- Latest available (Revised)
- Original (As adopted by EU)
Commission Delegated Regulation (EU) 2017/392Show full title
Commission Delegated Regulation (EU) 2017/392 of 11 November 2016 supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council with regard to regulatory technical standards on authorisation, supervisory and operational requirements for central securities depositories (Text with EEA relevance)
You are here:
What Version
More Resources
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Status:
This is the original version as it was originally adopted in the EU.
This legislation may since have been updated - see the latest available (revised) version
SECTION 1 Identifying operational risks
Article 66General operational risks and their assessment
1.The operational risks referred to in Article 45(1) of Regulation (EU) No 909/2014 comprise the risks caused by deficiencies in information systems, internal processes, and personnel's performance or disruptions caused by external events that result in the reduction, deterioration or interruption of services provided by a CSD.
2.A CSD shall identify all potential single points of failure in its operations and assess the evolving nature of the operational risk that it faces, including pandemics and cyber-attacks, on an ongoing basis.
Article 67Operational risks that may be posed by key participants
1.A CSD shall, on an ongoing basis, identify the key participants in the securities settlement system that it operates based on the following factors:
(a)their transaction volumes and values;
(b)material dependencies between its participants and its participants' clients, where the clients are known to the CSD, that might affect the CSD;
(c)their potential impact on other participants and the securities settlement system of the CSD as a whole in the event of an operational problem affecting the smooth provision of services by the CSD.
For the purposes of point (b) in the first subparagraph, the CSD shall also identify the following:
(i)
the participants' clients responsible for a significant proportion of transactions processed by the CSD;
(ii)
the participants' clients whose transactions, based on their volumes and values, are significant relative to the respective participants' risk-management capacity.
2.A CSD shall review and keep the identification of the key participants up-to-date on an ongoing basis.
3.A CSD shall have clear and transparent criteria, methodologies and standards in order to ensure that key participants meet the operational requirements.
4.A CSD shall, on an ongoing basis, identify, monitor, and manage the operational risks that it faces from key participants.
For the purposes of the first subparagraph, the operational risk-management system referred to in Article 70 shall also provide for rules and procedures to gather all relevant information about their participants' clients. The CSD shall also include in the agreements with its participants all terms necessary to facilitate the gathering of that information.
Article 68Operational risks that may be posed by critical utilities and critical service providers
1.A CSD shall identify critical utilities providers and critical service providers that may pose risks to CSD's operations due to its dependency on them.
2.A CSD shall take appropriate actions to manage the dependencies referred to in paragraph 1 through adequate contractual and organisational arrangements, as well as through specific provisions in its business continuity policy and disaster recovery plan, before any relationship with those providers becomes operational.
3.A CSD shall ensure that its contractual arrangements with any providers identified in accordance with paragraph 1 require a prior approval of the CSD for the service provider to further subcontract any elements of the services provided to the CSD.
Where the service provider outsources its services in accordance with the first subparagraph, the CSD shall ensure that the level of service and its resilience is not impacted and full access by the CSD to the information necessary for the provision of the outsourced services is preserved.
4.A CSD shall establish clear lines of communication with the providers referred to in paragraph 1 to facilitate the exchange of information in both ordinary and exceptional circumstances.
5.A CSD shall inform its competent authority about any dependencies on utilities and service providers identified under paragraph 1 and take measures to ensure that authorities can obtain information about the performance of those providers, either directly from utilities or service providers or through the CSD.
Article 69Operational risks that may be posed by other CSDs or market infrastructures
1.A CSD shall ensure that its systems and communication arrangements with other CSDs or market infrastructures are reliable, secure and designed to minimise operational risks.
2.Any arrangement that a CSD enters into with another CSD or another market infrastructures shall provide that:
(a)the other CSD or other financial market infrastructure discloses to the CSD any critical service provider on which the other CSD or market infrastructure relies;
(b)the governance arrangements and management processes in the other CSD or other market infrastructure do not affect the smooth provision of services by the CSD, including the risk-management arrangements and the non-discriminatory access conditions.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Chapter
PrintThis Section only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.