The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, has today published its annual peer review report on the supervision of EU Central Counterparties (CCPs) by National Competent Authorities (NCAs). The Peer Review measured the effectiveness of NCA supervisory practices in assessing CCP compliance with EMIR’s requirements on business continuity, in particular in remote access mode.

The overall outcome of the peer review is that the NCAs participating in the current peer review have broadly met the supervisory expectations. The peer review showed that some aspects of business continuity in remote access mode were not always specifically assessed. In most cases, this is explained by the fact that at many CCPs remote working was already common practice or part of existing business continuity arrangements. In this context, remote working did not introduce any new major risks to be re-assessed.

Nevertheless, the report notes three observations:

  • NCAs could better clarify, when defining their risk-based approach, how operational risks related to remote access are addressed.
  • From a supervisory perspective, CCPs could better clarify the risk-based scope of penetration testing and how risks related to remote access are addressed as part of this.
  • Business Continuity Management (BCM) plans could in this context be improved by taking into account other extreme scenarios, where remote working arrangements could serve to ensure business continuity.

Moreover, the report also identifies ten best practices from NCAs’ supervisory activities and approaches with respect to business continuity in remote access mode. Implementing these best practices would also address the three observations mentioned above.

On the functioning of CCP colleges, the review of colleges’ activities during the reporting period remains overall positive.

Next steps

ESMA will follow up on the report’s findings to identify, where relevant, the most appropriate tools to further enhance supervisory convergence.


More on the same topic