Regulation on Organizational Requirements for UCITS Fund Management Companies – Unofficial Consolidated Text (Official Gazette, Nos. 41/17, 87/22 and 155/25)

Croatian Financial Services Agency, 10000 Zagreb, Franje Račkoga 6, P.O. Box 164, Croatia t: 01 6173 200, f: 01 4811 507, e: info@hanfa.hr, OIB: 49376181407, MB: 02016419, w: www.hanfa.hr PRAVILNIK ON ORGANIZATIONAL REQUIREMENTS FOR UCITS FUND MANAGEMENT COMPANIES (Official Gazette, Nos. 41/17, 87/22 and 155/25 – Unofficial Consolidated Text)

PART ONE GENERAL PROVISIONS Article 1. (OG 87/22) (1) To ensure proper and efficient operations, and to reduce operational risk, this Regulation specifies in detail the requirements for fund management companies regarding:

1. organizational requirements,
2. administrative and accounting procedures,
3. internal control mechanisms,
4. compliance monitoring with relevant regulations,
5. internal audit,
6. risk management,
7. measures to prevent conflicts of interest,
8. business conduct rules,
9. business continuity measures,
10. personal transactions,
11. maintenance and storage of the fund management company's business documentation.
12. appropriate management of information systems. (2) This Regulation specifies in detail the acceptance of notifications regarding breaches of the Act and/or subordinate regulations adopted on the basis of the Act, and the procedures for handling submitted notifications. (3) This Regulation transposes into Croatian legislation: – Commission Directive 2010/43/EU of the European Parliament and of the Council of 1 July 2010 on implementation of Directive 2009/65/EC as regards organizational requirements, conflicts of interest, operations, risk management and the content of agreements between depositaries and fund management companies (OJ L 176, 10. 7. 2010), – Commission Delegated Directive (EU) 2021/1270 of 21 April 2021 amending Directive 2010/43/EU as regards sustainability risks and sustainability factors to be taken into account by undertakings for collective investment in transferable securities (UCITS) (Text with EEA relevance) (OJ L 277, 2. 8. 2021).

Meaning of Certain Terms Article 2. The terms used in this Regulation have the following meanings:

1. Client means any natural or legal person or any other entity, including a UCITS fund, to which the fund management company performs activities under Article 13 of the Act.
2. Control functions means internal audit, risk management and compliance monitoring functions.
3. Counterparty risk means the risk of loss for a UCITS fund arising from the possibility that the counterparty may not be able to fulfill its obligations to the UCITS fund.
4. Liquidity risk means the risk that a UCITS fund's assets cannot be liquidated within a sufficiently short time frame and at a price approximately equal to fair value, and that the UCITS fund will not be able to meet the requirements of Article 174(2) of the Act at any time.
5. Market risk means the risk of loss for a UCITS fund that may arise due to fluctuations in market prices of assets in the UCITS fund's portfolio, as a result of changes in various market conditions and factors (e.g., interest rates, exchange rates, equity instrument prices, creditworthiness of issuers, etc.).
6. Operational risk means the risk of loss for a UCITS fund due to inadequate or failed internal processes, procedures and shortcomings relating to human resources or systems within the fund management company, or due to external influences or events, including legal and documentation risk and risk arising from trading, settlement and valuation procedures conducted on behalf of the UCITS fund.
7. Value at Risk (VaR) means the maximum expected loss at a given confidence level within a specified time period.
8. Sustainability risk means sustainability risk as defined in Article 2(22) of Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector (Text with EEA relevance) (OJ 277/143, 2. 8. 2021) (hereinafter: Regulation (EU) 2019/2088).
9. Sustainability factors means sustainability factors as defined in Article 2(14) of Regulation (EU) 2019/2088.

PART TWO ORGANIZATIONAL REQUIREMENTS General Organizational Requirements Article 3. (1) Taking into account the nature, scale and complexity of its operations as well as the type and scope of services and activities it provides and performs, a fund management company is obliged to:

1. establish an internal organizational structure that ensures the proper performance of UCITS fund management activities, by dividing operations into at least three organizational units: a. front office (operational unit), b. middle office (control unit), and c. back office (support unit).
2. prescribe, apply and regularly update internal acts governing its internal organizational structure and decision-making process, from which the decision-making process and allocation of responsibilities for those decisions are clearly and documentedly visible, covering: a. division into organizational units, b. detailed description of responsibilities and duties of each organizational unit, c. list of positions and employees within each organizational unit, d. responsibilities and delegation of authority for senior management and employees of the fund management company, e. internal reporting procedure and decision-making within the fund management company, f. method of storing business documentation and data.
3. ensure that all relevant persons are familiar with all procedures they must apply to properly perform their duties, and when performing multiple roles in the fund management company, ensure that each is performed independently, diligently and professionally.
4. establish, implement and regularly update appropriate internal control systems that ensure compliance with internal decisions and procedures at all levels of the fund management company.
5. employ persons with the qualifications, knowledge and experience necessary to perform their entrusted duties.
6. ensure that it has the necessary resources and expertise to effectively incorporate sustainability risks into business processes.
7. establish, implement and regularly update effective internal reporting and communication systems at all appropriate levels within the fund management company as well as towards third parties.
8. maintain adequate and orderly records of its operations and internal organization. (2) In fulfilling the requirements of paragraph 1 of this Article, a fund management company is obliged to take sustainability risks into account. (3) A fund management company is obliged to ensure that senior managers and persons performing supervisory functions are responsible, in accordance with the Act and regulations adopted on the basis of the Act, for incorporating sustainability risks into activities under Article 51(2)(1) to (6) of the Act. (4) A fund management company is obliged to establish, apply and regularly update systems and procedures that ensure the security, integrity and confidentiality of data, taking into account the type of data. (5) A fund management company is obliged to ensure effective oversight over activities performed by third parties based on contracts with the fund management company, particularly regarding risk management related to those activities. (6) A fund management company is obliged to prescribe, apply and regularly update business continuity measures, which include:
9. procedures in extraordinary circumstances,
10. storage of security copies of all records enabling uninterrupted operations during extraordinary circumstances,
11. if uninterrupted operations during extraordinary circumstances are not possible, timely establishment of functions and data access, and timely resumption of the fund management company's operations. (7) A fund management company is obliged to prescribe, apply and regularly update accounting policies and procedures that enable timely delivery of financial reports in accordance with the Act and other relevant regulations, providing a true and fair view of the financial situation of the fund management company and UCITS funds under its management, in accordance with applicable accounting standards and rules. (8) A fund management company is obliged to prescribe, apply and regularly update policies and procedures for determining the amount of fees and costs charged to investors in UCITS funds, or which may be charged from the assets of a UCITS fund. (9) The policies and procedures under paragraph 8 of this Article must at least contain: a) methodology for determining and reviewing fees and costs, which must be appropriate and consistent with the investment strategy and characteristics of the UCITS fund; b) list of organizational units and control functions involved in the process of determining, implementing and reviewing fees and costs charged by the fund management company. (10) A fund management company is obliged to regularly monitor and, as necessary, update, improve and rectify deficiencies in internal business systems, internal controls, and policies and procedures under paragraphs 1 to 8 of this Article.

Additional Information Required on the Fund Management Company's Website Article 3.a. (1) The fund management company's website, in addition to the data and information under Article 65(1) of the Act, must contain:

1. significant changes in the ownership structure of the fund management company,
2. changes in the management and supervisory board of the fund management company,
3. data on employee membership in the supervisory boards of commercial companies, with special indication of whether funds under management hold financial instruments of those companies in their portfolio, no later than 10 days after the event occurs,
4. notification of participation and voting method at general meetings at least 15 days before the meeting,
5. where applicable, publicly published Agency decisions on: – temporary or permanent withdrawal of operating license, – issuance of a public warning to the fund management company (publication of the decision's operative part), – withdrawal of consent for performing the function of a management board member (publication of the decision's operative part),
6. where applicable, notification on the initiation of pre-bankruptcy settlement, bankruptcy or liquidation proceedings against the fund management company,
7. if fees in a UCITS fund are charged in amounts different from those under Article 10 of this Regulation during certain periods, the relevant periods and fee amounts must be stated,
8. immediately after conclusion, data on all transactions of purchase and sale of securities outside regulated markets that the fund management company executed on behalf of a UCITS fund with a related party. Article 3.b. (1) A fund management company is obliged, where possible, without delay to publish on its website in a visible and easily accessible location each legal and business event concerning the fund management company and the UCITS fund it manages, when such events may affect the operations of a UCITS fund. (2) The events under paragraph 1 of this Article must be clearly explained in a manner easily understandable to UCITS fund investors, with detailed explanation of the event's impact on the operations of a UCITS fund.

PART THREE ADMINISTRATIVE AND ACCOUNTING PROCEDURES Handling Complaints Article 4. (1) In handling complaints, a fund management company must comply with Article 63 of the Act and provide clients and investors free access to information on how to submit complaints and how they are handled, and enable free submission of complaints. (2) A fund management company is obliged to submit to the Agency by 15 February each year an annual complaint report containing the number of investor complaints received in the previous year, the reasons for which complaints were submitted, and the measures taken on their basis. (3) A fund management company is obliged to submit the report under paragraph 2 of this Article in the manner and in accordance with the Technical Instruction for Using the Web Form Entry Service and Document Submission in Electronic Format, and the Instructions for Filling Out Web Forms for Fund Management Companies.

Accounting Policies and Procedures Article 5. (1) A fund management company is obliged to apply accounting policies and procedures under Article 3(5) of this Regulation to ensure the protection of clients and investors. (2) A fund management company is obliged to maintain accounting for a UCITS fund in such a way that the value of assets and liabilities of the UCITS fund can be accurately determined at any time. (3) A fund management company is obliged to prescribe, apply and regularly update accounting policies and procedures in accordance with the accounting rules of the UCITS fund's home Member State, so that the net asset value and unit price of each UCITS fund can be accurately calculated, and subscription and redemption requests can be executed at the calculated unit price of the UCITS fund. (4) A fund management company is obliged to prescribe appropriate procedures to ensure proper and accurate valuation of assets and liabilities of a UCITS fund in accordance with Articles 168 to 173 of the Act.

PART FOUR INTERNAL CONTROL MECHANISMS Article 6. (1) Internal control mechanisms are measures, policies and procedures that ensure the achievement of the fund management company's set objectives, asset protection, risk control, compliance with relevant regulations and internal rules and procedures, accuracy of data in the fund management company's documents, timely publication or delivery of data when applicable, and economical and efficient use of resources. (2) Within internal control mechanisms, a fund management company is obliged, taking into account the nature, scale and complexity of its operations as well as the type and scope of services it provides and performs, to establish control functions:

1. compliance monitoring function,
2. risk management function,
3. internal audit function.

Compliance Monitoring Function Article 7. (1) The compliance monitoring function is responsible for forecasting, identifying and assessing the risk of non-compliance of a fund management company with relevant regulations and possible consequences, and for advising, monitoring and reporting on non-compliance risk to reduce these risks. (2) A fund management company is obliged to establish, implement and regularly update an appropriate policy in which it must at least: a) determine the objectives of the compliance monitoring function, b) define its powers, responsibilities and duties, c) ensure its independence and continuity (ensuring duty performance even when the compliance officer is absent), d) describe its relationship with the risk management function and, where applicable, the internal audit function, as well as other organizational units, e) ensure it has access to all data necessary for performing compliance monitoring tasks, f) ensure its right to conduct internal investigations and controls as well as interviews with relevant persons, g) ensure its right to contact senior management and the supervisory board, h) define reporting lines and deadlines. (3) The responsibilities of the compliance monitoring function are at least: a) identifying non-compliance risks to which the fund management company and funds under its management are exposed, assessing the significance of these risks and their potential consequences, and preparing a monitoring program taking into account all areas of the fund management company's operations; b) regular control of business compliance with relevant regulations, based on a risk assessment of compliance, and proposing corrective measures when necessary; c) maintaining records of all information related to compliance with relevant regulations observed within the fund management company, regardless of whether identified by the compliance monitoring function itself or contained in internal documents (e.g., reports from other control functions, senior management or supervisory function reports), or identified in external documents (e.g., external auditor reports, communication with the Agency); d) analyzing identified non-compliances and proposing corrective measures, and monitoring whether corrective measures are implemented and effective; e) identifying all relevant regulations in force with which the fund management company must comply, and compiling a list of these regulations available to all employees; f) assisting, supporting and advising senior management on matters related to compliance with relevant regulations, including notifying about changes in regulations that may impact the compliance area; g) educating employees on compliance with relevant regulations and raising employee awareness of the importance of compliance; h) documenting all tasks performed on the basis of its powers, responsibilities and duties in a manner that allows verification of the course of each task; i) preparing ad hoc reports to senior management, and when necessary to the supervisory function, on significant findings and deficiencies as well as measures taken, and preparing regular reports in accordance with Articles 51(4) to (7) of the Act. (4) Activities performed by other control functions should be coordinated with activities performed by the compliance monitoring function, respecting the independence and powers of different functions. (5) Where applicable, the internal audit function assesses the functioning and effectiveness of the compliance monitoring function within its powers. (6) The compliance monitoring function participates in overseeing complaint handling and considers complaints as a significant source of relevant information in the context of its general compliance monitoring responsibilities.

Exemption from Independence Requirement for Compliance Monitoring Function Article 8. (1) When assessing whether the use of exemption under Articles 53(3) and (4) of the Act is proportionate, a fund management company must assess whether the effectiveness of the compliance monitoring function will be impaired by these measures, and must regularly review such assessment. (2) When assessing under paragraph 1 of this Article, a fund management company must decide which measures are most appropriate to ensure the effectiveness of the compliance monitoring function, and among other things take into account the following criteria: a) whether the fund management company performs UCITS fund management activities together with alternative investment fund management, voluntary pension fund management or funds established under special laws, and whether it also performs auxiliary activities under Article 13(1)(2) of the Act; b) scale and complexity of operations, number of funds under management, size of assets under management, complexity of investment strategies of funds under management, and total balance sheet and income of the fund management company; c) number and types of investors in funds under management (small and/or professional investors); d) number of employees of the fund management company; e) whether the fund management company is part of a group; f) number of persons offering units of UCITS funds managed by the fund management company alongside it; g) cross-border performance of activities; h) organization and sophistication of IT systems.

PART FIVE MAINTENANCE AND STORAGE OF BUSINESS DOCUMENTATION Maintenance and Storage of Business Documentation and Data Article 9. (1) All business documentation and data that a fund management company is obliged to prepare and collect in accordance with the Act and regulations adopted on the basis of the Act must be stored for at least 5 years after the end of the business year to which those data relate. (2) A fund management company is obliged, upon request by the Agency and for supervision purposes, considering the type of financial instrument or transaction, to store business documentation and data or part thereof for longer than the period prescribed in paragraph 1 of this Article. (3) A fund management company is obliged to store business documentation and data after the expiration of the operating license under Article 31 of the Act, within the periods prescribed in paragraph 1 of this Article. (4) A fund management company is obliged to enable access to or deliver business documentation and data for the last 5 years of operations relating to transferred management activities to another fund management company to which it has transferred UCITS fund management activities. (5) Business documentation and data under paragraph 1 of this Article must be stored on a medium that enables data storage in such a way that they are accessible to the Agency upon request at any time, in a form and manner meeting the following conditions:

1. The Agency must be able to access documentation and data, as well as determine all key stages of processing each transaction;
2. It must be possible to easily identify all corrections or amendments, as well as the content of documentation and data before such corrections or amendments;
3. Documentation and data must be protected from unauthorized access and potential recording losses, and stored in a manner ensuring record permanence;
4. Manipulation of documentation and data or any modification thereof must be prevented. (6) Security copies of all data and documentation are obliged to be stored by a fund management company outside the company's business premises, in the manner and within the periods prescribed in paragraphs 1 to 5 of this Article.

Computer Processing of Data Article 10. (1) A fund management company is obliged to prescribe and apply measures and procedures by which the company's information system will timely and correctly record transactions executed for a UCITS fund and requests for redemption or issuance of units, to ensure compliance with Articles 11 and 12 of this Regulation. (2) A fund management company is obliged to ensure a high level of security during electronic data processing as well as accuracy and confidentiality of recorded data.

Recording UCITS Fund Transactions Article 11. (1) A fund management company is obliged to record without delay each transaction executed for a UCITS fund, in a manner that allows identification and monitoring of all key stages of order processing and transaction execution. (2) The record under paragraph 1 of this Article, if concerning financial instruments, must at least contain:

1. name of the UCITS fund and the person placing the order on behalf of the UCITS fund;
2. instrument identification code, name or contract characteristics;
3. quantity;
4. type of order or transaction;
5. price;
6. for orders, date and exact time of order placement and name of the person to whom the order is placed or designation if placed electronically;
7. for transactions, date and exact time of order placement and execution;
8. name of the person placing the order or executing the transaction;
9. reasons for order cancellation, where applicable;
10. for executed transactions, identification of the counterparty and place of execution. (3) For the purpose of paragraph 2(10) of this Article, "place of execution" means a regulated market, multilateral trading facility, systematic internalizer in accordance with capital markets law provisions or market operators, or another liquidity provider, or an entity in a third country performing functions similar to any of the aforementioned entities, or OTC market. (4) A fund management company is obliged to maintain records of all other concluded contracts or transactions in such a way that it records all essential characteristics and determinants of the concluded contract or transaction.

Recording Redemption and Issuance Requests Article 12. (1) A fund management company is obliged, upon receiving requests for redemption and issuance of units of a UCITS fund, to record them without delay...