03 July 2018

ESMA Consultation on draft RTS on the application for registration as a securitisation repository

ECB

To ensure their continuing compliance with the registration’s requirements, registered securitisation repositories should provide material non-static information and material new or changed information for particular core elements of its governance and operational systems on an on-going basis (beyond the moment of application for registration) to alert ESMA to developments which might indicate that the securitisation repository no longer complies with the conditions of its original registration (Article 15(c) Securitisation Regulation). Typical material changes or new information might relate to a change of control in the ownership or organisational structure due to mergers or acquisitions or major updates or replacements of the securitisation repository’s information technology systems. Typical non-static information would primarily include the securitisation repository’s annual financial position, in order to ensure its continuous financial viability and business continuity.

Regarding the applicant’s data collection and availability mechanisms set out in Article 15 of the RTS, the Eurosystem considers that it is important for a securitisation repository’s technical infrastructure to permit loan-level data collection from reporting entities and loan-level data access and extraction by data users in an automated manner. In the Eurosystem’s experience, automated processes and a limitation on manual processing, at least for loan-level data, greatly reduce the operational risks of errors and omissions due to human intervention. The Eurosystem therefore recommends that Article 15(1)(a) and (b) be supplemented to require disclosure of whether the resources, methods and channels are ‘manual or automated’.

If an applicant securitisation repository envisages manual processing of loan-level data submissions and access requests, the Eurosystem views it as necessary for the application to demonstrate additional technical and operational robustness.

Regarding the applicant’s data access arrangements set out in Article 18 of the RTS, the Eurosystem is of the opinion that Article 18(d) and (e) should be clarified so that an applicant would also have to disclose in its access policies and procedures for users and other service providers (i) any access restrictions, (ii) variations in access conditions or restrictions across categories of data users and (iii) how the access policies and procedures under Article 18(d) and (e) restrict access to the least possible extent and establish fair processes for instances where access is restricted or denied.

The Eurosystem notes that, with regard to data submission, collection and access and extraction, most of the processes and policies which ESMA will assess in the applications are dependent on a functional, efficient and robust information technology system and platform. As such, the Eurosystem views it as important for ESMA to be able to access the applicant’s platform as part of the application process. Whether this would operate with a test user profile or otherwise, the assessment of the system’s technical functions and effectiveness requires ESMA to observe the operation of the processes and procedures to be described pursuant to Article 14(1)(b), Article 15(1)(a), (b) and (c), Article 18(1)(a) and (f) and Article 23(1)(h) of the RTS. ESMA is already empowered, pursuant to Article 14 of the Securitisation Regulation (and Article 61-68 of EMIR) to, among other things, conduct on-site inspections of securitisation repositories in order to carry out its duties under the Securitisation Regulation (one such duty being the assessment of a securitisation repository’s compliance with the requirements of the Securitisation Regulation). As such, ESMA’s ability to access the applicant’s IT platform, in order to assess their suitability and related technical procedures via live demonstrations in the course of the assessment of the application process would appear logical and within the bounds of its extensive powers to investigate and request information. While the Eurosystem understands that it may be undesirable to enumerate all supervisory actions that ESMA can take, given the broad powers conferred by Articles 61-68 of EMIR, this type of IT testing is so fundamental that the Eurosystem believes that this clarification should be added to Article 2(3) of the RTS.

Full ECB response

_______________

European DataWarehouse GmbH

ED welcomes the new Securitisation Regulation (EU 2017/2402) laying down a common framework for securitisation and the development of a specific framework for simple, transparent and standardised securitisation as a building block of the Capital Markets Union (CMU). ED views the Securitisation Regulation as a crucial step towards the revival of the securitisation market in Europe addressing key issues in terms of the current disclosure requirements.

In particular, ED as a securitisation repository aims to register with ESMA to provide repository services to originators, sponsors and/or SSPEs under the Securitisation Regulation.

As a general point, with regard to the operational requirements set out in this consultation paper, ED believes that there are significant differences between the trade repositories and the securitisation repositories that have not been fully considered by ESMA in the proposed requirements. While there is certainly a need to have appropriate systems and other operational safeguards, it seems that securitisation repositories have to fulfil additional requirements absent under the EMIR or SFTR framework while keeping the same requirements in all other cases. In ED’s view, this cumulative approach does not seem always proportionate considering the different IT environments needed for securitisation repositories compared to trade repositories. In particular:

Quarterly reporting with a high number of data fields (except for ABCP which is monthly but very few transactions only, if at all) compared to daily reporting with a high number of daily reporting items  but few data fields.

Focus on securitisation transaction disclosure to regulators and investors rather than trading driven with a need for daily reconciliation.

Data is relatively widely available given the wider scope of recipients as outlined in Article 17(1) compared to confidential data collected by trade repositories.

ED generally agrees with the proposed data safeguarding provisions.

However, ED does not agree with the audit log requirements for staff members of the securitisation repositories, specifically in terms of the nature and purpose of data accessed. While there is a log in terms of user access, nature and purpose can be difficult to track given that the filter criteria also allow data selection across transactions and time and data will be accessed frequently for data quality purposes. Moreover, in ED’s view, this requirement seems to be somewhat contradictory to the ESMA proposed user access requirements set out in the draft technical standards on disclosure requirements, operational standards and access requirements under the Securitisation Regulation, whereby the data can be widely accessed by all entities listed in Article 17(1) including among others investors and potential investors. In our understanding, these entities will not have any particular regulatory obligation on data safeguarding.

Full ED response

______________

Advanced Blockchain Solutions GmbH

Some extensions regarding the usage of blockchain technology need to be considered and clarified. Blockchain services and repositories working with blockchain technology will create a robust reconciliation framework. Furthermore, this new technology supports that the candidate repository will be objective, impartial, and independent when interacting with market participants. The use of a blockchain based approach instead of centralised governance and  centralised IT infrastructure enhances transparency and reliability. The applicant’s arrangements to mitigate operational risk, as well as its disaster recovery and data backup or record-keeping) preparations are obsolete at some stage when compared to the benefits of blockchain technology.

Advanced Blockchain Solutions strongly believea that the application of blockchain technology can fundamentally change how capital market participants interact with each other. Its core proposition gravitates around transparency, efficiency, security and ultimately trust between business partners. We agree with the data safeguarding provisions set out in the draft RTS. These include arrangements, for managing staff access to information, to protect data reported from cyber-risks and cyber-attacks. It is convinced manual procedures conducted by staff members should be reduced to a minimum - a blockchain based infrastructure reduces operational risk and increases safeguarding capabilities.

Full response

_________________

Consultation Paper Securitisation Repositories Application

© ESMA