Article 28 Third party verifying STS compliance
1. A third party as referred to in Article 27(2) shall be authorised by the competent authority to assess the compliance of securitisations with the STS criteria provided for in Articles 19 to 22, Articles 23 to 26, or Articles 26a to 26e. The competent authority shall grant the authorisation if the following conditions are met:
(a) the third party only charges non-discriminatory and cost-based fees to the originators, sponsors or SSPEs involved in the securitisations which the third party assesses without differentiating fees depending on, or correlated to, the results of its assessment;
(b) the third party is neither a regulated entity as defined in point (4) of Article 2 of Directive 2002/87/EC nor a credit rating agency as defined in point (b) of Article 3(1) of Regulation (EC) No 1060/2009, and the performance of the third party’s other activities does not compromise the independence or integrity of its assessment;
(c) the third party shall not provide any form of advisory, audit or equivalent service to the originator, sponsor or SSPE involved in the securitisations which the third party assesses;
(d) the members of the management body of the third party have professional qualifications, knowledge and experience that are adequate for the task of the third party and they are of good repute and integrity;
(e) the management body of the third party includes at least one third, but no fewer than two, independent directors;
(f) the third party takes all necessary steps to ensure that the verification of STS compliance is not affected by any existing or potential conflicts of interest or business relationship involving the third party, its shareholders or members, managers, employees or any other natural person whose services are placed at the disposal or under the control of the third party. To that end, the third party shall establish, maintain, enforce and document an effective internal control system governing the implementation of policies and procedures to identify and prevent potential conflicts of interest. Potential or existing conflicts of interest which have been identified shall be eliminated or mitigated and disclosed without delay. The third party shall establish, maintain, enforce and document adequate procedures and processes to ensure the independence of the assessment of STS compliance. The third party shall periodically monitor and review those policies and procedures in order to evaluate their effectiveness and assess whether it is necessary to update them; and
(g) the third party can demonstrate that it has proper operational safeguards and internal processes that enable it to assess STS compliance.
The competent authority shall withdraw the authorisation when it considers the third party to be materially non-compliant with the first subparagraph.
2. A third party authorised in accordance with paragraph 1 shall notify its competent authority without delay of any material changes to the information provided under that paragraph, or any other changes that could reasonably be considered to affect the assessment of its competent authority.
3. The competent authority may charge cost-based fees to the third party referred to in paragraph 1, in order to cover necessary expenditure relating to the assessment of applications for authorisation and to the subsequent monitoring of compliance with the conditions set out in paragraph 1.
4. ESMA shall develop draft regulatory technical standards specifying the information to be provided to the competent authorities in the application for the authorisation of a third party in accordance with paragraph 1.
ESMA shall submit those draft regulatory technical standards to the Commission by 18 July 2018.
The Commission is empowered to supplement this Regulation by adopting the regulatory technical standards referred to in this paragraph in accordance with Articles 10 to 14 of Regulation (EU) No 1095/2010.