Category: Publications

European CSDs welcome a clear ECB guidance on FMI Cyber resilience

European CSDs welcome a clear ECB guidance on FMI Cyber resilience

On 10 April 2018, the European Central Bank (ECB) launched a public consultation on the ECB’s draft report with proposed Cyber Resilience Oversight Expectations (CROE) for Financial Market Infrastructures (FMIs). The CROE includes the ECB’s expectations in terms of cyber resilience, based on existing global guidance. This paper constitutes ECSDA’s response to the consultation, focusing on the perspective of European Central Securities Depositories (CSDs). The draft report forms an excellent basis for improving cyber resilience of FMIs. It also supports FMIs in the implementation and operationalisation of the existing global guidance, i.e. the “Cyber Guidance” issued by the CPMI and IOSCO in 2016 as a complement to the 2014 Principles for Financial Market Infrastructures.
We are appreciative of the ECB fostering the principle of proportionality and taking a reasonable approach which will contribute to meaningful discussions between FMIs and their overseers, as:

  • The CROE correctly identifies that there should be a degree of flexibility when dealing with a heterogeneous group of FMIs. Even though a CSD is an FMI, there are substantial differences with other FMIs and amongst CSDs which justify a proportional approach.
  • The CROE is to be considered a set of practices that can contribute to an FMI’s compliance with the Guidance. We welcome the acknowledgement that the CROE is not put forward as a checklist of measures FMIs need to strictly comply with and that there is a graduation in the level of compliance to be reached.
  • The CROE is meant to be used as a reference document which has been aligned with global and international standards and frameworks. Global CSDs are governed by multiple overseers and thus confronted with a regulatory fragmented landscape. The CROE will contribute to supervisory convergence as it can be used as a single reference document across multiple jurisdictions.

Nonetheless, we believe that a few issues require further consideration by the ECB before the CROE is published in its final form. In particular:

  • The ECB’s oversight is limited to payment systems and T2S. For ‘other’ FMIs like CSDs, the ECB refers to the National Competent Authorities (NCAs) to decide how they will need to apply the CROE and what is the maturity level they expect the FMI to reach. This could open the door to more regulatory fragmentation for CSDs and an unequal level playing field depending on the views local authorities take. We would like to encourage the ECB to ensure further alignment with ESMA, to avoid that each NCA takes its own view on this matter.
  • We ask for greater alignment between the CROE and inherent risk assessment models, like the Cybersecurity Capability Maturity (C2M2) model. Concrete explanations are provided in the consultation’s feedback table. However, we would like to avoid that CSDs become exposed to multiple and divergent expectations from the NCAs depending on whether they align with CROE and/or other inherent risk models.
  • We have no doubt that Eurosystem will ensure that appropriate actions are taken to prevent a cyber-attack at the level of T2S. However, when speaking about CSDs, the CROE does not appear to consider the current situation of dependency of CSDs on the Eurosystem in terms of cyber security exposure and requirements.
  • The Eurosystem (as T2 and T2S provider) is a key provider to the CSDs and thus there is an important dependence to ensure an appropriate level of CSD cyber resilience. Particularly when an attack occurs at the level of the Eurosystem and directly or indirectly impacting securities transactions, the response, responsibilities and consequences for CSDs need to be cleared. In addition, there are further ramifications on the CSDs liability in view of the T2S Framework Agreement.
  • In our view it would be beneficial if CROE could clarify the expectations for regulated entities belonging to a group or being part of a corporation.

Detailed comments are provided in the consultation’s feedback table.

Please read the full consultation.

ECSDA views on the Future of European Post-Trade

ECSDA views on the Future of European Post-Trade

Recently, the European Commission has launched a consultation on the Future of European Post-Trade, based on the conclusions of the European Post Trade Forum (EPTF). European CSDs thank the European Commission for the constructive and effective discussions at the EPTF, in which they have been deeply involved. In addition to the insight provided in the report resulting from the forum, Central Securities Depositories (CSDs) note several trends in their immediate ecosystem which are important to post-trade more widely.

Read More Read More

CSD Factbook is now available

CSD Factbook is now available

The 2017 edition of the Factbook offers an up-to-date overview of the CSD landscape in Europe.
The Factbook describes the trends within the CSD industry and provides an overview of the evolution of individual ECSDA member-CSD services.

Read More Read More

An overarching reform of securities laws?

An overarching reform of securities laws?

Today, ECSDA responded to the EU conflicts of law consultation. The legal certainty of securities settlement and holdings is of utmost importance for the resilience of CSDs’ ecosystems and the safety of their operations. For this reason, European CSDs have contributed in the past to the creation of conflict of laws rules, carefully crafted to address the special needs of securities settlement systems. ECSDA would like the legislators to ensure that the certainty provided by these rules is not altered in any new pieces of law. If a overarching reform needs to be done, either it needs to be done in full (if so also taking into account evolution of technology), or not at all. 

Read More Read More

ECSDA responds to the European Commission’s consultation on FinTech

ECSDA responds to the European Commission’s consultation on FinTech

In its response, ECSDA expresses its support of technological innovation, including in the areas directly linked to CSD activities. ECSDA notes that due to the competing priorities of reducing costs, responding to margin pressure and the needs of a single access point, the borders between different business models in financial and other markets are likely to be blurred. At the same time, the need for a regulated entity which provides fundamentally important services for the economy is only likely to be enhanced.

Read More Read More

Account segregation at CSDs

Account segregation at CSDs

13 Oct 2015 – Based on data collected from 41 CSDs across Europe, ECSDA’s new report describes existing account segregation practices with a view to inform the current debate on the optimal level of segregation, focusing on the perspective of central securities depositories.

Read More Read More

2014 Annual Report now available online

2014 Annual Report now available online

24 Feb 2015 – This year, the ECSDA annual report is published in the form of an online blog highlighting the key events that have marked the life of the association in 2014.

You can also obtain an overview of ECSDA members and governing bodies as of 31 December 2014 by visiting the About section.

CSDs support shareholder transparency

CSDs support shareholder transparency

15 July 2014 – On 9 April 2014, the European Commission issued a legislative proposal amending the Shareholders Rights Directive (SRD) of 2007. ECSDA looks at the expected impact of the proposal on central securities depositories (CSDs), and highlights some issues for consideration by the European legislator.

Read More Read More