Commission Delegated Regulation (EU) 2021/1783 of 2 July 2021 supplementing Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to regulatory technical standards containing a template document for cooperation arrangements with third countries (Text with EEA relevance)
Commission Delegated Regulation (EU) 2021/1783of 2 July 2021supplementing Regulation (EU) No 596/2014 of the European Parliament and of the Council with regard to regulatory technical standards containing a template document for cooperation arrangements with third countries(Text with EEA relevance)THE EUROPEAN COMMISSION,Having regard to the Treaty on the Functioning of the European Union,Having regard to Regulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/ECOJ L 173, 12.6.2014, p. 1., and in particular the fourth subparagraph of Article 26(2) thereof,Whereas:(1)Article 26(1) of Regulation (EU) No 596/2014 requires the competent authorities of Member States where necessary to conclude cooperation arrangements with supervisory authorities of third countries concerning the exchange of information and the enforcement of obligations arising under that Regulation in third countries. Cooperation arrangements on exchange of information can only be concluded if the information to be disclosed under them is subject to guarantees of professional secrecy at least equivalent to those set out in Article 27 of that Regulation, and such exchanges must be intended for the performance of the tasks of the competent authorities in question.(2)The third subparagraph of Article 25(8) of Regulation (EU) No 596/2014 requires competent authorities where possible to conclude cooperation arrangements with third-country regulatory authorities responsible for related spot markets in accordance with Article 26 of that Regulation.(3)In concluding new cooperation arrangements and updating existing cooperation arrangements with third-country authorities, the competent authorities where possible are to use the template document adopted pursuant to Article 26 of Regulation (EU) No 2014/596.(4)In order to ensure a level of protection of personal data that is in line with Regulation (EU) 2016/679 of the European Parliament and of the CouncilRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (OJ L 119, 4.5.2016, p. 1)., any transfer of personal data to third countries should be undertaken in full compliance with that regulation. One such way to exchange personal data between competent authorities and supervisory authorities of third countries is through administrative arrangements ensuring appropriate safeguards pursuant to Article 46(3) of by Regulation (EU) 2016/679, which include enforceable and effective rights that natural persons have over their personal data. For the transfer of personal data between European Economic Area ("EEA") financial supervisory authorities and non-EEA financial supervisory authorities, such an administrative arrangement has been drafted by the International Organization of Securities Commissions (IOSCO) and the European Securities and Markets Authority (ESMA)Administrative arrangement for the transfer of personal data between Each of the European Economic Area ("EEA") Authorities set out in Appendix A and Each of the non-EEA Authorities set out in Appendix B, available at https://www.esma.europa.eu/sites/default/files/administrative_arrangement_aa_for_the_transfer_of_personal_data_between_eea_and_non-eea_authorities.pdf, and received the positive opinion of the European Data Protection Board (EDPB)Opinion 4/2019 on the draft Administrative Arrangement for the transfer of personal data between European Economic Area ("EEA") Financial Supervisory Authorities and non-EEA Financial Supervisory Authorities, available at https://edpb.europa.eu/our-work-tools/our-documents/opinion-board-art-64/opinion-42019-draft-aa-between-eea-and-non-eea_en. All EEA financial supervisory authorities and a number of non-EEA financial supervisory authorities have signed the ESMA-IOSCO administrative arrangement. In light of the broad institutional consensus around personal data safeguards provided in the ESMA-IOSCO administrative arrangement, it provides a model for future similar arrangements framing the transfer of personal data between competent authorities and supervisory authorities of third countries which are not parties to the ESMA-IOSCO Administrative Arrangement. However, authorities of Member States using the model ESMA-IOSCO Administrative Arrangement would still need to obtain authorisation by the data protection authority pursuant to Article 46(3) of Regulation (EU) 2016/679.(5)This Regulation is based on the draft regulatory technical standards submitted by ESMA to the Commission.(6)ESMA did not conduct open public consultations on the draft regulatory technical standards on which this Regulation is based, nor did it analyse the potential related costs and benefits of introducing such standards, as to have done so would have been disproportionate in relation to the scope and impact of those standards, taking into account the fact that the addressees of the standards would only be the competent authorities of the Member States and not market participants.(7)ESMA has requested the opinion of the Securities and Markets Stakeholder Group established by Article 37 of Regulation (EU) No 1095/2010 of the European Parliament and of the CouncilRegulation (EU) No 1095/2010 of the European Parliament and of the Council of 24 November 2010 establishing a European Supervisory Authority (European Securities and Markets Authority), amending Decision No 716/2009/EC and repealing Commission Decision 2009/77/EC (OJ L 331, 15.12.2010, p. 84).,HAS ADOPTED THIS REGULATION:
Article 1Cooperation arrangementsThe template document to be used by competent authorities of Member States where possible for cooperation arrangements pursuant to Article 26(1) or the third subparagraph of Article 25(8) of Regulation (EU) No 596/2014 is set out in the Annex to this Regulation.Article 2Transfers of personal dataWhere competent authorities require appropriate safeguards for the transfer of personal data to supervisory authorities of third countries in the form of an administrative arrangement pursuant to Article 46(3) of Regulation (EU) 2016/679, that arrangement shall be annexed to and constitute a part of the cooperation arrangement entered into in accordance with Article 26 of Regulation (EU) No 596/2014.Article 3Entry into forceThis Regulation shall enter into force on the twentieth day following that of its publication in the Official Journal of the European Union.This Regulation shall be binding in its entirety and directly applicable in all Member States.Done at Brussels, 2 July 2021.For the CommissionThe PresidentUrsula von der LeyenANNEXTemplate document for cooperation arrangements concerning the exchange of information between competent authorities of Member States and authorities in third countries and the enforcement of obligations arising under Regulation (EU) No 596/2014 in third countries1.IntroductionDescription of each signatory authority’s legal basis for the exchange of information in order for them to carry out their duties as regards to their laws and regulations relating to market abuse.Declaration that pursuant to the laws and regulations that constitute the legal basis for exchange of information and to the cooperation arrangements, the signatory authorities can provide each other with mutual assistance on a reciprocal basis.2.DefinitionsAn appropriate list of definitions covering the terms used in the arrangements.3.Content of the assistance to be providedDescription of the type of assistance to be provided in line with Article 23 of Regulation (EU) No 596/2014 of the European Parliament and of the CouncilRegulation (EU) No 596/2014 of the European Parliament and of the Council of 16 April 2014 on market abuse (market abuse regulation) and repealing Directive 2003/6/EC of the European Parliament and of the Council and Commission Directives 2003/124/EC, 2003/125/EC and 2004/72/EC (OJ L 173, 12.6.2014, p. 1). such as:(a)obtaining information held in the files of the signatory authority receiving the request(b)obtaining statements or information from any person;(c)obtaining documents from persons or entities including through the performance of on-site inspections;(d)obtaining data traffic records, insofar as permitted by national law and, where applicable, with the assistance of the appropriate judicial authority depending on the implementation of Article 23(2)(h) of Regulation (EU) No 596/2014 or any equivalent power under the laws of the relevant third country;(e)obtaining or assisting in obtaining the freezing or sequestration of assets in line with Article 23(2)(i) of Regulation (EU) No 596/2014 or any equivalent power under the laws of the relevant third country;(f)obtaining or assisting in obtaining the temporary cessation of any practice contrary to the laws and regulations relating to market abuse in line with Article 23(2)(k) of Regulation (EU) No 596/2014 or any equivalent power under the laws of the relevant third country;4.General provisions – denial of assistanceList the cases in which cooperation requests may be denied such as:(a)the request is not made in compliance with the arrangements;(b)the request would require the signatory authority receiving the request to act in a manner that would violate domestic law;(c)communication of the relevant information could adversely affect the security of the jurisdiction addressed, in particular the fight against terrorism or other serious crimes;(d)complying with the request is likely to adversely affect the receiving authority’s own investigation, enforcement activities or, where applicable, a criminal investigation;(e)judicial proceedings have already been initiated in respect of the same actions and against the same persons before the relevant authorities of the jurisdiction addressed;(f)a final judgment has already been delivered in relation to the same persons for the same actions in the jurisdiction addressed.Assistance will not be denied based on the fact that the type of conduct under investigation would not be a violation of the laws and regulations relating to market abuse of the authority receiving the request.5.Sending and processing requests for assistanceDescription of the procedure for sending and processing requests for assistance.6.Permissible uses of informationDescription of the rules on the permissible use of the information in line with Article 26(3) of the Regulation (EU) No 596/2014 and namely that the information provided must be intended for the performance of the tasks of the signatory authorities to ensure compliance with and enforce the laws and regulations relating to market abuse. The information exchanged shall be used solely for the purposes set forth in the request for assistance.If a signatory authority making the request intends to use information furnished under the arrangement for any purpose other than those stated in this section, it must obtain the prior consent of the signatory authority receiving the request.7.Confidentiality restrictionsDescription of the rules on confidentiality of any information disclosed, received, exchanged or transmitted. The description must include the following:(a)all information exchanged between the signatories under the arrangements that concerns business or operational conditions or other economic or personal affairs must be considered to be confidential and must be subject to the requirements of professional secrecy, except where the authority providing the information states at the time of communication that the information may be disclosed or such disclosure is necessary for legal proceedings;(b)the obligation of professional secrecy applies to all persons who work or who have worked for the signatories or for any authority or market undertaking to whom either of the signatories has delegated its powers, including auditors and experts contracted by the signatory. Information covered by professional secrecy may not be disclosed to any other person or authority except by virtue of provisions laid down by Union law or national law, or by virtue of provisions laid down in the laws of the relevant third country at least equivalent to such provisions.The information exchanged must not be disclosed to any other authority or entity except with the prior agreement of the signatory who originally provided it.8.General provisions – identification of a contact pointTo facilitate cooperation under the arrangements, designation of contact points by the signatory authorities.9.General provisions – revision clausePeriodical review by the signatory authorities of the functioning and effectiveness of the cooperation arrangements with a view to expanding or altering the scope or operation of the arrangements, should that be judged necessary.10.Other provisions – Miscellaneous