- Latest available (Revised)
- Original (As adopted by EU)
Commission Delegated Regulation (EU) 2017/392Show full title
Commission Delegated Regulation (EU) 2017/392 of 11 November 2016 supplementing Regulation (EU) No 909/2014 of the European Parliament and of the Council with regard to regulatory technical standards on authorisation, supervisory and operational requirements for central securities depositories (Text with EEA relevance)
You are here:
What Version
Advanced Features
- Show Geographical Extent(e.g. England, Wales, Scotland and Northern Ireland)
- Show Timeline of Changes
More Resources
Legislation originating from the EU
When the UK left the EU, legislation.gov.uk published EU legislation that had been published by the EU up to IP completion day (31 December 2020 11.00 p.m.). On legislation.gov.uk, these items of legislation are kept up-to-date with any amendments made by the UK since then.
This item of legislation originated from the EU
Legislation.gov.uk publishes the UK version. EUR-Lex publishes the EU version. The EU Exit Web Archive holds a snapshot of EUR-Lex’s version from IP completion day (31 December 2020 11.00 p.m.).
Changes over time for: SECTION 1
Changes to legislation:
Commission Delegated Regulation (EU) 2017/392,
SECTION 1
is up to date with all changes known to be in force on or before 07 January 2026. There are changes that may be brought into force at a future date. Changes that have been made appear in the content and are referenced with annotations.
EUR 2017 No. 392 may be subject to amendment by EU Exit Instruments made by the Bank of England under powers set out in The Financial Regulators' Powers (Technical Standards etc.) (Amendment etc.) (EU Exit) Regulations 2018 (S.I. 2018/1115), regs. 2, 3, Sch. Pt. 3. These amendments are not currently available on legislation.gov.uk. Details of relevant amending instruments can be found on their website/s.
Changes to Legislation
Revised legislation carried on this site may not be fully up to date. Changes and effects are recorded by our editorial team in lists which can be found in the ‘Changes to Legislation’ area. Where those effects have yet to be applied to the text of the legislation by the editorial team they are also listed alongside the legislation in the affected provisions. Use the ‘more’ link to open the changes and effects relevant to the provision you are viewing.
Changes and effects yet to be applied to Chapter X Section 1:
- Regulation revoked by 2023 c. 29 Sch. 1 Pt. 1 3
SECTION 1 U.K. Identifying operational risks
Article 66U.K.General operational risks and their assessment
1.The operational risks referred to in Article 45(1) of Regulation (EU) No 909/2014 comprise the risks caused by deficiencies in information systems, internal processes, and personnel's performance or disruptions caused by external events that result in the reduction, deterioration or interruption of services provided by a CSD.
2.A CSD shall identify all potential single points of failure in its operations and assess the evolving nature of the operational risk that it faces, including pandemics and cyber-attacks, on an ongoing basis.
Article 67U.K.Operational risks that may be posed by key participants
1.A CSD shall, on an ongoing basis, identify the key participants in the securities settlement system that it operates based on the following factors:
(a)their transaction volumes and values;
(b)material dependencies between its participants and its participants' clients, where the clients are known to the CSD, that might affect the CSD;
(c)their potential impact on other participants and the securities settlement system of the CSD as a whole in the event of an operational problem affecting the smooth provision of services by the CSD.
For the purposes of point (b) in the first subparagraph, the CSD shall also identify the following:
(i)
the participants' clients responsible for a significant proportion of transactions processed by the CSD;
(ii)
the participants' clients whose transactions, based on their volumes and values, are significant relative to the respective participants' risk-management capacity.
2.A CSD shall review and keep the identification of the key participants up-to-date on an ongoing basis.
3.A CSD shall have clear and transparent criteria, methodologies and standards in order to ensure that key participants meet the operational requirements.
4.A CSD shall, on an ongoing basis, identify, monitor, and manage the operational risks that it faces from key participants.
For the purposes of the first subparagraph, the operational risk-management system referred to in Article 70 shall also provide for rules and procedures to gather all relevant information about their participants' clients. The CSD shall also include in the agreements with its participants all terms necessary to facilitate the gathering of that information.
Article 68U.K.Operational risks that may be posed by critical utilities and critical service providers
1.A CSD shall identify critical utilities providers and critical service providers that may pose risks to CSD's operations due to its dependency on them.
2.A CSD shall take appropriate actions to manage the dependencies referred to in paragraph 1 through adequate contractual and organisational arrangements, as well as through specific provisions in its business continuity policy and disaster recovery plan, before any relationship with those providers becomes operational.
3.A CSD shall ensure that its contractual arrangements with any providers identified in accordance with paragraph 1 require a prior approval of the CSD for the service provider to further subcontract any elements of the services provided to the CSD.
Where the service provider outsources its services in accordance with the first subparagraph, the CSD shall ensure that the level of service and its resilience is not impacted and full access by the CSD to the information necessary for the provision of the outsourced services is preserved.
4.A CSD shall establish clear lines of communication with the providers referred to in paragraph 1 to facilitate the exchange of information in both ordinary and exceptional circumstances.
5.A CSD shall inform its competent authority about any dependencies on utilities and service providers identified under paragraph 1 and take measures to ensure that authorities can obtain information about the performance of those providers, either directly from utilities or service providers or through the CSD.
Article 69U.K.Operational risks that may be posed by other CSDs or market infrastructures
1.A CSD shall ensure that its systems and communication arrangements with other CSDs or market infrastructures are reliable, secure and designed to minimise operational risks.
2.Any arrangement that a CSD enters into with another CSD or another market infrastructures shall provide that:
(a)the other CSD or other financial market infrastructure discloses to the CSD any critical service provider on which the other CSD or market infrastructure relies;
(b)the governance arrangements and management processes in the other CSD or other market infrastructure do not affect the smooth provision of services by the CSD, including the risk-management arrangements and the non-discriminatory access conditions.
Options/Help
Print Options
PrintThe Whole Regulation
PrintThe Whole Chapter
PrintThis Section only
Legislation is available in different versions:
Latest Available (revised):The latest available updated version of the legislation incorporating changes made by subsequent legislation and applied by our editorial team. Changes we have not yet applied to the text, can be found in the ‘Changes to Legislation’ area.
Original (As adopted by EU): The original version of the legislation as it stood when it was first adopted in the EU. No changes have been applied to the text.
See additional information alongside the content
Geographical Extent: Indicates the geographical area that this provision applies to. For further information see ‘Frequently Asked Questions’.
Show Timeline of Changes: See how this legislation has or could change over time. Turning this feature on will show extra navigation options to go to these specific points in time. Return to the latest available version by using the controls above in the What Version box.
Opening Options
Different options to open legislation in order to view more content on screen at once
More Resources
Access essential accompanying documents and information for this legislation item from this tab. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the EU Official Journal
- lists of changes made by and/or affecting this legislation item
- all formats of all associated documents
- correction slips
- links to related legislation and further information resources
Timeline of Changes
This timeline shows the different versions taken from EUR-Lex before exit day and during the implementation period as well as any subsequent versions created after the implementation period as a result of changes made by UK legislation.
The dates for the EU versions are taken from the document dates on EUR-Lex and may not always coincide with when the changes came into force for the document.
For any versions created after the implementation period as a result of changes made by UK legislation the date will coincide with the earliest date on which the change (e.g an insertion, a repeal or a substitution) that was applied came into force. For further information see our guide to revised legislation on Understanding Legislation.
More Resources
Use this menu to access essential accompanying documents and information for this legislation item. Dependent on the legislation item being viewed this may include:
- the original print PDF of the as adopted version that was used for the print copy
- correction slips
Click 'View More' or select 'More Resources' tab for additional information including:
- lists of changes made by and/or affecting this legislation item
- confers power and blanket amendment details
- all formats of all associated documents
- links to related legislation and further information resources
All content is available under the Open Government Licence v3.0 except where otherwise stated. This site additionally contains content derived from EUR-Lex, reused under the terms of the Commission Decision 2011/833/EU on the reuse of documents from the EU institutions. For more information see the EUR-Lex public statement on re-use.