icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Commission Delegated Regulation (EU) 2020/1230 of 29 November 2019 supplementing Regulation (EU) 2017/2402 of the European Parliament and of the Council with regard to regulatory technical standards specifying the details of the application for registration of a securitisation repository and the details of the simplified application for an extension of registration of a trade repository (Text with EEA relevance)RecitalsArticle 1 DefinitionsArticle 2 Identification, legal status and type of securitisationArticle 3 Organisational chartArticle 4 Corporate governanceArticle 5 Internal controlArticle 6 Conflicts of interestArticle 7 Ownership of the securitisation repositoryArticle 8 Ownership chartArticle 9 Policies and proceduresArticle 10 Regulatory complianceArticle 11 Staffing policies and proceduresArticle 12 Information about the applicant’s staff members involved in the provision of core securitisation servicesArticle 13 Financial reports and business plansArticle 14 Information technology resourcesArticle 15 Information collection and availability mechanismsArticle 16 Ancillary servicesArticle 17 Senior management and members of the boardArticle 18 Transparency of access rulesArticle 19 Pricing policy transparencyArticle 20 Operational riskArticle 21 OutsourcingArticle 22 SecurityArticle 23 Verification proceduresArticle 24 Quality of information producedArticle 25 ConfidentialityArticle 26 Record-keeping policyArticle 27 Payment of feesArticle 28 Verification of the accuracy and completeness of the applicationArticle 29 Information requirements for a registered trade repository seeking to provide core securitisation servicesArticle 30 Entry into forceDone at
Page Overview
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Coming soon: Any documents - Any document vs Another document at any date
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 25th January 2025
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application
PreviousNext
Version status: Entered into force | Document consolidation status: No known changes
Version date: 23 September 2020 - onwards
Version 2 of 2

Article 22 Security

(1) An application for registration as a securitisation repository shall contain proof of the following:

(a) that its information technology systems are protected from misuse or unauthorised access;

(b) that its information systems as defined in Article 2(a) of Directive 2013/40/EU of the European Parliament and of the Council [Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA (OJ L 218, 14.8.2013, p. 8).] are protected against attacks;

(c) that unauthorised disclosure of confidential information is prevented;

(d) that the security and integrity of the information received by it under Regulation (EU) 2017/2402 is ensured.

(2) The application shall contain proof that the applicant has arrangements in place to identify and manage the risks referred to in paragraph 1 in a prompt and timely manner.

(3) With respect to breaches in the physical and electronic security measures referred to in paragraphs 1 and 2, the application shall contain proof that the applicant has arrangements in place to do the following in a prompt and timely manner:

(a) to notify ESMA of the incident giving rise to the breach;

PreviousNext