COMMISSION DELEGATED REGULATION (EU) 2022/2113
of 13 July 2022
supplementing Regulation (EU) 2020/1503 of the European Parliament and of the Council with regard to regulatory technical standards for the exchange of information between competent authorities in relation to investigation, supervision and enforcement activities in relation to European crowdfunding service providers for business
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2020/1503 of the European Parliament and of the Council of 7 October 2020 on European crowdfunding service providers for business, and amending Regulation (EU) 2017/1129 and Directive (EU) 2019/1937 (1), and in particular Article 31(8), third subparagraph, thereof,
Whereas:
(1) The information to be exchanged by competent authorities pursuant to Article 31(1) of Regulation (EU) 2020/1503 should allow those authorities to effectively carry out their investigation, supervision and enforcement activities under that Regulation. Consequently, it is necessary to specify the information that competent authorities are to exchange to be able to perform those tasks.
(2) To ensure that competent authorities can effectively monitor crowdfunding service providers, competent authorities should exchange general background information and constituting documents, including national incorporation documents, or other documents that provide insight into the structure and operational activities of crowdfunding service providers. For the same reason, competent authorities should also exchange information about the authorisation process and the management bodies of crowdfunding service providers, including information on the suitability to manage a crowdfunding service provider and the reputation of the members of the management body, and information about shareholders, imposed penalties and administrative measures, enforcement actions and crowdfunding service providers’ relevant conduct and compliance history.
(3) In order to discharge their supervisory duties in a comprehensive manner, competent authorities should also exchange relevant information on other natural or legal persons and crowdfunding related third parties that are of relevance for the provision of the services provided by the crowdfunding service providers, including information on third parties designated to perform operational functions in relation to the provision of crowdfunding services.
(4) Exchange of information between competent authorities will be most useful in the circumstances where issues of regulatory concern may arise related to the entities subject to Regulation (EU) 2020/1503, including information about the initial application for authorisation of crowdfunding service providers, the on-going supervision of an entity’s compliance with that Regulation, and supervisory and enforcement actions which may impact the operations of an entity in another jurisdiction.
(5) The exchange of information between competent authorities in relation to investigation, supervision and enforcement activities should be carried out in compliance with the right to protection of personal data of the persons concerned, as set out in Articles 7 and 8, respectively, of the Charter of Fundamental Rights of the European Union and must comply with Regulation (EU) 2016/679 of the European Parliament and of the Council (2).
(6) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA).
(7) ESMA did not conduct open public consultations on the draft regulatory technical standards on which this Regulation is based, nor did it analyse the potential costs and benefits, as this would have been highly disproportionate in relation to the scope and impact of those standards, taking into account the fact that those standards principally concern competent authorities.
(8) ESMA has requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (3).
(9) The European Data Protection Supervisor was consulted in accordance with Article 42(1) of Regulation (EU) 2018/1725 of the European Parliament and of the Council (4) and delivered an opinion on 1 June 2022,
HAS ADOPTED THIS REGULATION:
Article 1
Information about crowdfunding service providers that is to be exchanged
Competent authorities shall exchange the following information about a crowdfunding service provider:
(a) general information and documents relating to the crowdfunding service provider:
(i) the name of the crowdfunding service provider, the address of its head or registered office, contact details, its ISO 17442 legal entity identifier (LEI) code and relevant excerpts from nationally held registers;
(ii) information concerning constitutional documents that the crowdfunding service provider is required to have under the applicable national legislation;
(b) information about the natural persons responsible for the management of the crowdfunding service provider which was provided as part of the authorisation process, including:
(i) the name and personal identification number, where the latter is available in the relevant Member State;
(ii) information on the positions which such persons hold within the crowdfunding service provider;
(c) information necessary to assess the good repute and suitability of the natural persons responsible for the management of the crowdfunding service provider, including, where available:
(i) information about their work experience;
(ii) the following information about their reputation:
(1) information about criminal records, or administrative or civil sanctions and information about criminal investigations opened against such persons in respect of infringements of national rules in the fields of commercial law, insolvency law, financial services law, anti-money laundering law, fraud law or professional liability obligations, through an official certificate, or other equivalent document in accordance with national law, and a detailed description of any civil or administrative sanctions imposed;
(2) information about ongoing investigations or proceedings other than those set out in point (c)(ii)(1)
(3) information about any refusal of registration, authorisation, membership or license to carry out a business or a profession, and information about the withdrawal, revocation or termination of such a registration, authorisation, membership or license, or exclusion by a regulatory or government body or by a professional body or association;
(4) information about any dismissal from employment relating to positions and tasks concerning the management of funds or similar fiduciary relationships and a description of the reasons for such dismissal;
(d) information about shareholders who hold 20 % or more of the share capital or voting rights of the crowdfunding service provider, including information on the absence of criminal records or administrative or civil sanctions and information about criminal investigations opened against such shareholders, in respect of infringements of national rules in the fields of commercial law, insolvency law, financial services law, anti-money laundering law, fraud law or professional liability obligations and a detailed description of any civil or administrative sanctions imposed;
(e) information about the crowdfunding service provider’s organisational structure, operating conditions and compliance with the requirements set out in Regulation (EU) 2020/1503, which was provided as part of the authorisation process and as updated through the supervisory activities of the competent authority receiving the request for information, including but not limited to:
(i) information about the governance arrangements and internal control mechanisms ensuring compliance with Regulation (EU) 2020/1503, including risk-management and accounting procedures;
(ii) a programme of operations setting out the types of crowdfunding services provided by the crowdfunding service provider in accordance with Regulation (EU) 2020/1503;
(iii) compliance records of the crowdfunding service provider, including information held by competent authorities;
(iv) information that can be requested from crowdfunding service providers in relation to the activities and requirements specified in Articles 3 to 11 of Regulation (EU) 2020/1503;
(f) information about the authorisation as a crowdfunding service provider or the withdrawal of authorisation pursuant to Articles 12, 13 and 17 of Regulation (EU) 2020/1503;
(g) information on any penalty, including criminal penalties, administrative measures or enforcement actions, imposed on the crowdfunding service provider;
(h) any other information necessary for cooperating in investigation, supervision and enforcement activities pursuant to Article 31(1) of Regulation (EU) 2020/1503.
Article 2
Information about other persons and unincorporated entities that is to be exchanged
1. In relation to crowdfunding related third parties that are of relevance for the provision of the services provided by the crowdfunding service providers and that are natural persons, competent authorities shall exchange the person’s name, date and place of birth, the personal identification number, where available in the Member State concerned, and address and contact details.
2. In relation to crowdfunding related third parties that are of relevance for the provision of the services provided by the crowdfunding service providers and that are legal persons, a competent authority may also request documents certifying:
(a) the legal person’s business name;
(b) the address of the legal person’s head or registered office, and postal address where different;
(c) the legal person’s contact details, and national identification number or LEI code where available;
(d) the registration of legal form of the legal person, in accordance with the applicable national legislation;
(e) a complete list of persons who effectively direct the business of the legal person, including their name, date and place of birth, address, contact details, and their personal identification number where available in the Member State concerned.
3. Competent authorities shall exchange any other information necessary for cooperating in investigation, supervision and enforcement activities pursuant to Article 31(1) of Regulation (EU) 2020/1503.
Article 3
Entry into force
This Regulation shall enter into force on the twentieth day following its publication in the
Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 13 July 2022.
For the Commission
The President
Ursula VON DER LEYEN
(1)
OJ L 347, 20.10.2020, p. 1
.
(2) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (
OJ L 119, 4.5.2016, p. 1
).
(3) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (
OJ L 331, 15.12.2010, p. 84
).
(4) Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC (
OJ L 295, 21.11.2018, p. 39
).
Feedback