icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Commission Delegated Regulation (EU) 2017/392 of 11 November 2016 supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council with regard to regulatory technical standards on authorisation, supervisory and operational requirements for central securities depositories (Assimilated Law)RecitalsChapter I General provisions (art. 1)Article 1 DefinitionsChapter II Determination of the most relevant currencies and practical arrangements for the consultation of the relevant competent authorities (Article 12(1)(b) and (c) of Regulation (EU) No 909/2014) (arts. 2-3)Article 2 Determination of most relevant currenciesArticle 3 Practical arrangements for the consultation of the relevant authorities referred to in Article 12(1)(b) and (c) of Regulation (EU) No 909/2014Chapter III Authorisation of CSDs (Article 17 of Regulation (EU) No 909/2014) (arts. 4-38)Section 1 General information on applicant CSDs (arts. 4-7)Article 4 Identification and legal status of applicant CSDsArticle 5 General information concerning policies and proceduresArticle 6 Information concerning services and activities of the CSDArticle 7 Information concerning groupsSection 2 Financial resources for the provision of services by the applicant CSD (art. 8)Article 8 Financial reports, business plan, and recovery planSection 3 Organisational requirements (arts. 9-17)Article 9 Organisational chartArticle 10 Staffing policies and proceduresArticle 11 Risk monitoring tools and governance arrangementsArticle 12 Compliance, internal control and internal audit functionsArticle 13 Senior management, management body and shareholdersArticle 14 Management of conflicts of interestArticle 15 ConfidentialityArticle 16 User committeeArticle 17 Record-keepingSection 4 Conduct of business rules (arts. 18-22)Article 18 Goals and objectivesArticle 19 Handling of complaintsArticle 20 Requirements for participationArticle 21 TransparencyArticle 22 Communication procedures with participants and other market infrastructuresSection 5 Requirements for services provided by CSDs (arts. 23-30)Article 23 Book-entry formArticle 24 Intended settlement dates and measures for preventing and addressing settlement failsArticle 25 Integrity of the issueArticle 26 Protection of participants' and their clients' securitiesArticle 27 Settlement finalityArticle 28 Cash settlementArticle 29 Participant default rules and proceduresArticle 30 Transfer of participants and clients' assets in case of a withdrawal of authorisationSection 6 Prudential requirements (arts. 31-35)Article 31 Legal risksArticle 32 General business risksArticle 33 Operational risksArticle 34 Investment policyArticle 35 Capital requirementsSection 7 (art. 36)Article 36 CSD linksSection 8 Access to CSDs (art. 37)Article 37 Access rulesSection 9 Additional information (art. 38)Article 38 Request for additional informationChapter IV Participation of CSDs in certain entities(Article 18(3) of Regulation (EU) No 909/2014) (art. 39)Article 39 Criteria for participation of a CSDChapter V Review and evaluation (Article 22 of Regulation (EU) No 909/2014) (arts. 40-45)Article 40 Information to be provided to the competent authorityArticle 41 Periodic information relevant for the reviewsArticle 42 Statistical data to be delivered for each review and evaluationArticle 43 Other informationArticle 44 Information to be supplied to the authorities referred to in Article 22(7) of Regulation (EU) No 909/2014Article 45 Exchange of information between the competent authorities referred to in Article 22(8) of Regulation (EU) No 909/2014Chapter VI Recognition of a third-country CSD (Article 25(6) of Regulation (EU) No 909/2014) (art. 46)Article 46 Content of the applicationChapter VII Risk monitoring tools (Article 26(1) to (7) of Regulation (EU) No 909/2014) (arts. 47-52)Article 47 Risk monitoring tools of CSDsArticle 48 Risk monitoring committeesArticle 49 Responsibilities of key personnel in respect to the risksArticle 50 Conflicts of interestArticle 51 Audit methodsArticle 52 Sharing audit findings with the user committeeChapter VIII Record-keeping (Article 29(3) of Regulation (EU) No 909/2014) (arts. 53-58)Article 53 General requirementsArticle 54 Transaction/settlement instruction (Flow) recordsArticle 55 Position (Stock) recordsArticle 56 Ancillary Services RecordsArticle 57 Business RecordsArticle 58 Additional recordsChapter IX Reconciliation measures (Article 37(4) of Regulation (EU) No 909/2014) (arts. 59-65)Article 59 General reconciliation measuresArticle 60 Reconciliation measures for corporate actionsArticle 61 Reconciliation measures for the registrar modelArticle 62 Reconciliation measures for the transfer agent modelArticle 63 Reconciliation measures for the common depository modelArticle 64 Additional measures where other entities are involved in the reconciliation processArticle 65 Problems related to reconciliationChapter X Operational risks (Article 45(1) to (6) of Regulation (EU) No 909/2014) (arts. 66-80)Section 1 Identifying operational risks (arts. 66-69)Article 66 General operational risks and their assessmentArticle 67 Operational risks that may be posed by key participantsArticle 68 Operational risks that may be posed by critical utilities and critical service providersArticle 69 Operational risks that may be posed by other CSDs or market infrastructuresSection 2 Methods to test, address and minimise operational risks (arts. 70-74)Article 70 Operational risk-management system and frameworkArticle 71 Integration of and compliance with the operational and enterprise risk-management systemArticle 72 Operational risk-management functionArticle 73 Audit and testingArticle 74 Mitigation of operational risk through insuranceSection 3 IT systems (art. 75)Article 75 IT toolsSection 4 Business continuity (arts. 76-80)Article 76 Strategy and policyArticle 77 Business impact analysisArticle 78 Disaster recoveryArticle 79 Testing and monitoringArticle 80 MaintenanceChapter XI Investment policy (Article 46(2), (3) and (5) of Regulation (EU) No 909/2014) (arts. 81-83)Article 81 Highly liquid instruments with minimal market and credit riskArticle 82 Appropriate timeframe for access to assetsArticle 83 Concentration limits to individual entitiesChapter XII CSD links (Article 48(3), (5), (6) and (7) of Regulation (EU) No 909/2014) (arts. 84-87)Article 84 Conditions for the adequate protection of linked CSDs and of their participantsArticle 85 Monitoring and management of additional risks resulting from the use of indirect links or intermediaries to operate CSD linksArticle 86 Reconciliation procedures for linked CSDsArticle 87 DVP settlement through CSD linksChapter XIII Access to a CSD (Articles 33(5), 49(5), 52(3) and 53(4) of Regulation (EU) No 909/2014) (arts. 88-90)Article 88 Receiving and requesting partiesSection 1 Criteria justifying refusal of access (Articles 33(3), 49(3), 52(2) and 53(3) of Regulation (EU) No 909/2014) (art. 89)Article 89 Risks to be taken into account by CSDs and competent authoritiesSection 2 Procedure for refusal of access (Articles 33(3), 49(4), 52(2) and 53(3) of Regulation (EU) No 909/2014) (art. 90)Article 90 ProcedureChapter XIV Authorisation to provide banking type of ancillary services (Article 55(1) and (2) of Regulation (EU) No 909/2014) (arts. 91-94)Article 91 CSDs offering banking-type ancillary services themselvesArticle 92 CSDs offering banking-type ancillary services through a designated credit institutionArticle 93 Specific requirementsArticle 94 Standard forms and templates for the applicationChapter XV Final provisions (arts. 95-96)Article 95 Transitional provisionsArticle 96 Entry into force and applicationAnnex I Details to be included in the application for recognition of third-country CSDsAnnex II CSD ancillary services recordsAnnex III Templates for application by a CSD to designate a credit institution or to provide banking-type ancillary servicesDone at
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 25th January 2025
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: In force | Document consolidation status: Assimilated law updated to reflect all known changes
Version date: 31 December 2020 - onwards
Version 2 of 2

Article 75 IT tools

1. A CSD shall ensure that its information technology (IT) systems are well-documented and that they are designed to cover the CSD's operational needs and the operational risks that the CSD faces.

The CSD IT systems shall be:

(a) resilient, including in stressed market conditions;

(b) have sufficient capacity to process additional information as a result of increasing settlement volumes;

(c) achieve the service level objectives of the CSD.

2. A CSD systems shall have sufficient capacity to process all transactions before the end of the day even in circumstances where a major disruption occurs.

A CSD shall have procedures for ensuring sufficient capacity of its IT systems, including in the case of the introduction of new technology.

3. A CSD shall base its IT systems on internationally recognised technical standards and industry best practices.

4. A CSD's IT systems shall ensure that any data at the disposal of the CSD is protected from loss, leakage, unauthorised access, poor administration, inadequate record-keeping, and other processing risks.

5. A CSD's information security framework shall outline the mechanisms that the CSD have in place to detect and prevent cyber-attacks. The framework shall also outline the CSD's plan in response to cyber-attacks.

PreviousNext