COMMISSION DELEGATED REGULATION (EU) 2018/1638
of 13 July 2018
supplementing Regulation (EU) 2016/1011 of the European Parliament and of the Council with regard to regulatory technical standards specifying further how to ensure that input data is appropriate and verifiable, and the internal oversight and verification procedures of a contributor that the administrator of a critical or significant benchmark has to ensure are in place where the input data is contributed from a front office function
(Text with EEA relevance)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2016/1011 of the European Parliament and of the Council of 8 June 2016 on indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds and amending Directives 2008/48/EC and 2014/17/EU and Regulation (EU) No 596/2014 (1), and in particular the fourth subparagraph of Article 11(5) thereof,
Whereas:
(1) Article 11(1) of Regulation (EU) 2016/1011 requires the input data used for a benchmark to be appropriate to represent accurately and reliably the market or economic reality that the benchmark is intended to measure, and it also requires the data to be verifiable. In addition, where the input data is contributed from a front office function, Article 11(3)(b) of that Regulation requires the administrator to ensure that the contributor has adequate internal oversight and verification procedures in place.
(2) The correct calculation of a benchmark requires not only that the accurate values of the input data are submitted but also that they are in the unit of measurement and reflect the relevant features of the underlying assets.
(3) Whether input data is verifiable is linked to its level of accuracy, which in turn is highly dependent on the type of input data used. Input data which is neither transaction data nor comes from a regulated data source listed in point (24) of Article 3(1) of Regulation (EU) 2016/1011 may still meet the requirement of being verifiable if sufficient information is available to the administrator to enable it to conduct sufficient checks on the data. The administrator should therefore be required to ensure that it has available to it the information necessary to enable it to carry out the appropriate checks.
(4) In order to ensure that input data is appropriate and verifiable, the administrator should be required to monitor input data on a regular basis, to a degree that reflects the vulnerability of the particular input data type. In the case of regulated data, existing regulation and supervision of the relevant data provider already ensure the integrity of regulated data. That type of data should therefore be subject to less extensive monitoring requirements. Other types of input data require more verification and should be subject to more extensive checks, notably input data that is not transaction data and especially if it is contributed from a front-office function.
(5) When input data is contributed, one important monitoring check is to ensure that the contributions are provided within a time-period set by the administrator. This is to ensure consistency between contributions from different contributors. When input data is not contributed, the time at which the input data is considered also has to be checked in order to ensure consistency between different input data. The administrator should therefore be required to check that input data is contributed, or selected from a specified source, within the time-period set by it.
(6) It is of particular importance that core features such as the currency, the tenor and the time to maturity of the underlying asset or the types of counterparties as specified by the benchmark methodology are properly checked.
(7) Effective internal oversight of the contribution of input data from a front office function relies on the establishment and maintenance of appropriate structures within the contributor's organisation. These structures should normally include three levels of control unless the size of the contributor's organisation does not reasonably allow for that number. The first level of control should include processes to ensure the effective checking of input data.
(8) Contributions from a front office function present a particular risk as a result of the inherent conflict of interest that exists between the commercial role of the front office and its role in contributing input data for a benchmark. It is therefore important for the contributor to establish, maintain and operate a conflict of interest policy as part of its second level of control, and to perform regular checks on the input data used. In addition, a notable tool that may be useful in bringing to light and escalating any misconduct, or in detecting activities potentially affecting the integrity of the benchmark, is the establishment of a whistle-blowing procedure that permits any staff member to report any instance of misconduct to the relevant compliance function or other appropriate internal function. The administrator should therefore be satisfied that the internal oversight and verification procedures of a contributor include the establishment, maintenance and operation of a conflict of interest policy and the establishment and maintenance of a whistle-blowing procedure.
(9) This Regulation applies to administrators of critical and significant benchmarks. In accordance with the principle of proportionality, it avoids putting an excessive burden on administrators of significant benchmarks by allowing these administrators to choose to apply the conflict of interest requirements solely for actual or potential conflicts of interest that are or would be material. In addition, administrators should be afforded additional discretion in how they ensure internal oversight and verification procedures at contributor level. In particular, they should be allowed to relax certain requirements for those procedures, having regard to the nature, scale and complexity of the contributor's organisation.
(10) Administrators should be given sufficient time to ensure compliance with the requirements of this Regulation. This Regulation should therefore start to apply two months after it enters into force.
(11) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority (ESMA) to the Commission.
(12) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (2),
HAS ADOPTED THIS REGULATION:
Article 1
Scope
This Regulation does not cover or apply to administrators of non-significant benchmarks.
Article 2
Ensuring appropriate and verifiable input data
1. The administrator of a benchmark shall ensure that it has available to it all information necessary to enable it to check the following matters in relation to any input data that it uses for the benchmark, insofar as these matters are applicable to the input data in question:
(a) whether the submitter is authorised to contribute the input data on behalf of the contributor in accordance with any requirement for authorisation under Article 15(2)(b) of Regulation (EU) 2016/1011;
(b) whether the input data is provided by the contributor, or selected from a source specified by the administrator, within the time-period prescribed by the administrator;
(c) whether the input data is provided by the contributor in a format specified by the administrator;
(d) whether the source of the input data is one of the sources listed Article 3(1)(24) of Regulation (EU) 2016/1011;
(e) whether the source of the input data is reliable;
(f) whether the input data meets the requirements set out in the methodology of the benchmark, in particular the requirements on the currency or unit of measurement, the tenor, and the types of counterparties;
(g) whether any relevant thresholds for the quantity of the input data and any relevant standards for the quality of the input data are met in accordance with the methodology;
(h) whether the priority of use of different types of input data is applied in accordance with the methodology;
(i) whether any discretion or judgement exercised in contributing the input data is exercised in accordance with the clear rules set out in the methodology and with the policies required to be established by the code of conduct for the benchmark.
2. Administrators shall conduct the checks listed in paragraph 1 on a regular basis. Administrators of critical benchmarks shall conduct the checks listed in points (a), (b), (c) and (d) of paragraph 1 prior to any publication of the benchmark or any instance when the benchmark is made available to the public.
Article 3
Internal oversight and verification procedures of a contributor
1. The internal oversight and verification procedures of a contributor that the administrator has to ensure are in place in compliance with Article 11(3)(b) of Regulation (EU) 2016/1011 shall include at least the following:
(a) establishment and maintenance of an internal function to serve as the first level of control for the contribution of input data and to be responsible for carrying out the following duties:
(i) undertaking an effective check of input data prior to its contribution, including ensuring compliance with any requirement for the validation of input data to which the contributor is subject pursuant to Article 15(2)(d)(iii) of Regulation (EU) 2016/1011, and reviewing input data prior to its contribution with respect to its integrity and accuracy;
(ii) checking that the submitter is authorised to contribute input data on behalf of the contributor in accordance with any requirement imposed under Article 15(2)(b) of Regulation (EU) 2016/1011;
(iii) ensuring that access to contributions of input data is restricted to persons involved in the contribution process, except where access is necessary for audit purposes, investigation purposes or purposes required by law;
(b) establishment and maintenance of an internal function to serve as the second level of control for the contribution of input data and to be responsible for carrying out the following duties:
(i) conducting a review of input data after its contribution, independent of the review carried out by the first level control function, in order to confirm the integrity and accuracy of the contribution;
(ii) establishing and maintaining a whistle-blowing procedure that includes appropriate safeguards for whistle-blowers;
(iii) establishing and maintaining procedures for the internal reporting of any attempted or actual manipulation of the input data, for any failure to comply with the contributor's own benchmark-related policies and for the investigation of such events as soon as they become apparent;
(iv) establishing and maintaining internal reporting procedures for reporting any operational problems in the contribution process as soon as they arise;
(v) ensuring regular presence in person of a staff member from the second level control function in the office area where the front office function is based;
(vi) maintaining oversight of relevant communications between front office function staff directly involved in contributing input data and also of relevant communications between such staff and other internal functions or external bodies;
(vii) establishing, maintaining and operating a conflict of interest policy that ensures:
— the identification and disclosure to the administrator of actual or potential conflicts of interest concerning any of the contributor's front office function staff who are involved in the contribution process,
— the absence of any direct or indirect link between the remuneration of a submitter and the value of the benchmark, the value of specific submissions made or the performance of any activity carried on by the contributor that might give rise to a conflict of interest related to the contribution of input data to the benchmark,
— a clear segregation of duties between front office function staff involved in contributing input data and other front office function staff,
— a physical separation between front office function staff involved in contributing input data and other front office function staff,
— effective controls over the exchange of information between front office function staff and other staff of the contributor involved in activities that may create a risk of conflicts of interest, insofar as the information being exchanged is information that may affect the input data contributed,
— the existence of contingency provisions in case of temporary disruption of the controls regarding the exchange of information referred to in the fifth indent,
— the taking of measures to prevent any person from exercising inappropriate influence over the way in which front office function staff involved in contributing input data carry out their activities;
(c) establishment and maintenance of an internal function, independent from the first and second level control functions, to serve as the third level of control for the contribution of input data and to be responsible for performing checks, on a regular basis, on the controls exercised by the other two control functions;
(d) procedures governing:
(i) the means of cooperation and flow of information between the three control functions required by points (a), (b) and (c) of this paragraph;
(ii) regular reporting to the senior management of the contributor on the duties carried out by those three control functions;
(iii) communication to the administrator, upon request, of information requested by the administrator relating to the contributor's internal oversight and verification procedures.
2. The administrator may choose to waive any of the requirements specified in point (b)(v) or in the third, fourth or sixth indents of point (b)(vii) of paragraph 1, having regard to the following matters:
(a) the nature, scale and complexity of the activities of the contributor;
(b) the likelihood of a conflict of interest arising between the contribution of input data to the benchmark and trading activity or other activities performed by the contributor;
(c) the level of discretion involved in the process of contribution.
3. Having regard primarily to the small size of a contributor's organisation and also to the matters listed in points (a), (b) and (c) of paragraph 2, the administrator may permit the contributor to have in place a simpler organisational control structure than the one required by paragraph 1. The simpler control structure shall, however, ensure that all the duties listed in points (a), (b) and (c) of that paragraph 1 are performed, except for any duties in respect of which a waiver is granted under paragraph 2. Points (i) and (ii) of point (d) of paragraph 1 shall be applied in a manner reflecting the simpler control structure.
4. An administrator of a significant benchmark may choose to apply the requirements specified in paragraph 1(b)(vii) in relation solely to actual or potential conflicts of interest that are or would be material conflicts of interest.
Article 4
Entry into force and application
This Regulation shall enter into force on the twentieth day following that of its publication in the
Official Journal of the European Union
.
It shall apply from 25 January 2019.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
Done at Brussels, 13 July 2018.
For the Commission
The President
Jean-Claude JUNCKER
(1)
OJ L 171, 29.6.2016, p. 1
.
(2) Regulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (
OJ L 331, 15.12.2010, p. 84
).
Feedback