliance, whereas it should appoint the compliance and other independent functions but preserve their independence in assessing how such policies are being implemented. Experience in implementing this approach in other infrastructures has not revealed major concerns and potential conflicts between the management body and the internal control function or similar should be raised to the competent authorities, rather than justify an exemption from managers liability or a less independent role of the officers concerned. ESMA has thus kept the approach proposed in the CP as regards the independence of officers and the liability of the management, but has additionally clarified the responsibilities of the management body and of the senior management. 95. One respondent emphasised the need for any responsibilities for the management body to be in line with other national/EU laws. ESMA understands this concern although in the absence of a unified set of corporate laws in the EU, particularly on directors’ liability, the approach taken has been sufficiently broad to be commonly acceptable, as mentioned above.

24 Conflicts of interest 96. Some respondents called for clarity with regard to the wording of Article 6(1) of the draft RTS presented in the CP. Additionally, some respondents recommended the inclusion of definitions/explanations of persons mentioned in Article 6(3). One respondent felt that it was important that Article 6(4) only referred to the use of confidential information – pointing out the difficulties of restricting the use of non-confidential information. ESMA’s approach was to keep the proposed line, i.e. a broad scope of the conflicts of interest that may be considered, whilst adding some clarity on the definition of direct v indirect links (“any person directly or indirectly linked to such individuals or to the CSD is to be interpreted, when referring to a legal person, as directly or indirectly linked to the legal person by control. When referring to a natural person, it is the immediate family, being understood as the spouse or legal partner, family members in direct ascending or descending line up to the second degree and their spouses or legal partners, the siblings and their spouse or legal partners, and any person living under the same roof as the employees, managers or members of the management body”) (see Article 50 of the new draft RTS on CSD Requirements). This definition may be revisited in the future, in order to prevent circumvention (e.g. it may be that a friend is closer than family, for business purposes and generating conflicts of interest, for instance). Internal auditing 97. Internal auditing was another area which received specific comment following the CP. Two respondents felt that independent audits should be performed at least every three years. One respondent stated that smaller CSDs should allow their internal auditors to exercise other functions, maintaining a sufficient degree of independence. Having discussed the matter at length, ESMA’s view is that the current approach should be kept, rather than discriminate between CSDs based on their size. As to the exercise of other functions by auditors this is not forbidden provided that it does not affect the quality of their auditor activity and, particularly, does not raise conflict of interest concerns – independence is a fundamental element of their role.. The functions of the chief risk officer, chief compliance officer and chief technology officer should be carried out by different individuals, who shall be employees of the CSD or of an entity from the same group as the CSD, given that such functions are usually fulfilled by persons with different academic and professional profiles. Information sharing 98. There was one respondent who suggested that the final provision on information sharing with user committee (Article 7(8) now Article 52 of the new draft RTS on CSD Requirements) needed to be extended to any member of the user committee, rather than only to settlement internalisers, with regard to the fact that any of the user committee may be subject to actual or potential conflict of interest. ESMA has considered this argument favourably and deleted the reference to internalisers in that context: all members are now considered.

25 3.8 Record Keeping (Article 29) Article 29 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the details of the records on the CSD services and activities to be retained by CSDs for the purpose of monitoring the compliance of CSDs with the provisions of CSDR, and draft implementing technical standards to establish the format of those records. 99. Under Article 29 of CSDR, ESMA is required to specify the details of the records on the CSD services and activities to be retained by CSDs for the purpose of monitoring the compliance of CSDs with the provisions of CSDR, as well as the format of those records. Delaying the implementation of record keeping requirements 100. The majority of respondents mentioned that the recordkeeping requirements cannot realistically be implemented by the time CSDs obtain their authorisation, i.e. towards the end of 2016. The majority of the reasons why this is the case relate to the transaction and status codes being proposed by ESMA. As a result, and given that many records are related to compliance with the settlement discipline rules of the CSDR, respondents recommended that the timeline for implementing the technical standards on recordkeeping be aligned with the timeline for implementing the technical standards on settlement discipline. In other words, compliance with both sets of requirements should only be enforced after a transition period of at least 24 months following publication of the relevant technical standards. 101. Having regard to the arguments presented by the respondents, ESMA proposes that the record keeping requirements related to settlement discipline should become applicable from the date of entry into force of the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014, which, according to ESMA’s proposal based on the evidence put forth by the industry should be 24 months following the publication of the technical standards in the Official Journal. ESMA believes the application of the rest of the record keeping requirements should not be delayed, as they are essential for the initial authorisation of CSDs and for competent authorities to properly monitor the activity of CSDs (see Article 94 of the new draft RTS on CSD Requirements). Recalibrating the standards

26 102. Respondents proposed certain actions to ‘recalibrate the standards’. These included: (a) allowing CSDs to keep records in current format and, if a certain format is mandated in the technical standards for the purpose of regulatory reporting, ensure that this format is compatible with global ISO standards; (b) only requiring CSDs to maintain records that they need to provide services; (c) not confusing CSD records with data that CSDs must maintain for their business continuity policy; (d) refraining from imposing record keeping requirements in a retroactive way, so only records maintained by CSDs after they have been authorised under the CSDR - and after the record keeping requirements have entered into effect - are assessed against the new requirements; 103. Respondents have highlighted that a number of CSDR proposals for reporting are not aligned with ISO standards. 104. Respondents have fed back on a number of other areas, for example the need for harmonised market practice in the EU for populating a transaction type field, clarification of the difference between “custody related operations” and “corporate actions”, more guidance on settlement instruction statuses with regard to the presentation of the record keeping fields, the importance of ESMA not introducing “unnecessary codes”. 105. Having regard to the CP feedback, ESMA has amended the draft RTS and ITS on record keeping by aligning the proposed requirements with ISO standards. The requirements should only apply depending on the services that a CSD provides and they should not apply retroactively. Use of LEIs 106. It has been stated in responses to the CP that requiring CSDs to report either a BIC or an LEI for issuers creates multiple problems, particularly as, according to respondents, there is no way the CSD can force an issuer to obtain such identification information, further aggravated by non-EU issuers.

27 107. ESMA’s approach allowing CSDs to use BICs in their day-to-day processing was welcome. However, in order to provide LEIs for the purpose of regulatory reporting, CSDs will have to develop and maintain system functionalities to allow for the conversion of processing data using BICs to reporting data using LEIs. Such functionalities will be costly and complex to develop. In particular, given that an LEI might be linked to more than one BIC, the conversion mechanism will often require, not just a list of BIC and LEI codes, but also CSDs’ own client identifiers (proprietary codes), in order to enable the conversion. Taking such constraints into account as well as the fact that not all CSD participants have yet obtained an LEI, there was a call from CP respondents that CSDs should be allowed by ESMA to continue to use BICs in their regulatory reports during an appropriate transition phase of at least 24 months. 108. Respondents referred to the identifiers for account holders in direct holding markets and the need for the requirements to show consideration for the requirements of these markets. Respondents suggested that ESMA should recognise national identifiers currently used by CSDs to identify natural persons who are account holders. The respondents recognised the challenges for a legal person to use a BIC or LEI, as many businesses recorded as account holders in CSDs are not banks. The respondents highlighted potential enforcement problems that may arise when such account holders are unable to provide either a BIC or an LEI. Suggested adjustments to the ITS were proposed accordingly. 109. ESMA believes that, in order to ensure consistency, including amongst requirements under different EU Regulations such as EMIR, MIFIR/MIFID2, legal entities should be identified by a unique code. ESMA believes that to carry out their duties effectively and consistently, the authorities referred to in Article 29(2) of CSDR should be provided with data that is comparable among CSDs. The use of common formats also facilitates post￾trading integration and the communication processes between CSDs and their participants based on an integrated technical environment. The use of common formats across different financial market infrastructures facilitates the greater use of these formats by a wide variety of market participants, thus promoting standardisation. ESMA believes that standardised procedures and data formats across CSDs reduce the costs for market participants and facilitate the tasks of supervisors and regulators. 110. At the same time, ESMA acknowledges the specifics of direct securities holding markets and the need for the requirements to show consideration for the requirements of these markets, given that, if the requirement to use LEIs were to include all account holders at these CSDs, this could encompass several hundred thousand companies most of which would be non-financials. Therefore, ESMA proposes that account holders in direct holding markets and participants’ clients may continue to be identified by national identifiers, where available, while CSD participants both in direct securities holding markets and in indirect holding markets should be identified by LEIs.

28 Record keeping for business continuity purposes 111. There was general agreement with Article 8 of the draft RTS presented in the CP and its requirements in line with CSD recordkeeping. However there was disagreement from respondents around the reference in the article regarding business continuity. Respondents felt that to avoid unnecessary confusion between legal records and business continuity planning it would be prudent to remove the reference to “business continuity purposes” from Article 8(1) of the draft RTS presented in the CP. 112. Having regard to the CP feedback, ESMA has amended the requirements so that they specify that a CSD should maintain full and accurate records of all its activities in all situations, including during disruption events when the business continuity policy and disaster recovery plans are activated, and that such records should be readily accessible (see Article 53 of the new draft RTS on CSD Requirements). Direct data feeds to the competent authority 113. Respondents proposed that technical standards should not include a requirement for CSDs to provide direct data feeds to their competent authority upon request. 114. ESMA considers that this data feed could be essential for certain competent authorities to perform their duties. Therefore, CSDs should provide their competent authorities with a direct data feed to transactions, settlement instructions, and position records referred when requested by the competent authority, provided that the CSD is given sufficient time to implement the necessary facility to respond to such a request. Records on buy-ins 115. With regard to the buy-in records, there was a call that CSDs should be expected to maintain the information received as part of client instructions, and that they should be based on the final requirements on buy-ins. 116. In order to be able to assess the impact of the buy-in process on settlement efficiency, and to adequately tailor the measures that a CSD may take to improve settlement efficiency, ESMA considers that the CSD should at least have information on: (a) the final results of the buy-in process on the last business day of the deferral period at the latest (including the number and value of the bought-in financial instruments if the buy-in is successful); (b) if applicable, payment of cash compensation (including the amount of the cash compensation); (c) if applicable, cancellation of the initial settlement instruction.

29 This information should be transmitted by trading venues, CCPs and CSD participants to the CSD (depending on the details of the buy-in process). Position records 117. Respondents stated that there was a need for the relevant rules on information about issuers to be interpreted flexibly due to the fact that issuers are not always CSD clients, suggesting CSDs should only be expected to maintain this information when it is available. 118. ESMA believes that information on the Issuer CSD is important to enable the application of other substantial requirements such as the ones on reconciliation measures. 119. Some respondents mentioned the difficulties CSDs have in distinguishing whether a participant account is an “own account”, an omnibus account or an individually segregated account. 120. ESMA considers the information on the types of accounts is important for the implementation Article 38 of CSDR, according to which the CSD and its participants have to distinguish between the types of accounts in order to be able to apply the levels of protection and costs associated with the different levels of segregation that they provide. Ancillary services records 121. With regard to records that CSDs need to obtain for ancillary services, respondents agreed with the proposal that CSDs should keep standardised records for ancillary services. However some respondents mentioned that the formulation of Article 11(1) of the draft RTS presented in the CP was too restrictive and did not take into account the fact that the information items contained in the Annex of the draft RTS would not always be available. Respondents called for increased flexibility to ensure CSDs can comply with the record keeping requirements for ancillary services. In particular it was implied that the phrase “in particular” needed to be removed from Article 11(1) to show recognition of the different depths of services offered by CSDs in each category of ancillary services. In addition it was proposed that due to the diversity of CSD business models, each CSD should agree with the CA which records need to be kept for the CSD to operate in the EU, based on the activities they conduct.

30 122. While recognising the importance of achieving harmonisation, ESMA also acknowledges the diversity of CSD business models the different depths of services offered by CSDs in each category of ancillary services. Therefore, apart from the main categories of records included in the technical standards, ESMA proposes that a CSD should keep additional records requested by the competent authority for the purpose of enabling the competent authority to monitor compliance of the CSD with the CSDR (see Article 56 of the new draft RTS on CSD Requirements). 3.9 Reconciliation Measures (Article 37) Article 37 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the reconciliation measures a CSD is to take in order to ensure the integrity of the issue. 123. Under Article 37 of CSDR, ESMA is required to specify the reconciliation measures a CSD is to take in order to ensure the integrity of the issue. 124. ESMA believes that the preservation of the rights of issuers and investors is essential for the orderly functioning of a securities market. Therefore, ESMA considers that a CSD should employ appropriate rules, procedures, and controls to prevent the unauthorised creation or deletion of securities, and conduct at least daily reconciliation of the securities issues that it maintains. A CSD should, in particular, maintain robust accounting practices and perform auditing to verify that its records are accurate, and that its reconciliation measures as well as the cooperation and information exchange measures in connection to reconciliation are adequate. General reconciliation measures 125. The respondents agreed with the importance of solid reconciliation procedures with a view of ensuring the integrity of the issue. They were generally supportive of reconciliation measures proposed by ESMA but provided their comments on several aspects of the draft RTS. Extra reconciliation measure comparing the previous end of day balance with all settlements made during the day and the current end-of-day balance

31 126. Respondents were generally supportive of the proposed reconciliation measure which required comparing the previous end of day balance with all settlements made during the day and the current end of day balance. One respondent asked to recognise that some CSDs go further than this and reconcile multiple times a day. This respondent asked to clarify that the proposed requirement was a minimum and CSDs would be allowed to continue their current practice of more frequent reconciliation. 127. Two respondents expressed their doubts about the need for a second reconciliation process. They stated that this was not meaningful in the scope of T2S if the settlement platform did not do it itself. 128. ESMA believes that, in order to ensure the integrity of the issue, a CSD should compare the previous end-of-day balance with all the settlements made during the day and the current end-of-day balance for each securities issue and securities account centrally or not centrally maintained by the CSD. Suspension of settlement in a securities issue where undue creation or deletion of securities was detected 129. Respondents agreed that any reconciliation issue should be resolved as quickly as possible. However, they admitted that in certain cases it may take days before an identified failure is resolved. 130. All respondents agreed that ensuring the integrity of the issue was an essential role of CSDs. However, the majority of respondents suggested that ESMA’s proposal to suspend settlement in a securities issue where the reconciliation process revealed an undue creation or deletion of securities could be an excessive measure in some instances. 131. Some respondents noted that the requirement could be disproportionate in the case of minor reconciliation errors (e.g. if the securities unduly created or deleted represented a very small fraction of a total issue and only affect very few investors). They thought that suspension of settlement could generate more market disruption leading to more settlement fails and suggested giving more flexibility for CSDs to initiate their discretion in such cases. One respondent suggested that the suspension should be at the discretion of the competent authority after reference by the CSD. 132. One respondent proposed to require suspension of settlement only where a CSD performs the notary and/or central maintenance service.

32 133. Another respondent stated that legal regimes in certain member states ensured that discrepancy in reconciliation did not result in the loss or creation of financial instruments. One more respondent noted that legal concepts should be in place in the member states to ensure that a discrepancy in the reconciliation does not result in the loss or creation of financial instruments. 134. Other respondents agreed with ESMA’s proposed approach and believed that preventing settlement in a securities issue until reconciliation problems have been fixed was appropriate. Respondents stressed the importance to ring-fence any breaks and contain the risk to ensure that a discrepancy did not become unmanageable and the breaks became further blurred by new activity, especially in periods of market or participant stress. 135. Given that ensuring the integrity of the issue is an essential role of CSDs, ESMA considers that a CSD should analyse any mismatches and inconsistencies resulting from the reconciliation process and endeavour to solve them before the beginning of settlement on the following business day. Where the reconciliation process reveals an undue creation or deletion of securities, and the CSD fails to solve this problem till the end of the following business day, the CSD should suspend the securities issue for settlement until the undue creation or deletion of securities has been remedied, in order to ring-fence the break and contain the risk to ensure that such an important discrepancy does not become unmanageable. Information about reconciliation problems and suspension of settlement in a securities issue 136. Two respondents suggested that issuers and issuer agents should also be informed about any undue creation or deletion of securities and suspension of securities issue from settlement under Article 17 of the draft RTS presented in the CP. 137. One respondent requested more clarity on how the procedure of suspension would work, for example, how participants, competent authorities and other potential interested parties would be informed, and suggested creating a standard between CSDs. 138. One respondent CSD suggested that in the case of suspension, CSDs would be obliged to inform only CAs who would then pass the information on to the corresponding relevant authorities.

33 139. ESMA believes that where the reconciliation process reveals an undue creation or deletion of securities, and the CSD fails to solve this problem till the end of the following business day, the CSD should suspend the securities issue for settlement until the undue creation or deletion of securities has been remedied. ESMA considers that even a small fraction affecting a few investors matters in the case of serious reconciliation errors such as undue creation or deletion of securities. 140. Having regard to the CP feedback, ESMA proposes that, in the event of suspension of the settlement, the CSD shall inform without undue delay its participants, competent authority, relevant authorities and all other entities involved in the reconciliation process (see Article 65 of the draft RTS on CSD Requirements). Double-entry accounting 141. The majority of respondents supported the proposal to require CSDs to use double￾entry accounting. One respondent mentioned that from an operational perspective double-entry was functional to the soundness of reconciliation procedure but could not be considered sufficient to ensure the integrity of the issue according to domestic regulation. 142. Two respondents asked to clarify the meaning and requirements of double-entry requirements. They suggested that there could be some circumstances where double￾entry processing was not appropriate or possible. 143. In order to ensure clarity and a consistent application of the concept, ESMA proposes a definition of ‘double-entry accounting’, according to which for each credit entry made on a securities account maintained by a CSD, centrally or not centrally, there is a corresponding debit entry on another securities account maintained by the same CSD. Relation with settlement discipline 144. One respondent asked to ensure that securities suspended from settlement should also be excluded from any settlement discipline regime during the suspension period. 145. ESMA agrees that where a securities issue is suspended from settlement, the settlement discipline measures should not apply in relation to that securities issue for the period of suspension. Reconciliation with other entities

34 146. All the respondent CSDs advocate that the obligation for CSDs to reconcile with other institutions should only apply when the CSD provides the central maintenance service for that issue, and not when the CSD holds the securities through a CSD link or when the CSD is a mere intermediary (typically for certain international funds kept by transfer agents). One respondent stresses that in the latter case, requiring daily reconciliation would require the CSD to remove several thousands of investment funds from its service and that such changes should happen through AIFMD or UCITS. Further, it argues that the CSD is not in a position to impose automated daily reconciliation processes on the transfer agents who are not necessarily automated and not covered by CSDR. 147. ESMA believes that, in order to effectively ensure the integrity of the issue, the reconciliation measures referred to in Article 37 of CSDR should apply to all CSDs regardless of whether or not they provide the notary and/or central maintenance services referred to in CSDR in relation to the respective securities issue. 148. One respondent even though it found the reconciliation measures adequate, was doubtful that they could be imposed to third parties that might be in control of the issuance records (registrars, transfer agents etc.), especially if those parties were established outside the EU. Hence, ESMA should consider introducing incentives to force all parties involved in the maintenance of issuance records to adopt the targeted standards. 149. One respondent argued that the requirement for CSD participants to reconcile their records with the CSD was outside of mandate. 150. ESMA considers that the list of entities that may be involved in the reconciliation process under Article 37(2) of CSDR is open and, given the role of CSD participants in the holding chains, as well as in the context of CSD links, ESMA believes it is important for CSD participants to reconcile their records with the CSD in order to ensure the integrity of the issue across holding chains. 151. As regards frequency of reconciliation, only a couple of respondents commented on it and they agreed with the proposed measures, but find that a full reconciliation is too frequent and with the potential to impede critical events such as CSD upgrades, market changes and large Corporate Actions. One respondent argues that the CAs or individual member states should be allowed to decide the frequency. 152. ESMA considers that the frequency of the reconciliation measures is specified in the Level 1 (i.e. daily).

35 153. The respondents who have commented on Article 16(5) of the draft RTS presented in the CP read it as obliging the CSDs to provide information directly to all holders of securities accounts on a daily basis, whether the account holders want the information or not, and advocate that this information should only be provided to the participants (and not the account holders and account operators). One respondent also adds that it is not the responsibility of the CSD to define information flows between the account operators and the account holders, and another respondent is concerned that there might be no direct communication channels between CSDs and account holders. One respondent argues that Article 43 of MiFID only requires other account providers to send an annual statement. 154. ESMA considers that, if necessary for the reconciliation of their own records with the records of the CSD, other holders of securities accounts maintained by the CSD, centrally or not centrally, are entitled to receive, on request: (a) the aggregated balance of a securities account at the beginning of the respective business day; (b) the individual transfers of securities in or from a securities account during the respective business day; (c) the aggregated balance of a securities account at the end of the respective business day. At the same time, ESMA proposes that, upon the CSD’s request, its participants, other holders of accounts in the CSD and the account operators should provide the CSD with the information that the CSD deems necessary to ensure the integrity of the issue, in particular to solve any reconciliation problems (see Article 64(4) of the new draft RTS on CSD Requirements). Reconciliation measures for corporate actions 155. Several respondents suggested a minor reformulation of Article 15 of the draft RTS, to make clear that corporate actions are initiated by issuers and processed by CSDs. 156. Several groups of stakeholders, supported by individual stakeholders suggested a more extensive reformulation of Article 15 of the draft RTS presented in the CP. These respondents raised the concern of a deviation from the Market Standards for Corporate Action Processing (prepared by the Corporate Actions Joint Working Group – CAJWG – that encompasses the main relevant constituencies, i.e. issuers, market infrastructures and intermediaries) and the T2S Corporate Actions Standards. More precisely, they were under the impression that:

36 • Article 15 (1) could be interpreted as requiring that corporate actions bookings be effected only at the end of a T2S settlement day, thereby prohibiting booking at the start of a settlement day; and • Article 15 (2) may have the effect of delaying the start of settlement in a security that is subject to a corporate action. Having regard to the CP feedback, ESMA has clarified that a CSD should determine the entitlements to the proceeds of a corporate action on stock that would change the balance of securities accounts maintained by the CSD, centrally or not centrally, based on reconciled accounts. In addition, when a corporate action has been processed, a CSD should ensure that all securities accounts maintained by the CSD, centrally or not centrally, are updated correctly (see Article 60 of the new draft RTS on CSD Requirements). 3.10Operational Risk (Article 45) Article 45 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the operational risks and the methods to test, to address or to minimise those risks, including the business continuity policies and disaster recovery plans and the methods of assessment thereof. 157. ESMA received 12 responses to the question on operational risks, the key issues are outlined below. 158. Two respondents stated that there should be a restriction on the scope of Article 20 to critical service providers upon which CSDs rely for the continuous operation of core services. ESMA has followed this suggestion. 159. One respondent said that the responsibility for outsourcing approval according to Article 20(3) should apply to the entity that was contracted by the CSD and not any subcontracted third entities and so forth. The respondent argued that it would be unworkable to have approval for outsourcing of any material elements. It referred to the example of one network provider using a third party to provide communication lines, indicating that the contract is between them, whereas the SLA sits between the CSD and its direct provider. Although ESMA agrees with this concern from a commercial practice perspective, it also finds that the risks of cascading are still there and cannot be ignored. This means that solutions need to be found by CSDs to ensure that their risk profile (including the exposure of their participants and clients) is properly managed and covered (see Article 68 of the new draft RTS on CSD Requirements).

37 160. Multiple respondents provided feedback on provisions for alternative providers, proposing to remove Article 21(2) of the proposed RTS entirely. The respondents inferred that providers like Central Banks, SWIFT, T2S, dedicated IT companies etc. will be subject to operational risk requirements Article 21(2) and that there is no benefit to the CSD in just receiving the information of the provider, without also receiving further insight on the information. Similarly to the previous point, although ESMA agrees with this concern from a commercial practice perspective, it also finds that the risks of a provider cease to exist, stop providing a relevant service or degrade its service levels cannot be ignored. This means that solutions need to be found by CSDs to ensure that their risk profile (including the exposure of their participants and clients) is properly managed and covered and this may also mean considering alternative providers, to ensure business continuity (see Article 69 of the new draft RTS on CSD Requirements). 161. One respondent felt the Chief Risk Officer’s role should be “to monitor” operational risks instead of “being responsible for” the risks (Article 24 of the drat RTS on CSD Requirements presented in the CP – now Article 72 of the new draft RTS on CSD Requirements). Additionally other amendments concerning the wording of this article were proposed. ESMA has fine-tuned the draft, specifying that a CSD’s operational risk function shall: (a) develop strategies, policies and procedures to identify, measure, monitor and report on operational risks; (b) develop procedures to control and manage operational risks, including by introducing any necessary adjustments in the operational risk management system; (c) ensure that the strategies, policies and procedures referred to in points (a) and (b) are properly implemented. 162. Some respondents to the CP expressed doubts concerning the compatibility of IT￾audit rules included in Article 25 of the draft RTS presented in the CP with the IT-audit rules on T2S as per Article 26 of the T2S Framework Agreement between the CSDs and T2S. Additionally one respondent noted that Article 45 was not relevant for T2S. ESMA has, in cooperation with the ESCB, reviewed these provisions and is content with the compatibility levels, although it agrees that the implementation of the requirements needs to be planned and cooperation arrangements exist for that matter (see Article 75 of the new draft RTS on CSD Requirements). 163. As regards IT audits), one respondent stated that these are only appropriate for the core IT systems linked to the provision of core services by a CSD and a number of respondents felt this review should not be more frequent than annual. ESMA followed these suggestions and limits the requirements to a minimum periodicity of one year and to the core services (see Article 75 of the new draft RTS on CSD Requirements).

38 164. A number of respondents to the CP suggested rewording Article 28 of the draft RTS presented in the CP to clarify that the elements under (a) to (e) are “required” under a CSD’s business continuity policy and based on impact, not causes. The respondents suggested that the current wording infers that the policy document should include those elements, which are typically documented separately. ESMA agrees that impact is the key item to consider (see Article 76 and Article 77 of the new draft RTS on CSD Requirements). 165. Many respondents implied that the basic-indicator-approach (BIA) was too prescriptive, more than the CCP RTS. ESMA followed the mandate under CSDR, which is more detailed than under EMIR (the CCP mandate regards “minimum content and requirements of the business continuity policy and of the disaster recovery plan” whereas the CSD one includes “operational risks referred to in paragraphs 1 and 6 and the methods to test, to address or to minimise those risks, including the business continuity policies and disaster recovery plans referred to in paragraphs 3 and 4 and the methods of assessment thereof”). ESMA also took into account the particular risk profile of CSDs, which is indeed different from that of CCPs. 166. One respondent felt that it cannot be expected that CSDs are subject to such strict legal requirements in all circumstances (e.g. cyber-attacks) as prescribed in in Article 28(3) of the draft RTS on CSD Requirements presented in the CP. ESMA understands this concern, because of the potential negative impacts on financial markets if the resumption of the CSD activities is premature. CSD operations should only restart in a safe environment, rather than jeopardise the integrity of the securities issues or the confidentiality of the data maintained by the CSD. ESMA proposes that the recovery time objective for each critical function should in no case be longer than two hours. Backup systems should, however, commence processing without undue delay unless this would jeopardise the integrity of the securities issues or the confidentiality of the data maintained by the CSD. A CSD should ensure that two hours from a disruption, it should be capable of resuming its critical functions (see Article 78(2) of the new draft RTS on CSD Requirements). 167. A number of respondents felt that the timeframe-exception of the two-hour rule within the Disaster Recovery Planning (Article 30(1)(c) of the draft RTS on CSD Requirements presented in the CP) should not only apply for cyber-attacks but also for terrorist attacks and pandemic situations. Multiple respondents felt that there was a contradiction between Article 30(1) (2 hours maximum recovery time/ downtime of critical functions) and Article 30(2) of the proposed RTS (critical functions shall be resumed within maximum 12 hours). The respondents generally suggested removing the reference to a maximum of 12 hours and sticking to a 2-hour-limit. ESMA agrees, see the paragraph above (see Article 78 of the new draft RTS on CSD Requirements).

39 168. Several respondents argued that Article 33 of the draft RTS presented in the CP should be reformulated to leave some flexibility for the CSD not to notify routine or insignificant tests to the competent authority. Respondents inferred that this provision could potentially result in more than a hundred notifications each year per CSD, only a few of which might be truly meaningful for a supervisor. ESMA agreed and has deleted this provision. 169. With regard to external parties, Article 31(c) of the draft RTS presented in the CP requires CSDs to involve external parties in testing their business continuity management arrangements. This provision received comments from some respondents. Respondents inferred that CSDs have limited means to enforce participation, unless this could be contractually agreed or enforced by regulation. Such requirements would generate multiple multi-lateral tests each year. Instead, industry￾wide tests should be organised by regulators or market associations. Alternatively, common infrastructure resources such as T2S could carry out these testing procedures. ESMA understands these concerns but it is also limited by the CSDR mandate. Article 45 requires, for instance, that “A CSD shall identify sources of operational risk, both internal and external, and minimise their impact through the deployment of appropriate IT tools, controls and procedures” and the “business continuity policy and disaster recovery plan to ensure the preservation of its services, the timely recovery of operations and the fulfilment of the CSD’s obligations in the case of events that pose a significant risk of disrupting operations” also depend on proper arrangements with third parties. More importantly CSD requires that “A CSD shall identify, monitor and manage the risks that key participants in the securities settlement systems it operates, as well as service and utility providers, and other CSDs or other market infrastructures might pose to its operations”. Finally, and also following international practice and the CPMI-IOSCO PFMIs (notably PFMI 17, explanatory note 3.17.6), ESMA believes reasonable to keep the requirement to involve more entities than CSD participants. It is likely that this is already foreseen or will be foreseen in CSDs contractual arrangements with other parties. If the external parties to a CSD are not in a position to effectively enter and operate such arrangements, the CSD should not be expected to establish or keep a relationship with such entities since they might negatively affect the risk profile of the CSD (see Article 79 of the new draft RTS on CSD Requirements). 3.11CSD Investment Policy (Article 46) Article 46 CSDR ESMA shall, in close cooperation with EBA and the members of the ESCB, develop draft regulatory technical standards specifying the financial instruments that can be considered to be highly liquid with minimal market and credit risk as referred to in paragraph 3, the appropriate timeframe for access to assets referred to in paragraph 2 and the concentration limits as referred to in paragraph 5. Such draft regulatory technical standards shall, where

40 appropriate, be aligned to the regulatory technical standards adopted in accordance with Article 47(8) of Regulation (EU) No 648/2012. 170. Under the investment policy draft RTS presented in the CP, ESMA had proposed: (a) a number of elements according to which financial instruments may be considered as highly liquid with minimal market and credit risk and hence investable by a CSD; (b) the appropriate timeframe for access to assets; and (c) the concentration limits in order to avoid that a CSD is over-exposed to custodians holding the CSD own assets. ESMA’s approach was to follow similar conditions applicable to highly liquid financial instruments as listed in the RTS for CCPs under EMIR, as required under CSDR, and do not discriminate between CSDs that are banks and CSDs that are not. CSD Portfolio 171. Respondents commented upon the maturity of a CSDs portfolio. A number of respondents expressed concerns about the proposed average two year time-to-maturity of a CSD’s portfolio. They argued that for instruments with minimal market or credit risk there was no visible correlation between their liquidity and time-to-maturity. Multiple respondents suggested extending average time-to-maturity of a CSD’s portfolio to 5 years, with the maximum time-to-maturity no longer than 11 years. Another respondent suggested that CSDs could advise their CAs of an exemption to this rule and the reason thereof in case of extreme market circumstances. 172. Two respondents suggested that the requirement on average time to maturity would mean that in the present low income environment CSDs would have to invest in instruments with a negative yield. Therefore, their capital could be eroded. One respondent stated that portfolio diversification including instruments with longer time-to￾maturity could be more beneficial for CSDs than a concentration of positions exclusively on short-term instruments. ESMA agrees that maturity is a poor indicator of performance although a longer maturity may represent more risk; the key factors will always be the issuer and the actual product terms, of which maturity is only one. Following the rationale of the stakeholders’ views as described above, the maturity requirement was deleted. ESMA also considers that in this case it is appropriate to depart from the CCP requirements considering the different risk profile of the activity performed by CCPs and CSDs and the different ways to manage those risks.

41 Use of derivatives 173. With regard to the use of derivatives, respondents generally appreciated ESMA’s proposal to allow the use of derivatives for the purposes of hedging currency risk. However, a number of respondents suggested extending the scope of the provision to include the possibility to use derivatives to hedge against interest rate risks. One respondent suggested that derivatives should be allowed for the purposes of reducing liquidity and counterparty risks, instead of currency risk, as was proposed by ESMA. This respondent proposed to take into account different risk set ups between CCPs and CSDs, whose investments were rather long-term and not needed for the day-to-day operations. The respondent noted that some markets did not allow for secure investments and the number of counterparties was limited. As such, excess funds needed to be swapped into different markets in order to avoid concentration risks. ESMA better understands the need to enter such derivatives. However, it is still convinced of the risks that they might entailed and therefore the need to limit the cases in which they can be used to very limited and well defined circumstances. For this reason, this type of derivatives could be allowed only if the following conditions are met: (a) they are entered into for the purpose of hedging currency risk arising from the settlement in more than one currency in the securities settlement system operated by the CSD or interest rate risk that may affect CSD assets and, in both cases, qualify as a hedging contract pursuant to International Financial Reporting Standards (IFRS) adopted in accordance with Article 3 of Regulation (EC) No 1606/2002; (b) reliable price data is published on a regular basis for those derivative contracts; (c) they are concluded for the specific period of time necessary to reduce the currency or interest rate risk to which the CSD is exposed. (see Article 81(2) of the new draft RTS on CSD Requirements). 174. One respondent disagreed with the proposal to consult the user committee before the management body can approve CSD’s policy for the use of derivatives contracts. They argued that this was not in line with the functions of the user committee envisaged in CSDR. They argued that the use of derivatives had no impact on CSDs participant operations with reference to the service provided. This reference was deleted.

42 Access to investments 175. With regard to the timeframe around accessing securities, a number of respondents considered the requirements in Article 35(5) of the draft RTS presented in the CP to be too conservative. These respondents argued that CSDs, unlike CCPs, did not guarantee the performance of settlement with their own assets. They suggested that there was no need to have access to all assets within the day even in extreme situations, such as the liquidation of the CSD's activities. A number of respondents believed that a 3-day liquidation period was more appropriate than ESMA’s proposal to be able to access and liquidate assets on the next business day. One respondent argued that the requirement for CSDs to have access to funds the next day was not harmonised with T+2 settlement cycle. ESMA agrees that there is a key difference between the access timeline and the liquidation period and the mandate and rule as amended focus on the timeframe for access rather than the liquidation period. The CSD should be capable of accessing its own securities on the same business day when a decision to liquidate such securities is taken (see Article 82 of the new draft RTS on CSD Requirements). 176. One respondent thought that taking into account only securities sales in Article 35(5) of the draft RTS on CSD Requirements presented in the CP was too restrictive and proposed ESMA to consider the generation of liquidity through repo transactions. ESMA’s view is that it would not be appropriate to mandate or suggest the use of repo in legislation and that this is an option that should be left to the market, without prejudice of taking into account all risk management rules. 177. Responses to the CP related to the timeframe to access cash were generally supportive of ESMA’s proposals to set a clear timeframe for access to cash assets to manage a CSD’s liquidity risk. However, some respondents believed that the requirement to be able to have ‘immediate’ access to cash assets was too conservative and should be replaced by a requirement to have ‘swift’ access or deleted entirely. One respondent suggested that the requirement of immediate and unconditional access exceeded the Level 1 requirement of ‘prompt access’. ESMA believes that the requirement for cash is reasonable, given they are the most liquid assets, and has thus kept this requirement.

43 178. One respondent proposed the inclusion of a definition of cash assets in the RTS, to ensure that the requirement would apply only to cash accounts which the CSD holds for investment purposes. The respondent believed that the definition should not include operational cash accounts that a CSD would hold with a payment bank for the purposes of facilitating a settlement of securities or CSD's regular payment accounts, e.g. payroll accounts. Additionally this respondent requested more clarity around the requirement to have immediate access to cash assets and what this meant for credit institutions returning cash to a CSD. The respondent stated that this would pose significant operational difficulties and proposed the timeframe be aligned to the timeframe for securities in Article 35(5) of the draft RTS on CSD Requirements presented in the CP. As under the previous point, ESMA’s view is that the regime for cash is the adequate one given these assets being the most liquid. ESMA thus requires immediate and unconditional access to cash assets. 179. One respondent also noted that the intended meaning of ‘unconditional access’ needed further clarity. The respondent suggested that the requirement should not mean that credit institutions with whom deposits are maintained may not have set-off or other security rights over the cash received (including those that may arise as a matter of local insolvency or other law). It was argued that such an interpretation would prevent credit institutions from putting in place basic risk management techniques which would expose them to significantly higher risks and costs in providing these accounts. ESMA understands these commercial practice concerns but believes that risk management and the higher standards that CSDs need to follow should not be dependent on certain legal gaps, particularly outside the EU. Instead, the CSD should only deposit its cash and securities in jurisdictions that enable unconditional access to assets. 180. Responses were received from two respondents relating to the requirement to hold assets in segregated accounts. The respondents suggested that holding CSD assets in a segregated account at a CSD level was not always possible due to legal, regulatory or operational constraints imposed by the local infrastructure to the CSD (some non-EU countries do not support this model). They also argued that segregation did not automatically translate into higher level of asset protection whereas it imposed additional set-up and operating costs to CSDs. Given the mandate constraints highlighted by the European Commission, ESMA has deleted the requirement on the use of segregated accounts. However, ESMA specified that specific procedures need to be in place to prove that access can actually be ensured within the specified timeframe.

44 Concentration Limits 181. Respondents generally agreed with proposed Article 37 on concentration limits of the draft RTS on CSD Requirements presented in the CP. However, it was mentioned by several respondents that CSDs might decide to use their own infrastructure to keep their own assets, as this eliminates custody risk. The respondents felt that the criterion of geographical diversification, while generally important, should not be used to force CSDs to increase their custody network when this results in more costs, risks and complexity. Similarly to the previous points, ESMA understands these commercial practice concerns but believes that risk management and the higher standards that CSDs need to follow should not be dependent nor follow a race to the bottom approach – costs are perfectly understandable but they cannot justify a degradation of the CSD risk profile. CSDs should ensure a custody network that enables safe holding of the CSD assets. 182. One respondent argued that Article 37 of the draft RTS on CSD Requirements presented in the CP set an approach to limit concentration in too much detail. This respondent suggested that in specific markets or regions, there could only be one infrastructure available in which to hold its financial assets (very often the local CSD). Similarly to the previous points, ESMA understands these commercial practice concerns but believes that risk management and the higher standards that CSDs need to follow should not be dependent on the inefficiencies of local markets – the CSD should only rely also on other jurisdictions where alternative providers are available, to ensure asset protection (see Article 83 of the new draft RTS on CSD Requirements).

45 3.12Article CSD Links (Article 48) Article 48 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the conditions provided for in paragraph 3 of Article 48 of CSDR under which each type of link arrangement provides for adequate protection of the linked CSDs and of their participants, in particular where a CSD intends to participate in the securities settlement system operated by another CSD, the monitoring and managing of additional risks referred to in paragraph 5 of Article 48 arising from the use of intermediaries, the reconciliation methods referred to in paragraph 6 of Article 48, the cases where DVP settlement through CSD links is practical and feasible as provided for in paragraph 7 of Article 48 and the methods of assessment thereof. 183. Under Article 48, ESMA is required to specify the conditions provided for in paragraph 3 of Article 48 of CSDR under which each type of link arrangement provides for adequate protection of the linked CSDs and of their participants, in particular where a CSD intends to participate in the securities settlement system operated by another CSD, the monitoring and managing of additional risks referred to in paragraph 5 of Article 48 arising from the use of intermediaries, the reconciliation methods referred to in paragraph 6 of Article 48, the cases where DVP settlement through CSD links is practical and feasible as provided for in paragraph 7 of Article 48 and the methods of assessment thereof. Conditions for the adequate protection of linked CSDs and of their participants 184. A number of the CP’s respondents felt the drafting of Article 4(1)(d) of the draft RTS on CSD Requirements presented in the CP was too restrictive and could result in the termination of many links with non-EU CSDs, particularly regarding asset protection requirements for third country CSDs. One respondent felt third country CSDs local rules and regulations may not always provide a comparable level of asset protection. This respondent felt ESMA needed to recognise potential deviations in protection requirements, requesting CSDs to inform their participants on relevant asset protection frameworks if they offer access to a third country CSD. 185. Many respondents felt the drafting of Article 4(1)(f) of the draft RTS on CSD Requirements presented in the CP would prevent DvP links in commercial bank money for CSDs without banking licenses. 186. One respondent stated that the emergency plans for links in Article 4(1)(h) of the draft RTS on CSD Requirements presented in the CP should not be a standalone document, and should form an integral part of a CSD’s business continuity plans.

46 187. Several respondents felt that the terms and conditions to be communicated to CSD participants according to Article 4(1)(d) of the draft RTS on CSD Requirements presented in the CP should not include elements regarded as commercial (e.g. fees and prices). 188. There were a number of responses related to the requirement for requesting CSDs to conduct analysis of receiving CSD’s overall soundness, reliability and governance arrangements. The responses suggested the requesting CSD should be allowed to rely on the regulatory authorisation of the receiving CSD under CSDR. 189. ESMA has amended the draft technical standards by taking into account the CP comments mentioned above, while maintaining a standard ensuring an adequate level of protection of linked CSDs and their participants (see Article 84 of the new draft RTS on CSD Requirements). Interoperable links 190. Some respondents to the CP implied that CSDs with an interoperable link should not have to build and run a common IT interface and common communication structures for the transmission of instructions. It was suggested that the benefits of following the requirement were unclear, and the costs would be high for CSDs and participants. 191. One respondent referred to potential difficulties in achieving common operating hours due to time differences and the fact that not all settlement batches need to be synchronized in the requirements for interoperable links. 192. ESMA acknowledges the CP input according to which interoperable links do not need to have a common IT interface and common communication structures for the transmission of instructions. Therefore ESMA proposes that an interoperable link should be established and maintained under the following conditions: (a) the linked CSDs shall agree on equivalent standards concerning reconciliation, opening hours for the processing of the settlement and of corporate actions and cut-off times; (b) the linked CSDs shall establish equivalent procedures and mechanisms for transmission of settlement instructions to ensure a proper, secure and straight through processing of settlement instructions; (c) where an interoperable link supports DVP settlement, the linked CSDs shall reflect at least daily and without undue delay the results of the settlement in their books.

47 (d) the linked CSDs shall agree on equivalent risk management models; (e) the linked CSDs shall agree on equivalent contingency and default rules and procedures referred to in Article 41 of Regulation (EU) No 909/2014. (see Article 84(3) of the new draft RTS on CSD Requirements). Risk monitoring and management when using indirect links or an intermediary to operate a CSD link 193. Several respondents felt there was a need for a distinction in the requirements for indirect and direct links operated by an intermediary. Alternatively it was suggested that operated links could be excluded from Article 5 of the draft RTS presented in the CP. Respondents suggested that operated links should be treated as direct links. 194. Having regard to the CP feedback, ESMA has included specific requirements for when a requesting CSD uses an intermediary to operate a CSD link, whereby this account operator operates the accounts of the requesting CSD on its behalf in the receiving CSD’s books (see Article 85(2) of the new draft RTS on CSD Requirements). 195. Some respondents stated the requirements of Article 5 of the draft RTS on CSD Requirements presented in the CP were too strict in relation to links with third country CSDs. Specific reference was made to the need for a third country intermediary to be compliant with rules at least as stringent as those contained in EU banking regulations, and holding securities in an individually segregated account at the receiving third country CSD. 196. Having regard to the CP feedback, ESMA proposes that, while in general an individually segregated account at the receiving CSD should be used for the operations of the CSD link, in the case of a link with a third country CSD, an adequate level of asset protection should be ensured. If an individually segregated account at the receiving CSD cannot be used for the operations of the CSD link, the requesting CSD should inform its competent authority about the reasons according to which this is not possible, and should provide details on usage and risks (see Article 85(1)(h) of the new draft RTS on CSD Requirements). Reconciliation measures in the case of linked CSDs 197. Several respondents expressed concerns that reconciliation may be difficult in the case of links with non-EU CSDs. They noted that currently not all third country CSDs are able to provide daily statements of opening and closing balances and movements, however no reasons were provided as to why this would be difficult to achieve.

48 198. Several respondents proposed to delete or clarify the second sentence in Article 6(1)(b) of the draft RTS on CSD Requirements presented in the CP, which provided that in the case of an indirect link, the daily statements would have to be transmitted through the intermediary that operated the link. The responses indicated that this could be seen as introducing confusion between direct operated links and indirect links. Respondents suggested that the requirement contained in the first sentence of Article 6(1)(b) was sufficient to cover all scenarios. 199. Several respondents suggested that the case of common depositories involved in reconciliation was already covered under general provisions on reconciliation involving other entities (Article 16 of the draft RTS on CSD Requirements presented in the CP) and was not related to interoperable links. 200. ESMA believes that, in order to ensure the integrity of the issue, it is important for CSDs to involve the CSDs with which they have established links, including third country CSDs, in the reconciliation measures; this can be accomplished through contractual arrangements. In addition, if intermediaries are part the operation of the link, they should also be involved in the reconciliation measures, in order to avoid any loopholes. Suspension of settlement in the case of undue creation or deletion of securities 201. The comments on the suspension of settlement proposed in the context of reconciliation measures for linked CSDs broadly referred to the responses provided to the question on General reconciliation measures under Article 37 of CSDR. 202. A number of respondents commented on the requirement for the linked CSDs to suspend the securities issue for settlement where the reconciliation process revealed an undue creation or deletion of securities as set out in Article 6(3) of the draft RTS on CSD Requirements presented in the CP. 203. Several respondents noted that only the issuer CSDs could decide to suspend settlement, and the investor CSD, who did not have access to the full picture, should be treated in the same way as any other participant in the issuer CSD. 204. One respondent suggested that only the CSD that centrally maintains the related securities should be entitled with such a suspension.

49 205. Another respondent wrote that where there was a reconciliation issue between the positions recorded in the investor CSD and the records of securities held in the issuer CSD, the issuer CSD would hold the definitive record which is reconciled to total securities issue as provided in RTS on general reconciliation measures. The response suggested that resolving the imbalance should therefore be the responsibility of the investor CSD. 206. The same respondent did not agree that a reconciliation issue between issuer and investor CSDs should result in the suspension of settlement of the issuer’s securities at the issuer CSD, where the issuer CSD was otherwise reconciled to the total securities issue. However, the respondent agreed that suspension at the investor CSD could be appropriate if the imbalance could not be remedied. 207. Having regard to the CP feedback, ESMA proposes that where a CSD has suspended a securities issue for settlement in the case of undue creation or deletion of securities, all CSDs that are participants of or have an indirect link with that CSD, including in the case of interoperable links, should suspend the securities issue for settlement accordingly. In the case of an indirect link, or if an intermediary is used to operate the link, the intermediary should also be involved (see Article 86(2) of the new draft RTS on CSD Requirements). Corporate actions 208. The comments on corporate action processing were broadly in line with the ones provided for the question on reconciliation measures for corporate actions under Article 37 of CSDR. 209. Several respondents suggested that the requirement to block settlement until the corporate action has been fully processed should relate only to full processing of corporate actions on stocks (settled balances) and not on flows (pending transactions). 210. Multiple respondents suggested that it was not necessary to require settlement to be blocked until all CSDs (issuer CSD and all investor CSDs) have finished processing a corporate action on stocks (Article 6 (4) of the draft RTS on CSD Requirements presented in the CP). They suggested that the requirement should be lifted once the corporate action on stocks has been fully processed in the investor CSD’s account provider.

50 211. The requirement for blocking of settlement in a particular investor CSD was considered too broad by several respondents. It was mentioned that in the event of a securities distribution, and if the outcome security has the same ISIN as the parent security there could be no need, and no risk management benefit, for settlement in the parent securities to be blocked. 212. Several respondents suggested deleting the text ‘enabling the coordination of their actions with regard to the adequate reflection of the corporate actions’. It was considered unnecessary, since the distribution of information on corporate actions, and the processing of corporate actions on stocks, followed the principle of cascade processing (i.e. one action in the issuer CSD and a subsequent action in the investor CSDs). The respondents wrote that it was difficult to reconcile this principle with the idea of coordination of actions. 213. It was proposed by several respondents to revise Article 6(4) of the draft RTS on CSD Requirements presented in the CP to allow for full compliance with both CAJWG Market Standards on Corporate Actions and the T2S Corporate Actions Sub Group Standards. The respondents requested for the definition of the relevant corporate action terms to be aligned with the glossary of the EU market standards (CAJWG standards). 214. Based on the CP feedback, ESMA has amended the requirements on reconciliation measures to be taken by linked CSDs in the case of corporate actions as follows: In the case of a corporate action on stocks that reduces the balances of securities accounts held by an investor CSD with another CSD, settlement instructions by the investor CSD in the relevant securities issues should not be processed until the corporate action has been fully processed by the investor CSD. In the case of a corporate action on stock that reduces the balances of securities accounts held by an investor CSD with another CSD, the investor CSD should not update the securities accounts it maintains to reflect the corporate action until the corporate action has been fully processed by the latter CSD. The issuer CSD should ensure the timely transmission, to all its participants, including investor CSDs, of information on corporate actions processing for a specific securities issue, enabling the adequate reflection of the corporate actions in the securities accounts maintained by the investor CSDs (see Article 86(3) of the new draft RTS on CSD Requirements).

51 3.13Access (Articles 33, 49, 52, and 53(2)) 3.13.1 Access of Participants to CSDs (Article 33) Article 33 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request for access by a requesting participant, and by competent authorities when assessing the reasons for refusal by a CSD to grant access to a requesting participant, and the elements of the complaint procedure. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to grant access to a requesting participant. 215. Under Article 33 of CSDR, ESMA is required to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request for access by a requesting participant, and by competent authorities when assessing the reasons for refusal by a CSD to grant access to a requesting participant, and the elements of the complaint procedure. At the same time, ESMA is required to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to grant access to a requesting participant. Definitions 216. A number of respondents felt that the proposed definitions “issuer CSD” and “investor CSD” were not necessary and could create overlaps and confusion. 217. ESMA believes that the definitions of “issuer CSD” and “investor CSD” are useful in order to add clarity with regard to the CSD roles, and in order to ensure a consistent application of the relevant requirements under the technical standards, which depend on a CSD’s roles. Third country entities 218. Several respondents asked ESMA to confirm that non-EU participants in EU CSDs: (a) will not be required to be supervised under an equivalent regulatory regime as that of the home Member State of the CSD. While CSD participants should, as a

52 rule, always be supervised institutions, the regulatory regime applicable to them will often not be comparable with that applying in the EU; (b) will be subject to the Settlement Finality Directive (SFD) as participants in EU CSDs, which should not require the jurisdiction in which they are established to enforce the SFD. 219. ESMA has amended the proposed requirements based on the CP feedback. (see Article 88 of the new draft RTS on CSD Requirements) Types of risks 220. It was suggested that CSDs should also be able to refuse a participant if this participant cannot demonstrate to have adequate risk management expertise. 221. ESMA believes that a risk to be considered in this respect is the risk of a requesting participant not adhering to or complying with the risk management rules of the receiving CSD or in case it lacks the necessary expertise in that regard. 3.13.2 Access of Issuers to CSDs (Article 49) Article 49 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request by an issuer for recording its securities in a CSD, and competent authorities when assessing the reasons for refusal by a CSD to provide services to an issuer, and the elements of the complaint procedure. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to provide services to an issuer. 222. Under Article 49 of CSDR, ESMA is required to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request for access following a request by an issuer for recording its securities in a CSD, and by competent authorities when assessing the reasons for refusal by a CSD to provide services to an issuer, and the elements of the complaint procedure. At the same time, ESMA is required to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to provide services to an issuer. Types of risks

53 223. One respondent to the CP noted the difficulties (and high costs) in conducting a financial assessment of an issuer in the way prescribed in Article 2(7) of the draft RTS on CSD Requirements presented in the CP on a continuous basis. 224. ESMA believes it is important for the CSD to assess whether the requesting issuer holds sufficient financial resources to fulfil its obligations towards the CSD, which, apart from the CSD fees, may include for instance payments in connection to corporate actions (see Article 88(8) of the new draft RTS on CSD Requirements). 3.13.3 Access between CSDs (Article 52) Article 52 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request for access by a requesting CSD, and competent authorities assessing the reasons for refusal by a CSD to grant access to a requesting CSD, and the elements of the complaint procedure. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to grant access to a requesting CSD. 225. Under Article 52 CSDR, ESMA is required to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment following a request for access following a request for access by a requesting CSD, and by competent authorities when assessing the reasons for refusal by a CSD to grant access to a requesting CSD, and the elements of the complaint procedure. At the same time, ESMA is required to establish standard forms and templates for the procedure regarding the assessment of a complaint following the refusal by a CSD to grant access to a requesting CSD. 226. Similar comments as the one reported in the previous section (access of issuers) were received in this respect and ESMA reached the same conclusions.

54 3.13.4 Access between a CSD and another Market Infrastructure (Article 53) Article 53 CSDR ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and by competent authorities when assessing the reasons for refusal in accordance with paragraph 3 of Article 53 of CSDR, and the elements of the procedure referred to in paragraph 3 of Article 53 of CSDR. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure referred to in paragraphs 2 and 3 of Article 53. 227. Under Article 53 of CSDR, ESMA is required to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and by competent authorities when assessing the reasons for refusal in accordance with paragraph 3 of Article 53 of CSDR, and the elements of the procedure referred to in paragraph 3 of Article 53 of CSDR. At the same time, ESMA is required to establish standard forms and templates for the procedure referred to in paragraphs 2 and 3 of Article 53. Access by a CCP or trading venue to a CSD 228. Article 2 of the draft RTS on CSD Requirements presented in the CP was widely accepted however a number of respondents to the CP stated that it was important to separate more clearly the different responsibilities for issuers, participants and different market infrastructures. For example, respondents felt that Article 2 of the draft RTS, should take into account the specificities of entities such as Trading Venues with a link (trade feed) with a CSD and CCP – the TV is not actually a CSD participant and may have no financial obligations to the CSD. 229. Having regard to the CP feedback, ESMA has streamlined the requirements based on the specificities of each type of entity.

55 3.14 Authorisation to provide banking types of ancillary services (Article 55) Article 55 CSDR ESMA shall, in close cooperation with the members of the ESCB and EBA, develop draft regulatory technical standards to specify the information that the CSD is to provide to the competent authority for the purpose of obtaining the relevant authorisations to provide the banking-type services ancillary to settlement. ESMA shall also, in close cooperation with the members of the ESCB and EBA, develop draft implementing technical standards to establish standard forms, templates and procedures for the consultation of the authorities prior to granting authorisation. 230. Article 54 of CSDR states that a pre-requisite for a CSD, would be for the entity providing the cash settlement to already have a banking license and an adequate recovery plan. Therefore this evidence must be provided in the application. Other proposed information to be provided in the application included evidence that the CSD or the separate entity meets the prudential requirements set out in Article 59 of CSDR, programme of operations and evidence that demonstrates that there are no adverse interconnections and risks stemming from the activities of the CSD or its relations with a designated credit institution. DP respondents expressed general support for this approach. 231. Only nine responses to the CP covered ancillary services. Respondents were generally in agreement with the proposed technical standards on the procedures for granting and refusing authorisation to provide banking-type of ancillary services, but some also felt that there would be a need for corresponding EBA standards complementing such registration requirements with prudential ones. ESMA finds that this matter cannot be addressed at technical standards level as it regards CSDR requirements. It could only result from an express CSDR mandate. The standards are however taking into account that 2 applications may exist and therefore not requiring the details to be submitted twice. Further details on the EBA standards will be covered in the EBA Final Report. 232. The majority of respondents proposed to delete the requirement for CSDs offering banking-type ancillary services to provide the resolution plan established in accordance with the BRRD, as the BRRD requires resolution authorities rather than institutions to establish such plans. ESMA agreed that the resolution plan should not be included and the draft RTS has been modified accordingly, to mention only the recovery plan.

56 233. Some CP respondents stated that it would not be possible for CSDs to evidence before authorisation that either themselves or the designated credit institution is subject to an additional capital surcharge as laid down in Article 54(3). Still, even if the capital surcharge is defined via EBA standards, the authorisation requirements are defined in ESMA standards and the capital surcharge is, under CSDR, a requirement that a CSD needs to fulfil so that it may be authorised. The reference to the capital surcharge in the application was therefore kept. 234. One respondent found it unreasonable for competent authorities to require applicant CSDs to provide information in multiple languages. There was also a call for a single authorisation request for CSDs (as a CSD and a provider of banking type of services). ESMA proposes that all information included in the application should be provided submitted in the language indicated by the competent authority. The competent authority may ask the CSD to submit the same information in a language customary in the sphere of international finance. 4 Internalised Settlement (Article 9) Article 9 CSDR ESMA may, in close cooperation with the members of the ESCB, develop draft regulatory technical standards further specifying the content of the reporting regarding securities transactions settled by settlement internalisers outside securities settlement systems. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms, templates and procedures for the reporting and transmission of information regarding securities transactions settled by settlement internalisers outside securities settlement systems. 235. Under Article 9 of CSDR, ESMA is required to establish standard forms, templates and procedures for the reporting and transmission of information regarding securities transactions settled by settlement internalisers outside securities settlement systems. ESMA may also further specify the content of the reporting regarding securities transactions settled by settlement internalisers outside securities settlement systems. Definitions 236. Several respondents felt that the definition of internalised settlement was not sufficiently clear.

57 237. Whilst not opposing the proposed requirement to report settlement fails in the context of settlement internalisation, several respondents felt the definition needed clarification. Additionally, a number of other respondents noted that the reporting of data relating to failed transfer orders went beyond ESMA’s mandate under the Level 1 text. 238. Having regard to the CP feedback, ESMA has included definitions of ‘internalised settlement instructions’ and ‘failed settlement instructions’ in the context of internalised settlement. Extraterritoriality 239. A number of respondents raised the issue of extraterritoriality. They sought clarity on how and to whom to report securities issued in one jurisdiction settled by participants of other jurisdictions. The respondents asked for ESMA clarification as to whether settlement internalisation reports would cover only securities that were issued in an EU CSD or all securities settled in an EU CSD - irrespective of where they were issued. The respondents proposed ESMA limited the scope to securities issued in EU CSDs. 240. ESMA considers that the scope is defined in the Level 1 text, and therefore cannot be limited to securities issued in EU CSDs. 241. Several respondents requested more clarity on how an entity with multiple branches in the EU would report. Two respondents suggested that it would be appropriate that only internalised settlement transactions in EU-issued securities between clients based in the EU should be reported if they take place in a branch of an EU-regulated settlement internaliser in a third country. This is, however, an issue that is outside ESMA’s mandate under Article 9 of CSDR. Scope and Granularity 242. Responses were received with regard to the scope and granularity of settlement reporting. Three respondents noted the need for consistency and suggested that internalised settlement reporting should replicate the settlement reporting requirements for CSDs. 243. Two respondents considered a breakdown beyond aggregated volume and value to be beyond the Level 1 mandate, too detailed and too costly. Respondents proposed developing reporting on an aggregated basis (without categorisation) and developing more granular reporting at a future date. Aggregation by types of securities transactions

58 244. With regard to the proposed requirements to aggregate reporting by types of securities transactions, three respondents suggested aligning the ‘types of securities transactions’ with those set out in Settlement Discipline RTS would be difficult for settlement internalisers. They pointed out that a settlement internaliser may be unaware of the purpose or background of a transaction, rendering them unable to accurately complete the report. 245. ESMA is aware that the implementation of certain requirements (such as aggregation by Issuer CSD, or transaction type) will require time for the respective market practices to be developed, and this is why ESMA proposes that the requirements on internalised settlement reporting should become applicable 24 months after the publication of the technical standards in the Official Journal. Aggregation by types of clients 246. Some respondents argued that the proposed categories of clients which would be aggregated were too detailed. A number of respondents questioned whether ‘Type of Client’ meant the direct client of the settlement internaliser or the entity that executed the trade. Two respondents argued that the value of reporting of retail transactions would be low but the reporting burden would be very large due to the high volume of such transactions. 247. Having regard to the CP feedback, ESMA proposes an aggregation by type of clients covering only professional and retail clients, as direct clients of the settlement internaliser. Aggregation by country of issuance 248. With regard to the proposed requirement to aggregate by country of issuance, two respondents noted that institutions do not currently have an indication of where securities were issued. 249. A number of respondents noted that the ‘Other’ category in Article 2(1) (f) (vii) and 2(1)(g)(iv) of the draft RTS on Internalised Settlement presented in the CP implied a breach of the requirement if not specified and should be further defined or deleted. 250. Several respondents noted that ‘Corporate actions’ are not internalised settlements because those instructions are generally triggered by issuers or agents and therefore ‘Corporate actions’ should be removed.

59 251. Two respondents noted that collateral management will be covered in SFTR and therefore removed to avoid duplication. 252. Two respondents noted that securities not issued in a CSD (e.g. certain units of UCITs and AIFs after subscription) should not be included in the reports. 253. Three respondents noted that all settlements relating to on-exchange activity should be excluded because the allocations of the netted instructions to respective clients should not be considered as internalised settlement. Similarly, one settlement in the books of a CSD which corresponds to several transactions entered by different clients should not be considered as settlement internalisation. 254. Three respondents stated that aggregate values will be double counted as the settlement internaliser is on both sides of the internalisation. 255. One respondent noted that settlement internalisers can only report on transactions internalised in their books. They have no information on potential further internalisation by their clients. The latter situation leads to multiple reporting on the same security. 256. Having regard to the CP feedback, ESMA has further streamlined the proposed requirements, proposing a reporting of aggregate data by type of financial instruments, type of securities transactions, type of clients (retail and professional clients), and Issuer CSD (if the information on the Issuer CSD is not available, the ISIN of the securities should be used as a proxy). 257. ESMA is aware that the implementation of certain requirements (such as aggregation by Issuer CSD, or transaction type) will require time for the respective market practices to be developed, and this is why ESMA proposes that the requirements on internalised settlement reporting should become applicable 24 months after the publication of the technical standards in the Official Journal. Format of the Reports 258. Multiple respondents noted that the template format of the reports that ESMA proposed were not precise enough. They said that the templates would lead to competent authorities creating their own specific templates. Respondents suggested a standard template across all NCAs. 259. ESMA has amended the proposed templates, in order to make them more precise.

60 Phase-in and thresholds 260. A number of respondents expressed concern for implementation expectations and proposed a phase in of at least 6 months. Three respondents suggested setting thresholds for reporting. 261. ESMA is aware that the implementation of certain requirements (such as aggregation by Issuer CSD, or transaction type) will require time for the respective market practices to be developed. At the same time, competent authorities will need time to build their IT solutions to be able to receive, process and analyse the reports, while the settlement internalisers will have to develop their own internal IT solutions to be able to meet the reporting requirements. This process can only start after all exact details of the reporting requirements have been agreed. 262. After ESMA submits the technical standards to the Commission, a single harmonised technical reporting template will have to be developed. This template would establish the technical format of the reports (e.g. XML) and will have to be as prescriptive as possible. 263. ESMA considers it important that further clarity should be provided on the reporting architecture and exchange of information between ESMA and other competent authorities, for instance through Guidelines (e.g. to whom the entities and their branches should report and how, which financial instruments are in scope, how the value would be calculated, etc.). 264. After that, the authorities would have to start building IT solutions for reporting and engaging with potential settlement internalisers, while the reporting entities will have to start engaging with their IT suppliers and designing their internal IT solutions. 265. As this is the first time that settlement internalisation reporting is required, a new IT solution will have to be developed for most, if not for all, competent authorities. 266. In parallel to the tender and design phase, competent authorities will have to develop and implement a communication strategy to identify the settlement internalisers and make sure that they are made aware of the detailed reporting requirements. The key challenges of this phase are the high number of reporting entities. Not all of them will be known to the competent authorities and aware of the need to report. Engagement with the firms will have to start as soon as possible after the policy has been locked down and continue until the reporting obligation enters into force and sufficiently high data quality has been achieved.

61 267. It is important to take into account that the reporting requirements will impact a large number of internal systems and processes for settlement internalisers. Given that the required information will not always be readily available or included in existing databases, the internaliser will need to upgrade or complement the quality of the information received from its clients. 268. The context of regulatory change in the EU over the next 24 months needs to be considered. Settlement internalisers need to upgrade their existing systems to meet the requirements of the new regulatory framework, while some of the largest will be in direct competition for IT resources with CSDs to adapt to T2S. Some will be also be considering whether or not to become directly connected to T2S. This means they will be subject to the same cost and resource considerations of CSDs – a key factor in ESMA’s decision to propose a 24 month phase-in for settlement discipline requirements. 269. Overall, we can expect that the largest internalising firms would have to re-examine their platforms in the light of the T2S, and related regulatory reporting changes such as MiFID/MiFIR and SFTR (which will also increase demand for IT resources). If the phase-in is introduced, the firms could take the reporting requirements into account when changing their essential infrastructure and would avoid the need to undergo multiple important structural changes. 270. The requirement to provide aggregated data on settlement internalisation within 10 working days from the end of each quarter also means that the reporting solution must involve a very high degree of automation. If a proper phase-in was not introduced, the reporting entities would face a significant challenge of having to meet the reporting requirements by Q1 2016 without an IT solution in place. 271. Due to the reasons mentioned above, ESMA proposes that the requirements on internalised settlement reporting should become applicable 24 months after the publication of the technical standards in the Official Journal.

62 Annex I: Legislative mandate to develop draft technical standards Article 9 ESMA shall develop draft implementing technical standards to establish standard forms, templates and procedures for the reporting and transmission of information referred to in paragraph 1. Article 12 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards specifying the conditions under which the Union currencies referred to in point (b) of paragraph 1 are considered to be the most relevant, and efficient practical arrangements for the consultation of the relevant authorities referred to in point (b) and (c) of that paragraph. Article 17 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the information that the applicant CSD is to provide to the competent authority in the application for authorisation. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms, templates and procedures for the application for authorisation. Article 18 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the criteria to be taken into account by the competent authorities to approve the participation of CSDs in legal persons other than those providing the services listed in Sections A and B of the Annex. Such criteria may include whether the services provided by that legal person are complementary to the services provided by a CSD, and the extent of the CSD's exposure to liabilities arising from such participation. Article 22 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the following: (a) the information that the CSD is to provide to the competent authority for the purposes of the review and evaluation referred to in paragraph 1; (b) the information that the competent authority is to supply to the relevant authorities, as set out in paragraph 7; (c) the information that the competent authorities referred to in paragraph 8 are to supply one another.

63 ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to determine standard forms, templates and procedures for the provision of information referred to in the first subparagraph of paragraph 10. Article 24 ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms, templates and procedures for the cooperation referred to in paragraphs 1, 3 and 5. Article 25 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the information that the applicant CSD is to provide to ESMA in its application for recognition under paragraph 6. ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards specifying at the CSD level and at the group level as referred to in paragraph 7: (a) the monitoring tools for the risks of the CSDs referred to in paragraph 1; (b) the responsibilities of the key personnel in respect of the risks of the CSDs referred to in paragraph 1; (c) the potential conflicts of interest referred to in paragraph 3; (d) the audit methods referred to in paragraph 6; and (e) the circumstances in which it would be appropriate, taking into account potential conflicts of interest between the members of the user committee and the CSD, to share audit findings with the user committee in accordance with paragraph 6. Article 26 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards specifying at the CSD level and at the group level as referred to in paragraph 7: (a) the monitoring tools for the risks of the CSDs referred to in paragraph 1; (b) the responsibilities of the key personnel in respect of the risks of the CSDs referred to in paragraph 1; (c) the potential conflicts of interest referred to in paragraph 3; (d) the audit methods referred to in paragraph 6; and (e) the circumstances in which it would be appropriate, taking into account potential conflicts of interest between the members of the user committee and the CSD, to share audit findings with the user committee in accordance with paragraph 6.

64 Article 29 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the details of the records referred to in paragraph 1 to be retained for the purpose of monitoring the compliance of CSDs with the provisions of this Regulation. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish the format of the records referred to in paragraph 1 to be retained for the purpose of monitoring the compliance of CSDs with the provisions of this Regulation. Article 33 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and by competent authorities when assessing the reasons for refusal in accordance with paragraph 3 and the elements of the procedure referred to in paragraph 3. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure referred to in paragraph 3. Article 37 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the reconciliation measures a CSD is to take under paragraphs 1, 2 and 3. Article 45 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the operational risks referred to in paragraphs 1 and 6 and the methods to test, to address or to minimise those risks, including the business continuity policies and disaster recovery plans referred to in paragraphs 3 and 4 and the methods of assessment thereof. Article 46 ESMA shall, in close cooperation with EBA and the members of the ESCB, develop draft regulatory technical standards specifying the financial instruments that can be considered to be highly liquid with minimal market and credit risk as referred to in paragraph 3, the appropriate timeframe for access to assets referred to in paragraph 2 and the concentration limits as referred to in paragraph 5. Such draft regulatory technical standards shall, where appropriate, be aligned to the regulatory technical standards adopted in accordance with Article 47(8) of Regulation (EU) No 648/2012. Article 48 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the conditions provided for in paragraph 3 under which each

65 type of link arrangement provides for adequate protection of the linked CSDs and of their participants, in particular where a CSD intends to participate in the securities settlement system operated by another CSD, the monitoring and managing of additional risks referred to in paragraph 5 arising from the use of intermediaries, the reconciliation methods referred to in paragraph 6, the cases where DVP settlement through CSD links is practical and feasible as provided for in paragraph 7 and the methods of assessment thereof. Article 49 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and competent authorities assessing the reasons for refusal in accordance with paragraphs 3 and 4, and the elements of the procedure referred to in paragraph 4. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure referred to in paragraph 4. Article 52 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and by competent authorities when assessing the reasons for refusal in accordance with paragraph 2, and the elements of the procedure referred to in paragraph 2. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedures referred to in paragraphs 1 and 2. Article 53 ESMA shall, in close cooperation with the members of the ESCB, develop draft regulatory technical standards to specify the risks to be taken into account by CSDs when carrying out a comprehensive risk assessment, and by competent authorities when assessing the reasons for refusal in accordance with paragraph 3, and the elements of the procedure referred to in paragraph 3. ESMA shall, in close cooperation with the members of the ESCB, develop draft implementing technical standards to establish standard forms and templates for the procedure referred to in paragraphs 2 and 3. Article 55 ESMA shall, in close cooperation with the members of the ESCB and EBA, develop draft regulatory technical standards to specify the information that the CSD is to provide to the competent authority for the purpose of obtaining the relevant authorisations to provide the banking-type services ancillary to settlement.

66 ESMA shall, in close cooperation with the members of the ESCB and EBA, develop draft implementing technical standards to establish standard forms, templates and procedures for the consultation of the authorities referred to in paragraph 4 prior to granting authorisation.