Category: Publications

European CSDs set a timeline for ISO 20022

European CSDs set a timeline for ISO 20022

Today, 26 May 2023, ECSDA publishes its considerations on ISO messages for financial transactions and recommendations on their use. The basis for CSD engagement with local communities and relevant stakeholders and further preparations. The messages for General meetings should be solely in ISO 20022 as from 2026, and Corporate actions and market claims should only rely on ISO 20022 as from 2030.

The standardisation of messages has been a key enabler to improve the level of Straight Through Processing (STP) of (I)CSDs services over the past decades. The way (I)CSDs communicate with their participants is in constant evolution.
The main standard used today in the post-trade industry is ISO 15022, but in the last few years, the usage of a more sophisticated version of ISO standard, ISO 20022, has increased.
The evolution of the ISO standard has been driven by the following key factors:
i) Creation of market infrastructures (e.g., T2S),
ii) EU legislation requirements (e.g., SRDII),
iii) Modernisation of (I)CSDs’ own IT systems, and
iv) Definition of new market standards (e.g., SCoRE).

European CSDs aim at further increasing the standardisation and efficiency of post- and pre-trade processes. The emergence of the new ISO 20022 standard for messaging is in line with this objective. Although along with the benefits, it also brought challenges for (I) CSDs and their participants; a coexistence period between the existing formats (ISO 15022 and/or proprietary messages) and new formats (ISO 20022) is needed to ensure a smooth transition to a new message format.
The ECSDA Board agreed to set up a dedicated Messaging Task Force to assess the current state of use of the different messaging standards and plans related to the migration to ISO 20022, as well as provide recommendations on the way forward.

Besides some background information and the expected evolution of the ISO standards in the European CSDs community, this paper provides recommendations on:
– The rules to put in place to ensure a smooth transition during the co-existence of the two ISO standards;
– The timeline for the discontinuation of ISO 15022 for some business domains;
– The usage of ISO 20022 data dictionary as a way to structure the information beyond the message formats.

Please note that these are recommendations and ECSDA intends to discuss them with the relevant market stakeholders, where needed.
While this paper was in preparation, ISSA, and ECSDA have also been working together on a survey addressed to the key financial industry actors about ISO 20022. The conclusions of the present paper should not be in contradiction with the analysis of the joint ISSA – ECSDA survey.

Read the full document.

ECSDA Response to the OECD Pillar 1 Report

ECSDA Response to the OECD Pillar 1 Report

On 19 August, the European Central Securities Depositories Associations (ECSDA) welcomed the Progress Report. In the response to the consultation, we are however highlighting the need to calibrate further the scope of activities contained in the term ‘Investment Institution’.

Please read the full response.

ECSDA issues its updated CSDR Penalties Framework

ECSDA issues its updated CSDR Penalties Framework

On 5 October 2021, the European Central Securities Depositories Association (ECSDA) publishes the updated version of the ECSDA CSDR Settlement Fails Penalties Framework.

The Framework is the effort of compliance with the Regulation and harmonisation of settlement penalties mechanisms across CSDs subject to CSDR or regulation alike and constitutes a market practice focusing on the settlement fails related requirements in the Central Securities Depositories (CSDs) Regulation and its Regulatory Technical Standards on Settlement Discipline, aiming at improving “the safety and efficiency of securities settlement”.

The current version of the document provides the changes in comparison with the previous one highlighted in grey and the assumptions pending ESMA and EC feedback in yellow.

ECSDA also makes public operational details of CSDs Settlement Discipline implementation via a questionnaire, regularly updated.

ECSDA CSDR Penalties Framework last updated 05/10/2021
ECSDA response to practical questions of CSD participants on CSDR penalties implementation – last updated 20/09/2021


Updated ECSDA CSDR Penalties Framework

Updated ECSDA CSDR Penalties Framework

On 29 January, ECSDA published the updated version of the ECSDA CSDR Penalties Framework.

This version of the ECSDA Framework is based on the comments received during the public consultation in the summer 2018, further deep reflection among CSD experts and includes the confirmation of some working assumptions by relevant European authorities.

The “ECSDA CSDR Penalties Framework”, is the effort of compliance with the CSD Regulation. It aims at harmonisation of settlement penalties mechanisms across CSDs subject to CSDR or (potentially) equivalent regulation. It intends to provide a clear, safe and efficient Framework for settlement penalties solutions of CSDs, both the ones that will be using T2S penalties mechanism and other CSDs.

This updated version of the document will be presented and discussed with the main stakeholders on 18 February in Frankfurt. If you have comments on the Framework and an interest to attend the event, please let us know and we will check, if the capacity allows us to invite you to join.

Updated version 17 April 2020

European CSDs welcome a clear ECB guidance on FMI Cyber resilience

European CSDs welcome a clear ECB guidance on FMI Cyber resilience

On 10 April 2018, the European Central Bank (ECB) launched a public consultation on the ECB’s draft report with proposed Cyber Resilience Oversight Expectations (CROE) for Financial Market Infrastructures (FMIs). The CROE includes the ECB’s expectations in terms of cyber resilience, based on existing global guidance. This paper constitutes ECSDA’s response to the consultation, focusing on the perspective of European Central Securities Depositories (CSDs). The draft report forms an excellent basis for improving cyber resilience of FMIs. It also supports FMIs in the implementation and operationalisation of the existing global guidance, i.e. the “Cyber Guidance” issued by the CPMI and IOSCO in 2016 as a complement to the 2014 Principles for Financial Market Infrastructures.
We are appreciative of the ECB fostering the principle of proportionality and taking a reasonable approach which will contribute to meaningful discussions between FMIs and their overseers, as:

  • The CROE correctly identifies that there should be a degree of flexibility when dealing with a heterogeneous group of FMIs. Even though a CSD is an FMI, there are substantial differences with other FMIs and amongst CSDs which justify a proportional approach.
  • The CROE is to be considered a set of practices that can contribute to an FMI’s compliance with the Guidance. We welcome the acknowledgement that the CROE is not put forward as a checklist of measures FMIs need to strictly comply with and that there is a graduation in the level of compliance to be reached.
  • The CROE is meant to be used as a reference document which has been aligned with global and international standards and frameworks. Global CSDs are governed by multiple overseers and thus confronted with a regulatory fragmented landscape. The CROE will contribute to supervisory convergence as it can be used as a single reference document across multiple jurisdictions.

Nonetheless, we believe that a few issues require further consideration by the ECB before the CROE is published in its final form. In particular:

  • The ECB’s oversight is limited to payment systems and T2S. For ‘other’ FMIs like CSDs, the ECB refers to the National Competent Authorities (NCAs) to decide how they will need to apply the CROE and what is the maturity level they expect the FMI to reach. This could open the door to more regulatory fragmentation for CSDs and an unequal level playing field depending on the views local authorities take. We would like to encourage the ECB to ensure further alignment with ESMA, to avoid that each NCA takes its own view on this matter.
  • We ask for greater alignment between the CROE and inherent risk assessment models, like the Cybersecurity Capability Maturity (C2M2) model. Concrete explanations are provided in the consultation’s feedback table. However, we would like to avoid that CSDs become exposed to multiple and divergent expectations from the NCAs depending on whether they align with CROE and/or other inherent risk models.
  • We have no doubt that Eurosystem will ensure that appropriate actions are taken to prevent a cyber-attack at the level of T2S. However, when speaking about CSDs, the CROE does not appear to consider the current situation of dependency of CSDs on the Eurosystem in terms of cyber security exposure and requirements.
  • The Eurosystem (as T2 and T2S provider) is a key provider to the CSDs and thus there is an important dependence to ensure an appropriate level of CSD cyber resilience. Particularly when an attack occurs at the level of the Eurosystem and directly or indirectly impacting securities transactions, the response, responsibilities and consequences for CSDs need to be cleared. In addition, there are further ramifications on the CSDs liability in view of the T2S Framework Agreement.
  • In our view it would be beneficial if CROE could clarify the expectations for regulated entities belonging to a group or being part of a corporation.

Detailed comments are provided in the consultation’s feedback table.

Please read the full consultation.