LegalizeCommission Delegated Regulation (EU) 2019/885 of 5 February 2019 supplementing Regulation (EU) 2017/2402 of the European Parliament and of the Council with regard to regulatory technical standards specifying information to be provided to a competent authority in an application for authorisation of a third party assessing STS compliance (Text with EEA relevance.)
THE EUROPEAN COMMISSION,
Having regard to the Treaty on the Functioning of the European Union,
Having regard to Regulation (EU) 2017/2402 of the European Parliament and of the Council of 12 December 2017 laying down a general framework for securitisation and creating a specific framework for simple, transparent and standardised securitisation, and amending Directives 2009/65/EC, 2009/138/EC and 2011/61/EU and Regulations (EC) No 1060/2009 and (EU) No 648/2012 (1), and in particular Article 28(4) thereof,
Whereas:
(1) The information to be provided by a third party seeking authorisation to assess the compliance of securitisations with the STS criteria provided for in Articles 19 to 22 or Articles 23 to 26 of Regulation (EU) 2017/2402 should enable a competent authority to evaluate whether and to what extent the applicant meets the conditions of Article 28(1) of the Regulation (EU) 2017/2402.
(2) An authorised third party will be able to provide STS assessment services across the Union. The application for authorisation should therefore comprehensively identify that third party, any group to which it belongs as well as the scope of its activities. With regard to the STS assessment services to be provided, the application should include the envisaged scope of the services to be provided as well as their geographical scope.
(3) To facilitate the effective use of a competent authority's authorisation resources, each application for authorisation should include a table clearly identifying each submitted document and its relevance to the conditions that must be met for authorisation to the granted.
(4) To enable the competent authority to assess whether the fees charged by the third party are non-discriminatory and are sufficient and appropriate to cover the costs for the provision of the STS assessment services, as required by Article 28(1)(a) of Regulation (EU) 2017/2402, the third party should provide comprehensive information on pricing policies, pricing criteria, fee structures and fee schedules.
(5) To enable the competent authority to assess whether the third party is able to ensure the integrity and independence of the STS assessment process, that third party should provide information on the structure of those internal controls. Furthermore, to enable the competent authority to assess whether the quality of the operational safeguards over the STS assessment process is sufficiently high to ensure that its results cannot be unduly influenced, and to assess whether the members of the management body comply with the requirements laid down in Article 28(1)(d) of Regulation (EU) 2017/2402, the third party should provide comprehensive information on the composition of the management body and on the qualifications and repute of each of its members.
(6) The concentration of a third party's revenue is a determinative factor in the assessment of its independence and integrity. Revenue concentration may not only come from a single undertaking but can also arise via revenue streams earned from a group of economically connected undertakings. In that context, a group of economically connected undertakings should be understood as a group of related entities as referred to in paragraph 9(b) of International Accounting Standard 24 (‘related party disclosures’) in the Annex to Commission Regulation (EC) No 1126/2008 (2), where the terms ‘entity’ and ‘reporting entity’ should be construed as referring to ‘undertaking’ for the purposes of this Regulation.
(7) Securitisation instruments are complex, evolving products that require specialised knowledge. To enable the competent authority to assess whether the third party has sufficient operational safeguards and internal processes to assess STS compliance, the third party should provide information on its procedures relating to the required qualification of its staff. The third party should also demonstrate that its STS assessment methodology is sensitive to the type of securitisation and that specifies separate procedures and safeguards for ABCP transactions/programmes and non-ABCP securitisations.
(8) The use of outsourcing arrangements and a reliance on the use of external experts can raise concerns about the robustness of the operational safeguards and internal processes. The application should therefore contain specific information about the nature and scope of any such outsourcing arrangements or use of external experts as well as the third party's governance over those arrangements.
(9) This Regulation is based on the draft regulatory technical standards submitted by the European Securities and Markets Authority (ESMA) to the Commission.
(10) ESMA has conducted open public consultations on the draft regulatory technical standards on which this Regulation is based, analysed the potential related costs and benefits and requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the Council (3),
HAS ADOPTED THIS REGULATION:
Article 1
Identification of the third party
An application for authorisation as referred to in Article 28(4) of Regulation (EU) 2017/2402 shall contain the following information, to the extent relevant:
(a) the corporate name of the third party and its legal form;
(b) the third party's Legal Entity Identifier (LEI) or, where not available, another identifier required by the applicable national law;
(c) the third party's legal address as well as the addresses of any of its offices within the Union;
(d) the Uniform Resource Locator (URL) of the third party's website;
(e) an excerpt from a relevant commercial or court register, or another form of certified evidence, valid at the date of application, confirming the place of incorporation and the scope of business activity of the third party;
(f) the articles of incorporation of the third party, or other statutory documentation, stating that the third party is to assess the compliance of securitisations against the criteria provided for in Articles 19 to 22 or Articles 23 to 26 of Regulation (EU) 2017/2402 (‘STS compliance’);
(g) the most recent annual financial statements of the third party, including individual and consolidated financial statements, where available, and where the financial statements of the third party are subject to a statutory audit as defined in Article 2(1) of Directive 2006/43/EC of the European Parliament and of the Council (4), the audit report on these financial statements;
(h) the name, title, address, email address and the telephone number(s) of the contact person for the purposes of the application;
(i) the list of Member States in which the third party intends to provide STS compliance services;
(j) the list of types of securitisation for which the third party intends to provide STS compliance services, distinguishing between non ABCP securitisations and ABCP securitisations/programmes;
(k) a description of any services, other than providing STS compliance services, that the third party provides or intends to provide;
(l) a list of parties to whom the third party provides advisory, audit or equivalent services.
An application for authorisation shall include the following documentation as attachments:
(b) a list containing the name and business address of any entity in which a person or entity referred to in point (a) holds 20 % or more of the capital or voting rights and a description of that entity's activities.
(c) a completed copy of the table set out in Annex 1.
Where the third party has a parent undertaking, the application referred to in paragraph 1 shall state whether the immediate parent undertaking or ultimate parent undertaking is authorised, registered or subject to supervision, and where this is the case, state any associated reference number and the name of the responsible supervisory authority.
Where the third party has subsidiaries or branches, the application for authorisation shall identify the names and business addresses of those subsidiaries or branches and shall describe the areas of business activities of each subsidiary or branch.
An application for authorisation shall include a chart showing the ownership links between the third party, its parent undertaking and ultimate parent undertaking, its subsidiaries and affiliates, and any other persons and entities associated with or connected with a network as defined in point 7 of Article 2 of Directive 2006/43/EC. The chart shall identify the undertakings by their full name, the LEI or, where not available, another identifier required in accordance with the applicable national law, legal form and business address.
Article 2
Composition of the management body and the organisational structure
The application referred to in Article 1 shall include the third party's internal governance policies and the terms of procedure which govern its management body, its independent directors and, where established, the committees or substructures of its management bodies.
The application referred to in Article 1 shall identify the members of the management body, including independent directors, and, where applicable, the members of committees or other substructures set-up within that management body. For each member of the management body, including its independent directors, the application shall describe the position held within the management body, the responsibilities allocated to that position and the time that will be devoted to fulfil those responsibilities.
The application referred to in Article 1 shall contain a chart detailing the organisational structure of the third party, which clearly identifies the roles of each member of the management body of that third party. Where the third party provides or intends to provide other services than STS compliance services, the organisational chart shall detail the identity and responsibility of the members of the management body in respect of those services.
The application referred to in Article 1 shall contain the following information in respect of each member of the management body:
(b) details of any criminal convictions, in particular in the form of an official criminal record certificate;
(d) a signed declaration of any potential conflict of interest that the member may have in performing his or her duties and how those conflicts will be managed, including an inventory of any positions held in other undertakings;
(e) where not already included in point (a), a description of the member's knowledge of and experience in the tasks relevant for the third party's provision of STS compliance services, and in particular, knowledge of and experience in different types of securitisation or securitisations of different underlying exposures.
The application referred to in Article 1 shall contain the following, in respect of each independent director:
(a) evidence of the director's independence within the management body;
(b) disclosures of any past or present business, employment or other relationship that creates or might create a potential conflict of interest;
(c) disclosures of any business, family or other relationship with the third party, its controlling shareholder or the management of either, that creates or might create a conflict of interest.
Article 3
Corporate governance
Where the third party adheres to a corporate governance code of conduct for the appointment and role of the independent directors and the management of conflicts of interest, the application referred to in Article 1 shall identify that code and provide an explanation for any deviation by the third party s from that code.
Article 4
Independence and avoidance of conflicts of interest
The application referred to in Article 1 shall contain detailed information about the applicant's internal control systems for the management of conflicts of interest, including a description of the third party's compliance function and its risk assessment arrangements.
The application referred to in Article 1 shall contain information about the policies and procedures for the identification, management, elimination, mitigation and disclosure of existing or potential conflicts of interest and threats to the independence of the third party's provision of STS compliance services.
The application referred to in Article 1 shall contain a description of any other measures and controls applied to ensure the proper and timely identification, management and disclosure of conflicts of interest.
The application referred to in Article 1 shall contain an up-to-date inventory of any potential or existing conflicts of interest identified by the third party in accordance with Article 28(1)(f) of Regulation (EU) 2017/2402, and shall include:
(a) a description of any actual or potential conflicts of interest involving the third party, shareholders, owners or members of the third party, members of the management body, managers, staff of the third party or any other natural person whose services are placed at the disposal or under the control of the third party;
(b) a description of any actual or potential conflicts of interest arising from existing or envisaged business relationships of the third party, including any existing or envisaged outsourcing arrangements or from the third party's other activities.
The application referred to in Article 1 shall provide details on policies or procedures that aim to ensure that the third party does not provide any form of advisory, audit or equivalent services to the originator, sponsor, or the SSPE involved in the securitisation whose STS compliance the third party assesses.
The application referred to in Article 1 shall provide details on the following:
(a) revenue from other non-STS related services provided by the third party, disaggregated into the revenue from non-securitisation-related services and the revenue from securitisation-related services, over each of the three annual reporting periods preceding the date of submission of the application, or where not available, since the incorporation of the third party;
(b) the projected proportion of revenue from STS compliance services compared with the total projected revenue for the forthcoming three years' reference period.
The application referred to in Article 1 shall include, where applicable, the following information on the concentration of revenue from a single undertaking or a group of undertakings:
(a) information identifying any undertaking, or any group of economically connected undertakings, that provided more than 10 % of the third party's total revenue over each of the three annual reporting periods preceding the date of the submission of the application, or, where not available, since the incorporation of the third party;
(b) a statement whether an undertaking, or a group of economically connected undertakings, is projected to provide at least 10 % of the third party's projected revenue from the provision of STS compliance services over each of the next three years.
Where applicable, the application referred to in Article 1 shall contain an assessment of how a concentration of revenue from a single undertaking or a group of economically connected undertakings identified in paragraph 7 is compatible with the third party's policies and procedures on the independence of the STS compliance services referred to in paragraph 2.
Article 5
Fee structure
The application referred to in Article 1 shall contain information on the pricing policies for providing the STS compliance services and shall include all of the following:
(a) pricing criteria and a fee structure or a fee schedule for the STS compliance services for each type of securitisation for which such services are offered (distinguishing non ABCP securitisations from ABCP securitisations and programmes), including any internal guidelines or procedures governing how the pricing criteria are used in order to determine or set individual fees;
(b) details of the methods used to record any specific costs incurred when providing STS compliance services, including additional incidental expenses related to the provision of STS compliance services, including transport and accommodation, and, where the third party intends to outsource parts of its provision of STS compliance services, a description as to how that outsourcing is to be taken into account in the pricing criteria;
(c) a detailed description of any established procedures for the modification of fees or for departing from the fee schedule, including under any frequent use programme;
(d) a detailed description of any established procedures or internal controls which ensure and monitor compliance with the pricing policies, including any procedures or internal controls which monitor the development of individual fees over time and across different customers to which STS compliance services are provided;
(e) a detailed description of any processes for reviewing and updating both the costing system and pricing policies;
(f) a detailed description of any procedures and internal controls for maintaining records relating to fee schedules, individual fees applied, or modifications to the third party's pricing policies.
The application referred to in Article 1 shall provide information on the following:
(a) whether the fees are set in advance of the provision of the STS compliance service;
(b) whether prepaid fees are non-refundable;
Reading this document does not replace reading the official text published in the Official Journal of the European Union. We assume no responsibility for any inaccuracies arising from the conversion of the original to this format.