Disclosure
Framework
Observance by
ESES CSDs
of the CPMI-IOSCO Principles for
Financial Market Infrastructures
2015
Table of contents
I.
II.
III.
EXECUTIVE SUMMARY ......................................................................................... 4
SUMMARY OF MAJOR CHANGES SINCE THE LAST UPDATE OF THE DISCLOSURE .......................... 5
GENERAL BACKGROUND ON THE FMI ........................................................................ 6
General description of the FMI and the markets it serves ............................................................................................... 6
General organisation of the FMI ..................................................................................................................................... 7
Legal and regulatory framework ..................................................................................................................................... 8
System design and operations ......................................................................................................................................... 9
IV. PRINCIPLE-BY-PRINCIPLE SUMMARY NARRATIVE DISCLOSURE .............................................. 12
V. PRINCIPLE-BY-PRINCIPLE ANSWERS BY KEY CONSIDERATION ............................................... 13
Principle 1: Legal basis ................................................................................................................................................. 14
Principle 2: Governance ................................................................................................................................................ 21
Principle 3: Framework for the comprehensive management of risks .......................................................................... 33
Principle 4: Credit risk .................................................................................................................................................. 45
Principle 5: Collateral ................................................................................................................................................... 46
Principle 6: Margin ....................................................................................................................................................... 47
Principle 7: Liquidity risk ............................................................................................................................................. 48
Principle 8: Settlement finality ...................................................................................................................................... 49
Principle 9: Money Settlements .................................................................................................................................... 51
Principle 10: Physical deliveries ................................................................................................................................... 52
Principle 11: Central securities depositories ................................................................................................................. 54
Principle 12: Exchange-of-value settlement systems .................................................................................................... 58
Principle 13: Participant-default rules and procedures .................................................................................................. 59
Principle 14: Segregation and portability ...................................................................................................................... 61
Principle 15: General business risk ............................................................................................................................... 62
Principle 16: Custody and investment risks .................................................................................................................. 66
Principle 17: Operational risk ....................................................................................................................................... 68
Principle 18: Access and participation requirements .................................................................................................... 87
Principle 19: Tiered participation arrangements ........................................................................................................... 91
1
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 20: FMI links ................................................................................................................................................. 94
Principle 21: Efficiency and effectiveness .................................................................................................................... 96
Principle 22: Communication procedures and standards .............................................................................................. 99
Principle 23: Disclosure of rules, key procedures, and market data ............................................................................ 100
Principle 24: Disclosure of market data by trade repositories ..................................................................................... 106
VI.
LIST OF PUBLICLY AVAILABLE RESOURCES .............................................................. 107
2
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
ESES CSDs disclosure
Responding institution: Euroclear France, Euroclear Nederland and Euroclear Belgium
Jurisdiction(s) in which the FMI operates: France, the Netherlands and Belgium
Authorities regulating, supervising or overseeing the Financial Market Infrastructures (FMI):
-
Euroclear France: The Banque de France, Autorité des Marchés Financiers (AMF),
-
Euroclear Nederland: The De Nederlandsche Bank (DNB), The Netherlands Authority for
the Financial Markets (AFM),
-
Euroclear Belgium: The National Bank of Belgium (NBB) and the Financial Securities
Market Authority (FSMA)
The date of this disclosure is 31 March 2015
This disclosure can also be found at www.euroclear.com.
For further information, please contact benedicte.waerseggers@euroclear.com
3
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
I.
EXECUTIVE SUMMARY
This Disclosure Framework, produced during the first quarter of 2015, relates to Euroclear France, Euroclear
Belgium and Euroclear Nederland , altogether herein referred to as ‘the ESES CSDs’.
In January 2009, the systems of the three ESES CSDs were combined to create a single ESES platform that
provides:
-
an integrated settlement solution
-
harmonised custody services for stock exchange and over-the-counter (OTC) activities.
The ESES CSDs operate a reliable, effective, low risk and efficient securities settlement system (SSS).
The ESES CSDs have appropriate clear and transparent rules and procedures in place to run their
operations, support the stability of the broader financial system and to monitor, manage and minimise the
risks involved.
Their systems, procedures and risk management framework allow the ESES CSDs and their participants to
deal with the various risks they face in operating and using the system. A clear business continuity
management exists and robust and effective rules and procedures are in place to handle default events.
The ESES Boards and management are strongly committed to maintain a very low risk profile. This
commitment is reflected in both the risk management practices (such as conservative policies and proven
methodologies) and appropriate capitalisation.
The activities of the ESES CSDs have a sound legal basis and adequate governance arrangements. Selfassessment and performance measurement are some of the important measures applied by the ESES CSDs
to help ensure the effective safekeeping of assets and demonstrate a risk-managed approach towards the
delivery of new and existing operational services. In this context, the management of the ESES CSDs is
pleased to provide you with this ESES Disclosure Framework Report.
In the 2014 version, there were two areas of non-compliance. Since then, the ESES CSDs have
implemented a recovery plan approved by their respective Boards at the end of 2014.
The ESES CSDs have been assessed jointly by the ESES regulators in relation to the Committee on
Payments and Market Infrastructures (CPMI)/International Organisation of Securities Commissions
(IOSCO) principles for FMIs. The results of the assessment will be available on the relevant authorities’
website.
4
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
II. Summary of major changes since the last update of the
disclosure
Euroclear (hereafter ‘we’) is committed to making the transition to the new post-trade and regulatory
environment as straightforward as possible for our clients, giving them flexibility of access to all Target2Securities (T2S) markets via the national CSDs or Euroclear Bank. In the T2S environment, we will provide
the same level of asset servicing across asset classes, regardless of the service access option and the asset
location. We will offer a range of harmonised services across all T2S markets despite the continuing coexistence of varying market practices.
The ESES CSDs are expected to migrate to T2S in March 2016, and development to connect to T2S is well
advanced. The ESES CSDs successfully started bilateral acceptance testing with the European Central Bank
(ECB) in October 2014. Furthermore, the ESES CSDs are expanding their securities coverage to all markets
joining T2S as well as other non T2S foreign securities like eurobonds.
The ESES CSDs have migrated to the T+2 settlement cycle in October 2014, working with the industry to
mitigate the risks associated with the transition to this shorter, harmonised cycle.
The ESES CSDs have started working on the implementation of Central Securities Depositories regulation
(CSDR) and will file for their new licence early 2016.
Following the launch of a triparty collateral management service for the ESES markets, including collateral
management interoperability between the ESES CSDs and Euroclear Bank with an extended scope of
14,000 new ESCB-eligible debt instruments, the collateral management services have been extended in
2014 to Euroclear Nederland. The ESES CSDs have also been supporting the launch of LCH.Clearnet’s
centrally cleared Euro GC+ service in 2014.
We have also delivered significant asset servicing enhancements to increase compliance with European
Corporate Actions Standards in T2S, and have further automated our cross-border links.
Last but not least, the ESES CSDs Recovery plans have been approved by the Boards in October 2014.
5
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
III. GENERAL
BACKGROUND ON THE
FMI
General description of the FMI and the markets it serves
Euroclear Belgium, Euroclear France and Euroclear Nederland, operating through a single system called the
ESES (Euroclear Settlement of Euronext-zone Securities) platform, provide settlement and custody services
for domestic and international securities to a wide range of international participants, which are mostly
banks, custodians, broker-dealers, central banks and issuers. In addition to its core settlement and custody
services, the ESES CSDs offer related services such as new issues distribution to the Belgian, French and
Dutch domestic markets.
Description of the FMI’s basic business processes and activities
Using one operational facility for three markets, the ESES system facilitates cross-border settlement
between the three countries as low-cost and straightforward as domestic transactions. The fully integrated
solution of the ESES systems allows clients to benefit from Straight Through Processing (STP) from trading
through to clearing and settlement.
The core business services offered by the ESES CSDs are summarised below:

Settlement:
The ESES system offers Delivery Versus Payment (DVP) book-entry settlement in central bank money (DVP
model 1), providing immediate settlement finality and high settlement efficiency.
This service offers the following key features:
o
Trade confirmation via the SBI and SLAB systems which are a pre-settlement STP solution for
processing stock exchange and over-the-counter (OTC) trades, from execution through to
settlement
o
Single access point to three domestic markets
o
Settlement of both OTC and stock exchange transactions
o
Very convenient input deadline
o
Automatic settlement of bilateral collateral management and repo transactions
o
Real-time settlement and reporting
o
Settlement in central bank money. The ESES CSDs’ link with TARGET2, the European payments
system, offers maximum flexibility for monetary policy operations
The ESES CSDs also maintain direct and indirect international links for the settlement of cross-border
transactions in foreign securities. The majority of foreign securities are held via relayed links through
Euroclear Bank. Each ESES CSD has a link with Euroclear Bank.

Asset Services:
The ESES CSDs offers a large number of new issues and custody services facilitating the exercise of
securities holders’ rights and corporate actions, including voting services, information on corporate events
and processing for collection of income and redemption proceeds, market claims, and subscription rights.
o
New issues services:
The ESES CSDs provide securities admission services on issuer’s behalf.
6
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
o
Custody:
 Safekeeping: the ESES CSDs hold securities on behalf of their clients and do not hold any ownership
right on the securities deposited with them. The ESES accounting system guarantees, for each issue,
that the number of securities held by its clients is always equal to the total of the issuing account or
equivalent;
 Corporate actions services include the provision of data on corporate actions, electronic dividends
payments, automatic generation and processing of market claims and transformations, the
processing of elective events and settlement of the movements associated with the full range of
mandatory, optional or voluntary corporate actions;

Physical securities handling: Physical securities are kept in vaults. Inventory controls are performed
to ensure securities stocks correspond to clients’ securities accounts.
Physical securities services include deposits, withdrawals, destructions and oppositions in accordance
with the applicable laws.
Due to the specific dematerialisation legislation in Belgium, France and the Netherlands, the quantity
of bearer securities has been greatly reduced over the last years.

Issuer services:
The ESES CSDs offers a large number of issuers’ services including:
 Bordereaux de Référence Nominative (BRN): Issuers of registered securities in France have the
possibility to receive information on any change in ownership on a continuous basis;
 Titre au Porteur Identifiable (TPI) Shareholding identification: Issuers of bearer securities can receive
detailed information on the identity of their shareholders upon request to Euroclear France;
 Belgium Registered Securities (BRS): BRS is a service which provides support to issuers of listed
registered shares for the management of their share register via a data feed. The service includes
the processing of both on-exchange transactions traded on the Euronext Brussels market and out of
stock exchange transactions like succession and transfer of ownership and usufruct;
 Euroclear Capitrack™: Since all bearer securities need to be dematerialised pursuant to Belgian law,
Euroclear Belgium offers (1) dematerialisation services to all issuers of Belgian securities, (2) a
facility for the management of their nominative shareholders register and (3) payment services for
the securities eligible in its CSD system and admitted to Euroclear Capitrack™.
 ETF Identification services: Euroclear Nederland Issuer Services provides identification services
directly to issuers of Exchange Traded Funds (ETF).
General organisation of the FMI
Euroclear Belgium, Euroclear France and Euroclear Nederland are Central Securities Depositaries (CSDs)
respectively in Belgium, France and the Netherlands. Since January 2009, they run most of their operations
on the same IT platform and offer a largely integrated service to the clients of the Euronext markets (to
the exception of the Portuguese market), namely the Euroclear Settlement of Euronext-zone Securities
system (ESES). They are part of the Euroclear group which also comprises the CSDs for UK and the Republic
of Ireland (Euroclear UK & Ireland), Sweden (Euroclear Sweden), Finland (Euroclear Finland) and an
International CSD (Euroclear Bank).
Euroclear plc, incorporated in the UK, is the ultimate holding company of the Euroclear group. It owns
Euroclear SA/NV (ESA), a Belgian financial holding company, which is the parent company of the group
(I)CSDs. ESA acts as the group service company and provides a broad range of common services to the
group (I)CSDs such as IT production and development, audit, financial, risk management, legal,
compliance, human resources, sales and relationship management, strategy and public affairs and product
7
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
management. The Euroclear group’s shares are largely owned by the users of its services.
Legal and regulatory framework
Euroclear Belgium
Euroclear Belgium1, a company incorporated under Belgian law, is a settlement institution within the
meaning of the Royal Decree N° 62 of 10 November 1967, coordinated by the Royal Decree of 27 January
2004, on the Deposit of Fungible Financial Instruments and the Settlement of Transactions involving such
Instruments (hereafter referred to as the ‘Royal Decree 62’). Euroclear Belgium is the operator of the ESES
Belgium system, is legally recognised as a central securities depository for financial instruments and has
been recognised as a securities settlement system within the meaning of the Settlement Finality Directive.
Euroclear Belgium is also a head of pyramid for corporate securities as set out in article 468 of the
Companies Code and a securities settlement system within the meaning of the Law of 28 April 1999 on
Settlement Finality.
Euroclear Belgium is under the regulatory supervision of the Autoriteit voor Financiële Diensten en
Markten/Autorité des services et marchés financiers (FSMA) and the prudential supervision and oversight
of the Banque Nationale de Belgique/Nationale Bank van België (BNB/NBB).
Euroclear Nederland
Euroclear Nederland, a company incorporated under Dutch law, is the operator of the ESES The Netherlands
system. Euroclear Nederland has been appointed as system operator by the Dutch Minister of Finance
Euroclear Belgium is the commercial name of the « Caisse Interprofessionnelle de dépôts et de virement de titres »
or « CIK ».
1
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
8
(hereafter ’MoF’) and is legally responsible for the functioning of the system. For purposes of the Securities
Giro Act (SGA), which is the basis of the Dutch book-entry and asset-protection system, Euroclear
Nederland has been appointed as the central institution by the MoF and has been recognised as a securities
settlement system within the meaning of the Settlement Finality Directive.
Euroclear Nederland is regulated and supervised by the MoF, by Autoriteit Financiële Markten (AFM- The
Netherlands Authority for the Financial Markets) and by the De Nederlandsche Bank (DNB – the Dutch
Central Bank).
Euroclear France
Euroclear France is the French central securities depository and the operator of the ESES France system
which has been recognised as a securities settlement system within the meaning of the Settlement Finality
Directive.
Euroclear France is regulated by the Autorité des Marchés Financiers (AMF) and is subject to the oversight
of the Banque de France (BdF).
System design and operations

Settlement model
The automated securities settlement and delivery system ESES is a unique settlement system which
processes irrevocable instructions in all ESES admitted securities traded on the primary market, the grey
market, the secondary market as well as National Central Banks (NCBs) monetary policy operations. The
ESES system offers Delivery Versus Payment (DVP) book-entry settlement in central bank money (DVP
model 1), providing immediate settlement finality and high settlement efficiency.
The chart below illustrates the main systems operating the post-trade activities:
Post-trade systems
Pre-Settlement
Settlement
Settlement
Connect
SBI
Irrevocable Channel
SLAB
FOP
instructions
SSE
The global settlement system comprises the following elements:

The preparatory systems, i.e. Settlement Connect, SBI, SLAB and FOP instructions; and

The Single Settlement Engine (SSE) system which handles settlement.
To send instructions or receive reports, clients may use ESES’ proprietary format or ISO format messages
through EuroclearConnect for STP as host to host communication channel.
9
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
To instruct or to consult operations through screens, our clients may use EuroclearConnect for Screens.

Settlement windows & processing
The ESES platform is connected to Target 2 Single Shared Platform (SSP). ESES cash functions support
EUR DVP settlement in Central Bank Money (CeBM). The cash functions allow parties of Euroclear Belgium,
Euroclear France and Euroclear Nederland to use a single pool of EUR held at their central bank, or through
a settlement bank, to support their settlement activity on the ESES platform with any party, irrespective
of the market segment or the counterparty’s cash arrangement. The ESES CSDs offer the service in
cooperation with, and according to rules that have been strictly defined by BDF, DNB and NBB.
The harmonised DVP settlement model is based on the integrated model, whereby final settlement of the
payment leg of a securities transaction takes place in a system operated by the CSD. In this model, the
Belgian, Dutch and French central banks provide ESES CSDs with a mandate for the technical operation of
cash accounts in support of clients securities settlement activities.
The settlement process works in batch or in real time mode to carry out the necessary controls over cash
and securities provision.
The accounting day begins during the overnight in batch mode, in order to process all the operations
present in the system. During the accounting day, all new operations are processed in real time; failed
operations are recycled in real time until their respective recycling deadlines.
Operations are settled once controls on available stock provisions and cash limits have been performed.
This cycle is operated in real time.
All the cash movements issued by the clients (liquidity in, liquidity out) and/or by the exogenous system
(sweeps) are systematically processed by the ESES system and in Target2.
Technical messages and dedicated workstations and tools allow ESES CSDs to follow all the exchanges
between Target2 and the ESES system.
At 06.30, optional sweeps are executed for the 3 markets (improved timing).
At 16.15, a mandatory intra-day sweep is done for the French market.
At 16.30, mandatory end-of-day sweeps are executed for the Dutch and Belgian markets.
At 17.20, the French end-of-day mandatory sweep is executed.
The CSDs cannot keep clients cash positions overnight. Thus, before the end of the accounting day, and
before the closure of Target2, the cash account mirrors are verified to be equal to zero in each ESES CSD.
If it would be the case, a specific contingency procedure is applied.
10
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
The ESES CSDs provide the client with a report showing their securities balances at the end of the business
day when there is (are) operation(s) settled on these securities.
In some cases (e.g. transaction in foreign currency, non EUR currency), transactions are settled free of
payment in the sub settlement system. It means that the transaction is settled automatically in securities
only in the sub settlement system. The Parties have to make other arrangements outside the ESES sub
settlement system for the cash settlement.
When needed, an unilateral free of payment instruction (with or without matching) can be instructed by a
Party in the ESES system to transfer securities from one of his own accounts either to another of his own
accounts or to another Party’s account.
11
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
IV. Principle-by-principle summary narrative disclosure
TABLE 1 - RATINGS SUMMARY
Assessment Category
Principle
Observed
1,2,3,8,9,10,11,12,13,15,16,17,18,20,21,22,23
Broadly observed
19 (No Tiering System in ESES CSDs)
Partly Observed
Not Observed
Not Applicable
4,5,6,7,14,24
12
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
V. Principle-by-principle answers by Key Consideration
13
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 1: Legal basis
An FMI should have a well-founded, clear, transparent, and enforceable legal basis for each material
aspect of its activities in all relevant jurisdictions.
Key consideration 1: The legal basis should provide a high degree of certainty for each
material aspect of an FMI’s activities in all relevant jurisdictions.
Material aspects and relevant jurisdictions
We have identified the following material aspects of the ESES CSDs activities requiring legal certainty:
1.1 Regulatory framework – the existence of an adequate authorisation and supervision of the
respective ESES CSDs from a regulatory point of view
1.2 Asset protection – the protection of the holdings in financial instruments of the ESES CSDs’
participants
1.3 Finality - the settlement finality of the securities transfers in each of the CSDs
1.4 Default procedures – the rules concerning default situations
1.5 Contractual framework – the material aspects of the services and activities of each ESES CSD.
The most relevant jurisdiction for the above material aspects of the activities of each ESES CSD is the
jurisdiction where the relevant ESES CSD is located (i.e. Belgium for Euroclear Belgium, the Netherlands
for Euroclear Nederland and France for Euroclear France).
From an asset protection point of view, all jurisdictions where financial instruments are held for the account
of participants through links are also relevant.
The actual location or place of incorporation of participants is also relevant in the event of insolvency
proceeding affecting those participants.
1.1
Regulatory framework
1.1.1 Euroclear Belgium
Euroclear Belgium, a company incorporated under Belgian law, is a settlement institution within the
meaning of Royal Decree 62. Euroclear Belgium is legally recognised as a central securities depository for
financial instruments and has been recognised as a securities settlement system within the meaning of the
Settlement Finality Directive. Euroclear Belgium is also a head of pyramid for corporate securities as set
out in article 468 of the Companies Code and a securities settlement system within the meaning of the Law
of 28 April 1999 on Settlement Finality.
14
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Euroclear Belgium is under the regulatory supervision of the Autoriteit voor Financiële Diensten en
Markten/Autorité des services et marchés financiers (FSMA) and the prudential supervision and oversight
of the Banque Nationale de Belgique/Nationale Bank van België (BNB/NBB).
1.1.2 Euroclear Nederland
Euroclear Nederland, a company incorporated under Dutch law, has been appointed as system operator by
the Dutch Minister of Finance (hereafter MoF) and is legally responsible for the functioning of the system.
For purposes of the Securities Giro Act (SGA), which is the basis of the Dutch book-entry and assetprotection system, Euroclear Nederland has been appointed as the central institution by the MoF and has
been recognised as a securities settlement system within the meaning of the Settlement Finality Directive.
Euroclear Nederland is regulated and supervised by the MoF, by Autoriteit Financiële Markten (AFM - The
Netherlands Authority for the Financial Markets) and by De Nederlandsche Bank (DNB - the Dutch Central
Bank).
1.1.3 Euroclear France
Euroclear France is acting as the French central securities depository2 and as operator of the ESES France
system3 which has been recognised as a securities settlement system within the meaning of the Settlement
Finality Directive.
Euroclear France is regulated by the Autorité des Marchés Financiers (AMF) and is subject to the oversight
of the Banque de France (BdF).
1.2
Asset protection
The ESES CSDs do not hold securities for their own account but only on behalf of their clients. Moreover,
attachment by garnishment on the accounts opened with each CSD is prohibited under their respective
applicable legislations.
1.2.1
Euroclear Belgium
The Belgian legislation provides for a clear and sound basis for admission and book-entry transfers of
immobilised, dematerialised or registered securities regardless of whether or not they are governed by
Belgian law.
The Royal Decree 62 provides for a two-tier structure of asset protection, benefiting to the participants in
Euroclear Belgium and their underlying clients. The financial instruments held with Euroclear Belgium are
protected against both the consequences of the insolvency of Euroclear Belgium and its participants.
By virtue of the Belgian legislation, the securities deposited with Euroclear Belgium never become part of
the estate of Euroclear Belgium and cannot be claimed by its creditors: the participants of Euroclear Belgium
2
3
Article 550-1 et seq. of the general Regulation of the Autorité des Marchés Financiers
Article 560-1 et seq. of the general Regulation of the Autorité des Marchés Financiers
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
15
are granted by law a co-ownership right of an intangible nature on a pool of book-entry securities of the
same category held by Euroclear Belgium on behalf of all of its participants holding securities of that
category. The participants holding securities in Euroclear Belgium retain ownership on such securities which
implies that they retain (1) a right of revendication of the relevant quantity of securities deposited in the
event of an insolvency event or bankruptcy affecting Euroclear Belgium and (2) voting rights. Similarly, the
clients of the participants hold co-ownership right on a pool of book-entry securities of the same category,
deposited in the securities accounts maintained by Euroclear Belgium participants. Euroclear Belgium
enables the participants, on demand, to segregate their own assets from those of their own clients. The
clients of the participants can exercise their co-ownership rights collectively, against Euroclear Belgium,
when the participants that are holding their securities would face an insolvency proceeding (i.e. bankruptcy,
insolvency, winding-up or other situation of concurrence between creditors, as meant under the relevant
provisions of Belgian law).
1.2.2
Euroclear Nederland
The Securities Giro Act (SGA) provides for a two-tier structure of asset protection, benefiting to the
participants in Euroclear Nederland and their underlying clients. The financial instruments held with
Euroclear Nederland are protected against both the consequences of the insolvency of Euroclear Nederland
and its participants.
Euroclear Nederland holds securities in a girodeposit on behalf of the Admitted Institutions (within the
meaning of the SGA) which become pro-rata owners of the girodeposit that corresponds to the amount of
securities they delivered for inclusion in the girodeposit. The right of co-ownership is represented for each
Admitted Institution by a book entry record in the books of Euroclear Nederland. Similarly, the Admitted
Institutions hold securities for their clients in a collective deposit (‘verzameldepot’). The clients of the
participants have jointly co-ownership rights on the securities which they delivered to the Admitted
Institutions for inclusion in the collective depot.
Euroclear Nederland enables the participants, on demand, to segregate their own assets from those of their
own clients.
1.2.3
Euroclear France
In France, proprietary rights are not materialised at the level of the CSD (i.e. Euroclear France) but at the
level of the authorised account keeper (Teneur de Compte Conservateur). As a result, when securities are
credited to the account held by Euroclear France, proprietary rights over said securities remains determined
by reference to individual account opened in the books of the entity acting as an authorised account keeper.
Therefore, under French laws and regulations, the asset protection regime is ensured at the level of the
authorised account keeper.
Further details concerning the asset protection applicable to each ESES CSD are available in Rights of
Clients relating to the Securities deposited in the ESES Central Securities Depositories, which is published
on www.euroclear.com.
16
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
1.3
Finality
Each ESES system operated respectively by Euroclear Belgium, Euroclear Nederland and Euroclear France
are on the list of the designated security settlement systems notified to the European Commission pursuant
to Article 10 of the Settlement Finality Directive (‘SFD’) as displayed on the European Commission and
ESMA websites. In the event of an insolvency proceeding affecting a participant, the system operator or
the operator of a linked or interoperable system, zero hour rules or claw-back rules of general bankruptcy
law do not apply. Instead, the local legislation of each ESES CSD implementing the SFD ensures
irrevocability and finality of transfer orders executed in the ESES system which such ESES CSD operates.
The finality rules of transfer orders are set out in the ESES Terms and Conditions. For Euroclear France, in
application of French law, the finality rules are also reflected in the ESES France Operating Rules.
In addition, the Settlement Finality Directive refers to the rules of the system to determine the moment of
(i) entry of transfer orders in the system (ii) irrevocability of transfer orders (in accordance with applicable
law) and (iii) finality of transfer orders executed by each ESES system.
The typology of participants and the access criteria to each ESES system are set out in the Euroclear
Contractual Documentation in compliance with the local laws of each CSD and the CPMI-IOSCO Principles
for FMIs, in particular Principle 18.
Finally, in the event of an insolvency of a participant, the rights and obligations deriving from or linked to
its participation in the respective ESES system operated by each ESES CSD are determined by the law of
that ESES system.
1.4
Default Procedure
Please refer to Principle 13.
1.5
Contractual framework
The contractual framework is published on www.euroclear.com
Please refer to KC 2 below.
Key consideration 2: An FMI should have rules, procedures, and contracts that are clear,
understandable, and consistent with relevant laws and regulations.
The main contractual documentation, issued respectively by each ESES CSD consists of:
-
ESES Terms and Conditions (Book I and II);
-
ESES Operating Manuals (Part I and II);
-
Detailed Services Descriptions (‘DSDs’);
-
Newsletters;
17
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
-
For Euroclear France only, in accordance with French law, the Operating rules of Euroclear France
Central Depository and ESES Operating Rules approved by Autorité des Marchés Financiers.
Together referred to as Euroclear Contractual Documentation.
These documents are provided to participants upon their admission to the ESES CSDs. The amendments
to the Terms and Conditions are communicated to the participants via Newsletters and via
my.euroclear.com.
In addition, each ESES CSD has issued standard documentation concerning the issuer services (the ESES
Issuer Services Documentation) consisting of the following documents:
-
A standard contract template with the main contractual and legal provisions and its annexes
composed of service level descriptions for each issuer service
-
ESES Issuer Services Terms and Conditions (Book I and II) to which the standard contract and its
annex is subject
-
ESES Issuer Services Description.
The ESES Issuer Services Documentation is entered into and/or provided to issuers or agents subscribing
to the ESES Issuers services described in the ESES Issuer Services Documentation.
Besides, the Euroclear France and Euroclear Nederland are providing (Triparty) Collateral Management
services which are subject to the following contractual documentation:
-
Terms and Conditions
-
Operating Procedures
-
Annexes.
which form the Collateral Management Service Documentation.
A version of those documents exists for the main types of underlying collateral agreement (Repurchase
Service agreement, Collateral Service Agreement…).
In addition, the ESES CSDs provide their participants (including the issuers and their agents under the
ESES Issuer Services Documentation) with a number of notices, e-News, alerts, guides, manuals or
technical documents to facilitate their use of the ESES system.
Consistency of the Euroclear Contractual Documentation and the ESES Issuer Services Documentation with
relevant laws and regulations is ensured both by the scrutiny exercised by in-house counsels and by periodic
legal opinions from external counsels.
In accordance with the Dutch regulatory framework, Euroclear Nederland submits the Euroclear Contractual
Documentation and any amendment thereto as well as template contractual documents (including the ESES
Issuer services Documentation) for pre-approval to the Dutch Regulators. New services and tariffs are also
subject to pre- approval.
18
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
With respect to Euroclear Belgium, the amendments to the Euroclear Contractual Documentation and the
ESES Issuer Services Documentation are communicated to the Belgian Regulator although they are not
subject to its pre- approval.
With respect to Euroclear France, the Euroclear Contractual Documentation and any amendment thereto
as well as template contractual documents (including the ESES Issuer Services Documentation) are not
subject to pre-approval of the AMF. However, the Operating rules of Euroclear France Central Depository
and ESES Operating Rules and any changes thereto are subject to pre-approval of the AMF.
Key consideration 3: An FMI should be able to articulate the legal basis for its activities to
relevant authorities, participants, and, where relevant, participants‟ customers, in a clear and
understandable way.
The legal basis4 of the ESES CSDs’ activities is articulated in the following documents:
-
the Euroclear Contractual Documentation (please refer to KC 2)
-
the ESES Issuer Services Documentation (please refer to KC2)
-
the Collateral Management Service Documentation (please refer to KC2)
-
the yearly ESES CSDs Disclosure framework report
-
the yearly ISAE 3402 Report
-
the Rights of Clients relating to the Securities deposited in the ESES Central Securities Depositories
– Asset Protection.
Please refer to KC2 for the communication of and access to the Euroclear Contractual Documentation and
the ESES Issuer Services Documentation.
The Rights of Clients relating to the Securities deposited in the ESES Central Securities Depositories – Asset
Protection, the Disclosure Framework Report and the ISAE 3402 Report are publicly available on the
Euroclear website.
Key consideration 4: An FMI should have rules, procedures, and contracts that are enforceable
in all relevant jurisdictions. There should be a high degree of certainty that actions taken by the
FMI under such rules and procedures will not be voided, reversed, or subject to stays.
Enforceability of rules, procedures and contracts
Most aspects have already been covered in KC1 and KC2.
The Euroclear Contractual Documentation and the ESES Issuer Service Documentation are enforceable in
case of insolvency of (i) participants in each ESES system (ii) the operator of each ESES system or (iii) the
Notably: Euroclear Belgium – Royal Decree 62, Euroclear Nederland: Securities Giro Act and Euroclear France:
Monetary and Financial Code and the General Regulation of the Autorité des Marchés Financiers.
4
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
19
operators of linked or interoperable systems. Those enforceability principles would also apply to the
Collateral Management Services Documentation.
Degree of certainty for rules and procedures
Please refer to KC1.
Key consideration 5: An FMI conducting business in multiple jurisdictions should identify and
mitigate the risks arising from any potential conflict of laws across jurisdictions.
The ESES CSDs carry out their activities in the jurisdictions where they are located, i.e. Belgium for
Euroclear Belgium, the Netherlands for Euroclear Nederland and France for Euroclear France. In the context
of an insolvency proceeding declared against a participant of one of the ESES CSDs, no conflict of laws
arises since the rights and obligations deriving from, or linked to, its participation in the ESES system are
determined by the law of the relevant ESES system.
Potential conflict of laws could arise when an ESES CSD holds securities on behalf of its participants via a
link with a CSD located in another jurisdiction. To date, no conflicts of laws (in particular from an asset
protection perspective) have been identified in the legal opinions obtained from outside counsels.
20
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 2: Governance
An FMI should have governance arrangements that are clear and transparent, promote the safety and
efficiency of the FMI, and support the stability of the broader financial system, other relevant public interest
considerations, and the objectives of relevant stakeholders.
Key consideration 1: An FMI should have objectives that place a high priority on the safety and
efficiency of the FMI and explicitly support financial stability and other relevant public interest
considerations.
The objectives of the Euroclear group are published on our website. The main strategic objective of the
Euroclear group and the ESES CSDs is to be one of the leading providers of post-trade services through
reliability, innovation and leadership by:
o Building long-term partnerships with clients
o Supporting the stability and developments of the markets, locally and globally.
Within this framework, the ESES CSDs Boards have the requisite autonomy and authority to effectively
manage their interests when implementing the group strategy.
ESES CSDs benefit from the pooling of investments within a larger group, the ability to develop new services
and cover new products leveraging the expertise of the group with the objective of meeting the needs of
the market where they operate.
The Boards of Euroclear France, Euroclear Belgium and Euroclear Nederland and Euroclear plc/Euroclear
SA/NV (on a consolidated basis) are responsible for assessing their respective performance in meeting their
objectives. In addition, the Management Committee of Euroclear SA/NV assesses also the performance of
each ESES CSD as a group's entity.
The ESES CSD Boards and Management Committees are strongly committed to maintain a very low risk
profile for the CSDs activities. This commitment is reflected in both the risk management practices (such
as conservative policies and proven methodologies) and appropriate capitalisation.
The group has established high standards of professional conduct that direct the ongoing activities of the
group. These standards are formalised in various policies and procedures applicable to employees, senior
management and Directors across the group.
The Group’s shares are largely owned by users of its services and its main Boards (Euroclear plc and
Euroclear SA/NV Boards) are essentially composed of members drawn from a cross-section of firms that
use the Euroclear services allowing users' interests and sensitivities to influence the decision-making
process of Euroclear.
In addition, independent directors, not affiliated with firms using the group’s services have been appointed
to each of the Boards of Euroclear plc, Euroclear SA/NV and ESES in order to allow for the interests of
stakeholders other than users to be represented. Users can also influence the group decision-making bodies
21
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
through the Market Advisory Committees, which are committees established by the group for each market
where an entity of the group acts as CSD.
Key consideration 2: An FMI should have documented governance arrangements that provide
clear and direct lines of responsibility and accountability. These arrangements should be
disclosed to owners, relevant authorities, participants, and, at a more general level, the public.
Governance arrangements
The current structure of the Euroclear group is presented on our website5.
Euroclear Belgium is incorporated under Belgian Law. Euroclear Belgium’s governance requirements are
set out in a CBFA circular on internal governance and other Belgian legal and regulatory recommendations.
Euroclear Belgium has a regulatory obligation to describe how it complies with those governance
requirements in a Governance Memorandum, provided annually to the Belgian regulator for their review.
Euroclear France is incorporated under French Law. Euroclear France’s governance requirements are set
out in the Commercial Code and the Règlement Général of the AMF.
Euroclear Nederland is incorporated under Dutch Law. Euroclear Nederland’s governance requirements are
set out in the Securities Giro Act (Wet Giraal Effectenverkeer) and additional rules and regulations as
determined by the AFM.
Euroclear Belgium, Euroclear France and Euroclear Nederland are subsidiaries of Euroclear SA/NV, a Belgian
financial holding company regulated by the NBB.
Euroclear SA/NV acts as the group service company providing shared services to other group companies in
services arrangements with each group Company, the Shared Services Agreements. Services centralised
in Euroclear SA are IT production & development, HR, audit, legal, financial, risk management, compliance,
sales & relationship management, product management, strategy and public affairs.
Euroclear plc is the owner of the Euroclear System, the clearance and settlement system for internationally
traded securities.
The ESES CSDs created an integrated settlement infrastructure, introducing a single IT platform,
harmonised services, market practices and tariffs across Belgium, France and the Netherlands. This
integration strengthened the interdependence between Euroclear Belgium, Euroclear France and Euroclear
Nederland. They have hence adopted an integrated governance model to further coordinate the decisionmaking in these three entities in view of ensuring (where possible) a consistent approach in the delivery of
ESES services and products across the Belgian, French and Dutch markets. The ESES governance model
consists of an harmonised governance and management structure of the three ESES CSDs while complying
in each jurisdiction with the local laws and regulations. In practice, this harmonised governance model
implies, in the three ESES CSDs, the same composition of most of the corporate bodies, the appointment
5
www.euroclear.com/en/about/our-structure.html
22
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
of the same person as Chief Executive Officer, and the creation of cross-entity fora or committees, and
accountabilities.
Disclosure of governance arrangements
Euroclear makes public relevant governance information via different channels to provide accountability to
owners, participants and other relevant stakeholders, namely:

Publications with relevant authorities (for example in Belgium: Belgian State Gazette, Banque
Carrefour des Entreprises, NBB, FSMA; in France: Greffe du Tribunal de Commerce; in the
Netherlands: Dutch Chamber of Commerce, Dutch Staatscourant)

Publications in financial/national newspaper

Publications on the Euroclear website (for example Board and Board Committees composition and
Terms of Reference, ISAE 3402, CPMI-IOSCO Disclosure Framework, etc.)

Publications to shareholders (annual reports, notice of meetings, etc.)
Key consideration 3: The roles and responsibilities of an FMI‟s board of directors (or equivalent)
should be clearly specified, and there should be documented procedures for its functioning,
including procedures to identify, address, and manage member conflicts of interest. The board
should review both its overall performance and the performance of its individual board members
regularly.
Roles and responsibilities of the Board
Each CSD Board has the power to carry out all acts that are useful to achieve the objectives of its respective
CSD as defined in the Articles of Association, except those that are explicitly reserved by law or the Articles
to the shareholders. In carrying out this role, each Board member acts in good faith in the way s/he
considers would be most likely to promote the success of the ESES CSDs for the benefit of its shareholders
as a whole while having due regard to the interests of other stakeholders (such as regulators, customers,
employees and suppliers). The Boards also have regard to the interests of the group, provided the proper
balance is struck between the financial charges imposed on the ESES CSDs and the eventual benefit to the
ESES CSDs.
The primary responsibilities of the Boards are to define the strategy of the ESES CSDs and to supervise
ESES CSDs’ management. The main responsibilities and operating procedures of the Boards have been
defined in the Boards Terms of Reference available on the Euroclear website.
In order to perform their responsibilities more efficiently, the Boards have established the following
committees: the Audit and Risk Committees and the Nominations, (Remuneration 6) and Governance
Committees.
Euroclear France has both a Remuneration and Nomination Committee while Euroclear Nederland and Euroclear
Belgium respectively have a single Committee covering Remuneration and Nomination.
6
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
23

The Audit and Risk Committees assist their respective Boards in fulfilling their responsibilities for
oversight of the quality and integrity of the accounting, auditing and reporting practices of the ESES
CSDs, the review of the effectiveness of the internal control system, the monitoring of the evolution
of the risk profile, the monitoring of the management systems, the compliance with laws and
regulations, the process for monitoring security and business continuity arrangements, the
appointment of the External Auditor as well as the assessment of its independence, the approval
of the annual external audit plans and any such other duties as directed by the Boards.

The Nominations, (Remuneration) and Governance Committees review and make recommendations
to their respective Boards in respect of nominations of their executive and non-executive Directors,
the composition of the Board and Board Committees and advises the Board on corporate
governance matters as well as with respect to the total amount of remuneration paid to its executive
Directors. They also review and make recommendations to the Boards with respect to the amount
of annual individual remuneration of each executive Director (including incentive compensation,
and changes to base salary, retirement and other benefits), subject to approval by the Board of the
overall amount of executive Director remuneration referred to above. The Remuneration Committee
and the Nominations and Governance Committee in France are separate committees.
The Boards also established a Management Committee in each ESES CSD, in accordance with local legal
and regulatory requirements, and delegated to it the responsibility for managing the business of Euroclear
within the strategy and general policy decided by the Boards, and to implement such strategy and general
policy. The Management Committees have set up several internal committees to assist them in the
performance of their duties.
The composition and Terms of Reference of the Board and Board Committees are posted on
www.euroclear.com .
Euroclear established group policies covering conflicts of interest between entities of the group, and
personal conflicts of interest between a Euroclear entity and an individual Euroclear Board/Management
Committee member. The Euroclear conflicts of interest policy is disclosed to Board members at the start of
their mandate.
Review of performance
On an annual basis, the Boards of the ESES CSDs carry out a self-assessment and effectiveness review of
the Boards as a whole, the Board Chairman and the individual members. This review endeavours to ensure
that the Boards have the necessary framework in place within which to make decisions, focusing on the
optimum mix of skills and knowledge amongst the Directors, clarity of goals and processes, a culture of
frankness that encourages constructive evaluation, full disclosure of procedures and an effective
relationship with management. This annual review is carried out by completion of a questionnaire by each
Board member.
The composition, the operation (including the training of the Directors and the relationships of the Board
with the Board Committees and with the management) and the role of the Boards (including the way the
strategic matters are treated by the Boards and the control exercised by the Boards over management)
are part of the self-assessment process. The consolidated responses of the self-assessment are reviewed
24
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
by the Nominations, (Remuneration) and Governance Committees and the results are reported to the
Boards for discussion. Where concerns are raised in the responses, they are the object of any follow-up
actions.
Key consideration 4: The board should contain suitable members with the appropriate skills and
incentives to fulfil its multiple roles. This typically requires the inclusion of non-executive Board
member(s).
In accordance with legal requirements, Board members are appointed by the shareholders. The Board
submits to the shareholders its proposals regarding appointment (and re-election) of Board members,
supported by a recommendation of the Nominations, (Remuneration) and Governance Committees which
assesses the Director against selection criteria. All nominations are made against merit and on the basis of
a Director’s potential contribution in terms of knowledge, experience, with a view to ensuring a balanced
Board which, as a whole, has the optimum mix of skills and experience to ensure the proper fulfilment of
the tasks of the Board that are appropriate for the requirements of the ESES CSDs’ business.
In addition, to adequately fulfil its role and responsibilities, the Board as a whole should possess the
necessary balance of skills and experience to set the ESES CSDs general policy and strategy and to properly
supervise management in the implementation of such policy and strategy. The skills that should necessarily
be represented on the Board are both generic (finance, accounting, management and organisation) and
specific to the ESES CSDs business (Operations, Settlement, IT, capital markets).
The Board of Directors of the ESES CSDs is composed of members of the ESES CSDs’ Management
Committees and of non-executive directors. The ESES CSDs ensure to have a sufficient number of
independent directors sitting on their Boards in line with legal and regulatory requirements.
The overall membership of the Board and Board Committees is reviewed by the Nominations,
(Remuneration) & Governance Committees regularly with a view to ensuring the Boards remain
appropriately composed. The Board and Board Committee composition is posted on www.euroclear .com.
Non-executive directors who are not member of the group management receive remuneration for their
mandate, taking into account their level of responsibility and time required of them in fulfilment of their
Board role. It comprises an annual gross fee, pro-rated to the number of Board meetings attended.
Non-executive directors do not receive incentive compensation (short or long-term) or stock options or
employments benefits (other than reimbursement of expenses). Their remuneration is not linked to the
performance of Euroclear.
Key consideration 5: The roles and responsibilities of management should be clearly specified.
An FMI‟s management should have the appropriate experience, a mix of skills, and the integrity
necessary to discharge their responsibilities for the operation and risk management of the FMI.
Roles and responsibilities of management
The ESES Management Committees (MCs) have been established by the Boards (under the responsibility
25
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
of the CEO in the case of Euroclear France) in accordance with the legal requirements and have been
entrusted with the general management of the ESES CSDs with the exception of (i) the determination of
the strategy and general policy of the Company and (ii) the powers reserved to the Board by law or the
Articles. The MCs act in accordance with applicable law and the rules set out in the Articles and their Terms
of Reference and under the supervision of the Board (and the CEO in the case of Euroclear France).
The Euroclear Nederland and Euroclear Belgium MCs acting as a collegial body report directly to the Board
and, where it concerns an area within the remit of the Board committees, to the Board’s specific
committees, which in turn report their analysis on the same to the Board. The Euroclear France MC reports
directly to the CEO who in turn reports to the Board and, where it concerns an area with the remit of the
Board committee, to the Board’s specific committees.
A Chief Executive Officer has been appointed by the ESES CSDs Boards and is the Chairperson of the ESES
MCs.
The objectives of the Management Committees are set annually by the Boards. The Nominations,
(Remuneration) and Governance Committees of the ESES CSDs assess the performance of the Management
Committees the following year. The CSDs and ESES MCs’ objectives, as set by the ESES Boards, are laid
down in the annual ESES Performance Assessment report. This report covers well defined objectives in the
areas of (i) Service excellence, (ii) Service enrichment, (iii) People & Organisation, (iv) Sustainability, and
(v) Risk and Compliance (with regulations). Management provides quarterly performance assessment
status updates to the ESES CSD Boards.
Experience, skills and integrity
All nominations to the MCs are made against merit and based on the knowledge, experience and skills of
the candidate, regardless of his/her gender or ethnic background.
With respect to future potential members of the MCs, Human resources, together with the Chairperson of
the MCs and the Chairman of the Euroclear Belgium and Euroclear Nederland Boards jointly propose to
their respective Boards the names of the candidates to be appointed as members of the MCs.
The recruitment process includes as series of interviews of the candidate, an assessment of the candidate’s
profile carried out by reputable external consultants, where appropriate, as well as a check of the
candidate’s professional references.
In addition, the MCs as a whole should possess the necessary balance of skills and experience to fulfil its
role and responsibilities.
Key consideration 6: The Board should establish a clear, documented risk-management
framework
that
includes
the
FMI’s
risk-tolerance
policy,
assigns
responsibilities
and
accountability for risk decisions, and addresses decision making in crises and emergencies.
Governance arrangements should ensure that the risk-management and internal control
functions have sufficient authority, independence, resources and access to the Board.
26
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Risk management framework
The Management Committee of Euroclear group actively supports the development and maintenance of a
strong internal control system (ICS) within the group. In line with best market practice, Euroclear operates
a three lines of defence model.
The allocation of responsibilities within Euroclear's three lines of defence model is:

first line of defence: Businesses identify the risks that may prevent reaching their objectives, define
and operate controls to mitigate the risks and document and demonstrate the control environment.

second line of defence:
o
Risk Management defines the control environment framework in line with regulations and
internal policies, it monitors the Risk and Internal Control environment in the changing
internal and external environment and reports, challenges or escalates to management
risks or control defects. Risk Management supports the business to implement remedial
actions.
o
Compliance & Ethics: monitors, tests and reports to management on controls relating to
laws and regulations and advises on remedial actions. Other support functions like Finance
or HR monitor specific controls and escalate to management in case of control defects.

third line of defence: Internal Audit independently reviews and tests the controls and reports to
management about the adequacy and effectiveness of the control environment.
An extensive policy framework exists for Risk Management and Compliance. Internal Audit has an Audit
Charter approved by the Board and is reviewed yearly. The Risk Management, Compliance and Internal
Audit Divisions are independent from the business lines they monitor through a direct reporting line to the
CEO and through direct access to the chairman of the relevant Board committees (ESA and ESES CSDs
Boards and Audit and Risk Committees).
The risk management framework is documented through a comprehensive set of policies, management
resolutions and implementing procedures. All high level policies including the risk management policies are
decided by the Board.
The risk management framework is described in more detail under principle 3.
The Risk Management framework addresses the risk-tolerance policy and assigns responsibilities and
accountability for risk decisions. The strength of this framework can be summarised as follows:

The Euroclear group has a risk management strategy aligned with its corporate objectives and
commensurate with its role as financial infrastructure. Risk tolerance levels are defined and adapted
yearly by the Board consistent with available capital while risk appetite levels are set by the management
on an annual basis with the objective to keep the risk profile low and stable. The risk appetite and
tolerance levels are used in daily risk management processes in order to assess risks and prioritise the
actions to mitigate them.
27
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

Euroclear has a risk adverse culture, emphasised by management through its actions. Examples of this
are the extensive use of the Risk Management framework, the importance of risk management in the
group's Balanced Scorecard and the risk and control assertions signed by senior managers.

Euroclear has well developed frameworks and comprehensive policies based on good market practices
that set out how the internal control system operates and guidelines that support repeatability. The
policies that govern these frameworks are documented and part of a well-defined policy control
framework.

Euroclear has established a Risk Register, High Level Control Objectives (HLCOs) and more detailed
Control Objectives to mitigate the risks identified, describing how and by whom the risks are to be
managed.

The risk management policy framework clearly assign the risk management responsibilities and business
ownership on different topics and to the relevant levels of management.
The accountability for risk decisions is distributed at all levels of the group. Strong crisis procedures are
also in place allowing quick escalation at entity or group level depending on the nature and the severity of
the crisis. Those crisis procedures are regularly tested.
The Risk management framework is approved by the Board.
Authority and independence of risk management and audit functions
Risk Management
Mission
Risk Management (RM) provides high quality and independent assurance that the relevant risks taken to
achieve Euroclear's vision are identified and controlled. Risk Management implements an approach which
enables the identification and understanding of all material current and prospective risks and the
management of appropriate responses.
This is done by providing a coherent effective framework, suitable training, useful tools, expert impartial
advice, timely risk assessments, escalation of material risk issues, informed relevant reporting, all of which
enable risks to be managed well.
More specifically, RM develops and oversees appropriate risk management policies and procedures and
advises on related risk activities. RM is responsible for the following generic types of activity for each of
the risks it covers:

Risk Policy Setting;

Risk Assessment & Measurement, i.e. tools and methods for risk definition and measurement,
identification and assessment of the various residual risk exposures, their likelihood of occurrence and
their impact;

Risk Advice, i.e. expert impartial risk advice;
28
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

Risk Monitoring, i.e. follow-up of exceptions, action plans, new products and changes in risk exposure,
oversight over the various risk areas and reporting to the appropriate levels (local and group). If
needed, escalation of material risk issues to Management and the Audit and Risk Committee.
Organisation
Risk Management acts independently of other functions and reports directly to the group CEO.
It is headed by the Chief Risk Officer who is also a permanent invitee to the management Committee of
Euroclear SA/NV.
Corporate risk managers have been assigned to address the risks of each Euroclear entity and are supported
by the Risk Management Division of the group, who develops for instance the risk management framework,
capital modelling and data support.
Enterprise Risk Management (ERM) Framework
The Risk Register is supported by high level control objectives (HLCOs) established by the group to mitigate
the risks identified in the Risk Register. The HLCOs are supported by more detailed control objectives,
agreed with senior business management and providing a clear link to the mission of each business unit.
Finally, these control objectives are supported by detailed controls and control processes describing how
the risks impacting business activities are to be mitigated. These control objectives are the foundation of
the group’s Internal Control System and are documented in the Positive Assurance Reports (PAR). The PAR
have been deployed at entity/divisional level and, where relevant, at departmental level. They link business
objectives through to control objectives, control activities, and forms of evidences. By keeping track of the
main expected internal and external change factors, they allow first line management to timely maintain
the adequacy of the control environment when expected changes materialise.
Internal Control System (ICS)
As described above under principle 3, Euroclear has adopted the Three Lines of Defence model.
Risk Monitoring through Self-Assessments
The control objectives are the basis of the annual Risk & Control Self-Assessments (RCSAs). The qualitative
self-assessments are key components of the ERM framework. The RCSAs aim to achieve the following
objectives:
-
build an accurate and consistent assessment of the ICS, i.e. to achieve a good understanding of
the risk profile of the business
-
increase risk awareness and promote an ongoing assessment of risks and controls by business
managers
-
identify new risks by bringing together experts and less experienced people in brainstorming
sessions
-
obtain quantification of the risks faced by Euroclear at risk event level, service level and entity level
29
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
-
ensure that individual risks in the ICS are identified proactively and that they are addressed
adequately
-
help management make a well-founded statement on the effectiveness of the ICS.
Risk Management consolidates and summarises the results of these self-assessments, discusses them with
management and reports them to the Audit and Risk board committee and to the Board.
ICAAP - Methodology
The Euroclear group ICAAP is built around 2 key internal processes, the Enterprise Risk Management
Framework (ERM) and the Internal Capital Measurement Approach (ICMA) which is part of ERM.

The ERM framework details how risks are identified, who owns them, and how they are to be
mitigated. The ERM framework helps to establish ERM objectives and describes relevant risk
processes, the role of people within them, and what information is to be provided to take proper
management decisions.
Euroclear implements every pillar of the framework consistently across the group.

The Internal Capital Measurement Approach (ICMA) provides high level principles to ensure that
sufficient capital is maintained for the identified risks of the relevant entities within the Euroclear
group to meet the group objectives. A relevant entity is, in this context, an entity which provides
its clients with services relating to post-trading businesses. ESES CSDs are some of these entities
in the group.
Those principles are applied consistently across the group and force each relevant entity to have a view on
its level of capitalisation. The results of the ICAAP as expressed in capital requirements over a one year
horizon are reported in the core equity recommendation. These figures are approved by the highest levels
of management on a yearly basis: the report for a given year will show capital needs for next year.
It is complemented by an analysis of the potential capital requirement over a 5 years- time horizon capital
requirement, which is reported in the capital plan. The Board approves the models and the capital plan.
Internal Audit
Mission
The mission of the group Internal Audit Division (IA) is set out in the IA Charter approved by the group’s
Management Committee (MC) and Board Audit Committee (AC), as providing reasonable assurance, in an
independent and objective way, on the adequacy and effectiveness of the group’s system of internal
controls to support the Board and senior management in reaching their objectives.
Organisation
The ESA Internal Audit Charter describes IA’s purpose, authority and responsibility. The Charter stipulates
that the group Chief Auditor should report to a level within the organisation that allows IA to fulfil its
30
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
responsibilities, with proper independence in determining the Audit Universe, Audit Plan and scope of audit
reviews, performing work (through an unlimited access right to all records and data of the company), and
communicating results.
IA is organisationally independent from any operational or business activity. The Chief Auditor reports to
the CEO of the group. The independence of IA is further ensured by an additional reporting line to the
Chairman of the AC. The Chief Auditor has direct access to the Chairman and members of the AC, the
Chairman of the Board of directors, and the accredited statutory auditors.
Functioning
In order to carry out its mission, Internal Audit has set up a comprehensive audit universe including all
processes carried out by the group, whether directly or outsourced. The Audit Plan covers the full audit
universe and is presented quarterly for approval by the MC and AC. The Audit Plan is the result of:

a risk and control based approach: each line of the audit universe is assessed quarterly, which
drives the depth and scope of audits

a cyclical approach: even though the results of the risk and control assessments would not lead to
a full scope audit, such a full scope is anyway performed every three years.
The Audit Plan focuses on the next quarter but has a six-quarter time horizon.
Such a frequent and comprehensive plan process ensures that the Audit Plan remains commensurate to
the risk profile of the company and focuses on the areas presenting the highest risks or being heavily
control dependent.
Issues identified by Internal Audit are entered into the risk database used at group level. In line with the
Institute of Internal Auditors standards, Internal Audit performs the follow-up and verification of the issues
it raises.
Reporting
ESES management and the Audit and Risk Committee are informed periodically of the adequacy and
effectiveness of the internal control system through the quarterly IA activity report, which covers:

the progress on the internal audit plan

the results of audit work (including concerns regarding the effectiveness or timeliness of
management’s actions to address audit issues)

resourcing
In addition to this, IA sends any communication, audit memos and reports it deems necessary, directly to
management members; the High Priority Control Issues (HPCI) report is made quarterly to highlight
significant control issues as well as progress in mitigating them.
IA also has regular meetings with external auditors. Audit reports are communicated to these stakeholders
upon request.
31
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 7: The Board should ensure that the FMI’s design, rules, overall strategy, and
major decisions reflect appropriately the legitimate interests of its direct and indirect
participants and other relevant stakeholders. Major decisions should be clearly disclosed to
relevant stakeholders and, where there is a broad market impact, the public.
Identification and consideration of stakeholder interests
The user governance framework of Euroclear ensures that the interests of participants and other
stakeholder are taken into accounts in the CSDs’ design, rules, overall strategy and major decisions. Users
can also influence the group decision-making bodies through the Market Advisory Committees which are
committees established by the group for each market where an entity of the group acts as CSD (Belgium,
the Netherlands, France, Ireland, Sweden, Finland and United Kingdom) and the Cross-Border Market
Advisory Committees. These committees act as a primary source of feedback and interaction between the
user community and Euroclear management on significant matters affecting their respective markets.
These committees are not part of the formal direction of the group companies and their members are not
Euroclear directors, nor do they owe any fiduciary duty to Euroclear.
In addition, as mentioned under Kc 1, independent directors, which are not affiliated with firms using the
group’s services, are member to each of the Boards of Euroclear plc, Euroclear SA/NV and the ESES CSDs
in order to allow for the interests of stakeholders other than users to be represented.
Furthermore, in view of ensuring proper dialogue between the ESES CSDs and the market players, a market
representative has also been appointed to the Board as an observer with no voting rights.
Users and other stakeholders can also influence the group's decision bodies by participating in ad hoc
working groups and committees, international groups (European Repo Council, ISMA, IPMA) or through ad
hoc consultations
Disclosure
Major decisions are communicated to owners (Euroclear SA and Euroclear plc user shareholders) through
the Notice to Shareholders for the annual general meeting and for each extraordinary general meeting.
They are communicated to the users (participants) via the commercial account officers and through various
publications (i.e. Newsletters) and through user representatives in regular meetings of the MACs.
32
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 3: Framework for the comprehensive management of risks
Key consideration 1: An FMI should have risk-management policies, procedures, and systems
that enable it to identify, measure, monitor, and manage the range of risks that arise in or are
borne by the FMI. Risk-management frameworks should be subject to periodic review.
Risks that arise in or are borne by the FMI
The Euroclear group has established a Risk Register, which contains 6 risk categories the group is faced
with.
Three categories relate to the provision of services:



Credit risk: the risk of loss (direct or contingent) arising from the failure of a counterparty to meet
its obligations to Euroclear
Liquidity risk: the risk of loss (financial or non-financial) arising from Euroclear being unable to
settle an obligation for full value when due. Liquidity risk does not imply that Euroclear is insolvent
since it may be able to settle the required debit obligations at some unspecified time thereafter
Operational risk: the risk of financial and reputational loss from inadequate or failed internal
processes, people and systems. It encompasses processing risk, accounting risk, ethical conduct,
legal and compliance risk, people risk, project risk and information and system risk)
Three other categories are related to the environment in which Euroclear operates:



Market risk: the uncertainty on future earnings and on the value of assets and liabilities (on or off
balance sheet) due to changes in interest rates, foreign exchange rates, equity prices or commodity
prices
Business risk: the risk of revenues being different from forecast as a result of the inherent
uncertainty associated with business planning over a two-year time horizon or of unanticipated
changes in the nature or level of market activity serviced by Euroclear
Strategic risk: the risk of the business model not being appropriate to deliver the corporate vision
as a result of restrictions in the ability to implement internal change, external changes in the
environment in which Euroclear operates or the inherent uncertainty associated with business
planning over a medium to long term horizon
Of these categories, ESES CSDs are mainly exposed to operational risks, strategic risks (for example the
market can undergo unexpected or rapid changes, which could invalidate our business model, e.g. as a
result of financial crises, regulatory changes or for other reasons) and business risk (for example due to
changed business volumes, increased competition, changed market behaviour).
Risk management policies, procedures and systems
Euroclear uses an Enterprise Risk Management (ERM) framework to ensure a coherent approach to risk
management. It covers both the day-to-day operational risk/control processes as well as content-related
key risk framework concepts.
The ERM has the following key content-related components:
33
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

we have well developed frameworks and comprehensive policies based on good marketpractices that
set out how risks are managed consistently. The policies that govern these frameworks are
documented and part of a well-defined policy control framework

we have established a Risk Register, which is an inventory of all types or risks that the Euroclear
group is facing. Under each of the six main categories of risk, a next level of more specific risks that
Euroclear may be facing is listed (a Level 2 Risk Register). This register is used as input to build or
verify the control objectives which the business has to fulfil

the Internal Controls System is an integral part of the ERM and has defined High Level Control
Objectives (HLCOs) and more detailed Control Objectives to mitigate the risks of the Risk Register
The ERM framework is composed of 7 key, inter-related building blocks, or ‘pillars’ that cater for a
consistent approach to the management of risks:

Strategy – our approach to risk management

Culture and Competence - an active and interventionist approach to risk management by
appropriately skilled people

Governance - assigning responsibility and authority

Identification, Measurement & Assessment - understanding risks

Risk Response and Control - addressing risks in an appropriate way

Reporting - getting the right information to the right people at the right time

Monitoring Processes - assessing the effectiveness of the risk management strategies.
Picture 3 – Overview of the ERM
34
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Risk Identification
In line with best market practice, we operates a three lines of defence model. The allocation of
responsibilities within our three lines of defence model is:
•
first line of defence: the businesses identify the risks that may prevent reaching their objectives, define
and operate controls to mitigate the risks and document and demonstrate the control environment.
•
second line of defence:
-
Risk Management defines the control environment framework in line with regulations and internal
policies; it monitors the Risk and Internal Control environment in the changing internal and external
environment and reports, challenges or escalates to management risks or control defects. Risk
Management supports the business to implement remedial actions.
-
Compliance monitors, tests and reports to management on controls relating to laws and regulations
and advises on remedial actions. Other support functions like Finance or HR monitor specific
controls and escalate to management in case of control defects.
•
third line of defence: Internal Audit independently reviews and tests the controls and reports to
management about the adequacy and effectiveness of the control environment.
We encourage the proactive identification of risks and control weaknesses, as opposed to the reactive
logging of risks. Key techniques and processes that facilitate this are:
 the periodic (daily to quarterly) monitoring of key risk and key performance indicators (KRIs and KPIs)
by team leaders, Department Heads, Division Heads, committees and Management Committees
 the systematic risk assessments associated with the new product or service approval process
 Annual Risk and Control self-assessment
 Risk Management recurring Risk assessments
Also, we record all incidents and performs a post-mortem exercise to identify root causes and put in place
measures to avoid recurrence.
Risk Measurement
Euroclear has developed a granular assessment and rating methodology for risks, which enables risks to
be classified according to their impact on the relevant business areas or Euroclear entities. Risks are
assessed (e.g. in risk workshops) and are recorded in the common system or otherwise when assessed.
Monitoring
Monitoring is mainly done through the periodic monitoring of key performance indicators (KPIs) by the
different first line teams, specific control teams (e.g. in Finance) or second line controls. The results of the
monitoring are cascaded upwards to Process owners, Department Heads, committees and Management.
35
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Annual qualitative Risk & Control Self-Assessments (RCSAs) are used to build an accurate and consistent
assessment of the Internal Control System (ICS), i.e. to achieve a good understanding of the risk profile
and of control gaps and help management make a well-founded statement on the effectiveness of the ICS.
Manage/control
Risks are primarily managed by all the operational controls implemented by the first line of defence, such
as STP processing, reconciliation checks, 4-eyes principles for critical manual functions, standardised
operating procedures (SOPs), incident analysis, etc.
Supporting systems
We use the ERM framework to manage its risks. The group also has a common central risk repository called
”I-Track” where risks are recorded and followed up. It allows the ESES CSDs to track its range of risks that
have been identified proactively by the business but also through incidents, by risk management, by the
internal audit. The database contains risk owners, all action plans and their owners, the assessment and
history of risk mitigation or acceptance. Each identified risks is rated considering the severity and the
likelihood in order to facilitate the prioritisation of mitigating actions.
Incidents are recorded in a central database called ‘ROI+’ which is linked to the ‘I-Track’ database.
Aggregation of exposures
The main risk type for ESES CSDs is operational risk. Operational risks as such are not aggregated in the
same way as credit risk can be aggregated for a bank, but the framework in place allows us to track our
full range of risks and to present a consolidated view of the risks to management, risk committees and the
Board.
Effectiveness of the risk management policies, procedures and systems
The effectiveness of the actual measures in place is assessed in first place by first line (business owner)
and second line monitoring activity (essentially Risk Management and Compliance). This is done using key
performance indicators (KPIs) by the different first line teams, specific control teams or second line controls.
The results of the monitoring are cascaded upwards to Process owners, Department Heads, Division Heads,
36
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
committees and Management Committees. Any deviations are highlighted, investigated and policies and
processes are adjusted if necessary.
We also conduct annual risk control self-assessment (RCSA), where all departments and functions are
assessing themselves against the given control objectives, and reports on any gaps, risks or shortcomings.
This process is done also for risk management and compliance functions.
The effectiveness of crisis management and business continuity plans is also regularly tested. Crisis
management rehearsal exercises via desktop or simulation exercises are organised to train the crisis
managers and test the crisis management procedures. Several of these exercises are organised each year,
as standalone activities or combined with the other activities. Every update, findings and actions for
improvement are captured in the standard flow of problem management and issue tracking, which
guarantees the follow-up (root cause analysis, tracking of solutions and/or agreed actions).
Reports on Risk Management effectiveness are presented to the governing bodies including the Board.
Finally, Risk Management functions are audited by Internal Audit, which provides as well a reporting to the
governing bodies including the Board.
Review of risk management policies, procedures and systems
Our Risk Management division is located in Euroclear SA/NV (ESA), the parent company of the group, in
order to ensure a consistent risk-management approach across all entities. Many policies will apply to the
whole group, while others are specific to a Euroclear entity (e.g. local regulation or technical
implementations, some policies related to banking activities are only applicable to Euroclear Bank).
However, the covered processes and principles are quite similar:
 the Board is responsible for approving (risk-management) ‘Policies’
 the Local Management is responsible for approving ‘Management Resolutions’ that implement the Board
Policies
 the Heads of Department are responsible for developing ‘Implementing Procedures’ that implement the
Board Policies and Management Resolutions
37
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
When developing these policies, the Boards and Management Committees are assisted by specific
committees. The ESA Board is advised by the Risk Committee, which also makes recommendations with
regard to the approval or revision of risk policies. The ESA Management Committee is advised by the group
Risk Committee. In addition to the support from ESA’s risk management, the ESES CSDs Boards are advised
by its Audit and Risk Committee. The ESES CSDs Management Committee is supported by the Risk and
Operating Committee (for operational risks). These committees may propose policy changes if required.
Both ESA governance bodies and ESES CSDs bodies can rely on the advice from the Risk Management
Division.
Review frequency
When policies are written, they are designed so that the principles set out in them can remain valid even
if the risk intensity or environment has changed. We continuously monitor fluctuations in risk intensity
and changes in our environment. Every quarter, Risk Management prepares management risk reports at
group and entity levels, which lists the main risks, and captures trends in risk intensity and the validity
of action plans. Such monitoring allows changing the policies, management resolutions or implementing
procedures if needed.
Key consideration 2: An FMI should provide incentives to participants and, where relevant,
their customers to manage and contain the risks they pose to the FMI.
The ESES CSDs:

do not provide any credit facility to their participants and have no financial exposure with
participants (except the payment of invoices)
38
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

encourage their respective participants to use the ESES CSDs’ system in the best way.

provide extensive information regarding the use of the system and the services available
Beside the information available on our website (Terms and Conditions, rules, newsletters), we organise
training for our participants.
Euroclear services and system have been specifically designed to enable participants to monitor, manage
and reduce the risk they face, including through Delivery versus Payment and extensive real time
information (the information contains among others data on participant’s transactions, cash and securities
positions).
Additional services such as Tri-party repo and collateral management have been designed to mitigate the
risks further.
Finally, we have implemented a sponsorship process to reduce the risks both for Euroclear and our
participants. A sponsorship consists of an initial know your client (KYC) exercise upon admission which is
follow up by regular KYC process to make sure the admission criteria are still met.
The ESES CSDs have no contractual relationship with participants’ customers. The contractual relationship
remains exclusively between the ESES CSDs and their respective participants.
Key consideration 3: An FMI should regularly review the material risks it bears from and poses
to other entities (such as other FMIs, settlement banks, liquidity providers, and service
providers) as a result of interdependencies and develop appropriate risk-management tools to
address these risks.
Material risks
The risks that the ESES CSDs bear from and pose to other entities are operational risks. They are identified
within the ERM framework as with other risks, e.g. by project or service risk assessments, or by annual
risk self-assessments.
The risks borne by the ESES CSDs from other entities (such as FMI, large participants, settlement banks,
Target2, network providers, and data providers) are mainly affecting the efficiency of the system and the
level of services offered by the CSDs.
Some examples are listed below:
•
risk of lower settlement ratio if one or several significant participants make operational errors (for
example sends wrong instructions) or cannot deliver their instructions in time
•
risk to settlement ratio and completeness if major infrastructure players in the financial sector is
down, like the central bank or a Central Counterparty (CCP)
•
risk to the general market stability and risk of delays or losses to other participants and investors
if a participant defaults (but not per say any particular risk to the CSD)
39
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
The risks that ESES CSDs poses to other FMI or stakeholders are similar to those posed to the ESES CSDs.
A long system standstill or severe technical or operational error could cause substantial delays, losses or
liquidity issue to participants or their customers.
To mitigate this, the ESES CSDs have implemented many layers of precaution and protection of its
processes and services (business continuity plans regularly tested), and operates a comprehensive risk
management framework built on established standards and best practices. Specific risks in the context of
CSD links are described under principle 20.
Risk measurement and monitoring
The same risk management procedures and processes, as described above under Key consideration 1,
will apply to our assessment of risks from other entities.
These include:
 Business Risk assessments (including the new product approval risk assessments)
 Stress tests such a business continuity tests and default procedure tests
 first line and second line monitoring activities
 Other specific initiatives on specific risks such as the ‘Long-term IT outage’ analysis
 Incident analysis and availability follow-up
Risk management tools
The same procedures and processes, as described under Key consideration 1 above, will apply to risks
arising from interdependencies with other entities.
The effectiveness of the actual measures in place is assessed in first place by monitoring activities
performed in the first line of defence (in the Operations) and second line of defence.
In addition, real-life incidents events, such as operational incidents or a real default of a participant, can
evidence the effectiveness of the policies and systems in real-life stress situations.
Key consideration 4: An FMI should identify scenarios that may potentially prevent it from
being able to provide its critical operations and services as a going concern and assess the
effectiveness of a full range of options for recovery or orderly wind-down. An FMI should
prepare appropriate plans for its recovery or orderly wind-down based on the results of that
assessment. Where applicable, an FMI should also provide relevant authorities with the
information needed for purposes of resolution planning.
40
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Recovery plans
At the request of the regulators, we have prepared recovery plans for each of the group’s entities, as well
as on a plan for the group. These plans are based on a generic group framework and developed in a
consistent way, taking into account local specificity. They identify:
 scenarios that may bring any group entity in severe financial difficulties threatening its medium-term
viability
 recovery options that may be taken either locally, at the level of the relevant entity or at group level,
to restore the stricken entity’s financial health
 an appropriate governance allowing timely detection of situations that may require taking recovery
options and escalation to Management and Board
The preparation of the recovery plans is led by Risk Management, based on input from other divisions.
Key stakeholders in the projects include the Financial, Legal, Banking, Human Resources and IT divisions,
as well as Corporate Secretariat, Strategy and Public affairs, Product Management and Regulatory
Relationship Management. A Steering Committee, made up of senior executives within the group and of
all CSDs’ CEOs, ensures top Management’s involvement at all stages of the process.
It is our intention to review recovery plans annually or when a significant change occurs that would impact
the feasibility or materiality of a recovery option.
The recovery plan for the ESES CSDs has been approved by their respective Boards of Directors in October
2014. The group recovery has been approved by the Board of Directors of Euroclear SA/NV in December
2014.
Recovery scenarios
The recovery plans describe scenarios sufficiently severe to put at risk the continuity of any Euroclear
entity or of Euroclear as a group. These scenarios are extreme but plausible, and built around the
specificities of the entities of the group. The set of scenarios includes scenarios threatening each (type of)
entity: ESA standalone, Euroclear Bank and the CSDs.
The set of scenarios retained in the plan are complementary in terms of scale (idiosyncratic vs. systemic)
and rapidity of unfolding (slow vs. fast), as can be seen in the figure below.
41
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
We analyse the consequences of similar scenarios for all entities, where appropriate. This ensures a
consistent approach across group entities, and allows capturing the aggregate impact at group level of all
selected scenarios. The figure below shows how relevant each (type of) scenario is for the various group
entities.
42
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Recovery options
We have developed recovery strategies that address the respective impacts caused by the various
scenarios developed in the plan.
The recovery tools analysed in the plans cover:
 options to increase available capital, either through intra-group support, mainly from the mother
company (Euroclear SA/NV), or through raising additional capital externally
 options to raise liquidity in case of need, included through committed liquidity sources. Liquidity
options are mainly relevant for Euroclear Bank
 business options, that may be used independently in case of a prolonged P&L problem threatening
the viability of any group entity. Such options are also likely to be used to accompany and support
the implementation of any other recovery options. They aim at improving the cost base or the revenue
base of group entities
 divestments, the purpose of which is to generate a one-off inflow of cash, or to ensure that a stricken
entity is taken over smoothly to ensure continued provision of services to the market
Not all options are as relevant for all entities. The figure below shows how different options may effectively
be applied either locally or at group level.
43
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Resolution plans
The preparation of our resolution plan(s) is expected to be initiated by the respective competent
authorities soon. We do not yet have any view on the timeline involved.
44
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 4: Credit risk
The ESES CSDs do not provide any credit facility to participants and has no financial exposure with
participants (except the payment of invoices).
45
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 5: Collateral
As mentioned for Principle 4, the ESES CSDs do not provide any credit facility to participants and has no
financial exposure with participants (except the payment of invoices). Therefore principle 5 is not
applicable.
46
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 6: Margin
A CCP should cover its credit exposures to its participants for all products through an effective margin
system that is risk-based and regularly reviewed.
Not applicable for the ESES CSDs.
47
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 7: Liquidity risk
An FMI should effectively measure, monitor, and manage its liquidity risk. An FMI should maintain sufficient
liquid resources in all relevant currencies to effect same-day and, where appropriate, intraday and multiday
settlement of payment obligations with a high degree of confidence under a wide range of potential stress
scenarios that should include, but not be limited to, the default of the participant and its affiliates that
would generate the largest aggregate liquidity obligation for the FMI in extreme but plausible market
conditions.
Key consideration 1: An FMI should have a robust framework to manage its liquidity risks from
its participants, settlement banks, nostro agents, custodian banks, liquidity providers, and other
entities.
As mentioned in Principle 4, the ESES CSDs do not provide any credit facility to participants and has no
financial exposure with participants (except the payment of invoices). When processing the settlement
(DVP), participants involved in a transaction are requested to have sufficient cash and securities. Therefore
principle 7 is not applicable.
The ESES CSDs hold sufficient liquidity resources to avoid facing liquidity stress when running the company
(for more detailed information please see Principle 15).
With incorporation of the settlement finality directive, EF, Euroclear Belgium and Euroclear Nederland are
recognised as a settlement system. The settlement of transactions through the system is final avoiding
unwinding.
KC 2 to 10 are not applicable to the ESES CSDs.
48
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 8: Settlement finality
An FMI should provide clear and certain final settlement, at a minimum by the end of the value date. Where
necessary or preferable, an FMI should provide final settlement intraday or in real time.
Key consideration 1: An FMIs rules and procedures should clearly define the point at which
settlement is final.
Point of settlement finality
The point of finality depends on whether the transfer is processed via:

a domestic settlement (i.e. transfer between two participants who have opened an account on the
books of the same CSD) or

a cross-border settlement (i.e. a transfer between a participant in one of the ESES CSD and a
participant of another CSD with which the relevant the ESES CSD has established a link).
In the context of a domestic settlement, a transaction (including a DvP transaction) and a corporate action
payment (including a mandatory cash distribution) is final i.e. irrevocable and unconditional as from the
moment it is recorded in the relevant ESES system, as detailed in the ESES Terms and Conditions and, for
Euroclear France, also in the ESES France Operating Rules.
Finality in the case of links
For cross-border settlement of international transactions the ESES CSDs must use all reasonable efforts to
comply with any applicable domestic market rules.
In case of a transfer of securities from an ESES CSD participant to a SSS’s participant, the transfer from
the ESES CSD participant is considered irrevocable and final in the relevant ESES CSD as of the moment
that the ESES system generates a message to the other SSS system confirming that the transfer is final in
the relevant ESES CSD. Each ESES CSD ensures that transfers of securities in the opposite direction (i.e.
a SSS’s participant to ESES CSD participant) conform to the same procedure.
Key consideration 2: An FMI should complete final settlement no later than the end of the value
date, and preferably intraday or in real time, to reduce settlement risk. An LVPS or SSS should
consider adopting RTGS or multiple-batch processing during the settlement day.
Final settlement on the value date
The ESES platform is an integrated settlement system in Central Bank Money. As such, the ESES CSDs
platform provides for RTGS DVP settlement whereby both securities and the cash leg are processed at the
same time which allows for immediate finality of all settlements and immediate availability for onward
usage.
49
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Intraday or real-time final settlement
The ESES platform performs settlement on an RTGS basis during the overnight processing and thereafter
in real time process until the end-of-day closure. In all cases, settlement is immediately final on an intraday
basis (no need to wait for the end of day management to achieve the settlement finality).
Key consideration 3: An FMI should clearly define the point after which unsettled payments,
transfer instructions, or other obligations may not be revoked by a participant.
The point after which an instruction may no longer be unilaterally cancelled by a participant depends on
whether the transfer is processed via a domestic settlement or a cross-border settlement.
In the context of a domestic settlement, the Euroclear Contractual Documentation describes the points of
time after which an instruction that has been received by an ESES CSD may no longer be unilaterally
cancelled by a participant. These points of time will depend on whether or not the settlement of an
instruction will require matching.
An instruction that has been received by the CSD may only be unilaterally cancelled by the participant
until the moment such instruction has been matched with the corresponding instruction. An instruction
that does not require matching may only be cancelled by the participant until it is submitted for positioning
and such positioning is successful (i.e. when the system has controlled that there are sufficient securities
or purchasing power).
The delivery instructions and receipt instructions in relation to cross-border transactions do not require a
matching unless otherwise provided under the local market rules. Matching criteria for receipt of foreign
securities requiring the participant to send an international receipt order to the ESES system to match
the delivery instruction coming from the domestic market are set in accordance with the domestic market
rules.
50
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 9: Money Settlements
An FMI should conduct its money settlements in central bank money where practical and available. If central
bank money is not used, an FMI should minimise and strictly control the credit and liquidity risk arising
from the use of commercial bank money.
Key consideration 1: An FMI should conduct its money settlements in central bank money, where
practical and available, to avoid credit and liquidity risks.
The ESES CSDs (Euroclear Belgium, Euroclear France and Euroclear Nederland) process exclusively
settlements in their own books in central bank money (€).
Key Consideration 2, 3, & 4 are not applicable to the ESES CSDs.
Key consideration 5: An FMI legal agreements with any settlement banks should state clearly
when transfers on the books of individual settlement banks are expected to occur, that transfers
are to be final when effected, and that funds received should be transferable as soon as possible,
at a minimum by the end of the day and ideally intraday, in order to enable the FMI and its
participants to manage credit and liquidity risks
The ESES CSDs do not have agreements with settlement banks, as the money settlement in their systems
exclusively occur in central bank money. ESES participants may have agreements with settlement banks
that might provide them with liquidity in Target 2. The ESES CSDs are not parties to these agreements.
During the standard opening hours of the ECB system (Target 2), from 07:00 to 18:00, all ESES participants
can, at any time, transfer “in” or “out” central bank money from Target 2 to the ESES CSDs and vice et
versa. In addition, optional and mandatory sweeps are positioned during the business day to transfer
automatically central bank money from the ESES CSDs to Target 2.
51
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 10: Physical deliveries
An FMI should clearly state its obligations with respect to the delivery of physical instruments or
commodities and should identify, monitor, and manage the risks associated with such physical deliveries.
Key consideration 1: AN FMI's rules should clearly state its obligations with respect to the
delivery of physical instruments or commodities
See answer under KC 2.
Key consideration 2: AN FMI should identify, monitor, and manage the risks and costs associated
with the storage and delivery of physical instruments or commodities
Euroclear Belgium: clients’ bearer form securities are held in vaults. The access of the vaults is highly
secured with a highly restricted access policy.

The Euroclear Belgium computer systems that support the book-entry records of clients comply
with the highest security standards.

Daily reconciliation and regular inventory checks are performed to ensure that securities stocks and
records correspond to clients’ entitlement.

At least once a year, the securities accounts and the contents of the vaults are audited by an
independent registered accountant.

Euroclear Belgium has implemented policies that provide for strict security measures, including
those that cover the risk of fraud.
Euroclear Nederland: clients’ bearer form securities are held in vaults. Euroclear Nederland only accepts
bearer securities embodied in a global note. Euroclear Nederland ensures the safekeeping of Global Notes
in a vault located in Amsterdam.

The Euroclear Nederland computer systems that support the book-entry records of clients comply
with the highest security standards.

Daily reconciliation and regular inventory checks are performed to ensure that securities stocks and
records correspond to clients’ entitlements.

Euroclear Nederland has implemented policies that provide for strict security measures, including
those that cover the risk of fraud.

At least once a year, the securities accounts and the contents of the vaults are audited by an
independent registered accountant.
Euroclear France: clients’ bearer form securities are held in vaults. Euroclear France has outsourced most
of its safekeeping activities to Euroclear Belgium with a dedicated contractual framework setting out
operational and strict security requirements.

Euroclear Belgium performs the outsourced safekeeping services in compliance with the same
standards mentioned above.

Euroclear France keeps a vault for some foreign securities recorded on the accounts opened by
Euroclear France to its clients. The vaults maintained by Euroclear France are subject to the security
52
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
measures and policies mentioned above.

The Euroclear France computer systems that support the book-entry records of clients comply with
the highest security standards.

Daily reconciliation and regular inventory checks are performed to ensure securities stocks and
records correspond to clients’ entitlement.

Euroclear France has implemented policies that provide for strict security measures, including those
that cover the risk of fraud.
53
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 11: Central securities depositories
A CSD should have appropriate rules and procedures to help ensure the integrity of securities issues and
minimise and manage the risks associated with the safekeeping and transfer of securities. A CSD should
maintain securities in an immobilised or dematerialised form for their transfer by book entry.
Key consideration 1: A CSD should have appropriate rules, procedures, and controls, including
robust accounting practices, to safeguard the rights of securities issuers and holders, prevent
the unauthorised creation or deletion of securities, and conduct periodic and at least daily
reconciliation of securities issues it maintains.
Clients hold their securities in dedicated client accounts. At any moment in time it is known which securities
belong to clients. The clients of the ESES CSDs are provided with all of the means that enable them to
reconcile their records on a daily basis. This includes issuers and other securities depositories which either
have a client account or alternatively are represented in the CSD by an agent who is a client of the CSD.
Changes to the positions clients hold on their happen following two events.
(i)
Transfers of securities within the CSD system from one client to another. These securities transfers
carried out by book-entry instructions and settlement movements
(ii) Transfer of securities in/out of the CSD system, for instance when (new) securities are deposited in
the CSD or; when securities are transferred to another CSD. These (physical) securities deposits or
withdrawals, though limited in number, require an adequate form that is subject to controls by the
ESES CSDs’ operational teams before they generate a book-entry operation on participants’ account
Both these events take place under strict (system) controls and procedures. This safeguards the rights of
issuers and holders and prevents the unauthorised creation/deletion of securities.
To address the operational risks related to settlement, safekeeping and custody activities, the ESES CSDs
and Euroclear SA/NV management have put forward the following control objectives:
-
Securities matching and settlement instructions are processed accurately, completely and in a
timely manner
-
Adequate management information is produced and used to monitor processing integrity
-
Specific controls and procedures are in place to verify that the securities balances post-settlement
reconcile with overall securities holdings
Key consideration 2: A CSD should prohibit overdrafts and debit balances in securities accounts.
The ESES CSDs prohibit the settlement of transactions in case insufficient securities are available to the
Client.
54
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 3: A CSD should maintain securities in an immobilised or dematerialised form
for their transfer by book entry. Where appropriate, a CSD should provide incentives to
immobilise or dematerialise securities.
Euroclear France: The French legislation provides for a sound basis for admission and book-entry
transfers of immobilised or dematerialised securities, regardless of whether or not they are governed by
French law.
Securities issued in France have been dematerialised since 1984 and are solely represented by book-entry
records in the accounts maintained by the issuer or the ‘Teneur de Compte Conservateur’ (art. L.211-3 of
the French Monetary and Financial Code).
Euroclear France still maintains vaults for foreign securities (e.g. some African countries’ securities and
Eurobonds). Such physical securities are immobilised in the vaults and credited to accounts maintained by
Euroclear France. Holdings and transfers of those securities are carried out by book-entry records.
Euroclear Nederland: The Securities Giro Act (Wet Giraal Effectenverkeer), as amended on 28 October
2010 and entered into force on 1 January 2011, provides for a sound legal basis for admission and bookentry transfers of immobilised or dematerialised securities, regardless of whether or not they are governed
by Dutch law. Furthermore, it provides a clear and effective basis for immobilisation (by limiting the
possibility to deliver securities out of the system) and dematerialisation (by prohibiting book-entry transfers
for physical securities (other than global notes)) as from 1 January 2013.
Euroclear Belgium: The Belgian legislation provides for a sound basis for admission and book-entry
transfers of immobilised, dematerialised or registered securities, regardless of whether or not they are
governed by Belgian law.
The Royal Decree 62 and the Belgian Companies Code provide for a two-tier structure of asset protection,
benefiting the Clients of Euroclear Belgium and their underlying clients. The assets held with Euroclear
Belgium are protected against both the insolvency of Euroclear Belgium and of its clients (please refer to
question XII.1 (a)).
Pursuant to Belgian law (Act of 14 December 2005 relating to the abolition of bearer form securities), as
from 1 January 2008, most of the Belgian issuers may only issue securities in dematerialised or registered
form. An automatic conversion of immobilised bearer form securities into dematerialised form was also
provided for by the legislation. The completion of the dematerialisation process is scheduled for the end of
2015. Euroclear Belgium plays a key role in this process, as it centralises the dematerialised portion of the
Belgian issues listed on regulated (pursuant to the Royal Decree of 12 December 2006) and non-regulated
markets (pursuant to the rules of NYSE Euronext Brussels). The dematerialised securities admitted in
Euroclear Belgium are held and transferred by book-entry.
Euroclear Belgium maintains vaults for the safekeeping of securities in physical form (foreign securities and
Belgian securities that are not subject to dematerialisation). Those securities are represented by bookentry records and transfers are made by book-entry. Due to the provisions of the Belgian legislation,
physical deliveries on Belgian soil are prohibited, except for immobilisation purposes and between
55
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
professionals.
Key consideration 4: A CSD should protect assets against custody risk through appropriate rules
and procedures consistent with its legal framework.
Please refer to Principle 1 KC1 for the local aspects.
In addition, in an international context:
For Euroclear Belgium:
Holdings and transfers of securities booked on securities accounts opened with Euroclear Belgium are
governed by Belgian law as Euroclear Belgium:

is the account keeper for the securities deposited with it and is located in Belgium

has only one outbound link with Euroclear Bank. Euroclear Bank has a similar asset protection
regime and has thus legally no beneficial interest in the securities deposited with it
For Euroclear Nederland:
In a conflict of law perspective, Dutch law determines the ownership rights of the admitted institutions
vis-à-vis Euroclear Nederland with respect to the securities held in the accounts maintained by Euroclear
Nederland. Euroclear Nederland holds securities via its link with Euroclear Bank which has been approved
by the Dutch Minister of Finance in application of the Securities Giro Act. In addition, Euroclear Nederland
maintains an ordinary membership link with Euroclear UK & Ireland for securities that are not eligible to
Eurosystem credit operations. The active deposit in securities issued in Euroclear UK & Ireland is held
via/in Euroclear Bank.
For such sub-deposits Euroclear Nederland ensures that the asset protection regime applicable to the subdeposited securities is similar to the asset protection regime in place in the Netherlands.
For Euroclear France:
Euroclear France has several outbound direct and relayed links with foreign CSDs.
According to French conflict of law rules, the applicable asset protection regime is determined by the law
of the place of location of the account keepers against which the ownership rights may be exercised.
When French law is not applicable, Euroclear France makes sure that a similar asset protection regime
applies to the sub-deposited assets and in particular that the foreign CSD does not acquire any beneficial
interest in the securities which are deposited with it and that participants remain entrusted with the
ownership rights.
56
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 5: A CSD should employ a robust system that ensures segregation between
the CSD‟s own assets and the securities of its participants and segregation among the securities
of participants. Where supported by the legal framework, the CSD should also support
operationally the segregation of securities belonging to participants’ customers on the
participants’ books and facilitate the transfer of customer holdings.
When our clients are legally obliged to segregate their own assets from the assets of their clients. The CSDs
enable their clients to implement such segregation in the CSD's books by allowing them to open as many
sub-accounts as they need. If a client becomes insolvent, its administrator or liquidator (appointed by the
regulator or the commercial court) has full authority to access the accounts, but the client's securities are
protected and segregated from the bankruptcy estate.
The ESES CSDs do not have own assets.
Please also refer to Principle 1 KC1.
Key consideration 6: A CSD should identify, measure, monitor, and manage its risks from other
activities that it may perform; additional tools may be necessary in order to address these risks.
The ESES CSDs offer services related to custody and settlement of assets. For all its services, the ESES
CSDs identify, measure, monitor and manage its risks in line with its Enterprise Risk Management
framework. Before new services are offered, they need to be approved by the ESES Management
Committees upon recommendation from the Risk and Operating Committee and after a risk assessment is
performed (see principle 3 for further explanation).
57
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 12: Exchange-of-value settlement systems
If an FMI settles transactions that involve the settlement of two linked obligations (for example, securities
or foreign exchange transactions), it should eliminate principal risk by conditioning the final settlement of
one obligation upon the final settlement of the other.
Key consideration 1: An FMI that is an exchange-of-value settlement system should eliminate
principal risk by ensuring that the final settlement of one obligation occurs if and only if the
final settlement of the linked obligation also occurs, regardless of whether the FMI settles on a
gross or net basis and when finality occurs.
The ESES system design, rules, procedures and contractual arrangements ensure delivery versus payment
(i.e. transfer of title to securities is simultaneous with discharge of payment obligations).
Cash positions in central bank money and securities balances are checked in real time on the books of the
ESES CSD, which allows for an immediate settlement finality. If either resource is missing, the transaction
is kept unsettled and is recycled until resources are available or when the recycling deadline is reached.
58
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 13: Participant-default rules and procedures
An FMI should have effective and clearly defined rules and procedures to manage a participant default.
These rules and procedures should be designed to ensure that the FMI can take timely action to contain
losses and liquidity pressures and continue to meet its obligations.
Key consideration 1: An FMI should have default rules and procedures that enable the FMI to
continue to meet its obligations in the event of a participant default and that address the
replenishment of resources following a default.
EF, Euroclear Nederland & Euroclear Belgium do not provide any credit to participants and have no financial
exposure to participants (except in respect of unpaid fees). Therefore, the risk related to the default of a
participant should be limited to unpaid fees at the time of the default. Such a scenario should not trigger
the need for the replenishment of resources following a default.
Participant default rules and procedures
The terms and conditions of the ESES CSDs clearly define an event of default. Should a participant not
meet its obligations, the ESES CSDs are allowed to terminate the contract or suspend its access to the
system.
The ESES CSDs will take action following receipt of actual notice of a default event in respect of a
participant. Notice may be received by various means including by way of formal information from
regulators, court order or relevant insolvency practitioner.
As soon as Euroclear France, Euroclear Nederland or Euroclear Belgium becomes aware of a default, the
ESES CSDs can be expected to suspend participant’s access to the system.
Previously entered instructions will be subject to matching and settlement procedures. The participant will
not be able to change existing transfer orders or enter new transfer orders while suspended.
Procedures are in place to manage the situation of participant default (communication with the insolvency
practitioner, regulators, national central bank, settlement banks and participants).
As the ESES CSDs are not party to any settlement transactions the default of a participant will have no
direct impact on ESES financial resources and will not lead to any losses for the ESES CSDs other than in
respect of unpaid fees.
Key consideration 2: An FMI should be well prepared to implement its default rules and
procedures, including any appropriate discretionary procedures provided for in its rules.
The ESES CSDs maintain internal insolvency guidelines describing the verification and decision processes
applicable to the insolvency of a participant.
59
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
The guidelines further outlines to whom the information regarding an insolvency should be distributed,
including, but not limited to, regulators, other participants, stock exchanges and other group companies.
Key consideration 3: An FMI should publicly disclose key aspects of its default rules and
procedures.
The ESES CSD default rules and procedures are part of the Rules and Terms and Conditions which are
publically available on our website.
The circumstances that may lead to the suspension or termination of the contract with a defaulting
participant are described in the Terms and Conditions.
Key consideration 4: An FMI should involve its participants and other stakeholders in the testing
and review of the FMI’s default procedures, including any close-out procedures. Such testing
and review should be conducted at least annually or following material changes to the rules and
procedures to ensure that they are practical and effective.
Considering the relatively straightforward settlement processing in case of a default, the ESES CSDs have
not identified any need to have specific tests with participants concerning the default procedures. Another
reason for not testing its participant default procedures with ESES CSD participants is because most of the
procedures to be tested are internal procedures with instructions for the ESES CSDs to act upon. The
interactions with defaulted participants and other participants are mainly limited to information given by
the ESES CSDs to the defaulting participant and other participants. Furthermore, in most cases it would
also only be contacts/communication with the insolvency administrator. The administrator is an external
person and is never known in the current business but only appointed at the time of the default which
makes it impossible to test in advance.
Internally, the above described guidelines are regularly reviewed with the crises management team.
60
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 14: Segregation and portability
A CCP should have rules and procedures that enable the segregation and portability of positions of a
participant’s customers and the collateral provided to the CCP with respect to those positions.
Not applicable for the ESES CSDs.
61
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 15: General business risk
An FMI should identify, monitor, and manage its general business risk and hold sufficient liquid net assets
funded by equity to cover potential general business losses so that it can continue operations and services
as a going concern if those losses materialise. Further, liquid net assets should at all times be sufficient to
ensure a recovery or orderly wind-down of critical operations and services.
Key consideration 1: An FMI should have robust management and control systems to identify,
monitor, and manage general business risks, including losses from poor execution of business
strategy, negative cash flows, or unexpected and excessively large operating expenses.
We define our general business risks both though a bottom-up process, where all business areas assesses
their risks in a structured and recurring process (RCSA-risk control self-assessments), including strategic
and business risks. These are consolidated for each Euroclear entity. The top down approach is done by
the management team in strategic and business risk assessments, including horizon scanning and out of
the box views on the CSD business.
The business risks are monitored through group functions and in the local management team. A systematic
and continuous analysis of client preferences and regulatory changes are done in product and client relation
functions as well as in the legal department.
The Product Management and Finance functions conduct a monthly revenue assessment of all revenue
streams. Market intelligence, regulatory changes and external sources of market statistics are used to
evaluate internal revenue outcome and predictions. Forecasts of volumes, value and revenues are officially
re-evaluated at Euroclear group level three times per year. The monthly analysis and forecasts are sent to
the CEO, the group Product Management function and the Executive Committee of each entity of the group.
Key consideration 2: An FMI should hold liquid net assets funded by equity (such as common
stock, disclosed reserves, or other retained earnings) so that it can continue operations and
services as a going concern if it incurs general business losses. The amount of liquid net assets
funded by equity an FMI should hold should be determined by its general business risk profile
and the length of time required to achieve a recovery or orderly wind-down, as appropriate, of
its critical operations and services if such action is taken.
Determining capital and liquidity needs: internal view based on risks faced by each entity
We determine how much equity we need to hold based on the risks faced by each of the Euroclear entities.
This takes all risk types into account, including, but not limited to, business risk.
The core equity required for the Euroclear CSDs and for Euroclear Bank is determined in line with the
Internal Capital Measurement Approach (ICMA). The objective of the Internal Capital Measurement
Approach (ICMA) is to establish high level principles that can be applied to all entities of the Euroclear
62
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
group, to ensure they have sufficient capital to cover their risks. The approach is consistent across all
entities of the Euroclear group and is an essential component of the group’s Pillar II under Basel II.
The internal view on the core equity required for the Euroclear CSDs is derived using methodologies that
are consistent with the low risk profile of these entities. It is essentially scenario-based and covers
operational and business risks, and is measured at the 99.9% confidence level.
As their transactions settle in central bank money, the CSDs have no direct cash relationship with their
clients. Consequently, they cannot extend loans or credit facilities to their customers. The CSDs can
potentially face a certain level of credit risk arising from the non-payment of fees by their clients, albeit for
limited amounts considering both the frequency of the billing and their relatively broad customer base.
Therefore, each CSD of the group is required by its home regulator to hold enough liquidity to cover such
risks.
Finally, the CSDs are also exposed to the credit risk related to the reinvestment of their cash surplus with
their bank counterparties. To limit the credit risk taken on such counterparties, the banks that are
considered for these investments should at least have a rating in a A range and cannot exceed three years.
The type of instruments used is limited to short/medium term or overnight deposits or similar products.
Determining capital and liquidity needs to ensure continued operation in case of recovery
The regulatory consensus in the European Union is that (I)CSDs should maintain at least six months of
operating expenses in order to enable a recovery or an orderly wind-down (as will be enacted in the CSD
Regulation). At the consolidated level, we also comply with the regulatory capital requirements under Basel
II. Both Pillar 1 and Pillar 2 are based on an assessment of the risks faced by the entities (see section
above). For some entities, these requirements exceed the amount that would cover six months of operating
expenses.
The time needed to implement recovery measures is expected to vary, depending on the type of measure
to be taken. However, as substantial cost reductions could be pushed through quite rapidly, this would be
expected to give ample time to support the implementation of more lengthy options. Intra-group
recapitalisation may be swift.
Regarding recovery options, as excess capital located in Euroclear SA/NV is material, it would likely provide
enough capacity to Euroclear SA/NV to support any CSD of the group in a recovery scenario.
The ESES regulators have defined three different ways for the calculation of the regulatory capital:

Euroclear France Regulatory capital shall exceed six months operating expenses (excluding non-recurrent
expenses).

Euroclear Belgium regulatory capital is based on Basle II method
-
standardised approach for operational risk: 18% of average operating revenue over the last three
years
-
standardised approach for credit risks: fixed assets and short term assets excluding cash weighted at
8%; cash deposit with financial institutions weighted at around 3%
63
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

Euroclear Nederland regulatory 2014 capital was a fixed amount of EUR 5 million.
(The fixed amount will be replaced by capital requirements as defined by the CSDR article 47)
We have a prudent capital management to ensure capital adequacy. This approach relies on the outcome of
the ICAAP exercise for the group.
Core capital
Regulatory requirement
6 month
Euroclear France
(end December 20147)
84
42
operating expenses
42
Euroclear Belgium
25
5
6
Euroclear Nederland
15
5
8
million euro
Key consideration 3: An FMI should maintain a viable recovery or orderly wind-down plan and
should hold sufficient liquid net assets funded by equity to implement this plan. At a minimum,
an FMI should hold liquid net assets funded by equity equal to at least six months of current
operating expenses. These assets are in addition to resources held to cover participant defaults
or other risks covered under the financial resources principles. However, equity held under
international risk-based capital standards can be included where relevant and appropriate to
avoid duplicate capital requirements.
Recovery or orderly wind-down plan
See our replies under Principle 3, Key consideration 4.
The recovery plan focuses on recovery and survival of Euroclear entities as going concerns. In addition, it
identifies and describes recovery options that may imply selling business lines or entities (in the group
recovery plan). Such transfers would be essential to support the orderly wind-down of any CSD.
Maintain at least six months of operating expenses
See our replies under Principle 15, Key consideration 2. Each Euroclear entity maintains a core capital that
exceeds 6 months of operating expenses.
7
Capital and reserves amount after allocation as decided by the Board
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
64
Key consideration 4: Assets held to cover general business risk should be of high quality and
sufficiently liquid in order to allow the FMI to meet its current and projected operating expenses
under a range of scenarios, including in adverse market conditions.
The banks that are considered for the investments of the ESES CSDs’ cash should at least have a rating in the
A range and such investments cannot exceed three years. The type of instruments used is limited to
short/medium term or overnight deposits or similar products.
Key consideration 5: An FMI should maintain a viable plan for raising additional equity should
its equity fall close to or below the amount needed. This plan should be approved by the board
of directors and updated regularly.
The recovery plans for the Euroclear entities include options describing how capital could be sought from
other group entities or from external stakeholders. See our replies under Principle 3, key consideration 4
on recovery planning in the group. The recovery plan of the ESES CSDs has been approved by their
respective Boards of Directors in October 2014.
As a mother company, Euroclear SA/NV is particularly well placed to inject capital in its subsidiaries in case
of need. It is the group’s policy to maintain excess capital in Euroclear SA/NV. Recapitalisation via the
group’s excess capital can be decided on and implemented rapidly.
The excess capacity available in Euroclear SA/NV exceeds the capital currently held by any group CSD.
Euroclear SA/NV has thus enough means to cover CSD’s potential needs in case of a severe stress scenario.
65
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 16: Custody and investment risks
An FMI should safeguard its own and its participants’assets and minimise the risk of loss on and
delay in access to these assets. An FMIs investments should be in instruments with minimal credit,
market, and liquidity risks.
Key consideration 1: An FMI should hold its own and its participants’ assets at supervised and
regulated entities that have robust accounting practices, safekeeping procedures, and internal
controls that fully protect these assets.
To reduce the risk related to international links, we have decided to streamline the links with foreign CSDs:
-
Where possible, CSDs links on foreign securities are managed via Euroclear Bank which is a
regulated entity, supervised by the National Bank of Belgium and FSMA
-
Relationships with other SSS/CSD are governed by bilateral contractual agreement and, as the
case may be, also by the standard ESES Terms and Conditions
SSS/CSD links are implemented in accordance with safety and quality criteria (i.e. expertise, protection of
assets deposited by the ESES CSDs’ participants, quality and costs). The principles and implementation of
these links are approved by the respective ESES CSDs’ Management Committees.
When establishing a link with another CSD, the ESES CSDs operate:
- a legal analysis and complement it with legal opinion obtained from external counsels
- an operational review
Regular reviews are performed after the initial analysis.
The account structure and granularity that is used within the ESES system is endorsed by regulatory body
and allows for asset segregations.
The ESES CSDs do not hold securities for their own account. They only hold securities on behalf of their
clients.
Our clients are legally obliged to segregate their own assets from the assets of their clients as well. The
CSDs enable their clients to implement such segregation in the CSD's books by allowing them to open as
many sub-accounts as they need. If a client becomes insolvent, its administrator or liquidator (appointed
by the regulator or the commercial court) has full authority to access the accounts, but the client's securities
are protected and segregated from the bankruptcy estate.
66
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 2: An FMI should have prompt access to its assets and the assets provided by
participants, when required.
Participants have access to their assets at any time and without delay.
Key consideration 3: An FMI should evaluate and understand its exposures to its custodian
banks, taking into account the full scope of its relationships with each.
The ESES CSDs do not use custodian banks but only other (I)CSDs.
Key consideration 4: An FMI‟s investment strategy should be consistent with its overall riskmanagement strategy and fully disclosed to its participants, and investments should be secured
by, or be claims on, high-quality obligors. These investments should allow for quick liquidation
with little, if any, adverse price effect.
The ESES CSDs Board approved policy for the investment of their own funds is as follows:
•
Duration of investments should not exceed a term of three years maximum (the average
outstanding maturity of our treasury portfolio does currently not exceed one year)
•
Types of instrument are limited to Term Deposits or similar products
•
Funds used for investment should be deposited with an institution with an external rating in the A
rating range
•
Banks that are used for investment should be part of a Euroclear group pre-approved list

We aim at investing not more than 50% of the core equity of the CSD with one single treasury
counterpart
The ESES CSDs make no investments on behalf of their clients.
67
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 17: Operational risk
An FMI should identify the plausible sources of operational risk, both internal and external, and mitigate
their impact through the use of appropriate systems, policies, procedures, and controls. Systems should
be designed to ensure a high degree of security and operational reliability and should have adequate,
scalable capacity. Business continuity management should aim for timely recovery of operations and
fulfilment of the FMI‟s obligations, including in the event of a wide-scale or major disruption.
Key consideration 1: An FMI should establish a robust operational risk-management framework
with appropriate systems, policies, procedures, and controls to identify, monitor, and manage
operational risks.
Identification of operational risk
The Board of the parent company Euroclear SA/NV has defined the Operational Risk Board Policy which is
also applicable to all entities. The primary goal of this policy is to define an operational risk management
framework that ensures that we take the necessary steps in its day-to-day operations to effectively identify,
assess, monitor and manage operational risk at all levels. The risk management framework describes:

how operational risks are identified

who bears responsibility for managing these risks

how they can be mitigated

all relevant operational risk processes

the role of people within the processes

the information needed to make sound management decisions
We adopt the Basel II definition of Operational Risk which views Operational Risk as an umbrella risk,
encompassing:

Processing risk - the risk of loss (financial or reputation) resulting from inadequate or failed internal
processes, people, system or external events

Accounting risk - the risk of loss (financial or reputational) arising from the failure to produce timely
and accurate management reporting and financial statements

Ethical conduct, legal and compliance risks
The Operational Risk Board Policy defines policy goals for:

Corporate and Information Security

Services by Third Parties

Media communications

Accounting risks

Customer affiliation and monitoring

Treasury counterparties
68
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Policy goals are then translated by senior management into Management Resolutions which are further
detailed in Implementation Procedures.
The annually updated Business Continuity plan assesses threats and risks associated with an interruption
to business processes, including those stemming from external sources. Each business area has identified
its recovery requirements (staff, communications and records, equipment, procedures) and produced or
procedures which fit with the overall business continuity plan. Single points of failure for critical services
are assessed and are eliminated as far as possible in the development projects requirements process, and
for live services in recurring risk control self-assessments.
Management of operational risk
Operational Risk Management Framework implements a risk management cycle that encompasses:

risk identification, assessment and measurement

risk response: mitigate, accept, transfer/insure or avoid

risk reporting and escalation

risk monitoring
Risk identification, assessment and measurement by the business areas are performed by:

systematic risk assessments of new products or services

monitoring performance and risk indicators of on-going business
Examples of such indicators are:

settlement volumes

settlement failures

number of corporate actions

revenue monitoring

service availability

number of operational incidents
Business areas use self-assessment processes to identify potential shortcomings and solutions.
For the management of these risks, the Board is defining yearly the Risk tolerance level consistent with the
available capital and the management the level of risk that can be accepted (risk appetite) with the
objective to keep the risk profile low and stable.
Policies, processes and controls
The business areas need to develop solutions to mitigate risks effectively, with the Risk Management
function providing an advisory role for material risks. Risk mitigating action plans and their target dates
are logged. The successful implementation of these mitigating actions is monitored by Risk Management
and is reported regularly to management.
69
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
The timeliness of risk resolution is counted as a performance indicator in the Euroclear group’s Balanced
Scorecard (e.g. addressing the key control and risk issues identified during the annual review of the Internal
Control System (ICS)).
Risk monitoring tools are in place are in place and are continuously evolving to follow-up risks. Where
possible, Line Management puts in place tactical measures to avoid the risks materialising in the advent of
a more structural solution. Risks can be accepted when the costs required to mitigate the risk outweigh the
benefits. Depending upon the impact of the risk, the decision to accept a risk is made by the business
owners or by the ESES CSDs management. There is a process to re-evaluate all accepted risks on a biyearly basis.
The risk monitoring is performed using a Risk Register, which is an inventory of the risk types that we face
in pursuing its corporate objectives. The allocation of responsibilities within our three lines of defence model
is:

first line of defence: Business identify the risks that may prevent reaching their objectives, define and
operate controls to mitigate the risks and document and demonstrate the control environment.

second line of defence:
o
Risk Management defines the control environment framework in line with regulations and
internal policies, it monitors the Risk and Internal Control environment against changing
internal and external environment and reports, challenges or escalates to management risks
or control defects. Risk Management supports the business to implement remedial actions.
o
Compliance: monitors, tests and reports to management on controls relating to laws and
regulations and advises on remedial actions. Other support functions like Finance or HR monitor
specific controls and escalate to management in case of control defects

third line of defence: Internal Audit independently reviews and tests the controls and reports to
management about the adequacy and effectiveness of the control environment.
The Euroclear group aims to align its risk management practices as closely as possible with major
recommendations from various regulatory and industry bodies, such as:

CPMI-IOSCO

G30

European Securities and Markets Authority

Local regulators
Its risk management framework is defined in an Operational Risk Board policy applicable for the Euroclear
group. It has been developed and is maintained in accordance with best practices for risk management and
regulatory guidelines, including:

COSO8

ISO 31000:2009 principles and generic guidelines on risk management

ISO 27001:2013 guidelines for Information Security
8
An internal control framework by The Committee of Sponsoring Organisations of the Tradeway Commission
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
70

Local regulatory requirements
The Human Resources (HR) function has established formal hiring policies providing appropriate assurance
that new employees are qualified for their job responsibilities. The hiring process includes the
communication to HR of an extract for the applicant of national register recording past crimes.
All new employees complete a standard introduction programme. In addition, there are informal
departmental seminars, supervised on-the-job trainings, and formal in-house training courses. Certain
positions require specialised training provided by third parties. Managers are responsible for encouraging
staff to pursue additional training and development to increase expertise within their functional
responsibilities.
All personnel agree personal written objectives for the year with their manager, including discussions on
training needs and career plans. Appraisal meetings are held to follow-up on objectives and performance
during the year. A succession plan is established and covers all managerial positions.
HR maintains a talent management process, where existing staff profiles are tested against upcoming
vacancies. It also maintains records of joiners, movers, leavers and updated the EXCOM management team
regularly about status and trends. Staff rotation and transfers between departments and even between the
entities of the Euroclear group is encouraged. Regarding fraud prevention, the Euroclear group has
implemented in all its entities, including the ESES CSDs policies on:

Code of conduct

Ethical Conduct

Conflict of interest

Market abuse

Accepting gifts

AML, sanctions

Whistleblowing
Additionally, in areas where values are handled (e.g. payments), there are numerous operational controls
implemented in order to minimise the risk of fraud, e.g. STP-processing, 4-eyes principles, reconciliation
checks, etc.
Fraud Reporting is essential to ensure the consistent treatment of information regarding fraud, the proper
investigation by an independent and experienced team, and the protection of Euroclear group 's interests
and reputation. All staff have been informed on how to report any evidence or suspicion of fraudulent
activities.
All staff must complete on a regular basis a compliance test including questions related to fraud prevention.
When designing (new) products and services, all risk types including operational risk are considered via
formal risk assessments before the launch. The implementation of the controls or measures that are
required subsequent to such risk assessments is monitored.
71
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Changes to operational applications and their supporting systems and networks are planned, developed
and implemented in a controlled manner.
The system development methodology takes into account the resilience of the infrastructure and
applications which need to be respected for all critical infrastructure components and applications.
Compliance to these principles and guidelines is evaluated for every project or change as part of the
production acceptance criteria.
Application systems are subject to testing and review in several application environments (integration
testing, volume testing, acceptance testing) before they are installed in production. The scope of such
testing is defined and the results are reviewed by both technical and business experts.
Once testing is complete, the change is made available for release into the production environment. There
is a formal sign off process involving the business management, IT and technical experts to approve change
releases. Many key things are checked during the sign off, like:

the timing of the change

test results

customer and user readiness

risk of other interfering activities

particular risk areas

the availability of support expertise after the launch

preparedness to back-out the change in case of problems, etc.
We apply a ‘release approach’, limiting the number of releases. Therefore, a release may contain several
application changes. Only a limited number of authorised individuals, independent from the development
team, are able to implement such approved changes, thereby leaving an audit trail of transfers into
production.
Key consideration 2: An FMI’s board of directors should clearly define the roles and
responsibilities for addressing operational risk and should endorse the FMI’s operational riskmanagement framework. Systems, operational policies, procedures, and controls should be
reviewed, audited, and tested periodically and after significant changes.
Roles, responsibilities and framework
Since Risk Management (including operational risk management) and IT are centralised in the holding
company Euroclear SA/NV, both Euroclear SA/NV and the ESES CSDs have certain responsibilities for
operational risk.
ESES CSDs level
The ESES CSDs Board is the ultimate decision making body of ESES CSDs.
72
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
To perform its responsibilities more efficiently, the Board has established a number of committees for which
the Board has defined Terms and references including the roles and responsibility of each committee.
The Audit and Risk Committee (ARC) is an advisory committee which helps the Board fulfil the following
responsibilities:

oversight of the quality and integrity of the accounting, auditing and reporting practices

reviewing the effectiveness of internal control and risk profile

monitoring management systems

the appointment of the External Auditor as well as its independence

the approval of annual internal and external audit plans
The ARC receives input from the internal audit, compliance and risk management functions, and at least
once a year verifies whether those functions are working effectively.
The ESES CSDs Management Committee is responsible for:

that line managers take their responsibility for managing risks and control functions within the
organisation’s business operations as the ‘first line of defence’

ensuring that sufficient resources are allocated to the risk management, finance and compliance
functions, who act as the ‘second line of defence’ and who also provides the frameworks for the
management of risks, e.g. policies

ensuring compliance with policy documents, as well as with local laws and regulations

reporting to their Board on risk matters and control gaps and about significant actions taken to mitigate
detected gaps without delay
The ESES CSDs Management Committee is assisted by local risk and operating committees to assist in the
performance of its duty.
Euroclear group level
The Euroclear SA/NV board has several committees: among them an Audit Committee, a Risk Committee
and a Management Committee with similar responsibilities (for Euroclear SA/NV) as described above.
A group Risk Committee (where all (I)CSDs of the group are represented) has been set up by Euroclear
SA/NV Management Committee to assist in assessing group -related risks.
Group Admission Committee ESES CSDs, participate in this advisory cross-entity committee to:

review the new Participant profiles and their impact on the overall business portfolio

recommend new admission requests to the relevant management committee

propose possible changes to the Participants’ admission strategy
Euroclear SA/NV has a Risk Management Division, responsible for the following generic types of activity for
each of the risks it covers:
73
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

Risk Policy Setting; i.e. definition of the corporate rules of conduct relating to those risk areas where a
violation of the corporate policy may lead to (i) severe losses affecting the creditworthiness of each
company of the group; (ii) permanent damage to its reputation or (iii) unacceptable levels of systemic
risk

Risk Assessment & Measurement; i.e. tools and methods for risk definition and measurement;
identification and assessment of the various risk exposures, their likelihood of occurrence and the
required loss absorption capacity

Risk Advice; i.e. expert impartial risk advice

Risk Monitoring; i.e. follow-up of exceptions, action plans, new products and changes in risk profile;
oversight over the various risk portfolios and reporting to the appropriate levels (local and group)

If needed, escalation of material risk issues to the various Management Committees and Board Risk
Committees or local Audit and Risk Committees

Risk Transfer; i.e. identification and tracking of situations where large risk exposures can be transferred
to a third party via insurance or a hedge at the corporate level (e.g. macro-hedges to cover Interest
Rate or FX risks). In cases where such a transfer is not possible, Business Continuity Planning is
considered
Risk Management is headed by the Chief Risk Officer (CRO) and acts independently from other functions
in the group and reports directly to the group CEO. Risk Management comprises a Corporate Risk
Management department, in charge of operational risk, with which include dedicated local risk managers
for each entity.
The Risk Management division ensures that risks are known and understood by management. They escalate
material risk issues to the appropriate level to ensure that management, the Board, the Audit or Risk
Committee are aware of:

the emergence of new risks

the evolution of identified risks

any cases where the mitigating actions for an existing risk may be:
o
insufficient in scope or
o
put in place later than originally intended
The Risk Management division regularly reports on operational risk, tailoring its reports to the audience
(group or local audit and risk committees and management committees).
The parent company's Euroclear SA/NV Board has approved the Operational Risk Board Policy which defines
the operational risk management framework. The effective implementation and monitoring of this board
policy is delegated to the Euroclear SA/NV Management Committee. It reviews the effectiveness and
efficiency of the Operational Risk management framework, including through effective and comprehensive
independent audit review, and ensures that it evolves to meet strategic needs and compliance
requirements.
When senior management reviews this document, they consider whether any material information, for
example regarding major changes in risk management framework, necessitate changes to this document.
74
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Senior management will report on its findings to the Board and, where appropriate, recommend
amendments to this document to the Board.
Further reviews may be undertaken in the event of significant changes in our strategic, operating, legal
or compliance environment.
The Boards of local entities endorse this policy, as well as any other more local policies in the risk
management area.
Review, audit and testing
Control objectives of the CSDs and of the Euroclear group are assessed continuously as part of the bottomup business control and monitoring processes, reported and discussed in management performance
meetings at different levels in the organisation (from Lean whiteboards monitoring to reviews by the local
and group operational risk committees and management committees of the group).
These objectives are also collectively reviewed top-down through the regular Positive Assurance Report
(PAR9) self-assessments. To prevent that they become routine exercises, Risk Management ensures that,
at least once a year, these regular self-assessments are performed with the right mix of people around the
table (different layers in the organisation, representatives of quality assurance teams, Risk Management,
and any other relevant party), ensuring systematic availability of comprehensive material (the PAR, near
misses, losses, incidents, control maps, accepted risks, risk management reports, internal audit reports,
ISAE 3402, etc.).
The PAR of the different entities and divisions of the company demonstrate that controls are adequate and
effective or not. A summarised view by division/entity, the Assurance Map and the most important control
weaknesses and the related action plans are pulled together for the ICS report. At least twice a year, Risk
Management coordinates the review of the PAR and stores the update reports to keep an audit trail.
The mission of the Internal Audit Division (IA) is set out in the Internal Audit Charter approved by the
Senior Management and the ARC/Board, as providing reasonable assurance, in an independent and
objective way, on the adequacy and effectiveness of the group’s system of internal controls to support the
Board and senior management of each Euroclear entity in reaching their objectives. IA has set up a
comprehensive audit universe including all processes carried out by the group, whether directly or
outsourced.
Each quarter, a rolling-forward plan for the next six quarters is produced on the basis of risk and control
assessments (RCA) which determine the need, scope and depth for audits (“risk-based audits”). In any
case, a full scope audit is performed on each line of the Audit Universe at least every three years (“rotational
Positive Assurance reports (PAR) have been deployed at entity/divisional level and, where relevant, at departmental
level. They link business objectives through to control objectives, control activities, and forms of evidences. By
keeping track of the main expected internal and external change factors, they allow first line management to timely
maintain the adequacy of the control environment when expected changes materialise.
9
75
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
audits”). The quarterly Plan, with both risk-based and rotational audits, is presented and approved by the
Management Committee and by the Audit Committee.
The operational risk management framework is subject to both internal audits, within the framework
described above, and to external audits, by the company’s External Auditor.
The ESES CSDs publish an ISAE 3402 Report on a yearly basis. This report provides substantive information
on controls and operating procedures. The ESES CSDs have invited an independent audit firm to confirm
the operating effectiveness of its controls. The verification of these controls demonstrates that effective
risk management is practiced in the daily provision of new and existing operational services.
Key consideration 3: An FMI should have clearly defined operational reliability objectives and
should have policies in place that are designed to achieve those objectives.
The Euroclear group sets out the high level objectives for the organisation, including those related to
operational reliability. All day-to-day activities and projects have to be related and contribute to the
achievement of these high level objectives, both on a group and on a local level. Operational reliability
objectives are defined in this context, at different levels.
The following are two examples of high level qualitative objectives, defined in the risk register:

we deliver operational services that meet clients' expectations and maintains robust service resilience;

we operate our systems to achieve defined service levels appropriate to the business application.
Qualitative objectives are e.g. stated in management resolutions and in implementing procedures, which
are governing documents on a more detailed level, established within the policy framework and published
on the ESES CSD Intranet for employees. Further quality statements can be found in the sets of control
objectives used and within the departments’ own internal process and standards documentation.
Quantitative reliability objectives are primarily defined by the business owners and are documented in
service level agreements (SLAs).
An example is that the maximum unavailability of a core service during business hours should not exceed
two hours.
Our controls maturity model and self-assessment guidelines are used to assess the sustainability of the
control environment. Control activities are evaluated against a spectrum of maturity attributes. It provides
us with a snapshot of where control activities stand at a particular point in time relative to a standard rating
scale. The controls maturity model helps management assess the effectiveness of controls, provides a
measure of sustainability over time and enables Euroclear to assess progress in enhancing the ICS over
time.
76
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Internal assessments, client interactions and surveys, as well as the monitored track record of operational
reliability and follow-up of all incidents, allow ESES management assessing, whether the achieved levels
are matching the set requirements.
In working towards its corporate objectives we face a range of risks. The Risk Register categorises and
defines these risk types and identifies where they exist within the group.
The Risk Register is supported by high-level control objectives, established by the Management Committee
to mitigate the risks in the Risk Register. These high-level control objectives encompass all high-level
processes that need to be realised effectively to allow individual business areas to achieve their business
objectives. Control objectives provide guidance to the organisation on the expected level of internal control
in each entity and division of the group. Each of the delivered services has a senior business management
owner who is overall accountable for ensuring that risks are appropriately mitigated.
The high-level control objectives are supported by level-two control objectives, agreed with business
management. They explain in more detail how business areas can achieve their high-level control
objectives.
The level-two control objectives are supported by the implemented controls and control processes. The
control objectives are the foundation of the Euroclear group internal controls system.
Controls have been built into business processes and their effectiveness is challenged continuously through
day-to-day management actions, self-assessments of business risks and controls - including a review of
risk and control issues by management - and independent reviews carried out by Internal Audit.
The majority of operational risk processes are frequent and recurring activities. These processes are
updated on a regular basis.
The control objectives are the basis of the annual risk and control self-assessments. These qualitative selfassessments and the complementary quantitative self-assessments are key components of the risk
management framework.
Key consideration 4: An FMI should ensure that it has scalable capacity adequate to handle
increasing stress volumes and to achieve its service-level objectives.
Capacity management is in place to ensure that IT capacity meets current and future business
requirements. There is a continual monitoring of defined infrastructure services (daily review and
dashboards) to identify potential issues ahead of time. Actions are taken to increase capacity (or rebalance
workload) as thresholds are approached.
Capacity monitoring and management are part of the applied ITIL framework and are included in the riskbased internal audit universe.
77
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Capacity management is in place within the project lifecycle to define capacity requirements for new
infrastructures and support performance testing within projects.
Key consideration 5: An FMI should have comprehensive physical and information security
policies that address all potential vulnerabilities and threats.
Physical security
The Euroclear group -wide Operational Risk Board Policy comprises policy goals for Corporate and
Information security. Hence, identifying, monitoring, assessing, and managing the full range of physical
vulnerabilities and threats on an on-going basis is part of the operational risk management framework.
More detailed procedures have been defined at entity level to take into account the local specificities. The
objective is to prevent unauthorised physical access, damage and interference to business premises and
information and to prevent loss, damage, theft or harm to assets (including personnel) and interruption to
our activities. Critical or sensitive business information processing facilities should be housed in secure
areas, protected by a defined security perimeter, with appropriate security barriers and entry controls.
They should be physically protected from unauthorised access, damage and interference.
The physical security takes into account general best practices, both as defined by the parent group and
as recommended by international standards like ISO 27000 and by local authorities, recommendations and
legislation. We are also complying with insurance company recommendations.
When compliance with any security standard outlined in the Physical Security Implementing Procedure is
not achieved, a formal risk assessment is to be made and an exception is reported either for mitigation or
for acceptance by senior management.
Change-management and project-management policies and processes require that physical security related
risks are identified, assessed and mitigated in compliance with the physical security implementing
procedures.
Information security
Consistent with Basel II, Information Security risks are a component of Operational Risk.
Hence the Euroclear group -wide Operational Risk Board Policy is also applicable for identifying, monitoring,
assessing, and managing the full range of information security vulnerabilities and threats on an on-going
basis. Information security is defined within this policy as the protection of critical assets, by preserving
their:

Confidentiality: ensuring that information is accessible only to those authorised to have access and is
not misused

Integrity: safeguarding the accuracy and completeness of information
78
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

Availability: ensuring that authorised users have access to information when they need it

Compliance: ensuring that relevant legal and regulatory requirements in relation to the protection of
information are adhered to
Under the group policy mentioned above, an Information Security Management System has also been
implemented. This Management Resolution:

describes how information security (IS) within the Euroclear group and locally is organised, managed,
implemented and monitored


outlines the roles and responsibilities for information security
o
Group's Chief Security Officer
o
Domain Security Managers / responsible (entity level)
o
Data Protection Co-ordination Officer and Data Protection Officers
o
IT Security Operations / IT Security Architecture
o
The group Risk Committee / Local security and operating Committees
translates the Board’s intent, as described in the Operational Risk Board Policy, into more detailed IS
control principles and measures in order to protect Euroclear's and clients’ critical assets. Information
security is addressed through the implementation of controls in four domains:
o
Physical and environmental security
o
Personnel security
o
Logical security
o
Business continuity management
The Chief Security Officer heads a Business Resilience and Information Security team in the Risk
Management division. The Chief Security Officer is responsible for developing and maintaining the policies,
standards, processes and procedures that together form the ISMS.
Through this process the Chief Security Officer defines the standards to which the Information Technology
Security Management department, part of the Corporate Technology division, operates with regard to
information security. This department is responsible, with the help of the Technical Domain Owners and
System Engineers, to design and define an adequate and effective IT security environment, consisting of
technical architecture, standards, tools, processes and services. The daily operational control of these
security measures is also under the responsibility of the Information Technology Security Management
department.
The Management Committee of each group entity retains responsibility for monitoring and overseeing
policies, issues and exceptions that are relevant to for the entity and report any relevant issues to the
Business Resilience and Information Security team.
The formal policies and standard procedures governing Information security are based on internationallyrecognised control standards, such as the ISO/IEC 27000:2005 series, BS25999-2:2006, ISO IEC 31000,
COBiT and ITIL.
Additionally, where personal or sensitive personal data is concerned, we are guided by the EU Directive
and relevant national legislation.
79
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Our project management framework mandates risk assessments to be done before implementation starts
and before delivery to production. At these check points, information security requirements and residual
risks are assessed and appropriate mitigation actions are initiated, if needed.
All changes to the production environment (hardware, software and network devices) need to be formally
approved before implementation. Changes to the production environment are only made subject to a
standardised process, including specific controls to minimise the risk of errors or disruptions:

Changes required to hardware, network devices and software are recorded electronically by raising a
change request form and need to be approved by authorised staff

A test approach is defined and approved, determining the level of testing appropriate to the change or
project

The production launch process is controlled by a specifically-designated committee (Change Advisory
Board) that reviews changes and verifies that an impact analysis was conducted and that all required
approvals are present. Formal production acceptance criteria have been established to support the
impact analysis by the different domain experts represented in the committee. Documentation evidence
and approvals are recorded in the change management system

A verification is done to ensure that earlier identified needs relating to required user training, changes
in operational procedures and other support considerations have been addressed adequately

A group independent from the development team performs the transfer of source code into the
production environment using automated tools that are only available to authorised individuals

The tools provide a complete audit trail of all transfers into production
Emergency changes, required in case of system blockage or non-availability, are following strict procedures
and authorisation. Changes performed during emergency are reviewed by the domain experts to make sure
they are properly documented and can be kept as such.
Internet facing applications are code-reviewed from security and robustness point of view by external
expertise before launch. Vulnerability assessment and penetration tests are conducted on a regular basis
with the support of specialised providers.
Key consideration 6: An FMI should have a business continuity plan that addresses events
posing a significant risk of disrupting operations, including events that could cause a wide-scale
or major disruption. The plan should incorporate the use of a secondary site and should be
designed to ensure that critical information technology (IT) systems can resume operations
within two hours following disruptive events. The plan should be designed to enable the FMI to
complete settlement by the end of the day of the disruption, even in case of extreme
circumstances. The FMI should regularly test these arrangements.
Objectives of business continuity plan
A formal business continuity framework has been defined that describes roles and responsibilities, and the
risk-based approach adopted. It also includes objectives supporting the business targets for the timely
80
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
resumption of critical operations. The Risk Management Division is responsible for the coordination of the
Business Continuity Plan (BCP) across the group.
The Business Impact Analysis (BIA) is the foundation of our Business Continuity Management (BCM)
process.
A formal BIA is used to identify the critical activities and their recovery time objectives for each of the
business processes. During the BIA threats and risks associated with business process' interruptions are
identified and assessed by determining the effect of loss, interruption or disruption to business on the
function of each department and thus on the organisation as a whole. The analysis considers both the short
and long-term effects of an incident, and identifies dependencies on people, information, technology and
facilities. The output of the BIA is used to form the Business Continuity strategy and plans, in accordance
with the Operational Risk Board Policy.
Business continuity plans have been developed to cover a number of defined scenarios, including the loss
of an office, loss of staff and IT disaster recovery incident. They contain the following elements:

guidelines on how to use the plan

the process to alert and activate the crises management team

responses and recovery procedures meant to return the business to normal operations following an
incident or disaster

procedures to continue to maintain critical activities following the widespread loss of staff

communication contact list with stakeholders, employees, key clients, critical suppliers, stockholders
and management

Critical contact information on continuity teams, affected staff, clients, suppliers, public authorities and
media
The local senior management committee advises on and approves the business continuity objectives and
plans.
Design of business continuity plan
We have three data centres:
-
Two nearby data centres (DC1 and DC2) provide real-time synchronised data mirroring and act as
the primary and secondary data centre
-
A third data centre (DC3), located hundreds of kilometres away from the two synchronised sites,
receives asynchronisiously replicated data. It allows recovery in a few hours in the event of a
regional disaster affecting both other data centres. Euroclear SA/NV, Euroclear Bank, Euroclear
Sweden, Euroclear UK & Ireland and the ESES CSDs have currently access to DC3
81
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
A Local Disaster Recovery is declared following any disaster that affects one Data Centre. In such
circumstances, for high criticality applications, the Recovery Time Objective is two hours and the Recovery
Point Objective is to have zero data loss.
A Regional Disaster Recover is declared following a failure at both primary and secondary data centres. In
such circumstances, for high criticality applications, the Recovery Time Objective is four hours and the
Recovery Point Objective is to have data loss of less than 1 minute (dependent on system volumes at time
of failure, and excludes rolling disaster).
The system development methodology includes principles and guidelines with regard to resilience of the
infrastructure and applications which need to be respected for all critical infrastructure components and
applications. Compliance to these principles and guidelines is evaluated for every project or change as part
of the production acceptance criteria. The core processing systems and networks are designed to provide
resilience through the use of mechanisms including mirroring (synchronous) of production data, the use of
fault tolerant computers or resolving single points of failure. The provision of the communication lines is
split across a number of telecommunications suppliers thereby providing additional protection against single
point of failure.
The objectives of the Business Continuity Management (BCM) implementing procedure are:

To outline the BCM system which we operate

To ensure that we are prepared to respond to impacts resulting from a disruption to service

To ensure that all employees understand their roles and responsibilities when responding to disruptions

To ensure that BCM is firmly embedded into our business culture
Procedures and checklists are maintained and made available in various ways to enable Duty Managers
and senior management (executives and department heads) to effective management and control of the
services at all times, also in case of emergency.
‘Battle boxes’ (Go bags) are also securely stored at external locations to ensure that the Business Continuity
Plan and related procedures are available in case of a potential disaster.
82
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Standard introductory training for new Euroclear staff explicitly covers Business Continuity in general and
personal responsibilities. BCP awareness updates, exercises and training are provided on a regular basis to
all Euroclear group staff, using different communication channels and tools.
The core processing systems synchronously mirror production data between the two main data centres.
Hence, the status of all transactions is known even in case of a disruption affecting one data centre.
The core processing systems also asynchronously mirror production data between the active data centre
and a third data centre. In the extreme case that both primary and secondary data centres would fail, a
data loss of less than 1 minute (dependent on system volumes at time of failure, and excludes rolling
disaster) could occur. This is a very low probability but high impact scenario.
Data Loss Response plans have been developed by operations specialists to minimise the impact of data
loss whilst aiming to resume computerised operations in a time period which does not cause unnecessary
strain on market stability. In extreme cases, given the imperative of maintaining market stability, it may
not be possible to recover 100% of all transactions which were applied to the production system. Therefore,
management will monitor reconciliation activities and will resume operations as circumstances dictate.
The Data Loss recovery principles are:

We will consider records of transactions held by National Central Banks (NCB’s), Central Securities
Depositories (CSD) occurring during the suspected period of data loss to be the “master” source

at all times we are the “master” source for our clients, this may result in previously executed
transactions requiring re-execution by clients following recovery

clients will be made aware of their obligation to evaluate the status of trades throughout and following
recovery
Crisis management
To ensure a systematic and coordinated response to unexpected events, we established a three-tiered
Bronze-Silver-Gold crisis management structure. These three levels deal with Operational-TacticalStrategic issues respectively.
Communication to internal and external parties during and after an incident forms an essential part of the
incident response. The Crisis Management teams are required to assess the need for communication and
if so, to communicate to clients, clients facing staff, other staff, and, from Silver on, also to regulators and
in case of Gold to the press.
Client communication is to be initiated as soon as possible, with a threshold set at 30 minutes after the
calling of the Bronze meeting. The Commercial Crisis Management guide also gives guidelines on the
message contents. The contents should cover the reason and impact of the problem, contact details,
possible mitigating actions by the ICSD (such as extension of input deadlines, settlement windows open
longer) and the planned timing of the next update until resolution.
83
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Secondary site
We have implemented a back-up/cross-border rebalancing site strategy for staff, with geographicallydispersed business operation sites to limit the risk that a single event will impact a main site and its back
up. Business resumption is tested on a regular basis to make sure that in case one site is unavailable, all
critical activities can be operated from another site.
We operate two main data centres fully equipped to provide core critical production services. The sites are
linked by real-time synchronous data mirroring and load balanced networks. The critical production services
are swapped between these two sites around six times a year, demonstrating their capability to take over
production in the event of a disaster impacting any of the data centres.
A third data centre enables the resumption of business critical services within the same business day of a
major incident affecting both main sites. The regional recovery capability is tested at least once a year.
The network is active/active/active. Client communications are load balanced and therefore do not rely on
just one data centre for communications in or out. They are automatically redirected to the right server
depending on where the service is running. Virtual IP addressing is used to aid the failover and avoid the
need to change IP addresses.
Review and testing
The Business Continuity Policy is reviewed annually and considers changes to our risk profile, business
objectives, operational environment, legal and regulatory requirements and market expectations.
A formal BCP test framework is maintained indicating how and when each element of the plan is tested.
The test framework helps ensure that all elements of the plan are tested periodically.
Each business owner has the responsibility to implement effective BCP solution in his area. The risk
management function has the overall role of coordinating and promoting BCP testing and reviews. RM also
consolidates management reporting of the testing and its outcome to management, Audit and Risk
Committee and to the group. These tests include:

IT Disaster recovery testing: Production is transferred from data centre one to data centre two at least
six time per year and once per year to data center three

Office Switch tests, simulating the loss of a single office is organised at least twice/year for each
department running any critical function

Several crisis management exercises (alerting tests or desktop or simulation exercises) are organised
each year
The BCP solution and recovery plan including the switch of processing between sites is transparent to
participants. This means, that although there may be service interruptions, the recovery process is
transparent to users, i.e. the participants does not know from which of the IT centres the services are
provided, or if there was a switch of the processing site during the interruption or not. Thus, there is not
any particular action for a participant to take during a BCP test. (This is the same for all of Euroclear group).
84
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Staff from the outsourcing partner is participating to the tests, as they provide the system operations staff
actually performing the tests on our request. Other service providers or linked FMIs do not participate, as
the tests have no relevance to them.
Key consideration 7: An FMI should identify, monitor, and manage the risks that key
participants, other FMIs, and service and utility providers might pose to its operations. In
addition, an FMI should identify, monitor, and manage the risks its operations might pose to
other FMIs.
Risks to the ESES CSDs’ own operations
The Operational Risk Board Policy defines policy goals for services delivered by third parties as well as for
participant affiliation and monitoring.
For certain aspects of the services offered to participants, Euroclear (I)CSDs use external service providers.
The use of services provided by the external parties is governed by local Outsourcing Management
resolutions in line with Operational Risk Board policy.
The relationship between Euroclear and service providers is subject to a formal contract including service
level management agreements even when the provider is an entity of the group Euroclear.
We have identified the required roles, and assigned appropriate responsibilities to manage and monitor its
service providers. Service delivery is reviewed on a regular basis. Services are measured and compared
with targets to identify whether the objectives are met, and where applicable, what actions need to be
taken to improve the service.
The IT services have been outsourced to a service provider (Euroclear SA/NV which is the mother company
of the Euroclear (I)CSDs). The relationship with the provider is defined in a formal agreement including
service level agreements. Service delivery is reviewed on a regular basis through Key Performance
Indicators (KPI). Corrective actions are requested when the agreed KPI are not met.
We have signed contracts with different providers avoiding that a single provider would put our operations
at risks.
By the contract, our auditors have the right to audit the relevant arrangements of the service provider.
Concerning their participants, Euroclear (I)CSDs are providing financial market infrastructure services. An
operational failure of a large participant or another FMI (such as a CCP) will not pose any significant risks
directly to the FMI, but they may pose risks to their counterparts and may pose risks to the efficiency of
the systems, e.g. the settlement ratio. Such risks are mitigated in several ways, for example by:

participant admission criteria and the continued follow-up of these by annual due diligence visits
85
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK

continuous monitoring of system usage and by incitements by participants to follow the established
user rules

offering participant the possibility to use different network providers
In the framework of its market links, Euroclear (I)CSDs review operational risks aspects of linked (I)CSDs
or local custodians used as an intermediary to access foreign markets. See also Principle 20.
Risks posed to other FMIs
By providing (I)CSD services with full delivery versus payment processes, Euroclear entities are reducing
the risks encountered by their participants for the settlement of their transactions.
As any FMI and more especially any CSD, if a Euroclear (I)CSD would not be available, this would have a
significant impact on participants (for example late settlement, potential liquidity issue for participants who
were expecting to receive cash), other FMIs such as CCP (for example difficulties to identify margin
calls/buy in to be processed), CSDs and central banks (for example settlement of Money Market
Instruments (MMIs), new government bond issues, payment of interests/redemptions, bank liquidity
management if the collateral in the Euroclear system cannot be provided).
To reduce the risks related to interconnectivity with external entities (large participants, CSDs, Central
banks, CCP, stock exchanges), we are participating to a number of national and European (ECSDA) working
groups focusing on links, crisis preparedness and business continuity management. Euroclear’s (I)CSDs
participates to common exercises with the financial sector to test the effectiveness of crisis management
and improve crisis management with the financial market.
86
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 18: Access and participation requirements
An FMI should have objective, risk-based, and publicly disclosed criteria for participation, which permit fair
and open access.
Key consideration 1: An FMI should allow for fair and open access to its services, including by
direct and, where relevant, indirect participants and other FMIs, based on reasonable riskrelated participation requirements.
Participation criteria and requirements
The ESES CSDs operate an open and transparent access and participation process, with publicly disclosed,
non-discriminatory participation requirements. The admission criteria are set out in our Operating Manual
- Part I and in the Terms and Conditions - Book I and Book II and are publicly available on our website
(my.euroclear.com).
Access to Euroclear France, Euroclear Netherlands and Euroclear Belgium is business driven, taking into
consideration the limited risk profile we must maintain as a financial market infrastructure.
In order to be admitted as a participant, any applicant needs to belong to one of the following categories
of persons:
1. credit institutions within the meaning of Directive 2006/48/EC of the European Parliament and of
the Council of 14 June 2006 relating to the taking up and pursuit of the business of credit institutions
(recast), organised under the laws of a Member State of the European Economic Area
2. investment firms within the meaning of Directive 2004/39/EC of the European Parliament and of
the Council of 21 April 2004 on markets in financial instruments, organised under the laws of a
Member State of the European Economic Area
3. central securities depositaries of a Member State of the European Economic Area
4. national central banks participating in the European System of Central Banks
5. public institutions of a Member State of the European Economic Area
6. any other category of persons listed in Book II
The information and documentation to be provided by the Applicants is exhaustively mentioned in the
Operating Manual - Part I. The generic information and documentation is common across the three CSDs.
However, additional specific documents are required depending on the requirements of the local regulatory
requirements.
The three CSDs make available to all clients a directory of clients containing the client’s name and, if the
client is a Party, its account by posting it on our website.
87
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Number of ESES participants (as at end February 2015)
ESES CSD
Number of participants
Euroclear France
273
Euroclear Belgium
167
Euroclear Nederland
159
The four admission criteria
As described in the Terms and Conditions - Book I, each ESES CSD, hereafter ‘the CSD’, will determine
whether admission of an applicant is warranted by considering the following admission criteria:
1. Technical and operational capability: an applicant must demonstrate that it has both the staff and
the technological infrastructure to meet the CSD's operational requirements for the applicant's intended
use. The applicant must have adequate personnel capable of administering its use of the CSD system
efficiently and adequate physical facilities, technological infrastructure and communications systems to
meet the operational applicant must also demonstrate an ability to maintain this capability on an ongoing
basis and to comply with any condition or requirement, which the CSD reasonably deems necessary;
2. Reputation in the market: the applicant must demonstrate that it has a good name in the market. In
making this determination the CSD will consider the applicant’s regulatory status, if any, reputation of
management, regulatory environment of the country where the Client is located;
3. Anti-Money Laundering Programme: while it is the sole responsibility of each applicant and Client to
comply with any anti-money laundering requirements applicable to it, the applicant must demonstrate that
it has an adequate anti-money laundering programme in place which complies with applicable law on
prevention and detection of money laundering. In making this assessment, the CSD shall consider the
applicant’s location as well as its identification, control and reporting procedures;
4. Risk Assessment: the CSD may decline to accept any applicant upon a risk-based assessment which
indicates that admission of the applicant could:
a. compromise the CSD's ability to provide prompt, safe, accurate and orderly processing and settlement
of transactions, or
b. represent a threat to the security, integrity or reputation of the CSD or the CSD system, or
c. is likely to be disruptive to other clients.
In making this assessment, the CSD will consider factors relating to the applicant’s risk control environment
and will consider whether the applicant conducts regular risk assessments within its organisation in order
to identify, quantify and prioritise risks against criteria relevant to its organisation.
Testing
Aside from these admission criteria, the applicant needs to successfully pass any test as the CSD may
88
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
reasonably request to assess the applicant’s technical and operational capability.
Decision
The senior management of the CSD is competent for deciding on the admission of any applicant subject to
regulatory approval, if any, imposed by the applicable law.
Appeal
If an applicant’s request for participation is refused, it has a right of appeal. The appeals process is set out
in the Operating Manual - Part I and is publicly available via our website.
Key consideration 2: An FMI’s participation requirements should be justified in terms of the
safety and efficiency of the FMI and the markets it serves, be tailored to and commensurate
with the FMI’s specific risks, and be publicly disclosed. Subject to maintaining acceptable risk
control standards, an FMI should endeavour to set requirements that have the least-restrictive
impact on access that circumstances permit.
Justification and rationale of participation criteria
Our admission criteria mentioned in Q.18.1.1 are justified in terms of safety and aim to limit either specific
risks, including operational risks (technology capability criterion) and legal risks (legal capacity
requirement), or risks in general (internal controls and risk management and ethical standards). The
admission requirements were reviewed in 2014 and are kept under review in the light of forthcoming
market events or changes such as T2S and CSDR.
Any applicant can only be presented to the senior management of the CSD for admission after the approval
from the competent national regulator. For some specific type of applicant, a pre-approval from the national
regulator is required.
As noted above, the admission requirements are set out in the Operating Manual - Part I and in the Terms
and Conditions - Book I and Book II and are publicly available via our website.
Key consideration 3: An FMI should monitor compliance with its participation requirements on
an ongoing basis and have clearly defined and publicly disclosed procedures for facilitating the
suspension and orderly exit of a participant that breaches, or no longer meets, the participation
requirements.
Monitoring compliance
We monitor our clients’ continued compliance thanks to the participation requirements we imposed on them
and with which they must comply on a continuous basis. A regular sponsorship review is done and there
are ad hoc reviews if the need arose (for example a material event affecting the client). The frequency of
the sponsorship review depends on the profile of the client. Clients are required to notify us of any material
event or changes which may affect their ability to comply with the admission criteria listed above.
89
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
All clients are reviewed on a regular basis (the ‘sponsorship review’) to confirm that they continue to meet
the admission criteria.
Suspension and orderly exit
If a client no longer meets the admission criteria, Section 3.2.5 of Terms and Conditions – Book I explains
the procedure for the termination of participation.
To the extent permitted by applicable Law, the CSD may at any time terminate the contractual relationship
with a client, for all or part of the services and functionalities, with effect from such date and time as the
CSD may specify, in the following circumstances:
(i) if the client is in breach of any material provisions of the Terms and Conditions or where, in the
reasonable opinion of the CSD, any such breach is likely to occur
(ii) if the client is in breach of any provisions of the Terms and Conditions other than the provisions referred
to in Section 3.3.1 (i) and fails to remedy such breach within the time reasonably allocated to it by the CSD
for such remedy
(iii) upon the bankruptcy, the winding-up or the liquidation (or any equivalent event under applicable Law)
of such client
(iv) if, in the reasonable opinion of the CSD, circumstances have arisen which represent a threat to the
security, integrity or reputation of the CSD or the CSD System
(v) upon an order affecting the client's capacity or ability to transfer title to securities or exercise any right
arising from such securities held by it with the CSD
To the extent permitted by applicable Law, the CSD shall terminate the contractual relationship with a
client, for all or part of the services and functionalities, with effect from such date and time as the CSD
may specify or, where applicable, from the date and time specified in the decision of the competent
regulatory authority or the relevant central bank, in the following circumstances:
(i) if the license required for the client to conduct its business which directly relates to the business for
which the client is using the services provided by the CSD is terminated, in whole or in part, by the
competent regulatory authority or
(ii) if the client no longer has effective contractual arrangements in place enabling the client to have a Cash
Account linked to its Securities Account, including upon a decision of the relevant Central Bank to close the
Cash Account linked to the client's Securities Account
90
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 19: Tiered participation arrangements
An FMI should identify, monitor, and manage the material risks to the FMI arising from tiered participation
arrangements.
Key consideration 1: An FMI should ensure that its rules, procedures, and agreements allow it
to gather basic information about indirect participation in order to identify, monitor, and
manage any material risks to the FMI arising from such tiered participation arrangements.
The ESES CSDs have a contractual relationship only with their direct participants. We do not have any
contractual relationship with clients of our participants and we do not recognise indirect participants in the
meaning of the Settlement Finality Directive. Arrangements with clients of our clients are under our direct
participants’ responsibility.
The ESES CSDs manage risks and believe that they are currently not exposed to material risks arising from
the clients of its participants. In particular, the ESES CSDS do not run any credit or liquidity risks and no
material operational risks arise linked to indirect participant.
Risks (such as AML, liquidity, technical or operational risk) – and their materiality - are monitored and
assessed at the level of the direct participant, taking into account all of its activities in the Euroclear system
(whether proprietary or on behalf of underlying clients). There is currently no formal procedure to evaluate
potential risks arising from dependencies linked to our participants' underlying clients' activities nor (with
certain exceptions noted below relating to beneficial owners) any specific procedures to gather information
from our participants about their underlying clients.
Our clients have full flexibility on how they set up their underlying securities accounts, for example:
-
to segregate own assets from client assets
-
to segregate assets of different business units within a client
-
to have an omnibus account for underlying client assets
-
to have segregated sub-accounts to reflect assets of different underlying clients, etc.
Participation in the ESES system (as at the end February 2015)
Number
Number
of
sub-accounts
of
(participants own and of
participants
underlying clients' activity)
336
1 371
As of the end February 2015, there are 176 different legal entities and 336 Parties (participants) in the
ESES CSDs
91
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
LEGAL ENTITY CODES
PARTIES
Euroclear
France
150
273
Euroclear Euroclear
Belgium Nederland
76
71
167
159
Definitions:
Legal Entity: a ‘legal person’ that has established a contractual relationship with one or more CSDs in
order to obtain or provide business services. It can be a corporate, a bank, a broker-dealer, a data vendor,
an issuer, etc. No transactions are entered into at this level with other clients of CSDs.
Party (participant): a client (as defined by the Terms and Conditions entered into between the Legal
Entity and a CSD) that holds one or more securities accounts with the CSD. A legal entity can ask to open
several party accounts.
In this disclosure framework, we have mainly used the term participant instead of party in order to use the
same terminology as the CPMI IOSCO question. There is one code per Party (participant) which can be the
same code across all ESES CSDs.
Sub account: managed by the Parties (participants). Parties can define and manage their own securities
account structure, and can open one or more sub-accounts. They can operate omnibus sub-accounts or
segregated sub-accounts. They can use the same sub-account across all ESES CSDs. A sub-account is
identified by a number type, a number and a label, all of which are chosen by the Party/participant.
The ESES CSDs have so far no contractual right to collect information on participants’ clients beyond the
existing information available in its system at individual account level. Collecting additional information
directly from the participants raises confidentiality concerns that would have to be addressed before further
initiatives could be envisaged. In addition, collecting such information without the underlying clients’ prior
consent could likely require legal changes in many jurisdictions to allow such collection and to ensure the
cooperation of the participants.
Key consideration 2: An FMI should identify material dependencies between direct and indirect
participants that might affect the FMI.
This question is addressed from the perspective of the relationship between the ESES participants and their
underlying clients as no tiered participation arrangements exist in the Euroclear system.
Statistical evidence shows that large participants usually open many securities accounts, assigned to
operating entities of the same participant or to specific or global client activity. The capacity of the ESES
CSDs to further assess dependencies between participants and underlying clients will remain dependent on
the level of segregation that is chosen by the participant.
There is currently no formal procedure in place to evaluate any dependencies due to participants' underlying
clients' activity that might affect the ESES system. However, as noted above, interdependencies between
participants and their underlying clients are managed by the ESES CSDs at an aggregated level to ensure
that the capacity of the participant is adequate to manage its activities in the ESES CSDs.
Key consideration 3: An FMI should identify indirect participants responsible for a significant
proportion of transactions processed by the FMI and indirect participants whose transaction
volumes or values are large relative to the capacity of the direct participants through which they
access the FMI in order to manage the risks arising from these transactions.
92
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
The ESES CSDs review the depot and activity levels of their clients on an annual basis to identify whether
there is a material concentration of activity (measured by either depot or transactions) with one or more
of our direct participants. The ESES CSDs then review whether there is a material concentration of activity
at a segregated client account level within any of such participants to establish whether there is potentially
a significant proportion of activity processed by them that is being conducted on behalf of an underlying
client of a client. To date, no material concentration in segregated accounts have been identified.
As noted earlier, the ESES CSDs assess and monitor the capacity of their direct participants to manage the
activity conducted with them at an aggregated level.
Key consideration 4: An FMI should regularly review risks arising from tiered participation
arrangements and should take mitigating action when appropriate.
See answers to KC 3 above
93
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 20: FMI links
An FMI that establishes a link with one or more FMIs should identify, monitor, and manage link-related
risks.
Key consideration 1: Before entering into a link arrangement and on an ongoing basis once the
link is established, an FMI should identify, monitor, and manage all potential sources of risk
arising from the link arrangement. Link arrangements should be designed such that each FMI is
able to observe the other principles in this report.
When establishing a link, the CSDs operate:
- legal analysis and complement it with legal opinion obtained from external counsels
- operational review
Regular reviews are performed after the initial analysis. The ESCB user assessments of link for monetary
policy purpose follow the regular cycle (bi-annual) review advised by the ECB. For all the ECB eligible links,
legal opinions are submitted to the domestic National Central Banks and ultimately to the European Central
Bank to notably make sure that the arrangement in place complies with the ESCDA model and offers a
sufficient degree of legal certainty.
Key consideration 2: A link should have a well-founded legal basis, in all relevant jurisdictions,
that supports its design and provides adequate protection to the FMIs involved in the link.
Please refer to Principle 1 KC1 and Principle 11.
The links entered into by the ESES CSDs with foreign CSDs are either subject to the standard Terms and
Conditions of the foreign CSDs or to a specific agreement based on the ECSDA model. The links concerning
ESCB eligible securities which are used as collateral for Euro system monetary policy purposes are in the
scope of the Eurozone User Assessment by the ECB. Corresponding legal opinions from a law firm with
expertise in the local market of the foreign CSD are periodically carried out.
Key consideration 3: Linked CSDs should measure, monitor, and manage the credit and liquidity
risks arising from each other. Any credit extensions between CSDs should be covered fully with
high-quality collateral and be subject to limits.
Not applicable as no credit is extended by or to ESES CSDs for the CSDs with whom ESES CSDs have links.
94
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 4: Provisional transfers of securities between linked CSDs should be
prohibited or, at a minimum, the retransfer of provisionally transferred securities should be
prohibited prior to the transfer becoming final.
Not applicable as no provisional transfers are permitted within any of the links.
Key consideration 5: An investor CSD should only establish a link with an issuer CSD if the
arrangement provides a high level of protection for the rights of the investor CSD‟s participants.
All relationships with other SSS/CSDs are governed either by bilateral contractual agreement or by the
standard Terms and Conditions.
The principles of these linkages are approved by the respective ESES CSDs’ Board of Directors.
SSS/CSD linkages are selected in accordance with safety and quality criteria i.e.:
-
expertise
-
protection of assets deposited by the ESES CSDs’ participants
-
quality
-
costs
Before opening a link with a foreign (I)CSD, the CSD will assure itself that the level of asset protection
under the standard Terms and Conditions of the foreign (I)CSD or the specific agreement based on the
ECSDA model and applicable law is acceptable by requesting a legal opinion from a reputable law firm.
Key consideration 6: An investor CSD that uses an intermediary to operate a link with an issuer
CSD should measure, monitor, and manage the additional risks (including custody, credit, legal,
and operational risks) arising from the use of the intermediary.
Risks for participants are similar for direct or relayed links, which are operated by Euroclear Bank on behalf
of ESES CSDs. Furthermore, a relayed link does not affect the risk or the efficiency of the cross-system
settlement.
When new relayed links are established, they are subject of a risk assessment prior to their implementation.
Key Considerations 7, 8 & 9 are not applicable to the ESES CSDs.
95
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 21: Efficiency and effectiveness
Key consideration 1: An FMI should be designed to meet the needs of its participants and the
markets it serves, in particular, with regard to choice of a clearing and settlement arrangement;
operating structure; scope of products cleared, settled, or recorded; and use of technology and
procedures.
The Euroclear group is user-owned and user-governed and operates in a competitive environment.
Therefore, there is a constant imperative to meet the needs of its participants and the markets it serves.
For each country where an entity of the Euroclear group acts as CSD, the group has established user
committees, known as Market Advisory Committees (MACs). The MACs are a primary source of feedback
and interaction between the Euroclear group and the user community on all significant matters affecting
their respective domestic markets. The terms of reference of the MACs have been defined by the Board of
Euroclear SA/NV and are posted on our website.
Regular day-to-day contact is maintained with clients by commercial, product management and operational
teams. In addition to the day-to-day contacts with its clients, the ESES CSDs also monitor the evolutions
in client demands and conducts an annual client survey to receive feedback on its performance and client
perception of its business. All participants are encouraged to participate and complete the survey which
covers topics such as the ESES CSD approach to the market, product and service satisfaction, operational
satisfaction and ease of doing business with the ESES CSDs. Results from the survey are transparent and
presented on aggregated level at membership meetings in addition to being discussed at the MAC and in
more detail during bilateral client meetings throughout the year. The purpose is to capture specific needs
by the market or participants. The ESES Client Survey is used as a feedback and benchmark tool in terms
of how well the ESES CSDs perform and execute. The survey not only allows the ESES CSDs to evaluate
its performance against the ESES markets but also against all other Euroclear entities. Currently the trend
is positive and customer satisfaction is increasing.
All significant developments and changes to systems, services, rules, terms and conditions and tariff are
discussed with relevant participants and other stakeholders and where relevant subject to publicly available
consultations.
The ESES CSDs also monitor market developments continuously analysing performance of the three ESES
markets in relation to the settlement ratio while also maintaining a very transparent policy with regard to
the SSS settlement efficiency. The ESES CSDs send out monthly data, present statistics on member
meetings and present market trends to the Prudential and National Central banks at supervision meetings
held on quarterly basis.
96
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 2: An FMI should have clearly defined goals and objectives that are
measurable and achievable, such as in the areas of minimum service levels, risk-management
expectations, and business priorities.
The ESES CSDs measure their performance against a backdrop of KPIs touching all sides of the business,
for example the KPIs include targets such as number of client meetings, profitability and production
stability.
In the area of minimum service levels, the 99.75% uptime target for the ESES CSD’ systems is one of the
main objectives. This statistic takes into account system unavailability due to operational incidents. Please
see the graph below for an overview of the system availability from 2009 until December 2014. This
objective is not only monitored by the ESES CSDs, but also by the ESES authorities (relevant regulators
and central banks) on a quarterly basis.)
Key consideration 3: An FMI should have established mechanisms for the regular review of its
efficiency and effectiveness.
The efficiency and effectiveness are measured at different levels. The Balanced Scorecard (the document
containing the objectives of the year) is used to evaluate the performance of Senior Management against
the strategic priorities. The Balanced Scorecard objectives include financial, business, operational, risk and
other objectives.
The Euroclear divisions that are relevant for the efficiency and effectiveness of the ESES CSDs continuously
monitor KPIs which are tailored to their specific functions (for example settlement follows up transaction
97
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
statistics, IT departments monitor technical indicators). In addition, Key Risk Indicators (KRIs) are
monitored to allow proactive identification of risks that may threaten the achievement of objectives. These
KRIs cover both general risks (such as people risk indicators, e.g. turnover of staff) as well as specific risks
(e.g. on credit usage or collateral).
Efficiency and effectiveness are evaluated on an ongoing basis via the KPIs and KRIs by the ESES CSDs.
The ultimate evaluation by participants is done every year in the annual client survey.
98
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 22: Communication procedures and standards
An FMI should use, or at a minimum accommodate, relevant internationally accepted communication
procedures and standards in order to facilitate efficient payment, clearing, settlement and recording.
Key consideration 1: An FMI should use, or at a minimum accommodate, internationally
accepted communication procedures and standards.
Communication procedures & standards
The Euroclear group applies international ISO 15022 communication standards, procedures and
recommendations.
In the area of corporate actions ISO 15022 standards, the ESES CSDs have substantially invested over the
last years (2011-2014) to increase SMPG (Securities Market Practice Group) compliance.
The ESES CSDs continue to focus on improved application of ISO15022 standards, especially in the
corporate actions area. Furthermore, the ESES CSDs plan to introduce in the future the use of the new ISO
20022 standards in addition to the existing ISO 15022 standards, in areas where such standards exist.
The ESES CSDs are offering solutions for clients to work towards implementing STP, which is facilitated by
the increase in the ISO offering.
99
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 23: Disclosure of rules, key procedures, and market data
An FMI should have clear and comprehensive rules and procedures and should provide sufficient
information to enable participants to have an accurate understanding of the risks, fees, and other material
costs they incur by participating in the FMI. All relevant rules and key procedures should be publicly
disclosed.
Key consideration 1: An FMI should adopt clear and comprehensive rules and procedures that
are fully disclosed to participants. Relevant rules and key procedures should also be publicly
disclosed.
The main documents that comprise the ESES rules and procedures are:
-
the ESES Terms and Conditions
-
the Operating Manual
-
the Detailed Service Descriptions (DSDs)
100
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 2: An FMI should disclose clear descriptions of the systems’ design and
operations, as well as the FMI‟s and participants‟ rights and obligations, so that participants
can assess the risks they would incur by participating in the FMI.
The Terms and Conditions:

govern the rights and obligations of each CSD and the Client, in connection with:
o
the use of the ESES platform
o
the holding of securities accounts,
o
the custody services provided by the CSD, in relation to securities admitted to the ESES
platform
o

other services provided by the CSD, as described in Operating Manual Parts I and II.
are composed of:
o
Book I, which contains the provisions that are common to all ESES CSDs,
o
Book II, which contains the provisions that are specific to each ESES CSD
o
Any document to which the Terms and Conditions refer, and which supplements the Terms
and Conditions, including Annex 1, the Operating Manual and the DSDs.
The DSDs constitute an integral part of the Terms and Conditions even if no explicit reference to the DSDs
is made in the Terms and Conditions.
The ESES Terms and Conditions can refer to all or part of other ESES documents.
These documents are provided to participants upon their admission to the ESES CSDs. The amendments
to the Terms and Conditions are communicated to the participants via Newsletters, which have a legally
binding nature and via www.euroclear.com.
Key consideration 3: An FMI should provide all necessary and appropriate documentation and
training to facilitate participants‟ understanding of the FMI‟s rules and procedures and the
risks they face from participating in the FMI.
All DSDs and other documents referred in the ESES Terms and Conditions can be found on
my.euroclear.com
101
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
102
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
103
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 4: An FMI should publicly disclose its fees at the level of individual services
it offers as well as its policies on any available discounts. The FMI should provide clear
descriptions of priced services for comparability purposes.
All ESES tariff information is available on www.euroclear.com.
104
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Key consideration 5: An FMI should complete regularly and disclose publicly responses to the
CPMI-IOSCO disclosure framework for financial market infrastructures. An FMI also should, at
a minimum, disclose basic data on transaction volumes and values.
The ESES CSDs regularly publish a disclosure framework. Our intention is to publish one each year,
according to the CPMI-IOSCO Principles (released in April 2012).
This disclosure framework is available on www.euroclear.com.
105
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Principle 24: Disclosure of market data by trade repositories
A TR should provide timely and accurate data to relevant authorities and the public in line with their
respective needs.
Not applicable for the ESES CSDs.
106
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
VI.
List of publicly available resources
This section should list publicly available resources, including those referenced in the disclosure, that may
help a reader understand the FMI and its approach to observing each applicable principle.
Sources:
ESES ISAE 3402 report
ESES Disclosure Framework 2014
ESES Terms and Conditions
ESES Operating Manual
General Regulation of the Autorité des Marchés Financiers
Belgian Royal Decree 62
Dutch Securities Giro Act
French Monetary and Financial Code
ESES Boards and Board Committees Terms of References
Articles of Association (available on demand)
107
ESES 2015 CPMI-IOSCO DISCLOSURE FRAMEWORK
Euroclear is a carbon neutral company – PAS2060 certified in 2013
MA3022-ESES
© 2015 Euroclear SA/NV – 1 Boulevard du Roi Albert II, 1210 Brussels, Belgium – Tel: +32 (0)2 326 1211 – www.euroclear.com –
RPM Brussels number 0423 747 369 – Euroclear is the marketing name for the Euroclear System, Euroclear plc, Euroclear SA/NV and
their affiliates. If at any time in the future you prefer not to receive communications from Euroclear advising you of Euroclear products
and services that may be of interest to you, please contact us at Data_Protection_Officers@euroclear.com and specify on what product
or service you no longer wish to receive marketing information.
www.euroclear.com