DTCC Derivatives Repository Fined for EMIR Data Breaches
The European Securities and Markets Authority (ESMA), the EU’s securities markets regulator, has fined DTCC Derivatives Repository Plc (DDRL) a total of €408,000 for seven infringements of the European Market Infrastructure Regulation (EMIR) regarding data confidentiality, data integrity, and direct and immediate access to data.
🥇 time breaches in relation to a Trade Repository’s obligation to ensure data confidentiality and integrity
🔹 direct and immediate access to data pic.twitter.com/CoTveAs9Db
— ESMA – EU Securities Markets Regulator 🇪🇺 (@ESMAComms) July 12, 2021
The breaches relate to:
- granting certain asset managers access to data that they were not entitled to receive;
- setting up its IT system in a way which altered the substance of certain information reported to DDRL; and
- failing to provide regulators with direct and immediate access to relevant data.
The breaches, which were committed between 2014 and 2018, were found to have resulted from negligence on the part of DDRL.
Anneli Tuominen, Interim Chair, said:
“Today’s action against DDRL emphasises the importance ESMA places on trade repositories complying with their obligations on data confidentiality, integrity and access.”
“The provision of timely, accurate and confidential data to CCP and derivatives markets supervisors is an essential requirement in facilitating the monitoring and identification of systemic risk in EU derivatives markets.”
“ESMA will continue to monitor this area and take the necessary action to promote stable and orderly financial markets.”
EMIR provides for the protection of the confidentiality and integrity of data received by trade repositories (TRs) and requires TRs to provide such data to regulators. This is a key requirement to improve transparency and facilitate the monitoring of systemic risks in derivatives markets.
Data confidentiality and integrity
This was the first time ESMA found breaches in relation to a TR’s obligation to ensure the confidentiality and the integrity of the data reported under EMIR.
Direct and immediate access
DDRL failed to provide direct and immediate access to regulators by:
- generating reports for regulators containing incorrect data;
- failing to provide certain regulators with transaction data they were entitled to receive in line with their responsibilities and mandates; and
- failing to provide regulators with all transaction data regarding OTC derivatives contracts that were opened and exited, cancelled or matured on the same day.
In calculating the fine, ESMA considered both aggravating and mitigating factors provided for in EMIR.
DDRL may appeal against this decision to the Board of Appeal of the European Supervisory Authorities. However, such an appeal does not have suspensive effect, although it is possible for the Board of Appeal to suspend the application of the decision in accordance with Article 60(3) ESMA Regulation.
Regulatory reporting is an important part of MiFID II.
Data extraction and integration is the second stage of a digitization process.
Financial Instrument Global Identifier enables consistency through trade lifecycle and across institutions.
Spending on ESG data has an annual growth rate of 20%.
Increased electronification has created useable and accessible real-time and historic trade data.