Commission Delegated Regulation (EU) 2017/571 of 2 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers (Text with EEA relevance)

• Celex Number: 02017R0571-20180206
• Coming into Force: 06 February 2018
• Published date: 06 February 2018
• ELI: http://data.europa.eu/eli/reg_del/2017/571/2018-02-06
• Date: 06 February 2018
• Court: Datos provisionales,Vorläufige Daten,Données provisoires,Provisional data,Dati provvisori

02017R0571 — EN — 06.02.2018 — 001.001

---

This text is meant purely as a documentation tool and has no legal effect. The Union's institutions do not assume any liability for its contents. The authentic versions of the relevant acts, including their preambles, are those published in the Official Journal of the European Union and available in EUR-Lex. Those official texts are directly accessible through the links embedded in this document

►B COMMISSION DELEGATED REGULATION (EU) 2017/571 of 2 June 2016 supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers (Text with EEA relevance) (OJ L 087 31.3.2017, p. 126)

Amended by:

		Official Journal
		No	page	date
►M1	COMMISSION DELEGATED REGULATION (EU) 2018/63 of 26 September 2017	L 12	2	17.1.2018

---

▼B

COMMISSION DELEGATED REGULATION (EU) 2017/571

of 2 June 2016

supplementing Directive 2014/65/EU of the European Parliament and of the Council with regard to regulatory technical standards on the authorisation, organisational requirements and the publication of transactions for data reporting services providers

(Text with EEA relevance)

CHAPTER I

AUTHORISATION

(Article 61(2) of Directive 2014/65/EU)

Article 1

Information to competent authorities

1. An applicant seeking authorisation to provide data reporting services shall submit to the competent authority the information set out in Articles 2, 3 and 4 and the information regarding all the organisational requirements set out in Chapters II and III.

2. A data reporting services provider shall promptly inform the competent authority of its home Member State of any material change to the information provided at the time of the authorisation and thereafter.

Article 2

Information on the organisation

1. An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation a programme of operations referred to in Article 61(2) of Directive 2014/65/EU. The programme of operations shall include the following information:

(a) information on the organisational structure of the applicant, including an organisational chart and a description of the human, technical and legal resources allocated to its business activities;

(b) information on the compliance policies and procedures of the data reporting services provider, including:

(i) the name of the person or persons responsible for the approval and maintenance of those policies;

(ii) the arrangements to monitor and enforce the compliance policies and procedures;

(iii) the measures to be undertaken in the event of a breach which may result in a failure to meet the conditions for initial authorisation;

(iv) a description of the procedure for reporting to the competent authority any breach which may result in a failure to meet the conditions for initial authorisation;

(c) a list of all outsourced functions and resources allocated to the control of the outsourced functions;

2. A data reporting services provider offering services other than data reporting services shall describe those services in the organisational chart.

Article 3

Corporate governance

1. An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation information on the internal corporate governance policies and the procedures which govern its management body, senior management, and, where established, committees.

2. The information set out in paragraph 1 shall include:

(a) a description of the processes for selection, appointment, performance evaluation and removal of senior management and members of the management body;

(b) a description of the reporting lines and the frequency of reporting to the senior management and the management body;

(c) a description of the policies and procedures on access to documents by members of the management body.

Article 4

Information on the members of the management body

1. An applicant seeking authorisation to provide data reporting services shall include in its application for authorisation the following information in respect of each member of the management body:

(a) name, date and place of birth, personal national identification number or an equivalent thereof, address and contact details;

(b) the position for which the person is or will be appointed;

(c) a curriculum vitae evidencing sufficient experience and knowledge to adequately perform the responsibilities;

(d) criminal records, notably through an official certificate, or, where such a document is not available in the relevant Member State, a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member has been convicted of any criminal offence in connection with the provision of financial or data services or in relation to acts of fraud or embezzlement;

(e) a self-declaration of good repute and the authorisation to the competent authority to inquire whether the member:

(i) has been subject to an adverse decision in any proceedings of a disciplinary nature brought by a regulatory authority or government body or is the subject of any such proceedings which are not concluded;

(ii) has been subject to an adverse judicial finding in civil proceedings before a court in connection with the provision of financial or data services, or for misconduct or fraud in the management of a business;

(iii) has been part of the management body of an undertaking which was subject to an adverse decision or penalty by a regulatory authority or whose registration or authorisation was withdrawn by a regulatory authority;

(iv) has been refused the right to carry on activities which require registration or authorisation by a regulatory authority;

(v) has been part of the management body of an undertaking which has gone into insolvency or liquidation while the person held such position or within a year after which the person ceased to hold such position;

(vi) has been otherwise fined, suspended, disqualified, or been subject to any other sanction in relation to fraud, embezzlement or in connection with the provision of financial or data services, by a professional body;

(vii) has been disqualified from acting as a director, disqualified from acting in any managerial capacity, dismissed from employment or other appointment in an undertaking as a consequence of misconduct or malpractice;

(f) An indication of the minimum time that is to be devoted to the performance of the person's functions within the data reporting services provider;

(g) a declaration of any potential conflicts of interest that may exist or arise in performing the duties and how those conflicts are managed.

CHAPTER II

ORGANISATIONAL REQUIREMENTS

(Article 64(3), (4) and (5), Article 65(4), (5) and (6), and Article 66(2), (3) and (4) of Directive 2014/65/EU)

Article 5

Conflicts of interest

1. A data reporting services provider shall operate and maintain effective administrative arrangements, designed to prevent conflicts of interest with clients using its services to meet their regulatory obligations and other entities purchasing data from data reporting services providers. Such arrangements shall include policies and procedures for identifying, managing and disclosing existing and potential conflicts of interest and shall contain:

(a) an inventory of existing and potential conflicts of interest, setting out their description, identification, prevention, management and disclosure;

(b) the separation of duties and business functions within the data reporting services provider including:

(i) measures to prevent or control the exchange of information where a risk of conflicts of interest may arise;

(ii) the separate supervision of relevant persons whose main functions involve interests that are potentially in conflict with those of a client;

(c) a description of the fee policy for determining fees charged by the data reporting services provider and undertakings to which the data reporting services provider has close links;

(d) a description of the remuneration policy for the members of the management body and senior management;

(e) the rules regarding the acceptance of money, gifts or favours by staff of the data reporting services provider and its management body.

2. The inventory of conflicts of interest as referred to in paragraph 1(a) shall include conflicts of interest arising from situations where the data reporting services provider:

(a) may realise a financial gain or avoid a financial loss, to the detriment of a client;

(b) may have an interest in the outcome of a service provided to a client, which is distinct from the client's interest in that outcome;

(c) may have an incentive to prioritise its own interests or the interest of another client or group of clients rather than the interests of a client to whom the service is provided;

(d) receive or may receive from any person other than a client, in relation to the service provided to a client, an incentive in the form of money, goods or services, other than commission or fees received for the service.

Article 6

Organisational requirements regarding outsourcing

1. Where a data reporting services provider arranges for activities to be performed on its behalf by third parties, including undertakings with which it has close links, it shall ensure that the third party service provider has the ability and the capacity, to perform the activities reliably and professionally.

2. A data reporting services provider shall specify which of the activities are to be...