1.The key components of the governance arrangements of the CCP that define its organisational structure as well as clearly specified and well-documented policies, procedures and processes by which its board and senior management operate shall include the following:
(a)the composition, role and responsibilities of the board and any board committees;
(b)the roles and responsibilities of the management;
(c)the senior management structure;
(d)the reporting lines between the senior management and the board;
(e)the procedures for the appointment of board members and senior management;
(f)the design of the risk management, compliance and internal control functions;
(g)the processes for ensuring accountability to stakeholders.
2.A CCP shall have adequate staff to meet all obligations arising from this Regulation and from Regulation (EU) No 648/2012. A CCP shall not share its staff with other group entities, unless under the terms of an outsourcing arrangement in accordance with Article 35 of Regulation (EU) No 648/2012.
3.A CCP shall establish lines of responsibility which are clear, consistent and well-documented. A CCP shall ensure that the functions of the chief risk officer, chief compliance officer and chief technology officer are carried out by different individuals, who shall be employees of the CCP entrusted with the exclusive responsibility of performing these functions.
4.A CCP that is part of a group shall take into account any implications of the group for its own governance arrangements including whether it has the necessary level of independence to meet its regulatory obligations as a distinct legal person and whether its independence could be compromised by the group structure or by any board member also being a member of the board of other entities of the same group. In particular, such a CCP shall consider specific procedures for preventing and managing conflicts of interest including with respect to outsourcing arrangements.
5.Where a CCP maintains a two-tiered board system, the role and responsibilities of the board as established in this Regulation and in Regulation (EU) No 648/2012 shall be allocated to the supervisory board and the management board as appropriate.
6.The risk management policies, procedures, systems and controls shall be part of a coherent and consistent governance framework that is reviewed and updated regularly.
1.A CCP shall have a sound framework for the comprehensive management of all material risks to which it is or may be exposed. A CCP shall establish documented policies, procedures and systems that identify, measure, monitor and manage such risks. In establishing risk-management policies, procedures and systems, a CCP shall structure them in a way as to ensure that clearing members properly manage and contain the risks they pose to the CCP.
2.A CCP shall take an integrated and comprehensive view of all relevant risks. These shall include the risks it bears from and poses to its clearing members and, to the extent practicable, clients as well as the risks it bears from and poses to other entities such as, but not limited to interoperable CCPs, securities settlement and payment systems, settlement banks, liquidity providers, central securities depositories, trading venues served by the CCP and other critical service providers.
3.A CCP shall develop appropriate risk management tools to be in a position to manage and report on all relevant risks. These shall include the identification and management of system, market or other interdependencies. If a CCP provides services linked to clearing that present a distinct risk profile from its functions and potentially pose significant additional risks to it, the CCP shall manage those additional risks adequately. This may include separating legally the additional services that the CCP provides from its core functions.
4.The governance arrangements shall ensure that the board of a CCP assumes final responsibility and accountability for managing the CCP’s risks. The board shall define, determine and document an appropriate level of risk tolerance and risk bearing capacity for the CCP. The board and senior management shall ensure that the CCP’s policies, procedures and controls are consistent with the CCP’s risk tolerance and risk bearing capacity and that they address how the CCP identifies, reports, monitors and manages risks.
5.A CCP shall employ robust information and risk-control systems to provide the CCP and, where appropriate, its clearing members and, where possible, clients with the capacity to obtain timely information and to apply risk management policies and procedures appropriately. These systems shall ensure, at least that credit and liquidity exposures are monitored continuously at the CCP level as well as at the clearing member level and, to the extent practicable, at the client level.
6.A CCP shall ensure that the risk management function has the necessary authority, resources, expertise and access to all relevant information and that it is sufficiently independent from the other functions of the CCP. The CCP chief risk officer shall implement the risk management framework including the policies and procedures established by the board.
7.A CCP shall have adequate internal control mechanisms to assist the board in monitoring and assessing the adequacy and effectiveness of a its risk management policies, procedures and systems. Such mechanisms shall include sound administrative and accounting procedures, a robust compliance function and an independent internal audit and validation or review function.
8.A CCP’s financial statement shall be prepared on an annual basis and be audited by statutory auditors or audit firms within the meaning of Directive 2006/43/EC of the European Parliament and of the Council(1).
1.A CCP shall establish, implement and maintain adequate policies and procedures designed to detect any risk of failure by the CCP and its employees to comply with the its obligations under this Regulation, Regulation (EU) No 648/2012 and Implementing Regulation (EU) No 1249/2012, as well as the associated risks, and put in place adequate measures and procedures designed to minimise such risk and to enable the competent authorities to exercise their powers effectively under these Regulations.
2.A CCP shall ensure that its rules, procedures and contractual arrangements are clear and comprehensive and they ensure compliance with this Regulation, Regulation (EU) No 648/2012 and Implementing Regulation (EU) No 1249/2012 as well as all other applicable regulatory and supervisory requirements.
The rules, procedures and contractual arrangements of the CCP shall be recorded in writing or another durable medium. These rules, procedures, and contractual arrangements and any accompanying material shall be accurate, up-to-date and readily available to the competent authority, clearing members and, where appropriate, clients.
A CCP shall identify and analyse the soundness of the rules, procedures and contractual arrangements of the CCP. If necessary, independent legal opinions shall be sought for the purpose of this analysis. The CCP shall have a process for proposing and implementing changes to its rules and procedures and prior to implementing any material changes to consult with all affected clearing members and submit the proposed changes to the competent authority.
3.In developing its rules, procedures and contractual arrangements a CCP shall consider relevant regulatory principles and industry standards and market protocols and clearly indicate where such practices have been incorporated into the documentation governing the rights and obligations of the CCP, its clearing members and other relevant third parties.
4.A CCP shall identify and analyse potential conflicts of law issues and develop rules and procedures to mitigate legal risk resulting from such issues. If necessary, independent legal opinions shall be sought by the CCP for the purpose of this analysis.
A CCP’s rules and procedures shall clearly indicate the law that is intended to apply to each aspect of the CCP’s activities and operations.
1.A CCP shall establish and maintain a permanent and effective compliance function which operates independently from the other functions of the CCP. It shall ensure that the compliance function has the necessary authority, resources, expertise and access to all relevant information.
When establishing its compliance function, the CCP shall take into account the nature, scale and complexity of its business, and the nature and range of the services and activities undertaken in the course of that business.
2.The chief compliance officer shall at least have the following responsibilities:
(a)monitor and, on a regular basis, assess the adequacy and effectiveness of the measures put in place in accordance with Article 5(4) and the actions taken to address any deficiencies in the CCP’s compliance with its obligations;
(b)administer the compliance policies and procedures established by senior management and the board;
(c)advise and assist the persons responsible for carrying out the CCP services and activities to comply with the CCP’s obligations under this Regulation, Regulation (EC) No 648/2012 and Implementing Regulation (EU) No 1249/2012 and other regulatory requirements, where applicable;
(d)report regularly to the board on compliance by the CCP and its employees with this Regulation, Regulation (EU) No 648/2012 and Implementing Regulation (EU) No 1249/2012;
(e)establish procedures for the effective remediation of instances of non-compliance;
(f)ensure that the relevant persons involved in the compliance function are not involved in the performance of the services or activities they monitor and that any conflicts of interest of such persons are properly identified and eliminated.
1.A CCP shall define the composition, role and responsibilities of the board and senior management and any board committees. These arrangements shall be clearly specified and well-documented. The board shall establish, at a minimum an audit committee and a remuneration committee. The risk committee established in accordance with Article 28 of Regulation (EU) No 648/2012 shall be an advisory committee to the board.
2.The board shall assume at least the following responsibilities:
(a)the establishment of clear objectives and strategies for the CCP;
(b)the effective monitoring of senior management;
(c)the establishment of appropriate remuneration policies,
(d)the establishment and oversight of the risk management function;
(e)the oversight of the compliance function and internal control function;
(f)the oversight of outsourcing arrangements;
(g)the oversight of compliance with all provisions of this Regulation, Regulation (EU) No 648/2012, Implementing Regulation (EU) No 1249/2012 and all other regulatory and supervisory requirements;
(h)the provision of accountability to the shareholders or owners and employees, clearing members and their customers and other relevant stakeholders.
3.Senior management shall have at least the following responsibilities:
(a)ensuring consistency of the CCP’s activities with the objectives and strategy of the CCP as determined by the board;
(b)designing and establishing compliance and internal control procedures that promote the CCP’s objectives;
(c)subjecting the internal control procedures to regular review and testing;
(d)ensuring that sufficient resources are devoted to risk management and compliance;
(e)be actively involved in the risk control process;
(f)ensuring that risks posed to the CCP by its clearing and activities linked to clearing are duly addressed.
4.Where the board delegates tasks to committees or sub-committees, it shall retain the approval of decisions that could have a significant impact on the risk profile of the CCP.
5.The arrangements by which the board and senior management operate shall include processes to identify, address and manage potential conflicts of interest of members of the board and senior management.
6.A CCP shall have clear and direct reporting lines between its board and senior management in order to ensure that the senior management is accountable for its performance. The reporting lines for risk management, compliance and internal audit shall be clear and separate from those for the other operations of the CCP. The chief risk officer shall report to the board either directly or through the chair of the risk committee. The chief compliance officer and the internal audit function shall report directly to the board.
1.The remuneration committee shall design and further develop the remuneration policy, oversee its implementation by senior management and review its practical operation on a regular basis. The policy itself shall be documented and reviewed at least on an annual basis.
2.The remuneration policy shall be designed to align the level and structure of remuneration with prudent risk management. The policy shall account for prospective risks as well as existing risks and risk outcomes. Pay out schedules shall be sensitive to the time horizon of risks. In particular in the case of variable remuneration the policy shall take due account of possible mismatches of performance and risk periods and shall ensure that payments are deferred as appropriate. The fixed and variable components of total remuneration shall be balanced and shall be consistent with risk alignment.
3.The remuneration policy shall provide that staff engaged in risk management, compliance and internal audit functions are remunerated in a manner that is independent of the business performance of the CCP. The level of remuneration shall be adequate in terms of responsibility as well as in comparison to the level of remuneration in the business areas.
4.The remuneration policy shall be subject to independent audit, on an annual basis. The results of these audits shall be made available to the competent authority.
1.A CCP shall design and ensure its information technology systems are reliable and secure as well as capable of processing the information necessary for the CCP to perform its activities and operations in a safe and efficient manner.
The information technology architecture shall be well-documented. The systems shall be designed to deal with the CCP’s operational needs and the risks the CCP faces, be resilient, including in stressed market conditions, and be scalable, if necessary, to process additional information. The CCP shall provide for procedures and capacity planning as well as for sufficient redundant capacity to allow the system to process all remaining transactions before the end of the day in circumstances where a major disruption occurs. The CCP shall provide for procedures for the introduction of new technology including clear reversion plans.
2.In order to ensure a high degree of security in information processing and to enable connectivity with its clearing members and clients as well as with its service providers, a CCP shall base its information technology systems on internationally recognised technical standards and industry best practices. The CCP shall subject its systems to stringent testing, simulating stressed conditions, before initial use, after making significant changes and after a major disruption has occurred. Clearing members and clients, interoperable CCPs and other interested parties shall be involved as appropriate in the design and conduct of these tests.
3.A CCP shall maintain a robust information security framework that appropriately manages its information security risk. The framework shall include appropriate mechanisms, policies and procedures to protect information from unauthorised disclosure, to ensure data accuracy and integrity and to guarantee the availability of the CCP’s services.
4.The information security framework shall include at least the following features:
(a)access controls to the system;
(b)adequate safeguards against intrusions and data misuse;
(c)specific devices to preserve data authenticity and integrity, including cryptographic techniques;
(d)reliable networks and procedures for accurate and prompt data transmission without major disruptions;
(e)audit trails.
5.The information technology systems and the information security framework shall be reviewed at least on an annual basis. They shall be subject to independent audit assessments. The results of these assessments shall be reported to the board and shall be made available to the competent authority.
1.A CCP shall make the following information available to the public free of charge:
(a)information regarding its governance arrangements, including the following:
its organisational structure as well as key objectives and strategies;
key elements of the remuneration policy;
key financial information including its most recent audited financial statements;
(b)information regarding its rules, including the following:
default management procedures, procedures and supplementary texts;
relevant business continuity information;
information on the CCP’s risk management systems, techniques and performance in accordance with Chapter XII;
all relevant information on its design and operations as well as on the rights and obligations of clearing members and clients, necessary to enable them to identify clearly and understand fully the risks and costs associated with using the CCP’s services;
the CCP’s current clearing services, including detailed information on what it provides under each service;
the CCP’s risk management systems, techniques and performance, including information on financial resources, investment policy, price data sources and models used in margin calculations;
the law and the rules governing:
the access to the CCP;
the contracts concluded by the CCP with clearing members and, where practicable, clients;
the contracts that the CCP accepts for clearing;
any interoperability arrangements;
the use of collateral and default fund contributions, including the liquidation of positions and collateral and the extent to which collateral is protected against third party claims;
(c)information regarding eligible collateral and applicable haircuts;
(d)a list of all current clearing members, including admission, suspension and exit criteria for clearing membership.
Where the competent authority agrees with the CCP that any of the information under point (b) or (c) of this paragraph may put at risk business secrets or the safety and soundness of the CCP, the CCP may decide to disclose that information in a manner that prevents or reduces those risks, or not to disclose such information.
2.A CCP shall disclose to the public, free of charge, information regarding any material changes in its governance arrangements, objectives, strategies and key policies as well as in its applicable rules and procedures.
3.Information to be disclosed to the public by the CCP shall be accessible on its website. Information shall be available in at least a language customary in the sphere of international finance.
1.A CCP shall establish and maintain an internal audit function which is separate and independent from the other functions and activities of the CCP and which has the following tasks:
(a)to establish, implement and maintain an audit plan to examine and evaluate the adequacy and effectiveness of the CCP’s systems, internal control mechanisms and governance arrangements;
(b)to issue recommendations based on the result of work carried out in accordance with point (a);
(c)to verify compliance with those recommendations;
(d)to report internal audit matters to the board.
2.The internal audit function shall have the necessary authority, resources, expertise, and access to all relevant documents for the performance of its functions. It shall be sufficiently independent from the management and shall report directly to the board.
3.Internal audit shall assess the effectiveness of the CCP’s risk management processes and control mechanisms in a manner that is proportionate to the risks faced by the different business lines and independent of the business areas assessed. The internal audit function shall have the necessary access to information in order to review all of the CCP’s activities and operations, processes and systems, including outsourced activities.
4.Internal audit assessments shall be based on a comprehensive audit plan that shall be reviewed and reported to the competent authority at least on an annual basis. The CCP shall ensure that special audits may be performed on an event-driven basis at short notice. Audit planning and review shall be approved by the board.
5.A CCP’s clearing operations, risk management processes, internal control mechanisms and accounts shall be subject to independent audit. Independent audits shall be performed, at a least, on an annual basis.