TMI BlogMaster Circular for ESG Rating Providers (“ERPs”)X X X X Extracts X X X X X X X X Extracts X X X X ..... down in this master circular. Also, ERPs shall have necessary systems and infrastructure in place for implementation of this circular. The Board of Directors of the ERP shall be responsible for ensuring compliance with these provisions. IV. This circular is issued in exercise of the powers conferred by Section 11 (1) of Securities and Exchange Board of India Act, 1992 read with the provisions of Regulation 28H of CRA Regulations, to protect the interest of investors in securities, to promote the development of, and to regulate, the securities market. V. Applicability: The provisions of the Master Circular shall come into force with immediate effect from the date of notification of this Master Circular. For the purpose of this Circular, listed entity shall have the same meaning as provided in Regulation 2(1)(p) of Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015. VI. Monitoring: Monitoring of provisions of this circular shall be done in terms of the yearly internal audit for ERPs, mandated under Regulation 28S of the CRA Regulations and this master circular issued thereunder. VII. This Circular is being issu ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... rior approval of SEBI in case of change in control. 2.2. To streamline the process of providing approval to the proposed change in control of an ERP (hereinafter referred to as intermediary or applicant), the following is mandated: 2.2.1. An ERP shall make an application to SEBI for prior approval through the SEBI Intermediary Portal (https://siportal.sebi.gov.in). However, till operationalisation of SEBI Intermediary Portal for ERPs, an ERP may submit such application, in hard copy, addressed to Chief General Manager, Department of Debt and Hybrid Securities, SEBI , as well as in soft copy, via email to [email protected]. 2.2.2. The abovementioned application by an ERP shall be accompanied by the following information/ declaration/ undertaking about itself, the acquirer(s) / the person(s) who shall have the control and the directors/ partners of the acquirer(s) / the person(s) who shall have the control: 2.2.2.1. Current and proposed shareholding pattern of the applicant 2.2.2.2. Whether any application was made in the past to SEBI seeking registration in any capacity but it was not granted? If yes, details thereof. 2.2.2.3. Whether any action has been initiated / ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... he following shall be applicable: 2.3.1. The application seeking approval for the proposed change in control of the intermediary shall be filed with SEBI prior to filing the application with NCLT. 2.3.2. Upon being satisfied with compliance of the applicable regulatory requirements, an in-principle approval will be granted by SEBI; 2.3.3. The validity of such in-principle approval shall be three months from the date issuance, within which the relevant application shall be made to NCLT. 2.3.4. Within 15 days from the date of order of NCLT, the intermediary shall submit an online application in terms of paragraph 2.2 of this circular along with the following documents to SEBI for final approval: 2.3.4.1. Copy of the NCLT Order approving the scheme; 2.3.4.2. Copy of the approved scheme; 2.3.4.3. Statement explaining modifications, if any, in the approved scheme vis- -vis the draft scheme and the reasons for the same; and 2.3.4.4. Details of compliance with the conditions/ observations, if any, mentioned in the in-principle approval provided by SEBI. 3. Transfer of business by SEBI registered intermediaries to other legal entity 3.1. SEBI has been rece ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ates; 4.1.1.3. allow its clients to withdraw any assignment given to the ERP, without any additional cost to such clients; 4.1.1.4. facilitate an orderly migration of assignments as desired by clients to other ERP(s) holding a certificate of registration under CRA Regulations; 4.1.1.5. continue to comply with the provisions of the CRA Regulations and circulars issued thereunder, till the time the ERP holds the certificate of registration; 4.1.1.6. continue to co-operate with SEBI with regard to sharing of information when requested and payment of fees as required under CRA Regulations; 4.1.1.7. take such other action including providing any records or documents within the time period and in the manner, as may be required under the CRA Regulations or as may be directed by SEBI. 4.1.2. The ERP, on and from the date of acceptance of the Request, or when it is commencing the winding up process, shall: 4.1.2.1. return the certificate of registration so cancelled to SEBI; 4.1.2.2. not represent itself to be a holder of certificate for carrying out the activity for which such certificate had been granted; 4.1.2.3. suspend undertaking activity for which such cert ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... edure, along with the application, for surrender in terms of the first proviso to Regulation 33B of Securities and Exchange Board of India (Intermediaries) Regulations, 2008 in the prescribed format placed as Annexure 2. 4.1.5.4. In all cases of transfer of business or client accounts to another registered intermediary, the clients shall not be subjected to any additional cost. 4.1.5.5. ERP shall maintain its records, documents, information obtained from its clients during the course of ESG rating from its clients, for at least three years after surrender of registration. 4.1.5.6. In its application to SEBI, the ERP shall also provide an undertaking that it shall continue to maintain confidentiality of the data obtained by it from its existing clients for the purpose of ESG rating, unless asked to share such information by operation of law. 4.1.6. In case of surrender of certificate of registration, the ESG ratings assigned by the ERP whose certificate of registration is being surrendered, shall be valid till such time the client withdraws the assignment and/or migrates to another ERP, or the date of acceptance of surrender by SEBI, whichever is earlier. 4.1.7. In ca ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... , the ERP shall not be required to provide a separate product called Core Transition Score or another separate product for transition score based on non-assured data. 5.4.2. If an ERP incorporates transition assessment in its ESG ratings or Core ESG ratings, then the ERP shall not be required to separately offer Combined Score or a Core Combined Score (Para 5.2.3 and Para 5.2.6 above) respectively. 5.4.3. However, in the above cases, such ERP must disclose the said facts in ESG rating rationales and ESG rating methodologies. 5.5. The above six ESG rating products shall: 5.5.1. suitably incorporate the environmental, social and governance aspects that are contextual to the Indian market. An indicative list of India-specific ESG parameters is placed at Annexure 3. 5.5.2. be assigned such that they allow comparison with companies in other sectors, i.e., such rating products must contain sector-agnostic ESG ratings. 5.5.3. adhere to guidelines specific to the rating product as detailed below in this circular. 5.6. Transition or Parivaratan Score 5.6.1. It is observed that various Indian companies may be rated on their current emission levels as they begin to ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... A Core Combined score shall be determined in the following manner: Core ESG Score + Core Transition or Parivartan Score = Core Combined Score Note: The + symbol does not denote a simple addition of the two scores. An ERP shall be free to combine the two scores in a way that is consistent with its publicly-disclosed rating methodology. 5.7.4. Core ESG rating, Core Transition or Parivartan Score, and Core Combined Score shall be offered by an ERP pursuant to availability of Business Responsibility and Sustainability Report (BRSR) Core for the rated entity. 6. Rating Scale 6.1. In the interest of clarity to market participants, it is mandated that ESG ratings shall be provided on a scale of 0 100, where 100 represents the maximum score. 6.2. For existing outstanding ESG ratings, the ERPs shall disclose new rating symbols and definitions on their websites and update their rating lists on their websites; 6.3. For various ESG rating products (ESG rating, core ESG rating, transition or Parivartan score, other ESG rating products), ERPs shall ensure use of suitable nomenclature (use of prefixes or suffixes, etc.) that enables the end user(s) to differentiate ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... 9.1.2. Policy for request for review/appeal by Issuer against the rating being assigned to its securities 9.1.3. Guidelines on what constitutes non-cooperation, in case of ERPs following an issuer-pays business model. 9.1.4. Gift policy 9.1.5. Confidentiality policy 9.1.6. Policy on outsourcing of activities 9.1.7. FAQs on ratings 9.1.8. Disclosure on managing conflict of interest 9.2. Any change in the rating process or policies shall be disclosed on the ERP's website, while also providing a reference/ hyperlink to the original provision/ process/ policy, to enable the investors to discern the changes made to the same. 9.3. An ERP shall keep the records in support of each ESG rating and review/ surveillance thereof, as applicable, including but not limited to the following: 9.3.1. The important factors underlying the ESG rating and sensitivity of such ESG rating to changes in these factors; 9.3.2. Summary of discussions and copies of correspondences with the issuer, its management, auditors and bankers which have a bearing on the ESG rating, as applicable; 9.3.3. If a quantitative model is a substantial component of the ESG rating process, the ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... areas. 10.1.3. ERPs shall carry out a review of the ESG ratings upon the occurrence of or announcement/ news of such material developments, and immediately, but not later than 10 days of occurrence of the said event. 11. Rating Rationale 11.1. ESG rating providers generally follow either a subscription-based business model or an issuer-pays business model. In either of the case, there is an ESG rating rationale or a report containing ESG rating of an entity, along with a detailed rationale behind the assigned ESG rating. 11.2. It is essential that the ESG rating rationale be articulated in detail to enable a stakeholder to assess the reasons behind an assigned ESG rating. This is further necessitated by the oft-occurring divergence in ESG ratings across providers. 11.3. Therefore, in order to provide for greater transparency in the ESG rating process, it is proposed that the ESG rating rationale/ ESG report may contain the following minimum disclosures: 11.3.1. Current ESG rating/score 11.3.2. Change in rating/score from the previous evaluation (direction) 11.3.3. Last review date 11.3.4. Summary of key drivers both qualitative (including controversies ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ent the ESG rating assigned to the latter (or its securities) through regular methods of dissemination; 12.1.1.6. The client (issuer) agrees to disclose the history and status (non- cooperation, non-payment of fees etc.) of previous rating relation with the earlier ERP(s) to the new ERP along with reasons for non- cooperation, etc. if applicable. 12.1.1.7. The client (issuer) agrees to provide the information sought by the ERP immediately, but not later than 7 days from the date of seeking such information by the ERP. 12.1.2. ERPs following an issuer-pays business model shall refrain from giving Indicative Ratings without having a written agreement in place. In case such Indicative Ratings are provided by the ERP, it shall be considered as aiding and abetting the Issuer in suppression of material information by the ERP which would be in contravention of Clause 12 of Code of Conduct of ERPs and may result in violation of the provisions of section 12A of the Securities and Exchange Board of India Act, 1992 and SEBI (Prohibition of Fraudulent and Unfair Trade Practices relating to Securities Market) Regulations, 2003 by the ERP. 12.2. Issuer-Not-Cooperating: 12.2.1. Re ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... 12.2.6.5. Hyperlink/ reference to the applicable Criteria 12.2.6.6. Limitations regarding information availability (shall have a suitable caveat cautioning the investors/lenders /public) 12.2.6.7. Rating History for last three years 12.2.6.8. Name and contact details of the Rating Analyst(s) 12.2.7. In case an issuer, having not co-operated with an ERP in the past, approaches another ERP, following an issuer-pays business model, for ESG rating, the new ERP shall, in its Rating Rationale, disclose the aspect of non- co-operation. 12.2.8. No ERP, following an issuer-pays business model, shall assign any new ratings to an issuer, if the issuer is categorized as non-cooperative with all the ERPs for a continuous period of preceding 12 months, until the issuer resumes cooperation or the rating is withdrawn. 13. Withdrawal of ratings 13.1. Regulation 28M of CRA regulations prescribe, inter-alia, that an ERP shall not withdraw an ESG rating except in cases where the rated issuer, or the issuer whose security is rated, is wound up or merged or amalgamated with another company, or except in cases as may be specified by SEBI from time to time. Further, subject to ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... d adhering to the timelines as specified by the ERP. 17. Dealing with Conflict of interest 17.1. An ERP shall formulate the policies and internal codes for dealing with the conflict of interest. 17.2. An ERP shall ensure: 17.2.1. that its analysts do not participate in any kind of marketing and business development including negotiations of fees with the issuer who is being rated or whose securities are being rated, 17.2.2. that the employees involved in the ESG rating process and their dependents do not have ownership of the shares of the issuer. 17.2.3. prompt review of the ESG ratings of the entities/securities as and when any of its employees joins the respective issuer. 17.3. Guidelines for dealing with Conflict of Interest for investment/ trading by ERPs, Access Persons and other employees 17.3.1. These Guidelines shall be applicable in case of investment / trading by ERPs and Access Persons connected to ERPs and in case of disclosures to all employees of ERPs. 17.3.2. Explanation: Access Persons means officials of ERP appointed as Chief Executive or by any other designation (such as CEO/MD/President or by whatever name called who are performi ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... shall upfront declare / disclose their interest, if any, to the Chief Executive Officer or Compliance Officer, as per the policy of the ERP, in the securities/instruments/facilities that are considered for rating by the ERP. 17.3.4.5. Restrictions on employees holding ownership of securities of the issuer: An ERP shall ensure that employees involved in the rating process shall not have ownership of the securities of the issuer. 18. Guidelines on listed securities/instruments/products falling under the purview of other financial sector regulator/s or authority/ies Certain instruments/products/securities are regulated by other financial sector regulator/s or authority/ies and could be listed or unlisted. The issuers of such instruments/products/securities and any person connected therewith (such as ERPs) shall abide by the rules/regulations/directions/guidelines applicable to or governing such instruments/products/securities as prescribed by such financial sector regulator or authority whether such instruments/products/securities be listed or unlisted. Further, if such instruments/products/securities are listed on a Recognised Stock Exchange or provided to/availed b ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... rical performance of the ratings assigned by the ERPs. 19.3.2.3. ERPs shall publish their average one-year rating transition rate over a 3-year period, on their respective websites, which shall be calculated as the weighted average of transitions for each rating category, across all static pools in the 3-year period. 19.3.2.4. The format of the disclosure of transition rates is enclosed as Annexure 9. For the said purpose, the following terms shall have the meaning as under: a. Static Pool: ESG Ratings outstanding for each category at the beginning of any financial year. However, it shall exclude ratings that have been withdrawn or ratings of non-cooperative issuers, if applicable, during the financial year. b. Transition Rate: The number of movements/ transitions from each rating category to another, as at the end of the financial year, as a percentage of the total number of ratings in the static pool. c. Averaging: All averaging across static pools for transition rate computations must be based on the weighted average method where the weights are the number of issuers in each static period. 19.3.2.5. ERPs shall also disclose two additional and separate rating tr ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... of Interest: The policies adopted by the ERPs for effective implementation of guidelines for dealing with Conflict of Interest for investment/ trading by ERPs, Access Persons and other employees, shall be disclosed on the ERPs website. 20.5. Shareholding: An ERP shall disclose its shareholding pattern as prescribed by stock exchanges for a listed company under Regulation 31 of Securities and Exchange Board of India (Listing Obligations and Disclosure Requirements) Regulations, 2015. 20.6. Compliance with recommendations of the International Organization of Securities Commissions (IOSCO): 20.6.1. An ERP shall disclose the compliance status of: 20.6.1.1. Recommendations for ESG ratings products providers specified in IOSCO report FR09/21 dated November 2021. 20.6.1.2. Good practices for ESG rating providers specified in IOSCO call for action dated November 2022. 20.6.2. In case of any non-compliance with any provision of the above, the ERP shall disclose rationale for divergence from the IOSCO recommendations and good practices. 21. Guidelines on manner of disclosures by ERPs on its website: 21.1. In order to facilitate enhanced transparency and usability ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... s statutory audit, taxation, consultancy/ retainership etc.) in the past two years, and 23.1.2.2. The partners/ firm do not have any association with any other ERP. 23.1.3. The audit team must be composed of, at least, a Chartered Accountant (ACA/ FCA) and a Certified Information Systems Auditor/ Diploma in Information Systems Auditor (CISA/ DISA). 23.2. Rotation of Internal Auditors: An auditor shall be appointed for a maximum term of five years, with a cooling-off period of two years. 23.3. Scope of the Internal Audit: The internal audit shall examine compliance of the ERP with CRA Regulations and this circular. Such examination shall include but not be limited to following checks: 23.3.1. Whether the ERP maintains the minimum net worth requirement under CRA Regulations. 23.3.2. Status of targets / projections submitted by the ERP to SEBI during its application for registration. 23.3.3. ERP and its employees, who are associated directly or indirectly with the rating business, have complied with the regulations and code of conduct. 23.3.4. ERP has defined processes for operations that have been followed during the rating exercise. 23.3.5. Policy in respe ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... et intermediaries inter-alia ERPs through circulars, letters, directions etc. In order to facilitate the issuance of digitally signed circulars, all registered ERPs are required to create a designated email ID for regulatory communications. This email ID shall be an exclusive email ID only for the above purpose and should not be a person centric email ID. 24.2. The Designated e-mail ID shall be communicated to SEBI by emailing a file in an excel format to [email protected] and [email protected], as per the format prescribed below. 24.3. The name of the file and the subject of the email shall be in the following format: ESG Rating Provider 24.4. The file shall contain the following details: Name Address Category Registration No. Designated email ID Name of compliance officer 25. Information regarding Grievance Redressal Mechanism: 25.1. For information of all investors who deal/ invest/ transact in the market, the informatio ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ons for compliance of these guidelines. 27.4. For the purpose of these guidelines associated persons have the same meaning as defined in Securities and Exchange Board of India Certification of Associated Persons in the Securities Markets) Regulations, 2007. 27.5. ERPs and their associated persons shall: 27.5.1. lay down, with active involvement of senior management, policies and internal procedures to identify and avoid or to deal or manage actual or potential conflict of interest, develop an internal code of conduct governing operations and formulate standards of appropriate conduct in the performance of their activities, and ensure to communicate such policies, procedures and code to all concerned; 27.5.2. at all times maintain high standards of integrity in the conduct of their business; 27.5.3. ensure fair treatment of their clients and not discriminate amongst them; 27.5.4. ensure that their personal interest does not, at any time conflict with their duty to their clients and client s interest always takes primacy in their advice, investment decisions and transactions; 27.5.5. make appropriate disclosure to the clients of possible source or potential are ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... Exchanges for the purpose of rating exercise, peer benchmarking, research activities including research for Economy, Industries and Companies etc. 28.3. Further, as the standardized industry classification will be reviewed and published by Stock Exchanges on periodical basis, in view of same, ERPs are directed to follow the standardized industry classification published by Stock Exchanges from time to time. 29. Firewall between ERPs and their Affiliates: 29.1. The following measures are mandated to strengthen the firewall between SEBI- registered ERPs and their non-ERP entities (i.e. associates or subsidiary or group entity of the ERP): 29.1.1. ERPs shall formulate a policy on separation or firewall practices with the non- ERP entities and document the same. Such policy, and revisions thereto, shall be ratified by the Board of Directors of the ERPs and the policy may cover inter-alia the following: 29.1.1.1. Nature and extent of sharing of infrastructure, officials/employees or resources, if any, between the ERP and the non-ERP entity, including specification on whether such arrangement is temporary. 29.1.1.2. Measures taken by ERP to ensure the independence of ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ibition or debarment has been passed against us by SEBI or any other regulatory authority or enforcement agency in any matter concerning securities laws or financial markets and such order is in force. (iv) No recovery proceedings have been initiated by SEBI against us and are pending. (v) No order of conviction has been passed against us by a court for any offence involving moral turpitude. (vi) No winding up proceedings have been initiated or an order for winding up has been passed against us. (vii) We have not been declared insolvent. (viii) We have not been found to be of unsound mind by a court of competent jurisdiction and no such finding is in force. (ix) We have not been categorized as a wilful defaulter. (x) We have not been declared a fugitive economic offender. 4. We have not been declared as not fit and proper person by an order of SEBI. 5. No notice to show cause has been issued for proceedings under SEBI (Intermediaries) Regulations, 2008 or under section 11(4) or section 11B of the 6. SEBI Act during last one year against us. 6. It is hereby declared that we and each of our promoters, directors, principal officer, compliance officer ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... for surrender of certificate of registration. Thanking you, Yours faithfully, Name: (Whole time/Managing Director/Principal Officer) * Please strike off, if not applicable. Annexure 3 List of ESG Parameters with an Indian Context E/S/G Pillar Factors Data Point Parameters Environment Energy Perform, Achieve and Trade (PAT) - Does the entity have any sites / facilities identified as designated consumers (DCs) under the Performance, Achieve and Trade (PAT) Scheme of the Government of India? (Y/N) If yes, disclose whether targets set under the PAT scheme have been achieved. In case targets have not been achieved, provide the remedial action taken, if any. Environment Water Zero Liquid Discharge - Has the entity implemented a mechanism for Zero Liquid Discharge Environment Waste Management Extended Producer Responsibility (EPR) - Extended Producer Responsibility (EPR) is applicable to the entity s activities (Yes / No) ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... Guidance 1 ERPs should consider India specific standards/ laws/guidelines for rating of energy efficiency/green building initiatives (eg. GRIHA, IGBC or Energy Conservation Building Code (ECBC)etc.) 2 ERPs should consider India specific standards/laws/guidelines for rating of air emissions (eg. ZED certifications, emission regulations under AIR Act, Continuous Emissions Monitoring System requirements etc.) 3 ERPs should consider India specific standards/laws/guidelines for rating of GHG emissions (eg. Initiatives and targets under Perform, Achieve and Trade (PAT) scheme, National Action Plan on Climate Change, Environment Protection Act, Ozone Depleting Substances Rules, CPCB/SPCB Guidelines, India GHG Programme etc.) 4 ERPs should consider India specific standards/laws/guidelines for rating of waste management (eg. Solid Waste Management Rules, Plastic Waste Management Rules, Bio-medical Waste Management Rules, Electronic Waste Management Rules, Hazardous Waste Management Rules, Fly Ash Utilization Policy, EPR ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... f 49-40 g 39-30 h 29-20 i 19-10 j 9-0 Annexure 6 Details of new ESG ratings assigned during year New Ratings assigned between Apr Mar S. No Name of the Issuer Sector Securities Type, if applicable Listing Status (Listed/ Proposed to be listed) Whether the issuer requested for a review/ appeal of rating? Whether review/appeal of the rating was granted by ERP. Rating assigned prior to request for review/ appeal by the issuer Final Rating Assign ed Annexure 7 Movement* of Each ESG rating Upgrades New Ratings assigned between Apr Mar S. No Name of the Issuer Sector Security Type, if applicable ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... 69-60 59-50 49-40 39-30 29-20 19-10 ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... ty on the financial, reputational and operational performance of the ERP and on the investors / clients; b) Ability of the ERP to cope up with the work, in case of non- performance or failure by a third party by having suitable back-up arrangements; c) Regulatory status of the third party, including its fitness and probity status; d) Situations involving conflict of interest between the ERP and the third party and the measures put in place by the ERP to address such potential conflicts, etc. 2.2 While there shall not be any prohibition on a group entity / associate of the ERP to act as the third party, systems shall be put in place to have an arm s length distance between the ERP and the third party in terms of infrastructure, manpower, decision-making, record keeping, etc. for avoidance of potential conflict of interests. Necessary disclosures in this regard shall be made as part of the contractual agreement. It shall be kept in mind that the risk management practices expected to be adopted by the ERP while outsourcing to a related party or an associate would be identical to those followed while outsourcing to an unrelated party. 2.3 The records relating to all acti ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... lines fixed; b) compatibility of the practices and systems of the third party with the ERP s requirements and objectives; c) market feedback of the prospective third party s business reputation and track record of their services rendered in the past; d) level of concentration of the outsourced arrangements with a single third party; and e) the environment of the foreign country where the third party is located. 5. Outsourcing relationships shall be governed by written contracts / agreements / terms and conditions (as deemed appropriate) {hereinafter referred to as contract } that clearly describe all material aspects of the outsourcing arrangement, including the rights, responsibilities and expectations of the parties to the contract, client confidentiality issues, termination procedures, etc. 5.1 Outsourcing arrangements shall be governed by a clearly defined and legally binding written contract between the ERP and each of the third parties, the nature and detail of which shall be appropriate to the materiality of the outsourced activity in relation to the ongoing business of the ERP. 5.2 Care shall be taken to ensure that the outsourcing contract: a) c ..... X X X X Extracts X X X X X X X X Extracts X X X X ..... mation relevant to the outsourced activity with the third party. 6. The ERP and its third parties shall establish and maintain contingency plans, including a plan for disaster recovery and periodic testing of backup facilities. 6.1 Specific contingency plans shall be separately developed for each outsourcing arrangement, as is done in individual business lines. 6.2 ERP shall take appropriate steps to assess and address the potential consequence of a business disruption or other problems at the third party level. Notably, it shall consider contingency plans at the third party; co- ordination of contingency plans at both the ERP and the third party; and contingency plans of the ERP in the event of non-performance by the third party. 6.3 To ensure business continuity, robust information technology security is a necessity. A breakdown in the IT capacity may impair the ability of the ERP to fulfill its obligations to other market participants/clients/regulators and could undermine the privacy interests of its customers, harm the ERP s reputation, and may ultimately impact on its overall operational risk profile. Intermediaries shall, therefore, seek to ensure that third p ..... X X X X Extracts X X X X X X X X Extracts X X X X
|