1. A CSD shall put in place a policy in relation to conflicts of interest arising or affecting the CSD or its activities, including with respect to outsourcing arrangements.

2. Where a CSD is part of a group of undertakings, its organisational administrative arrangements shall take into account any circumstances, of which the CSD is or should be aware, which may give rise to a conflict of interest arising as a result of the structure and business activities of other undertakings of the same group.

3. Where a CSD shares the functions of chief risk officer, chief compliance officer, chief technology officer, or internal audit with other entities of the group, the governance arrangements shall ensure that related conflicts of interest at group level are appropriately managed.

4. The organisational and administrative arrangements referred to in Article 26(3) of Regulation (EU) No 909/2014 shall include a description of the circumstances which may give rise to a conflict of interest entailing a material risk of damage to the interests of one or more users of the CSD, or their clients, as well as the procedures to be followed and the measures to be adopted in order to manage those conflicts of interest.

5. The description of circumstances referred to in paragraph 4 shall take into account whether a member of the management body, senior management or staff of the CSD, or any person directly or indirectly linked to those individuals or to the CSD:

(a) has a personal interest in the use of the services, materials and equipment of the CSD for the purposes of another commercial activity;