(Utkast) Delegert kommisjonsforordning (EU) .../... av 6. juli 2026 om endring av de tekniske reguleringsstandarder fastsatt i delegert forordning (EU) 2017/392 med hensyn til informasjon om gjennomgangs- og evalueringsprosess fra verdipapirsentraler til kompetent myndighet i henhold til artikkel 22 nr. 1 i forordning (EU) nr. 909/2014
Regulering av verdipapirregistre: endringsbestemmelser om gjennomgangs- og evalueringsprosess
Utkast til delegert kommisjonsforordning sendt til Europaparlamentet og Rådet for klarering 6.7.2026
Bakgrunn
(fra kommisjonsforordningen)
(1) The amendments introduced to Regulation (EU) No 909/2014 by Regulation (EU) 2023/2845 of the European Parliament and of the Council require amending certain provisions of Commission Delegated Regulation (EU) 2017/3928 accordingly.
(2) Considering the strengthening of the role of relevant authorities and, where applicable, of the authorities referred to in Article 67 of Directive 2014/65/EU of the European Parliament and of the Council in the review and evaluation process foreseen by Regulation (EU) No 909/2014, competent authorities should transmit to those authorities the information necessary to fulfil their role, which has been extended beyond the functioning of the securities settlement systems operated by the central securities depository (CSD) to compliance with Regulation (EU) No 909/2014 and other requirements of Union law as regards the functioning of the securities settlement systems. In light of the longer review period of three years introduced by Regulation (EU) 2023/2845, CSDs should be required to report to competent authorities certain new information items. It is also necessary to make the reporting requirements laid down in Article 22(1), (7) and (8) of Regulation (EU) No 909/2014 more predictable, to reduce the administrative burden for both CSDs and competent authorities and reduce ad hoc information requests.
(3) To ensure minimum harmonisation, to enable competent authorities to compare information received, and to foster supervisory convergence, CSDs should provide their competent authority with a summary of the key changes they have made to their arrangements, strategies, processes and mechanisms with respect to compliance with Regulation (EU) No 909/2014 since the most recent review of those arrangements, strategies, processes and mechanisms by their competent authority. Due to the new longer minimum frequency for the review and evaluation laid down in Article 22(1), third subparagraph, of Regulation (EU) No 909/2014 and taking into account the new elements highlighted by the supervisory experience developed since the introduction of the review and evaluation process, that report should cover more detailed information on the changes that occurred during the relevant review period on the core elements of the structure and functioning of the CSD from a supervisory perspective. Those core elements should include the group structure of the CSD, its management and shareholders, its activities or services, and the termination of services and links. A number of information items on the changes in the CSD’s risk management framework, in terms of legal risks, general business risks and operational risks, should be included in the set of periodic information that is to be provided to the competent authorities for the review and evaluation.
(4) Since CSDs can provide their services cross-border, in other Member States and in third countries, the review of the arrangements, strategies, processes and mechanisms implemented by a CSD with respect to compliance with Regulation (EU) No 909/2014, and the evaluation of the risks to which the CSD is, or might be, exposed or which it creates for the smooth functioning of securities markets or stability of the financial markets, should cover such cross-border activities. CSDs should therefore provide their competent authorities with statistical data on their crossborder activities, including the jurisdictions of their participants or issuers and the governing law of the securities for which they provide core services. That information will enable authorities to thoroughly understand the operational, legal, and liquidity risks associated with the cross-border provision of services by CSDs.
(5) To ensure that competent authorities are able to monitor whether CSDs properly identify, rate, and manage their legal risk exposure, CSDs should inform their competent authorities about any changes to their legal management framework in the course of the review period.
(6) To ensure that CSDs comply at all times with the conditions for authorisation, their progress in addressing any outstanding findings and recommendations from the competent authorities should be closely monitored. CSDs should inform their competent authorities about measures taken to address those outstanding findings and recommendations, as part of the review and evaluation process referred to in Article 22(1) of Regulation (EU) No 909/2014. In particular, CSDs that have obtained a risk rating from a third-party in accordance with Article 32 of Delegated Regulation (EU) 2017/392 should periodically report any changes in the risk rating of the CSD that occurred during the review period.
(7) While CSDs remain liable for any issues that arise in relation to outsourced activities or services, such activities or services may have a direct impact on the management of securities settlement systems. To ensure that the outsourcing contracts adequately provide for oversight and proper control of the outsourced functions by CSDs, CSDs should periodically inform their competent authorities about major changes in those contracts during the review period.
(8) Deferred net settlement entails credit and liquidity risks. CSDs should therefore periodically inform their competent authorities about the way in which those credit and liquidity risks are managed.
(9) Under Article 70(7) of Delegated Regulation (EU) 2017/392, CSDs are required to periodically review their operational objectives to incorporate new technological and business developments. It follows that CSDs, to enable competent authorities to properly perform the review and evaluation referred to in Article 22(1) of Regulation (EU) No 909/2014, should also inform their competent authorities about the outcome of such review and in particular about the processes and activities that contribute to the delivery of the services that CSDs provide and the IT systems that support them.
(10) Operational risk is one of the main risks that CSDs face on an ongoing basis. CSDs should therefore inform their competent authorities about the operational risks faced during the review period and the procedures they have followed to mitigate those risks. For the same reason, CSDs should periodically inform their competent authorities about the outcome of their tests on, and reviews of, their operational arrangements, policies and procedures with users.
(11) Pursuant to Articles 6 and 7 of Regulation (EU) No 909/2014, CSDs are required to promote early settlement on the intended settlement date, to monitor settlement fails of transactions, and to establish procedures to facilitate the settlement of transactions that are not settled on the intended settlement date, by means of cash penalties, settlement fails reporting and eventually, mandatory buy-in. Therefore, and to enable competent authorities to monitor any changes that CSDs implement in that area during the review period for the review and evaluation referred to in Article 22(1) of Regulation (EU) No 909/2014, CSDs should provide periodic information on developments that occurred in relation to the measures they put in place to prevent and address settlement fails.
(12) To ensure that CSDs have the capacity to take timely action when there is a default of one or more of its participants, the rules and procedures to ensure that such action is taken should periodically be tested and reviewed. To enable competent authorities to identify the risks to which CSDs might be exposed, CSDs should inform their competent authorities about the outcome of such testing and review.
(13) Under Article 80 of Delegated Regulation (EU) 2017/392, CSDs are required to periodically review and update their business continuity policy and the disaster recovery plan. To enable competent authorities to properly perform the review and evaluation referred to in Article 22(1) of Regulation (EU) No 909/2014, CSDs should provide their competent authorities with the result of those periodic reviews and updates.
(14) CSDs may use measures or tools to condition the delivery of securities to the payment of the cash leg operated outside its system for free of payment settlement instructions. Given the relevance of those measures or tools for the securities settlement system, CSDs should inform their competent authorities about their implementation during the review period.
(15) The introduction of new information requirements may lead to changes in CSDs’ reporting structure. To provide CSDs with enough time to undertake such changes, the date of application of certain provisions should be deferred by one year. (16) Delegated Regulation (EU) 2017/392 should therefore be amended accordingly.
(17) This Regulation is based on the draft regulatory technical standards submitted to the Commission by the European Securities and Markets Authority (ESMA.)
(18) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the advice of the Securities and Markets Stakeholder Group established in accordance with Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council,