Category: ESMA

Final ESMA Guidelines on cloud outsourcing

Published on by Dr. Verena Ritter-Döring and Charlotte Dreisigacker-Sartor

At the end of December 2020, the European Securities and Markets Authority (ESMA) published its final report on its guidelines on outsourcing to cloud service providers (CSP). The purpose of the guidelines is to help firms identify, address and monitor the risks that may arise from their cloud outsourcing arrangements. Since the main risks associated with cloud outsourcing are similar across financial sectors, ESMA has considered the European Banking Authority (EBA) Guidelines on outsourcing arrangements, which have incorporated the EBA Recommendations on outsourcing to cloud services providers and the European Insurance and Occupational Pensions Authority (EIOPA) Guidelines on outsourcing to cloud service providers. This ensures consistency between the three sets of guidelines. The ESMA Guidelines on cloud outscoring apply to MiFID II firms such as investment firms and other financial services providers indirectly but they describe the market standard and set the supervisory framework for the National Competent Authorities (NCAs) in Europe such as the German Federal Financial Supervisory Authority (Bundesanstalt für Finanzdienstleistungsaufsicht – BaFin).

For the German jurisdiction, BaFin published guidance on outsourcing to cloud providers back in 2018. Please note that the amended MaRisk include outsourcing requirements for investment firms and other financial services providers and already reflect the EBA Guidelines on outsourcing, including cloud outsourcing. For more information on the MaRisk amendment, please see our previous Blogpost.

The guidelines in more detail

The following gives a brief overview of the main content of the ESMA cloud outsourcing guidelines.

  • Guideline 1: Governance, oversight and documentation

Firms should have a defined and up-to date cloud outsourcing strategy which should include, inter alia, a clear assignment of the responsibility for the documentation, management and control of cloud outsourcing arrangements, sufficient resources to ensure compliance with all legal requirements applicable to the firm’s outsourcing arrangements, a cloud outsourcing oversight function directly accountable to the management body and responsible for managing and overseeing the risk of cloud outsourcing arrangements, a (re)assessment of whether the cloud outsourcing arrangements concern critical or important functions as well as an updated register of information on all cloud outsourcing arrangements. For the outsourcing of critical or important functions, the ESMA guidelines include a detailed list of information which should be included in the register.

  • Guideline 2: Pre-outsourcing analysis and due diligence

ESMA provides information on what is required for the pre-outsourcing analysis (e.g. an assessment if the cloud outsourcing concerns a critical or important function). In the case of outsourcing of critical or important function, firms should conduct a comprehensive risk analysis and take into account benefits and costs of the cloud outsourcing and perform an evaluation of the suitability of the CSP.

  • Guideline 3: Key contractual elements

The guidelines provide a detailed list of what a written cloud outsourcing agreement should include in case of outsourcing of critical or important functions. Such agreements should include, inter alia, provisions regarding data protection, agreed service levels incident management, business continuity plans, termination rights and access and audit rights for the firm and its competent supervisory authority.

  • Guideline 4: Information security

Firms should set information security requirements in its internal policies and procedures and within the cloud outsourcing written agreement and monitor compliance with these requirements on an ongoing basis. In case of outsourcing of critical or important functions, additional requirements apply regarding information security organization, identity and access management, encryption and key management, operations and network security, application programming interfaces, business continuity and data location.

  • Guideline 5: Exit strategies

In case of outsourcing of critical or important functions, firms should develop and maintain exit strategies that ensure that the firm is able to exit the cloud outsourcing arrangement without undue disruption to its business activities and services to its client. Exit strategies should include comprehensive and documented exit plans, the identification of alternative solutions and provisions in the written outsourcing agreements that oblige the CSP to support orderly transfer of the outsourced function from the CSP to another CSP.

  • Guideline 6: Access and audit rights

Firms should ensure that the cloud outsourcing written agreement does not limit the firm´s and competent authority´s effective exercise of the access and audit rights on the CSP (see also Guideline 3). However, the Guideline also includes provisions aimed at reducing the organizational burden on the CSP and its clients when exercising access and audit rights: firm may use e.g. third-party certifications and external or internal audit reports made available by the CSP. However, in case of outsourcing of critical or important functions, the guidelines stipulate additional requirements that must be met in order to be able to rely on third party certifications or assessments.

  • Guideline 7: Sub-outsourcing

In case of sub-outsourcing, the firm should ensure that the CSP appropriately oversees the sub-outsourcer. In addition, ESMA provides information on the provisions that should be included in the written outsourcing agreement between the firm and the CSP in the case of sub-outsourcing critical or important function. This includes the remaining accountability of the CSP, a notification requirement for the CSP in case of any intended sub-outsourcing allowing the firm sufficient time to carry out a risk assessment of the proposed sub-outsourcer, the firm´s right to object to the intended sub-outsourcing and termination rights in case of such objection.

  • Guideline 8: Written notification to competent authorities

Firms should notify in writing its competent authority in a timely manner of planned cloud outsourcing arrangement that concern critical or important functions. The notification should include, inter alia, a description of the outsourced functions, a brief summary of the reasons why the outsourced function is considered critical or important and the individual or decision-making body in the firm that approved the cloud outsourcing arrangement.

What´s next?

In a next step, the guidelines will be translated in the official EU languages and published on the ESMA´s website. The publication of the translation will trigger a two-month period during which the national competent authorities must notify ESMA whether they comply or intend to comply with the guidelines (comply or explain mechanism). For the German jurisdiction, it is to be expected that BaFin will comply with the ESMA guidelines.

Brexit update on cross-border services: MiFID II requirements vs. reverse solicitation

Published on by Dr. Verena Ritter-Döring and Charlotte Dreisigacker-Sartor

The European Securities and Markets Authority (ESMA) has recently issued a public statement to remind firms of the MiFID II requirements on the provision of investment services to retail or professional clients by third-country firms. With the end of the UK transition period on December 2020, UK firms now qualify as third-country firms under the MiFID II regime. The third country status of the UK as of 2021 was explicitly confirmed by the German regulator BaFin in a recent publication.

Pursuant to MiFID II, EU Member States may require that a third-country firm intending to provide investment services to retail or to professional clients in its territory have to establish a branch in that Member State or may conduct business requiring a license on a cross-border basis, without having a presence in Germany (so-called notification procedure/EU Passport). However, according to MiFID II, where a retail or professional client established or situated in the EU initiates at its own exclusive initiative the provision of an investment service or activity by a third-country firm, the third country firm is not subject to the MiFID II requirement to establish a branch and to obtain a license (so-called reverse solicitation).

With the end of the UK transition period on December 2020, ESMA notes that some “questionable” practices by firms around reverse solicitation have emerged. For example, ESMA states that some firms appear to be trying to circumvent MiFID II requirements by including general clauses in their Terms of Business or by using online pop-up boxes whereby clients state that any transactions are executed in the exclusive initiative of the client.

With its public statement, ESMA aims to remind firms that pursuant to MiFID II, where a third-country firm solicits (potential) clients in the EU or promotes or advertises investment services in the EU, the investment service is not provided at the initiative of the client and, therefore, MiFID II requirements apply. Every communication means used (press release, advertising on internet, brochures, phone calls etc.) should be considered to determine if the client has been subject to any solicitation, promotion or advertising in the EU on the firm´s investment service or activities. Reverse solicitation only applies if the client actually initiates the provision of an investment service or activity, it does not apply if the investment firm “disguises” its own initiative as one of the client.

However, despite this seemingly rather strict approach of ESMA, reverse solicitation is generally still applicable if a (UK) third-country firm

  • only offers services at the sole initiative of the client,
  • (only) continues an already existing client relationship or
  • continues to inform its clients about its range of products within the scope of existing business relationships (which is often agreed upon in the client´s contract).

It is argued that, for example, in the case of an existing account or deposit or an existing loan agreement that a UK third country firm continues to provide to an EU client after Brexit, no direct marketing or solicitation of the client in the EU takes place. In this case, the third country firm would not have solicited the client.

In a nutshell: What UK firms should consider

The provision of investment services in the EU is subject to license requirements and can include the requirement to establish a branch or a subsidiary in the relevant EU member state. The provision of investment services without proper authorization exposes investment firms to administrative or criminal proceedings. Where a client established in the EU initiates at its own exclusive initiative the provision of an investment service by a third-country firm, such firm is not subject to the requirement to establish a branch or to obtain a license (reverse solicitation). Generally, reverse solicitation also applies when existing client relationships are continued (which have been legitimately established), as the investment firm would not solicit a client in this case.

ESMA update: Impact of Brexit on MiFID II/MiFIR and Benchmark Regulation

Published on by Dr. Verena Ritter-Döring and Charlotte Dreisigacker-Sartor

At the beginning of October 2020, the European Securities and Markets Authority (ESMA) has updated its previous statements from March and October 2019 on its approach to the application of key provisions of MiFID II/MiFIR and the Benchmark Regulation (BMR) in case of Brexit. As the EU-UK Withdrawal Agreement entered into force on February 2020 and the UK entered a transition period (during which EU law still applies in and to the UK) that will end on 31 December 2020, these statements needed to be revised.

This Blogpost highlights the updated ESMA approach on third-country trading venues regarding the post-trade transparency requirements (MIFID II/MiFIR) and the inclusion of third country UK benchmarks and administrators in the ESMA register of administrators and third country benchmarks (BMR).

MiFID II/MIFIR: Third-country trading venues and post-trade transparency The regulations of MiFID II/MiFIR provide for post-trade transparency requirements. EU investment firms which, for their own account or on behalf of clients, carry out transactions in certain financial instruments traded on a trading venue, are obliged to publish the volume, price and time of conclusion of the transaction. Such publication requirements serve the general transparency of the financial market. As ESMA has already stated in 2017, post-trade transparency obligations also apply where EU investment firms conduct transactions on a third country trading venue.

By the end of the transition period on 31 December 2020, UK trading venues will qualify as third country trading venues. Therefore, if an EU investment firm carries out transactions via a UK trading venue, it is, in general, subject to the MiFID II/MiFIR post-trade transparency obligations.

However, EU-investment firms would not be subject to the MiFID II/MiFIR post-trade transparency requirements if the relevant UK trading venue would already be subject to EU-comparable regulatory requirements itself. This would be the case if the trading venue would be subject to a licensing requirement and continuous monitoring and if a post-trade transparency regime would be provided for.

In June 2020, ESMA published a list of trading venues that meet these requirements. While the UK was a member of the EU and during the transition period, ESMA did not asses UK trading against those criteria. However, ESMA intends to perform such assessment of UK trading venues before the end of the transition period. Transactions executed by an EU investment firm on a UK trading venue that, after the ESMA assessment, would be included in the list, will not be subject to MiFID II/MiFIR post-trade transparency. In this case, sufficient transparency requirements would already be ensured by the comparable UK regime. However, any transactions conducted on UK trading venues not included in the ESMA list on EU-comparable trading venues will by the end of the transition period be subject to the MiFID II/MiFIR post-trade transparency rules.

BMR: ESMA register of administrators and third country benchmarks

Supervised EU-entities can only use a benchmark in the EU if it is provided by an EU administrator included in the ESMA register of administrators and third country benchmarks (ESMA Register) or by a third country administrator included in the ESMA Register. This is to ensure that all benchmarks used within the EU are subject to either the BMR Regulation or a comparable regulation.

So far, UK administrators qualified as EU administrators and have been included in the ESMA Register. After the Brexit transition period, UK administrators included in the ESMA register will be deleted as the BMR will by then no longer be applicable to UK administrators. UK administrators that were originally included in the ESMA Register as EU administrators, will after the Brexit transition period qualify as third country administrators. The BMR foresees different regimes for third country administrators to be included in the ESMA Register, being equivalence, recognition or endorsement.

“Equivalence” must be decided on by the European Commission. Such decision requires that the third country administrator is subject to a supervisory regime comparable to that of the BMR. So far, the European Commission has not yet issued any decision on the UK in this respect.  Until an equivalence decision is made by the European Commission, UK administrators therefore have (only) two options if they want their benchmarks eligible for being used in the EU: They/their benchmarks need to be recognized or need to be endorsed under the BMR.

Recognition of a third country administrator requires its compliance with essential provisions of the BMR. The endorsement of a third country benchmark by an administrator located in the EU is possible if the endorsing administrator has verified and is able to demonstrate on an on-going basis to its competent authority that the provision of the benchmark to be endorsed fulfils, on a mandatory or on a voluntary basis, requirements which are at least as stringent as the BMR requirements.

However, the BMR provides for a transitional period itself until 31 December 2021. A change of the ESMA Register would not have an effect on the ability of EU supervised entities to use the benchmarks provided by UK administrators. During the BMR transitional period, third country benchmarks can still be used by supervised entities in the EU if the benchmark is already used in the EU as a reference for e.g. financial instruments. Therefore, EU supervised entities can until 31 December 2021 use third country UK benchmarks even if they are not included in the ESMA Register. In the absence of an equivalence decision by the European Commission, UK administrators will have until the end of the BMR transitional period to apply for a recognition or endorsement in the EU, in order for the benchmarks provided by these UK administrators to be included in the ESMA Register again.

Brexit, still great uncertainty

Currently, the whole Brexit situation is fraught with great uncertainty due to the faltering political negotiations. The updated ESMA Statement contributes to legal certainty in that it clearly sets out the legal consequences that will arise at the end of the transition period. This is valuable information and guidelines for all affected market participants, who must prepare themselves in time for the end of the transition period and take appropriate internal precautions.

ESMA updated AIFMD and UCITS Q&As

Published on by Dr. Verena Ritter-Döring

On June 4, 2019 ESMA published updates questions and answers on the application of the AIFM Directive (available here) and the UCITs Directive (available here). ESMA’s intention of publishing und regularly updating the Q&A documents ensures common supervisory approaches and practices in relation to both the AIFM Directive and the UCITS Directive and their implementing measures.

The latest update refers to the depositories and the possibilities to delegate the safekeeping of assets of the funds. ESMA clarifies that supporting tasks that are linked to depositary tasks such as administrative or technical functions performed as part of the depositary tasks could be entrusted to third parties where all of the following conditions are met:

  1. the execution of the tasks does not involve any discretionary judgement or interpretation by the third party in relation to the depositary functions;
  2. the execution of the tasks does not require specific expertise in regard to the depositary function; and
  3. the tasks are standardised and pre-defined.

Where depositaries entrust tasks to third parties and give them the ability to transfer assets belonging to AIFs or UCITS without requiring the intervention of the depositary, these arrangements are subject to the delegation requirements, in Germany subject to Para. 36 KAGB.

Another question relates to the supervision of branches of depositories. The AIFM Directive, the UCITS Directive, the CRD and the MiFID II do not grant any passporting rights for depositary activities in relation to safekeeping assets for AIFs or UCITS. Branches of depositories located in the home Member State of the AIF or UCITS that is not the home Member State of the depositary’s head office may also be subject to local authorisation in order to perform depositaries activities in relation to AIFs or UCITS. In this case, the competent authority for supervising the activities in relation to AIFs or UCITS is the one located in the Member State of the depository’s branch.

The guidance provided by ESMA in the Q&A documents for AIFs and UCITS regarding the depository function do not contain any surprising elements but further strengthen the harmonized interpretation and application of the AIFM and UCITS Directives in Europe.

Benchmarks Regulation: Updated ESMA Q&A bring more clarity about input data used for regulated-data benchmarks

Published on by Charlotte Dreisigacker-Sartor

To provide benchmarks, administrators rely on input data from contributors. If the contributors are regulated, the benchmarks created with their data qualify as regulated-data benchmarks. The updated Question and Answers (Q&A) of January 30, 2019 from the European Securities and Markets authority (ESMA) provide, inter alia, answers to three questions regarding input data used for regulated-data benchmarks which have been raised frequently in the market (Q&A available here). This blogpost will present these questions as well as ESMA´s answers. Beforehand, it gives a short overview of the Benchmarks Regulation´s regulatory background and explains what input data means.

Regulatory background of the Benchmarks Regulation

Regulation (EU) 2016/1011 concerning indices used as a reference value or as a measure of the performance of an investment fund for financial instruments and financial contracts (Benchmarks Regulation – BMR) sets out the regulatory requirements for administrators, contributors and users of an index as a reference value for a financial product with respect to both the production and use of the indices and the data transmitted in relation thereto. It is the EU’s response to the manipulation of LIBOR and EURIBOR. The BMR aims to ensure that indices produced in the EU and used as a reference value cannot be subject to such manipulation again. In previous blogposts on the BMR, we have already dealt with the requirements for contingency plans and non-significant benchmarks (ESMA publishes Final Report on Guidelines on non-significant benchmarks- Part 1 and Part 2.)

Input data

For a benchmark to be created, the administrator, i.e. the person/entity who has control over the provision of the reference value, relies on data he receives from contributors. These data used by an administrator to determine a benchmark in relation to the value of one ore more underlying asset or prices qualify as input data under the BMR.

With this in mind, what are the market-relevant questions regarding input data that are answered in the updated Q&A by ESMA? 

  • Can a benchmark qualify as a regulated-data benchmark if a third party is involved in the process of obtaining the data?

Under the rules of the BMR, a benchmark only qualifies as a regulated-data benchmark if the input data is entirely and directly submitted by contributors who are themselves regulated (e.g. trading venues). Since the input data come exclusively from entities that are themselves subject to regulation, the BMR sets fewer requirements for the provision of benchmarks from regulated data than for other benchmarks. This precludes, in principle, the involvement of any third party in the data collection process. The data should be sourced entirely and directly from regulated entities without the involvement of third parties, even if these third parties function as a pass-through and do not modify the raw data.

However, if an administrator obtains regulated data through a third party service provider (such as data vendor) and has in place arrangements with such service provider that meet the outsourcing requirements of the BMR, the administrator´s benchmark still qualifies as regulated-data benchmark. The third party being subject to the BMR´s outsourcing requirements ensures a quality of the input data contributed by this third party comparable to the quality of the input data contributed by a regulated entity.

  • Can NAV of investment funds qualify as benchmark?

The net asset value (NAV) of an investment fund is its value per share or unit on a given date or a given time. It is calculated by subtracting the fund´s liabilities from its assets, the result of which is divided by the number of units to arrive at the per share value. It is most widely used determinant of the fund´s market value and very often it is published on any trading day.

But, according to the BMR stipulations, the NAVs of investment funds are data that, if used solely or in conjunction with regulated data as a basis to calculate a benchmark, qualify the resulting benchmark as a regulated-data benchmark. The BMR therefore treats NAVs as a form of input data that is regulated and, consequently, should not be qualified as indices.

  • Can the methodology of a benchmark include factors that are not input data?

The methodology of a benchmark can include factors that are not input data. These factors should not measure the underlying market or economic reality that the benchmark intends to measure, but should instead be elements that improve the reliability and representativeness of the benchmark. This should be, according to ESMA, considered as the essential distinction between the factors embedded in the methodology and input data.

For instance, the methodology of an equity benchmark may include, together with the values of the underlying shares, a number of other elements, such as the free-float quotas, dividends, volatility of the underlying shares etc. These factors are included in the methodology to adjust the formula in order to get a more precise quantification of the equity market that the benchmark intends to measure, but they do net represent the price of the shares part of the equity benchmark.

Upshot

The updated ESMA Q&A provide more clarity for market participants on the understanding of input data and its use for regulated-data benchmarks. ESMA´s input will facilitate dealing with the regulatory requirements of the BMR, at least with regard to input data.

ESMA Supervisory briefing on the supervision of non-EU branches of EU firms providing investment services and activities

Published on by Charlotte Dreisigacker-Sartor

With Brexit coming up, many companies, especially those in the financial sector, have taken precautions and relocated their EU head offices to one of the 27 remaining EU member state to ensure that, whatever the outcome of the Brexit negotiations, they will have access to the European single market.  Offices in the UK, which will qualify as a third country after Brexit, will often be operated as branches.

On February 6, 2019, ESMA published its MIFID II Supervisory briefing on the supervision of non-EU branches of EU firms providing investment services and activities. Through its new Supervisory briefing, ESMA aims to ensure effective oversight of the non-EU branches by the competent authority of the firm´s home member state.

This article provides an overview of the measures proposed by ESMA to national regulatory authorities, divided into three areas: (i) ESMA´s supervisory expectations in relation to the authorisation of investment firms; (ii) the supervision of ongoing activities of non-EU branches by the competent authority; and (iii) ESMA´s proposed supervisory activity of the competent authority.

Supervisory expectations in relation to the authorisation of investment firms

The relocation of a company to the EU means that an authorisation covering the respective business model must be applied for in the respective EU member state. The authorisation procedure must, inter alia, include a description of the company’s organisational structure, including its non-EU branches. The competent authority should be satisfied that the use of the non-EU branch is based on objective reasons linked to the services provided in the non-EU jurisdiction and does not result in situations where such non-EU branches perform material functions or provide services back into the EU, while the office relocated to the EU is only used as a letter box entity. To this end, the competent authority should make its judgement on the substance of the business activity, the organisation, the governance and the risk management arrangements of the applicant in relation to the establishment and the use of branches in non-EU jurisdictions. Therefore, the firm´s program of operations should explain how the relocated EU head office will be able to monitor and manage any non-EU branch, clarify the role of the non-EU branch and provide detailed information, such as:

  • an overview of how the non-EU branch will contribute to the investment firm´s strategy;
  • the activities and functions that will be performed by the non-EU branch;
  • a description of how the firm will ensure that any local requirements in the non-EU jurisdiction do not interfere with the compliance by the EU firm with legal requirements applicable to it in accordance with EU law.

Supervision of ongoing activities of non-EU branches

In order to allow the competent authority to appropriately monitor firms providing investment services or activities on an ongoing basis, firms should provide the competent authority of its home member state with relevant information on any new non-EU branch that they plan to establish or on any material change in the activities of non-EU branches already established. Therefore, the competent authority should, taking into account the importance of non-EU branches for the relevant firm, request on an ad hoc or a periodic basis, information on, inter alia:

  • the number and the geographical distribution of clients served by the non-EU branches;
  • the activities and the functions provided by the non-EU branch to the EU head office.

Supervisory activity of the competent authority

The competent authority should put in place internal criteria and arrangements to supervise comprehensively and in sufficient depth the activities that branches of EU firms under their supervision perform outside of the EU. For that purpose, the competent authority should prepare plans for the supervision of non-EU branches of EU firms and identify resources dedicated to this activity. These resources should be capable of performing a critical screening of the firms under their supervision that have established non-EU branches, including, information received or requested in relation to these branches.

Upshot

As the Supervisory briefing shows, EU supervisors are urged by ESMA to ensure that companies relocating to the EU as a result of Brexit are not just used as mere letter box entities to gain access to the European single market and the actual investment services are provided via the non-EU branch. Therefore, the competent authorities should take a closer look at the firm´s non-EU branches, to ensure that the branch has the function of a branch not only on paper but also in practice. Investment firms should be prepared for this supervisory practice.

ESMA publishes Final Report on Guidelines on non-significant benchmarks – Part 2

Published on by Dr. Verena Ritter-Döring and Charlotte Dreisigacker-Sartor

On December 20, 2018 ESMA published its Final Report on the Guidelines on non-significant benchmarks. These represent ESMA´s administrative practice and fill the broad regulations of the Benchmark Regulation (BMR) with more details, which makes their implementation considerably easier for the obligated parties. The guidelines have no direct effect in the EU member states but are generally to be adopted one-by-one by the national supervisory authorities, so that they will be applied as the administrative practice of the respective national authority.

In Part 1 we looked at the definition of a non-significant benchmark (NSB) and the Guidelines on the oversight function and on input data. Part 2 will highlight the new requirements on the transparency of methodology and governance set out in the Guidelines.

Guidelines on transparency of methodology (Article 13 BMR)

Article 13 BMR states transparency requirements regarding the development, use and management of the benchmark by the administrator. To this end, Article 13 sets out standards with regard to the methodology for determining the benchmark. The Guidelines contain three sections: (i) on the key elements of the methodology; (ii) the elements of the internal review of the methodology; and (iii) on the information to be provided in case of a proposed material change to an administrator´s methodology.

The key elements of the methodology used to determine the benchmark should include, inter alia, a definition and description of the NSB and the market it is intended to measure, the types of input data used to determine the NSB, minimum requirements of the quality of the input data, the compositions of any panel of contributors and the criteria to determine eligibility for panel membership.

The information to be provided by an administrator of a NSB in compliance with the requirements regarding the internal review of the methodology should include at least a description of the policies and procedures relating to the internal review and approval of the methodology. In case of material changes of the methodology the information to be provided by an administrator should include at least the disclosure of the key elements of the methodology that would, in its view, be affected by the proposed material change.

Guidelines on governance and control requirements for supervised contributors (Article 16 BMR)

Article 16 BMR provides requirements for the governance and control of a supervised contributor. To this end, Article 16 sets out specific but broad requirements for the management of a contributor’s company and its systems, which serve to preserve the integrity and reliability of its input data. In addition, the Guidelines set out, inter alia, provisions on the control framework, control of submitters, the management of conflicts of interest and record-keeping requirements. All these elements are mentioned in Art. 16 BMR to ensure proper governance and control by the contributor but outlined in more detail in the Guidelines.

According to the Guidelines, the contributor´s control framework for example should include at least an effective oversight mechanism for overseeing the process for contributing input data, a policy on whistle-blowing and a procedure for detecting breaches of BMR. The measures for the management of conflicts of interest should include, inter alia, a register of material conflicts of interests. Additionally, the records to be kept with regard to the provision of input data should include, e.g., the names of the submitters.

Applicability of the Guidelines

As already mentioned in Part 1, NSB have less impact on markets than critical or significant benchmarks. Therefore, the BMR provides options for administrators of non-significant benchmarks not to apply some BMR provisions (Article 4 to 7, 11 and 13 to 15 BMR). However, an incentive to apply the provisions nonetheless may exist, for instance, the administrator does not have to maintain different internal structures and processes for its benchmarks if he administers mainly significant benchmarks.

Since some of the Guidelines concern regulations whose applicability the administrator can exclude, the Guidelines do not apply if the administrator has decided in a permissible manner not to apply the corresponding regulations. However, if the Guidelines concern regulations from which the administrator may not deviate or if he has decided not to make use of the simplifications, the Guidelines shall apply.