COMMISSION DELEGATED REGULATION (EU) 2019/885
of 5 February 2019
supplementing Regulation (EU) 2017/2402 of the European Parliament and of the Council with regard to regulatory technical standards specifying information to be provided to a competent authority in an application for authorisation of a third party assessing STS compliance
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (1), and in particular Article 28(4) thereof,
Whereas:
(1) The information to be provided by a third party seeking authorisation to assess the compliance of securitisations with the STS criteria provided for in Articles 19 to 22 or Articles 23 to 26 of Regulation (EU) 2017/2402 should enable a competent authority to evaluate whether and to what extent the applicant meets the conditions of Article 28(1) of the Regulation (EU) 2017/2402.
(2) An authorised third party will be able to provide STS assessment services across the Union. The application for authorisation should therefore comprehensively identify that third party, any group to which it belongs as well as the scope of its activities. With regard to the STS assessment services to be provided, the application should include the envisaged scope of the services to be provided as well as their geographical scope.
(3) To facilitate the effective use of a competent authority's authorisation resources, each application for authorisation should include a table clearly identifying each submitted document and its relevance to the conditions that must be met for authorisation to the granted.
(4) To enable the competent authority to assess whether the fees charged by the third party are non-discriminatory and are sufficient and appropriate to cover the costs for the provision of the STS assessment services, as required by Article 28(1)(a) of Regulation (EU) 2017/2402, the third party should provide comprehensive information on pricing policies, pricing criteria, fee structures and fee schedules.
(5) To enable the competent authority to assess whether the third party is able to ensure the integrity and independence of the STS assessment process, that third party should provide information on the structure of those internal controls. Furthermore, to enable the competent authority to assess whether the quality of the operational safeguards over the STS assessment process is sufficiently high to ensure that its results cannot be unduly influenced, and to assess whether the members of the management body comply with the requirements laid down in Article 28(1)(d) of Regulation (EU) 2017/2402, the third party should provide comprehensive information on the composition of the management body and on the qualifications and repute of each of its members.
(6) The concentration of a third party's revenue is a determinative factor in the assessment of its independence and integrity. Revenue concentration may not only come from a single undertaking but can also arise via revenue streams earned from a group of economically connected undertakings. In that context, a group of economically connected undertakings should be understood as a group of related entities as referred to in paragraph 9(b) of International Accounting Standard 24 (‘related party disclosures’) in the Annex to Commission Regulation (EC) No 1126/2008 (2), where the terms ‘entity’ and ‘reporting entity’ should be construed as referring to ‘undertaking’ for the purposes of this Regulation.
(7) Securitisation instruments are complex, evolving products that require specialised knowledge. To enable the competent authority to assess whether the third party has sufficient operational safeguards and internal processes to assess STS compliance, the third party should provide information on its procedures relating to the required qualification of its staff. The third party should also demonstrate that its STS assessment methodology is sensitive to the type of securitisation and that specifies separate procedures and safeguards for ABCP transactions/programmes and non-ABCP securitisations.
(8) The use of outsourcing arrangements and a reliance on the use of external experts can raise concerns about the robustness of the operational safeguards and internal processes. The application should therefore contain specific information about the nature and scope of any such outsourcing arrangements or use of external experts as well as the third party's governance over those arrangements.
(9) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority (ESMA) to the Commission.
(10) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (3),
HAS ADOPTED THIS REGULATION:
Article 1
Identification of the third party
1. An application for authorisation as referred to in Article 28(4) of Regulation (EU) 2017/2402 shall contain the following information, to the extent relevant:
(a) the corporate name of the third party and its legal form;
(b) the third party's Legal Entity Identifier (LEI) or, where not available, another identifier required by the applicable national law;
(c) the third party's legal address as well as the addresses of any of its offices within the Union;
(d) the Uniform Resource Locator (URL) of the third party's website;
(e) an excerpt from a relevant commercial or court register, or another form of certified evidence, valid at the date of application, confirming the place of incorporation and the scope of business activity of the third party;
(f) the articles of incorporation of the third party, or other statutory documentation, stating that the third party is to assess the compliance of securitisations against the criteria provided for in Articles 19 to 22 or Articles 23 to 26 of Regulation (EU) 2017/2402 (‘STS compliance’);
(g) the most recent annual financial statements of the third party, including individual and consolidated financial statements, where available, and where the financial statements of the third party are subject to a statutory audit as defined in Article 2(1) of Directive 2006/43/EC of the European Parliament and of the Council (4), the audit report on these financial statements;
(h) the name, title, address, email address and the telephone number(s) of the contact person for the purposes of the application;
(i) the list of Member States in which the third party intends to provide STS compliance services;
(j) the list of types of securitisation for which the third party intends to provide STS compliance services, distinguishing between non ABCP securitisations and ABCP securitisations/programmes;
(k) a description of any services, other than providing STS compliance services, that the third party provides or intends to provide;
(l) a list of parties to whom the third party provides advisory, audit or equivalent services.
2. An application for authorisation shall include the following documentation as attachments:
(a) a list containing the name and business address of each person or entity that holds 10 % or more of the third party's capital or 10 % or more of its voting rights, or the holding of which makes it possible to exercise a significant influence over the third party, together with:
(i) the percentage of the capital and voting rights held, and, where applicable, a description of the arrangements enabling the person or entity to exercise a significant influence over the third party's management;
(ii) the nature of the business activities of the persons and entities referred to in point (a);
(b) a list containing the name and business address of any entity in which a person or entity referred to in point (a) holds 20 % or more of the capital or voting rights and a description of that entity's activities.
(c) a completed copy of the table set out in Annex 1.
3. Where the third party has a parent undertaking, the application referred to in paragraph 1 shall state whether the immediate parent undertaking or ultimate parent undertaking is authorised, registered or subject to supervision, and where this is the case, state any associated reference number and the name of the responsible supervisory authority.
4. Where the third party has subsidiaries or branches, the application for authorisation shall identify the names and business addresses of those subsidiaries or branches and shall describe the areas of business activities of each subsidiary or branch.
5. An application for authorisation shall include a chart showing the ownership links between the third party, its parent undertaking and ultimate parent undertaking, its subsidiaries and affiliates, and any other persons and entities associated with or connected with a network as defined in point 7 of Article 2 of Directive 2006/43/EC. The chart shall identify the undertakings by their full name, the LEI or, where not available, another identifier required in accordance with the applicable national law, legal form and business address.
Article 2
Composition of the management body and the organisational structure
1. The application referred to in Article 1 shall include the third party's internal governance policies and the terms of procedure which govern its management body, its independent directors and, where established, the committees or substructures of its management bodies.
2. The application referred to in Article 1 shall identify the members of the management body, including independent directors, and, where applicable, the members of committees or other substructures set-up within that management body. For each member of the management body, including its independent directors, the application shall describe the position held within the management body, the responsibilities allocated to that position and the time that will be devoted to fulfil those responsibilities.
3. The application referred to in Article 1 shall contain a chart detailing the organisational structure of the third party, which clearly identifies the roles of each member of the management body of that third party. Where the third party provides or intends to provide other services than STS compliance services, the organisational chart shall detail the identity and responsibility of the members of the management body in respect of those services.
4. The application referred to in Article 1 shall contain the following information in respect of each member of the management body:
(a) a copy of each member's curriculum vitae, including:
(i) an overview of the member's relevant education;
(ii) the member's complete employment history with relevant dates, positions held and a description of the positions occupied;
(iii) any professional qualification held by the member, together with the date of acquisition and, where applicable, the status of any membership in a relevant professional body;
(b) details of any criminal convictions, in particular in the form of an official criminal record certificate;
(c) a declaration signed by the member, stating whether he or she:
(i) has been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority, government body, agency or professional body;
(ii) has been subject to an adverse judicial finding in civil proceedings before a court, including for impropriety or fraud in the management of a business;
(iii) has been part of the management body (board or senior management) of an undertaking whose registration or authorisation was withdrawn by a regulatory authority, government body, or agency;
(iv) has been refused the right to perform activities which require registration or authorisation by a regulatory authority, government body, agency, or professional body;
(v) has been a member of the management body of an undertaking that has gone into insolvency or liquidation, either while he or she was part of that undertaking's management body or within a year of him or her ceasing to be a member of that management body;
(vi) has been a member of the management body of an undertaking which has been subject to an adverse decision or penalty by a regulatory authority, government body, agency, or professional body;
(vii) as a consequence of misconduct or malpractice, has been disqualified from acting as a director, disqualified from acting in any managerial capacity, or dismissed from employment or other appointment in an undertaking;
(viii)
has been otherwise fined, suspended, disqualified, or been subject to any other sanction, including in relation to fraud or embezzlement, by a regulatory authority, government body, agency, or professional body;
(ix) is subject to any current investigation, or pending judicial, administrative, disciplinary or other proceedings, including relation to fraud or embezzlement by a regulatory authority, government body, agency, or professional body;
(d) a signed declaration of any potential conflict of interest that the member may have in performing his or her duties and how those conflicts will be managed, including an inventory of any positions held in other undertakings;
(e) where not already included in point (a), a description of the member's knowledge of and experience in the tasks relevant for the third party's provision of STS compliance services, and in particular, knowledge of and experience in different types of securitisation or securitisations of different underlying exposures.
5. The application referred to in Article 1 shall contain the following, in respect of each independent director:
(a) evidence of the director's independence within the management body;
(b) disclosures of any past or present business, employment or other relationship that creates or might create a potential conflict of interest;
(c) disclosures of any business, family or other relationship with the third party, its controlling shareholder or the management of either, that creates or might create a conflict of interest.
Article 3
Corporate governance
Where the third party adheres to a corporate governance code of conduct for the appointment and role of the independent directors and the management of conflicts of interest, the application referred to in Article 1 shall identify that code and provide an explanation for any deviation by the third party s from that code.
Article 4
Independence and avoidance of conflicts of interest
1. The application referred to in Article 1 shall contain detailed information about the applicant's internal control systems for the management of conflicts of interest, including a description of the third party's compliance function and its risk assessment arrangements.
2. The application referred to in Article 1 shall contain information about the policies and procedures for the identification, management, elimination, mitigation and disclosure of existing or potential conflicts of interest and threats to the independence of the third party's provision of STS compliance services.
3. The application referred to in Article 1 shall contain a description of any other measures and controls applied to ensure the proper and timely identification, management and disclosure of conflicts of interest.
4. The application referred to in Article 1 shall contain an up-to-date inventory of any potential or existing conflicts of interest identified by the third party in accordance with Article 28(1)(f) of Regulation (EU) 2017/2402, and shall include:
(a) a description of any actual or potential conflicts of interest involving the third party, shareholders, owners or members of the third party, members of the management body, managers, staff of the third party or any other natural person whose services are placed at the disposal or under the control of the third party;
(b) a description of any actual or potential conflicts of interest arising from existing or envisaged business relationships of the third party, including any existing or envisaged outsourcing arrangements or from the third party's other activities.
5. The application referred to in Article 1 shall provide details on policies or procedures that aim to ensure that the third party does not provide any form of advisory, audit or equivalent services to the originator, sponsor, or the SSPE involved in the securitisation whose STS compliance the third party assesses.
6. The application referred to in Article 1 shall provide details on the following:
(a) revenue from other non-STS related services provided by the third party, disaggregated into the revenue from non-securitisation-related services and the revenue from securitisation-related services, over each of the three annual reporting periods preceding the date of submission of the application, or where not available, since the incorporation of the third party;
(b) the projected proportion of revenue from STS compliance services compared with the total projected revenue for the forthcoming three years' reference period.
7. The application referred to in Article 1 shall include, where applicable, the following information on the concentration of revenue from a single undertaking or a group of undertakings:
(a) information identifying any undertaking, or any group of economically connected undertakings, that provided more than 10 % of the third party's total revenue over each of the three annual reporting periods preceding the date of the submission of the application, or, where not available, since the incorporation of the third party;
(b) a statement whether an undertaking, or a group of economically connected undertakings, is projected to provide at least 10 % of the third party's projected revenue from the provision of STS compliance services over each of the next three years.
8. Where applicable, the application referred to in Article 1 shall contain an assessment of how a concentration of revenue from a single undertaking or a group of economically connected undertakings identified in paragraph 7 is compatible with the third party's policies and procedures on the independence of the STS compliance services referred to in paragraph 2.
Article 5
Fee structure
1. The application referred to in Article 1 shall contain information on the pricing policies for providing the STS compliance services and shall include all of the following:
(a) pricing criteria and a fee structure or a fee schedule for the STS compliance services for each type of securitisation for which such services are offered (distinguishing non ABCP securitisations from ABCP securitisations and programmes), including any internal guidelines or procedures governing how the pricing criteria are used in order to determine or set individual fees;
(b) details of the methods used to record any specific costs incurred when providing STS compliance services, including additional incidental expenses related to the provision of STS compliance services, including transport and accommodation, and, where the third party intends to outsource parts of its provision of STS compliance services, a description as to how that outsourcing is to be taken into account in the pricing criteria;
(c) a detailed description of any established procedures for the modification of fees or for departing from the fee schedule, including under any frequent use programme;
(d) a detailed description of any established procedures or internal controls which ensure and monitor compliance with the pricing policies, including any procedures or internal controls which monitor the development of individual fees over time and across different customers to which STS compliance services are provided;
(e) a detailed description of any processes for reviewing and updating both the costing system and pricing policies;
(f) a detailed description of any procedures and internal controls for maintaining records relating to fee schedules, individual fees applied, or modifications to the third party's pricing policies.
2. The application referred to in Article 1 shall provide information on the following:
(a) whether the fees are set in advance of the provision of the STS compliance service;
(b) whether prepaid fees are non-refundable;
(c) any operational safeguards aimed at ensuring that contractual agreements between the third party and an originator, sponsor or SSPE for the provision of STS compliance services do not include a contractual termination clause or provide for breach of the contract or non-performance of the contract where the result of the STS compliance assessment demonstrates that the securitisation does not comply with the STS criteria.
Article 6
Operational safeguards and internal processes to assess STS compliance
1. The application referred to in Article 1 shall include a detailed summary of any policies, procedures and manuals on the controls and operational safeguards established to ensure the independence of the third party's assessment of STS compliance and the integrity of its assessment.
2. The application referred to in Article 1 shall contain any information that demonstrates that the third party has established operational safeguards and internal processes to enable it to properly assess STS compliance, including the following:
(a) the number of staff, calculated on a full-time equivalent basis, disaggregated into types of positions within the third party;
(b) details on the policies and procedures established by the third party regarding:
(i) the independence of individual staff members;
(ii) the termination of employment contracts, including any measures to ensure the independence and integrity of the STS assessment process associated with the termination of the employment, including policies and procedures related to negotiating future employment contracts with other undertakings for staff directly involved in the STS assessment;
(iii) the qualification requirements for staff directly involved in providing STS compliance activities, distinguished by position type;
(iv) training and development policies for staff directly involved in the provision of STS compliance services;
(v) the performance evaluation and compensation policies of staff directly involved in STS compliance services;
(c) a description of any measures established by the third party to mitigate the risk of over-reliance on any individual staff members for providing STS compliance services;
(d) the following information where the third party relies, in any STS assessment, on outsourcing or external experts:
(i) details on any policies and procedures with regards to the outsourcing of activities and the engagement of external experts;
(ii) a description of any outsourcing arrangements entered into or envisaged by the third party, accompanied by a copy of the contracts governing those outsourcing arrangements;
(iii) a description of the services to be provided by the external expert, including the scope of those services and the conditions under which those services should be rendered;
(iv) a detailed explanation of how the third party intends to identify, manage and monitor any risks posed by outsourcing and a description of the safeguards put in place to ensure independence of the STS assessment process;
(e) a description of any measures to be used in the event of a breach of any of the policies or procedures referred to in point (b) of paragraph 2 and point (i) of point (d) of paragraph 2;
(f) a description of any policies on the reporting to the competent authority of any material breach of the policies or procedures referred to in point (b) of paragraph 2 and point (i) of point (d) of paragraph 2 or any other fact, event or circumstance which is likely to amount to a breach of the conditions of the authorisation of the third party;
(g) a description of any arrangements established to ensure that the relevant persons are aware of the policies and procedures referred to in point (b) of paragraphs 2 and point (i) of point (d) of paragraph 2, and a description of any arrangement relating to the monitoring, review and updating of those policies and procedures.
3. The application referred to in Article 1 shall contain the following for each securitisation type for which the third party intends to provide STS compliance services:
(a) a description of the STS assessment methodology to be applied, including any procedures and methodology for the quality assurance of that assessment;
(b) a template of the STS verification report to be provided to the originator, sponsor or the SSPE.
Article 7
Format of the application
1. A third party shall allocate a unique reference number to each document it submits to the competent authority as part of its application.
2. A third party shall include a substantiated explanation in its application for any requirement of this Regulation considered non-applicable.
3. The application referred to in Article 1 shall be accompanied by a letter signed by a member of the third party's management body confirming that:
(a) the submitted information is accurate and complete to the best of his or her knowledge, as of the date of the submission of the application;
(b) the applicant is neither a regulated entity as defined in point (4) of Article 2 of Directive 2002/87/EC (5), nor a credit rating agency as defined in point (b) of Article 3(1) of Regulation (EC) No 1060/2009. (6)
Article 8
Entry into force
This Regulation shall enter into force on the twentieth day following its publication in the
Official Journal of the European Union
.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 5 February 2019.
For the Commission
The President
Jean-Claude JUNCKER
(1)
OJ L 347, 28.12.2017, p. 35
.
(2) Commission Regulation (EC) No 1126/2008 of 3 November 2008 adopting certain international accounting standards in accordance with Regulation (EC) No 1606/2002 of the European Parliament and of the Council (
OJ L 320, 29.11.2008, p. 1
).
(3) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (
OJ L 331, 15.12.2010, p. 84
).
(4) Directive 2006/43/EC of the European Parliament and of the Council of 17 May 2006 on statutory audits of annual accounts and consolidated accounts, amending Council Directives 78/660/EEC and 83/349/EEC and repealing Council Directive 84/253/EEC (
OJ L 157, 9.6.2006, p. 87
).
(5) Directive 2002/87/EC of the European Parliament and of the Council of 16 December 2002 on the supplementary supervision of credit institutions, insurance undertakings and investment firms in a financial conglomerate and amending Council Directives 73/239/EEC, 79/267/EEC, 92/49/EEC, 92/96/EEC, 93/6/EEC and 93/22/EEC, and Directives 98/78/EC and 2000/12/EC of the European Parliament and of the Council (
OJ L 35, 11.2.2003, p. 1
).
(6) Regulation (EC) No 1060/2009 of the European Parliament and of the Council of 16 September 2009 on credit rating agencies (
OJ L 302, 17.11.2009, p. 1
).
ANNEX
Document references
Article of this Regulation |
Unique reference number of document |
Title of the document |
Chapter or section or page of the document where the information is provided or reason why the information is not provided |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Feedback