LegalizeCommission Implementing Regulation (EU) 2024/2956 of 29 November 2024 laying down implementing technical standards for the application of Regulation (EU) 2022/2554 of the European Parliament and of the Council with regard to standard templates for the register of information
Article 1
Definitions
For the purposes of this Regulation, the following definitions apply:
‘direct ICT third-party service provider’ means an ICT third-party service provider or ICT intra-group service provider that signed a contractual arrangement with:
(a) a financial entity to provide its ICT services directly to that financial entity; (b) a financial or a non-financial entity to provide its services to other financial entities within the same group;
‘ICT service supply chain’ means a sequence of contractual arrangements connected with the ICT service being provided by the direct ICT third-party service provider to the financial entity, starting with the direct ICT third-party service provider which has one or multiple other ICT third-party service providers as counterparties (subcontractors);
‘rank’ means the position of an ICT third-party service provider in the ICT service supply chain.
Article 2
Ranking of ICT third-party providers in the supply chain
Financial entities shall assign a rank to each ICT third-party service provider. The rank shall be any natural number higher or equal to ‘1’ where the lower the natural number assigned to the rank, the closer the arrangement is to the financial entity.
The rank of the direct ICT third-party service provider in the ICT service supply chain shall always be ‘1’.
The rank of the subcontractor in the ICT service supply chain shall always be higher than ‘1’.
Article 3
General requirements for the templates of the register of information
Financial entities shall ensure that the templates referred to in paragraph 1 include all of the following:
(a) the relevant information in relation to all the ICT services provided by direct ICT third-party providers;
(b) information on all subcontractors that effectively underpin ICT services supporting critical or important functions or material parts thereof.
In case of groups, financial entities responsible for maintaining and updating the register of information at sub-consolidated and consolidated level shall ensure that information in relation to entity level in the consolidation is correct and consistent with the information at the sub-consolidated and consolidated level.
Financial entities shall ensure that the information contained in the templates referred to in paragraph 1 adhere to the following principles of data quality:
(a) accuracy;
(b) completeness;
(c) consistency;
(d) integrity;
(e) uniformity;
(f) validity.
Article 4
Data format requirement
Article 5
Content of the register of information
Financial entities shall include in the register of information, in accordance with the instructions set out in Annex I, the following information:
(a) general information on the financial entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively, as specified in template B_01.01 of Annex I;
(b) general information on the entities in the consolidation as specified in template B_01.02 of Annex I;
(c) identification of the branches of financial entities located outside the home country listed in template B_01.02, where applicable, as specified in template B_01.03 of Annex I;
(d) general information on the contractual arrangements as specified in template B_02.01 of Annex I;
(e) specific information on the contractual arrangements as specified in template B_02.02 of Annex I;
(f) information on the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain is intra-group as specified in template B_02.03 of Annex I;
(g) information on the entities signing the contractual arrangements with the direct ICT third-party service providers for receiving ICT services or on behalf of the entities using the ICT services as specified in template B_03.01 of Annex I;
(h) identification of the ICT third-party service providers signing the contractual arrangements for providing ICT services as specified in template B_03.02 of Annex I;
(i) identification of the entities signing the contractual arrangements for providing ICT services to other entities in the consolidation as specified in template B_03.03 of Annex I;
(j) information on the entities making use of the ICT services provided by the ICT third-party service providers as specified in template B_04.01 of Annex I;
(k) information on the direct ICT third-party service providers and subcontractors, as specified in template B_05.01 of Annex I;
(l) information on the ICT service supply chain, as specified in template B_05.02 of Annex I;
(m) information on the identification of functions as specified in template B_06.01 of Annex I;
(n) information on the assessment of the ICT services provided by ICT third-party service providers supporting a critical or important function or material parts thereof as specified in template B_07.01 of Annex I;
(o) information on the terminology used by financial entities and the terms included in the closed lists and classification systems used when filling in the templates as specified in template B_99.01 of Annex I.
Article 6
Scope of the register of information at sub-consolidated and consolidated level
Article 7
Entry into force
This Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.
This Regulation shall be binding in its entirety and directly applicable in all Member States.
ANNEX I
PART 1
GENERAL INSTRUCTIONS
Financial entities while maintaining and updating the register of information at entity, sub-consolidated and consolidated level, shall fill-in the templates of the register of information with data using the formats set out in the instructions in Part 2.
Part 2 lays down instructions to be followed by financial entities to complete each column of each template. When completing the information of certain columns, financial entities shall refer to Annexes II, III and IV or other external sources. In such cases, the reference to the relevant Annexes or external sources is indicated in the instructions.
List of the templates
| Template Code | Template Name | Short Description |
|---|---|---|
| B_01.01 | Entity maintaining the register of information | This template identifies the entity maintaining and updating the register of information at entity, sub-consolidated and consolidated level, respectively. |
| B_01.02 | List of entities within the scope of consolidation | This template identifies all the entities belonging to the group. Where the financial entity responsible for maintaining and updating the register of information does not belong to a group, only that financial entity shall be reported in this template. |
| B_01.03 | List of branches | This template identifies the branches of the financial entities referred to in template B_01.02. |
| B_02.01 | Contractual arrangements – general information | This template lists all contractual arrangements with direct ICT third-party service providers. For each contractual arrangement with a direct ICT third-party service provider, the financial entity maintaining the register of information shall assign a unique ‘contractual arrangement reference number’ to identify unambiguously the contractual arrangement itself. |
| B_02.02 | Contractual arrangements – specific information | This template provides details in relation to each contractual arrangement listed in template B_02.01 with regard to: (a) the ICT services included in the scope of the contractual arrangement; (b) the functions of the financial entities supported by those ICT services; (c) other important information in relation to the specific ICT services provided (e.g. notice period, law governing the arrangement, etc.). |
| B_02.03 | List of intra-group contractual arrangements | This template identifies the links between intra-group contractual arrangements and contractual arrangements with ICT third-party service providers which are not part of the group using the contractual reference numbers when part of the ICT service supply chain. |
| B_03.01 | Entities signing the contractual arrangements for receiving ICT service(s) or on behalf of the entities making use of the ICT service(s) | This template provides information on the entity signing the contractual arrangements with the direct ICT third-party service provider for the entity making use of the ICT services. Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services is the financial entity maintaining and updating the register of information. In the context of sub-consolidation and consolidation, the financial entity making use of the ICT services provided is not necessarily the entity signing the contractual arrangement with the ICT third-party service providers. |
| B_03.02 | ICT third-party service providers signing the contractual arrangements for providing ICT service(s) | This template identifies all the ICT third-party service providers referred to in template B_05.01 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services. |
| B_03.03 | Entities signing the contractual arrangements for providing ICT service(s) to other entities within the scope of consolidation | This template identifies all the entities referred to in template B_01.02 signing the contractual arrangements referred to in template B_02.01 for providing the ICT services to other entities in the consolidation. |
| B_04.01 | Entities making use of the ICT services | This template identifies all entities making uses of the ICT services provided by ICT third-party service providers and registered in the register of information. The entities making use of the ICT services shall be either the financial entities in scope, or the ICT intra-group service providers. Where the register of information is maintained and updated at entity level, the entity signing the contractual arrangement and the entity making use of the ICT services are the financial entity maintaining the register. |
| B_05.01 | ICT third-party service providers | This template lists and provides general information to identify: (a) the direct ICT third-party service providers; (b) the ICT intra-group service providers; (c) all subcontractors included in template B_05.02 on ICT service supply chain; (d) the ultimate parent undertaking of the ICT third-party service providers listed in points (a), (b) and (c). |
| B_05.02 | ICT service supply chain | This template identifies and links the ICT third-party service providers that are part of the same ICT service supply chain. Financial entities shall identify and rank the ICT third-party service providers for each ICT service included in each contractual arrangement. Example: a financial entity has a contractual arrangement with an ICT third-party service provider (‘ICT third-party service provider X’) to receive 2 specific ICT services (‘ICT service A’ and ‘ICT service B’) and the service provider makes use of a subcontractor (‘ICT third-party service provider Y’) to provide one of those services (‘ICT service B’). — In relation to ICT service A, the ICT service supply chain is composed of one ICT third-party service provider, ICT third-party service provider X, which will be ranked as number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. — In relation to ICT service B, the ICT service supply chain is composed of two ICT third-party service providers:— (a) ICT third-party service provider X, which will be ranked number 1 in the template. ICT third-party service provider X is the direct ICT third-party service provider. (b) ICT third-party service provider Y, which will be ranked number 2 in the template. ICT third-party service provider Y is a subcontractor. — All ICT third-party service providers belonging to the same ICT service supply chain share the same ‘contractual arrangement reference number’ as referred to in template B_02.01 and the same type of ICT services |
| B_06.01 | Functions identification | This template identifies and provides information on the functions of the financial entity making use of the ICT services. In the information to be provided in this template, financial entities shall include a unique identifier, the ‘function identifier’ for each combination of a financial entity’s LEI, licenced activity and function. Example: a financial entity (LEI: 21USLEIC20231109J3Z8) which operates under two licensed activities (‘activity A’ and ‘activity B’) will be given two unique ‘function identifiers’ for the same function X (e.g. sales) performed for activity A and activity B, respectively. The function identifier will be: F1 for the combination of “21USLEIC20231109J3Z8”“Activity A” and ‘Function X” F2 for the combination of “21USLEIC20231109J3Z8”“Activity B” and ‘Function X” |
| B_07.01 | Assessments of the ICT services | This template captures information in relation to the risk assessment of the ICT services (e.g. substitutability, date of last audit, etc.) when those ICT services are supporting a critical or important function or material part thereof. |
| B_99.01 | Definitions from entities making use of the ICT Services | This template captures entity-internal explanations, meanings, and definitions of the closed set of indicators used by the financial entity in the register of information. Example: In template B_07.01 the financial entity shall provide an indication of the impact of discontinuation of the ICT services by using a closed set of options (low, medium, high). In template B_99.01 the financial entity shall specify the meaning of those options. |
PART 2
TEMPLATE-SPECIFIC INSTRUCTIONS
Instructions to complete template B_01.01 — Financial entity maintaining the register of information
Identify the financial entity maintaining and updating the register of information.
Reading this document does not replace reading the official text published in the Official Journal of the European Union. We assume no responsibility for any inaccuracies arising from the conversion of the original to this format.