Regulation on the Performance of Depositary Functions for UCITS Funds – Unofficial Consolidated Text (Official Gazette No. 41/17, 139/20 and 155/25)

Croatian Financial Services Agency, 10000 Zagreb, Franje Račkoga 6, P.O. Box 164, Croatia t: 01 6173 200, f: 01 4811 507, e: info@hanfa.hr, OIB: 49376181407, MB: 02016419, w: www.hanfa.hr PRAVILNIK ON THE PERFORMANCE OF DEPOSITARY FUNCTIONS FOR UCITS FUNDS (Official Gazette, No. 41/17, 139/20 and 155/25 – Unofficial Consolidated Text)

PART ONE COMMON PROVISIONS

Article 1. (Official Gazette No. 155/25) This Regulation prescribes:

1. the procedure and conditions for issuing approval for the change of depositary, as well as material amendments to the depositary services agreement;
2. the method and deadlines by which the depositary notifies the Agency of established irregularities in the operation of a UCITS fund;
3. the procedure to be followed by the management company and depositary when the approval for the appointment of a depositary ceases to be valid upon revocation by the Agency;
4. the scope and content of the auditor's report on the audit performed regarding the fulfillment of depositary obligations; and
5. the acceptance of notifications concerning breaches of the Law and/or subordinate regulations adopted on the basis of the Law, as well as the procedure regarding submitted notifications;
6. the content of applications for issuing approval to an investment company for performing depositary functions, and criteria for assessing the conditions for performing depositary functions;
7. additional content of the activity program for an investment company performing depositary functions.

PART TWO PROCEDURE, CONDITIONS AND METHOD OF CHANGE OF DEPOSITARY AND AMENDMENTS TO THE DEPOSITARY SERVICES AGREEMENT

Change of Depositary Article 2. (Official Gazette No. 155/25) (1) The management company is obliged to submit an application to the Agency for issuing approval for the change of depositary, which shall contain: a) the depositary services agreement and fee schedule for performing depositary functions, if the fee schedule does not form an integral part of the agreement; b) for a depositary under Article 216(4)(1) and (3) of the Law – a certified copy of the operational approval issued by the Croatian National Bank; c) for a depositary under Article 216(4)(3) of the Law – a certified copy of an extract from the court or other relevant registry of the third country for the branch founder; d) a declaration by the depositary that there are no legal obstacles within the meaning of Article 229(4) and (5) of the Law; e) the name of the depositary director and their deputy, along with confirmation from the depositary demonstrating that the depositary director meets the conditions set out in paragraph (2) of this Article regarding relevant experience; f) a certified copy of the positive opinion on the audit of the depositary's financial statements for the last three business years; g) additional documentation upon request by the Agency. (2) Relevant experience under Article 216(7) of the Law means that the depositary director must hold a completed master's degree in accordance with regulations governing scientific activities and higher education, along with relevant professional qualifications, competence, and at least three years of experience in depositary or similar functions. (3) All foreign documents under paragraph (1) of this Article must be translated by an authorized court interpreter for the Croatian language, and foreign documents under paragraph (1)(c) must also be authenticated in accordance with the law and international regulations (Apostille – Hague Convention of 5 October 1961 on abolishing the requirement of legalization for foreign public documents).

Amendments to Depositary Services Agreement Article 3. (1) Material amendments to the depositary services agreement requiring Agency approval include: a) changes in the description of functions performed by the depositary and procedures to be adopted for each type of asset into which a UCITS may invest, which are entrusted to the depositary; and b) changes in the description of how storage and supervision functions are performed regarding each specific type of UCITS fund asset, as well as the geographical area into which UCITS fund assets are invested. (2) Regarding other amendments to the depositary services agreement provisions, the management company shall notify the Agency; such amendments cannot enter into force without this notification.

Article 4. (1) The management company may submit the documentation under Article 2(1) and Article 3 of this Regulation in accordance with the Technical Instruction for using the WEB form entry service and electronic document submission, and the Instructions for completing WEB forms for management companies. (2) The management company is deemed to have submitted the documentation under Article 2(1) and Article 3 of this Regulation at the moment when the documentation is recorded on the server for sending such documents.

PART TWO (A) (Official Gazette No. 155/25) CONDITIONS FOR AN INVESTMENT COMPANY PERFORMING DEPOSITARY FUNCTIONS FOR UCITS FUNDS

Article 4.a An investment company may perform depositary functions for a UCITS fund if it meets the conditions prescribed by the provisions of the Law and this Regulation for performing depositary functions.

Organizational Conditions Article 4.b (1) The depositary must establish, apply and regularly update, assess and supervise effective and appropriate internal acts governing:

1. the internal organizational structure of the unit performing depositary functions, as well as the mutual relationship and method of communication, information flow and data exchange between that organizational unit and other parts of the depositary;
2. job classification for positions in the organizational unit performing depositary functions, with specific work tasks, responsibilities and authorities;
3. physical separation of the organizational unit performing depositary functions from other organizational units of the depositary;
4. the method of performing depositary functions under Article 218 of the Law;
5. an internal control system ensuring compliance with internal decisions and procedures;
6. the method of ensuring data security, integrity and confidentiality, taking into account their type. (2) The depositary must notify Hanfa of any change in the depositary director, no later than 7 days from the date of such change, by the method prescribed in Article 4 of this Regulation.

Technical Conditions Article 4.c A depositary is deemed to meet technical conditions for performing depositary functions if it minimally possesses:

1. an adequate network and information system;
2. software support for performing depositary functions;
3. established communication links for receiving instructions and general client communication via SWIFT, fax, telephone and internet;
4. established written procedures and processes for receiving client instructions regarding the disposal of financial instruments and monetary funds.

Criteria for Assessing Conditions for an Investment Company Performing Depositary Functions for UCITS Funds Article 4.d (1) An investment company must meet the conditions prescribed by Article 216.a(3) and Article 216.d of the Law, as well as the conditions for performing depositary functions prescribed by this Regulation, and depositary directors must meet the conditions of the Law and those specified in Article 2(2) of this Regulation. (2) When deciding on an application for approval to perform depositary functions, Hanfa shall take into account all elements that may affect the assessment of whether the investment company meets the established conditions for performing depositary functions.

Application for Approval to an Investment Company for Performing Depositary Functions Article 4.e (1) An investment company is obliged to submit an application to Hanfa for approval to perform depositary functions, which shall contain:

1. contact details of the investment company;
2. an extract from the court registry for the investment company;
3. evidence of meeting the conditions under Article 216(4)(4) of the Law regarding required share capital, regulatory capital and types of services the investment company is authorized to perform in accordance with capital market regulations;
4. evidence of meeting conditions regarding additional organizational and technical requirements under Article 216.d of the Law and this Regulation;
5. for the depositary director: full name, residence, nationality, OIB (Personal Identification Number), and the following attachments: a) curriculum vitae for the depositary director with detailed information on education, professional development, knowledge/skills and work experience related to performing depositary functions; b) authenticated copy of proof of completed relevant education level for the depositary director; c) document recognizing foreign higher education qualification issued by the competent authority in the Republic of Croatia, where applicable; d) employer's certificate on previous work experience of the depositary director (company name, employment period, description of functions and duties); e) certificate of no pending criminal or misdemeanor proceedings issued by the competent authority of the Republic of Croatia, or for foreign nationals, an extract/certificate from the competent authority of their home country (not older than 3 months);
6. description of organizational and technical conditions with the following content: – description of infrastructure for storing UCITS fund assets for which depositary functions will be performed; – description of administrative and accounting procedures, internal control mechanisms, risk assessment procedures, and monitoring/data processing protection mechanisms, all related to performing depositary functions; – description of organizational and management systems aimed at taking reasonable measures to prevent conflicts of interest arising from performing depositary functions; – description of records for all services, activities and transactions intended to be performed as part of depositary functions; – description of measures ensuring continuity and regularity in performing depositary functions, with details on resources and procedures;
7. activity program of the depositary with prescribed content under Article 216.a(6) of the Law and Article 4.f of this Regulation;
8. declaration by the investment company regarding compliance with capital market law conditions related to performing additional activities;
9. proof of paid fee;
10. additional documentation upon request by Hanfa. (2) Foreign documents under paragraph (1) of this Article shall be submitted as prescribed in Article 2(3) of this Regulation. (3) The application and documentation under paragraph (1) of this Article may be submitted as prescribed in Article 4 of this Regulation.

Additional Content of the Activity Program for an Investment Company Performing Depositary Functions Article 4.f In addition to the mandatory content prescribed by Article 216.a(6) of the Law, the depositary's activity program must include: – a description of planned activities for monitoring performed delegated functions, where applicable; – a description of the planned method for storing documentation and maintaining records of established irregularities and/or illegalities in the management company's operations; – a description of the method for maintaining or mechanism for safeguarding data on unitholders, their shares, as well as payments and withdrawals, which the depositary is obliged to keep as business secrets.

PART THREE NOTIFICATION OF ESTABLISHED IRREGULARITIES AND/OR ILLEGALITIES IN THE OPERATION OF UCITS FUNDS

Article 5. (1) The depositary must prescribe and apply a procedure for handling cases where it establishes irregularities and/or illegalities in the management company's operations while performing functions under Article 218 of the Law. (2) The procedure under paragraph (1) must provide for storing documentation and maintaining records of established irregularities and/or illegalities in the management company's operations, containing data from paragraph (5) of this Article, as well as information on the method and timing when the established irregularity and/or illegality was remedied. (3) The warning to the management company regarding established irregularities and/or illegalities under Article 228(2) of the Law must include a deadline by which the depositary will notify the Agency. (4) If the management company does not remedy the established irregularity and/or illegality within the given period, the depositary shall promptly notify the Agency. (5) The notification under paragraph (4) is sent to the Agency in writing or electronically, and contains the following data:

1. name of the UCITS fund to which the established irregularities relate;
2. description of established irregularities/illegality, citing the relevant provision of the Law, subordinate regulation, prospectus and/or rules of the UCITS fund against which a breach occurred;
3. date the irregularity and/or illegality arose;
4. date the irregularity and/or illegality was established;
5. where applicable, an estimate of any damage caused to UCITS fund investors, or consequences that may arise for investors due to the illegality and/or irregularity;
6. documentation on which the established irregularity/illegality is based, or from which it arises that the irregularity/illegality occurred. (6) The depositary may submit the documentation under paragraph (5) to the Agency in accordance with the Technical Instruction for using the WEB form entry service and electronic document submission, and Instructions for completing WEB forms for depositaries. (7) The depositary is deemed to have submitted the documentation under paragraph (5) at the moment when it is recorded on the server for sending such documents.

PART FOUR ACTION BY MANAGEMENT COMPANY AND DEPOSITARY WHEN DEPOSITARY'S APPROVAL IS REVOKED OR CONSENT TO APPOINTMENT IS WITHDRAWN

Article 6. (1) When approval for the appointment of a depositary ceases to be valid, or when consent to the appointment is withdrawn from the management company under Article 237 of the Law, the management company must, within 30 days from the cessation or withdrawal, conclude an agreement with another depositary and submit an application for issuing corresponding approval to the Agency in accordance with the Law and this Regulation. (2) The depositary whose appointment approval has ceased or for whom consent was withdrawn must continue providing depositary services for all functions stipulated in the agreement and/or Law, provided that: – there are no legal obstacles, depending on which ground for withdrawal under Article 237 of the Law applies in the specific case; – there are no circumstances indicating that continuing such functions would jeopardize the interests of the UCITS fund or its investors, depending on which ground for withdrawal under Article 237 of the Law applies (e.g., holding fund monetary funds on accounts opened with a depositary subject to compulsory liquidation proceedings could jeopardize UCITS fund interests). (3) The depositary whose appointment approval has ceased or for whom consent was withdrawn must continue providing services under paragraph (2) until: – the expiration of the period under Article 1 of this Regulation, if the management company does not conclude an agreement with another depositary and submit an application for corresponding Agency approval; or – the expiration of the period under Article 237(5) of the Law or the date of Agency approval for appointing a new depositary, if such approval is issued before the expiration of Article 237(5) of the Law. (4) The depositary services agreement under Article 261(1) of the Law governs, among other things, the scope and method of performing functions under paragraph (2) and liability for damages if the depositary fails to fulfill the obligation to continue providing services under paragraph (2) within the periods specified in paragraph (3). (5) If a depositary fails to fulfill the obligation to continue providing services under paragraph (2), or cannot do so to the extent necessary to ensure UCITS fund operational continuity, legal compliance and investor protection, the management company must consider whether it is necessary to suspend the issue and redemption of UCITS fund shares to protect investors, applying Article 8(1) of this Regulation.

Article 7. In cases under Article 6, the depositary must transfer all UCITS fund assets to storage and administration by another depositary with whom the management company has concluded an agreement, immediately upon conclusion, while handing over account books, records and all other documents and materials essential for the operation of the UCITS fund for which it performed depositary functions up to that point, in written or electronic form depending on how the mentioned data are maintained.

Article 8. (1) To protect investors, in cases under Article 237 of the Law, and exceptionally from Article 177(1), (2) and (4), the management company may, without depositary consent, suspend the issue and redemption of UCITS fund shares until: – the expiration of the period under Article 1 of this Regulation, if the management company does not conclude an agreement with another depositary and submit an application for corresponding Agency approval; or – the expiration of the period under Article 237(5) of the Law or the date of Agency approval for appointing a new depositary, if such approval is issued before the expiration of Article 237(5) of the Law. (2) The management company must promptly notify the Agency, competent authorities of the UCITS fund's home Member State, and competent authorities of all states where UCITS fund shares are traded about the suspension under paragraph (1). (3) The management company must submit a notification to the sub-depositary regarding cases under Article 7.

PART FIVE SCOPE AND CONTENT OF AUDITOR'S REPORT ON THE AUDIT OF DEPOSITARY OBLIGATIONS

Article 9. Depositary obligations shall be audited annually by an authorized auditor of the audit firm that audits the depositary's annual financial statements.

Article 10. For the purposes of this Regulation, audit of depositary obligations is a verification and assessment procedure regarding:

1. adequacy of performing depositary duties and obligations;
2. adequacy of policies, procedures and other internal acts governing depositary duties and obligations;
3. compliance of the depositary's actions with Article 5 of this Regulation.

Article 11. (1) Based on the performed audit, the audit firm prepares a report on the audit of depositary obligations. (2) The auditor's report on fulfillment of depositary obligations is prepared in accordance with the Law and regulations adopted under it, accounting and audit regulations, and professional auditing standards.

Article 12. (1) The auditor's report under Article 11 must contain:

1. an evaluation of the adequacy of performing depositary duties and obligations based on assessment: a) fulfillment of organizational requirements related to depositary duties and obligations; b) policies, procedures and other internal acts of the depositary relating to duties and obligations; c) implementation of adopted policies, procedures and other internal acts;
2. an opinion on the depositary's compliance with Article 5 of this Regulation;
3. a list of deficiencies identified during the audit review of areas under Article 10;
4. comments regarding fulfillment of auditor recommendations from previous years. (2) The auditor's report is prepared and signed by an authorized auditor in their own name, and a responsible person of the audit firm on behalf of the audit firm.

PART SIX NOTIFICATION OF BREACH OF REGULATIONS

Information on Submission of Breach Notifications Article 13. (1) The Agency shall publish information on its website regarding the method of receiving breach notifications. (2) Information under paragraph (1) includes: a) communication channels for receiving breach notifications and subsequent handling, including: – telephone numbers, with notice on whether calls on these lines are recorded; – dedicated electronic and postal addresses for contacting authorized Agency staff; b) procedures applied to breach notifications, in accordance with Article 13 provisions; c) confidentiality regime applicable to breach notifications, in accordance with Article 18 provisions; d) procedures for protecting workers who report breaches of regulations; e) a statement clearly warning that persons reporting breaches to the Agency are not considered to breach any contractual, statutory or other disclosure restrictions, and bear no liability regarding such disclosures.

Procedure for Submitting Breach Notifications Article 14. (1) A breach notification submitted to the Agency contains: a) contact details of the notifier (full name and postal address, or company and registered office for legal entities, electronic address, telephone number); b) data on the person responsible for the illegality, if available to the notifier; c) subject matter of the breach notification; d) supporting documentation held by the notifier. (2) The Agency must accept a breach notification submitted by an anonymous notifier, in which case protective measures under Articles 17, 18 and 19 apply if the anonymous notifier subsequently reveals their identity to the Agency. (3) The Agency may request clarification or additional information from the notifier. Depending on case circumstances, guided by efficiency and protection principles, an authorized Agency worker will contact the notifier in writing or by telephone, unless otherwise requested.

Special Communication Channels Article 15. (1) The Agency shall establish communication channels for receiving breach notifications that ensure personal data protection. (2) The Agency receives breach notifications through one of the following channels: a) in writing directly (logged or verbally recorded) or by post, with the envelope marked: "Do not open – funds – breach of regulations"; b) electronically to the dedicated email address: "povreda.propisa@hanfa.hr"; c) verbally by telephone call to a special number published on the Agency's website; d) during meetings with authorized Agency staff. (3) The Agency must provide the notifier with information under Article 13(2) before receiving the breach notification or at the latest upon receipt. (4) A breach notification not received through special communication channels under this Article is immediately forwarded without modification to authorized Agency staff using the special communication channels.

Handling of Breach Notifications Article 16. (1) Upon receiving a written breach notification, the Agency shall confirm receipt to the postal or electronic address provided by the notifier, unless explicitly stated otherwise or if the Agency reasonably believes confirmation would jeopardize identity protection. (2) If a telephone line used for submitting breach notifications records conversations, the Agency has the right to document oral notifications in the following forms: a) audio recording of the conversation in permanent and accessible form; or b) complete and accurate transcript prepared by an authorized Agency worker. (3) If the notifier under paragraph (2) has revealed their identity, the Agency must enable that person to verify and correct the transcript of the telephone conversation.