ESMA Final Report on Draft Technical Standards under CSDR: CSD Requirements and Internalised Settlement

28 September 2015 | ESMA/2015/1457/Annex II Draft technical standards under CSDR Annex II to the Final Report on the draft technical standards under the Regulation No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/2012 (CSDR)

ESMA • CS 60747 – 103 rue de Grenelle • 75345 Paris Cedex 07 • France • Tel. +33 (0) 1 58 36 43 21 • www.esma.europa.eu 2

EN 3 EN Table of Contents Regulation 1:RTS ON CSD REQUIREMENTS ....................................................................... 4 Annex I: Details to be included in the application for recognition of third country CSDs............... 93 Annex II: CSD ancillary services records......................................................................................... 96 Annex III: Template for application by a CSD to designate a credit institution or to provide banking-type ancillary services......................................................................................................... 99 Regulation 2: RTS ON INTERNALISED SETTLEMENT .................................................. 107 Regulation 3: ITS ON CSD REQUIREMENTS.................................................................... 114 Annex I: Forms and templates for the CSD application for authorisation ...................................... 128 Annex II: Templates for submission of information for the review and evaluation ....................... 145 Annex III: Forms and templates for the cooperation between authorities of the home Member State and of the host Member State.......................................................................................................... 155 Annex IV: Format of CSD records.................................................................................................. 160 Annex V: Forms and templates for access procedures.................................................................... 175 Annex VI: Forms and templates for the consulatation of authorities prior to granting authorisation to provide banking-type ancillary services.......................................................................................... 191 Regulation 4: ITS ON INTERNALISED SETTLEMENT.................................................... 196 Annex I: Template for reporting and transmission of information on internalised settlement........ 200 Annex II: Potential risks template ................................................................................................... 205 Annex III: Instructions on completing the template for reporting and transmission of information on internalised settlement..................................................................................................................... 206 Annex IV: Instructions on completing the potential risks template ................................................ 233

EN 4 EN Regulation 1: RTS ON CSD REQUIREMENTS EUROPEAN COMMISSION Brussels, XXX … XXX draft COMMISSION DELEGATED REGULATION (EU) No …/.. of XXX […]

EN 5 EN COMMISSION DELEGATED REGULATION (EU) No …/2015 of [date] supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 with regard to regulatory technical standards on requirements for central securities depositories (CSDs) (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard the opinion of the European Central Bank, Having regard to Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/20121 , and in particular Article 12(3), Article 17(9), Article 22(10), Article 25(12), Article 55(7), Article 18(4), Article 26(8), Article 29(3), Article 37(4), Article 45(7), Article 46(6), Article 33(5), Article 48(10), Article 49(5), Article 52(3), and Article 53(4) thereof, Whereas: (1) The provisions in this Regulation are closely linked, since they all deal with the supervisory requirements applicable to CSDs. To ensure coherence between those provisions, which should enter into force at the same time, and to facilitate a comprehensive view and easy access by persons that are subject to these provisions, it is desirable to include all the regulatory technical standards concerning the supervisory requirements under Regulation (EU) No 909/2014 in a single Regulation. (2) In view of the global nature of financial markets, this Regulation should take into account the Principles for Financial Market Infrastructures issued by the Committee on Payment and Settlement Systems and the International Organization of Securities Commissions (CPSS-IOSCO Principles) in April 2012. (3) In order to ensure consistent application of these rules, definitions of certain technical terms should be set out. (4) It is important to ensure appropriate authorisation and supervision of a CSD. As such, a list of the relevant authorities issuing the most relevant Union currencies in which settlement takes place to be involved in the process of authorisation and supervision of

1 OJ L 257, 28.8.2014, p. 1

EN 6 EN a CSD should be defined. This should be done based on the share of the currencies that such authorities issue in the total value of settlement instructions against payment settled annually by a CSD and on the share of settlement instructions against payment settled by a CSD in a Union currency compared to the total value of settlement instructions against payment settled in that currency across all CSDs in the Union. (5) A CSD applying for authorisation should provide information on the structure of its internal controls and the independence of its governing bodies to enable the competent authority to assess whether the corporate governance structure ensures the independence of the CSD and whether that structure and its reporting lines, as well as the mechanisms adopted for managing possible conflicts of interest are adequate. (6) To enable the competent authority to assess the good reputation, experience and skills of the CSD’s senior management and members of the management body, an applicant CSD should provide the relevant information to perform such an assessment. (7) Information on a CSD’s branches and subsidiaries is necessary to enable the competent authority to clearly understand the CSD’s organisational structure and evaluate any potential risk to the CSD due to the activity of such branches and subsidiaries. (8) A CSD applying for authorisation should provide the competent authority with the relevant information to demonstrate that it has the necessary financial resources at its disposal and adequate business continuity arrangements for the performance of its functions on an ongoing basis. (9) In addition to receiving information on the core activities, it is important for the competent authority to receive information on the ancillary services that the CSD applying for authorisation intends to offer to enable the competent authority to have a complete overview of the applicant CSD’s services. (10) In order for the competent authority to assess the continuity and orderly functioning of technological systems of an applicant CSD, it should provide the competent authority with descriptions of those relevant technological systems and how they are managed, including if they are outsourced. (11) The fees associated with the core services provided by CSDs is important information which should form part of the application for authorisation of a CSD in order to enable the competent authorities to verify whether they are proportionate, non-discriminatory and unbundled. (12) In order to ensure that the investors’ rights are protected, and that conflict of laws issues are adequately managed, when assessing the measures that a CSD intends to take to allow its users to comply with the national laws referred to in Article 49(1) of Regulation (EU) No 909/2014, the CSD should take into account both issuers and

EN 7 EN participants, as appropriate, in accordance with the respective national laws referred to in Article 49(1) of Regulation (EU) No 909/2014. (13) In order to secure fair and non-discriminatory access to the notary, central maintenance and securities settlement services within the financial market, issuers, other CSDs and other market infrastructures have been granted access to a CSD in accordance with the provisions of Regulation (EU) No 909/2014. An applicant CSD should, therefore, provide the competent authority with information about its access policies and procedures. (14) In order to carry out its authorisation duties effectively, the competent authority should receive all information from CSDs applying for authorisation and related third parties, including third parties to whom applicant CSDs have outsourced operational functions and activities. (15) For the purpose of ensuring the general transparency of governance rules of a CSD applying for authorisation, the competent authority should be provided with documents confirming that the applicant CSD has adopted the necessary arrangements for a non-discriminatory establishment of an independent user committee for each securities settlement system that it operates. (16) For the purpose of securing the orderly functioning of core infrastructure services within the financial market, a CSD applying for authorisation should provide the competent authority with all necessary information to demonstrate that it has adequate policies and procedures for ensuring reliable record-keeping systems as well as effective mechanisms for CSD services, including in particular the measures for preventing and addressing settlements fails, and the rules concerning the integrity of the issue, the protection of securities of participants and those of their clients, settlement finality, participant default and transfer of participants and clients’ assets in case of a withdrawal of authorisation. (17) The risk management models associated with the services provided by an applicant CSD are a necessary item in its application for authorisation so as to enable the competent authority to evaluate the reliability and integrity of the adopted procedures and help market participants make an informed choice. (18) In order to verify the safety of the link arrangements of the CSD applying for authorisation, to assess the rules applied in the linked systems and evaluate the risks stemming from such links, the competent authority should receive from the applicant CSD any relevant information for such an analysis, together with the CSD assessment of the link arrangements. (19) When granting the approval of a CSD's participation in the capital of another entity, the competent authority of the CSD should take into consideration the criteria that ensure that such participation does not increase significantly the CSD's risk profile. In

EN 8 EN order to ensure its safety and continuity of its services, a CSD should not assume unlimited financial liabilities as a result of its participation in the capital of legal persons other than those providing the services listed in Regulation (EU) No 909/2014. It should fully capitalise the risks resulting from any such participation. (20) In order for the CSD not to be dependent on other shareholders of the entities in which it holds a participation, including with regard to the risk management policies, the CSD should have full control of such entities. This requirement should also facilitate the exercise of supervisory and oversight functions by competent authorities and relevant authorities by allowing easy access to relevant information. (21) A CSD should have a clear strategic rationale for the participation, taking into account the interests of the issuers of securities issued with the CSD; its participants and its clients. It should not merely focus on profit. (22) In order to properly quantify and outline the risks stemming from its participation in the capital of another legal person, a CSD should provide independent risk analyses, approved by an independent internal or external auditor, for the financial risks and liabilities of the CSD resulting from that participation. (23) Following the experience of the financial crisis, authorities should focus on ongoing rather than ex-post supervision. It is, therefore, necessary to ensure that for each review and evaluation under Regulation (EU) No 909/2014, the competent authority has sufficient access to information on a continuous basis. In order to determine the scope of information to be delivered for each review and evaluation, the provisions of this Regulation should follow the requirements for authorisation with which a CSD has to comply under Regulation (EU) No 909/2014. This includes substantive changes to elements already submitted during the process of authorisation, information relating to periodic events and statistical data. (24) To promote an effective bilateral and multilateral exchange of information between competent authorities, the results of the review and evaluation of the activities of a CSD should be shared with other competent authorities where this information is likely to facilitate their tasks, without prejudice to confidentiality and data protection requirements and in addition to any cooperation arrangements provided in Regulation (EU) No 909/2014. An additional exchange of information among competent authorities and relevant authorities or authorities in charge of markets in financial instruments should be organised allowing for a sharing of the findings of the competent authority in the course of the process of review and evaluation. (25) Taking into account the possible burden of gathering and processing a vast amount of information related to the operation of a CSD, and in order to avoid duplications, only relevant modified documents should be provided in the context of the review and evaluation. These documents should be delivered in a manner that enables the competent authority to identify all the relevant changes made to the arrangements,

EN 9 EN strategies, processes and mechanisms implemented by the CSD since authorisation or since the completion of the last review and evaluation. (26) Another category of information that is useful for the competent authority to have in order to be able to perform the review and evaluation refers to events that by nature occur on a periodic basis and which are related to the operation of the CSD and the provision of its services. (27) To carry out a comprehensive risk evaluation of a CSD, the competent authority will need to request statistical data on the scope of the CSD’s business activities in order to evaluate the risks related to CSDs operation and to the smooth operation of securities markets. In addition, statistical data would enable the competent authority to monitor the size and importance of securities transactions and settlements within the financial markets as well as to assess the ongoing and potential impact of a given CSD on the securities market as a whole. (28) For the competent authority to monitor and evaluate the risks to which the CSD is or may be exposed to and which may arise for the smooth functioning of securities markets, the competent authority should be able to request additional information on the risks and activities of a CSD. The competent authority should therefore be able to define and request on its own initiative or following a request submitted to it by another authority, any additional information which it considers necessary for each review and evaluation of the activities of a CSD. (29) It is important to ensure that third country CSDs that intend to provide the services referred to in Regulation (EU) No 909/2014 do not disrupt the orderly functioning of Union markets. (30) The ongoing assessment of the full compliance of a third country CSD with the prudential requirements of such third country is the duty of the third country competent authority. The information to be provided to ESMA by the applicant should not have the objective of replicating the assessment of the third country competent authority, but ensuring that the applicant is subject to effective supervision and enforcement in that third country, thus guaranteeing a high degree of investor protection. (31) To allow European Securities Markets Authority (ESMA) to perform a complete assessment of the application for recognition, the information provided by the applicant should be complemented by the necessary information to assess the effectiveness of the ongoing supervision, enforcement powers and actions taken by the third country competent authority. Such information should be provided under a cooperation arrangement established in accordance with Regulation (EU) No 909/2014. Such a cooperation arrangement should ensure that ESMA is informed in a timely manner of any supervisory or enforcement action against the third country CSD applying for recognition and any change of the conditions under which authorisation

EN 10 EN was granted to the relevant CSD and on any relevant update of the information originally provided by the CSD under the recognition process. (32) In order to ensure that the investors’ rights are protected, and that conflict of laws issues are adequately managed, when assessing the measures that a third country CSD intends to take to allow its users to comply with the national laws referred to in Article 49(1) of Regulation (EU) No 909/2014, the third country CSD should take into account both issuers and participants, as appropriate, in accordance with the respective national laws referred to in Article 49(1) of Regulation (EU) No 909/2014. (33) To establish a sound risk-management framework, a CSD should take an integrated and comprehensive view of all relevant risks. Such a comprehensive view should include the risks that the CSD bears from any other entities and the risks that it poses to third parties, including its users and to the extent practicable their clients, as well as linked CSDs, central counterparties, trading venues, payment systems, settlement banks, liquidity providers and investors. (34) To ensure that CSDs operate with the necessary level of human resources to meet all of their obligations and to ensure that competent authorities have the relevant contact points within the CSDs that they supervise, CSDs should have key dedicated staff that should be accountable for the CSD and their own individual performance, particularly at the level of senior management and management body. (35) To ensure an adequate control of the activity performed by CSDs, independent audits covering the operations of the CSD, risk management processes, compliance and internal control mechanisms, should be put in place and performed regularly. The independence of audits should not necessarily require the involvement of an external auditor, provided that the CSD demonstrates to the competent authority that the independence of its internal auditor is properly ensured. In order to ensure the independence of its internal audit function, the CSD should also establish an audit committee. (36) A CSD should set up a risk committee in order to ensure that the management body of the CSD is advised at the highest technical level on its overall current and future risk tolerance and strategy. To ensure its independence from the CSD’s executive management and a high degree of competence, the risk committee should be composed of a majority of non-executive members and it should be chaired by a person with an appropriate experience on risk management. (37) When assessing potential conflicts of interest, a CSD should not only examine the members of the management body, senior management or staff of the CSD but also any person directly or indirectly linked to such individuals or to the CSD, whether it is a natural or legal person.

EN 11 EN (38) A CSD should have a chief risk officer, a chief compliance officer, a chief technology officer, as well as a risk management function, a technology function, a compliance and internal control function, and internal audit function. In addition, different persons should fulfil the roles of the chief risk officer, chief compliance officer and chief technology officer given that such functions are usually fulfilled by persons with different academic and professional profiles. This approach is similar to the one adopted in Regulation (EU) No 648/2012 of the European Parliament and the Council2 for other market infrastructures. (39) Records kept by a CSD should be structured and allow for easy access to the data stored by the competent authorities involved in the supervision of CSDs. A CSD should ensure that the data records that it keeps, including the complete accounting of the securities that it maintains, are accurate and up-to-date in order to serve as a reliable data source for supervision purposes. (40) To facilitate the reporting and recording of a consistent set of information under different requirements, records kept by CSDs should cover each individual service provided by the CSD in accordance with Regulation (EU) No 909/2014, and should include at least all the details to be reported under the rules on settlement discipline provided in Regulation (EU) No 909/2014. (41) The preservation of the rights of issuers and investors is essential for the orderly functioning of a securities market. A CSD should therefore employ appropriate rules, procedures and controls to prevent the unauthorised creation or deletion of securities. It should also conduct at least daily reconciliation of the securities accounts that it maintains. (42) A CSD should maintain robust accounting practices and perform audits to verify that its records of securities are accurate and that its measures ensuring the integrity of securities issues are adequate. (43) In order to effectively ensure the integrity of the issue, the reconciliation measures provided in Regulation (EU) No 909/2014 should apply to all CSDs regardless of whether or not they provide the notary service or central maintenance service referred to in that Regulation in relation to a securities issue. (44) With regard to other entities involved in the reconciliation process, several scenarios should be distinguished depending on the role of the different entities. The reconciliation measures should reflect the specific roles of such entities. According to the registrar model, the registrar maintains records of securities which are also recorded in a CSD. According to the transfer agent model, the fund manager or transfer agent is responsible for an account that maintains a part of a securities issue recorded in a CSD. According to the common depository model, the common

2 Regulation (EU) No 678/2012 of the European Parliament and the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories, OJ, 27.7.2012, L201/1

EN 12 EN depository is used by CSDs that establish an interoperable link, and the common depository is responsible for the overall integrity of the securities issues initially recorded or centrally maintained by the CSDs that have established an interoperable link. (45) In order to mitigate operational risks, which comprise the risks caused by deficiencies in information systems, internal processes, and personnel's performance or disruptions caused by external events which result in the reduction, deterioration or breakdown of services provided by a CSD, CSDs should identify all such risks and monitor their evolution, irrespective of their origin that may include, for instance, their users, providers of services to CSDs and other market infrastructures, including other CSDs. Operational risks should be managed through a well-documented and robust framework with clearly assigned roles and responsibilities. This framework should include operational targets, tracing features, assessment mechanisms and it should be integrated in the risk management system of the CSD. In this context, a CSD chief risk officer should be responsible for the operational risk management framework. CSDs should manage their risk internally. Where internal controls are insufficient or where eliminating certain risks is not a reasonably feasible option, a CSD should be able to take a financial coverage of those risks through insurance. (46) CSDs should not enter into investments that may affect their risk profile. CSDs should only enter into derivatives contracts if they are required to hedge a risk that they cannot reduce otherwise. This hedging should be subject to certain strict conditions that ensure that such derivatives are not used for purposes other than for covering risks and are not used for a realisation of profits. (47) The assets of CSDs should be held safely, be easily accessible and able to be liquidated promptly. A CSD should therefore ensure that its policies and procedures concerning prompt access to its own assets are based at least on the nature, size, quality, maturity and location of such assets. A CSD should also ensure that prompt access to its assets is not negatively affected by the outsourcing of custody or investment functions to a third party entity. (48) To manage its liquidity needs, a CSD should be able to access its cash assets immediately and be able to access any securities that it holds under its own name on the same business day when a decision to liquidate the assets is taken. (49) To ensure a greater degree of protection of the assets of a CSD from the default of the intermediary, a CSD that accesses another CSD through a CSD link should maintain such assets in a segregated account at the linked CSD. This level of segregation should ensure that the assets of a CSD are segregated from those of other entities and protected appropriately. (50) In order to ensure that a CSD invests its financial resources in highly liquid instruments with minimal market and credit risks and for these investments to be

EN 13 EN liquidated rapidly with minimal price effect, it should diversify its portfolio and establish appropriate concentration limits with respect to the issuers of the instruments in which it invests its resources. (51) In order to ensure the safety and efficiency of the link arrangement of a CSD with another CSD, a CSD should identify, monitor, and manage all potential sources of risk arising from the link arrangement. A CSD link should have a well-founded legal basis, in all relevant jurisdictions, that supports its design and provides adequate protection to the CSDs involved in the link. Linked CSDs should measure, monitor, and manage the credit and liquidity risks arising from each other. (52) A requesting CSD that uses an indirect CSD link or an intermediary to operate a CSD link with a receiving CSD should measure, monitor, and manage the additional risks, including custody, credit, legal, and operational risks, arising from the use of the intermediary in order to ensure the safety and the efficiency of the link arrangement. (53) In order to ensure the integrity of the issue for securities issues maintained in several CSDs through CSD links, CSDs should apply specific reconciliation measures and coordinate their actions. (54) CSDs should provide fair and open access to their services with due regard to the risks to financial stability and the orderliness of the market. They should control the risks arising from their participants and other users by setting risk-related criteria for the provision of their services. CSDs should ensure that their users, such as participants, any other CSDs, Central Counterparties (CCPs), trading venues or issuers that are granted access to their services meet the criteria and have the required operational capacity, financial resources, legal powers, and risk-management expertise in order to prevent the occurrence of risks for CSDs and other users. (55) In order to ensure the safety and efficiency of its securities settlement system, a CSD should monitor compliance with its access requirements on an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the suspension and orderly exit of a requesting party that breaches, or no longer meets, the access requirements. (56) For the purpose of the authorisation to provide banking-type ancillary services, a CSD should submit an application to the competent authority containing a number of elements ensuring that the provision of the banking-type ancillary services do not affect the smooth provision of core services of a CSD. Entities already authorised as CSDs should not be required to submit again any elements that were already submitted in the course of the process of application for being authorised as a CSD under Regulation (EU) 909/2014. (57) With a view to ensuring legal certainty and the consistent application of the law, the authorisation, supervision and record keeping requirements of CSDs provided in this

EN 14 EN Regulation concerning their activities related to the measures on settlement discipline should apply when the respective delegated act on settlement discipline becomes applicable. (58) This Regulation is based on the draft regulatory technical standards submitted by ESMA to the Commission. (59) In drawing up the technical standards contained in this Regulation, ESMA has worked in close cooperation with the members of the European System of Central Banks (ESCB) and the European Banking Authority (EBA). (60) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council3 , HAS ADOPTED THIS REGULATION: CHAPTER I GENERAL Article 1 Definitions For the purposes of this Regulation, the following definition shall apply: (a) ‘review period’ means: (i) the period between a CSD receiving its initial authorisation referred to in Article 17(1) of Regulation (EU) No 909/2014 and the first review and evaluation as referred to in Article 22(1) of that Regulation; (ii) the period following the end of the last review and evaluation, where the competent authority has already finalised at least one review and evaluation following the granting of an initial authorisation to a CSD.

3Regulation (EU) No 1095/2010 of 24 November 2010 of the European Parliament and of the Council establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

EN 15 EN (b) ‘settlement instruction’ means a transfer order as defined in point (i) of Article 2 of Directive 98/26/EC of the European Parliament and of the Council4 ; (c) ‘settlement restriction’ means the blocking, reservation or earmarking of securities that make securities unavailable for settlement, or the blocking or reservation of cash that make it unavailable for settlement; (d) ‘exchange-traded fund (ETF)’ means a fund as defined in point (46) of Article 4(1) of Directive 2014/65/EU5 ; (e) ‘account operator’ means an entity that has a contractual relationship with the CSD and that operates securities accounts maintained by the CSD by means of recording book entries into the securities accounts. (f) ‘issuer CSD’ means a CSD which provides the core service referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014 in relation to a securities issue; (g) ‘investor CSD’ means a CSD that is a participant in the securities settlement system operated by another CSD or that uses an intermediary that is a participant in the securities settlement system operated by another CSD in relation to a securities issue (h) ‘receiving party’ means one of the following entities, as appropriate: (i) a receiving CSD as defined in point (5) of Article 2(1) of Regulation (EU) No 909/2014; (ii) a CSD which receives a request from a participant, an issuer, a CCP or a trading venue to have access to its services in accordance with Articles 33(2), 49(2) and 53(1) of Regulation (EU) No 909/2014; (iii) a CCP which receives a request from a CSD to have access to its transaction feeds in accordance with Article 53(1) of Regulation (EU) No 909/2014; (iv) a trading venue which receives a request from a CSD to have access to its transaction feeds in accordance with Article 53(1) of Regulation (EU) No 909/2014. (i) ‘requesting party’ means one of the following entities, as appropriate: (i) a requesting CSD as defined in point (6) of Article 2(1) of Regulation (EU) No 909/2014;

4 Directive 98/26/EC of the European Parliament and of the Council of 19 May 1998 on settlement finality in payment and securities settlement systems (OJ L 166, 11.06.1998, p. 45). 5 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349)

EN 16 EN (ii) a participant, an issuer, a CCP or a trading venue which requests access to the securities settlement system operated by a CSD or to other services provided by a CSD in accordance with Articles 33(2), 49(2) and 53(1) of Regulation (EU) No 909/2014 ; (iii) a CSD which requests access to the transaction feeds of a CCP in accordance with Article 53(1) of Regulation (EU) No 909/2014 ; (iv) a CSD which requests access to the transaction feeds of a trading venue in accordance with Article 53(1) of Regulation (EU) No 909/2014. (j) ‘durable medium’ means any instrument which: (i) enables the storage of information in a way accessible for future reference and for a period of time adequate for the purposes of the information; and (ii) allows the unchanged reproduction of the information stored. CHAPTER II DETERMINATION OF THE MOST RELEVANT CURRENCIES AND PRACTICAL ARRANGEMENTS FOR THE CONSULTATION OF THE RELEVANT COMPETENT AUTHORITIES (Article 12(1)(b) and (c) of Regulation (EU) No 909/2014) Article 2 Determination of most relevant currencies

1. The most relevant currencies referred to in point (b) of Article 12(1) of Regulation (EU) No 909/2014 shall be identified according to either of the following calculations: (a) the relative share of each Union currency in the total value of the settlement by a CSD of settlement instructions against payment, calculated over a period of one year, provided that each individual share exceeds 1%; or (b) the relative share of settlement instructions against payment settled by a CSD in a Union currency compared to the total value of settlement instructions against payment settled in that currency across all CSDs in the Union, calculated over a period of one year, provided that each individual share exceeds 10%.
2. The calculations referred to in paragraph 1 shall be done on an annual basis by the competent authority of each CSD. Article 3

EN 17 EN Practical arrangements for the consultation of the relevant authorities referred to in Article 12(1)(b) and (c) of Regulation (EU) No 909/2014

1. Where one of the most relevant currencies determined in accordance with Article 2 is issued by more than one central bank, those central banks shall determine a single representative as the relevant authority for that currency referred to in point (b) of Article 12(1) of Regulation (EU) No 909/2014.
2. Where the cash leg of securities transactions is settled in accordance with Article 40(1) of Regulation (EU) No 909/2014 through accounts opened with several central banks that issue the same currency, those central banks shall determine a single representative as a relevant authority referred to in point (c) of Article 12(1) of Regulation (EU) No 909/2014. CHAPTER III AUTHORISATION OF CSDs (Article 17 of Regulation No 909/2014) SECTION 1 General information on applicant CSDs Article 4 An applicant CSD shall comply with the requirements under this Chapter when applying for authorisation according to Article 17 of Regulation (EC) No 909/2014. Article 5 Identification and legal status of applicant CSDs
3. An application for authorisation shall clearly identify the applicant CSD and the activities and services that it intends to carry out.
4. The application for authorisation shall contain the following information: (a) contact details of the person responsible for the application; (b) contact details of the person(s) in charge of the applicant CSD’s compliance and internal control function; (c) the corporate name of the applicant CSD, its Legal Entity Identifier (LEI) and legal address in the Union; (d) the memorandum and articles of association or other constitutional and statutory documentation of the applicant CSD;

EN 18 EN (e) an excerpt from the relevant commercial or court register, or other forms of certified evidence of the registered address and business activity of the applicant CSD that shall be valid at the date of the application; (f) the identification of the securities settlement systems that the applicant CSD operates or intends to operate; (g) a copy of the decision of the management body regarding the application and the minutes of the meeting in which the management body approved the application file and its submission; (h) the contact details of the person responsible for the application; (i) a chart showing the ownership links between the parent undertaking, subsidiaries and any other associated entities or branches; the entities shown in the chart shall be identified by their full company name, legal status, legal address, and tax numbers or company registration numbers; (j) a description of the business activities of the applicant CSD’s subsidiaries and other legal persons in which the applicant CSD holds a participation, including information on the level of participation; (k) a list containing: (i) the name of each person or entity who, directly or indirectly, holds 5 % or more of the applicant CSD’s capital or voting rights; (ii) the name of each person or entity that could exercise a significant influence over the applicant CSD’s management due to its holding in the applicant CSD’s capital; (l) a list containing: (i) the name of each entity in which the applicant CSD holds 5 % or more of the entity’s capital and voting rights; (ii) the name of each entity over whose management the applicant CSD exercises significant influence; (m) a list of core services listed in Section A of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide; (n) a list of ancillary services explicitly specified in Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide;

EN 19 EN (o) a list of any other ancillary services permitted under, but not explicitly specified under Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide; (p) a list of the investment services subject to Directive 2014/65/EU6 referred to in point (o); (q) a list of services that the applicant CSD outsources or intends to outsource to a third party in accordance with Article 30 of Regulation (EU) No 909/2014; (r) the currency or currencies that the applicant CSD processes, or intends to process in connection with services that the applicant CSD provides, irrespective of whether cash is settled on a central bank account, a CSD account, or an account at a designated credit institution; (s) information on any pending and final judicial, administrative, arbitration or any other legal proceedings to which the applicant CSD is a party and which may cause it financial or other costs. 3. Where the applicant CSD intends to provide core services or to set up a branch in accordance with Article 23(2) of Regulation (EU) No 909/2014, the application for authorisation shall contain the following information: (a) the Member State(s) in which the applicant CSD intends to operate; (b) a programme of operations stating in particular the services which the applicant CSD provides or intends to provide in the host Member State; (c) the currency or currencies that the applicant CSD processes or intends to process in the host Member State; (d) where the services will be provided through a branch, the organisational structure of the branch and the names of the persons responsible for its management; (e) where relevant, an assessment of the measures that the applicant CSD intends to take to allow its users to comply with the national laws referred to in Article 49(1) of Regulation (EU) No 909/2014. 4. Where the applicant CSD outsources services or activities to a third party in accordance with Article 30 of Regulation (EU) No 909/2014, the application for authorisation shall contain a description of those services or activities. Article 6

6 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349)

EN 20 EN Policies and procedures

1. An application for authorisation shall contain the following information on the policies and procedures of the applicant CSD referred to in this Chapter: (a) the job titles of the persons responsible for the approval and implementation of the relevant policies and procedures; (b) a description of the measures implementing and monitoring the compliance with, the policies and procedures.
2. An application for authorisation shall contain a description of the procedures put in place by the applicant CSD in compliance with the mechanisms established in accordance with Article 65 of Regulation (EU) No 909/2014. Services and activities of the CSD Article 7 CSD services An application for authorisation shall include detailed descriptions of services and activities, and of the procedures to be applied in the provision of such services and activities, that the applicant CSD provides or intends to provide, covering: (a) core services listed in Section A of the Annex to Regulation (EU) No 909/2014; (b) ancillary services explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014; (c) any other ancillary services permitted under, but not explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014; (d) the investment services and activities subject to Directive 2014/65/EU7 referred to in point (c). Article 8 Information concerning groups
3. Where an applicant CSD is part of a group of undertakings, which includes other CSDs or credit institutions referred to in point (b) of Article 54(2) of Regulation (EU) No 909/2014, the application for authorisation shall contain the following items:

7 OJ […]

EN 21 EN (a) the policies and procedures referred to in Article 26(7) of Regulation (EU) No 909/2014; (b) information on the composition of the senior management, the management body, and the shareholders structure of the parent undertaking and of the other undertakings in the group; (c) the services and key individuals other than senior management that the applicant CSD shares with other undertakings in the group. 2. Where the applicant CSD has a parent undertaking, the application for authorisation shall provide the following: (a) the legal address of the parent undertaking of the applicant CSD; (b) where the parent undertaking is an entity authorised or registered and supervised under Union or third country laws, any relevant registration number and the name of the authority or authorities competent for the supervision of the parent undertaking. 3. Where the applicant CSD has an agreement with an undertaking within the group that provides to the applicant CSD services related to the services provided by a CSD, the application shall contain a description and a copy of that agreement. SECTION 2 Financial resources for the provision of services by the applicant CSD Article 9 Financial reports, business plan, and recovery plan

1. An application for authorisation shall contain the following financial and business information to enable the competent authority to assess compliance of the applicant CSD with Articles 44, 46 and 47 of Regulation (EU) No 909/2014: (a) financial reports including a complete set of financial statements for the preceding three years, and the statutory audit report on the annual and consolidated financial statements within the meaning of Directive 2006/43/EC of the European Parliament and of the Council8 , for the preceding three years; (b) where the applicant CSD is audited by an external auditor, the name and the national registration number of the external auditor;

8 Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC , OJ L 157, 9.6.2006, p. 87

EN 22 EN (c) a business plan, including a financial plan and an estimated budget that foresees various business scenarios for the services provided by the applicant CSD, over a reference period of at least three years. (d) any plan for the establishment of subsidiaries and branches and their location; (e) a description of the business activities that the applicant CSD plans to carry out, including the activities of any subsidiaries or branches of the applicant CSD. 2. Where historical financial information referred to in point (a) of paragraph 1 is not available, an application for authorisation shall contain the following information about the applicant CSD: (a) evidence that demonstrates sufficient financial resources during six months after the granting of an authorisation; (b) an interim financial report, where the financial statements are not yet available for the requested period of time; (c) statements concerning the financial situation of the applicant CSD, such as a balance sheet, income statement, changes in equity and in cash flows and a summary of accounting policies and other relevant explanatory notes; (d) audited annual financial statements of any parent undertaking for the three financial years preceding the date of the application. 3. The application shall contain a description of an adequate recovery plan to ensure continuity of the applicant CSD’s critical operations including: (a) a summary that provides an overview of the plan and its implementation; (b) the identification of the critical operations of the applicant CSD, stress scenarios and events triggering recovery, and a description of recovery tools to be used by the applicant CSD; (c) an assessment of any impact of the recovery plan on stakeholders that are likely to be affected by its implementation; (d) an assessment of the legal enforceability of the recovery plan that takes account of any legal constraints imposed by Union, national or third country laws. SECTION 3 Organisational requirements Article 10

EN 23 EN Organisational chart An application for authorisation shall contain an organisational chart that describes the organisational structure of the applicant CSD. This chart shall include the following: (a) the identity and tasks of the persons responsible for the following positions: (i) senior management; (ii) managers in charge of the operational roles; (iii) managers in charge of the activities of any branches of the applicant CSD; (iv) other significant roles in the operations of the applicant CSD; (b) the number of staff members in each division and operational unit. Article 11 Staffing policies and procedures An application for authorisation shall contain the following information on its policies and procedures related to staff: (a) a description of the remuneration policy, which includes information about the fixed and variable elements of the remuneration of the senior management, the members of the management body and the staff employed in the risk management, compliance and internal control, internal audit and technology functions of the applicant CSD; (b) the measures put in place by the applicant CSD to mitigate the risk of over-reliance on the responsibilities entrusted to any individual person. Article 12 Risk monitoring tools and governance arrangements

1. An application for authorisation shall contain the following information on the governance arrangements and risk monitoring tools of the applicant CSD in accordance with Article 48: (a) a description of the components of the governance arrangements of the applicant CSD; (b) the policies, procedures and systems that identify, measure, monitor, manage and report the risks that the applicant CSD may be exposed to and the risks that the applicant CSD poses to any other entities;

EN 24 EN (c) a description of the composition, role and responsibilities of the members of the management body and senior management and any committees established in accordance with this Regulation. 2. The information referred to in paragraph 1 shall include a description of the processes concerning the selection, appointment, performance evaluation and removal of senior management and members of the management body. 3. The applicant CSD shall describe its procedure to make its governance arrangements and the rules governing its activity available to the public. 4. Where the applicant CSD adheres to a recognised corporate governance code of conduct, the application shall identify any such code, include a copy of that code and justify any situations where the applicant CSD deviates from the code. Article 13 Compliance and internal control function and internal audit function

1. An application for authorisation shall contain a description of the procedures for the internal reporting of infringements referred to in Article 26(5) of Regulation (EU) No 909/2014.
2. An application for authorisation shall contain information regarding its internal audit policies and procedures, including: (a) a description of the monitoring and evaluation tools for the adequacy and effectiveness of the applicant CSD’s internal audit systems; (b) a description of the control and safeguard tools for the applicant CSD’s information processing systems; (c) a description of the development and application of its internal audit methodology; (d) a work plan of the internal audit function for three years following the date of application; (e) a description of the roles and qualifications of each individual who is responsible for internal audit.
3. An application for authorisation shall contain the following information concerning the compliance and internal control function: (a) a description of the roles and qualifications of individuals who are responsible for the compliance and internal control function and of any other staff involved in the assessments of compliance, including a description of the means to ensure the

EN 25 EN independence of the compliance and internal control function from the rest of the business units; (b) the policies and procedures of the compliance and internal control function, including a description of the compliance role of the management body and senior management; (c) where available, the most recent internal report prepared by the persons responsible for the compliance and internal control function or by any other staff involved in the assessments of compliance within the applicant CSD. Article 14 Senior management, management body and shareholders

1. An application for authorisation shall contain, for each member of the senior management and member of the management body, the following information to enable the competent authority to assess compliance of the applicant CSD with Article 27(1) and (4) of Regulation (EU) No 909/2014: (a) a copy of a curriculum vitae which sets out the experience and knowledge of each member; (b) details regarding any criminal and administrative sanctions imposed on a member in connection with the provision of financial or data services or in relation to acts of fraud or misappropriation of funds, in the form of an appropriate official certificate where available in the relevant Member State; (c) a self-declaration of good repute in relation to the provision of financial or data services, where each member of the senior management and management body shall state whether they: (i) have been convicted of any criminal or administrative offence in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement. This self-declaration shall not be required where an official certificate is submitted under point (b); (ii) have been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority, a government body or agency or they are subject to any such ongoing proceedings; (iii) have been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or fraud in the management of a business;

EN 26 EN (iv) have been a member of the management body or senior management of an undertaking whose registration or authorisation was withdrawn by a regulatory body while connected to the undertaking at least one year before the date of withdrawal of authorisation or registration; (v) have been refused the right to carry on any type of activities which require registration or authorisation by a regulatory body; (vi) have been a member of the management body or of senior management of an undertaking against whom insolvency proceedings have been opened at least one year before such proceedings have been opened; (vii) have been a member of the management body or the senior management of an undertaking that was subject to a sanction by a regulatory body while they were connected to the undertaking at least one year before such a sanction was imposed; (viii) have been otherwise fined, suspended, disqualified or subject to any other sanction in connection with the provision of financial or data services by a government, regulatory or professional body; (ix) have been disqualified from acting as a director or in any other managerial capacity, dismissed from employment or other appointment in an undertaking as a result of misconduct or malpractice. 2. The application for authorisation shall include the following information regarding the management body of the applicant CSD: (a) evidence of compliance with Article 27(2) of Regulation (EU) No 909/2014; (b) a description of the roles and responsibilities of the members of the management body; (c) the target for the representation of the underrepresented gender in the management body, the relevant policy on how to meet that target and the method used by the applicant CSD to make public such target, policy and its implementation. 3. The application for authorisation shall contain the following information concerning the ownership structure and shareholders of the applicant CSD: (a) a description of the ownership structure of the applicant CSD referred to in point (i) of Article 5(2) of this Regulation, including a description of the identity and size of interests of any entities in a position to exercise control over the operation of the applicant CSD; (b) a list of the shareholders and persons who are in a position to exercise, directly or indirectly, control over the management of the applicant CSD.

EN 27 EN Article 15 Management of conflicts of interest

1. An application for authorisation shall contain information on the policies and procedures put in place to identify and manage potential conflicts of interest by the applicant CSD in accordance with Article 26(3) and Article 26(7) of Regulation (EU) No 909/2014 and with the requirements on the management of conflicts of interests in accordance with Article
2. Such information shall include the following: (a) a description of the policies and procedures concerning the identification, management and disclosure to the competent authority of potential conflicts of interest and of the process used to ensure that the staff of the applicant CSD is informed of such policies and procedures; (b) a description of the controls and measures put in place to ensure that the requirements referred to in point (a) on the management of conflicts of interest are met; (c) a description of: (i) the roles and responsibilities of key personnel, especially where they also have responsibilities in other entities; (ii) arrangements ensuring that individuals who have a permanent conflict of interest are excluded from the decision making process and from the receipt of any relevant information concerning the matters affected by the permanent conflict of interest; (iii) an up-to-date register of existing conflicts of interest at the time of the application and a description of how such conflicts of interest are managed.
3. Where the applicant CSD is part of a group, the register referred to in point (c) (iii) of paragraph 1 shall include a description of the conflicts of interest arising from other undertakings within the group in relation to any service provided by the applicant CSD, and the arrangements put in place to manage those conflicts of interest. Article 16 Confidentiality
4. An application for authorisation shall include the policies and procedures put in place for preventing the unauthorised use or disclosure of confidential information. Confidential information shall include:

EN 28 EN (a) information relating to participants, clients, issuers or other users of the applicant CSD services; (b) other information held by the applicant CSD as a result of its business activity not permitted to be used for commercial purposes. 2. An application for authorisation shall include the following information concerning the access of staff to information held by the applicant CSD: (a) the internal procedures concerning permissions of access to information that ensure secured access to data; (b) a description of any restrictions on the use of data for reasons of confidentiality. Article 17 User committee An application for authorisation shall include the following information on each user committee: (a) the mandate of the user committee; (b) the governance arrangements of the user committee; (c) the operating procedures of the user committee; (d) the admission criteria and the election mechanism for the members of the user committee; (e) a list of the proposed members of the user committee and the indication of interests that they represent. Article 18 Record keeping

1. Without prejudice to paragraph 2, an application for authorisation shall contain a description of the record-keeping systems, policies and procedures of the applicant CSD, established and maintained in accordance with Article 29 of Regulation (EU) No 909/2014 and Chapter VII of this Regulation.
2. Where an applicant CSD applies for authorisation before the date of application of Article 54, the application for authorisation shall contain the following information:

EN 29 EN (a) an analysis of the extent to which the applicant CSD’s existing record-keeping systems, policies and procedures are compliant with the requirements under Article 54; (b) an implementation plan detailing how the applicant CSD will comply with the requirements referred to in Article 54 by the date on which it becomes applicable. SECTION 4 Conduct of business rules Article 19 Goals and objectives An application for authorisation shall contain a description of the goals and objectives of the applicant CSD in accordance with Article 32(1) of Regulation (EU) No 909/2014. Article 20 Handling of complaints An application for authorisation shall contain the procedures the applicant CSD has established for the handling of complaints. Article 21 Requirements for participation An application for authorisation shall contain all necessary information concerning the participation in the securities settlement system(s) operated by the applicant CSD in accordance with Article 33 of Regulation (EU) No 909/2014 and this Regulation. Such information shall include the following: (a) the criteria for participation that allow fair and open access for all legal persons that intend to become participants in the securities settlement system(s) operated by the applicant CSD; (b) the procedures for the application of disciplinary measures against existing participants that do not comply with the criteria for participation. Article 22 Transparency

EN 30 EN

1. An application for authorisation shall include the documents and information on the pricing policy of the applicant CSD concerning services referred to in Article 34 of Regulation (EU) No 909/2014. Such information shall include in particular the prices and fees for each core service provided by the applicant CSD and any existing discounts and rebates, as well as the conditions for such reductions.
2. The applicant CSD shall provide the competent authority with a description of methods used to disclose the relevant information in accordance with Article 34(1) to (5) of Regulation (EU) No 909/2014.
3. An application for authorisation shall contain information allowing the competent authority to assess how the applicant CSD intends to comply with the requirements to account separately for costs and revenues in accordance with Article 34(7) of Regulation (EU) No 909/2014. Article 23 Communication procedures with participants and other market infrastructures An application for authorisation shall contain the relevant information concerning the use by the applicant CSD of international open communication procedures and standards for messaging and reference data in its communication procedures with participants and other market infrastructures. SECTION 5 Requirements for services provided by CSDs Article 24 Book-entry form An application for authorisation shall contain information on the processes concerning book entries that ensure the compliance of the applicant CSD with Article 3 of Regulation (EU) No 909/2014. Article 25 Intended settlement dates and measures for preventing and addressing settlement fails
4. Without prejudice to paragraph 2, an application for authorisation shall contain the following information:

EN 31 EN (a) the rules and procedures concerning the measures to prevent settlement fails in accordance with Articles 6 of Regulation (EU) No 909/2014 and the delegated act adopted by the Commission pursuant to Article 6(5) of Regulation (EU) No 909/2014; (b) the details of the measures to address settlement fails in accordance with Articles 7 of Regulation (EU) No 909/2014 and the delegated act adopted by the Commission pursuant to Article 7(15) of Regulation (EU) No 909/2014. 2. Where an applicant CSD applies for authorisation before the date of entry into force of the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014, the application for authorisation shall contain: (a) an analysis of the extent to which the applicant CSD’s existing rules, procedures, mechanisms and measures comply with the requirements under the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014; and (b) an implementation plan detailing how the applicant CSD will comply with the requirements under the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014 by the date of their entry into force. Article 26 Integrity of the issue An application for authorisation shall contain information concerning the applicant CSD’s rules and procedures for ensuring the integrity of securities issues as referred to in Article 37 of Regulation (EU) No 909/2014 and Chapter VIII of this Regulation. Article 27 Protection of participants' and their clients’ securities An application for authorisation shall contain the following information concerning the measures put in place to protect the securities of the applicant CSD's participants and those of their clients in accordance with Article 38 of Regulation (EU) No 909/2014: (a) the rules and procedures to reduce and manage the risks associated with the safekeeping of securities; (b) a detailed description of the different levels of segregation offered by the applicant CSD, a description of the costs associated with each level, the commercial terms on which they are offered, their main legal implications and the applicable insolvency law;

EN 32 EN (c) the rules and procedures for obtaining the consents referred to in Article 38(7) of Regulation (EU) No 909/2014. Article 28 Settlement finality An application for authorisation shall contain information concerning the rules on settlement finality put in place in accordance with Article 39 of Regulation (EU) No 909/2014. Article 29 Cash settlement

1. An application for authorisation shall contain the procedures for the settlement of the cash payments for each securities settlement system that the applicant CSD operates in accordance with Article 40 of Regulation (EU) No 909/2014.
2. The applicant CSD shall provide information about whether the settlement of the cash payments is provided in accordance with Article 40(1) or (2) of Regulation (EU) No 909/2015. If the settlement of the cash payments is intended to take place in accordance with Article 40(2) of Regulation (EU) No 909/2014, the applicant CSD shall explain why settlement in accordance with Article 40(1) of Regulation (EU) No 909/2014 is not practical and available. Article 30 Participant default rules and procedures An application for authorisation shall contain the rules and procedures put in place to manage the default of a participant. Article 31 Transfer of participants and clients’ assets in case of a withdrawal of authorisation An application for authorisation shall contain information concerning the procedures put in place to ensure the timely and orderly settlement and transfer of the assets of clients and participants to another CSD in the event of a withdrawal of its authorisation. SECTION 6

EN 33 EN Prudential requirements Article 32 Legal risks

1. An application for authorisation shall contain information enabling the competent authority to assess that the rules, procedures, and contracts of the applicant CSD are clear, understandable and enforceable in all relevant jurisdictions in accordance with Article 43(1) and (2) of Regulation (EU) No 909/2014.
2. Where the applicant CSD intends to conduct business in different jurisdictions, it shall provide the competent authority with information concerning the measures put in place to identify and mitigate the risks arising from potential conflicts of laws across jurisdictions in accordance with Article 43(3) of Regulation (EU) No 909/2014. This information shall include any legal assessment on which those measures are based. Article 33 General business risks
3. The applicant CSD shall provide the competent authority with a description of the risk management and control systems as well as the IT tools put in place by the CSD to manage business risks in accordance with Article 44 of Regulation (EU) No 909/2014.
4. Where the applicant CSD has obtained a risk rating from a third party, it shall provide it to the competent authority including any relevant information supporting that risk rating. Article 34 Operational risks
5. An application for authorisation shall contain information that demonstrates the applicant CSD is compliant with the requirements for the management of operational risks in accordance with Article 45 of Regulation (EU) No 909/2014 and Chapter IX of this Regulation.
6. An application for authorisation shall also contain information concerning the outsourcing by the applicant CSD of services or activities to third parties in accordance with Article 30 of Regulation (EU) No 909/2014. Such information shall include: (a) a copy of the contracts governing the outsourcing arrangements of the applicant CSD; (b) the methods used to monitor the service level of the outsourced functions.

EN 34 EN Article 35 Investment policy An application for authorisation shall include evidence demonstrating that: (a) the applicant CSD holds its financial assets in accordance with Article 46(1), (2) and (5) of Regulation (EU) No 909/2014 and Chapter X of this Regulation. (b) the investments of the applicant CSD are compliant with Article 46(3) of Regulation (EU) No 909/2014 and Chapter X of this Regulation. Article 36 Capital requirements An application for authorisation shall include the following information concerning the capital requirements: (a) information demonstrating that the capital of the applicant CSD, including retained earnings and reserves of the applicant CSD, meets the requirements of Article 47 of Regulation (EU) No 909/2014 and the delegated act adopted by the Commission pursuant to Article 47(3) of Regulation (EU) No 909/2014. (b) the plan referred to in Article 47(2) of Regulation (EU) No 909/2014 and any updates to that plan, and evidence of its approval by the management body or an appropriate committee of the management body of the applicant CSD. SECTION 7 Article 37 CSD links Where the applicant CSD has established or intends to establish CSD links, the application for authorisation shall contain: (a) a description of the CSD links accompanied by assessments of link arrangements by the applicant CSD; (b) the expected or actual settlement volumes and values of the settlement performed within the CSD links; (c) the procedures concerning the identification, assessment, monitoring and management of all potential sources of risk for the applicant CSD and for its participants arising from the link arrangement and the appropriate measures put in place to mitigate them;

EN 35 EN (d) an assessment of the applicability of insolvency laws applicable to the operation of a CSD link and their implications for the applicant CSD; (e) other relevant information requested by the competent authority for assessing the compliance of CSD links with the requirements provided in Article 48 of Regulation (EU) No 909/2014 and Chapter XI of this Regulation. SECTION 8 Access to CSDs Article 38 Access rules An application for authorisation shall contain a description of the procedures for dealing with requests for access: (a) from legal persons that wish to become participants in accordance with Article 33 of Regulation (EU) No 909/2014 and Chapter XII of this Regulation; (b) from issuers in accordance with Article 49 of Regulation (EU) No 909/2014 and Chapter XII of this Regulation; (c) from other CSDs in accordance with Article 52 of Regulation (EU) No 909/2014 and Chapter XII of this Regulation; (d) from other market infrastructures in accordance with Article 53 of Regulation (EU) No 909/2014 and Chapter XII of this Regulation. SECTION 9 Additional information Article 39 Additional Information The competent authority may request from the applicant CSD any additional information necessary for assessing whether, at the time of the authorisation, the applicant CSD complies with the requirements of Regulation (EU) No 909/2014 and the delegated and implementing acts adopted by the Commission pursuant to Regulation (EU) No 909/2014 at the time of the authorisation. CHAPTER IV

EN 36 EN CONDITIONS FOR PARTICIPATIONS OF CSDS IN ENTITIES WHICH DO NOT PROVIDE SERVICES LISTED IN SECTIONS A AND B OF THE ANNEX TO REGULATION (EU) NO 909/2014 (Article 18(3) of Regulation No 909/2014) Article 40 Criteria for participations of a CSD In granting the approval for a CSD’s participation in a legal person which does not provide the services listed in Sections A and B of the Annex to Regulation (EU) No 909/2014, the competent authority shall take into account the following criteria: (a) the extent of the financial liabilities assumed by the CSD as a result of that participation; (b) whether the CSD holds sufficient financial resources that fulfil the criteria referred to in Article 46 of Regulation (EU) No 909/2014 to cover the risks resulting from the following: (i) the guarantees given by the CSD to that legal person; (ii) any contingent obligations undertaken by the CSD in favour of that legal person; (iii) any loss sharing agreements or recovery mechanism of that legal person. (c) whether the legal person in which the CSD holds a participation provides services that are complementary to the core services offered by the CSD, as referred to in Article 18(4) of Regulation (EU) No 909/2014, such as: (i) a CCP authorised or recognised under Regulation (EU) No 648/2012 of the European Parliament and of the Council9 ; or (ii) a trading venue as defined in point (42) of Article 2(1) of Regulation (EU) No 909/2014; (d) whether the participation of the CSD results in the control by the CSD over the legal person as defined in point (21) of Article 2(1) of Regulation (EU) No 909/2014; (e) the thoroughness of the CSD’s analysis of the risks arising from that participation, including any analysis approved by an independent internal or external auditor, demonstrating that all risks resulting from the participation are adequately managed, covering at least:

9 Regulation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repo lation (EU) No 648/2012 of the European Parliament and of the Council of 4 July 2012 on OTC derivatives, central counterparties and trade repositories stories (OJ L 201, 27.7.2012, p.1).

EN 37 EN (i) the strategic justification for the participation, which takes into account the interests of the users of the CSD, including issuers, participants and their clients; (ii) the financial risks and liabilities resulting from a participation of the CSD. CHAPTER V REVIEW AND EVALUATION (Article 22 of Regulation No 909/2014) Article 41 Information to be provided to the competent authority

1. For the purpose of the review and evaluation referred to in Article 22(1) of Regulation (EU) No 909/2014, a CSD shall provide the following information to its competent authority: (a) the information referred to in Articles 42 and 43, (b) a report on the CSD’s activities and the substantive changes referred to in Article 16(4) of Regulation (EU) No 909/2014 made during the review period and all related documents; (c) any additional information requested by the competent authority that is necessary for assessing the compliance of the CSD and its activities with Regulation (EU) No 909/2014 and Regulations [RTS] during the review period.
2. The report referred to under point (b) of paragraph 1 shall include a declaration by a CSD of an overall compliance with the provisions of Regulation (EU) No 909/2014 and the delegated and implementing acts under Regulation (EU) No 909/2014 during the review period. Article 42 Periodic information relevant for the reviews For each review period, the CSD shall provide the competent authority with the following information: (a) a complete set of the latest audited financial statements of the CSD, including those consolidated at group level; (b) a summarised version of the most recent interim financial statements of the CSD;

EN 38 EN (c) any decisions of the management body following the advice of the user committee, as well as any decisions where the management body has decided not to follow the advice of the user committee; (d) information on any pending civil, administrative or any other judicial or extrajudicial proceedings involving the CSD, in particular in relation to matters concerning tax and insolvency, or matters that may cause financial or reputational costs for the CSD; (e) information on any pending civil, administrative or any other judicial or extrajudicial, proceedings involving a member of the management body or a member of the senior management that may have an negative impact on the CSD; (f) any final decisions resulting from the proceedings referred to in points (d) and (e); (g) a copy of the results of business continuity stress tests or similar exercises performed during the review period; (h) a report on the operational incidents that occurred during the review period and affected the smooth provision of any core services, the measures taken to address them and the results thereof; (i) a report on the performance of the securities settlement system, including an assessment of the system’s availability during the review period; the system’s availability shall be measured on a daily basis as the percentage of time the system is available for settlement; (j) a summary of the types of manual intervention performed by the CSD; (k) information concerning the identification of the CSD’s critical operations, any substantive changes to its recovery plan, the results of stress scenarios, the recovery triggers and the recovery tools of the CSD; (l) information on any formal complaints received by the CSD during the review period including information on: (i) the nature of the complaint; (ii) how the complaint was handled, including the outcome of the complaint; (iii) the date when the treatment of the complaint ended; (m) information concerning the cases where the CSD denied access to its services to any existing or potential participant, any issuer, another CSD or another market infrastructure; (n) a report on changes affecting any CSD links established by the CSD, including changes to the mechanisms and procedures used for the settlement in such CSD links;

EN 39 EN (o) information concerning all cases of identified conflicts of interests that materialised during the review period, including the description of how they were managed; (p) information concerning internal controls and audits performed by the CSD during the review period; (q) information concerning any identified infringements of Regulation (EU) No 909/2014, including those identified through the reporting channel referred to in Article 26(5) of Regulation (EU) No 909/2014; (r) detailed information concerning any disciplinary actions taken by the CSD, including any cases of suspension of participants in accordance with Article 7(9) of Regulation No 909/2014 with a specification of the period of suspension and the reason for such suspension; (s) the general business strategy of the CSD covering a period of at least three years after the last review and evaluation and a detailed business plan for the services provided by the CSD covering at least a period of one year after the last review and evaluation; Article 43 Statistical data to be delivered for each review and evaluation

1. For each review period, the CSD shall provide the competent authority with the following statistical data: (a) a list of the participants of each securities settlement system operated by the CSD, including information on their country of incorporation; (b) a list of issuers and a list of securities issues recorded in securities accounts centrally and not centrally maintained in each securities settlement system operated by the CSD, including information on the country of incorporation of the issuers, and an identification of the issuers to whom the CSD provides the services referred to in points (1) and (2) of Section A of the Annex to Regulation (EU) No 909/2014; (c) the total market value and nominal value of the securities recorded in securities accounts centrally and not centrally maintained in each securities settlement system operated by the CSD; (d) the nominal and market value of the securities referred to in point (c) divided as follows: (i) by type of financial instruments, as follows: a. transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU;

EN 40 EN b. sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU; c. transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU, other than those mentioned under point b); d. transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU; e. exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/CE (ETF); f. units in collective investment undertakings, other than ETFs; g. money-market instruments, other than those mentioned under point b); h. emission allowances; i. other financial instruments; (ii) by country of incorporation of the participant; and (iii) by country of incorporation of the issuer; (e) the nominal and market value of the securities initially recorded in each securities settlement system operated by the CSD; (f) the nominal and market value of the securities referred to in point (e) divided as follows: (i) by types of financial instruments referred to in point (d)(i); (ii) by country of incorporation of the participant; and (iii) by country of incorporation of the issuer. (g) the total number and market value of the settlement instructions against payment and the total number and market value of the free of payment (FOP) settlement instructions settled in each securities settlement system operated by the CSD; where the market value of the FOP settlement instructions is not available, the nominal value of the FOP settlement instructions; (h) the total number and value of the settlement instructions referred to in point (g) divided as follows: (i) by types of financial instruments referred to in point (d); (ii) by country of the incorporation of the participant;

EN 41 EN (iii) by country of incorporation of the issuer; (iv) by settlement currency; (v) by type of settlement instructions, as follows: a. a free of payment (FOP) settlement instructions that consist of deliver free of payment (DFP) and receive free of payment (RFP) settlement instructions; b. delivery versus payment (DVP) and receive versus payment (RVP) settlement instructions; c. delivery with payment (DWP) and receive with payment (RWP) settlement instructions; d. payment free of delivery (PFOD) settlement instructions. (vi) for settlement instructions against payment, by whether the cash leg is settled in accordance with Article 40(1) of Regulation (EU) No 909/2014 or in accordance with Article 40(2) of Regulation EU) No 909/2014; (i) the number and value of buy-in transactions referred to in Article 7(3) and (4) of Regulation (EU) No 909/2014; (j) the number and amount of penalties referred to in Article 7(2) of Regulation (EU) No 909/2014 per participant; (k) the total value of securities borrowing and lending operations processed by the CSD acting as an agent and as principal for each type of financial instruments referred to in point (d)(i); (l) the total value of settlement instructions settled via each CSD link, from the perspective of the CSD as: (i) requesting CSD; (ii) receiving CSD. (m) the value of guaranties and commitments related to securities borrowing and lending operations; (n) the value of treasury activities involving foreign exchange and transferable securities related to managing participants’ long balances including categories of institutions whose long balances are managed by the CSD;

EN 42 EN (o) the number of reconciliation problems related to undue creation or deletion of securities in securities issues recorded in securities accounts centrally and not centrally maintained by the CSD referred to in Article 65(2); (p) the mean, median, and mode for the length of time taken to remedy the error identified according to Article 65(2). 2. The value referred to in this Article shall be calculated as follows: (a) in the case of settlement instructions against payment, the settlement amount of the cash leg; (b) in the case of FOP settlement instructions, the market value of the financial instruments or, if not available, the nominal value of the financial instruments. The market value referred to in this article shall be calculated on the last day of the review period as follows: (a) for financial instruments referred to in Article 3(1) of Regulation (EU) No 600/2014 admitted to trading on a trading venue within the Union, the market value shall be determined on the basis of the closing price of the most relevant market in terms of liquidity referred to in Article 4(6)(b) of Regulation (EU) No 600/2014; (b) for financial instruments admitted to trading on a trading venue within the Union other than those referred to in point (a), the market value shall be determined on the basis of the closing price of the trading venue within the Union with the highest turnover; (c) for financial instruments other than those referred to in points (a) and (b) the market value shall be determined on the basis of a price calculated using a pre-determined methodology that refers to criteria related to market data, such as market prices available across trading venues or investment firms. 3. The CSD shall provide the values referred to in paragraph 1 in the currency in which the securities are denominated, settled or in which credit is extended. The competent authority may request the CSD to provide these values in the currency of the home Member State of the CSD or in Euro. 4. For the purposes of statistical reporting by a CSD, the competent authority may determine algorithms or principles for data aggregation. Article 44 Other information Documents submitted by the CSD to the competent authority shall indicate the following:

EN 43 EN (a) whether a document is provided for the first time or is a document that has already been provided and has been updated during the review period; (b) the unique reference number of the document assigned by the CSD; (c) the title of the document; (d) the chapter, section or page of the document where changes have been introduced during the review period and any additional explanation in relation to the changes introduced during the review period. Article 45 Information to be supplied to relevant authorities and, where applicable, to the authority referred to in Article 67 of Directive 2014/65/EU For each review period, the competent authority shall supply to the relevant authorities and, where applicable, to the authority referred to in Article 67 of Directive 2014/65/EU, the following information: (a) a report on the evaluation by the competent authority of the risks to which the CSD is or might be exposed or which it creates for the smooth functioning of securities markets; (b) any envisaged or final remedial actions or penalties against the CSD as a result of the review and evaluation. Where applicable, the report referred to in point (a) shall include the results of the competent authority’s analysis of how the CSD complies with the requirements referred to in Article 25(2), and the relevant documents and information referred to in Article 25(2) submitted by the CSD. Article 46 Exchange of information between competent authorities in accordance with Article 22(8) of Regulation (EU) No 909/2014

1. During the review and evaluation, the competent authority shall send any relevant information provided by the CSD in connection to shared staff, shared key individuals, shared functions, shared services or shared systems, to the competent authorities which maintain the types of relations referred to in points (a), (b) and (c) of Article 17(6) of Regulation (EU) No 909/2014 within 10 working days from the receipt of such information.
2. After performing a review and evaluation, the competent authority shall send the following information to the competent authorities responsible for supervising CSDs that

EN 44 EN maintain the types of relations referred to in referred to in points (a), (b) and (c) of Article 17(6) of Regulation (EU) No 909/2014: (a) a report on the evaluation by the competent authority of the risks to which the CSD is or might be exposed or which it creates for the smooth functioning of securities markets; (b) any envisaged or final remedial actions or penalties against the CSD as a result of the review and evaluation. CHAPTER VI RECOGNITION OF A THIRD-COUNTRY CSD (Article 25(6) of Regulation (EU) No 909/2014) Article 47 Content of the application

1. An application for recognition shall contain the relevant information set out in paragraphs 2 and 3 of this Article and in Annex I.
2. An application for recognition shall fulfil the following requirements: (a) it shall be provided in a durable medium; (b) it shall be submitted in both paper form and electronic form, the latter using open source formats that may be read easily; (c) it shall be submitted in a language customary in the sphere of international finance, including translations where original documents are not written in a language customary in the sphere of international finance; (d) a unique reference number shall be given to each document.
3. The applicant CSD shall include evidence certifying that it is duly authorised and supervised in the relevant third country and that it effectively complies with the legal and supervisory arrangements in that third country. Where the third country CSD intends to provide the core services referred to in points (1) and (2) of Section A of the Annex to Regulation (EU) No 909/2014, the application shall include the description of the measures that the third-country CSD intends to take to allow its users to comply with the relevant law of the Member State in which the third-country CSD intends to provide such services as referred to in point (d) of Article 25(4) of Regulation (EU) No 909/2014 .

EN 45 EN CHAPTER VI RISK MONITORING TOOLS (Article 26(1) to (7) of Regulation (EU) No 909/2014) Article 48 Risk monitoring tools of CSDs referred to in Article 26(1) of Regulation (EU) No 909/2014

1. A CSD shall establish documented policies, procedures and systems that identify, measure, monitor, manage and report the risks that the CSD may be exposed to and the risks that the CSD poses to any other entities such as its participants and their clients, as well as linked CSDs, CCPs, trading venues, payment systems, settlement banks, liquidity providers and investors. In establishing risk-management policies, procedures and systems, a CSD shall structure them in such a way as to incentivise users and, where relevant, their clients to properly manage and address the risks they pose to the CSD.
2. The components of the governance arrangements of the CSD shall include: (a) the composition, role, responsibilities, procedures for appointment, performance assessment and accountability of the management body and of its committees; (b) the structure, role, responsibilities, procedures for appointment, performance assessment and accountability of the senior management; (c) the reporting lines between the senior management and the management body; (d) the description of the risk management, technology, compliance and internal control, and internal audit functions. The components of the governance arrangements referred to in the first subparagraph shall be clearly specified and well documented.
3. A CSD shall establish the following functions: (a) a risk management function; (b) a technology function; (c) a compliance and internal control function; (d) an internal audit function.

EN 46 EN Each function shall have the necessary authority, resources, expertise and access to all relevant information to carry out its role, and shall be independent from the other functions and/or business lines of the CSD they monitor. 4. A CSD shall establish the following committees: (a) a risk committee; (b) an audit committee; (c) a remuneration committee. The risk committee shall be responsible for advising the management body on the CSD’s overall current and future risk tolerance and strategy. The risk committee shall be chaired by a person with appropriate risk management experience and who is independent from the CSD’s executive members of the management body. Where members of the management body act also as members of the risk committee, the risk committee shall be composed of a majority of non-executive members of the management body. The risk committee shall have a clear and publicly available mandate, procedures and access to external expert advice where necessary. The audit committee shall be responsible for advising the management body on the performance of the CSD’s independent internal audit function, which it shall oversee. The audit committee shall be chaired by a person with appropriate audit experience and who is independent from the CSD’s executive members of the management body. Where members of the management body act also as members of the audit committee, the audit committee shall be composed of a majority of non-executive members of the management body. The audit committee shall have a clear and publicly available mandate, procedures and access to external expert advice where necessary. The remuneration committee shall be responsible for advising the management body on the CSD’s remuneration policy, which it shall oversee. The remuneration committee shall be chaired by a person with appropriate experience and who is independent from the CSD’s executive members of the management body. Where members of the management body act also as members of the remuneration committee, the remuneration committee shall be composed of a majority of non-executive members of the management body. The remuneration committee shall have a clear and publicly available mandate, procedures and access to external expert advice where necessary. Article 49 Responsibilities of key personnel in respect to the risks referred to in Article 26(1) of Regulation (EU) No 909/2014

EN 47 EN

1. A CSD shall have adequate staff to meet its obligations. A CSD shall not share staff with other group entities, unless it does so under the terms of a written outsourcing arrangement.
2. The management body shall assume at least the following responsibilities: (a) establish well-documented policies, procedures and processes by which the management body, senior management and any committees shall operate; (b) establish clear objectives and strategies for the CSD; (c) effectively monitor senior management; (d) establish adequate remuneration policies; (e) ensure the set-up and the surveillance of the risk management function and the taking of material decisions related to risk management; (f) ensure the independence and adequate resources of the risk management function, technology function, compliance and internal control function and internal audit function; (g) monitor outsourcing arrangements; (h) monitor and ensure compliance with all relevant regulatory and supervisory requirements; (i) be accountable to shareholders or other owners, employees, users and other relevant stakeholders; (j) approve internal audit planning and review; (k) review and update regularly the governance arrangements of the CSD. Where the management body or its members delegate tasks, they shall retain the responsibility for decisions that may affect the smooth provision of services by the CSD. The CSD’s management body shall hold the final responsibility for managing the CSD’s risks. The management body shall define, determine and document an appropriate level of risk tolerance and risk bearing capacity for the CSD and for all the services that the CSD provides. The management body and senior management shall ensure that the CSD’s policies, procedures and controls are consistent with the CSD’s risk tolerance and risk bearing capacity and that these policies, procedures and controls address how the CSD identifies, reports, monitors and manages risks.
3. The senior management shall have at least the following responsibilities:

EN 48 EN (a) ensure consistency of the activities of the CSD with the objectives and strategy of the CSD as determined by the management body; (b) design and establish risk management, technology, compliance and internal control procedures that promote the objectives of the CSD; (c) subject the risk management, technology, compliance and internal control procedures to regular review and testing; (d) ensure that sufficient resources are devoted to risk management, technology, compliance and internal control, and internal audit. 4. A CSD shall establish lines of responsibility that are clear, consistent and well￾documented. A CSD shall have clear and direct reporting lines between the members of its management body and the senior management in order to ensure that the senior management is accountable for its performance. The reporting lines for the risk management function, compliance and internal control function and internal audit function shall be clear and separate from those for the operations of the CSD. 5. The chief risk officer, the chief technology officer, the chief compliance officer, and the internal audit function shall have direct access to the management body. 6. A CSD shall have a chief risk officer who shall implement the risk management framework including the policies and procedures established by the management body. 7. A CSD shall have a chief technology officer who shall implement the technology framework including the policies and procedures established by the management body. 8. A CSD shall have a chief compliance officer who shall implement the compliance and internal control framework including the policies and procedures established by the management body. 9. A CSD shall ensure that the functions of the chief risk officer, chief compliance officer and chief technology officer are carried out by different individuals, who shall be employees of the CSD or of an entity from the same group as the CSD. A single individual shall have the responsibility for each of these functions. 10. The individuals that are chief risk officer, chief compliance officer or chief technology officer may undertake other duties within the CSD provided that specific procedures are put in place in the governance arrangements to identify and manage any conflict of interest that may arise from such duties. Article 50 Conflicts of interest

EN 49 EN

1. A CSD shall put in place a policy in relation to conflicts of interest arising or affecting the CSD or its activities, including with respect to outsourcing arrangements.
2. Where a CSD is part of a group of undertakings, its organisational administrative arrangements shall take into account any circumstances, of which the CSD is or should be aware, which may give rise to a conflict of interest arising as a result of the structure and business activities of other undertakings of the same group.
3. Where a CSD shares the functions of chief risk officer, chief compliance officer, chief technology officer, or internal audit with other entities of the group, the governance arrangements shall ensure that related conflicts of interest at group level are appropriately managed.
4. The organisational and administrative arrangements referred to in Article 26(3) of Regulation (EU) No 909/2014 shall include a description of the circumstances which may give rise to a conflict of interest entailing a material risk of damage to the interests of one or more users of the CSD, or their clients, the procedures to be followed and measures to be adopted to manage those conflicts of interest.
5. The identification of the conflicts of interest referred to in paragraph 1 shall take into account whether a member of the management body, senior management or staff of the CSD, or any person directly or indirectly linked to such individuals or to the CSD: (i) has a personal interest in the use of the services, materials and equipment of the CSD for the purposes of another commercial activity; (ii) holds a personal or financial interest in another entity that enters into contracts with the CSD; (iii) holds a participation or a personal interest in another entity that provides services used by the CSD, including any entity to which the CSD outsources services or activities; (iv) has a personal interest in an entity that uses the service of the CSD; (v) is related to any legal or natural person that has influence on the operations of any entity that provides the services used by the CSD or uses the services provided by the CSD; (vi) sits on the management body or any other bodies or committees of any entity that provides the services of which are used by the CSD or uses the services provided for the CSD. Direct or indirect link to a natural person shall include all cases of the immediate family, such as the spouse or legal partner, family members in direct ascending or descending line up to the second degree and their spouses or legal partners, the siblings and their spouse or legal

EN 50 EN partners, and any person having the same domicile or habitual residence as the employees, managers or members of the management body. 6. A CSD shall take all reasonable steps to prevent any misuse of the information held in its systems and shall prevent the use of that information for other business activities. A natural person who has access to information recorded in a CSD or a legal person that belongs to the same group as the CSD shall not use information recorded in that CSD for any commercial purposes without prior written consent of the user or other user of the CSD to whom such information refers. Article 51 Audit methods

1. The internal audit function of a CSD shall: (a) establish, implement and maintain an all-encompassing audit plan to examine and evaluate the adequacy and effectiveness of the CSD’s systems, risk management processes, internal control mechanisms, remuneration policies, governance arrangements, activities and operations, including outsourced activities; (b) review and report the audit plan to the competent authority at least annually; (c) establish a comprehensive risk-based audit; (d) issue recommendations based on the result of work carried out in accordance with point (a) and verify compliance with those recommendations; (e) report internal audit matters to the management body; (f) be independent from the senior management and report directly to the management body; (g) ensure that special audits may be performed at short notice on an event-driven basis.
2. Where the CSD belongs to a group the internal audit function may be carried out at group level provided that: (a) it is separate and independent from other functions and activities of the group; (b) it has a direct reporting line to the management body of the CSD; (c) the arrangement concerning the operation of the internal audit function does not prevent the exercise of supervisory and oversight functions, including on-site access to acquire any relevant information needed to fulfil those functions.

EN 51 EN 3. Internal audit assessments shall include an on-going monitoring of the performance of the internal audit activity and periodic reviews performed through self-assessment or by other persons within the CSD or the group with sufficient knowledge of internal audit practices. An external assessment of the internal audit function shall be conducted by a qualified and independent assessor from outside the CSD and its group structure at least once every five years. 4. A CSD’s operations, risk management processes, internal control mechanisms and records shall be subject to independent internal or external audits, to be performed, at least every two years. The frequency shall be based on a documented risk assessment. 5. A CSD’s financial statement shall be prepared on an annual basis and be audited by statutory auditors or audit firms within the meaning of Directive 2006/43/EC of the European Parliament and of the Council. Article 52 Sharing audit findings with the user committee

1. A CSD shall share audit findings with the user committee in accordance with Article 26(6) of Regulation (EU) No 909/2014 in any of the following cases: (a) where such findings relate to the mandate of the user committee and in particular where such findings concern key arrangements that impact the users of the CSD, including the criteria for accepting issuers or users to their respective securities settlement systems operated by the CSDs; (b) such findings may impact the level of provision of services by a CSD, including ensuring business continuity.
2. Members of the user committee shall not be provided with information that could place such members at a competitive advantage. CHAPTER VII RECORD-KEEPING (Article 29(3) of Regulation (EU) No 909/2014) Article 53 General Requirements

EN 52 EN

1. A CSD shall maintain full and accurate records of all its activities as specified in this Regulation at all times, including during disruption events when the business continuity policy and disaster recovery plans are activated. Such records shall be readily accessible.
2. The records kept by a CSD shall cover separately each individual service provided by the CSD in accordance with Regulation (EU) No 909/2014.
3. A CSD shall keep records in a durable medium that allows information to be provided to the authorities referred to in Article 29(2) of Regulation (EU) No 909/2014. The record keeping system shall ensure that all of the following conditions are met: (a) each key stage of the processing of records by the CSD may be reconstituted; (b) the original content of a record before any corrections or other amendments may be recorded, traced and retrieved; (c) measures are put in place to prevent unauthorised alteration of records; (d) measures are put in place to ensure the security and confidentiality of the data recorded; (e) a mechanism for identifying and correcting errors is incorporated in the record keeping system; (f) the timely recovery of the records in the case of a system failure is ensured within the record keeping system. Article 54 Transaction/Settlement Instruction (Flow) Records
4. A CSD shall maintain records of all transactions, settlement instructions and orders concerning settlement restrictions that it processes and it shall ensure that its records include all necessary information to accurately identify them.
5. In relation to every settlement instruction and order concerning settlement restrictions received, a CSD shall, immediately upon receiving the relevant information, make and keep updated a record of the following details, depending on whether the settlement instruction or settlement restrictions covers securities or cash only, or both securities and cash: (a) type of settlement instruction as referred to in point (h)(v) of Article 43(1); (b) type of transaction, as follows: (i) purchase or sale of securities;

EN 53 EN (ii) collateral management operations; (iii) securities lending/borrowing operations; (iv) e-purchase transactions; (v) others; (c) unique instruction reference of the participant; (d) trade date; (e) intended settlement date; (f) settlement timestamp; (g) timestamp of the moment of entry of the settlement instruction into the securities settlement system; (h) timestamp of the moment of irrevocability of the settlement instruction; (i) matching timestamp in case of matched settlement instructions; (j) securities account identifier; (k) cash account identifier; (l) settlement bank identifier; (m) identifier of the instructing participant; (n) identifier of the instructing participant’s counterpart; (o) identifier of the instructing participant’s client, where known to the CSD; (p) identifier of the client of the instructing participant’s counterpart, where known to the CSD; (q) securities identifier; (r) settlement currency; (s) settlement cash amount; (t) quantity or nominal amount of securities; (u) status of the settlement instruction covering:

EN 54 EN (i) pending instructions which can still settle on ISD; (ii) failed settlement instructions which cannot settle anymore on ISD; (iii) fully settled settlement instructions; (iv) partially settled settlement instructions, including the settled part and the missing part of either financial instruments or cash; (v) cancelled settlement instructions, including information whether it is cancelled by the system or by the participant. For each of the categories of settlement instructions above, the following information shall be recorded: (i) whether an instruction is matched or not matched; (ii) whether an instruction can settle partially; (iii) whether an instruction is on hold; (iv) where relevant, what the reasons are for instruction being pending or failing. (v) place of trading; (w) if applicable, place of clearing; (x) where a buy-in process is initiated in accordance with Article 7(3) of Regulation (EU) No 909/2014, the following details regarding: (i) the final results of the buy-in process on the last business day of the deferral period at the latest, including the number and value of the bought-in financial instruments if the buy-in is successful; (ii) if applicable, payment of cash compensation,including the amount of the cash compensation; (iii) if applicable, cancellation of the initial settlement instruction. (iv) for each settlement fail, the amount of the penalties referred to in Article 7(2) of Regulation (EU) No 909/2014. Article 55 Position (Stock) Records

EN 55 EN

1. A CSD shall keep records of positions corresponding to all securities accounts that it maintains. Separate records shall be held for each account kept in accordance with Article 38 of Regulation (EU) No 909/2014.
2. A CSD shall keep records of the following: (a) identifiers of issuers for which the CSD provides the core service referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014; (b) identifier of each securities issue for which the CSD provides the core services referred to in point 1 or 2 of Section A of the Annex to of Regulation (EU) No 909/2014; (c) identifier of each securities issue recorded in securities accounts not centrally maintained by the CSD; (d) identifier of the issuer CSD or of the relevant third country entity performing similar functions to an issuer CSD for each securities issue referred to in point (c); (e) for each securities issue referred to in points (b) and (c), the law under which the securities recorded by the CSD are constituted; (f) country of incorporation of the issuers of each securities issue referred to in points (b) and (c); (g) issuers’ securities accounts identifiers, in the case of issuer CSDs; (h) issuers’ cash accounts identifiers, in the case of issuer CSDs; (i) identifiers of settlement banks used by each issuer, in the case of issuer CSDs; (j) participants’ identifiers; (k) participants’ country of incorporation; (l) participants’ securities accounts identifiers; (m) participants' cash accounts identifiers; (n) identifiers of settlement banks used by each participant; (o) country of incorporation of settlement banks used by each participant.
3. At the end of each business day, a CSD shall record for each position the following details to the extent that they are relevant for the position: (a) identifiers of participants and of other account holders;

EN 56 EN (b) type of securities accounts according to whether a securities account belongs to a participant (‘participant’s own account’), to one of its clients (‘individual client segregation’) or to several of its clients (‘omnibus client segregation’); (c) for each securities issue identifier (ISIN), end of day balances of securities accounts covering the number of securities; (d) for each securities account and ISIN under point (c), the number of securities subject to settlement restrictions, type of such restrictions and the identity of the beneficiary of such restrictions at the end of day. 4. A CSD shall keep records of settlement fails and the measures adopted by the CSD and its participants to improve settlement efficiency, in accordance with the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014. Article 56 Ancillary Services Records

1. A CSD shall keep the types of records specified in the Annex II for each of the ancillary services provided by a CSD in accordance with Sections B and C of the Annex to Regulation (EU) No 909/2014, including the end of day balances of the cash accounts provided by the CSD or the designated credit institution for each currency.
2. Where a CSD provides ancillary services other than those explicitly mentioned in Sections B or C of the Annex to Regulation (EU) No 909/2014, it shall keep adequate records of such services. Article 57 Business Records
3. A CSD shall maintain adequate and orderly records of activities related to its business and internal organisation.
4. The records referred to in paragraph 1 shall reflect any substantive changes in the documents held by the CSD and shall include the following: (a) the organisational charts for the management body, senior management, relevant committees, operational units and all other units or divisions of the CSD; (b) the identities of the shareholders whether natural or legal persons that exercise direct or indirect control over the management of the CSD or that have participations in the capital of the CSD and the amounts of those holdings;

EN 57 EN (c) participations of the CSD in the capital of other legal entities; (d) the documents attesting the policies, procedures and processes required under the CSD’s organisational requirements and in relation to the services provided by the CSD; (e) the minutes of management body meetings and of meetings of senior management committees and other committees; (f) the minutes of meetings of the user committees; (g) the minutes of consultation groups with participants and clients, if any; (h) internal and external audit reports, risk management reports, internal control and compliance reports, including responses from the senior management to such reports; (i) all outsourcing contracts; (j) business continuity policy and disaster recovery plan; (k) records reflecting all assets, liabilities and capital accounts of the CSD; (l) records reflecting all costs and revenues, including costs and revenues which are accounted separately in accordance with Article 34(6) of Regulation (EU) No 909/2014; (m) formal complaints received, including information on the complainant’s name and address; the date when the complaint was received; the name of all persons identified in the complaint; a description of the nature and content of the complaint; and the date when the complaint was resolved; (n) records of any interruption of services or dysfunction, including a detailed report on the timing, effects and remedial actions of such interruption of dysfunction; (o) records of the results of the back and stress tests performed by the CSDs providing banking-type ancillary services; (p) written communications with the competent authority, ESMA and relevant authorities; (q) legal opinions received in accordance with the relevant provisions on organisational requirements in accordance with Chapter VI of this Regulation; (r) documentation regarding link arrangements in accordance with Chapter XI of this Regulation; (s) tariffs and fees applied to the different services, including any discount or rebate.

EN 58 EN Article 58 Additional records A CSD shall keep the additional records requested by the competent authority for the purpose of enabling the competent authority to monitor compliance of the CSD with Regulation (EU) 909/2014. CHAPTER VIII RECONCILIATION MEASURES (Article 37 (4) of Regulation No 909/2014) Article 59 General reconciliation measures

1. A CSD shall perform the reconciliation measures referred to in Article 37(1) of Regulation (EU) No 909/2014 for each securities issue recorded in securities accounts centrally and not centrally maintained by the CSD. The CSD shall compare the previous end-of-day balance with all the settlements processed during the day and the current end-of-day balance for each securities issue and securities account centrally or not centrally maintained by the CSD. A CSD shall use double-entry accounting, according to which for each credit entry made on a securities account maintained by the CSD, centrally or not centrally, there is a corresponding debit entry on another securities account maintained by the same CSD.
2. The audits referred to in Article 26(6) of Regulation No 909/2014 shall ensure that the records of a CSD related to securities issues are accurate, and that its reconciliation measures referred to in Article 37(1) of Regulation (EU) No 909/2014 and the measures concerning cooperation and exchanges of information with third parties related to reconciliation referred to in Article 37(2) of Regulation (EU) No 909/2014 are adequate.
3. Where the reconciliation process concerns securities subject to immobilisation, a CSD shall put in place adequate measures to protect the physical securities from theft, fraud, and destruction. Such measures shall at least include the use of vaults whose design and location ensure a high level of protection against floods, earthquakes, fire and other disasters.
4. Independent audit controls of the vaults, including physical inspections, shall be performed at least annually. The CSD shall share the results of those audit controls with the competent authority.

EN 59 EN Article 60 Reconciliation measures for corporate actions that would change the balance of securities accounts maintained by the CSD

1. A CSD shall not determine the entitlements to the proceeds of a corporate action on stock that would change the balance of securities accounts maintained by the CSD until the reconciliation measures specified in Article 59 and in Articles 61 to 63, as appropriate, are completed.
2. When a corporate action has been processed, a CSD shall ensure that all securities accounts maintained by the CSD, centrally or not centrally, are updated. Article 61 Other entities involved in the reconciliation process – Registrar model Where a registrar, issuance agent, or other similar entity is involved in the reconciliation process for a certain securities issue in accordance with Article 37(2) of Regulation (EU) No 909/2014, and one of these entities maintains records of securities which are also recorded in the CSD, the measures to be taken by the CSD and those other entities to ensure the overall integrity of the issue shall include at least a daily reconciliation of the total balance recorded on the securities accounts maintained by the CSD with the corresponding records of securities maintained by the relevant entity. They shall also conduct: (a) where the securities have been transferred during a given business day, an end of day reconciliation of the balance of each securities account maintained by the CSD with the balance of the corresponding record of securities maintained by the relevant entity. (b) at least on a biweekly basis, a full reconciliation of all balances in a securities issue with all balances on the corresponding record of securities maintained by the relevant entity. Article 62 Other entities involved in the reconciliation process – Transfer agent model Where a fund manager, transfer agent or other similar entity is responsible for the reconciliation process for an account that maintains a part of a securities issue recorded in a CSD, the measures to be taken by the CSD and the other entity to ensure the integrity of this part of the issue shall include at least a daily reconciliation of the total balance of the securities accounts maintained by the CSD with the other entity’s records of securities maintained by the CSD, including the aggregated opening and closing balances.

EN 60 EN Where the CSD maintains its accounts in the other entity's register through a third party which is not a CSD, the CSD shall require the third party to inform the other entity that it is acting on behalf of the CSD and to set up equivalent cooperation and information exchange measures with the other entity to ensure that the requirements under this paragraph are met. Article 63 Other entities involved in the reconciliation process – Common depository model Where CSDs that have established an interoperable link use a common depository or any other similar entity, each CSD shall reconcile on a daily basis the total balance per securities issue recorded on the securities accounts it maintains, other than for other CSDs in the interoperable link, with the corresponding records of securities that the common depository or other similar entity maintains for that CSD. Where a common depository or any other similar entity is responsible for the overall integrity of a certain securities issue, the common depository or the other similar entity shall conduct a daily comparison of the total balance per securities issue against the balances in the securities accounts it maintains for each CSD. Where applicable, the CSDs shall ensure that the common depository or the other entity meets the requirements set out in Article 59(3). Article 64 Other entities involved in the reconciliation process – Additional measures

1. A CSD shall review at least annually its cooperation and information exchange measures with other entities referred to in Articles 61 to 63. This review may be conducted in parallel with a review of the CSD link arrangements. When required by the competent authority, the CSD shall implement other cooperation and information exchange measures in addition to those specified in this regulation.
2. When a CSD establishes links, they shall comply with the additional requirements provided in Article 83.
3. A CSD shall ensure that its participants reconcile their records with the information received from that CSD on a daily basis.
4. The participants of a CSD shall be entitled to receive daily the following information specified for each securities account and for each securities issue: (a) the aggregated balance of a securities account at the beginning of the respective business day;

EN 61 EN (b) the individual transfers of securities in or from a securities account during the respective business day; (c) the aggregated balance of a securities account at the end of the respective business day. If necessary for the reconciliation of their own records with the records of the CSD, other holders of securities accounts maintained by the CSD, centrally or not centrally, are entitled to receive, on request, the information referred to in the first subparagraph. 5. A CSD shall ensure that, upon its request, its participants, other holders of accounts in the CSD and the account operators provide the CSD with the information that the CSD deems necessary to ensure the integrity of the issue, in particular to solve any reconciliation problems. Article 65 Problems related to reconciliation

1. A CSD shall analyse any mismatches and inconsistencies resulting from the reconciliation process and endeavour to solve them before the beginning of settlement on the following business day.
2. Where the reconciliation process reveals an undue creation or deletion of securities, and the CSD fails to solve this problem by the end of the following business day, the CSD shall suspend the securities issue for settlement until the undue creation or deletion of securities has been remedied.
3. In the event of suspension of the settlement, the CSD shall inform without undue delay its participants, competent authority, relevant authorities and all other entities involved in the reconciliation process referred to in Articles 61 to 63.
4. The CSD shall take without undue delay all the necessary measures to remedy the undue creation or deletion of securities and shall inform its competent authority and relevant authorities with regard to the measures taken.
5. The CSD shall inform without undue delay its participants, competent authority, relevant authorities and the other entities involved in the reconciliation process that are referred to in Articles 61 to 63, when the undue creation or deletion of securities has been remedied.
6. Where a securities issue is suspended from settlement, the settlement discipline measures set out in Article 7 of Regulation (EU) No 909/2014 and the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Article 7(15)

EN 62 EN of Regulation (EU) No 909/2014 shall not apply in relation to that securities issue for the period of suspension. 7. The CSD shall resume settlement as soon as the undue creation or deletion of securities has been remedied. 8. Where the number of instances of undue creation or deletion of securities referred to in paragraph 2 is higher than five per month, the CSD shall send within one month the competent authority and the relevant authorities a proposed plan of measures for mitigating the occurrence of similar instances. The CSD shall update the plan and shall provide a report on its implementation to the competent authority and the relevant authorities on a monthly basis, until the number of instances referred to in paragraph 2 falls below five per month. CHAPTER IX OPERATIONAL RISKS (Article 45(1) to (6) of Regulation No 909/2014) SECTION 1 Identifying operational risks Article 66 General operational risks and their assessment

1. The operational risks referred to in Article 45(1) of Regulation (EU) No 909/2014 comprise the risks caused by deficiencies in information systems, internal processes, and personnel's performance or disruptions caused by external events that result in the reduction, deterioration or interruption of services provided by a CSD.
2. A CSD shall identify all potential single points of failure in its operations and assess the evolving nature of the operational risk that it faces, including pandemics and cyber￾attacks, on an ongoing basis. Article 67 Operational risks that may be posed by key participants
3. A CSD shall, on an ongoing basis, identify the key participants in the securities settlement system that it operates based on the following factors: (a) their transaction volumes and values;

EN 63 EN (b) material dependencies between its participants and its participants’ clients, where the clients are known to the CSD, that might affect the CSD; (c) their potential impact on other participants and the securities settlement system of the CSD as a whole in the event of an operational problem affecting the smooth provision of services by the CSD. A CSD shall ensure that its rules, procedures, and agreements allow it to gather relevant information about their participants’ clients in order to identify, monitor, and manage any material risks to the CSD arising from such tiered participation arrangements. A CSD shall identify the participants’ clients responsible for a significant proportion of transactions processed by the CSD and participants’ clients whose transaction volumes or values are large relative to the capacity to manage the risks of the participants through which the participants’ clients access the CSD. 2. A CSD shall review and keep the identification of the key participants up-to–date on an on-going basis. 3. A CSD shall have clear and transparent criteria, methodologies and standards in order to ensure that key participants meet the operational requirements. 4. A CSD shall, on an ongoing basis, identify, monitor, and manage the operational risks that it faces from key participants. Article 68 Operational risks that may be posed by critical utilities and critical service providers

1. A CSD shall identify critical utilities providers and critical service providers that may pose risks to CSD's operations due to its dependency on them.
2. A CSD shall take appropriate actions to manage the dependencies referred to in paragraph 1 through adequate contractual and organisational arrangements, as well as through specific provisions in its business continuity policy and disaster recovery plan, before any relationship with such providers becomes operational.
3. A CSD shall ensure that its contractual arrangements with any providers identified in accordance with paragraph 1 require a prior approval of the CSD for the service provider to further sub-contract any elements of the services provided to the CSD. Where the service provider outsources its services in accordance with the first subparagraph, the CSD shall ensure that the level of service and its resilience is not impacted and full access by the CSD to the information necessary for the provision of the outsourced services is preserved.

EN 64 EN 4. The CSD shall establish clear lines of communication with the providers referred to in paragraph 1 to facilitate the exchange of information in both ordinary and exceptional circumstances. 5. A CSD shall inform its competent authority about any dependencies on utilities and service providers identified under paragraph 1 and take measures to ensure that authorities can obtain information about the performance of such providers, either directly from such utilities or service providers or through the CSD. Article 69 Operational risks that may be posed by other CSDs or market infrastructures

1. A CSD shall ensure that its systems and communication arrangements with other CSDs or market infrastructures are reliable, secure and designed to minimise operational risks.
2. Any arrangement that a CSD enters into with another CSD or another market infrastructures shall provide that: (a) the other CSD or other financial market infrastructure discloses to the CSD any critical service provider on which the other CSD or market infrastructure relies; (b) the governance arrangements and management processes in the other CSD or other market infrastructure do not affect the smooth provision of services by the CSD, including the risk management arrangements and the non-discriminatory access conditions. SECTION 2 Methods to test, address and minimise operational risks Article 70 Risk management system and framework
3. A CSD shall have in place a well-documented framework for the management of operational risk with clearly assigned roles and responsibilities. A CSD shall have appropriate IT systems, policies, procedures and controls to identify, measure, monitor, report on and mitigate its operational risk.
4. The management body and the senior management of a CSD shall determine, implement and monitor the risk management framework for operational risks referred to in paragraph 1, identify all of the CSD’s exposures to operational risk and track relevant operational risk data, including any cases where material data is lost.

EN 65 EN 3. A CSD shall define and document clear operational reliability objectives, including operational performance objectives and committed service-level targets for its services and securities settlement systems. It shall have policies and procedures in place to achieve such objectives. 4. A CSD shall ensure that its operational performance objectives and service-level targets referred to in paragraph 3 include both qualitative and quantitative measures of operational performance. 5. A CSD shall regularly monitor and assess whether its established objectives and service-level targets are met. 6. A CSD shall have rules and procedures in place that ensure that the performance of its securities system is reported regularly to senior management, members of the management body, relevant committees of the management body, user committees and the competent authority. 7. A CSD shall periodically review its operational objectives to incorporate new technological and business developments. 8. A CSD’s operational risk management framework shall include measures such as change-management and project-management processes where such measures are necessary to mitigate operational risk arising from modifications to operations, policies, procedures and controls put in place by the CSD. 9. A CSD’s operational risk management framework shall include a comprehensive framework for physical security and information security to manage the risks that the CSD faces from attacks, including cyber-attacks, intrusions and natural disasters. That comprehensive framework shall enable the CSD to protect the information at its disposal from unauthorised access or disclosure, ensure data accuracy and integrity and maintain availability of the services provided by the CSD. 10. A CSD shall put in place appropriate procedures concerning human resources to employ, train and retain qualified personnel, as well as mitigate the effects of personnel turnover, or overreliance on key personnel. Article 71 Integration of and compliance with the operational and enterprise risk management system

1. A CSD shall ensure that its operational risk management system is part of its day-to￾day risk management processes and that their results are taken into account in the process of determining, monitoring and controlling the CSD's operational risk profile.

EN 66 EN 2. A CSD shall have in place mechanisms for regular reporting of operational risk exposures and losses experienced from operational risks to the senior management, and procedures for taking appropriate corrective action to mitigate those exposures and losses. 3. A CSD shall have in place procedures for ensuring compliance with the operational risk management system, including internal rules on the treatment of failures in the application of such system. 4. A CSD shall have comprehensive and well-documented procedures to record, monitor and resolve all operational incidents, including: (a) a system to classify the incidents taking into account their impact on the smooth provision of services by the CSD; (b) a system for reporting material operational incidents to the senior management, the management body and the competent authority; (c) a ‘post-incident’ review after any material disruption in the CSD’s activities, to identify the causes and required improvements to the operations or business continuity policy and disaster recovery plan, including to the policies and plans of the users of the CSD. The result of that review shall be communicated to the competent authority and relevant authorities without delay. Article 72 Operational risk management function As part of the risk management function, the operational risk management function of a CSD shall manage the CSD's operational risk. It shall in particular: (a) develop strategies, policies and procedures to identify, measure, monitor and report on operational risks; (b) develop procedures to control and manage operational risks, including by introducing any necessary adjustments in the operational risk management system; (c) ensure that the strategies, policies and procedures referred to in points (a) and (b) are properly implemented. Article 73 Audit and testing

EN 67 EN

1. A CSD’s operational risk management framework and systems shall be subject to independent audits. The frequency of these audits shall be based on a documented risk assessment but it shall be no less than every two years.
2. The audits referred to in the previous paragraph shall include both the activities of the internal business units of the CSD and those of the operational risk management function.
3. A CSD shall regularly evaluate and, where necessary, adjust the system for the management of operational risk.
4. A CSD shall periodically test and review the arrangements with users and the operational policies and procedures. Such testing and review shall also be performed where substantive changes occur to the securities settlement system operated by the CSD or after operational incidents that affect the smooth provision of services by the CSD.
5. A CSD shall ensure that data flows and processes associated with the operational risk management system are accessible to the independent auditors without delay. Article 74 Mitigation of operational risk through insurance A CSD may only contract insurance to mitigate the operational risks referred to in this Chapter where the measures referred to in this Chapter do not fully mitigate operational risks. SECTION 3 IT systems Article 75 IT tools
6. A CSD shall ensure that its information technology (IT) systems are well-documented and that they are designed to cover the CSD’s operational needs and the operational risks that the CSD faces. The CSD IT systems shall be: (a) resilient, including in stressed market conditions; (b) have sufficient capacity to process additional information as a result of increasing settlement volumes; (c) achieve the service level objectives of the CSD.

EN 68 EN 2. A CSD systems shall have sufficient capacity to process all transactions before the end of the day even in circumstances where a major disruption occurs A CSD shall have procedures for ensuring sufficient capacity, including in the case of the introduction of new technology. 3. A CSD shall base its IT systems on internationally recognised technical standards and industry best practices. 4. A CSD’s IT systems shall ensure that any data at the disposal of the CSD is protected from loss, leakage, unauthorised access, poor administration, inadequate record keeping, and other processing risks. 5. A CSD’s information security framework shall outline the mechanisms that the CSD have in place to detect and prevent cyber-attacks. Such framework shall also outline the CSD’s plan in response to cyber-attacks. 6. The CSD shall subject its IT systems to stringent testing by simulating stressed conditions before such systems are used for the first time, after making significant changes to such systems and after a major operational disruption has occurred. A CSD shall, as appropriate, involve in the design and conduct of these tests: (a) users; (b) critical utilities and critical service providers; (c) other CSDs; (d) other market infrastructures; (e) any other institutions with which interdependencies have been identified in the business continuity policy. 7. The information security framework shall include: (a) access controls to the system; (b) adequate safeguards against intrusions and data misuse; (c) specific devices to preserve data authenticity and integrity, including cryptographic techniques; (d) reliable networks and procedures for accurate and prompt data transmission without major disruptions; and (e) audit trails.

EN 69 EN 8. The CSD shall have robust arrangements for the selection and substitution of IT third￾party service providers, CSD’s timely access to all necessary information as well as proper controls and monitoring tools. 9. The IT systems and the information security framework in relation to the CSD core services shall be reviewed at least annually. They shall be subject to independent audit assessments. The results of such assessments shall be reported to the CSD’s management body and to the competent authority. SECTION 4 Business continuity Article 76 Strategy and policy

1. A CSD shall have a business continuity policy and associated disaster recovery plan which shall be: (a) approved by the management body; (b) subject to independent audit reviews that shall be reported to the management body.
2. A CSD shall ensure that the business continuity policy: (a) identifies all its critical operations and IT systems and provides for a minimum service level that shall be maintained for those operations; (b) includes the CSD’s strategy and objectives to ensure the continuity of functions and systems referred to in point (a); (c) takes into account any links and interdependencies to at least: (i) users; (ii) critical utilities and critical service providers; (iii) other CSDs; (iv) other market infrastructures; (d) contains clearly defined and documented arrangements that shall be used in the event of a business continuity emergency, or major disruption of the CSD’s operations and that shall be designed to ensure a minimum service level of critical functions of the CSD;

EN 70 EN (e) identifies the maximum acceptable time when for which critical functions and IT systems may be out of use. 3. A CSD shall take all reasonable steps to ensure that settlement is completed by the end of the business day even in case of a disruption, and that all the users’ positions at the time of the disruption are identified with certainty in a timely manner. Article 77 Business impact analysis

1. A CSD shall conduct a business impact analysis by which the CSD shall: (a) prepare a list with all the processes and activities that contribute to the delivery of the services it provides; (b) identify and create an inventory of all the components of its IT system that support the processes and activities identified in point (a) as well as their respective interdependencies; (c) identify and document qualitative and quantitative impacts of a disaster recovery scenario to each process and activity referred to in point (a) and how such impacts change over time in case of disruption; (d) define and document the minimum service levels considered acceptable and adequate from the perspective of the users of the CSD; (e) identify and document the minimum resource requirements concerning personnel and skills, work space and IT to perform each critical function at the minimum acceptable level.
2. A CSD shall conduct a risk analysis to identify how various scenarios affect the continuity of its critical operations.
3. A CSD shall ensure that its business impact analysis and risk analysis: (a) are kept up to date; (b) are reviewed following a material incident or significant operational changes and, at least, annually; and (c) take into account all relevant developments, including market and IT developments. Article 78

EN 71 EN Disaster recovery

1. A CSD shall have in place arrangements to ensure the continuity of its critical functions in disaster scenarios, including natural disasters, pandemic situations, physical attacks, intrusions, terrorist attacks, and cyber-attacks. Those arrangements shall ensure: (a) the availability of adequate human resources; (b) the availability of sufficient financial resources; (c) the failover, recovery and resuming of operations in a secondary processing site.
2. The CSD’s disaster recovery plan shall identify and include the recovery time objective for critical functions and determine for each critical function the most suitable recovery strategies. The recovery time objective for each critical function can in no case be longer than two hours. Backup systems should, however, commence processing without undue delay unless this would jeopardise the integrity of the securities issues or the confidentiality of the data maintained by the CSD. A CSD shall ensure that two hours from a disruption, it shall be capable of resuming its critical functions. In determining the recovery times for each function, the CSD shall take into account the potential overall impact on the market efficiency. Such arrangements shall at least ensure that, in extreme scenarios, agreed service levels are met.
3. A CSD shall maintain at least a secondary processing site with sufficient resources, capabilities, functionalities and staffing arrangements, which are adequate to the CSD’s operational needs and risks that the CSD faces in order to ensure continuity of critical operations, at least in case the main location of business is not available. The secondary processing site shall: (a) provide the level of services necessary to ensure that the CSD performs its critical operations within the recovery time objective; (b) be located at a geographical distance from the primary processing site that allows the secondary processing site to have a distinct risk profile and prevents it from being affected by the event affecting the primary processing site; (c) enable the CSD’s immediate access to it to allow its staff to ensure continuity of its critical operations where the primary processing site is not available.
4. A CSD shall develop and maintain detailed procedures and plans concerning: (a) the identification, logging and reporting of all disruptive events for the operations of the CSD; (b) responses to operational incidents and emergency situations;

EN 72 EN (c) the assessment of damages, and appropriate plans for activating response measures; (d) crisis management and communications, including appropriate contact points, to ensure that reliable and up to date information shall be transmitted to relevant stakeholders and the competent authority; (e) the activation and transition to alternative operational and business sites; (f) IT recovery, including activation of the secondary IT processing site and failover. Article 79 Testing and monitoring A CSD shall test and monitor its business continuity policy and disaster recovery plan and the relevant arrangements at least annually, and after substantive changes to the systems or related functions in order to ensure that such systems and functions achieve the CSD objectives. The CSD shall plan and document these tests, which shall include:

1. scenarios of large scale disasters;
2. switchovers between the primary processing site and secondary processing site;
3. the participation of, as appropriate: (i) users of the CSD; (ii) critical utilities and critical service providers; (iii) other CSDs; (iv) other market infrastructures; (v) any other institution with which interdependencies have been identified in the business continuity policy. Article 80 Maintenance
4. A CSD shall regularly review and update its business continuity policy and disaster recovery plan. Such a review shall include all critical functions of a CSD and provide for the most suitable recovery strategy for those functions.

EN 73 EN 2. When updating the business continuity policy and disaster recovery plan, a CSD shall take into consideration the outcome of the tests and recommendations from the independent audit reviews and from the competent authority. 3. A CSD shall review its business continuity policy and disaster recovery plan after every significant disruption to the CSD’s operations. That review shall identify the causes of such disruption and any required improvement to the CSD’ operations, the business continuity policy and disaster recovery plan. CHAPTER X INVESTMENT POLICY (Article 46(2), (3) and (5) of Regulation No 909/2014) Article 81 Highly liquid instruments with minimal market and credit risk

1. Financial instruments can be considered highly liquid with minimal credit and market risk where they are debt instruments meeting the following conditions: (a) they are issued or guaranteed by: (i) a government; (ii) a central bank; (iii) a multilateral development bank as listed under Article 117 of Regulation (EU) No 575/2013; (iv) the European Financial Stability Facility or the European Stability Mechanism; (b) the CSD can demonstrate to the competent authority that the financial instruments have low credit and market risk based upon an internal assessment by the CSD. In performing such an assessment the CSD shall employ a defined and objective methodology that shall not exclusively rely on external opinions and that takes into consideration the risk arising from the establishment of the issuer in a particular country; (c) they are denominated in any of the following currencies: (i) a currency in which transactions are settled in the securities settlement system operated by the CSD; (ii) any other currency the risks of which the CSD is able to manage.

EN 74 EN (d) they are freely transferable and without any regulatory constraint or third party claims that impair liquidation; (e) they have an active outright sale or repurchase market, with a diverse group of buyers and sellers, including in stressed conditions, and to which the CSD has reliable access; (f) reliable price data on these instruments are publicly available on a regular basis; 2. Notwithstanding paragraph 1, derivative contracts shall be considered highly liquid financial investments with minimal credit and market risk where the following conditions are met: (a) they are entered into for the purpose of hedging currency risk arising from the settlement in more than one currency in the securities settlement system operated by the CSD or interest rate risk that may affect CSD assets and, in both cases, qualify as a hedging contract pursuant to International Financial Reporting Standards (IFRS) adopted in accordance with Article 3 of Regulation (EC) No 1606/2002; (b) reliable price data is published on a regular basis for those derivative contracts; (c) they are concluded for the specific period of time necessary to reduce the currency or interest rate risk to which the CSD is exposed. Article 82 Appropriate timeframe for access to assets

1. A CSD that holds cash assets shall have immediate and unconditional access to such assets. The CSD shall have procedures that prove to the competent authority that it can have immediate and unconditional access to such assets.
2. A CSD that holds financial instruments shall be capable of accessing them on the same business day when a decision to liquidate such financial instruments is taken. The CSD shall have procedures that prove to the competent authority that it is capable of accessing the financial instruments on the same business day when a decision to liquidate such financial instruments is taken. Article 83 Concentration limits to individual entities
3. For the purpose of Article 46(5) of Regulation (EU) No 909/2014, a CSD shall hold its financial assets in diversified authorised credit institutions or authorised CSDs in order to remain within acceptable concentration limits.

EN 75 EN 2. For the purpose of Article 46(5) of Regulation (EU) No 909/2014, acceptable concentration limits shall be determined based on the following: (a) the geographic distribution of the entities with which the CSD holds its financial assets; (b) the interdependency relationships that the entity holding the financial assets or entities of its group may have with the CSD; (c) the level of credit risk of the entity holding the financial assets. CHAPTER XI CSD LINKS Article 84 (Article 48(3) of Regulation (EU) No 909/2014) Conditions for the adequate protection of linked CSDs and of their participants

1. A CSD link shall be established and maintained under the following conditions: (a) the requesting CSD shall meet the requirements of the receiving CSD’s participation rules; (b) the requesting CSD shall conduct an analysis of the receiving third country CSD’s financial soundness, governance arrangements, processing capacity, operational reliability and any reliance on a third-party critical service provider; (c) the requesting CSD shall take all necessary measures to monitor and manage the risks that are identified following the analysis referred to in point (b); (d) the requesting CSD shall make the legal and operational terms and conditions of the link arrangement available to its participants allowing them to assess and manage the risks involved; (e) before the establishment of a CSD link with a third country CSD, the requesting CSD shall perform an assessment of the local legislation applicable to the receiving CSD. In performing such assessment, the CSD shall ensure that the securities maintained in the securities settlement system operated by the receiving CSD benefit from a level of asset protection comparable to the one ensured by the rules applicable to the securities settlement system operated by the requesting CSD. The requesting CSD shall require from the third country CSD a legal assessment addressing the following issues: (i) the entitlement of the requesting CSD to the securities, including the law applicable to proprietary aspects, the nature of the rights of the requesting CSD

EN 76 EN on the securities, the permissibility of an attachment or earmarking of the securities; and (ii) the impact of insolvency proceedings opened against the receiving third country CSD on the requesting CSD, covering segregation requirements, settlement finality, procedures and deadlines to claim the securities in the relevant third country; (f) the linked CSDs shall ensure the confidentiality of information in connection to the operation of the link. The ability to ensure confidentiality shall be evidenced by the information provided by the CSDs, including any relevant legal opinions or arrangements; (g) the linked CSDs shall agree on aligned standards and procedures concerning operational issues and communication in accordance with Article 35 of Regulation (EU) No 909/2014; (h) before the link becomes operational, the requesting and receiving CSDs shall: (i) conduct end-to-end tests; (ii) establish an emergency plan, as part of the business continuity plans of the respective CSDs. That emergency plan shall at least identify the situations where the securities settlement systems of the two CSDs malfunction or break down, and provide for the remedial actions planned in case such situations occur; (i) all link arrangements shall be reviewed at least annually by the receiving CSD and the requesting CSD. Such review shall take into account all relevant developments, including market and IT developments, as well as any developments in local legislation referred to in point (e); (j) for CSD links that do not provide for DVP settlement, the annual review referred to in point (i) shall also include an assessment of any developments that may allow supporting DVP settlement. 2. For a CSD link providing for DVP settlement, the requesting CSD shall assess and mitigate the additional risks resulting from the settlement of cash. A CSD link allowing for DVP settlement shall be established and maintained under the following conditions: (a) a CSD that is not authorised to provide banking-type ancillary services in accordance with Article 54 of Regulation (EU) No 909/2014, and which is involved in the execution of cash settlement on behalf of its participants, shall not receive credit and

EN 77 EN shall use prefunding mechanisms covered by its participants in relation to the DVP settlements to be processed through the link. (b) a CSD that uses an intermediary for the cash settlement shall ensure that the intermediary performs such settlement efficiently. The CSD shall conduct yearly reviews of the arrangements with that intermediary. 3. In addition to the conditions referred to in paragraphs 1 and 2, an interoperable link shall be established and maintained under the following conditions: (a) the linked CSDs shall agree on equivalent standards concerning reconciliation, opening hours for the processing of the settlement and of corporate actions and cut-off times; (b) the linked CSDs shall establish equivalent procedures and mechanisms for transmission of settlement instructions to ensure a proper, secure and straight through processing of settlement instructions; (c) where an interoperable link supports DVP settlement, the linked CSDs shall reflect at least daily and without undue delay the results of the settlement in their books. (d) the linked CSDs shall agree on equivalent risk management models; (e) the linked CSDs shall agree on equivalent contingency and default rules and procedures referred to in Article 41 of Regulation (EU) No 909/2014. Article 85 (Article 48(5) of Regulation (EU) No 909/2014) Monitoring and management of additional risks resulting from the use of indirect links or intermediaries to operate CSD links

1. Where a requesting CSD uses an indirect link, it shall ensure that: (a) the intermediary is one of the following: (i) a credit institution as defined in point (1) of Article 4(1) of Regulation (EU) No 575/2013 that complies with the following requirements: a. it complies with Article 38(5) and (6) of Regulation (EU) No 909/2014; b. it ensures prompt access by the requesting CSD to the securities of the requesting CSD when required; c. it has low credit risk, which shall be established in an internal assessment by the requesting CSD. In performing such an assessment, the requesting

EN 78 EN CSD shall employ a defined and objective methodology that shall not exclusively rely on external opinions; (ii) a third country financial institution that complies with the following requirements: a. it is subject to and complies with prudential rules at least equivalent to those laid down in Regulation (EU) No 575/2013; b. it has robust accounting practices, safekeeping procedures, and internal controls; c. it complies with Article 38(5) and (6) of Regulation (EU) No 909/2014 d. it ensures prompt access by the requesting CSD to the securities of the requesting CSD when required; e. it has low credit risk, based upon an internal assessment by the requesting CSD. In performing such an assessment, the requesting CSD shall employ a defined and objective methodology that shall not exclusively rely on external opinions; (b) the intermediary complies with the rules and requirements of the requesting CSD. Such compliance shall be evidenced by the information provided by the intermediary, including any relevant legal opinions or arrangements; (c) the intermediary ensures the confidentiality of information concerning the operation of the CSD link. Such compliance shall be evidenced by the information provided by the intermediary, including any relevant legal opinions or arrangements; (d) the intermediary has the operational capacity and systems for: (i) handling the services provided to the requesting CSD; (ii) sending the CSD any information relevant to the services provided in relation to the CSD link in a timely manner; (iii) complying with the reconciliation measures in accordance with Article 83 and Chapter VIII of this Regulation; (e) the intermediary adheres to and complies with the risk management policies and procedures of the requesting CSD and it has an appropriate risk management expertise; (f) the intermediary has put in place measures to ensure the continuity of its services, the timely recovery of its operations and the fulfilment of its obligations in the case of events that pose a significant risk of disrupting its operations. Such measures shall

EN 79 EN include business continuity policies and associated business continuity and disaster recovery plans; (g) the intermediary holds sufficient financial resources to fulfil its obligations towards the requesting CSD and to cover any losses for which it may be held liable; (h) an individually segregated account at the receiving CSD is used for the operations of the CSD link. The requesting CSD shall ensure that it can have access to the securities held in the individually segregated account at any point in time. In the event of a link with a third country CSD, the receiving CSD shall ensure an adequate level of protection of assets of the requesting CSD. Where an individually segregated account at the receiving CSD is not available for the operations of the CSD link, the requesting CSD shall inform its competent authority about the reasons justifying the unavailability of individually segregated accounts and shall provide it with the details on the risks resulting from the unavailability of individually segregated accounts. (i) the condition referred to in point (e) of Article 81(1) is fulfilled; (j) the requesting CSD is informed of the continuity arrangements between the intermediary and the receiving CSD; (k) the proceeds from settlement are promptly transferred to the requesting CSD. 2. In addition to complying with the requirements under paragraph 1, when a requesting CSD uses an intermediary to operate a CSD link, whereby this intermediary operates the securities accounts of the requesting CSD on its behalf in the books of the receiving CSD, the requesting CSD shall ensure that: (a) the intermediary does not have any entitlement to the securities held; (b) the account in the books of the receiving CSD is opened in the name of the requesting CSD and the liabilities and obligations as regards the registration, transfer and custody of securities are only enforceable between both CSDs; (c) the requesting CSD is able to immediately access the securities held with the receiving CSD, including in the event of a change or insolvency of the intermediary. 3. Requesting CSDs referred to in this Article shall perform a yearly due diligence to ensure that the conditions referred in this Article are fulfilled. Article 86 (Article 48(6) of Regulation (EU) No 909/2014) Reconciliation Procedures for Linked CSDs

EN 80 EN

1. The reconciliation procedures referred to in Article 48(6) of Regulation (EU) No 909/2014 shall include the following measures: (a) the receiving CSD shall transmit to the requesting CSD daily statements with information specifying the following, per securities account and per securities issue: (i) the aggregated opening balance; (ii) the individual movements during the day; (iii) the aggregated closing balance. (b) the requesting CSD shall conduct a daily comparison of the opening balance and the closing balance communicated to it by the receiving CSD or by the intermediary with the records maintained by the requesting CSD itself. In the case of an indirect link, the daily statements referred to in point (a) of the first subparagraph shall be transmitted through the intermediary referred to point (a) of Article 85(1).
2. Where a CSD suspends a securities issue for settlement in accordance with Article 65(2), all CSDs that are participants of or have an indirect link with that CSD, including in the case of interoperable links, shall subsequently suspend the securities issue for settlement. Where intermediaries are involved in the operation of CSD links, such intermediaries shall establish appropriate contractual arrangements with the CSDs concerned in order to ensure compliance with the first subparagraph.
3. In the event of a corporate action on stocks that reduces the balances of securities accounts held by an investor CSD with another CSD, settlement instructions in the relevant securities issues shall not be processed by the investor CSD until the corporate action has been fully processed by the other CSD. In the event of a corporate action on stock that reduces the balances of securities accounts held by an investor CSD with another CSD, the investor CSD shall not update the securities accounts that it maintains to reflect the corporate action until the corporate action has been fully processed by the other CSD. An issuer CSD shall ensure the timely transmission to all its participants, including investor CSDs, of information on the processing of corporate actions for a specific securities issue. This information shall enable investor CSDs to adequately reflect the outcome of corporate actions in the securities accounts maintained by investor CSDs. Subparagraph 3 shall also apply to investor CSDs that have other CSDs as their participants.

EN 81 EN Article 87 (Article 48(7) of Regulation (EU) No 909/2014) DVP Settlement through CSD links Delivery versus Payment (DVP) settlement shall be regarded as practical and feasible under the following circumstances: (a) There is a market demand for DVP settlement evidenced through a request from any of the user committees of one of the linked CSDs; (b) The linked CSDs may charge a reasonable commercial fee for the provision of DVP settlement, on a cost-plus basis, unless otherwise agreed by the linked CSDs; (c) There is a safe and efficient access to cash in the currencies used by the receiving CSD for settlement of securities transactions of the requesting CSD and its participants. CHAPTER XII ACCESS TO A CSD (Articles 33(5), 49(5), 52(3) and 53(4) of Regulation (EU) No 909/2014) SECTION 1 Criteria justifying refusal of access (Articles 33(3), 49(3), 52(2) or 53(3) of Regulation (EU) No 909/2014) Article 88 Risks to be taken into account by CSDs and competent authorities

1. Where, in accordance with Articles 33(3), 49(3), 52(2) or 53(3) of Regulation (EU) No 909/2014, a CSD carries out a comprehensive risk assessment following a request for access by a requesting participant, an issuer, a requesting CSD, a CCP or a trading venue, as well as where a competent authority assesses the reasons for refusal by the CSD to provide services, they shall take into account the following risks resulting from such access to the services of the CSD: (a) legal risks; (b) financial risks; (c) operational risks.

EN 82 EN 2. When assessing legal risks following a request for access by a requesting participant, a CSD and its competent authority shall take into account the following criteria: (a) the requesting participant is not able to comply with the legal requirements for participation in the securities settlement system operated by the CSD, and does not provide the CSD with the information necessary for the CSD to assess such compliance, including any required legal opinions or legal arrangements; (b) the requesting participant is not able to ensure, in accordance with the rules applicable in the home Member State of the CSD, the confidentiality of the information provided through the securities settlement system, and does not provide the CSD with the information necessary for the CSD to assess its ability to comply with those rules on confidentiality, including any required legal opinions or legal arrangements. (c) where a requesting participant is established in a third country, either of the following; (i) the requesting participant is not subject to a regulatory and supervisory framework comparable to the regulatory and supervisory framework that would be applicable to the requesting participant if it were established in the Union, or (ii) the rules of the CSD concerning settlement finality referred to in Article 39 of Regulation (EU) No 909/2014 are not enforceable in the jurisdiction of the requesting participant. 3. When assessing legal risks following an issuer’s request for recording its securities in the CSD in accordance with Article 49(1) of Regulation (EU) No 909/2014, the CSD and its competent authority shall take into account the following criteria: (a) the issuer is not able to comply with the legal requirements for the provision of services by the CSD; (b) the issuer is not able to guarantee that the securities have been issued in a manner that enables the CSD to ensure the integrity of the issue in accordance with Article 37 of Regulation (EU) No 909/2014. 4. When assessing legal risks following a request for access by a requesting CSD, the receiving CSD and its competent authority shall take into account the criteria provided in points (a) to (c) of paragraph 2. 5. When assessing legal risks following a request for access by a CCP, a CSD and its competent authority shall take into account the criteria provided in points (a) to (c) of paragraph 2. 6. When assessing legal risks following a request for access by a trading venue, a CSD and its competent authority shall take into account the following criteria:

EN 83 EN (a) the criteria specified in point (b) of paragraph 2; (b) where a trading venue is established in a third-country, the requesting trading venue is not subject to a regulatory and supervisory framework that would be applicable to a trading venue if it were established in the Union; 7. When assessing financial risks following a request for access by a requesting participant, a CSD and its competent authority shall take into account whether the requesting participant holds sufficient financial resources to fulfil its contractual obligations towards the CSD. 8. When assessing financial risks following an issuer’s request for recording its securities in the CSD in accordance with Article 49(1) of Regulation (EU) No 909/2014, a CSD and its competent authority shall take into account the criterion provided in paragraph 7. 9. When assessing financial risks following a request for access by a requesting CSD, the receiving CSD and its competent authority shall take into account the criterion provided in paragraph 7. 10. When assessing financial risks following a request for access by a CCP or a trading venue, a CSD and its competent authority shall take into account the criterion provided in paragraph 7. 11. When assessing operational risks following a request for access by a requesting participant, a CSD and its competent authority shall take into account the following criteria: (a) the requesting participant does not have the operational capacity to participate in the CSD; (b) the requesting participant does not comply with the risk management rules of the receiving CSD, or it lacks the necessary expertise in that regard ; (c) the requesting participant has not put in place business continuity policies and disaster recovery plans; (d) the granting of access requires the receiving CSD to undertake significant changes of its operations affecting its risk management procedures and endangering the smooth functioning of the securities settlement system operated by the receiving CSD, such as the implementation of ongoing manual processing by the CSD. 12. When assessing operational risks following an issuer’s request for recording its securities in the CSD in accordance with Article 49(1) of Regulation (EU) No 909/2014, a CSD and its competent authority shall take into account the following criteria: (a) the criterion specified in point (d) of paragraph 11;

EN 84 EN (b) the securities settlement system operated by the CSD cannot process the currencies requested by the issuer. 13. When assessing operational risks following a request for access by a requesting CSD, or a CCP, the receiving CSD and its competent authority shall take into account the criteria specified in paragraph 11. 14. When assessing the operational risks following a request for access by a trading venue, the receiving CSD and its competent authority shall take into account at least the criteria specified in point (d) of paragraph 11. SECTION 2 Procedure for refusal of access (Articles 33(3), 49(4), 52(2) and 53(3) of Regulation (EU) No 909/2014) Article 89 Procedure for refusal of access

1. In the event of a refusal of access, the requesting party shall have the right to complain within one month from the receipt of the refusal to the competent authority of the receiving CSD, CCP or trading venue that has refused access to it in accordance with Articles 33(3), 49(4), 52(2) or 53(3) of Regulation (EU) No 909/2014.
2. The competent authority referred to in paragraph 1 may request additional information concerning the refusal of access from the requesting and receiving parties. The responses to the request for information referred to in the first subparagraph shall be sent to the competent authority within two weeks from the date of the receipt of the request. In accordance with Article 53(3) of Regulation (EU) No 909/2014, within two business days from the date of the receipt of the complaint, the competent authority of the receiving party shall transmit the complaint referred to in paragraph 1 to the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 from the Member State of the place of establishment of the receiving party.
3. The competent authority referred to in paragraph 1 shall consult the following authorities on its initial assessment of the complaint within two months from the date of the receipt of the complaint, as appropriate: (a) the competent authority of the place of establishment of the requesting participant in accordance with Article 33(3) of Regulation (EU) No 909/2014; (b) the competent authority of the place of establishment of the requesting issuer in accordance with Article 49(4) of Regulation (EU) No 909/2014;

EN 85 EN (c) the competent authority of the requesting CSD and the relevant authority referred to in point (a) of Article 12 of Regulation (EU) No 909/2012 responsible for the oversight of the securities settlement system operated by the requesting CSD in accordance with Articles 52(2) and 53(3) of Regulation (EU) No 909/2014; (d) the competent authority of the requesting CCP or trading venue in accordance with Article 53(3) of Regulation (EU) No 909/2014 and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 responsible for the oversight of the securities settlement systems in the Member State where the requesting CCP and trading venues are established in accordance with Article 53(3) of Regulation (EU) No 909/2014. 4. The authorities referred to in points (a) to (d) of paragraph 3 shall respond within one month from the date of the request for consultation specified in paragraph 3. Where any of the authorities referred to in points (a) to (d) of paragraph 3 do not provide its opinion within that deadline, it shall be deemed to have a positive opinion on the assessment provided by the competent authority referred to in paragraph 3. 5. The competent authority referred to in paragraph 1 shall inform the authorities referred to in points (a) to (d) of paragraph 3 of its final assessment of the complaint within two weeks from the deadline provided in paragraph 4. 6. Where one of the authorities referred to in points (a) to (d) of paragraph 3 disagrees with the assessment provided by the competent authority referred to in paragraph 1, any of them may refer the matter to ESMA within two weeks from the date when the competent authority referred to in paragraph 1 provides the information concerning its final assessment of the complaint in accordance with paragraph 5. 7. When the matter has not been referred to ESMA, the competent authority referred to in paragraph 1 shall send a reasoned reply to the requesting party within two working days from the deadline provided in paragraph 6. The competent authority referred to in paragraph 1 shall also inform the receiving party and the authorities referred to in points (a) to (d) of paragraph 3 of the reasoned reply referred to in the first subparagraph within two working days from the date where it sends the reasoned reply to the requesting party. 8. In the event of a referral to ESMA referred to in paragraph 6, the competent authority referred to in paragraph 1 shall inform the requesting party and the receiving party of such a referral within two working days from the date where such a referral has been made. 9. Where the refusal by the receiving party to grant access to the requesting party is deemed to be unjustified following the procedure provided in this Article, the competent authority referred to in paragraph 1 shall, within 2 weeks from the deadline specified in paragraph 7, issue an order requiring that receiving party to grant access to the requesting party within three months from the date when the order enters into force.

EN 86 EN The deadline referred to in the first subparagraph shall be extended to eight months in case of customised links that require significant development of IT tools, unless otherwise agreed by the requesting and receiving CSDs. The order shall include the reasons why the competent authority referred to in paragraph 1 concluded that the refusal by the receiving party to grant access was unjustified. The order shall be sent to ESMA, the authorities referred to in points (a) to (d) of paragraph 3, the requesting party and the receiving party within two working days after the date when it enters into force. 10. The procedure referred to in paragraphs 1 to 9 shall also apply when the receiving party intends to withdraw access to a requesting party to whom it already provides its services. CHAPTER XIII AUTHORISATION TO PROVIDE BANKING TYPE OF ANCILLARY SERVICES (Article 55(1) and (2) of Regulation (EU) No 909/2014) Article 90 Information to be provided in the application for authorisation to provide banking-type ancillary services

1. The application for authorisation in accordance to point (a) of Article 54(2) of Regulation (EU) No 909/2014 shall contain the following information: (a) a copy of the decision of the management body of the applicant CSD to apply for authorisation and the minutes from the meeting where the management body approved the content of the application file and its submission; (b) the contact details of the person responsible for the application for authorisation, where that person is not the same person submitting the application for authorisation referred to under Article 17 of Regulation (EU) 909/2014; (c) evidence that proves the existence of an authorisation referred to in point (a) of Article 54(3) of Regulation (EU) No 909/2014; (d) evidence that the applicant CSD meets the prudential requirements referred to in Article 59(1), (3) and (4) of Regulation (EU) No 909/2014 and the supervisory requirements referred to in Article 60 of that Regulation; (e) evidence, containing any relevant documents such as articles of incorporation, financial statements, audit reports, reports from risk committees, which proves that the

EN 87 EN applicant CSD complies with point (d) of Article 54(3) of Regulation (EU) No 909/2014; (f) details concerning the recovery plan referred to in point (f) of Article 54(3) of Regulation (EU) No 909/2014; (g) a programme of operations that fulfils the following conditions: (i) it includes a list of the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 that the CSD intends to provide; (ii) it includes an explanation of how the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 are directly related to any core or ancillary services referred to in Sections A and B of the Annex to Regulation (EU) No 909/2014 that the CSD is authorised to provide; (iii) it is structured following the list of banking-type ancillary services referred to in Section C of the Annex to the Regulation (EU) No 909/2014; (h) evidence supporting the reasons for not settling the cash payments of the CSD's securities settlement system through accounts opened with a central bank of issue of the currency of the country where the settlement takes place; (i) detailed information on the arrangements which ensure that the provision of banking￾type ancillary services intended to be provided does not affect the smooth provision of the core CSD services referred to in Section A of the Annex to Regulation (EU) No 909/2014. That information shall include: (i) the IT platform used for the settlement of the cash leg of securities transactions, including an overview of the IT organisation and an analysis of the related risks and how they are mitigated; (ii) the operation and legal arrangements of the DVP process and, in particular, the procedures used to address the credit risk resulting from the settlement of the cash-leg of securities transactions; (iii) the selection, monitoring, legal documentation and management of interconnections with any other third parties involved in the process of cash transfers, in particular the relevant arrangements with third parties involved in the process of cash transfers; (iv) the detailed analysis contained in the recovery plan of the applicant CSD of regarding any impact of the provision of banking-type ancillary services on the provision of core CSD services;

EN 88 EN (v) the disclosure of possible conflicts of interests in the governance arrangements resulting from the provision of banking-type ancillary services, and the measures taken to address them. 2. An application for authorisation in accordance with point (b) of Article 54(2) of Regulation (EU) No 909/2014 shall contain the following information: (a) a copy of the decision of the management body of the applicant CSD to apply for authorisation and the minutes from the meeting where the management body approved the content of the application file and its submission; (b) the contact details of the person responsible for the application for authorisation, where the person is not the same person as the one submitting the application for authorisation referred to in Article 17 of Regulation (EU) No 909/2014; (c) the corporate name of the credit institution to be designated in accordance with point (b) of Article 54(2) of Regulation (EU) No 909/2014, its legal status and legal address in the Union; (d) evidence that the credit institution referred to in point (c) has obtained an authorisation referred to in point (a) of Article 54(4) of Regulation (EU) No 909/2014; (e) the articles of incorporation and other relevant statutory documentation of the designated credit institution; (f) the ownership structure of the designated credit institution, including the identity of its shareholders; (g) the identification of any common shareholders of the applicant CSD and the designated credit institution and any participations between the applicant CSD and the designated credit institution; (h) evidence that the designated credit institution meets the prudential requirements referred to in Article 59(1), (3) and (4) and the supervisory requirements referred to in Article 60 of Regulation (EU) No 909/2014; (i) evidence, including a memorandum of association, financial statements, audit reports, reports from risk committees, or other documents, which proves that the designated credit institution complies with point (e) of Article 54(4) of Regulation (EU) No 909/2014; (j) the details of the recovery plan referred to in point (g) of Article 54(4) of Regulation (EU) No 909/2014; (k) a programme of operations that fulfils the following conditions:

EN 89 EN (i) it includes a list of the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 that the designated credit institution intends to provide; (ii) it includes an explanation of how the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 are directly related to any core or ancillary services referred to in Section A and Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is authorised to provide; (iii) it is structured following the list of banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014. (l) evidence supporting the reasons for not settling the cash payments of the CSD's securities settlement system through accounts opened with a central bank of issue of the currency of the country where the settlement takes place; (m) detailed information concerning the following aspects of the relation between the CSD and the designated credit institution: (i) the IT platform used for the settlement of the cash leg of securities transactions, including an overview of the IT organisation and an analysis of the related risks and how they are mitigated; (ii) the applicable rules and procedures that ensure compliance with the requirements concerning settlement finality referred to in Article 39 of Regulation (EU) No 909/2014; (iii) the operation and the legal arrangements of the DVP process, including the procedures used to address the credit risk resulting from the cash-leg of a securities transaction; (iv) the selection, monitoring and management of the interconnections with any other third parties involved in the process of cash transfers, in particular the relevant arrangements with third parties involved in the process of cash transfers; (v) the service level agreement establishing the details of functions to be outsourced by the CSD to the designated credit institution or from the designated credit institution to the CSD and any evidence that demonstrates compliance with the outsourcing requirements set out in Article 30 of Regulation (EU) No 909/2014; (vi) the detailed analysis contained in the recovery plan of the applicant CSD about any impact of the provision of banking-type ancillary services on the provision of core CSD services;

EN 90 EN (vii) the disclosure of possible conflicts of interests in the governance arrangements resulting from the banking-type ancillary services, and the measures taken to address them; (viii) evidence that demonstrates that the credit institution has the necessary contractual and operational ability to have prompt access to the securities collateral located in the CSD and related to the provision of intraday credit and, as the case may be, short term credit. Article 91 Specific requirements

1. Where the CSD applies for authorisation to designate more than one credit institution to provide banking-type ancillary services, its application shall contain the following information: (a) the information referred to in paragraph 2 of Article 90 for each of the designated credit institution; (b) a description of the role of each designated credit institution and the relations between them.
2. Where the application to be authorised in accordance with point (a) or (b) of Article 54(2) of Regulation (EU) No 909/2014 is submitted after the authorisation referred to in Article 17 of Regulation (EU) No 909/2014 has been obtained, the applicant CSD shall identify and inform the competent authority of substantive changes referred to in Article 16(4) of Regulation (EU) No 909/2014 unless it has already provided such information in the process of review and evaluation referred to in Article 22 of Regulation (EU) No 909/2014. Article 92 Standard forms and templates for the application
3. An applicant CSD shall provide an application for the authorisations referred to in points (a) and (b) of Article 54(2) of Regulation (EU) No 909/2014 in the format provided in Section A of Annex III to this Regulation.
4. An applicant CSD shall submit the application referred to in paragraph 1 in a durable medium.
5. An applicant CSD: (a) shall provide a unique reference number for each document that it submits in the application referred to in paragraph 1;

EN 91 EN (b) shall ensure that the information submitted in the application referred to in paragraph 1 clearly identifies to which specific requirement of this Chapter that information refers to and in which document that information is provided. 4. An applicant CSD shall provide its competent authority with a list of all the documents provided in the application referred to in paragraph 1 accompanied by their reference number in the format of the template provided in Section B of Annex III to this Regulation. 5. All information shall be submitted in the language indicated by the competent authority. The competent authority may ask the CSD to submit the same information in a language customary in the sphere of international finance. Article 93 Final provisions

1. Information referred to in Article 18(2), shall be provided to the competent authority at the latest 6 months before Article 54 becomes applicable.
2. Information referred to in Article 25(2) shall be provided to the competent authority at the latest 6 months before the date of entry into force of the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014.
3. Information referred to in points (j) and (r) of Article 42 shall be provided following the date of entry into force of the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014.
4. Information referred to in points (d), (f), (h), (i), and (j) of Article 43(1) shall be provided following the date of entry into force of the delegated acts adopted by the Commission pursuant to Articles 6(5) and 7(15) of Regulation (EU) No 909/2014. Article 94 Entry into force and application This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. Article 54 shall apply from the date of entry into force of the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014. This Regulation shall be binding in its entirety and directly applicable in all Member States.

EN 92 EN Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position]

EN 93 EN Annex I: Details to be included in the application for recognition of third￾country CSDs (Article 25(12) of Regulation (EU) No 909/2014) GENERAL INFORMATION Date of application Corporate name of the legal entity Legal address Name of the person assuming the responsibility for the application Contact details of the person assuming the responsibility for the application Name of other person(s) responsible for the compliance of the third-country CSD with Regulation (EU) No 909/2014 Contact details of the person(s) responsible for the compliance of the third-country CSD with Regulation (EU) No 909/2014 Identities of the shareholders or members that hold participations in the capital of the third-country CSD Identification of the group structure, including any subsidiary and parent company of the third-country CSD List of the Member States in which the third￾country CSD intends to provide services Information regarding core services listed in Section A of the Annex to Regulation (EC) No 909/2014 that the third-country CSD intends to provide in the Union per Member State Information regarding ancillary services listed in section B of the Annex to Regulation (EC) No 909/2014 that the third-country CSD intends to provide in the Union per Member State Information regarding any other services permitted under, but not explicitly listed in Section B of the Annex to Regulation (EC) No 909/2014 that the third-country CSD intends to provide in the Union per Member

EN 94 EN State Currency or currencies that the third -country CSD processes or intends to process Statistical data regarding the services that the third -country CSD intends to provide in the Union per Member State Assessment of the measures that the third

country CSD intends to take to allow its users to comply with any specific national laws of the Member State(s) in which the third

country CSD intends to provide its services Rules and procedures that facilitate the settlement of transactions in financial instruments on the intended settlement date Third -country CSD’s financial resources, form and methods in which they are maintained and arrangements to secure them Evidence that rules and procedures of the third -country CSD are fully compliant with the requirements applicable in the third country where it is established, including the rules concerning prudential, organisational, business continuity, disaster recovery and conduct of business aspects Details of any outsourcing arrangements Rules governing the finality of transfers of securities and cash Information regarding the participation in the securities settlement system operated by the third -country CSD, including the criteria for participation and the procedures for the suspension and orderly exit of participants that no longer meet its criteria Rules and procedures for ensuring the integrity of the securities issues Information on mechanisms established to ensure the protection of participants’ and their clients’ securities Information on third -country CSD links and links with other market infrastructures and on how the related risks are monitored and managed Information on rules and procedures put in place to manage the default of a participant

EN 95 EN Recovery plan Investment policy of the third-country CSD Information on procedures ensuring the timely and orderly settlement and transfer of the assets of clients and participants to another CSD Information on all pending judicial or extrajudicial proceedings, including administrative, civil or arbitration proceedings, which may cause significant financial and other costs to the third-country CSD Information on any final decisions resulting from the proceedings referred to above Information regarding the handling of any conflicts of interest by the third-country CSD Details to be published on the ESMA website in accordance with Article 21(3) of Regulation (EU) No 909/2014, as regards Article 25 of that Regulation

EN 96 EN Annex II: CSD ancillary services records (Article 29 of Regulation (EU) No 909/2014) No. Ancillary Services under Regulation (EU) No 909/2014 Types of records A. CSD’s non-banking-type ancillary services that do not entail credit or liquidity risks 1 Organising a securities lending mechanism, as agent among participants of a securities settlement system a) Identification of delivering/receiving parties; b) Details regarding each securities lending/borrowing operation, including volume and value of securities and ISIN; c) Purpose of each securities lending/borrowing operations; d) Types of collateral; e) Collateral valuation. 2 Providing collateral management services, as agent for participants in a securities settlement system a) Identification of delivering/receiving parties; b) Details regarding each operation, including volume and value of securities and ISIN; c) Types of collateral; d) Purpose of collateral use; e) Collateral valuation. 3 Settlement matching, instruction routing, trade confirmation, trade verification a) Identification of the entities for which the CSD provides such services; b) Types of operations; c) Details regarding each operation, including volume and value of securities and ISIN. 4 Services related to shareholders' registers a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities and ISIN. 5 Supporting the processing of corporate actions, including tax, general meetings and information services a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities/cash, beneficiaries of the operation and ISIN. 6 New issue services, including allocation and management of ISIN codes a) Identification of the entities for which the CSD provides such services; b) Types of services;

EN 97 EN and similar codes c) Details regarding each operation, including ISIN. 7 Instruction routing and processing, fee collection and processing and related reporting a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities/cash, beneficiaries of the operation, ISIN and purpose of the operation. 8 Establishing CSD links, providing, maintaining or operating securities accounts in relation to the settlement service, collateral management, other ancillary services a) Details regarding the CSD links, including identification of CSDs; b) Types of services. 9 Providing general collateral management services as agent a) Identification of delivering/receiving parties; b) Details regarding each operation, including volume and value of securities, ISIN; c) Types of collateral; d) Purpose of collateral use; a) Collateral valuation. 10 Providing regulatory reporting a) Identification of the entities for which the CSD provides the reporting; b) Types of services; c) Details regarding the data provided, including the legal basis and the purpose. 11 Providing information, data and statistics to market/census bureaus or other governmental or inter-governmental entities a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding the data provided, including the legal basis and the purpose. 12 Providing IT services a) Identification of the entities for which the CSD provides the services; b) Types of services; c) Details regarding IT services. B. CSD’s banking-type services directly related to core or ancillary services listed in Sections A and B of the Annex to Regulation (EU) No 909/2014 13 Providing cash accounts to, and accepting deposits from, participants in a securities settlement system and holders of a) Identification of the entities for which the CSD provides such services; b) Cash accounts details; c) Currency; d) Deposits amounts.

EN 98 EN securities accounts, within the meaning of point 1 of Annex I of Directive 2013/36/EU 14 Providing cash credit for reimbursement no later than the following business day, cash lending to pre-finance corporate actions and lending securities to holders of securities accounts, within the meaning of point 2 of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities/cash, ISIN; d) Types of collateral; e) Collateral valuation; f) Purpose of operations; g) Information about any incidents in relation to such services and remediating actions including follow-up. 15 Payment services involving processing of cash and foreign exchange transactions, within the meaning of point 4 of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume of cash, and purpose of operation. 16 Guarantees and commitments related to securities lending and borrowing, within the meaning of point 6 of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities/cash and purpose of operation. 17 Treasury activities involving foreign exchange and transferable securities related to managing participants' long balances, within the meaning of points 7(b) and (e) of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides such services; b) Types of services; c) Details regarding each operation, including volume and value of securities/cash and purpose of operation.

EN 99 EN Annex III: Templates for application by a CSD to designate a credit institution or to provide banking-type ancillary services (Article 55 of Regulation (EU) No 909/2014) A. Template 1 Where the application for authorisation referred to in point (a) of Article 54(2) of Regulation (EU) No 909/2014 is submitted at the same time as the application for authorisation referred to in Article 17 of Regulation (EU) No 909/2014, the following information shall be provided by the applicant CSD in addition to the information requested under Article 17 of Regulation (EU) No 909/2014 and this Regulation: 1 Name of the person responsible for the application where different from the one submitting the application under Article 17 of Regulation (EU) 909/2014 ... 2 Contact details of the person responsible for the application, where different from the one submitting the application under Article 17 of Regulation (EU) 909/2014 ... 3 Date of receipt of the authorisation referred to in point (a) of Article 54(3) ... B. Template 2 Where the application for authorisation referred to in point (b) of Article 54(2) of Regulation (EU) 909/2014 is submitted at the same time as the application for authorisation referred to in Article 17 of Regulation (EU) No 909/2014, the following information shall be provided where, in addition to the information requested under Article 17 of Regulation (EU) No 909/2014 and this Regulation: 1 Corporate name of the entity designated to provide banking-type ancillary services ... 2 Legal address ... 3 Name of the person responsible for the application ... 4 Contact details of the person responsible for the application ... 5 Identification of the parent companies of the designated credit institution(s), if any … 6 Competent authority of the designated credit institution(s) …

EN 100 EN 7 Date of receipt of the authorisation referred to in point (a) of Article 54(4) … C. Template 3 Where a CSD is applying to provide banking-type ancillary services in accordance with point (a) of Article 54(2) of Regulation (EU) No 909/2014, the following information shall be provided: The scope of information to be submitted in accordance Unique reference number of the documen t Title of the document Chapter or section or page of the document where the information is provided

1. the corporate name of the applicant CSD, its legal status and legal address in the Union
2. a copy of the decision of the management body of the applicant CSD to apply for authorisation and the minutes from the meeting where the management body approved the content of the application file and its submission
3. contact details of the person responsible for the application for authorisation, where different from the person submitting the application for authorisation referred to under Article 17 of Regulation (EU) 909/2014
4. evidence that proves the existence of an authorisation referred to in point (a) of Article 54(3) of Regulation (EU) 909/2014
5. evidence that the applicant CSD meets the prudential requirements referred to in Article 59(1), (3) and (4) of Regulation (EU) No 909/2014 and the supervisory requirements referred to in Article 60 of that Regulation
6. evidence, that proves that the applicant CSD complies with point (d) of Article 54(3) of Regulation (EU) No 909/2014

EN 101 EN 7) details concerning the recovery plan referred to in point (f) of Article 54(3) of Regulation (EU) No 909/2014 8) a programme of operations that fulfils the following conditions: (a) it includes a list of the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 that are intended to be provided (b) it includes an explanation of how the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 are directly related to any core or ancillary services referred to in Section A and Section B of the Annex to Regulation (EU) No 909/2014 that the CSD is authorised to provide (c) it is structured following the list of banking￾type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 9) evidence supporting the reasons for not settling cash payments of the CSD's securities settlement system through accounts opened with a central bank of issue of the currency of the country where the settlement takes place 10) detailed information on the arrangements which ensure that the provision of banking-type ancillary services applied for do not affect the smooth provision of the core CSD services referred to in Section A of the Annex to Regulation (EU) No 909/2014, including in particular the following information: (a) the IT platform used for the settlement of the cash leg of securities transactions, including an overview of the IT organisation and an analysis of the related risks and how they are mitigated (b) the operation and legal arrangements of the DVP process and, in particular, the procedures used to address the credit risk resulting from the cash-leg of securities transactions (c) the selection, monitoring, legal documentation and management of

EN 102 EN interconnections with any other third parties involved in the process of cash transfers, in particular the relevant arrangements with third parties involved in the process of cash transfers (d) the detailed analysis in the recovery plan of the applicant CSD of any impact of the provision of banking-type ancillary services on the provision of core CSD services; (e) the disclosure of possible conflicts of interests in the governance arrangements resulting from the provision of banking￾type ancillary services, and the measures taken to address them 11) where relevant, identification of any substantive changes to the documentation supplied for obtaining the authorisation referred to in Article 17(2) of Regulation (EU) No 909/2014, following the same table format, if the updated documentation has not already been provided in the course of the review and evaluation referred to in Article 22 of Regulation (EU) No 909/2014

EN 103 EN D. Template 4 Where a CSD is applying to designate a separate credit institution to provide banking-type ancillary services in accordance with point (b) of Article 54(2) of Regulation (EU) No 909/2014: The scope of information to be submitted Unique reference number of the document Title of the document Chapter or section or page of the document where the information is provided

1. the corporate name of the applicant CSD, its legal status and legal address in the Union
2. a copy of the decision of the management body of the applicant CSD to apply for authorisation and the minutes from the meeting where the management body approved the content of the application file and its submission
3. the contact details of the person responsible for the application for authorisation, where the person is not the same person as the one submitting the application for authorisation referred to in Article 17 of Regulation (EU) 909/2014
4. the corporate name of the credit institution to be designated in accordance with point (b) of Article 54(2) of Regulation (EU) No 909/2014, its legal status and legal address in the Union
5. evidence that the credit institution referred to in point (c) has obtained an authorisation referred to in point (a) of Article 54(4) of Regulation (EU) No 909/2014
6. the articles of incorporation and, where relevant, other statutory documentation of the designated credit institution
7. the ownership structure of the designated credit institution, including the identity of its shareholders

EN 104 EN 8) the identification of any common shareholders of the applicant CSD and the designated credit institution and any participations between the applicant CSD and the designated credit institution 9) evidence that the designated credit institution meets the prudential requirements referred to in Article 59(1), (3) and (4) and the supervisory requirements referred to in Article 60 of Regulation (EU) No 909/2014 10) evidence, including a memorandum of association, financial statements, audit reports, reports from risk committees, or other documents, which proves that the designated credit institution complies with point (e) of Article 54(4) of Regulation (EU) No 909/2014 11) the details of the recovery plan referred to in point (g) of Article 54(4) of Regulation (EU) No 909/2014 12) a programme of operations that fulfils the following conditions: (a) it includes a list of the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 that are intended to be provided (b) it includes an explanation of how the banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 are directly related to any core or ancillary services referred to in Section A and Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is authorised to provide (c) it is structured following the list of banking-type ancillary services referred to in Section C of the Annex to Regulation (EU) No 909/2014 13) details concerning the reasons for not settling the cash payments of the CSD's securities

EN 105 EN settlement system through accounts opened with a central bank of issue of the currency of the country where the settlement takes place 14) detailed information concerning the structural organisation of the relations between the CSD and the designated credit institution, including in particular the following information: (a) the IT platform used for the settlement of the cash leg of securities transactions, including an overview of the IT organisation and an analysis of the related risks and how they are mitigated (b) the applicable rules and procedures that ensure compliance with the requirements concerning settlement finality referred to in Article 39 of Regulation (EU) No 909/2014 (c) the operation and the legal arrangements of the DVP process and in particular, the procedures used to address the credit risk resulting from the cash-leg of a securities transaction (d) the selection, monitoring and management of the interconnections with any other third parties involved in the process of cash transfers, in particular the relevant arrangements with third parties involved in the process of cash transfers (e) the service level agreement establishing the details of functions to be outsourced by the CSD to the designated credit institution and any evidence that demonstrates compliance with the outsourcing requirements as set out in Article 30 of Regulation (EU) No 909/2014 (f) the detailed analysis contained in the recovery plan of the applicant CSD of any impact of the provision of banking-type ancillary services on the provision of core CSD services (g) the disclosure of possible conflicts of interests in the governance arrangements resulting from the banking-type ancillary

EN 106 EN services, and the measures taken to address them (h) evidence that demonstrates that the credit institution has the necessary contractual and operational ability to have prompt access to the securities collateral located in the CSD and related to the provision of intraday credit and, as the case may be, short term credit 15) where relevant, identification of any changes to the documentation supplied for obtaining the authorisation referred to in Article 17(2) of Regulation (EU) No 909/2014, following the same table format, where the updated documentation has not already been provided in the course of the review and evaluation referred to in Article 22 of Regulation (EU) No 909/2014

EN 107 EN Regulation 2: RTS ON INTERNALISED SETTLEMENT EUROPEAN COMMISSION Brussels, XXX … XXX draft COMMISSION DELEGATED REGULATION (EU) No …/.. of XXX […]

EN 108 EN COMMISSION DELEGATED REGULATION (EU) 2015/… of [ ] supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 with regard to regulatory technical standards further specifying the content of the reporting on internalised settlements THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/201210, and in particular the second subparagraph of Article 9(2) thereof, Whereas: (1) The European Securities and Markets Authority (ESMA) has considered the ‘Report on the outcome of CEBS’s call for evidence on custodian banks’ internalisation of settlement and CCP-like activities of 17 April 2009. (2) In accordance with Regulation (EU) No 909/2014 settlement internalisers are to report on settlements that they internalise. In order to provide a good overview of the scope and of the extent of internalised settlements it is necessary to specify further the content of such reporting. The reports on internalised settlement should provide detailed information on the aggregated volume and value of settlement instructions settled by settlement internalisers outside securities settlement systems specifying asset class, type of securities transactions, type of clients, and issuer CSD. [A settlement internaliser should only report internalised settlements where it has executed a settlement instruction by a client of the settlement internaliser in its own books. It should not report subsequent alignments of book-entry positions to reflect the settlement of instructions by other entities in the holding chain of securities, as these do not qualify as internalised settlement. (3) Given that the reporting requirements of this Regulation may require significant IT system changes, market testing and adjustments to legal arrangements of the institutions concerned, sufficient time should be allowed for the application of such

10 OJ L 257, 28.8.2014, p. 1.

EN 109 EN requirements, to ensure that the institutions concerned meet the necessary requirements. (4) This Regulation is based on the draft regulatory technical standards submitted by ESMA to the Commission. (5) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 10 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council11 . (6) In accordance with Article 9(2) of Regulation (EU) No 909/2014, in developing the draft regulatory technical standards on which this Regulation is based, ESMA has worked in close cooperation with the members of the European System of Central Banks. HAS ADOPTED THIS REGULATION: Article 1 Definitions For the purposes of this Regulation the following definitions apply: (a) ‘internalised settlement instruction’ means an instruction by a client of the settlement internaliser to place at the disposal of the recipient an amount of money or to transfer the title to, or interest in, a security or securities by means of a book entry on a register, or otherwise, which is settled by the settlement internaliser in its own books and not through a securities settlement system; (b) failed internalised settlement instruction’ means non-occurrence of settlement or partial settlement of a securities transaction at the date agreed by the parties concerned due to a lack of securities or cash, regardless of the underlying cause; (c) ‘issuer CSD’ means a CSD which provides the core service referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014 in relation to a securities issue.

11 Regulation (EU) No 1095/2010 of 24 November 2010 of the European Parliament and of the Council establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

EN 110 EN Article 2

1. The reports referred to in the first subparagraph of Article 9(1) of Regulation (EU) No 909/2014 shall include the following information: (a) country code of the place of establishment of the settlement internaliser; (b) reporting timestamp; (c) period covered by the report; (d) identifier of the settlement internaliser; (e) contact details of the settlement internaliser; (f) the aggregated volume and value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser during the period covered by the report; (g) the aggregated volume and value, expressed in euros, of internalised settlement instructions, for each of the following types of financial instruments settled by the settlement internaliser during the period covered by the report: (i) transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU; (ii) sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU; (iii) transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU, other than those mentioned under point ii); (iv) transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU; (v) exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU (ETF); (vi) units in collective investment undertakings, other than ETF; (vii) money-market instruments, other than those mentioned under point ii); (viii) emission allowances; (ix) other financial instruments.

EN 111 EN (h) the aggregated volume and value, expressed in euros, of all internalised settlement instructions, for each of the following types of securities transactions settled by the settlement internaliser during the period covered by the report: (i) purchase or sale of securities; (ii) collateral management operations; (iii) securities lending or securities borrowing; (iv) repurchase transactions; (v) other securities transactions. (i) the aggregated volume and value, expressed in euros, of all internalised settlement instructions settled by the settlement internaliser during the period covered by the report covering the following types of clients: (i) professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU; (ii) retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU. (j) the aggregated volume and value, expressed in euros, of all internalised settlement instructions referring to cash transfers settled by the settlement internaliser during the period covered by the report; (k) the aggregated volume and value, expressed in euros, of all internalised settlement instructions settled by the settlement internaliser during the period covered by the report per each issuer CSD; (l) the aggregated volume and value, expressed in euros, of all internalised settlement instructions referred to in points (g) to (j) of the first subparagraph, per each issuer CSD; (m) the aggregated volume and value, expressed in euros, of failed internalised settlement instructions referred to in points (f) to (l) during the period covered by the report; (n) the rates of failed internalised settlement instructions referred to in points (f) to (l) compared to the following: (i) the aggregated value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions; (ii) the aggregated volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions.

EN 112 EN For the purposes of points (k) and (l) of the first subparagraph, if the information on the Issuer CSD is not available, the ISIN of the securities shall be used as a proxy, by splitting the data by the first two characters of the ISIN codes. 2. Where available, the exchange rate of the European Central Bank on the last day of the period covered by the reports shall be used for the conversion of other currencies into euros. 3. Transactions executed on a trading venue and transferred by the trading venue to a CCP for clearing or to a CSD for settlement shall not be included in the reports referred to in paragraph 1. 4. The aggregated value of internalised settlement instructions referred to in this Regulation shall be calculated as follows: (a) in the case of internalised settlement instructions against payment, the settlement amount of the cash leg; (b) in the case of internalised settlement instructions free of payment, the market value of the financial instruments or, if not available, the nominal value of the financial instruments. The market value referred to in the first subparagraph shall be calculated as follows: (a) for financial instruments referred to in Article 3(1) of Regulation (EU) No 600/2014 admitted to trading on a trading venue within the Union, the value determined on the basis of the closing price of the most relevant market in terms of liquidity referred to in Article 4(6)(b) of Regulation (EU) No 600/2014; (b) for financial instruments admitted to trading on a trading venue within the Union other than those referred to in point (a), the value determined on the basis of the closing price of the trading venue within the Union with the highest turnover; (c) for financial instruments other than those referred to in points (a), and (b) the value determined on the basis of a price calculated using a pre-determined methodology that refers to criteria related to market data, such as market prices available across trading venues or investment firms. Article 2 Entry into force This Regulation shall enter into force on the twentieth following that of its publication in the Official Journal of the European Union. This Regulation shall apply two years following its publication in the Official Journal.

EN 113 EN This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position]

EN 114 EN Regulation 3: ITS ON CSD REQUIREMENTS EUROPEAN COMMISSION Brussels, XXX … XXX draft COMMISSION IMPLEMENTING REGULATION (EU) No …/.. of XXX […]

EN 115 EN COMMISSION IMPLEMENTING REGULATION (EU) …/2015 of […] laying down implementing technical standards with regard to standard forms, templates and procedures for authorisation, review and evaluation of central securities depositories, for the cooperation between authorities of the home Member State and the host Member State, for the consultation of authorities involved in the authorisation to provide banking-type ancillary services, for access involving central securities depositories, and with regard to the format of the records to be maintained by central securities depositories according to Regulation (EU) No 909/2014 of the European Parliament and of the Council (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and Regulation (EU) No 236/201212, and in particular Article 17(10), Article 22(11), Article 24(8), Article 29(4), Article 33(6), Article 49(6), Article 52(4), Article 53(5) and Article 55(8) thereof, Whereas: (1) The provisions in this Regulation are closely linked, since they all deal with supervisory requirements involving central securities depositories (CSDs). To ensure coherence between those provisions, and to facilitate a comprehensive view and compact access to them by persons subject to those obligations, it is desirable to include all the implementing technical standards required by Article 17(10), Article 22(11), Article 24(8), Article 29(4), Article 33(6), Article 49(6), Article 52(4), Article 53(5) and Article 55(8) of Regulation (EU) No 909/2014 in a single Regulation. (2) In view of the global nature of financial markets, this Regulation takes into account the Principles for Financial Market Infrastructures issued in April 2012 by the Committee on Payment and Settlement Systems and the International Organization of Securities Commissions (CPSS-IOSCO Principles), in particular the standards of

12 OJ L 257/1, 28.8.2014, p.1.

EN 116 EN cooperation with other authorities, which serve as a global benchmark for regulatory requirements for central securities depositories (CSDs). This Regulation also takes into account the IOSCO Principles regarding cross-border supervisory cooperation issued in May 2010 and the standards on cooperative oversight issued in May 2005 by the CPSS entitled ‘Central bank oversight of payment and settlement systems’. (3) Any information submitted to the competent authority in a CSD’s application for authorisation as well as for the purposes of review and evaluation should be provided in a durable medium. (4) In order to facilitate quick identification of the information submitted by a CSD, all documents provided to the competent authority, including those provided with an application for authorisation, should bear a unique reference number. Information submitted as part of the process of review and evaluation of the CSDs’ activities should contain precise indications of the changes to the documents that have been submitted during that process (5) In order to facilitate the cooperation between authorities where CSDs provide cross￾border activities or set up branches, it is necessary to provide for harmonised standards, forms and procedures for such cooperation. (6) To carry out their duties effectively and consistently, the authorities authorised to have access to the records of CSDs in accordance with Regulation (EU) No 909/2014 should be provided with data that is comparable across CSDs. In addition, the use of common formats across different financial market infrastructures should facilitate the greater use of those formats by a wide variety of market participants, thus promoting standardisation. Standardised procedures and data formats across CSDs should reduce as well the costs for market participants and facilitate the tasks of supervisors and regulators. (7) To ensure consistency of the record keeping, all legal entities should be identified by a unique code through the use of legal entity identifiers (LEI). The use of a legal entity identifier (LEI) is already required under Commission Implementing Regulation (EU) No 1247/201213 and it should be required for the purposes of the record keeping by CSDs. The use of proprietary formats by CSDs should be limited to internal processes, but for reporting purposes and for providing information to competent authorities any internal code should be appropriately converted into a globally accepted standard such as LEI. At the same time, account holders in the Member States allowing direct securities holding systems and clients of participants in the securities settlement systems operated by CSDs should be allowed to continue to be identified by national identifiers where available.

13 Commission Implementing Regulation (EU) No 1247/2012 of 19 December 2012 laying down implementing technical standards with regard to the format and frequency of trade reports to trade repositories according to Regulation (EU) No 648/2012 of the European Parliament and of the Council on OTC derivatives, central counterparties and trade repositories (OJ L 352, 21.12.2012, p. 20).

EN 117 EN (8) In order to ensure a harmonised approach regarding the processing of complaints concerning the access of participants to CSDs, the access of issuers to CSDs, the access between CSDs, and the access between a CSD and another market infrastructure, standard forms and templates should be used, specifying the identified risks and the assessment of the identified risks that justify a refusal of access. (9) In order to facilitate the consultation by the competent authority of a CSD with other authorities involved referred to in Regulation (EU) No 909/2014 prior to granting or refusing authorisation to provide banking-type ancillary services, it is necessary to provide for an effective and structured process for consultation. To facilitate the timely cooperation of the authorities concerned and allow each of them to provide a reasoned opinion concerning the application, the documents and data attached to an application should be organised according to common templates. (10) The record-keeping requirements for CSDs provided in this Regulation concerning their activities related to the measures on settlement discipline are closely linked to Regulation (EU) No….[RTS on settlement discipline]. To ensure coherence in their application, it is desirable that the provisions on record-keeping requirements begin to apply when the abovementioned act on settlement discipline becomes applicable. (11) This Regulation is based on the draft implementing technical standards submitted by the European Securities and Markets Authority (ESMA) to the Commission. (12) In accordance with Regulation (EU) No 909/2014, in developing the draft implementing technical standards on which this Regulation is based, ESMA has worked in close cooperation with the members of the European System of Central Banks (ESCB). In accordance with Article 15 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council14, ESMA has conducted open public consultations before submitting the draft implementing technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010. HAS ADOPTED THIS REGULATION: CHAPTER I CSD AUTHORISATION (Article 17(10) of Regulation (EU) No 909/2014)

14 Regulation (EU) No 1095/2010 of 24 November 2010 of the European Parliament and of the Council establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

EN 118 EN Article 1 Standard forms, templates and procedures for application

1. A CSD shall submit its application for authorisation using the standard form and templates set out in Annex I.
2. A CSD applying for authorisation in accordance with Article 17 of Regulation (EU) No 909/2014 (‘applicant CSD’) shall provide its application in a durable medium as defined in point (j) of Article 1 of Regulation (EU) No… [RTS on CSD requirements].
3. The applicant CSD shall provide the competent authority with a list of all documents submitted as part of its application for authorisation which identifies the following information: (a) the unique reference number of each document; (b) the title of each document; (c) the chapter, section or page of each document where the relevant information is provided.
4. All information shall be submitted in the language indicated by the competent authority. The competent authority may request the CSD to submit the same information in a language customary in the sphere of international finance.
5. An applicant CSD maintaining any of the relationships referred to in Article 17(6) of Regulation (EU) No 909/2014 shall provide the competent authority with the list of competent authorities to be consulted, including contact persons from those authorities. CHAPTER II REVIEW AND EVALUATION (Article 22(11) of Regulation (EU) No 909/2014) Article 2 Standard forms and templates for the provision of information by a CSD to the competent authority for the purposes of review and evaluation
6. Information referred to in in Article 41 of Regulation No…[RTS on CSD Requirements] shall be provided in a durable medium as defined in point (j) of Article 1 of Regulation (EU) No… [RTS on CSD requirements].
7. Information provided by a CSD shall be submitted in the standard form and templates provided in Annex II and, where relevant, the template of Table 2 in Annex I. Where the template set out in Table 2 of Annex I is used, it shall have an additional column specifying

EN 119 EN the chapter, section or page of the document where changes were introduced during the review period and another additional column to include any explanations in relation to the changes introduced during the review period. Article 3 Procedure for the provision of information by a CSD to the competent authority for the purposes of a review and evaluation

1. The competent authority shall communicate to the CSD the frequency and the depth of the review and evaluation process and the period of time covered by the review and evaluation ('review period'). Any changes thereto shall be communicated to the CSD without undue delay.
2. The CSD shall provide the information referred to in Article 41(1) of Regulation (EU) No… [RTS on CSD requirements] within two months following the end of the review period. The competent authority may request more frequent reporting of this information.
3. All information shall be submitted in the language indicated by the competent authority. The competent authority may request the CSD to submit the same information in a language customary in the sphere of international finance. Article 4 Provision of information to the relevant authorities and, where applicable, to the authority referred to in Article 67 of Directive 2014/65/EU
4. Upon completion of the review and evaluation, the competent authority shall communicate within three working days to the relevant authorities and, where applicable, to the authority referred to in Article 67 of Directive 2014/65/EU of the European Parliament and of the Council15 its results as specified in Article 45 of Regulation (EU) No…. [RTS on CSD requirements].
5. Where the review and evaluation gives rise to remedial action or a penalty, the competent authority shall inform the relevant authorities and, where applicable, the authority referred to in Article 67 of Directive 2014/65/EU within three working days after that measure is taken.
6. The authorities referred to in this Article shall define the working language for the exchange of information and, if such language cannot be agreed between them, the working language shall be a language customary in the sphere of international finance.

15 Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU (OJ L 173, 12.6.2014, p. 349).

EN 120 EN Article 5 Exchange of information between competent authorities

1. Prior to every review and evaluation, when supervising a CSD which maintains the relationships referred to in points (a), (b) and (c) of Article 17(6) of Regulation (EU) No 909/2014, the competent authority shall update the list referred to in Article 1(5) regarding other competent authorities to be involved in the review and evaluation, including contact persons from those authorities, and shall share that list with all those authorities.
2. The competent authority shall provide the information referred to in Article 46(1) of Regulation (EU) No… [RTS on CSD requirements] to the competent authorities included in the list referred to in paragraph 1 within 30 working days from the date of availability of that information.
3. Within 30 working days from the deadline referred to in paragraph 2, the competent authorities included in the list referred to in paragraph 1 shall send to the competent authority that provided the information their assessment thereof.
4. Within 3 working days from the completion of the review and evaluation referred to in Article 22(1) of Regulation (EU) No 909/2014, as notified by the competent authority to the competent authorities included in the list referred to in paragraph 1, the competent authority shall communicate to the competent authorities included in the list referred to in paragraph 1its results as specified under Article 46(2) of Regulation (EU) No… [RTS on CSD requirements].
5. The authorities referred to in this Article shall define the working language for the exchange of information and, if such language cannot be agreed between them, the working language shall be a language customary in the sphere of international finance. CHAPTER III COOPERATION ARRANGEMENTS (Article 24(8) of Regulation (EU) No 909/2014) Article 6 General requirements for cooperation arrangements
6. The competent authority of the home Member State and the competent authority of the host Member State shall define the working language of their cooperation activities and, if such language cannot be agreed between them, the working language shall be a language customary in the sphere of international finance.

EN 121 EN 2. Each competent authority shall designate and share with the other competent authorities contact details of one primary and one secondary contact persons and any changes thereto. Article 7 Cooperation between the competent authorities for the supervision of a branch

1. Where a CSD authorised in one Member State has set up a branch in another Member State, the competent authority of the home Member State and the competent authority of the host Member State shall use the form and template set out in Table I of Annex III for the exchange of information.
2. Where a competent authority requests supplementary information from another competent authority, it shall indicate to the other competent authority the activities of the CSD that justify such request. Article 8 Cooperation between the competent authorities in case of on-site-inspections in the branch
3. Before carrying out on-site inspections referred to in paragraph 1 of Article 24 of the Regulation (EU) 909/2014, the competent authorities of the home and host Member States shall reach a common understanding on the terms and scope of the on-site inspection, including the following: (a) the respective roles and responsibilities; (b) the reasons for the on-site inspection.
4. The competent authorities of the home and host Member States shall inform each other of an on-site inspection of the branch of a CSD in a host Member State in accordance with paragraph 1 using the template set out in Table 2 of Annex III. Article 9 Exchange of information between the competent authorities on the CSD's activities in the host Member State
5. The request for information referred to in Article 24(3) of Regulation (EU) No 909/2014 shall be addressed by letter or email to the competent authority of the home Member State and shall include an explanation of the relevance of that information to the activities of that CSD in the host Member State.

EN 122 EN 2. The competent authority of the home Member State shall, without undue delay, communicate the information referred to in Article 24(3) of Regulation (EU) No 909/2014, by letter or email using the template in Table 3 of Annex III. Article 10 Procedure for cooperation between competent authorities in case of a CSD's breach of its obligations

1. For the purpose of the first subparagraph of Article 24(5) of Regulation (EU) No 909/2014, the competent authority of the host Member State shall refer its findings on a CSD’s breaches to the competent authority of the home Member State and to ESMA using the template set out in Table 4 of Annex III.
2. The competent authority of the home Member State shall review the findings submitted by the competent authority of the host Member State and shall inform that authority of the measures it intends to take to address the breaches identified.
3. Where the matter is referred to ESMA in accordance with the third subparagraph of Article 24(5) of Regulation (EU) No 909/2014, the referring competent authority shall provide ESMA with all relevant information. CHAPTER IV RECORD KEEPING (Article 29(4) of Regulation (EU) No 909/2014) Article 11 Format of records
4. A CSD shall retain the records referred to in Article 54 of Regulation (EU) No… [RTS on CSD requirements], for all transactions, settlement instructions and orders concerning settlement restrictions that it processes, in the format set out in Table 1 in Annex IV to this Regulation.
5. A CSD shall retain the records referred to in Article 55 of Regulation (EU) No… [RTS on CSD requirements], for the positions corresponding to all the securities accounts that it maintains in the format set out in Table 2 in Annex IV.
6. A CSD shall retain the records referred to in Article 56(1) of Regulation (EU) No… [RTS on CSD requirements] for the ancillary services that it provides in the format set out in Table 3 in Annex IV.

EN 123 EN 4. CSD shall retain the records referred to in Article 57 of Regulation (EU) No… [RTS on CSD requirements] for activities related to its business and internal organisation in the format set out in Table 4 in Annex IV. 5. A CSD shall use a legal entity identifier (LEI) or a bank identifier code (BIC), with the obligation to convert to LEI for the purposes of reporting to authorities to identify in its records: (a) a CSD; (b) CSD participants; (c) settlement banks; (d) issuers. 6. A CSD shall use a legal entity identifier (LEI) or a bank identifier code (BIC), or other available form of identification for legal persons to identify in its records participants’ clients, where the participants’ clients are known to the CSD. 7. A CSD may use any available identifier allowing for the unique identification of natural persons at national level, to identify in its records a participant's clients known to the CSD. 8. A CSD shall use in the records retained by it the ISO codes referred to in Annex IV. 9. A CSD may use a proprietary format only if this format can be converted without undue delay into an open format based on international open communication procedures and standards for messaging and reference data, for the purposes of making available its records to authorities in accordance with Article 29(2) of Regulation (EU) No 909/2014. 10. Upon request, a CSD shall provide the competent authority with information referred to in Article 54 and Article 55 of Regulation (EU) No… [RTS on CSD requirements] by means of a direct data feed. A CSD shall be given sufficient time to implement the necessary measures to respond to such a request. CHAPTER V ACCESS (Articles 33(6), 49(6), 52(4) and 53(5) of Regulation (EU) No 909/2014) Article 12 Standard forms and templates for the access procedure

EN 124 EN

1. A requesting CSD and any other requesting party shall use the template provided in Table 1 of Annex V to this Regulation when submitting a request for access under Article 52(1) or under Article 53(2) of Regulation (EU) No 909/2014.
2. A receiving CSD and any other receiving party shall use the template provided in Table 2 of Annex V to this Regulation when granting access following a request for access under Article 52(1) or under Article 53(2) of Regulation (EU) No 909/2014.
3. A CSD shall use the template set out in Table 3 of Annex V to this Regulation when denying access in accordance with Articles 33(3), 49(4), 52(2) or 53(3) of Regulation (EU) No 909/2014.
4. A CCP or a trading venue shall use the template in Table 4 of Annex V to this Regulation when denying access in accordance with Article 53(3) of Regulation (EU) No 909/2014.
5. A requesting party shall use the template in Table 5 of Annex V to this Regulation when submitting a complaint to the competent authority of the CSD that has denied access to it in accordance with Articles 33(3), 49(4), 52(2) or 53(3) of Regulation (EU) No 909/2014.
6. A CSD shall use the template in Table 6 of Annex V to this Regulation when submitting a complaint to the competent authority of the CCP or the trading venue that has denied access to the CCP or the trading venue in accordance with Article 53(3) of Regulation (EU) No 909/2014.
7. The competent authorities referred to in paragraphs (5) and (6) shall use the template in Table 7 of Annex V to this Regulation when consulting the following authorities on their assessment of the complaint, as appropriate: (a) the competent authority of the place of establishment of the requesting participant in accordance with the fourth subparagraph of Article 33(3) of Regulation (EU) No 909/2014; (b) the competent authority of the place of establishment of the requesting issuer in accordance with the fourth subparagraph of Article 49(4) of Regulation (EU) No 909/2014; (c) the competent authority of the requesting CSD and the relevant authority of the requesting CSD referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 in accordance with the fifth subparagraph of Article 52(2) of Regulation (EU) No 909/2014; (d) the competent authority of the requesting CCP or trading venue in accordance with the fourth subparagraph of Article 53(3) of Regulation (EU) No 909/2014.

EN 125 EN 8. The authorities referred to in points (a) to (d) of paragraph 7 shall use the template in Table 8 of Annex V to this Regulation when responding to the consultation referred to in paragraph 7 of this Article. 9. The authorities referred to in points (a) to (d) of paragraph 7 shall use the template set out in Table 8 of Annex V to this Regulation if any of them decides to refer the matter to ESMA in accordance with the fourth subparagraph of Article 33(3), the fourth subparagraph of Article 49(4), the fifth subparagraph of Article 52(2) or the fourth subparagraph of Article 53(3) of Regulation (EU) No 909/2014. 10. The competent authorities referred to in paragraphs 5 and 6 shall provide the requesting party with a reasoned reply in the format set out in Table 9 of Annex V to this Regulation. 11. The authorities referred to paragraphs (7) and (8), and ESMA in the case of paragraph (9), shall define the working language for the purpose of the communication referred to under paragraphs (7), (8), and (9). If such language cannot be agreed between or among them, the working language shall be a language customary in the sphere of international finance. CHAPTER VI PROCEDURE FOR AUTHORISATION TO PROVIDE BANKING-TYPE ANCILLARY SERVICES AND FINAL PROVISION Article 13 List of the authorities Upon receipt of an application for the authorisations referred to in Article 54(2) of Regulation (EU) No 909/2014, the competent authority shall identify the authorities referred to in Article 55(4) of that Regulation and make up a list. Article 14 Transmission of information and request for a reasoned opinion

1. The competent authority shall transmit a request for the reasoned opinion referred to in paragraph(5) of Articles 55of Regulation (EU) No 909/2014 to the authorities referred to in points (a) to (e) of paragraph 4 of Article 55 of Regulation (EU) No 909/2014 using the template in Section 1 of Annex VI.
2. After the transmission referred to in Article 55(4) of Regulation (EU) No 909/2014, and of the request referred to in paragraph 1 of this Article, each authority referred to in points (a) to (e) of paragraph 4 of Article 55 of Regulation (EU) No 909/2014 shall immediately

EN 126 EN upon receipt confirm by email to the transmitting competent authority that it received the respective information. 3. If no confirmation of receipt is received in accordance with paragraph 2, the competent authority shall itself contact the authorities referred to points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014, to ensure that they have received the information referred to in paragraph 1. Article 15 Reasoned opinion and reasoned decision

1. The authorities referred to in points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014 shall issue the reasoned opinion to the competent authority using the template provided in Section 2 of Annex VI.
2. Where at least one of the authorities referred to in points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014 issues a negative reasoned opinion and when the competent authority wishing to grant the authorisation provides those authorities with the reasoned decision referred to in the second subparagraph of Article 55(5) of Regulation (EU) No 909/2014, the competent authority shall use the template provided in Section 3 of Annex VI. Article 16 Authorisation irrespective of negative reasoned opinion
3. Where an authority decides to refer to ESMA the reasoned decision of the competent authority which wishes to grant the authorisation in accordance with the third subparagraph of Article 55(5) of Regulation (EU) No 909/2014, that authority ('referring authority') shall use the template provided in Section 4 of Annex VI.
4. The referring authority shall provide ESMA with all the information provided by the competent authority in accordance with Article 55(4) of Regulation (EU) No 909/2014, the reasoned opinions provided by the authorities in accordance with the first subparagraph of Article 55(5) of Regulation (EU) No 909/2014 and the reasoned decision issued by the competent authority in accordance with the second subparagraph of Article 55(5) of Regulation (EU) No 909/2014.
5. The referring authority shall provide, without undue delay, a copy of the information referred to in paragraph 2 to the authorities referred to in points (a) to (e) of Article 55(4) of Regulation No 909/2014. Article 17

EN 127 EN Entry into force This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. Article 11(1) shall apply from the date of entry into force of the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position]

128 Annex I: Forms and templates for the CSD application for authorisation (Article 17(10) of Regulation (EU) No 909/2014) Table 1 GENERAL INFORMATION Type of information Format Date of application ISO 8601 date in the format YYYY-MM-DD Corporate name of the applicant CSD Free text Identification of the applicant CSD ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code Legal address of the applicant CSD Free text Securities settlement system(s) the applicant CSD operates or intends to operate Free text Contact details of the person responsible for the application (name, function, phone number, email address) Free text Contact details of the person(s) in charge of the applicant CSD’s internal control and compliance function (name, function, phone number, email address) Free text List of all documents provided by the applicant CSD with unique reference numbers Free text

EN 129 EN Table 2 Document References The scope of information to be submitted in accordance with the specific requirement of the delegated act with regard to regulatory technical standards specifying the details of the application for authorisation of CSDs adopted pursuant to Article 17(9) of Regulation (EU) No 909/2014 Unique reference number of the document Title of the document Chapter or section or page of the document where the information is provided or reason why the information is not provided A. General information on the applicant CSD (Articles 4- 7 of Regulation (EU)…(RTS on CSD Requirements) Identification and legal status of the CSD (Article 5 of Regulation (EU)…(RTS on CSD Requirements)) An application for authorisation submitted according to Article 17 of Regulation (EC) No 909/2014 shall clearly identify the entity applying the activities and services that it intends to carry out The corporate name of the applicant CSD, its LEI and legal address in the Union The memorandum and articles of association and other constitutional and statutory documentation An excerpt from the relevant commercial or court register, or other forms of certified evidence of the legal address and business activity of the applicant CSD that shall be valid at the date of the application The identification of the securities settlement systems that the applicant CSD operates or intends to operate A copy of the decision of the management body regarding the application and the minutes of the meeting in which the management body approved the application file and its submission The contact details of the person responsible for the application A chart showing the ownership links between the parent undertaking, subsidiaries and any other associated entities or branches; the entities shown in the chart shall be identified by their full company name, legal status, legal address, and tax numbers or company registration numbers

EN 130 EN A description of business activities of the applicant CSD’s subsidiaries and other legal persons in which the applicant CSD holds a participation, including information on the level of participation A list containing: (i) the name of each person or entity who, directly or indirectly, holds 5 % or more of the applicant CSD’s capital or voting rights; (ii) the name of each person or entity that could exercise a significant influence over the applicant CSD’s management due to its holding in the applicant CSD’s capital A list containing: (i) the name of each entity in which the applicant CSD holds 5 % or more of the entity’s capital and voting rights; (ii) the name of each entity over whose management the applicant CSD exercises a significant influence, given the applicant CSD’s holding of the entity’s capital A list of core services listed in Section A of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide A list of ancillary services explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide A list of any other ancillary services permitted under, but not explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide; A list of investment services and activities subject to Directive 2014/65/EU which are not explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014 that the applicant CSD is providing or intends to provide

EN 131 EN A list of services the applicant CSD outsources or intends to outsource to a third party in accordance with Article 30 of Regulation (EU) No 909/2014 The currency or currencies that the applicant CSD processes, or intends to process in connection with services the applicant CSD provides, irrespective of whether cash is settled on a central bank account, a CSD account, or an account at a designated credit institution; Information on any pending and final judicial or civil, administrative and arbitration or any other legal proceedings to which the applicant CSD is a party, and which may cause it financial or other costs. Where the applicant CSD intends to provide core services or to set up a branch in accordance with Article 23(2) of Regulation (EU) No 909/2014, information shall be provided as follows:, The Member State(s) in which the applicant CSD intends to operate A programme of operations stating in particular the services which the applicant CSD provides or intends to provide in the host Member State The currency or currencies that the applicant CSD processes or intends to process in that host Member State(s) Where the services will be provided through a branch, the organisational structure of the branch and the names of the persons responsible for its management Where relevant, an assessment of the measures that the applicant CSD intends to take to allow its users to comply with the national laws referred to in Article 49(1) of Regulation (EU) No 909/2014 Where relevant, a description of the services or activities the applicant CSD outsources to a third party in accordance with Article 30 of Regulation (EU) No 909/2014 Policies and Procedures for regulatory compliance (Article 6 of Regulation (EU)…(RTS on CSD Requirements)) The job titles of the persons responsible for the approval and maintenance of the policies and procedures

EN 132 EN A description of the measures implementing and monitoring the compliance with, the policies and procedures A description of the procedures put in place by the applicant CSD in compliance with any mechanism established in accordance with Article 65 of Regulation (EU) No 909/2014 CSD Services and activities (Article 7of Regulation (EU)…(RTS on CSD Requirements)) Detailed descriptions of the services and activities, and of procedures to be applied in the provision of the services and activities by the applicant CSD: Core services specified under Section A of the Annex to Regulation (EU) No 909/2014 Ancillary services explicitly listed in section B of the Annex to Regulation (EU) No 909/2014 Any other ancillary services permitted under, but not explicitly listed in Section B of the Annex to Regulation (EU) No 909/2014 Investment services and activities subject to Directive 2014/65/EU16 referred to in the point above Information for groups (Article 8 of Regulation (EU)…(RTS on CSD Requirements)) Policies and procedures referred to in Article 26(7) of Regulation (EU) No 909/2014 Information on the composition of the senior management, management body, and shareholders structure of the parent undertaking or other group undertakings Services, as well as key individuals other than senior management holding functions that the applicant CSD shares with other undertakings in by the group Where the CSD has a parent undertaking, information shall be provided as follows: Identification of the legal address of the parent undertaking An indication of whether the parent undertaking is an entity that is authorised or registered and subject to supervision under Union or third country laws Where relevant, any relevant registration number and the name of the authority or authorities competent for the supervision of the parent undertaking

16 OJ […]

EN 133 EN Where the applicant CSD has an agreement with an undertaking within the group, which provides services related to services provided by a CSD, a description and a copy of such agreement B. Financial reports, business plans and recovery (Article 9 of Regulation (EU)…(RTS on CSD Requirements)) Financial reports, business plans and recovery (Article 8 of Regulation (EU)…(RTS on CSD Requirements)) Financial reports including a complete set of financial statements for the preceding three years, and the statutory audit report on the annual and consolidated financial statements within the meaning of Directive 2006/43/EC of the European Parliament and of the Council , for the preceding three years The name and the national registration number of the external auditor A business plan, including a financial plan and an estimated budget, that foresees various business scenarios for the CSD services, over a reference period of at least three years Any plan for the establishment of subsidiaries and branches and their location A description of the business activities that the applicant CSD plans to carry out, including the activities of any subsidiaries or branches of the applicant CSD Where historical financial information referred to above is not available an application for authorisation shall contain the following information about the applicant CSD: Evidence that demonstrates sufficient financial resources during six months after the granting of an authorisation An interim financial report where the financial statements are not yet available for the requested period of time A statement concerning the financial situation of the applicant CSD, such as a balance sheet, income statement, changes in equity and of cash flows and a summary of accounting policies and other relevant explanatory notes Where applicable, audited annual financial statements of any parent undertaking for the three financial years preceding the date of the application

EN 134 EN A description of an adequate recovery plan including: A summary that provides an overview of the plan and its implementation An identification of the critical operations of the applicant CSD, stress scenarios and events triggering recovery, and a substantive description of recovery tools to be used by the applicant CSD Information about the assessment of any impacts of the recovery plan on various stakeholders that are likely to be affected by its implementation An assessment by the applicant CSD of the legal enforceability of the recovery plan that takes account of any legal constraints imposed by the Union, national or third country legislation C. Organisational requirements (Articles 10-18 of Regulation (EU)…(RTS on CSD Requirements)) Organisational chart (Article 10 of Regulation (EU)…(RTS on CSD Requirements)) Identity and tasks of the persons responsible for the following positions: (i) senior management; (ii) managers in charge of the operational roles; (iii) managers in charge of the activities of any branches of the applicant CSD; (iv) other significant roles in the operations of the applicant CSD. The number of staff members in each division and operational unit Staffing policies and procedures (Article 11 of Regulation (EU)…(RTS on CSD Requirements)) A description of the remuneration policy, which includes information about the fixed and variable elements of the remuneration of the senior management, the members of the management body and the staff employed in the risk management and compliance and internal control, technology and internal audit functions of the applicant CSD The measures put in place by the applicant CSD to mitigate the risk of over-reliance on the responsibilities entrusted to any individual person

EN 135 EN Risk monitoring tools and governance arrangements (Article 12 of Regulation (EU)…(RTS on CSD Requirements)) A description of the components of the governance arrangements of the applicant CSD The policies, procedures and systems that identify, measure, monitor, manage and report the risks that the applicant CSD may be exposed to and the risks that the applicant CSD poses to any other entities; A description of the composition, role and responsibilities of the members of the management body and senior management and any committees established in accordance with Regulation (EU)…(RTS on CSD Requirements) A description of the processes concerning the selection, appointment, performance evaluation and removal of senior management and members of the management body A description of the procedure used by the applicant CSD to make its governance arrangements and the rules governing its activity available to the public Where the a p p l i c a n t CSD adheres to a recognised corporate governance code of conduct: The identification of the code of conduct (a copy of the code) An explanation for any situations where the applicant CSD deviates from the code Compliance and internal control function and internal audit function (Article 13 of Regulation (EU)…(RTS on CSD Requirements)) A description of the procedures for the internal reporting of infringements referred to in Article 26(5) of Regulation (EU) No 909/2014 Information regarding its internal audit policies and procedures including the following: A description of the monitoring and evaluation tools for the adequacy and effectiveness of the applicant CSD’s internal control systems A description of the control and safeguard tools for the applicant CSD’s information processing systems An explanation concerning the development and application of its internal audit methodology A work plan for three years following the date of application A description of the roles and qualifications of each individual who is responsible for internal audit

EN 136 EN An application for authorisation shall contain the following information concerning the compliance and internal control function of the applicant CSD: A description of the roles and qualifications of the individuals who are responsible for the compliance and internal control function and of any other staff involved in the assessments of compliance, including a description of the means to ensure the independence of the compliance and internal control function from the rest of the business units The policies and procedures of the compliance and internal control function including a description of the compliance role of the management body and senior management Where available, the most recent internal report prepared by the persons responsible for the compliance and internal control function or by any other staff involved in the assessments of compliance within the applicant CSD Senior management, management body and shareholders (Article 14 of Regulation (EU)…(RTS on CSD Requirements)) For each member of the senior management and member of the management body, the following information: A copy of a curriculum vitae which sets out the experience and knowledge of each member Details regarding any criminal and administrative sanctions imposed on a member in connection with the provision of financial or data services or in relation to acts of fraud or misappropriation of funds in the form of an appropriate official certificate where available in the relevant Member State A self-declaration of good repute in relation to the provision of a financial or data service, including all the statements indicated in Article 14(1) (c) of Regulation (EU)…(RTS on CSD Requirements) Information regarding the management body of the applicant CSD: An evidence of compliance with Article 27(2) of Regulation (EU) No 909/2014 A description of the roles and responsibilities of the management body Information regarding the ownership structure and shareholders of the applicant CSD A description of the ownership structure of the applicant CSD, including a description of the

EN 137 EN identity and size of interests of any entities in a position to exercise control over the operation of the applicant CSD A list of the shareholders and persons who are in a position to exercise, directly or indirectly, control over the management of the applicant CSD Management of conflicts of interest (Article 15 of Regulation (EU)…(RTS on CSD Requirements)) Policies and procedures put in place to identify and manage potential conflicts of interest by the applicant CSD: A description of the policies and procedures concerning the identification, management and disclosure to the competent authority of potential conflicts of interest and of the process used to ensure that the staff of the applicant CSD is informed of such policies and procedures A description of the controls and any other measures put in place to ensure that the requirements referred to in point (a) of Article 15(1) of the Regulation (EU) No… [RTS on CSD Requirements] on the management of conflicts of interest are met A description of: (i) the roles and responsibilities of key personnel, especially where they also have responsibilities in other entities; (ii) arrangements ensuring that individuals who have a permanent conflict of interest are excluded from the decision making process and from the receipt of any relevant information concerning the matters affected by the permanent conflict of interest; (iii) an up-to-date register of existing conflicts of interest at the time of the application and a description of how such conflicts of interest are managed. Where the applicant CSD is part of a group, the register referred to in point (c) (iii) of Article 15(1) of Regulation [RTS on CSD Requirements] shall include a description of: (a) the conflicts of interest arising from other undertakings within the group in relation to any service provided by the applicant CSD;

EN 138 EN and (b) the arrangements put in place to manage those conflicts of interest. Confidentiality (Article 16 of Regulation (EU)…(RTS on CSD Requirements)) Policies and procedures preventing the unauthorised use or disclosure of confidential information as defined in Article 16 of Regulation (EU)…(RTS on CSD Requirements) Information concerning the access of staff to information held by the applicant CSD: The internal procedures concerning permissions of access of staff to information that ensure secured access to data A description of any restrictions on the use of data for reasons of confidentiality User committee (Article 17 of Regulation (EU)…(RTS on CSD Requirements)) Documents or information on each user committee: The mandate of the user committee The governance arrangements of the user committee The operating procedures of the user committee The admission criteria and the election mechanism for the members of the user committee A list of the proposed members of the user committee and the indication of interests that they represent Record keeping (Article 18 of Regulation (EU)…(RTS on CSD Requirements)) Description of record-keeping systems of the applicant CSD, policies and procedures Information referred to in Article 18(2) of Regulation (EU) No… [RTS on CSD Requirements] before the date of application of Article 54 of Regulation (EU)…(RTS on CSD Requirements) An analysis of the extent to which the applicant CSD’s existing record-keeping systems, policies and procedures are compliant with the requirements under Article 54 of Regulation (EU)…[RTS on CSD Requirements] An implementation plan detailing how the applicant CSD plans to be compliant with the requirements under Article 54 of Regulation (EU)…[RTS on CSD Requirements] by the required date

EN 139 EN D. Conduct of business rules (Articles 19 – 23 of Regulation (EU)…(RTS on CSD Requirements) Goals and objectives (Article 19 of Regulation (EU)…(RTS on CSD Requirements)) A description of goals and objectives of the applicant CSD. Handling of complaints (Article 20 of Regulation (EU)…(RTS on CSD Requirements)) The procedures established by the applicant CSD for the handling of complaints Requirements for Participation (Article 21 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the participation in the securities settlement system(s) operated by the applicant CSD: The criteria for participation that allow fair and open access for all legal persons that intend to become participants in the securities settlement system(s) operated by the applicant CSD The procedures for the application of disciplinary measures against the existing participants that do not comply with the criteria for participation Transparency (Article 22 of Regulation (EU)…(RTS on CSD Requirements)) Information on the applicant CSD’s pricing policy, including in particular the prices and fees for each core service provided by the applicant CSD and any existing discounts and rebates, as well as the conditions for such reductions A description of methods used to disclose the relevant information to clients and prospective clients in accordance with Article 34(1) to (5) of Regulation (EU) No 909/2014 Information allowing the competent authority to assess how the CSD intends to comply with the requirements to account separately for costs and revenues in accordance with Article 34 (7) of Regulation (EU) No 909/2014 Communication procedures with participants and other market infrastructure (Article 23 of Regulation (EU)…(RTS on CSD Requirements)) Relevant information concerning the use by the applicant CSD of international open communication procedures and standards for messaging and reference data in its communication procedures with participants and other market infrastructures

EN 140 EN E. Requirements for services provided by CSDs (Articles 24 – 31 of Regulation (EU)…(RTS on CSD Requirements)) Book-entry form (Article 21 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the processes that ensure the compliance of the applicant CSD with Article 3 of Regulation (EU) No 909/2014 Intended settlement dates and measures for preventing and addressing settlement fails (Article 25 of Regulation (EU)…(RTS on CSD Requirements)) Rules and procedures concerning the measures to prevent settlement fails Details of the measures to address settlement fails if the application is made before the entry into force of the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014 An analysis of the extent to which the applicant CSD’s existing rules, procedures, mechanisms and measures comply with the requirements under the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014. An implementation plan detailing how the CSD plans to be compliant with the requirements under the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014 by the date of their entry into force Integrity of the issue (Article 26 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the CSD’s rules and procedures for ensuring the integrity of securities issues Protection of participants' and their clients’ securities (Article 27 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the measures put in place to ensure the protection of the applicant CSD’s participants’ and their clients’ securities, including: The rules and procedures to reduce and manage the risks associated with the safekeeping of securities Detailed description of the different levels of segregation offered by the applicant CSD, including a description of the costs associated with each level, the commercial terms on which they are offered,

EN 141 EN their main legal implications and the applicable insolvency law Rules and procedures for obtaining the consents referred to Article 38(7) of Regulation (EU) No 909/2014 Settlementfinality (Article 28 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the rules on settlement finality Cash settlement (Article 29 of Regulation (EU)…(RTS on CSD Requirements)) The procedures for the settlement of the cash payments for each securities settlement system that the applicant CSD operates Information on whether the settlement of the cash payments is provided in accordance with Article 40(1) of Regulation (EU) No 909/2014 Where applicable, explanation of why settlement in accordance with Article 40(1) of Regulation (EU) No 909/2014is not practical and available Participant default rules and procedures (Article 30 of Regulation (EU)…(RTS on CSD Requirements)) The rules and procedures put in place to manage the default of a participant Transfer of participants’ and clients’ assets in case of a withdrawal of authorisation (Article 31 of Regulation (EU)…(RTS on CSD Requirements)) Information concerning the procedures put in place by the applicant CSD that shall ensure the timely and orderly settlement and transfer of the assets of clients and participants to another CSD in the event of a withdrawal of its authorisation F. Prudential requirements (Articles 29 – 33 of Regulation (EU)…(RTS on CSD Requirements)) Legal risks (Article 32 of Regulation (EU)…(RTS on CSD Requirements)) Information enabling the competent authority to assess that the rules, procedures, and contracts of the applicant CSD are clear, understandable and enforceable in all relevant jurisdictions in accordance with Article 43(1) and (2) of Regulation (EU) No 909/2014 Where the applicant CSD intends to conduct business in different jurisdictions, information concerning the measures put in place to identify and

EN 142 EN mitigate the risks arising from potential conflicts of laws across jurisdictions in accordance with Article 43(3) of Regulation (EU) No 909/2014, including any legal assessment on which those measures are based. General business risks (Article 33 of Regulation (EU)…(RTS on CSD Requirements)) A description of the risk management and control systems as well as the IT tools put in place by the CSD to manage business risks Where applicable, the risk rating obtained from a third party, including any relevant information supporting that risk rating Operationalrisks (Article 34 of Regulation (EU)…(RTS on CSD Requirements)) Evidence demonstrating that the applicant CSD complies with the requirement for the management of operational risks in accordance with Article 45 of Regulation (EU) No 909/2014 and Chapter X of Regulation (EU)…[RTS on CSD Requirements] Information concerning the outsourcing by the applicant CSD of services or activities to third parties in accordance with Article 30 of Regulation (EU) No 909/2014, including: (a) Copies of the contracts governing the outsourcing arrangements of the applicant CSD (b) The methods used to monitor the service level of the outsourced functions Investment policy (Article 35 of Regulation (EU)…(RTS on CSD Requirements)) Evidence demonstrating that: a) the applicant CSD holds its financial assets in accordance with Article 46(1), (2) and (5) of Regulation (EU) No 909/2014 and Chapter X of Regulation (EU)…[RTS on CSD Requirements], b) the investments of the applicant CSD are compliant with Article 46(3) of Regulation (EU) No 909/2014 and in Chapter X of Regulation (EU)…[RTS on CSD Requirements] Capitalrequirements (Article 36 of Regulation (EU)…(RTS on CSD Requirements)) Information demonstrating that the capital of the applicant CSD, including retained earnings and reserves of the applicant CSD, meets the

EN 143 EN requirements of Article 47 of Regulation (EU) No 909/2014 and of Regulation (EU) …[RTS on CSD Requirements] the delegated act adopted by the Commission pursuant to Article 47(3) of Regulation (EU) No 909/2014. The plan referred to in Article 47(2) of Regulation (EU) No 909/2014 and any updates to that plan, and evidence of its approval by the management body or an appropriate committee of the management body of the applicant CSD Links (Article 37 of Regulation (EU)…(RTS on CSD Requirements)) A description of the CSD links accompanied by assessments of link arrangements by the applicant CSD The expected or actual settlement volumes and values of the settlement performed within the CSD links The procedures concerning the identification, assessment, monitoring and management of all potential sources of risk for the applicant CSD and for its participants arising from the link arrangement and the appropriate measures put in place to mitigate them An assessment of the applicability of insolvency laws applicable to the operation of a CSD link and their implications for the applicant CSD Other relevant information necessary for assessing the compliance of CSD links with the requirements provided in Article 48 of Regulation (EU) No 909/2014 and Chapter XI of Regulation (EU) No…[RTS on CSD Requirements] G. Access to CSDs (Article 38 of Regulation (EU)…(RTS on CSD Requirements)) Access rules (Article 38 of Regulation (EU)…(RTS on CSD Requirements)) A description of procedures for dealing with requests for access from: Legal persons that wish to become participants in accordance with Article 33 of Regulation (EU) No 909/2014 and Chapter XII of Regulation (EU) No…[RTS on CSD Requirements] Issuers in accordance with Article 49 of Regulation (EU) No 909/2014 and Chapter XII of Regulation (EU) No…[RTS on CSD Requirements]

EN 144 EN Other CSDs in accordance with Article 52 of Regulation (EU) No 909/2014 and Chapter XII of Regulation (EU) No…[RTS on CSD Requirements] Other market infrastructures in accordance with Article 53 of Regulation (EU) No 909/2014 and Chapter XII of Regulation (EU) No…[RTS on CSD Requirements] H. Additional information (Article 39 of Regulation (EU)…(RTS on CSD Requirements)) Additional information Article 39 of Regulation (EU)…(RTS on CSD Requirements)) Any additional information necessary for assessing whether, at the time of the authorisation, the applicant CSD complies with the requirements of Regulation (EU) No 909/2014 and the relevant delegated and implementing acts adopted under Regulation (EU) No 909/2014

EN 145 EN Annex II: Templates for submission of information for the review and evaluation (Article 22(11) of Regulation (EU) No 909/2014) Table 1 GENERAL INFORMATION TO BE PROVIDED BY A CSD Type of information Format Date of submission of information ISO 8601 date in the format YYYY-MM-DD Date of the last review and evaluation ISO 8601 date in the format YYYY-MM-DD Corporate name of the CSD Free text Identification of the CSD ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code Legal address of the CSD Free text Securities settlement system(s) operated by the CSD Free text Contact details of the person responsible of the review and evaluation process (name, function, phone number, email address) Free text Contact details of the person(s) responsible for the CSD’s internal control and compliance function (name, function, phone number, email address) Free text List of all documents provided by the CSD with unique reference numbers Free text Report on the CSD’s activities and the substantive changes made during the review period, including a declaration of overall compliance with the provisions of Regulation (EU) No 909/2014 and the relevant regulatory technical standards under Regulation (EU) No 909/2014, including with respect to each substantive change Separate document Table 2 INFORMATION RELATED TO PERIODIC EVENTS No Type of information The unique reference number of the document in which the information is included 1 A complete set of the latest audited financial statements of the CSD,

EN 146 EN including those consolidated at group level 2 A summarised version of the most recent interim financial statements of the CSD 3 Any decisions of the management body following the advice of the user committee, as well as any decisions where the management body has decided not to follow the advice of the user committee 5 Information on any pending civil, administrative or any other judicial or extrajudicial proceedings involving the CSD, in particular in relation to matters concerning tax and insolvency, or matters that may cause financial or reputational costs for the CSD, and any final decisions resulting from these proceedings 6 Information on any pending civil, administrative or any other judicial or extrajudicial, proceedings involving a member of the management body or a member of the senior management that may have an negative impact on the CSD, and any final decisions resulting from these proceedings 7 A copy of the results of business continuity stress tests or similar exercises performed during the review period 8 A report on the operational incidents that occurred during the review period and affected the smooth provision of any core services provided, the measures taken to address them and the results thereof 9 A report on the system’s performance, including an assessment of the system’s availability during the review period; the system’s availability shall be measured on a daily basis as the percentage of time the system is

EN 147 EN available for settlement 10 A summary of the types of manual intervention performed by the CSD 11 Information concerning the identification of the CSD’s critical operations, any substantive changes to its recovery plan, the results of stress scenarios, the recovery triggers and the recovery tools of the CSD 12 Information on any formal complaints received by the CSD during the review period including information on: (i) the nature of the complaint; (ii) how the complaint was handled, including the outcome of the complaint; and (iii) the date when the treatment of the complaint ended. 13 Information concerning the cases where the CSD denied access to its services to any existing or potential participant, any issuer, another CSD or another market infrastructure 14 A report on the changes affecting any links established by the CSD, including changes to the mechanisms and procedures used for settlement in such CSD links 15 Information concerning all cases of identified conflicts of interest that occurred during the review period, including the description of how they were managed 16 Information concerning internal controls and audits performed by the CSD during the review period 17 Information concerning any identified infringements of Regulation (EU) No 909/2014, including those identified through the reporting channel referred to in Article 26(5) of Regulation (EU) No 909/2014 18 Detailed information concerning any disciplinary actions taken by the CSD,

EN 148 EN including any cases of suspension of participants in accordance with Article 7(9) of Regulation No 909/2014 with a specification of the period of suspension and the reason for such suspension 19 The general business strategy of the CSD covering a period of at least three years after the last review and evaluation and a detailed business plan for the services provided by the CSD covering at least a period of one year after the last review and evaluation Table 3 STATISTICAL DATA No Type of data Format 1 List of participants to each securities settlement system operated by the CSD, including information on their country of incorporation ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code (for each participant)

• ISO 3166 2 character country code 2 List of issuers and a list of securities issues maintained by the CSD, including information on the country of incorporation of the issuers, and an identification of the issuers, highlighting to whom the CSD provides services referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014 ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code (for each issuer) ISO 3166 2 character country code ISO 6166 ISIN 12 character alphanumerical code (for each security issue)
• Notary: Y/N +Central Maintenance: Y/N 3 Total market value and nominal value of the securities recorded in securities accounts centrally and non-centrally maintained in each securities settlement system operated by the CSD Nominal value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Market value of securities: Up to 20 numerical characters including decimals. At least one character before

EN 149 EN and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 4 Nominal and market value of the securities referred to in point 3 divided as follows: (i) by type of financial instruments, as follows: a) transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU; b) sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU; c) transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU, other than those mentioned under point b); d) transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU; e) exchange-traded funds (ETFs) referred to in Article 4(1)(46) of Directive 2014/65/EU; f) units in collective investment undertakings, other than ETFs; g) money-market instruments, other than those mentioned under point b); h) emission allowances; i) other financial instruments. (ii) by country of incorporation of the participant; and (iii) by country of incorporation of the issuer; For each type of financial instruments: a) SHRS (or more granular codes as provided by the CSD) - transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU b) SOVR (or more granular codes as provided by the CSD) - sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU; c) DEBT (or more granular codes as provided by the CSD) - transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU, other than those mentioned under point b); d) SECU (or more granular codes as provided by the CSD) - transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU; e) ETFS (or more granular codes as provided by the CSD) - exchange-traded funds (ETFs); f) UCIT (or more granular codes as provided by the CSD) - units in collective investment undertakings, other than ETFs; g) MMKT (or more granular codes as provided by the CSD) - money-market instruments, other than those mentioned under point b); h) EMAL (or more granular codes as provided by the CSD) - emission allowances; i) OTHR (or more granular codes as provided by the CSD) – others by country of incorporation of the participant (ISO 3166 2 character country code)/ country of incorporation of the issuer (ISO 3166 2 character country code):

EN 150 EN Nominal value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Market value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 5 Nominal and market value of the securities initially recorded in each securities settlement system operated by the CSD Nominal value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Market value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 6 Nominal and market value of the securities referred to in point 5 above, divided as follows: (i) by types of financial instruments; (ii) by country of incorporation of the For each type of financial instruments (as referred to in point 4)/ country of incorporation of the participant (ISO 3166 2 character country code)/ country of incorporation of the issuer (ISO 3166 2 character country code):

EN 151 EN participant; (iii)by country of incorporation of the issuer. Nominal value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Market value of securities: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 7 Total number and value of the settlement instructions against payment plus the total number and market value of the FOP settlement instructions or, if not available, the nominal value of the FOP settlement instructions settled in each securities settlement system operated by the CSD Number of settlement instructions settled in each securities settlement system operated by the CSD: Up to 20 numerical characters reported as whole numbers without decimals. Value of settlement instructions settled in each securities settlement system operated by the CSD: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 8 Total number and value of the settlement instructions referred to in point 7 divided as follows: (i) by types of financial instruments referred to in point 4; (ii) by country of the incorporation of the participant; (iii) by country of incorporation of the issuer; (iv) by settlement currency; (v) by type of settlement instructions, For each type of financial instruments (as referred to in point 4)/ country of incorporation of the participant (ISO 3166 2 character country code)/ country of incorporation of the issuer (ISO 3166 2 character country code)/ settlement currency (ISO 4217 Currency Code, 3 alphabetical digits)/ type of settlement instruction (DVP/RVP/DFP/RFP/DWP/RWP/PFOD)/ settlement in central bank money

EN 152 EN as follows: a. FOP settlement instructions that consist of deliver free of payment (DFP) and receive free of payment (RFP) settlement instructions; b. delivery versus payment (DVP) and receive versus payment (RVP) settlement instructions; c. delivery with payment (DWP) and receive with payment (RWP) settlement instructions; d. payment free of delivery (PFOD) settlement instructions. (vi) for settlement instructions that have a cash leg, by whether cash settlement is performed in accordance with Article 40(1) of Regulation (EU) No 909/2014 in accordance with Article 40(2) of Regulation EU) No 909/2014 (CBM)/commercial bank money (COM): Number of settlement instructions settled in each securities settlement system operated by the CSD: Up to 20 numerical characters reported as whole numbers without decimals. Value of settlement instructions settled in each securities settlement system operated by the CSD: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 9 Number and value of buy-in transactions referred to in Article 7(3) and (4) of Regulation (EU) No 909/2014 Number of buy-in transactions: Up to 20 numerical characters reported as whole numbers without decimals. Value of buy-in transactions: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 10 Number and amount of penalties referred to in Article 7(2) of Regulation (EU) No 909/2014 per CSD participant For each CSD participant: Number of penalties: Up to 20 numerical characters reported as whole numbers without decimals. Amount of penalties: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not

EN 153 EN counted as a numerical character. 11 Total value of securities borrowing and lending operations processed by the CSD acting as an agent and as principal, as the case may be, divided per type of financial instruments referred to in point 4 For each type of financial instruments (as referred to in point 4), the value of securities borrowing and lending operations processed by: a) CSD acting as an agent: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. b) CSD acting as principal: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 12 Total value of settlement instructions settled via each CSD link from the perspective of the CSD as: a) requesting CSD; b) receiving CSD. For each identified link: a) Requesting CSD perspective: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. b) Receiving CSD perspective: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 13 Value of guaranties and commitments related to securities borrowing and Up to 20 numerical characters including decimals. At least one character before

EN 154 EN lending operations and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 14 Value of treasury activities involving foreign exchange and transferable securities related to managing participants’ long balances including categories of institutions whose long balances are managed by the CSD Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 15 Number of reconciliation problems encountered according to undue creation or deletion of securities in the issue maintained by the CSD that met Article 65(2) of Regulation (EU) No…[RTS on CSD Requirements] Up to 20 numerical characters reported as whole numbers without decimals. 16 Mean, median, and mode for the length of time taken to remedy the error identified according to Article 65(2) of Regulation (EU) No…[RTS on CSD Requirements] Mean: Up to 20 numerical characters including decimals (specifying whether the time refers to minutes/hours/days). Median: Up to 20 numerical characters including decimals (specifying whether the time refers to minutes/hours/days). Mode: Up to 20 numerical characters including decimals (specifying whether the time refers to minutes/hours/days).

EN 155 EN Annex III: Forms and templates for the cooperation between authorities of the home member state and of the host member state (Article 24(8) of Regulation (EU) No 909/2014) Table 1 TEMPLATE FOR THE EXCHANGE OF INFORMATION BETWEEN THE COMPETENT AUTHORITY OF THE HOME MEMBER STATE AND THE COMPETENT AUTHORITY OF THE HOST MEMBER STATE WHERE A CSD HAS SET UP A BRANCH Field Content Frequency Details concerning the review and evaluation of the CSD referred to in Article 22(1) of Regulation (EU) No 909/2014 Information to be provided by the competent authority of the home Member State Corporate name of the CSD name when changes occur Legal address of the CSD address when changes occur List of services that the CSD provides in accordance with the Annex of Regulation (EU) No 909/2014 list when changes occur Structure and ownership of the group to which the CSD belongs schema when significant changes occur Level of the capital of the CSD (where relevant, Tier 1 capital and total capital) table when significant changes occur Organisation, management body and senior management of the CSD (including CVs) description when changes occur Processes and arrangements for governance description when changes significantly impact the governance of the CSD Details of the authorities involved in the supervision/oversight of the CSD name/functio n advance notification, where practicable, or as soon as possible Information on any material threats to the CSD's ability to comply with Regulation (EU) No 909/2014 and relevant delegated and implementing regulations description advance notification, where practicable, or without undue delay Sanctions and exceptional supervisory measures which may impact the description advance notification, where practicable, or without undue delay

EN 156 EN activities of the CSD’s branch Reports on major problems of performance or incidents and remedial actions taken which may impact the activities of the branch description when it occurs Difficulties in the CSD’s operations that have potentially significant spill￾over effects on the branch Description as soon as possible Factors which suggest a potentially high risk of contagion from the operations of the CSD to the branch description as soon as possible Extension of services or withdrawal of the authorisation description advance notification, where practicable, or as soon as possible Headcount statistics table yearly basis Financial data, such as balance sheet, profit and loss accounts table yearly basis Size of the operations (assets under custody, revenues) table yearly basis Risk Management Policy description when changes significantly impact the governance or risk management of the CSD Where relevant for the branch, outsourcing agreements concerning the services provided by the branch schema when changes significantly impact the governance or risk management of the CSD Other information for the purpose of fulfilling its mandate Upon the request of the competent authority of the host Member State Information to be provided by the competent authority of the host Member State Corporate name of the branch name when changes occur Legal address of the branch address when changes occur List of services provided through the branch in accordance with the Annex of Regulation (EU) No 909/2014 list when changes occur Organisation, senior management of the branch description when changes occur Processes and arrangements specific to the governance of the branch description when changes significantly impact the governance or risk management of the CSD Details of the authorities involved in the supervision/oversight of the branch name/functio n advance notification, where practicable, or as soon as possible

EN 157 EN Information on any material threats to the ability of the CSD’s branch to comply with Regulation (EU) No 909/2014 and relevant delegated and implementing regulations description advance notification, where practicable, or as soon as possible Sanctions and exceptional supervisory measures applied to the branch description advance notification, where practicable, or as soon as possible Reports on major performance problems or incidents and remedial actions taken description when it occurs Difficulties in the branch’s operations that have potentially significant spill￾over effects on the CSD description as soon as possible Factors which suggest a potentially high risk of contagion from the operations of the branch to the operations of the CSD description as soon as possible Headcount statistics of the branch table yearly basis Financial data, such as balance sheet, profit and loss accounts concerning the branch table yearly basis Other information for the purpose of fulfilling its mandate Upon the request of the competent authority of the home Member State Table 2 TEMPLATE TO BE FILLED IN BY THE COMPETENT AUTHORITY CARRYING OUT ON-SITE INSPECTIONS OF A BRANCH OF THE CSD Field Content Name of the competent authority requesting the on-site inspection Name Primary and secondary contact person of the competent authority requesting the on-site inspection name, telephone number, e￾mail address, role Name of the branch of the CSD where the on-site inspection will take place name and address Name of the CSD that has established the branch Name Where available, contact person of the CSD or the branch in charge of the on-site inspection name, telephone number, e￾mail address, role Name of the other competent authority name Primary and secondary contact person of the other competent authority name, telephone number, e￾mail address, role

EN 158 EN Scheduled date of the on-site inspection YYYY/MM/DD - YYYY/MM/DD Rationale for the on-site inspection text Underlying documents that are planned to be used in the context of the on-site inspection list of documents Table 3 TEMPLATE TO BE FILLED IN BY THE COMPETENT AUTHORITY OF THE HOME MEMBER STATE FOLLOWING THE REQUEST FOR INFORMATION BY THE COMPETENT AUTHORITY OF THE HOST MEMBER STATE Field Content Corporate name of the CSD name Legal address of the CSD address List of services the CSD provides in accordance with the Annex to Regulation (EU) No 909/2014 list Corporate name of the CSD participants as Legal Entities list Home country of the CSD participants (ISO 2-digit country code) list LEI of the issuers whose securities issues are recorded in securities accounts centrally or not centrally maintained by the CSD list Home country of issuers (ISO 2-digit country) list ISIN code of the issued securities constituted under the law of the host Member State initially recorded in the CSD of the home Member State list Market value or, if not available, nominal value of securities issued by issuers from the host Member State for which the CSD of the home Member State provides the core services referred to in point 1 or 2 of Section A of the Annex to of Regulation (EU) No 909/2014 figure Market value or, if not available, nominal value of securities recorded in securities accounts not centrally maintained by the CSD of the home Member State for participants and other holders of securities accounts of the host Member State figure Value of the settlement instructions against payment plus the market value of the FOP settlement instructions or, if not available, the nominal value of the FOP settlement instructions settled by the CSD of the home Member State in relation to transactions in securities issued by issuers from the host Member State figure Value of the settlement instructions against payment plus the market value of the FOP settlement instructions or, if not available, the nominal value of the FOP settlement instructions settled by the CSD of the home Member State from participants as well as for other holders of securities accounts of the host Member State figure Other information for the purpose of fulfilling its mandate

EN 159 EN Table 4 TEMPLATE TO BE FILLED IN BY THE COMPETENT AUTHORITY OF THE HOST MEMBER STATE HAVING CLEAR AND DEMONSTRABLE GROUNDS FOR BELIEVING THAT A CSD PROVIDING SERVICES WITHIN ITS TERRITORY IN ACCORDANCE WITH ARTICLE 23 OF REGULATION (EU) NO 909/2014 IS IN BREACH OF THE OBLIGATIONS ARISING FROM THE PROVISIONS OF REGULATION (EU) NO 909/2014 Field Content Name of the competent authority of the host Member State Name Primary and secondary contact person of the competent authority of the host Member State name, telephone number, e￾mail address, role Name of the CSD that provides services in the host Member State considered to be in breach of its obligations name and address Contact person of the CSD that provides services in the host Member State considered to be in breach of its obligations name, telephone number, e￾mail address, role Name of the competent authority of the home Member State name Primary and secondary contact person of the competent authority of the home Member State name, telephone number, e￾mail address, role Where relevant, primary and secondary contact person of ESMA name, telephone number, e￾mail address, role Description of the grounds for believing that the CSD established in the home Member State providing services in the territory of the host Member State according to Article 23 of Regulation (EU) No 909/2014 is in breach of the obligations arising from the provisions of Regulation (EU) No 909/2014 text

EN 160 EN Annex IV: Format of CSD records (Article 29(4) of Regulation (EU) No 909/2014) Table 1 TRANSACTION/SETTLEMENT INSTRUCTIONS (FLOW) RECORDS No Field Format 1 Settlement instruction type Deliver free of payment (DFP) and receive free of payment (RFP) settlement instructions; Delivery versus payment (DVP) and receive versus payment (RVP) settlement instructions. Delivery with payment (DWP) and receive with payment (RWP) settlement instructions; Payment free of delivery (PFOD) settlement instructions. 2 Transaction type a) TRAD - purchase or sale of securities; b) COLI/COLO/CNCB - collateral management operations; c) SECL/SECB - securities lending/borrowing operations; d) REPU/RVPO/TRPO/TRVO/ BSBK/ SBBK - repurchase transactions; e) OTHR (or more granular codes as provided by the CSD) - others. 3 Unique Instruction Reference of the participant Unique instruction reference of the participant according to the CSD's rules 4 Trade date ISO 8601 date in the format YYYY-MM-DD 5 Intended Settlement Date ISO 8601 date in the format YYYY-MM-DD 6 Settlement timestamp ISO 8601 date in the UTC time format YYYY￾MM-DDThh:mm:ssZ 7 Timestamp of the moment of entry of the settlement instruction into the securities settlement ISO 8601 date in the UTC time format YYYY￾MM-DDThh:mm:ssZ

EN 161 EN system 8 Timestamp of the moment of irrevocability of the settlement instruction ISO 8601 date in the UTC time format YYYY￾MM-DDThh:mm:ssZ 9 Matching timestamp, where applicable ISO 8601 date in the UTC time format YYYY￾MM-DDThh:mm:ssZ 10 Securities account identifier Unique securities account identifier provided by the CSD 11 Cash account identifier Unique cash account identifier provided by the central bank 12 Settlement bank identifier ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities 13 Identifier of the instructing participant ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities 14 Identifier of the instructing participant’s counterparty ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) (with the obligation to convert to LEI for the purposes of reporting to authorities) 15 Identifier of the instructing participant’s client, where known to the CSD ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) or other available form of identification for legal persons Where available national identifier for natural persons (50 alphanumerical digits) which allows the unique identification of the natural person at a national level 16 Identifier of the client of the instructing participant’s counterparty, where known to the CSD ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) or other available form of identification for legal persons Where available, national identifier for natural persons (50 alphanumerical digits) which allows the unique identification of the natural person at a national level 17 Securities identifiers ISO 6166 ISIN 12 character alphanumerical code 18 Settlement currency ISO 4217 Currency Code, 3 alphabetical digits

EN 162 EN 19 Settlement cash amount Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. 20 Quantity or nominal amount of securities Up to 20 numerical characters reported as whole numbers without decimals. 21 Status of settlement instructions PEND – Pending instruction (settlement at the ISD is still possible) PENF – Failing instruction (settlement at the ISD is no longer possible) SETT – Full settlement PAIN – Partially settled CANS – Instruction cancelled by the system CANI – Instruction cancelled by the participant Remaining part of securities to be settled (if Status of the instruction is PAIN) Information on the remaining XXX amount of securities against YYY cash to be delivered Matching status MACH if matched or NMAT if the instruction is not matched Hold status of the instruction Possible values: PREA [Your InstructionOnHold] CSDH [CSD Hold] CVAL [CSDValidation] CDLR [ConditionalDeliveryAwaitingRelease] BLANK if not on hold Opt-out of partial settlement Possible values: NPAR if opt-out of partial settlement is activated BLANK if partial settlement is allowed Reason codes for not settled instructions (if

EN 163 EN Status of the instruction is PEND or PENF) BLOC AccountBlocked CDLR ConditionalDeliveryAwaitingRelease CLAC CounterpartyInsufficientSecurities CMON CounterpartyInsufficientMoney CSDH CSDHold CVAL CSDValidation FUTU AwaitingSettlementDate INBC IncompleteNumberCount LACK LackOfSecurities LATE MarketDeadlineMissed LINK PendingLinkedInstruction MONY InsufficientMoney OTHR Other PART TradeSettlesInPartials PRCY CounterpartyInstructionOnHold PREA YourInstructionOnHold SBLO SecuritiesBlocked CONF AwaitingConfirmation CDAC ConditionalDeliveryAwaitingCancellation 22 Place of trading Populated by the MIC (ISO Market Identification Code) (ISO 10383) if the instruction is resulting from a trade concluded on a trading venue or blank for OTC transactions 23 If applicable, place of clearing ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code of the CCP clearing the transaction, or Bank Identifier Code (BIC) of the CCP with the obligation to convert to LEI for the purposes of reporting to authorities 24 Where a buy-in process is initiated for a transaction, the following details regarding: a) the final results of the buy-in process (including the number and value of the bought-in finanacial instruments if the buy￾in is successful); Buy-in initiated: Y/N Buy-in successful: Y/N/P Number of bought-in financial instruments: Up to 20 numerical characters reported as whole numbers without decimals. Value of bought-in financial instruments: Up to 20 numerical characters including

EN 164 EN b) if applicable, payment of cash compensation (including the amount of the cash compensation); c) if applicable, cancellation of the initial settlement instruction. decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Payment of cash compensation: Y/N Amount of the cash compensation: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Cancellation of the initial settlement instruction: Y/N 25 For each settlement instruction that fails to settle on ISD, the amount of the penalties referred to in Article 7(2) of Regulation (EU) No 909/2014 Amount of penalties: Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character.

EN 165 EN Table 2 POSITION (STOCK) RECORDS No Field Format 1 Identifiers of issuers for which the CSD provides the core service referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014 ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) for legal persons with the obligation to convert to LEI for the purposes of reporting to authorities 2 Identifier of each securities issue for which the CSD provides the core service referred to in point 1 or 2 of Section A of the Annex to Regulation (EU) No 909/2014 ISO 6166 ISIN 12 character alphanumerical code 3 Identifier of each securities issue recorded in securities accounts not centrally maintained by the CSD ISO 6166 ISIN 12 character alphanumerical code 4 Identifier of the issuer CSD or of the relevant third country entity performing similar functions to an issuer CSD for each securities issue referred to in point 3 ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities 5 For each securities issue referred to in points 2 and 3, the law under which the securities recorded by the CSD are constituted ISO 3166 2 character country code 6 Country of incorporation of the issuers of each securities issue referred to in points 2 and 3 ISO 3166 2 character country code 7 Issuers’ securities accounts identifiers, in the case of issuer CSDs Unique securities account identifier provided by the issuer CSD 8 Issuers’ cash accounts identifiers, in the case of issuer CSDs International Bank Account Number (IBAN) 9 Identifiers of settlement banks used by each issuer, in the case of issuer CSDs ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities 10 Participants’ identifiers ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities

EN 166 EN 11 Participants’ country of incorporation ISO 3166 2 character country code 12 Participants’ securities accounts identifiers Unique securities account identifier provided by the CSD 13 Participants' cash accounts identifiers Unique cash account identifier provided by the central bank 14 Identifiers of settlement banks used by the each participant ISO 17442 Legal Entity Identifier (LEI) 20 alphanumerical character code, or Bank Identifier Code (BIC) with the obligation to convert to LEI for the purposes of reporting to authorities 15 Country of incorporation of settlement banks used by each participant ISO 3166 2 character country code 16 Type of securities accounts: (i) CSD participant’s own account; (ii) CSD participant’s client individual account; (iii)CSD participant’s clients omnibus account. OW = own account IS = individually segregated account OM = omnibus account 17 End of day balances of securities accounts for each ISIN Files, documents 18 For each securities account and ISIN, the number of securities subject to settlement restrictions, type of restriction and, where relevant, the identity of the beneficiary of the restriction at the end of day Files, documents 19 Records of settlement fails, as well as of the measures adopted by the CSD and its participants to improve settlement efficiency, in accordance with the delegated acts adopted by the Commission on the basis of regulatory technical standards referred to in Articles 6(5) and 7(15) of Regulation (EU) No 909/2014 Files, documents Table 3 ANCILLARY SERVICES RECORDS No. Ancillary Services under Regulation (EU) Types of records Format

EN 167 EN No 909/2014 1 Organising a securities lending mechanism, as agent among participants of a securities settlement system a) Identification of delivering/receiving parties, b) Details regarding each securities lending/borrowing operation, including volume and value of securities lent or borrowed, ISIN, c) Purpose of each securities lending/borrowing operations, d) Types of collateral, e) Collateral valuation. Files, documents 2 Providing collateral management services, as agent for participants in a securities settlement system a) Identification of delivering/receiving parties, b) Details regarding each operation, including volume and value of securities, ISIN, c) Types of collateral used, d) Purpose of the use of collateral, e) Collateral valuation. Files, documents 3 Settlement matching, instruction routing, trade confirmation, trade verification a) Identification of the entities for which the CSD provides services, b) Types of operations, c) Details regarding each operation, including volume and value of securities serviced, ISIN. Files, documents 4 Services related to shareholders' registers a) Identification of the entities for which the CSD provides services, b) Types of services, Files, documents

EN 168 EN c) Details regarding each operation, including volume and value of securities serviced, ISIN. 5 Supporting the processing of corporate actions, including tax, general meetings and information services a) Identification of the entities for which the CSD provides services, b) Types of services, c) Details regarding each operation, including volume and value of securities/cash serviced, beneficiaries of the operation, ISIN. Files, documents 6 New issue services, including allocation and management of ISIN codes and similar codes a) Identification of the entities for which the CSD provides the services, b) Types of services, c) Details regarding each operation, including ISIN. Files, documents 7 Instruction routing and processing, fee collection and processing and related reporting a) Identification of the entities for which the CSD provides the services, b) Types of services, c) Details regarding each operation, including volume and value of securities/cash serviced, beneficiaries of the operation, ISIN, purpose of the operation. Files, documents 8 Establishing CSD links, providing, maintaining or operating securities accounts in relation to the settlement service, a) Details regarding the CSD links, including identification of CSDs, b) Types of services. Files, documents

EN 169 EN collateral management, other ancillary services 9 Providing general collateral management services as an agent a) Identification of delivering/receiving parties, b) Details regarding each operation, including volume and value of securities serviced, ISIN, c) Types of collateral, d) Purpose of collateral use, b) Collateral valuation. Files, documents 10 Providing regulatory reporting a) Identification of the entities for which the CSD provides reporting services, b) Types of services. c) Details regarding the data provided, including the legal basis and the purpose. Files, documents 11 Providing information, data and statistics to market/census bureaus or other governmental or inter￾governmental entities a) Identification of the entities for which the CSD provides services, b) Types of services. c) Details regarding the data provided, including the legal basis and the purpose. Files, documents 12 Providing IT services a) Identification of the entities for which the CSD provides the services, b) Types of services. a) Details regarding the IT services. Files, documents 13 Providing cash accounts to, and a) Identification of the entities for which the Files, documents

EN 170 EN accepting deposits from, participants in a securities settlement system and holders of securities accounts, within the meaning of point 1 of Annex I of Directive 2013/36/EU CSD provides the services, b) Cash accounts details, c) Currency, d) Deposits amounts, e) End of day balances of the cash accounts provided by the CSD or the designated credit institution (for each currency) 14 Providing cash credit for reimbursement no later than the following business day, cash lending to pre -finance corporate actions and lending securities to holders of securities accounts, within the meaning of point 2 of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides services, b) Types of services c) Details regarding each operation, including volume and value of securities/cash serviced, ISIN, d) Types of collateral used, e) Collateral valuation, f) Purpose of operations, g) Information about any incidents in relation to such services and remedial actions, including follow -up. Files, documents 15 Payment services involving processing of cash and foreign exchange transactions, within the meaning of point 4 of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides the services, b) Types of services, c) Details regarding each operation, including volume of cash, and purpose of operation. Files, documents 16 Guarantees and commitments related to securities lending a) Identification of the entities for which the CSD provides the services, Files, documents

EN 171 EN and borrowing, within the meaning of point 6 of Annex I to Directive 2013/36/EU b) Types of services, c) Details regarding each operation, including volume and value of securities/cash, and purpose of operation. 17 Treasury activities involving foreign exchange and transferable securities related to managing participants' long balances, within the meaning of points 7(b) and (e) of Annex I to Directive 2013/36/EU a) Identification of the entities for which the CSD provides the services, b) Types of services, c) Details regarding each operation, including volume and value of securities/cash, and purpose of operation. Files, documents Table 4 BUSINESS RECORDS No Item Format Description 1 Organisational charts Charts Management body, senior management, relevant committees, operational units and all other units or divisions of the CSD 2 Identities of the shareholders or persons (natural or legal persons), that exercise direct or indirect control over the management of the CSD or that hold participations in the capital of the CSD and the amounts of those holdings S= Shareholder / M = Member D = Direct / I = Indirect N = Natural person / L = Legal person Amount of the holding = Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if Shareholders or persons that exercise direct or indirect control over the management of the CSD or hold participations in the capital of the CSD (fields to be added for each of the relevant shareholder/person)

EN 172 EN populated, is not counted as a numerical character. 3 CSD participations in the capital of other legal entities Free text Amount of the holding = Up to 20 numerical characters including decimals. At least one character before and one character after the decimal mark shall be populated. The decimal mark is not counted as a numerical character. The negative symbol, if populated, is not counted as a numerical character. Identification of each legal entity (fields to be added for each legal entity) 4 Documents attesting the policies, procedures and processes required under the CSD’s organisational requirements and in relation to the services provided by the CSD Files, documents 5 Minutes of management body meetings and of meetings of senior management committees and other committees of the CSD Files, documents 6 Minutes of the meetings of user committee(s) Files, documents 7 Minutes of the meetings with consultation groups composed of participants and clients, if any Files, documents 8 Internal and external audit reports, risk management reports, Files, documents

EN 173 EN compliance and internal control reports, including responses from senior management to such reports 9 All outsourcing contracts Files, documents 10 Business continuity policy and disaster recovery plan Files, documents 11 Records reflecting all assets and liabilities and capital accounts of the CSD Files, documents 12 Records reflecting all costs and revenues, including costs and revenues which are accounted separately in accordance with Article 34(6) of Regulation (EU) No 909/2014 Files, documents 13 Formal complaints received Free text For each formal complaint: information on complainant’s name and address; date of receiving the complaint; names of all persons identified in the complaint; description of the nature of the complaint; content and outcome of the complaint; date when the complaint was resolved. 14 Information on any interruption or dysfunction of services Free text Records of any interruption or dysfunction of services, including a detailed report on the timing, effects of such interruption or dysfunction and remedial actions taken 15 Records of the results of the back and stress Files, documents

EN 174 EN tests performed for the CSDs providing banking-type ancillary services 15 Written communications with the competent authority, ESMA and relevant authorities Files, documents 16 Legal opinions received in accordance with the relevant provisions on organisational requirements provided in Chapter III of Regulation (EU) No…[RTS on CSD requirements] Files, documents 17 Legal documentation regarding CSD link arrangements in accordance with Chapter XI of Regulation (EU) No…[RTS on CSD requirements] Files, documents 18 Tariffs and fees applied to the different services, including any discount or rebate Free text

EN 175 EN Annex V: Forms and templates for access procedures (Articles 33(6), 49(6), 52(4) and 53(5) of Regulation (EU) No 909/2014) Table 1 TEMPLATE FOR THE REQUEST TO ESTABLISH A CSD LINK OR FOR THE REQUEST FOR ACCESS BETWEEN A CSD AND A CCP OR A TRADING VENUE I. General information Sender: requesting party Addressee: receiving party Date of request for access Reference number given by the requesting party II. Identification of requesting party Corporate name of requesting party Country of origin Legal address LEI Name and contact details of the person responsible for the request (name, function, phone number, email address) Name Function Phone Email III. Services that form the object of the request Types of services Description of services IV. Identification of authorities Name and contact details of the competent authority of the requesting party Name Function Phone Email Name and contact details of the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Name Function Phone Email V. Any other relevant information and/or documents

EN 176 EN Table 2 TEMPLATE FOR THE RESPONSE GRANTING ACCESS FOLLOWING A REQUEST TO ESTABLISH A CSD LINK OR A REQUEST FOR ACCESS BETWEEN A CSD AND A CCP OR A TRADING VENUE I. General information Sender: receiving party Addressee: requesting party Date of request for access Reference number given by the requesting party Date of receipt of the request for access Reference number given by the receiving party II. Identification of the receiving CSD Corporate name of receiving party Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request (name, function, phone number, email address) Name Function Phone Email III. Identification of the requesting party Corporate name of the requesting party Country of origin Legal address LEI Name and contact details of the person responsible for the request (name, function, phone number, email address) Name Function Phone Email Access granted YES IV. Identification of authorities Name and contact details of the competent authority of the receiving party (main liaison, Name Function Phone Email

EN 177 EN name, function, phone number, email address) Name and contact details of the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 (main liaison, name, function, phone number, email address) Name Function Phone Email V. Any other relevant information and/or documents Table 3 TEMPLATE FOR THE REFUSAL OF ACCESS TO A CSD I. General information Sender: receiving CSD Addressee: requesting party Date of request for access Reference number given by the requesting party Date of receipt of the request for access Reference number given by the receiving CSD II. Identification of the receiving CSD Corporate name of receiving CSD Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email III. Identification of the requesting party Corporate name of the requesting party Country of origin Legal address LEI Name and contact details of the person Name Function Phone Email

EN 178 EN responsible for the request for access IV. Risk analysis of the request for access Legal risks resulting from the provision of services Financial risks resulting from the provision of services Operational risks resulting from the provision of services V. Outcome of the risk analysis Access would affect the risk profile of the CSD YES NO Access would affect the smooth and orderly functioning of the financial markets YES NO Access would cause systemic risk YES NO In case of refusal of access, a summary of the reasons for such a refusal Deadline for complaint by the requesting party to the competent authority of the receiving CSD Access granted NO VI. Identification of authorities Name and contact details of the competent authority of the receiving CSD Name Function Phone Email Name and contact details of the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Name Function Phone Email VII. Any other relevant information and/or documents Table 4 TEMPLATE FOR THE REFUSAL OF ACCESS TO THE TRANSACTION FEEDS OF A CCP OR A TRADING VENUE I. General information Sender: receiving party Addressee: requesting CSD

EN 179 EN Date of request for access Reference number given by the requesting CSD Date of receipt of the request for access Reference number given by the receiving party II. Identification of the receiving party Corporate name of receiving party Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request for access (name, function, phone number, email address) III. Identification of the requesting CSD Corporate name of the requesting CSD Country of origin Legal address LEI Name and contact details of the person responsible for the request for access (name, function, phone number, email address) IV. Risk analysis of the request for access Risks resulting from the provision of services V. Outcome of the risk analysis Access would affect the smooth and orderly functioning of the financial markets YES NO Access would cause systemic risk YES NO A summary of the reasons for such a refusal Deadline for complaint by the requesting CSD to the competent authority of the receiving party

EN 180 EN Access granted NO VI. Identification of authorities Name and contact details of the competent authority of the receiving party (main liaison, name, function, phone number, email address) Name Function Phone Email Name and contact details of the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 (main liaison, name, function, phone number, email address) Name Function Phone Email VII. Any other relevant information and/or documents Table 5 TEMPLATE FOR THE COMPLAINT FOR REFUSAL OF ACCESS TO A CSD I. General information Sender: requesting party Addressee: competent authority of receiving CSD Date of request for access Reference number given by the requesting party Date of receipt of request for access Reference number given by the receiving CSD II. Identification of the requesting party Corporate name of requesting party Country of origin Legal address LEI Name and contact details of the person responsible for the request for access (name, function, phone number, email address) III. Identification of the receiving CSD

EN 181 EN Corporate name of the receiving CSD Country of origin Legal address Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email IV. Comments of the requesting party in relation to the risk assessment of the request for access conducted by the receiving CSD and the reasons for refusal of access Comments of the requesting party on the legal risks resulting from the provision of services Comments of the requesting party on the financial risks resulting from the provision of services Comments of the requesting party on the operational risks resulting from the provision of services Comments of the requesting party concerning the refusal to provide the services referred to in point (1) of Section A of the Annex to Regulation (EU) No 909/2014 applicable to the specific issue of securities. Comments of the requesting party on the reasons of the receiving party for refusal of access Any relevant additional information V. Annexes Copy of the initial application for access submitted by the requesting party to the receiving CSD Copy of the response of the receiving CSD to the initial request for access VI. Any other relevant information and/or documents Table 6 TEMPLATE FOR THE COMPLAINT FOR REFUSAL OF ACCESS TO THE TRANSACTION FEEDS OF A CCP OR A TRADING VENUE I. General information

EN 182 EN Sender: requesting CSD Addressee: competent authority of receiving party Date of request for access Reference number given by the requesting CSD Date of receipt of request for access Reference number given by the receiving party II. Identification of the requesting CSD Corporate name of requesting CSD Country of origin Legal address LEI Name and contact details of the person responsible for the request for access (name, function, phone number, email address) III. Identification of the receiving party Corporate name of receiving party Country of origin Legal address Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email IV. Comments of the requesting CSD in relation to the risk assessment of the request for access conducted by the receiving party and the reasons for refusal of access Comments of the requesting CSD on the risks resulting from the provision of services Comments of the requesting CSD on the reasons of the receiving party for refusal of access Any relevant additional information V. Annexes Copy of the initial application for access submitted by the requesting CSD to the receiving party

EN 183 EN Copy of the response of the receiving party to the initial request for access VI. Any other relevant information and/or documents Table 7 TEMPLATE FOR THE CONSULTATION OF OTHER AUTHORITIES ON THE ASSESSMENT OF REFUSAL OF ACCESS OR FOR REFERRAL TO ESMA I. General information Sender: competent authority of the receiving party Addressee: (a) the competent authority of the place of establishment of the requesting participant; or (b) the competent authority of the place of establishment of the requesting issuer; or (c) the competent authority of the requesting CSD and the relevant authority of the requesting CSD referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014; or (d) the competent authority of the requesting CCP or trading venue and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014; or (e) ESMA (in case of referral to ESMA) Date of the request for access Reference number given by the requesting party Date of receipt of the request for access Reference number given by the receiving party Date of receipt of refusal of access complaint Reference number given by the competent authority of the receiving party II. Identification of authorities Name and contact details of the competent authority of the receiving party Name Function Phone Email

EN 184 EN Where applicable, name and contact details of the relevant authority of the receiving party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Name Function Phone Email III. Identification of the requesting party Corporate name of requesting party Country of origin Legal address LEI Name and contact details of the person assuming the responsibility of the request for access (name, function, phone number, email address) IV. Identification of the receiving party Corporate name of receiving party Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email V. Assessment by the competent authority of the receiving party Comments of the competent authority concerning: (a) the reasons of the receiving party for refusal of access, and (b) the arguments of the requesting party Where applicable, comments of the relevant authority of the receiving party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Refusal to grant access is deemed unjustified YES NO Reasons provided by the competent authority of the receiving party in support of its assessment VI. Annexes

EN 185 EN Copy of the initial application for access submitted by the requesting party to the receiving party Copy of the response of the receiving party to the initial request for access Copy of the complaint from the requesting party regarding the refusal of access VII. Any other relevant information and/or documents Table 8 TEMPLATE FOR THE RESPONSE TO THE CONSULTATION BY THE COMPETENT AUTHORITY OR OTHER AUTHORITIES ON THE ASSESSMENT OF REFUSAL OF ACCESS, AND FOR REFERRAL TO ESMA I. General information Sender: (a) the competent authority of the place of establishment of the requesting participant; or (b) the competent authority of the place of establishment of the requesting issuer; or (c) the competent authority of the requesting CSD and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014; or (d) the competent authority of the requesting CCP or trading venue and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014. Addressee: (a) competent authority of the receiving party; or (b) ESMA Date of the request for access Reference number given by the requesting party Date of receipt of the request for access Reference number given by the receiving party Date of receipt of the complaint for refusal of access Reference number given by the competent authority of the receiving party

EN 186 EN Date of receipt of the assessment provided by the competent authority to the receiving party Reference number given by the competent authority of the requesting party II. Identification of the authority that submits the response to the assessment by the competent authority of the receiving party Name and contact details of: (a) the competent authority of the place of establishment of the requesting participant; or (b) the competent authority of the place of establishment of the requesting issuer; or (c) the competent authority of the requesting CSD and the relevant authority of the requesting CSD referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014; or (d) the competent authority of the requesting CCP or trading venue and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014. Name Function Phone Email III. Identification of the requesting party Corporate name of requesting party Country of origin Legal address LEI Name and contact details of the person responsible for the request for access (name, function, phone number, email address) IV. Identification of the receiving party Corporate name of receiving party Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email V. Assessment by the competent authority of the receiving party

EN 187 EN Comments concerning: (a) the reasons of the receiving party for refusal of access; (b) the arguments provided by the requesting party; (c) the reasons provided by the competent authority of the receiving party in support of its assessment. Refusal to grant access is deemed unjustified YES NO Reasons provided by the authority in support of its assessment VI. Where relevant, assessment by the relevant authority of the requesting party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Comments concerning: (a) the reasons of the receiving party for refusal of access;= (b) the arguments provided by the requesting party; (c) the reasons provided by the competent authority of the receiving party in support of its assessment. Refusal to grant access is deemed unjustified YES NO Reasons provided by the authority in support of its assessment VII. Annexes Copy of the complaint of the requesting party regarding the refusal of access, including a copy of the information provided under Annex I Copy of the assessment by the competent authority of the receiving party of the complaint launched by the requesting party concerning the refusal of access, including a copy of the information provided under Annex II VIII. Any other relevant information and/or documents Table 9 TEMPLATE FOR THE RESPONSE TO THE COMPLAINT FOR REFUSAL OF ACCESS I. General information Sender: competent authority of the receiving party

EN 188 EN Addressees: (a) requesting party; (b) receiving party; (c) the competent authority of the place of establishment of the requesting participant; or (d) the competent authority of the place of establishment of the requesting issuer; or (e) in case of CSD links, the competent authority of the requesting CSD and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014; or (f) in case of access by a trading venue or a CCP, the competent authority of the requesting CCP or trading venue and the relevant authority referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014. Date of the request for access Reference number given by the requesting party Date of receipt of the request for access Reference number given by the receiving party Date of receipt of the complaint for refusal of access Reference number given by the competent authority of the receiving party Date of receipt of the assessment by the competent authority of the requesting party and, where applicable, of the relevant authority of the requesting party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 Reference number given by the competent authority of the requesting party or, where applicable, of the relevant authority of the requesting party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 II. Identification of the authority submitting the response to the complaint concerning a refusal of access

EN 189 EN Name and contact details of the competent authority of the receiving party Name Function Phone Email III. Identification of the requesting party Corporate name of requesting party Country of origin Legal address LEI Name and contact details of the person responsible for the request for access (name, function, phone number, email address) IV. Identification of receiving party Corporate name of receiving party Country of origin Legal address LEI Name and contact details of the person responsible for the assessment of the request for access Name Function Phone Email V. Assessment by the competent authority of the receiving party Comments concerning: (a) the reasons of the receiving party for refusal of access; (b) the arguments provided by the requesting party; (c) the reasons provided by the authority of the requesting party in support of its assessment. Where applicable, comments of the relevant authority of the receiving party referred to in point (a) of Article 12(1) of Regulation (EU) No 909/2014 concerning: (a) the reasons of the receiving party for refusal of access; (b) the arguments provided by the requesting party; (c) the reasons provided by the authority of the requesting party in support of its

EN 190 EN assessment. Refusal to grant access is deemed unjustified YES NO Reasons provided by the competent authority of the receiving party in support of its assessment VI. Order requiring the receiving party to grant access to the requesting party When the refusal to grant access is deemed unjustified, a copy of the order requiring the receiving party to grant access to the requesting party, including the applicable deadline for compliance. VII. Any other relevant information and/or documents

EN 191 EN Annex VI: Forms and templates for the consultation of authorities prior to granting authorisation to provide banking-type ancillary services (Article 55(8) of Regulation (EU) No 909/2014) SECTION 1 Template for transmitting the relevant information and requesting of issuance of a reasoned opinion [Name of the competent authority responsible for assessing the application for authorisation] Contact details of the competent authority responsible for assessing the application for authorisation Name of person(s) responsible for further contacts: Function: Telephone number: Email address: (1) On [date of submission of the application for authorisation], [Name of the applicant CSD] submitted its application for authorisation to [designate a credit institution to provide / provide]17 banking-type ancillary services to [Name of the competent authority responsible for assessing the application for authorisation] in accordance with Article 55(1) of Regulation (EU) No 909/2014. (2) [Name of the competent authority responsible for assessing the application for authorisation] has examined the completeness of the application and considers it to be complete. (3) [Name of the competent authority responsible for assessing the application for authorisation] hereby transmits all the information included in the application, attached as an Annex [Competent Authority should ensure this information is sent as an Annex to this letter], to all authorities referred to in Article 55(5) of Regulation (EU) No 909/2014, and requests a reasoned opinion from the authorities referred to in points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014 within 30 days from the date of receipt of this letter. It is required from each authority to acknowledge receipt of this application and related information attached on the day of receipt. Where an authority does not provide an opinion within 30 days, it shall be deemed to have a positive opinion. Done at ……..on [insert date]…… On behalf of [Name of competent authority responsible for assessing the application for authorisation],

17 The appropriate reference should be used, depending on the case and the specific entity should be identified.

EN 192 EN [signature] The list of Addressees, including authorities entitled to issue a reasoned opinion:

1. [Competent Authority to list the Authorities referred to in Article 55(4) of Regulation (EU) No 909/2014] SECTION 2 Reasoned opinion template [Name of the authority issuing the reasoned opinion] Contact details of the authority issuing a reasoned opinion Name of person(s) responsible for further contacts: Function: Telephone number: Email address: (1) On [date of submission of the application for authorisation], [Name of the applicant CSD] submitted its application for authorisation to [designate a credit institution / provide]18 banking-type ancillary services to [Name of the competent authority responsible for assessing the application for authorisation] in accordance with Article 55(1) of Regulation (EU) No 909/2014. (2) [Name of the Competent Authority] has examined the completeness of the application, transmitted the information included in the application to [provide list of authorities, including the EBA and ESMA, and required a reasoned opinion from [the authority concerned] in accordance with Article 55(5) of Regulation (EU) No 909/2014. The request was received on [date …]. (3) Having regard to Article 55(5) of Regulation (EU) No 909/2014, [Name of the authority concerned issuing the reasoned opinion] is hereby issuing this reasoned opinion on the application. Reasoned opinion: [choose one option: Positive or Negative] [Full and detailed justification in case of a negative reasoned opinion …] Done at ……..on [insert date]…… On behalf of [Name of the authority issuing the opinion], [signature]

18 The appropriate reference should be used, depending on the case and the specific entity should be identified.

EN 193 EN SECTION 3 Template for the reasoned decision addressing a negative reasoned opinion [Name of the home competent authority responsible for assessing the application for authorisation] Contact details of the competent authority responsible for assessing the application for authorisation Name of person(s) responsible for further contacts: Function: Telephone number: Email address: (1) On [date of submission of application for authorisation], [Name of the applicant CSD] submitted its application for authorisation to [designate a credit institution / provide]19 banking-type ancillary services to [Name of the competent authority responsible for assessing the application for authorisation] in accordance with Article 55(1) of Regulation (EU) No 909/2014. (2) [Name of the competent authority responsible for assessing the application for authorisation] has examined the completeness of the application, transmitted the information included in the application to [all authorities mentioned in Article 55(4) of Regulation (EU) No 909/2014], and required a reasoned opinion from [all entitled authorities identified by the competent authority in accordance with points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014. (3) Having regard to the negative reasoned opinion(s) issued in accordance with Article 55(5) of Regulation (EU) No 909/2014 on the application by:

• [Name of authority concerned having issued an opinion] on [date of the reasoned opinion];
• [Name of authority concerned having issued an opinion] on [date of the reasoned opinion]; -… (4) [Name of the competent authority responsible for assessing the application for authorisation] has closely examined the reasoned opinion(s) and is hereby issuing this reasoned decision in accordance with Article 55(5) of Regulation (EU) No 909/2014.

19 The appropriate reference should be used, depending on the case and the specific entity should be identified.

EN 194 EN Reasoned decision addressing the negative opinion(s): [Choose one option] Proceed / Not Proceed to grant authorisation [Reasons and justification for determining the reasoned decision…] Done at ……..on [insert date]…… On behalf of [Name of the competent authority responsible for assessing the application for authorisation] [signature] [attachment: a copy of the decision] SECTION 4 Template for the request for ESMA assistance [Name of the authority referring the matter to ESMA] Contact details of theauthority referring the matter to ESMA Name of person(s) responsible for further contacts : Function: Telephone number: Email address: (1) On [date of submission of the application for authorisation], [Name of the applicant CSD] submitted its application for authorisation to [designate a credit institution / provide]20 banking-type ancillary services to [Name of the competent authority responsible for assessing the application for authorisation] in accordance with Article 55 (1) of Regulation (EU) No 909/2014, (2) [Name of the competent authority responsible for assessing the application for authorisation] has examined the completeness of the application, transmitted the information included in the application [all authorties listed in Article 55(4) of Regulation (EU) No 909/2014], and required a reasoned opinion from [authorities listed in points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014] in accordance with Article 55 (4) of Regulation (EU) No 909/2014.

EN 195 EN (3) Having regard to the negative reasoned opinion(s) issued in accordance with Article 55 (5) of Regulation (EU) No 909/2014 on the application by:

• [Name of authority concerned that had issued a negative reasoned opinion] on [date of the reasoned opinion],
• [Name of Authority concerned that had issued a negative reasoned opinion] on [date of the reasoned opinion], -… (4) Having regard to the reasoned decision to proceed to grant authorisation by [Name of the competent authority responsible for assessing the application for authorisation] on [date of issuing a reasoned decision concerning the opinion] addressing the aforementioned negative reasoned opinion(s) in accordance with Article 55 (5) of Regulation (EU) No 909/2014, (5) Having regard to the absence of agreement over the assessment of the application for authorisation by the competent authority and the authorities referred to in points (a) to (e) of Article 55(4) of Regulation (EU) No 909/2014, despite further attempts to reach such an agreement, (6) In accordance with Article 55(5) of Regulation (EU) No 909/2014, [name of the authority issuing the request for ESMA assistance] hereby refers the matter to ESMA for assistance, provides ESMA with a copy of the aforementioned application, reasoned opinion(s), and decision, and requests ESMA to proceed in accordance with Article 31 of Regulation (EU) No 1095/2010 within 30 days of receipt by ESMA of this referral. Reasons for request: [Reasons for the referral to ESMA] Done at ……..on [insert date]…… On behalf of [Name of authority referring the matter to ESMA] [signature] Done at ……..on [insert date]…… On behalf of [Name of authority referring the matter to ESMA] [signature]

EN 196 EN Regulation 4: ITS ON INTERNALISED SETTLEMENT EUROPEAN COMMISSION Brussels, XXX … XXX draft COMMISSION IMPLEMENTING REGULATION (EU) No …/.. of XXX […]

EN 197 EN COMMISSION IMPLEMENTING REGULATION (EU) 2015/… of [ ] laying down implementing technical standards with regard to the templates and procedures for the reporting and transmission of information on internalised settlements in accordance with Regulation (EU) No 909/2014 of the European Parliament and of the Council (Text with EEA relevance) THE EUROPEAN COMMISSION, Having regard to the Treaty on the Functioning of the European Union, Having regard to Regulation (EU) No 909/2014 of the European Parliament and of the Council of 23 July 2014 on improving securities settlement in the European Union and on central securities depositories and amending Directives 98/26/EC and 2014/65/EU and Regulation (EU) No 236/201221, and in particular the third subparagraph of Article 9(3) thereof, Whereas: (1) In accordance with Regulation (EU) No 909/2014 settlement internalisers and competent authorities are to report and transmit information on internalised settlements using standard forms, templates and procedures. Standard forms, templates and procedures also need to be used when competent authorities inform the European Securities and Markets Authority (ESMA) on any potential risk resulting from the settlement activity. To ensure that information is reported in a consistent and standardized manner which would enable competent authorities to effectively monitor internalised settlement, settlement internalisers should provide the relevant information under the Regulation (EU) No […] [i.e. RTS on internalised settlement] using the templates set out in the Annex I to this Regulation. It is also necessary to establish a template and procedures for providing information on any potential risk resulting from the settlement activity. (2) In order to facilitate the implementation across market participants and to minimize the associated costs, the proposed requirements use ISO standards where they are available.

21 OJ L 257, 28.8.2014, p. 1.

EN 198 EN (3) In order to facilitate the processing of large volumes of data in a consistent and efficient manner, reports should be transmitted in a machine readable format. (4) Given that the requirements provided in this Regulation are closely linked to the measures provided in Regulation (EU) No…. [RTS on internalised settlement], in order to ensure coherence in their application, this Regulation should begin to apply at the same time as Regulation (EU) No… [RTS on internalised settlement] becomes applicable. (5) This Regulation is based on the draft implementing technical standards submitted by ESMA to the Commission. (6) In accordance with Article 15 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council22, European Securities and Markets Authority has conducted an open public consultation on the draft implementing technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010. HAS ADOPTED THIS REGULATION: Article 1

1. A settlement internaliser shall use the template set out in Annex I to this Regulation when it reports to the competent authority in accordance with the first subparagraph of Article 9(1) of Regulation (EU) No 909/2014. That report shall be submitted within 10 working days from the end of each quarter of a calendar year.
2. The competent authority shall use the template set out in Annex I to this Regulation when it transmits to ESMA the information received under the first subparagraph of Article 9(1) of Regulation (EU) No 909/2014. That information shall be transmitted within five working days from the date of receipt of each report referred to in paragraph 1 of this Article.
3. The competent authority shall use the template set out in Annex II to this Regulation when it informs ESMA of any potential risk resulting from internalised settlement activity. Information on any potential risk resulting from internalised settlement activity shall be submitted within 30 working days from the end of each quarter of a calendar year.

22 Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).

EN 199 EN 4. The information referred to in paragraphs 1 to 3 shall be provided in a machine readable format. Article 2 This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union. This Regulation shall apply two years following its publication in the Official Journal. The first reports under Article 2(1) shall be sent within 10 working days from the end of the first quarter following the date referred to in the second subparagraph. This Regulation shall be binding in its entirety and directly applicable in all Member States. Done at Brussels, For the Commission The President [For the Commission On behalf of the President [Position]

EN 200 EN Annex I: Template for reporting and transmission of information on internalised settlement Internalised Settlement Settlement Internaliser Information C0010 Country code R00 10 Reporting timestamp R00 20 Reporting period R00 30 LEI R00 40 Name of person responsible R00 50 Function of person responsible R00 60 Phone number R00 70 Email address R00 80 Aggregate Rate Settled Failed Total Failed Volu me Value (€) Volu me Value (€) Volu me Value (€) Volum e % Valu e % C00 20 C003 0 C00 40 C005 0 C006 0 C007 0 C0080 C009 0 Overall total R00 90 Financial instruments Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU R01 00

EN 201 EN Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R01 10 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R01 20 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU R01 30 Exchange -traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU R01 40 Units in collective investment undertakings, other than ETFs R01 50 Money market instruments other than Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R01 60 Emission allowances R01 70 Other financial instruments R01 80 Type of transactions Purchase or sale of securities R01 90 Collateral R02

EN 202 EN management operations 00 Securities lending and securities borrowing R02 10 Repurchase transactions R02 20 Other securities transactions R02 30 Type of client Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU R02 40 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU R02 50 Cash Transfers Total Cash Transfers R02 60 Each Issuer CSD Information C0100 Issuer CSD identifier R02 70 Issuer CSD country code R02 80 Aggregate Rate Settled Failed Total Settled Failed Failed Volu me Value (€) Volu me Value (€) Volu me Value (€) Volum e % Valu e % C01 10 C012 0 C01 30 C014 0 C015 0 C016 0 C0170 C018 0 Overall total R02 90 Financial instruments Transferable securities referred to in point (a) of R03 00

EN 203 EN Article 4(1)(44) of Directive 2014/65/EU Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R03 10 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R03 20 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU R03 30 Exchange -traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU R03 40 Units in collective investment undertakings, other than ETFs R03 50 Money market instruments other than Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU R03 60 Emission allowances R03 70 Other financial instruments R03 80 Type of transactions

EN 204 EN Purchase or sale of securities R03 90 Collateral management operations R04 00 Securities lending and securities borrowing R04 10 Repurchase transactions R04 20 Other securities transactions R04 30 Type of client Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU R04 40 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU R04 50

EN 205 EN Annex II: Potential risks template Potential Risks Identification of the reporting competent authority C0010 Name of the competent authority R0010 Reporting timestamp R0020 Reporting period R0030 Name of the main liaison. R0040 Function of the main liaison. R0050 Phone number of the main liaison. R0060 Email address of the main liaison. R0070 Identification of any potential risks resulting from the internalised settlement activity in the jurisdiction Identification of any potential risks resulting from the internalised settlement activity in the jurisdiction. R0080

EN 206 EN Annex III: Instructions on completing the template for reporting and transmission of information on internalised settlement This Annex contains additional instructions in relation to the template included in Annex I of this Regulation. The first column of the next table identifies the items to be reported by identifying the columns and lines as showed in the template in Annex I. Columns C0100 – C0180, as well as Rows R0270 – R0450 shall be reported for each issuer CSD. Columns C0020, C0040, C0060, C0110, C0130 and C0150 for aggregated volumes shall be reported as a whole number expressed using up to 20 numerical characters without decimal places. Columns C0030, C0050, C0070, C0120, C0140 and C0160 for aggregate values shall be reported as a value expressed using up to 20 numerical characters including decimals. The decimal mark is not counted as a numerical character and at least one character before and two characters after the decimal mark shall be populated. A full stop shall be used as the decimal mark. Columns C0080, C0090, C00170 and C00180 for rates shall be reported as a percentage value up to 2 decimal places. Where no activity needs to be reported, Columns C0020 – C0090 and C0110 – C0180 must not be blank and must be completed with a zero value. No. Cell Reference Item Instruction 1 C0010, R0010 Country code Identify the ISO 3166 2 character code of the place of establishment of the settlement internaliser 2 C0010, R0020 Reporting timestamp For reporting from the settlement internaliser to the competent authority, identify the ISO 8601 in UTC time format (YYYY-MM-DDThh:mm:ssZ) code of the date when the report from the settlement internaliser to the competent authority is made. For reporting from the competent authority to ESMA, identify the ISO 8601 in UTC time format (YYYY-MM-DDThh:mm:ssZ) code of the date when the report from the competent authority to ESMA is made.

EN 207 EN 3 C0010, R0030 Reporting period Identify the ISO 8601 (YYYY-MM-DD) code of the date identifying the last day of the reporting period. 4 C0010, R0040 Settlement internaliser identifier Identification code of the settlement internaliser, using a Legal Entity Identifier (LEI). 5 C0010, R0050 Name of person responsible For reporting from the settlement internaliser to the competent authority, the name of the person responsible for the report at the settlement internaliser. For reporting from the competent authority to ESMA, the name of the liaison at the competent authority. 6 C0010, R0060 Function of person responsible For reporting from the settlement internaliser to the competent authority, the function of the person responsible for the report at the settlement internaliser. For reporting from the competent authority to ESMA, the function of the liaison at the competent authority. 7 C0010, R0070 Phone number For reporting from the settlement internaliser to the competent authority, the phone number of the person responsible for the report at the settlement internaliser. For reporting from the competent authority to ESMA, the phone number of the liaison at the competent authority. 8 C0010, R0080 Email address For reporting from the settlement internaliser to the competent authority, the email address of the person responsible for the report at the settlement internaliser. For reporting from the competent authority to ESMA, the email address of the liaison at the competent authority. 9 C0100, R0270 Issuer CSD identifier Identification code of the settlement internaliser, using a Legal Entity Identifier (LEI). If information on the issuer CSD is not available the first two characters of the ISIN codes shall be used.

EN 208 EN 10 C0100, R0280 Issuer CSD Country Code Identify the ISO 3166 2 character code of the place of establishment of the issuer CSD. 11 C0020, R0090 C0110, R0290 Overall total Aggregated volume of internalised settlement instructions settled by the settlement internaliser during the period covered by the report. 12 C0030, R0090 C0120, R0290 Overall total Aggregated value, expressed in euros, of internalised settlement instructions settled during the period covered by the report. 13 C0040, R0090 C0130, R0290 Overall total Aggregated volume of failed internalised settlement instructions during the period covered by the report 14 C0050, R0090 C0140, R0290 Overall total Aggregated value, expressed in euros, of failed internalised settlement instructions during the period covered by the report 15 C0060, R0090 C0150, R0290 Overall total Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions during the period covered by the report. 16 C0070, R0090 C0160, R0290 Overall total Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and of failed internalised settlement instructions during the period covered by the report. 17 C0080, R0090 C0170, R0290 Overall total The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions during the period covered by the report. 18 C0090, R0090 C0180, R0290 Overall total The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions during the period covered by the report.

EN 209 EN 19 C0020, R0100 C0110, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 20 C0030, R0100 C0120, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 21 C0040, R0100 C0130, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report 22 C0050, R0100 C0140, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report 23 C0060, R0100 C0150, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 24 C0070, R0100 C0160, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report.

EN 210 EN 25 C0080, R0100 C0170, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 26 C0090, R0100 C0180, R0300 Transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (a) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 27 C0020, R0110 C0110, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 28 C0030, R0110 C0120, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 29 C0040, R0110 C0130, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report 30 C0050, R0110 C0140, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report 31 C0060, R0110 C0150, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report.

EN 211 EN 32 C0070, R0110 C0160, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and of failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 33 C0080, R0110 C0170, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 34 C0090, R0110 C0180, R0310 Sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 35 C0020, R0120 C0110, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 36 C0030, R0120 C0120, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report.

EN 212 EN 37 C0040, R0120 C0130, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report 38 C0050, R0120 C0140, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report 39 C0060, R0120 C0150, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 40 C0070, R0120 C0160, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and of failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report.

EN 213 EN 41 C0080, R0120 C0170, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 42 C0090, R0120 C0180, R0320 Transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (b) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 43 C0020, R0130 C0110, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 44 C0030, R0130 C0120, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 45 C0040, R0130 C0130, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report

EN 214 EN 46 C0050, R0130 C0140, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report 47 C0060, R0130 C0150, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 48 C0070, R0130 C0160, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 49 C0080, R0130 C0170, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 50 C0090, R0130 C0180, R0330 Transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in transferable securities referred to in point (c) of Article 4(1)(44) of Directive 2014/65/EU during the period covered by the report. 51 C0020, R0140 C0110, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/CE by the settlement internaliser during the period covered by the report.

EN 215 EN 52 C0030, R0140 C0120, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 53 C0040, R0140 C0130, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report 54 C0050, R0140 C0140, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in exchange￾traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report 55 C0060, R0140 C0150, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 56 C0070, R0140 C0160, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 57 C0080, R0140 C0170, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in exchange￾traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report.

EN 216 EN 58 C0090, R0140 C0180, R0340 Exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in exchange-traded funds as defined in point (46) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 59 C0020, R0150 C0110, R0350 Units in collective investment undertakings, other than ETFs Aggregated volume of internalised settlement instructions settled for units in collective investment undertakings, other than ETFs by the settlement internaliser during the period covered by the report. 60 C0030, R0150 C0120, R0350 Units in collective investment undertakings, other than ETFs Aggregated value, expressed in euros, of internalised settlement instructions settled in units in collective investment undertakings, other than ETFs during the period covered by the report. 61 C0040, R0150 C0130, R0350 Units in collective investment undertakings, other than ETFs Aggregated volume of failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report 62 C0050, R0150 C0140, R0350 Units in collective investment undertakings, other than ETFs Aggregated value, expressed in euros, of failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report 63 C0060, R0150 C0150, R0350 Units in collective investment undertakings, other than ETFs Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report. 64 C0070, R0150 C0160, R0350 Units in collective investment undertakings, other than ETFs Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report.

EN 217 EN 65 C0080, R0150 C0170, R0350 Units in collective investment undertakings, other than ETFs The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report. 66 C0090, R0150 C0180, R0350 Units in collective investment undertakings, other than ETFs The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in units in collective investment undertakings, other than ETFs during the period covered by the report. 67 C0020, R0160 C0110, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 68 C0030, R0160 C0120, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 69 C0040, R0160 C0130, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report 70 C0050, R0160 C0140, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report

EN 218 EN 71 C0060, R0160 C0150, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 72 C0070, R0160 C0160, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 73 C0080, R0160 C0170, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 74 C0090, R0160 C0180, R0360 Money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in money market instruments other than sovereign debt referred to in Article 4(1)(61) of Directive 2014/65/EU during the period covered by the report. 75 C0020, R0170 C0110, R0370 Emission allowances Aggregated volume of internalised settlement instructions settled in emission allowances by the settlement internaliser during the period covered by the report. 76 C0030, R0170 C0120, R0370 Emission allowances Aggregated value, expressed in euros, of internalised settlement instructions settled in emission allowances during the period covered by the report.

EN 219 EN 77 C0040, R0170 C0130, R0370 Emission allowances Aggregated volume of failed internalised settlement instructions in emission allowances during the period covered by the report 78 C0050, R0170 C0140, R0370 Emission allowances Aggregated value, expressed in euros, of failed internalised settlement instructions in emission allowances during the period covered by the report 79 C0060, R0170 C0150, R0370 Emission allowances Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in emission allowances during the period covered by the report. 80 C0070, R0170 C0160, R0370 Emission allowances Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in emission allowances during the period covered by the report. 81 C0080, R0170 C0170, R0370 Emission allowances The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in emission allowances during the period covered by the report. 82 C0090, R0170 C0180, R0370 Emission allowances The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in emission allowances during the period covered by the report. 83 C0020, R0180 C0110, R0380 Other financial instruments Aggregated volume of internalised settlement instructions settled in other financial instruments by the settlement internaliser during the period covered by the report. 84 C0030, R0180 C0120, R0380 Other financial instruments Aggregated value, expressed in euros, of internalised settlement instructions settled in other financial instruments during the period covered by the report.

EN 220 EN 85 C0040, R0180 C0130, R0380 Other financial instruments Aggregated volume of failed internalised settlement instructions in other financial instruments during the period covered by the report 86 C0050, R0180 C0140, R0380 Other financial instruments Aggregated value, expressed in euros, of failed internalised settlement instructions in other financial instruments during the period covered by the report 87 C0060, R0180 C0150, R0380 Other financial instruments Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions in other financial instruments during the period covered by the report. 88 C0070, R0180 C0160, R0380 Other financial instruments Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in other financial instruments during the period covered by the report. 89 C0080, R0180 C0170, R0380 Other financial instruments The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in other financial instruments during the period covered by the report. 90 C0090, R0180 C0180, R0380 Other financial instruments The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions in other financial instruments during the period covered by the report. 91 C0020, R0190 C0110, R0390 Purchase or sale of securities Aggregated volume of internalised settlement instructions settled for purchase or sale of securities by the settlement internaliser during the period covered by the report.

EN 221 EN 92 C0030, R0190 C0120, R0390 Purchase or sale of securities Aggregated value, expressed in euros, of internalised settlement instructions settled for the purchase or sale of securities during the period covered by the report. 93 C0040, R0190 C0130, R0390 Purchase or sale of securities Aggregated volume of failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report 94 C0050, R0190 C0140, R0390 Purchase or sale of securities Aggregated value, expressed in euros, of failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report 95 C0060, R0190 C0150, R0390 Purchase or sale of securities Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report. 96 C0070, R0190 C0160, R0390 Purchase or sale of securities Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report. 97 C0080, R0190 C0170, R0390 Purchase or sale of securities The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report. 98 C0090, R0190 C0180, R0390 Purchase or sale of securities The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the purchase or sale of securities during the period covered by the report.

EN 222 EN 99 C0020, R0200 C0110, R0400 Collateral management operations Aggregated volume of internalised settlement instructions settled for the collateral management operations by the settlement internaliser during the period covered by the report. Collateral management operations are defined as:

• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB) 100 C0030, R0200 C0120, R0400 Collateral management operations Aggregated value, expressed in euros, of internalised settlement instructions settled for the collateral management operations during the period covered by the report. Collateral management operations are defined as:
• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB) 101 C0040, R0200 C0130, R0400 Collateral management operations Aggregated volume of failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as:
• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB) 102 C0050, R0200 C0140, R0400 Collateral management operations Aggregated value, expressed in euros, of failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as:
• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB)

EN 223 EN 103 C0060, R0200 C0150, R0400 Collateral management operations Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as:

• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB) 104 C0070, R0200 C0160, R0400 Collateral management operations Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as:
• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB) 105 C0080, R0200 C0170, R0400 Collateral management operations The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as:
• Collateral in (COLI)
• Collateral out (COLO)
• Central bank collateral operation (CNCB)

EN 224 EN 106 C0090, R0200 C0180, R0400 Collateral management operations The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the collateral management operations during the period covered by the report. Collateral management operations are defined as: Collateral in (COLI) Collateral out (COLO) Central bank collateral operation (CNCB) 107 C0020, R0210 C0110, R0410 Securities lending and securities borrowing Aggregated volume of internalised settlement instructions settled for the securities lending and securities borrowing by the settlement internaliser during the period covered by the report. 108 C0030, R0210 C0120, R0410 Securities lending and securities borrowing Aggregated value, expressed in euros, of internalised settlement instructions settled for the securities lending and securities borrowing during the period covered by the report. 109 C0040, R0210 C0130, R0410 Securities lending and securities borrowing Aggregated value, expressed in euros, of failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report 110 C0050, R0210 C0140, R0410 Securities lending and securities borrowing Aggregated value, expressed in euros, of failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report 111 C0060, R0210 C0150, R0410 Securities lending and securities borrowing Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report. 112 C0070, R0210 C0160, R0410 Securities lending and securities borrowing Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report.

EN 225 EN 113 C0080, R0210 C0170, R0410 Securities lending and securities borrowing The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report. 114 C0090, R0210 C0180, R0410 Securities lending and securities borrowing The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the securities lending and securities borrowing during the period covered by the report. 115 C0020, R0220 C0110, R0420 Repurchase transactions Aggregated volume of internalised settlement instructions settled for the repurchase transactions by the settlement internaliser during the period covered by the report. Repurchase transactions are defined as:

• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK) 116 C0030, R0220 C0120, R0420 Repurchase transactions Aggregated value, expressed in euros, of internalised settlement instructions settled for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:
• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK)

EN 226 EN 117 C0040, R0220 C0130, R0420 Repurchase transactions Aggregated volume of failed internalised settlement instructions for the repurchase transactions by the settlement internaliser during the period covered by the report. Repurchase transactions are defined as:

• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK) 118 C0050, R0220 C0140, R0420 Repurchase transactions Aggregated value, expressed in euros, of failed internalised settlement instructions for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:
• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK) 119 C0060, R0220 C0150, R0420 Repurchase transactions Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:
• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK)

EN 227 EN 120 C0070, R0220 C0160, R0420 Repurchase transactions Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:

• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK) 121 C0080, R0220 C0170, R0420 Repurchase transactions The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:
• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK)

EN 228 EN 122 C0090, R0220 C0180, R0420 Repurchase transactions The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for the repurchase transactions during the period covered by the report. Repurchase transactions are defined as:

• Repurchase agreement transactions (REPU)
• Reverse repurchase agreement transactions (RVPO)
• Triparty repurchase agreements (TRPO)
• Triparty reverse repurchase agreements (TRVO)
• Buy sell back transactions (BSBK)
• Sell buy back transactions (SBBK) 123 C0020, R0230 C0110, R0430 Other securities transactions Aggregated volume of internalised settlement instructions settled for any other securities transactions by the settlement internaliser during the period covered by the report. 124 C0030, R0230 C0120, R0430 Other securities transactions Aggregated value, expressed in euros, of internalised settlement instructions settled for any other securities transactions during the period covered by the report. 125 C0040, R0230 C0130, R0430 Other securities transactions Aggregated volume of failed internalised settlement instructions settled for any other securities transactions during the period covered by the report 126 C0050, R0230 C0140, R0430 Other securities transactions Aggregated value, expressed in euros, of failed internalised settlement instructions for any other securities transactions during the period covered by the report 127 C0060, R0230 C0150, R0430 Other securities transactions Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for any other securities transactions during the period covered by the report.

EN 229 EN 128 C0070, R0230 C0160, R0430 Other securities transactions Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for any other securities transactions during the period covered by the report. 129 C0080, R0230 C0170, R0430 Other securities transactions The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for any other securities transactions during the period covered by the report. 130 C0090, R0230 C0180, R0430 Other securities transactions The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for any other securities transactions during the period covered by the report. 131 C0020, R0240 C0110, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 132 C0030, R0240 C0120, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 133 C0040, R0240 C0130, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report 134 C0050, R0240 C0140, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report

EN 230 EN 135 C0060, R0240 C0150, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 136 C0070, R0240 C0160, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 137 C0080, R0240 C0170, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 138 C0090, R0240 C0180, R0440 Professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for professional clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 139 C0020, R0250 C0110, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated volume of internalised settlement instructions settled for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU by the settlement internaliser during the period covered by the report. 140 C0030, R0250 C0120, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of internalised settlement instructions settled for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report.

EN 231 EN 141 C0040, R0250 C0130, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated volume of failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report 142 C0050, R0250 C0140, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated value, expressed in euros, of failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report 143 C0060, R0250 C0150, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 144 C0070, R0250 C0160, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and number of failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 145 C0080, R0250 C0170, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 146 C0090, R0250 C0180, R0450 Retail clients as defined in point (11) of Article 4(1) of Directive 2014/65/EU The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for retail clients as defined in point (10) of Article 4(1) of Directive 2014/65/EU during the period covered by the report. 147 C0020, R0260 Total cash transfers Aggregated volume of internalised settlement instructions settled for cash transfers by the settlement internaliser during the period covered by the report.

EN 232 EN 148 C0030, R0260 Total cash transfers Aggregated value, expressed in euros, of internalised settlement instructions settled for cash transfers during the period covered by the report. 149 C0040, R0260 Total cash transfers Aggregated volume of failed internalised settlement instructions for cash transfers during the period covered by the report 150 C0050, R0260 Total cash transfers Aggregated value, expressed in euros, of failed internalised settlement instructions for cash transfers during the period covered by the report 151 C0060, R0260 Total cash transfers Aggregated total of the volume of internalised settlement instructions settled by the settlement internaliser and volume of failed internalised settlement instructions for cash transfers during the period covered by the report. 152 C0070, R0260 Total cash transfers Aggregated total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for cash transfers during the period covered by the report. 153 C0080, R0260 Total cash transfers The rate of failed internalised settlement instructions compared to the aggregated total volume of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for cash transfers during the period covered by the report. 154 C0090, R0260 Total cash transfers The rate of failed internalised settlement instructions compared to the total value, expressed in euros, of internalised settlement instructions settled by the settlement internaliser and failed internalised settlement instructions for cash transfers during the period covered by the report.

EN 233 EN Annex IV: Instructions on completing the potential risks template This Annex contains additional instructions in relation to the template included in Annex II of this Regulation. The first column of the next table identifies the items to be reported by identifying the columns and lines as showed in the template in Annex II. No. Cell Reference Item Instruction 1 C0010, R0010 Name of the competent authority. The full name of the competent authority. 2 C0010, R0020 Reporting timestamp Identify the ISO 8601 in UTC time format (YYYY-MM-DDThh:mm:ssZ) code of the date when the report from the competent authority is made. 2 C0010, R0030 Reporting period Identify the ISO 8601 (YYYY-MM-DD) code of the date identifying the last day of the reporting period. 2 C0010, R0040 Name of the main liaison. The main liaison at the competent authority who is responsible for completing the potential risks template. 3 C0010, R0050 Function of the main liaison. The function of the main liaison at the competent authority who is responsible for completing the potential risks template. 4 C0010, R0060 Phone number of the main liaison. The phone number of the main liaison at the competent authority who is responsible for completing the potential risks template. 5 C0010, R0070 Email address of the main liaison. The email address of the main liaison at the competent authority who is responsible for completing the potential risks template. 6 C0010, R0080 Identification of any potential risks resulting from the internalised settlement activity in the jurisdiction. Completed as free text.