Financial Supervision Authority

---

Recommendation K

regarding the rules for mortgage banks to maintain the mortgage bond security register

---

Warsaw, February 2016

---

INTRODUCTION

Pursuant to the provisions of the Act of 29 August 1997 on mortgage bonds and mortgage banks (Journal of Laws of 2015, item 1588) (hereinafter referred to as the "Act"), mortgage banks are obliged to maintain a register of the security for mortgage bonds. This register plays an extremely important role in the activity of a mortgage bank; it contains information allowing for the identification of components constituting the basis for the issuance of mortgage bonds, as well as the means creating the surplus referred to in Article 18(3a) of the Act.

The core activity of specialized mortgage banks should be viewed in terms of the nature of the transactions undertaken by them. Mortgage banks, by design, grant long-term loans and refinance them through the issuance of usually long-term mortgage bonds. This requires both mortgage banks and banking supervisors to adopt an appropriate approach to ensuring the safety of their activities.

The Recommendation comprises a set of qualitative recommendations constituting general principles for maintaining the mortgage bond security register and its control. The recommendations concern the form of the register, authorizations for persons having access to the register, protection against data loss, and other requirements related to ensuring: correctness, auditability, continuity of operation, security of the register, and other administrative matters. The delegation granted to the Financial Supervision Authority in the Act allows only for the determination of the register's format, without dictating the form of its maintenance; therefore, mortgage banks have practically free choice regarding the form of its maintenance – in paper or electronic form. The Recommendation refers to these forms and draws attention to additional requirements in the case of maintaining the register in electronic form. In the case of maintaining the register in electronic form, the Recommendation indicates the necessity of meeting specific requirements related to this form and the information security of such a solution, as provided for in Recommendation D regarding the management of information technology areas and the security of the teleinformatics environment in banks.

In the case of entries made to the register by a mortgage bank, on a scale where the trustee applies sample testing instead of individual testing of each entry (which may be used, for example, in the event of a significant increase in the scale of the mortgage bank's lending activity or the transfer of a loan portfolio to a mortgage bank), the mortgage bank should collect documentation regarding the methodology and the process of determining the sample size by the trustee. The Recommendation contains necessary guidelines for the mortgage bank and the expectations of the supervisory authority in this regard.

The purpose of Recommendation K is to indicate by the Financial Supervision Authority to mortgage banks the basic principles for maintaining the mortgage bond security register.

---

I. MORTGAGE BOND SECURITY REGISTER – GENERAL REQUIREMENTS

1. The security register may be maintained in paper or electronic form.
2. The security register is subject to special protection against unauthorized access, as well as against damage or destruction by external factors.
3. The mortgage bank maintains at least one complete backup copy of the data of each mortgage bond security register.
4. Entries may be made only by authorized persons; authorizations and any changes thereto must be documented. With respect to each person, documentation regarding the authorization should be kept for a period of at least 10 years after the revocation of the authorization.
5. Any change to an entry in the mortgage bond security register requires the consent of the trustee and may be made only by deleting the existing entry and introducing a new entry into the register that takes the change into account.

II. ADDITIONAL REQUIREMENTS FOR THE REGISTER IN ELECTRONIC FORM

1. The content of the electronic register should be displayed on the computer monitor and on prints in a manner that presents entries in a complete form and content. The electronic security register should always allow for a complete printout of the entire content.
2. It is necessary for the mortgage bank to ensure the constant possibility of restoring the content of the security register maintained in electronic form in an unchanged, readable form, and it must be permanently archived in a manner that ensures the possibility of audit testing at any time.
3. In the case of maintaining the register in electronic form, the backup copy should be stored on a different data carrier than the one storing the register and updated with respect to the status of the security register at the current moment no less frequently than at the end of each business day.
4. The applied data processing systems should meet the requirements specified in Recommendation D regarding the management of information technology areas and the security of the teleinformatics environment in banks. It is important to draw attention to the aspects of Recommendation D that are significant due to the special nature of the security register, particularly those concerning the maintenance and operation of the information system.

III. REQUIREMENTS REGARDING THE ENTRY OF ENTRIES INTO THE REGISTER

1. Entries are introduced into the register only when all conditions for their inclusion in the register are met. Backdating of entries is not permitted.
2. Each entry is introduced into the register with a sequential number. After removing an entry from the register, its sequential number may not be assigned to another entry.

IV. FORM OF THE COPY AND ITS TRANSMISSION TO THE FINANCIAL SUPERVISION AUTHORITY

1. The copy shows all entries that have been introduced into the security register in the previous month. The individual pages of the copy should be sequentially numbered and permanently bound.
2. In the case where the mortgage bank maintains an electronic security register, the copy may be prepared in the form of a consolidated printout of entries from the previous month, labeled with a title and dated with the data retrieval date.
3. The copy may also be transmitted via appropriate carriers intended for single-write data recording or via an authorized electronic channel using a secure electronic signature or an analogous solution. If the register is transmitted in this form in its entirety, it is necessary to highlight entries from the previous month.

V. APPROVAL BY THE TRUSTEE

1. By approving the copy of entries, the trustee confirms that the copy shows in a complete manner the entries from the previous month and that its content is fully consistent with the original. Also, in the case of sending the copy of the register in its entirety via appropriate carriers that do not allow for more than single data recording, the confirmation concerns only the aforementioned entries.
2. If the trustee checks the completeness and substantive consistency of proposed or made entries using an appropriately selected sample, this should be noted within the approval. The sample should be documented in a clear manner, and the adequacy of the sample should be justified. The mortgage bank should collect documentation regarding the methodology and the process of determining the sample size for testing prepared by the trustee. Such documentation should be kept by the mortgage bank to enable the supervisory authority to review it during inspections and upon any request by the supervisory authority.
3. In the case where copies of entries are transmitted via appropriate carriers intended for single-write data recording, the mortgage bank should enable the trustee to place the signature in such a way that its removal is not possible without leaving a permanent trace.

---